Skip to content

Commit 3ea6c95

Browse files
committed
Merge branch 'main' into 2.0
2 parents 450c3cc + 2cfea6b commit 3ea6c95

File tree

161 files changed

+3823
-1409
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

161 files changed

+3823
-1409
lines changed

.pipelines/templatesWithCheckout/SodiffCheck.yml

+12-4
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,14 @@ parameters:
1313
type: string
1414
default: "rpms.tar.gz"
1515

16+
- name: sodiffRepoCommand
17+
type: string
18+
default: "sodiff-repo"
19+
20+
- name: sodiffRepoFile
21+
type: string
22+
default: "sodiff.repo"
23+
1624
- name: sourcesWorkspace
1725
type: string
1826
default: "$(Agent.TempDirectory)/SourcesWorkspace"
@@ -52,16 +60,16 @@ steps:
5260
sodiff_out_dir="${{ parameters.buildRepoRoot }}/out/sodiff"
5361
mkdir -p $sodiff_out_dir
5462
55-
echo "Generate sodiff.repo file"
56-
sudo make -sC "$toolkit_dir" sodiff-repo
63+
echo "Generate sodiff repo file"
64+
sudo make -sC "$toolkit_dir" ${{ parameters.sodiffRepoCommand }}
5765
5866
echo "Generate input file"
5967
find $sodiff_rpms_dir -type f -name '*.rpm' -exec basename {} \; > ./sodiff-rpms
6068
6169
sodiff_release_ver=`cat ${{ parameters.buildRepoRoot }}/SPECS/mariner-release/mariner-release.spec | grep "Version:" | cut -d " " -f 1 --complement | xargs`
6270
echo "sodiff release ver: $sodiff_release_ver"
6371
64-
$toolkit_dir/scripts/sodiff/mariner-sodiff.sh $sodiff_rpms_dir/ $toolkit_dir/scripts/sodiff/sodiff.repo $sodiff_release_ver $sodiff_out_dir < ./sodiff-rpms
72+
$toolkit_dir/scripts/sodiff/mariner-sodiff.sh -r $sodiff_rpms_dir/ -f ${{ parameters.buildRepoRoot }}/build/sodiff/${{ parameters.sodiffRepoFile }} -v $sodiff_release_ver -o $sodiff_out_dir -e true < ./sodiff-rpms
6573
6674
67-
displayName: "Sodiff check"
75+
displayName: "Sodiff check"

SPECS-EXTENDED/nmi/nmi.spec

+5-2
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
Summary: Node Managed Identity
33
Name: nmi
44
Version: 1.8.17
5-
Release: 3%{?dist}
5+
Release: 4%{?dist}
66
License: MIT
77
Vendor: Microsoft Corporation
88
Distribution: Mariner
@@ -26,7 +26,7 @@ Source0: %{name}-%{version}.tar.gz
2626
Source1: %{name}-%{version}-vendor-v2.tar.gz
2727
Patch0: modify-go-build-option.patch
2828
Patch1: CVE-2023-45288.patch
29-
BuildRequires: golang >= 1.15
29+
BuildRequires: golang
3030

3131
%description
3232
NMI is the resource that is used when your pods look to use their identity.
@@ -62,6 +62,9 @@ popd
6262
%{_bindir}/%{name}
6363

6464
%changelog
65+
* Wed Jul 17 2024 Muhammad Falak R Wani <[email protected]> - 1.8.17-4
66+
- Drop requirement on a specific version of golang
67+
6568
* Thu Jun 06 2024 CBL-Mariner Servicing Account <[email protected]> - 1.8.17-3
6669
- Bump release to rebuild with go 1.21.11
6770

