From 53c3a3c970822f7f4c822af2976fb4b8ada63e01 Mon Sep 17 00:00:00 2001
From: andyzhangx <xiazhang@microsoft.com>
Date: Sun, 19 Dec 2021 07:47:13 +0000
Subject: [PATCH] fix: CVE-2021-43618 in Ubuntu image

fix chart
---
 .github/workflows/pluto.yaml             |  26 +++++++++++++++++++++++
 Dockerfile                               |   2 +-
 charts/latest/csi-driver-nfs-v3.1.0.tgz  | Bin 3505 -> 3509 bytes
 charts/latest/csi-driver-nfs/values.yaml |   3 +++
 4 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/pluto.yaml

diff --git a/.github/workflows/pluto.yaml b/.github/workflows/pluto.yaml
new file mode 100644
index 00000000..57bc7a5a
--- /dev/null
+++ b/.github/workflows/pluto.yaml
@@ -0,0 +1,26 @@
+name: k8s api version check
+on:
+    pull_request: {}
+    push: {}
+
+jobs:
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    # https://pluto.docs.fairwinds.com/advanced/#display-options
+    - name: Download pluto
+      uses: FairwindsOps/pluto/github-action@master
+
+    - name: Check deploy folder
+      run: |
+        pluto detect-files -d deploy
+
+    - name: Check example folder
+      run: |
+        pluto detect-files -d deploy/example
diff --git a/Dockerfile b/Dockerfile
index 04ca3c23..f9f5590a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -23,6 +23,6 @@ COPY bin/${ARCH}/nfsplugin /nfsplugin
 RUN apt update && apt-mark unhold libcap2
 RUN clean-install ca-certificates mount nfs-common netbase
 # install updated packages to fix CVE issues
-RUN clean-install libssl1.1 libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0
+RUN clean-install libssl1.1 libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0 libgmp10
 
 ENTRYPOINT ["/nfsplugin"]
diff --git a/charts/latest/csi-driver-nfs-v3.1.0.tgz b/charts/latest/csi-driver-nfs-v3.1.0.tgz
index 9ac82022d7555ba9f9ac947ac01152b24b542559..ed83d9948e4bb0e07826f603f5b1d54f4da2ea3b 100644
GIT binary patch
delta 3423
zcmV-l4WRO|8?_sdcYm$$kVqshi^c8_i{C;H74;)Y$0&V1P|f`jkvf==n7w+s(rUF@
zJ6l`!|5mG2{lC@T>AY%hwYT4I?{r$7_pe&*t=8t&D`-8T3=2!DG?A}bj~=T!xo@P9
zgnmY;sNh`~w>^?1)31zZRN9MBg_0)PKHKjd!SRP499WZqfq#(jQ`$$#QKRxWiLnc1
zlk&#X?l*&W(DGh-#_Lin75^U-mZExM09fMxTU%SLs{eQ1Z?FCTISP%*5W5}#03Rs#
z!4!#!P*e*!=|UXJAf}-dN(^)minw|Cy=sPvHu*sLp`z1PnhdA7kv~gP#!dyJ;iL;k
zgJYpjB`V~uLVu{}sT5;s5CUcW@R#4KU>M4Pil(ANUuhx95Y700GHY9wVcZEiL1#4?
z7#$-=rB0>j<Gn=4TPCLEoB-QFYc&D5h|mG*84jt^lH6YtrjOi_W!}r2NL#Cj<SCS6
z8sc6Uij-?3N+^+N?1Gjl!Up^@LT*35gRCwPS6RUoWq%C%m^F#)7BLZN06o;81q=vN
z2y|c`!WH56VXDx4mmscqV8#<%OTidQx1Cr!n?Caufekn&F@hLCFOwh>*K}7HUP#k<
z<ax4B!s=8!0JmkCeads%>lPmdp`wA&Iu)K*5NcXyUO3M#8KWUlT`(3XQ+~of5v9#!
