microsoft
/
CBL-Mariner
зеркало из https://github.com/microsoft/CBL-Mariner.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
4 674 коммитов 1 001 ветка 463 Теги 874 MiB
Граф коммитов

27 Коммитов

Автор SHA1 Сообщение Дата
Archana Choudhary d829011930
kata-containers: drop qemu-kvm-core dependency (#6910) 2023-12-06 09:27:20 -08:00
Nan Liu 85350c6651
Update change logs to sync up with the ones in PMC (#6750) 2023-11-14 17:01:14 -08:00
Nan Liu 15bf461433
Fix golang CVE-2023-29409, CVE-2023-39318, CVE-2023-39319, CVE-2023-39323, CVE-2023-39533 (#6470) 2023-10-31 14:50:57 -07:00
Pawel Winogrodzki 01547eeed5
Fixed CVE-2023-44487 in `nginx` and `golang` (CP of #6381) (#6395) 
* Fixed CVE-2023-44487 in `nginx` and `golang` (#6381)

Co-authored-by: Dan Streetman <ddstreet@ieee.org>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>

* Bumping 'kubernetes'.

---------

Co-authored-by: Dan Streetman <ddstreet@microsoft.com>
Co-authored-by: Dan Streetman <ddstreet@ieee.org>
 2023-10-12 14:22:26 -07:00
Mitch Zhu af6ece3823
Upstream kata cc package updates (#6297) 
* Initial katadev/main upstream draft

* Cherry-pick Daniel's CVE fix

* Remove alpha logs
 2023-10-02 10:14:54 -07:00
Daniel McIlvaney 45d111d407
Upgrade rust to 1.72.0 to resolve CVE-2023-38497, CVE-2023-40030 (#6198) 
* Upgrade rust to 1.72.0 to resolve CVE-2023-38497, CVE-2023-40030

Rework the rust.spec to use .tar.xz source tarballs instead of .tar.gz
source tarballs.  This removes the need to modify the bootstrap script
in the rust sources.

* Bump packges to use new rust

* flux: introduce patch to drop warnings are build blocker

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>

* kata-containers: drop mut for variables to unblock build

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>

* kata-containers-cc: enable gated feature & drop mut from immutable vars

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>

* clamav: regenerate cargo cache

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>

---------

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2023-09-28 11:06:01 -07:00
Muhammad Falak R Wani e2ad74a2ca
Upgrade golang to 1.19.12 to address CVE-2023-29409 (#5946) 
* golang: introduce patch to permit requests with invalid host headers

Reference: https://go-review.googlesource.com/c/go/+/518855
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2023-08-16 10:15:25 +05:30
CBL-Mariner-Bot 78e1d24d47
Upgrade golang to 1.19.11 to fix CVE-2023-29406 (#5828) 2023-07-13 13:55:07 -07:00
CBL-Mariner-Bot c5a190f783
[AUTOPATCHER-CORE] Upgrade golang to 1.19.10 Address CVE-2023-24540, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405 (#5689) 
* Upgrade golang to 1.19.10 Adress CVEs

* Fix changelog

---------

Co-authored-by: Mitch Zhu <mitchzhu@microsoft.com>
 2023-06-20 13:39:41 -07:00
Saul Paredes 26f1a6e336
Upgrade kata-containers to version 3.1.0 (#5291) 
* kata-containers: update to 3.1.0

* update cgmanifest

* update vendor

* fix patches

* align uvm memory footprint patch
 2023-04-27 16:18:14 -07:00
Saul Paredes 0f8392a4bf
kata-containers: update kata-osbuilder.sh signature (#5240) 2023-04-05 17:39:32 -07:00
Saul Paredes 2e89633b81
kernel-uvm: consume dom0 source (#5147) 
* kernel-uvm: consume dom0 source

