CBL-Mariner-Bot
79af982f0d
[AUTO-CHERRYPICK] golang: update 1.22.5 -> 1.22.7 to address 3 CVEs - branch main ( #10420 )
...
Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>
2024-09-13 12:44:56 -07:00
CBL-Mariner-Bot
b216136dd4
[AUTO-CHERRYPICK] moby-cli: Add patch to resolve CVE-2023-45288 - branch main ( #10237 )
...
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
2024-08-23 14:41:03 -04:00
Muhammad Falak R Wani
c16735c961
golang: update 1.21.6 -> 1.21.11 to address CVE-2024-24790 ( #9097 )
...
Changelog: https://go.dev/doc/devel/release#go1.21.minor
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2024-06-10 12:37:44 +05:30
Muhammad Falak R Wani
40a1be42d7
moby-engine & moby-cli: upgrade version 20.10.27 -> 24.0.9 ( #8556 )
...
Changelog: https://github.com/moby/moby/releases/tag/v24.0.0
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2024-04-24 22:47:59 +05:30
Muhammad Falak R Wani
bd9a5c7ce7
Upgraded `golang` version 1.20.10 -> 1.21.6 ( #7640 )
...
Changelog: https://go.dev/doc/devel/release#go1.21.0
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
2024-02-09 15:02:54 -08:00
Pawel Winogrodzki
fd5e30e0f8
Fix CVE-2021-44716 (CP #7717 ). ( #7815 )
2024-02-09 13:10:38 -08:00
CBL-Mariner-Bot
176cf2bb9e
[AUTO-CHERRYPICK] fix cve-2022-21698 in moby-cli - branch main ( #7697 )
...
Co-authored-by: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com>
2024-02-07 14:54:47 -08:00
corvus-callidus
6447768bde
Patch CVE-2023-48795 in moby-cli ( #7216 )
2024-01-10 10:47:58 -08:00
Rohit Rawat
e87fb99c84
Fix CVE-2020-8694, CVE-2020-8695 and CVE-2020-12912 ( #7029 )
...
Fixes moby-engine and moby-containerd by upgrade
2023-12-20 20:40:33 +05:30
Nan Liu
85350c6651
Update change logs to sync up with the ones in PMC ( #6750 )
2023-11-14 17:01:14 -08:00
Nan Liu
15bf461433
Fix golang CVE-2023-29409, CVE-2023-39318, CVE-2023-39319, CVE-2023-39323, CVE-2023-39533 ( #6470 )
2023-10-31 14:50:57 -07:00
Pawel Winogrodzki
01547eeed5
Fixed CVE-2023-44487 in `nginx` and `golang` (CP of #6381 ) ( #6395 )
...
* Fixed CVE-2023-44487 in `nginx` and `golang` (#6381 )
Co-authored-by: Dan Streetman <ddstreet@ieee.org>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
* Bumping 'kubernetes'.
---------
Co-authored-by: Dan Streetman <ddstreet@microsoft.com>
Co-authored-by: Dan Streetman <ddstreet@ieee.org>
2023-10-12 14:22:26 -07:00
Muhammad Falak R Wani
d82493a5f9
golang: bump golang 1.19.12 -> 1.20.7 ( #6001 )
...
Bump following packages:
- golang: 1.19.12 -> 1.20.7
- moby-cli: 20.10.24 -> 20.10.25
- moby-engine: 20.10.24 -> 20.10.25
- moby-containerd:1.6.18 -> 1.6.22
- moby-runc: 1.1.5 -> 1.1.9
This PR fixes docker `http: invalid Host header` error and
bootstraps the go1.20 compiler with go1.19.12 instead of go1.4
Reference: https://go.dev/doc/go1.20#bootstrap
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-08-21 22:31:35 +05:30
Muhammad Falak R Wani
e2ad74a2ca
Upgrade golang to 1.19.12 to address CVE-2023-29409 ( #5946 )
...
* golang: introduce patch to permit requests with invalid host headers
Reference: https://go-review.googlesource.com/c/go/+/518855
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-08-16 10:15:25 +05:30
CBL-Mariner-Bot
78e1d24d47
Upgrade golang to 1.19.11 to fix CVE-2023-29406 ( #5828 )
2023-07-13 13:55:07 -07:00
CBL-Mariner-Bot
c5a190f783
[AUTOPATCHER-CORE] Upgrade golang to 1.19.10 Address CVE-2023-24540, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405 ( #5689 )
...
