diff --git a/_service b/_service index 7834966..40bba79 100644 --- a/_service +++ b/_service @@ -1,5 +1,5 @@ - + .github CODE_OF_CONDUCT.md CONTRIBUTING.md @@ -29,7 +29,7 @@ install.sh run-nitro-cli-integration-tests run_tests.sh - samples + scripts sources tests third_party/linuxkit/README.md @@ -37,32 +37,33 @@ vendor aws-nitro-enclaves-cli * - 4ccc639acfd35a24a4c8ea7c4179e0d1068eef76 + d3d77e02e0239364f4ccc757357e4d96012640af git disable https://github.com/aws/aws-nitro-enclaves-cli.git @PARENT_TAG@~git@TAG_OFFSET@.%h v(\d+\.\d+\.\d+) + v[0-9]*.[0-9]*.[0-9]* \1 - + Makefile aws-nitro-enclaves-sdk-bootstrap init - 746ec5d2713e539b94e651601b5c24ec1247c955 + ac43d103ba0f98044bf760477c088f1dc6f3702d git disable https://github.com/aws/aws-nitro-enclaves-sdk-bootstrap.git %H - + *.tar xz - + aws-nitro-enclaves-cli - + aws-nitro-enclaves-cli xz diff --git a/aws-nitro-enclaves-cli-1.2.2~git0.4ccc639.tar.xz b/aws-nitro-enclaves-cli-1.2.2~git0.4ccc639.tar.xz deleted file mode 100644 index 7f14390..0000000 --- a/aws-nitro-enclaves-cli-1.2.2~git0.4ccc639.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:63150f0826426b16cc547ee1b63a53a32d2b6de7153e37cab260b7b7afe0831e -size 23269384 diff --git a/aws-nitro-enclaves-cli-1.2.3~git11.d3d77e0.tar.xz b/aws-nitro-enclaves-cli-1.2.3~git11.d3d77e0.tar.xz new file mode 100644 index 0000000..ff79fa7 --- /dev/null +++ b/aws-nitro-enclaves-cli-1.2.3~git11.d3d77e0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:aca78035ccf666045090c6c663f1585286578104cd44e7e1be3095da8b6e0b39 +size 23269552 diff --git a/aws-nitro-enclaves-cli.changes b/aws-nitro-enclaves-cli.changes index cb3a51e..d2c8e0a 100644 --- a/aws-nitro-enclaves-cli.changes +++ b/aws-nitro-enclaves-cli.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Apr 4 04:04:04 UTC 2024 - olaf@aepfle.de + +- Update to version 1.2.3~git11.d3d77e0 to get all the precious cargo + (bsc#1218501, CVE-2023-50711) + ------------------------------------------------------------------- Fri Mar 3 03:03:03 UTC 2023 - olaf@aepfle.de diff --git a/aws-nitro-enclaves-cli.patch b/aws-nitro-enclaves-cli.patch index 6d1b863..b42a2a2 100644 --- a/aws-nitro-enclaves-cli.patch +++ b/aws-nitro-enclaves-cli.patch @@ -1,3 +1,7 @@ +--- + vsock_proxy/service/nitro-enclaves-vsock-proxy.service | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + --- a/vsock_proxy/service/nitro-enclaves-vsock-proxy.service +++ b/vsock_proxy/service/nitro-enclaves-vsock-proxy.service @@ -8,11 +8,12 @@ Type=simple @@ -5,12 +9,12 @@ StandardError=journal SyslogIdentifier=vsock-proxy +Environment=VSOCK_PROXY_CONFIG=/usr/share/nitro_enclaves/vsock-proxy.yaml + # Use RUST_LOG=trace for more verbose logging ExecStart=/bin/bash -ce "TOKEN=$(curl --silent -X PUT \"http://169.254.169.254/latest/api/token\" -H \"X-aws-ec2-metadata-token-ttl-seconds: 21600\") ; \ REGION=$(curl --silent -H \"X-aws-ec2-metadata-token: $TOKEN\" http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region) ; \ [ -z \"$REGION\" ] && REGION=$(curl --silent http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region) ; \ - exec /usr/bin/vsock-proxy 8000 kms.