microsoft
/
CBL-Mariner
зеркало из https://github.com/microsoft/CBL-Mariner.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
5 451 коммит 990 Ветки 457 Теги 862 MiB
Граф коммитов

31 Коммитов

Автор SHA1 Сообщение Дата
CBL-Mariner-Bot 79af982f0d
[AUTO-CHERRYPICK] golang: update 1.22.5 -> 1.22.7 to address 3 CVEs - branch main (#10420) 
Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>
 2024-09-13 12:44:56 -07:00
Cameron E Baird 5a3866206b
cert-manager: Address CVE-2023-3978, CVE-2024-24786, CVE-2024-28180, CVE-2023-2253 (#10216) 2024-08-26 14:20:45 -07:00
CBL-Mariner-Bot 063e609db9
[AUTO-CHERRYPICK] Fix for CVE 2024 25620 in cert-manager - branch main (#10127) 
Co-authored-by: bhagyapathak <bhagyapathak@users.noreply.github.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2024-08-19 11:38:53 -07:00
Bala 60d4679885
Fix CVE-2024-6104 in cert-manager by patching vendor package sources (#9981) 2024-08-12 16:11:12 +05:30
Muhammad Falak R Wani c16735c961
golang: update 1.21.6 -> 1.21.11 to address CVE-2024-24790 (#9097) 
Changelog: https://go.dev/doc/devel/release#go1.21.minor
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-06-10 12:37:44 +05:30
Mykhailo Bykhovtsev ebc77031e5
Patch CVE-2024-26147 for cert-manager (#9268) 2024-05-30 18:57:31 -07:00
Chris Gunn c433706dbc
Fixes for CVE-2023-45288. (#8866) 2024-05-01 11:19:03 -07:00
Muhammad Falak R Wani bd9a5c7ce7
Upgraded `golang` version 1.20.10 -> 1.21.6 (#7640) 
Changelog: https://go.dev/doc/devel/release#go1.21.0
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2024-02-09 15:02:54 -08:00
Tobias Brick 5a8926c206
apply patch for CVE-2023-48795 (#7329) 2024-01-18 15:33:07 -08:00
Nan Liu 85350c6651
Update change logs to sync up with the ones in PMC (#6750) 2023-11-14 17:01:14 -08:00
Nan Liu 15bf461433
Fix golang CVE-2023-29409, CVE-2023-39318, CVE-2023-39319, CVE-2023-39323, CVE-2023-39533 (#6470) 2023-10-31 14:50:57 -07:00
Pawel Winogrodzki 01547eeed5
Fixed CVE-2023-44487 in `nginx` and `golang` (CP of #6381) (#6395) 
* Fixed CVE-2023-44487 in `nginx` and `golang` (#6381)

Co-authored-by: Dan Streetman <ddstreet@ieee.org>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>

* Bumping 'kubernetes'.

---------

Co-authored-by: Dan Streetman <ddstreet@microsoft.com>
Co-authored-by: Dan Streetman <ddstreet@ieee.org>
 2023-10-12 14:22:26 -07:00
Muhammad Falak R Wani e2ad74a2ca
Upgrade golang to 1.19.12 to address CVE-2023-29409 (#5946) 
* golang: introduce patch to permit requests with invalid host headers

Reference: https://go-review.googlesource.com/c/go/+/518855
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2023-08-16 10:15:25 +05:30
CBL-Mariner-Bot 78e1d24d47
Upgrade golang to 1.19.11 to fix CVE-2023-29406 (#5828) 2023-07-13 13:55:07 -07:00
CBL-Mariner-Bot c5a190f783
[AUTOPATCHER-CORE] Upgrade golang to 1.19.10 Address CVE-2023-24540, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405 (#5689) 
* Upgrade golang to 1.19.10 Adress CVEs

* Fix changelog

---------

Co-authored-by: Mitch Zhu <mitchzhu@microsoft.com>
 2023-06-20 13:39:41 -07:00
Adub17030MS bd0d0dc815
Upgrade cert-manager to v1.11.2 (#5513) 
* updating to v1.11.2

* Fixing bogus date warning

* Removing patch for CVE-2023-25165 as it is patched in the upgrade

* Removing patch for CVE-2023-25165 as it is patched in the upgrade

* Updating prep section to work withouth patch

* Fixing linting error
 2023-05-22 15:26:18 -07:00
Muhammad Falak R Wani a364e616af
golang: upgrade to 1.19.8 to address CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538 (#5228) 
Reference: https://github.com/golang/go/issues?q=milestone%3AGo1.19.8+label%3ASecurity
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2023-04-05 21:38:04 +05:30
CBL-Mariner-Bot 5da2585fa2
[AUTOPATCHER-CORE] Patched cert-manager to address CVE-2023-25165 - (#5155) 
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2023-03-28 18:17:29 -07:00
CBL-Mariner-Bot 42a2d6d72d
Upgrade golang to 1.19.7 to address CVE-2023-24532 (#5160) 
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2023-03-28 13:20:34 +05:30
CBL-Mariner-Bot 768aae23e3
Upgrade golang to 1.19.6 Address CVE-2022-41722, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723 (#5096) 
Co-authored-by: Rakshaa Viswanathan <46165429+rakshaa2000@users.noreply.github.com>
 2023-03-17 21:20:58 +05:30
CBL-Mariner-Bot 5ed28413bb
[AUTOPATCHER-CORE] Upgrade golang to 1.19.5 upgrade to latest - (#4759) 
* Upgrade golang to 1.19.5 upgrade to latest

