Граф коммитов

2 Коммитов

Автор SHA1 Сообщение Дата
jslobodzian eb08b37916
Bump package version to recompile binaries with fixed gcc stack prote… (#6253)
* Bump package version to recompile binaries with fixed gcc stack protection (CVE-2023-4039)

* Bump debuginfo versions in toolchain manifests

* Bump kernel headers to match kernel

* Update SPECS/gettext/gettext.spec

Taking suggestion

Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>

* Update for code review comments

* Fix for code review comment in qt5-qtdeclarative changelog

* Fix dash version for signed spec files

---------

Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-09-21 17:10:15 -04:00
osamaesmailmsft 27bd1a6ab2
Moving PHP from SPECS-EXTENDED to SPECS (#3820)
* Only build bond against x86_64 architecture (#1800) (#1801)

* fix bond build break for ARM64 on main branch

* fix bond build break for ARM64 on main branch

* fix bond build break for ARM64 on main branch

Co-authored-by: nicolas guibourge <nicolasg@microsoft.com>

Co-authored-by: nicolas guibourge <nicolasg@microsoft.com>

* [main extended] Enable libguestfs (#1970)

* Remove libreport support from mdadm

* Conditionally pull in perl-Sys-Virt test deps

* Fix dependency resolution for ocaml-ctypes

* Upgrade to latest ocaml-gettext

* Fix ocaml-ounit build

* Upgrade ocaml-base to latest

* Upgrade ocaml-migrate-parsetree to latest

* Upgrade ocaml-stdio to 0.15.0

* Upgrade ocaml-parsexp to 0.15.0

* Upgrade ocaml-ppxlib to 0.24.0

* Upgrade ocaml-sexplib to 0.15.0

* Upgrade ocaml-sexplib0 to 0.15.0

* Upgrade supermin to 5.2.1

* Fixup libguestfs patches and configuration

* [main extended] Fix dnf-plugins-core, ocaml-findlib builds (#1950)

* [main] Removing in-spec sources verification using `libguestfs.keyring`. (#1971)

* kernel: Update Mariner cert in kernel keyring (#1979)

* kernel: Update mariner cert in kernel keyring

* kernel-hyperv: Update mariner cert in kernel keyring

* kernel-headers: Bump to match kernel release number

* kernel-signed: Bump to match kernel release

Signed-off-by: Chris Co <chrco@microsoft.com>

* lttng-consume: disable tests to fix build break (#1980)

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>

* Revert "Upgrading Parted to v3.4" (#1966)

* Revert "Upgrading Parted to v3.4 (#1898)"

This reverts commit 24382cfa6e.

* verifying license to unblock upgrade revert pr

* Temporary: Add python3-distro to azurevm-packages packagelist (#2016)

* Upgrade libmemcached, memcached and promote to core specs (#1981)

* kernel-signed: workaround errant .build-id file (#2032)

After the upgrade to RPM 4.17, when building on ARM64 only, we are
observing an unexpected /usr/lib/debug/.build-id/xx/yyyy.debug
file being packaged into the kernel.rpm package. This errant file is causing
build errors when repackaging in the kernel-signed build phase.

This patch workarounds the build issue by specifically excluding the
/usr/lib/debug/.build-id folder when building for ARM64. More investigation
underway to identify why this unexpect /usr/lib/debug/.build-id/xx/yyyy.debug
file is being included.

Signed-off-by: Chris Co <chrco@microsoft.com>

* Fix grubby build with newer versions of RPM (#2036)

* Update libgit2 to latest upstream version 1.1.0 (#2021)

Signed-off-by: Kate Goldenring <kagold@microsoft.com>

* Fix build break (signature) for libgit2

* Fix TDNF download of packages during libguestfs build

* Replace perl(Locale::TextDomain) BR in libguestfs with actual package

* [main] Fixing tooling issues during package candidates resolution. (#2091)

* Fix dependency constraints, UUID parsing in libguestfs (#2113)

* Bring over libguestfs changes from 2.0

* Fix selinux-policy, file bugs in libguestfs

* kernel: Update input aarch64 config file (#2358)

ARM64 kernel package builds are failing due to a config diff missing
between the expected config and the actual config file.

Add missing CONFIG_USBIP_VUDC line

Signed-off-by: Chris Co <chrco@microsoft.com>

* Revert "[main] Update envoy to v1.21.0 (#2330)"

This reverts commit 5c0c47a867.