* update kata containers spec

* use open source kernel url

* update cgmanifest

* adjust source

* fix release field

* remove source dup

* add clarifying comments and remove kernelver

* remve url

* fix changelog
 2023-04-05 10:10:54 -07:00
Muhammad Falak R Wani a364e616af
golang: upgrade to 1.19.8 to address CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538 (#5228) 
Reference: https://github.com/golang/go/issues?q=milestone%3AGo1.19.8+label%3ASecurity
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2023-04-05 21:38:04 +05:30
CBL-Mariner-Bot 42a2d6d72d
Upgrade golang to 1.19.7 to address CVE-2023-24532 (#5160) 
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2023-03-28 13:20:34 +05:30
ms-mahuber 32598ec209
kata-containers: integrate fix to reduce UVM memory consumption (#5134) 
* kata-containers: integrate fix to reduce UVM memory consumption

* Bump version number accordingly
 2023-03-22 22:14:07 -07:00
CBL-Mariner-Bot 768aae23e3
Upgrade golang to 1.19.6 Address CVE-2022-41722, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723 (#5096) 
Co-authored-by: Rakshaa Viswanathan <46165429+rakshaa2000@users.noreply.github.com>
 2023-03-17 21:20:58 +05:30
CBL-Mariner-Bot 5ed28413bb
[AUTOPATCHER-CORE] Upgrade golang to 1.19.5 upgrade to latest - (#4759) 
* Upgrade golang to 1.19.5 upgrade to latest

* remove release bump of spec that should stay on golang 1.18.8 or below
 2023-02-03 20:56:43 +01:00
CBL-Mariner-Bot 63c1d45e66
[AUTOPATCHER-CORE] Upgrade golang to 1.19.4 upgrade to latest - (#4643) 
* Upgrade golang to 1.19.4 upgrade to latest

* fix issues due to golang 1.19.4 upgrade

* re-add CVE-2022-41717.patch which is required by golang 1.17 spec

* clean up gh dependencies
 2023-01-19 18:37:17 +01:00
Daniel McIlvaney 449fbf1b41
Patch golang to resolve CVE-2022-41717 (#4457) 
* Patch golang to resolve CVE-2022-41717
 2022-12-19 12:17:43 -08:00
Neha Agarwal fd4cc549bc
Update cloud-hypervisor to v27.0.60, kernel-mshv to v5.15.72, kata to v3.0.0 (#4099) 
* Update CH to v27.0.0

* Update CH to v27.0.60, kernel-mshv to v5.15.72

* update cgmanifest

* Update kata to v3.0.0, apply patches for CH 27.0.0

* Update cgmanifest for kata
 2022-11-15 13:20:41 -08:00
Olivia Crain a828f488f8
Upgrade golang to 1.18.8 to fix CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-27664, CVE-2022-32190 (#4157) 2022-11-01 16:37:38 -07:00
Neha Agarwal b5293d1c17
kata : add patch to avoid memory hotplug timeout, fix systemd service (#3780) 
* Add patch for memory-hotplug-timeout

* Remove testing from spec, not required

* Add libseccomp
 2022-10-05 12:19:25 -07:00
Neha Agarwal cae41ea15d
Generate initrd for guest on reload (#3741) 
* Generate initrd for guest on reload

* Update signature
 2022-09-14 11:22:35 -07:00
Neha Agarwal 9c5ceeba9b
set DEFSANDBOXCGROUPONLY to false (#3694) 2022-09-06 10:46:02 -07:00
Neha Agarwal 3ea4d5b4bd
Match Guest and Host cgroup setup and expose required devices from kata (#3612) 
* Add patch for match-Guest-and-Host-cgroup-setup

* Add cgroup to kernel params, copy clh config to default

* Add patch to expose devices, move cgroup to make variable from patch

* Fix file section

* Add qemu-virtiofsd as Requires

* Working: patch, default hv, paths

* Edit os-builder to create initrd for guestOS
 2022-09-02 16:08:51 -07:00
Andrew Phelps c9e2f0f500
remove acrn config with arm64 (#3655) 2022-09-01 10:49:04 -07:00
Neha Agarwal 3619466fc7
Add kata-containers (#3588) 
* Add kata-containers

* Specify fedora version

* fix version in changelog

* fix space in changelog

* Remove patch
 2022-08-23 14:31:22 -07:00