| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After backporting the CVE-2024-35195 in poky, parts of python3-requests
got updated to 2.32.0 which is incompatible with the current
docker-compose command.
This patch will fix the following error message:
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/bin/docker-compose", line 8, in <module>
sys.exit(main())
File "/usr/lib/python3.10/site-packages/compose/cli/main.py", line 81, in main
command_func()
File "/usr/lib/python3.10/site-packages/compose/cli/main.py", line 200, in perform_command
project = project_from_options('.', options)
File "/usr/lib/python3.10/site-packages/compose/cli/command.py", line 60, in project_from_options
return get_project(
File "/usr/lib/python3.10/site-packages/compose/cli/command.py", line 152, in get_project
client = get_client(
File "/usr/lib/python3.10/site-packages/compose/cli/docker_client.py", line 41, in get_client
client = docker_client(
File "/usr/lib/python3.10/site-packages/compose/cli/docker_client.py", line 170, in docker_client
client = APIClient(use_ssh_client=not use_paramiko_ssh, **kwargs)
File "/usr/lib/python3.10/site-packages/docker/api/client.py", line 197, in __init__
self._version = self._retrieve_server_version()
File "/usr/lib/python3.10/site-packages/docker/api/client.py", line 221, in _retrieve_server_version
raise DockerException(
docker.errors.DockerException: Error while fetching server API version: Not supported URL scheme http+docker
Signed-off-by: Christian Ege <christian.ege@ifm.com>
Reference: https://github.com/graugans/meta-virtualization/commit/4149812ca9581a313de27c45a0f2dfa7bd8f53df
Signed-off-by: Libo Chen <libo.chen.cn@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an
attacker to perform unauthorized actions in RGW for Ceph due
to improper bucket access. IBM X-Force ID: 266807.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-43040
Upstream patch:
https://github.com/ceph/ceph/commit/98bfb71cb38899333deb58dd2562037450fd7fa8
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This upgrade fixes:
CVE-2024-11218
Changes in this Upgrade:
=========================
This upgrade from Buildah 1.26.8 to 1.26.9 includes important security and stability fixes:
- Fixes CVE-2024-11218
- Resolves TOCTOU error when bind and cache mounts use "src" values
- Fixes cache locks with multiple mounts
- Enhances volume handling and mount label options
For full details, refer to:
https://github.com/containers/buildah/releases/tag/v1.26.9
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
On criu version 3.17:
When use "criu restore -d -D checkpoint" to restore, the error is:
1272: Error (criu/cr-restore.c:1498): 1295 killed by signal 11: Segmentation fault
The root casue is that the glibc updated and criu should adjust to glibc __rseq_size semantic change.
Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Backport patch to fix CVE-2025-24976.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
This reverts commit 76f2999987fa3ea30a823de3bd79d0cc0e0c287f.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This upgrade fixes a few CVEs:
- CVE-2023-27561
- CVE-2023-25809
- CVE-2023-28642
- CVE-2024-21626 and other bug fixes
Changelog:
==========
https://github.com/opencontainers/runc/blob/v1.1.12/CHANGELOG.md
Adjusted existing patches to align with v1.1.12
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Backport patch to fix CVE-2024-9676.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Backport patch to fix CVE-2024-9676.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Backport patch to fix CVE-2024-9676.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* because it rdepends on podman with the same restriction
* BTW: .gitignore has:
build*/
which gets triggered for buildah as well:
meta-virtualization $ git add ./recipes-containers/buildah/buildah_git.bb
The following paths are ignored by one of your .gitignore files:
recipes-containers/buildah
I've adjusted it to /build*/ only.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution
via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has
been categorized both as fixed in e8810de, and as intended behavior.
Refer:
https://nvd.nist.gov/vuln/detail/CVE-2023-37154
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
This reverts commit 460ea78d7f8d5d16799d0b7334b95d8170c9e338.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2023-37154:
check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution"x$with_unrestricted_ssh_options" = xyes ; then
++ AC_DEFINE(HAVE_UNRESTRICTED_SSH_OPTIONS,[1],[Allow SSH to use options that run local commands.])
++fi
++
+ AC_ARG_WITH([ipv6],
+ [AS_HELP_STRING([--with-ipv6], [support IPv6 @<:@default@check>@])],
+ [], [with_ipv6=check])
+diff --git a/plugins/check_by_ssh.c b/plugins/check_by_ssh.c
+index b6f3130..6cc6c7a 100644
+--- a/plugins/check_by_ssh.c
++++ b/plugins/check_by_ssh.c
+@@ -27,7 +27,7 @@
+ *****************************************************************************/
+
+ const char *progname = "check_by_ssh";
+-const char *copyright = "2000-2014";
++const char *copyright = "2000-";
+ const char *email = "devel@nagios-plugins.org";
+
+ #include "common.h"
+@@ -299,6 +299,16 @@ process_arguments (int argc, char **argv)
+ skip_stderr = atoi (optarg);
+ break;
+ case 'o': /* Extra options for the ssh command */
++
++ /* Don't allow the user to run commands local to the nagios server, unless they decide otherwise at compile time. */
++#ifndef HAVE_UNRESTRICTED_SSH_OPTIONS
++ if ( strcasestr(optarg, "ProxyCommand") != NULL
++ || strcasestr(optarg, "PermitLocalCommand") != NULL
++ || strcasestr(optarg, "LocalCommand") != NULL) {
++ break;
++ }
++#endif
++
+ comm_append("-o");
+ comm_append(optarg);
+ break;
+--
+2.23.0
+
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
* master was renamed to main long time ago
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
We no longer need our own pinned version of this recipe, and
it causes us issues with meta-python.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Upstream-commit:
https://github.com/kubernetes/kubernetes/commit/7da6d72c05dffb3b87e62e2bc8c3228ea12ba1b9
& https://github.com/kubernetes/kubernetes/commit/a53faf5e17ed0b0771a605c6401ba4cbf297b59a
Reference:
https://github.com/kubernetes/kubernetes/issues/119339
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Use dup3 instead for riscv64 as there is no dup2 on riscv64 linux
to fix the below build failure:
vendor/github.com/bugsnag/panicwrap/dup2.go:10:9: undefined: syscall.Dup2
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The upstream project has made the "interesting" decision to
delete the stable branch and move to "main" for recent
releases. So rather than being able to simply switch for our
updates, we have to switch to main on all releases that had
podman-compose recipes using the stable branch.
Luckily, the commit hashes haven't changed, so we only have
to modify the branch in the SRC_URI.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from [https://launchpad.net/ubuntu/+source/libvirt/8.0.0-1ubuntu7.10]
import Ubuntu patches to fix
CVE-2024-1441
CVE-2024-2496
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
* introduced in:
https://lists.yoctoproject.org/g/meta-virtualization/message/8715
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Upstream-Status: Backport [https://gitlab.com/libvirt/libvirt/-/commit/8a3f8d957507c1f8223fdcf25a3ff885b15557f2]
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Upstream-Status: Backport [https://github.com/kubernetes/kubernetes/pull/124325/commits/3f0922513d235d8bdebe79f0d07da769c04211b8]
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes security fixes for - CVE-2023-3966 and CVE-2023-5366
commits short logs:
0bea06d99 (tag: v2.17.9) Set release date for 2.17.9.
b8657dada netdev-offload-tc: Check geneve metadata length.
e235a421f odp: ND: Follow Open Flow spec converting from OF to DP.
