microsoft
/
CBL-Mariner
зеркало из https://github.com/microsoft/CBL-Mariner.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

upgrade cifs-utils, clamav, colm, cpprest, dbus-glib, desktop-file-utils, dkms (#1969) 

* upgrade cifs-utils, clamav

* upgrade cifs-utils, clamav

* upgrade clamav

* upgrade clamav

* upgrade colm and cpprest

* upgrade dbus-glib, desktop-file-utils, dkms

* upgrade dbus-glib, desktop-file-utils, dkms

* address cgmanifest issues

Co-authored-by: nicolas guibourge <nicolasg@microsoft.com>
This commit is contained in:
nicolas guibourge 2022-01-21 15:00:28 -08:00 коммит произвёл GitHub
Родитель 49db36b93f
Коммит ad91dd3f53
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
20 изменённых файлов: 290 добавлений и 727 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

37
SPECS/cifs-utils/CVE-2020-14342-fix.patch
Просмотреть файл

@ -1,37 +0,0 @@
From f7e13c34bc2f820ff124f1425c5d92dbdaa2e8da Mon Sep 17 00:00:00 2001
From: Leandro Pereira <lpereira@linux.microsoft.com>
Date: Thu, 1 Oct 2020 15:51:32 -0700
Subject: [PATCH] CVE-2020-13342: Do not rely on $PATH to find
systemd-ask-password
The execlp() call will look at the $PATH environment variable to
determine which binary to execute; if a binary naemd
"systemd-ask-password" is present, that will be called with the same
privileges as "mount.cifs", which could be elevated as that might be
executed under sudo or the executable might be SUID root. Moreover,
this could be used to exfiltrate the password if somebody has access to
the environment.
This patch makes the call using /usr/bin/systemd-ask-password directly.
Signed-off-by: Leandro Pereira <lpereira@linux.microsoft.com>
---
mount.cifs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/mount.cifs.c b/mount.cifs.c
index 4feb397..af0a796 100644
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -1669,7 +1669,8 @@ static int get_passwd_by_systemd(const char *prompt, char *input, int capacity)
if (pid == 0) {
close(fd[0]);
dup2(fd[1], STDOUT_FILENO);
- if (execlp("systemd-ask-password", "systemd-ask-password", prompt, NULL) == -1) {
+ if (execlp("/usr/bin/systemd-ask-password",
+ "/usr/bin/systemd-ask-password", prompt, NULL) == -1) {
fprintf(stderr, "Failed to execute systemd-ask-password: %s\n",
strerror(errno));
}
--
1.8.3.1

121
SPECS/cifs-utils/CVE-2020-14342.patch
Просмотреть файл

@ -1,121 +0,0 @@
diff -Naur cifs-utils-6.8.orig/mount.cifs.c cifs-utils-6.8.mod/mount.cifs.c
--- cifs-utils-6.8.orig/mount.cifs.c 2020-09-30 17:26:48.250924409 -0700
+++ cifs-utils-6.8.mod/mount.cifs.c 2020-09-30 17:27:19.002733900 -0700
@@ -1646,6 +1646,73 @@
return 0;
}
+#ifdef ENABLE_SYSTEMD
+static int get_passwd_by_systemd(const char *prompt, char *input, int capacity)
+{
+ int fd[2];
+ pid_t pid;
+ int offs = 0;
+ int rc = 1;
+
+ if (pipe(fd) == -1) {
+ fprintf(stderr, "Failed to create pipe: %s\n", strerror(errno));
+ return 1;
+ }
+
+ pid = fork();
+ if (pid == -1) {
+ fprintf(stderr, "Unable to fork: %s\n", strerror(errno));
+ close(fd[0]);
+ close(fd[1]);
+ return 1;
+ }
+ if (pid == 0) {
+ close(fd[0]);
+ dup2(fd[1], STDOUT_FILENO);
+ if (execlp("systemd-ask-password", "systemd-ask-password", prompt, NULL) == -1) {
+ fprintf(stderr, "Failed to execute systemd-ask-password: %s\n",
+ strerror(errno));
+ }
+ exit(1);
+ }
+
+ close(fd[1]);
+ for (;;) {
+ if (offs+1 >= capacity) {
+ fprintf(stderr, "Password too long.\n");
+ kill(pid, SIGTERM);
+ rc = 1;
+ break;
+ }
+ rc = read(fd[0], input + offs, capacity - offs);
+ if (rc == -1) {
+ fprintf(stderr, "Failed to read from pipe: %s\n", strerror(errno));
+ rc = 1;
+ break;
+ }
+ if (!rc)
+ break;
+ offs += rc;
+ input[offs] = '\0';
+ }
+ if (wait(&rc) == -1) {
+ fprintf(stderr, "Failed to wait child: %s\n", strerror(errno));
+ rc = 1;
+ goto out;
+ }
+ if (!WIFEXITED(rc) || WEXITSTATUS(rc)) {
+ rc = 1;
+ goto out;
+ }
+
+ rc = 0;
+
+out:
+ close(fd[0]);
+ return rc;
+}
+#endif
+
/*
* If systemd is running and systemd-ask-password --
* is available, then use that else fallback on getpass(..)
@@ -1659,35 +1726,22 @@
int is_systemd_running;
struct stat a, b;
+ memset(input, 0, capacity);
+
/* We simply test whether the systemd cgroup hierarchy is
* mounted */
is_systemd_running = (lstat("/sys/fs/cgroup", &a) == 0)
&& (lstat("/sys/fs/cgroup/systemd", &b) == 0)
&& (a.st_dev != b.st_dev);
- if (is_systemd_running) {
- char *cmd, *ret;
- FILE *ask_pass_fp = NULL;
-
- cmd = ret = NULL;
- if (asprintf(&cmd, "systemd-ask-password \"%s\"", prompt) >= 0) {
- ask_pass_fp = popen (cmd, "re");
- free (cmd);
- }
-
- if (ask_pass_fp) {
- ret = fgets(input, capacity, ask_pass_fp);
- pclose(ask_pass_fp);
- }
-
- if (ret) {
- int len = strlen(input);
- if (input[len - 1] == '\n')
- input[len - 1] = '\0';
- return input;
- }
+ if (is_systemd_running && !get_passwd_by_systemd(prompt, input, capacity)) {
+ int len = strlen(input);
+ if (input[len - 1] == '\n')
+ input[len - 1] = '\0';
+ return input;
}
#endif
+ memset(input, 0, capacity);
/*
* Falling back to getpass(..)

