Merge branch '3.0-dev' into 3.0

Merge branch '3.0-dev' commit d633a6b

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>

Author: cheeyanglee

LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md

@@ -103,6 +103,7 @@
                 "byacc",
                 "ca-certificates",
                 "cachefilesd",
+                "caddy",
                 "cairomm",
                 "calamares",
                 "capnproto",
@@ -2359,6 +2360,7 @@
                 "GSL",
                 "gstreamer1",
                 "gtk-update-icon-cache",
+                "helm",
                 "intel-pf-bb-config",
                 "ivykis",
                 "jsonbuilder",

LICENSES-AND-NOTICES/SPECS/data/licenses.json

@@ -4,28 +4,22 @@
 
 Edge Microvisor Toolkit is a reference Linux operating system that demonstrates the full
 capabilities of Intel® platforms for Edge AI workloads. Built on Azure Linux, it features an
-Intel®-maintained Linux Kernel, incorporating all the latest patches that have not yet been
+[Intel®-maintained Linux Kernel](./docs/developer-guide/emt-architecture-overview.md#next-kernel),
+incorporating all the latest patches that have not yet been
 upstreamed. These patches optimize performance and enhance other capabilities for Intel®
 silicon, streamlining integration for operating system vendors and technology partners.
 
-Edge Microvisor Toolkit is published in several versions, both immutable and mutable.
+Edge Microvisor Toolkit is [published in several versions](./docs/developer-guide/get-started/emt-versions.md),
+both immutable and mutable.
 It may be used to quickly deploy, validate, and benchmark edge AI workloads, including those
 requiring real-time processing. You can also use the toolkit's flexible build infrastructure
 to create custom images from a large set of pre-provisioned packages.
 
-Here are the published versions:
-
-* [Edge Microvisor Toolkit Standalone Node (immutable)](https://github.com/open-edge-platform/edge-microvisor-toolkit-standalone-node)
-* [Edge Microvisor Toolkit Developer Node with or without real-time extensions (mutable)](./docs/developer-guide/emt-architecture-overview.md#developer-node-mutable-iso-image)
-* [Edge Microvisor Toolkit (mutuable or immutable) for use with Edge Manageability Framework](./docs/developer-guide/emt-deployment-edge-orchestrator.md)
-* [Edge Microvisor Bootkit](./docs/developer-guide/emt-bootkit.md)
-
 Edge Microvisor Toolkit has undergone extensive validation across the Intel® Xeon®,
 Intel® Core Ultra™, Intel Core™, and Intel® Atom® processor families. It provides robust
 support for integrated NPU as well as a
 [selection of discrete GPU cards](./docs/developer-guide/emt-system-requirements.md#hardware-requirements).
 
-
 You can either build Edge Microvisor Toolkit by following step-by-step instructions or
 download it directly. Both the build system and Edge Microvisor Toolkit are available as open
 source.
@@ -44,14 +38,18 @@ If you're interested in most up-to-date versions, check out the
 and
 [CVE](https://github.com/open-edge-platform/edge-microvisor-toolkit/discussions?discussions_q=is%3Aopen+cve+) releases.
 
-
 **Demos on YouTube**
 
 * [Standalone Edge Microvisor Toolkit (EMT-S) integration with Edge Microvisor Bootkit](https://www.youtube.com/watch?v=rmgmWYi6OpE):
   USB Device Preparation, Provisioning Process, System Readiness, and Final Boot with the cluster starting successfully.
 * [Edge Microvisor Toolkit Standalone Node 3.0](https://www.youtube.com/watch?v=j_4EX_wggSI):
   a brief walkthrough of Edge Microvisor Toolkit Standalone Node for the 3.0 release, covering various use cases.
 
+You can also try out the
+[OS Image Composer](http://github.com/open-edge-platform/os-image-composer) -
+a *new* project in the Open Edge platform family that allows you to compose
+custom OS images from popular distributions using pre-built artifacts.
+
 ## Get Help or Contribute
 
 If you want to participate in the GitHub community for Edge Microvisor Toolkit, you can

