microsoft
/
CBL-Mariner
зеркало из https://github.com/microsoft/CBL-Mariner.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
5 451 коммит 990 Ветки 457 Теги 862 MiB
Граф коммитов

26 Коммитов

Автор SHA1 Сообщение Дата
CBL-Mariner-Bot 79af982f0d
[AUTO-CHERRYPICK] golang: update 1.22.5 -> 1.22.7 to address 3 CVEs - branch main (#10420) 
Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>
 2024-09-13 12:44:56 -07:00
Muhammad Falak R Wani c16735c961
golang: update 1.21.6 -> 1.21.11 to address CVE-2024-24790 (#9097) 
Changelog: https://go.dev/doc/devel/release#go1.21.minor
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-06-10 12:37:44 +05:30
Muhammad Falak R Wani bd9a5c7ce7
Upgraded `golang` version 1.20.10 -> 1.21.6 (#7640) 
Changelog: https://go.dev/doc/devel/release#go1.21.0
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2024-02-09 15:02:54 -08:00
Nan Liu 85350c6651
Update change logs to sync up with the ones in PMC (#6750) 2023-11-14 17:01:14 -08:00
Nan Liu 15bf461433
Fix golang CVE-2023-29409, CVE-2023-39318, CVE-2023-39319, CVE-2023-39323, CVE-2023-39533 (#6470) 2023-10-31 14:50:57 -07:00
Pawel Winogrodzki 01547eeed5
Fixed CVE-2023-44487 in `nginx` and `golang` (CP of #6381) (#6395) 
* Fixed CVE-2023-44487 in `nginx` and `golang` (#6381)

Co-authored-by: Dan Streetman <ddstreet@ieee.org>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>

* Bumping 'kubernetes'.

---------

Co-authored-by: Dan Streetman <ddstreet@microsoft.com>
Co-authored-by: Dan Streetman <ddstreet@ieee.org>
 2023-10-12 14:22:26 -07:00
Muhammad Falak R Wani e2ad74a2ca
Upgrade golang to 1.19.12 to address CVE-2023-29409 (#5946) 
* golang: introduce patch to permit requests with invalid host headers

Reference: https://go-review.googlesource.com/c/go/+/518855
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2023-08-16 10:15:25 +05:30
CBL-Mariner-Bot 78e1d24d47
Upgrade golang to 1.19.11 to fix CVE-2023-29406 (#5828) 2023-07-13 13:55:07 -07:00
CBL-Mariner-Bot c5a190f783
[AUTOPATCHER-CORE] Upgrade golang to 1.19.10 Address CVE-2023-24540, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405 (#5689) 
* Upgrade golang to 1.19.10 Adress CVEs

* Fix changelog

---------

Co-authored-by: Mitch Zhu <mitchzhu@microsoft.com>
 2023-06-20 13:39:41 -07:00
Muhammad Falak R Wani a364e616af
golang: upgrade to 1.19.8 to address CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538 (#5228) 
Reference: https://github.com/golang/go/issues?q=milestone%3AGo1.19.8+label%3ASecurity
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2023-04-05 21:38:04 +05:30
CBL-Mariner-Bot 42a2d6d72d
Upgrade golang to 1.19.7 to address CVE-2023-24532 (#5160) 
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2023-03-28 13:20:34 +05:30
CBL-Mariner-Bot 768aae23e3
Upgrade golang to 1.19.6 Address CVE-2022-41722, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723 (#5096) 
Co-authored-by: Rakshaa Viswanathan <46165429+rakshaa2000@users.noreply.github.com>
 2023-03-17 21:20:58 +05:30
CBL-Mariner-Bot 5ed28413bb
[AUTOPATCHER-CORE] Upgrade golang to 1.19.5 upgrade to latest - (#4759) 
* Upgrade golang to 1.19.5 upgrade to latest

* remove release bump of spec that should stay on golang 1.18.8 or below
 2023-02-03 20:56:43 +01:00
CBL-Mariner-Bot 63c1d45e66
[AUTOPATCHER-CORE] Upgrade golang to 1.19.4 upgrade to latest - (#4643) 
* Upgrade golang to 1.19.4 upgrade to latest