z?CiZ-n|~W2VS02br0zoJe|NS`TPB7dag3}B+a7=x3?(reaptH#T;ik)4ZHYKFbpoI
zo3SyH*pAxBmRuyJwUAwC99~nURsI480}OQ+8pom+jxb6YHdg9Cn{~nn$A^w0QHfNB
zm`$l35EzZAE}&DGq+MuFzs49_|JZ7^KILE}@qf=0)qJB?JlCv~x2i>g6~}Hra_j>7
zt~g@n5hHqLN$1VjJoNx#a{V(WV?r6}GjwB@O>qVL-K@9RTKlLN!HcfLVle*OTEgaI
zEMb5|r_!n!xmoWIy&t7WlYDP*khK&YH#Xo52Plz;XfRlCG~gQxiJ&l)s8t5d29M#&
zY=0qU3!;1oHV9Fs3yFg+jI>Tvx7jR%O(a6q)I?n>gF6E{OeOk>h%ELJ%275=f4=R^
zPb3`^jrm?UX?hzQo_%$iGS+hfb>X+)y$$fQDK)aDrWYr2;~#%osl@*p<HW{q&Eu2v
z!(O1T_2b7_cK+Y&Y*pg_?d{E-b^QMv1%J**SUuHK1w+)@cxHqN6BCS#>)HS<WT}ZM
z0?#`a5RNdsthP=>q(Et+Q}qrKhD4!>fx4atU_3h141C{soJvTDyEiuwoT0539OqBr
z_SVSYI`e&n3_~sCZbQ17bFJX^wgJ9>MRYiNX`OycWugCHjF2TLRiKl{QUOc+zkl6&
zzg_YFovqEywf{dyxw&b+g)xo0piskrGSrg<cVnZLaD-iW+q}K?JX`JXIw3p)Jwm%-
zn!}g*99quU*1Ng!A;JOW2n`b;m}(91XKzT#Gz5-iwr(4Ic8rs$c``;RX@u~_oX&U%
zJDc_+jeF@}K(C?U&pJaM+0RZiMt}Oqls#;Ykj1lr5^Cjg)m>-qvk7cSl2i^jlq*em
zXkvppz^QE$6HbO0`Ta?yRen%i)G!M|Zf+p=!lDv`h3%#Us~yehc5lk#X3dON0yS#d
z#VS?JCgabZ<SoD0ldM7G#{V>+anZ1S6_o$d#=9<$E(`I0p4oUXE4&2%-+ynmEBN1O
zZFkoA|18D#eeaU;s0#-+)Qgd8ub31fNurwLwilx&5z%CJ0yKb;p?ASZxPz0dmJQ}y
z)w&qZySV|%LzYGrU=H95P#z)I&@uH?f|k9TQET<1=kJ{adD!UA!m)`BKTgr!6p|#%
z=aKtF*2`26E6Bd%dbr160Dt*ZO)*$Y2h$eS^Xshlxs$DtPK#ej%oewviuwJlqa59*
z4@N@iW7JndUS|9+Y!vueAWRA1h><<s$CiTS1N+5Mtq{?ih>p0*S%rOfj`%>O(!WqW
z`i~nXt5{~BkE`ZZeqB)HOl&S9?3I?^l=8+YR2LZK>Gkw|Mc+lknt!plg(WTbCk4YU
zIMTJ$CGu$6D3Mf1swex5DCK6RCQ4)MXGbePlvLA@FuT)UQ9Y`Yr@*YuCS9W23I<SF
z>A5wYGAISs$S+WXb!nE&=CV+tXktN`!wqH`47k1RE~~A{Fbi3xej|qkxtwebf4tji
z%suptv?PioDz*Fi&41p(!P#N2_gzgzh9pAiTMMCr7i%CNSBG<|$hs@N1F$L6F4%ln
zsA!->cv;obX(89LOaZgJOc6W)#)73WezIAXs(jY%PKh2lIVuu5>5W{d{h2oc6p2@B
zs1?L00c%#VA})LZp4nErQxrH?TF&MA<s{i1=2K#SmswA_@_%Z^Q#O-D3+HNDseMgj
z6sg|bRC5&^?d>N*>fL&9FN-*%$;->@dK>R{?qxgWz8_*bcNm8$i!JK`rc;u3spas2