README.md

@@ -0,0 +1,68 @@
+From ffc4888694c5222e9eddecb461c955d5661aa18c Mon Sep 17 00:00:00 2001
+From: Carl George <carl@george.computer>
+Date: Wed, 16 Feb 2022 11:45:03 -0600
+Subject: [PATCH 1/2] Disable commands that can alter the binary
+
+---
+ cmd/commands.go | 45 ---------------------------------------------
+ 1 file changed, 45 deletions(-)
+
+diff --git a/cmd/commands.go b/cmd/commands.go
+index 259dd358..31b85a18 100644
+--- a/cmd/commands.go
++++ b/cmd/commands.go
+@@ -395,51 +395,6 @@ is always printed to stdout.
+ 		},
+ 	})
+ 
+-	RegisterCommand(Command{
+-		Name:  "upgrade",
+-		Short: "Upgrade Caddy (EXPERIMENTAL)",
+-		Long: `
+-Downloads an updated Caddy binary with the same modules/plugins at the
+-latest versions. EXPERIMENTAL: May be changed or removed.
+-`,
+-		CobraFunc: func(cmd *cobra.Command) {
+-			cmd.Flags().BoolP("keep-backup", "k", false, "Keep the backed up binary, instead of deleting it")
+-			cmd.RunE = WrapCommandFuncForCobra(cmdUpgrade)
+-		},
+-	})
+-
+-	RegisterCommand(Command{
+-		Name:  "add-package",
+-		Usage: "<package[@version]...>",
+-		Short: "Adds Caddy packages (EXPERIMENTAL)",
+-		Long: `
+-Downloads an updated Caddy binary with the specified packages (module/plugin)
+-added, with an optional version specified (e.g., "package@version"). Retains
+-existing packages. Returns an error if any of the specified packages are already
+-included. EXPERIMENTAL: May be changed or removed.
+-`,
+-		CobraFunc: func(cmd *cobra.Command) {
+-			cmd.Flags().BoolP("keep-backup", "k", false, "Keep the backed up binary, instead of deleting it")
+-			cmd.RunE = WrapCommandFuncForCobra(cmdAddPackage)
+-		},
+-	})
+-
+-	RegisterCommand(Command{
+-		Name:  "remove-package",
+-		Func:  cmdRemovePackage,
+-		Usage: "<packages...>",
+-		Short: "Removes Caddy packages (EXPERIMENTAL)",
+-		Long: `
+-Downloads an updated Caddy binaries without the specified packages (module/plugin).
+-Returns an error if any of the packages are not included.
+-EXPERIMENTAL: May be changed or removed.
+-`,
+-		CobraFunc: func(cmd *cobra.Command) {
+-			cmd.Flags().BoolP("keep-backup", "k", false, "Keep the backed up binary, instead of deleting it")
+-			cmd.RunE = WrapCommandFuncForCobra(cmdRemovePackage)
+-		},
+-	})
+-
+ 	defaultFactory.Use(func(rootCmd *cobra.Command) {
+ 		rootCmd.AddCommand(caddyCmdToCobra(Command{
+ 			Name:  "manpage",
+-- 
+2.47.1
+

