eb08b37916
Bump package version to recompile binaries with fixed gcc stack prote… ( #6253 )
...
* Bump package version to recompile binaries with fixed gcc stack protection (CVE-2023-4039)
* Bump debuginfo versions in toolchain manifests
* Bump kernel headers to match kernel
* Update SPECS/gettext/gettext.spec
Taking suggestion
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
* Update for code review comments
* Fix for code review comment in qt5-qtdeclarative changelog
* Fix dash version for signed spec files
---------
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-09-21 17:10:15 -04:00
951c5f750e
audit: Remove requirement on base package from libs subpackage ( #3186 )
2022-06-20 16:04:50 -07:00
9ec68bb97b
toolchain: Rebuild audit with systemd-bootstrap-rpm-macros installed ( #2878 )
...
* toolchain: Rebuild audit with systemd-bootstrap-rpm-macros installed
* audit: Add BR on systemd-bootstrap-rpm-macros
2022-04-25 19:21:31 -07:00
1deb83acf1
Remove symlink for audit log location ( #2827 )
...
* Remove symlink for audit log location
2022-04-22 14:35:32 -07:00
13c17c5af1
Fix build issue with audit and shadow-utils ( #2537 )
...
* modify build requires
* disable bubblewrap manuals
* include manuals in shadow-utils
2022-03-17 13:07:18 -07:00
1d0cff8ff6
fix circular dependency ( #2513 )
2022-03-15 13:27:16 -07:00
164099e63d
Add audit support to pam, openssh, shadow-utils, util-linux ( #2416 )
...
* add audit to toolchain
* update specs to build with audit
* enable audit in configuration steps
* update manifests
* fix util-linux files
* remove systemd files
* add audit and audit-libs to worker chroot
* remove circular dependency
* update sudo with audit support
2022-03-10 11:13:24 -08:00
0ec698fbc6
Enable SELinux by default on all images. ( #1757 )
...
* Add prototype SELinux auto configure
* Add 'force_enforcing' option for SELinux
* Fix setools-console tools.
* Enable SELinux by default (permissive mode) on all images.
Drop build system unit test as it breaks with SELinux enabled on core-efi.
* selinux-policy: Update to 2.20210908.
* Update to 2.20220106.
Implement policy for systemd-homed and systemd-userdbd.
* Fix RPM changelog date.
* Finalize systemd-homed policy.
* Change SELinux enablement to not affect CONFIG_LSM.
* Document build settings
* Update cgmanifest
* Update toolkit/docs/formats/imageconfig.md
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
* audit: Remove override so auditd starts by default.
* Add IsValid() call for SELinux inKkernelCommandLine
* Add unit test for missing selinux package
* Fix debug output for selinux setfiles
Co-authored-by: Daniel McIlvaney <damcilva@microsoft.com>
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
2022-02-01 08:24:41 -05:00
e992d0a3c4
[main] kernel: update to 5.15.2.1 ( #1932 )
...
* Update to 5.15
* audit: update to 3.0.6
Current audit 3.0 version fails to build because linux/ipx.h header
is no longer part of 5.15 kernel source. audit 3.0.6 has a change to
handle this 5.15 difference.
Co-authored-by: Chris Co <chrco@microsoft.com>
2022-01-19 16:22:09 -08:00
d7cb7c78e9
Update toolchain and packages to build with gcc 11.2.0 and glibc 2.34 ( #1623 )
...
* update coreutils and texinfo specs
* update coreutils and texinfo in toolchain
* fix patch url
* update binutils to 2.37
* update version in manifests
* update util-linux mpfr mpc gmp
* fix mpfr tarball
* fix gmp
* update cgmanifest.json
* cleanup
* restore binutils patch
* fix gmp and mpfr specs
* update util-linux spec
* fix binutils and util-linux breaks
* update kernel CONFIG_LD_VERSION
* bump kernel release
* remove reference to rpm-define-RPM-LD-FLAGS.patch
* fix gen-ld-script.sh sha256sum
* update gcc spec to 11.2.0
* update kernel configs for gcc
* update cgmanifest
* update gcc to 11.2.0 in raw toolchain
* add patch for gcc texi issue
* update glibc to 2.34
* update manifests for diffutils and glibc
* disable tm_texi patch in toolchain
* fix SIGSTKSZ gcc issue
* patch m4 for glibc 2.34
* update make to 4.3 and diffutils to 3.8
* revert make to 4.2.1 due to operation not permitted error
* fix make and texinfo build issues with glibc 2.34
* dont build zstd in temp toolchain due to gcc build errors
* remove glibc workarounds for fintutils and gzip
* update findutils and gzip
* update gzip and findutils specs
* update gdbm to 1.21
* update elfutils to 1.185 in toolchain. fix manifests
* remove findutils test change
* remove texinfo patch
* fix kernel changelogs
* add patch for cpio extern issue
* restore rpm patch
* fix m4 spec
* fix elfutils and gpgme spec issues
* fix kernel-hyperv changelog
* update kbd and libtirpc to resolve gcc 11.2.0 issues
* fix m4 version in pkggen_core
* fix libtirpc in manifests
* fix nss error
* fix openjdk
* fix aarch64 openjdk8
* fix elfutils spec
* GODEBUG=netdns=go
* verbose rpm query
* fix coreutils on aarch64. use rpm 1.14.2.1 in raw toolchain. revert rpm.go
* bump cpio release
* revert rpm.go change
* cleanup toolchain scripts and specs. parallel make for glibc
* enable fortran
* remove aarch64 ld-2.27.so link
* add gfortran to toolchain manifests
* fix binutils changelog
* fix kernel release version
* update bison grep sed tar
* add glibc pthread patch
* upgrade file gawk and xz. fix sed and grep spec issues
* set -fcommon
* revert file to 5.34
* fix temp gawk version
* fix xz man1 files
* update libgpg-error to 1.43
* add ld-linux-aarch64.so.1 to glibc spec
* use /lib/ld-linux-aarch64.so.1
* update file 5.40 and bzip2 1.0.8 in toolchain. openjdk8 remove -fcommon.