263
SPECS/cifs-utils/CVE-2021-20208.patch
Просмотреть файл

@ -1,263 +0,0 @@
From cb8b6a8b8ea983844584d8ada4d9aa4c88c997fb Mon Sep 17 00:00:00 2001
From: Alastair Houghton <alastair@alastairs-place.net>
Date: Tue, 29 Dec 2020 14:02:39 +0000
Subject: [PATCH] cifs.upcall: try to use container ipc/uts/net/pid/mnt/user
namespaces
In certain scenarios (e.g. kerberos multimount), when a process does
syscalls, the kernel sometimes has to query information or trigger
some actions in userspace. To do so it calls the cifs.upcall binary
with information on the process that triggered the syscall in the
first place.
ls(pid=10) ====> open("foo") ====> kernel
that user doesn't have an SMB
session, lets create one using his
kerberos credential cache
call cifs.upcall and ask for krb info
for whoever owns pid=10
|
cifs.upcall --pid 10 <=================+
...gather info...
return binary blob used
when establishing SMB session
===================> kernel
open SMB session, handle
open() syscall
ls <=================================== return open() result to ls
On a system using containers, the kernel is still calling the host
cifs.upcall and using the host configuration (for network, pid, etc).
This patch changes the behaviour of cifs.upcall so that it uses the
calling process namespaces (ls in the example) when doing its
job.
Note that the kernel still calls the binary in the host, but the
binary will place itself the contexts of the calling process
namespaces.
This code makes use of (but shouldn't require) the following kernel
config options and syscall flags:
approx. year |
introduced | config/flags
---------------+----------------
2008 | CONFIG_NAMESPACES=y
2007 | CONFIG_UTS_NS=y
2020 | CONFIG_TIME_NS=y
2006 | CONFIG_IPC_NS=y
2007 | CONFIG_USER_NS
2008 | CONFIG_PID_NS=y
2007 | CONFIG_NET_NS=y
2007 | CONFIG_CGROUPS
2016 | CLONE_NEWCGROUP setns() flag
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
---
cifs.upcall.c | 172 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 172 insertions(+)
diff --git a/cifs.upcall.c b/cifs.upcall.c
index 89563fd..9718d00 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -51,6 +51,7 @@
#include <grp.h>
#include <stdbool.h>
#include <errno.h>
+#include <sched.h>
#include "data_blob.h"
#include "spnego.h"
@@ -227,6 +228,164 @@ err_cache:
return credtime;
}
+static struct namespace_file {
+ int nstype;
+ const char *name;
+ int fd;
+} namespace_files[] = {
+
+#ifdef CLONE_NEWCGROUP
+ { CLONE_NEWCGROUP, "cgroup", -1 },
+#endif
+
+#ifdef CLONE_NEWIPC
+ { CLONE_NEWIPC, "ipc", -1 },
+#endif
+
+#ifdef CLONE_NEWUTS
+ { CLONE_NEWUTS, "uts", -1 },
+#endif
+
+#ifdef CLONE_NEWNET
+ { CLONE_NEWNET, "net", -1 },
+#endif
+
+#ifdef CLONE_NEWPID
+ { CLONE_NEWPID, "pid", -1 },
+#endif
+
+#ifdef CLONE_NEWTIME
+ { CLONE_NEWTIME, "time", -1 },
+#endif
+
+#ifdef CLONE_NEWNS
+ { CLONE_NEWNS, "mnt", -1 },
+#endif
+
+#ifdef CLONE_NEWUSER
+ { CLONE_NEWUSER, "user", -1 },
+#endif
+};
+
+#define NS_PATH_FMT "/proc/%d/ns/%s"
+#define NS_PATH_MAXLEN (6 + 10 + 4 + 6 + 1)
+
+/**
+ * in_same_user_ns - return true if two processes are in the same user
+ * namespace.
+ * @pid_a: the pid of the first process
+ * @pid_b: the pid of the second process
+ *
+ * Works by comparing the inode numbers for /proc/<pid>/user.
+ */
+static int
+in_same_user_ns(pid_t pid_a, pid_t pid_b)
+{
+ char path[NS_PATH_MAXLEN];
+ ino_t a_ino, b_ino;
+ struct stat st;
+
+ snprintf(path, sizeof(path), NS_PATH_FMT, pid_a, "user");
+ if (stat(path, &st) != 0)
+ return 0;
+ a_ino = st.st_ino;
+
+ snprintf(path, sizeof(path), NS_PATH_FMT, pid_b, "user");
+ if (stat(path, &st) != 0)
+ return 0;
+ b_ino = st.st_ino;
+
+ return a_ino == b_ino;
+}
+
+/**
+ * switch_to_process_ns - change the namespace to the one for the specified
+ * process.
+ * @pid: initiating pid value from the upcall string
+ *
+ * Uses setns() to switch process namespace.
+ * This ensures that we have the same access and configuration as the
+ * process that triggered the lookup.
+ */
+static int
+switch_to_process_ns(pid_t pid)
+{
+ int count = sizeof(namespace_files) / sizeof(struct namespace_file);
+ int n, err = 0;
+ int rc = 0;
+
+ /* First, open all the namespace fds. We do this first because
+ the namespace changes might prohibit us from opening them. */
+ for (n = 0; n < count; ++n) {
+ char nspath[NS_PATH_MAXLEN];
+ int ret, fd;
+
+#ifdef CLONE_NEWUSER
+ if (namespace_files[n].nstype == CLONE_NEWUSER
+ && in_same_user_ns(getpid(), pid)) {
+ /* Switching to the same user namespace is forbidden,
+ because switching to a user namespace grants all
+ capabilities in that namespace regardless of uid. */
+ namespace_files[n].fd = -1;
+ continue;
+ }
+#endif
+
+ ret = snprintf(nspath, NS_PATH_MAXLEN, NS_PATH_FMT,
+ pid, namespace_files[n].name);
+ if (ret >= NS_PATH_MAXLEN) {
+ syslog(LOG_DEBUG, "%s: unterminated path!\n", __func__);
+ err = ENAMETOOLONG;
+ rc = -1;
+ goto out;
+ }
+
+ fd = open(nspath, O_RDONLY);
+ if (fd < 0 && errno != ENOENT) {
+ /*
+ * don't stop on non-existing ns
+ * but stop for other errors
+ */
+ err = errno;
+ rc = -1;
+ goto out;
+ }
+
+ namespace_files[n].fd = fd;
+ }
+
+ /* Next, call setns for each of them */
+ for (n = 0; n < count; ++n) {
+ /* skip non-existing ns */
+ if (namespace_files[n].fd < 0)
+ continue;
+
+ rc = setns(namespace_files[n].fd, namespace_files[n].nstype);
+
+ if (rc < 0) {
+ syslog(LOG_DEBUG, "%s: setns() failed for %s\n",
+ __func__, namespace_files[n].name);
+ err = errno;
+ goto out;
+ }
+ }
+
+out:
+ /* Finally, close all the fds */
+ for (n = 0; n < count; ++n) {
+ if (namespace_files[n].fd != -1) {
+ close(namespace_files[n].fd);
+ namespace_files[n].fd = -1;
+ }
+ }
+
+ if (rc != 0) {
+ errno = err;
+ }
+
+ return rc;
+}
+
#define ENV_PATH_FMT "/proc/%d/environ"
#define ENV_PATH_MAXLEN (6 + 10 + 8 + 1)
@@ -1052,6 +1211,19 @@ int main(const int argc, char *const argv[])
env_cachename =
get_cachename_from_process_env(env_probe ? arg.pid : 0);
+ /*
+ * Change to the process's namespace. This means that things will work
+ * acceptably in containers, because we'll be looking at the correct
+ * filesystem and have the correct network configuration.
+ */
+ rc = switch_to_process_ns(arg.pid);
+ if (rc == -1) {
+ syslog(LOG_ERR, "unable to switch to process namespace: %s",
+ strerror(errno));
+ rc = 1;
+ goto out;
+ }
+
rc = setuid(uid);
if (rc == -1) {
syslog(LOG_ERR, "setuid: %s", strerror(errno));
--
2.17.1