002cba9f1 dpdk: Use DPDK 21.11.6 release for OVS 2.17.
ee889659d github: Update versions of action dependencies (Node.js 20).
bf717d0f3 ovs-atomic: Fix inclusion of Clang header by GCC 14.
9bbc2cf8a ovsdb-idl.at: Test IDL behavior during database conversion.
049189584 tests: Use _DAEMONIZE macro's to start tcpdump.
30099c5d9 tests-ovsdb: Switch OVSDB_START_IDLTEST to macro.
f4b4d650a python: idl: Handle monitor_canceled.
d6caa6ed0 vconn: Count vconn_sent regardless of log level.
b0eb66a69 backtrace: Fix error in log_backtrace() documentation.
bb89735b2 ovsdb: trigger: Do not allow conversion in read-only mode.
a79ee883a ovsdb: jsonrpc-server: Fix the DSCP value in default options.
4f01f2f7d jsonrpc: Sort JSON objects while printing debug messages.
3cae42bc5 tests: ovsdb: Use diff -up format for replay test.
a7036f6a1 ovsdb-server.at: Enbale debug logs in active-backup tests.
c944a30fe ovsdb: transaction: Don't try to diff unchanged columns.
5c0dc9602 ovsdb: transaction: Avoid diffs for different type references.
eabd4cb2f ci: Update the GitHub Ubuntu runner image to Ubuntu 22.04.
c462aabb3 netdev-afxdp: Disable -Wfree-nonheap-object on receive.
b3f8c32ed ovsdb-idl: Preserve change_seqno when deleting rows.
d254aedad tunnel: Do not carry source port from a previous tunnel.
1857c569e netdev-offload-tc: Fix offload of tunnel key tp_src.
0a0c500d7 cirrus: Update from FreeBSD 12 to 14.
74633888d dpdk: Use DPDK 21.11.5 release for OVS 2.17.
b5e54aa16 ovs-ofctl: Correctly mark the CT flush commands.
1d3609a48 mcast-snooping: Flush flood and report ports when deleting interfaces.
df101fe1e mcast-snooping: Test per port explicit flooding.
8313ebbb3 flake8: Fix E721 check failures.
f73208151 build-aux: Enable flake8 checks for python extraction scripts.
8b6a8fcb0 build-aux/extract-ofp-msgs: Fix flake8 and syntax errors.
80e922644 build-aux/extract-ofp-fields: Fix flake8 and syntax errors.
1508e7abc build-aux/extract-ofp-errors: Fix flake8 and syntax errors.
98fc48e4d build-aux/extract-ofp-actions: Fix flake8 and syntax errors.
d52231171 automake: Move build-aux EXTRA_DIST updates to their own file.
8868756b8 netdev-offload: Fix Clang's static analyzer 'Division by zero' warnings.
46e9cacaa ofp-table: Fix count_common_prefix_run() function.
8e6d1cd04 vswitch.xml: Add entry for dpdkvhostuser userspace-tso.
7838778ad vswitch.xml: Add dpdkvhostuser group status.
a3a039507 tests: Use ping timeout instead of deadline.
3351b149c tests/system-traffic: Ensure no name resolution for tcpdump.
bce17b0bb tc: Improve logging of mismatched actions.
af934924f ofproto-dpif-upcall: Pause revalidators when purging.
48fa54747 db-ctl-base: Fix memory leak of db commands.
7fb2197e1 Prepare for 2.17.9.
275be1eb9 (tag: v2.17.8) Set release date for 2.17.8.
be1a8f7ec conntrack: Remove nat_conn introducing key directionality.
f179c7c07 conntrack: simplify cleanup path
fac770a0a netdev-dpdk: Document status options for VF MAC address.
79ab2eeb1 netdev-offload-dpdk: Fix flushing of a physdev.
4ced485f8 connmgr: Fix ofconn configuration on vswitchd startup.
3c39cfe03 python: idl: Fix last-id update from a monitor reply.
a6207b2bc ofproto-dpif-xlate: Fix recirculation with patch port and controller.
a141b62c2 ofproto-dpif-xlate: Don't reinstall removed XC_LEARN rule.
586e73dac configure: Avoid deprecated AC_PROG_CC_C99 if possible.
bd95fe3d7 tests: Fix time dependency in overlapping flows modification test.
123b7aaa7 python: Use build to generate PEP517 compatible archives.
41d2e7e9a python: Use twine to upload sdist package to pypi.org.
66d5562e3 python: Rename build related code to ovs_build_helpers.
c880faea8 dpif-netdev: Fix length calculation of netdet_flow_key.
8c7aa5f58 doc: Fix description of max_len for controller action.
34ff03c3c docs: Fix rendering of VLAN Comparison Chart.
93412e00e docs: Run tbl preprocessor in manpage-check rule.
6929485d3 docs: Add `nowarn` region option to tables.
08b6b83a3 tests: Add clang-analyzer-results to gitignore.
c252b1f8a ci: Add jobs to test -std=c99 builds.
242bb2624 tests: Fix order of includes in barrier/id-fpool/mpsc-queue tests.
292eca58c sflow: Always enable _BSD_SOURCE.
82aa3fb01 compiler.h: Don't use asm and typeof with non-GNU compilers.
a45b3afbf ovs.tmac: Fix troff warning in versions above groff-1.23.
a336ef712 connmgr: Count unsent async messages.
a74b7dfb9 dpif-netdev: Fix dpif_netdev_flow_put.
f04bfd5e4 ofproto-dpif-xlate: Reduce stack usage in recursive xlate functions.
29990edbc cirrus: Update to FreeBSD 13.2.
65bb82369 ci: Fix OPTS not being passed to OSX builds.
fe98b0c1f ovsdb-tool: Fix json leak while showing clustered log.
44722bbda ovsdb-server: Fix excessive memory usage on DB open.
9db221fcd tests: Add ovsdb execution cases for set size constraints.
3cfe388cb ovsdb: relay: Fix handling of XOR updates with size constraints.
f4d15497f ovsdb: file: Fix diff application to a default column value.
7864ed557 ovsdb: file: Fix inability to read diffs that violate type size.
97d91ad2d ovs-tcpdump: Clear auto-assigned ipv6 address of mirror port.
dba7482e0 ofproto-dpif: Fix removal of renamed datapath ports.
a1ca9e589 ofproto-dpif-upcall: Mirror packets that are modified.
5d976536b vswitchd: Wait for a bridge exit before replying to exit unixctl.
e206df08d Prepare for 2.17.8.
f15de6508 (tag: v2.17.7) Set release date for 2.17.7.
4b10b0b87 fatal-signal: Don't share signal fds/handles with forked process.
e01ea8e7e cpu: Fix cpuid check for some AMD processors.
111c7be31 tc: Fix crash on malformed reply from kernel.
75152d3d6 netdev-dpdk: Fix warning with gcc 13.
5285dad18 utilities/bashcomp: Fix PS1 generation on new bash.
ebe7bd7b6 netdev-offload-dpdk: Fix crash in debug log.
4937a5341 stream-ssl: Disable alerts on unexpected EOF.
fe99e6b97 tests: layer3-tunnels: Skip bareudp tests if not supported by kernel.
a375055f2 ovs-fields: Modify the width of tpa and spa.
749769be3 netdev-vport: RCU-fy tunnel config.
c423fa5f6 smap: Make argument of smap_add_ipv6 constant.
2db06ee6f netdev-vport: Fix unsafe handling of GRE sequence number.
51d804aa4 dpctl: Fix dereferencing null pointer in parse_ct_limit_zones().
80b15d142 netdev-offload: Fix deadlock/recursive use of the netdev_hmap_rwlock rwlock.
