Comment 23 for bug 1847817

Reviewed: https://review.opendev.org/705825
Committed: https://git.openstack.org/cgit/starlingx/tools/commit/?id=43144cbe58278d8a0857cc0fd55df2b6bb921a15
Submitter: Zuul
Branch: f/centos8

commit a3f18007ccad266810d5b02fffe51b7ef3b2463c
Author: Shuicheng Lin <email address hidden>
Date: Sun Jan 19 19:14:55 2020 +0800

    Add Kata Container support

    The patch is based on 431885231ae41256188a7c32f0f5351c4455707b
    And is updated with kata 1.10 repo and 1.10.0-4.1 rpms.

    1. add kata container 1.10 stable repo with kata 1.10.0-4.1 rpms.
       kata-runtime is the main rpm, and other rpms including qemu
       are the rpms required by kata-runtime.
    2. upgrade containerd to 1.3.0
       To support kata container, kubernetes need switch runtime from
       dockershim to containerd. And need use containered with 1.3.0
       in order to support secure private registry.
    3. add crictl as the CLI for containerd.

    Story: 2006145
    Task: 36744
    Task: 36745
    Task: 36746

    Change-Id: I932e0dde0a0b48257e4acd17d6550f9ec5029555
    Signed-off-by: Shuicheng Lin <email address hidden>

commit 0011f51e91a9b98ef4c0150fc0ce608e022deb45
Author: Kristal Dale <email address hidden>
Date: Fri Jan 17 14:18:30 2020 -0800

    Update landing pages for docs and release notes:

    - Use updated project name in titles/text
    - Correct text for link to Storyboard (docs)
    - Correct capitalization in section headings
    - Correct formatting for section headings

    Change-Id: Id116b27f333e038802a706fadb47484e68f837d8
    Signed-off-by: Kristal Dale <email address hidden>

commit ac3e6bfe4aa956816a58cbe13a362e0116776d1f
Author: Saul Wold <email address hidden>
Date: Thu Jan 16 09:59:27 2020 -0800

    ibsh: remove tarball no longer used by cgcs-users

    The cgcs-users package provides a restricted shell ibsh (Iron Bars SHell)
    that is no longer being referenced in StarlingX, so we can remove this
    tarball from the download list.

    Story: 2007102
    Task: 38148
    Depends-On: https://review.opendev.org/702939
    Change-Id: I6e1a25e7318eb3e26150e916335d58c2b60a8f67
    Signed-off-by: Saul Wold <email address hidden>

commit 896fa6b227929bb0b9b28e2a2ca7ead7060963c0
Author: Don Penney <email address hidden>
Date: Wed Jan 15 23:48:42 2020 -0500

    Drop python-smartpm from tarball-dl.lst

    As python-smartpm is no longer required, it can now be dropped from
    the tarball-dl.lst file.

    Depends-On: https://review.opendev.org/702791
    Change-Id: Ifc0a413688151ebb68a71b83a23adb888d1ece08
    Story: 2006227
    Task: 38138
    Signed-off-by: Don Penney <email address hidden>

commit 83709a0a384f92e7042bb9f01e7b52b8a4ba738a
Author: Don Penney <email address hidden>
Date: Tue Jan 14 20:38:59 2020 +0000

    Revert "Add Kata Container support"

    This reverts commit 431885231ae41256188a7c32f0f5351c4455707b.

    Reverting due to https://bugs.launchpad.net/starlingx/+bug/1859686

    Change-Id: Id86981d6b854f5f6f42b99e094b789af263105b7

commit 12c3dc47720bc8d011a746faf42b824caac8faa6
Author: Don Penney <email address hidden>
Date: Tue Jan 14 11:20:50 2020 -0500

    Constrain more-itertools for build failure

    A recent update to the more-itertools python module causes a failure
    in the STX_BUILD_container_setup CENGN build job. This module dropped
    python-2.7 support after its 5.0.0 release. The newest update causes a
    failure due to code that does not work with 2.7.

    This commit adds a builder-constraints.txt file that the Dockerfile
    passes to the pip install command to constrain module versions during
    setup of the build container, allowing us to constrain the
    more-itertools version to 5.0.0, the last version to officially
    support python 2.7.