2
SPECS/cifs-utils/cifs-utils.signatures.json
Просмотреть файл

@ -1,5 +1,5 @@
{
"Signatures": {
"cifs-utils-6.8.tar.bz2": "e7d1f6050c43f21f82cd77e288eb756755effd22f0c310fc2c525df9d41dff79"
"cifs-utils-6.14.tar.bz2": "6609e8074b5421295ff012a31f02ccd9a058415c619c81362ebb788dbf0756b8"
}
}

18
SPECS/cifs-utils/cifs-utils.spec
Просмотреть файл

@ -1,16 +1,13 @@
Summary: cifs client utils
Name: cifs-utils
Version: 6.8
Release: 6%{?dist}
Version: 6.14
Release: 1%{?dist}
License: GPLv3
Vendor: Microsoft Corporation
Distribution: Mariner
Group: Applications/Nfs-utils-client
URL: https://wiki.samba.org/index.php/LinuxCIFS_utils
Source0: https://ftp.samba.org/pub/linux-cifs/cifs-utils/cifs-utils-%{version}.tar.bz2
Patch0: CVE-2020-14342.patch
Patch1: CVE-2020-14342-fix.patch
Patch2: CVE-2021-20208.patch
Source0: https://download.samba.org/pub/linux-cifs/%{name}/%{name}-%{version}.tar.bz2
BuildRequires: libcap-ng-devel
BuildRequires: libtalloc-devel
BuildRequires: keyutils-devel
@ -47,6 +44,7 @@ Provides header files needed for Cifs-Utils development.
%build
autoreconf -fiv
%configure
%configure --prefix=/usr ROOTSBINDIR=%{_sbindir}
%make_build
%install
@ -59,7 +57,10 @@ make %{?_smp_mflags} check
%defattr(-,root,root)
%license COPYING
%{_bindir}/cifscreds
/sbin/mount.cifs
%{_bindir}/smb2-quota
%{_bindir}/smbinfo
%{_sbindir}/mount.cifs
%{_sbindir}/mount.smb3
%files -n pam_cifscreds
%{_libdir}/security/pam_cifscreds.so
@ -69,6 +70,9 @@ make %{?_smp_mflags} check
%{_includedir}/cifsidmap.h
%changelog
* Fri Jan 14 2022 Nicolas Guibourge <nicolasg@microsoft.com> - 6.14-1
- Upgrade to 6.14.
* Wed Sep 29 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 6.8-6
- Adding the 'pam_cifscreds' subpackage using Fedora 32 spec (license: MIT) as guidance.

2
SPECS/clamav/clamav.signatures.json
Просмотреть файл

@ -1,5 +1,5 @@
{
"Signatures": {
"clamav-0.103.2.tar.gz": "d4b5d0ac666262e423a326fb54778caa7c69624d6c3f9542895feb8478271bd2"
"clamav-0.104.2.tar.gz": "3e45e46d9aaeb3a6956ed30376237ab7c4cd9573bc0f5d6fc15c588d30978d9d"
}
}