$${REGION}.amazonaws.com 443 \ -- --config /etc/nitro_enclaves/vsock-proxy.yaml" -+ --config $VSOCK_PROXY_CONFIG" +- RUST_LOG=warn exec /usr/bin/vsock-proxy 8000 kms.$${REGION}.amazonaws.com 443 --config /etc/nitro_enclaves/vsock-proxy.yaml" ++ RUST_LOG=warn exec /usr/bin/vsock-proxy 8000 kms.$${REGION}.amazonaws.com 443 --config $VSOCK_PROXY_CONFIG" Restart=always TimeoutSec=0 diff --git a/aws-nitro-enclaves-cli.spec b/aws-nitro-enclaves-cli.spec index dadb79c..c0dc5ae 100644 --- a/aws-nitro-enclaves-cli.spec +++ b/aws-nitro-enclaves-cli.spec @@ -19,7 +19,7 @@ Name: aws-nitro-enclaves-cli -Version: 1.2.2~git0.4ccc639 +Version: 1.2.3~git11.d3d77e0 Release: 0 Summary: Tools for managing enclaves License: Apache-2.0 @@ -28,9 +28,8 @@ ExclusiveArch: aarch64 x86_64 Patch0: %name.patch Source0: %name-%version.tar.xz Source1: vendor.tar.xz -Source2: cargo_config Source3: aws-nitro-enclaves-cli-rpmlintrc -Source9: aws-nitro-enclaves-sdk-bootstrap-746ec5d2713e539b94e651601b5c24ec1247c955.tar.xz +Source9: aws-nitro-enclaves-sdk-bootstrap-ac43d103ba0f98044bf760477c088f1dc6f3702d.tar.xz Requires(pre): system-group-%ne_system_group = %version-%release Requires(post): coreutils Requires: aws-nitro-enclaves-binaryblobs @@ -113,8 +112,6 @@ _EOF_ nitro-cli run-enclave --eif-path hello.eif --cpu-count 2 --memory 512 --debug-mode --attach-console _EOR_ %install -mkdir .cargo -cp %{SOURCE2} .cargo/config %if 0%{?__debug_package} rustflags='-Clink-arg=-Wl,-z,relro,-z,now -C debuginfo=2' release= diff --git a/aws-nitro-enclaves-sdk-bootstrap-746ec5d2713e539b94e651601b5c24ec1247c955.tar.xz b/aws-nitro-enclaves-sdk-bootstrap-746ec5d2713e539b94e651601b5c24ec1247c955.tar.xz deleted file mode 100644 index 1d65036..0000000 --- a/aws-nitro-enclaves-sdk-bootstrap-746ec5d2713e539b94e651601b5c24ec1247c955.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e975541261a383dfc8a4d3d517a25c26a0d266723738faf39625c2b81da13824 -size 4268 diff --git a/aws-nitro-enclaves-sdk-bootstrap-ac43d103ba0f98044bf760477c088f1dc6f3702d.tar.xz b/aws-nitro-enclaves-sdk-bootstrap-ac43d103ba0f98044bf760477c088f1dc6f3702d.tar.xz new file mode 100644 index 0000000..bc1ebae --- /dev/null +++ b/aws-nitro-enclaves-sdk-bootstrap-ac43d103ba0f98044bf760477c088f1dc6f3702d.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c22a27c304953a5811e3fbc3dd98400d368a5f8951f291ee3e19b401d5aa5699 +size 4268 diff --git a/cargo_config b/cargo_config deleted file mode 100644 index 6fb4ff4..0000000 --- a/cargo_config +++ /dev/null @@ -1,5 +0,0 @@ -[source.crates-io] -replace-with = "vendored-sources" - -[source.vendored-sources] -directory = "vendor" \ No newline at end of file diff --git a/vendor.tar.xz b/vendor.tar.xz index e3320bc..1d388f3 100644 --- a/vendor.tar.xz +++ b/vendor.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c4e9c35db12820a87a4eea07d612e170562299323c1043419003ddb47508ff3b -size 18252780 +oid sha256:1abe61dc8883d442bf3f966ecc5849dca424d9e8a4170938af72e125bd8452a0 +size 21813840