SPECS/caddy/0001-Disable-commands-that-can-alter-the-binary.patch

@@ -0,0 +1,120 @@
+From afd4339ec8682b92eb6bcc870d138106ffd5f58d Mon Sep 17 00:00:00 2001
+From: kavyasree <kkaitepalli@microsoft.com>
+Date: Fri, 31 Jan 2025 21:16:51 +0530
+Subject: [PATCH] Patch CVE-2024-45339
+
+Reference: https://github.com/golang/glog/pull/74
+
+---
+ vendor/github.com/golang/glog/glog_file.go | 60 ++++++++++++++++------
+ 1 file changed, 44 insertions(+), 16 deletions(-)
+
+diff --git a/vendor/github.com/golang/glog/glog_file.go b/vendor/github.com/golang/glog/glog_file.go
+index e7d125c..6d239fa 100644
+--- a/vendor/github.com/golang/glog/glog_file.go
++++ b/vendor/github.com/golang/glog/glog_file.go
+@@ -118,32 +118,53 @@ var onceLogDirs sync.Once
+ // contains tag ("INFO", "FATAL", etc.) and t.  If the file is created
+ // successfully, create also attempts to update the symlink for that tag, ignoring
+ // errors.
+-func create(tag string, t time.Time) (f *os.File, filename string, err error) {
++func create(tag string, t time.Time, dir string) (f *os.File, filename string, err error) {
++	if dir != "" {
++		f, name, err := createInDir(dir, tag, t)
++		if err == nil {
++			return f, name, err
++		}
++		return nil, "", fmt.Errorf("log: cannot create log: %v", err)
++	}
++
+ 	onceLogDirs.Do(createLogDirs)
+ 	if len(logDirs) == 0 {
+ 		return nil, "", errors.New("log: no log dirs")
+ 	}
+-	name, link := logName(tag, t)
+ 	var lastErr error
+ 	for _, dir := range logDirs {
+-		fname := filepath.Join(dir, name)
+-		f, err := os.Create(fname)
++		f, name, err := createInDir(dir, tag, t)
+ 		if err == nil {
+-			symlink := filepath.Join(dir, link)
+-			os.Remove(symlink)        // ignore err
+-			os.Symlink(name, symlink) // ignore err
+-			if *logLink != "" {
+-				lsymlink := filepath.Join(*logLink, link)
+-				os.Remove(lsymlink)         // ignore err
+-				os.Symlink(fname, lsymlink) // ignore err
+-			}
+-			return f, fname, nil
++			return f, name, err
+ 		}
+ 		lastErr = err
+ 	}
+ 	return nil, "", fmt.Errorf("log: cannot create log: %v", lastErr)
+ }
+ 
++func createInDir(dir, tag string, t time.Time) (f *os.File, name string, err error) {
++	name, link := logName(tag, t)
++	fname := filepath.Join(dir, name)
++	// O_EXCL is important here, as it prevents a vulnerability. The general idea is that logs often
++	// live in an insecure directory (like /tmp), so an unprivileged attacker could create fname in
++	// advance as a symlink to a file the logging process can access, but the attacker cannot. O_EXCL
++	// fails the open if it already exists, thus prevent our this code from opening the existing file
++	// the attacker points us to.
++	f, err = os.OpenFile(fname, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0666)
++	if err == nil {
++		symlink := filepath.Join(dir, link)
++		os.Remove(symlink)        // ignore err
++		os.Symlink(name, symlink) // ignore err
++		if *logLink != "" {
++			lsymlink := filepath.Join(*logLink, link)
++			os.Remove(lsymlink)         // ignore err
++			os.Symlink(fname, lsymlink) // ignore err
++		}
++		return f, fname, nil
++	}
++	return nil, "", err
++}
++
+ // flushSyncWriter is the interface satisfied by logging destinations.
+ type flushSyncWriter interface {
+ 	Flush() error
+@@ -247,6 +268,7 @@ type syncBuffer struct {
+ 	names  []string
+ 	sev    logsink.Severity
+ 	nbytes uint64 // The number of bytes written to this file
++	madeAt time.Time
+ }
+ 
+ func (sb *syncBuffer) Sync() error {
+@@ -254,9 +276,14 @@ func (sb *syncBuffer) Sync() error {
+ }
+ 
+ func (sb *syncBuffer) Write(p []byte) (n int, err error) {
++	// Rotate the file if it is too large, but ensure we only do so,
++	// if rotate doesn't create a conflicting filename.
+ 	if sb.nbytes+uint64(len(p)) >= MaxSize {
+-		if err := sb.rotateFile(time.Now()); err != nil {
+-			return 0, err
++		now := timeNow()
++		if now.After(sb.madeAt.Add(1*time.Second)) || now.Second() != sb.madeAt.Second() {
++			if err := sb.rotateFile(now); err != nil {
++				return 0, err
++			}
+ 		}
+ 	}
+ 	n, err = sb.Writer.Write(p)
+@@ -274,7 +301,8 @@ const footer = "\nCONTINUED IN NEXT FILE\n"
+ func (sb *syncBuffer) rotateFile(now time.Time) error {
+ 	var err error
+ 	pn := "<none>"
+-	file, name, err := create(sb.sev.String(), now)
++	file, name, err := create(sb.sev.String(), now, "")
++	sb.madeAt = now
+ 
+ 	if sb.file != nil {
+ 		// The current log file becomes the previous log at the end of
+-- 
+2.34.1
+

