diff --git a/.github/workflows/validate-spec.sh b/.github/workflows/validate-spec.sh index 6ad77315324..3d09185636d 100755 --- a/.github/workflows/validate-spec.sh +++ b/.github/workflows/validate-spec.sh @@ -38,7 +38,7 @@ do echo "$spec was changed but neither version nor release changed" >> bad_specs.txt fi done -rm diff_content +rm -f diff_content if [[ -s bad_specs.txt ]] then diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec index b95e3f10817..3c8f7d1babc 100644 --- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec +++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec @@ -9,7 +9,7 @@ %define uname_r %{version}-%{release} Summary: Signed Linux Kernel for %{buildarch} systems Name: kernel-signed-%{buildarch} -Version: 5.10.88.1 +Version: 5.10.89.1 Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation @@ -147,6 +147,15 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %endif %changelog +* Thu Jan 20 2022 Chris Co - 5.10.89.1-2 +- Bump release number to match kernel release + +* Sun Jan 16 2022 Rachel Menge - 5.10.89.1-1 +- Update source to 5.10.89.1 + +* Fri Jan 14 2022 Henry Li - 5.10.88.1-3 +- Bump release number to match kernel release + * Wed Jan 12 2022 Cameron Baird - 5.10.88.1-2 - Bump release number to match kernel release diff --git a/SPECS/abseil-cpp/abseil-cpp.spec b/SPECS/abseil-cpp/abseil-cpp.spec index 7fa255d0aa2..1d8f5c1c77f 100644 --- a/SPECS/abseil-cpp/abseil-cpp.spec +++ b/SPECS/abseil-cpp/abseil-cpp.spec @@ -1,7 +1,7 @@ Summary: C++ Common Libraries Name: abseil-cpp Version: 20211102.0 -Release: 1%{?dist} +Release: 2%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -72,7 +72,7 @@ pushd build %check pushd build -ctest --output-on-failure +ctest --output-on-failure -E 'absl_symbolize_test|absl_sysinfo_test' %files %license LICENSE @@ -86,6 +86,9 @@ ctest --output-on-failure %{_libdir}/pkgconfig/*.pc %changelog +* Mon Jan 17 2022 Muhammad Falak - 20211102.0-2 +- Exclude tests `absl_symbolize_test` & `absl_sysinfo_test`. + * Mon Nov 15 2021 Pawel Winogrodzki - 20211102.0-1 - Initial CBL-Mariner import from Fedora 34 (license: MIT). - License verified. diff --git a/SPECS/audit/audit.spec b/SPECS/audit/audit.spec index accc5e2a79f..2de0d4ad07b 100644 --- a/SPECS/audit/audit.spec +++ b/SPECS/audit/audit.spec @@ -4,7 +4,7 @@ Summary: Kernel Audit Tool Name: audit Version: 3.0 -Release: 9%{?dist} +Release: 11%{?dist} Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}-alpha8.tar.gz Patch0: refuse-manual-stop.patch License: GPLv2+ @@ -15,7 +15,6 @@ Distribution: Mariner BuildRequires: krb5-devel BuildRequires: openldap BuildRequires: golang -BuildRequires: tcp_wrappers-devel BuildRequires: libcap-ng-devel BuildRequires: swig BuildRequires: e2fsprogs-devel @@ -23,7 +22,6 @@ BuildRequires: systemd Requires: systemd Requires: krb5 Requires: openldap -Requires: tcp_wrappers Requires: libcap-ng Requires: gawk Requires: audit-libs @@ -86,7 +84,6 @@ and libauparse. --sysconfdir=%{_sysconfdir} \ --with-python=yes \ --with-python3=yes \ - --with-libwrap \ --enable-gssapi-krb5=yes \ --with-libcap-ng=yes \ --with-aarch64 \ @@ -173,9 +170,12 @@ make %{?_smp_mflags} check %{python3_sitelib}/* %changelog -* Tue Nov 02 2021 Thomas Crain - 3.0-9 -- Increment release for force republishing using golang 1.16.9 - +* Fri Jan 21 2022 Nick Samson - 3.0-11 +- Removed libwrap support to remove dependency on finger +* Wed Jan 19 2022 Henry Li - 3.0-10 +- Increment release for force republishing using golang 1.16.12 +* Tue Nov 02 2021 Thomas Crain - 3.0-9 +- Increment release for force republishing using golang 1.16.9 * Fri Aug 06 2021 Nicolas Guibourge 3.0-8 - Increment release to force republishing using golang 1.16.7. * Tue Jun 08 2021 Henry Beberman 3.0-7 diff --git a/SPECS/bash/bash-4.4.patch b/SPECS/bash/bash-4.4.patch index 700624fa87c..bb423aa477c 100755 --- a/SPECS/bash/bash-4.4.patch +++ b/SPECS/bash/bash-4.4.patch @@ -1,6 +1,6 @@ -diff -dupr a/config-top.h b/config-top.h ---- a/config-top.h 2016-05-19 11:34:02.000000000 -0700 -+++ b/config-top.h 2017-01-13 19:48:28.940934708 -0800 +diff -dupr config-top.h config-top.h +--- config-top.h 2016-05-19 11:34:02.000000000 -0700 ++++ config-top.h 2017-01-13 19:48:28.940934708 -0800 @@ -87,7 +87,7 @@ #define DEFAULT_BASHRC "~/.bashrc" diff --git a/SPECS/bash/bash.spec b/SPECS/bash/bash.spec index 65306156ce1..32c36096d44 100755 --- a/SPECS/bash/bash.spec +++ b/SPECS/bash/bash.spec @@ -1,19 +1,24 @@ Summary: Bourne-Again SHell Name: bash -Version: 4.4.18 -Release: 6%{?dist} +Version: 4.4.23 +Release: 1%{?dist} License: GPLv3 Vendor: Microsoft Corporation Distribution: Mariner Group: System Environment/Base URL: https://www.gnu.org/software/bash/ -Source0: https://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.gz +Source0: https://ftp.gnu.org/gnu/%{name}/%{name}-4.4.18.tar.gz Source1: bash_completion Patch0: bash-4.4.patch # CVE-2019-18276 has a negligible security impact, # since we don't ship bash with suid. # Backporting the patch is non-trivial, as well. Patch1: CVE-2019-18276.nopatch +Patch2: bash44-019.patch +Patch3: bash44-020.patch +Patch4: bash44-021.patch +Patch5: bash44-022.patch +Patch6: bash44-023.patch BuildRequires: readline Requires: readline Requires(post): /bin/cp @@ -44,7 +49,7 @@ Requires: bash >= 4.4 These are the additional language files of bash. %prep -%autosetup -p 1 +%autosetup -p0 -n %{name}-4.4.18 %build %configure \ @@ -332,6 +337,11 @@ fi %defattr(-,root,root) %changelog +* Tue Jan 18 2022 Henry Beberman - 4.4.23-1 +- Resolving a rare hang that was fixed in 4.4.20 +- Update bash to version 4.4.23 +- Update bash-4.4.patch for autosetup -p0 + * Thu Oct 22 2020 Thomas Crain - 4.4.18-6 - Nopatch CVE-2019-18276 diff --git a/SPECS/bash/bash44-019.patch b/SPECS/bash/bash44-019.patch new file mode 100644 index 00000000000..081e9793290 --- /dev/null +++ b/SPECS/bash/bash44-019.patch @@ -0,0 +1,50 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 4.4 +Patch-ID: bash44-019 + +Bug-Reported-by: Kieran Grant +Bug-Reference-ID: +Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2018-02/msg00002.html + +Bug-Description: + +With certain values for PS1, especially those that wrap onto three or more +lines, readline will miscalculate the number of invisible characters, +leading to crashes and core dumps. + +Patch (apply with `patch -p0'): + +*** ../bash-4.4.18/lib/readline/display.c 2016-07-28 14:49:33.000000000 -0400 +--- lib/readline/display.c 2018-02-03 19:19:35.000000000 -0500 +*************** +*** 772,776 **** + wadjust = (newlines == 0) + ? prompt_invis_chars_first_line +! : ((newlines == prompt_lines_estimate) ? wrap_offset : prompt_invis_chars_first_line); + + /* fix from Darin Johnson for prompt string with +--- 788,794 ---- + wadjust = (newlines == 0) + ? prompt_invis_chars_first_line +! : ((newlines == prompt_lines_estimate) +! ? (wrap_offset - prompt_invis_chars_first_line) +! : 0); + + /* fix from Darin Johnson for prompt string with +*** ../bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2016-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 18 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 19 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/SPECS/bash/bash44-020.patch b/SPECS/bash/bash44-020.patch new file mode 100644 index 00000000000..1c42643b63d --- /dev/null +++ b/SPECS/bash/bash44-020.patch @@ -0,0 +1,177 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 4.4 +Patch-ID: bash44-020 + +Bug-Reported-by: Graham Northup +Bug-Reference-ID: <537530c3-61f0-349b-9de6-fa4e2487f428@clarkson.edu> +Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2017-02/msg00025.html + +Bug-Description: + +In circumstances involving long-running scripts that create and reap many +processes, it is possible for the hash table bash uses to store exit +statuses from asynchronous processes to develop loops. This patch fixes +the loop causes and adds code to detect any future loops. + +Patch (apply with `patch -p0'): + +*** ../bash-4.4-patched/jobs.c 2016-11-11 13:42:55.000000000 -0500 +--- jobs.c 2017-02-22 15:16:28.000000000 -0500 +*************** +*** 813,818 **** + struct pidstat *ps; + +! bucket = pshash_getbucket (pid); +! psi = bgp_getindex (); + ps = &bgpids.storage[psi]; + +--- 796,815 ---- + struct pidstat *ps; + +! /* bucket == existing chain of pids hashing to same value +! psi = where were going to put this pid/status */ +! +! bucket = pshash_getbucket (pid); /* index into pidstat_table */ +! psi = bgp_getindex (); /* bgpids.head, index into storage */ +! +! /* XXX - what if psi == *bucket? */ +! if (psi == *bucket) +! { +! #ifdef DEBUG +! internal_warning ("hashed pid %d (pid %d) collides with bgpids.head, skipping", psi, pid); +! #endif +! bgpids.storage[psi].pid = NO_PID; /* make sure */ +! psi = bgp_getindex (); /* skip to next one */ +! } +! + ps = &bgpids.storage[psi]; + +*************** +*** 842,845 **** +--- 839,843 ---- + { + struct pidstat *ps; ++ ps_index_t *bucket; + + ps = &bgpids.storage[psi]; +*************** +*** 847,856 **** + return; + +! if (ps->bucket_next != NO_PID) + bgpids.storage[ps->bucket_next].bucket_prev = ps->bucket_prev; +! if (ps->bucket_prev != NO_PID) + bgpids.storage[ps->bucket_prev].bucket_next = ps->bucket_next; + else +! *(pshash_getbucket (ps->pid)) = ps->bucket_next; + } + +--- 845,861 ---- + return; + +! if (ps->bucket_next != NO_PIDSTAT) + bgpids.storage[ps->bucket_next].bucket_prev = ps->bucket_prev; +! if (ps->bucket_prev != NO_PIDSTAT) + bgpids.storage[ps->bucket_prev].bucket_next = ps->bucket_next; + else +! { +! bucket = pshash_getbucket (ps->pid); +! *bucket = ps->bucket_next; /* deleting chain head in hash table */ +! } +! +! /* clear out this cell, just in case */ +! ps->pid = NO_PID; +! ps->bucket_next = ps->bucket_prev = NO_PIDSTAT; + } + +*************** +*** 859,863 **** + pid_t pid; + { +! ps_index_t psi; + + if (bgpids.storage == 0 || bgpids.nalloc == 0 || bgpids.npid == 0) +--- 864,868 ---- + pid_t pid; + { +! ps_index_t psi, orig_psi; + + if (bgpids.storage == 0 || bgpids.nalloc == 0 || bgpids.npid == 0) +*************** +*** 865,871 **** + + /* Search chain using hash to find bucket in pidstat_table */ +! for (psi = *(pshash_getbucket (pid)); psi != NO_PIDSTAT; psi = bgpids.storage[psi].bucket_next) +! if (bgpids.storage[psi].pid == pid) +! break; + + if (psi == NO_PIDSTAT) +--- 870,883 ---- + + /* Search chain using hash to find bucket in pidstat_table */ +! for (orig_psi = psi = *(pshash_getbucket (pid)); psi != NO_PIDSTAT; psi = bgpids.storage[psi].bucket_next) +! { +! if (bgpids.storage[psi].pid == pid) +! break; +! if (orig_psi == bgpids.storage[psi].bucket_next) /* catch reported bug */ +! { +! internal_warning ("bgp_delete: LOOP: psi (%d) == storage[psi].bucket_next", psi); +! return 0; +! } +! } + + if (psi == NO_PIDSTAT) +*************** +*** 905,909 **** + pid_t pid; + { +! ps_index_t psi; + + if (bgpids.storage == 0 || bgpids.nalloc == 0 || bgpids.npid == 0) +--- 917,921 ---- + pid_t pid; + { +! ps_index_t psi, orig_psi; + + if (bgpids.storage == 0 || bgpids.nalloc == 0 || bgpids.npid == 0) +*************** +*** 911,917 **** + + /* Search chain using hash to find bucket in pidstat_table */ +! for (psi = *(pshash_getbucket (pid)); psi != NO_PIDSTAT; psi = bgpids.storage[psi].bucket_next) +! if (bgpids.storage[psi].pid == pid) +! return (bgpids.storage[psi].status); + + return -1; +--- 923,936 ---- + + /* Search chain using hash to find bucket in pidstat_table */ +! for (orig_psi = psi = *(pshash_getbucket (pid)); psi != NO_PIDSTAT; psi = bgpids.storage[psi].bucket_next) +! { +! if (bgpids.storage[psi].pid == pid) +! return (bgpids.storage[psi].status); +! if (orig_psi == bgpids.storage[psi].bucket_next) /* catch reported bug */ +! { +! internal_warning ("bgp_search: LOOP: psi (%d) == storage[psi].bucket_next", psi); +! return -1; +! } +! } + + return -1; +*** ../bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2016-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 19 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 20 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/SPECS/bash/bash44-021.patch b/SPECS/bash/bash44-021.patch new file mode 100644 index 00000000000..37da331d56b --- /dev/null +++ b/SPECS/bash/bash44-021.patch @@ -0,0 +1,57 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 