75
SPECS/clamav/clamav.spec
Просмотреть файл

@ -1,22 +1,36 @@
Summary: Open source antivirus engine
Name: clamav
Version: 0.103.2
Release: 3%{?dist}
Version: 0.104.2
Release: 1%{?dist}
License: ASL 2.0 AND BSD AND bzip2-1.0.4 AND GPLv2 AND LGPLv2+ AND MIT AND Public Domain AND UnRar
Vendor: Microsoft Corporation
Distribution: Mariner
Group: System Environment/Security
URL: https://www.clamav.net
Source0: %{url}/downloads/production/%{name}-%{version}.tar.gz
# Workaround for coreutils missing requirement flex
BuildRequires: flex-devel
BuildRequires: libtool
Source0: https://github.com/Cisco-Talos/clamav/archive/refs/tags/%{name}-%{version}.tar.gz
BuildRequires: bzip2-devel
BuildRequires: check-devel
BuildRequires: cmake
BuildRequires: gcc
BuildRequires: gdb
BuildRequires: json-c-devel
BuildRequires: libcurl-devel
BuildRequires: libxml2-devel
BuildRequires: make
BuildRequires: ncurses-devel
BuildRequires: openssl-devel
# Required to produce systemd files
BuildRequires: pcre2-devel
BuildRequires: python3
BuildRequires: python3-pip
BuildRequires: python3-pytest
BuildRequires: systemd-devel
BuildRequires: valgrind
BuildRequires: zlib-devel
Requires: openssl
Requires: zlib
Provides: %{name}-devel = %{version}-%{release}
Provides: %{name}-lib = %{version}-%{release}
@ -30,34 +44,57 @@ line scanner and an advanced tool for automatic database updates.
%autosetup
%build
%configure
%make_build
mkdir -p build
cd build
%install
%make_install
find %{buildroot} -type f -name "*.la" -delete -print
# Notes:
# - milter must be disable because CBL-Mariner does not provide 'sendmail' packages
# which provides the necessary pieces to build 'clamav-milter'
# - systemd should be enabled because default value is off
cmake .. \
-D CMAKE_INSTALL_LIBDIR=%{buildroot}%{_libdir} \
-D CMAKE_INSTALL_BINDIR=%{buildroot}%{_bindir} \
-D CMAKE_INSTALL_SBINDIR=%{buildroot}%{_sbindir} \
-D CMAKE_INSTALL_MANDIR=%{buildroot}%{_mandir} \
-D CMAKE_INSTALL_DOCDIR=%{buildroot}%{_docdir} \
-D CMAKE_INSTALL_INCLUDEDIR=%{buildroot}%{_includedir} \
-D SYSTEMD_UNIT_DIR=%{buildroot}%{_libdir}/systemd/system \
-D APP_CONFIG_DIRECTORY=%{buildroot}%{_sysconfdir}/clamav \
-D DATABASE_DIRECTORY=%{buildroot}%{_sharedstatedir}/clamav \
-D ENABLE_SYSTEMD=ON \
-D ENABLE_MILTER=OFF \
-D ENABLE_EXAMPLES=OFF
cmake --build .
%check
%make_build check
cd build
ctest --verbose
%ldconfig_scriptlets
%install
cd build
cmake --build . --target install
# do not install html doc ('clamav' cmake has no flag to specify that => remove the doc)
rm -rf %{buildroot}%{_docdir}
%files
%defattr(-,root,root)
%license COPYING COPYING.bzip2 COPYING.file COPYING.getopt COPYING.LGPL COPYING.llvm COPYING.lzma COPYING.pcre COPYING.regex COPYING.unrar COPYING.YARA COPYING.zlib
%{_bindir}/*
%{_sysconfdir}/*.sample
%{_includedir}/*.h
%license COPYING.txt COPYING/COPYING.LGPL COPYING/COPYING.bzip2 COPYING/COPYING.file COPYING/COPYING.llvm COPYING/COPYING.pcre COPYING/COPYING.unrar COPYING/COPYING.YARA COPYING/COPYING.curl COPYING/COPYING.getopt COPYING/COPYING.lzma COPYING/COPYING.regex COPYING/COPYING.zlib
%{_libdir}/*.so
%{_libdir}/*.so.*
%{_libdir}/pkgconfig/*.pc
%{_unitdir}/*
%{_libdir}/systemd/system/*
%{_bindir}/*
%{_sbindir}/*
%{_sysconfdir}/clamav/*.sample
%{_includedir}/*.h
%{_mandir}/man1/*
%{_mandir}/man5/*
%{_mandir}/man8/*
%changelog
* Fri Jan 14 2022 Nicolas Guibourge <nicolasg@microsoft.com> - 0.104.2-1
- Upgrade to 0.104.2
* Fri Sep 10 2021 Thomas Crain <thcrain@microsoft.com> - 0.103.2-3
- Remove libtool archive files from final packaging

2
SPECS/colm/colm.signatures.json
Просмотреть файл

@ -1,5 +1,5 @@
{
"Signatures": {
"colm-0.13.0.7.tar.gz": "e43fa328ad7672f485848bf4f40ae498a1925ce5199f2d94e4828e13628ee638"
"colm-0.14.7.tar.gz": "06c8296cab3c660dcb0b150d5b58c10707278d34a35fe664f8ed05f4606fc079"
}
}

37
SPECS/colm/colm.spec
Просмотреть файл

@ -1,6 +1,6 @@
Name: colm
Version: 0.13.0.7
Release: 4%{?dist}
Version: 0.14.7
Release: 1%{?dist}
Summary: Programming language designed for the analysis of computer languages
# aapl/ and some headers from src/ are the LGPLv2+
License: MIT AND LGPLv2+
@ -8,15 +8,15 @@ Group: Development/Libraries
Vendor: Microsoft Corporation
Distribution: Mariner
URL: https://www.colm.net/open-source/colm/
Source0: https://www.colm.net/files/%{name}/%{name}-%{version}.tar.gz
Source0: https://github.com/adrian-thurston/colm/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
BuildRequires: gcc
BuildRequires: libstdc++
BuildRequires: asciidoc
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: gcc
BuildRequires: gcc-c++
BuildRequires: libtool
BuildRequires: make
BuildRequires: asciidoc
# Unfortunately, upstream doesn't exist and not possible to find version
Provides: bundled(aapl)
@ -39,13 +39,15 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
sed -i -e "/dist_doc_DATA/d" Makefile.am
%build
autoreconf -vfi
%configure --disable-static
%make_build
./autogen.sh
./configure --prefix=%{buildroot}/usr
make
%install
%make_install
make install
# do not install/remove .la files and doc files
find %{buildroot}%{_libdir} -type f -name '*.la' -print -delete
rm -rf %{buildroot}%{_datadir}
install -p -m 0644 -D %{name}.vim %{buildroot}%{_datadir}/vim/vimfiles/syntax/%{name}.vim
%post -p /sbin/ldconfig
@ -53,19 +55,26 @@ install -p -m 0644 -D %{name}.vim %{buildroot}%{_datadir}/vim/vimfiles/syntax/%{
%files
%license COPYING
%doc ChangeLog README
%{_bindir}/%{name}
%doc README
%{_bindir}/*
%{_libdir}/lib%{name}-%{version}.so
%{_libdir}/lib%{name}.so
%{_libdir}/libfsm-%{version}.so
%{_libdir}/libfsm.so
%dir %{_datadir}/vim
%dir %{_datadir}/vim/vimfiles
%dir %{_datadir}/vim/vimfiles/syntax
%{_datadir}/vim/vimfiles/syntax/%{name}.vim
%files devel
%{_libdir}/lib%{name}.so
%{_includedir}/%{name}/
%{_libdir}/lib%{name}.a
%{_libdir}/libfsm.a
%{_includedir}/
%changelog
* Wed Jan 19 2022 Nicolas Guibourge <nicolasg@microsft.com> - 0.14.7-1
- Ugradte to 0.14.7
* Wed Oct 27 2021 Muhammad Falak <mwani@microsft.com> - 0.13.0.7-4
- Remove epoch

