Merge pull request #482 from splunk/develop

Release/820

Author: alishamayor

.trivyignore

@@ -2,3 +2,24 @@
 # /usr/lib/python3.7/site-packages/ansible_collections/netbox/netbox/poetry.lock
 CVE-2020-36242
 CVE-2020-14343
+
+# Downgraded to LOW severity by the Product Security team as the packages are not actually
+# shipped with the release.
+# SPL-203200
+CVE-2021-28092
+# SPL-203205
+CVE-2021-27290
+# SPL-196809
+CVE-2018-11777
+CVE-2016-3083
+CVE-2015-7521
+CVE-2016-3083
+
+# Marked as fixed in the next Splunk release
+CVE-2021-23358
+CVE-2020-25649
+
+# Fixed by Apache Spark in versions 3.0.3, 3.1.2, 3.2.0
+CVE-2020-27216
+CVE-2021-28165
+CVE-2020-27216

Makefile

@@ -7,8 +7,8 @@ SPLUNK_ANSIBLE_BRANCH ?= develop
 SPLUNK_COMPOSE ?= cluster_absolute_unit.yaml
 # Set Splunk version/build parameters here to define downstream URLs and file names
 SPLUNK_PRODUCT := splunk
-SPLUNK_VERSION := 8.1.3
-SPLUNK_BUILD := 63079c59e632
+SPLUNK_VERSION := 8.2.0
+SPLUNK_BUILD := e053ef3c985f
 ifeq ($(shell arch), s390x)
 	SPLUNK_ARCH = s390x
 else
@@ -26,7 +26,7 @@ SPLUNK_WIN_BUILD_URL ?= https://download.splunk.com/products/${SPLUNK_PRODUCT}/r
 UF_WIN_FILENAME ?= splunkforwarder-${SPLUNK_VERSION}-${SPLUNK_BUILD}-x64-release.msi
 UF_WIN_BUILD_URL ?= https://download.splunk.com/products/universalforwarder/releases/${SPLUNK_VERSION}/windows/${UF_WIN_FILENAME}
 # Splunk Cloud SDK binary
-SCLOUD_URL ?= https://github.com/splunk/splunk-cloud-sdk-go/releases/download/v1.7.0/scloud_v4.0.0_linux_amd64.tar.gz
+SCLOUD_URL ?= https://github.com/splunk/splunk-cloud-sdk-go/releases/download/v1.11.1/scloud_v7.1.0_linux_amd64.tar.gz
 
 # Security Scanner Variables
 SCANNER_DATE := `date +%Y-%m-%d`

base/debian-10/Dockerfile

@@ -19,7 +19,7 @@ ARG SCLOUD_URL
 ENV SCLOUD_URL=${SCLOUD_URL} \
     DEBIAN_FRONTEND=noninteractive \
     PYTHON_VERSION=3.7.10 \
-    PYTHON_MD5=0b19e34a6dabc4bf15fdcdf9e77e9856
+    PYTHON_GPG_KEY_ID=0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D
 
 COPY install.sh /install.sh
 RUN /install.sh && rm -rf /install.sh

base/debian-10/install.sh

@@ -38,7 +38,10 @@ apt-get install -y --no-install-recommends curl sudo libgssapi-krb5-2 busybox pr
 # Install Python and necessary packages
 PY_SHORT=${PYTHON_VERSION%.*}
 wget -O /tmp/python.tgz https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz
-echo "$PYTHON_MD5  /tmp/python.tgz" | md5sum --check
+wget -O /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz.asc
+gpg --recv-keys $PYTHON_GPG_KEY_ID
+gpg --verify /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc /tmp/python.tgz
+rm /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc
 mkdir -p /tmp/pyinstall
 tar -xzC /tmp/pyinstall/ --strip-components=1 -f /tmp/python.tgz
 rm /tmp/python.tgz

base/debian-9/Dockerfile

@@ -19,7 +19,7 @@ ARG SCLOUD_URL
 ENV SCLOUD_URL=${SCLOUD_URL} \
     DEBIAN_FRONTEND=noninteractive \
     PYTHON_VERSION=3.7.10 \
-    PYTHON_MD5=0b19e34a6dabc4bf15fdcdf9e77e9856
+    PYTHON_GPG_KEY_ID=0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D
 
 COPY install.sh /install.sh
 RUN /install.sh && rm -rf /install.sh

base/debian-9/install.sh

@@ -37,7 +37,11 @@ apt-get install -y --no-install-recommends curl sudo libgssapi-krb5-2 busybox pr
 # Install Python and necessary packages
 PY_SHORT=${PYTHON_VERSION%.*}
 wget -O /tmp/python.tgz https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz
-echo "$PYTHON_MD5  /tmp/python.tgz" | md5sum --check
+wget -O /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz.asc
+apt-get install dirmngr -y
+gpg --keyserver pool.sks-keyservers.net --recv-keys $PYTHON_GPG_KEY_ID
+gpg --verify /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc /tmp/python.tgz
+rm /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc
 mkdir -p /tmp/pyinstall
 tar -xzC /tmp/pyinstall/ --strip-components=1 -f /tmp/python.tgz
 rm /tmp/python.tgz

base/redhat-8/Dockerfile

@@ -28,7 +28,7 @@ LABEL name="splunk" \
 ARG SCLOUD_URL
 ENV SCLOUD_URL=${SCLOUD_URL} \
     PYTHON_VERSION=3.7.10 \
-    PYTHON_MD5=0b19e34a6dabc4bf15fdcdf9e77e9856
+    PYTHON_GPG_KEY_ID=0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D
 
