Merge branch '1.0-dev' into 1.0

Author: jslobodzian

SPECS-SIGNED/kernel-signed/kernel-signed.spec

@@ -10,7 +10,7 @@
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-signed-%{buildarch}
 Version:        5.10.102.1
-Release:        1%{?dist}
+Release:        3%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -147,6 +147,12 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %endif
 
 %changelog
+* Fri Mar 25 2022 Rachel Menge <[email protected]> - 5.10.102.1-3
+- Bump release number to match kernel release
+
+* Fri Mar 18 2022 Rachel Menge <[email protected]> - 5.10.102.1-2
+- Bump release number to match kernel release
+
 * Mon Feb 28 2022 Rachel Menge <[email protected]> - 5.10.102.1-1
 - Update source to 5.10.102.1
 

SPECS/audit/audit.spec

@@ -4,7 +4,7 @@
 Summary:        Kernel Audit Tool
 Name:           audit
 Version:        3.0
-Release:        13%{?dist}
+Release:        14%{?dist}
 Source0:        https://people.redhat.com/sgrubb/audit/%{name}-%{version}-alpha8.tar.gz
 Patch0:         refuse-manual-stop.patch
 License:        GPLv2+
@@ -166,6 +166,8 @@ make %{?_smp_mflags} check
 %{python3_sitelib}/*
 
 %changelog
+*   Tue Mar 15 2022 Muhammad Falak <[email protected]> - 3.0-14
+-   Bump release to force rebuild with golang 1.16.15
 *   Fri Feb 18 2022 Thomas Crain <[email protected]> - 3.0-13
 -   Bump release to force rebuild with golang 1.16.14
 *   Tue Feb 01 2022 Max Brodeur-Urbas <[email protected]> - 3.0-12
@@ -225,4 +227,4 @@ make %{?_smp_mflags} check
 *   Wed Dec 09 2015 Anish Swaminathan <[email protected]> 2.4.4-2
 -   Add systemd requirement.
 *   Fri Aug 28 2015 Divya Thaluru <[email protected]> 2.4.4-1
--   Initial version
+-   Initial version

SPECS/bind/bind.signatures.json

@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "bind-9.16.22.tar.xz": "65e7b2af6479db346e2fc99bcfb6ec3240066468e09dbec575ebc7c57d994061"
+  "bind-9.16.27.tar.xz": "90902aaf104c81019d75d6f8b2f7ec40fcd249406f894b44e4a9c6b5e08bf566"
  }
-}
+}

SPECS/bind/bind.spec

@@ -1,6 +1,6 @@
 Summary:        Domain Name System software
 Name:           bind
-Version:        9.16.22
+Version:        9.16.27
 Release:        1%{?dist}
 License:        ISC
 URL:            https://www.isc.org/downloads/bind/
@@ -84,43 +84,64 @@ fi
 %{_prefix}/lib/tmpfiles.d/named.conf
 
