diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec index f497bbe73b2..263dd73e01c 100644 --- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec +++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec @@ -9,7 +9,7 @@ %define uname_r %{version}-%{release} Summary: Signed Linux Kernel for %{buildarch} systems Name: kernel-signed-%{buildarch} -Version: 5.10.123.1 +Version: 5.10.131.1 Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation @@ -147,6 +147,12 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %endif %changelog +* Sun Jul 24 2022 Rachel Menge - 5.10.131.1-1 +- Update source to 5.10.131.1 + +* Wed Jul 06 2022 Max Brodeur-Urbas - 5.10.128.1-1 +- Update source to 5.10.128.1 + * Mon Jun 20 2022 Rachel Menge - 5.10.123.1-1 - Update source to 5.10.123.1 diff --git a/SPECS/ca-certificates/ca-certificates.signatures.json b/SPECS/ca-certificates/ca-certificates.signatures.json index 25d2c3fdd7c..1c01a1f4fa2 100644 --- a/SPECS/ca-certificates/ca-certificates.signatures.json +++ b/SPECS/ca-certificates/ca-certificates.signatures.json @@ -11,7 +11,7 @@ "README.usr": "0d2e90b6cf575678cd9d4f409d92258ef0d676995d4d733acdb2425309a38ff8", "bundle2pem.sh": "a61e0d9f34e21456cfe175e9a682f56959240e66dfeb75bd2457226226aa413a", "certdata.base.txt": "76c4cd1860b9a6f6ee9c2a0dcddcef46f65950b7ec12d2a7eeabeedca4e379f9", - "certdata.microsoft.txt": "32789389efd31aa04d9f482bd1132a0661c249fcd5eb9ec92b02ddca6ed35a7d", + "certdata.microsoft.txt": "18075612875845029e53c423799e48f974a4e95aaa7b0e4a909ee25094120708", "certdata2pem.py": "4f5848c14210758f19ab9fdc9ffd83733303a48642a3d47c4d682f904fdc0f33", "pem2bundle.sh": "f96a2f0071fb80e30332c0bd95853183f2f49a3c98d5e9fc4716aeeb001e3426", "trust-fixes": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b", diff --git a/SPECS/ca-certificates/ca-certificates.spec b/SPECS/ca-certificates/ca-certificates.spec index d39d9696c34..21d5cd62a41 100644 --- a/SPECS/ca-certificates/ca-certificates.spec +++ b/SPECS/ca-certificates/ca-certificates.spec @@ -44,7 +44,7 @@ Name: ca-certificates # When updating, "Version" AND "Release" tags must be updated in the "prebuilt-ca-certificates" package as well. Version: 20200720 -Release: 25%{?dist} +Release: 26%{?dist} License: MPLv2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -317,6 +317,9 @@ rm -f %{pkidir}/tls/certs/*.{0,pem} %{_bindir}/bundle2pem.sh %changelog +* Wed Aug 03 2022 CBL-Mariner Service Account - 20200720-26 +- Updating Microsoft trusted root CAs. + * Wed Jun 29 2022 CBL-Mariner Service Account - 20200720-25 - Updating Microsoft trusted root CAs. diff --git a/SPECS/ca-certificates/certdata.microsoft.txt b/SPECS/ca-certificates/certdata.microsoft.txt index a89953d8757..7e6c844b7b2 100644 --- a/SPECS/ca-certificates/certdata.microsoft.txt +++ b/SPECS/ca-certificates/certdata.microsoft.txt @@ -1,4 +1,4 @@ -# Release: May 2022 +# Release: June 2022 # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this @@ -38930,3 +38930,306 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Visa Public RSA Root CA" +# +# Issuer: CN=Visa Public RSA Root CA,OU=Visa International Service Association,O=VISA,C=US +# Serial Number:51:3e:96:00:00:00:db:44:27:ee:ac:e0:be:e1:48 +# Subject: CN=Visa Public RSA Root CA,OU=Visa International Service Association,O=VISA,C=US +# Not Valid Before: Tue Mar 16 00:00:00 2021 +# Not Valid After : Fri Mar 15 00:00:00 2041 +# Fingerprint (SHA-256): 07:CD:9A:A9:06:4A:9B:94:C6:AE:F8:FB:78:4C:1B:BC:1B:ED:A0:8A:CB:E8:68:78:D7:81:A3:91:67:62:6C:F8 +# Fingerprint (SHA1): 82:EF:4C:64:F0:57:CA:00:38:F0:DB:5B:76:C2:4B:65:4D:7C:DA:78 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Visa Public RSA Root CA" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\157\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\015\060\013\006\003\125\004\012\014\004\126\111\123\101\061\057 +\060\055\006\003\125\004\013\014\046\126\151\163\141\040\111\156 +\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166 +\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061 +\040\060\036\006\003\125\004\003\014\027\126\151\163\141\040\120 +\165\142\154\151\143\040\122\123\101\040\122\157\157\164\040\103 +\101 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\157\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\015\060\013\006\003\125\004\012\014\004\126\111\123\101\061\057 +\060\055\006\003\125\004\013\014\046\126\151\163\141\040\111\156 +\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166 +\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061 +\040\060\036\006\003\125\004\003\014\027\126\151\163\141\040\120 +\165\142\154\151\143\040\122\123\101\040\122\157\157\164\040\103 +\101 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\017\121\076\226\000\000\000\333\104\047\356\254\340\276\341 +\110 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\251\060\202\003\221\240\003\002\001\002\002\017\121 +\076\226\000\000\000\333\104\047\356\254\340\276\341\110\060\015 +\006\011\052\206\110\206\367\015\001\001\013\005\000\060\157\061 +\013\060\011\006\003\125\004\006\023\002\125\123\061\015\060\013 +\006\003\125\004\012\014\004\126\111\123\101\061\057\060\055\006 +\003\125\004\013\014\046\126\151\163\141\040\111\156\164\145\162 +\156\141\164\151\157\156\141\154\040\123\145\162\166\151\143\145 +\040\101\163\163\157\143\151\141\164\151\157\156\061\040\060\036 +\006\003\125\004\003\014\027\126\151\163\141\040\120\165\142\154 +\151\143\040\122\123\101\040\122\157\157\164\040\103\101\060\036 +\027\015\062\061\060\063\061\066\060\060\060\060\060\060\132\027 +\015\064\061\060\063\061\065\060\060\060\060\060\060\132\060\157 +\061\013\060\011\006\003\125\004\006\023\002\125\123\061\015\060 +\013\006\003\125\004\012\014\004\126\111\123\101\061\057\060\055 +\006\003\125\004\013\014\046\126\151\163\141\040\111\156\164\145 +\162\156\141\164\151\157\156\141\154\040\123\145\162\166\151\143 +\145\040\101\163\163\157\143\151\141\164\151\157\156\061\040\060 +\036\006\003\125\004\003\014\027\126\151\163\141\040\120\165\142 +\154\151\143\040\122\123\101\040\122\157\157\164\040\103\101\060 +\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001 +\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000 +\331\141\033\134\264\267\200\216\213\071\217\167\154\376\312\317 +\241\016\364\275\120\136\132\374\227\347\323\220\225\231\225\322 +\172\102\354\031\325\313\370\337\257\155\176\067\211\360\356\160 +\110\230\203\161\134\073\170\327\116\077\275\313\174\013\160\036 +\124\347\122\166\364\173\322\013\115\070\251\163\226\344\066\160 +\036\276\207\053\044\000\254\256\230\220\362\060\110\366\333\151 +\162\242\224\170\230\063\133\202\036\333\234\251\212\262\253\241 +\120\370\331\276\004\322\042\002\053\147\031\345\007\303\340\024 +\263\122\167\355\247\200\152\207\300\037\244\153\306\326\132\336 +\011\240\371\336\252\354\313\224\224\151\326\077\065\247\224\030 +\351\052\164\373\303\110\332\003\041\332\333\023\034\047\145\244 +\205\122\150\320\117\133\057\053\003\052\032\215\206\026\270\011 +\341\305\013\022\236\015\066\076\153\201\257\030\115\066\173\136 +\216\114\156\121\353\056\224\217\072\142\136\277\175\012\132\057 +\301\161\273\355\010\326\015\130\024\340\355\103\063\077\167\012 +\061\015\151\030\273\306\330\370\057\025\066\122\106\361\367\103 +\071\340\045\030\053\015\206\016\047\251\043\365\253\336\373\254 +\216\070\132\243\363\106\102\270\175\015\272\013\166\230\304\267 +\163\177\215\222\306\260\373\241\367\161\003\354\023\361\257\347 +\070\337\260\251\136\106\021\005\264\115\140\312\267\124\203\120 +\314\202\357\050\375\210\112\063\261\100\252\105\324\237\276\063 +\302\204\105\203\035\314\213\223\232\031\064\033\203\343\145\300 +\230\021\342\305\107\134\045\170\263\326\374\076\071\336\056\034 +\326\062\175\371\335\041\100\104\137\135\234\356\313\014\032\252 +\265\076\226\226\322\156\327\077\161\331\227\264\121\123\131\277 +\022\206\163\040\244\056\207\162\333\323\274\217\337\314\031\237 +\022\071\045\056\341\116\215\036\267\233\052\353\237\364\130\155 +\237\243\352\103\212\151\222\034\272\261\027\227\171\136\115\124 +\147\325\244\066\030\345\220\012\021\152\223\142\003\024\055\152 +\120\330\374\270\004\152\105\314\027\264\356\065\344\312\351\121 +\246\202\257\317\136\042\135\340\064\242\255\172\163\336\003\254 +\126\027\322\071\253\130\267\224\341\257\323\011\224\013\024\213 +\002\003\001\000\001\243\102\060\100\060\035\006\003\125\035\016 +\004\026\004\024\113\115\246\016\373\240\021\350\255\013\342\360 +\363\012\000\057\254\213\026\373\060\017\006\003\125\035\023\001 +\001\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017 +\001\001\377\004\004\003\002\001\006\060\015\006\011\052\206\110 +\206\367\015\001\001\013\005\000\003\202\002\001\000\271\005\117 +\152\101\046\130\075\310\002\247\154\164\046\352\271\366\103\046 +\136\340\145\313\117\170\015\241\047\076\253\355\012\014\060\002 +\052\344\277\314\174\375\004\216\306\045\226\212\357\247\275\354 +\256\107\350\372\033\077\337\045\245\170\273\342\171\100\100\362 +\161\371\072\323\223\060\334\162\034\044\347\231\274\070\044\325 +\354\216\231\014\024\077\246\177\005\324\023\064\231\231\367\146 +\174\165\301\271\311\140\261\054\032\352\074\176\353\243\164\254 +\216\026\052\365\333\210\045\116\343\176\054\302\044\043\170\133 +\313\151\320\075\251\130\027\265\374\046\015\263\003\370\030\313 +\071\215\016\176\145\002\215\374\276\111\025\334\025\116\356\327 +\076\337\033\347\067\340\156\151\220\245\131\224\237\112\005\302 +\155\316\043\357\231\352\001\051\066\145\271\155\337\366\241\102 +\031\240\157\172\101\367\366\175\253\225\060\006\042\131\013\315 +\234\275\362\326\011\021\202\344\316\110\305\124\010\050\206\175 +\333\360\273\234\240\243\010\245\226\365\166\234\166\373\371\210 +\233\103\323\171\147\153\051\077\112\075\146\127\363\241\253\166 +\355\141\151\310\256\073\116\045\035\273\376\055\241\252\313\050 +\146\117\372\026\300\374\136\061\226\163\077\360\107\331\220\115 +\103\171\064\310\322\130\115\334\357\062\022\301\353\265\031\165 +\072\344\031\374\207\261\034\357\024\031\116\243\276\176\023\132 +\215\164\035\207\227\316\261\234\220\276\350\041\167\306\116\270 +\317\315\366\072\331\076\107\015\157\301\000\106\122\373\324\344 +\212\074\366\345\203\064\174\363\363\354\207\145\020\157\244\342 +\256\030\301\237\066\217\275\330\366\100\304\063\236\066\336\152 +\326\242\272\277\006\256\310\345\217\057\320\264\330\364\145\207 +\142\272\104\225\207\364\131\323\227\001\273\037\301\010\223\352 +\251\321\212\217\251\363\145\162\252\126\074\046\336\225\124\016 +\202\017\057\342\034\254\034\217\121\013\022\160\320\175\133\375 +\205\347\150\306\151\320\353\027\277\234\257\034\315\311\156\366 +\024\011\106\376\113\207\330\044\365\017\003\050\255\247\232\014 +\331\361\044\220\372\132\367\231\044\236\143\302\116\061\031\104 +\371\022\235\071\002\002\205\153\141\114\222\241\357 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "Visa Public RSA Root CA" +# Issuer: CN=Visa Public RSA Root CA,OU=Visa International Service Association,O=VISA,C=US +# Serial Number:51:3e:96:00:00:00:db:44:27:ee:ac:e0:be:e1:48 +# Subject: CN=Visa Public RSA Root CA,OU=Visa International Service Association,O=VISA,C=US +# Not Valid Before: Tue Mar 16 00:00:00 2021 +# Not Valid After : Fri Mar 15 00:00:00 2041 +# Fingerprint (SHA-256): 