Граф коммитов

2921 Коммитов

Автор SHA1 Сообщение Дата
xiaohong e74a9b8c3a
add Microsoft GPG keys to installer env (#4019) 2022-10-24 13:17:11 -07:00
Pawel Winogrodzki 740f9f4aa0
Updated `rpmops.sh`: added a '/bin/sh' check. (#4066) 2022-10-24 11:32:06 -07:00
jslobodzian 763a73dfb6
Update documentation with 2.0 related information and misc. fixes (#4060)
* Update documentation

* Changed 1.0 to 2.0

* Update documentation to describe SRPM_PACK_LIST usage

* Fix Mariner -> CBL-Mariner

* Update with code review comment

Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>

* Accept backtick comment

Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>

* Update another backquote item

Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>

Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
2022-10-21 16:06:23 -07:00
CBL-Mariner-Bot bc347099ac
NoPatch kernel to fix CVE-2022-42720, CVE-2022-42721, CVE-2022-42722, CVE-2022-41674, CVE-2022-42719 (#4063) 2022-10-21 15:06:23 -07:00
CBL-Mariner-Bot 26a23cb7e8
Upgrade kernel to version 5.15.74.1 - branch main - (#4048)
* Kernel upgrade to 5.15.74.1 version

* Apply config changes to AMD64

* Fix config file variables

* Reverting invalid livepatch-signed change.

Co-authored-by: Betty Lakes <bettylakes@microsoft.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
2022-10-21 14:35:33 -07:00
jslobodzian 1292cdce10
Fix SPEC file import information from CentOS as MIT (#4053) 2022-10-21 13:22:55 -07:00
Daniel McIlvaney 0a7019fd01
Fix chroot cleanup scripts (#4046)
* Fix pkggen.mk to clean pkgfetcher chroot before removing dir

* Also fix spec parse cleanup

* Also cleanup snapshot chroot
2022-10-21 11:32:03 -07:00
aadhar-agarwal c6f23e601d
Add sgx-backwards-compatability package to marketplace images (#4054)
* initial commit for sgx package including udev rules

* Add License file

* Address review comments: Improve description in spec file and alphabetize packages in azurevm-packages.json
2022-10-21 08:40:33 -07:00
Muhammad Falak R Wani da46475cda
dbus: add provides `dbus-x11` & drop metapackage (#4021)
* dbus: add an explicit provides `dbus-x11`
* dbus-x11: drop metapackage
* toolkit: dbus-x11: remove entanglement with dbus
* dbus: add comment to build with X11 support
* dbus: license: update entry

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2022-10-21 13:38:37 +05:30
Henry Li 7a73361cfd
Move wireless-regdb and iw to Mariner core repo to resolve failure to load regulatory.db (#4032)
* move wireless-regdb and iw to mariner core repo

* fix manifest

Co-authored-by: Henry Li <lihl@microsoft.com>
2022-10-20 22:49:53 -07:00
Christopher Co 223a321bfa
Update kernel-rt config to build with new glibc (#4037)
This commit fixes a build error where our kernel config diff checker was
flagging that CONFIG_CC_CAN_LINK_STATIC=y is no longer an auto-enabled
config. This is due to a recent commit that split out the glibc-static
out as a real package.

Signed-off-by: Chris Co <chrco@microsoft.com>
2022-10-20 20:24:24 -07:00
rikenm1 28f024263a
Add python package python-google-auth-oauthlib and move its extended dependencies to the core (#4045) 2022-10-20 16:29:14 -07:00
osamaesmailmsft 380d559a6e
Building PHP metapackage (#4049)
* does this build the metapackage

* adding %files

* pkg-config -> pkgconfig; fixed changelog entry

* removing -n from %setup

* getting rid of a space from changelog
2022-10-20 10:30:06 -07:00
Henry Li dbd19e42ae
add krb5.conf to resolve pam_krb5 ptest failure (#4052)
Co-authored-by: Henry Li <lihl@microsoft.com>
2022-10-19 23:03:26 -07:00
Muhammad Falak R Wani c86dba7206
cpptest: add package version 1.1.2 (#4042)
* cpptest: add package version 1.1.2
* cpptest: switch to `%make_build` instead of `make`
* cpptest: cgmanifest: add entry
* cpptest: license: update entry
* cpptest: appease linter

