From bbb0a98adbff5e8718daffc96d72dda8cb164121 Mon Sep 17 00:00:00 2001 From: rlmenge Date: Tue, 8 Jun 2021 18:13:31 -0400 Subject: [PATCH 1/2] Address CVE-2020-25672 (#1024) --- SPECS-SIGNED/kernel-signed/kernel-signed.spec | 5 ++++- SPECS/kernel-headers/kernel-headers.spec | 5 ++++- SPECS/kernel-hyperv/kernel-hyperv.spec | 5 ++++- SPECS/kernel/CVE-2020-25672.nopatch | 3 +++ SPECS/kernel/kernel.spec | 6 +++++- toolkit/resources/manifests/package/pkggen_core_aarch64.txt | 2 +- toolkit/resources/manifests/package/pkggen_core_x86_64.txt | 2 +- toolkit/resources/manifests/package/toolchain_aarch64.txt | 2 +- toolkit/resources/manifests/package/toolchain_x86_64.txt | 2 +- 9 files changed, 24 insertions(+), 8 deletions(-) create mode 100644 SPECS/kernel/CVE-2020-25672.nopatch diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec index 4afe152932f..6451a9480df 100644 --- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec +++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec @@ -10,7 +10,7 @@ Summary: Signed Linux Kernel for %{buildarch} systems Name: kernel-signed-%{buildarch} Version: 5.10.37.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -146,6 +146,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %endif %changelog +* Thu Jun 03 2021 Rachel Menge - 5.10.37.1-2 +- Bump release number to match kernel release + * Fri May 28 2021 Rachel Menge - 5.10.37.1-1 - Update source to 5.10.37.1 diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec index d540f78dc04..8b1cf54736f 100644 --- a/SPECS/kernel-headers/kernel-headers.spec +++ b/SPECS/kernel-headers/kernel-headers.spec @@ -1,7 +1,7 @@ Summary: Linux API header files Name: kernel-headers Version: 5.10.37.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -35,6 +35,9 @@ cp -rv usr/include/* /%{buildroot}%{_includedir} %{_includedir}/* %changelog +* Thu Jun 03 2021 Rachel Menge - 5.10.37.1-2 +- Bump release number to match kernel release + * Fri May 28 2021 Rachel Menge - 5.10.37.1-1 - Update source to 5.10.37.1 diff --git a/SPECS/kernel-hyperv/kernel-hyperv.spec b/SPECS/kernel-hyperv/kernel-hyperv.spec index 2661fddb27a..44c276baa42 100644 --- a/SPECS/kernel-hyperv/kernel-hyperv.spec +++ b/SPECS/kernel-hyperv/kernel-hyperv.spec @@ -4,7 +4,7 @@ Summary: Linux Kernel optimized for Hyper-V Name: kernel-hyperv Version: 5.10.37.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -267,6 +267,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_libdir}/perf/include/bpf/* %changelog +* Thu Jun 03 2021 Rachel Menge - 5.10.37.1-2 +- Bump release number to match kernel release + * Fri May 28 2021 Rachel Menge - 5.10.37.1-1 - Update source to 5.10.37.1 diff --git a/SPECS/kernel/CVE-2020-25672.nopatch b/SPECS/kernel/CVE-2020-25672.nopatch new file mode 100644 index 00000000000..2b12502b5bf --- /dev/null +++ b/SPECS/kernel/CVE-2020-25672.nopatch @@ -0,0 +1,3 @@ +CVE-2020-25672 - already patched in 5.10.37.1 stable kernel +Upstream commit: 7574fcdbdcb335763b6b322f6928dc0fd5730451 +Stable commit: 568ac94df580b1a65837dc299e8758635e7b1423 \ No newline at end of file diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec index 7a73b67b79d..d6d128cf688 100644 --- a/SPECS/kernel/kernel.spec +++ b/SPECS/kernel/kernel.spec @@ -4,7 +4,7 @@ Summary: Linux Kernel Name: kernel Version: 5.10.37.