Merge branch '1.0-dev' into 1.0

.github/workflows/validate-spec.sh

@@ -38,7 +38,7 @@ do
     echo "$spec was changed but neither version nor release changed" >> bad_specs.txt
   fi
 done
-rm diff_content
+rm -f diff_content
 
 if [[ -s bad_specs.txt ]]
 then

SPECS-SIGNED/kernel-signed/kernel-signed.spec

@@ -9,7 +9,7 @@
 %define uname_r %{version}-%{release}
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-signed-%{buildarch}
-Version:        5.10.88.1
+Version:        5.10.89.1
 Release:        2%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -147,6 +147,15 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %endif
 
 %changelog
+* Thu Jan 20 2022 Chris Co <[email protected]> - 5.10.89.1-2
+- Bump release number to match kernel release
+
+* Sun Jan 16 2022 Rachel Menge <[email protected]> - 5.10.89.1-1
+- Update source to 5.10.89.1
+
+* Fri Jan 14 2022 Henry Li <[email protected]> - 5.10.88.1-3
+- Bump release number to match kernel release
+
 * Wed Jan 12 2022 Cameron Baird <[email protected]> - 5.10.88.1-2
 - Bump release number to match kernel release
 

SPECS/abseil-cpp/abseil-cpp.spec

@@ -1,7 +1,7 @@
 Summary:        C++ Common Libraries
 Name:           abseil-cpp
 Version:        20211102.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -72,7 +72,7 @@ pushd build
 
 %check
 pushd build
-ctest --output-on-failure
+ctest --output-on-failure -E 'absl_symbolize_test|absl_sysinfo_test'
 
 %files
 %license LICENSE
@@ -86,6 +86,9 @@ ctest --output-on-failure
 %{_libdir}/pkgconfig/*.pc
 
 %changelog
+* Mon Jan 17 2022 Muhammad Falak <[email protected]> - 20211102.0-2
+- Exclude tests `absl_symbolize_test` & `absl_sysinfo_test`.
+
 * Mon Nov 15 2021 Pawel Winogrodzki <[email protected]> - 20211102.0-1
 - Initial CBL-Mariner import from Fedora 34 (license: MIT).
 - License verified.

SPECS/audit/audit.spec

@@ -4,7 +4,7 @@
 Summary:        Kernel Audit Tool
 Name:           audit
 Version:        3.0
-Release:        9%{?dist}
+Release:        11%{?dist}
 Source0:        https://people.redhat.com/sgrubb/audit/%{name}-%{version}-alpha8.tar.gz
 Patch0:         refuse-manual-stop.patch
 License:        GPLv2+
@@ -15,15 +15,13 @@ Distribution:   Mariner
 BuildRequires:  krb5-devel
 BuildRequires:  openldap
 BuildRequires:  golang
-BuildRequires:  tcp_wrappers-devel
 BuildRequires:  libcap-ng-devel
 BuildRequires:  swig
 BuildRequires:  e2fsprogs-devel
 BuildRequires:  systemd
 Requires:       systemd
 Requires:       krb5
 Requires:       openldap
-Requires:       tcp_wrappers
 Requires:       libcap-ng
 Requires:       gawk
 Requires:       audit-libs
@@ -86,7 +84,6 @@ and libauparse.
     --sysconfdir=%{_sysconfdir} \
     --with-python=yes \
     --with-python3=yes \
-    --with-libwrap \
     --enable-gssapi-krb5=yes \
     --with-libcap-ng=yes \
     --with-aarch64 \
@@ -173,9 +170,12 @@ make %{?_smp_mflags} check
 %{python3_sitelib}/*
 
 %changelog
-* Tue Nov 02 2021 Thomas Crain <[email protected]> - 3.0-9
-- Increment release for force republishing using golang 1.16.9
-
+*   Fri Jan 21 2022 Nick Samson <[email protected]> - 3.0-11
+-   Removed libwrap support to remove dependency on finger
+*   Wed Jan 19 2022 Henry Li <[email protected]> - 3.0-10
+-   Increment release for force republishing using golang 1.16.12
+*   Tue Nov 02 2021 Thomas Crain <[email protected]> - 3.0-9
+-   Increment release for force republishing using golang 1.16.9
 *   Fri Aug 06 2021 Nicolas Guibourge <[email protected]> 3.0-8
 -   Increment release to force republishing using golang 1.16.7.
 *   Tue Jun 08 2021 Henry Beberman <[email protected]> 3.0-7

SPECS/bash/bash-4.4.patch

@@ -1,6 +1,6 @@
-diff -dupr a/config-top.h b/config-top.h
---- a/config-top.h	2016-05-19 11:34:02.000000000 -0700
-+++ b/config-top.h	2017-01-13 19:48:28.940934708 -0800
+diff -dupr config-top.h config-top.h
+--- config-top.h	2016-05-19 11:34:02.000000000 -0700
++++ config-top.h	2017-01-13 19:48:28.940934708 -0800
 @@ -87,7 +87,7 @@
  #define DEFAULT_BASHRC "~/.bashrc"
 