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2022-10-20 10:57:15 +05:30
osamaesmailmsft f732dc2c60
Revert TokyoCabinet URL; Upgrade Tidy to 5.8.0; Remove 'ming' from SPECS-EXTENDED (#4034)
* reverted tokyocabinet url change

* upgraded tidy to 5.8.0 and deleted ming

* updating licenses to remove ming; updating cgmanifest and tidy.signatures

* fixing cgmanifest stuff

* adding cbl-mariner import to changelog

* switching branches

* verbose comments

* adding a space for a new commit

* does a 2 second timeout fix things
2022-10-19 17:59:43 -07:00
Olivia Crain 27fd73df16
Remove autodetected Go modules in toolkit/tools/cgmanifest.json (#4038) 2022-10-19 09:23:52 -07:00
Andrew Phelps e057c7d72a
fix rsyslog.logrotate signature (#4041) 2022-10-18 23:38:55 -07:00
Nick Anderson f5f274b15d
Bump toolkit/tools' cgmanifest.json's listing for ulikunitz/xz to v0.5.10 to match the go.mod version. (#4036)
Co-authored-by: Nick Anderson (XBOX) <Nick.Anderson@microsoft.com>
2022-10-18 18:23:21 -07:00
Andrew Phelps 3140260763
Fix gpg key import in worker chroot (#4030)
* move mknod in worker chroot

* remove hack

* always import gpg keys

* cleanup
2022-10-18 15:59:29 -07:00
Nan Liu 108047405f
Add logrotate conf entry for rsyslog to prevent logs growing too large (#4023)
* add logrotate entry for rsyslog and rsyslog-warn

* keep /var/log/messages weekly rotated

* fix source number duplicate

* update signature

* Update SPECS/rsyslog/rsyslog.logrotate

Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>

* modify logrotate rules to align with rsyslog.conf

Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
2022-10-18 15:20:52 -07:00
CBL-Mariner-Bot 8552def64a
NoPatch kernel to fix CVE-2022-42703 (#4003) 2022-10-17 15:50:16 -07:00
Pawel Winogrodzki 599238f947
Patched CVE-2022-34918 with livepatch-5.15.48.1-4.cm2. (#3963) 2022-10-17 15:06:25 -07:00
Pawel Winogrodzki e8be6cc034
Updated livepatch macros and template to preserve signatures. (#3954)
* livepatch: updating macros and template to preserve signatures.

* validate-cg-manifest.sh: ignore 'SPECS-SIGNED'.
2022-10-17 13:28:20 -07:00
Henry Li f03db4f612
resolve aspell CVE (#4028)
Co-authored-by: Henry Li <lihl@microsoft.com>
2022-10-17 10:38:57 -07:00
CBL-Mariner-Bot 3bc5a2ea9f
[AUTOPATCHER-EXTENDED] mod_wsgi upgrade to version 4.9.3 - CVE-2022-2255 - (#4014)
* mod_wsgi: upgrade to version 4.9.3

* verify license for mod_wsgi

Co-authored-by: Henry Li <lihl@microsoft.com>
2022-10-14 17:42:30 -07:00
CBL-Mariner-Bot 74dbc67d13
wireshark: upgrade to version 3.4.16 (#4017) 2022-10-14 17:24:28 -07:00
Andrew Phelps bcfdfaf402
[2.0] Rebuild worker chroot rpm db only when necessary (#4025)
* rebuild worker chroot rpm db only when necessary

* fail on error. check for any difference in rpm db. remove sudo

* fix typo
2022-10-14 15:10:04 -07:00
SeanDougherty ba426ae3f7
stop make from tracking imager disk output files that contain spaces (#4018) 2022-10-14 11:54:20 -07:00
Henry Li 2376c5e3d9
Mitigation fix for attended ionstallation regression (#4022)
* fix attended installer break

* add comment and use macro to replace raw string

* fix go formatting error

Co-authored-by: Henry Li <lihl@microsoft.com>
2022-10-14 11:41:16 -07:00
Pawel Winogrodzki 5435fb5849
maven.spec: using macro instead of hard-coded source URL. (#4006) 2022-10-12 23:49:27 -07:00
osamaesmailmsft 27bd1a6ab2
Moving PHP from SPECS-EXTENDED to SPECS (#3820)
* Only build bond against x86_64 architecture (#1800) (#1801)

