From eef4328cc456918c63c89896ca476332d59c3b02 Mon Sep 17 00:00:00 2001
From: Sergiy Markin <smarkin@mirantis.com>
Date: Thu, 24 Apr 2025 19:14:23 +0000
Subject: [PATCH] Images updates for CVE

This PS updates images during build process to get
rid of the CVEs and bumps up helm vertion to
3.17.3

Updated MAAS to 1:3.5.5-16357-g.51588a151-0ubuntu1~22.04.1

Change-Id: I5a593f2770d681943f8cb06ccf7ea50192c23974
---
 .zuul.yaml                                     | 4 ++--
 images/maas-rack-controller-jammy/Dockerfile   | 3 ++-
 images/maas-region-controller-jammy/Dockerfile | 3 ++-
 images/sstream-cache-jammy/Dockerfile          | 1 +
 tools/helm_install.sh                          | 2 +-
 5 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/.zuul.yaml b/.zuul.yaml
index d02178b..b4cb5b4 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -168,7 +168,7 @@
       flannel_version: v0.25.4
       metallb_setup: false
       metallb_version: "0.13.12"
-      helm_version: "v3.14.0"
+      helm_version: "v3.17.3"
       crictl_version: "v1.30.1"
       osh_helm_repo: ../../openstack/openstack-helm
       osh_values_overrides_path: ../../openstack/openstack-helm/values_overrides
@@ -180,7 +180,7 @@
       osh_params:
         container_distro_name: ubuntu
         container_distro_version: jammy
-      HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.16.4-linux-amd64.tar.gz
+      HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.17.3-linux-amd64.tar.gz
       HTK_COMMIT: 49c117443391cec75e0bd52bb4a9d033325927ad
       OSH_COMMIT: 49c117443391cec75e0bd52bb4a9d033325927ad
       gate_scripts:
diff --git a/images/maas-rack-controller-jammy/Dockerfile b/images/maas-rack-controller-jammy/Dockerfile
index a7dc487..d035e5f 100644
--- a/images/maas-rack-controller-jammy/Dockerfile
+++ b/images/maas-rack-controller-jammy/Dockerfile
@@ -18,9 +18,10 @@ ARG no_proxy
 ENV DEBIAN_FRONTEND noninteractive
 ENV container docker
 
-ENV MAAS_VERSION 1:3.5.4-16349-g.4dbbed5f4-0ubuntu1~22.04.1
+ENV MAAS_VERSION 1:3.5.5-16357-g.51588a151-0ubuntu1~22.04.1
 
 RUN apt-get -qq update \
+ && apt upgrade -y \
  && apt-get install -y \
         avahi-daemon \
         isc-dhcp-server \
diff --git a/images/maas-region-controller-jammy/Dockerfile b/images/maas-region-controller-jammy/Dockerfile
index 683cf76..fd8b90a 100644
--- a/images/maas-region-controller-jammy/Dockerfile
+++ b/images/maas-region-controller-jammy/Dockerfile
@@ -18,9 +18,10 @@ ARG no_proxy
 ENV DEBIAN_FRONTEND noninteractive
 ENV container docker
 
-ENV MAAS_VERSION 1:3.5.4-16349-g.4dbbed5f4-0ubuntu1~22.04.1
+ENV MAAS_VERSION 1:3.5.5-16357-g.51588a151-0ubuntu1~22.04.1
 
 RUN apt-get -qq update \
+ && apt upgrade -y \
  && apt-get install -y \
         avahi-daemon \
         jq \
diff --git a/images/sstream-cache-jammy/Dockerfile b/images/sstream-cache-jammy/Dockerfile
index b96da10..be0dd5c 100644
--- a/images/sstream-cache-jammy/Dockerfile
+++ b/images/sstream-cache-jammy/Dockerfile
@@ -21,6 +21,7 @@ ARG SSTREAM_RELEASE=jammy
 ENV DEBIAN_FRONTEND=noninteractive
 
 RUN apt-get -qq update && \
+    apt upgrade -y && \
     apt-get install -y --no-install-recommends \
       apache2 \
       file \
diff --git a/tools/helm_install.sh b/tools/helm_install.sh
index b7b771a..2fa6ae6 100755
--- a/tools/helm_install.sh
+++ b/tools/helm_install.sh
@@ -17,7 +17,7 @@
 set -x
 
 HELM=$1
-HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://get.helm.sh/helm-v3.16.4-linux-amd64.tar.gz"}
+HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://get.helm.sh/helm-v3.17.3-linux-amd64.tar.gz"}
 
 
 function install_helm_binary {