0d3c27e90 ofproto-dpif-xlate: Fix use-after-free when xlate_actions().
8eb24943c tc: Fix cleaning chains.
cbe5852d7 python-stream: Handle SSL error in do_handshake.
be3caf455 dpif-netlink: Fix memory leak dpif_netlink_open().
b7e1593f4 ofp-parse: Check ranges on string to uint32_t conversion.
70cb45c66 learning-switch: Fix coredump of OpenFlow15 learning-switch.
b08224194 ovsdb: Allow conversion records with no data in a clustered storage.
efcdf6c0d ovsdb: Check for ephemeral columns before writing a new schema.
bf39ea3c7 ovsdb-tool: Fix cluster-to-standalone for DB conversion records.
4f82f8903 ovs-tcpdump: Stdout is shutdown before ovs-tcpdump exit.
77116d990 Prepare for 2.17.7.
Reference:
https://www.openvswitch.org/releases/NEWS-2.17.9.txt
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update upx recipe from 3.96 to 4.2.2 release:
* Use the gitsm fetcher to get the source code.
* Add a note to keep using the git repository.
* Update the homepage.
* Drop the build dependencies as they're useless. UPX builds using the
vendor subdirectory, statically linking the libraries.
Fixes CVEs:
* https://www.cve.org/CVERecord?id=CVE-2023-23456 A heap-based buffer overflow
issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow
allows an attacker to cause a denial of service (abort) via a crafted file.
* https://www.cve.org/CVERecord?id=CVE-2023-23457 A Segmentation fault was found
in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with
a crafted input file allows invalid memory address access that could lead to a
denial of service.
* https://www.cve.org/CVERecord?id=CVE-2021-46179 Reachable Assertion
vulnerability in upx before 4.0.0 allows attackers to cause a denial of service
via crafted file passed to the the readx function.
* https://www.cve.org/CVERecord?id=CVE-2021-43317 A heap-based buffer overflows
was discovered in upx, during the generic pointer 'p' points to an inaccessible
address in func get_le32(). The problem is essentially caused in
PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404
* https://www.cve.org/CVERecord?id=CVE-2021-43316 A heap-based buffer overflow
was discovered in upx, during the generic pointer 'p' points to an inaccessible
address in func get_le64().
* https://www.cve.org/CVERecord?id=CVE-2021-43315 A heap-based buffer overflows
was discovered in upx, during the generic pointer 'p' points to an inaccessible
address in func get_le32(). The problem is essentially caused in
PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349
* https://www.cve.org/CVERecord?id=CVE-2021-43314 A heap-based buffer overflows
was discovered in upx, during the generic pointer 'p' points to an inaccessible
address in func get_le32(). The problem is essentially caused in
PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368
* https://www.cve.org/CVERecord?id=CVE-2021-43313 A heap-based buffer overflow
was discovered in upx, during the variable 'bucket' points to an inaccessible
address. The issue is being triggered in the function
PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688.
* https://www.cve.org/CVERecord?id=CVE-2021-43312 A heap-based buffer overflow
was discovered in upx, during the variable 'bucket' points to an inaccessible
address. The issue is being triggered in the function
PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239.
* https://www.cve.org/CVERecord?id=CVE-2021-43311 A heap-based buffer overflow
was discovered in upx, during the generic pointer 'p' points to an inaccessible
address in func get_le32(). The problem is essentially caused in
PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382.
* https://www.cve.org/CVERecord?id=CVE-2021-30501 An assertion abort was found
in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows
attackers to cause a denial of service (abort) via a crafted file.
* https://www.cve.org/CVERecord?id=CVE-2021-30500 Null pointer dereference was
found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0.
That allow attackers to execute arbitrary code and cause a denial of service
via a crafted file.
* https://www.cve.org/CVERecord?id=CVE-2021-20285 A flaw was found in upx
canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a
denial of service (SEGV or buffer overflow and application crash) or possibly
have unspecified other impacts via a crafted ELF. The highest threat from this
vulnerability is to system availability.
* https://www.cve.org/CVERecord?id=CVE-2020-27802 An floating point exception
was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a
crafted Mach-O file.
* https://www.cve.org/CVERecord?id=CVE-2020-27801 A heap-based buffer over-read
was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a crafted
Mach-O file.
* https://www.cve.org/CVERecord?id=CVE-2020-27800 A heap-based buffer over-read
was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a crafted
Mach-O file.
* https://www.cve.org/CVERecord?id=CVE-2020-27799 A heap-based buffer over-read
was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a
crafted Mach-O file.
* https://www.cve.org/CVERecord?id=CVE-2020-27798 An invalid memory address
reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0
via a crafted Mach-O file.
* https://www.cve.org/CVERecord?id=CVE-2020-27797 An invalid memory address
reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX
4.0.0 via a crafted Mach-O file.
* https://www.cve.org/CVERecord?id=CVE-2020-27796 A heap-based buffer over-read
was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0
via a crafted Mach-O file.
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clean dir ${B}/plugins before do_compile to avoid cni generated binaries
like /usr/libexec/cni/bridge has wrong dynamic linker path and reports
error like: /usr/libexec/cni/bridge: no such file or directory".
Reproduce steps:
1. bitbake cni
2. enable usrmerge feature in local.conf
3. bitbake cni
After step 2, GOBUILDFLAGS changed,
"-I /lib64/ld-linux-aarch64.so.1" -> "/usr/lib/ld-linux-aarch64.so.1"
But "go build" seems only check if the cached packagefile changed, since
all not changed, the dynamic linker still use the old one, maybe go
build should improve this.
Clean dir ${B}/plugins to trigger rebuild of the binaries here.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When building cni, we get textrel QA issue like below:
cni: ELF binary /usr/libexec/cni/macvlan has relocations in .text
The problem could be solved by adding '-buildmode=pie' to ${GO}.
In go.bbclass, this flag is added to GOBUILDFLAGS conditionally,
that is, if the arch is not mips nor riscv32, this '-buildmode=pie'
is added to GOBUILDFLAGS. So make use of that.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Users may be able to launch containers using images that are restricted by
ImagePolicyWebhook when using ephemeral containers, Kubernetes clusters are
only affected if the ImagePolicyWebhook admission plugin is used together
with ephemeral containers.
Users may be able to launch containers that bypass the mountable secrets
policy enforced by the ServiceAccount admission plugin when using ephemeral
containers. The policy ensures pods running with a service account may only
reference secrets specified in the service account's secrets field. Kuberenetes
clusters are only affected if the ServiceAccount admission plugin and the
`kubernetes.io/enforce-mountab'le-secrets` annotation are used teogether with
ephemeralcontainers.
CVE: CVE-2023-2727, CVE-2023-2728
Affected Versions
1.27.0 - v1.27.2
v1.26.0 - v1.26.5
v1.25.0 - v1.25.10
<= v1.24.14
master branch(kubernetes v1.28.2) is not impacted
mickledore branch(kubernetes v1.27.5) is not impacted
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-2727
https://nvd.nist.gov/vuln/detail/CVE-2023-2728
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A security issue was discovered in Kubelet that allows pods to bypass the
seccomp profile enforcement. Pods that use localhost type for seccomp profile
but specify an empty profile field, are affected by this issue. In this
scenario, this vulnerability allows the pod to run in unconfined (seccomp
disabled) mode. This bug affects Kubelet.