* fix bond build break for ARM64 on main branch

* fix bond build break for ARM64 on main branch

* fix bond build break for ARM64 on main branch

Co-authored-by: nicolas guibourge <nicolasg@microsoft.com>

Co-authored-by: nicolas guibourge <nicolasg@microsoft.com>

* [main extended] Enable libguestfs (#1970)

* Remove libreport support from mdadm

* Conditionally pull in perl-Sys-Virt test deps

* Fix dependency resolution for ocaml-ctypes

* Upgrade to latest ocaml-gettext

* Fix ocaml-ounit build

* Upgrade ocaml-base to latest

* Upgrade ocaml-migrate-parsetree to latest

* Upgrade ocaml-stdio to 0.15.0

* Upgrade ocaml-parsexp to 0.15.0

* Upgrade ocaml-ppxlib to 0.24.0

* Upgrade ocaml-sexplib to 0.15.0

* Upgrade ocaml-sexplib0 to 0.15.0

* Upgrade supermin to 5.2.1

* Fixup libguestfs patches and configuration

* [main extended] Fix dnf-plugins-core, ocaml-findlib builds (#1950)

* [main] Removing in-spec sources verification using `libguestfs.keyring`. (#1971)

* kernel: Update Mariner cert in kernel keyring (#1979)

* kernel: Update mariner cert in kernel keyring

* kernel-hyperv: Update mariner cert in kernel keyring

* kernel-headers: Bump to match kernel release number

* kernel-signed: Bump to match kernel release

Signed-off-by: Chris Co <chrco@microsoft.com>

* lttng-consume: disable tests to fix build break (#1980)

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>

* Revert "Upgrading Parted to v3.4" (#1966)

* Revert "Upgrading Parted to v3.4 (#1898)"

This reverts commit 24382cfa6e.

* verifying license to unblock upgrade revert pr

* Temporary: Add python3-distro to azurevm-packages packagelist (#2016)

* Upgrade libmemcached, memcached and promote to core specs (#1981)

* kernel-signed: workaround errant .build-id file (#2032)

After the upgrade to RPM 4.17, when building on ARM64 only, we are
observing an unexpected /usr/lib/debug/.build-id/xx/yyyy.debug
file being packaged into the kernel.rpm package. This errant file is causing
build errors when repackaging in the kernel-signed build phase.

This patch workarounds the build issue by specifically excluding the
/usr/lib/debug/.build-id folder when building for ARM64. More investigation
underway to identify why this unexpect /usr/lib/debug/.build-id/xx/yyyy.debug
file is being included.

Signed-off-by: Chris Co <chrco@microsoft.com>

* Fix grubby build with newer versions of RPM (#2036)

* Update libgit2 to latest upstream version 1.1.0 (#2021)

Signed-off-by: Kate Goldenring <kagold@microsoft.com>

* Fix build break (signature) for libgit2

* Fix TDNF download of packages during libguestfs build

* Replace perl(Locale::TextDomain) BR in libguestfs with actual package

* [main] Fixing tooling issues during package candidates resolution. (#2091)

* Fix dependency constraints, UUID parsing in libguestfs (#2113)

* Bring over libguestfs changes from 2.0

* Fix selinux-policy, file bugs in libguestfs

* kernel: Update input aarch64 config file (#2358)

ARM64 kernel package builds are failing due to a config diff missing
between the expected config and the actual config file.

Add missing CONFIG_USBIP_VUDC line

Signed-off-by: Chris Co <chrco@microsoft.com>

* Revert "[main] Update envoy to v1.21.0 (#2330)"

This reverts commit 5c0c47a867.

* toolkit only - use local /run folder in chroot instead of mounted tmpfs (#2435)

* toolkit - use local /run folder in chroot instead of mounted tmpfs

* address PR comments

* address PR comments

* address PR comments

Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>

* [main] iperf3: Update to 3.11 (#2512)

* Update iperf3 to 3.11

* toolchain: Remove alsa-lib (#2543)

* Fix post-install script args in imageconfig being ignored (#2414)

* Upgrade nodejs to 16.14.0 (#2485)

* upgrade nodejs to 16.14.0

* upgrade nodejs to 16.14.0

* upgrade nodejs to 16.14.0

* upgrade nodejs

Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>

* [main] upgrading libarchive to v3.6.0 (#2515)

* upgrading libarchive to v3.6.0

* removing patch file

* adding missing URL

* fixing URL

* [2.0] Modify pam to require audit-libs (#2572)

* update pam

* update manifests

* install audit-libs before systemd (#2584)

* Revert "install audit-libs before systemd (#2584)"

This reverts commit 2170975852.