4.4 +Patch-ID: bash44-021 + +Bug-Reported-by: werner@suse.de +Bug-Reference-ID: <201803281402.w2SE2VOa000476@noether.suse.de> +Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2018-03/msg00196.html + +Bug-Description: + +A SIGINT received inside a SIGINT trap handler can possibly cause the +shell to loop. + +Patch (apply with `patch -p0'): + +*** ../bash-20180329/jobs.c 2018-02-11 18:07:22.000000000 -0500 +--- jobs.c 2018-04-02 14:24:21.000000000 -0400 +*************** +*** 2690,2694 **** + if (job_control == 0 || (subshell_environment&SUBSHELL_COMSUB)) + { +! old_sigint_handler = set_signal_handler (SIGINT, wait_sigint_handler); + waiting_for_child = 0; + if (old_sigint_handler == SIG_IGN) +--- 2690,2704 ---- + if (job_control == 0 || (subshell_environment&SUBSHELL_COMSUB)) + { +! SigHandler *temp_sigint_handler; +! +! temp_sigint_handler = set_signal_handler (SIGINT, wait_sigint_handler); +! if (temp_sigint_handler == wait_sigint_handler) +! { +! #if defined (DEBUG) +! internal_warning ("wait_for: recursively setting old_sigint_handler to wait_sigint_handler: running_trap = %d", running_trap); +! #endif +! } +! else +! old_sigint_handler = temp_sigint_handler; + waiting_for_child = 0; + if (old_sigint_handler == SIG_IGN) +*** ../bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2016-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 20 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 21 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/SPECS/bash/bash44-022.patch b/SPECS/bash/bash44-022.patch new file mode 100644 index 00000000000..f692a2c46f1 --- /dev/null +++ b/SPECS/bash/bash44-022.patch @@ -0,0 +1,61 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 4.4 +Patch-ID: bash44-022 + +Bug-Reported-by: Nuzhna Pomoshch +Bug-Reference-ID: <1317167476.1492079.1495999776464@mail.yahoo.com> +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-readline/2017-05/msg00005.html + +Bug-Description: + +There are cases where a failing readline command (e.g., delete-char at the end +of a line) can cause a multi-character key sequence to `back up' and attempt +to re-read some of the characters in the sequence. + +Patch (apply with `patch -p0'): + +*** ../bash-4.4-patched/lib/readline/readline.c 2016-04-20 15:53:52.000000000 -0400 +--- lib/readline/readline.c 2018-05-26 17:19:00.000000000 -0400 +*************** +*** 1058,1062 **** + r = _rl_dispatch (ANYOTHERKEY, m); + } +! else if (r && map[ANYOTHERKEY].function) + { + /* We didn't match (r is probably -1), so return something to +--- 1056,1060 ---- + r = _rl_dispatch (ANYOTHERKEY, m); + } +! else if (r < 0 && map[ANYOTHERKEY].function) + { + /* We didn't match (r is probably -1), so return something to +*************** +*** 1070,1074 **** + return -2; + } +! else if (r && got_subseq) + { + /* OK, back up the chain. */ +--- 1068,1072 ---- + return -2; + } +! else if (r < 0 && got_subseq) /* XXX */ + { + /* OK, back up the chain. */ +*** ../bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2016-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 21 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 22 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/SPECS/bash/bash44-023.patch b/SPECS/bash/bash44-023.patch new file mode 100644 index 00000000000..dd8d75d9bc7 --- /dev/null +++ b/SPECS/bash/bash44-023.patch @@ -0,0 +1,52 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 4.4 +Patch-ID: bash44-023 + +Bug-Reported-by: Martijn Dekker +Bug-Reference-ID: <5326d6b9-2625-1d32-3e6e-ad1d15462c09@inlv.org> +Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2016-11/msg00041.html + +Bug-Description: + +When sourcing a file from an interactive shell, setting the SIGINT handler +to the default and typing ^C will cause the shell to exit. + +Patch (apply with `patch -p0'): + +*** ../bash-4.4-patched/builtins/trap.def 2016-01-25 13:32:38.000000000 -0500 +--- builtins/trap.def 2016-11-06 12:04:35.000000000 -0500 +*************** +*** 99,102 **** +--- 99,103 ---- + + extern int posixly_correct, subshell_environment; ++ extern int sourcelevel, running_trap; + + int +*************** +*** 213,216 **** +--- 214,220 ---- + if (interactive) + set_signal_handler (SIGINT, sigint_sighandler); ++ /* special cases for interactive == 0 */ ++ else if (interactive_shell && (sourcelevel||running_trap)) ++ set_signal_handler (SIGINT, sigint_sighandler); + else + set_signal_handler (SIGINT, termsig_sighandler); +*** ../bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2016-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 22 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 23 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/SPECS/blobfuse/blobfuse.spec b/SPECS/blobfuse/blobfuse.spec index 2a9713f6f35..a8c62c90814 100644 --- a/SPECS/blobfuse/blobfuse.spec +++ b/SPECS/blobfuse/blobfuse.spec @@ -1,7 +1,7 @@ Summary: FUSE adapter - Azure Storage Blobs Name: blobfuse Version: 1.3.6 -Release: 5%{?dist} +Release: 6%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -47,6 +47,9 @@ rm -rf %{buildroot} %{_bindir}/blobfuse %changelog +* Wed Jan 19 2022 Henry Li - 1.3.6-6 +- Increment release for force republishing using golang 1.16.12 + * Tue Nov 02 2021 Thomas Crain - 1.3.6-5 - Increment release for force republishing using golang 1.16.9 diff --git a/SPECS/cni/cni.spec b/SPECS/cni/cni.spec index 20c6f83c585..bbc813aa645 100644 --- a/SPECS/cni/cni.spec +++ b/SPECS/cni/cni.spec @@ -3,7 +3,7 @@ Summary: Container Network Interface (CNI) plugins Name: cni Version: 0.9.1 -Release: 2%{?dist} +Release: 3%{?dist} License: ASL 2.0 URL: https://github.com/containernetworking/plugins #Source0: https://github.com/containernetworking/plugins/archive/refs/tags/v0.9.1.tar.gz @@ -42,6 +42,9 @@ install -vpm 0755 -t %{buildroot}%{_default_cni_plugins_dir} bin/* %{_default_cni_plugins_dir}/* %changelog +* Wed Jan 19 2022 Henry Li - 0.9.1-3 +- Increment release for force republishing using golang 1.16.12 + * Tue Nov 02 2021 Thomas Crain - 0.9.1-2 - Increment release for force republishing using golang 1.16.9 diff --git a/SPECS/coredns/coredns-1.7.0.spec b/SPECS/coredns/coredns-1.7.0.spec index 8832083181a..ad23ad01840 100644 --- a/SPECS/coredns/coredns-1.7.0.spec +++ b/SPECS/coredns/coredns-1.7.0.spec @@ -3,7 +3,7 @@ Summary: Fast and flexible DNS server Name: coredns Version: 1.7.0 -Release: 5%{?dist} +Release: 6%{?dist} License: Apache License 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -61,6 +61,9 @@ rm -rf %{buildroot}/* %{_bindir}/%{name} %changelog +* Wed Jan 19 2022 Henry Li - 1.7.0-6 +- Increment release for force republishing using golang 1.16.12 + * Tue Nov 02 2021 Thomas Crain - 1.7.0-5 - Increment release for force republishing using golang 1.16.9 diff --git a/SPECS/coredns/coredns-1.8.0.spec b/SPECS/coredns/coredns-1.8.0.spec index d992e1f5955..1b67e5f6aee 100644 --- a/SPECS/coredns/coredns-1.8.0.spec +++ b/SPECS/coredns/coredns-1.8.0.spec @@ -3,7 +3,7 @@ Summary: Fast and flexible DNS server Name: coredns Version: 1.8.0 -Release: 2%{?dist} +Release: 3%{?dist} License: Apache License 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -61,6 +61,9 @@ rm -rf %{buildroot}/* %{_bindir}/%{name} %changelog +* Wed Jan 19 2022 Henry Li - 1.8.0-3 +- Increment release for force republishing using golang 1.16.12 + * Tue Nov 02 2021 Thomas Crain - 1.8.0-2 - Increment release for force republishing using golang 1.16.9 diff --git a/SPECS/coredns/coredns-1.8.4.spec b/SPECS/coredns/coredns-1.8.4.spec index 7ccb85cc7a2..56de9e3d09e 100644 --- a/SPECS/coredns/coredns-1.8.4.spec +++ b/SPECS/coredns/coredns-1.8.4.spec @@ -3,7 +3,7 @@ Summary: Fast and flexible DNS server Name: coredns Version: 1.8.4 -Release: 1%{?dist} +Release: 2%{?dist} License: Apache License 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -61,6 +61,9 @@ rm -rf %{buildroot}/* %{_bindir}/%{name} %changelog +* Wed Jan 19 2022 Henry Li - 1.8.4-2 +- Increment release for force republishing using golang 1.16.12 + * Tue Dec 28 2021 Nicolas Guibourge - 1.8.4-1 - Update to version "1.8.4". diff --git a/SPECS/cri-tools/cri-tools.spec b/SPECS/cri-tools/cri-tools.spec index 71117fafa55..96caddd1371 100644 --- a/SPECS/cri-tools/cri-tools.spec +++ b/SPECS/cri-tools/cri-tools.spec @@ -3,7 +3,7 @@ Summary: CRI tools Name: cri-tools Version: 1.22.0 -Release: 2%{?dist} +Release: 3%{?dist} License: ASL 2.0 URL: https://github.com/kubernetes-sigs/cri-tools #Source0: https://github.com/kubernetes-sigs/cri-tools/archive/v%{version}.tar.gz @@ -55,6 +55,9 @@ install -p -m 644 -t %{buildroot}%{_docdir}/%{name} ./docs/crictl.md rm -rf %{buildroot}/* %changelog +* Wed Jan 19 2022 Henry Li - 1.22.0-3 +- Increment release for force republishing using golang 1.16.12 + * Tue Nov 02 2021 Thomas Crain - 1.22.0-2 - Increment release for force republishing using golang 1.16.9 diff --git a/SPECS/erlang/erlang.signatures.json b/SPECS/erlang/erlang.signatures.json index 4dc97e2cac3..b8db20cf1eb 100644 --- a/SPECS/erlang/erlang.signatures.json +++ b/SPECS/erlang/erlang.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "otp-OTP-22.0.7.tar.gz": "04c090b55ec4a01778e7e1a5b7fdf54012548ca72737965b7aa8c4d7878c92bc" + "otp-OTP-24.2.tar.gz": "0b9c9ba7d8b40f6c77d529e07561b10f0914d2bfe9023294d7eda85b62936792" } } \ No newline at end of file diff --git a/SPECS/erlang/erlang.spec b/SPECS/erlang/erlang.spec index eb8bb731dea..c916b4601bf 100644 --- a/SPECS/erlang/erlang.spec +++ b/SPECS/erlang/erlang.spec @@ -1,8 +1,8 @@ %define debug_package %{nil} Name: erlang Summary: erlang -Version: 22.0.7 -Release: 2%{?dist} +Version: 24.2 +Release: 1%{?dist} Group: Development/Languages Vendor: Microsoft Corporation Distribution: Mariner @@ -26,7 +26,7 @@ make %install -make install DESTDIR=$RPM_BUILD_ROOT +make install DESTDIR=%{buildroot} %post @@ -39,6 +39,9 @@ make install DESTDIR=$RPM_BUILD_ROOT %exclude %{_libdir}/debug %changelog +* Wed Jan 19 2022 Cameron Baird - 24.2-1 +- Update source to 24.2 + * Sat May 09 2020 Nick Samson - 22.0.7-2 - Added %%license line automatically diff --git a/SPECS/etcd/etcd-3.4.13.spec b/SPECS/etcd/etcd-3.4.13.spec index 714be511476..0b00c70b597 100644 --- a/SPECS/etcd/etcd-3.4.13.spec +++ b/SPECS/etcd/etcd-3.4.13.spec @@ -1,13 +1,13 @@ Summary: A highly-available key value store for shared configuration Name: etcd Version: 3.4.13 -Release: 6%{?dist} +Release: 7%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner Group: System Environment/Security URL: https://github.com/etcd-io/etcd/ -#Source0: https://github.com/etcd-io/%{name}/archive/v%{version}.tar.gz +#Source0: https://github.com/etcd-io/etcd/archive/refs/tags/v%{version}.tar.gz Source0: %{name}-%{version}.tar.gz Source1: etcd.service BuildRequires: git @@ -93,6 +93,10 @@ rm -rf %{buildroot}/* %{_bindir}/etcd-dump-* %changelog +* Wed Jan 19 2022 Henry Li - 3.4.13-7 +- Increment release for force republishing using golang 1.16.12 +- Update Source0 URL + * Tue Nov 02 2021 Thomas Crain - 3.4.13-6 - Increment release for force republishing using golang 1.16.9 diff --git a/SPECS/etcd/etcd-3.5.0.spec b/SPECS/etcd/etcd-3.5.0.spec index acc5c84db4b..14d303940f9 100644 --- a/SPECS/etcd/etcd-3.5.0.spec +++ b/SPECS/etcd/etcd-3.5.0.spec @@ -1,7 +1,7 @@ Summary: A highly-available key value store for shared configuration Name: etcd Version: 3.5.0 -Release: 1%{?dist} +Release: 2%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -141,6 +141,9 @@ rm -rf %{buildroot}/* /%{_docdir}/%{name}-%{version}-tools/* %changelog +* Wed Jan 19 2022 Henry Li - 3.5.0-2 +- Increment release for force republishing using golang 1.16.12 + * Tue Dec 28 2021 Nicolas Guibourge - 3.5.0-1 - Upgrade to version 3.5.0 diff --git a/SPECS/expat/CVE-2022-22822.patch b/SPECS/expat/CVE-2022-22822.patch deleted file mode 100644 index fef8c500655..00000000000 --- a/SPECS/expat/CVE-2022-22822.patch +++ /dev/null @@ -1,253 +0,0 @@ -From 308d60fecf09870b99fabdf60e86115302b4506a Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Thu, 30 Dec 2021 22:46:03 +0100 -Subject: [PATCH] lib: Prevent integer overflow at multiple places - (CVE-2022-22822 to CVE-2022-22827) - -The involved functions are: -- addBinding (CVE-2022-22822) -- build_model (CVE-2022-22823) -- defineAttribute (CVE-2022-22824) -- lookup (CVE-2022-22825) -- nextScaffoldPart (CVE-2022-22826) -- storeAtts (CVE-2022-22827) ---- - lib/xmlparse.c | 153 ++++++++++++++++++++++++++++++++++++++++++++++++- - 1 file changed, 151 insertions(+), 2 deletions(-) - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 5ba56ea..5eef168 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -3260,13 +3260,38 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr, - - /* get the attributes from the tokenizer */ - n = XmlGetAttributes(enc, attStr, parser->m_attsSize, parser->m_atts); -+ -+ /* Detect and prevent integer overflow */ -+ if (n > INT_MAX - nDefaultAtts) { -+ return XML_ERROR_NO_MEMORY; -+ } -+ - if (n + nDefaultAtts > parser->m_attsSize) { - int oldAttsSize = parser->m_attsSize; - ATTRIBUTE *temp; - #ifdef XML_ATTR_INFO - XML_AttrInfo *temp2; - #endif -+ -+ /* Detect and prevent integer overflow */ -+ if ((nDefaultAtts > INT_MAX - INIT_ATTS_SIZE) -+ || (n > INT_MAX - (nDefaultAtts + INIT_ATTS_SIZE))) { -+ return XML_ERROR_NO_MEMORY; -+ } -+ - parser->m_attsSize = n + nDefaultAtts + INIT_ATTS_SIZE; -+ -+ /* Detect and prevent integer overflow. -+ * The preprocessor guard addresses the "always false" warning -+ * from -Wtype-limits on platforms where -+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ -+#if UINT_MAX >= SIZE_MAX -+ if ((unsigned)parser->m_attsSize > (size_t)(-1) / sizeof(ATTRIBUTE)) { -+ parser->m_attsSize = oldAttsSize; -+ return XML_ERROR_NO_MEMORY; -+ } -+#endif -+ - temp = (ATTRIBUTE *)REALLOC(parser, (void *)parser->m_atts, - parser->m_attsSize * sizeof(ATTRIBUTE)); - if (temp == NULL) { -@@ -3275,6 +3300,17 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr, - } - parser->m_atts = temp; - #ifdef XML_ATTR_INFO -+ /* Detect and prevent integer overflow. -+ * The preprocessor guard addresses the "always false" warning -+ * from -Wtype-limits on platforms where -+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ -+# if UINT_MAX >= SIZE_MAX -+ if ((unsigned)parser->m_attsSize > (size_t)(-1) / sizeof(XML_AttrInfo)) { -+ parser->m_attsSize = oldAttsSize; -+ return XML_ERROR_NO_MEMORY; -+ } -+# endif -+ - temp2 = (XML_AttrInfo *)REALLOC(parser, (void *)parser->m_attInfo, - parser->m_attsSize * sizeof(XML_AttrInfo)); - if (temp2 == NULL) { -@@ -3582,9 +3618,31 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr, - tagNamePtr->prefixLen = prefixLen; - for (i = 0; localPart[i++];) - ; /* i includes null terminator */ -+ -+ /* Detect and prevent integer overflow */ -+ if (binding->uriLen > INT_MAX - prefixLen -+ || i > INT_MAX - (binding->uriLen + prefixLen)) { -+ return XML_ERROR_NO_MEMORY; -+ } -+ - n = i + binding->uriLen + prefixLen; - if (n > binding->uriAlloc) { - TAG *p; -+ -+ /* Detect and prevent integer overflow */ -+ if (n > INT_MAX - EXPAND_SPARE) { -+ return XML_ERROR_NO_MEMORY; -+ } -+ /* Detect and prevent integer overflow. -+ * The preprocessor guard addresses the "always false" warning -+ * from -Wtype-limits on platforms where -+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ -+#if UINT_MAX >= SIZE_MAX -+ if ((unsigned)(n + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) { -+ return XML_ERROR_NO_MEMORY; -+ } -+#endif -+ - uri = (XML_Char *)MALLOC(parser, (n + EXPAND_SPARE) * sizeof(XML_Char)); - if (! uri) - return XML_ERROR_NO_MEMORY; -@@ -3680,6 +3738,21 @@ addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId, - if (parser->m_freeBindingList) { - b = parser->m_freeBindingList; - if (len > b->uriAlloc) { -+ /* Detect and prevent integer overflow */ -+ if (len > INT_MAX - EXPAND_SPARE) { -+ return XML_ERROR_NO_MEMORY; -+ } -+ -+ /* Detect and prevent integer overflow. -+ * The preprocessor guard addresses the "always false" warning -+ * from -Wtype-limits on platforms where -+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ -+#if UINT_MAX >= SIZE_MAX -+ if ((unsigned)(len + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) { -+ return XML_ERROR_NO_MEMORY; -+ } -+#endif -+ - XML_Char *temp = (XML_Char *)REALLOC( - parser, b->uri, sizeof(XML_Char) * (len + EXPAND_SPARE)); - if (temp == NULL) -@@ -3692,6 +3765,21 @@ addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId, - b = (BINDING *)MALLOC(parser, sizeof(BINDING)); - if (! b) - return XML_ERROR_NO_MEMORY; -+ -+ /* Detect and prevent integer overflow */ -+ if (len > INT_MAX - EXPAND_SPARE) { -+ return XML_ERROR_NO_MEMORY; -+ } -+ /* Detect and prevent integer overflow. -+ * The preprocessor guard addresses the "always false" warning -+ * from -Wtype-limits on platforms where -+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ -+#if UINT_MAX >= SIZE_MAX -+ if ((unsigned)(len + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) { -+ return XML_ERROR_NO_MEMORY; -+ } -+#endif -+ - b->uri - = (XML_Char *)MALLOC(parser, sizeof(XML_Char) * (len + EXPAND_SPARE)); - if (! b->uri) { -@@ -6098,7 +6186,24 @@ defineAttribute(ELEMENT_TYPE *type, ATTRIBUTE_ID *attId, XML_Bool isCdata, - } - } else { - DEFAULT_ATTRIBUTE *temp; -+ -+ /* Detect and prevent integer overflow */ -+ if (type->allocDefaultAtts > INT_MAX / 2) { -+ return 0; -+ } -+ - int count = type->allocDefaultAtts * 2; -+ -+ /* Detect and prevent integer overflow. -+ * The preprocessor guard addresses the "always false" warning -+ * from -Wtype-limits on platforms where -+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ -+#if UINT_MAX >= SIZE_MAX -+ if ((unsigned)count > (size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE)) { -+ return 0; -+ } -+#endif -+ - temp = (DEFAULT_ATTRIBUTE *)REALLOC(parser, type->defaultAtts, - (count * sizeof(DEFAULT_ATTRIBUTE))); - if (temp == NULL) -@@ -6749,8 +6854,20 @@ lookup(XML_Parser parser, HASH_TABLE *table, KEY name, size_t createSize) { - /* check for overflow (table is half full) */ - if (table->used >> (table->power - 1)) { - unsigned char newPower = table->power + 1; -+ -+ /* Detect and prevent invalid shift */ -+ if (newPower >= sizeof(unsigned long) * 8 /* bits per byte */) { -+ return NULL; -+ } -+ - size_t newSize = (size_t)1 << newPower; - unsigned long newMask = (unsigned long)newSize - 1; -+ -+ /* Detect and prevent integer overflow */ -+ if (newSize > (size_t)(-1) / sizeof(NAMED *)) { -+ return NULL; -+ } -+ - size_t tsize = newSize * sizeof(NAMED *); - NAMED **newV = (NAMED **)table->mem->malloc_fcn(tsize); - if (! newV) -@@ -7100,6 +7217,20 @@ nextScaffoldPart(XML_Parser parser) { - if (dtd->scaffCount >= dtd->scaffSize) { - CONTENT_SCAFFOLD *temp; - if (dtd->scaffold) { -+ /* Detect and prevent integer overflow */ -+ if (dtd->scaffSize > UINT_MAX / 2u) { -+ return -1; -+ } -+ /* Detect and prevent integer overflow. -+ * The preprocessor guard addresses the "always false" warning -+ * from -Wtype-limits on platforms where -+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ -+#if UINT_MAX >= SIZE_MAX -+ if (dtd->scaffSize > (size_t)(-1) / 2u / sizeof(CONTENT_SCAFFOLD)) { -+ return -1; -+ } -+#endif -+ - temp = (CONTENT_SCAFFOLD *)REALLOC( - parser, dtd->scaffold, dtd->scaffSize * 2 * sizeof(CONTENT_SCAFFOLD)); - if (temp == NULL) -@@ -7169,8 +7300,26 @@ build_model(XML_Parser parser) { - XML_Content *ret; - XML_Content *cpos; - XML_Char *str; -- int allocsize = (dtd->scaffCount * sizeof(XML_Content) -- + (dtd->contentStringLen * sizeof(XML_Char))); -+ -+ /* Detect and prevent integer overflow. -+ * The preprocessor guard addresses the "always false" warning -+ * from -Wtype-limits on platforms where -+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ -+#if UINT_MAX >= SIZE_MAX -+ if (dtd->scaffCount > (size_t)(-1) / sizeof(XML_Content)) { -+ return NULL; -+ } -+ if (dtd->contentStringLen > (size_t)(-1) / sizeof(XML_Char)) { -+ return NULL; -+ } -+#endif -+ if (dtd->scaffCount * sizeof(XML_Content) -+ > (size_t)(-1) - dtd->contentStringLen * sizeof(XML_Char)) { -+ return NULL; -+ } -+ -+ const size_t allocsize = (dtd->scaffCount * sizeof(XML_Content) -+ + (dtd->contentStringLen * sizeof(XML_Char))); - - ret = (XML_Content *)MALLOC(parser, allocsize); - if (! ret) --- -2.17.1 - diff --git a/SPECS/expat/CVE-2022-22823.nopatch b/SPECS/expat/CVE-2022-22823.nopatch deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/SPECS/expat/CVE-2022-22824.nopatch b/SPECS/expat/CVE-2022-22824.nopatch deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/SPECS/expat/CVE-2022-22825.nopatch b/SPECS/expat/CVE-2022-22825.nopatch deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/SPECS/expat/CVE-2022-22826.nopatch b/SPECS/expat/CVE-2022-22826.nopatch deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/SPECS/expat/CVE-2022-22827.nopatch b/SPECS/expat/CVE-2022-22827.nopatch deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/SPECS/expat/expat.signatures.json b/SPECS/expat/expat.signatures.json index 9c2aab36d82..3ae9e27c431 100644 --- a/SPECS/expat/expat.signatures.json +++ b/SPECS/expat/expat.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "expat-2.4.1.tar.bz2": "2f9b6a580b94577b150a7d5617ad4643a4301a6616ff459307df3e225bcfbf40" + "expat-2.4.3.tar.bz2": "6f262e216a494fbf42d8c22bc841b3e117c21f2467a19dc4c27c991b5622f986" } } \ No newline at end of file diff --git a/SPECS/expat/expat.spec b/SPECS/expat/expat.spec index e32e12b3cf5..0b5fee0b41d 100644 --- a/SPECS/expat/expat.spec +++ b/SPECS/expat/expat.spec @@ -1,20 +1,14 @@ %global underscore_version $(echo %{version} | cut -d. -f1-3 --output-delimiter="_") Summary: An XML parser library Name: expat -Version: 2.4.1 -Release: 2%{?dist} +Version: 2.4.3 +Release: 1%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner Group: System Environment/GeneralLibraries URL: https://libexpat.github.io/ Source0: https://github.com/libexpat/libexpat/releases/download/R_%{underscore_version}/%{name}-%{version}.tar.bz2 -Patch0: CVE-2022-22822.patch -Patch1000: CVE-2022-22823.nopatch -Patch1001: CVE-2022-22824.nopatch -Patch1002: CVE-2022-22825.nopatch -Patch1003: CVE-2022-22826.nopatch -Patch1004: CVE-2022-22827.nopatch Requires: %{name}-libs = %{version}-%{release} %description @@ -71,6 +65,11 @@ rm -rf %{buildroot}/%{_docdir}/%{name} %{_libdir}/libexpat.so.1* %changelog +* Sun Jan 16 2022 Rachel Menge - 2.4.3-1 +- Update source to 2.4.3 to address CVE-2021-46143, CVE-2021-45960, + CVE-2022-22822 to CVE-2022-22827 +- Remove patches for CVE-2022-22822 to CVE-2022-22827 + * Fri Jan 14 2022 Rachel Menge - 2.4.1-2 - Apply CVE-2022-22822.patch which addresses CVE-2022-22822 to CVE-2022-22827 diff --git a/SPECS/flannel/flannel.spec b/SPECS/flannel/flannel.spec index 0ec95d03a02..6c66e32ae97 100644 --- a/SPECS/flannel/flannel.spec +++ b/SPECS/flannel/flannel.spec @@ -4,7 +4,7 @@ Summary: Simple and easy way to configure a layer 3 network fabric designed for Kubernetes Name: flannel Version: 0.14.0 -Release: 2%{?dist} +Release: 3%{?dist} License: Apache License 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -50,6 +50,9 @@ rm -rf %{buildroot}/* %{_bindir}/flanneld %changelog +* Wed Jan 19 2022 Henry Li - 0.14.0-3 +- Increment release for force republishing using golang 1.16.12 + * Tue Nov 02 2021 Thomas Crain - 0.14.0-2 - Increment release for force republishing using golang 1.16.9 diff --git a/SPECS/glide/glide.spec b/SPECS/glide/glide.spec index b7a004769cf..cae221c2a07 100644 --- a/SPECS/glide/glide.spec +++ b/SPECS/glide/glide.spec @@ -1,7 +1,7 @@ Summary: Vendor Package Management for Golang Name: glide Version: 0.13.3 -Release: 7%{?dist} +Release: 8%{?dist} License: MIT URL: https://github.com/Masterminds/glide # Source0: https://github.com/Masterminds/%{name}/archive/v%{version}.tar.gz @@ -53,6 +53,9 @@ popd %{_bindir}/glide %changelog +* Wed Jan 19 2022 Henry Li - 0.13.3-8 +- Increment release for force republishing using golang 1.16.12 + * Tue Nov 02 2021 Thomas Crain - 0.13.3-7 - Increment release for force republishing using golang 1.16.9 diff --git a/SPECS/go-md2man/go-md2man.spec b/SPECS/go-md2man/go-md2man.spec index 5ec759179a2..d9421701aa5 100644 --- a/SPECS/go-md2man/go-md2man.spec +++ b/SPECS/go-md2man/go-md2man.spec @@ -1,7 +1,7 @@ Summary: Converts markdown into roff (man pages) Name: go-md2man Version: 2.0.0 -Release: 8%{?dist} +Release: 9%{?dist} License: MIT Group: Tools/Container @@ -49,6 +49,9 @@ cp go-md2man-2.0.0/LICENSE.md %{buildroot}/usr/share/doc/%{name}-%{version}/LICE %{_bindir}/go-md2man %changelog +* Wed Jan 19 2022 Henry Li - 2.0.0-9 +- Increment release for force republishing using golang 1.16.12 + * Tue Nov 02 2021 Thomas Crain - 2.0.0-8 - Increment release for force republishing using golang 1.16.9 diff --git a/SPECS/gobject-introspection/gobject-introspection.spec b/SPECS/gobject-introspection/gobject-introspection.spec index 7425b50e852..fdb773f5145 100644 --- a/SPECS/gobject-introspection/gobject-introspection.spec +++ b/SPECS/gobject-introspection/gobject-introspection.spec @@ -5,7 +5,7 @@ Name: gobject-introspection Summary: Introspection system for GObject-based libraries %define BaseVersion 1.58 Version: %{BaseVersion}.0 -Release: 12%{?dist} +Release: 13%{?dist} Group: Development/Libraries License: GPLv2+ and LGPLv2+ and MIT URL: https://github.com/GNOME/gobject-introspection @@ -139,6 +139,9 @@ make %{?