zTE$$<*1N<=OqF@lP#C5bi3Qhqt;>o@Bpp+RLyV@W!dVGPLi&_ZO|ha+01`!A_^r|V
zwRf?1@agEd@qc@%0%1&Co#ve%s*o_^uGUmWS-$pWR*P1=9y9&%A`{J$I~5IOt;}9Z
zqutkUj!zB_FOClC@DzEJ2+H;D>o@zoql?4igVU3v<MX<z?zmyrxG0T#nnyw_;c+HT
z9Ugy>BCf6sz<?r)&TugQCVS@$-9%u4nY7uSYez0lv44I$NIAXkHk*sU#lXef0!_DJ
zmqdFUn&hzWYW!7smq?*SC|DQH_fHG&7Tkrf3L=!H63<5x)kv_&B?4z<q;>Km>Z)!N
zhaC&VuoJC&M>*A$umfad(!)^jNOfVeRjQMr^7M7P{5nBNMO5E-IU*(^QocpMC8#(i
zvdL)QW`C;~>ZWN}TV0BT3^QkM{6HfrUF<<v)k&UnJ2$a<JrX+|)r5o#Rb$QyR&1}v
z0+#AYPZI3HfmMr;leuAQXN+;8CkIq^;pX-qpRD@|WhwvTUQ#{~UyJ`~ZC3C9c3Ru5
z&YJ&uj#8w0vioFNO20X7XUx!k@5tr$?k0iCJAe3;vLRZNaCC-$rc|0}D!&5d;N>G7
zU^odGei9K*FNvHQk(729<SK{q?7l)!b6LSc*Fcr7FMOa3z2Y(ar8WNdDog#}#6gd|
z4}7=(w_EQ!?MnXdeP^e&_W$Q78*o0N3Vz-D^wDPj@*q?}^)e~^H-w62k1fBJuyjZ{
z?0=mef$0B%p;q1o=n>ICBm&0}l_GKiT7XQsy(ds;HW1Pt@iO+AU@UkKA3#1^3;nvZ
zbDBg%V^2$>aX4`(Wg;ochd<j_dBjt_Iad|4{63GhT;y|B?C>G%bwv?hi?^-}^9?Z8
z8z3YdQcjqqrbEHG3%%h=q%49yLSKqY<bRfK6{#-v0m|Klxi5!(KL&b^>$O^bHkS8a
z%F<aS|10@9JM#xKb9esO;4ZFi{&MY7?yjcEyaC<8Tj2E!o$?ZjI3_%r=Yf1!;nx&J
zgUC*^(^|$YeRJa7ef{R(?CA61*~Qu6j~Bg@{huyQ_s;+GU2QM1h;X;QtBOB9kbfE3
zUg~UR%f7DzK1K}-`MtV^3z9E$<bsVcrctc>x=4IC+D||KaCl)U#pAtChtEbTuE6uw
zc)+tF$*gf{dGGF`SoNW(R5SB?W(~dpj{iw>8pgL_8S(FSy*1_kx2F8>6`HKc{=3Nj
z$EDJ~GNis#p5cB#eE%dtty1onAb+Ua!|%!%oXCB9<LKoR77v-{MgCKzmBxTYJMumG
zpN0IN?32)cnoFQd`2WrJW|jYMZ*|&h{_i<Tg|DgJtaCT`{M%d4_kFMO$3h%)*DE!t
zq3Vng6%f}LR=($#f7JcN<eibY@=JlzT&*C58D_~2N9vpjhNb!1+9cH@A%E##*4+wu
zk~{gy(uDC^n?Q&a@6_3!R<ArQnKFmBK9GdkT!%8zXcmMPaQ(MNGR>o8IGt4*qwL!X
zL)49T&|p;A|LxDG%m=3y^C>bIg|^)T1`HXY@yeq*nze4Ma%!q><g7->h*B%gbHzE~
z7`c9c=CawmgGRDwxaHFd6@N8*@sm#IQ5}Xt$cXZy2h@#W{q{+eHoKu-aLpemk0>90
z4G*ncc=h|)P%GyQQkM&HE?SF`v+esn*ti-x8Z61qJM)0{aCCyH72Kid65PJ@&bBVA
zluG;;jF822$c4nG8)Mo1kL}LR+~0rNTL1m0XDJ(SO0;o$`-=^?@_+7+GxSr+4Ddlh