CVE: CVE-2023-2431
Affected Versions
v1.27.0 - v1.27.1
v1.26.0 - v1.26.4
v1.25.0 - v1.25.9
<= v1.24.13
master branch(kubernetes v1.28.2) is not impacted
mickledore branch(kubernetes v1.27.5) is not impacted
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-2431
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adjust patches and .bb to fix below error which occurs with devtool modify command -
ERROR: Applying patch '0001-hack-lib-golang.sh-use-CC-from-environment.patch' on
target directory
CmdError('sh -c \'PATCHFILE="0001-hack-lib-golang.sh-use-CC-from-environment.patch"
git -c user.name="OpenEmbedded" -c user.email="oe.patch@oe" commit -F /tmp/tmp_ptvioq3
--author="Koen Kooi <koen.kooi@linaro.org>"
--date="Mon, 23 Jul 2018 15:28:02 +0200"\'', 0, 'stdout: On branch devtool
Changes not staged for commit:
(use "git add <file>..." to update what will be committed)
(use "git restore <file>..." to discard changes in working directory)
(commit or discard the untracked or modified content in submodules)
\tmodified: src/import (modified content)
no changes added to commit (use "git add" and/or "git commit -a")
stderr: ')
This error is not seen on master branch, fixed with below commit -
[https://git.yoctoproject.org/meta-virtualization/commit/?id=d9af46db9aa9060c1ec10118b2cccabfc8264904]
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The recipe *podman* requires the distro feature *ipv6*. Using a distro
without it causes the build of *packagegroup-container* fails, even if
*packagegroup-podman* is not used:
ERROR: Nothing RPROVIDES 'podman' (but /build/../work/layers-3rdparty/meta-virtualization/recipes-core/packagegroups/packagegroup-container.bb RDEPENDS on or otherwise requires it)
podman was skipped: missing required distro feature 'ipv6' (not in DISTRO_FEATURES)
NOTE: Runtime target 'podman' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['podman']
NOTE: Runtime target 'packagegroup-docker' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['packagegroup-docker', 'podman']
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* fixes:
ERROR: nerdctl-v1.3.0-r0 do_package: QA Issue: nerdctl: Files/directories were installed but not shipped in any package:
/bin
/bin/nerdctl
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
nerdctl: 2 installed and not shipped files. [installed-vs-shipped]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
The project has renamed the master branch to main.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
The project has renamed the master branch to main.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* fix my prevous commit where I've missed this update corresponding
to SRCREV_moby change in docker-moby recipe.
* also re-order the patches in SRC_URI to match docker-moby, so
that they are easier to compare
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
currently in kirkstone
* since this backport:
https://lists.openembedded.org/g/openembedded-core/message/185082
landed in kirkstone:
https://git.openembedded.org/openembedded-core/commit/?h=kirkstone&id=5dc74138649ab7a2c0158a43225dc7a8fd732355
docker cannot access network and fails with:
"http: invalid Host header"
update to latest commit in 20.10 branch, because latest tag v20.10.25
have the fix yet:
https://github.com/moby/moby/compare/v20.10.21...v20.10.25
so we need couple more commits from upstream:
https://github.com/moby/moby/compare/v20.10.25...791d8ab87747169b4cbfcdf2fd57c81952bae6d5
Adjust the go version revert which was here since the upgrade to v20.10.21:
https://git.yoctoproject.org/meta-virtualization/commit/?h=kirkstone&id=927537108bcf2b98859512ce3eae59a73439994d
and add another revert for the go upgrades from upstream for this older
patch to apply.
* update cli to latest in 20.10 branch as well:
https://github.com/docker/cli/compare/baeda1f82a10204ec5708d5fbba130ad76cfee49..911449ca245308472a3d34a7f1a98b918e65c8c3
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution,
which accepts a parameter to control the maximum number of records returned
(query string: `n`). This vulnerability allows a malicious user to submit an
unreasonably large value for `n,` causing the allocation of a massive string
array, possibly causing a denial of service through excessive use of memory.
References:
https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw
https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Upstream-Status: Backport from https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updating openvswitch from 2.17.1 to 2.17.6, pickup the latest security and bug fixes.
Changes:
1. Removed the patch 0001-lldp-Fix-bugs-when-parsing-malformed-AutoAttach.patch.
2. Update SRCREV PV-version and CVE_VERSION
Commit short log:
a08bb41e3 Set release date for 2.17.6.
27fb5db7f ofproto-dpif-xlate: Always mask ip proto field.
c3684a060 conntrack-tp: Fix clang warning.
be19308aa netdev-offload-tc: Del ufid mapping if device not exist.
4f41e58bc netdev-tc-offloads: Fix misaligned 8 byte read.
d6d1cad6a dpif-netlink: Always create at least 1 handler.
09e6e1de7 ofproto-dpif-upcall: Wait for valid hw flow stats before applying min-revalidate-pps.
691b9e514 system-traffic: Fix conntrack test cases which are failing with af_xdp.
7aa314c9c netdev-windows: Add checking when creating netdev with system type on Windows
215278bde ofproto-dpif-upcall: Include hardware offloaded flows in total flows.
4a3f8845e ofproto-dpif-upcall: Reset ukey's last stats value if the datapath changed.
132fa24b6 classifier: Fix missing masks on a final stage with ports trie.
8661abd4c ofproto: Fix re-creation of tunnel backing interfaces on restart.
638441e98 ovs-actions: Correct typo in ovs-actions man page.
3c4bd63bc ofproto-ipfix: Use per-domain template timeouts.
d2583ccb7 ofproto-dpif-upcall: Use last known stats ukey stats on revalidate missed dp flows.
705190d88 conntrack: Properly unNAT inner header of related traffic.
d87b6180e dpctl: Fix memory leak in flush conntrack.
6626562c5 sparse: Fix build with DPDK and GCC 12.
82dc71f80 ovsdb-server: Fix handling of DNS name for listener configuration.
9b341844e netdev-offload-tc: If the flow has not been used, report it as such.
adac28dcd netdev-offload-tc: Conntrack ALGs are not supported with tc.
a1c2abba7 netdev-offload-tc: Fix tc conntrack force commit support.
68a2818b0 ofproto-dpif-upcall: New ukey needs to take the old ukey's dump seq.
2eb7a6066 netdev-offload-tc: Preserve tc statistics when flow gets modified.
4f5140769 sparse: Fix numa.h for libnuma >= 2.0.13.
32853c084 tc: Add TCA_KIND flower to delete and get operation to avoid rtnl_lock().
037131229 netdev-offload-tc: Fix misaligned access to ct label.
206409bb7 ovsdb: Fix database statistics during the database replacement.
0f55eced1 cirrus: Update to use FreeBSD 12.4.
e9336a91f tc: Add support for TCA_STATS_PKT64.
ba62a1eae Documentation: Fix links in maintainers.rst.
1b76faf8d Documentation: Fix links in the DPDK guide on physical ports.
e1ee9c32a treewide: Don't use non-portable '==' with test command.
a7d7c30c4 dpif: Fix tunnel key set for IPv6 tunnels with SLOW_ACTION.
8d055809b ci: Fix overriding OPTS provided from the yml.
0eb2aa46b Prepare for 2.17.6.
08971e4b9 Set release date for 2.17.5.
ecaacb01a lldp: Fix bugs when parsing malformed AutoAttach.
ee002b351 dpif-netdev: Use unmasked key when adding datapath flows.
18dcfda67 ovsdb-cs: Consider default conditions implicitly acked.
793709a85 rculist: Use rculist_back_protected to access prev.
abb9d3482 Prepare for 2.17.5.
b6c3788fe Set release date for 2.17.4.
b50f4e3d2 odp-util: Fix reporting unknown keys as keys with bad length.