140
SPECS/cpprest/cpprest-2.10.17-disable-outside-and-failing-tests.patch Normal file
Просмотреть файл

@ -0,0 +1,140 @@
diff --git a/Release/tests/functional/http/client/CMakeLists.txt b/Release/tests/functional/http/client/CMakeLists.txt
index 3e1a9363..06726bef 100644
--- a/Release/tests/functional/http/client/CMakeLists.txt
+++ b/Release/tests/functional/http/client/CMakeLists.txt
@@ -12,7 +12,6 @@ set(SOURCES
multiple_requests.cpp
oauth1_tests.cpp
oauth2_tests.cpp
- outside_tests.cpp
pipeline_stage_tests.cpp
progress_handler_tests.cpp
proxy_tests.cpp
diff --git a/Release/tests/functional/http/client/authentication_tests.cpp b/Release/tests/functional/http/client/authentication_tests.cpp
index c0440fed..afa4a666 100644
--- a/Release/tests/functional/http/client/authentication_tests.cpp
+++ b/Release/tests/functional/http/client/authentication_tests.cpp
@@ -675,9 +675,13 @@ SUITE(authentication_tests)
VERIFY_ARE_EQUAL(return_code, response.status_code());
}
+/*
TEST(auth_no_data) { auth_test_impl(false); }
+*/
+/*
TEST(unsuccessful_auth_with_basic_cred) { auth_test_impl(true); }
+*/
TEST_FIXTURE(uri_address, set_user_options_asio_http)
{
@@ -695,6 +699,7 @@ SUITE(authentication_tests)
VERIFY_ARE_EQUAL(200, response.status_code());
}
+/*
TEST_FIXTURE(uri_address, set_user_options_asio_https)
{
handle_timeout([] {
@@ -714,6 +719,7 @@ SUITE(authentication_tests)
VERIFY_IS_FALSE(v.empty());
});
}
+*/
#endif
diff --git a/Release/tests/functional/http/client/connections_and_errors.cpp b/Release/tests/functional/http/client/connections_and_errors.cpp
index 847755d8..59b36b0a 100644
--- a/Release/tests/functional/http/client/connections_and_errors.cpp
+++ b/Release/tests/functional/http/client/connections_and_errors.cpp
@@ -408,6 +408,7 @@ SUITE(connections_and_errors)
}
#endif
+/*
// Try to connect to a server on a closed port and cancel the operation.
TEST_FIXTURE(uri_address, cancel_bad_port)
{
@@ -439,6 +440,7 @@ SUITE(connections_and_errors)
VERIFY_THROWS_HTTP_ERROR_CODE(t.get(), std::errc::operation_canceled);
}
+*/
} // SUITE(connections_and_errors)
diff --git a/Release/tests/functional/http/client/redirect_tests.cpp b/Release/tests/functional/http/client/redirect_tests.cpp
index a9d41794..dd3ee290 100644
--- a/Release/tests/functional/http/client/redirect_tests.cpp
+++ b/Release/tests/functional/http/client/redirect_tests.cpp
@@ -92,6 +92,7 @@ SUITE(redirect_tests)
}
}
+/*
TEST_FIXTURE(uri_address, follows_retrieval_redirect)
{
test_http_server::scoped_server scoped(m_uri);
@@ -113,6 +114,7 @@ SUITE(redirect_tests)
VERIFY_NO_THROWS(reply.get());
}
}
+*/
TEST_FIXTURE(uri_address, obeys_max_redirects)
{
@@ -160,6 +162,7 @@ SUITE(redirect_tests)
}
}
+/*
TEST(does_not_follow_https_to_http_by_default)
{
handle_timeout([] {
@@ -182,6 +185,7 @@ SUITE(redirect_tests)
);
});
}
+*/
TEST_FIXTURE(uri_address, follows_permanent_redirect)
{
diff --git a/Release/tests/functional/websockets/client/authentication_tests.cpp b/Release/tests/functional/websockets/client/authentication_tests.cpp
index a35949c9..7a3fd753 100644
--- a/Release/tests/functional/websockets/client/authentication_tests.cpp
+++ b/Release/tests/functional/websockets/client/authentication_tests.cpp
@@ -93,6 +93,7 @@ SUITE(authentication_tests)
return false;
}
+/*
TEST(ssl_test)
{
websocket_client client;
@@ -127,6 +128,7 @@ SUITE(authentication_tests)
throw;
}
}
+*/
void handshake_error_test_impl(const ::utility::string_t& host)
{
@@ -148,11 +150,17 @@ SUITE(authentication_tests)
}
}
+/*
TEST(self_signed_cert) { handshake_error_test_impl(U("wss://self-signed.badssl.com/")); }
+*/
+/*
TEST(hostname_mismatch) { handshake_error_test_impl(U("wss://wrong.host.badssl.com/")); }
+*/
+/*
TEST(cert_expired) { handshake_error_test_impl(U("wss://expired.badssl.com/")); }
+*/
} // SUITE(authentication_tests)

