[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade nvidia-container-toolkit…

… to 1.16.2 Critical vulnerability CVE-2024-0132, Medium vulnerability CVE-2024-0133 - branch main (#10660)
microsoft · Oct 9, 2024 · 9e55d13 · 9e55d13
1 parent 6d7ba8b
commit 9e55d13
Show file tree

Hide file tree

Showing 12 changed files with 49 additions and 154 deletions.
diff --git a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md
diff --git a/SPECS/LICENSES-AND-NOTICES/data/licenses.json b/SPECS/LICENSES-AND-NOTICES/data/licenses.json
@@ -2451,7 +2451,6 @@
                 "mlnx-ofa_kernel",
                 "mlnx-tools",
                 "mlx-bootctl",
-                "nvidia-container-runtime",
                 "nvidia-container-toolkit",
                 "nvidia-docker2",
                 "ofed-scripts",

diff --git a/SPECS/libnvidia-container/common.mk.patch b/SPECS/libnvidia-container/common.mk.patch
@@ -1,6 +1,6 @@
-diff -urN libnvidia-container-1.9.0-orig/mk/common.mk libnvidia-container-1.9.0/mk/common.mk
---- libnvidia-container-1.9.0-orig/mk/common.mk	2022-03-18 03:31:56.000000000 -0700
-+++ libnvidia-container-1.9.0/mk/common.mk	2022-03-29 15:16:01.971189500 -0700
+diff -urN libnvidia-container-1.16.2-orig/mk/common.mk libnvidia-container-1.16.2/mk/common.mk
+--- libnvidia-container-1.16.2-orig/mk/common.mk	2022-03-18 03:31:56.000000000 -0700
++++ libnvidia-container-1.16.2/mk/common.mk	2022-03-29 15:16:01.971189500 -0700
 @@ -27,7 +27,7 @@
  else
      DATE := $(shell date -u --iso-8601=minutes)

diff --git a/SPECS/libnvidia-container/libnvidia-container.signatures.json b/SPECS/libnvidia-container/libnvidia-container.signatures.json
@@ -1,6 +1,6 @@
 {
  "Signatures": {
-  "libnvidia-container-1.13.5.tar.gz": "431522239d71728d2840b2f048d0a0733c3e6ad7a209bdf21c7d17c0aa661657",
-  "nvidia-modprobe-495.44.tar.gz": "ae6e9c7e6b43368945c28f6b8b6d0d7cc36ee7e1be8955a009a1cb189e46de92"
+  "libnvidia-container-1.16.2.tar.gz": "6f0775f51ac4bec285879bf084545f826094eba4e8430258eb5e2536e711c875",
+  "nvidia-modprobe-550.54.14.tar.gz": "5687b0dfa6087dd480ae91e91ff1dca975794e35a2edcf9ec08d8f9cb98ef905"
  }
 }
diff --git a/SPECS/libnvidia-container/libnvidia-container.spec b/SPECS/libnvidia-container/libnvidia-container.spec
@@ -1,10 +1,10 @@
-%define modprobe_version 495.44
+%define modprobe_version 550.54.14
 %define _major 1
 %define mod_probe_dir deps/src/nvidia-modprobe-%{modprobe_version}
 Summary:        NVIDIA container runtime library
 Name:           libnvidia-container
-Version:        1.13.5
-Release:        7%{?dist}
+Version:        1.16.2
+Release:        1%{?dist}
 License:        BSD AND ASL2.0 AND GPLv3+ AND LGPLv3+ AND MIT AND GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -39,6 +39,9 @@ tar -C %{mod_probe_dir} --strip-components=1 -xzf %{SOURCE1}
 touch %{mod_probe_dir}/.download_stamp
 
 %build
+sed -i 's/^MAJOR[[:space:]]*:=.*$/MAJOR := 1/' versions.mk
+sed -i 's/^MINOR[[:space:]]*:=.*$/MINOR := 16/' versions.mk
+sed -i 's/^PATCH[[:space:]]*:=.*$/PATCH := 2/' versions.mk
 %make_build WITH_LIBELF=yes
 
 %install
@@ -132,6 +135,9 @@ This package contains command-line tools that facilitate using the library.
 %{_bindir}/*
 
 %changelog
+* Mon Oct 07 2024 Mandeep Plaha <[email protected]> - 1.16.2-1
+- Upgrade to version 1.16.2 to stay in sync with nvidia-container-toolkit.
+
 * Mon Sep 09 2024 CBL-Mariner Servicing Account <[email protected]> - 1.13.5-7
 - Bump release to rebuild with go 1.22.7
 

diff --git a/SPECS/libnvidia-container/libtirpc.patch b/SPECS/libnvidia-container/libtirpc.patch
@@ -1,6 +1,6 @@
-diff -urN libnvidia-container-1.9.0-orig/Makefile libnvidia-container-1.9.0/Makefile
---- libnvidia-container-1.9.0-orig/Makefile	2022-03-18 03:31:56.000000000 -0700
-+++ libnvidia-container-1.9.0/Makefile	2022-03-29 15:20:11.362669600 -0700
+diff -urN libnvidia-container-1.16.2-orig/Makefile libnvidia-container-1.16.2/Makefile
+--- libnvidia-container-1.16.2-orig/Makefile	2022-03-18 03:31:56.000000000 -0700
++++ libnvidia-container-1.16.2/Makefile	2022-03-29 15:20:11.362669600 -0700
 @@ -168,6 +168,9 @@
  LIB_CPPFLAGS       += -isystem $(DEPS_DIR)$(includedir)/tirpc -DWITH_TIRPC
  LIB_LDLIBS_STATIC  += -l:libtirpc.a