* toolkit only - use local /run folder in chroot instead of mounted tmpfs (#2435)

* toolkit - use local /run folder in chroot instead of mounted tmpfs

* address PR comments

* address PR comments

* address PR comments

Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>

* [main] iperf3: Update to 3.11 (#2512)

* Update iperf3 to 3.11

* toolchain: Remove alsa-lib (#2543)

* Fix post-install script args in imageconfig being ignored (#2414)

* Upgrade nodejs to 16.14.0 (#2485)

* upgrade nodejs to 16.14.0

* upgrade nodejs to 16.14.0

* upgrade nodejs to 16.14.0

* upgrade nodejs

Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>

* [main] upgrading libarchive to v3.6.0 (#2515)

* upgrading libarchive to v3.6.0

* removing patch file

* adding missing URL

* fixing URL

* [2.0] Modify pam to require audit-libs (#2572)

* update pam

* update manifests

* install audit-libs before systemd (#2584)

* Revert "install audit-libs before systemd (#2584)"

This reverts commit 2170975852.

* Build rubygems with ruby to fix build error in pipeline (#2601)

* Add rubygems to build with ruby to fix build error in pipeline

* Remove bundler requirement

* [main] Adding `--assumeyes` for TDNF calls. (#2641) (#2642)

* Fix bad ruby merge issue

* Revert "python3: Add python-unversioned-command subpackage (#2637)"

This reverts commit b62bb32bef.

* dnf-plugins-core: Fix bad python path in cmake call (#2658)

* dnf-plugins-core: Fix bad python path in cmake call

* Update license map

* Empty commit to trigger GH checks

* Unblock build, exclude SymCrypt from ARM64

* Update python requirement in azurevm packagelist for 2.0 (#2667)

* Revert "Unblock build, exclude SymCrypt from ARM64"

This reverts commit 9b0a48fc52.

* Repair toolkit merge issue

* fix boringssl license issue (#2775)

* revert arm64 exclusion workaround (#2769)

* [main] Build break workaround. (#2788)

* Revert "fix boringssl license issue (#2775)"

This reverts commit 50b3397168.

* Remove boringssl to reconcile with main branch

* [main] Fixing installation paths with new version of Ruby. (#2859)

* vim: Fix vi provides with reversed EVR (#2872)

* cri-o: Replace openSUSE systemd macros with Mariner's (#2874)

* toolchain: Rebuild audit with systemd-bootstrap-rpm-macros installed (#2878)

* toolchain: Rebuild audit with systemd-bootstrap-rpm-macros installed
* audit: Add BR on systemd-bootstrap-rpm-macros

* [2.0] Cherry-pick credscan failure caused by unattended installer image config (#2908)

* minor fix to build doc (#2907)

Co-authored-by: Henry Li <lihl@microsoft.com>

* fix image config json (#2906)

Co-authored-by: Henry Li <lihl@microsoft.com>

Co-authored-by: Henry Li <lihl@microsoft.com>

* download msopenjdk-11 from prod folder (#2921)

* Cherry Pick build fixes to Extended (#3105)

* ARM64 `buildah` and `edk2` blocked packages fix. (#3101)

* Adding missing signature for `perl-Module-Install-Repository`. (#3086)

Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>

* Python-twisted: upgrade to version 22.4.0 to fix CVE-2022-24801 (#3079)

* python-twisted upgrade to 22.4.0 to fix CVE-2022-24801

* python-twisted upgrade to 22.4.0 to fix CVE-2022-24801

* python-twisted upgrade to 22.4.0 to fix CVE-2022-24801

* python-twisted upgrade to 22.4.0 to fix CVE-2022-24801

Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>

* upgrading vim to 8.2.4979 for CVE-2022-1619, CVE-2022-1621, CVE-2022-… (#3087)

* upgrading vim to 8.2.4979 for CVE-2022-1619, CVE-2022-1621, CVE-2022-1629, CVE-2022-1616, CVE-2022-1733, CVE-2022-1735, CVE-2022-1769, CVE-2022-1620, CVE-2022-1674, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796

* upgrading vim to 8.2.4979 for CVE-2022-1619, CVE-2022-1621, CVE-2022-1629, CVE-2022-1616, CVE-2022-1733, CVE-2022-1735, CVE-2022-1769, CVE-2022-1620, CVE-2022-1674, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796