07:CD:9A:A9:06:4A:9B:94:C6:AE:F8:FB:78:4C:1B:BC:1B:ED:A0:8A:CB:E8:68:78:D7:81:A3:91:67:62:6C:F8 +# Fingerprint (SHA1): 82:EF:4C:64:F0:57:CA:00:38:F0:DB:5B:76:C2:4B:65:4D:7C:DA:78 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Visa Public RSA Root CA" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\202\357\114\144\360\127\312\000\070\360\333\133\166\302\113\145 +\115\174\332\170 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\160\002\072\176\363\342\321\341\013\121\266\370\043\323\053\041 +END +CKA_ISSUER MULTILINE_OCTAL +\060\157\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\015\060\013\006\003\125\004\012\014\004\126\111\123\101\061\057 +\060\055\006\003\125\004\013\014\046\126\151\163\141\040\111\156 +\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166 +\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061 +\040\060\036\006\003\125\004\003\014\027\126\151\163\141\040\120 +\165\142\154\151\143\040\122\123\101\040\122\157\157\164\040\103 +\101 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\017\121\076\226\000\000\000\333\104\047\356\254\340\276\341 +\110 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + + +# +# Certificate "Visa Public ECC Root CA" +# +# Issuer: CN=Visa Public ECC Root CA,OU=Visa International Service Association,O=VISA,C=US +# Serial Number:51:3e:96:00:00:00:dc:d3:06:98:8c:72:9c:fa:65 +# Subject: CN=Visa Public ECC Root CA,OU=Visa International Service Association,O=VISA,C=US +# Not Valid Before: Tue Mar 16 00:00:00 2021 +# Not Valid After : Fri Mar 15 00:00:00 2041 +# Fingerprint (SHA-256): E6:BE:68:CE:06:FE:0D:A0:C1:40:F1:AE:B0:0B:67:B6:36:C5:EE:A9:42:20:88:92:93:62:37:5C:E0:86:DB:39 +# Fingerprint (SHA1): 9C:B1:E6:FB:C2:1A:AF:3D:68:97:3C:B5:16:E9:32:C4:4C:B9:D5:60 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Visa Public ECC Root CA" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\157\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\015\060\013\006\003\125\004\012\014\004\126\111\123\101\061\057 +\060\055\006\003\125\004\013\014\046\126\151\163\141\040\111\156 +\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166 +\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061 +\040\060\036\006\003\125\004\003\014\027\126\151\163\141\040\120 +\165\142\154\151\143\040\105\103\103\040\122\157\157\164\040\103 +\101 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\157\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\015\060\013\006\003\125\004\012\014\004\126\111\123\101\061\057 +\060\055\006\003\125\004\013\014\046\126\151\163\141\040\111\156 +\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166 +\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061 +\040\060\036\006\003\125\004\003\014\027\126\151\163\141\040\120 +\165\142\154\151\143\040\105\103\103\040\122\157\157\164\040\103 +\101 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\017\121\076\226\000\000\000\334\323\006\230\214\162\234\372 +\145 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\132\060\202\001\340\240\003\002\001\002\002\017\121 +\076\226\000\000\000\334\323\006\230\214\162\234\372\145\060\012 +\006\010\052\206\110\316\075\004\003\003\060\157\061\013\060\011 +\006\003\125\004\006\023\002\125\123\061\015\060\013\006\003\125 +\004\012\014\004\126\111\123\101\061\057\060\055\006\003\125\004 +\013\014\046\126\151\163\141\040\111\156\164\145\162\156\141\164 +\151\157\156\141\154\040\123\145\162\166\151\143\145\040\101\163 +\163\157\143\151\141\164\151\157\156\061\040\060\036\006\003\125 +\004\003\014\027\126\151\163\141\040\120\165\142\154\151\143\040 +\105\103\103\040\122\157\157\164\040\103\101\060\036\027\015\062 +\061\060\063\061\066\060\060\060\060\060\060\132\027\015\064\061 +\060\063\061\065\060\060\060\060\060\060\132\060\157\061\013\060 +\011\006\003\125\004\006\023\002\125\123\061\015\060\013\006\003 +\125\004\012\014\004\126\111\123\101\061\057\060\055\006\003\125 +\004\013\014\046\126\151\163\141\040\111\156\164\145\162\156\141 +\164\151\157\156\141\154\040\123\145\162\166\151\143\145\040\101 +\163\163\157\143\151\141\164\151\157\156\061\040\060\036\006\003 +\125\004\003\014\027\126\151\163\141\040\120\165\142\154\151\143 +\040\105\103\103\040\122\157\157\164\040\103\101\060\166\060\020 +\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000\042 +\003\142\000\004\204\126\370\077\071\375\347\034\317\141\346\311 +\056\077\036\010\003\354\171\235\357\037\000\002\241\262\120\333 +\371\136\205\217\154\146\351\227\237\017\047\074\124\027\326\161 +\153\177\122\025\175\361\006\131\164\344\063\221\054\213\016\033 +\366\061\233\310\054\332\061\361\262\220\346\251\213\131\012\300 +\327\355\133\226\166\003\014\042\254\025\041\241\217\356\105\324 +\316\124\153\115\243\102\060\100\060\035\006\003\125\035\016\004 +\026\004\024\227\015\003\053\000\242\353\221\357\347\231\003\022 +\116\040\203\055\351\107\356\060\017\006\003\125\035\023\001\001 +\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017\001 +\001\377\004\004\003\002\001\006\060\012\006\010\052\206\110\316 +\075\004\003\003\003\150\000\060\145\002\060\120\120\254\236\374 +\315\104\363\346\222\163\160\065\127\174\054\132\323\130\204\114 +\133\243\116\356\357\035\026\016\370\204\223\377\311\104\016\246 +\024\026\361\352\301\051\211\034\030\116\315\002\061\000\352\362 +\305\230\371\143\317\137\355\310\365\216\061\037\046\310\130\226 +\057\144\335\051\112\027\254\272\325\126\106\177\312\307\316\211 +\205\301\143\371\120\227\052\215\235\240\262\112\212\375 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "Visa Public ECC Root CA" +# Issuer: CN=Visa Public ECC Root CA,OU=Visa International Service Association,O=VISA,C=US +# Serial Number:51:3e:96:00:00:00:dc:d3:06:98:8c:72:9c:fa:65 +# Subject: CN=Visa Public ECC Root CA,OU=Visa International Service Association,O=VISA,C=US +# Not Valid Before: Tue Mar 16 00:00:00 2021 +# Not Valid After : Fri Mar 15 00:00:00 2041 +# Fingerprint (SHA-256): E6:BE:68:CE:06:FE:0D:A0:C1:40:F1:AE:B0:0B:67:B6:36:C5:EE:A9:42:20:88:92:93:62:37:5C:E0:86:DB:39 +# Fingerprint (SHA1): 9C:B1:E6:FB:C2:1A:AF:3D:68:97:3C:B5:16:E9:32:C4:4C:B9:D5:60 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Visa Public ECC Root CA" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\234\261\346\373\302\032\257\075\150\227\074\265\026\351\062\304 +\114\271\325\140 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\327\113\172\035\216\046\132\366\271\217\226\213\303\215\035\312 +END +CKA_ISSUER MULTILINE_OCTAL +\060\157\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\015\060\013\006\003\125\004\012\014\004\126\111\123\101\061\057 +\060\055\006\003\125\004\013\014\046\126\151\163\141\040\111\156 +\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166 +\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061 +\040\060\036\006\003\125\004\003\014\027\126\151\163\141\040\120 +\165\142\154\151\143\040\105\103\103\040\122\157\157\164\040\103 +\101 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\017\121\076\226\000\000\000\334\323\006\230\214\162\234\372 +\145 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + diff --git a/SPECS/clang/clang.spec b/SPECS/clang/clang.spec index f4d6f875e27..1a83c85cbe2 100644 --- a/SPECS/clang/clang.spec +++ b/SPECS/clang/clang.spec @@ -1,29 +1,36 @@ Summary: C, C++, Objective C and Objective C++ front-end for the LLVM compiler. Name: clang Version: 8.0.1 -Release: 4%{?dist} +Release: 5%{?dist} License: NCSA -URL: https://clang.llvm.org -Source0: https://github.com/llvm/llvm-project/releases/download/llvmorg-%{version}/cfe-%{version}.src.tar.xz -Group: Development/Tools Vendor: Microsoft Corporation Distribution: Mariner +Group: Development/Tools +URL: https://clang.llvm.org +Source0: https://github.com/llvm/llvm-project/releases/download/llvmorg-%{version}/cfe-%{version}.src.tar.xz BuildRequires: cmake +BuildRequires: libxml2-devel BuildRequires: llvm-devel = %{version} BuildRequires: ncurses-devel -BuildRequires: zlib-devel -BuildRequires: libxml2-devel BuildRequires: python2-devel +BuildRequires: zlib-devel +Requires: %{name}-libs = %{version}-%{release} Requires: libstdc++-devel -Requires: ncurses -Requires: llvm -Requires: zlib Requires: libxml2 +Requires: llvm +Requires: ncurses Requires: python2 +Requires: zlib %description The goal of the Clang project is to create a new C based language front-end: C, C++, Objective C/C++, OpenCL C and others for the LLVM compiler. You can get and build the source today. +%package libs +Summary: Runtime library for clang + +%description libs +Runtime library for clang. + %package devel Summary: Development headers for clang Requires: %{name} = %{version}-%{release} @@ -42,7 +49,7 @@ export CXXFLAGS="`echo " %{build_cxxflags} " | sed 's/ -g//'`" mkdir -p build cd build -cmake -DCMAKE_INSTALL_PREFIX=/usr \ +cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \ -DCMAKE_BUILD_TYPE=Release \ -DLLVM_ENABLE_RTTI=ON \ -Wno-dev .. @@ -61,41 +68,52 @@ make DESTDIR=%{buildroot} install cd build make clang-check -%clean -rm -rf %{buildroot}/* - %files %defattr(-,root,root) -%license LICENSE.TXT %{_bindir}/* %{_libexecdir}/* -%{_libdir}/*.so.* %{_datadir}/* +%files libs +%defattr(-,root,root) +%license LICENSE.TXT +%{_libdir}/clang/* +%{_libdir}/*.so.* + %files devel %defattr(-,root,root) %{_libdir}/*.so %{_libdir}/*.a %{_libdir}/cmake/* -%{_libdir}/clang/* %{_includedir}/* %changelog -* Tue Feb 09 2021 Henry Beberman 8.0.1-4 -- Enable RTTI (runtime type information) so other packages can depend on it. -* Fri Jun 12 2020 Henry Beberman 8.0.1-3 -- Temporarily disable generation of debug symbols. -* Sat May 09 2020 Nick Samson - 8.0.1-2 -- Added %%license line automatically -* Tue Mar 17 2020 Henry Beberman 8.0.1-1 -- Update to 8.0.1. Fix Source0 URL. License verified. -* Tue Sep 03 2019 Mateusz Malisz 6.0.1-2 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Thu Aug 09 2018 Srivatsa S. Bhat 6.0.1-1 -- Update to version 6.0.1 to get it to build with gcc 7.3 -* Wed Jun 28 2017 Chang Lee 4.0.0-2 -- Updated %check -* Fri Apr 7 2017 Alexey Makhalov 4.0.0-1 -- Version update -* Wed Jan 11 2017 Xiaolin Li 3.9.1-1 -- Initial build. +* Sun Jul 10 2022 onalante-msft <89409054+onalante-msft@users.noreply.github.com> - 8.0.1-5 +- Include runtime libraries in base package. + +* Tue Feb 09 2021 Henry Beberman - 8.0.1-4 +- Enable RTTI (runtime type information) so other packages can depend on it. + +* Fri Jun 12 2020 Henry Beberman - 8.0.1-3 +- Temporarily disable generation of debug symbols. + +* Sat May 09 2020 Nick Samson - 8.0.1-2 +- Added %%license line automatically + +* Tue Mar 17 2020 Henry Beberman - 8.0.1-1 +- Update to 8.0.1. Fix Source0 URL. License verified. + +* Tue Sep 03 2019 Mateusz Malisz - 6.0.1-2 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Thu Aug 09 2018 Srivatsa S. Bhat - 6.0.1-1 +- Update to version 6.0.1 to get it to build with gcc 7.3 + +* Wed Jun 28 2017 Chang Lee - 4.0.0-2 +- Updated %check + +* Fri Apr 7 2017 Alexey Makhalov - 4.0.0-1 +- Version update + +* Wed Jan 11 2017 Xiaolin Li - 3.9.1-1 +- Initial build. diff --git a/SPECS/hyperv-daemons/hyperv-daemons.signatures.json b/SPECS/hyperv-daemons/hyperv-daemons.signatures.json index a611ac2bea7..b6a92c60ac1 100644 --- a/SPECS/hyperv-daemons/hyperv-daemons.signatures.json +++ b/SPECS/hyperv-daemons/hyperv-daemons.signatures.json @@ -7,6 +7,6 @@ "hypervkvpd.service": "25339871302f7a47e1aecfa9fc2586c78bc37edb98773752f0a5dec30f0ed3a1", "hypervvss.rules": "94cead44245ef6553ab79c0bbac8419e3ff4b241f01bcec66e6f508098cbedd1", "hypervvssd.service": "22270d9f0f23af4ea7905f19c1d5d5495e40c1f782cbb87a99f8aec5a011078d", - "kernel-5.10.123.1.tar.gz": "480ecf777d684ba029397bfb21b7617e68275180c433ec48c4f45e5629ad4bc1" + "kernel-5.10.131.1.tar.gz": "648e92ed6c42730054c3c147b52169003dee23b00b0ee2612a48ab4202ebcb35" } } \ No newline at end of file diff --git a/SPECS/hyperv-daemons/hyperv-daemons.spec b/SPECS/hyperv-daemons/hyperv-daemons.spec index 758d4073d80..d496dfd1b20 100644 --- a/SPECS/hyperv-daemons/hyperv-daemons.spec +++ b/SPECS/hyperv-daemons/hyperv-daemons.spec @@ -8,7 +8,7 @@ %global udev_prefix 70 Summary: Hyper-V daemons suite Name: hyperv-daemons -Version: 5.10.123.1 +Version: 5.10.131.1 Release: 1%{?dist} License: GPLv2+ Vendor: Microsoft Corporation @@ -221,6 +221,12 @@ fi %{_sbindir}/lsvmbus %changelog +* Sun Jul 24 2022 Rachel Menge - 5.10.131.1-1 +- Update source to 5.10.131.1 + +* Wed Jul 06 2022 Max Brodeur-Urbas - 5.10.128.1-1 +- Update source to 5.10.128.1 + * Mon Jun 20 2022 Rachel Menge - 5.10.123.1-1 - Update source to 5.10.123.1 diff --git a/SPECS/kernel-headers/kernel-headers.signatures.json b/SPECS/kernel-headers/kernel-headers.signatures.json index 4b858d3c5e0..507a16dd29d 100644 --- a/SPECS/kernel-headers/kernel-headers.signatures.json +++ b/SPECS/kernel-headers/kernel-headers.