From ac83b64d12e86591646e13f17420414f5904aec2 Mon Sep 17 00:00:00 2001 From: Torsten Kilias Date: Tue, 24 Oct 2023 10:09:42 +0200 Subject: [PATCH 1/6] Update locales package --- .../flavor_base/build_deps/packages/apt_get_packages | 2 +- .../flavor_base/udfclient_deps/packages/apt_get_packages | 2 +- .../flavor_base/conda_deps/packages/apt_get_packages | 2 +- .../flavor_base/nvidia_driver_deps/packages/apt_get_packages | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/build_deps/packages/apt_get_packages b/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/build_deps/packages/apt_get_packages index d5476824f..5b2e91036 100644 --- a/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/build_deps/packages/apt_get_packages +++ b/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/build_deps/packages/apt_get_packages @@ -1,5 +1,5 @@ coreutils|8.28-1ubuntu1 -locales|2.27-3ubuntu1.6 +locales|2.31-0ubuntu9.12 tar|1.29b-2ubuntu0.4 curl|7.68.0-1ubuntu2.19 openjdk-11-jdk|11.0.19+7~us1-0ubuntu1~20.04.1 diff --git a/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/udfclient_deps/packages/apt_get_packages b/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/udfclient_deps/packages/apt_get_packages index 614531323..822e9cca2 100644 --- a/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/udfclient_deps/packages/apt_get_packages +++ b/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/udfclient_deps/packages/apt_get_packages @@ -1,5 +1,5 @@ coreutils|8.30-3ubuntu2 -locales|2.31-0ubuntu9.9 +locales|2.31-0ubuntu9.12 libnss-db|2.2.3pre1-6build6 libzmq3-dev|4.3.2-2ubuntu1 libprotobuf-dev|3.6.1.3-2ubuntu5.2 diff --git a/flavors/template-Exasol-all-python-3.8-conda/flavor_base/conda_deps/packages/apt_get_packages b/flavors/template-Exasol-all-python-3.8-conda/flavor_base/conda_deps/packages/apt_get_packages index 8f9fe71e4..1d0d3adc1 100644 --- a/flavors/template-Exasol-all-python-3.8-conda/flavor_base/conda_deps/packages/apt_get_packages +++ b/flavors/template-Exasol-all-python-3.8-conda/flavor_base/conda_deps/packages/apt_get_packages @@ -1,4 +1,4 @@ coreutils|8.30-3ubuntu2 -locales|2.31-0ubuntu9.9 +locales|2.31-0ubuntu9.12 curl|7.68.0-1ubuntu2.19 ca-certificates|20230311ubuntu0.20.04.1 diff --git a/flavors/template-Exasol-all-python-3.8-cuda-conda/flavor_base/nvidia_driver_deps/packages/apt_get_packages b/flavors/template-Exasol-all-python-3.8-cuda-conda/flavor_base/nvidia_driver_deps/packages/apt_get_packages index 8f9fe71e4..1d0d3adc1 100644 --- a/flavors/template-Exasol-all-python-3.8-cuda-conda/flavor_base/nvidia_driver_deps/packages/apt_get_packages +++ b/flavors/template-Exasol-all-python-3.8-cuda-conda/flavor_base/nvidia_driver_deps/packages/apt_get_packages @@ -1,4 +1,4 @@ coreutils|8.30-3ubuntu2 -locales|2.31-0ubuntu9.9 +locales|2.31-0ubuntu9.12 curl|7.68.0-1ubuntu2.19 ca-certificates|20230311ubuntu0.20.04.1 From 8827e729497f94d83b6e6b0669ef79315cf296a7 Mon Sep 17 00:00:00 2001 From: Torsten Kilias Date: Tue, 24 Oct 2023 10:21:09 +0200 Subject: [PATCH 2/6] Update curl package --- .../flavor_base/build_deps/packages/apt_get_packages | 2 +- .../flavor_base/language_deps/packages/apt_get_packages | 2 +- .../flavor_base/conda_deps/packages/apt_get_packages | 2 +- .../flavor_base/nvidia_driver_deps/packages/apt_get_packages | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/build_deps/packages/apt_get_packages b/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/build_deps/packages/apt_get_packages index 5b2e91036..f645511d1 100644 --- a/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/build_deps/packages/apt_get_packages +++ b/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/build_deps/packages/apt_get_packages @@ -1,7 +1,7 @@ coreutils|8.28-1ubuntu1 locales|2.31-0ubuntu9.12 tar|1.29b-2ubuntu0.4 -curl|7.68.0-1ubuntu2.19 +curl|7.68.0-1ubuntu2.20 openjdk-11-jdk|11.0.19+7~us1-0ubuntu1~20.04.1 build-essential|12.4ubuntu1 libpcre3-dev|2:8.39-9ubuntu0.1 diff --git a/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/language_deps/packages/apt_get_packages b/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/language_deps/packages/apt_get_packages index fb746b604..279121ca1 100644 --- a/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/language_deps/packages/apt_get_packages +++ b/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/language_deps/packages/apt_get_packages @@ -1,5 +1,5 @@ ca-certificates|20230311ubuntu0.20.04.1 python3.8-dev|3.8.10-0ubuntu1~20.04.8 python3-distutils|3.8.10-0ubuntu1~20.04 -curl|7.68.0-1ubuntu2.19 +curl|7.68.0-1ubuntu2.20 diff --git a/flavors/template-Exasol-all-python-3.8-conda/flavor_base/conda_deps/packages/apt_get_packages b/flavors/template-Exasol-all-python-3.8-conda/flavor_base/conda_deps/packages/apt_get_packages index 1d0d3adc1..7fc125026 100644 --- a/flavors/template-Exasol-all-python-3.8-conda/flavor_base/conda_deps/packages/apt_get_packages +++ b/flavors/template-Exasol-all-python-3.8-conda/flavor_base/conda_deps/packages/apt_get_packages @@ -1,4 +1,4 @@ coreutils|8.30-3ubuntu2 locales|2.31-0ubuntu9.12 -curl|7.68.0-1ubuntu2.19 +curl|7.68.0-1ubuntu2.20 ca-certificates|20230311ubuntu0.20.04.1 diff --git a/flavors/template-Exasol-all-python-3.8-cuda-conda/flavor_base/nvidia_driver_deps/packages/apt_get_packages b/flavors/template-Exasol-all-python-3.8-cuda-conda/flavor_base/nvidia_driver_deps/packages/apt_get_packages index 1d0d3adc1..7fc125026 100644 --- a/flavors/template-Exasol-all-python-3.8-cuda-conda/flavor_base/nvidia_driver_deps/packages/apt_get_packages +++ b/flavors/template-Exasol-all-python-3.8-cuda-conda/flavor_base/nvidia_driver_deps/packages/apt_get_packages @@ -1,4 +1,4 @@ coreutils|8.30-3ubuntu2 locales|2.31-0ubuntu9.12 -curl|7.68.0-1ubuntu2.19 +curl|7.68.0-1ubuntu2.20 ca-certificates|20230311ubuntu0.20.04.1 From 6f6a66c103691bf10ef83c74b77fa1e7375ad642 Mon Sep 17 00:00:00 2001 From: Torsten Kilias Date: Tue, 24 Oct 2023 10:33:27 +0200 Subject: [PATCH 3/6] Update libcurl4-openssl-dev package --- .../flavor_base/flavor_base_deps/packages/apt_get_packages | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/flavor_base_deps/packages/apt_get_packages b/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/flavor_base_deps/packages/apt_get_packages index e43f73198..a48906b9a 100644 --- a/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/flavor_base_deps/packages/apt_get_packages +++ b/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/flavor_base_deps/packages/apt_get_packages @@ -1,4 +1,4 @@ unzip|6.0-25ubuntu1.1 git|1:2.25.1-1ubuntu3.11 -libcurl4-openssl-dev|7.68.0-1ubuntu2.19 +libcurl4-openssl-dev|7.68.0-1ubuntu2.20 build-essential|12.8ubuntu1.1 From f2d0efe829b51edb9a2733997a01009fe43c8e99 Mon Sep 17 00:00:00 2001 From: Torsten Kilias Date: Tue, 24 Oct 2023 13:50:50 +0200 Subject: [PATCH 4/6] Pin pydobc in test-container to >=4.0.24 and <5.0.0, because exasol-python-test-framework has an explicit check for pyodbc version 4 --- test_container/build/deps/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test_container/build/deps/requirements.txt b/test_container/build/deps/requirements.txt index 429d8fcb3..860734413 100644 --- a/test_container/build/deps/requirements.txt +++ b/test_container/build/deps/requirements.txt @@ -1,4 +1,4 @@ -pyodbc>=4.0.27 +pyodbc>=4.0.27, <5.0.0 pytz lxml docker From 52bf8928713c4f0a16d7f26dc725f8e7a05831e4 Mon Sep 17 00:00:00 2001 From: Torsten Kilias Date: Tue, 24 Oct 2023 15:07:09 +0200 Subject: [PATCH 5/6] Ignore CVE-2023-4244 in python-3.8-minimal, because this is a kernel cve --- .../flavor_base/security_scan/.trivyignore | 1 + 1 file changed, 1 insertion(+) diff --git a/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/security_scan/.trivyignore b/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/security_scan/.trivyignore index 5e6a6bbfe..1c08b2249 100644 --- a/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/security_scan/.trivyignore +++ b/flavors/python-3.8-minimal-EXASOL-6.2.0/flavor_base/security_scan/.trivyignore @@ -18,6 +18,7 @@ CVE-2023-3609 CVE-2023-4622 CVE-2023-4623 CVE-2023-4921 +CVE-2023-4244 # CVE-2023-20569 does not have a fix and is a problem of host system (amd cpus) CVE-2023-20569 #CVE-2022-23648 is a bug in containerd, not issue for containers From 349110c0376417b2bafd138f3dfad89b9905a103 Mon Sep 17 00:00:00 2001 From: Torsten Kilias Date: Wed, 25 Oct 2023 10:30:52 +0200 Subject: [PATCH 6/6] Fix update_apt_package_in_package_list.sh --- scripts/update_apt_package_in_package_list.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/scripts/update_apt_package_in_package_list.sh b/scripts/update_apt_package_in_package_list.sh index 671861138..e9e82e751 100644 --- a/scripts/update_apt_package_in_package_list.sh +++ b/scripts/update_apt_package_in_package_list.sh @@ -4,10 +4,12 @@ set -o nounset set -o pipefail LIST_NEWEST_VERSION_OUTPUT=$1 # Package|Installed|Candidate -FLAVOR=$2 +SEARCH_DIRECTORY=$2 +REPLACE=$3 + PACKAGE=$(echo "$LIST_NEWEST_VERSION_OUTPUT" | cut -f 1 -d "|") CANDIDATE_VERSION=$(echo "$LIST_NEWEST_VERSION_OUTPUT" | cut -f 3 -d "|") -REPLACE=$3 +CURRENT_VERSION=$(echo "$LIST_NEWEST_VERSION_OUTPUT" | cut -f 2 -d "|") if [[ "$REPLACE" == "yes" ]] then @@ -15,7 +17,7 @@ then else SED_REPLACE_OPTION=() fi -grep -E -R "^$PACKAGE\|" "$FLAVOR" \ +grep -E -R "^$PACKAGE\|$CURRENT_VERSION" "$SEARCH_DIRECTORY" \ | cut -f 1 -d ":" \ - | xargs -I{} sed "${SED_REPLACE_OPTION=[@]}" -E "s/^($PACKAGE)\|.*$/$PACKAGE|$CANDIDATE_VERSION/g" "{}" \ + | xargs -I{} sed "${SED_REPLACE_OPTION[@]}" -E "s/^($PACKAGE\|$CURRENT_VERSION).*$/$PACKAGE|$CANDIDATE_VERSION/g" "{}" \ | grep -E "^$PACKAGE\|"