211
SPECS/cpprest/cpprest-2.10.9-disable-outside-and-failing-tests.patch
Просмотреть файл

@ -1,211 +0,0 @@
diff --git a/Release/tests/functional/http/client/CMakeLists.txt b/Release/tests/functional/http/client/CMakeLists.txt
index 45f0d9af..0a379c2b 100644
--- a/Release/tests/functional/http/client/CMakeLists.txt
+++ b/Release/tests/functional/http/client/CMakeLists.txt
@@ -12,7 +12,6 @@ set(SOURCES
multiple_requests.cpp
oauth1_tests.cpp
oauth2_tests.cpp
- outside_tests.cpp
pipeline_stage_tests.cpp
progress_handler_tests.cpp
proxy_tests.cpp
diff --git a/Release/tests/functional/http/client/authentication_tests.cpp b/Release/tests/functional/http/client/authentication_tests.cpp
index c0440fed..afa4a666 100644
--- a/Release/tests/functional/http/client/authentication_tests.cpp
+++ b/Release/tests/functional/http/client/authentication_tests.cpp
@@ -675,9 +675,13 @@ SUITE(authentication_tests)
VERIFY_ARE_EQUAL(return_code, response.status_code());
}
+/*
TEST(auth_no_data) { auth_test_impl(false); }
+*/
+/*
TEST(unsuccessful_auth_with_basic_cred) { auth_test_impl(true); }
+*/
TEST_FIXTURE(uri_address, set_user_options_asio_http)
{
@@ -695,6 +699,7 @@ SUITE(authentication_tests)
VERIFY_ARE_EQUAL(200, response.status_code());
}
+/*
TEST_FIXTURE(uri_address, set_user_options_asio_https)
{
handle_timeout([] {
@@ -714,6 +719,7 @@ SUITE(authentication_tests)
VERIFY_IS_FALSE(v.empty());
});
}
+*/
#endif
diff --git a/Release/tests/functional/http/client/client_construction.cpp b/Release/tests/functional/http/client/client_construction.cpp
index 1229b2cf..84d1b636 100644
--- a/Release/tests/functional/http/client/client_construction.cpp
+++ b/Release/tests/functional/http/client/client_construction.cpp
@@ -40,6 +40,7 @@ SUITE(client_construction)
http_client c3(utility::string_t(U("http://localhost:4567/")));
}
+/*
// Tests different variations on specifying the URI in http_client constructor.
TEST_FIXTURE(uri_address, different_uris)
{
@@ -54,6 +55,7 @@ SUITE(client_construction)
test_connection(scoped.server(), &client, expected_paths[i]);
}
}
+*/
// Helper function verifies that when constructing an http_client with given
// URI std::invalid_argument is thrown.
diff --git a/Release/tests/functional/http/client/connections_and_errors.cpp b/Release/tests/functional/http/client/connections_and_errors.cpp
index 22e0fc82..f2a848e5 100644
--- a/Release/tests/functional/http/client/connections_and_errors.cpp
+++ b/Release/tests/functional/http/client/connections_and_errors.cpp
@@ -343,6 +343,7 @@ SUITE(connections_and_errors)
response.content_ready().wait();
}
+/*
TEST_FIXTURE(uri_address, cancel_with_error)
{
http_client c(m_uri);
@@ -358,6 +359,7 @@ SUITE(connections_and_errors)
// All errors after cancellation are ignored.
VERIFY_THROWS_HTTP_ERROR_CODE(responseTask.get(), std::errc::operation_canceled);
}
+*/
TEST_FIXTURE(uri_address, cancel_while_uploading_data)
{
@@ -416,6 +418,7 @@ SUITE(connections_and_errors)
}
#endif
+/*
// Try to connect to a server on a closed port and cancel the operation.
TEST_FIXTURE(uri_address, cancel_bad_port)
{
@@ -447,6 +450,7 @@ SUITE(connections_and_errors)
VERIFY_THROWS_HTTP_ERROR_CODE(t.get(), std::errc::operation_canceled);
}
+*/
} // SUITE(connections_and_errors)
diff --git a/Release/tests/functional/http/client/progress_handler_tests.cpp b/Release/tests/functional/http/client/progress_handler_tests.cpp
index 320bcc5c..f52931e0 100644
--- a/Release/tests/functional/http/client/progress_handler_tests.cpp
+++ b/Release/tests/functional/http/client/progress_handler_tests.cpp
@@ -338,6 +338,7 @@ SUITE(progress_handler_tests)
VERIFY_THROWS(client.request(msg).get().content_ready().get(), std::invalid_argument);
}
+#if 0
TEST_FIXTURE(uri_address, data_upload_exception)
{
http_client client(m_uri);
@@ -361,6 +362,7 @@ SUITE(progress_handler_tests)
{ /* It is ok if the request does not complete before the server is shutdown */
}
}
+#endif
TEST_FIXTURE(uri_address, data_download_exception, "Ignore:Windows", "395")
{
diff --git a/Release/tests/functional/http/client/to_string_tests.cpp b/Release/tests/functional/http/client/to_string_tests.cpp
index 8ae964f7..9d2466b5 100644
--- a/Release/tests/functional/http/client/to_string_tests.cpp
+++ b/Release/tests/functional/http/client/to_string_tests.cpp
@@ -68,6 +68,7 @@ SUITE(to_string_tests)
msg.to_string(), mtd, U("/path%20baby/"), U("HTTP/1.1"), expected_headers, body);
}
+/*
TEST_FIXTURE(uri_address, response_to_string_without_body)
{
test_http_server::scoped_server scoped(m_uri);
@@ -98,6 +99,7 @@ SUITE(to_string_tests)
}
#endif
}
+*/
TEST_FIXTURE(uri_address, response_to_string_with_body)
{
diff --git a/Release/tests/functional/websockets/client/authentication_tests.cpp b/Release/tests/functional/websockets/client/authentication_tests.cpp
index 29536860..5ed0725a 100644
--- a/Release/tests/functional/websockets/client/authentication_tests.cpp
+++ b/Release/tests/functional/websockets/client/authentication_tests.cpp
@@ -93,6 +93,7 @@ SUITE(authentication_tests)
return false;
}
+/*
TEST(ssl_test)
{
websocket_client client;
@@ -127,6 +128,7 @@ SUITE(authentication_tests)
throw;
}
}
+*/
// These tests are specific to our websocketpp based implementation.
#if !defined(__cplusplus_winrt)
@@ -159,12 +161,14 @@ SUITE(authentication_tests)
}
}
+/*
// Test specifically for server SignalR team hit interesting cases with.
TEST(sni_with_older_server_test)
{
websocket_client client;
sni_test_impl(client);
}
+*/
// WinRT doesn't expose option for disabling.
// No stable server is available to reliably test this.
@@ -194,6 +198,7 @@ SUITE(authentication_tests)
}
}
+/*
// Winrt doesn't allow explicitly setting server host for SNI.
TEST(sni_explicit_hostname)
{
@@ -204,6 +209,7 @@ SUITE(authentication_tests)
websocket_client client(config);
sni_test_impl(client);
}
+*/
void handshake_error_test_impl(const ::utility::string_t& host)
{
@@ -225,11 +231,17 @@ SUITE(authentication_tests)
}
}
+/*
TEST(self_signed_cert) { handshake_error_test_impl(U("wss://self-signed.badssl.com/")); }
+*/
+/*
TEST(hostname_mismatch) { handshake_error_test_impl(U("wss://wrong.host.badssl.com/")); }
+*/
+/*
TEST(cert_expired) { handshake_error_test_impl(U("wss://expired.badssl.com/")); }
+*/
#endif