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "kernel-5.10.123.1.tar.gz": "480ecf777d684ba029397bfb21b7617e68275180c433ec48c4f45e5629ad4bc1" + "kernel-5.10.131.1.tar.gz": "648e92ed6c42730054c3c147b52169003dee23b00b0ee2612a48ab4202ebcb35" } } \ No newline at end of file diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec index 26d4ba9b1a8..ba062cd54c0 100644 --- a/SPECS/kernel-headers/kernel-headers.spec +++ b/SPECS/kernel-headers/kernel-headers.spec @@ -1,6 +1,6 @@ Summary: Linux API header files Name: kernel-headers -Version: 5.10.123.1 +Version: 5.10.131.1 Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation @@ -36,6 +36,12 @@ cp -rv usr/include/* /%{buildroot}%{_includedir} %{_includedir}/* %changelog +* Sun Jul 24 2022 Rachel Menge - 5.10.131.1-1 +- Update source to 5.10.131.1 + +* Wed Jul 06 2022 Max Brodeur-Urbas - 5.10.128.1-1 +- Update source to 5.10.128.1 + * Mon Jun 20 2022 Rachel Menge - 5.10.123.1-1 - Update source to 5.10.123.1 - Remove make headers_check diff --git a/SPECS/kernel-hyperv/config b/SPECS/kernel-hyperv/config index dc1a4080049..41dc9c33ff1 100644 --- a/SPECS/kernel-hyperv/config +++ b/SPECS/kernel-hyperv/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.10.123.1 Kernel Configuration +# Linux/x86_64 5.10.131.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 9.1.0" CONFIG_CC_IS_GCC=y @@ -2462,10 +2462,9 @@ CONFIG_TCG_CRB=m # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TELCLOCK is not set # CONFIG_XILLYBUS is not set -# end of Character devices - CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices # # I2C support @@ -4135,6 +4134,7 @@ CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 CONFIG_CRYPTO_LIB_SHA256=y # end of Crypto library routines +CONFIG_LIB_MEMNEQ=y CONFIG_CRC_CCITT=y CONFIG_CRC16=y CONFIG_CRC_T10DIF=y diff --git a/SPECS/kernel-hyperv/kernel-hyperv.signatures.json b/SPECS/kernel-hyperv/kernel-hyperv.signatures.json index 99b510e3b4e..97098605f6a 100644 --- a/SPECS/kernel-hyperv/kernel-hyperv.signatures.json +++ b/SPECS/kernel-hyperv/kernel-hyperv.signatures.json @@ -1,8 +1,8 @@ { "Signatures": { "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0", - "config": "167401f509d4888c7218ba0a76ad0dcf6f34f49e9caca9ebbdda07a3118828dc", - "kernel-5.10.123.1.tar.gz": "480ecf777d684ba029397bfb21b7617e68275180c433ec48c4f45e5629ad4bc1", + "config": "507770a71732585438925f2ca0c5b17753e1698a1fd91c948a63b41abb6a42c9", + "kernel-5.10.131.1.tar.gz": "648e92ed6c42730054c3c147b52169003dee23b00b0ee2612a48ab4202ebcb35", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f" } } \ No newline at end of file diff --git a/SPECS/kernel-hyperv/kernel-hyperv.spec b/SPECS/kernel-hyperv/kernel-hyperv.spec index 1b29792b12f..ca351166b1c 100644 --- a/SPECS/kernel-hyperv/kernel-hyperv.spec +++ b/SPECS/kernel-hyperv/kernel-hyperv.spec @@ -3,7 +3,7 @@ %define uname_r %{version}-%{release} Summary: Linux Kernel optimized for Hyper-V Name: kernel-hyperv -Version: 5.10.123.1 +Version: 5.10.131.1 Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation @@ -270,6 +270,12 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_libdir}/perf/include/bpf/* %changelog +* Sun Jul 24 2022 Rachel Menge - 5.10.131.1-1 +- Update source to 5.10.131.1 + +* Wed Jul 06 2022 Max Brodeur-Urbas - 5.10.128.1-1 +- Update source to 5.10.128.1 + * Mon Jun 20 2022 Rachel Menge - 5.10.123.1-1 - Update source to 5.10.123.1 diff --git a/SPECS/kernel/CVE-2021-20194.nopatch b/SPECS/kernel/CVE-2021-20194.nopatch new file mode 100644 index 00000000000..7668df0315c --- /dev/null +++ b/SPECS/kernel/CVE-2021-20194.nopatch @@ -0,0 +1 @@ +CVE-2021-20194 - mariner is not exposed to this vulnerability (we set CONFIG_HARDENED_USERCOPY=y). \ No newline at end of file diff --git a/SPECS/kernel/CVE-2021-32078.nopatch b/SPECS/kernel/CVE-2021-32078.nopatch new file mode 100644 index 00000000000..7c2847a2c54 --- /dev/null +++ b/SPECS/kernel/CVE-2021-32078.nopatch @@ -0,0 +1,2 @@ +CVE-2021-32078 - mariner does not support ARM Footbridge personal servers +upstream 298a58e165e447ccfaae35fe9f651f9d7e15166f \ No newline at end of file diff --git a/SPECS/kernel/CVE-2021-37159.nopatch b/SPECS/kernel/CVE-2021-37159.nopatch new file mode 100644 index 00000000000..e4b8866f3e1 --- /dev/null +++ b/SPECS/kernel/CVE-2021-37159.nopatch @@ -0,0 +1 @@ +CVE-2021-37159 - patch not applied/disputed in upstream \ No newline at end of file diff --git a/SPECS/kernel/CVE-2022-0854.nopatch b/SPECS/kernel/CVE-2022-0854.nopatch new file mode 100644 index 00000000000..512c33f660d --- /dev/null +++ b/SPECS/kernel/CVE-2022-0854.nopatch @@ -0,0 +1,3 @@ +CVE-2022-0854 - already patched in 5.10.128.1 stable kernel +Upstream: 901c7280ca0d5e2b4a8929fbe0bfb007ac2a6544 +Stable: f3f2247ac31cb71d1f05f56536df5946c6652f4a \ No newline at end of file diff --git a/SPECS/kernel/CVE-2022-1652.nopatch b/SPECS/kernel/CVE-2022-1652.nopatch new file mode 100644 index 00000000000..b8a3034480b --- /dev/null +++ b/SPECS/kernel/CVE-2022-1652.nopatch @@ -0,0 +1,3 @@ +CVE-2022-1652 - Fix already backported into 5.10.128.1 +Upstream: f71f01394f742fc4558b3f9f4c7ef4c4cf3b07c8 +Stable: 3ca44c16b0dcc764b641ee4ac226909f5c421aa3 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2022-1786.nopatch b/SPECS/kernel/CVE-2022-1786.nopatch new file mode 100644 index 00000000000..8a11aed36f0 --- /dev/null +++ b/SPECS/kernel/CVE-2022-1786.nopatch @@ -0,0 +1,4 @@ +CVE-2022-1786 - already patched in 5.10.128.1 stable kernel +Upstream: No upstream patch exists for this issue, as only older kernels with +the non-native workers have this problem. +Stable: 29f077d070519a88a793fbc70f1e6484dc6d9e35 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2022-1852.nopatch b/SPECS/kernel/CVE-2022-1852.nopatch new file mode 100644 index 00000000000..b3159a87ce0 --- /dev/null +++ b/SPECS/kernel/CVE-2022-1852.nopatch @@ -0,0 +1,3 @@ +CVE-2022-1852 - patched in 5.10.120 - (generated by autopatch tool) +upstream fee060cd52d69c114b62d1a2948ea9648b5131f9 - stable 3d8fc6e28f321d753ab727e3c3e740daf36a8fa3 + diff --git a/SPECS/kernel/CVE-2022-2078.nopatch b/SPECS/kernel/CVE-2022-2078.nopatch new file mode 100644 index 00000000000..1b6b1f0cb04 --- /dev/null +++ b/SPECS/kernel/CVE-2022-2078.nopatch @@ -0,0 +1,3 @@ +CVE-2022-2078 - patched in 5.10.120 - (generated by autopatch tool) +upstream fecf31ee395b0295f2d7260aa29946b7605f7c85 - stable c0aff1faf66b6b7a19103f83e6a5d0fdc64b9048 + diff --git a/SPECS/kernel/CVE-2022-2318.nopatch b/SPECS/kernel/CVE-2022-2318.nopatch new file mode 100644 index 00000000000..6017af5a6d8 --- /dev/null +++ b/SPECS/kernel/CVE-2022-2318.nopatch @@ -0,0 +1,2 @@ +CVE-2022-2318 - patched in 5.10.129 - (generated by autopatch tool) +upstream 9cc02ede696272c5271a401e4f27c262359bc2f6 - stable 8f74cb27c2b4872fd14bf046201fa7b36a46885e diff --git a/SPECS/kernel/CVE-2022-32296.nopatch b/SPECS/kernel/CVE-2022-32296.nopatch new file mode 100644 index 00000000000..f65dc1d1f82 --- /dev/null +++ b/SPECS/kernel/CVE-2022-32296.nopatch @@ -0,0 +1,3 @@ +CVE-2022-32296 - Fix already backported into 5.10.128.1 +Upstream: 4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5 +Stable: 9429b75bc271b6f29e50dbb0ee0751800ff87dd9 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2022-34494.nopatch b/SPECS/kernel/CVE-2022-34494.nopatch new file mode 100644 index 00000000000..5236edb6cff --- /dev/null +++ b/SPECS/kernel/CVE-2022-34494.nopatch @@ -0,0 +1,3 @@ +CVE-2022-34494 - Introducing commit not in stable tree. No fix necessary at this time. +Upstream introducing commit: c486682ae1e2b149add22f44cf413b3103e3ef39 +Upstream fix commit: 1680939e9ecf7764fba8689cfb3429c2fe2bb23c \ No newline at end of file diff --git a/SPECS/kernel/CVE-2022-34495.nopatch b/SPECS/kernel/CVE-2022-34495.nopatch new file mode 100644 index 00000000000..d4913e5b41c --- /dev/null +++ b/SPECS/kernel/CVE-2022-34495.nopatch @@ -0,0 +1,3 @@ +CVE-2022-34495 - Introducing commit not in stable tree. No fix necessary at this time. +Upstream introducing commit: c486682ae1e2b149add22f44cf413b3103e3ef39 +Upstream fix commit: c2eecefec5df1306eafce28ccdf1ca159a552ecc \ No newline at end of file diff --git a/SPECS/kernel/CVE-2022-34918.nopatch b/SPECS/kernel/CVE-2022-34918.nopatch new file mode 100644 index 00000000000..c9572187a4a --- /dev/null +++ b/SPECS/kernel/CVE-2022-34918.nopatch @@ -0,0 +1,2 @@ +CVE-2022-34918 - patched in 5.10.130 - (generated by autopatch tool) +upstream 7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6 - stable 0a5e36dbcb448a7a8ba63d1d4b6ade2c9d3cc8bf \ No newline at end of file diff --git a/SPECS/kernel/config b/SPECS/kernel/config index 4040cf92fe3..9ad651857dc 100644 --- a/SPECS/kernel/config +++ b/SPECS/kernel/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.10.123.1 Kernel Configuration +# Linux/x86_64 5.10.131.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 9.1.0" CONFIG_CC_IS_GCC=y @@ -3072,10 +3072,9 @@ CONFIG_TCG_CRB=y # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TELCLOCK is not set # CONFIG_XILLYBUS is not set -# end of Character devices - CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices # # I2C support @@ -6876,6 +6875,7 @@ CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 CONFIG_CRYPTO_LIB_SHA256=y # end of Crypto library routines +CONFIG_LIB_MEMNEQ=y CONFIG_CRC_CCITT=y CONFIG_CRC16=y CONFIG_CRC_T10DIF=y diff --git a/SPECS/kernel/config_aarch64 b/SPECS/kernel/config_aarch64 index b65b9756ce7..0d299986147 100644 --- a/SPECS/kernel/config_aarch64 +++ b/SPECS/kernel/config_aarch64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 5.10.123.1 Kernel Configuration +# Linux/arm64 5.10.131.