 %changelog
-*   Tue Nov 09 2021 Nick Samson <[email protected]> - 9.16.22-1
--   Upgrade to 9.16.22, fixing CVE-2021-25219. Removed file entries removed from source build. Removed unnecessary patch files.
-*   Wed May 12 2021 Andrew Phelps <[email protected]> - 9.16.15-1
--   Update version to 9.16.15 to fix CVE-2021-25215
-*   Mon Mar 01 2021 Nicolas Guibourge <[email protected]> - 9.16.3-3
--   Fixes CVE-2020-8625
-*   Fri Sep 11 2020 Ruying Chen <[email protected]> - 9.16.3-2
--   Fixes CVE-2020-8618, CVE-2020-8619, CVE-2020-8620,
--   CVE-2020-8621, CVE-2020-8622, CVE-2020-8623, CVE-2020-8624
-*   Wed May 27 2020 Daniel McIlvaney <[email protected]> - 9.16.3-1
--   Update to version 9.16.3, fixes CVE-2018-5743, CVE-2018-5744, CVE-2019-6465, CVE-2019-6467, CVE-2019-6471, CVE-2020-8616, CVE-2020-8617
-*   Sat May 09 2020 Nick Samson <[email protected]> - 9.13.3-4
--   Added %%license line automatically
-*   Fri May  1 2020 Emre Girgin <[email protected]> 9.13.3-3
--   Renaming bindutils to bind.
--   Add bind-utils subpackage.
-*   Tue Sep 03 2019 Mateusz Malisz <[email protected]> 9.13.3-2
--   Initial CBL-Mariner import from Photon (license: Apache2).
-*   Sun Sep 23 2018 Sujay G <[email protected]> 9.13.3-1
--   Bump bindutils version to 9.13.3
-*   Mon Feb 12 2018 Xiaolin Li <[email protected]> 9.10.6-1
--   Upgrading version to 9.10.6-P1, fix CVE-2017-3145
-*   Mon Sep 18 2017 Alexey Makhalov <[email protected]> 9.10.4-4
--   Remove shadow from requires and use explicit tools for post actions
-*   Fri Apr 14 2017 Kumar Kaushik <[email protected]> 9.10.4-3
--   Upgrading version to 9.10.4-P8
-*   Mon Nov 21 2016 Priyesh Padmavilasom <[email protected]> 9.10.4-2
--   add shadow to requires
-*   Mon Jun 06 2016 Harish Udaiya Kumar <[email protected]> 9.10.4-1
--   Upgraded the version to 9.10.4
-*   Tue May 24 2016 Priyesh Padmavilasom <[email protected]> 9.10.3-3
--   GA - Bump release of all rpms
-*   Fri Apr 29 2016 Xiaolin Li <[email protected]> 9.10.3-2
--   Add group named and user named
-*   Thu Jan 21 2016 Xiaolin Li <[email protected]> 9.10.3-1
--   Updated to version 9.10.3
-*   Tue Aug 11 2015 Divya Thaluru <[email protected]> 9.10.1-1
--   Fixing release
-*   Tue Jan 20 2015 Divya Thaluru <[email protected]> 9.10.1-P1
--   Initial build. First version
+* Thu Mar 17 2022 Muhammad Falak <[email protected]> - 9.16.27-1
+- Bump version to 9.16.27 to address CVE-2021-25220 & CVE-2022-0396
+
+* Tue Nov 09 2021 Nick Samson <[email protected]> - 9.16.22-1
+- Upgrade to 9.16.22, fixing CVE-2021-25219. Removed file entries removed from source build. Removed unnecessary patch files.
+
+* Wed May 12 2021 Andrew Phelps <[email protected]> - 9.16.15-1
+- Update version to 9.16.15 to fix CVE-2021-25215
+
+* Mon Mar 01 2021 Nicolas Guibourge <[email protected]> - 9.16.3-3
+- Fixes CVE-2020-8625
+
+* Fri Sep 11 2020 Ruying Chen <[email protected]> - 9.16.3-2
+- Fixes CVE-2020-8618, CVE-2020-8619, CVE-2020-8620,
+- CVE-2020-8621, CVE-2020-8622, CVE-2020-8623, CVE-2020-8624
+
+* Wed May 27 2020 Daniel McIlvaney <[email protected]> - 9.16.3-1
+- Update to version 9.16.3, fixes CVE-2018-5743, CVE-2018-5744, CVE-2019-6465, CVE-2019-6467, CVE-2019-6471, CVE-2020-8616, CVE-2020-8617
+
+* Sat May 09 2020 Nick Samson <[email protected]> - 9.13.3-4
+- Added %%license line automatically
+
+* Fri May  1 2020 Emre Girgin <[email protected]> 9.13.3-3
+- Renaming bindutils to bind.
+- Add bind-utils subpackage.
+
+* Tue Sep 03 2019 Mateusz Malisz <[email protected]> 9.13.3-2
+- Initial CBL-Mariner import from Photon (license: Apache2).
+
+* Sun Sep 23 2018 Sujay G <[email protected]> 9.13.3-1
+- Bump bindutils version to 9.13.3
+
+* Mon Feb 12 2018 Xiaolin Li <[email protected]> 9.10.6-1
+- Upgrading version to 9.10.6-P1, fix CVE-2017-3145
+
+* Mon Sep 18 2017 Alexey Makhalov <[email protected]> 9.10.4-4
+- Remove shadow from requires and use explicit tools for post actions
+
+* Fri Apr 14 2017 Kumar Kaushik <[email protected]> 9.10.4-3
+- Upgrading version to 9.10.4-P8
+
+* Mon Nov 21 2016 Priyesh Padmavilasom <[email protected]> 9.10.4-2
+- add shadow to requires
+
+* Mon Jun 06 2016 Harish Udaiya Kumar <[email protected]> 9.10.4-1
+- Upgraded the version to 9.10.4
+
+* Tue May 24 2016 Priyesh Padmavilasom <[email protected]> 9.10.3-3
+- GA - Bump release of all rpms
+
+* Fri Apr 29 2016 Xiaolin Li <[email protected]> 9.10.3-2
+- Add group named and user named
+
+* Thu Jan 21 2016 Xiaolin Li <[email protected]> 9.10.3-1
+- Updated to version 9.10.3
+
+* Tue Aug 11 2015 Divya Thaluru <[email protected]> 9.10.1-1
+- Fixing release
+
+* Tue Jan 20 2015 Divya Thaluru <[email protected]> 9.10.1-P1
+- Initial build. First version