* Upgrade golang to 1.19.10 Adress CVEs
* Fix changelog
---------
Co-authored-by: Mitch Zhu <mitchzhu@microsoft.com>
2023-06-20 13:39:41 -07:00
CBL-Mariner-Bot
187bf43842
Upgrade moby-cli to 20.10.24 ( #5350 )
2023-04-20 21:09:24 -07:00
Muhammad Falak R Wani
a364e616af
golang: upgrade to 1.19.8 to address CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538 ( #5228 )
...
Reference: https://github.com/golang/go/issues?q=milestone%3AGo1.19.8+label%3ASecurity
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-04-05 21:38:04 +05:30
CBL-Mariner-Bot
42a2d6d72d
Upgrade golang to 1.19.7 to address CVE-2023-24532 ( #5160 )
...
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-03-28 13:20:34 +05:30
CBL-Mariner-Bot
768aae23e3
Upgrade golang to 1.19.6 Address CVE-2022-41722, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723 ( #5096 )
...
Co-authored-by: Rakshaa Viswanathan <46165429+rakshaa2000@users.noreply.github.com>
2023-03-17 21:20:58 +05:30
CBL-Mariner-Bot
5ed28413bb
[AUTOPATCHER-CORE] Upgrade golang to 1.19.5 upgrade to latest - ( #4759 )
...
* Upgrade golang to 1.19.5 upgrade to latest
* remove release bump of spec that should stay on golang 1.18.8 or below
2023-02-03 20:56:43 +01:00
CBL-Mariner-Bot
63c1d45e66
[AUTOPATCHER-CORE] Upgrade golang to 1.19.4 upgrade to latest - ( #4643 )
...
* Upgrade golang to 1.19.4 upgrade to latest
* fix issues due to golang 1.19.4 upgrade
* re-add CVE-2022-41717.patch which is required by golang 1.17 spec
* clean up gh dependencies
2023-01-19 18:37:17 +01:00
Daniel McIlvaney
449fbf1b41
Patch golang to resolve CVE-2022-41717 ( #4457 )
...
* Patch golang to resolve CVE-2022-41717
2022-12-19 12:17:43 -08:00
Olivia Crain
a828f488f8
Upgrade golang to 1.18.8 to fix CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-27664, CVE-2022-32190 ( #4157 )
2022-11-01 16:37:38 -07:00
Olivia Crain
fdc6619ad3
Bump supported go versions to 1.17.13, 1.18.5 to fix fifteen CVEs ( #3600 )
...
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
2022-08-24 09:01:02 -07:00
Muhammad Falak R Wani
d76052103a
golang: bump version to 1.18.3 to address CVE-2022-24675 & CVE-2022-28327 ( #3163 )
...
* golang: rename specfile golang-1.17.spec -> golang.spec
* golang: bump version to 1.18.3 to address CVE-2022-24675 & CVE-2022-28327
* golang: bump release of dependent packages to force rebuild
* keda: verify license
* helm: verify license
* moby-containerd: bump version to 1.6.2 to address CVE-2022-24769
* golang: add go-1.17.10 to enable cert-manager
* cert-manger: add a hard BR on golang <= 1.17.10
* golang-17: add entry to cgimanifest
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2022-06-16 23:07:41 +05:30
nicolas guibourge
e8d4468606
upgrade moby-buildx, moby-runc, moby-containerd, moby-cli, moby-engine ( #2124 )
...
* upgrade moby-buildx
* upgrade moby-buildx
* upgrade moby-buildx
* upgrade moby-runc
* upgrade moby-runc
* upgrade moby-containerd
* upgrade moby-containerd
* upgrade moby-containerd
* upgrade moby-cli
* upgrade moby-engine
* Makes moby-engine spec relying on tini to provide docker-init
* upgrade moby-engine
* upgrade moby-engine
* add %check in moby-runc.spec
* address PR check
Co-authored-by: nicolas guibourge <nicolasg@microsoft.com>
2022-02-08 08:53:21 -08:00
jslobodzian
17b0e93e71
Merge 1.0 to dev branch
...
This merge brings the latest SELinux and many packages and CVE fixes from the 1.0 branch.
2021-08-19 13:46:51 -07:00
Andrew Phelps
9432e35aed
Update moby-engine and moby-cli to version 19.10.15 ( #859 )
...
* update to moby 19.10.15
* fix go-md2man filename
* add comment to moby-cli
2021-04-16 16:22:07 -07:00
Andrew Phelps
819786cad8
Increment release for all specs building with golang 1.15 ( #460 )
...
* bump release for specs building with golang 1.15
* changelog cleanup
2020-12-10 23:09:35 -08:00
Jon Slobodzian
b877013b27
Initial CBL-Mariner commit to GitHub
2020-08-06 20:17:52 -07:00