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 9.1.0" CONFIG_CC_IS_GCC=y @@ -4159,10 +4159,9 @@ CONFIG_TCG_TIS_ST33ZP24_SPI=m CONFIG_XILLYBUS=m CONFIG_XILLYBUS_PCIE=m CONFIG_XILLYBUS_OF=m -# end of Character devices - # CONFIG_RANDOM_TRUST_CPU is not set # CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices # # I2C support @@ -9008,6 +9007,7 @@ CONFIG_CRYPTO_LIB_POLY1305_GENERIC=m CONFIG_CRYPTO_LIB_SHA256=y # end of Crypto library routines +CONFIG_LIB_MEMNEQ=y CONFIG_CRC_CCITT=y CONFIG_CRC16=y CONFIG_CRC_T10DIF=y diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json index a80f9d6bb6a..1b6a574c67f 100644 --- a/SPECS/kernel/kernel.signatures.json +++ b/SPECS/kernel/kernel.signatures.json @@ -1,9 +1,9 @@ { "Signatures": { "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0", - "config": "258a26d9744bc7138a9f4e2b1260b565646c56e40f1fe19d8cf97caeede39c11", - "config_aarch64": "c0758f9fd58759c4e74140e68b45a2f8b2fccd4605fc934734c9c03e0b5b1029", - "kernel-5.10.123.1.tar.gz": "480ecf777d684ba029397bfb21b7617e68275180c433ec48c4f45e5629ad4bc1", + "config": "b045b1b701e14e4fac4658c732e3a8d49afdcd8d4c8ed0cf7d7a428b97c5e57c", + "config_aarch64": "1aac3c2f4f18a525dd4baecd307f4181b0319d47f213a4e6d14e6794261038f5", + "kernel-5.10.131.1.tar.gz": "648e92ed6c42730054c3c147b52169003dee23b00b0ee2612a48ab4202ebcb35", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f" } } \ No newline at end of file diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec index df98fccfdd2..8454dac1922 100644 --- a/SPECS/kernel/kernel.spec +++ b/SPECS/kernel/kernel.spec @@ -3,7 +3,7 @@ %define uname_r %{version}-%{release} Summary: Linux Kernel Name: kernel -Version: 5.10.123.1 +Version: 5.10.131.1 Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation @@ -636,6 +636,14 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Sun Jul 24 2022 Rachel Menge - 5.10.131.1-1 +- Update source to 5.10.131.1 + +* Wed Jul 06 2022 Max Brodeur-Urbas - 5.10.128.1-1 +- Update source to 5.10.128.1 +- Address CVE-2022-32296, CVE-2022-1652, CVE-2022-1786, CVE-2022-0854, + CVE-2021-20194, CVE-2021-32078, CVE-2021-37159 + * Mon Jun 20 2022 Rachel Menge - 5.10.123.1-1 - Update source to 5.10.123.1 diff --git a/SPECS/libtiff/CVE-2022-2056.patch b/SPECS/libtiff/CVE-2022-2056.patch new file mode 100644 index 00000000000..455212dff4c --- /dev/null +++ b/SPECS/libtiff/CVE-2022-2056.patch @@ -0,0 +1,179 @@ +From dd1bcc7abb26094e93636e85520f0d8f81ab0fab Mon Sep 17 00:00:00 2001 +From: 4ugustus +Date: Sat, 11 Jun 2022 09:31:43 +0000 +Subject: [PATCH] fix the FPE in tiffcrop (#415, #427, and #428) + +--- + libtiff/tif_aux.c | 9 +++++++ + libtiff/tiffiop.h | 1 + + tools/tiffcrop.c | 62 ++++++++++++++++++++++++++--------------------- + 3 files changed, 44 insertions(+), 28 deletions(-) + +diff --git a/libtiff/tif_aux.c b/libtiff/tif_aux.c +index 140f26c7..5b88c8d0 100644 +--- a/libtiff/tif_aux.c ++++ b/libtiff/tif_aux.c +@@ -402,6 +402,15 @@ float _TIFFClampDoubleToFloat( double val ) + return (float)val; + } + ++uint32_t _TIFFClampDoubleToUInt32(double val) ++{ ++ if( val < 0 ) ++ return 0; ++ if( val > 0xFFFFFFFFU || val != val ) ++ return 0xFFFFFFFFU; ++ return (uint32_t)val; ++} ++ + int _TIFFSeekOK(TIFF* tif, toff_t off) + { + /* Huge offsets, especially -1 / UINT64_MAX, can cause issues */ +diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h +index e3af461d..4e8bdac2 100644 +--- a/libtiff/tiffiop.h ++++ b/libtiff/tiffiop.h +@@ -365,6 +365,7 @@ extern double _TIFFUInt64ToDouble(uint64_t); + extern float _TIFFUInt64ToFloat(uint64_t); + + extern float _TIFFClampDoubleToFloat(double); ++extern uint32_t _TIFFClampDoubleToUInt32(double); + + extern tmsize_t + _TIFFReadEncodedStripAndAllocBuffer(TIFF* tif, uint32_t strip, +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index 1f827b2b..90286a5e 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -5268,17 +5268,17 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image, + { + if ((crop->res_unit == RESUNIT_INCH) || (crop->res_unit == RESUNIT_CENTIMETER)) + { +- x1 = (uint32_t) (crop->corners[i].X1 * scale * xres); +- x2 = (uint32_t) (crop->corners[i].X2 * scale * xres); +- y1 = (uint32_t) (crop->corners[i].Y1 * scale * yres); +- y2 = (uint32_t) (crop->corners[i].Y2 * scale * yres); ++ x1 = _TIFFClampDoubleToUInt32(crop->corners[i].X1 * scale * xres); ++ x2 = _TIFFClampDoubleToUInt32(crop->corners[i].X2 * scale * xres); ++ y1 = _TIFFClampDoubleToUInt32(crop->corners[i].Y1 * scale * yres); ++ y2 = _TIFFClampDoubleToUInt32(crop->corners[i].Y2 * scale * yres); + } + else + { +- x1 = (uint32_t) (crop->corners[i].X1); +- x2 = (uint32_t) (crop->corners[i].X2); +- y1 = (uint32_t) (crop->corners[i].Y1); +- y2 = (uint32_t) (crop->corners[i].Y2); ++ x1 = _TIFFClampDoubleToUInt32(crop->corners[i].X1); ++ x2 = _TIFFClampDoubleToUInt32(crop->corners[i].X2); ++ y1 = _TIFFClampDoubleToUInt32(crop->corners[i].Y1); ++ y2 = _TIFFClampDoubleToUInt32(crop->corners[i].Y2); + } + /* a) Region needs to be within image sizes 0.. width-1; 0..length-1 + * b) Corners are expected to be submitted as top-left to bottom-right. +@@ -5357,17 +5357,17 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image, + { + if (crop->res_unit != RESUNIT_INCH && crop->res_unit != RESUNIT_CENTIMETER) + { /* User has specified pixels as reference unit */ +- tmargin = (uint32_t)(crop->margins[0]); +- lmargin = (uint32_t)(crop->margins[1]); +- bmargin = (uint32_t)(crop->margins[2]); +- rmargin = (uint32_t)(crop->margins[3]); ++ tmargin = _TIFFClampDoubleToUInt32(crop->margins[0]); ++ lmargin = _TIFFClampDoubleToUInt32(crop->margins[1]); ++ bmargin = _TIFFClampDoubleToUInt32(crop->margins[2]); ++ rmargin = _TIFFClampDoubleToUInt32(crop->margins[3]); + } + else + { /* inches or centimeters specified */ +- tmargin = (uint32_t)(crop->margins[0] * scale * yres); +- lmargin = (uint32_t)(crop->margins[1] * scale * xres); +- bmargin = (uint32_t)(crop->margins[2] * scale * yres); +- rmargin = (uint32_t)(crop->margins[3] * scale * xres); ++ tmargin = _TIFFClampDoubleToUInt32(crop->margins[0] * scale * yres); ++ lmargin = _TIFFClampDoubleToUInt32(crop->margins[1] * scale * xres); ++ bmargin = _TIFFClampDoubleToUInt32(crop->margins[2] * scale * yres); ++ rmargin = _TIFFClampDoubleToUInt32(crop->margins[3] * scale * xres); + } + + if ((lmargin + rmargin) > image->width) +@@ -5397,24 +5397,24 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image, + if (crop->res_unit != RESUNIT_INCH && crop->res_unit != RESUNIT_CENTIMETER) + { + if (crop->crop_mode & CROP_WIDTH) +- width = (uint32_t)crop->width; ++ width = _TIFFClampDoubleToUInt32(crop->width); + else + width = image->width - lmargin - rmargin; + + if (crop->crop_mode & CROP_LENGTH) +- length = (uint32_t)crop->length; ++ length = _TIFFClampDoubleToUInt32(crop->length); + else + length = image->length - tmargin - bmargin; + } + else + { + if (crop->crop_mode & CROP_WIDTH) +- width = (uint32_t)(crop->width * scale * image->xres); ++ width = _TIFFClampDoubleToUInt32(crop->width * scale * image->xres); + else + width = image->width - lmargin - rmargin; + + if (crop->crop_mode & CROP_LENGTH) +- length = (uint32_t)(crop->length * scale * image->yres); ++ length = _TIFFClampDoubleToUInt32(crop->length * scale * image->yres); + else + length = image->length - tmargin - bmargin; + } +@@ -5868,13 +5868,13 @@ computeOutputPixelOffsets (struct crop_mask *crop, struct image_data *image, + { + if (page->res_unit == RESUNIT_INCH || page->res_unit == RESUNIT_CENTIMETER) + { /* inches or centimeters specified */ +- hmargin = (uint32_t)(page->hmargin * scale * page->hres * ((image->bps + 7) / 8)); +- vmargin = (uint32_t)(page->vmargin * scale * page->vres * ((image->bps + 7) / 8)); ++ hmargin = _TIFFClampDoubleToUInt32(page->hmargin * scale * page->hres * ((image->bps + 7) / 8)); ++ vmargin = _TIFFClampDoubleToUInt32(page->vmargin * scale * page->vres * ((image->bps + 7) / 8)); + } + else + { /* Otherwise user has specified pixels as reference unit */ +- hmargin = (uint32_t)(page->hmargin * scale * ((image->bps + 7) / 8)); +- vmargin = (uint32_t)(page->vmargin * scale * ((image->bps + 7) / 8)); ++ hmargin = _TIFFClampDoubleToUInt32(page->hmargin * scale * ((image->bps + 7) / 8)); ++ vmargin = _TIFFClampDoubleToUInt32(page->vmargin * scale * ((image->bps + 7) / 8)); + } + + if ((hmargin * 2.0) > (pwidth * page->hres)) +@@ -5912,13 +5912,13 @@ computeOutputPixelOffsets (struct crop_mask *crop, struct image_data *image, + { + if (page->mode & PAGE_MODE_PAPERSIZE ) + { +- owidth = (uint32_t)((pwidth * page->hres) - (hmargin * 2)); +- olength = (uint32_t)((plength * page->vres) - (vmargin * 2)); ++ owidth = _TIFFClampDoubleToUInt32((pwidth * page->hres) - (hmargin * 2)); ++ olength = _TIFFClampDoubleToUInt32((plength * page->vres) - (vmargin * 2)); + } + else + { +- owidth = (uint32_t)(iwidth - (hmargin * 2 * page->hres)); +- olength = (uint32_t)(ilength - (vmargin * 2 * page->vres)); ++ owidth = _TIFFClampDoubleToUInt32(iwidth - (hmargin * 2 * page->hres)); ++ olength = _TIFFClampDoubleToUInt32(ilength - (vmargin * 2 * page->vres)); + } + } + +@@ -5927,6 +5927,12 @@ computeOutputPixelOffsets (struct crop_mask *crop, struct image_data *image, + if (olength > ilength) + olength = ilength; + ++ if (owidth == 0 || olength == 0) ++ { ++ TIFFError("computeOutputPixelOffsets", "Integer overflow when calculating the number of pages"); ++ exit(EXIT_FAILURE); ++ } ++ + /* Compute the number of pages required for Portrait or Landscape */ + switch (page->orient) + { +-- +GitLab diff --git a/SPECS/libtiff/CVE-2022-2057.nopatch b/SPECS/libtiff/CVE-2022-2057.nopatch new file mode 100644 index 00000000000..2a81707e3e0 --- /dev/null +++ b/SPECS/libtiff/CVE-2022-2057.nopatch @@ -0,0 +1 @@ +The CVE-2022-2056.patch also fixes CVE-2022-2057. \ No newline at end of file diff --git a/SPECS/libtiff/CVE-2022-2058.nopatch b/SPECS/libtiff/CVE-2022-2058.nopatch new file mode 100644 index 00000000000..33da7bada6c --- /dev/null +++ b/SPECS/libtiff/CVE-2022-2058.nopatch @@ -0,0 +1 @@ +The CVE-2022-2056.patch also fixes CVE-2022-2058. \ No newline at end of file diff --git a/SPECS/libtiff/libtiff.spec b/SPECS/libtiff/libtiff.spec index c3a696b5f3c..0b20969581e 100644 --- a/SPECS/libtiff/libtiff.spec +++ b/SPECS/libtiff/libtiff.spec @@ -1,7 +1,7 @@ Summary: TIFF libraries and associated utilities. Name: libtiff Version: 4.4.0 -Release: 1%{?dist} +Release: 2%{?dist} License: libtiff URL: https://gitlab.com/libtiff/libtiff Group: System Environment/Libraries @@ -9,7 +9,9 @@ Vendor: Microsoft Corporation Distribution: Mariner Source0: https://gitlab.com/libtiff/libtiff/-/archive/v%{version}/libtiff-v%{version}.tar.gz # CVE-2020-35522 also covers 35521. -Patch0: CVE-2020-35521.nopatch +Patch0: CVE-2020-35521.nopatch +# Also fixes CVE-2022-2057 and CVE-2022-2058. +Patch1: CVE-2022-2056.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -65,6 +67,9 @@ make %{?