2
SPECS/cpprest/cpprest.signatures.json
Просмотреть файл

@ -1,5 +1,5 @@
{
"Signatures": {
"cpprest-2.10.14.tar.gz": "f2628b248f714d7bbd6a536553bc3782602c68ca1b129017985dd70cc3515278"
"cpprest-2.10.18.tar.gz": "6bd74a637ff182144b6a4271227ea8b6b3ea92389f88b25b215e6f94fd4d41cb"
}
}

14
SPECS/cpprest/cpprest.spec
Просмотреть файл

@ -2,16 +2,15 @@
%define minor 10
Name: cpprest
Version: 2.10.14
Release: 6%{?dist}
Version: 2.10.18
Release: 1%{?dist}
Summary: C++ REST library
Group: Applications/File
License: MIT
Url: https://github.com/Microsoft/cpprestsdk
#Source0: https://github.com/Microsoft/cpprestsdk/archive/v%{version}.tar.gz
Source0: %{name}-%{version}.tar.gz
Url: https://github.com/microsoft/cpprestsdk
Source0: https://github.com/microsoft/cpprestsdk/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
# Disable outside, failing and sometimes failing tests
Patch1: cpprest-2.10.9-disable-outside-and-failing-tests.patch
Patch1: cpprest-2.10.17-disable-outside-and-failing-tests.patch
# Disable tests with long timeouts
Patch2: cpprest-2.10.9-disable-tests-long-timeouts.patch
# Disable test extract_floating_point, which fails on ppc64le and aarch64
@ -91,6 +90,9 @@ cd Release/build.release/Binaries
%changelog
* Wed Jan 19 2022 Nicolas Guibourge <nicolasg@microsoft.com> - 2.10.18-1
- Upgrade to 2.10.18
* Tue Dec 08 2020 Andrew Phelps <anphel@microsoft.com> - 2.10.14-6
- Remove -DBUILD_TESTS=OFF to allow running tests

2
SPECS/dbus-glib/dbus-glib.signatures.json
Просмотреть файл

@ -1,5 +1,5 @@
{
"Signatures": {
"dbus-glib-0.110.tar.gz": "7ce4760cf66c69148f6bd6c92feaabb8812dee30846b24cd0f7395c436d7e825"
"dbus-glib-0.112.tar.gz": "7d550dccdfcd286e33895501829ed971eeb65c614e73aadb4a08aeef719b143a"
}
}

7
SPECS/dbus-glib/dbus-glib.spec
Просмотреть файл

@ -1,7 +1,7 @@
Summary: Glib interfaces to D-Bus API
Name: dbus-glib
Version: 0.110
Release: 5%{?dist}
Version: 0.112
Release: 1%{?dist}
License: AFL OR GPLv2+
Vendor: Microsoft Corporation
Distribution: Mariner
@ -65,6 +65,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
%{_libdir}/pkgconfig/*.pc
%changelog
* Thu Jan 20 2022 Nicolas Guibourge <nicolasg@microsoft.com> - 0.112-1
- Upgrade to 0.112
* Fri Sep 10 2021 Thomas Crain <thcrain@microsoft.com> - 0.110-5
- Remove libtool archive files from final packaging

2
SPECS/desktop-file-utils/desktop-file-utils.signatures.json
Просмотреть файл

@ -1,5 +1,5 @@
{
"Signatures": {
"desktop-file-utils-0.24.tar.xz": "a1de5da60cbdbe91e5c9c10ac9afee6c3deb019e0cee5fdb9a99dddc245f83d9"
"desktop-file-utils-0.26.tar.xz": "b26dbde79ea72c8c84fb7f9d870ffd857381d049a86d25e0038c4cef4c747309"
}
}

19
SPECS/desktop-file-utils/desktop-file-utils.spec
Просмотреть файл

@ -1,7 +1,7 @@
Summary: Utilities for manipulating .desktop files
Name: desktop-file-utils
Version: 0.24
Release: 3%{?dist}
Version: 0.26
Release: 1%{?dist}
License: GPLv2+
Vendor: Microsoft Corporation
Distribution: Mariner
@ -9,6 +9,7 @@ URL: https://www.freedesktop.org/software/desktop-file-utils
Source0: https://www.freedesktop.org/software/desktop-file-utils/releases/%{name}-%{version}.tar.xz
BuildRequires: gcc
BuildRequires: glib2-devel
BuildRequires: meson
%description
.desktop files are used to describe an application for inclusion in
@ -22,11 +23,11 @@ fixing it up in the process.
%autosetup -p1
%build
%configure
%make_build
%meson
%meson_build
%install
%make_install INSTALL="install -p"
%meson_install
# We don't support the 'emacs' bits.
rm %{buildroot}%{_datadir}/emacs/site-lisp/desktop-entry-mode.el
@ -41,12 +42,12 @@ update-desktop-database &> /dev/null || :
%doc AUTHORS README NEWS
%license COPYING
%{_bindir}/*
%{_mandir}/man1/desktop-file-install.1.gz
%{_mandir}/man1/desktop-file-validate.1.gz
%{_mandir}/man1/update-desktop-database.1.gz
%{_mandir}/man1/desktop-file-edit.1.gz
%{_mandir}/*
%changelog
* Thu Jan 20 2022 Nicolas Guibourge <nicolasg@microsoft.com> - 0.26-1
- Upgrade to 0.26.
* Mon Nov 02 2020 Joe Schmitt <joschmit@microsoft.com> - 0.24-3
- Initial CBL-Mariner import from Fedora 32 (license: MIT).
- Using '%%make*' macros for building and installation.