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -173,6 +173,7 @@ Patch1141: CVE-2021-33034.nopatch Patch1142: CVE-2021-3483.nopatch Patch1143: CVE-2021-3501.nopatch Patch1144: CVE-2021-3506.nopatch +Patch1145: CVE-2020-25672.nopatch BuildRequires: audit-devel BuildRequires: bash BuildRequires: bc @@ -503,6 +504,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %endif %changelog +* Thu Jun 03 2021 Rachel Menge - 5.10.37.1-2 +- Address CVE-2020-25672 + * Fri May 28 2021 Rachel Menge - 5.10.37.1-1 - Update source to 5.10.37.1 - Address CVE-2021-23134, CVE-2021-29155, CVE-2021-31829, CVE-2021-31916, diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index da0177f6d3a..f8890da616f 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,5 +1,5 @@ filesystem-1.1-7.cm1.aarch64.rpm -kernel-headers-5.10.37.1-1.cm1.noarch.rpm +kernel-headers-5.10.37.1-2.cm1.noarch.rpm glibc-2.28-18.cm1.aarch64.rpm glibc-devel-2.28-18.cm1.aarch64.rpm glibc-i18n-2.28-18.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index fe458ddce2c..094e7f998a7 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,5 +1,5 @@ filesystem-1.1-7.cm1.x86_64.rpm -kernel-headers-5.10.37.1-1.cm1.noarch.rpm +kernel-headers-5.10.37.1-2.cm1.noarch.rpm glibc-2.28-18.cm1.x86_64.rpm glibc-devel-2.28-18.cm1.x86_64.rpm glibc-i18n-2.28-18.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 49a33ecaa8c..c5680883359 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -145,7 +145,7 @@ json-c-debuginfo-0.14-3.cm1.aarch64.rpm json-c-devel-0.14-3.cm1.aarch64.rpm kbd-2.0.4-5.cm1.aarch64.rpm kbd-debuginfo-2.0.4-5.cm1.aarch64.rpm -kernel-headers-5.10.37.1-1.cm1.noarch.rpm +kernel-headers-5.10.37.1-2.cm1.noarch.rpm kmod-25-4.cm1.aarch64.rpm kmod-debuginfo-25-4.cm1.aarch64.rpm kmod-devel-25-4.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index a16c5cbf3b8..f30850a487b 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -145,7 +145,7 @@ json-c-debuginfo-0.14-3.cm1.x86_64.rpm json-c-devel-0.14-3.cm1.x86_64.rpm kbd-2.0.4-5.cm1.x86_64.rpm kbd-debuginfo-2.0.4-5.cm1.x86_64.rpm -kernel-headers-5.10.37.1-1.cm1.noarch.rpm +kernel-headers-5.10.37.1-2.cm1.noarch.rpm kmod-25-4.cm1.x86_64.rpm kmod-debuginfo-25-4.cm1.x86_64.rpm kmod-devel-25-4.cm1.x86_64.rpm From 6a8f80281d61769c77d339e8c7c7502bbac59012 Mon Sep 17 00:00:00 2001 From: rlmenge Date: Fri, 11 Jun 2021 13:41:04 -0400 Subject: [PATCH 2/2] Kernel: update to 5.10.42.1 (#1034) * Update kernel to 5.10.42.1 * Address CVE-2021-33200 --- SPECS-SIGNED/kernel-signed/kernel-signed.spec | 7 +++++-- .../hyperv-daemons.signatures.json | 2 +- SPECS/hyperv-daemons/hyperv-daemons.spec | 5 ++++- .../kernel-headers.signatures.json | 2 +- SPECS/kernel-headers/kernel-headers.spec | 7 +++++-- SPECS/kernel-hyperv/config | 2 +- .../kernel-hyperv/kernel-hyperv.signatures.json | 4 ++-- SPECS/kernel-hyperv/kernel-hyperv.spec | 7 +++++-- SPECS/kernel/CVE-2021-33200.nopatch | 10 ++++++++++ SPECS/kernel/config | 2 +- SPECS/kernel/config_aarch64 | 2 +- SPECS/kernel/kernel.signatures.json | 6 +++--- SPECS/kernel/kernel.spec | 9 +++++++-- cgmanifest.json | 16 ++++++++-------- .../manifests/package/pkggen_core_aarch64.txt | 2 +- .../manifests/package/pkggen_core_x86_64.txt | 2 +- .../manifests/package/toolchain_aarch64.txt | 2 +- .../manifests/package/toolchain_x86_64.txt | 2 +- toolkit/scripts/toolchain/container/Dockerfile | 2 +- .../toolchain/container/toolchain-md5sums | 2 +- .../container/toolchain_build_in_chroot.sh | 8 ++++---- .../container/toolchain_build_temp_tools.sh | 8 ++++---- 22 files changed, 68 insertions(+), 41 deletions(-) create mode 100644 SPECS/kernel/CVE-2021-33200.nopatch diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec index 6451a9480df..dc9f9d872f1 100644 --- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec +++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec @@ -9,8 +9,8 @@ %define uname_r %{version}-%{release} Summary: Signed Linux Kernel for %{buildarch} systems Name: kernel-signed-%{buildarch} -Version: 5.10.37.1 -Release: 2%{?dist} +Version: 5.10.42.1 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -146,6 +146,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %endif %changelog +* Tue Jun 08 2021 Rachel Menge - 5.10.42.1-1 +- Update source to 5.10.42.1 + * Thu Jun 03 2021 Rachel Menge - 5.10.37.1-2 - Bump release number to match kernel release diff --git a/SPECS/hyperv-daemons/hyperv-daemons.signatures.json b/SPECS/hyperv-daemons/hyperv-daemons.signatures.json index 04ed13dab18..6c5ea75e707 100644 --- a/SPECS/hyperv-daemons/hyperv-daemons.signatures.json +++ b/SPECS/hyperv-daemons/hyperv-daemons.signatures.json @@ -7,6 +7,6 @@ "hypervkvpd.service": "25339871302f7a47e1aecfa9fc2586c78bc37edb98773752f0a5dec30f0ed3a1", "hypervvss.rules": "94cead44245ef6553ab79c0bbac8419e3ff4b241f01bcec66e6f508098cbedd1", "hypervvssd.service": "22270d9f0f23af4ea7905f19c1d5d5495e40c1f782cbb87a99f8aec5a011078d", - "kernel-5.10.37.1.tar.gz": "5ed453360f52e70767631d6c253306ab07248d957275b9f1d55b8bd03a88a29e" + "kernel-5.10.42.1.tar.gz": "47bb149f6ad2fc7d0ad8b31e3fcc0d3b1e5b25069d12f4d1e06dfc0b3c4b32ee" } } \ No newline at end of file diff --git a/SPECS/hyperv-daemons/hyperv-daemons.spec b/SPECS/hyperv-daemons/hyperv-daemons.spec index 65d28f27765..0c1d97662b4 100644 --- a/SPECS/hyperv-daemons/hyperv-daemons.spec +++ b/SPECS/hyperv-daemons/hyperv-daemons.spec @@ -8,7 +8,7 @@ %global udev_prefix 70 Summary: Hyper-V daemons suite Name: hyperv-daemons -Version: 5.10.37.1 +Version: 5.10.42.1 Release: 1%{?dist} License: GPLv2+ Vendor: Microsoft Corporation @@ -219,6 +219,9 @@ fi %{_sbindir}/lsvmbus %changelog +* Tue Jun 08 2021 Rachel Menge - 5.10.42.1-1 +- Update source to 5.10.42.1 + * Fri May 28 2021 Rachel Menge - 5.10.37.1-1 - Update source to 5.10.37.1 diff --git a/SPECS/kernel-headers/kernel-headers.signatures.json b/SPECS/kernel-headers/kernel-headers.signatures.json index f54d9cca638..dbf465785ca 100644 --- a/SPECS/kernel-headers/kernel-headers.signatures.json +++ b/SPECS/kernel-headers/kernel-headers.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "kernel-5.10.37.1.tar.gz": "5ed453360f52e70767631d6c253306ab07248d957275b9f1d55b8bd03a88a29e" + "kernel-5.10.42.1.tar.gz": "47bb149f6ad2fc7d0ad8b31e3fcc0d3b1e5b25069d12f4d1e06dfc0b3c4b32ee" } } \ No newline at end of file diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec index 8b1cf54736f..4f53bb3ade0 100644 --- a/SPECS/kernel-headers/kernel-headers.spec +++ b/SPECS/kernel-headers/kernel-headers.spec @@ -1,7 +1,7 @@ Summary: Linux API header files Name: kernel-headers -Version: 5.10.37.1 -Release: 2%{?dist} +Version: 5.10.42.1 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -35,6 +35,9 @@ cp -rv usr/include/* /%{buildroot}%{_includedir} %{_includedir}/* %changelog +* Tue Jun 08 2021 Rachel Menge - 5.10.42.1-1 +- Update source to 5.10.42.1 + * Thu Jun 03 2021 Rachel Menge - 5.10.37.1-2 - Bump release number to match kernel release diff --git a/SPECS/kernel-hyperv/config b/SPECS/kernel-hyperv/config index f28d960e7d6..bd18cc4b8c7 100644 --- a/SPECS/kernel-hyperv/config +++ b/SPECS/kernel-hyperv/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.10.37.1 Kernel Configuration +# Linux/x86_64 5.10.42.