_smp_mflags} -k check %{_datadir}/man/man3/* %changelog +* Fri Jul 15 2022 Mandeep Plaha - 4.4.0-2 +- Patch CVE-2022-2056, CVE-2022-2057, and CVE-2022-2058 + * Tue Jun 28 2022 Suresh Babu Chalamalasetty - 4.4.0-1 - Upgrade version to 4.4.0 to fix CVE-2022-0908 - Remove patches that no longer apply diff --git a/SPECS/mariner-release/mariner-release.spec b/SPECS/mariner-release/mariner-release.spec index 68f2d4e5779..3678ad97bdf 100644 --- a/SPECS/mariner-release/mariner-release.spec +++ b/SPECS/mariner-release/mariner-release.spec @@ -1,7 +1,7 @@ Summary: CBL-Mariner release files Name: mariner-release Version: 1.0 -Release: 42%{?dist} +Release: 43%{?dist} License: MIT Group: System Environment/Base URL: https://aka.ms/cbl-mariner @@ -67,6 +67,8 @@ rm -rf $RPM_BUILD_ROOT %config(noreplace) /etc/issue.net %changelog +* Wed Aug 04 2022 Andrew Phelps - 1.0-43 +- Updating version for August update. * Fri Jul 08 2022 Jon Slobodzian - 1.0-42 - Updating version for July Update. * Tue Jun 07 2022 Jon Slobodzian - 1.0-41 diff --git a/SPECS/mariner-repos/mariner-official-base.repo b/SPECS/mariner-repos/mariner-official-base.repo index 212ac025015..943e11a70cf 100755 --- a/SPECS/mariner-repos/mariner-official-base.repo +++ b/SPECS/mariner-repos/mariner-official-base.repo @@ -7,3 +7,13 @@ repo_gpgcheck=1 enabled=1 skip_if_unavailable=True sslverify=1 + +[mariner-official-base-source] +name=CBL-Mariner Official Base $releasever Source +baseurl=https://packages.microsoft.com/cbl-mariner/$releasever/prod/base/srpms +gpgkey=file:///etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY file:///etc/pki/rpm-gpg/MICROSOFT-METADATA-GPG-KEY +gpgcheck=1 +repo_gpgcheck=1 +enabled=0 +skip_if_unavailable=True +sslverify=1 diff --git a/SPECS/mariner-repos/mariner-official-update.repo b/SPECS/mariner-repos/mariner-official-update.repo index 0df1f91a1c6..b50aa26978a 100755 --- a/SPECS/mariner-repos/mariner-official-update.repo +++ b/SPECS/mariner-repos/mariner-official-update.repo @@ -7,3 +7,13 @@ repo_gpgcheck=1 enabled=1 skip_if_unavailable=True sslverify=1 + +[mariner-official-update-source] +name=CBL-Mariner Official Update $releasever Source +baseurl=https://packages.microsoft.com/cbl-mariner/$releasever/prod/update/srpms +gpgkey=file:///etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY file:///etc/pki/rpm-gpg/MICROSOFT-METADATA-GPG-KEY +gpgcheck=1 +repo_gpgcheck=1 +enabled=0 +skip_if_unavailable=True +sslverify=1 diff --git a/SPECS/mariner-repos/mariner-preview.repo b/SPECS/mariner-repos/mariner-preview.repo index 67d6673c138..4ec8a21d3f0 100755 --- a/SPECS/mariner-repos/mariner-preview.repo +++ b/SPECS/mariner-repos/mariner-preview.repo @@ -7,3 +7,13 @@ repo_gpgcheck=1 enabled=1 skip_if_unavailable=True sslverify=1 + +[mariner-preview-source] +name=CBL-Mariner Official Preview $releasever Source +baseurl=https://packages.microsoft.com/cbl-mariner/$releasever/preview/update/srpms +gpgkey=file:///etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY file:///etc/pki/rpm-gpg/MICROSOFT-METADATA-GPG-KEY +gpgcheck=1 +repo_gpgcheck=1 +enabled=0 +skip_if_unavailable=True +sslverify=1 diff --git a/SPECS/mariner-repos/mariner-repos.signatures.json b/SPECS/mariner-repos/mariner-repos.signatures.json index 51a35f58757..18f1e750bff 100644 --- a/SPECS/mariner-repos/mariner-repos.signatures.json +++ b/SPECS/mariner-repos/mariner-repos.signatures.json @@ -4,11 +4,11 @@ "MICROSOFT-RPM-GPG-KEY": "1092f37ec429e58bf9c7f898df17c3c32eb2ce3c4c037afb8ffe2d2b42e16e89", "mariner-extras.repo": "fb4830c8c7d658e7721ae8049eff5d1d8d47433e6e8fa3e9f5f6169855df29ce", "mariner-extras-preview.repo": "f2ec9ac247d75de3d8a21089a25855e47d081aed265ff906d052f41df9496530", - "mariner-official-base.repo": "af485f85c5c856536c6ec2f73f0afd1d9c424396fce1c9ae6f40745a5f41503d", - "mariner-official-update.repo": "d80ed87ba6cf1e535131a9a68499b832dc87fc9add29cbae0f6cc76ebc36fbf3", - "mariner-preview.repo": "7b5731bce3d0c81647144822a886a01912e325db10f7519e105b5224a25f1568", - "mariner-ui.repo": "3e434c6418de638ff919f373f666866d0e075b8f26deeec4b96fb47e1d62d9b3", - "mariner-ui-preview.repo": "77a094a136cab2a927cffe92753e853f44b28607010cf48af7a2781edb7aded0", + "mariner-official-base.repo": "cbfc9ae9eaa31b3213e379d349949a40e21f71469a8551ab9cc904645bfab7cf", + "mariner-official-update.repo": "ec3ff6f65ac1898bc3a8c07919f770e9a6c1f75966838939127af531089321c0", + "mariner-preview.repo": "719e7f9a7eeeae5629cc5704fdce181c17aca7bf2ba31355d09c240c7628cd5e", + "mariner-ui.repo": "85a481318f5ccc53fec4ed22ea7b537810141e084789f8475dd35e383af60aa6", + "mariner-ui-preview.repo": "7744315c45b518910173efc346d56dc3bb4a9eb673c223a2e394cae1ec6f169e", "mariner-microsoft.repo": "135b5d5b925fd351cdd3db9063895dc79eb6d6c49d891d6507a5acd8a0c6effc", "mariner-microsoft-preview.repo": "92e7b972026de175bf744525a8a2e40cff94b1cd5d6489a12d024ec57da02de3" } diff --git a/SPECS/mariner-repos/mariner-repos.spec b/SPECS/mariner-repos/mariner-repos.spec index d1de92d900c..6de8393cf44 100644 --- a/SPECS/mariner-repos/mariner-repos.spec +++ b/SPECS/mariner-repos/mariner-repos.spec @@ -1,7 +1,7 @@ Summary: CBL-Mariner repo files, gpg keys Name: mariner-repos Version: 1.0 -Release: 14%{?dist} +Release: 15%{?dist} License: Apache License Group: System Environment/Base URL: https://aka.ms/mariner @@ -83,7 +83,6 @@ Requires: %{name} = %{version}-%{release} %description microsoft-preview %{summary} - %install rm -rf $RPM_BUILD_ROOT export REPO_DIRECTORY="$RPM_BUILD_ROOT/etc/yum.repos.d" @@ -154,6 +153,9 @@ gpg --batch --yes --delete-keys 2BC94FFF7015A5F28F1537AD0CD9FED33135CE90 %config(noreplace) /etc/yum.repos.d/mariner-microsoft-preview.repo %changelog +* Thu Jul 14 2022 Andrew Phelps - 1.0-15 +- Add SRPMS repos for base, update, and coreui (all disabled by default) + * Tue Jul 13 2021 Jon Slobodzian - 1.0-14 - Add microsoft and microsoft-preview repo configuration packages. - These repos offer Mariner packages produced by partner teams within Microsoft on diff --git a/SPECS/mariner-repos/mariner-ui-preview.repo b/SPECS/mariner-repos/mariner-ui-preview.repo index 06293b6beb2..9ec965a21b8 100755 --- a/SPECS/mariner-repos/mariner-ui-preview.repo +++ b/SPECS/mariner-repos/mariner-ui-preview.repo @@ -7,3 +7,13 @@ repo_gpgcheck=1 enabled=1 skip_if_unavailable=True sslverify=1 + +[mariner-ui-preview-source] +name=CBL-Mariner UI Official Preview $releasever Source +baseurl=https://packages.microsoft.com/cbl-mariner/$releasever/preview/coreui/srpms +gpgkey=file:///etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY file:///etc/pki/rpm-gpg/MICROSOFT-METADATA-GPG-KEY +gpgcheck=1 +repo_gpgcheck=1 +enabled=0 +skip_if_unavailable=True +sslverify=1 diff --git a/SPECS/mariner-repos/mariner-ui.repo b/SPECS/mariner-repos/mariner-ui.repo index b5cea1300e9..1442c4d3384 100755 --- a/SPECS/mariner-repos/mariner-ui.repo +++ b/SPECS/mariner-repos/mariner-ui.repo @@ -7,3 +7,13 @@ repo_gpgcheck=1 enabled=1 skip_if_unavailable=True sslverify=1 + +[mariner-ui-source] +name=CBL-Mariner UI Official $releasever Source +baseurl=https://packages.microsoft.com/cbl-mariner/$releasever/prod/coreui/srpms +gpgkey=file:///etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY file:///etc/pki/rpm-gpg/MICROSOFT-METADATA-GPG-KEY +gpgcheck=1 +repo_gpgcheck=1 +enabled=0 +skip_if_unavailable=True +sslverify=1 diff --git a/SPECS/nodejs/nodejs.signatures.json b/SPECS/nodejs/nodejs.signatures.json index 180c8b0fe0d..2f68c033112 100644 --- a/SPECS/nodejs/nodejs.signatures.json +++ b/SPECS/nodejs/nodejs.signatures.json @@ -1,6 +1,6 @@ { "Signatures": { - "node-v14.18.3-clean.tar.xz": "51fa0865b597e131219e6a6398961b372d773b72d28e3c75524154bd2792e0bd", - "clean-source-tarball.sh": "ab579872ec2f4e85a00fc1651b40a26876012256c722c3701ef3cdcb378c93d5" + "node-v14.20.0-clean.tar.xz": "ef614adf3a42e8aedefd374c3cd6f1510c3ee8d5cd3e6ea959763fe64c41adbb", + "clean-source-tarball.sh": "ab579872ec2f4e85a00fc1651b40a26876012256c722c3701ef3cdcb378c93d5" } } diff --git a/SPECS/nodejs/nodejs.spec b/SPECS/nodejs/nodejs.spec index 4b1b8bd9f23..0655f4caa3a 100644 --- a/SPECS/nodejs/nodejs.spec +++ b/SPECS/nodejs/nodejs.spec @@ -1,6 +1,6 @@ Summary: A JavaScript runtime built on Chrome's V8 JavaScript engine. Name: nodejs -Version: 14.18.3 +Version: 14.20.0 Release: 1%{?dist} License: BSD and MIT and Public Domain and naist-2003 Vendor: Microsoft Corporation @@ -80,6 +80,9 @@ make cctest %{_datadir}/systemtap/tapset/node.stp %changelog +* Wed Jul 27 2022 Neha Agarwal - 14.20.0-1 +- Update to v14.20.0 to fix CVE-2022-32213, CVE-2022-32214, CVE-2022-32215. + * Wed Mar 09 2022 Pawel Winogrodzki - 14.18.3-1 - Update to version 14.18.3 to fix CVE-2021-44531. diff --git a/SPECS/postgresql/postgresql.signatures.json b/SPECS/postgresql/postgresql.signatures.json index 5dc58412ec7..dde6f101154 100644 --- a/SPECS/postgresql/postgresql.signatures.json +++ b/SPECS/postgresql/postgresql.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "postgresql-12.7.tar.bz2": "8490741f47c88edc8b6624af009ce19fda4dc9b31c4469ce2551d84075d5d995" + "postgresql-12.8.tar.bz2": "e26401e090c34ccb15ffb33a111f340833833535a7b7c5cd11cd88ab57d9c62a" } } \ No newline at end of file diff --git a/SPECS/postgresql/postgresql.spec b/SPECS/postgresql/postgresql.spec index a4ea007f872..6cc17b90191 100644 --- a/SPECS/postgresql/postgresql.spec +++ b/SPECS/postgresql/postgresql.spec @@ -1,7 +1,7 @@ Summary: PostgreSQL database engine Name: postgresql -Version: 12.7 -Release: 2%{?dist} +Version: 12.8 +Release: 1%{?dist} License: PostgreSQL Vendor: Microsoft Corporation Distribution: Mariner @@ -170,6 +170,9 @@ rm -rf %{buildroot}/* %{_libdir}/libpgtypes.a %changelog +* Tue Jul 26 2022 Neha Agarwal - 12.8-1 +- Update to v12.8 resolve CVE-2021-3677. + * Tue Mar 15 2022 Muhammad Falak - 12.7-2 - Patch CVE-2021-23222 diff --git a/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec b/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec index 62cc6cad2a3..bf63b006047 100644 --- a/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec +++ b/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec @@ -2,7 +2,7 @@ Summary: Prebuilt version of ca-certificates-base package. Name: prebuilt-ca-certificates-base Version: 20200720 -Release: 25%{?dist} +Release: 26%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -40,6 +40,9 @@ rm %{buildroot}%{_sysconfdir}/pki/rpm-gpg/* %{_sysconfdir}/pki/java/cacerts %changelog +* Wed Aug 03 2022 CBL-Mariner Service Account - 20200720-26 +- Making 'Release' match with 'ca-certificates'. + * Wed Jun 29 2022 CBL-Mariner Service Account - 20200720-25 - Making 'Release' match with 'ca-certificates'. diff --git a/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec b/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec index c6453166ff3..ff0a8f70187 100644 --- a/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec +++ b/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec @@ -2,7 +2,7 @@ Summary: Prebuilt version of ca-certificates package. Name: prebuilt-ca-certificates Version: 20200720 -Release: 25%{?dist} +Release: 26%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -47,6 +47,9 @@ rm %{buildroot}%{_sysconfdir}/pki/rpm-gpg/* %{_sysconfdir}/pki/java/cacerts %changelog +* Wed Aug 03 2022 CBL-Mariner Service Account - 20200720-26 +- Making 'Release' match with 'ca-certificates'. + * Wed Jun 29 2022 CBL-Mariner Service Account - 20200720-25 - Making 'Release' match with 'ca-certificates'. diff --git a/SPECS/python-jinja2/python-jinja2.signatures.json b/SPECS/python-jinja2/python-jinja2.signatures.json index 7302b28292b..302a9c2ad16 100644 --- a/SPECS/python-jinja2/python-jinja2.signatures.json +++ b/SPECS/python-jinja2/python-jinja2.