SPECS/blobfuse/blobfuse.spec

@@ -1,7 +1,7 @@
 Summary:        FUSE adapter - Azure Storage Blobs
 Name:           blobfuse
 Version:        1.3.6
-Release:        7%{?dist}
+Release:        8%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -47,6 +47,9 @@ rm -rf %{buildroot}
 %{_bindir}/blobfuse
 
 %changelog
+* Tue Mar 15 2022 Muhammad Falak <[email protected]> - 1.3.6-8
+- Bump release to force rebuild with golang 1.16.15
+
 * Fri Feb 18 2022 Thomas Crain <[email protected]> - 1.3.6-7
 - Bump release to force rebuild with golang 1.16.14
 

SPECS/cloud-init/apply-netconfig-every-boot.patch

@@ -0,0 +1,59 @@
+From 0988fb89be06aeb08083ce609f755509d08fa459 Mon Sep 17 00:00:00 2001
+From: Chris Patterson <[email protected]>
+Date: Tue, 18 Jan 2022 15:45:59 -0500
+Subject: [PATCH] sources/azure: set ovf_is_accessible when OVF is read
+ successfully (#1193)
+
+The if-statement set ovf_is_accessible to True if the OVF is read
+from /dev/sr0, but not from other data sources.  It defaults to
+True, but may get flipped to False while processing an invalid
+source, and never get set back to True when reading from the data
+directory.
+
+Instead, default ovf_is_accessible to False, and only set it to
+True once we've read an OVF successfully (and end the search).
+
+This fixes an error when OVF is read from data_dir and IMDS
+data is unavailable (failing with "No OVF or IMDS available").
+
+[Backport to 21.4]
+Signed-off-by: Anirudh Gopal <[email protected]>
+---
+ cloudinit/sources/DataSourceAzure.py | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
+index 93493fa0..3ff043da 100755
+--- a/cloudinit/sources/DataSourceAzure.py
++++ b/cloudinit/sources/DataSourceAzure.py
+@@ -429,7 +429,7 @@ class DataSourceAzure(sources.DataSource):
+         # the candidate list determines the path to take in order to get the
+         # metadata we need.
+         reprovision = False
+-        ovf_is_accessible = True
++        ovf_is_accessible = False
+         reprovision_after_nic_attach = False
+         metadata_source = None
+         ret = None
+@@ -459,9 +459,9 @@ class DataSourceAzure(sources.DataSource):
+                             ret = util.mount_cb(src, load_azure_ds_dir)
+                         # save the device for ejection later
+                         self.iso_dev = src
+-                        ovf_is_accessible = True
+                     else:
+                         ret = load_azure_ds_dir(src)
++                    ovf_is_accessible = True
+                     metadata_source = src
+                     break
+                 except NonAzureDataSource:
+@@ -473,7 +473,6 @@ class DataSourceAzure(sources.DataSource):
+                     report_diagnostic_event(
+                         '%s was not mountable' % src,
+                         logger_func=LOG.debug)
+-                    ovf_is_accessible = False
+                     empty_md = {'local-hostname': ''}
+                     empty_cfg = dict(
+                         system_info=dict(
+-- 
+2.17.1
+

