Граф коммитов

6119 Коммитов

Автор SHA1 Сообщение Дата
CBL-Mariner-Bot cacdec2d12
[AUTOPATCHER-kernel] Kernel upgrade to version 6.6.39.1 - branch 3.0-dev (#9945)
Co-authored-by: Cameron Baird <cameronbaird@microsoft.com>
2024-07-29 14:18:08 -07:00
Harshit Gupta dbf0de7771
Enable CONFIG_RT_GROUP_SCHED in kernel-rt (#9869)
Co-authored-by: Harshit Gupta <guptaharshit@microsoft.com>
2024-07-29 16:25:15 -04:00
Daniel McIlvaney 150888f716
Better toolchain downloader (#9941) 2024-07-29 13:19:27 -07:00
Daniel McIlvaney d96751d59c
Integrate new license checker package into image and package builds. (#9885) 2024-07-29 13:11:26 -07:00
Daniel McIlvaney 806d57df36
Make check-circular-deps.yml faster with -j, use lkg (#9962) 2024-07-29 13:10:57 -07:00
Sam Meluch c60100ab77
update go link commands for go-1.21 in ubuntu prereq (#9943) 2024-07-26 16:32:02 -05:00
Chris Gunn 47b47bb971
Toolkit: Do not give GPT partitions a default label of "primary". (#9932)
When creating partitions using `parted`, the API is:

- MBR: `parted mkpart <partition-type> <fs-type> ...`
- GPT: `parted mkpart <partition-label> <fs-type> ...`

But currently we are treating the first param as always being the `<partition-type>`, when for GPT it is `<partition-label>`. This has the effect that GPT partitions are given a default label of "primary", which is a tad silly. (If an explicit label is provided by the user, then the label is overridden in a subsequent step.)

This change fixes this behavior so that GPT partitions have a default label of nothing ("").
2024-07-26 11:58:56 -07:00
Kelsey Steele 1e36b3d4e0
kernel: config_aarch64: convert selected configs to modules (#9471)
Moving batch of configs that were built-in to be modules to maintain flexibility, though reduce kernel size and boot speed.

These modules are already set as modules on x86 and only targeted to change on arm64.

Signed-off-by: Kelsey Steele <kelseysteele@microsoft.com>
2024-07-26 10:09:16 -07:00
Andrew Phelps 26fe98357f
compiler-rt: fix path issue (#9937) 2024-07-26 09:50:41 -07:00
CBL-Mariner-Bot 8dbb6f0a43
Prepare August 2024 Release (#9936)
Co-authored-by: jslobodzian <joslobo@microsoft.com>
2024-07-26 12:21:00 -04:00
Muhammad Falak R Wani 586698f74c
bind: upgrade 9.19.21 -> 9.20.0 to address CVE-CVE-2024-0760, CVE-2024-1737, CVE-2024-1975 & CVE-2024-4076 (#9918)
Changelog: https://gitlab.isc.org/isc-projects/bind9/-/blob/v9.20.0/CHANGES
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2024-07-26 10:12:14 +05:30
Daniel McIlvaney 39dc854346
Add automatic mode for DAILY_BUILD_ID (#9899)
Co-authored-by: Jon Slobodzian <joslobo@microsoft.com>
2024-07-25 17:18:58 -07:00
Daniel McIlvaney 5d9747d71c
Use structs to pass data to scheduler prints (#9883) 2024-07-25 17:05:39 -07:00
Daniel McIlvaney 5016f3f5f9
Add new license validator tool (#9060)
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
2024-07-25 14:26:09 -07:00
joejoew 7b1635b878
Add patch for CVE-2024-6655 (#9916)
Co-authored-by: Zhichun Wan <zhichunwan@microsoft.com>
2024-07-25 14:22:26 -07:00
CBL-Mariner-Bot 6d6e31e558
[AUTOPATCHER-CORE] Upgrade krb5 to 1.21.3 CVE-2024-37371, CVE-2024-37370 (#9922) 2024-07-25 13:35:23 -07:00
Chris Gunn c30db7485c
Image Customizer: Partition UUID reset. (#9435) 2024-07-24 17:15:32 -07:00
Henry Li 898c473529
[3.0] Add libnvidia-nscq to NVIDIA GPU driver container image (#9920)
Co-authored-by: Henry Li <lihl@microsoft.com>
2024-07-24 15:14:23 -07:00
Henry Li db4724477b
Onboard NVIDIA Driver Container to PublishContainer script (#9439)
Co-authored-by: Henry Li <lihl@microsoft.com>
2024-07-24 13:28:20 -07:00
Chris PeBenito fbb71da05c
selinux-policy: Clean up testing rules and add systemd fix. (#9911)
Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
2024-07-24 14:48:20 -04:00
Hideyuki Nagase 4dfd6c8ce8
3.0-dev: add xorg-x11-server-Xwayland v24.1.1 (#9875) 2024-07-23 16:27:13 -07:00
Chris Gunn 03be749c9f
Image Customizer: Increase loopback detach timeout. (#9892)
Ubuntu seems to like to call dumpe2fs on ext4 partitions when you mount a disk (even if you don't mount any of the partitions). Depending the size of partition, this can take a little bit of time to run, which can block the loopback from detaching.