z!b>tl6?j>)Sfz<2GeC`yF&Hw@cj-yWhwnflBbtuU9(M}Q36H!D;OLH~@FtNspw}3=
zwAX)q7r+T;6Z>}~5+{;5)B~d&11~t}UG%h&=xxBhh-1Ow^L`H^DwP)usczbTo%mkR
z|4TOQzxjjFuxb9uzgVg<Z_YaElkhT4Z1!7uZv%CecyEI~x%A!!I!?T||L1MMXCkRc
z6&xKLDlbT+Fc9wrG(ysJ^`!X23&tuG5jNM@w=V0lF5f`;{{R30|Nji5dA<Nv005oC
Bx^e&j

delta 3398
zcmV-M4Y~5Q8?hUZcYhP%!Ip^I0@(dw@mo-#qJAXl7^Tk#s<}TRQU?<fvsX`-TCG-V
zXKTy;Z?#(0|E=~;=T&>Fz1`kycedMGuUhS`R;Tp}T2Cm$!jvja<g3=B`>GD^8%ZRg
zpHV6*co)WPk0i<TD<c|}_99fFq=~lA_IpQg{GkU2R%KuyB!B#p_EB=ws60+$>_S<k
zyz#X8&7d8$yq6yFIu%pJ{>Ox+sGb-Ame~K+R;yLD|IYUI+Wwy-(U=Ue>j41pfpQ;A
zl9&iZwUCo8#Gwpg8cLzWKnJ0So0mVTW~gYB50oD&I<2M2aEcrGvm|BgR4^J&x^Of&
z7W!18LhcHLihrI;F{TC~P}X;U`J)Pkp$w>KDmwI)7Lp9n^zSFLx@8&0ouCtRR+E9z
zF>+MuREj>{ON6{;VrtF_upP8k6M%~d9iX1!kSZ<7{b$0oksGqiTbUDSYZZ|^g>p<o
z+zUgIa&1HjB@&HY&@x5XfZs;Q?dNxpl?CDoE4ZSJL4O~!Dv{kHCL#@>hZ?ki0bvS(
z4$MQiBHTVq6`Jo7#1#)re}Zc%7(?l{6RT&_XTBn^0mmdp5CiCC5@h0<<_g^lX&R3_
zPxeVz9f}9wwk)$xd4*1=8S|Zcc1aiwiRyyUFq!fb{)s4UgtepdYISOagz3?#kh%+<
z|J~U(b$^){e#9}dE^K=MS}>HvY_ypn`f!PpE;Q`oO2II=oNl&831Zu8BU@6DnA$>i
zp>cRkl~#EM4h9(NE;NosFC1Z%GHk5Wem3fa5snY-MWPa^3^5y0y}>gYQ(ZuxFiE@6
zo_>unw)(%-YJJMVM&jQos`*N-c&=I}uT^X5D}VOgeq`STbX~E>&LevC%#zNlv3cqN
z#N_%{PR4{X(r4)UF00}S`ny@Lv9<b9QGyp;hs9v~uhoRj$7sR;iB6@RX5?nQKlFZ<
zB29AacaY_|y`x)%#2{2OFnbOap0}|9XE;EKJVb-Bf};V~SV#ngp+v1R=rwo?S7wVa
zTYn7YL$FSUGEGPvbYY}*qPopy8EhgEs-`CDQW@MC&|xakPef#~mr#zfY1;E`V}2s(
zm}t!Rx=GX9*zj!DY06m73Dku@{`5A$&xX{<s+v}u$c^v*G*a>ZHO7hc-<roK=ZC#O
zU+c&BvF!Z6+1aZ2|J&Q0&f5Qfjs)i;tbd;Bse&PDZ7es!goz18#<Z=27P8d%9D(PZ
z3kXLTURG--B2u6<(W!a|2}7dL_()yP127gJY6iY<EK(&T#NC@42+q)!3y$-raC>WH
zaE<xCLWZFha<?H}$+=o^d)oltzalyuz4V-ZOKG9~UyP6?C{>`7$5H`H?7!W5zgu0g
z|DCP&`?dW)N4mLbzJ)Q3yP#0RfHKsR1b1UIE#U~e@V0q->v^`=;dMfI1bT#aLp6sl
z^EtGfu`PFV<3of4$`KmIfiT4y;LmbM$}|LyWwvG;e0GeJDU;0v8Gjl>9@)=MG)DT!