SPECS-EXTENDED/umoci/umoci.spec

+5-2
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
Summary: Open Container Image manipulation tool
22
Name: umoci
33
Version: 0.4.7
4-
Release: 15%{?dist}
4+
Release: 16%{?dist}
55
License: Apache-2.0
66
Vendor: Microsoft Corporation
77
Distribution: Mariner
@@ -10,7 +10,7 @@ URL: https://github.com/opencontainers/umoci
1010
Source0: https://github.com/opencontainers/umoci/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
1111
%global debug_package %{nil}
1212
%define our_gopath %{_topdir}/.gopath
13-
BuildRequires: golang >= 1.17.9
13+
BuildRequires: golang
1414

1515
%description
1616
umoci modifies Open Container images.
@@ -39,6 +39,9 @@ go test -mod=vendor
3939
%{_bindir}/umoci
4040

4141
%changelog
42+
* Wed Jul 17 2024 Muhammad Falak R Wani <[email protected]> - 0.4.7-16
43+
- Drop requirement on a specific version of golang
44+
4245
* Thu Jun 06 2024 CBL-Mariner Servicing Account <[email protected]> - 0.4.7-15
4346
- Bump release to rebuild with go 1.21.11
4447

SPECS-SIGNED/hvloader-signed/hvloader-signed.spec

+4-1
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
Summary: Signed HvLoader.efi for %{buildarch} systems
77
Name: hvloader-signed-%{buildarch}
88
Version: 1.0.1
9-
Release: 4%{?dist}
9+
Release: 5%{?dist}
1010
License: MIT
1111
Vendor: Microsoft Corporation
1212
Distribution: Mariner
@@ -69,6 +69,9 @@ popd
6969
/boot/efi/HvLoader.efi
7070

7171
%changelog
72+
* Wed Jun 19 2024 Archana Choudhary <[email protected]> - 1.0.1-5
73+
- Update version for consistency with hvloader spec
74+
7275
* Thu Jun 06 2024 Archana Choudhary <[email protected]> - 1.0.1-4
7376
- Update version for consistency with hvloader spec
7477

SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec

+7-1
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
%define uname_r %{version}-%{release}
1010
Summary: Signed Linux Kernel for Azure
1111
Name: kernel-azure-signed-%{buildarch}
12-
Version: 5.15.160.1
12+
Version: 5.15.162.2
1313
Release: 1%{?dist}
1414
License: GPLv2
1515
Vendor: Microsoft Corporation
@@ -153,6 +153,12 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
153153
%exclude /module_info.ld
154154

155155
%changelog
156+
* Wed Jul 17 2024 CBL-Mariner Servicing Account <[email protected]> - 5.15.162.2-1
157+
- Auto-upgrade to 5.15.162.2
158+
159+
* Thu Jul 11 2024 CBL-Mariner Servicing Account <[email protected]> - 5.15.162.1-1
160+
- Auto-upgrade to 5.15.162.1
161+
156162
* Sat Jun 08 2024 CBL-Mariner Servicing Account <[email protected]> - 5.15.160.1-1
157163
- Auto-upgrade to 5.15.160.1
158164

SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec

+7-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
%define uname_r %{version}-%{release}
55
Summary: Signed Linux Kernel for HCI
66
Name: kernel-hci-signed-%{buildarch}
7-
Version: 5.15.160.1
7+
Version: 5.15.162.2
88
Release: 1%{?dist}
99
License: GPLv2
1010
Vendor: Microsoft Corporation
@@ -149,6 +149,12 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
149149
%exclude /module_info.ld
150150

151151
%changelog
152+
* Wed Jul 17 2024 CBL-Mariner Servicing Account <[email protected]> - 5.15.162.2-1
153+
- Auto-upgrade to 5.15.162.2
154+
155+
* Thu Jul 11 2024 CBL-Mariner Servicing Account <[email protected]> - 5.15.162.1-1
156+
- Auto-upgrade to 5.15.162.1
157+
152158
* Sat Jun 08 2024 CBL-Mariner Servicing Account <[email protected]> - 5.15.160.1-1
153159
- Auto-upgrade to 5.15.160.1
154160