 COPY install.sh /install.sh
 

base/redhat-8/install.sh

@@ -29,12 +29,15 @@ export LANG=en_US.utf8
 microdnf -y --nodocs install wget sudo shadow-utils procps tar tzdata make gcc \
                              openssl-devel bzip2-devel libffi-devel findutils
 # Patch security updates
-microdnf -y --nodocs update gnutls kernel-headers librepo libnghttp2 tzdata
+microdnf -y --nodocs update gnutls kernel-headers librepo libnghttp2 tzdata nettle
 
 # Install Python and necessary packages
 PY_SHORT=${PYTHON_VERSION%.*}
 wget -O /tmp/python.tgz https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz
-echo "$PYTHON_MD5  /tmp/python.tgz" | md5sum --check
+wget -O /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz.asc
+gpg --keyserver pool.sks-keyservers.net --recv-keys $PYTHON_GPG_KEY_ID
+gpg --verify /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc /tmp/python.tgz
+rm /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc
 mkdir -p /tmp/pyinstall
 tar -xzC /tmp/pyinstall/ --strip-components=1 -f /tmp/python.tgz
 rm /tmp/python.tgz

docs/CHANGELOG.md

@@ -9,11 +9,14 @@ We will no longer be releasing Debian images on Docker Hub after Spring of 2021.
 
 ## Navigation
 
+* [8.2.0](#820)
+* [8.1.4](#814)
 * [8.1.3](#813)
 * [8.1.2](#812)
 * [8.1.1](#811)
 * [8.1.0.1](#8101)
 * [8.1.0](#810)
+* [8.0.9](#809)
 * [8.0.8](#808)
 * [8.0.7](#807)
 * [8.0.6.1](#8061)
@@ -54,6 +57,33 @@ We will no longer be releasing Debian images on Docker Hub after Spring of 2021.
 
 ---
 
+## 8.2.0
+
+#### What's New?
+* Releasing new images to support Splunk Enterprise release.
+
+#### docker-splunk changes:
+* Bumping Splunk version. For details, see [Release Notes for 8.2.0](https://docs.splunk.com/Documentation/Splunk/8.2.0/ReleaseNotes/)
+* Switched Python integrity check from MD5 checksum to GPG signature
+
+#### splunk-ansible changes:
+* Added support for setting `clientName` in `deploymentclient.conf`
+    * `splunk.deployment_client.name` in `default.yml`
+    * `SPLUNK_DEPLOYMENT_CLIENT_NAME` environment variable
+
+---
+
+## 8.1.4
+
+#### What's New?
+* New Splunk Enterprise maintenance patch. For details, see [Fixed issues for 8.1.4](https://docs.splunk.com/Documentation/Splunk/8.1.4/ReleaseNotes/Fixedissues)
+* Bundling in changes to be consistent with the release of [8.2.0](#820)
+
+#### Changes
+* See [8.2.0](#820) changes
+
+---
+
 ## 8.1.3
 
 #### What's New?
@@ -64,7 +94,6 @@ We will no longer be releasing Debian images on Docker Hub after Spring of 2021.
 * Updated Python version to 3.7.10
 * Bugfixes
 
-
 #### splunk-ansible changes:
 * Bugfixes
 * Documentation and CI updates
@@ -123,7 +152,7 @@ We will no longer be releasing Debian images on Docker Hub after Spring of 2021.
 * Releasing new images to support Splunk Enterprise release.
 
 #### docker-splunk changes:
-* Bumping Splunk version. For details, see [Fixed issues for 8.1.0](https://docs.splunk.com/Documentation/Splunk/8.1.0/ReleaseNotes/Fixedissues)
+* Bumping Splunk version. For details, see [Release Notes for 8.1.0](https://docs.splunk.com/Documentation/Splunk/8.1.0/ReleaseNotes/)
 * Set bash as the default shell
 * CI bugfixes
 
@@ -137,6 +166,17 @@ We will no longer be releasing Debian images on Docker Hub after Spring of 2021.
 
 ---
 
+## 8.0.9
+
+#### What's New?
+* New Splunk Enterprise maintenance patch. For details, see [Fixed issues for 8.0.9](https://docs.splunk.com/Documentation/Splunk/8.0.9/ReleaseNotes/Fixedissues)
+* Bundling in changes to be consistent with the release of [8.2.0](#820)
+
+#### Changes
+* See [8.2.0](#820) changes
+
+---
+
 ## 8.0.8
 
 #### What's New?