The Image Customizer tool uses loopback devices a lot, some of which are only used for a short period of time. So, it can timeout waiting for the loopback to detach. So, this change increases the timeout.
2024-07-23 12:01:37 -07:00
Chris Gunn 8eb68c37b4
Image Customizer: Validate HOME and USER env vars. (#9900)
The gpg command, and by extension, the tdnf command expects the USER and HOME environment variables to be valid for the OS they are running under (including under chroot). Since, the image customizer tool is typically run under `sudo` and since root is always a valid user, this generally isn't a problem. But this isn't true if `sudo -E` is used. And this can result in strange difficult to diganose errors in tdnf. So, this change verifies that `sudo -E` isn't being used.
2024-07-23 12:01:25 -07:00
CBL-Mariner-Bot 643ca821ed
[AUTOPATCHER-CORE] Upgrade python-idna to 3.7 CVE-2024-3651 (#9907) 2024-07-23 09:51:34 -07:00
Hideyuki Nagase 321d359429
3.0-dev: move xorg-x11-server and xorg-x11-drv-libinput to SPECS-EXTE… (#9884) 2024-07-20 06:00:28 -04:00
Betty 0978d4ef00
libguestfs: restore removed tests (#9882)
Co-authored-by: Betty Lakes <bettylakes@microsoft.com>
2024-07-19 15:30:56 -07:00
Henry Li 4878d16de2
Add NVIDIA Container Build Script (#8946)
Co-authored-by: Henry Li <lihl@microsoft.com>
2024-07-19 14:13:52 -07:00
Chris Gunn 2f3865f7ea
Image Customizer: Do not shrink verity hash partition. (#9880)
The verity hash partition must be given a placeholder filesystem type. This should probably be `fat32` for simplicty's sake. But currently, the verity example config uses `ext4`. This causes a problem when the `--shrink-filesystems` is set because it means the verity hash partition gets shrunk to almost nothing and therefore isn't big enough to store the hash tree.