SPECS-SIGNED/kernel-mos-signed/kernel-mos-signed.spec

+4-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
%define uname_r %{version}-%{release}
55
Summary: Signed Linux Kernel for MOS systems
66
Name: kernel-mos-signed-%{buildarch}
7-
Version: 5.15.158.2
7+
Version: 5.15.161.1
88
Release: 1%{?dist}
99
License: GPLv2
1010
Vendor: Microsoft Corporation
@@ -150,6 +150,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
150150
%exclude /module_info.ld
151151

152152
%changelog
153+
* Wed Jul 24 2024 Suresh Babu Chalamalasetty <[email protected]> - 5.15.161.1-1
154+
- Update to 5.15.161.1
155+
153156
* Fri Jun 07 2024 Gary Swalling <[email protected]> - 5.15.158.2-1
154157
- Update to 5.15.158.2
155158

SPECS-SIGNED/kernel-signed/kernel-signed.spec

+7-1
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
%define uname_r %{version}-%{release}
1010
Summary: Signed Linux Kernel for %{buildarch} systems
1111
Name: kernel-signed-%{buildarch}
12-
Version: 5.15.160.1
12+
Version: 5.15.162.2
1313
Release: 1%{?dist}
1414
License: GPLv2
1515
Vendor: Microsoft Corporation
@@ -153,6 +153,12 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
153153
%exclude /module_info.ld
154154

155155
%changelog
156+
* Wed Jul 17 2024 CBL-Mariner Servicing Account <[email protected]> - 5.15.162.2-1
157+
- Auto-upgrade to 5.15.162.2
158+
159+
* Thu Jul 11 2024 CBL-Mariner Servicing Account <[email protected]> - 5.15.162.1-1
160+
- Auto-upgrade to 5.15.162.1
161+
156162
* Sat Jun 08 2024 CBL-Mariner Servicing Account <[email protected]> - 5.15.160.1-1
157163
- Auto-upgrade to 5.15.160.1
158164

SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.spec

+5-2
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
Summary: The KeysInUse Engine for OpenSSL allows the logging of private key usage through OpenSSL
22
Name: KeysInUse-OpenSSL
33
Version: 0.3.4
4-
Release: 5%{?dist}
4+
Release: 6%{?dist}
55
License: MIT
66
Vendor: Microsoft Corporation
77
Distribution: Mariner
@@ -10,7 +10,7 @@ URL: https://github.com/microsoft/KeysInUse-OpenSSL
1010
Source0: https://github.com/microsoft/KeysInUse-OpenSSL/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
1111
BuildRequires: cmake
1212
BuildRequires: gcc
13-
BuildRequires: golang >= 1.16.6
13+
BuildRequires: golang
1414
BuildRequires: make
1515
BuildRequires: openssl-devel
1616
Requires: openssl < 1.1.2
@@ -74,6 +74,9 @@ if [ -x %{_bindir}/keysinuseutil ]; then
7474
fi
7575

7676
%changelog
77+
* Wed Jul 17 2024 Muhammad Falak R Wani <[email protected]> - 0.3.4-6
78+
- Drop requirement on a specific version of golang
79+
7780
* Thu Jun 06 2024 CBL-Mariner Servicing Account <[email protected]> - 0.3.4-5
7881
- Bump release to rebuild with go 1.21.11
7982

SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

SPECS/LICENSES-AND-NOTICES/data/licenses.json

-1
Original file line numberDiff line numberDiff line change
@@ -2713,7 +2713,6 @@
27132713
"gnutls",
27142714
"gobject-introspection",
27152715
"golang",
2716-
"golang-1.17",
27172716
"golang-1.18",
27182717
"gperf",
27192718
"gperftools",

SPECS/application-gateway-kubernetes-ingress/application-gateway-kubernetes-ingress.spec

+5-2
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
Summary: Application Gateway Ingress Controller
33
Name: application-gateway-kubernetes-ingress
44
Version: 1.4.0
5-
Release: 20%{?dist}
5+
Release: 21%{?dist}
66
License: MIT
77
Vendor: Microsoft Corporation
88
Distribution: Mariner
@@ -30,7 +30,7 @@ Patch0: CVE-2022-21698.patch
3030
Patch1: CVE-2023-44487.patch
3131
Patch2: CVE-2021-44716.patch
3232

