CBL-Mariner

Граф коммитов

Автор	SHA1	Сообщение	Дата
raviprpandey	b203de4f7d	Set OOMScoreAdjust to -999 for containerd (#6819 )	2023-12-22 16:14:13 -08:00
Rohit Rawat	e87fb99c84	Fix CVE-2020-8694, CVE-2020-8695 and CVE-2020-12912 (#7029 ) Fixes moby-engine and moby-containerd by upgrade	2023-12-20 20:40:33 +05:30
Nan Liu	85350c6651	Update change logs to sync up with the ones in PMC (#6750 )	2023-11-14 17:01:14 -08:00
Nan Liu	15bf461433	Fix golang CVE-2023-29409, CVE-2023-39318, CVE-2023-39319, CVE-2023-39323, CVE-2023-39533 (#6470 )	2023-10-31 14:50:57 -07:00
Pawel Winogrodzki	01547eeed5	Fixed CVE-2023-44487 in `nginx` and `golang` (CP of #6381 ) (#6395 ) * Fixed CVE-2023-44487 in `nginx` and `golang` (#6381) Co-authored-by: Dan Streetman <ddstreet@ieee.org> Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com> * Bumping 'kubernetes'. --------- Co-authored-by: Dan Streetman <ddstreet@microsoft.com> Co-authored-by: Dan Streetman <ddstreet@ieee.org>	2023-10-12 14:22:26 -07:00
Chris PeBenito	47ed0529c5	Add /opt/containerd/{bin,lib} to RPMs and cherry-pick fix for systemd-hostnamed default-hostname in SELinux. (#6311 ) * filesystem: Restore /opt. /opt is part of FHS. This fixes an issue on SELinux systems where containerd will create /opt but we'd prefer not to allow this in the policy. Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com> * selinux-policy: systemd-hostnamed fix. Cherry pick systemd-hostnamed fix for handling /run/systemd/default-hostname. Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com> * containerd: Precreate /opt/containerd/{bin,lib}. These are created by io.containerd.internal.v1.opt but it results in the dirs having incorrect SELinux lables. Creating them in the package will ensure correct labeling. Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com> --------- Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>	2023-10-12 10:31:13 -04:00
Muhammad Falak R Wani	d82493a5f9	golang: bump golang 1.19.12 -> 1.20.7 (#6001 ) Bump following packages: - golang: 1.19.12 -> 1.20.7 - moby-cli: 20.10.24 -> 20.10.25 - moby-engine: 20.10.24 -> 20.10.25 - moby-containerd:1.6.18 -> 1.6.22 - moby-runc: 1.1.5 -> 1.1.9 This PR fixes docker `http: invalid Host header` error and bootstraps the go1.20 compiler with go1.19.12 instead of go1.4 Reference: https://go.dev/doc/go1.20#bootstrap Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>	2023-08-21 22:31:35 +05:30
Muhammad Falak R Wani	e2ad74a2ca	Upgrade golang to 1.19.12 to address CVE-2023-29409 (#5946 ) * golang: introduce patch to permit requests with invalid host headers Reference: https://go-review.googlesource.com/c/go/+/518855 Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>	2023-08-16 10:15:25 +05:30
CBL-Mariner-Bot	78e1d24d47	Upgrade golang to 1.19.11 to fix CVE-2023-29406 (#5828 )	2023-07-13 13:55:07 -07:00
CBL-Mariner-Bot	c5a190f783	[AUTOPATCHER-CORE] Upgrade golang to 1.19.10 Address CVE-2023-24540, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405 (#5689 ) * Upgrade golang to 1.19.10 Adress CVEs * Fix changelog --------- Co-authored-by: Mitch Zhu <mitchzhu@microsoft.com>	2023-06-20 13:39:41 -07:00
Muhammad Falak R Wani	a364e616af	golang: upgrade to 1.19.8 to address CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538 (#5228 ) Reference: https://github.com/golang/go/issues?q=milestone%3AGo1.19.8+label%3ASecurity Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>	2023-04-05 21:38:04 +05:30
CBL-Mariner-Bot	42a2d6d72d	Upgrade golang to 1.19.7 to address CVE-2023-24532 (#5160 ) Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>	2023-03-28 13:20:34 +05:30
CBL-Mariner-Bot	768aae23e3	Upgrade golang to 1.19.6 Address CVE-2022-41722, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723 (#5096 ) Co-authored-by: Rakshaa Viswanathan <46165429+rakshaa2000@users.noreply.github.com>	2023-03-17 21:20:58 +05:30
CBL-Mariner-Bot	1a316eb216	[AUTOPATCHER-CORE] Upgrade moby-containerd to 1.6.18 to fix CVE-2023-25173, CVE-2023-25153 - (#5068 ) * Upgrade moby-containerd to 1.6.18 to fix CVE-2023-25173, CVE-2023-25153 * update commit hash to match version 1.6.18	2023-03-13 12:39:41 -07:00