    Change-Id: I3432c204ecd7c4ddedd8a7dea14216d4ec31e0aa
    Closes-Bug: 1859642
    Signed-off-by: Don Penney <email address hidden>

commit c23eddb3dc5fa57f399d8687d715b76093e154e9
Author: VictorRodriguez <email address hidden>
Date: Thu Jan 9 17:12:21 2020 -0600

    Fix bug in CVE html report generation

    This patch fix a bug in the CVEs report generation. It needs to iterate
    over the cves_w_errors list instead of cves_to_track

    Closes-Bug: 1859482

    Change-Id: Ic61acadf650733b9d7a7d6763c99b0f85394f1a2
    Signed-off-by: VictorRodriguez <email address hidden>

commit 4cb7bee3f856f49d637d3030df23358bbe36e5e1
Author: Don Penney <email address hidden>
Date: Thu Jan 2 17:43:14 2020 -0500

    Add DNF packages

    Update the rpms_centos.lst file to include the DNF packages.

    The patching framework currently uses the smart package manager for
    managing in-release software updates, while CentOS 8 is using DNF. In
    order to facilitate the upgrade to CentOS 8 and python3, the use of
    smartpm by the patch-agent is being replaced with the python2 dnf
    modules. This should allow for an easier transition to python3.

    Change-Id: Ie9d2387158833e0f76504a6d764a69c209d01458
    Story: 2006227
    Task: 37933
    Signed-off-by: Don Penney <email address hidden>

commit 431885231ae41256188a7c32f0f5351c4455707b
Author: Shuicheng Lin <email address hidden>
Date: Fri Sep 27 23:03:46 2019 +0800

    Add Kata Container support

    1. add kata container 1.9 stable repo with kata 1.9.2-7.1 rpms.
       kata-runtime is the main rpm, and other rpms including qemu
       are the rpms required by kata-runtime.
    2. upgrade containerd to 1.3.0
       To support kata container, kubernetes need switch runtime from
       dockershim to containerd. And need use containered with 1.3.0
       in order to support secure private registry.
    3. add crictl as the CLI for containerd.

    Story: 2006145
    Task: 36744
    Task: 36745
    Task: 36746
    Change-Id: I04076681decfa24335cf8dd2a64fc5233452dfbe
    Signed-off-by: Shuicheng Lin <email address hidden>

commit d885f802e78dd2b2f53628bfd9f381e52050321f
Author: Bart Wensley <email address hidden>
Date: Fri Dec 20 10:26:18 2019 -0600

    Switch eventlet and requests to binary RPMs

    Switching python-eventlet and python-requests to binary RPMs
    because we no longer need to patch these packages. Also
    upversioning eventlet, which is necessary to support the
    python kubernetes client.

    Adding in python-dns and python2-monotonic as these are
    required by the upversioned eventlet.

    Change-Id: I8af559d90add35d51ef7b1054264169ea4134f3c
    Story: 2006781
    Task: 37583
    Depends-On: https://review.opendev.org/#/c/700195/
    Signed-off-by: Bart Wensley <email address hidden>

commit c69bc1ef1efb9b784caf0398b9d5b44a52b01d9c
Author: Robin Lu <email address hidden>
Date: Thu Nov 21 14:41:24 2019 +0800

    Upgrade std/rt kernel to version 1062.1.2 for fixing CVE bug

    To fix below kernel CVE, std/rt kernel will be upgraded to a
    higher version than current version.
    So we will upgrade kernel srpm to below version, which will
    cover this issue.
    std kernel: kernel-3.10.0-1062.1.2.el7.src.rpm
    https://lists.centos.org/pipermail/centos-announce/2019-October/023457.html
    rt kernel: kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.src.rpm
    https://access.redhat.com/errata/RHSA-2019:2830

    linux-firmware is brought forward due to a kernel spec file
    build dependency.

    CVE bug: CVE-2019-11810:kernel: a NULL pointer dereference in
    drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS
    CVE bug: CVE-2019-11811: kernel: use-after-free in IPMI Edit
    CVE bug: CVE-2019-14835: kernel: vhost-net: guest to host kernel
    escape during migration

    Closes-Bug: 1849206
    Closes-Bug: 1849209
    Closes-Bug: 1847817

    Change-Id: Ic8c107e4850d0679470a4c8214c85c6d9a800beb
    Signed-off-by: Robin Lu <email address hidden>

commit 89edca84454d8ee958b054c93c39319c4698ce95
Author: Martin, Chen <email address hidden>
Date: Fri Nov 1 15:32:48 2019 +0800

    Add rook for ceph containerization to the tarball list.

    Story: 2005527
    Task: 37334

    Change-Id: Ic13229981d511c82496489815baacde4b6c60654
    Signed-off-by: Martin, Chen <email address hidden>