* Build rubygems with ruby to fix build error in pipeline (#2601)

* Add rubygems to build with ruby to fix build error in pipeline

* Remove bundler requirement

* [main] Adding `--assumeyes` for TDNF calls. (#2641) (#2642)

* Fix bad ruby merge issue

* Revert "python3: Add python-unversioned-command subpackage (#2637)"

This reverts commit b62bb32bef.

* dnf-plugins-core: Fix bad python path in cmake call (#2658)

* dnf-plugins-core: Fix bad python path in cmake call

* Update license map

* Empty commit to trigger GH checks

* Unblock build, exclude SymCrypt from ARM64

* Update python requirement in azurevm packagelist for 2.0 (#2667)

* Revert "Unblock build, exclude SymCrypt from ARM64"

This reverts commit 9b0a48fc52.

* Repair toolkit merge issue

* fix boringssl license issue (#2775)

* revert arm64 exclusion workaround (#2769)

* [main] Build break workaround. (#2788)

* Revert "fix boringssl license issue (#2775)"

This reverts commit 50b3397168.

* Remove boringssl to reconcile with main branch

* [main] Fixing installation paths with new version of Ruby. (#2859)

* vim: Fix vi provides with reversed EVR (#2872)

* cri-o: Replace openSUSE systemd macros with Mariner's (#2874)

* toolchain: Rebuild audit with systemd-bootstrap-rpm-macros installed (#2878)

* toolchain: Rebuild audit with systemd-bootstrap-rpm-macros installed
* audit: Add BR on systemd-bootstrap-rpm-macros

* [2.0] Cherry-pick credscan failure caused by unattended installer image config (#2908)

* minor fix to build doc (#2907)

Co-authored-by: Henry Li <lihl@microsoft.com>

* fix image config json (#2906)

Co-authored-by: Henry Li <lihl@microsoft.com>

Co-authored-by: Henry Li <lihl@microsoft.com>

* download msopenjdk-11 from prod folder (#2921)

* Cherry Pick build fixes to Extended (#3105)

* ARM64 `buildah` and `edk2` blocked packages fix. (#3101)

* Adding missing signature for `perl-Module-Install-Repository`. (#3086)

Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>

* Python-twisted: upgrade to version 22.4.0 to fix CVE-2022-24801 (#3079)

* python-twisted upgrade to 22.4.0 to fix CVE-2022-24801

* python-twisted upgrade to 22.4.0 to fix CVE-2022-24801

* python-twisted upgrade to 22.4.0 to fix CVE-2022-24801

* python-twisted upgrade to 22.4.0 to fix CVE-2022-24801

Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>

* upgrading vim to 8.2.4979 for CVE-2022-1619, CVE-2022-1621, CVE-2022-… (#3087)

* upgrading vim to 8.2.4979 for CVE-2022-1619, CVE-2022-1621, CVE-2022-1629, CVE-2022-1616, CVE-2022-1733, CVE-2022-1735, CVE-2022-1769, CVE-2022-1620, CVE-2022-1674, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796

* upgrading vim to 8.2.4979 for CVE-2022-1619, CVE-2022-1621, CVE-2022-1629, CVE-2022-1616, CVE-2022-1733, CVE-2022-1735, CVE-2022-1769, CVE-2022-1620, CVE-2022-1674, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796

* upgrading vim to 8.2.4979 for CVE-2022-1619, CVE-2022-1621, CVE-2022-1629, CVE-2022-1616, CVE-2022-1733, CVE-2022-1735, CVE-2022-1769, CVE-2022-1620, CVE-2022-1674, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796

Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>

* Updating `vim` to version 8.2.5064. (#3112)

* Bump Mariner Release (#3140)

* Revert "Add missing e2fsprogs dep to cloud-init (#3141)"

This reverts commit 7417d8a04f.
Reverting this change temporarily because we are not ready to upgrade cloud-init

* Revert "cloud-init: uprev to 22.2 (#3104)"

This reverts commit 3bcdc43b8f.
Reverting this change temporarily because we are not ready to upgrade cloud-init.

