Merge branch '1.0-dev' into 1.0

microsoft · May 17, 2023 · 49afcab · 49afcab
2 parents b607ea6 + ad4a80e
commit 49afcab
Show file tree

Hide file tree

Showing 11 changed files with 131 additions and 29 deletions.
diff --git a/SPECS/kernel/CVE-2023-0458.nopatch b/SPECS/kernel/CVE-2023-0458.nopatch
@@ -0,0 +1,3 @@
+CVE-2023-0458 - patched in 5.10.165.1 - (generated by autopatch tool)
+upstream 739790605705ddcf18f21782b9c99ad7d53a8c11 - stable 9f8e45720e0e7edb661d0082422f662ed243d8d8
+
diff --git a/SPECS/kernel/CVE-2023-1998.nopatch b/SPECS/kernel/CVE-2023-1998.nopatch
@@ -0,0 +1,3 @@
+CVE-2023-1998 - patched in 5.10.173.1 - (generated by autopatch tool)
+upstream 6921ed9049bc7457f66c1596c5b78aec0dae4a9d - stable abfed855f05863d292de2d0ebab4656791bab9c8
+
diff --git a/SPECS/tdnf/tdnf-increase-timeout.patch b/SPECS/tdnf/tdnf-increase-timeout.patch
@@ -0,0 +1,89 @@
+From cfc660cfd919d256306700c54059a0518f5c2ded Mon Sep 17 00:00:00 2001
+From: Sam Meluch <[email protected]>
+Date: Mon, 8 May 2023 14:57:38 -0700
+Subject: [PATCH] Add retry logic for connection failure
+
+---
+ client/remoterepo.c | 61 +++++++++++++++++++++++++++++----------------
+ 1 file changed, 40 insertions(+), 21 deletions(-)
+
+diff --git a/client/remoterepo.c b/client/remoterepo.c
+index de0e04c..7d37cc2 100644
+--- a/client/remoterepo.c
++++ b/client/remoterepo.c
+@@ -173,32 +173,51 @@ TDNFDownloadFile(
+         }
+     }
+
+-    fp = fopen(pszFile, "wb");
+-    if(!fp)
++    /* Double the connection timeout */
++    dwError = curl_easy_setopt(pCurl, CURLOPT_CONNECTTIMEOUT, 600);
++    BAIL_ON_TDNF_CURL_ERROR(dwError);
++
++    /* Add retry logic for connection failure*/
++    int retries = 3;
++    for( int i = 0; i < retries; i++)
+     {
+-        dwError = errno;
+-        BAIL_ON_TDNF_SYSTEM_ERROR(dwError);
+-    }
++        fp = fopen(pszFile, "wb");
++        if(!fp)
++        {
++            dwError = errno;
++            BAIL_ON_TDNF_SYSTEM_ERROR(dwError);
++        }
+
+-    dwError = curl_easy_setopt(pCurl, CURLOPT_WRITEDATA, fp);
+-    BAIL_ON_TDNF_CURL_ERROR(dwError);
++        dwError = curl_easy_setopt(pCurl, CURLOPT_WRITEDATA, fp);
++        BAIL_ON_TDNF_CURL_ERROR(dwError);
+
+-    dwError = curl_easy_perform(pCurl);
+-    BAIL_ON_TDNF_CURL_ERROR(dwError);
++        dwError = curl_easy_perform(pCurl);
++        if (i < (retries - 1) && dwError == CURLE_OPERATION_TIMEDOUT)
++        {
++            printf("Attempt %d timed out. Retrying Connection.\n", i + 1);
++            /* Retry on Connection timeout failure */
++            fclose(fp);
++            fp = NULL;
++            continue;
++        } 
+
+-    dwError = curl_easy_getinfo(pCurl,
+-                                CURLINFO_RESPONSE_CODE,
+-                                &lStatus);
+-    BAIL_ON_TDNF_CURL_ERROR(dwError);
++        BAIL_ON_TDNF_CURL_ERROR(dwError);
+
+-    if(lStatus >= 400)
+-    {
+-        fprintf(stderr,
+-                "Error: %ld when downloading %s\n. Please check repo url.\n",
+-                lStatus,
+-                pszFileUrl);
+-        dwError = ERROR_TDNF_INVALID_PARAMETER;
+-        BAIL_ON_TDNF_ERROR(dwError);
++        dwError = curl_easy_getinfo(pCurl,
++                                    CURLINFO_RESPONSE_CODE,
++                                    &lStatus);
++        BAIL_ON_TDNF_CURL_ERROR(dwError);
++
++        if(lStatus >= 400)
++        {
++            fprintf(stderr,
++                    "Error: %ld when downloading %s\n. Please check repo url.\n",
++                    lStatus,
++                    pszFileUrl);
++            dwError = ERROR_TDNF_INVALID_PARAMETER;
++            BAIL_ON_TDNF_ERROR(dwError);
++        }
++        break;
+     }
+ cleanup:
+     TDNF_SAFE_FREE_MEMORY(pszUserPass);
+-- 
+2.25.1
+
diff --git a/SPECS/tdnf/tdnf.spec b/SPECS/tdnf/tdnf.spec
@@ -5,8 +5,8 @@
 Summary:        dnf/yum equivalent using C libs
 Name:           tdnf
 Version:        2.1.0
-Release:        7%{?dist}
-License:        LGPLv2.1 AND GPLv2
+Release:        8%{?dist}
+License:        LGPL-2.1-only AND GPL-2.0-only
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          Applications/RPM
@@ -27,6 +27,7 @@ Patch5:         tdnf-support-multiple-gpgkeys.patch
 Patch6:         tdnf-add-download-no-deps-command.patch
 Patch7:         tdnf-use-custom-keyring-for-gpg-checks.patch
 Patch8:         tdnf-mandatory-space-list-output.patch
+Patch9:         tdnf-increase-timeout.patch
 