* update to perl 5.32.0 in toolchain
* fix glibc aarch64 exclude. add shadow-utils provides. fix perl src filename
* fix efivar build. upgrade dtc
* Removing 'ctags'.
* Updating 'libacvp' to version 1.4.1.
* Updating 'nlohmann-json' to version 3.10.4.
* Updating 'dhcp.spec' CFLAGS to include CBL-Mariner's defaults.
* update and fix ipxe build. remove perl debuginfo.
* add fixes for autofs and libcomps
* Adjusting build steps for 'dhcp' and 'nlohmann-json'.
* fix rocksdb
* fix ntp
* fix libcomps url in cgmanifest. revert perl change
* fix nfs-utils
* fix azure-iot-sdk-c
* Remove 'tboot'.
* fix qemu-kvm
* update R and ant
* Updating 'libiothsm-std' to version 1.2.5.
* Linting.
* Remove tcp_wrappers package
* fix syslinux
* Downgrading 'libiothsm-std' to 1.1.8.
* fix fuse. fix libcomps url
* Downgrading 'libacvp' to 1.3.0.
* Applying GCC 11 patch.
* fix fuse configure.ac issue
* Fixing 'libiothsm-std' build.
* Upgrade lldpad to 1.1.0
* Upgrade gdb to 11.1
* Upgrade catch to 2.13.7
* fixup! Upgrade gdb to 11.1
* fixup! Upgrade lldpad to 1.1.0
* remove bazel
* Updating 'toml11' to version 3.7.0.
* update cgmanifest for catch gdb lldpad
* fix qt5-qtbase
* fix device-mapper-multipath
* fix syslinux
* fix grpc
* fix kernel configs
* fix kernel-hyperv config
* increase heap size for ant
* update lttng-consume
* fix auoms
* update valgrind. fix arm64 gdb issue
* update arm64 kernel config
* fix blobfuse
* update and fix azure-iotedge
* fix grpc 1.41.1 in cgmanifest
* fix kernel and kernel-hyperv PTHREAD_STACK_MIN issue
* remove ant ant-contrib jna R
* Updating 'azure-iotedge' sources creation instructions.
* add back ant ant-contrib bazel jna R
* restrict jdk8 packages
* verify licenses
* only build conda picosat python-pycosat on arm64. fix cgmanifest
* update openjdk8 to version 1.8.0.302
* fix cgmanifest for ant and R
* always build ant
* update licenses. remove tdnf workaround. bump shadow-utils release
* update LICENSES-MAP.md to remove tboot ctags tcp_wrappers. bump libavcp release
* fix ant builds only on arm64
* Clarifying license for 'ntp'.
* Verifying license for 'ant-contrib'.
* Verifying more specs.
* revert libabcvp CFLAGS changes
* add kernel patch file
* set -fcommon to fix libacvp build
* fix python-filelock
* revert tdnf line change
Co-authored-by: CBL-Mariner Service Account <cblmargh@microsoft.com>
Co-authored-by: Pawel Winogrodzki <pawel.winogrodzki@microsoft.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
Co-authored-by: Thomas Crain <thcrain@microsoft.com>
2021-11-17 21:41:55 -08:00
a317850f62
Remove libtool archive files from RPM packaging ( #1396 )
2021-09-20 08:55:26 -07:00
17b0e93e71
Merge 1.0 to dev branch
...
This merge brings the latest SELinux and many packages and CVE fixes from the 1.0 branch.
2021-08-19 13:46:51 -07:00
14c1957438
Add additional provides ( #334 )
2020-11-03 15:23:01 -08:00
b877013b27
Initial CBL-Mariner commit to GitHub
2020-08-06 20:17:52 -07:00
jslobodzian
Olivia Crain
Daniel McIlvaney
Andrew Phelps
Chris PeBenito
rlmenge
Thomas Crain
Joe Schmitt