zls#;Yki|2H6Kdsh#a(0WvvGV#l2i^rlq*emXncn{z^Sbh6HbO0`Ta?yR(?=jR55c>
zZf+pA!r~+b3+qh@R@<AK+r24|n^iNj5~xwrE>@{%HW+{QB(M3!o^%ZwH~yyqjf;kD
zt1$U5t-R~>=(G_3=YN@x2eZOU@c;d0yMq6n)^=-+|Id<q-}f#lkGgPRUA-8&_KHCv
zk|e4*ZhJ9m5)n;iCqx4n8G09#ggZFNN?B*l6|M8}yqg=KJY;E90p<X{0Ob*K4INWX
zC1}~Z8TD4*d!Fwk$lXSFR*sEt_;HH%CXpmrK91ZbvR0<^uz!N=JFbO$bOw+Q)g*(p
zbTF+^J>Sk+pF8;)>9qKr#B6cxshB^`8p_dq`d}oKK1O{d<YmVH!bX9g1;Ug7ju_eF
ze{3mOKCoXL)d~^KiRg%{oORfD=ZFtfD*YSPqyM;WvVvs>`nalY<?O;l&cx;-!d_|l
zO)77kLUn;ro_}6X^DFaRRIC}xTUgR^dr~m$f+J;1O(Kt`l@dvXq<XT?h*EB3YN9m8
zes;9-LrFCa39~!x71g6Uc?!(iY|te-uAl&wm7ZJUDZ^4=mHYyASQlo=bS`rxiYgYA
zIo@Cv!GPP_?y}OF3^SKyYBzFNkju%|@W;EI#@s{SNPkPBNTO1^uixw)9Go5YdOy?@
zWJn^EzSR&ac(DZXakV=)6<KqoJOCRq?ShSmg^C7BgqPJ>IxWOnmQBDcE>i>#fU#g{
zjGt_jr7E8_yHlb^PL7I%PI@C3YJX;p07YWfDryBWO2C>GtcVL=fM>eZ?i2;iCoSiC
z{c@1(4uAD2vBS%>r(Ae7<teMlqJ?uMt<=7zF^W|0ZmPKgju!V5A@y!OxR*to(dgyn
zb*+teJNMF^a@!A4oja7nq{W)`0M#i;yHs=dK&_%KX6s#|B&Nu`YA6g-i^PI!yw>H3
zNhBRphC_^|p~6`TNkaORQBAQjp8zC^y6{J%_kVluV(;M7(Q)I?QUSu4xH`=nKU5)M
z#9gha^s;>I&8QZwcs*wN<3%c(1%E0tl+`kODUEhtzd1fRIJ`JIsKZm_Q6ebUyRYBu
z_l_<Oj}J~yj*idkin`;5S>vKK?rH7`t%S#!ICXgZL5jG#G5`aLEIPx%d`_0<6y11W
zfqxma*`8~AE)KDNJ4iXb?lzl?z{SAD+yYIvVHae39Gc{??@Ihr$xEcrA{49(=liFH
zyajh5>;w_YQi<myiE1QR<N}4WG}1cx8Fh7T6NeoO#IOUc%cGoXO4tE1GU;I`c%-_p
z*(#OEP<fi&E@vkwsfg+;FGs{gM9R15w|@i`$3!+6?b~P;L)|nLYl};fkYQ%*jh|>l
zrSm-qs~X93Zs*2VuSa4xM>Q_t!l^N51uM2!qXA3jNly~&!hxL@At!U)){YqCL{AQ=
z?843McOT4qKw8TGxJ=3i;%o6gt<CEF-%e|5XJ^g-JVz>0J=uM-EacxDw=-sFzkhe+
zVtaR!K;<2LO4$&tNjN&gzf&rWH<e$Ja`5tz4ltaA3_pnor<X`hjYvwn3v!i1d3K*6
zsJYBwp=+Q@*Bd@ihF<X){?ar4?@CMU-}pg~ybpZ0{kL21JMBvR?|o-$Yi<9}kv8Cb
zL>2tL_vxdJ{^d@ng6d^b_-_am&3_(Sel20?kaE~NJp$4H3q!5E4bUT^fk*_7Au2`W