_smp_mflags} check %doc %{_mandir}/man1/*.gz %changelog +* Wed Jan 19 2022 Henry Li - 1.58.0-13 +- Increment release for force republishing using golang 1.16.12 + * Tue Nov 02 2021 Thomas Crain - 1.58.0-12 - Increment release for force republishing using golang 1.16.9 diff --git a/SPECS/golang/golang-1.16.signatures.json b/SPECS/golang/golang-1.16.signatures.json index 2c843d760ec..ff40e9bb93b 100644 --- a/SPECS/golang/golang-1.16.signatures.json +++ b/SPECS/golang/golang-1.16.signatures.json @@ -1,6 +1,6 @@ { "Signatures": { - "go1.16.10.src.tar.gz": "a905472011585e403d00d2a41de7ced29b8884309d73482a307f689fd0f320b5", + "go1.16.12.src.tar.gz": "2afd839dcb76d2bb082c502c01a0a5cdbfc09fd630757835363c4fde8e2fbfe8", "go1.4-bootstrap-20171003.tar.gz": "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52" } -} +} \ No newline at end of file diff --git a/SPECS/golang/golang-1.16.spec b/SPECS/golang/golang-1.16.spec index 44ab1d08797..f5e2cf7a952 100644 --- a/SPECS/golang/golang-1.16.spec +++ b/SPECS/golang/golang-1.16.spec @@ -12,7 +12,7 @@ %define __find_requires %{nil} Summary: Go Name: golang -Version: 1.16.10 +Version: 1.16.12 Release: 1%{?dist} License: BSD Vendor: Microsoft Corporation @@ -118,6 +118,9 @@ fi %{_bindir}/* %changelog +* Tue Jan 18 2022 Henry Li - 1.16.12-1 +- Upgrade to version 1.16.12 to resolve CVE-2021-44716 + * Thu Nov 11 2021 Nick Samson - 1.16.10-1 - Updated to version 1.16.10 to fix CVE-2021-41771 and CVE-2021-41772 diff --git a/SPECS/helm/helm.spec b/SPECS/helm/helm.spec index e8c8842eb8a..55d903b5720 100644 --- a/SPECS/helm/helm.spec +++ b/SPECS/helm/helm.spec @@ -2,7 +2,7 @@ Summary: The Kubernetes Package Manager Name: helm Version: 3.4.1 -Release: 5%{?dist} +Release: 6%{?dist} License: Apache 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -52,6 +52,9 @@ install -m 755 ./helm %{buildroot}%{_bindir} %{_bindir}/helm %changelog +* Wed Jan 19 2022 Henry Li - 3.4.1-6 +- Increment release for force republishing using golang 1.16.12 + * Tue Nov 02 2021 Thomas Crain - 3.4.1-5 - Increment release for force republishing using golang 1.16.9 diff --git a/SPECS/hyperv-daemons/0002-add-linux-syscall-license-info.patch b/SPECS/hyperv-daemons/0002-add-linux-syscall-license-info.patch deleted file mode 100644 index 49982cb6b31..00000000000 --- a/SPECS/hyperv-daemons/0002-add-linux-syscall-license-info.patch +++ /dev/null @@ -1,22 +0,0 @@ -From aef4c9944d4dd8f5686823aa74fb54505a6983b4 Mon Sep 17 00:00:00 2001 -From: Rachel -Date: Tue, 9 Nov 2021 12:21:01 -0500 -Subject: [PATCH] Add license info - ---- - include/uapi/misc/d3dkmthk.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/include/uapi/misc/d3dkmthk.h b/include/uapi/misc/d3dkmthk.h -index e752fd5c87d0..bf4fc7228bac 100644 ---- a/include/uapi/misc/d3dkmthk.h -+++ b/include/uapi/misc/d3dkmthk.h -@@ -1,4 +1,4 @@ --/* SPDX-License-Identifier: GPL-2.0 */ -+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ - - /* - * Copyright (c) 2019, Microsoft Corporation. --- -2.17.1 - diff --git a/SPECS/hyperv-daemons/hyperv-daemons.signatures.json b/SPECS/hyperv-daemons/hyperv-daemons.signatures.json index 7077138a981..be023c0bdda 100644 --- a/SPECS/hyperv-daemons/hyperv-daemons.signatures.json +++ b/SPECS/hyperv-daemons/hyperv-daemons.signatures.json @@ -7,6 +7,6 @@ "hypervkvpd.service": "25339871302f7a47e1aecfa9fc2586c78bc37edb98773752f0a5dec30f0ed3a1", "hypervvss.rules": "94cead44245ef6553ab79c0bbac8419e3ff4b241f01bcec66e6f508098cbedd1", "hypervvssd.service": "22270d9f0f23af4ea7905f19c1d5d5495e40c1f782cbb87a99f8aec5a011078d", - "kernel-5.10.88.1.tar.gz": "ff8be30666cd7899c36a50ef0d92e24ebfa58878b55ebc30483eb14ebb56546f" + "kernel-5.10.89.1.tar.gz": "e7d4ea0eff5635c8be7c8aa7792da2dc5daee6dff374fafa2ae3cf59159c7c4d" } } \ No newline at end of file diff --git a/SPECS/hyperv-daemons/hyperv-daemons.spec b/SPECS/hyperv-daemons/hyperv-daemons.spec index 1161858b86a..7102207b563 100644 --- a/SPECS/hyperv-daemons/hyperv-daemons.spec +++ b/SPECS/hyperv-daemons/hyperv-daemons.spec @@ -8,7 +8,7 @@ %global udev_prefix 70 Summary: Hyper-V daemons suite Name: hyperv-daemons -Version: 5.10.88.1 +Version: 5.10.89.1 Release: 1%{?dist} License: GPLv2+ Vendor: Microsoft Corporation @@ -28,8 +28,7 @@ Source102: hypervvss.rules Source201: hypervfcopyd.service Source202: hypervfcopy.rules Patch0: 0001-clocksource-drivers-hyper-v-Re-enable-VDSO_CLOCKMODE.patch -Patch1: 0002-add-linux-syscall-license-info.patch -Patch2: CVE-2021-43976.patch +Patch1: CVE-2021-43976.patch BuildRequires: gcc Requires: hypervfcopyd = %{version}-%{release} Requires: hypervkvpd = %{version}-%{release} @@ -109,7 +108,6 @@ Contains tools and scripts useful for Hyper-V guests. %setup -q -n CBL-Mariner-Linux-Kernel-rolling-lts-mariner-%{version} %patch0 -p1 %patch1 -p1 -%patch2 -p1 %build pushd tools/hv @@ -225,6 +223,10 @@ fi %{_sbindir}/lsvmbus %changelog +* Sun Jan 16 2022 Rachel Menge - 5.10.89.1-1 +- Update source to 5.10.89.1 +- Remove patch add-linux-syscall-license-info.patch + * Mon Jan 03 2022 Cameron Baird - 5.10.88.1-1 - Update Kernel source to 5.10.88.1 - Apply patch to address CVE-2021-43976 diff --git a/SPECS/kernel-headers/0002-add-linux-syscall-license-info.patch b/SPECS/kernel-headers/0002-add-linux-syscall-license-info.patch deleted file mode 100644 index 49982cb6b31..00000000000 --- a/SPECS/kernel-headers/0002-add-linux-syscall-license-info.patch +++ /dev/null @@ -1,22 +0,0 @@ -From aef4c9944d4dd8f5686823aa74fb54505a6983b4 Mon Sep 17 00:00:00 2001 -From: Rachel -Date: Tue, 9 Nov 2021 12:21:01 -0500 -Subject: [PATCH] Add license info - ---- - include/uapi/misc/d3dkmthk.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/include/uapi/misc/d3dkmthk.h b/include/uapi/misc/d3dkmthk.h -index e752fd5c87d0..bf4fc7228bac 100644 ---- a/include/uapi/misc/d3dkmthk.h -+++ b/include/uapi/misc/d3dkmthk.h -@@ -1,4 +1,4 @@ --/* SPDX-License-Identifier: GPL-2.0 */ -+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ - - /* - * Copyright (c) 2019, Microsoft Corporation. --- -2.17.1 - diff --git a/SPECS/kernel-headers/kernel-headers.signatures.json b/SPECS/kernel-headers/kernel-headers.signatures.json index f1af288f00f..0f32746c6a0 100644 --- a/SPECS/kernel-headers/kernel-headers.signatures.json +++ b/SPECS/kernel-headers/kernel-headers.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "kernel-5.10.88.1.tar.gz": "ff8be30666cd7899c36a50ef0d92e24ebfa58878b55ebc30483eb14ebb56546f" + "kernel-5.10.89.1.tar.gz": "e7d4ea0eff5635c8be7c8aa7792da2dc5daee6dff374fafa2ae3cf59159c7c4d" } } \ No newline at end of file diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec index aaf499316fc..17a01ef9ce6 100644 --- a/SPECS/kernel-headers/kernel-headers.spec +++ b/SPECS/kernel-headers/kernel-headers.spec @@ -1,6 +1,6 @@ Summary: Linux API header files Name: kernel-headers -Version: 5.10.88.1 +Version: 5.10.89.1 Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation @@ -10,8 +10,7 @@ URL: https://github.com/microsoft/CBL-Mariner-Linux-Kernel #Source0: https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/%%{version}.tar.gz Source0: kernel-%{version}.tar.gz Patch0: 0001-clocksource-drivers-hyper-v-Re-enable-VDSO_CLOCKMODE.patch -Patch1: 0002-add-linux-syscall-license-info.patch -Patch2: CVE-2021-43976.patch +Patch1: CVE-2021-43976.patch BuildArch: noarch %description @@ -21,7 +20,6 @@ The Linux API Headers expose the kernel's API for use by Glibc. %setup -q -n CBL-Mariner-Linux-Kernel-rolling-lts-mariner-%{version} %patch0 -p1 %patch1 -p1 -%patch2 -p1 %build make mrproper @@ -41,6 +39,16 @@ cp -rv usr/include/* /%{buildroot}%{_includedir} %{_includedir}/* %changelog +* Thu Jan 20 2022 Chris Co - 5.10.89.1-2 +- Bump release number to match kernel release + +* Sun Jan 16 2022 Rachel Menge - 5.10.89.1-1 +- Update source to 5.10.89.1 +- Remove patch add-linux-syscall-license-info.patch + +* Fri Jan 14 2022 Henry Li - 5.10.88.1-3 +- Bump release number to match kernel release + * Wed Jan 12 2022 Cameron Baird - 5.10.88.1-2 - Bump release number to match kernel release diff --git a/SPECS/kernel-hyperv/0002-add-linux-syscall-license-info.patch b/SPECS/kernel-hyperv/0002-add-linux-syscall-license-info.patch deleted file mode 100644 index 49982cb6b31..00000000000 --- a/SPECS/kernel-hyperv/0002-add-linux-syscall-license-info.patch +++ /dev/null @@ -1,22 +0,0 @@ -From aef4c9944d4dd8f5686823aa74fb54505a6983b4 Mon Sep 17 00:00:00 2001 -From: Rachel -Date: Tue, 9 Nov 2021 12:21:01 -0500 -Subject: [PATCH] Add license info - ---- - include/uapi/misc/d3dkmthk.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/include/uapi/misc/d3dkmthk.h b/include/uapi/misc/d3dkmthk.h -index e752fd5c87d0..bf4fc7228bac 100644 ---- a/include/uapi/misc/d3dkmthk.h -+++ b/include/uapi/misc/d3dkmthk.h -@@ -1,4 +1,4 @@ --/* SPDX-License-Identifier: GPL-2.0 */ -+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ - - /* - * Copyright (c) 2019, Microsoft Corporation. --- -2.17.1 - diff --git a/SPECS/kernel-hyperv/cbl-mariner-ca-20210127.pem b/SPECS/kernel-hyperv/cbl-mariner-ca-20210127.pem deleted file mode 100644 index 7b90650cf18..00000000000 --- a/SPECS/kernel-hyperv/cbl-mariner-ca-20210127.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFBjCCA+6gAwIBAgITMwAABFzCHaG8uk/QhQABAAAEXDANBgkqhkiG9w0BAQsF -ADB5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH -UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSMwIQYDVQQD -ExpNaWNyb3NvZnQgVGVzdGluZyBQQ0EgMjAxMDAeFw0yMTAxMjgyMTQ0MjVaFw0y -MjAxMjcyMTQ0MjVaMIGGMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv -bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 -aW9uMTAwLgYDVQQDEydNYXJpbmVyIFNlY3VyZSBCb290KFByb2R1Y3Rpb24gU2ln -bmluZykwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlDKbGLQsXa/s9 -8dukx0OKHoZRCp5otKK/Av2PrbLA4obLl8rHW5uaSi8OFOEaQ75t/PR0me55CIb/ -W7XN/CTRzUtOd5F+ZjJA04asn+ztxvdF8VVtBexNswvh3wi88Tf6YkKDRzMdYboh -2X8lB2aZxUCa98AL4lfWDB2OxakrLJY3LMpnBcDQ8QuGYhEt3YRFkT5mrWeSqphj -6Q1zRtXcETX6P/Mv0JthF45QwVDJCVuRXpgKY+Ug7fXkANpuDO79UmovyLeBa7mv -Oqke6kiXjdCqWd6VuIQxg1VpKNL8wn132NjCQdSwimvmeO0F2r0gqQ7fpQECJoBk -OwEfEEYhAgMBAAGjggF3MIIBczATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4E -FgQUrrgYstPQgjOv9ptpbKdZJ8nqz1kwRQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsT -FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEWMBQGA1UEBRMNNDYwODk3KzQ2NDEyOTAf -BgNVHSMEGDAWgBS/ZaKrb3WjTkWWVwXPOYf0wBUcHDBcBgNVHR8EVTBTMFGgT6BN -hktodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQl -MjBUZXN0aW5nJTIwUENBJTIwMjAxMCgxKS5jcmwwaQYIKwYBBQUHAQEEXTBbMFkG -CCsGAQUFBzAChk1odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRz -L01pY3Jvc29mdCUyMFRlc3RpbmclMjBQQ0ElMjAyMDEwKDEpLmNydDAMBgNVHRMB -Af8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBLbLjVDt5GE8uu2ebkmIZBdyEwGQg/ -2y95ja8yfXvFX2p0SFdz1MTxox2ZiIOONF6MbhTadLRTCGifwvHgTwArsjPnl0jk -4YyMCZsJtQOaRtIn8YVRvoGQ8b7oUXx49JtMx1e+Fu0FR3cpBz0VEKrkPiLAzd0x -sRIRfkRDpgZDonOxugsIdceDu/sveqIMv5SlDtq8y7nh+4V2JQpJFs4dU+xTvAHI -9ntSEGLSnvNoj/Z2oTQEoxY4AcfyT81IGVzokDDyArlkp9dgAePoSEH0scJ4bYiF -fP48iMy8Qx136RQNzQQahsFOQDj9RD2weZXWIOCVWkBvaVIkCnk8XIzf ------END CERTIFICATE----- diff --git a/SPECS/kernel-hyperv/cbl-mariner-ca-20211013.pem b/SPECS/kernel-hyperv/cbl-mariner-ca-20211013.pem new file mode 100644 index 00000000000..76865b9a68e --- /dev/null +++ b/SPECS/kernel-hyperv/cbl-mariner-ca-20211013.