44012fccd ovs-dpctl-top: Fix ovs-dpctl-top via pipe.
118e4349d rculist: Fix iteration macros.
c9f10ae33 vswitchd: Publish per iface received multicast packets.
4e3f9951f learn: Fix parsing immediate value for a field match.
282ba24d9 datapath-windows: Check the condition to reset pseudo header checksum on Rx side
ee0e1d0a5 netdev-offload-dpdk: Enhance the support of tunnel pop action
4e3d762f0 ci: Update meson requirement for DPDK.
0d1e425c7 ovsdb: transaction: Fix weak reference leak.
ceab1ca1e ovsdb: transaction: Refactor assess_weak_refs.
fa95bf962 ovs-tcpdump: Cleanup mirror port on SIGHUP/SIGTERM.
7ebef81f9 netdev-linux: Fix inability to apply QoS on ports with custom qdiscs.
037ef6301 tc: Fix misaligned writes while parsing pedit.
869e2e1ba odp-util: Add missing separator in format_odp_conntrack_action().
0aa55709f vswitch.xml: Fix the name of rstp-path-cost option.
af459fa37 mac-learning: Fix learned fdb entries not age out issue.
c4336a1f1 ofproto-dpif-xlate: Update tunnel neighbor when receive gratuitous ARP.
683508cd4 bond: Fix crash while logging not yet enabled member.
41b178d52 netdev-dpdk: Fix tx_dropped counters value.
d0276481a unaligned: Correct the stats of packet_count and byte_count on Windows.
71401199f tests: Fix filtering of whole-second durations.
3c1c034e5 netdev-offload: Set 'miss_api_supported' to be under netdev.
35615cd37 cmap: Add thread fence for slot update.
5f8ba216a ofproto-dpif-xlate: Do not use zero-weight buckets in select groups.
5e26f88b4 github: Update versions of action dependencies.
afce3662f ovs-tcpdump: Fix bond port unable to capture jumbo frames.
602a41bb3 json: Fix deep copy of objects and arrays.
5dde4d748 Prepare for 2.17.4.
2b4b4b868 Set release date for 2.17.3.
fbc3b10e9 Add support for OpenSSL 3.0 functions.
5a77d53b8 dhparams: Fix .c file generation with OpenSSL >= 3.0.
09e22fec4 daemon-unix: Fix file descriptor leak when monitor restarts child.
53df50db2 vconn: Allow ECONNREFUSED in refuse connection test.
26a11ca61 dpdk: Use DPDK 21.11.2 release.
edf699ec6 m4: Test avx512 for x86 only.
1989caf9e ovsdb-idl: Preserve references for rows deleted in same IDL run as their insertion.
db6a612cd python: idl: Fix idl.Row.__str__ method.
73d7bf64a bond: Avoid deadlock while updating post recirculation rules.
70a63391c ofproto-dpif-upcall: Add debug commands to pause/resume revalidators.
cf0e12f8a test-list: Fix false-positive build failure with GCC 12.
5cbed27c8 tests: Fix tests with GNU grep 3.8.
a5cd60db0 cirrus: Upgrade to FreeBSD 13.1 image.
43ece36f3 netdev-linux: Skip some internal kernel stats gathering.
846d6a0c5 ofproto-dpif-xlate: Fix error messages for nonexistent ports/recirc_ids.
e8814c9b8 ofproto-dpif-xlate: Clear tunnel wc bits if original packet is non-tunnel.
dfc3e65c8 raft: Fix unnecessary periodic compactions.
6f322ccf8 netdev-offload-tc: Parse tunnel options only for geneve ports.
a9f10a2bd netdev-offload-tc: Add missing handling of the tunnel source port.
ec2e967c1 netdev-offload-tc: Fix ignoring unknown tunnel keys.
686984d9a netdev-offload-tc: Use masks instead of keys while parsing tunnel attributes.
92c072d94 netdev-offload-tc: Explicitly handle mask for the tunnel destination port.
87f191a3a netdev-offload-tc: Fix the mask for tunnel metadata length.
cadcea6fe releases: Mark 2.17 as a new LTS release.
8a1b73448 handlers: Fix handlers mapping.
713072fda handlers: Create additional handler threads when using CPU isolation.
84a8910ff packets: Fix misaligned access to ip6_hdr.
fe27e0c88 python: Do not send non-zero flag for a SSL socket.
729a872f1 dpif-netdev: Simplify AVX512 build time checks to enhance readability.
1b566f8b8 github: Move CI to ubuntu 20.04 base image.
86725abe1 netdev-offload-tc: Disable offload of IPv6 fragments.
2276daf88 ovs-save: Use right OpenFlow version for add-tlv-map.
c353e757d system-traffic: Fix IPv4 fragmentation test sequence for check-kernel.
6f54dc134 system-traffic: Fix incorrect neigh entry in ipv6 header modification test.
7848ae6ff system-traffic: Don't run IPv6 header modification test on kernels < 5.19.
399185865 netdev-linux: set correct action for packets that passed policer
cda60c855 python: Fix E275 missing whitespace after keyword.
3678fb544 tc: Use sparse hex dump while printing inconsistencies.
03a0ec82b netdev-offload-tc: Print unused mask bits on failure.
5b8453a44 dynamic-string: Add function for a sparse hex dump.
8d7cb1daf dpif-netlink: Fix incorrect bit shift in compat mode.
d1cec2686 python: Use setuptools instead of distutils.
8d6ecb259 packets: Re-calculate IPv6 checksum only for first frag upon modify.
26dbc822d test-ovsdb: Fix false-positive leaks from LeakSanitizer.
6eab10cf2 m4: Update ax_func_posix_memalign to the latest version.
2f51bfd23 m4: Replace obsolete AC_HELP_STRING with AS_HELP_STRING.
8ad325aab libopenvswitch.pc: Add missing libs for a static build.
b64ff3f48 rhel: Stop installing internal headers.
b63bbf2db python-c-ext: Handle initialization failures.
4ad02ad04 netdev-linux: Do not touch LAG members if master is not attached to OVS.
e6dcd07bc netdev: Clear auto_classified if netdev reopened with the type specified.
1eedf45e8 system-traffic: Properly stop dangling ping after geneve test.
fb8e34bdb conntrack: Fix conntrack multiple new state.
af37f4118 python-c-ext: Fix a couple of build warnings.
b7d9f7610 python-c-ext: Remove Python 2 support.
02fb4bfb8 netdev-offload-dpdk: Setting RSS hash types in RSS action.
8e8fcf7bd lib: Print nw_frag in flow key.
29d8ce1ad ovsdb: Remove extra make target dependency for local-config.5.
13ac0bc7c tc: Fix misaligned access while creating pedit actions.
2c85d737a utilities/bashcomp: Fix incorrect file mode.
05e9d2b7a Pmd.at: fix dpcls and dpif configuration test cases.
45ecaa9e5 ovsdb: Add Local_Config schema.
61d64d389 dpif-netdev: Fix leak of AVX512 DPIF scratch pad.
a77ad9693 dpif-netdev: Refactor AVX512 runtime checks.
ccea7df57 dpif-netdev-extract-avx512: Protect GCC builtin usage.
807f7f994 ovs-tcpdump: Default to OVS_RUNDIR if present.
ec13b03ca ovsdb: Fix memory leak on error path in ovsdb_file_read__().
8b2dff2e3 odp-util: Ignore unknown attributes in parse_key_and_mask_to_match().
13d97f663 ofproto-dpif: Avoid unneccesary backer revalidation.