* remove release bump of spec that should stay on golang 1.18.8 or below
 2023-02-03 20:56:43 +01:00
CBL-Mariner-Bot 63c1d45e66
[AUTOPATCHER-CORE] Upgrade golang to 1.19.4 upgrade to latest - (#4643) 
* Upgrade golang to 1.19.4 upgrade to latest

* fix issues due to golang 1.19.4 upgrade

* re-add CVE-2022-41717.patch which is required by golang 1.17 spec

* clean up gh dependencies
 2023-01-19 18:37:17 +01:00
Daniel McIlvaney 449fbf1b41
Patch golang to resolve CVE-2022-41717 (#4457) 
* Patch golang to resolve CVE-2022-41717
 2022-12-19 12:17:43 -08:00
Olivia Crain a828f488f8
Upgrade golang to 1.18.8 to fix CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-27664, CVE-2022-32190 (#4157) 2022-11-01 16:37:38 -07:00
Olivia Crain fdc6619ad3
Bump supported go versions to 1.17.13, 1.18.5 to fix fifteen CVEs (#3600) 
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2022-08-24 09:01:02 -07:00
Chris Gunn 5f8a64dd34
Update cert-manager to v1.7.3. (#3575) 
- Update cert-manager to v1.7.3.
- Split cert-manager binaries into separate packages.
- Remove cert-manager build dependency on Bazel and just build the
binaries directly using `go build`. This makes building easier. Also,
the latest upstream version of cert-manager does this.
- Use the Go "vendor" directory for Go dependencies instead of dumping
files in the global Go cache.
 2022-08-23 07:03:24 -07:00
Muhammad Falak R Wani d76052103a
golang: bump version to 1.18.3 to address CVE-2022-24675 & CVE-2022-28327 (#3163) 
* golang: rename specfile golang-1.17.spec -> golang.spec
* golang: bump version to 1.18.3 to address CVE-2022-24675 & CVE-2022-28327
* golang: bump release of dependent packages to force rebuild
* keda: verify license
* helm: verify license
* moby-containerd: bump version to 1.6.2 to address CVE-2022-24769
* golang: add go-1.17.10 to enable cert-manager
* cert-manger: add a hard BR on golang <= 1.17.10
* golang-17: add entry to cgimanifest

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2022-06-16 23:07:41 +05:30
Andrew Phelps e811da3e7f
remove exlusivearch from cert-manager (#3070) 2022-05-27 17:45:53 -07:00
Andrew Phelps d7cb7c78e9
Update toolchain and packages to build with gcc 11.2.0 and glibc 2.34 (#1623) 
* update coreutils and texinfo specs

