Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bombastictranz/CBL-Mariner #2

Merged
merged 31 commits into from
Mar 8, 2024
Merged

bombastictranz/CBL-Mariner #2

merged 31 commits into from
Mar 8, 2024

Conversation

bombastictranz
Copy link
Owner

@bombastictranz bombastictranz commented Mar 8, 2024
edited
Loading

Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

  • The toolchain has been rebuilt successfully (or no changes were made to it)
  • The toolchain/worker package manifests are up-to-date
  • Any updated packages successfully build (or no packages were changed)
  • Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
  • Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
  • All package sources are available
  • cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
  • LICENSE-MAP files are up-to-date (./SPECS/LICENSES-AND-NOTICES/data/licenses.json, ./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md, ./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON)
  • All source files have up-to-date hashes in the *.signatures.json files
  • sudo make go-tidy-all and sudo make go-test-coverage pass
  • Documentation has been updated to match any changes to the build system
  • Ready to merge
Summary

What does the PR accomplish, why was it needed?

Change Log
  • Change
  • Change
  • Change
Does this affect the toolchain?

YES/NO

Associated issues
  • #xxxx
Links to CVEs
Test Methodology
  • Pipeline build id: xxxx

Camelron and others added 30 commits February 15, 2024 14:37
@Camelron
Add osslsigncode package (#7868)
0fb82a0
@mfrw
[RFC] virtiofsd: enable build on all supported platforms (#7921)
b65c546 
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
@liunan-ms @mfrw
Patch waagent.conf to add firewall rules (#7543)
cd42b14 
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
@Camelron
Introduce kernel-mshv-signed, hvloader-signed (#7173)
27c0792
@liunan-ms @PawelWMS
Add patch to address CVE 2023 48795 for kubernetes, telegraf (#7902)
24bae75 
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
@ddstreetmicrosoft
grub2: update to SBAT 4
8b259d9
@miz060
moby-containerd-cc: update to v1.7.7 (#7975)
99017dc
@mfrw
golang: include go.env in GOROOT (#8004)
b9c36e2 
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
@hbeberman
moby-containerd: fix test compatibility with golang 1.21 (#8031)
6184756
@christopherco
Revert "Patch waagent.conf to add firewall rules (#7543)" (#8054)
eb62644
@mandeepsplaha
add golden containers src artifacts (#7664)
f506a29
@CBL-Mariner-Bot @sameluch
[AUTO-CHERRYPICK] Upgrade libgit2 to Version 1.6.5 to address CVE-202…
c596f71 
…4-24575 - branch main (#8092)

Co-authored-by: Sam Meluch <109628994+sameluch@users.noreply.github.com>
@CBL-Mariner-Bot @sameluch
[AUTO-CHERRYPICK] Upgrade moby-compose to version 2.17.3 to address m…
55109c4 
…ultiple CVEs - branch main (#8091)

Co-authored-by: Sam Meluch <109628994+sameluch@users.noreply.github.com>
@nicogbg @CBL-Mariner-Bot
change code QL default settings file name (#8118)
2b8d95a 
Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
@CBL-Mariner-Bot
[AUTOPATCHER-kernel] Kernel CVE - branch main - CVE-2024-1312, CVE-20…
0ab15db 
…18-20169 (#7915)
@mandeepsplaha
updates containers source for marinara updates (#8154)
8bae98a
@CBL-Mariner-Bot
[AUTO-CHERRYPICK] postgresql: update to version14.11 to fix CVE-2024-…
317bacf 
…0985 - branch main (#8161)
@PawelWMS
Made test failures not fail the package build. (CP of #8121) (#8130)
3249aa8
@CBL-Mariner-Bot @chalamalasetty
[AUTO-CHERRYPICK] Fixed CVE-2023-42282 in nodejs. - branch main (#8159
e65e9f1 
)

Co-authored-by: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
@CBL-Mariner-Bot @suresh-thelkar
[AUTO-CHERRYPICK] Patch CVE-2024-24806 in libuv - branch main (#8148)
20f12b2 
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
@CBL-Mariner-Bot @suresh-thelkar
[AUTO-CHERRYPICK] Patch CVE-2024-22667 in vim - branch main (#8147)
1d29c6a 
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
@CBL-Mariner-Bot
[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade pam to 1.5.3 fix CVE-202…
cac464e 
…2-28321 - branch main (#8149)
@CBL-Mariner-Bot
[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade dnsmasq to 2.90 Fix CVE-…
d38bc3c 
…2023-50387 - branch main (#8150)
@CBL-Mariner-Bot @suresh-thelkar @PawelWMS
[AUTO-CHERRYPICK] Patch CVE-2024-24806 in nodejs18 - branch main (#8164)
351ccbc 
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
@CBL-Mariner-Bot
[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade bind to 9.16.48 Fix CVE-…
495e2b4 
…2023-50387 - branch main (#8167)
@CBL-Mariner-Bot
[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade unbound to 1.19.1 Fix CV…
8fa3fce 
…E-2023-50387 - branch main (#8170)
@CBL-Mariner-Bot
Prepare March 2024 Release (#8182)
9da930b
@jslobodzian
Merge branch 'main' into 2.0
430aced
@jslobodzian
Revert "[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade pam to 1.5.3 fix C…
87bd75d 
…VE-2022-28321 - branch main (#8149)"

This reverts commit cac464e.
@jslobodzian
Merge branch 'main' into 2.0
1775bea
@bombastictranz bombastictranz added bug Something isn't working documentation Improvements or additions to documentation duplicate This issue or pull request already exists enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed invalid This doesn't seem right question Further information is requested wontfix This will not be worked on labels Mar 8, 2024
@bombastictranz bombastictranz self-assigned this Mar 8, 2024
@codeautopilot CodeAutopilot
Copy link

codeautopilot bot commented Mar 8, 2024

PR summary

This PR introduces a number of changes, including security patches for various components, updates to package versions, and modifications to build scripts and utilities. It addresses several CVEs, updates the versions of bind, dnsmasq, kata-containers, libgit2, moby-compose, postgresql, unbound, and vim, and adds support for osslsigncode. The PR also includes changes to the build scheduler and result printing logic.

Suggestion

Overall, the PR seems comprehensive and addresses important security concerns. However, it's crucial to ensure that the updated versions and patches do not introduce any regressions or compatibility issues. It's recommended to perform thorough testing, including unit tests, integration tests, and end-to-end tests, to validate the changes. Additionally, it's important to review the dependency graph to ensure that all dependencies are correctly updated and there are no missing or conflicting versions. If any new features or configuration options are introduced, consider updating the documentation accordingly.

Disclaimer: This comment was entirely generated using AI. Be aware that the information provided may be incorrect.

Current plan usage: 110.38%

Have feedback or need help?
Discord
Documentation
support@codeautopilot.com

@bombastictranz bombastictranz merged commit 242798e into bombastictranz:2.0 Mar 8, 2024
7 checks passed
@bombastictranz bombastictranz added dependencies Pull requests that update a dependency file and removed bug Something isn't working documentation Improvements or additions to documentation duplicate This issue or pull request already exists enhancement New feature or request help wanted Extra attention is needed good first issue Good for newcomers invalid This doesn't seem right question Further information is requested wontfix This will not be worked on labels Jun 23, 2024
bombastictranz added a commit that referenced this pull request Jun 26, 2024
@bombastictranz
Merge pull request #2 from bombastictranz/2.0
65f2e6d 
Stock-control-supervisors/CBL-Mariner
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@bombastictranz bombastictranz

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.