* upgrading vim to 8.2.4979 for CVE-2022-1619, CVE-2022-1621, CVE-2022-1629, CVE-2022-1616, CVE-2022-1733, CVE-2022-1735, CVE-2022-1769, CVE-2022-1620, CVE-2022-1674, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796

Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>

* Updating `vim` to version 8.2.5064. (#3112)

* Bump Mariner Release (#3140)

* Revert "Add missing e2fsprogs dep to cloud-init (#3141)"

This reverts commit 7417d8a04f.
Reverting this change temporarily because we are not ready to upgrade cloud-init

* Revert "cloud-init: uprev to 22.2 (#3104)"

This reverts commit 3bcdc43b8f.
Reverting this change temporarily because we are not ready to upgrade cloud-init.

* Fix build errors caused by ncurses 6.3 upgrade (#3184)

* Fix ARM64 Build Break (#3191)

* t1lib: Fix SRPM packing (#3192)

* Revert "cloud-init: patch for CVE-2022-2084 (#3281)"

This reverts commit e3174308e7.

* Revert "Revert "cloud-init: uprev to 22.2 (#3104)""

This reverts commit ae3a7d80af.

* Revert "Revert "Add missing e2fsprogs dep to cloud-init (#3141)""

This reverts commit 68bd0ec8d7.

* Revert "Revert "cloud-init: patch for CVE-2022-2084 (#3281)""

This reverts commit 0b1ba723bc.

* Revert "Initial KeysInUse Integration (#3182)"

This reverts commit 7de96f680a.

* Updating 'mariner-release' version for July update 2. (#3444)

* remove provides from unsigned grub2 (#3461)

Co-authored-by: Henry Li <lihl@microsoft.com>

* Updating 'mariner-release' for the August release.

* Updating licenses after the 'main' merge.

* KeysInUse: re-introduce package back to 2.0. (#3531)

* Update helm version 3.9.3 (#3586)

* Update helm version 3.9.3

* Fix helm version info not displaying correctly

* fix cloud-init dependency issue (#3606)

* `mariadb`: update to v10.6.9 to fix CVE-2022-32091, CVE-2022-32081 (#3645)

* fix npm version in nodejs.spec (#3571)

* upgrade vim to 9.0.0232 (#3580)

* qemu : fix CVE-2022-35414 (#3597)

* qemu : fix CVE-2022-35414

* address PR comment

Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>

* libxml2 and python-lxml: fix CVE-2022-2309 (#3583)

* libxml2 and python-lxml: fix CVE-2022-2309

* libxml2 and python-lxml: fix CVE-2022-2309

* address PR comments

Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>

* rubygem-yajl-ruby: fix CVE 2022 24795 (#3598)

* rubygem-yajl-ruby : fix CVE-2022-24795

* rubygem-yajl-ruby : fix CVE-2022-24795

* back port patch from 1.4.1

* fix spec issue

* address PR comments

Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>

* Update cert-manager to v1.7.3. (#3575)

- Update cert-manager to v1.7.3.
- Split cert-manager binaries into separate packages.
- Remove cert-manager build dependency on Bazel and just build the
binaries directly using `go build`. This makes building easier. Also,
the latest upstream version of cert-manager does this.
- Use the Go "vendor" directory for Go dependencies instead of dumping
files in the global Go cache.

* Bump supported go versions to 1.17.13, 1.18.5 to fix fifteen CVEs (#3600)

Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>

* dpkd: bump version to 21.11.2 to address CVE-2022-2132 (#3631)

* dpkd: bump version to 21.11.2 to address CVE-2022-2132
* dpdk: cgmanifest: update entry

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>

* `vim`: upgrade to 9.0.0325 to fix CVE-2022-2980, CVE-2022-2982, CVE-2022-2923, CVE-2022-2946 (#3643)

* `python3`: fix CVE-2015-20107 (#3644)

* `python3`: fix CVE-2021-28861 (#3654)

* `colord`: fix CVE-2021-42523 (#3675)

* `virglrenderer`: fix CVE-2022-0135 (#3674)

* libtar: Pull misc Fedora patches, fix CVE-2021-33643, CVE-2021-33644, CVE-2021-33645, CVE-2021-33646 (#3686)