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFBjCCA+6gAwIBAgITMwAABO5/lN6NQyelHwABAAAE7jANBgkqhkiG9w0BAQsF +ADB5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH +UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSMwIQYDVQQD +ExpNaWNyb3NvZnQgVGVzdGluZyBQQ0EgMjAxMDAeFw0yMTEwMTQxNzI4MDVaFw0y +MjEwMTMxNzI4MDVaMIGGMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv +bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 +aW9uMTAwLgYDVQQDEydNYXJpbmVyIFNlY3VyZSBCb290KFByb2R1Y3Rpb24gU2ln +bmluZykwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF45hTHPQAA7yc +6g3iVuqcQKF51ylCynjUySYqqQha2sQzE7tbJ2egVkW4cfY1UbJsm65i2/VGI1OL +Zia4sRwXRN7toRK5aElYfpsghMgGEaCSPs6915BVqO4WX0jxXswqRZ2CPH+evNCC +hQnOqtjvFCqp7aeQ44b/DpZmaMicL/DwbI4925HWGSYa+/Mp1Fs3yGhP5X75+c9v +w4gJ5KoxcOFRmQEt0c7lOclOi5Np5jys7lrrdmPPbjoALERBatiXj8w72LUZu4+I +970/6jqNEkHeGxqVSPRRNIEZubjvRIfg8uULr8k/Kj8TbznCWoGuaT/9yoVbHhqU +KQMJxxFrAgMBAAGjggF3MIIBczATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4E +FgQUtC1rnigJt7kJfP+emwGUuG6Av5UwRQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsT +FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEWMBQGA1UEBRMNNDYwODk3KzQ2ODU5NzAf +BgNVHSMEGDAWgBS/ZaKrb3WjTkWWVwXPOYf0wBUcHDBcBgNVHR8EVTBTMFGgT6BN +hktodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQl +MjBUZXN0aW5nJTIwUENBJTIwMjAxMCgxKS5jcmwwaQYIKwYBBQUHAQEEXTBbMFkG +CCsGAQUFBzAChk1odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRz +L01pY3Jvc29mdCUyMFRlc3RpbmclMjBQQ0ElMjAyMDEwKDEpLmNydDAMBgNVHRMB +Af8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCybuv6kmhT2y97FOLRljLCLvQlBL/E +dxKPDYNFhHCKIUd550yUoUW8XIxSYa+Dmx/1+NYS4Nxql7ecuR4g9+4i0DOmNjYO +NY8epPspIpjUd9OAiKNKJSs2303i2TQojXQcZVeTO89bK3pX+spoACGuEVEuWSdL +q+oPDYZwNTKyobj9wHYO6WXJfcdLPlYZghDjR/WNO5bzvzpi2nn/c4OYvMihLNq0 +5uNO0IB/zquyAaCKbi15v/PqYos1BsT+Yft4zf8ry17yFVBIqJMa2An6Gex7SNWj +jj1S7uBga3oZcTHvR8xv3fmbwfQMIrZRmZrq8xkySxQV7xea0sE7X/pJ +-----END CERTIFICATE----- diff --git a/SPECS/kernel-hyperv/config b/SPECS/kernel-hyperv/config index f1787268d00..232cc4bec11 100644 --- a/SPECS/kernel-hyperv/config +++ b/SPECS/kernel-hyperv/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.10.88.1 Kernel Configuration +# Linux/x86_64 5.10.89.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 9.1.0" CONFIG_CC_IS_GCC=y diff --git a/SPECS/kernel-hyperv/kernel-hyperv.signatures.json b/SPECS/kernel-hyperv/kernel-hyperv.signatures.json index 1aa7a140042..f4c4cb539db 100644 --- a/SPECS/kernel-hyperv/kernel-hyperv.signatures.json +++ b/SPECS/kernel-hyperv/kernel-hyperv.signatures.json @@ -1,8 +1,8 @@ { "Signatures": { - "cbl-mariner-ca-20210127.pem": "82363cb44e786353936abc2e2d62d9325cacf2d9e9a8ebaf4221ea30a9e0cd7b", - "config": "de189a40eb3217be3ecccd20bf26f2a1274f53e24ccdbbeb0765b882e0bf656f", - "kernel-5.10.88.1.tar.gz": "ff8be30666cd7899c36a50ef0d92e24ebfa58878b55ebc30483eb14ebb56546f", + "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0", + "config": "4963022eb4ebdf0561ed64f60291949fa16e212dc2dcdb2e481978241c5548ae", + "kernel-5.10.89.1.tar.gz": "e7d4ea0eff5635c8be7c8aa7792da2dc5daee6dff374fafa2ae3cf59159c7c4d", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f" } } \ No newline at end of file diff --git a/SPECS/kernel-hyperv/kernel-hyperv.spec b/SPECS/kernel-hyperv/kernel-hyperv.spec index da749526ce6..3c5a8d51a99 100644 --- a/SPECS/kernel-hyperv/kernel-hyperv.spec +++ b/SPECS/kernel-hyperv/kernel-hyperv.spec @@ -3,7 +3,7 @@ %define uname_r %{version}-%{release} Summary: Linux Kernel optimized for Hyper-V Name: kernel-hyperv -Version: 5.10.88.1 +Version: 5.10.89.1 Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation @@ -14,10 +14,9 @@ URL: https://github.com/microsoft/CBL-Mariner-Linux-Kernel Source0: kernel-%{version}.tar.gz Source1: config Source2: sha512hmac-openssl.sh -Source3: cbl-mariner-ca-20210127.pem +Source3: cbl-mariner-ca-20211013.pem Patch0: 0001-clocksource-drivers-hyper-v-Re-enable-VDSO_CLOCKMODE.patch -Patch1: 0002-add-linux-syscall-license-info.patch -Patch2: CVE-2021-43976.patch +Patch1: CVE-2021-43976.patch BuildRequires: audit-devel BuildRequires: bash BuildRequires: bc @@ -95,7 +94,6 @@ This package contains the 'perf' performance analysis tools for Linux kernel. %setup -q -n CBL-Mariner-Linux-Kernel-rolling-lts-mariner-%{version} %patch0 -p1 %patch1 -p1 -%patch2 -p1 %build make mrproper @@ -273,6 +271,16 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_libdir}/perf/include/bpf/* %changelog +* Thu Jan 20 2022 Chris Co - 5.10.89.1-2 +- Rotate Mariner cert + +* Sun Jan 16 2022 Rachel Menge - 5.10.89.1-1 +- Update source to 5.10.89.1 +- Remove patch add-linux-syscall-license-info.patch + +* Fri Jan 14 2022 Henry Li - 5.10.88.1-3 +- Bump release number to match kernel release + * Wed Jan 12 2022 Cameron Baird - 5.10.88.1-2 - Bump release number to match kernel release diff --git a/SPECS/kernel/0002-add-linux-syscall-license-info.patch b/SPECS/kernel/0002-add-linux-syscall-license-info.patch deleted file mode 100644 index 49982cb6b31..00000000000 --- a/SPECS/kernel/0002-add-linux-syscall-license-info.patch +++ /dev/null @@ -1,22 +0,0 @@ -From aef4c9944d4dd8f5686823aa74fb54505a6983b4 Mon Sep 17 00:00:00 2001 -From: Rachel -Date: Tue, 9 Nov 2021 12:21:01 -0500 -Subject: [PATCH] Add license info - ---- - include/uapi/misc/d3dkmthk.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/include/uapi/misc/d3dkmthk.h b/include/uapi/misc/d3dkmthk.h -index e752fd5c87d0..bf4fc7228bac 100644 ---- a/include/uapi/misc/d3dkmthk.h -+++ b/include/uapi/misc/d3dkmthk.h -@@ -1,4 +1,4 @@ --/* SPDX-License-Identifier: GPL-2.0 */ -+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ - - /* - * Copyright (c) 2019, Microsoft Corporation. --- -2.17.1 - diff --git a/SPECS/kernel/0003-export-mmput_async.patch b/SPECS/kernel/0003-export-mmput_async.patch new file mode 100644 index 00000000000..9d07e874bf8 --- /dev/null +++ b/SPECS/kernel/0003-export-mmput_async.patch @@ -0,0 +1,12 @@ +diff --git a/kernel/fork.c b/kernel/fork.c +index 3f96400..66541bd 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -1127,6 +1127,7 @@ void mmput_async(struct mm_struct *mm) + schedule_work(&mm->async_put_work); + } + } ++EXPORT_SYMBOL_GPL(mmput_async); + #endif + + /** diff --git a/SPECS/kernel/CVE-2021-28714.nopatch b/SPECS/kernel/CVE-2021-28714.nopatch new file mode 100644 index 00000000000..174a844e9bb --- /dev/null +++ b/SPECS/kernel/CVE-2021-28714.nopatch @@ -0,0 +1,3 @@ +CVE-2021-28714 - already patched in 5.10.89.1 stable kernel +Upstream: 6032046ec4b70176d247a71836186d47b25d1684 +Stable: 525875c410df5d876b9615c44885ca7640aed6f2 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2021-28715.nopatch b/SPECS/kernel/CVE-2021-28715.nopatch new file mode 100644 index 00000000000..00b9930c56d --- /dev/null +++ b/SPECS/kernel/CVE-2021-28715.nopatch @@ -0,0 +1,3 @@ +CVE-2021-28715 - already patched in 5.10.89.1 stable kernel +Upstream: be81992f9086b230623ae3ebbc85ecee4d00a3d3 +Stable: 88f20cccbeec9a5e83621df5cc2453b5081454dc \ No newline at end of file diff --git a/SPECS/kernel/CVE-2021-44733.nopatch b/SPECS/kernel/CVE-2021-44733.nopatch new file mode 100644 index 00000000000..7c54192603f --- /dev/null +++ b/SPECS/kernel/CVE-2021-44733.nopatch @@ -0,0 +1,3 @@ +CVE-2021-44733 - already patched in 5.10.89.1 stable kernel +Upstream: dfd0743f1d9ea76931510ed150334d571fbab49d +Stable: c05d8f66ec3470e5212c4d08c46d6cb5738d600d \ No newline at end of file diff --git a/SPECS/kernel/CVE-2021-45469.nopatch b/SPECS/kernel/CVE-2021-45469.nopatch new file mode 100644 index 00000000000..aaf65adbc55 --- /dev/null +++ b/SPECS/kernel/CVE-2021-45469.nopatch @@ -0,0 +1,3 @@ +CVE-2021-45469 - already patched in 5.10.89.1 stable kernel +Upstream: 5598b24efaf4892741c798b425d543e4bed357a1 +Stable: fffb6581a23add416239dfcf7e7f3980c6b913da \ No newline at end of file diff --git a/SPECS/kernel/cbl-mariner-ca-20210127.pem b/SPECS/kernel/cbl-mariner-ca-20210127.pem deleted file mode 100644 index 7b90650cf18..00000000000 --- a/SPECS/kernel/cbl-mariner-ca-20210127.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFBjCCA+6gAwIBAgITMwAABFzCHaG8uk/QhQABAAAEXDANBgkqhkiG9w0BAQsF -ADB5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH -UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSMwIQYDVQQD -ExpNaWNyb3NvZnQgVGVzdGluZyBQQ0EgMjAxMDAeFw0yMTAxMjgyMTQ0MjVaFw0y -MjAxMjcyMTQ0MjVaMIGGMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv -bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 -aW9uMTAwLgYDVQQDEydNYXJpbmVyIFNlY3VyZSBCb290KFByb2R1Y3Rpb24gU2ln -bmluZykwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlDKbGLQsXa/s9 -8dukx0OKHoZRCp5otKK/Av2PrbLA4obLl8rHW5uaSi8OFOEaQ75t/PR0me55CIb/ -W7XN/CTRzUtOd5F+ZjJA04asn+ztxvdF8VVtBexNswvh3wi88Tf6YkKDRzMdYboh -2X8lB2aZxUCa98AL4lfWDB2OxakrLJY3LMpnBcDQ8QuGYhEt3YRFkT5mrWeSqphj -6Q1zRtXcETX6P/Mv0JthF45QwVDJCVuRXpgKY+Ug7fXkANpuDO79UmovyLeBa7mv -Oqke6kiXjdCqWd6VuIQxg1VpKNL8wn132NjCQdSwimvmeO0F2r0gqQ7fpQECJoBk -OwEfEEYhAgMBAAGjggF3MIIBczATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4E -FgQUrrgYstPQgjOv9ptpbKdZJ8nqz1kwRQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsT -FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEWMBQGA1UEBRMNNDYwODk3KzQ2NDEyOTAf -BgNVHSMEGDAWgBS/ZaKrb3WjTkWWVwXPOYf0wBUcHDBcBgNVHR8EVTBTMFGgT6BN -hktodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQl -MjBUZXN0aW5nJTIwUENBJTIwMjAxMCgxKS5jcmwwaQYIKwYBBQUHAQEEXTBbMFkG -CCsGAQUFBzAChk1odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRz -L01pY3Jvc29mdCUyMFRlc3RpbmclMjBQQ0ElMjAyMDEwKDEpLmNydDAMBgNVHRMB -Af8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBLbLjVDt5GE8uu2ebkmIZBdyEwGQg/ -2y95ja8yfXvFX2p0SFdz1MTxox2ZiIOONF6MbhTadLRTCGifwvHgTwArsjPnl0jk -4YyMCZsJtQOaRtIn8YVRvoGQ8b7oUXx49JtMx1e+Fu0FR3cpBz0VEKrkPiLAzd0x -sRIRfkRDpgZDonOxugsIdceDu/sveqIMv5SlDtq8y7nh+4V2JQpJFs4dU+xTvAHI -9ntSEGLSnvNoj/Z2oTQEoxY4AcfyT81IGVzokDDyArlkp9dgAePoSEH0scJ4bYiF -fP48iMy8Qx136RQNzQQahsFOQDj9RD2weZXWIOCVWkBvaVIkCnk8XIzf ------END CERTIFICATE----- diff --git a/SPECS/kernel/cbl-mariner-ca-20211013.pem b/SPECS/kernel/cbl-mariner-ca-20211013.pem new file mode 100644 index 00000000000..76865b9a68e --- /dev/null +++ b/SPECS/kernel/cbl-mariner-ca-20211013.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFBjCCA+6gAwIBAgITMwAABO5/lN6NQyelHwABAAAE7jANBgkqhkiG9w0BAQsF +ADB5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH +UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSMwIQYDVQQD +ExpNaWNyb3NvZnQgVGVzdGluZyBQQ0EgMjAxMDAeFw0yMTEwMTQxNzI4MDVaFw0y +MjEwMTMxNzI4MDVaMIGGMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv +bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 +aW9uMTAwLgYDVQQDEydNYXJpbmVyIFNlY3VyZSBCb290KFByb2R1Y3Rpb24gU2ln +bmluZykwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF45hTHPQAA7yc +6g3iVuqcQKF51ylCynjUySYqqQha2sQzE7tbJ2egVkW4cfY1UbJsm65i2/VGI1OL +Zia4sRwXRN7toRK5aElYfpsghMgGEaCSPs6915BVqO4WX0jxXswqRZ2CPH+evNCC +hQnOqtjvFCqp7aeQ44b/DpZmaMicL/DwbI4925HWGSYa+/Mp1Fs3yGhP5X75+c9v +w4gJ5KoxcOFRmQEt0c7lOclOi5Np5jys7lrrdmPPbjoALERBatiXj8w72LUZu4+I +970/6jqNEkHeGxqVSPRRNIEZubjvRIfg8uULr8k/Kj8TbznCWoGuaT/9yoVbHhqU +KQMJxxFrAgMBAAGjggF3MIIBczATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4E +FgQUtC1rnigJt7kJfP+emwGUuG6Av5UwRQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsT +FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEWMBQGA1UEBRMNNDYwODk3KzQ2ODU5NzAf +BgNVHSMEGDAWgBS/ZaKrb3WjTkWWVwXPOYf0wBUcHDBcBgNVHR8EVTBTMFGgT6BN +hktodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQl +MjBUZXN0aW5nJTIwUENBJTIwMjAxMCgxKS5jcmwwaQYIKwYBBQUHAQEEXTBbMFkG +CCsGAQUFBzAChk1odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRz +L01pY3Jvc29mdCUyMFRlc3RpbmclMjBQQ0ElMjAyMDEwKDEpLmNydDAMBgNVHRMB +Af8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCybuv6kmhT2y97FOLRljLCLvQlBL/E +dxKPDYNFhHCKIUd550yUoUW8XIxSYa+Dmx/1+NYS4Nxql7ecuR4g9+4i0DOmNjYO +NY8epPspIpjUd9OAiKNKJSs2303i2TQojXQcZVeTO89bK3pX+spoACGuEVEuWSdL +q+oPDYZwNTKyobj9wHYO6WXJfcdLPlYZghDjR/WNO5bzvzpi2nn/c4OYvMihLNq0 +5uNO0IB/zquyAaCKbi15v/PqYos1BsT+Yft4zf8ry17yFVBIqJMa2An6Gex7SNWj +jj1S7uBga3oZcTHvR8xv3fmbwfQMIrZRmZrq8xkySxQV7xea0sE7X/pJ +-----END CERTIFICATE----- diff --git a/SPECS/kernel/config b/SPECS/kernel/config index 33bb41df4c4..c5bb885f258 100644 --- a/SPECS/kernel/config +++ b/SPECS/kernel/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.10.88.1 Kernel Configuration +# Linux/x86_64 5.10.89.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 9.1.0" CONFIG_CC_IS_GCC=y diff --git a/SPECS/kernel/config_aarch64 b/SPECS/kernel/config_aarch64 index fbba1f411a2..ac2fc584e07 100644 --- a/SPECS/kernel/config_aarch64 +++ b/SPECS/kernel/config_aarch64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 5.10.88.1 Kernel Configuration +# Linux/arm64 5.10.89.