* Fix build errors caused by ncurses 6.3 upgrade (#3184)

* Fix ARM64 Build Break (#3191)

* t1lib: Fix SRPM packing (#3192)

* Revert "cloud-init: patch for CVE-2022-2084 (#3281)"

This reverts commit e3174308e7.

* Revert "Revert "cloud-init: uprev to 22.2 (#3104)""

This reverts commit ae3a7d80af.

* Revert "Revert "Add missing e2fsprogs dep to cloud-init (#3141)""

This reverts commit 68bd0ec8d7.

* Revert "Revert "cloud-init: patch for CVE-2022-2084 (#3281)""

This reverts commit 0b1ba723bc.

* Revert "Initial KeysInUse Integration (#3182)"

This reverts commit 7de96f680a.

* Updating 'mariner-release' version for July update 2. (#3444)

* remove provides from unsigned grub2 (#3461)

Co-authored-by: Henry Li <lihl@microsoft.com>

* Updating 'mariner-release' for the August release.

* Updating licenses after the 'main' merge.

* KeysInUse: re-introduce package back to 2.0. (#3531)

* Update helm version 3.9.3 (#3586)

* Update helm version 3.9.3

* Fix helm version info not displaying correctly

* fix cloud-init dependency issue (#3606)

* `mariadb`: update to v10.6.9 to fix CVE-2022-32091, CVE-2022-32081 (#3645)

* fix npm version in nodejs.spec (#3571)

* upgrade vim to 9.0.0232 (#3580)

* qemu : fix CVE-2022-35414 (#3597)

* qemu : fix CVE-2022-35414

* address PR comment

Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>

* libxml2 and python-lxml: fix CVE-2022-2309 (#3583)

* libxml2 and python-lxml: fix CVE-2022-2309

* libxml2 and python-lxml: fix CVE-2022-2309

* address PR comments

Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>

* rubygem-yajl-ruby: fix CVE 2022 24795 (#3598)

* rubygem-yajl-ruby : fix CVE-2022-24795

* rubygem-yajl-ruby : fix CVE-2022-24795

* back port patch from 1.4.1

* fix spec issue

* address PR comments

Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>

* Update cert-manager to v1.7.3. (#3575)

- Update cert-manager to v1.7.3.
- Split cert-manager binaries into separate packages.
- Remove cert-manager build dependency on Bazel and just build the
binaries directly using `go build`. This makes building easier. Also,
the latest upstream version of cert-manager does this.
- Use the Go "vendor" directory for Go dependencies instead of dumping
files in the global Go cache.

* Bump supported go versions to 1.17.13, 1.18.5 to fix fifteen CVEs (#3600)

Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>

* dpkd: bump version to 21.11.2 to address CVE-2022-2132 (#3631)

* dpkd: bump version to 21.11.2 to address CVE-2022-2132
* dpdk: cgmanifest: update entry

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>

* `vim`: upgrade to 9.0.0325 to fix CVE-2022-2980, CVE-2022-2982, CVE-2022-2923, CVE-2022-2946 (#3643)

* `python3`: fix CVE-2015-20107 (#3644)

* `python3`: fix CVE-2021-28861 (#3654)

* `colord`: fix CVE-2021-42523 (#3675)

* `virglrenderer`: fix CVE-2022-0135 (#3674)

* libtar: Pull misc Fedora patches, fix CVE-2021-33643, CVE-2021-33644, CVE-2021-33645, CVE-2021-33646 (#3686)

* Apply Fedora patches

* Apply linter

* Use upstream patch

* Patch qemu CVE-2021-4158 (#3696)

* libtar: Fixup spec formatting, remove .la files, remove explicit provides (#3698)

* Fixup libtar spec formatting, .la files, provides

* Add comment so we can track CVE fixes

* update mariner-release to 2.0-19 (#3723)

* fix br in libvirt (#3726)

* Added nopatch to libtirpc for CVE-2021-46828 (#3779)

Co-authored-by: Nick Samson <nisamson@microsoft.com>

* update mariner-release to 2.0-21 (#3778)

