Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

U2.2 backport #1366

Merged
merged 6 commits into from
Jul 11, 2023
Merged

U2.2 backport #1366

merged 6 commits into from
Jul 11, 2023

Commits on Jul 11, 2023

  1. dep: upgrade openssl to 0.10.55 to fix cve warnings 

    error[vulnerability]: `openssl` `X509VerifyParamRef::set_host` buffer over-read
    ┌─ /github/workspace/Cargo.lock:122:1
    │
122 │ openssl 0.10.48 registry+https://github.com/rust-lang/crates.io-index
    │ --------------------------------------------------------------------- security vulnerability detected
    │
    = ID: RUSTSEC-2023-0044
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2023-0044
    = When this function was passed an empty string, `openssl` would attempt to call `strlen` on it, reading arbitrary memory until it reached a NUL byte.
    = Announcement: sfackler/rust-openssl#1965
    = Solution: Upgrade to >=0.10.55

Signed-off-by: Jiang Liu <gerry@linux.alibaba.com>
    @jiangliu
    jiangliu authored and 泰友 committed Jul 11, 2023
    Configuration menu
    Copy the full SHA
    acafb08 View commit details
    Browse the repository at this point in the history

  2. dep: upgrade base64 to v0.21 

    Upgrade base64 to v0.21, to avoid multiple versions of the base64
crate.

Signed-off-by: Jiang Liu <gerry@linux.alibaba.com>
    @jiangliu
    jiangliu authored and 泰友 committed Jul 11, 2023
    Configuration menu
    Copy the full SHA
    aca18d9 View commit details
    Browse the repository at this point in the history

  3. fix: merge io from same blob panic 

    When merging io from same blob with different id, assertion breaks. The
images without blob deduplication suffers from it.

This pr removes the assertion that requires merging in same blob index.
By design, it makes sense, because different blob layer may share same
blob file. A continuous read from same blob for different layer is
helpful for performance.

Signed-off-by: 泰友 <cuichengxu.ccx@antgroup.com>
    泰友 committed Jul 11, 2023
    Configuration menu
    Copy the full SHA
    21a83a6 View commit details
    Browse the repository at this point in the history

  4. fix: deprecated docker field leads to failure of nydusify check 

    `NydusImage.Config.Config.ArgsEscaped` is present only for legacy compatibility
with Docker and should not be used by new image builders. Nydusify (1.6 and
above) ignores it, which is an expected behavior.

This pr ignores comparision of it in nydusify checking, which leads to failure.

Signed-off-by: 泰友 <cuichengxu.ccx@antgroup.com>
    泰友 committed Jul 11, 2023
    Configuration menu
    Copy the full SHA
    04ac9b0 View commit details
    Browse the repository at this point in the history

  5. dep: openssl from 0.10.48 to 0.10.55 

    Signed-off-by: 泰友 <cuichengxu.ccx@antgroup.com>
    泰友 committed Jul 11, 2023
    Configuration menu
    Copy the full SHA
    5853cc4 View commit details
    Browse the repository at this point in the history

  6. action: fix checkout on pull_request_target 

    The `pull_request_target` trigger will checkout the master branch
codes by default, but we need to use the new PR codes on smoke test.

See: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target

Signed-off-by: Yan Song <imeoer@linux.alibaba.com>
    @imeoer
    imeoer authored and 泰友 committed Jul 11, 2023
    Configuration menu
    Copy the full SHA
    7d32be8 View commit details
    Browse the repository at this point in the history