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 9.1.0" CONFIG_CC_IS_GCC=y @@ -2053,6 +2053,7 @@ CONFIG_PCI_IOV=y CONFIG_PCI_PRI=y CONFIG_PCI_PASID=y CONFIG_PCI_LABEL=y +# CONFIG_PCI_HYPERV is not set # CONFIG_PCIE_BUS_TUNE_OFF is not set CONFIG_PCIE_BUS_DEFAULT=y # CONFIG_PCIE_BUS_SAFE is not set @@ -2092,6 +2093,7 @@ CONFIG_PCIE_ROCKCHIP_HOST=m CONFIG_PCIE_ROCKCHIP_EP=y CONFIG_PCIE_MEDIATEK=y CONFIG_PCIE_BRCMSTB=y +# CONFIG_PCI_HYPERV_INTERFACE is not set # CONFIG_PCIE_HISI_ERR is not set # diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json index 5c9aba30955..8fc1e440afd 100644 --- a/SPECS/kernel/kernel.signatures.json +++ b/SPECS/kernel/kernel.signatures.json @@ -1,9 +1,9 @@ { "Signatures": { - "cbl-mariner-ca-20210127.pem": "82363cb44e786353936abc2e2d62d9325cacf2d9e9a8ebaf4221ea30a9e0cd7b", - "config": "1aa82e48cd27238b7193169136ec1a66f5a650d9b09849f3d917eb3e8680d20b", - "config_aarch64": "21f33a6eb1a9655ca45e2003308068611b762df7a4d7f683393f7ae6ce3b32d8", - "kernel-5.10.88.1.tar.gz": "ff8be30666cd7899c36a50ef0d92e24ebfa58878b55ebc30483eb14ebb56546f", + "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0", + "config": "ef77017acbe6281ca8c581b48c425cca67578fd1ca3666ccb860b4253b55c507", + "config_aarch64": "31bd6c50a9707fd0327a61eed8ac465a06a2aaba6e4a34cadbe704739058b69e", + "kernel-5.10.89.1.tar.gz": "e7d4ea0eff5635c8be7c8aa7792da2dc5daee6dff374fafa2ae3cf59159c7c4d", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f" } } \ No newline at end of file diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec index e5730096027..99c344e5e39 100644 --- a/SPECS/kernel/kernel.spec +++ b/SPECS/kernel/kernel.spec @@ -3,7 +3,7 @@ %define uname_r %{version}-%{release} Summary: Linux Kernel Name: kernel -Version: 5.10.88.1 +Version: 5.10.89.1 Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation @@ -15,10 +15,10 @@ Source0: kernel-%{version}.tar.gz Source1: config Source2: config_aarch64 Source3: sha512hmac-openssl.sh -Source4: cbl-mariner-ca-20210127.pem +Source4: cbl-mariner-ca-20211013.pem Patch0: 0001-clocksource-drivers-hyper-v-Re-enable-VDSO_CLOCKMODE.patch -Patch1: 0002-add-linux-syscall-license-info.patch -Patch2: CVE-2021-43976.patch +Patch1: CVE-2021-43976.patch +Patch2: 0003-export-mmput_async.patch # Kernel CVEs are addressed by moving to a newer version of the stable kernel. # Since kernel CVEs are filed against the upstream kernel version and not the # stable kernel version, our automated tooling will still flag the CVE as not @@ -226,6 +226,10 @@ Patch1186: CVE-2021-43975.nopatch Patch1187: CVE-2021-45480.nopatch Patch1188: CVE-2021-45486.nopatch Patch1189: CVE-2021-45485.nopatch +Patch1190: CVE-2021-44733.nopatch +Patch1191: CVE-2021-45469.nopatch +Patch1192: CVE-2021-28714.nopatch +Patch1193: CVE-2021-28715.nopatch BuildRequires: audit-devel BuildRequires: bash BuildRequires: bc @@ -578,6 +582,17 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Thu Jan 20 2022 Chris Co - 5.10.89.1-2 +- Rotate Mariner cert + +* Sun Jan 16 2022 Rachel Menge - 5.10.89.1-1 +- Update source to 5.10.89.1 +- Address CVE-2021-44733, CVE-2021-45469, CVE-2021-28714, CVE-2021-28715 +- Remove patch add-linux-syscall-license-info.patch + +* Fri Jan 14 2022 Henry Li - 5.10.88.1-3 +- Add patch to export mmput_async + * Wed Jan 12 2022 Cameron Baird - 5.10.88.1-2 - Addressed CVE-2021-45485 diff --git a/SPECS/lua/CVE-2021-43519.nopatch b/SPECS/lua/CVE-2021-43519.nopatch new file mode 100644 index 00000000000..4eb5b8e75a7 --- /dev/null +++ b/SPECS/lua/CVE-2021-43519.nopatch @@ -0,0 +1,4 @@ +# Patch provided not applicable for 5.3.5 version. +# No crash is observed with sample provided in exploit with lua 5.3.5 version. +# Add patch from below commit when lua version updated to 5.4.3 +# commit - 74d99057a5146755e737c479850f87fd0e3b6868 \ No newline at end of file diff --git a/SPECS/moby-buildx/moby-buildx.spec b/SPECS/moby-buildx/moby-buildx.spec index 97f6f101014..7fc569f89ab 100644 --- a/SPECS/moby-buildx/moby-buildx.spec +++ b/SPECS/moby-buildx/moby-buildx.spec @@ -1,7 +1,7 @@ Summary: A Docker CLI plugin for extended build capabilities with BuildKit Name: moby-buildx Version: 0.4.1+azure -Release: 5%{?dist} +Release: 6%{?dist} License: ASL 2.0 Group: Tools/Container @@ -79,6 +79,9 @@ cp %{SOURCE2} %{buildroot}/usr/share/doc/%{name}-%{version}/NOTICE %{_libexecdir}/docker/cli-plugins/docker-buildx %changelog +* Wed Jan 19 2022 Henry Li - 0.4.1+azure-6 +- Increment release for force republishing using golang 1.16.12 + * Tue Nov 02 2021 Thomas Crain - 0.4.1+azure-5 - Increment release for force republishing using golang 1.16.9 diff --git a/SPECS/moby-cli/moby-cli.spec b/SPECS/moby-cli/moby-cli.spec index 125f2ae0559..e922dc89ead 100644 --- a/SPECS/moby-cli/moby-cli.spec +++ b/SPECS/moby-cli/moby-cli.spec @@ -1,7 +1,7 @@ Summary: The open-source application container engine client. Name: moby-cli Version: 19.03.15+azure -Release: 4%{?dist} +Release: 5%{?dist} License: ASL 2.0 Group: Tools/Container @@ -94,6 +94,9 @@ cp %{SOURCE2} %{buildroot}/usr/share/doc/%{name}-%{version}/LICENSE /usr/share/fish/vendor_completions.d/docker.fish %changelog +* Wed Jan 19 2022 Henry Li - 19.03.15+azure-5 +- Increment release for force republishing using golang 1.16.12 + * Tue Nov 02 2021 Thomas Crain - 19.03.15+azure-4 - Increment release for force republishing using golang 1.16.9 diff --git a/SPECS/moby-containerd/moby-containerd.spec b/SPECS/moby-containerd/moby-containerd.spec index a1c1507f3c6..cc08d5dfdad 100644 --- a/SPECS/moby-containerd/moby-containerd.spec +++ b/SPECS/moby-containerd/moby-containerd.spec @@ -3,7 +3,7 @@ Summary: Industry-standard container runtime Name: moby-containerd Version: 1.4.4+azure -Release: 5%{?dist} +Release: 6%{?dist} License: ASL 2.0 Group: Tools/Container @@ -134,6 +134,9 @@ fi %{_mandir}/*/* %changelog +* Wed Jan 19 2022 Henry Li - 1.4.4+azure-6 +- Increment release for force republishing using golang 1.16.12 + * Tue Nov 02 2021 Thomas Crain - 1.4.4+azure-5 - Increment release for force republishing using golang 1.16.9 diff --git a/SPECS/moby-engine/moby-engine.spec b/SPECS/moby-engine/moby-engine.spec index 29cebf0612b..3933b41955c 100644 --- a/SPECS/moby-engine/moby-engine.spec +++ b/SPECS/moby-engine/moby-engine.spec @@ -1,7 +1,7 @@ Summary: The open-source application container engine Name: moby-engine Version: 19.03.15+azure -Release: 5%{?dist} +Release: 6%{?dist} License: ASL 2.0 Group: Tools/Container @@ -151,6 +151,9 @@ fi /usr/share/doc/%{name}-%{version}/* %changelog +* Wed Jan 19 2022 Henry Li - 19.03.15+azure-6 +- Increment release for force republishing using golang 1.16.12 + * Tue Nov 02 2021 Thomas Crain - 19.03.15+azure-5 - Increment release for force republishing using golang 1.16.9 diff --git a/SPECS/moby-runc/generate-sources.sh b/SPECS/moby-runc/generate-sources.sh index 9baeb9556b2..9a51dee0895 100755 --- a/SPECS/moby-runc/generate-sources.sh +++ b/SPECS/moby-runc/generate-sources.sh @@ -5,8 +5,8 @@ # Git clone is a standard practice of producing source files for moby-* packages. RUNC_REPO=https://github.com/opencontainers/runc.git -RUNC_COMMIT=b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7 -VERSION=v1.0.0-rc95 +RUNC_COMMIT=067aaf8548d78269dcb2c13b856775e27c410f9c +VERSION=v1.1.0 mkdir -p /build/runc-src cd /build/runc-src diff --git a/SPECS/moby-runc/moby-runc.signatures.json b/SPECS/moby-runc/moby-runc.signatures.json index 62806738d94..c71a9fdbef1 100644 --- a/SPECS/moby-runc/moby-runc.signatures.json +++ b/SPECS/moby-runc/moby-runc.signatures.json @@ -5,7 +5,7 @@ "golang-crypto-c07d793c2f9aacf728fe68cbd7acd73adbd04159.tar.gz": "b7e8935189ea46c67eedafe6a97aefbdc2bf71dd9097fb7ee8a2a8ebc7556e7e", "golang-sys-b0526f3d87448f0401ea3f7f3a81aa9e6ab4804d.tar.gz": "23703a84893a1cb53d3efbb46143451431b95b78d29ef1e02132cd580bb3a445", "logrus-v1.8.1.tar.gz": "e9492c08ac8f202b438ccfb992bf81b7860739cf8f2266958e0c574c7abfdd74", - "runc-v1.0.0-rc95.tar.gz": "aa99fc1f018e0882491b771a0bb7f6ffeda3668e9936a079a5b305441e8e85d3", + "runc-v1.1.0.tar.gz": "c04e752ce97d6f103ec30c42dd61b8592579861d3f76ca965a765ba42e1d854a", "runtime-spec-v1.0.2.tar.gz": "0933a1ba6e418fe020993e80426107da8de3572f3f20b4cd1ef296de6e62bb61", "urfave-cli-v2.3.0.tar.gz": "b17376246f1477157daab86d4a1562d6b004f5be0d15dfc61ebd8bb129384e6b" } diff --git a/SPECS/moby-runc/moby-runc.spec b/SPECS/moby-runc/moby-runc.spec index 9bbf6afeaa4..484f147d9f5 100644 --- a/SPECS/moby-runc/moby-runc.spec +++ b/SPECS/moby-runc/moby-runc.spec @@ -1,13 +1,15 @@ Summary: CLI tool for spawning and running containers per OCI spec. Name: moby-runc -Version: 1.0.0~rc95+azure -Release: 4%{?dist} +Version: 1.1.0+azure +Release: 2%{?dist} License: ASL 2.0 +Vendor: Microsoft Corporation +Distribution: Mariner +Group: Virtualization/Libraries URL: https://runc.io/ - # See generate-sources.sh for creating runc source tarball -#Source0: https://github.com/opencontainers/runc/releases/download/v1.0.0-rc95/runc.tar.xz -Source0: runc-v1.0.0-rc95.tar.gz +#Source0: https://github.com/opencontainers/runc/archive/refs/tags/v1.1.0.tar.gz +Source0: runc-v1.1.0.tar.gz #Source1: https://github.com/sirupsen/logrus/archive/v1.8.1.tar.gz Source1: logrus-v1.8.1.tar.gz #Source2: https://github.com/opencontainers/runtime-spec/archive/v1.0.2.tar.gz @@ -20,38 +22,30 @@ Source4: https://github.com/golang/sys/archive/golang-sys-b0526f3d87448f0 Source5: https://github.com/golang/crypto/archive/golang-crypto-c07d793c2f9aacf728fe68cbd7acd73adbd04159.tar.gz Source6: NOTICE Source7: LICENSE - -Group: Virtualization/Libraries -Vendor: Microsoft Corporation -Distribution: Mariner - BuildRequires: curl BuildRequires: gawk +BuildRequires: git +BuildRequires: go-md2man BuildRequires: golang BuildRequires: iptables-devel -BuildRequires: pkg-config BuildRequires: libaio-devel BuildRequires: libcap-ng-devel BuildRequires: libseccomp BuildRequires: libseccomp-devel -BuildRequires: protobuf-devel +BuildRequires: pkg-config BuildRequires: protobuf-c-devel +BuildRequires: protobuf-devel BuildRequires: python2-devel BuildRequires: unzip -BuildRequires: go-md2man -Buildrequires: which -Buildrequires: git - +BuildRequires: which Requires: glibc Requires: libgcc Requires: libseccomp - # conflicting packages -Conflicts: runc -Conflicts: runc-io - -Obsoletes: runc -Obsoletes: runc-io +Conflicts: runc +Conflicts: runc-io +Obsoletes: runc +Obsoletes: runc-io %description runC is a CLI tool for spawning and running containers according to the OCI specification. Containers are started as a child process of runC and can be embedded into various other systems without having to run a daemon. @@ -59,7 +53,7 @@ runC is a CLI tool for spawning and running containers according to the OCI spec %define OUR_GOPATH %{_topdir}/.gopath %prep -%setup -q -n %{name}-%{version} -c +%setup -q -c mkdir -p %{OUR_GOPATH}/src/github.com/opencontainers ln -svfT %{_topdir}/BUILD/%{name}-%{version}/runc %{OUR_GOPATH}/src/github.com/opencontainers/runc @@ -103,39 +97,59 @@ for i in man/man8/*; do install -T -p -m 644 "${i}" "%{buildroot}%{_mandir}/man8/$(basename $i)" done -mkdir -p %{buildroot}/usr/share/doc/%{name}-%{version} -cp %{SOURCE6} %{buildroot}/usr/share/doc/%{name}-%{version}/NOTICE -cp %{SOURCE7} %{buildroot}/usr/share/doc/%{name}-%{version}/LICENSE +mkdir -p %{buildroot}%{_docdir}/%{name}-%{version} +cp %{SOURCE6} %{buildroot}%{_docdir}/%{name}-%{version}/NOTICE +cp %{SOURCE7} %{buildroot}%{_docdir}/%{name}-%{version}/LICENSE %files -%license /usr/share/doc/%{name}-%{version}/LICENSE +%license %{_docdir}/%{name}-%{version}/LICENSE %{_bindir}/runc -/usr/share/doc/%{name}-%{version}/* +%{_docdir}/%{name}-%{version}/* %{_mandir}/*/* %changelog +* Wed Jan 19 2022 Henry Beberman - 1.1.0+azure-2 +- Fix BuildRequires pkgconfig to pkg-config + +* Wed Jan 19 2022 Henry Li - 1.1.0+azure-1 +- Upgrade to version 1.1.0+azure to resolve CVE-2021-43784 +- Update Source0 URL + +* Wed Jan 19 2022 Henry Li - 1.0.0~rc95+azure-5 +- Increment release for force republishing using golang 1.16.12 + * Tue Nov 02 2021 Thomas Crain - 1.0.0~rc95+azure-4 - Increment release for force republishing using golang 1.16.9 * Fri Aug 