* fix issues due to golang 1.19.4 upgrade

* re-add CVE-2022-41717.patch which is required by golang 1.17 spec

* clean up gh dependencies
 2023-01-19 18:37:17 +01:00
Daniel McIlvaney 449fbf1b41
Patch golang to resolve CVE-2022-41717 (#4457) 
* Patch golang to resolve CVE-2022-41717
 2022-12-19 12:17:43 -08:00
Olivia Crain a828f488f8
Upgrade golang to 1.18.8 to fix CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-27664, CVE-2022-32190 (#4157) 2022-11-01 16:37:38 -07:00
Muhammad Falak R Wani 19ed3e7142
blobfuse: bump version to 1.4.5 (#3785) 
* blobfuse: bump version to 1.4.5
* blobfuse: cgmanifest: update entry

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2022-09-20 17:36:31 +05:30
Olivia Crain fdc6619ad3
Bump supported go versions to 1.17.13, 1.18.5 to fix fifteen CVEs (#3600) 
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2022-08-24 09:01:02 -07:00
Betty 0d287c2700
[2.0] Update blobfuse version to 1.4.4 (#3432) 2022-07-26 15:07:39 -07:00
Muhammad Falak R Wani d76052103a
golang: bump version to 1.18.3 to address CVE-2022-24675 & CVE-2022-28327 (#3163) 
* golang: rename specfile golang-1.17.spec -> golang.spec
* golang: bump version to 1.18.3 to address CVE-2022-24675 & CVE-2022-28327
* golang: bump release of dependent packages to force rebuild
* keda: verify license
* helm: verify license
* moby-containerd: bump version to 1.6.2 to address CVE-2022-24769
* golang: add go-1.17.10 to enable cert-manager
* cert-manger: add a hard BR on golang <= 1.17.10
* golang-17: add entry to cgimanifest

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2022-06-16 23:07:41 +05:30
Thomas Crain 1660063f45
Fix blobfuse build error (#1710) 2021-12-02 09:31:24 -08:00
Thomas Crain 57aa115252
Upgrade blobfuse to 1.4.2 (#1688) 2021-11-30 12:33:56 -08:00
Andrew Phelps d7cb7c78e9
Update toolchain and packages to build with gcc 11.2.0 and glibc 2.34 (#1623) 
* update coreutils and texinfo specs

* update coreutils and texinfo in toolchain

* fix patch url

* update binutils to 2.37

* update version in manifests

* update util-linux mpfr mpc gmp

* fix mpfr tarball

* fix gmp

* update cgmanifest.json

* cleanup

* restore binutils patch

* fix gmp and mpfr specs

* update util-linux spec

* fix binutils and util-linux breaks

* update kernel CONFIG_LD_VERSION

* bump kernel release

* remove reference to rpm-define-RPM-LD-FLAGS.patch

* fix gen-ld-script.sh sha256sum

* update gcc spec to 11.2.0

* update kernel configs for gcc

* update cgmanifest

* update gcc to 11.2.0 in raw toolchain

* add patch for gcc texi issue

* update glibc to 2.34

* update manifests for diffutils and glibc

* disable tm_texi patch in toolchain

* fix SIGSTKSZ gcc issue

* patch m4 for glibc 2.34

* update make to 4.3 and diffutils to 3.8

* revert make to 4.2.1 due to operation not permitted error

* fix make and texinfo build issues with glibc 2.34

* dont build zstd in temp toolchain due to gcc build errors

* remove glibc workarounds for fintutils and gzip

* update findutils and gzip

* update gzip and findutils specs

* update gdbm to 1.21

* update elfutils to 1.185 in toolchain. fix manifests

* remove findutils test change

* remove texinfo patch

* fix kernel changelogs

* add patch for cpio extern issue

* restore rpm patch

* fix m4 spec

* fix elfutils and gpgme spec issues

* fix kernel-hyperv changelog

* update kbd and libtirpc to resolve gcc 11.2.0 issues

* fix m4 version in pkggen_core

* fix libtirpc in manifests

* fix nss error

* fix openjdk

* fix aarch64 openjdk8

* fix elfutils spec

* GODEBUG=netdns=go

* verbose rpm query

* fix coreutils on aarch64. use rpm 1.14.2.1 in raw toolchain. revert rpm.go

* bump cpio release

* revert rpm.go change

* cleanup toolchain scripts and specs. parallel make for glibc

* enable fortran

* remove aarch64 ld-2.27.so link

* add gfortran to toolchain manifests

* fix binutils changelog

* fix kernel release version

* update bison grep sed tar

* add glibc pthread patch

* upgrade file gawk and xz. fix sed and grep spec issues

* set -fcommon

* revert file to 5.34

* fix temp gawk version

* fix xz man1 files

* update libgpg-error to 1.43

* add ld-linux-aarch64.so.1 to glibc spec

* use /lib/ld-linux-aarch64.so.1

* update file 5.40 and bzip2 1.0.8 in toolchain. openjdk8 remove -fcommon.