9b4035d69 lldp: Fix lldp memory leak.
d9351febc ipfix: Trigger revalidation if ipfix options changes.
5419b1de9 conntrack: Fix incorrect bit shift while hashing nat range.
1ab5f94a1 packets: Fix misaligned write to MPLS lse.
8e00be03c tc: Fix misaligned access to stats and time values.
3a1f5341c odp-util: Fix unaligned access to tunnel id.
0c54c43b8 ofpbuf: Fix offsetting a NULL pointer in ofpbuf_reserve.
98edacb40 drop-stats.at: Fix frequent failures of the recursion too deep test.
cbc13ce4f odp_util: Fix parse_key_and_mask_to_match() vlan parsing.
73e6ce492 Prepare for 2.17.3.
95979b0f0 Set release date for 2.17.2.
250e1a6dd ofproto-dpif-xlate: Fix internal CT state for non-recirc traffic.
fe870ee07 classifier: Adjust segment boundary to execute prerequisite processing.
ec0ec464b ovs-tcpdump: Fix error when stopping ovs-tcpdump.
420823e2a ofproto-dpif: Fix meter use-after-free.
c762da262 ovs-rcu: Add ovsrcu_barrier.
cd9b6b64f dpif-netdev: Fix ALB 'rebalance_intvl' max hard limit.
64f6c49d2 dpif-netdev: Fix ALB parameters type mismatch.
b11b84ea7 dpdk: Use DPDK 21.11.1 release.
d3bf48e9a raft: Don't use HMAP_FOR_EACH_SAFE when logging commands.
e07377bb4 ovsdb: raft: Fix transaction double commit due to lost leadership.
5da86cb36 dynamic-string: Fix undefined behavior due to offsetting null pointer.
369e68890 Revert "odp-util: Always report ODP_FIT_TOO_LITTLE for IGMP."
18341166e ofproto-dpif-xlate: Fix netdev native tunnel neigh discovery spa.
748e4b2b5 ovs-router: Expose the ovs_router_get_netdev_source_address function.
34390bb35 ofproto-dpif: Trigger revalidation if ct tp changes.
1adb07e20 Carefully release NBL in Windows
1ccaba448 tests: Properly kill ovsdb test processes.
260b091c2 ovs-save: Get highest ofp version error.
7606bb121 netdev-linux: Properly access 32-bit aligned rtnl_link_stats64 structs.
0688b9f27 treewide: Avoid offsetting NULL pointers.
92bcf0a82 treewide: Fix invalid bit shift operations.
7fa76371d utilities: Handle dumping packets in GDB TUI.
8cac8baa8 ofproto-dpif-xlate: Remove mirror assert.
e0e8f0c54 netdev-dpdk: Fix tx drops statistic for a down netdev.
f9b5f8a78 netdev-dpdk: Remove a leftover lock annotation.
4c3976ff2 netdev-dpdk: Refactor the DPDK transmit path.
410b97c83 netdev-offload-dpdk: Fix ethernet type for VLANs.
7948312fe netdev-offload-dpdk: Use has_vlan match attribute.
522c46884 python: idl: Raise AttributeError from uuid_to_row.
cb24c524e ofproto-dpif-xlate: Clear out vlan flow fields while processing native tunnel.
a665b75de dpif-netdev-avx512: Fix overflow of UINT32_C(1).
60e7badd6 dpif-netdev-avx512: Fix ubsan shift error in bitmasks.
9cc329ec5 python: Politely handle misuse of table.condition.
0631be2b5 ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels.
df9790309 system-traffic: Fix fragment reassembly with L3 L4 protocol information.
ba159ee0f cirrus: Update FreeBSD versions.
bd1a3b6b4 Prepare for 2.17.2.
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping kubernetes to version 1.23.17, which comprises of the following commits:
$ git log --no-merges --oneline fbcfa330..953be892
953be892721 (tag: v1.23.17) Release commit for Kubernetes v1.23.17
6e8e51a6e9b releng: Update images, dependencies and version to Go 1.19.6
717b7220f1e Update golang.org/x/net to v0.7.0
7ce32a84313 Pin golang.org/x/net to v0.4.0
39644edd8c5 add scale test for probes
ce58b0469ad use custom dialer for http probes
1045dff13cf use custom dialer for tcp probes
2b17ed30b0e add custom dialer optimized for probes
817b9af22eb Update CHANGELOG/CHANGELOG-1.23.md for v1.23.16
cf0cb75908f (tag: v1.23.17-rc.0) Release commit for Kubernetes v1.23.17-rc.0
60e5135f758 (tag: v1.23.16) Release commit for Kubernetes v1.23.16
dd61fe9127c Fix issue that Audit Server could not correctly encode DeleteOption
da38bf46791 egress_selector: prevent goroutines leak on connect() step.
9f5af83b8fa Always dial using a context
f99efc598c3 tls.Dial() validates hostname, no need to do that manually
c4b42ed0f7d Do not include scheduler name in the preemption event message
9ddf8802962 Do not leak cross namespace pod metadata in preemption events
4dd99967bd7 pkg/controller/job: re-honor exponential backoff
53ae12b797c releng: Update images, dependencies and version to Go 1.19.5
42cc636b84f Bump Konnectivity to v0.0.35
2dae3b969ff Improve vendor verification works for each staging repo
3e3120d5ed3 Licensing: skip modules with fewer subdirs than mods
9963f00a9cc Add .go-version file containing build go version
203d8ac8384 Generate and format files
e55e20ed50a delete hardcode go version in golangci-lint config
ca22f110d65 update golangci-lint for go 1.19
c54219fc231 Update go.mod to go1.19
fd427d821dd Update to go1.19
3be293676bd Adjust for os/exec changes in 1.19
3cab72ac5a7 fix patch_test for gofmt issue
249e05a172b Fix quotes that trip up gofmt
ab0f90f3d27 Update golangci-lint to 1.46.2 and fix errors
7e2e4821dd4 Match go1.17 defaults for SHA-1 and GC
0e2e6b9071a fix e2e coverage package for go 1.18
6179de8dbb0 Regenerate vendor
7c6027a4cd1 Update go.mod files to go1.18, update license vendor script
84fde398c4d Ignore unstructured log warnings
4da1f79f991 enhance and fix log calls
c95a8a17eb4 hack: integrate logcheck into golangci-lint
944176729a8 Fix verify: generated-stable-metrics wrt go 1.18
3aaa70a7c53 Regen mocks using go 1.18
42931a01097 TestWatchRestartsIfTimeoutNotReached: fix
0a782b495fd update golangci-lint to 1.45.0
1eeda2b1c27 Update to golang.org/x/... matching release-1.24
c94870e7a89 Fix SPDY proxy authentication with special chars
a346b14331f Improve error message when proxy connection fails
981b158aaa9 image pull event include duration with waiting
97953921640 kubelet: make the image pull time more accurate in event
bf234d8f0dc Update CHANGELOG/CHANGELOG-1.23.md for v1.23.15
5c4538e0ac3 (tag: v1.23.16-rc.0) Release commit for Kubernetes v1.23.16-rc.0
b84cb8ab293 (tag: v1.23.15) Release commit for Kubernetes v1.23.15
ae80fed2259 change k8s.gcr.io/pause to registry.k8s.io/pause
3ace674c79b Reduce load of Job integration test
1427350c045 Fix endpoint reconciler failing to delete masterlease
974e9492a7e use etcd 3.5.6-0 after promotion
ec2718f11d6 changelog: CVE-2022-3294 and CVE-2022-3162 were fixed in v1.23.14
4eee325a5a7 Limit request retrying to []byte request bodies
16c6800134b Merge pull request #113133 from sxllwx:automated-cherry-pick-of-#113133-upstream-release-1.25