* revert changes for adding sysinit.target dependency (#3777)

* Expat fix CVE-2022-40674 (#3799)

Co-authored-by: Betty Lakes <bettylakes@microsoft.com>

* bump mariner-release to 2.0-21

* switching branches

* Ensure rpm-* ABI compatibility (#3880)

* Ensure `python3-rpm` pulls in appropriate libs
* Add rpm-build-libs -> rpm-libs dependency too
* Declare release `4.18.0-2` with fixes

* toolkit.mk: fix 'clean-rpms-snapshot' target. (#3843)

* 7.4.14 to 8.1.11; need to delete the old SPECS-EXTENDED folders

* php 8.1.11 build now

* removed libraries from SPECS-EXTENDED

* merged current 2.0; added changelog for php & updated other licenses; need to verify changelog for php & version thing olivia said

* update cgmanifest.json

* reresolving old mr comments

* updated hunspell to fix CVE; added aspell patch to fix CVE; fixed some PHP linting issues

* one linting fix

* removed commented-out modphp code; updated changelog

* debugging url issues

* trying 2sec timeout instead of 1sec

* echoing to txt log

* undoing validate-cg-manifests.sh changes; trying new url

* resolving mr comments

* updating malaga in cgmanifest

* trying source-git's mirror

* trying with local tarball

* trying with local tarball

* using blob storage

* Delete bad_registrations.txt

* updating tokyocabinet url

* changing branches

* resolving conflicts with upstream/main

* mr comments

* updating cgmanifest

* actually fixing validate_cg_manifest.sh

* Delete php-8.1.11.tar.xz.asc

* Delete php-keyring.gpg

Signed-off-by: Chris Co <chrco@microsoft.com>
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
Signed-off-by: Kate Goldenring <kagold@microsoft.com>
Co-authored-by: nicolas guibourge <nicogbg@gmail.com>
Co-authored-by: nicolas guibourge <nicolasg@microsoft.com>
Co-authored-by: Jon Slobodzian <joslobo@microsoft.com>
Co-authored-by: Thomas Crain <thcrain@microsoft.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
Co-authored-by: Max Brodeur-Urbas <35381493+MaxBrodeurUrbas@users.noreply.github.com>
Co-authored-by: Kate Goldenring <kate.goldenring@microsoft.com>
Co-authored-by: rlmenge <rachelmenge@microsoft.com>
Co-authored-by: Vince Perri <5596945+vinceaperri@users.noreply.github.com>
Co-authored-by: Andrew Phelps <anphel31@users.noreply.github.com>
Co-authored-by: Neha Agarwal <58672330+neha170@users.noreply.github.com>
Co-authored-by: Olivia Crain <olivia@olivia.dev>
Co-authored-by: Henry Li <69694695+henryli001@users.noreply.github.com>
Co-authored-by: Henry Li <lihl@microsoft.com>
Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
Co-authored-by: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Co-authored-by: Nan Liu <108544011+liunan-ms@users.noreply.github.com>
Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>
Co-authored-by: Cameron E Baird <cameronbaird@microsoft.com>
Co-authored-by: Chris Gunn <chrisgun@microsoft.com>
Co-authored-by: Daniel McIlvaney <damcilva@microsoft.com>
Co-authored-by: Nick Samson <nick.samson@microsoft.com>
Co-authored-by: Nick Samson <nisamson@microsoft.com>
Co-authored-by: Minghe Ren <mingheren@microsoft.com>
Co-authored-by: Betty <38226164+BettyRain@users.noreply.github.com>
Co-authored-by: Betty Lakes <bettylakes@microsoft.com>
Co-authored-by: Andrew Phelps <anphel@microsoft.com>
Co-authored-by: Andy Caldwell <andycaldwell@microsoft.com>
2022-10-12 16:00:03 -07:00
Henry Li e37c7d8dee
fix unbound CVE (#4002)
Co-authored-by: Henry Li <lihl@microsoft.com>
2022-10-12 15:27:06 -07:00
CBL-Mariner-Bot afe43dd8d6
[AUTOPATCHER-CORE] dbus upgrade to version 1.15.2 - CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 - (#3991)
* dbus: upgrade to version 1.15.2

