v4.2.3

4.2.3 - 2024-05-02

Changed

• Moved service files from /lib to /usr/lib for all Linux OSes

Security

• Bump golang.org/x/net from 0.17.0 to 0.23.0 in /inbm/trtl resolving detected 3rd party CVE: CVE-2023-45288

v4.2.2

4.2.2 - 2024-03-26

Changed

• Removed remaining Bit Creek code including 'Target' references from the manifest schema.

Fixed

• RTC 539880 - Fix encountered disconnected with code 7 after successfully provision to Azure cloud

Security

• Bump cryptography to 42.0.4, resolving CVE-2024-26130
• Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible in /inbm/trtl, resolving CVE-2024-21626 and CVE-2024-24557 (NOTE: trtl does not use runc or Docker Engine, so these CVEs would not actually apply to this project)

v4.2.1

Changed

• Added --build-windows and --build-check flags to build scripts to allow optional skipping of Windows build and unit tests/mypy checks. One example scenario where this would be useful would be building an official version that has already been validated and unit tests already run, to reduce build time. Another scenario would be to skip the Windows build if the user only needs a Linux build.

Fixed

• RTC 538468 - paho-mqtt upgrade broke cloudadapter's mqtt connections. Fixed proxy setting code to not override all sockets with proxy as paho-mqtt 1.6.0 relies on listening/connecting to localhost to set up sockets, and this doesn't work with a global proxy on all sockets.
• RTC 538549 - improved errors when unable to fetch from URLs. For example, if INBM receives a "404 Not Found" it will return this as part of its error instead of simply returning a generic error message about being unable to fetch the URL.
• RTC 538524 - GUID missing when not provided by manifest when running fwupdate tool
• RTC 530960 - Fix SOTA snapshot conditions to not reboot twice on EXT4 system

Security

• RTC 537811 - Bump cryptography from 41.0.6 to 42.0.2 in /inbm/dispatcher-agent (addresses CVE-2023-5678, CVE-2023-6129)

v4.2.0

Changed

• RTC 536078 - Added package list option to inbc, cloud, and internal manifest. This allows SOTA to run an install/upgrade command on a set of individual packages rather than all installed packages.

Added

• RTC 536601 - Added 'source' command to INBM. This command manages /etc/apt/sources.list and /etc/apt/sources.list.d/* and associated gpg keys on Ubuntu.
• RTC 537769 - Added verification of GPG key URIs against a list of trusted repositories for enhanced security

check if sourceApplication Gpg key URL is in trusted repo

Fixed

• RTC 534426 - Could not write to /var/log/inbm-update-status.log on Yocto due to /var/log being a symlink to /var/volatile/log.
• RTC 523677 - Improve INBC error logging - invalid child tag not printed
• RTC 522583 - Fix missing SOTA logs
• RTC 534998 - Fix SOTA failure due to snapshot error
• Fixed some mismatched types in abstract classes vs subtypes in dispatcher agent
• Fixed some container mode issues

Security

• RTC 533615 - Validate GUID format in manifest using XML schema.

•          Ensure the GUID in the manifest if provided matches one of the GUIDs on the system before performing a FOTA.
  

• dependabot: update golang.org/x/net from 0.14.0 to 0.17.0 in /inbm/trtl (addresses CVE-2023-39325, CVE-2023-44487)
• update pypi urllib3 from 1.26.17 to 1.26.18 (addresses CVE-2023-45803 in urllib3)
• dependabot: bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible in /inbm/trtl (addresses GHSA-jq35-85cj-fj4p)
• update included reference certifi source code from 2020.12.05 to 2023.7.22, which was not a security issue per se but was flagged in BDBA as it contains CVE-2022-23491 and CVE-2023-37920
• dependabot: Bump pyinstaller from 5.13.0 to 5.13.1 in all agents/programs (addresses CVE-2023-49797)
• RTC 536046 - Add a workflow to perform signature checks for AOTA packages if user enrolled a key during provisioning

v4.1.4

4.1.4 - 2023-10-11

Fixed

• RTC 533936 - [INBM] Fix sota Kernel upgrade failure

Added

• Add firmware update database entry for NUC12WSHv5 using /usr/bin/iFlashVLnx64. This tool can be downloaded from https://www.intel.com/content/www/us/en/download/19504/intel-aptio-v-uefi-firmware-integrator-tools-for-intel-nuc.html

Security

• dependabot: update cryptography from 41.0.3 to 41.0.4
• update urllib3 from 1.26.16 to 1.26.17 (addresses CVE-2023-43804 in urllib3)

v4.1.3

4.1.3 - 2023-09-05

Fixed

• RTC 532663 - [INBM][UCC][Bug] During every windows reboot there will be a temporary folder created
• RTC 531795 - [Bug] inbc defaults to deviceReboot=yes even with download-only mode
• RTC 531796 - [Bug] dispatcher reboots device after failed update even in download-only mode
• RTC [533020] - Fix SOTA to handle dpkg interactive prompt
• RTC 532662 - [INBM][UCC][Bug] INBM fails to send telemetry when IP is changed manually
• Changed golang builds to not depend on glibc.
• Updated OpenSSL download path in Windows installer.

Added

• RTC 532655 - Add AOTA docker-compose up,down and pull commands to INBC
• RTC 532848 - Add AOTA docker pull, import, load and remove commands to INBC

Security

• (dependabot) - Updated cryptography from 41.0.0 to 41.0.2
• (dependabot) - Updated cryptography from 41.0.2 to 41.0.3
• Updated golang runtime from 1.20.5 to 1.20.6
• (533039) Added Intel standard compiler flags and settings to golang builds
• (533037) CT72 - Secure Configuration Guidance: remove all remaining Telit references
• Update to Python 3.11 to address some CVEs.
• Update Windows Dockerfile to pull in Python 3.11.5 to address some CVEs.

v4.1.2

4.1.2 - 2023-06-29

Fixed

• RTC 531066 - [TC Base] [Bug] Cloud Adapter disconnected upon provisioned
• RTC 532217 - [TC Base] [Bug] Cloud Adapter cannot connect to Azure

Security

• Updated Windows Python version to pull in security updates

v4.1.1

4.1.1 - 2023-06-23

NOTE: update log path has changed to /var/log/inbm-update-status.log

Fixed

• RTC 530729 - Fix AOTA update log file show Reboot Failed although platform already rebooted and application updated
• RTC 530881 - Fix JSON update log/access
• RTC 530960 - Fix INBC SOTA observe post-install check and rollback on EXT4
• RTC 530992 - [TC Base] [Bug] Cloudadapter Agent failed to start - TypeError: object of type 'int' has no len()

v4.1.0

4.1.0 - 2023-06-13

Added

• RTC 530033 - Add AOTA Applicaiton Update command to INBC
• RTC 530032 - Add INBC SOTA update, download-only and no-download modes
• RTC 529914 - Implement OTA logger
• RTC 529912 - Add a reboot option (optional) in OTA manifest for FOTA, SOTA and POTA
• RTC 529913 - Update INBC to take in the optional reboot option in an OTA cmd

Fixed

• RTC 530482 - Remove 'force' option in OTA's

v4.0.1

4.0.1 - 2023-05-26

Security

• RTC 529956 - [UCC Win] Bug: C:\intel-manageability\ directory can be written by non-admin user
• RTC 529951 - Cloudadapter does not check if certain files are symlinks
• Increased bit size when generating TLS keys
• Updated pypi requests to fix dependabot security alert

Changed

• Added recommendation to use BitLocker when installing in Windows.