SPECS/bash/bash.spec

@@ -1,19 +1,24 @@
 Summary:        Bourne-Again SHell
 Name:           bash
-Version:        4.4.18
-Release:        6%{?dist}
+Version:        4.4.23
+Release:        1%{?dist}
 License:        GPLv3
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          System Environment/Base
 URL:            https://www.gnu.org/software/bash/
-Source0:        https://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.gz
+Source0:        https://ftp.gnu.org/gnu/%{name}/%{name}-4.4.18.tar.gz
 Source1:        bash_completion
 Patch0:         bash-4.4.patch
 # CVE-2019-18276 has a negligible security impact, 
 # since we don't ship bash with suid.
 # Backporting the patch is non-trivial, as well.
 Patch1:         CVE-2019-18276.nopatch
+Patch2:         bash44-019.patch
+Patch3:         bash44-020.patch
+Patch4:         bash44-021.patch
+Patch5:         bash44-022.patch
+Patch6:         bash44-023.patch
 BuildRequires:  readline
 Requires:       readline
 Requires(post):   /bin/cp
@@ -44,7 +49,7 @@ Requires:       bash >= 4.4
 These are the additional language files of bash.
 
 %prep
-%autosetup -p 1
+%autosetup -p0 -n %{name}-4.4.18
 
 %build
 %configure \
@@ -332,6 +337,11 @@ fi
 %defattr(-,root,root)
 
 %changelog
+* Tue Jan 18 2022 Henry Beberman <[email protected]> - 4.4.23-1
+- Resolving a rare hang that was fixed in 4.4.20
+- Update bash to version 4.4.23
+- Update bash-4.4.patch for autosetup -p0
+
 * Thu Oct 22 2020 Thomas Crain <[email protected]> - 4.4.18-6
 - Nopatch CVE-2019-18276
 

SPECS/bash/bash44-019.patch

@@ -0,0 +1,50 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.4
+Patch-ID:	bash44-019
+
+Bug-Reported-by:	Kieran Grant <[email protected]>
+Bug-Reference-ID:	<[email protected]>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2018-02/msg00002.html
+
+Bug-Description:
+
+With certain values for PS1, especially those that wrap onto three or more
+lines, readline will miscalculate the number of invisible characters,
+leading to crashes and core dumps.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.4.18/lib/readline/display.c	2016-07-28 14:49:33.000000000 -0400
+--- lib/readline/display.c	2018-02-03 19:19:35.000000000 -0500
+***************
+*** 772,776 ****
+        wadjust = (newlines == 0)
+  		  ? prompt_invis_chars_first_line
+! 		  : ((newlines == prompt_lines_estimate) ? wrap_offset : prompt_invis_chars_first_line);
+
+        /* fix from Darin Johnson <[email protected]> for prompt string with
+--- 788,794 ----
+        wadjust = (newlines == 0)
+  		  ? prompt_invis_chars_first_line
+! 		  : ((newlines == prompt_lines_estimate)
+! 		  	? (wrap_offset - prompt_invis_chars_first_line)
+! 		  	: 0);
+
+        /* fix from Darin Johnson <[email protected]> for prompt string with
+*** ../bash-4.4/patchlevel.h	2016-06-22 14:51:03.000000000 -0400
+--- patchlevel.h	2016-10-01 11:01:28.000000000 -0400
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 18
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 19
+
+  #endif /* _PATCHLEVEL_H_ */