CBL-Mariner-Bot	5ed28413bb	[AUTOPATCHER-CORE] Upgrade golang to 1.19.5 upgrade to latest - (#4759 ) * Upgrade golang to 1.19.5 upgrade to latest * remove release bump of spec that should stay on golang 1.18.8 or below	2023-02-03 20:56:43 +01:00
CBL-Mariner-Bot	63c1d45e66	[AUTOPATCHER-CORE] Upgrade golang to 1.19.4 upgrade to latest - (#4643 ) * Upgrade golang to 1.19.4 upgrade to latest * fix issues due to golang 1.19.4 upgrade * re-add CVE-2022-41717.patch which is required by golang 1.17 spec * clean up gh dependencies	2023-01-19 18:37:17 +01:00
aadhar-agarwal	71c623da4d	Backport upstream fix in containerd to add ptrace readby and tracedby to default AppArmor profile (#4475 )	2022-12-21 10:35:02 -08:00
Daniel McIlvaney	449fbf1b41	Patch golang to resolve CVE-2022-41717 (#4457 ) * Patch golang to resolve CVE-2022-41717	2022-12-19 12:17:43 -08:00
CBL-Mariner-Bot	8cd9b00d73	upgrade moby-containerd to 1.6.12 to fix CVE-2022-23471 (#4449 )	2022-12-14 13:03:22 -08:00
Olivia Crain	a828f488f8	Upgrade golang to 1.18.8 to fix CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-27664, CVE-2022-32190 (#4157 )	2022-11-01 16:37:38 -07:00
Olivia Crain	fdc6619ad3	Bump supported go versions to 1.17.13, 1.18.5 to fix fifteen CVEs (#3600 ) Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>	2022-08-24 09:01:02 -07:00
Henry Beberman	c24c3910f8	`moby-containerd`: upgrade to version 1.6.6 to fix CVE-2022-31030 (#3230 )	2022-06-23 20:25:45 -07:00
Muhammad Falak R Wani	d76052103a	golang: bump version to 1.18.3 to address CVE-2022-24675 & CVE-2022-28327 (#3163 ) * golang: rename specfile golang-1.17.spec -> golang.spec * golang: bump version to 1.18.3 to address CVE-2022-24675 & CVE-2022-28327 * golang: bump release of dependent packages to force rebuild * keda: verify license * helm: verify license * moby-containerd: bump version to 1.6.2 to address CVE-2022-24769 * golang: add go-1.17.10 to enable cert-manager * cert-manger: add a hard BR on golang <= 1.17.10 * golang-17: add entry to cgimanifest Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>	2022-06-16 23:07:41 +05:30
nicolas guibourge	04df64f203	move docker to systemd cgroup by default (#2606 ) Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>	2022-03-29 16:10:48 -07:00
angop95	3a3b6dd0db	enable containerd service restart (#2577 )	2022-03-23 16:48:33 -07:00
nicolas guibourge	4d1bc49e66	Upgrade moby-containerd to 1.6.1 (#2486 ) Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>	2022-03-21 10:03:14 -07:00
nicolas guibourge	f3d088f10b	fix wrong version for moby-containerd (#2143 ) Co-authored-by: nicolas guibourge <nicolasg@microsoft.com>	2022-02-08 10:12:25 -08:00
nicolas guibourge	e8d4468606	upgrade moby-buildx, moby-runc, moby-containerd, moby-cli, moby-engine (#2124 ) * upgrade moby-buildx * upgrade moby-buildx * upgrade moby-buildx * upgrade moby-runc * upgrade moby-runc * upgrade moby-containerd * upgrade moby-containerd * upgrade moby-containerd * upgrade moby-cli * upgrade moby-engine * Makes moby-engine spec relying on tini to provide docker-init * upgrade moby-engine * upgrade moby-engine * add %check in moby-runc.spec * address PR check Co-authored-by: nicolas guibourge <nicolasg@microsoft.com>	2022-02-08 08:53:21 -08:00
Henry Beberman	5a14914378	Update moby-containerd to 1.5.9 (#1994 )	2022-01-25 11:51:48 -08:00
Henry Beberman	ba4fb30966	[dev] Fix moby-containerd CVE-2021-41103 (#1494 )	2021-10-06 10:33:38 -07:00
jslobodzian	17b0e93e71	Merge 1.0 to dev branch This merge brings the latest SELinux and many packages and CVE fixes from the 1.0 branch.	2021-08-19 13:46:51 -07:00
Andrew Phelps	819786cad8	Increment release for all specs building with golang 1.15 (#460 ) * bump release for specs building with golang 1.15 * changelog cleanup	2020-12-10 23:09:35 -08:00
Jon Slobodzian	b877013b27	Initial CBL-Mariner commit to GitHub	2020-08-06 20:17:52 -07:00

33 Коммитов