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "Jinja2-2.10.1.tar.gz": "065c4f02ebe7f7cf559e49ee5a95fb800a9e4528727aec6f24402a5374c65013" + "Jinja2-2.11.3.tar.gz": "a6d58433de0ae800347cab1fa3043cebbabe8baa9d29e668f1c768cb87a333c6" } } \ No newline at end of file diff --git a/SPECS/python-jinja2/python-jinja2.spec b/SPECS/python-jinja2/python-jinja2.spec index f37eb9e84db..5287d675a70 100644 --- a/SPECS/python-jinja2/python-jinja2.spec +++ b/SPECS/python-jinja2/python-jinja2.spec @@ -3,7 +3,7 @@ %{!?python3_version: %define python3_version %(python3 -c "import sys; sys.stdout.write(sys.version[:3])")} Name: python-jinja2 -Version: 2.10.1 +Version: 2.11.3 Release: 1%{?dist} Url: https://jinja.pocoo.org/ Summary: A fast and easy to use template engine written in pure Python @@ -11,7 +11,7 @@ License: BSD Group: Development/Languages/Python Vendor: Microsoft Corporation Distribution: Mariner -Source0: https://files.pythonhosted.org/packages/93/ea/d884a06f8c7f9b7afbc8138b762e80479fb17aedbbe2b06515a12de9378d/Jinja2-%{version}.tar.gz +Source0: https://files.pythonhosted.org/packages/source/J/Jinja2/Jinja2-%{version}.tar.gz BuildRequires: python2 BuildRequires: python2-libs BuildRequires: python-setuptools @@ -48,10 +48,10 @@ cp -a . ../p3dir %build python2 setup.py build -sed -i 's/\r$//' LICENSE # Fix wrong EOL encoding +sed -i 's/\r$//' LICENSE.rst # Fix wrong EOL encoding pushd ../p3dir python3 setup.py install --prefix=%{_prefix} --root=%{buildroot} -sed -i 's/\r$//' LICENSE # Fix wrong EOL encoding +sed -i 's/\r$//' LICENSE.rst # Fix wrong EOL encoding popd %install @@ -65,36 +65,46 @@ make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck} %files %defattr(-,root,root) -%doc AUTHORS -%license LICENSE +%license LICENSE.rst %{python2_sitelib}/jinja2 %{python2_sitelib}/Jinja2-%{version}-py%{python_version}.egg-info %files -n python3-jinja2 %defattr(-,root,root) -%doc AUTHORS -%license LICENSE +%license LICENSE.rst %{python3_sitelib}/jinja2 %{python3_sitelib}/Jinja2-%{version}-py%{python3_version}.egg-info %changelog -* Wed Mar 18 2020 Henry Beberman 2.10.1-1 -- Update to 2.10.1. License verified. -* Tue Sep 03 2019 Mateusz Malisz 2.10-2 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Sun Sep 09 2018 Tapas Kundu 2.10-1 -- Update to version 2.10 -* Tue Jun 20 2017 Xiaolin Li 2.9.5-6 -- Add python3-setuptools and python3-xml to python3 sub package Buildrequires. -* Thu Jun 15 2017 Dheeraj Shetty 2.9.5-5 -- Change python to python2 -* Mon Jun 12 2017 Kumar Kaushik 2.9.5-4 -- Fixing import error in python3. -* Wed Apr 26 2017 Dheeraj Shetty 2.9.5-3 -- BuildRequires python-markupsafe , creating subpackage python3-jinja2 -* Tue Apr 25 2017 Priyesh Padmavilasom 2.9.5-2 -- Fix arch -* Mon Mar 27 2017 Sarah Choi 2.9.5-1 -- Upgrade version to 2.9.5 -* Tue Dec 13 2016 Dheeraj Shetty 2.8-1 -- Initial packaging for Photon +* Tue Jul 26 2022 Neha Agarwal - 2.11.3-1 +- Update to v2.11.3 resolve CVE-2020-28493. + +* Wed Mar 18 2020 Henry Beberman 2.10.1-1 +- Update to 2.10.1. License verified. + +* Tue Sep 03 2019 Mateusz Malisz 2.10-2 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Sun Sep 09 2018 Tapas Kundu 2.10-1 +- Update to version 2.10 + +* Tue Jun 20 2017 Xiaolin Li 2.9.5-6 +- Add python3-setuptools and python3-xml to python3 sub package Buildrequires. + +* Thu Jun 15 2017 Dheeraj Shetty 2.9.5-5 +- Change python to python2 + +* Mon Jun 12 2017 Kumar Kaushik 2.9.5-4 +- Fixing import error in python3. + +* Wed Apr 26 2017 Dheeraj Shetty 2.9.5-3 +- BuildRequires python-markupsafe , creating subpackage python3-jinja2 + +* Tue Apr 25 2017 Priyesh Padmavilasom 2.9.5-2 +- Fix arch + +* Mon Mar 27 2017 Sarah Choi 2.9.5-1 +- Upgrade version to 2.9.5 + +* Tue Dec 13 2016 Dheeraj Shetty 2.8-1 +- Initial packaging for Photon diff --git a/SPECS/python-mistune/CVE-2022-34749.nopatch b/SPECS/python-mistune/CVE-2022-34749.nopatch new file mode 100644 index 00000000000..e01c54942f4 --- /dev/null +++ b/SPECS/python-mistune/CVE-2022-34749.nopatch @@ -0,0 +1,4 @@ +CVE-20222-34749 - The vulnerability applies to mistune/inline_parser.py, +which is only added in later versions of the package (2.0.0+) https://github.com/lepture/mistune/commit/e972e41f3f7101409d8eb1dde2df54b80242e2cb + +Version 0.8.3 is not vulnerable. \ No newline at end of file diff --git a/SPECS/python2/CVE-2021-3733.patch b/SPECS/python2/CVE-2021-3733.patch new file mode 100644 index 00000000000..6532b81f2e2 --- /dev/null +++ b/SPECS/python2/CVE-2021-3733.patch @@ -0,0 +1,25 @@ +diff --git b/.DS_Store b/.DS_Store +new file mode 100644 +index 0000000..5008ddf +Binary files /dev/null and b/.DS_Store differ +diff --git a/Lib/urllib2.py b/Lib/urllib2.py +index 8b634ad..104d013 100644 +--- a/Lib/urllib2.py ++++ b/Lib/urllib2.py +@@ -856,7 +856,7 @@ class AbstractBasicAuthHandler: + + # allow for double- and single-quoted realm values + # (single quotes are a violation of the RFC, but appear in the wild) +- rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+' ++ rx = re.compile('(?:.*,)*[ \t]*([^ \t,]+)[ \t]+' + 'realm=(["\']?)([^"\']*)\\2', re.I) + + # XXX could pre-emptively send auth info already accepted (RFC 2617, +diff --git b/Misc/NEWS.d/next/Security/2021-01-31-05-28-14.bpo-43075.DoAXqO.rst b/Misc/NEWS.d/next/Security/2021-01-31-05-28-14.bpo-43075.DoAXqO.rst +new file mode 100644 +index 0000000..1c9f727 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2021-01-31-05-28-14.bpo-43075.DoAXqO.rst +@@ -0,0 +1 @@ ++Fix Regular Expression Denial of Service (ReDoS) vulnerability in :class:`urllib.request.AbstractBasicAuthHandler`. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server. + diff --git a/SPECS/python2/python2.spec b/SPECS/python2/python2.spec index b0157969d12..3c7bccb902b 100644 --- a/SPECS/python2/python2.spec +++ b/SPECS/python2/python2.spec @@ -3,7 +3,7 @@ Summary: A high-level scripting language Name: python2 Version: 2.7.18 -Release: 9%{?dist} +Release: 10%{?dist} License: PSF URL: http://www.python.org/ Group: System Environment/Programming @@ -37,6 +37,9 @@ Patch13: CVE-2021-23336.patch # CVE-2022-0391 patch backported from 3.7 courtesy of openSUSE # https://build.opensuse.org/package/view_file/openSUSE:Factory/python/CVE-2022-0391-urllib_parse-newline-parsing.patch?expand=1 Patch14: CVE-2022-0391.patch +# CVE-2021-3733 patch backported from 3.11 courtesy of openSUSE +# https://build.opensuse.org/package/view_file/openSUSE:Factory/python/CVE-2021-3733-fix-ReDoS-in-request.patch?expand=1 +Patch15: CVE-2021-3733.patch BuildRequires: pkg-config >= 0.28 BuildRequires: bzip2-devel BuildRequires: openssl-devel @@ -249,6 +252,9 @@ make test %{_libdir}/python2.7/test/* %changelog +* Fri Jul 15 2022 Mandeep Plaha - 2.7.18-10 +- Patch CVE-2021-3733 + * Fri Feb 18 2022 Cameron Baird - 2.7.18-9 - Patch CVE-2022-0391 diff --git a/SPECS/selinux-policy/0039-unconfined-Manage-own-fds.patch b/SPECS/selinux-policy/0039-unconfined-Manage-own-fds.patch new file mode 100644 index 00000000000..0b3b24deb79 --- /dev/null +++ b/SPECS/selinux-policy/0039-unconfined-Manage-own-fds.patch @@ -0,0 +1,29 @@ +From d8884f88c40667c4b1118044b8e47f58bc54b92e Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Wed, 15 Jun 2022 14:43:12 +0000 +Subject: [PATCH 39/39] unconfined: Manage own fds. + +Signed-off-by: Chris PeBenito +--- + policy/modules/system/unconfined.if | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/policy/modules/system/unconfined.if b/policy/modules/system/unconfined.if +index 4393242d5..c4818431c 100644 +--- a/policy/modules/system/unconfined.if ++++ b/policy/modules/system/unconfined.if +@@ -48,8 +48,9 @@ interface(`unconfined_domain_noaudit',` + # Transition to myself, to make get_ordered_context_list happy. + allow $1 self:process transition; + +- # Write access is for setting attributes under /proc/self/attr. +- allow $1 self:file rw_file_perms; ++ # Write access is for setting attributes under /proc/self/attr ++ # and to manipulate fds. ++ manage_files_pattern($1, self, self) + + # Userland object managers + allow $1 self:nscd { getpwd getgrp gethost getstat admin shmempwd shmemgrp shmemhost getserv shmemserv }; +-- +2.25.1 + diff --git a/SPECS/selinux-policy/0040-usermanage-Add-sysctl-access-for-groupadd-to-get-num.patch b/SPECS/selinux-policy/0040-usermanage-Add-sysctl-access-for-groupadd-to-get-num.patch new file mode 100644 index 00000000000..8f39fb89872 --- /dev/null +++ b/SPECS/selinux-policy/0040-usermanage-Add-sysctl-access-for-groupadd-to-get-num.patch @@ -0,0 +1,29 @@ +From 3a4a1e8f5d5b070f17487439c85cb2f192d66aff Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Thu, 7 Jul 2022 13:43:07 +0000 +Subject: [PATCH 40/42] usermanage: Add sysctl access for groupadd to get + number of groups. + +Signed-off-by: Chris PeBenito +--- + policy/modules/admin/usermanage.te | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te +index 17c8f080c..0b3013181 100644 +--- a/policy/modules/admin/usermanage.te ++++ b/policy/modules/admin/usermanage.te +@@ -202,6 +202,10 @@ allow groupadd_t self:unix_stream_socket create_stream_socket_perms; + allow groupadd_t self:unix_dgram_socket sendto; + allow groupadd_t self:unix_stream_socket connectto; + ++# for getting the number of groups ++kernel_read_kernel_sysctls(groupadd_t) ++kernel_dontaudit_getattr_proc(groupadd_t) ++ + fs_getattr_xattr_fs(groupadd_t) + fs_search_auto_mountpoints(groupadd_t) + +-- +2.25.1 + diff --git a/SPECS/selinux-policy/0041-systemd-systemd-cgroups-reads-kernel.cap_last_cap-sy.patch b/SPECS/selinux-policy/0041-systemd-systemd-cgroups-reads-kernel.cap_last_cap-sy.patch new file mode 100644 index 00000000000..b1fc9f7583e --- /dev/null +++ b/SPECS/selinux-policy/0041-systemd-systemd-cgroups-reads-kernel.cap_last_cap-sy.patch @@ -0,0 +1,28 @@ +From 626c8371c24a32967208b8cb16cf229bf46645be Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Thu, 7 Jul 2022 13:45:12 +0000 +Subject: [PATCH 41/42] systemd: systemd-cgroups reads kernel.cap_last_cap + sysctl. + +Signed-off-by: Chris PeBenito +--- + policy/modules/system/systemd.te | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te +index 96ffdc19b..019948b54 100644 +--- a/policy/modules/system/systemd.te ++++ b/policy/modules/system/systemd.te +@@ -384,6 +384,9 @@ fs_register_binary_executable_type(systemd_binfmt_t) + allow systemd_cgroups_t self:capability net_admin; + + kernel_domtrans_to(systemd_cgroups_t, systemd_cgroups_exec_t) ++# read kernel.cap_last_cap ++kernel_read_kernel_sysctls(systemd_cgroups_t) ++kernel_dontaudit_getattr_proc(systemd_cgroups_t) + # for /proc/cmdline + kernel_read_system_state(systemd_cgroups_t) + +-- +2.25.1 + diff --git a/SPECS/selinux-policy/0042-kernel-hv_utils-shutdown-on-systemd-systems.patch b/SPECS/selinux-policy/0042-kernel-hv_utils-shutdown-on-systemd-systems.patch new file mode 100644 index 00000000000..6e8865191bd --- /dev/null +++ b/SPECS/selinux-policy/0042-kernel-hv_utils-shutdown-on-systemd-systems.patch @@ -0,0 +1,29 @@ +From 8ad2e4301730bc7a5a07a7ca101f6e114abc1fe6 Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Thu, 7 Jul 2022 13:58:15 +0000 +Subject: [PATCH 42/42] kernel: hv_utils shutdown on systemd systems. + +Signed-off-by: Chris PeBenito +--- + policy/modules/kernel/kernel.te | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te +index 30e34bec5..00d49136c 100644 +--- a/policy/modules/kernel/kernel.te ++++ b/policy/modules/kernel/kernel.te +@@ -380,6 +380,11 @@ ifdef(`init_systemd',` + dev_filetrans_input_dev(kernel_t) + ') + ++ optional_policy(` ++ systemd_start_power_units(kernel_t) ++ systemd_status_power_units(kernel_t) ++ ') ++ + optional_policy(` + selinux_compute_create_context(kernel_t) + ') +-- +2.25.1 + diff --git a/SPECS/selinux-policy/0043-Container-Minor-fixes-from-interactive-container-use.patch b/SPECS/selinux-policy/0043-Container-Minor-fixes-from-interactive-container-use.patch new file mode 100644 index 00000000000..e431db1619d --- /dev/null +++ b/SPECS/selinux-policy/0043-Container-Minor-fixes-from-interactive-container-use.patch @@ -0,0 +1,106 @@ +From 15d7214f7675e96440abb01a2db2ea2df78902b4 Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Tue, 19 Jul 2022 19:29:16 +0000 +Subject: [PATCH 43/43] Container: Minor fixes from interactive container use. + +Signed-off-by: Chris PeBenito +--- + policy/modules/kernel/filesystem.if | 19 +++++++++++++++++++ + policy/modules/kernel/kernel.te | 4 ++++ + policy/modules/services/container.te | 7 ++++++- + 3 files changed, 29 insertions(+), 1 deletion(-) + +diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if +index b3e5817b1..4913e969d 100644 +--- a/policy/modules/kernel/filesystem.if ++++ b/policy/modules/kernel/filesystem.if +@@ -906,6 +906,25 @@ interface(`fs_watch_cgroup_files',` + allow $1 cgroup_t:file watch; + ') + ++######################################## ++## ++## Read cgroup symlnks. ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`fs_read_cgroup_symlinks',` ++ gen_require(` ++ type cgroup_t; ++ ') ++ ++ read_lnk_files_pattern($1, cgroup_t, cgroup_t) ++ dev_search_sysfs($1) ++') ++ + ######################################## + ## + ## Create cgroup lnk_files. +diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te +index 00d49136c..55abaa062 100644 +--- a/policy/modules/kernel/kernel.te ++++ b/policy/modules/kernel/kernel.te +@@ -99,6 +99,10 @@ type proc_kcore_t, proc_type; + neverallow ~{ can_dump_kernel kern_unconfined } proc_kcore_t:file ~{ getattr mounton }; + genfscon proc /kcore gen_context(system_u:object_r:proc_kcore_t,mls_systemhigh) + ++optional_policy(` ++ container_mountpoint(proc_kcore_t) ++') ++ + optional_policy(` + init_mountpoint(proc_kcore_t) + ') +diff --git a/policy/modules/services/container.te b/policy/modules/services/container.te +index 709f2e214..0b62f1de8 100644 +--- a/policy/modules/services/container.te ++++ b/policy/modules/services/container.te +@@ -364,6 +364,9 @@ allow container_engine_domain self:icmp_socket create_socket_perms; + allow container_engine_domain self:netlink_route_socket create_netlink_socket_perms; + allow container_engine_domain self:packet_socket create_socket_perms; + ++allow container_engine_domain container_devpts_t:chr_file { rw_chr_file_perms setattr }; ++term_create_pty(container_engine_domain, container_devpts_t) ++ + allow container_engine_domain container_port_t:tcp_socket name_bind; + + dontaudit container_engine_domain container_domain:process { noatsecure rlimitinh siginh }; +@@ -426,6 +429,7 @@ fs_mount_xattr_fs(container_engine_domain) + fs_remount_xattr_fs(container_engine_domain) + fs_unmount_xattr_fs(container_engine_domain) + fs_relabelfrom_xattr_fs(container_engine_domain) ++fs_get_xattr_fs_quotas(container_engine_domain) + + fs_getattr_cgroup(container_engine_domain) + fs_manage_cgroup_dirs(container_engine_domain) +@@ -434,6 +438,7 @@ fs_watch_cgroup_files(container_engine_domain) + fs_mount_cgroup(container_engine_domain) + fs_remount_cgroup(container_engine_domain) + fs_mounton_cgroup(container_engine_domain) ++fs_read_cgroup_symlinks(container_engine_domain) + + fs_list_hugetlbfs(container_engine_domain) + +@@ -445,6 +450,7 @@ kernel_read_network_state(container_engine_domain) + kernel_read_system_state(container_engine_domain) + kernel_rw_net_sysctls(container_engine_domain) + kernel_dontaudit_search_kernel_sysctl(container_engine_domain) ++kernel_getattr_core_if(container_engine_domain) + + selinux_get_fs_mount(container_engine_domain) + selinux_mount_fs(container_engine_domain) +@@ -453,7 +459,6 @@ selinux_unmount_fs(container_engine_domain) + seutil_read_config(container_engine_domain) + seutil_read_default_contexts(container_engine_domain) + +-term_create_pty(container_engine_domain, container_devpts_t) + term_mount_devpts(container_engine_domain) + term_relabel_pty_fs(container_engine_domain) + +-- +2.25.1 + diff --git a/SPECS/selinux-policy/selinux-policy.spec b/SPECS/selinux-policy/selinux-policy.spec index 947345fb1fe..a2b20313e3e 100644 --- a/SPECS/selinux-policy/selinux-policy.spec +++ b/SPECS/selinux-policy/selinux-policy.spec @@ -9,7 +9,7 @@ Summary: SELinux policy Name: selinux-policy Version: %{refpolicy_major}.%{refpolicy_minor} -Release: 7%{?dist} +Release: 10%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -56,6 +56,11 @@ Patch35: 0035-systemd-Fixes-for-coredumps-in-containers.patch Patch36: 0036-container-Allow-container-engines-to-connect-to-http.patch Patch37: 0037-container-Getattr-generic-device-nodes.patch Patch38: 0038-application-Allow-apps-to-use-init-fds.patch +Patch39: 0039-unconfined-Manage-own-fds.patch +Patch40: 0040-usermanage-Add-sysctl-access-for-groupadd-to-get-num.patch +Patch41: 0041-systemd-systemd-cgroups-reads-kernel.cap_last_cap-sy.patch +Patch42: 0042-kernel-hv_utils-shutdown-on-systemd-systems.patch +Patch43: 0043-Container-Minor-fixes-from-interactive-container-use.patch BuildRequires: bzip2 BuildRequires: checkpolicy >= %{CHECKPOLICYVER} BuildRequires: m4 @@ -332,6 +337,16 @@ exit 0 selinuxenabled && semodule -nB exit 0 %changelog +* Tue Jul 19 2022 Chris PeBenito - 2.20220106-10 +- Fixes for interactive container use. + +* Thu Jul 07 2022 Chris PeBenito - 2.20220106-9 +- Add sysctl access for groupadd and systemd-cgroups +- Allow access for hv_utils shutdown sequence access to poweroff.target. + +* Wed Jun 15 2022 Chris PeBenito - 2.20220106-8 +- Unconfined domains can manipulate thier own fds. + * Mon May 23 2022 Chris PeBenito - 2.20220106-7 - Fix previous multipath LVM changes. - Add types for devices. diff --git a/SPECS/vim/vim.signatures.json b/SPECS/vim/vim.signatures.json index 7aa90240a48..913954639c6 100644 --- a/SPECS/vim/vim.signatures.json +++ b/SPECS/vim/vim.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "vim-8.2.5172.tar.gz": "366a45168f59d7218ea22597432e64ac05c2626703b5d8fa70f37bfd674cd2c1" + "vim-9.0.0050.tar.gz": "c93759a46699151e153826a9c87a09265567c6f4a1f71cc5753b24f57dc7a6c9" } } diff --git a/SPECS/vim/vim.spec b/SPECS/vim/vim.spec index 234d398c809..ffb8d747cf6 100755 --- a/SPECS/vim/vim.spec +++ b/SPECS/vim/vim.spec @@ -1,7 +1,7 @@ %define debug_package %{nil} Summary: Text editor Name: vim -Version: 8.2.5172 +Version: 9.0.0050 Release: 1%{?dist} License: Vim Vendor: Microsoft Corporation @@ -121,9 +121,9 @@ fi %{_datarootdir}/vim/vim*/scripts.vim %{_datarootdir}/vim/vim*/spell/* %{_datarootdir}/vim/vim*/syntax/* -%exclude %{_datarootdir}/vim/vim82/syntax/nosyntax.vim -%exclude %{_datarootdir}/vim/vim*/syntax/syntax.vim -%exclude %{_datarootdir}/vim/vim82/autoload/dist/ft.vim +%exclude %{_datarootdir}/vim/vim90/syntax/nosyntax.vim +%exclude %{_datarootdir}/vim/vim90/syntax/syntax.vim +%exclude %{_datarootdir}/vim/vim90/autoload/dist/ft.vim %{_datarootdir}/vim/vim*/tools/* %{_datarootdir}/vim/vim*/tutor/* %{_datarootdir}/vim/vim*/lang/*.vim @@ -179,9 +179,9 @@ fi %{_datarootdir}/vim/vim*/colors/lists/default.vim %{_datarootdir}/vim/vim*/defaults.vim %{_datarootdir}/vim/vim*/filetype.vim -%{_datarootdir}/vim/vim82/syntax/nosyntax.vim -%{_datarootdir}/vim/vim82/syntax/syntax.vim -%{_datarootdir}/vim/vim82/autoload/dist/ft.vim +%{_datarootdir}/vim/vim90/syntax/nosyntax.vim +%{_datarootdir}/vim/vim90/syntax/syntax.vim +%{_datarootdir}/vim/vim90/autoload/dist/ft.vim %{_bindir}/ex %{_bindir}/vi %{_bindir}/view @@ -191,6 +191,9 @@ fi %{_bindir}/vimdiff %changelog +* Wed Jul 13 2022 Mandeep Plaha - 9.0.0050-1 +- Upgrade to 9.0.0050 to fix CVEs: 2022-2257, 2022-2264, 2022-2284, 2022-2285, 2022-2286, 2022-2287 + * Fri Jul 08 2022 Nick Samson - 8.2.5172-1 - Upgrade to 8.2.5172 to fix CVEs: 2022-2207, 2022-2208, 2022-2210, 2022-2206 diff --git a/cgmanifest.json b/cgmanifest.json index 12d8cdb9cf1..5a36120c040 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -2145,8 +2145,8 @@ "type": "other", "other": { "name": "hyperv-daemons", - "version": "5.10.123.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.123.1.tar.gz" + "version": "5.10.131.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.131.1.tar.gz" } } }, @@ -2475,8 +2475,8 @@ "type": "other", "other": { "name": "kernel", - "version": "5.10.123.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.123.1.tar.gz" + "version": "5.10.131.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.131.1.tar.gz" } } }, @@ -2485,8 +2485,8 @@ "type": "other", "other": { "name": "kernel-headers", - "version": "5.10.123.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.123.1.tar.gz" + "version": "5.10.131.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.131.1.tar.gz" } } }, @@ -2495,8 +2495,8 @@ "type": "other", "other": { "name": "kernel-hyperv", - "version": "5.10.123.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.123.1.tar.gz" + "version": "5.10.131.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.131.1.tar.gz" } } }, @@ -4585,8 +4585,8 @@ "type": "other", "other": { "name": "nodejs", - "version": "14.18.3", - "downloadUrl": "https://nodejs.org/download/release/v14.18.3/node-v14.18.3.tar.xz" + "version": "14.20.0", + "downloadUrl": "https://nodejs.org/download/release/v14.20.0/node-v14.20.0.tar.xz" } } }, @@ -5655,8 +5655,8 @@ "type": "other", "other": { "name": "postgresql", - "version": "12.7", - "downloadUrl": "https://ftp.postgresql.org/pub/source/v12.7/postgresql-12.7.tar.bz2" + "version": "12.8", + "downloadUrl": "https://ftp.postgresql.org/pub/source/v12.8/postgresql-12.8.tar.bz2" } } }, @@ -6205,8 +6205,8 @@ "type": "other", "other": { "name": "python-jinja2", - "version": "2.10.1", - "downloadUrl": "https://files.pythonhosted.org/packages/93/ea/d884a06f8c7f9b7afbc8138b762e80479fb17aedbbe2b06515a12de9378d/Jinja2-2.10.1.tar.gz" + "version": "2.11.3", + "downloadUrl": "https://files.pythonhosted.org/packages/source/J/Jinja2/Jinja2-2.11.3.tar.gz" } } }, @@ -8625,8 +8625,8 @@ "type": "other", "other": { "name": "vim", - "version": "8.2.5172", - "downloadUrl": "https://github.com/vim/vim/archive/v8.2.5172.tar.gz" + "version": "9.0.0050", + "downloadUrl": "https://github.com/vim/vim/archive/v9.0.0050.tar.gz" } } }, diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 50b17901da4..e26f16f9ddf 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,5 +1,5 @@ filesystem-1.1-7.cm1.aarch64.rpm -kernel-headers-5.10.123.1-1.cm1.noarch.rpm +kernel-headers-5.10.131.1-1.cm1.noarch.rpm glibc-2.28-23.cm1.aarch64.rpm glibc-devel-2.28-23.cm1.aarch64.rpm glibc-i18n-2.28-23.cm1.aarch64.rpm @@ -58,7 +58,7 @@ findutils-lang-4.6.0-8.cm1.aarch64.rpm gettext-0.19.8.1-5.cm1.aarch64.rpm gzip-1.9-5.cm1.aarch64.rpm make-4.2.1-5.cm1.aarch64.rpm -mariner-release-1.0-42.cm1.noarch.rpm +mariner-release-1.0-43.cm1.noarch.rpm patch-2.7.6-7.cm1.aarch64.rpm util-linux-2.32.1-7.cm1.aarch64.rpm util-linux-devel-2.32.1-7.cm1.aarch64.rpm @@ -157,13 +157,13 @@ npth-1.6-3.cm1.aarch64.rpm pinentry-1.1.0-3.cm1.aarch64.rpm gnupg2-2.2.20-3.cm1.aarch64.rpm gpgme-1.13.1-6.cm1.aarch64.rpm -mariner-repos-1.0-14.cm1.noarch.rpm -mariner-repos-preview-1.0-14.cm1.noarch.rpm +mariner-repos-1.0-15.cm1.noarch.rpm +mariner-repos-preview-1.0-15.cm1.noarch.rpm libffi-3.2.1-12.cm1.aarch64.rpm libtasn1-4.14-2.cm1.aarch64.rpm p11-kit-0.23.22-1.cm1.aarch64.rpm p11-kit-trust-0.23.22-1.cm1.aarch64.rpm -ca-certificates-shared-20200720-25.cm1.noarch.rpm -ca-certificates-tools-20200720-25.cm1.noarch.rpm -ca-certificates-base-20200720-25.cm1.noarch.rpm +ca-certificates-shared-20200720-26.cm1.noarch.rpm +ca-certificates-tools-20200720-26.cm1.noarch.rpm +ca-certificates-base-20200720-26.cm1.noarch.rpm libselinux-3.2-1.