Skip to content

Update for CBL-Mariner 2.0 Feb 2024 Release#7633

Merged
jslobodzian merged 65 commits into2.0from
joslobo/update-for-feb-release
Feb 2, 2024
Merged

Update for CBL-Mariner 2.0 Feb 2024 Release#7633
jslobodzian merged 65 commits into2.0from
joslobo/update-for-feb-release

Conversation

@jslobodzian
Copy link
Copy Markdown
Collaborator

@jslobodzian jslobodzian commented Feb 2, 2024

Update for CBL-Mariner 2.0 Feb 2024 Release

rmhsawyer and others added 30 commits January 17, 2024 08:00
@rmhsawyer
add patch for azure-iot-sdk-c CVE-2024-21646 (#7283)
6b85d88 
Co-authored-by: minghe <rmhsawyer>
@PawelWMS
Making GitHub Actions' permissions explicit. (#7282)
52ea900
@mandeepsplaha
fix python urllib3 test (#7294)
790a54f
@dallasd1 @sprt
@manuelh-dev @miz060
Kata-CC: Upgrade to 0.6.3 (#7196)
babfccf 
Co-authored-by: Aurélien Bombo <abombo@microsoft.com>
Co-authored-by: ms-mahuber <60939654+ms-mahuber@users.noreply.github.com>
Co-authored-by: Mitch Zhu <mitchzhu@microsoft.com>
@amritakohli
Image Customizer: Use safeloopback.Loopback instead of ImageConnectio…
acd143e 
…n for split partitions (#7300)
@mandeepsplaha
add container images source files to 2.0 (#7223)
573152f
@cwize1
Image Customizer: Fix special directories and partition customization. (
98d0c1f 
#7043)
@harshitgupta1337
Patch erlang for CVE-2023-48795 (#7299)
a678fe8 
Co-authored-by: Harshit Gupta <guptaharshit@microsoft.com>
@PawelWMS
Added cross-compilation binutils and kernel-headers. (#6945)
119bf40
@amritakohli
Image Customizer: Make either one of split partitions format and outp…
770c563 
…ut image format required (#7323)
@elainezhao1
OS Modifier (EMU): Add sshkeys to user config (#7305)
7e65dd1
@cwize1
Imager: Ensure ext4 formatting is consistent across build hosts (#7303)
1255e34
@harshitgupta1337
Patch libssh2 for CVE-2023-48795 (#7292)
4002115 
Co-authored-by: Harshit Gupta <guptaharshit@microsoft.com>
@tobiasb-ms
apply patch for CVE-2023-48795 (#7329)
5a8926c
@PawelWMS @ddstreet
Fixed cloud-init tests. (#7330)
400cedf 
Co-authored-by: Dan Streetman <ddstreet@ieee.org>
@sindhu-karri
Fix CVE-2023-50711 in cloud-hypervisor (#7269)
e5cc638
@AZaugg
Fix mariadb install post script (#7320)
d311a29 
The post scripts for mariadb don't run due to missing script. As part of cmake install, mariadb-install-db script is removed. Adding patch to ensure script is correctly added to buildroot

Installing/Updating: mariadb-connector-c-config-3.1.10-6.cm2.noarch
Installing/Updating: mariadb-server-10.6.9-5.cm2.x86_64
/var/tmp/rpm-tmp.wjMLcK: line 3: mysql_install_db: command not found
@sprt
Introduce Rust virtiofsd package (#7215)
904fdec
@rlmenge
Enable CONFIG_X86_IOPL_IOPERM (#7181)
4cc8642 
Enable for hardware platforms that use AMBIOS. Interacting with the firmware on these platforms from Linux user space uses the AMI Setup Control Environment Utility, SCELNX_64. This closed source vendor provided program depends on the iopl deprecated, legacy syscall. This syscall's availability is controlled by CONFIG_X86_IOPL_IOPERM kernel configuration item. Therefore, enable to prevent segfaults.
@CBL-Mariner-Bot @sindhu-karri
[AUTO-CHERRYPICK] Add epoch to libdwarf spec to fix versioning order …
c9f493b 
…- branch main (#7341)

Co-authored-by: sindhu-karri <33163197+sindhu-karri@users.noreply.github.com>
@elainezhao1
Image Customizer: remove adduser-config.yaml file as it contains pass…
9740bd1 
…word field (#7298)
@mandeepsplaha
add memcached container files (#7307)
cc1b3c5
@mfrw
skopeo: upgrade version 1.13.3 -> 1.14.1 to address GHSA-jq35-85cj-fj4p
ad95d11 
… (#7357)

Reference: GHSA-jq35-85cj-fj4p
Changelog: https://github.com/containers/skopeo/releases/tag/v1.14.1
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
@CBL-Mariner-Bot
Prepare January 2024 Update 3 (#7392)
36b91de
@hbeberman
Remove /etc/host.conf from filesystem (#7389)
e1cbb1d
@rlmenge
Address CVE-2023-6932, CVE-2023-6817 and CVE-2023-6931 (#7417)
b8442f8
@CBL-Mariner-Bot
[AUTOPATCHER-kernel] Kernel CVE - branch main - CVE-2023-46862 CVE-20…
a89979e 
…23-6622 CVE-2023-6546 CVE-2023-7192 CVE-2023-51780 CVE-2023-51782 CVE-2023-51781 CVE-2022-48619  (#7424)
@vinceaperri
kernel-hci: Add missing commit subject to patch 27 (#7165)
680c185
@CBL-Mariner-Bot @mfrw
helm: update version 3.13.2 -> 3.14.0 to address CVE-2023-44487 (#7419)
bdd30f7 
AUTO-CHERRYPICK of PR: #7359 