2
SPECS/dkms/dkms.signatures.json
Просмотреть файл

@ -1,5 +1,5 @@
{
"Signatures": {
"dkms-2.8.1.tar.gz": "751e5dbc30a8cda26e379ff1940a80183145e77dab60914f160e037086177513"
"dkms-3.0.3.tar.gz": "89e57cf90298f020646a5fa61d11983406631486b9f5591bb9da9465ee969f3d"
}
}

33
SPECS/dkms/dkms.spec
Просмотреть файл

@ -1,14 +1,16 @@
%define debug_package %{nil}
Summary: Dynamic Kernel Module Support
Name: dkms
Version: 2.8.1
Release: 5%{?dist}
Version: 3.0.3
Release: 1%{?dist}
License: GPLv2
Vendor: Microsoft Corporation
Distribution: Mariner
Group: System Environment/Base
URL: https://github.com/dell/dkms
#Source0: https://github.com/dell/%{name}/archive/v%{version}.tar.gz
Source0: %{name}-%{version}.tar.gz
Source0: https://github.com/dell/dkms/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
BuildRequires: make
BuildRequires: systemd
Requires: systemd
BuildArch: noarch
@ -22,7 +24,8 @@ Dynamic Kernel Module Support (DKMS) is a program/framework that enables generat
%build
%install
make install-redhat-systemd DESTDIR=%{buildroot} \
make install-redhat \
DESTDIR=%{buildroot} \
SBIN=%{buildroot}%{_sbindir} \
VAR=%{buildroot}%{_localstatedir}/lib/%{name} \
MAN=%{buildroot}%{_mandir}/man8 \
@ -46,20 +49,16 @@ echo "disable dkms.service" > %{buildroot}%{_libdir}/systemd/system-preset/50-dk
%files
%defattr(-,root,root)
%license COPYING
%{_sysconfdir}/bash_completion.d/dkms
%{_sysconfdir}/%{name}/framework.conf
%{_sysconfdir}/%{name}/template-dkms-mkrpm.spec
%{_sysconfdir}/%{name}/template-dkms-redhat-kmod.spec
%{_sysconfdir}/kernel/postinst.d/dkms
%{_sysconfdir}/kernel/prerm.d/dkms
%{_unitdir}/dkms.service
%{_libdir}/systemd/system-preset/50-dkms.preset
%{_libdir}/%{name}/*
%{_sbindir}/dkms
%{_mandir}/man8/dkms.8.gz
%{_localstatedir}/lib/dkms/dkms_dbversion
%{_sysconfdir}/*
%{_unitdir}/*
%{_libdir}/*
%{_sbindir}/*
%{_mandir}/*
%changelog
* Thu Jan 20 2022 Nicolas Guibourge <nicolasg@microsoft.com> - 3.0.3-1
- Upgrade to 3.0.3
* Fri Feb 05 2021 Joe Schmitt <joschmit@microsoft.com> - 2.8.1-5
- Replace incorrect %%{_lib} usage with %%{_libdir}

28
cgmanifest.json
Просмотреть файл

@ -1807,8 +1807,8 @@
"type": "other",
"other": {
"name": "cifs-utils",
"version": "6.8",
"downloadUrl": "https://ftp.samba.org/pub/linux-cifs/cifs-utils/cifs-utils-6.8.tar.bz2"
"version": "6.14",
"downloadUrl": "https://download.samba.org/pub/linux-cifs/cifs-utils/cifs-utils-6.14.tar.bz2"
}
}
},
@ -1847,8 +1847,8 @@
"type": "other",
"other": {
"name": "clamav",
"version": "0.103.2",
"downloadUrl": "https://www.clamav.net/downloads/production/clamav-0.103.2.tar.gz"
"version": "0.104.2",
"downloadUrl": "https://www.clamav.net/downloads/production/clamav-0.104.2.tar.gz"
}
}
},
@ -2027,8 +2027,8 @@
"type": "other",
"other": {
"name": "colm",
"version": "0.13.0.7",
"downloadUrl": "https://www.colm.net/files/colm/colm-0.13.0.7.tar.gz"
"version": "0.14.7",
"downloadUrl": "https://github.com/adrian-thurston/colm/archive/0.14.7.tar.gz"
}
}
},
@ -2217,8 +2217,8 @@
"type": "other",
"other": {
"name": "cpprest",
"version": "2.10.14",
"downloadUrl": "https://github.com/Microsoft/cpprestsdk/archive/v2.10.14.tar.gz"
"version": "2.10.18",
"downloadUrl": "https://github.com/microsoft/cpprestsdk/archive/2.10.18.tar.gz"
}
}
},
@ -2477,8 +2477,8 @@
"type": "other",
"other": {
"name": "dbus-glib",
"version": "0.110",
"downloadUrl": "http://dbus.freedesktop.org/releases/dbus-glib/dbus-glib-0.110.tar.gz"
"version": "0.112",
"downloadUrl": "http://dbus.freedesktop.org/releases/dbus-glib/dbus-glib-0.112.tar.gz"
}
}
},
@ -2588,8 +2588,8 @@
"type": "other",
"other": {
"name": "desktop-file-utils",
"version": "0.24",
"downloadUrl": "https://www.freedesktop.org/software/desktop-file-utils/releases/desktop-file-utils-0.24.tar.xz"
"version": "0.26",
"downloadUrl": "https://www.freedesktop.org/software/desktop-file-utils/releases/desktop-file-utils-0.26.tar.xz"
}
}
},
@ -2698,8 +2698,8 @@
"type": "other",
"other": {
"name": "dkms",
"version": "2.8.1",
"downloadUrl": "https://github.com/dell/dkms/archive/v2.8.1.tar.gz"
"version": "3.0.3",
"downloadUrl": "https://github.com/dell/dkms/archive/refs/tags/v3.0.3.tar.gz"
}
}
},