* update dbus-x11 spec

Co-authored-by: Henry Li <lihl@microsoft.com>
2022-10-12 14:53:28 -07:00
CBL-Mariner-Bot 93668aef8f
Automatic upgrade of tzdata to 2022e (#3987) 2022-10-12 08:35:59 -07:00
Andy Caldwell 366add1699
Police `glibc-static` versions (#3748)
* Make `glibc-static` a real package and police its version

* Add version bounds to all mentions of `glibc-static` in spec files

* Bump releases for all affected packages

* Add pipeline job to check static glibc versions

* Release new glibc packages with split out glibc-static

* Include distribution in requirement bounds

* Don't implicitly install glibc-static in pkggen chroot

* Correctly split up the static libraries between devel/static

* Consistent use of f-strings

* Allow libacvp to build without depending on `glibc-static`

* Remove `libhugetlbfs-tests` package

* Update kernel configs to not support static linking

* Declare `glibc-static` dependency for flannel

* Enable `-pie` by default in `clang`

* Rebuild SymCrypt with `-pie` enabled `clang`

* Use `glibc-static` on all platforms for `busybox`

* Tidy up libacvp Source lines

* Clang can't default to `-pie` so move `crt1.o` to `glibc-devel`

* Fix libacvp Source0 syntax

* Don't build static binaries in libhugetlbfs-tests

* Update kernel config signatures

* Kubevirt needs glibc-static too
2022-10-12 16:30:40 +01:00
tgopinath-microsoft 270fb6f538
Create missing systemd accounts (#3775)
Presently, systemd-oom and systemd-coredump service accounts are not created during RPM install and are created on initial boot. Create these users and groups during installation like other generic systemd accounts.

Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
Co-authored-by: Olivia Crain <oliviacrain@microsoft.com>
2022-10-11 15:42:46 -07:00
Mandeep Plaha ea0afd64ed
Add Instruction to filter gpg-pubkey from rpm cmd's output. (#3919) 2022-10-11 11:25:25 -07:00
CBL-Mariner-Bot 9eed4e3041
Kernel upgrade to 5.15.72.1 version (#3949) 2022-10-11 10:49:15 -07:00
Henry Li ca5edac616
resolve terraform CVE (#3965)
Co-authored-by: Henry Li <lihl@microsoft.com>
2022-10-11 10:11:30 -07:00
Tom Fay af670b6b05
add libyang 2 to mariner SPECs (#3952)
* add libyang 2 to mariner SPECs

* Change declared license to "BSD"

Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>

* add fedora attribution that satisfies tooling

* remove unnecessary arm32 option

Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
2022-10-10 22:08:03 +01:00
Daniel McIlvaney 313bd707b6
Fix python crypt to work with FIPS (#3955) 2022-10-10 10:22:35 -07:00
Minghe Ren f11f84057c
Fix cloud-init mariner variant not set properly (#3920)
* fix mariner variant

* fix mariner variant
2022-10-07 17:03:17 -07:00
Pawel Winogrodzki 1bc106800a
mariner_release: bumping version for October release. (#3950) 2022-10-07 13:06:12 -07:00
Pawel Winogrodzki 5f7e834a7f
python-absl-py, python-astunparse: adding missing spec tags + clean-up. (#3951)
* python-absl-py: adding missing spec tags.

* python-astunparse: adding missing spec tags and updating licensing info.
2022-10-07 13:02:41 -07:00
CBL-Mariner-Bot 9fe3e6e4c4
ca-certificates: September 2022 (2022-10-05) release of Microsoft trusted root CAs (#3941) 2022-10-07 11:18:23 -07:00
rikenm1 0d8452fe32
Add python-astunparse package to Mariner (#3937) 2022-10-07 10:29:55 -07:00
Vince Perri 0cfe13348d
Upgrade kernel-hci to 5.15.70.1 and other updates from main kernel package (#3932)
* Update kernel-hci

* Update cgmanifest.json

* Update cgmanifest.json
2022-10-07 09:04:41 -07:00
Pawel Winogrodzki 96b35817fe
dracut, systemd, systemtap: fix log file paths. (#3922) 2022-10-06 16:23:10 -07:00
Olivia Crain 49ff35162f
Add large file support to unzip (#3936) 2022-10-06 16:10:58 -07:00