06 2021 Nicolas Guibourge 1.0.0~rc95+azure-3 - Increment release to force republishing using golang 1.16.7. + * Tue Jun 08 2021 Henry Beberman 1.0.0~rc95+azure-2 - Increment release to force republishing using golang 1.15.13. + * Wed May 19 2021 Andrew Phelps 1.0.0~rc95+azure-1 - Update to version 1.0.0~rc95+azure to fix CVE-2021-30465 + * Thu May 13 2021 Andrew Phelps 1.0.0~rc94+azure-1 - Update to version 1.0.0~rc94+azure + * Mon Apr 26 2021 Nicolas Guibourge 1.0.0~rc10+azure-6 - Increment release to force republishing using golang 1.15.11. + * Thu Dec 10 2020 Andrew Phelps 1.0.0~rc10+azure-5 - Increment release to force republishing using golang 1.15. + * Wed May 20 2020 Joe Schmitt 1.0.0~rc10+azure-4 - Remove reliance on existing GOPATH environment variable. + * Sat May 09 2020 Nick Samson 1.0.0~rc10+azure-3 - Added %%license line automatically + * Fri May 01 2020 Emre Girgin 1.0.0~rc10+azure-2 - Renaming go to golang + * Fri Apr 03 2020 Mohan Datla 1.0.0~rc10+azure-1 - Initial CBL-Mariner import from Azure. + * Thu Jan 23 2020 Brian Goff - Initial version diff --git a/SPECS/mysql/mysql.spec b/SPECS/mysql/mysql.spec index e79b92fd66d..b07965044e1 100644 --- a/SPECS/mysql/mysql.spec +++ b/SPECS/mysql/mysql.spec @@ -1,7 +1,7 @@ Summary: MySQL. Name: mysql Version: 8.0.27 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 with exceptions AND LGPLv2 AND BSD Vendor: Microsoft Corporation Distribution: Mariner @@ -37,6 +37,9 @@ Development headers for developing applications linking to maridb %autosetup -p1 %build +# Disabling flaky 'invalid_metadata' test. +sed -i "s/\(invalid_metadata\)/DISABLED_\1/" router/tests/component/test_routing_splicer.cc + cmake . \ -DCMAKE_INSTALL_PREFIX=%{_prefix} \ -DWITH_BOOST=boost/boost_1_73_0 \ @@ -86,6 +89,9 @@ sudo -u test %make_build CTEST_OUTPUT_ON_FAILURE=1 test %{_libdir}/pkgconfig/mysqlclient.pc %changelog +* Tue Jan 18 2022 Pawel Winogrodzki - 8.0.27-2 +- Disabled flaky 'invalid_metadata' test. + * Sat Oct 30 2021 Jon Slobodzian - 8.0.27-1 - Upgrade to 8.0.27 to fix 36 CVEs diff --git a/SPECS/node-problem-detector/node-problem-detector.spec b/SPECS/node-problem-detector/node-problem-detector.spec index 6ffd75bbbed..052195be773 100644 --- a/SPECS/node-problem-detector/node-problem-detector.spec +++ b/SPECS/node-problem-detector/node-problem-detector.spec @@ -1,7 +1,7 @@ Summary: Kubernetes daemon to detect and report node issues Name: node-problem-detector Version: 0.8.8 -Release: 3%{?dist} +Release: 4%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -61,6 +61,9 @@ make test %config(noreplace) %{_sysconfdir}/node-problem-detector.d/* %changelog +* Wed Jan 19 2022 Henry Li - 0.8.8-4 +- Increment release for force republishing using golang 1.16.12 + * Tue Nov 02 2021 Thomas Crain - 0.8.8-3 - Increment release for force republishing using golang 1.16.9 diff --git a/SPECS/nvidia-container-runtime/nvidia-container-runtime.spec b/SPECS/nvidia-container-runtime/nvidia-container-runtime.spec index 28d01d42738..06a6f42ba0d 100644 --- a/SPECS/nvidia-container-runtime/nvidia-container-runtime.spec +++ b/SPECS/nvidia-container-runtime/nvidia-container-runtime.spec @@ -2,7 +2,7 @@ Summary: NVIDIA container runtime Name: nvidia-container-runtime Version: 3.5.0 -Release: 2%{?dist} +Release: 3%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -32,6 +32,9 @@ install -m 755 %{name} %{buildroot}%{_bindir}/%{name} %{_bindir}/%{name} %changelog +* Wed Jan 19 2022 Henry Li - 3.5.0-3 +- Increment release for force republishing using golang 1.16.12 + * Tue Nov 02 2021 Thomas Crain - 3.5.0-2 - Increment release for force republishing using golang 1.16.9 diff --git a/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec b/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec index c2be737d02a..221e14b65f8 100644 --- a/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec +++ b/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec @@ -2,7 +2,7 @@ Summary: NVIDIA container runtime hook Name: nvidia-container-toolkit Version: 1.5.1 -Release: 2%{?dist} +Release: 3%{?dist} License: ALS2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -70,6 +70,9 @@ rm -f %{_bindir}/nvidia-container-runtime-hook %{_datadir}/containers/oci/hooks.d/oci-nvidia-hook.json %changelog +* Wed Jan 19 2022 Henry Li - 1.5.1-3 +- Increment release for force republishing using golang 1.16.12 + * Tue Nov 02 2021 Thomas Crain - 1.5.1-2 - Increment release for force republishing using golang 1.16.9 diff --git a/SPECS/telegraf/telegraf.spec b/SPECS/telegraf/telegraf.spec index 392342b0d20..1b2ae88fd07 100644 --- a/SPECS/telegraf/telegraf.spec +++ b/SPECS/telegraf/telegraf.spec @@ -1,7 +1,7 @@ Summary: agent for collecting, processing, aggregating, and writing metrics. Name: telegraf Version: 1.14.5 -Release: 9%{?dist} +Release: 10%{?dist} License: MIT Group: Development/Tools Vendor: Microsoft Corporation @@ -80,6 +80,9 @@ fi %dir %{_sysconfdir}/%{name}/telegraf.d %changelog +* Wed Jan 19 2022 Henry Li - 1.14.5-10 +- Increment release for force republishing using golang 1.16.12 + * Tue Nov 02 2021 Thomas Crain - 1.14.5-9 - Increment release for force republishing using golang 1.16.9 diff --git a/cgmanifest.json b/cgmanifest.json index 8cf9030a96e..159d821dabd 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -295,7 +295,7 @@ "type": "other", "other": { "name": "bash", - "version": "4.4.18", + "version": "4.4.23", "downloadUrl": "http://ftp.gnu.org/gnu/bash/bash-4.4.18.tar.gz" } } @@ -1375,8 +1375,8 @@ "type": "other", "other": { "name": "erlang", - "version": "22.0.7", - "downloadUrl": "https://github.com/erlang/otp/archive/OTP-22.0.7/otp-OTP-22.0.7.tar.gz" + "version": "24.2", + "downloadUrl": "https://github.com/erlang/otp/archive/OTP-24.2/otp-OTP-24.2.tar.gz" } } }, @@ -1435,8 +1435,8 @@ "type": "other", "other": { "name": "expat", - "version": "2.4.1", - "downloadUrl": "https://github.com/libexpat/libexpat/releases/download/R_2_4_1/expat-2.4.1.tar.bz2" + "version": "2.4.3", + "downloadUrl": "https://github.com/libexpat/libexpat/releases/download/R_2_4_3/expat-2.4.3.tar.bz2" } } }, @@ -1865,8 +1865,8 @@ "type": "other", "other": { "name": "golang", - "version": "1.16.10", - "downloadUrl": "https://golang.org/dl/go1.16.10.src.tar.gz" + "version": "1.16.12", + "downloadUrl": "https://golang.org/dl/go1.16.12.src.tar.gz" } } }, @@ -2125,8 +2125,8 @@ "type": "other", "other": { "name": "hyperv-daemons", - "version": "5.10.88.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.88.1.tar.gz" + "version": "5.10.89.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.89.1.tar.gz" } } }, @@ -2455,8 +2455,8 @@ "type": "other", "other": { "name": "kernel", - "version": "5.10.88.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.88.1.tar.gz" + "version": "5.10.89.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.89.1.tar.gz" } } }, @@ -2465,8 +2465,8 @@ "type": "other", "other": { "name": "kernel-headers", - "version": "5.10.88.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.88.1.tar.gz" + "version": "5.10.89.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.89.1.tar.gz" } } }, @@ -2475,8 +2475,8 @@ "type": "other", "other": { "name": "kernel-hyperv", - "version": "5.10.88.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.88.1.tar.gz" + "version": "5.10.89.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.89.1.tar.gz" } } }, @@ -4315,8 +4315,8 @@ "type": "other", "other": { "name": "moby-runc", - "version": "1.0.0-rc95+azure", - "downloadUrl": "https://github.com/opencontainers/runc/releases/download/v1.0.0-rc95/runc.tar.xz" + "version": "1.1.0+azure", + "downloadUrl": "https://github.com/opencontainers/runc/archive/refs/tags/v1.1.0.tar.gz" } } }, diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index e57c360aa4f..8969f448ac9 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,5 +1,5 @@ filesystem-1.1-7.cm1.aarch64.rpm -kernel-headers-5.10.88.1-2.cm1.noarch.rpm +kernel-headers-5.10.89.1-2.cm1.noarch.rpm glibc-2.28-22.cm1.aarch64.rpm glibc-devel-2.28-22.cm1.aarch64.rpm glibc-i18n-2.28-22.cm1.aarch64.rpm @@ -37,9 +37,9 @@ readline-7.0-4.cm1.aarch64.rpm readline-devel-7.0-4.cm1.aarch64.rpm coreutils-8.30-10.cm1.aarch64.rpm coreutils-lang-8.30-10.cm1.aarch64.rpm -bash-4.4.18-6.cm1.aarch64.rpm -bash-devel-4.4.18-6.cm1.aarch64.rpm -bash-lang-4.4.18-6.cm1.aarch64.rpm +bash-4.4.23-1.cm1.aarch64.rpm +bash-devel-4.4.23-1.cm1.aarch64.rpm +bash-lang-4.4.23-1.cm1.aarch64.rpm bzip2-1.0.6-15.cm1.aarch64.rpm bzip2-devel-1.0.6-15.cm1.aarch64.rpm bzip2-libs-1.0.6-15.cm1.aarch64.rpm @@ -93,9 +93,9 @@ elfutils-libelf-0.176-4.cm1.aarch64.rpm elfutils-libelf-devel-0.176-4.cm1.aarch64.rpm elfutils-libelf-devel-static-0.176-4.cm1.aarch64.rpm elfutils-libelf-lang-0.176-4.cm1.aarch64.rpm -expat-2.4.1-2.cm1.aarch64.rpm -expat-devel-2.4.1-2.cm1.aarch64.rpm -expat-libs-2.4.1-2.cm1.aarch64.rpm +expat-2.4.3-1.cm1.aarch64.rpm +expat-devel-2.4.3-1.cm1.aarch64.rpm +expat-libs-2.4.3-1.cm1.aarch64.rpm libpipeline-1.5.0-4.cm1.aarch64.rpm libpipeline-devel-1.5.0-4.cm1.aarch64.rpm gdbm-1.18-3.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index dbe49568fd6..5bcaffc238e 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,5 +1,5 @@ filesystem-1.1-7.cm1.x86_64.rpm -kernel-headers-5.10.88.1-2.cm1.noarch.rpm +kernel-headers-5.10.89.1-2.cm1.noarch.rpm glibc-2.28-22.cm1.x86_64.rpm glibc-devel-2.28-22.cm1.x86_64.rpm glibc-i18n-2.28-22.cm1.x86_64.rpm @@ -37,9 +37,9 @@ readline-7.0-4.cm1.x86_64.rpm readline-devel-7.0-4.cm1.x86_64.rpm coreutils-8.30-10.cm1.x86_64.rpm coreutils-lang-8.30-10.cm1.x86_64.rpm -bash-4.4.18-6.cm1.x86_64.rpm -bash-devel-4.4.18-6.cm1.x86_64.rpm -bash-lang-4.4.18-6.cm1.x86_64.rpm +bash-4.4.23-1.cm1.x86_64.rpm +bash-devel-4.4.23-1.cm1.x86_64.rpm +bash-lang-4.4.23-1.cm1.x86_64.rpm bzip2-1.0.6-15.cm1.x86_64.rpm bzip2-devel-1.0.6-15.cm1.x86_64.rpm bzip2-libs-1.0.6-15.cm1.x86_64.rpm @@ -93,9 +93,9 @@ elfutils-libelf-0.176-4.cm1.x86_64.rpm elfutils-libelf-devel-0.176-4.cm1.x86_64.rpm elfutils-libelf-devel-static-0.176-4.cm1.x86_64.rpm elfutils-libelf-lang-0.176-4.cm1.x86_64.rpm -expat-2.4.1-2.cm1.x86_64.rpm -expat-devel-2.4.1-2.cm1.x86_64.rpm -expat-libs-2.4.1-2.cm1.x86_64.rpm +expat-2.4.3-1.cm1.x86_64.rpm +expat-devel-2.4.3-1.cm1.x86_64.rpm +expat-libs-2.4.3-1.cm1.x86_64.rpm libpipeline-1.5.0-4.cm1.x86_64.rpm libpipeline-devel-1.5.0-4.cm1.x86_64.rpm gdbm-1.18-3.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 52a00d6a922..d390982925c 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -2,17 +2,17 @@ alsa-lib-1.2.2-1.cm1.aarch64.rpm alsa-lib-debuginfo-1.2.2-1.cm1.aarch64.rpm alsa-lib-devel-1.2.2-1.cm1.aarch64.rpm asciidoc-8.6.10-4.cm1.noarch.rpm -audit-3.0-9.cm1.aarch64.rpm -audit-debuginfo-3.0-9.cm1.aarch64.rpm -audit-devel-3.0-9.cm1.aarch64.rpm -audit-libs-3.0-9.cm1.aarch64.rpm -audit-python-3.0-9.cm1.aarch64.rpm +audit-3.0-11.cm1.aarch64.rpm +audit-debuginfo-3.0-11.cm1.aarch64.rpm +audit-devel-3.0-11.cm1.aarch64.rpm +audit-libs-3.0-11.cm1.aarch64.rpm +audit-python-3.0-11.cm1.aarch64.rpm autoconf-2.69-10.cm1.noarch.rpm automake-1.16.1-3.cm1.noarch.rpm -bash-4.4.18-6.cm1.aarch64.rpm -bash-debuginfo-4.4.18-6.cm1.aarch64.rpm -bash-devel-4.4.18-6.cm1.aarch64.rpm -bash-lang-4.4.18-6.cm1.aarch64.rpm +bash-4.4.23-1.cm1.aarch64.rpm +bash-debuginfo-4.4.23-1.cm1.aarch64.rpm +bash-devel-4.4.23-1.cm1.aarch64.rpm +bash-lang-4.4.23-1.cm1.aarch64.rpm binutils-2.36.1-2.cm1.aarch64.rpm binutils-debuginfo-2.36.1-2.cm1.aarch64.rpm binutils-devel-2.36.1-2.cm1.aarch64.rpm @@ -80,10 +80,10 @@ elfutils-libelf-0.176-4.cm1.aarch64.rpm elfutils-libelf-devel-0.176-4.cm1.aarch64.rpm elfutils-libelf-devel-static-0.176-4.cm1.aarch64.rpm elfutils-libelf-lang-0.176-4.cm1.aarch64.rpm -expat-2.4.1-2.cm1.aarch64.rpm -expat-debuginfo-2.4.1-2.cm1.aarch64.rpm -expat-devel-2.4.1-2.cm1.aarch64.rpm -expat-libs-2.4.1-2.cm1.aarch64.rpm +expat-2.4.3-1.cm1.aarch64.rpm +expat-debuginfo-2.4.3-1.cm1.aarch64.rpm +expat-devel-2.4.3-1.cm1.aarch64.rpm +expat-libs-2.4.3-1.cm1.aarch64.rpm file-5.38-1.cm1.aarch64.rpm file-debuginfo-5.38-1.cm1.aarch64.rpm file-devel-5.38-1.cm1.aarch64.rpm @@ -92,9 +92,6 @@ filesystem-1.1-7.cm1.aarch64.rpm findutils-4.6.0-7.cm1.aarch64.rpm findutils-debuginfo-4.6.0-7.cm1.aarch64.rpm findutils-lang-4.6.0-7.cm1.aarch64.rpm -finger-0.17-4.cm1.aarch64.rpm -finger-debuginfo-0.17-4.cm1.aarch64.rpm -finger-server-0.17-4.cm1.aarch64.rpm flex-2.6.4-6.cm1.aarch64.rpm flex-debuginfo-2.6.4-6.cm1.aarch64.rpm flex-devel-2.6.4-6.cm1.aarch64.rpm @@ -130,7 +127,7 @@ gmp-debuginfo-6.1.2-6.cm1.aarch64.rpm gmp-devel-6.1.2-6.cm1.aarch64.rpm gnupg2-2.2.20-3.cm1.aarch64.rpm gnupg2-debuginfo-2.2.20-3.cm1.aarch64.rpm -golang-1.16.10-1.cm1.aarch64.rpm +golang-1.16.12-1.cm1.aarch64.rpm gperf-3.1-3.cm1.aarch64.rpm gperf-debuginfo-3.1-3.cm1.aarch64.rpm gpgme-1.13.1-6.cm1.aarch64.rpm @@ -155,7 +152,7 @@ json-c-debuginfo-0.14-3.cm1.aarch64.rpm json-c-devel-0.14-3.cm1.aarch64.rpm kbd-2.0.4-6.cm1.aarch64.rpm kbd-debuginfo-2.0.4-6.cm1.aarch64.rpm -kernel-headers-5.10.88.1-2.cm1.noarch.rpm +kernel-headers-5.10.89.1-2.cm1.noarch.rpm kmod-25-4.cm1.aarch64.rpm kmod-debuginfo-25-4.cm1.aarch64.rpm kmod-devel-25-4.cm1.aarch64.rpm @@ -357,7 +354,7 @@ python2-libcap-ng-0.7.9-3.cm1.aarch64.rpm python2-libs-2.7.18-8.cm1.aarch64.rpm python2-test-2.7.18-8.cm1.aarch64.rpm python2-tools-2.7.18-8.cm1.aarch64.rpm -python3-audit-3.0-9.cm1.aarch64.rpm +python3-audit-3.0-11.cm1.aarch64.rpm python3-cracklib-2.9.7-2.cm1.aarch64.rpm python3-gpg-1.13.1-6.cm1.aarch64.rpm python3-libcap-ng-0.7.9-3.cm1.aarch64.rpm @@ -402,9 +399,6 @@ systemd-devel-239-38.cm1.aarch64.rpm systemd-lang-239-38.cm1.aarch64.rpm tar-1.32-2.cm1.aarch64.rpm tar-debuginfo-1.32-2.cm1.aarch64.rpm -tcp_wrappers-7.6-9.cm1.aarch64.rpm -tcp_wrappers-debuginfo-7.6-9.cm1.aarch64.rpm -tcp_wrappers-devel-7.6-9.cm1.aarch64.rpm tdnf-2.1.0-6.cm1.aarch64.rpm tdnf-cli-libs-2.1.0-6.cm1.aarch64.rpm tdnf-debuginfo-2.1.0-6.