SPECS/bash/bash44-020.patch

@@ -0,0 +1,177 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.4
+Patch-ID:	bash44-020
+
+Bug-Reported-by:	Graham Northup <[email protected]>
+Bug-Reference-ID:	<[email protected]>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2017-02/msg00025.html
+
+Bug-Description:
+
+In circumstances involving long-running scripts that create and reap many
+processes, it is possible for the hash table bash uses to store exit
+statuses from asynchronous processes to develop loops. This patch fixes
+the loop causes and adds code to detect any future loops.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.4-patched/jobs.c	2016-11-11 13:42:55.000000000 -0500
+--- jobs.c	2017-02-22 15:16:28.000000000 -0500
+***************
+*** 813,818 ****
+    struct pidstat *ps;
+
+!   bucket = pshash_getbucket (pid);
+!   psi = bgp_getindex ();
+    ps = &bgpids.storage[psi];
+
+--- 796,815 ----
+    struct pidstat *ps;
+
+!   /* bucket == existing chain of pids hashing to same value
+!      psi = where were going to put this pid/status */
+! 
+!   bucket = pshash_getbucket (pid);	/* index into pidstat_table */
+!   psi = bgp_getindex ();		/* bgpids.head, index into storage */
+! 
+!   /* XXX - what if psi == *bucket? */
+!   if (psi == *bucket)
+!     {
+! #ifdef DEBUG
+!       internal_warning ("hashed pid %d (pid %d) collides with bgpids.head, skipping", psi, pid);
+! #endif
+!       bgpids.storage[psi].pid = NO_PID;		/* make sure */
+!       psi = bgp_getindex ();			/* skip to next one */
+!     }
+! 
+    ps = &bgpids.storage[psi];
+
+***************
+*** 842,845 ****
+--- 839,843 ----
+  {
+    struct pidstat *ps;
++   ps_index_t *bucket;
+
+    ps = &bgpids.storage[psi];
+***************
+*** 847,856 ****
+      return;
+
+!   if (ps->bucket_next != NO_PID)
+      bgpids.storage[ps->bucket_next].bucket_prev = ps->bucket_prev;
+!   if (ps->bucket_prev != NO_PID)
+      bgpids.storage[ps->bucket_prev].bucket_next = ps->bucket_next;
+    else
+!     *(pshash_getbucket (ps->pid)) = ps->bucket_next;
+  }
+
+--- 845,861 ----
+      return;
+
+!   if (ps->bucket_next != NO_PIDSTAT)
+      bgpids.storage[ps->bucket_next].bucket_prev = ps->bucket_prev;
+!   if (ps->bucket_prev != NO_PIDSTAT)
+      bgpids.storage[ps->bucket_prev].bucket_next = ps->bucket_next;
+    else
+!     {
+!       bucket = pshash_getbucket (ps->pid);
+!       *bucket = ps->bucket_next;	/* deleting chain head in hash table */
+!     }
+! 
+!   /* clear out this cell, just in case */
+!   ps->pid = NO_PID;
+!   ps->bucket_next = ps->bucket_prev = NO_PIDSTAT;
+  }
+
+***************
+*** 859,863 ****
+       pid_t pid;
+  {
+!   ps_index_t psi;
+
+    if (bgpids.storage == 0 || bgpids.nalloc == 0 || bgpids.npid == 0)
+--- 864,868 ----
+       pid_t pid;
+  {
+!   ps_index_t psi, orig_psi;
+
+    if (bgpids.storage == 0 || bgpids.nalloc == 0 || bgpids.npid == 0)
+***************
+*** 865,871 ****
+
+    /* Search chain using hash to find bucket in pidstat_table */
+!   for (psi = *(pshash_getbucket (pid)); psi != NO_PIDSTAT; psi = bgpids.storage[psi].bucket_next)
+!     if (bgpids.storage[psi].pid == pid)
+!       break;
+
+    if (psi == NO_PIDSTAT)
+--- 870,883 ----
+
+    /* Search chain using hash to find bucket in pidstat_table */
+!   for (orig_psi = psi = *(pshash_getbucket (pid)); psi != NO_PIDSTAT; psi = bgpids.storage[psi].bucket_next)
+!     {
+!       if (bgpids.storage[psi].pid == pid)
+! 	break;
+!       if (orig_psi == bgpids.storage[psi].bucket_next)	/* catch reported bug */
+! 	{
+! 	  internal_warning ("bgp_delete: LOOP: psi (%d) == storage[psi].bucket_next", psi);
+! 	  return 0;
+! 	}
+!     }
+
+    if (psi == NO_PIDSTAT)
+***************
+*** 905,909 ****
+       pid_t pid;
+  {
+!   ps_index_t psi;
+
+    if (bgpids.storage == 0 || bgpids.nalloc == 0 || bgpids.npid == 0)
+--- 917,921 ----
+       pid_t pid;
+  {
+!   ps_index_t psi, orig_psi;
+
+    if (bgpids.storage == 0 || bgpids.nalloc == 0 || bgpids.npid == 0)
+***************
+*** 911,917 ****
+
+    /* Search chain using hash to find bucket in pidstat_table */
+!   for (psi = *(pshash_getbucket (pid)); psi != NO_PIDSTAT; psi = bgpids.storage[psi].bucket_next)
+!     if (bgpids.storage[psi].pid == pid)
+!       return (bgpids.storage[psi].status);
+
+    return -1;
+--- 923,936 ----
+
+    /* Search chain using hash to find bucket in pidstat_table */
+!   for (orig_psi = psi = *(pshash_getbucket (pid)); psi != NO_PIDSTAT; psi = bgpids.storage[psi].bucket_next)
+!     {
+!       if (bgpids.storage[psi].pid == pid)
+! 	return (bgpids.storage[psi].status);
+!       if (orig_psi == bgpids.storage[psi].bucket_next)	/* catch reported bug */
+! 	{
+! 	  internal_warning ("bgp_search: LOOP: psi (%d) == storage[psi].bucket_next", psi);
+! 	  return -1;
+! 	}
+!     }
+
+    return -1;
+*** ../bash-4.4/patchlevel.h	2016-06-22 14:51:03.000000000 -0400
+--- patchlevel.h	2016-10-01 11:01:28.000000000 -0400
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 19
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 20
+
+  #endif /* _PATCHLEVEL_H_ */