z1hfE|a(hppP;DTjJ>q5TGr?H!9zKA4wi^0%Y3DSFh{m3lMB{McP|A2xln;NkS-Hnk
zy;)Zkvz(v%TF&!1D>nEL_PR0=UyHY{bn^``)*B!s9a2u1rKUr{xpTeYN`Is*f<8iD
zic92{ZWXC6wgJlBg}E<>eLn_zj_b9v{A?`mcgoV)N&YVRIXm(PGjn&oY;YG>H-Gtd
zDR);>WnO{q;4ScahE913MH~|z&GSG$tnfBPQ6aL^?6j0IOW&M$cVE9bI6L}$cy@7i
z`13{YWdE0o)4lWm{7~CUEPo>0t#7Jgj}K%<wwD@PS+nnJfRCAmh5TM!#Rb8aIdZ}J
z7*j9SeO)BJ>+P3ce>%Ldl;ZK;r^9C>6<6SSYb@Ydkz`i6w7hpWQ7rmURH_;IJ);KS
z0LTBNF%4teu#EV3yWX1e|5sD~_i|0vWdB`c|KmbwUl~$gD$Z~}Ab-Apkf3%_?iV1a
z+r#gQ7@Wv`d*kTk0~QY%=SBW1(@K57q8<63{Le!EPxeXZKg}i3CH((pd$Y>_x3^mB
z_y3<IRrs3f%{q63&%eF(eBbvfKNjMcyI!eE4OM59sDQXevGP5?{8IN5lXphq%9{eE
zv06b2Bg}#wj?_6541Y`GwWUd_M?%tnthp89BzN+Yr2*r$HjWT0-l?;%UaveXnKFmB
zK9GdkScfv+Xy$|#aQ%-)GL55TIGq(5qwL!PL)49T&|p;A|MvAM^TADv`4kz9LR;?v
z9fpk1c;#Ll&05!2IW$$*b5<f`M5z_Wx#E~`j9fop=CaYegMUV{sJrFE3Kcbb@sked
zQ4NMd$cXZy1=RIn?e<9~ZFWPwV46Qs9#KC08Wvi)@ap%ou2zm2q%IcXOtcmwXWRFE
zuyHkXG+2_Icjf`@;phZYEx2Q%OK|(rJKH*~k}CdRFhUm7Ar}&#u8(E+KejtNbHD$z
z*<Sm9&yhCZlz(Vr^!AMnxAN}C8~Q0_2KXQ$;UyWO3cM^>tkT4i8K6eU7z~-{yYM9C
z!*?K&5lzQvk2{6ugh$>6aCApgc#}vR&})ob*z3Q32;hXXiTz!P#EE1M^}r~{zzYs~
z7d<T`dK<7W;#hF_yx)U}O63JZs+;z&6W<H^|H!8On_oW|4V&gq{#A{6bJkFwgqLYz
zqu<JV8>p+qdmHr0rS~?_apJxGKW_s*6G=s?;OO8`c|jtDfp{;V5t61WC&gc0Fjk?6
cu(`&*by}x&`UcYf2LJ&7{~hY*DF9Xg00a!CzyJUM

diff --git a/charts/latest/csi-driver-nfs/values.yaml b/charts/latest/csi-driver-nfs/values.yaml
index de9e1334..a143393e 100755
--- a/charts/latest/csi-driver-nfs/values.yaml
+++ b/charts/latest/csi-driver-nfs/values.yaml
@@ -24,6 +24,9 @@ rbac:
   create: true
   name: nfs
 
+driver:
+  name: nfs.csi.k8s.io
+
 controller:
   name: csi-nfs-controller
   replicas: 2