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 9.1.0" CONFIG_CC_IS_GCC=y diff --git a/SPECS/kernel-hyperv/kernel-hyperv.signatures.json b/SPECS/kernel-hyperv/kernel-hyperv.signatures.json index 13fa07debda..57af310d27f 100644 --- a/SPECS/kernel-hyperv/kernel-hyperv.signatures.json +++ b/SPECS/kernel-hyperv/kernel-hyperv.signatures.json @@ -1,8 +1,8 @@ { "Signatures": { "cbl-mariner-ca-20210127.pem": "82363cb44e786353936abc2e2d62d9325cacf2d9e9a8ebaf4221ea30a9e0cd7b", - "config": "b1072e7d4bf000fad2f78e9e56e7ddc8207425b9acb9a779bb98174399dd2218", - "kernel-5.10.37.1.tar.gz": "5ed453360f52e70767631d6c253306ab07248d957275b9f1d55b8bd03a88a29e", + "config": "27eedb7687fd0d9415b759c4440ef33f54452fcecce06695adbaf4b614fe7ea3", + "kernel-5.10.42.1.tar.gz": "47bb149f6ad2fc7d0ad8b31e3fcc0d3b1e5b25069d12f4d1e06dfc0b3c4b32ee", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f" } } \ No newline at end of file diff --git a/SPECS/kernel-hyperv/kernel-hyperv.spec b/SPECS/kernel-hyperv/kernel-hyperv.spec index 44c276baa42..4113bc8197d 100644 --- a/SPECS/kernel-hyperv/kernel-hyperv.spec +++ b/SPECS/kernel-hyperv/kernel-hyperv.spec @@ -3,8 +3,8 @@ %define uname_r %{version}-%{release} Summary: Linux Kernel optimized for Hyper-V Name: kernel-hyperv -Version: 5.10.37.1 -Release: 2%{?dist} +Version: 5.10.42.1 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -267,6 +267,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_libdir}/perf/include/bpf/* %changelog +* Tue Jun 08 2021 Rachel Menge - 5.10.42.1-1 +- Update source to 5.10.42.1 + * Thu Jun 03 2021 Rachel Menge - 5.10.37.1-2 - Bump release number to match kernel release diff --git a/SPECS/kernel/CVE-2021-33200.nopatch b/SPECS/kernel/CVE-2021-33200.nopatch new file mode 100644 index 00000000000..00b7ee7b9ce --- /dev/null +++ b/SPECS/kernel/CVE-2021-33200.nopatch @@ -0,0 +1,10 @@ +CVE-2021-33200 - already patched in 5.10.42.1 stable kernel + +Upstream: 3d0220f6861d713213b015b582e9f21e5b28d2e0 +Stable: 4e2c7b297431457663a90d4186e666b61d5da86c + +Upstream: bb01a1bba579b4b1c5566af24d95f1767859771e +Stable: c87ef240a8bbbda5913fac1e84209d224c1aaf50 + +Upstream: a7036191277f9fa68d92f2071ddc38c09b1e5ee5 +Stable: 27acfd11ba179b746f55077edf9750f8f7cb1cb6 \ No newline at end of file diff --git a/SPECS/kernel/config b/SPECS/kernel/config index 64329c2a8f6..61296360125 100644 --- a/SPECS/kernel/config +++ b/SPECS/kernel/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.10.37.1 Kernel Configuration +# Linux/x86_64 5.10.42.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 9.1.0" CONFIG_CC_IS_GCC=y diff --git a/SPECS/kernel/config_aarch64 b/SPECS/kernel/config_aarch64 index 93d76eb65bd..cb479e6b63d 100644 --- a/SPECS/kernel/config_aarch64 +++ b/SPECS/kernel/config_aarch64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 5.10.37.1 Kernel Configuration +# Linux/arm64 5.10.42.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 9.1.0" CONFIG_CC_IS_GCC=y diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json index 54352b8a74f..8a7f38d961e 100644 --- a/SPECS/kernel/kernel.signatures.json +++ b/SPECS/kernel/kernel.signatures.json @@ -1,9 +1,9 @@ { "Signatures": { "cbl-mariner-ca-20210127.pem": "82363cb44e786353936abc2e2d62d9325cacf2d9e9a8ebaf4221ea30a9e0cd7b", - "config": "4f0050188f0d1c476dfd9343fd375d4c2b9e8189409f5fb215020ef251828bdb", - "config_aarch64": "a84c2218a98f05f23d3cc51e56cc41d9426487db390d49511396e856e07d7894", - "kernel-5.10.37.1.tar.gz": "5ed453360f52e70767631d6c253306ab07248d957275b9f1d55b8bd03a88a29e", + "config": "717fa109b65d1989115762debe92e543ffdfc57824aa933d20af87892152f674", + "config_aarch64": "3dbf18d2ef17e88db97b20df9a8fbe9c6ac7b20a80bb8c5c90d4c1e28e7ff1ad", + "kernel-5.10.42.1.tar.gz": "47bb149f6ad2fc7d0ad8b31e3fcc0d3b1e5b25069d12f4d1e06dfc0b3c4b32ee", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f" } } diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec index d6d128cf688..656083619b8 100644 --- a/SPECS/kernel/kernel.spec +++ b/SPECS/kernel/kernel.spec @@ -3,8 +3,8 @@ %define uname_r %{version}-%{release} Summary: Linux Kernel Name: kernel -Version: 5.10.37.1 -Release: 2%{?dist} +Version: 5.10.42.1 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -174,6 +174,7 @@ Patch1142: CVE-2021-3483.nopatch Patch1143: CVE-2021-3501.nopatch Patch1144: CVE-2021-3506.nopatch Patch1145: CVE-2020-25672.nopatch +Patch1146: CVE-2021-33200.nopatch BuildRequires: audit-devel BuildRequires: bash BuildRequires: bc @@ -504,6 +505,10 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %endif %changelog +* Tue Jun 08 2021 Rachel Menge - 5.10.42.1-1 +- Update source to 5.10.42.1 +- Address CVE-2021-33200 + * Thu Jun 03 2021 Rachel Menge - 5.10.37.1-2 - Address CVE-2020-25672 diff --git a/cgmanifest.json b/cgmanifest.json index 1488642f983..8d3cebae7f9 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -1845,8 +1845,8 @@ "type": "other", "other": { "name": "hyperv-daemons", - "version": "5.10.37.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.37.1.tar.gz" + "version": "5.10.42.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.42.1.tar.gz" } } }, @@ -2145,8 +2145,8 @@ "type": "other", "other": { "name": "kernel-headers", - "version": "5.10.37.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.37.1.tar.gz" + "version": "5.10.42.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.42.1.tar.gz" } } }, @@ -2155,8 +2155,8 @@ "type": "other", "other": { "name": "kernel-hyperv", - "version": "5.10.37.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.37.1.tar.gz" + "version": "5.10.42.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.42.1.tar.gz" } } }, @@ -2165,8 +2165,8 @@ "type": "other", "other": { "name": "kernel", - "version": "5.10.37.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.37.1.tar.gz" + "version": "5.10.42.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.42.1.tar.gz" } } }, diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index f8890da616f..bf9043aecbb 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,5 +1,5 @@ filesystem-1.1-7.cm1.aarch64.rpm -kernel-headers-5.10.37.1-2.cm1.noarch.rpm +kernel-headers-5.10.42.1-1.cm1.noarch.rpm glibc-2.28-18.cm1.aarch64.rpm glibc-devel-2.28-18.cm1.aarch64.rpm glibc-i18n-2.28-18.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 094e7f998a7..53366f0d74b 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,5 +1,5 @@ filesystem-1.1-7.cm1.x86_64.rpm -kernel-headers-5.10.37.1-2.cm1.noarch.rpm +kernel-headers-5.10.42.1-1.cm1.noarch.rpm glibc-2.28-18.cm1.x86_64.rpm glibc-devel-2.28-18.cm1.x86_64.rpm glibc-i18n-2.28-18.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index c5680883359..cefeb58ef88 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -145,7 +145,7 @@ json-c-debuginfo-0.14-3.cm1.aarch64.rpm json-c-devel-0.14-3.cm1.aarch64.rpm kbd-2.0.4-5.cm1.aarch64.rpm kbd-debuginfo-2.0.4-5.cm1.aarch64.rpm -kernel-headers-5.10.37.1-2.cm1.noarch.rpm +kernel-headers-5.10.42.1-1.cm1.noarch.rpm kmod-25-4.cm1.aarch64.rpm kmod-debuginfo-25-4.cm1.aarch64.rpm kmod-devel-25-4.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index f30850a487b..5056e41310c 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -145,7 +145,7 @@ json-c-debuginfo-0.14-3.cm1.x86_64.rpm json-c-devel-0.14-3.cm1.x86_64.rpm kbd-2.0.4-5.cm1.x86_64.rpm kbd-debuginfo-2.0.4-5.cm1.x86_64.rpm -kernel-headers-5.10.37.1-2.cm1.noarch.rpm +kernel-headers-5.10.42.1-1.cm1.noarch.rpm kmod-25-4.cm1.x86_64.rpm kmod-debuginfo-25-4.cm1.x86_64.rpm kmod-devel-25-4.cm1.x86_64.rpm diff --git a/toolkit/scripts/toolchain/container/Dockerfile