v0.13.0

0.13.0

What's Changed

• make the dockerfile stand-alone & update container call in #1507
• language check for mystikos in #1512
• update mbedtls to v2.28.7 in #1519
• Create parent directories of mount point target in #1521

v0.12.0

Changed

Changed the Open Enclave layer to use OpenSSL 3.1 instead of OpenSSL 1.1.1. This is because OpenSSL 1.1.1 is at EOL.

• This change requires us to reserve 2 MiB of space for the Open Enclave layer to use as opposed to 256 KiB it used with OpenSSL 1.1.1.
• Note: this is also unrelated to "MemorySize" configuration, which is size of Mystikos controlled memory region. You will not need to change "MemorySize".

v0.11.0

Security Fixes

• This release updates Open Enclave SDK to its latest release. There are two CVEs mitigated in this Open Enclave SDK release. Please refer to the security advisory for more details.

What's Changed

• add myst syscalls to strace groups in #1464
• deprecate Ubuntu 18.04 in #1468
• musl loader updates: relr support and relocation of init_array entries in #1473
• update package mode signing engine samples in #1471
• update openenclave to the latest version in #1482

v0.11.0-rc1

Security Fixes

• This release updates Open Enclave SDK to its latest release. There are two CVEs mitigated in this Open Enclave SDK release. Please refer to the security advisory for more details.

What's Changed

• add myst syscalls to strace groups in #1464
• deprecate Ubuntu 18.04 in #1468
• musl loader updates: relr support and relocation of init_array entries in #1473
• update package mode signing engine samples in #1471
• update openenclave to the latest version in #1482

v0.10.0-rc1

What's Added

• Print stacktrace on SIGSEGV exceptions in #1402
• added strace filtering features for syscall exclude, group filtering, and pid/tid filtering (#1408, #1412, #1414)
• Add syslog level configuration and add info logs during startup in #1426
• Add thread tracking extension to myst-gdb in #1418
• MYST_RETAIN_SYMBOLS env var to retain symbols in #1449

Fixes and improvements

• fixed signing engine implementation and oesign call in #1428
• fix memalign error in debug-malloc in #1448
• Fix broken signing of EXT2 rootfs in #1456

Security

• update oe version to the latest 0.18.5 in #1459 for CVE fixes in openssl 1.1.1t

v0.10.0

What's Added

• Print stacktrace on SIGSEGV exceptions in #1402
• added strace filtering features for syscall exclude, group filtering, and pid/tid filtering (#1408, #1412, #1414)
• Add syslog level configuration and add info logs during startup in #1426
• Add thread tracking extension to myst-gdb in #1418
• MYST_RETAIN_SYMBOLS env var to retain symbols in #1449

Fixes and improvements

• Fixed signing engine implementation and oesign call in #1428
• Fixed memalign error in debug-malloc in #1448
• Fixed broken signing of EXT2 rootfs in #1456

Security

• update oe version to the latest 0.18.5 in #1459 for CVE fixes in openssl 1.1.1t

v0.9.3

Added

• Added signing engine tests and fixed bug so that correct parameters are sent to OE for the signing engine, see #1451 for more details

v0.9.1

Security

Updated to use Open Enclave SDK v0.18.2 which mitigates CVE-2022-21233. Please refer to the security advisory for the same

v0.9.0

Added:

• Abstract namespace addresses support for Unix domain sockets: Conventionally Unix domain socket addresses are a path in the file hierarchy. Abstract namespace identifiers allow addresses without creating a corresponding file path. They are differentiated from conventional UDS addresses by starting the address with a null character.

• Support for SOCK_STREAM Unix domain sockets bound to hostfs paths.

Changed:

• Track kernel and user time on a per-process basis: Previously, we were incorrectly tracking system and user time usage as a global variable.A number of the time commands actually require this to be reported on a per-process basis.

• Clock resolution in the Mystikos kernel is changed to 100ns.

• MUSL’s pathconf and fpathconf is patched to report invalid input for option PC_NAME_MAX.

Security

• Updated to use Open Enclave SDK v0.18.0 which mitigates CVE-2022-21166 described in INTEL-SA-00615.

v0.8.0

Containers:

Ubuntu 18.04: mystikos.azurecr.io/mystikos-bionic:v0.8.0
Ubuntu 20.04: mystikos.azurecr.io/mystikos-focal:v0.8.0

Added:

· Implemented Unix-domain sockets in which all data is exchanged within the kernel (inside the enclave), added support for AF_LOCAL dup()

· Added support and tests for .NET and ASP.NET v6

· Added PyTorch core tests, CPython 3.10 tests

· Documented support and limitations for .NET https://github.com/deislabs/mystikos/blob/main/doc/dotnet-support.md

· Documented support and limitations for Python https://github.com/deislabs/mystikos/blob/main/doc/PythonSupport.md

· Enabled full 32-bit uid/gid support in ext2fs implementation

· Added address validity check and set error code to match Linux spec for sched_getaffinity and sched_setaffinity

· Implemented AF_LOCAL ioctl() FIONREAD, ppoll, SYS_kill, /proc/sys/kernel/pid_max, SYS_linkat, SYS_copy_file_range, FIOCLEX/FIONCLEX ioctl support for pipe

· Improved signal handling

· Added warning for small stacksize for glibc applications

· Enabled tests on Intel Ice Lake platform which has SGX2 support

Changed:

· Breaking change: Host environment variables are no longer exported unless there is a config. "HostApplicationParameters" and "HostEnvironmentVariables" are used to pass host environment variables to the enclave

· Removed glibc ifaddrs due to known limitation

· Improved stability in general