Changelog: https://github.com/helm/helm/releases/tag/v3.14.0
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
@tobiasb-ms
python-jinja2: add patch for CVE-2024-22195 (#7426)
f909391
gmileka and others added 19 commits January 29, 2024 10:17
@gmileka
Update dracut to allow supressing user confirmation prompt when the l…
46a4d29 
…iveos overlay is backed by memory. (#7483)
@CBL-Mariner-Bot @tobiasb-ms
[AUTO-CHERRYPICK] patch CVE-2022-21698 in application-gateway-kuberne…
790ebdc 
…tes-ingress - branch main (#7548)

This is an auto-generated pull request to cherry-pick commit f0d5827 to main. Original PR: #7542
Co-authored-by: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com>
@arc9693
kata-containers-cc: remove kernel-uvm-cvm references (#7455)
0349723
@sindhu-karri
align cloud hypervisor spec with fasttrack branch (#7515)
6f46ecb
@CBL-Mariner-Bot @tobiasb-ms
[AUTO-CHERRYPICK] patch CVE-2022-21698 in keda - branch main (#7571)
016d121 
Fixes CVE-2022-21698 for keda. The vulnerability is in the client_golang go module v1.11.1, and keda has a direct dependency on v1.11.0. Fixed by applying a patch to the keda code to update that module, then built the vendored tarball.

Co-authored-by: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com>
@CBL-Mariner-Bot
[AUTOPATCHER-kernel] Kernel CVE - branch main - CVE-2024-0607 CVE-202…
4edde9f 
…3-51043 CVE-2024-22705 CVE-2023-51042 CVE-2023-46343  (#7513)
@CBL-Mariner-Bot
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.148.1 - branch ma…
964f2fa 
…in (#7535)

Note that arm64 had MMC_SDHCI_OMAP turned off due to a change upstream [106136f] which specified it depends on architecture which CBL-Mariner 2.0 does not support.
@CBL-Mariner-Bot @tobiasb-ms
[AUTO-CHERRYPICK] fix cve-2022-21698 in kube-vip-cloud-provider - bra…
391f7f5 
…nch main (#7577)

Fixes CVE-2022-21698 for kube-vip-cloud-provider. The vulnerability is in the client_golang go module, which is vendored in this package. Fix is to apply a (modified) patch to the vendored code.

Co-authored-by: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com>
@romoh
Use main kernel for baremetal base image (#7583)
acd481a
@ellie-di
Shift user/group creation earlier in image build for rootfs image typ…
b5f9206 
…es (#6957)
@gjswalling
Update kernel-mos to 5.15.148.1 (#7574)
66555b6
@liulanze
Add dracut sub-package overlayfs. (#7432) (#7587)
880718f 
Co-authored-by: lanzeliu <lanzeliu@microsoft.com>
@dependabot
Bump golang.org/x/crypto from 0.15.0 to 0.17.0 in /toolkit/tools (#7045)
ceb3c7e 
Signed-off-by: Pawel Winogrodzki <pawel.winogrodzki@microsoft.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@CBL-Mariner-Bot @jslobodzian
[AUTO-CHERRYPICK] Patch moby-runc to address CVE-2024-21626 - branch …
e3b5d51 
…main (#7586)

Co-authored-by: jslobodzian <joslobo@microsoft.com>
@CBL-Mariner-Bot @tobiasb-ms
[AUTO-CHERRYPICK] fix cve-2022-21698 in moby-buildx - branch main (#7625
f5bae07 
)

Co-authored-by: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com>
@CBL-Mariner-Bot @tobiasb-ms
[AUTO-CHERRYPICK] fix cve-2022-21698 in local-path-provisioner - bran…
e9fea0b 
…ch main (#7626)

Fixes CVE-2022-21698 for local-path-provisioner. The vulnerability is in the client_golang go module, which is vendored in this package. Fix is to apply a (modified) patch to the vendored code.
Co-authored-by: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com>
@CBL-Mariner-Bot
Prepare February 2024 Release (#7599)
fc0b1c0
@CBL-Mariner-Bot @dmcilvaney
[AUTO-CHERRYPICK] Fix coredns CVE-2023-44487 by patching vendor tar -…
79fe0a7 
… branch main (#7628)

Co-authored-by: Daniel McIlvaney <damcilva@microsoft.com>
@jslobodzian
Merge branch 'main' into joslobo/update-for-feb-release
fdf858b
@jslobodzian jslobodzian requested review from a team as code owners February 2, 2024 00:59
@jslobodzian jslobodzian requested a review from a team February 2, 2024 00:59
@jslobodzian jslobodzian requested review from a team as code owners February 2, 2024 00:59
@jslobodzian jslobodzian merged commit c0958b0 into 2.0 Feb 2, 2024
@jslobodzian jslobodzian deleted the joslobo/update-for-feb-release branch February 2, 2024 01:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.