* update coreutils and texinfo in toolchain

* fix patch url

* update binutils to 2.37

* update version in manifests

* update util-linux mpfr mpc gmp

* fix mpfr tarball

* fix gmp

* update cgmanifest.json

* cleanup

* restore binutils patch

* fix gmp and mpfr specs

* update util-linux spec

* fix binutils and util-linux breaks

* update kernel CONFIG_LD_VERSION

* bump kernel release

* remove reference to rpm-define-RPM-LD-FLAGS.patch

* fix gen-ld-script.sh sha256sum

* update gcc spec to 11.2.0

* update kernel configs for gcc

* update cgmanifest

* update gcc to 11.2.0 in raw toolchain

* add patch for gcc texi issue

* update glibc to 2.34

* update manifests for diffutils and glibc

* disable tm_texi patch in toolchain

* fix SIGSTKSZ gcc issue

* patch m4 for glibc 2.34

* update make to 4.3 and diffutils to 3.8

* revert make to 4.2.1 due to operation not permitted error

* fix make and texinfo build issues with glibc 2.34

* dont build zstd in temp toolchain due to gcc build errors

* remove glibc workarounds for fintutils and gzip

* update findutils and gzip

* update gzip and findutils specs

* update gdbm to 1.21

* update elfutils to 1.185 in toolchain. fix manifests

* remove findutils test change

* remove texinfo patch

* fix kernel changelogs

* add patch for cpio extern issue

* restore rpm patch

* fix m4 spec

* fix elfutils and gpgme spec issues

* fix kernel-hyperv changelog

* update kbd and libtirpc to resolve gcc 11.2.0 issues

* fix m4 version in pkggen_core

* fix libtirpc in manifests

* fix nss error

* fix openjdk

* fix aarch64 openjdk8

* fix elfutils spec

* GODEBUG=netdns=go

* verbose rpm query

* fix coreutils on aarch64. use rpm 1.14.2.1 in raw toolchain. revert rpm.go

* bump cpio release

* revert rpm.go change

* cleanup toolchain scripts and specs. parallel make for glibc

* enable fortran

* remove aarch64 ld-2.27.so link

* add gfortran to toolchain manifests

* fix binutils changelog

* fix kernel release version

* update bison grep sed tar

* add glibc pthread patch

* upgrade file gawk and xz. fix sed and grep spec issues

* set -fcommon

* revert file to 5.34

* fix temp gawk version

* fix xz man1 files

* update libgpg-error to 1.43

* add ld-linux-aarch64.so.1 to glibc spec

* use /lib/ld-linux-aarch64.so.1

* update file 5.40 and bzip2 1.0.8 in toolchain. openjdk8 remove -fcommon.

* update to perl 5.32.0 in toolchain

* fix glibc aarch64 exclude. add shadow-utils provides. fix perl src filename

* fix efivar build. upgrade dtc

* Removing 'ctags'.

* Updating 'libacvp' to version 1.4.1.

* Updating 'nlohmann-json' to version 3.10.4.

* Updating 'dhcp.spec' CFLAGS to include CBL-Mariner's defaults.

* update and fix ipxe build. remove perl debuginfo.

* add fixes for autofs and libcomps

* Adjusting build steps for 'dhcp' and 'nlohmann-json'.

* fix rocksdb

* fix ntp

* fix libcomps url in cgmanifest. revert perl change

* fix nfs-utils

* fix azure-iot-sdk-c

* Remove 'tboot'.

* fix qemu-kvm

* update R and ant

* Updating 'libiothsm-std' to version 1.2.5.

* Linting.

* Remove tcp_wrappers  package

* fix syslinux

* Downgrading 'libiothsm-std' to 1.1.8.

* fix fuse. fix libcomps url

* Downgrading 'libacvp' to 1.3.0.

* Applying GCC 11 patch.

* fix fuse configure.ac issue

* Fixing 'libiothsm-std' build.

* Upgrade lldpad to 1.1.0

* Upgrade gdb to 11.1

* Upgrade catch to 2.13.7

* fixup! Upgrade gdb to 11.1

* fixup! Upgrade lldpad to 1.1.0

* remove bazel

* Updating 'toml11' to version 3.7.0.

* update cgmanifest for catch gdb lldpad

* fix qt5-qtbase

* fix device-mapper-multipath

* fix syslinux

* fix grpc

* fix kernel configs

* fix kernel-hyperv config

* increase heap size for ant

* update lttng-consume

* fix auoms

* update valgrind. fix arm64 gdb issue

* update arm64 kernel config

* fix blobfuse

* update and fix azure-iotedge

* fix grpc 1.41.1 in cgmanifest

* fix kernel and kernel-hyperv PTHREAD_STACK_MIN issue

* remove ant ant-contrib jna R

* Updating 'azure-iotedge' sources creation instructions.

* add back ant ant-contrib bazel jna R

* restrict jdk8 packages

* verify licenses

* only build conda picosat python-pycosat on arm64. fix cgmanifest

* update openjdk8 to version 1.8.0.302

* fix cgmanifest for ant and R

* always build ant

* update licenses. remove tdnf workaround. bump shadow-utils release

* update LICENSES-MAP.md to remove tboot ctags tcp_wrappers. bump libavcp release

* fix ant builds only on arm64

* Clarifying license for 'ntp'.

* Verifying license for 'ant-contrib'.

* Verifying more specs.

* revert libabcvp CFLAGS changes

* add kernel patch file

* set -fcommon to fix libacvp build

* fix python-filelock

* revert tdnf line change

Co-authored-by: CBL-Mariner Service Account <cblmargh@microsoft.com>
Co-authored-by: Pawel Winogrodzki <pawel.winogrodzki@microsoft.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
Co-authored-by: Thomas Crain <thcrain@microsoft.com>
 2021-11-17 21:41:55 -08:00
Pawel Winogrodzki a0a3566a9d
[dev] Unifying `Release` tags (#1522) 2021-10-13 11:06:39 -07:00
Henry Li 6cb8e1a598
[dev] Enable cert-manager (#1402) 
* save implementation changes

* add license info

* remove unneeded file

* update manifest

* fix comments

* fix vendor source generation

* add condition for aarch64

* fix linter

Co-authored-by: Henry Li <lihl@microsoft.com>
 2021-09-20 11:11:21 -07:00