diff --git a/SPECS/libnvidia-container/nvidia-modprobe.patch b/SPECS/libnvidia-container/nvidia-modprobe.patch
@@ -1,7 +1,7 @@
-diff -ruN nvidia-modprobe-495.44/modprobe-utils/nvidia-modprobe-utils.c nvidia-modprobe-495.44-patched/modprobe-utils/nvidia-modprobe-utils.c
---- nvidia-modprobe-495.44/modprobe-utils/nvidia-modprobe-utils.c	2021-11-13 14:36:58.096684602 +0000
-+++ nvidia-modprobe-495.44-patched/modprobe-utils/nvidia-modprobe-utils.c	2021-11-13 14:43:40.965146390 +0000
-@@ -888,10 +888,10 @@
+diff -ruN nvidia-modprobe-550.54.14/modprobe-utils/nvidia-modprobe-utils.c nvidia-modprobe-550.54.14-patched/modprobe-utils/nvidia-modprobe-utils.c
+--- nvidia-modprobe-550.54.14/modprobe-utils/nvidia-modprobe-utils.c	2021-11-13 14:36:58.096684602 +0000
++++ nvidia-modprobe-550.54.14-patched/modprobe-utils/nvidia-modprobe-utils.c	2021-11-13 14:43:40.965146390 +0000
+@@ -959,10 +959,10 @@
      return mknod_helper(major, minor_num, vgpu_dev_name, NV_PROC_REGISTRY_PATH);
  }
 
@@ -16,14 +16,16 @@ diff -ruN nvidia-modprobe-495.44/modprobe-utils/nvidia-modprobe-utils.c nvidia-m
  {
      char field[32];
      FILE *fp;
-diff -ruN nvidia-modprobe-495.44/modprobe-utils/nvidia-modprobe-utils.h nvidia-modprobe-495.44-patched/modprobe-utils/nvidia-modprobe-utils.h
---- nvidia-modprobe-495.44/modprobe-utils/nvidia-modprobe-utils.h	2021-11-13 14:36:58.096684602 +0000
-+++ nvidia-modprobe-495.44-patched/modprobe-utils/nvidia-modprobe-utils.h	2021-11-13 14:38:34.078700961 +0000
-@@ -81,6 +81,7 @@
+diff -ruN nvidia-modprobe-550.54.14/modprobe-utils/nvidia-modprobe-utils.h nvidia-modprobe-550.54.14-patched/modprobe-utils/nvidia-modprobe-utils.h
+--- nvidia-modprobe-550.54.14/modprobe-utils/nvidia-modprobe-utils.h	2021-11-13 14:36:58.096684602 +0000
++++ nvidia-modprobe-550.54.14-patched/modprobe-utils/nvidia-modprobe-utils.h	2021-11-13 14:38:34.078700961 +0000
+@@ -87,6 +87,7 @@
  int nvidia_nvswitch_get_file_state(int minor);
  int nvidia_cap_mknod(const char* cap_file_path, int *minor);
  int nvidia_cap_get_file_state(const char* cap_file_path);
 +int nvidia_cap_get_device_file_attrs(const char* cap_file_path, int *major, int *minor, char *name);
+ int nvidia_cap_imex_channel_mknod(int minor);
+ int nvidia_cap_imex_channel_file_state(int minor);
  int nvidia_get_chardev_major(const char *name);
  int nvidia_msr_modprobe(void);
-
+
diff --git a/SPECS/nvidia-container-runtime/nvidia-container-runtime.signatures.json b/SPECS/nvidia-container-runtime/nvidia-container-runtime.signatures.json
diff --git a/SPECS/nvidia-container-runtime/nvidia-container-runtime.spec b/SPECS/nvidia-container-runtime/nvidia-container-runtime.spec
diff --git a/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.signatures.json b/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.signatures.json
@@ -1,6 +1,6 @@
 {
- "Signatures": {
-  "nvidia-container-toolkit-1.13.5-vendor.tar.gz": "e2a72626fedaf53ad5e8a167509451eadd567e417fab4dec07cd9c19a84baae9",
-  "nvidia-container-toolkit-1.13.5.tar.gz": "2e95a89ca3ab95528df4bf32c5e0c8333e283e0465b9636458282c3d49a1b1da"
- }
-}
+  "Signatures": {
+    "nvidia-container-toolkit-1.16.2-vendor.tar.gz": "e9ed76163b347b73de1b3af838f0c1b83a61faadcdef65550d0f3160cd236cd6",
+    "nvidia-container-toolkit-1.16.2.tar.gz": "0062b4123bc8fd34191d95464e42dc18c34c6fff4c7bda0e23ba336f9ecd7997"
+  }
+}