* Apply Fedora patches

* Apply linter

* Use upstream patch

* Patch qemu CVE-2021-4158 (#3696)

* libtar: Fixup spec formatting, remove .la files, remove explicit provides (#3698)

* Fixup libtar spec formatting, .la files, provides

* Add comment so we can track CVE fixes

* update mariner-release to 2.0-19 (#3723)

* fix br in libvirt (#3726)

* Added nopatch to libtirpc for CVE-2021-46828 (#3779)

Co-authored-by: Nick Samson <nisamson@microsoft.com>

* update mariner-release to 2.0-21 (#3778)

* revert changes for adding sysinit.target dependency (#3777)

* Expat fix CVE-2022-40674 (#3799)

Co-authored-by: Betty Lakes <bettylakes@microsoft.com>

* bump mariner-release to 2.0-21

* switching branches

* Ensure rpm-* ABI compatibility (#3880)

* Ensure `python3-rpm` pulls in appropriate libs
* Add rpm-build-libs -> rpm-libs dependency too
* Declare release `4.18.0-2` with fixes

* toolkit.mk: fix 'clean-rpms-snapshot' target. (#3843)

* 7.4.14 to 8.1.11; need to delete the old SPECS-EXTENDED folders

* php 8.1.11 build now

* removed libraries from SPECS-EXTENDED

* merged current 2.0; added changelog for php & updated other licenses; need to verify changelog for php & version thing olivia said

* update cgmanifest.json

* reresolving old mr comments

* updated hunspell to fix CVE; added aspell patch to fix CVE; fixed some PHP linting issues

* one linting fix

* removed commented-out modphp code; updated changelog

* debugging url issues

* trying 2sec timeout instead of 1sec

* echoing to txt log

* undoing validate-cg-manifests.sh changes; trying new url

* resolving mr comments

* updating malaga in cgmanifest

* trying source-git's mirror

* trying with local tarball

* trying with local tarball

* using blob storage

* Delete bad_registrations.txt

* updating tokyocabinet url

* changing branches

* resolving conflicts with upstream/main

* mr comments

* updating cgmanifest

* actually fixing validate_cg_manifest.sh

* Delete php-8.1.11.tar.xz.asc

* Delete php-keyring.gpg

Signed-off-by: Chris Co <chrco@microsoft.com>
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
Signed-off-by: Kate Goldenring <kagold@microsoft.com>
Co-authored-by: nicolas guibourge <nicogbg@gmail.com>
Co-authored-by: nicolas guibourge <nicolasg@microsoft.com>
Co-authored-by: Jon Slobodzian <joslobo@microsoft.com>
Co-authored-by: Thomas Crain <thcrain@microsoft.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
Co-authored-by: Max Brodeur-Urbas <35381493+MaxBrodeurUrbas@users.noreply.github.com>
Co-authored-by: Kate Goldenring <kate.goldenring@microsoft.com>
Co-authored-by: rlmenge <rachelmenge@microsoft.com>
Co-authored-by: Vince Perri <5596945+vinceaperri@users.noreply.github.com>
Co-authored-by: Andrew Phelps <anphel31@users.noreply.github.com>
Co-authored-by: Neha Agarwal <58672330+neha170@users.noreply.github.com>
Co-authored-by: Olivia Crain <olivia@olivia.dev>
Co-authored-by: Henry Li <69694695+henryli001@users.noreply.github.com>
Co-authored-by: Henry Li <lihl@microsoft.com>
Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
Co-authored-by: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Co-authored-by: Nan Liu <108544011+liunan-ms@users.noreply.github.com>
Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>
Co-authored-by: Cameron E Baird <cameronbaird@microsoft.com>
Co-authored-by: Chris Gunn <chrisgun@microsoft.com>
Co-authored-by: Daniel McIlvaney <damcilva@microsoft.com>
Co-authored-by: Nick Samson <nick.samson@microsoft.com>
Co-authored-by: Nick Samson <nisamson@microsoft.com>
Co-authored-by: Minghe Ren <mingheren@microsoft.com>
Co-authored-by: Betty <38226164+BettyRain@users.noreply.github.com>
Co-authored-by: Betty Lakes <bettylakes@microsoft.com>
Co-authored-by: Andrew Phelps <anphel@microsoft.com>
Co-authored-by: Andy Caldwell <andycaldwell@microsoft.com>
2022-10-12 16:00:03 -07:00