SPECS/cloud-init/azureds-set-ovf_is_accesible.patch

@@ -1,7 +1,7 @@
 {
  "Signatures": {
   "10-azure-kvp.cfg": "79e0370c010be5cd4717960e4b414570c9ec6e6d29aede77ccecc43d2b03bb9a",
-  "cloud-init-21.3.tar.gz": "bab5b99567eae216eb44b11e7a358055b563a2585de3b7ead94936118b9f374a",
+  "cloud-init-21.4.tar.gz": "c8b74593070fee58fe6b497941f6da4d13357e936e49248e4ba3999465e1fdd2",
   "dscheck_VMwareGuestInfo": "8ec3db577c749accff961cd3e723b312cf2bbc41473f2e164c76332fb972f73c"
  }
 }

SPECS/cloud-init/cloud-init.signatures.json

@@ -2,8 +2,8 @@
 %define cl_services cloud-config.service cloud-config.target cloud-final.service cloud-init.service cloud-init.target cloud-init-local.service
 Summary:        Cloud instance init scripts
 Name:           cloud-init
-Version:        21.3
-Release:        4%{?dist}
+Version:        21.4
+Release:        2%{?dist}
 License:        GPLv3
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -16,10 +16,11 @@ Patch0:         cloud-init-azureds.patch
 Patch1:         ds-identify.patch
 Patch2:         ds-vmware-mariner.patch
 Patch3:         cloud-cfg.patch
-Patch4:         networkd.patch
-Patch5:         mariner.patch
-Patch6:         update-metadata-on-BOOT_NEW_INSTANCE.patch
-Patch7:         apply-netconfig-every-boot.patch
+# Add Mariner distro support to cloud-init
+Patch4:         mariner-21.4.patch
+# backport patch https://github.com/canonical/cloud-init/commit/0988fb89be06aeb08083ce609f755509d08fa459.patch to 21.4
+Patch5:         azureds-set-ovf_is_accesible.patch
+
 BuildRequires:  automake
 BuildRequires:  dbus
 BuildRequires:  iproute
@@ -74,6 +75,7 @@ ssh keys and to let the user run various scripts.
 %package azure-kvp
 Summary:        Cloud-init configuration for Hyper-V telemetry
 Requires:       %{name} = %{version}-%{release}
+
 %description    azure-kvp
 Cloud-init configuration for Hyper-V telemetry
 
@@ -153,13 +155,21 @@ rm -rf %{buildroot}
 %{_unitdir}/*
 %{_systemdgeneratordir}/cloud-init-generator
 %{_udevrulesdir}/66-azure-ephemeral.rules
-%{_udevrulesdir}/10-cloud-init-hook-hotplug.rules
+%{_sysconfdir}/systemd/system/[email protected]/disable-sshd-keygen-if-cloud-init-active.conf
 %{_datadir}/bash-completion/completions/cloud-init
 
 %files azure-kvp
 %config(noreplace) %{_sysconfdir}/cloud/cloud.cfg.d/10-azure-kvp.cfg
 
 %changelog
+* Tue Mar 22 2022 Anirudh Gopal <[email protected]> - 21.4-2
+- Backport cloud-init ovf_is_accessible DataSourceAzure.py fix to 21.4
+
+* Wed Mar 16 2022 Henry Beberman <[email protected]> - 21.4-1
+- Update to version 21.4
+- Remove several upstreamed patches already present in source
+- Add netplan support into the Mariner distro config
+
 * Tue Feb 22 2022 Henry Beberman <[email protected]> - 21.3-4
 - Add patches from upstream to resolve a hang when reinitializing preprovisioned VMs.