33-
BuildRequires: golang >= 1.13
33+
BuildRequires: golang
3434
%if %{with_check}
3535
BuildRequires: helm
3636
%endif
@@ -67,6 +67,9 @@ cp appgw-ingress %{buildroot}%{_bindir}/
6767
%{_bindir}/appgw-ingress
6868

6969
%changelog
70+
* Wed Jul 17 2024 Muhammad Falak R Wani <[email protected]> - 1.4.0-21
71+
- Drop requirement on a specific version of golang
72+
7073
* Thu Jun 06 2024 CBL-Mariner Servicing Account <[email protected]> - 1.4.0-20
7174
- Bump release to rebuild with go 1.21.11
7275

SPECS/azcopy/azcopy.spec

+5-2
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
Summary: The new Azure Storage data transfer utility - AzCopy v10
22
Name: azcopy
33
Version: 10.24.0
4-
Release: 2%{?dist}
4+
Release: 3%{?dist}
55
License: MIT
66
Vendor: Microsoft Corporation
77
Distribution: Mariner
@@ -28,7 +28,7 @@ Source0: https://github.com/Azure/azure-storage-azcopy/archive/refs/tags/
2828
# - For the value of "--mtime" use the date "2021-04-26 00:00Z" to simplify future updates.
2929
Source1: azure-storage-%{name}-%{version}-vendor.tar.gz
3030

31-
BuildRequires: golang >= 1.19
31+
BuildRequires: golang
3232
BuildRequires: git
3333
%global debug_package %{nil}
3434
%define our_gopath %{_topdir}/.gopath
@@ -63,6 +63,9 @@ go test -mod=vendor
6363
%{_bindir}/azcopy
6464

6565
%changelog
66+
* Wed Jul 17 2024 Muhammad Falak R Wani <[email protected]> - 10.24.0-3
67+
- Drop requirement on a specific version of golang
68+
6669
* Thu Jun 06 2024 CBL-Mariner Servicing Account <[email protected]> - 10.24.0-2
6770
- Bump release to rebuild with go 1.21.11
6871

SPECS/blobfuse2/blobfuse2.spec

+5-2
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
Summary: FUSE adapter - Azure Storage
88
Name: blobfuse2
99
Version: %{blobfuse2_version}
10-
Release: 4%{?dist}
10+
Release: 5%{?dist}
1111
License: MIT
1212
Vendor: Microsoft Corporation
1313
Distribution: Mariner
@@ -39,7 +39,7 @@ Patch0: CVE-2023-45288.patch
3939
BuildRequires: cmake
4040
BuildRequires: fuse3-devel
4141
BuildRequires: gcc
42-
BuildRequires: golang >= 1.16
42+
BuildRequires: golang
4343
Requires: fuse3
4444

4545
%description
@@ -80,6 +80,9 @@ install -D -m 0644 ./setup/blobfuse2-logrotate %{buildroot}%{_sysconfdir}/logrot
8080
%{_sysconfdir}/logrotate.d/blobfuse2
8181

8282
%changelog
83+
* Wed Jul 17 2024 Muhammad Falak R Wani <[email protected]> - 2.1.2-5
84+
- Drop requirement on a specific version of golang
85+
8386
* Thu Jun 06 2024 CBL-Mariner Servicing Account <[email protected]> - 2.1.2-4
8487
- Bump release to rebuild with go 1.21.11
8588