 BuildRequires:  cmake
 BuildRequires:  curl-devel
@@ -202,6 +203,9 @@ find %{buildroot} -name '*.pyc' -delete
 %{python3_sitelib}/*
 
 %changelog
+* Tue May 05 2023 Sam Meluch <[email protected]> - 2.1.0-8
+- Add patch for increased curl timeout and retry logic
+
 * Tue Dec 13 2022 Pawel Winogrodzki <[email protected]> - 2.1.0-7
 - Adding a dependency on "mariner-repos-shared" to guarantee existence of the YUM repos directory.
 

diff --git a/SPECS/vim/vim.signatures.json b/SPECS/vim/vim.signatures.json
@@ -1,5 +1,5 @@
 {
-  "Signatures": {
-    "vim-9.0.1527.tar.gz": "31dbd1bfb93ae4adb711a93e08d7d9fbdf03799d0ab3050226bba8f2ad4db2f6"
-  }
+ "Signatures": {
+  "vim-9.0.1562.tar.gz": "0fe8a81cebd218fb951e6a46daa342d57181b46f9be8af50aa28397c52a24d5c"
+ }
 }
diff --git a/SPECS/vim/vim.spec b/SPECS/vim/vim.spec
@@ -1,6 +1,6 @@
 Summary:        Text editor
 Name:           vim
-Version:        9.0.1527
+Version:        9.0.1562
 Release:        1%{?dist}
 License:        Vim
 Vendor:         Microsoft Corporation
@@ -192,6 +192,9 @@ fi
 %{_bindir}/vimdiff
 
 %changelog
+* Wed May 17 2023 Muhammad Falak <[email protected]> - 9.0.1562-1
+- Bump version to address CVE-2023-2609 & CVE-2023-2610
+
 * Mon May 08 2023 CBL-Mariner Servicing Account <[email protected]> - 9.0.1527-1
 - Auto-upgrade to 9.0.1527 - Fix CVE-2023-2426
 

diff --git a/cgmanifest.json b/cgmanifest.json
@@ -8636,8 +8636,8 @@
         "type": "other",
         "other": {
           "name": "vim",
-          "version": "9.0.1527",
-          "downloadUrl": "https://github.com/vim/vim/archive/v9.0.1527.tar.gz"
+          "version": "9.0.1562",
+          "downloadUrl": "https://github.com/vim/vim/archive/v9.0.1562.tar.gz"
         }
       }
     },
@@ -8993,4 +8993,4 @@
     }
   ],
   "Version": 1
-}
+}
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -133,10 +133,10 @@ libssh2-devel-1.9.0-1.cm1.aarch64.rpm
 curl-7.88.1-1.cm1.aarch64.rpm
 curl-devel-7.88.1-1.cm1.aarch64.rpm
 curl-libs-7.88.1-1.cm1.aarch64.rpm
-tdnf-2.1.0-7.cm1.aarch64.rpm
-tdnf-cli-libs-2.1.0-7.cm1.aarch64.rpm
-tdnf-devel-2.1.0-7.cm1.aarch64.rpm
-tdnf-plugin-repogpgcheck-2.1.0-7.cm1.aarch64.rpm
+tdnf-2.1.0-8.cm1.aarch64.rpm
+tdnf-cli-libs-2.1.0-8.cm1.aarch64.rpm
+tdnf-devel-2.1.0-8.cm1.aarch64.rpm
+tdnf-plugin-repogpgcheck-2.1.0-8.cm1.aarch64.rpm
 createrepo_c-0.11.1-6.cm1.aarch64.rpm
 libxml2-2.9.14-3.cm1.aarch64.rpm
 libxml2-devel-2.9.14-3.cm1.aarch64.rpm

diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -133,10 +133,10 @@ libssh2-devel-1.9.0-1.cm1.x86_64.rpm
 curl-7.88.1-1.cm1.x86_64.rpm
 curl-devel-7.88.1-1.cm1.x86_64.rpm
 curl-libs-7.88.1-1.cm1.x86_64.rpm
-tdnf-2.1.0-7.cm1.x86_64.rpm
-tdnf-cli-libs-2.1.0-7.cm1.x86_64.rpm
-tdnf-devel-2.1.0-7.cm1.x86_64.rpm
-tdnf-plugin-repogpgcheck-2.1.0-7.cm1.x86_64.rpm
+tdnf-2.1.0-8.cm1.x86_64.rpm
+tdnf-cli-libs-2.1.0-8.cm1.x86_64.rpm
+tdnf-devel-2.1.0-8.cm1.x86_64.rpm
+tdnf-plugin-repogpgcheck-2.1.0-8.cm1.x86_64.rpm
 createrepo_c-0.11.1-6.cm1.x86_64.rpm
 libxml2-2.9.14-3.cm1.x86_64.rpm
 libxml2-devel-2.9.14-3.cm1.x86_64.rpm

diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -399,12 +399,12 @@ systemd-devel-239-44.cm1.aarch64.rpm
 systemd-lang-239-44.cm1.aarch64.rpm
 tar-1.32-2.cm1.aarch64.rpm
 tar-debuginfo-1.32-2.cm1.aarch64.rpm
-tdnf-2.1.0-7.cm1.aarch64.rpm
-tdnf-cli-libs-2.1.0-7.cm1.aarch64.rpm
-tdnf-debuginfo-2.1.0-7.cm1.aarch64.rpm
-tdnf-devel-2.1.0-7.cm1.aarch64.rpm
-tdnf-plugin-repogpgcheck-2.1.0-7.cm1.aarch64.rpm
-tdnf-python-2.1.0-7.cm1.aarch64.rpm
+tdnf-2.1.0-8.cm1.aarch64.rpm
+tdnf-cli-libs-2.1.0-8.cm1.aarch64.rpm
+tdnf-debuginfo-2.1.0-8.cm1.aarch64.rpm
+tdnf-devel-2.1.0-8.cm1.aarch64.rpm
+tdnf-plugin-repogpgcheck-2.1.0-8.cm1.aarch64.rpm
+tdnf-python-2.1.0-8.cm1.aarch64.rpm
 texinfo-6.5-7.cm1.aarch64.rpm
 texinfo-debuginfo-6.5-7.cm1.aarch64.rpm
 unzip-6.0-19.cm1.aarch64.rpm

diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -399,12 +399,12 @@ systemd-devel-239-44.cm1.x86_64.rpm
 systemd-lang-239-44.cm1.x86_64.rpm
 tar-1.32-2.cm1.x86_64.rpm
 tar-debuginfo-1.32-2.cm1.x86_64.rpm
-tdnf-2.1.0-7.cm1.x86_64.rpm
-tdnf-cli-libs-2.1.0-7.cm1.x86_64.rpm
-tdnf-debuginfo-2.1.0-7.cm1.x86_64.rpm
-tdnf-devel-2.1.0-7.cm1.x86_64.rpm
-tdnf-plugin-repogpgcheck-2.1.0-7.cm1.x86_64.rpm
-tdnf-python-2.1.0-7.cm1.x86_64.rpm
+tdnf-2.1.0-8.cm1.x86_64.rpm
+tdnf-cli-libs-2.1.0-8.cm1.x86_64.rpm
+tdnf-debuginfo-2.1.0-8.cm1.x86_64.rpm
+tdnf-devel-2.1.0-8.cm1.x86_64.rpm
+tdnf-plugin-repogpgcheck-2.1.0-8.cm1.x86_64.rpm
+tdnf-python-2.1.0-8.cm1.x86_64.rpm
 texinfo-6.5-7.cm1.x86_64.rpm
 texinfo-debuginfo-6.5-7.cm1.x86_64.rpm
 unzip-6.0-19.cm1.x86_64.rpm
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		CVE-2023-0458 - patched in 5.10.165.1 - (generated by autopatch tool)
		upstream 739790605705ddcf18f21782b9c99ad7d53a8c11 - stable 9f8e45720e0e7edb661d0082422f662ed243d8d8
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		CVE-2023-1998 - patched in 5.10.173.1 - (generated by autopatch tool)
		upstream 6921ed9049bc7457f66c1596c5b78aec0dae4a9d - stable abfed855f05863d292de2d0ebab4656791bab9c8