b/toolkit/scripts/toolchain/container/Dockerfile index f049d20fdde..c4e421f7bf6 100644 --- a/toolkit/scripts/toolchain/container/Dockerfile +++ b/toolkit/scripts/toolchain/container/Dockerfile @@ -68,7 +68,7 @@ COPY [ "./toolchain-md5sums", \ WORKDIR $LFS/sources RUN wget -nv --no-clobber --timeout=30 --no-check-certificate --continue --input-file=$LFS/tools/toolchain-local-wget-list --directory-prefix=$LFS/sources; exit 0 RUN wget -nv --no-clobber --timeout=30 --continue --input-file=$LFS/tools/toolchain-remote-wget-list --directory-prefix=$LFS/sources; exit 0 -RUN wget -nv --no-clobber --timeout=30 --continue https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.37.1.tar.gz -O kernel-5.10.37.1.tar.gz --directory-prefix=$LFS/sources; exit 0 +RUN wget -nv --no-clobber --timeout=30 --continue https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.42.1.tar.gz -O kernel-5.10.42.1.tar.gz --directory-prefix=$LFS/sources; exit 0 USER root RUN /tools/toolchain-jdk8-wget.sh; exit 0 RUN md5sum -c $LFS/tools/toolchain-md5sums && \ diff --git a/toolkit/scripts/toolchain/container/toolchain-md5sums b/toolkit/scripts/toolchain/container/toolchain-md5sums index 54bae37ed0a..a03a70c80db 100644 --- a/toolkit/scripts/toolchain/container/toolchain-md5sums +++ b/toolkit/scripts/toolchain/container/toolchain-md5sums @@ -59,7 +59,7 @@ bc62e7df6f75357b6dd1ec34600dbeaf jdk8u212-b04-langtools.tar.bz2 d0272e7a6107c64dae62b80ca7ec65e2 jdk8u212-b04-nashorn.tar.bz2 befd51c2b53a442e1fa6644bba89a95a jdk8u212-b04.tar.bz2 94afc90c1f7bef4a27fdd59ece39c878 kbproto-1.0.7.tar.bz2 -c20a04f9424e5a331843a42f0df0ab6b kernel-5.10.37.1.tar.gz +3955d6482ff5e5b92745ca066c31362e kernel-5.10.42.1.tar.gz d953ed6b47694dadf0e6042f8f9ff451 libarchive-3.4.2.tar.gz 968ac4d42a1a71754313527be2ab5df3 libcap-2.26.tar.xz ba983eba5a9f05d152a0725b8e863151 libdmx-1.1.3.tar.bz2 diff --git a/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh b/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh index d60a6272bbf..2cacc9e2603 100755 --- a/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh +++ b/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh @@ -57,14 +57,14 @@ set -e # cd /sources -echo Linux-5.10.37.1 API Headers -tar xf kernel-5.10.37.1.tar.gz -pushd CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.37.1 +echo Linux-5.10.42.1 API Headers +tar xf kernel-5.10.42.1.tar.gz +pushd CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.42.1 make mrproper make headers cp -rv usr/include/* /usr/include popd -rm -rf CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.37.1 +rm -rf CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.42.1 touch /logs/status_kernel_headers_complete echo 6.8. Man-pages-5.02 diff --git a/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh b/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh index fdbdf579802..dd892e49029 100755 --- a/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh +++ b/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh @@ -113,14 +113,14 @@ rm -rf gcc-9.1.0 touch $LFS/logs/temptoolchain/status_gcc_pass1_complete -echo Linux-5.10.37.1 API Headers -tar xf kernel-5.10.37.1.tar.gz -pushd CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.37.1 +echo Linux-5.10.42.1 API Headers +tar xf kernel-5.10.42.1.tar.gz +pushd CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.42.1 make mrproper make headers cp -rv usr/include/* /tools/include popd -rm -rf CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.37.1 +rm -rf CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.42.1 touch $LFS/logs/temptoolchain/status_kernel_headers_complete