* update to perl 5.32.0 in toolchain

* fix glibc aarch64 exclude. add shadow-utils provides. fix perl src filename

* fix efivar build. upgrade dtc

* Removing 'ctags'.

* Updating 'libacvp' to version 1.4.1.

* Updating 'nlohmann-json' to version 3.10.4.

* Updating 'dhcp.spec' CFLAGS to include CBL-Mariner's defaults.

* update and fix ipxe build. remove perl debuginfo.

* add fixes for autofs and libcomps

* Adjusting build steps for 'dhcp' and 'nlohmann-json'.

* fix rocksdb

* fix ntp

* fix libcomps url in cgmanifest. revert perl change

* fix nfs-utils

* fix azure-iot-sdk-c

* Remove 'tboot'.

* fix qemu-kvm

* update R and ant

* Updating 'libiothsm-std' to version 1.2.5.

* Linting.

* Remove tcp_wrappers  package

* fix syslinux

* Downgrading 'libiothsm-std' to 1.1.8.

* fix fuse. fix libcomps url

* Downgrading 'libacvp' to 1.3.0.

* Applying GCC 11 patch.

* fix fuse configure.ac issue

* Fixing 'libiothsm-std' build.

* Upgrade lldpad to 1.1.0

* Upgrade gdb to 11.1

* Upgrade catch to 2.13.7

* fixup! Upgrade gdb to 11.1

* fixup! Upgrade lldpad to 1.1.0

* remove bazel

* Updating 'toml11' to version 3.7.0.

* update cgmanifest for catch gdb lldpad

* fix qt5-qtbase

* fix device-mapper-multipath

* fix syslinux

* fix grpc

* fix kernel configs

* fix kernel-hyperv config

* increase heap size for ant

* update lttng-consume

* fix auoms

* update valgrind. fix arm64 gdb issue

* update arm64 kernel config

* fix blobfuse

* update and fix azure-iotedge

* fix grpc 1.41.1 in cgmanifest

* fix kernel and kernel-hyperv PTHREAD_STACK_MIN issue

* remove ant ant-contrib jna R

* Updating 'azure-iotedge' sources creation instructions.

* add back ant ant-contrib bazel jna R

* restrict jdk8 packages

* verify licenses

* only build conda picosat python-pycosat on arm64. fix cgmanifest

* update openjdk8 to version 1.8.0.302

* fix cgmanifest for ant and R

* always build ant

* update licenses. remove tdnf workaround. bump shadow-utils release

* update LICENSES-MAP.md to remove tboot ctags tcp_wrappers. bump libavcp release

* fix ant builds only on arm64

* Clarifying license for 'ntp'.

* Verifying license for 'ant-contrib'.

* Verifying more specs.

* revert libabcvp CFLAGS changes

* add kernel patch file

* set -fcommon to fix libacvp build

* fix python-filelock

* revert tdnf line change

Co-authored-by: CBL-Mariner Service Account <cblmargh@microsoft.com>
Co-authored-by: Pawel Winogrodzki <pawel.winogrodzki@microsoft.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
Co-authored-by: Thomas Crain <thcrain@microsoft.com>
 2021-11-17 21:41:55 -08:00
Henry Li a3145c3f60
[dev] Fix util-linux file conflicts and Remove util-linux-libs (#1430) 
* util-linux related changes

* save change to util-linux spec

* update toolchain and worker chroot versioning

Co-authored-by: Henry Li <lihl@microsoft.com>
 2021-09-22 10:08:05 -07:00
jslobodzian 17b0e93e71
Merge 1.0 to dev branch 
This merge brings the latest SELinux and many packages and CVE fixes from the 1.0 branch.
 2021-08-19 13:46:51 -07:00
Henry Beberman ff02635e90
Add conntrack-tools, nmap, pigz, blobfuse (#591) 
* Add pigz spec
* Add blobfuse spec
* Import conntrack-tools spec
* Add ncat spec
 2021-02-03 11:34:35 -08:00