c27b4b9db8c Add CVE-2021-25749 to CHANGELOG-1.23.md
25bc84525e3 Add CVE-2022-3294 to CHANGELOG-1.23.md
64548944d67 e2e: use custom timeouts in GetSnapshotContentFromSnapshot()
c73e13d1309 test/e2e/storage: replace hardcoded value with custom timeout in cleanup routine
65b9cb99755 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.14
92d36466905 (tag: v1.23.15-rc.0) Release commit for Kubernetes v1.23.15-rc.0
3321ffc07d2 (tag: v1.23.14) Release commit for Kubernetes v1.23.14
073dca06ae0 Fix a conflict
65beed7952d StatefulSet: Cleanup the complex defer function updating the status
d737324312e Be sure to update the status of StatefulSet even if the new replica creation fails
bb7c395dd94 fix node address validation
073c05d169d Validate etcd paths
390fc213595 Use CheckAndMarkAsUncertainViaReconstruction for uncertain volumes
23184ed5f68 Remove volume from found during reconstruction if mounted
ac6efc17b96 Add unit test for verifying if processReconstructedVolumes works as expected
386b026d0b1 Address review comments
a44c6b9e317 Fix code to process volumes which were skipped during reconstruction
75b8b1ebfd5 Keep track of each pod that uses a volume during reconstruction
c5a565c69f8 kubelet: fix pod log line corruption when using timestamps and long lines
c33ae96c4b7 hack/scripts: use registry.k8s.io
304eb41e106 kubeadm: mutate ClusterConfiguration.imageRepository to "registry.k8s.io"
f1e3eabb139 add GetAllocatableCPUs test in cpumanager
67309f5422d fix GetAllocatableCPUs in cpumanager
a98d0db2af2 kubeadm: use registry.k8s.io instead of k8s.gcr.io
132565c82e2 do not return err when PodSandbox not exist
589223b64a8 e2e: restore volume lifecycle checks for csi-hostpath driver
4edf6775ef8 kubelet: fix volume reconstruction for CSI ephemeral volumes
6e3601cc720 NodeLifecycleController: Remove race condition
7bc8104ff65 kube-proxy wait for cluster cidr skip delete events
6cca0631918 kube-proxy handle node PodCIDR changs
f9e15b3ac3f etcd: Updated to v3.5.5
c2e5631742f Bump konnectivity network proxy to v0.0.33. Includes a couple bug fixes for better handling of dial failures. [Agent & Server](https://github.com/kubernetes-sigs/apiserver-network-proxy/commits/v0.0.33) include numerous other fixes.
b6e86eb30ab Merge pull request #109241 from ravisantoshgudimetla/sts-ar-optional
700be498954 service update event should be triggered when appProtocol in port is changed.
d053be81df1 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.13
56453b2f0ae (tag: v1.23.14-rc.0) Release commit for Kubernetes v1.23.14-rc.0
592eca05be2 (tag: v1.23.13) Release commit for Kubernetes v1.23.13
bab054e4568 filter out terminated containers in cadvisor_stats_provider
4c6c616069d Make mount ref search more robust
9ed9ccfd275 CHANGELOG-1.23: Add missing changes for 1.23.12
760a96b2dbc Update CHANGELOG/CHANGELOG-1.23.md for v1.23.12
51c6ad6b97b Fix list estimator for lists that are executed as gets
4634d2f91e0 (tag: v1.23.13-rc.0) Release commit for Kubernetes v1.23.13-rc.0
c6939792865 (tag: v1.23.12) Release commit for Kubernetes v1.23.12
95d3fbc36dc kubeadm: allow RSA and ECDSA format keys in preflight check
9bebb528e09 Limit redirect proxy handling to redirected responses
59571b2f136 Make sure auto-mounted subpath mount source is already mounted
ae6a6dc2f8e Call SetupDevice only if Volume is not globally Mounted
860df6bfc18 Fixes kubelet log compression on Windows
ad16e6bb8c0 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.11
222372b27c7 (tag: v1.23.12-rc.0) Release commit for Kubernetes v1.23.12-rc.0
dc2898b20c6 (tag: v1.23.11) Release commit for Kubernetes v1.23.11
301ea5b8cdb Reduce default gzip compression level from 4 to 1 in apiserver
0e4fc8b0e6c Add an option for aggregator
b69bbf36201 exec auth: support TLS config caching
479f049df90 Fix unit test
62e1ea58c44 Fix problem in updating VolumeAttached in node status
94b41ed31af Call queueSet::boundNextDispatchLocked enough
bc157c71601 Add etcd initialization in openapi tests
087362857b9 Marshal MicroTime to json and proto at the same precision
f58d3f3fe58 Windows: ensure runAsNonRoot does case-insensitive comparison on user name
da7c41caa91 Tolerate sub-microsecond eventTime changes on update
446f23cea45 Improve kubectl display of invalid errors
17335199bab fix unmatch reason when updating pod status
240590c3eaa fix nestedPendingOperations mount and umount parallel bug
091f4f00395 client-go: make retry in Request thread safe
7adf53240c7 Skip "instance not found" error for LB backend address pools
5f4953560cb Remove AttachID matching from Detach
93dedd539c4 update structured-merge-diff to 4.2.3
be5dd1bdc79 regression test for exponential recursion bug on CRDs
7ce504b9281 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.10
b445d7947a8 (tag: v1.23.11-rc.0) Release commit for Kubernetes v1.23.11-rc.0
7e54d50d301 (tag: v1.23.10) Release commit for Kubernetes v1.23.10
431ee1484e2 fix a memory leak problem when calling DryRunPreemption
23e9d632ad6 Fix deleting UIDs tracking expectations
24b8252b105 Fix JobTrackingWithFinalizers when a pod succeeds after the job fails
e1ab1debdba hardens integration job tests
fe8b09dde6a Copy etcd client debug level logic from upstream
61432c1fa21 Give etcd client logger a name
c7399df0a5f Share a single etcd3 client logger across all clients
9a60b0c5f4b Disable the etcd3 client logger
c078600b61d Update Go to 1.17.13
a86b61cf3c9 Update Go to 1.17.12
5f436c0fb35 fix a possible panic because of taking the address of nil
e3a4a91c768 Update naming for a const
f00326d1b46 Add rate limiting when calling STS assume role API
f008acd481e Ensure the dir of --audit-log-path exists
4bc41ee70ca Fix kubelet panic when accessing metrics/resource endpoint
b26a7082ad2 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.9
90ecbd8cf26 (tag: v1.23.10-rc.0) Release commit for Kubernetes v1.23.10-rc.0
c1de2d70269 (tag: v1.23.9) Release commit for Kubernetes v1.23.9
579ca64e444 Fixing logic for kubelet permissions check on windows
71a4c69a211 Do not skip job requeue in conflict error
bf4cb96e0f0 kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join
c67e53398b7 Bump cAdvisor to v0.43.1
3cc22b53887 Fix: filter out unsatisfied nodes when calling AddPod in PodTopologySpread
7d0a546b413 Fixing issue in generatePodSandboxWindowsConfig for hostProcess containers by where pod sandbox won't have HostProcess bit set if pod does not have a security context but containers specify HostProcess.