SPECS/caddy/CVE-2024-45339.patch

@@ -0,0 +1,139 @@
+From 041b89a18f81265899e42e6801f830c101a96120 Mon Sep 17 00:00:00 2001
+From: Kanishk-Bansal <kbkanishk975@gmail.com>
+Date: Sun, 2 Mar 2025 13:46:00 +0000
+Subject: [PATCH] CVE-2025-22869
+
+Upstream Reference : https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22
+
+ssh: limit the size of the internal packet queue while waiting for KEX
+
+In the SSH protocol, clients and servers execute the key exchange to
+generate one-time session keys used for encryption and authentication.
+The key exchange is performed initially after the connection is
+established and then periodically after a configurable amount of data.
+While a key exchange is in progress, we add the received packets to an
+internal queue until we receive SSH_MSG_KEXINIT from the other side.
+This can result in high memory usage if the other party is slow to
+respond to the SSH_MSG_KEXINIT packet, or memory exhaustion if a
+malicious client never responds to an SSH_MSG_KEXINIT packet during a
+large file transfer.
+We now limit the internal queue to 64 packets: this means 2MB with the
+typical 32KB packet size.
+When the internal queue is full we block further writes until the
+pending key exchange is completed or there is a read or write error.
+
+Thanks to Yuichi Watanabe for reporting this issue.
+
+Change-Id: I1ce2214cc16e08b838d4bc346c74c72addafaeec
+Reviewed-on: https://go-review.googlesource.com/c/crypto/+/652135
+Reviewed-by: Neal Patel <nealpatel@google.com>
+Auto-Submit: Gopher Robot <gobot@golang.org>
+Reviewed-by: Roland Shoemaker <roland@golang.org>
+LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
+
+---
+ vendor/golang.org/x/crypto/ssh/handshake.go | 47 ++++++++++++++++-----
+ 1 file changed, 37 insertions(+), 10 deletions(-)
+
+diff --git a/vendor/golang.org/x/crypto/ssh/handshake.go b/vendor/golang.org/x/crypto/ssh/handshake.go
+index 70a7369..e14eb6c 100644
+--- a/vendor/golang.org/x/crypto/ssh/handshake.go
++++ b/vendor/golang.org/x/crypto/ssh/handshake.go
+@@ -24,6 +24,11 @@ const debugHandshake = false
+ // quickly.
+ const chanSize = 16
+ 
++// maxPendingPackets sets the maximum number of packets to queue while waiting
++// for KEX to complete. This limits the total pending data to maxPendingPackets
++// * maxPacket bytes, which is ~16.8MB.
++const maxPendingPackets = 64
++
+ // keyingTransport is a packet based transport that supports key
+ // changes. It need not be thread-safe. It should pass through
+ // msgNewKeys in both directions.
+@@ -58,11 +63,19 @@ type handshakeTransport struct {
+ 	incoming  chan []byte
+ 	readError error
+ 
+-	mu               sync.Mutex
+-	writeError       error
+-	sentInitPacket   []byte
+-	sentInitMsg      *kexInitMsg
+-	pendingPackets   [][]byte // Used when a key exchange is in progress.
++	mu sync.Mutex
++	// Condition for the above mutex. It is used to notify a completed key
++	// exchange or a write failure. Writes can wait for this condition while a
++	// key exchange is in progress.
++	writeCond      *sync.Cond
++	writeError     error
++	sentInitPacket []byte
++	sentInitMsg    *kexInitMsg
++	// Used to queue writes when a key exchange is in progress. The length is
++	// limited by pendingPacketsSize. Once full, writes will block until the key
++	// exchange is completed or an error occurs. If not empty, it is emptied
++	// all at once when the key exchange is completed in kexLoop.
++	pendingPackets   [][]byte
+ 	writePacketsLeft uint32
+ 	writeBytesLeft   int64
+ 
+@@ -114,6 +127,7 @@ func newHandshakeTransport(conn keyingTransport, config *Config, clientVersion,
+ 
+ 		config: config,
+ 	}
++	t.writeCond = sync.NewCond(&t.mu)
+ 	t.resetReadThresholds()
+ 	t.resetWriteThresholds()
+ 
+@@ -236,6 +250,7 @@ func (t *handshakeTransport) recordWriteError(err error) {
+ 	defer t.mu.Unlock()
+ 	if t.writeError == nil && err != nil {
+ 		t.writeError = err
++		t.writeCond.Broadcast()
+ 	}
+ }
+ 
+@@ -339,6 +354,8 @@ write:
+ 			}
+ 		}
+ 		t.pendingPackets = t.pendingPackets[:0]
++		// Unblock writePacket if waiting for KEX.
++		t.writeCond.Broadcast()
+ 		t.mu.Unlock()
+ 	}
+ 
+@@ -526,11 +543,20 @@ func (t *handshakeTransport) writePacket(p []byte) error {
+ 	}
+ 
+ 	if t.sentInitMsg != nil {
+-		// Copy the packet so the writer can reuse the buffer.
+-		cp := make([]byte, len(p))
+-		copy(cp, p)
+-		t.pendingPackets = append(t.pendingPackets, cp)
+-		return nil
++		if len(t.pendingPackets) < maxPendingPackets {
++			// Copy the packet so the writer can reuse the buffer.
++			cp := make([]byte, len(p))
++			copy(cp, p)
++			t.pendingPackets = append(t.pendingPackets, cp)
++			return nil
++		}
++		for t.sentInitMsg != nil {
++			// Block and wait for KEX to complete or an error.
++			t.writeCond.Wait()
++			if t.writeError != nil {
++				return t.writeError
++			}
++		}
+ 	}
+ 
+ 	if t.writeBytesLeft > 0 {
+@@ -547,6 +573,7 @@ func (t *handshakeTransport) writePacket(p []byte) error {
+ 
+ 	if err := t.pushPacket(p); err != nil {
+ 		t.writeError = err
++		t.writeCond.Broadcast()
+ 	}
+ 
+ 	return nil
+-- 
+2.45.2