SPECS/ceph/CVE-2024-38517.patch

+64
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
From 9138794bd0e51fe444f14803f891924798a651ac Mon Sep 17 00:00:00 2001
2+
From: Vince Perri <[email protected]>
3+
Date: Mon, 15 Jul 2024 18:33:06 +0000
4+
Subject: [PATCH] Prevent int underflow when parsing exponents
5+
6+
From 8269bc2bc289e9d343bae51cdf6d23ef0950e001 Mon Sep 17 00:00:00 2001
7+
From: Florin Malita <[email protected]>
8+
Date: Tue, 15 May 2018 22:48:07 -0400
9+
Subject: [PATCH] Prevent int underflow when parsing exponents
10+
11+
When parsing negative exponents, the current implementation takes
12+
precautions for |exp| to not underflow int.
13+
14+
But that is not sufficient: later on [1], |exp + expFrac| is also
15+
stored to an int - so we must ensure that the sum stays within int
16+
representable values.
17+
18+
Update the exp clamping logic to take expFrac into account.
19+
20+
[1] https://github.com/Tencent/rapidjson/blob/master/include/rapidjson/reader.h#L1690
21+
---
22+
src/rapidjson/include/rapidjson/reader.h | 11 ++++++++++-
23+
src/rapidjson/test/unittest/readertest.cpp | 1 +
24+
2 files changed, 11 insertions(+), 1 deletion(-)
25+
26+
diff --git a/src/rapidjson/include/rapidjson/reader.h b/src/rapidjson/include/rapidjson/reader.h
27+
index 19f8849b1..a9f502307 100644
28+
--- a/src/rapidjson/include/rapidjson/reader.h
29+
+++ b/src/rapidjson/include/rapidjson/reader.h
30+
@@ -1302,9 +1302,18 @@ private:
31+
if (RAPIDJSON_LIKELY(s.Peek() >= '0' && s.Peek() <= '9')) {
32+
exp = static_cast<int>(s.Take() - '0');
33+
if (expMinus) {
34+
+ // (exp + expFrac) must not underflow int => we're detecting when -exp gets
35+
+ // dangerously close to INT_MIN (a pessimistic next digit 9 would push it into
36+
+ // underflow territory):
37+
+ //
38+
+ // -(exp * 10 + 9) + expFrac >= INT_MIN
39+
+ // <=> exp <= (expFrac - INT_MIN - 9) / 10
40+
+ RAPIDJSON_ASSERT(expFrac <= 0);
41+
+ int maxExp = (expFrac + 2147483639) / 10;
42+
+
43+
while (RAPIDJSON_LIKELY(s.Peek() >= '0' && s.Peek() <= '9')) {
44+
exp = exp * 10 + static_cast<int>(s.Take() - '0');
45+
- if (exp >= 214748364) { // Issue #313: prevent overflow exponent
46+
+ if (RAPIDJSON_UNLIKELY(exp > maxExp)) {
47+
while (RAPIDJSON_UNLIKELY(s.Peek() >= '0' && s.Peek() <= '9')) // Consume the rest of exponent
48+
s.Take();
49+
}
50+
diff --git a/src/rapidjson/test/unittest/readertest.cpp b/src/rapidjson/test/unittest/readertest.cpp
51+
index 64a1f9c3c..65163de60 100644
52+
--- a/src/rapidjson/test/unittest/readertest.cpp
53+
+++ b/src/rapidjson/test/unittest/readertest.cpp
54+
@@ -242,6 +242,7 @@ static void TestParseDouble() {
55+
TEST_DOUBLE(fullPrecision, "1e-214748363", 0.0); // Maximum supported negative exponent
56+
TEST_DOUBLE(fullPrecision, "1e-214748364", 0.0);
57+
TEST_DOUBLE(fullPrecision, "1e-21474836311", 0.0);
58+
+ TEST_DOUBLE(fullPrecision, "1.00000000001e-2147483638", 0.0);
59+
TEST_DOUBLE(fullPrecision, "0.017976931348623157e+310", 1.7976931348623157e+308); // Max double in another form
60+
61+
// Since
62+
--
63+
2.34.1
64+

SPECS/ceph/CVE-2024-39684.nopatch

+1
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
CVE-2024-39684 is a duplicate of CVE-2024-38517

0 commit comments

Comments
 (0)