This change fixes this problem by ensuring that the verity hash partition is never subject to being shrunk regardless of its placeholder filesystem type. A test is added to verify this.
2024-07-19 12:39:29 -07:00
xiaohong 7738c4220b
[3.0-dev]rapidjson: fix high CVE-2024-38517 and CVE-2024-39684 (#9870)
Co-authored-by: xiaohongdeng <“worldsky86rough@gmail.com”>
2024-07-19 12:16:54 -07:00
Chris Gunn 136ed7ace4
Image Customizer: Validate fields on FileConfig. (#9881)
When you implement a custom unmarshaller, the `KnownFields()` option to the YAML parser is ignored when you call `yaml.Node.Decode()`. So, we have to manually enforce this check.
2024-07-19 11:14:15 -07:00
Aditya Dubey 8389173d20
Adding cdi tools binaries to cdi package build (cdi 1.57) (#9889) 2024-07-19 11:09:44 -07:00
Cameron E Baird 5adadc393e
Update 3.0 kata-containers build invocations to use OS_VERSION=3.0 (#9760)
Use OS_VERSION=3.0 for invocation of the UVM image builder. Needed to fix an issue where UVM builder tried to pull from PMC/azurelinux/2.0, which 404s. The correct path is PMC/azurelinux/3.0.
2024-07-19 10:43:36 -07:00
Pawel Winogrodzki ef4689dfbc
Removed unused argument in `preparerequest.go`. (#9871) 2024-07-18 17:01:01 -07:00
Minghe Ren cb2c9f1314
cloud-init change default binaries install location (#9857)
Co-authored-by: minghe <rmhsawyer>
2024-07-18 15:16:36 -07:00
Chris Gunn a6f143d57f
Image Customizer: Add `modprobe` to list of chroot incompatible commands. (#9855) 2024-07-18 13:19:40 -07:00
Chris PeBenito 644a7ca860
selinux-policy: Change unconfined to a separate module. (#9879)
Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
2024-07-18 15:36:07 -04:00
Chris Gunn 61205fb971
Image Customizer: Verity: Use loopback + Add tests. (#9863) 2024-07-18 11:08:36 -07:00
Muhammad Falak R Wani 0dfa416c86
curl: upgrade version 8.5.0 -> 8.8.0 to address CVE-2024-2398 (#9833)
Changelog: https://curl.se/changes.html#8_8_0
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2024-07-18 10:47:47 +05:30
Riken Maharjan d9cdfb2392
Fix Tensorflow Golden Container Smoke test (#9845)
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
2024-07-17 09:31:17 -07:00
Chris Gunn cc76e60555
Image Customizer: Add ISO tests. (#9843) 2024-07-16 11:41:23 -07:00
Pawel Winogrodzki 519fc6ecfc
Updated `blobfuse2` to version 2.2.3. (#9732) 2024-07-16 10:05:47 -07:00
Christopher Co 0d3b213f0a
Revert "Upgrade grub2 from 2.06 to 2.12 (#9407)" (#9841)
TPM Event log does not appear to be passed to the kernel when Secure Boot is enforcing. To restore this critical functionality, revert back to our previous 2.06 grub2 which has this support and all SBAT-related CVEs patched.

This reverts commit 26d9bca
2024-07-16 10:01:44 -07:00
Hideyuki Nagase 9295a897d7
3.0-dev: add libdecor, libei, libxcvt (#9844) 2024-07-16 09:31:32 -07:00
Hideyuki Nagase 872fc9d46f
3.0-dev: move xcb-util*/libXres from SPECS-EXTENDED to SPECS (#9830) 2024-07-16 09:30:49 -07:00
suresh-thelkar 7073cc4f9a
Upgrade python3 to 3.12.3 (#9831) 2024-07-16 20:35:46 +05:30
ms-mahuber 8f42f1d7d1
kata-cc: Fix make clean call in UVM build (#9840) 2024-07-16 06:50:00 -07:00
Chris Gunn c792399548
Image Customizer: Improve resolv.conf behavior. (#9812) 2024-07-15 13:40:04 -07:00
ms-mahuber 72aaab4fab
kata-containers-cc: Adapt tarfs make install trgt (#9829) (#9839)
Signed-off-by: Manuel Huber <mahuber@microsoft.com>
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
2024-07-15 13:14:26 -07:00
Sam Meluch ee07ed15ce
Ptest Fix for Package python-jsonschema (#9835) 2024-07-15 13:17:28 -05:00
suresh-thelkar 9d911dd085
Patch CVE-2023-6597 in python3 (#9814)
Co-authored-by: Suresh Thelkar <sthelkar@microsoft.com>
2024-07-12 19:19:24 -07:00