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 2d8bc2ffbc7..aba4a63b06a 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -2,17 +2,17 @@ alsa-lib-1.2.2-1.cm1.x86_64.rpm alsa-lib-debuginfo-1.2.2-1.cm1.x86_64.rpm alsa-lib-devel-1.2.2-1.cm1.x86_64.rpm asciidoc-8.6.10-4.cm1.noarch.rpm -audit-3.0-9.cm1.x86_64.rpm -audit-debuginfo-3.0-9.cm1.x86_64.rpm -audit-devel-3.0-9.cm1.x86_64.rpm -audit-libs-3.0-9.cm1.x86_64.rpm -audit-python-3.0-9.cm1.x86_64.rpm +audit-3.0-11.cm1.x86_64.rpm +audit-debuginfo-3.0-11.cm1.x86_64.rpm +audit-devel-3.0-11.cm1.x86_64.rpm +audit-libs-3.0-11.cm1.x86_64.rpm +audit-python-3.0-11.cm1.x86_64.rpm autoconf-2.69-10.cm1.noarch.rpm automake-1.16.1-3.cm1.noarch.rpm -bash-4.4.18-6.cm1.x86_64.rpm -bash-debuginfo-4.4.18-6.cm1.x86_64.rpm -bash-devel-4.4.18-6.cm1.x86_64.rpm -bash-lang-4.4.18-6.cm1.x86_64.rpm +bash-4.4.23-1.cm1.x86_64.rpm +bash-debuginfo-4.4.23-1.cm1.x86_64.rpm +bash-devel-4.4.23-1.cm1.x86_64.rpm +bash-lang-4.4.23-1.cm1.x86_64.rpm binutils-2.36.1-2.cm1.x86_64.rpm binutils-debuginfo-2.36.1-2.cm1.x86_64.rpm binutils-devel-2.36.1-2.cm1.x86_64.rpm @@ -80,10 +80,10 @@ elfutils-libelf-0.176-4.cm1.x86_64.rpm elfutils-libelf-devel-0.176-4.cm1.x86_64.rpm elfutils-libelf-devel-static-0.176-4.cm1.x86_64.rpm elfutils-libelf-lang-0.176-4.cm1.x86_64.rpm -expat-2.4.1-2.cm1.x86_64.rpm -expat-debuginfo-2.4.1-2.cm1.x86_64.rpm -expat-devel-2.4.1-2.cm1.x86_64.rpm -expat-libs-2.4.1-2.cm1.x86_64.rpm +expat-2.4.3-1.cm1.x86_64.rpm +expat-debuginfo-2.4.3-1.cm1.x86_64.rpm +expat-devel-2.4.3-1.cm1.x86_64.rpm +expat-libs-2.4.3-1.cm1.x86_64.rpm file-5.38-1.cm1.x86_64.rpm file-debuginfo-5.38-1.cm1.x86_64.rpm file-devel-5.38-1.cm1.x86_64.rpm @@ -92,9 +92,6 @@ filesystem-1.1-7.cm1.x86_64.rpm findutils-4.6.0-7.cm1.x86_64.rpm findutils-debuginfo-4.6.0-7.cm1.x86_64.rpm findutils-lang-4.6.0-7.cm1.x86_64.rpm -finger-0.17-4.cm1.x86_64.rpm -finger-debuginfo-0.17-4.cm1.x86_64.rpm -finger-server-0.17-4.cm1.x86_64.rpm flex-2.6.4-6.cm1.x86_64.rpm flex-debuginfo-2.6.4-6.cm1.x86_64.rpm flex-devel-2.6.4-6.cm1.x86_64.rpm @@ -130,7 +127,7 @@ gmp-debuginfo-6.1.2-6.cm1.x86_64.rpm gmp-devel-6.1.2-6.cm1.x86_64.rpm gnupg2-2.2.20-3.cm1.x86_64.rpm gnupg2-debuginfo-2.2.20-3.cm1.x86_64.rpm -golang-1.16.10-1.cm1.x86_64.rpm +golang-1.16.12-1.cm1.x86_64.rpm gperf-3.1-3.cm1.x86_64.rpm gperf-debuginfo-3.1-3.cm1.x86_64.rpm gpgme-1.13.1-6.cm1.x86_64.rpm @@ -155,7 +152,7 @@ json-c-debuginfo-0.14-3.cm1.x86_64.rpm json-c-devel-0.14-3.cm1.x86_64.rpm kbd-2.0.4-6.cm1.x86_64.rpm kbd-debuginfo-2.0.4-6.cm1.x86_64.rpm -kernel-headers-5.10.88.1-2.cm1.noarch.rpm +kernel-headers-5.10.89.1-2.cm1.noarch.rpm kmod-25-4.cm1.x86_64.rpm kmod-debuginfo-25-4.cm1.x86_64.rpm kmod-devel-25-4.cm1.x86_64.rpm @@ -357,7 +354,7 @@ python2-libcap-ng-0.7.9-3.cm1.x86_64.rpm python2-libs-2.7.18-8.cm1.x86_64.rpm python2-test-2.7.18-8.cm1.x86_64.rpm python2-tools-2.7.18-8.cm1.x86_64.rpm -python3-audit-3.0-9.cm1.x86_64.rpm +python3-audit-3.0-11.cm1.x86_64.rpm python3-cracklib-2.9.7-2.cm1.x86_64.rpm python3-gpg-1.13.1-6.cm1.x86_64.rpm python3-libcap-ng-0.7.9-3.cm1.x86_64.rpm @@ -402,9 +399,6 @@ systemd-devel-239-38.cm1.x86_64.rpm systemd-lang-239-38.cm1.x86_64.rpm tar-1.32-2.cm1.x86_64.rpm tar-debuginfo-1.32-2.cm1.x86_64.rpm -tcp_wrappers-7.6-9.cm1.x86_64.rpm -tcp_wrappers-debuginfo-7.6-9.cm1.x86_64.rpm -tcp_wrappers-devel-7.6-9.cm1.x86_64.rpm tdnf-2.1.0-6.cm1.x86_64.rpm tdnf-cli-libs-2.1.0-6.cm1.x86_64.rpm tdnf-debuginfo-2.1.0-6.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/update_manifests.sh b/toolkit/resources/manifests/package/update_manifests.sh index 52e1d8ad3bc..acdd6e8c197 100755 --- a/toolkit/resources/manifests/package/update_manifests.sh +++ b/toolkit/resources/manifests/package/update_manifests.sh @@ -60,7 +60,6 @@ remove_packages_for_pkggen_core () { sed -i '/e2fsprogs-lang/d' $TmpPkgGen sed -i '/openj/d' $TmpPkgGen sed -i '/freetype2/d' $TmpPkgGen - sed -i '/finger-[[:alpha:]]/d' $TmpPkgGen sed -i '/gfortran/d' $TmpPkgGen sed -i '/glib-devel/d' $TmpPkgGen sed -i '/glib-schemas/d' $TmpPkgGen @@ -93,7 +92,6 @@ remove_packages_for_pkggen_core () { sed -i '/perl-Text-Template/d' $TmpPkgGen sed -i '/python/d' $TmpPkgGen sed -i '/shadow/d' $TmpPkgGen - sed -i '/tcp_wrappers-[[:alpha:]]/d' $TmpPkgGen sed -i '/unzip/d' $TmpPkgGen sed -i '/util-linux-lang/d' $TmpPkgGen sed -i '/wget/d' $TmpPkgGen diff --git a/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh b/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh index eaad34e0ec8..cc42564fff4 100755 --- a/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh +++ b/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh @@ -509,12 +509,8 @@ chroot_and_install_rpms libtirpc chroot_and_install_rpms rpcsvc-proto build_rpm_in_chroot_no_install libnsl2 -build_rpm_in_chroot_no_install finger - # tcp_wrappers needs libnsl2, finger chroot_and_install_rpms libnsl2 -chroot_and_install_rpms finger -build_rpm_in_chroot_no_install tcp_wrappers build_rpm_in_chroot_no_install cyrus-sasl @@ -529,7 +525,6 @@ build_rpm_in_chroot_no_install libcap-ng chroot_and_install_rpms systemd chroot_and_install_rpms golang chroot_and_install_rpms openldap -chroot_and_install_rpms tcp_wrappers chroot_and_install_rpms libcap-ng build_rpm_in_chroot_no_install audit diff --git a/toolkit/scripts/toolchain/container/0002-add-linux-syscall-license-info.patch b/toolkit/scripts/toolchain/container/0002-add-linux-syscall-license-info.patch deleted file mode 100644 index 49982cb6b31..00000000000 --- a/toolkit/scripts/toolchain/container/0002-add-linux-syscall-license-info.patch +++ /dev/null @@ -1,22 +0,0 @@ -From aef4c9944d4dd8f5686823aa74fb54505a6983b4 Mon Sep 17 00:00:00 2001 -From: Rachel -Date: Tue, 9 Nov 2021 12:21:01 -0500 -Subject: [PATCH] Add license info - ---- - include/uapi/misc/d3dkmthk.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/include/uapi/misc/d3dkmthk.h b/include/uapi/misc/d3dkmthk.h -index e752fd5c87d0..bf4fc7228bac 100644 ---- a/include/uapi/misc/d3dkmthk.h -+++ b/include/uapi/misc/d3dkmthk.h -@@ -1,4 +1,4 @@ --/* SPDX-License-Identifier: GPL-2.0 */ -+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ - - /* - * Copyright (c) 2019, Microsoft Corporation. --- -2.17.1 - diff --git a/toolkit/scripts/toolchain/container/Dockerfile b/toolkit/scripts/toolchain/container/Dockerfile index 8185328d44b..221ad8c5c51 100644 --- a/toolkit/scripts/toolchain/container/Dockerfile +++ b/toolkit/scripts/toolchain/container/Dockerfile @@ -60,7 +60,6 @@ COPY [ "./toolchain-sha256sums", \ "./texinfo-perl-fix.patch", \ "./CVE-2021-45078.patch", \ "./toolchain-jdk8-wget.sh", \ - "./0002-add-linux-syscall-license-info.patch", \ "$LFS/tools/" ] # Download source, then create lfs user and group. @@ -70,7 +69,7 @@ COPY [ "./toolchain-sha256sums", \ WORKDIR $LFS/sources RUN wget -nv --no-clobber --timeout=30 --no-check-certificate --continue --input-file=$LFS/tools/toolchain-local-wget-list --directory-prefix=$LFS/sources; exit 0 RUN wget -nv --no-clobber --timeout=30 --continue --input-file=$LFS/tools/toolchain-remote-wget-list --directory-prefix=$LFS/sources; exit 0 -RUN wget -nv --no-clobber --timeout=30 --continue https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.88.1.tar.gz -O kernel-5.10.88.1.tar.gz --directory-prefix=$LFS/sources; exit 0 +RUN wget -nv --no-clobber --timeout=30 --continue https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.89.1.tar.gz -O kernel-5.10.89.1.tar.gz --directory-prefix=$LFS/sources; exit 0 USER root RUN /tools/toolchain-jdk8-wget.sh; exit 0 RUN sha256sum -c $LFS/tools/toolchain-sha256sums && \ diff --git a/toolkit/scripts/toolchain/container/toolchain-sha256sums b/toolkit/scripts/toolchain/container/toolchain-sha256sums index 4268bbb65dd..1af1cbdef2d 100644 --- a/toolkit/scripts/toolchain/container/toolchain-sha256sums +++ b/toolkit/scripts/toolchain/container/toolchain-sha256sums @@ -59,7 +59,7 @@ b725c9b2e9793df7bf5d4d300390db11aa27bd98df9f33021d539be9bd603846 jdk8u212-b04-j 13ae78908151ad88ee3b375c72ca3f55a82b5265a3faba97f224f2a9b9d486fc jdk8u212-b04-nashorn.tar.bz2 6d28bdd752c056de98f6faf897b338d6ce8938810d72a69c2f5c1d81d628d44a jdk8u212-b04.tar.bz2 f882210b76376e3fa006b11dbd890e56ec0942bc56e65d1249ff4af86f90b857 kbproto-1.0.7.tar.bz2 -ff8be30666cd7899c36a50ef0d92e24ebfa58878b55ebc30483eb14ebb56546f kernel-5.10.88.1.tar.gz +e7d4ea0eff5635c8be7c8aa7792da2dc5daee6dff374fafa2ae3cf59159c7c4d kernel-5.10.89.1.tar.gz b60d58d12632ecf1e8fad7316dc82c6b9738a35625746b47ecdcaf4aed176176 libarchive-3.4.2.tar.gz b630b7c484271b3ba867680d6a14b10a86cfa67247a14631b14c06731d5a458b libcap-2.26.tar.xz c97da36d2e56a2d7b6e4f896241785acc95e97eb9557465fd66ba2a155a7b201 libdmx-1.1.3.tar.bz2 diff --git a/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh b/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh index ccc0e36d28e..916154fd1cd 100755 --- a/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh +++ b/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh @@ -57,16 +57,14 @@ set -e # cd /sources -echo Linux-5.10.88.1 API Headers -tar xf kernel-5.10.88.1.tar.gz -cp /tools/0002-add-linux-syscall-license-info.patch CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.88.1/ -pushd CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.88.1 -patch -p1 -i 0002-add-linux-syscall-license-info.patch +echo Linux-5.10.89.1 API Headers +tar xf kernel-5.10.89.1.tar.gz +pushd CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.89.1 make mrproper make headers cp -rv usr/include/* /usr/include popd -rm -rf CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.88.1 +rm -rf CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.89.1 touch /logs/status_kernel_headers_complete echo 6.8. Man-pages-5.02 diff --git a/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh b/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh index 544d7743657..fe9089b0c2f 100755 --- a/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh +++ b/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh @@ -114,16 +114,14 @@ rm -rf gcc-9.1.0 touch $LFS/logs/temptoolchain/status_gcc_pass1_complete -echo Linux-5.10.88.1 API Headers -tar xf kernel-5.10.88.1.tar.gz -cp /tools/0002-add-linux-syscall-license-info.patch CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.88.1/ -pushd CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.88.1 -patch -p1 -i 0002-add-linux-syscall-license-info.patch +echo Linux-5.10.89.1 API Headers +tar xf kernel-5.10.89.1.tar.gz +pushd CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.89.1 make mrproper make headers cp -rv usr/include/* /tools/include popd -rm -rf CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.88.1 +rm -rf CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.89.1 touch $LFS/logs/temptoolchain/status_kernel_headers_complete