Update cyrus-sasl-lib to address CVE-2022-24407

Signed-off-by: Christopher Desiniotis <[email protected]>

.common-ci.yml

@@ -50,6 +50,7 @@ stages:
 .dist-ubi8:
   variables:
     DIST: ubi8
+    CVE_UPDATES: "cyrus-sasl-lib"
 
 .target-gpu-operator:
   variables:

Makefile

@@ -286,6 +286,7 @@ $(BUILD_TARGETS): build-%:
 		--build-arg VERSION="$(VERSION)" \
 		--build-arg BUILDER_IMAGE="$(BUILDER_IMAGE)" \
 		--build-arg GOLANG_VERSION="$(GOLANG_VERSION)" \
+		--build-arg CVE_UPDATES="$(CVE_UPDATES)" \
 		--file $(DOCKERFILE) $(CURDIR)
 
 # Provide a utility target to build the images to allow for use in external tools.

docker/Dockerfile

@@ -67,6 +67,13 @@ RUN OS_ARCH=${TARGETARCH/x86_64/amd64} && OS_ARCH=${OS_ARCH/aarch64/arm64} && cu
 RUN chmod +x ./kubectl
 RUN mv ./kubectl /usr/local/bin
 
+# Install / upgrade packages here that are required to resolve CVEs
+ARG CVE_UPDATES
+RUN if [ -n "${CVE_UPDATES}" ]; then \
+        yum update -y ${CVE_UPDATES} && \
+        rm -rf /var/cache/yum/*; \
+    fi
+
 RUN useradd gpu-operator
 USER gpu-operator
 

validator/Dockerfile

@@ -58,4 +58,11 @@ LABEL name="NVIDIA Validator for the GPU Operator"
 LABEL summary="NVIDIA Validator for the GPU Operator"
 LABEL description="See summary"
 
+# Install / upgrade packages here that are required to resolve CVEs
+ARG CVE_UPDATES
+RUN if [ -n "${CVE_UPDATES}" ]; then \
+        yum update -y ${CVE_UPDATES} && \
+        rm -rf /var/cache/yum/*; \
+    fi
+
 ENTRYPOINT ["/bin/bash"]

validator/Makefile

@@ -85,6 +85,7 @@ $(BUILD_TARGETS): build-%:
 		--build-arg BUILDER_IMAGE="$(BUILDER_IMAGE)" \
 		--build-arg CUDA_SAMPLE_IMAGE=nvcr.io/nvidia/k8s/cuda-sample:vectoradd-cuda11.6.0-$(*) \
 		--build-arg GOLANG_VERSION="$(GOLANG_VERSION)" \
+		--build-arg CVE_UPDATES="$(CVE_UPDATES)" \
 		--file $(DOCKERFILE) $(BUILD_DIR)
 
 # Provide a utility target to build the images to allow for use in external tools.