3d5c2341271 Add retry logic for Unix Domain sockets on Windows
602dd1dbcfd kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join
3d1baf7ff2f GIT-110239: fix activeDeadlineSeconds enforcement bug
2eed3eb9177 fix: --chunk-size with selector returns missing result
3964e236193 Fixed winkernel proxy failing to query v1 endpoints created by dockershim CNIs
c535496be2c Winkernel proxier cache HNS data to improve syncProxyRules performance
938a3203c60 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.8
05a1dd747bd (tag: v1.23.9-rc.0) Release commit for Kubernetes v1.23.9-rc.0
a12b886b1da (tag: v1.23.8) Release commit for Kubernetes v1.23.8
a736f42c3ae apiserver: printers should use int64
99c3de2562d Revert "Automated cherry pick of #109124: Winkernel proxier cache HNS data to improve syncProxyRules"
930092e7153 Add test to check for _v2
e6cce430f9c Prune defaults for CRD serving
e38a625e116 add missing error handling steps
c14aa800f45 add missing error handling steps
d5eeb104cf2 fix image pulling failure when IMDS is unavailalbe in kubelet startup
772494dc74e test: update graceful node shutdown e2e with watch
6041228d192 move the ignore logic higher up to the reconciler
0e1588c7584 Ignore EndpointSlices that are already marked for deletion
96ddfd61755 kubelet: Mark ready condition as false explicitly for terminal pods
57c626299a8 agnhost: bump version 2.39
c796630e8de Update Go to 1.17.11
1f58ea0af02 add service e2e tests
6bdb7a15205 kubelet: add e2e test to verify probe readiness
7061d1f4660 kubelet: only shutdown probes for pods that are terminated
5899d561f34 kubelet: Pod probes should be handled by pod worker
bb09c564009 Enable resize feature
a36ff8366b7 Reject proxy requests to 0.0.0.0 as well
082620e9cb9 ipvs: fix prevent concurrent map read and map write for 1.23
3da57319709 cpu manager policy set to none, no one remove container id from container map, lead memory leak
b24dfdee1e0 fix audit union loop variables in closures
67219f30455 Updating e2e test to check EndpointSlices and Endpoints as well
d5a61580c68 e2e: services with evicted pods doesn't have endpoints
5adb67a7eb3 e2e test for evicted pods
e0fdecef811 endpoints controller: don't consider terminal endpoints
4e9638063f5 endpointslices: terminal pods doesn't receive enpoints
51ef8e3917d add pod util to verify pod is terminal
1eef73e88e4 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.7
782029346ae (tag: v1.23.8-rc.0) Release commit for Kubernetes v1.23.8-rc.0
42c05a54746 (tag: v1.23.7) Release commit for Kubernetes v1.23.7
e90d92fa5b2 Add test for checking ephemeral volume expansion
d6260cf1df9 Fix resizing of ephemeral volumes
51f1da831de Fix requests scope classification
87e74167efe Update Go to 1.17.10
830186c95e8 authn: fix cache mutation by AuthenticatedGroupAdder
131a5090f34 GCE: skip updating and deleting external loadbalancers if service is managed outside of service controller
424dde318ce untangle fix with healthCheck feature
6bf9857f1f0 Winkernel proxier cache HNS data to improve syncProxyRules performance
9b4dee89278 Wait for cache to sync in job's TestWatchOrphanPods
8f4ff396eb3 fix: exclude non-ready nodes and deleted nodes from azure load balancers
fb70875f1a9 Fix OpenAPI loading error caused by empty APIService
88bde765611 Test Foreground deletion in job integration
11e6ec43964 Fix removing finalizer from finished jobs
b6804313363 Don't mark job as failed until expectations are satisfied
d0b5adb539d Integration test for backoff limit and finalizers
43ec5bfa40c tests: Updates the should delete a collection of pods test
fe0da319ad4 component-base: replace url in rest client metrics
21b9e9902e7 fix broken find command
70882c44773 Allow KUBE_TEST_REPO_LIST to be a remote url as well
6d010706ea4 Disable JobTrackingWithFinalizers due to unresolved bug
fa7ac2ece9a Update CHANGELOG/CHANGELOG-1.23.md for v1.23.6
bb18301a5c8 (tag: v1.23.7-rc.0) Release commit for Kubernetes v1.23.7-rc.0
ad3338546da (tag: v1.23.6) Release commit for Kubernetes v1.23.6
3df0ce04724 Update Go to 1.17.9
4d38e6e99c9 Correct event registration for multiple scheduler plugins.
8e1fb52b49b kubelet: rename closeAllConns to onHeartbeatFailure
359ad38d11d kubelet apiserver: be gentle closing connections on heartbeat failures
327e99d3393 Avoid updating Services with stale specs Fix the bug that service specs in servicesToUpdate may have been updated by clients.
727aa48b989 Fix: abort nominating a pod that was already scheduled to a node
f0753a49862 fix: race detected in TestErrConnKilled
51c860863f7 Replace hardcoded kubectl with kubectl.Name()
04d413b92ab kubectl: fix hard-coded value in zsh completion
90539b64efd Fix the overestimated cost of deletaged API requests in P&F
813751ef7a2 omit enums from static openapi snapshots used to generate clients
4d3efbab01d Drop enum tag from certificate request condition
814ae980477 Addresses the issue which caused #109115
6ba5a0bc383 Add test for indexer with multiple values
9342552112d Reduce number of pods in Job+GC tests
e637f54d914 kubeadm: add etcd flag for member data consistency
897eb36396d Adjust validation checks to pass for both client-side and
server-side validation
f75e1b071d4 Remove finalizer when orphaned
56d9c45895c Fix: Clean job tracking finalizer from orphan pods
3b84efd15de Add test for Background delete propagation
8077e58bff1 Add integration test for orphan pods when there is GC
2faf6317075 Fix a bug that out-of-tree plugin is misplaced when using scheduler v1beta3 config
cf4ede44fe7 ipvs: remove port opener
70166f26b89 iptables: remove port opener
8e44552a6f9 kubelet: If the container status is created, we are waiting
02f2986b850 Skip updating Endpoints and EndpointSlice if no relevant fields change
f628706339c client-go: update generated
3de44bd759a default kubernetes agent for generated clients
8d9001df847 generated: make update
f4cd617b74f polish comments of non-enum values.
2538b2ef438 unmark non-validated types as enums.
33a72b11fe8 azure_file: try to get secret namespace from ClaimRef
451afa701bf azure_file: add namespace tests for InTree to CSI conversion
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
1.6.19 is the latest release for 1.6 branch.
This upgrade fixes CVEs such as CVE-2023-25173 and CVE-2023-25153.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support of redirect option -L for curl, the
linuxcontainers.org sometimes redirect to other
mirror site such like us.lxd.images.canonical.com,
this would cause the lxc-download script report
download failed.
The version of curl in kirkstone also need to add an
option -f to use an error code to tell the caller
when http/https has errors.
Reproduce and verified on following command:
lxc-create -t download -n test -- --dist archlinux --release current --arch arm64
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
backport the changes of templates-use-curl-instead-of-wget.patch
from master in following commits:
05f316f70a4d : lxc: update to 5.x and meson
211918936180 : treewide: bulk update patches with status field
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
skopeo rdepends on it, and skopeo has been extended to native and
nativesdk, so container-host-config needs also be extended.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The /etc/containers/policy.json[1] file is used to specify verification
policy. For now, we can see it's used by both cri-o and skopeo. To avoid
conflict, we use container-host-config to provide this file and make both
skopeo and cri-o depend on it.
[1] https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
ostree is in meta-oe, libseccomp is in oe-core. So remove these two.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