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 5587e9afe06..6b65a2fe8cf 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,5 +1,5 @@ filesystem-1.1-7.cm1.x86_64.rpm -kernel-headers-5.10.123.1-1.cm1.noarch.rpm +kernel-headers-5.10.131.1-1.cm1.noarch.rpm glibc-2.28-23.cm1.x86_64.rpm glibc-devel-2.28-23.cm1.x86_64.rpm glibc-i18n-2.28-23.cm1.x86_64.rpm @@ -58,7 +58,7 @@ findutils-lang-4.6.0-8.cm1.x86_64.rpm gettext-0.19.8.1-5.cm1.x86_64.rpm gzip-1.9-5.cm1.x86_64.rpm make-4.2.1-5.cm1.x86_64.rpm -mariner-release-1.0-42.cm1.noarch.rpm +mariner-release-1.0-43.cm1.noarch.rpm patch-2.7.6-7.cm1.x86_64.rpm util-linux-2.32.1-7.cm1.x86_64.rpm util-linux-devel-2.32.1-7.cm1.x86_64.rpm @@ -157,13 +157,13 @@ npth-1.6-3.cm1.x86_64.rpm pinentry-1.1.0-3.cm1.x86_64.rpm gnupg2-2.2.20-3.cm1.x86_64.rpm gpgme-1.13.1-6.cm1.x86_64.rpm -mariner-repos-1.0-14.cm1.noarch.rpm -mariner-repos-preview-1.0-14.cm1.noarch.rpm +mariner-repos-1.0-15.cm1.noarch.rpm +mariner-repos-preview-1.0-15.cm1.noarch.rpm libffi-3.2.1-12.cm1.x86_64.rpm libtasn1-4.14-2.cm1.x86_64.rpm p11-kit-0.23.22-1.cm1.x86_64.rpm p11-kit-trust-0.23.22-1.cm1.x86_64.rpm -ca-certificates-shared-20200720-25.cm1.noarch.rpm -ca-certificates-tools-20200720-25.cm1.noarch.rpm -ca-certificates-base-20200720-25.cm1.noarch.rpm +ca-certificates-shared-20200720-26.cm1.noarch.rpm +ca-certificates-tools-20200720-26.cm1.noarch.rpm +ca-certificates-base-20200720-26.cm1.noarch.rpm libselinux-3.2-1.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index e11151de87a..9a3b768cc98 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -22,11 +22,11 @@ bzip2-1.0.6-15.cm1.aarch64.rpm bzip2-debuginfo-1.0.6-15.cm1.aarch64.rpm bzip2-devel-1.0.6-15.cm1.aarch64.rpm bzip2-libs-1.0.6-15.cm1.aarch64.rpm -ca-certificates-20200720-25.cm1.noarch.rpm -ca-certificates-base-20200720-25.cm1.noarch.rpm -ca-certificates-legacy-20200720-25.cm1.noarch.rpm -ca-certificates-shared-20200720-25.cm1.noarch.rpm -ca-certificates-tools-20200720-25.cm1.noarch.rpm +ca-certificates-20200720-26.cm1.noarch.rpm +ca-certificates-base-20200720-26.cm1.noarch.rpm +ca-certificates-legacy-20200720-26.cm1.noarch.rpm +ca-certificates-shared-20200720-26.cm1.noarch.rpm +ca-certificates-tools-20200720-26.cm1.noarch.rpm check-0.12.0-4.cm1.aarch64.rpm check-debuginfo-0.12.0-4.cm1.aarch64.rpm cmake-3.21.4-2.cm1.aarch64.rpm @@ -152,7 +152,7 @@ json-c-debuginfo-0.14-3.cm1.aarch64.rpm json-c-devel-0.14-3.cm1.aarch64.rpm kbd-2.0.4-7.cm1.aarch64.rpm kbd-debuginfo-2.0.4-7.cm1.aarch64.rpm -kernel-headers-5.10.123.1-1.cm1.noarch.rpm +kernel-headers-5.10.131.1-1.cm1.noarch.rpm kmod-25-4.cm1.aarch64.rpm kmod-debuginfo-25-4.cm1.aarch64.rpm kmod-devel-25-4.cm1.aarch64.rpm @@ -259,15 +259,15 @@ m4-debuginfo-1.4.18-4.cm1.aarch64.rpm make-4.2.1-5.cm1.aarch64.rpm make-debuginfo-4.2.1-5.cm1.aarch64.rpm mariner-check-macros-1.0-8.cm1.noarch.rpm -mariner-release-1.0-42.cm1.noarch.rpm -mariner-repos-1.0-14.cm1.noarch.rpm -mariner-repos-extras-1.0-14.cm1.noarch.rpm -mariner-repos-extras-preview-1.0-14.cm1.noarch.rpm -mariner-repos-preview-1.0-14.cm1.noarch.rpm -mariner-repos-ui-1.0-14.cm1.noarch.rpm -mariner-repos-ui-preview-1.0-14.cm1.noarch.rpm -mariner-repos-microsoft-1.0-14.cm1.noarch.rpm -mariner-repos-microsoft-preview-1.0-14.cm1.noarch.rpm +mariner-release-1.0-43.cm1.noarch.rpm +mariner-repos-1.0-15.cm1.noarch.rpm +mariner-repos-extras-1.0-15.cm1.noarch.rpm +mariner-repos-extras-preview-1.0-15.cm1.noarch.rpm +mariner-repos-preview-1.0-15.cm1.noarch.rpm +mariner-repos-ui-1.0-15.cm1.noarch.rpm +mariner-repos-ui-preview-1.0-15.cm1.noarch.rpm +mariner-repos-microsoft-1.0-15.cm1.noarch.rpm +mariner-repos-microsoft-preview-1.0-15.cm1.noarch.rpm mariner-rpm-macros-1.0-8.cm1.noarch.rpm meson-0.56.0-1.cm1.noarch.rpm mpfr-4.0.1-3.cm1.aarch64.rpm @@ -346,13 +346,13 @@ procps-ng-3.3.15-3.cm1.aarch64.rpm procps-ng-debuginfo-3.3.15-3.cm1.aarch64.rpm procps-ng-devel-3.3.15-3.cm1.aarch64.rpm procps-ng-lang-3.3.15-3.cm1.aarch64.rpm -python2-2.7.18-9.cm1.aarch64.rpm -python2-debuginfo-2.7.18-9.cm1.aarch64.rpm -python2-devel-2.7.18-9.cm1.aarch64.rpm +python2-2.7.18-10.cm1.aarch64.rpm +python2-debuginfo-2.7.18-10.cm1.aarch64.rpm +python2-devel-2.7.18-10.cm1.aarch64.rpm python2-libcap-ng-0.7.9-3.cm1.aarch64.rpm -python2-libs-2.7.18-9.cm1.aarch64.rpm -python2-test-2.7.18-9.cm1.aarch64.rpm -python2-tools-2.7.18-9.cm1.aarch64.rpm +python2-libs-2.7.18-10.cm1.aarch64.rpm +python2-test-2.7.18-10.cm1.aarch64.rpm +python2-tools-2.7.18-10.cm1.aarch64.rpm python3-audit-3.0-16.cm1.aarch64.rpm python3-cracklib-2.9.7-3.cm1.aarch64.rpm python3-gpg-1.13.1-6.cm1.aarch64.rpm @@ -360,11 +360,11 @@ python3-libcap-ng-0.7.9-3.cm1.aarch64.rpm python3-libxml2-2.9.14-1.cm1.aarch64.rpm python3-pwquality-1.4.2-7.cm1.aarch64.rpm python3-rpm-4.14.2-14.cm1.aarch64.rpm -python-curses-2.7.18-9.cm1.aarch64.rpm +python-curses-2.7.18-10.cm1.aarch64.rpm python-gpg-1.13.1-6.cm1.aarch64.rpm python-rpm-4.14.2-14.cm1.aarch64.rpm python-setuptools-40.2.0-6.cm1.noarch.rpm -python-xml-2.7.18-9.cm1.aarch64.rpm +python-xml-2.7.18-10.cm1.aarch64.rpm readline-7.0-4.cm1.aarch64.rpm readline-debuginfo-7.0-4.cm1.aarch64.rpm readline-devel-7.0-4.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index e1588b10840..79679a188f2 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -22,11 +22,11 @@ bzip2-1.0.6-15.cm1.x86_64.rpm bzip2-debuginfo-1.0.6-15.cm1.x86_64.rpm bzip2-devel-1.0.6-15.cm1.x86_64.rpm bzip2-libs-1.0.6-15.cm1.x86_64.rpm -ca-certificates-20200720-25.cm1.noarch.rpm -ca-certificates-base-20200720-25.cm1.noarch.rpm -ca-certificates-legacy-20200720-25.cm1.noarch.rpm -ca-certificates-shared-20200720-25.cm1.noarch.rpm -ca-certificates-tools-20200720-25.cm1.noarch.rpm +ca-certificates-20200720-26.cm1.noarch.rpm +ca-certificates-base-20200720-26.cm1.noarch.rpm +ca-certificates-legacy-20200720-26.cm1.noarch.rpm +ca-certificates-shared-20200720-26.cm1.noarch.rpm +ca-certificates-tools-20200720-26.cm1.noarch.rpm check-0.12.0-4.cm1.x86_64.rpm check-debuginfo-0.12.0-4.cm1.x86_64.rpm cmake-3.21.4-2.cm1.x86_64.rpm @@ -152,7 +152,7 @@ json-c-debuginfo-0.14-3.cm1.x86_64.rpm json-c-devel-0.14-3.cm1.x86_64.rpm kbd-2.0.4-7.cm1.x86_64.rpm kbd-debuginfo-2.0.4-7.cm1.x86_64.rpm -kernel-headers-5.10.123.1-1.cm1.noarch.rpm +kernel-headers-5.10.131.1-1.cm1.noarch.rpm kmod-25-4.cm1.x86_64.rpm kmod-debuginfo-25-4.cm1.x86_64.rpm kmod-devel-25-4.cm1.x86_64.rpm @@ -259,15 +259,15 @@ m4-debuginfo-1.4.18-4.cm1.x86_64.rpm make-4.2.1-5.cm1.x86_64.rpm make-debuginfo-4.2.1-5.cm1.x86_64.rpm mariner-check-macros-1.0-8.cm1.noarch.rpm -mariner-release-1.0-42.cm1.noarch.rpm -mariner-repos-1.0-14.cm1.noarch.rpm -mariner-repos-extras-1.0-14.cm1.noarch.rpm -mariner-repos-extras-preview-1.0-14.cm1.noarch.rpm -mariner-repos-preview-1.0-14.cm1.noarch.rpm -mariner-repos-ui-1.0-14.cm1.noarch.rpm -mariner-repos-ui-preview-1.0-14.cm1.noarch.rpm -mariner-repos-microsoft-1.0-14.cm1.noarch.rpm -mariner-repos-microsoft-preview-1.0-14.cm1.noarch.rpm +mariner-release-1.0-43.cm1.noarch.rpm +mariner-repos-1.0-15.cm1.noarch.rpm +mariner-repos-extras-1.0-15.cm1.noarch.rpm +mariner-repos-extras-preview-1.0-15.cm1.noarch.rpm +mariner-repos-preview-1.0-15.cm1.noarch.rpm +mariner-repos-ui-1.0-15.cm1.noarch.rpm +mariner-repos-ui-preview-1.0-15.cm1.noarch.rpm +mariner-repos-microsoft-1.0-15.cm1.noarch.rpm +mariner-repos-microsoft-preview-1.0-15.cm1.noarch.rpm mariner-rpm-macros-1.0-8.cm1.noarch.rpm meson-0.56.0-1.cm1.noarch.rpm mpfr-4.0.1-3.cm1.x86_64.rpm @@ -346,13 +346,13 @@ procps-ng-3.3.15-3.cm1.x86_64.rpm procps-ng-debuginfo-3.3.15-3.cm1.x86_64.rpm procps-ng-devel-3.3.15-3.cm1.x86_64.rpm procps-ng-lang-3.3.15-3.cm1.x86_64.rpm -python2-2.7.18-9.cm1.x86_64.rpm -python2-debuginfo-2.7.18-9.cm1.x86_64.rpm -python2-devel-2.7.18-9.cm1.x86_64.rpm +python2-2.7.18-10.cm1.x86_64.rpm +python2-debuginfo-2.7.18-10.cm1.x86_64.rpm +python2-devel-2.7.18-10.cm1.x86_64.rpm python2-libcap-ng-0.7.9-3.cm1.x86_64.rpm -python2-libs-2.7.18-9.cm1.x86_64.rpm -python2-test-2.7.18-9.cm1.x86_64.rpm -python2-tools-2.7.18-9.cm1.x86_64.rpm +python2-libs-2.7.18-10.cm1.x86_64.rpm +python2-test-2.7.18-10.cm1.x86_64.rpm +python2-tools-2.7.18-10.cm1.x86_64.rpm python3-audit-3.0-16.cm1.x86_64.rpm python3-cracklib-2.9.7-3.cm1.x86_64.rpm python3-gpg-1.13.1-6.cm1.x86_64.rpm @@ -360,11 +360,11 @@ python3-libcap-ng-0.7.9-3.cm1.x86_64.rpm python3-libxml2-2.9.14-1.cm1.x86_64.rpm python3-pwquality-1.4.2-7.cm1.x86_64.rpm python3-rpm-4.14.2-14.cm1.x86_64.rpm -python-curses-2.7.18-9.cm1.x86_64.rpm +python-curses-2.7.18-10.cm1.x86_64.rpm python-gpg-1.13.1-6.cm1.x86_64.rpm python-rpm-4.14.2-14.cm1.x86_64.rpm python-setuptools-40.2.0-6.cm1.noarch.rpm -python-xml-2.7.18-9.cm1.x86_64.rpm +python-xml-2.7.18-10.cm1.x86_64.rpm readline-7.0-4.cm1.x86_64.rpm readline-debuginfo-7.0-4.cm1.x86_64.rpm readline-devel-7.0-4.cm1.x86_64.rpm diff --git a/toolkit/scripts/toolchain/container/Dockerfile b/toolkit/scripts/toolchain/container/Dockerfile index a9695059675..0e63a0dae59 100644 --- a/toolkit/scripts/toolchain/container/Dockerfile +++ b/toolkit/scripts/toolchain/container/Dockerfile @@ -69,7 +69,7 @@ COPY [ "./toolchain-sha256sums", \ WORKDIR $LFS/sources RUN wget -nv --no-clobber --timeout=30 --no-check-certificate --continue --input-file=$LFS/tools/toolchain-local-wget-list --directory-prefix=$LFS/sources; exit 0 RUN wget -nv --no-clobber --timeout=30 --continue --input-file=$LFS/tools/toolchain-remote-wget-list --directory-prefix=$LFS/sources; exit 0 -RUN wget -nv --no-clobber --timeout=30 --continue https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.123.1.tar.gz -O kernel-5.10.123.1.tar.gz --directory-prefix=$LFS/sources; exit 0 +RUN wget -nv --no-clobber --timeout=30 --continue https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.131.1.tar.gz -O kernel-5.10.131.1.tar.gz --directory-prefix=$LFS/sources; exit 0 USER root RUN /tools/toolchain-jdk8-wget.sh; exit 0 RUN sha256sum -c $LFS/tools/toolchain-sha256sums && \ diff --git a/toolkit/scripts/toolchain/container/toolchain-sha256sums b/toolkit/scripts/toolchain/container/toolchain-sha256sums index 4bf0307e453..e5d88bab0ab 100644 --- a/toolkit/scripts/toolchain/container/toolchain-sha256sums +++ b/toolkit/scripts/toolchain/container/toolchain-sha256sums @@ -59,7 +59,7 @@ b725c9b2e9793df7bf5d4d300390db11aa27bd98df9f33021d539be9bd603846 jdk8u212-b04-j 13ae78908151ad88ee3b375c72ca3f55a82b5265a3faba97f224f2a9b9d486fc jdk8u212-b04-nashorn.tar.bz2 6d28bdd752c056de98f6faf897b338d6ce8938810d72a69c2f5c1d81d628d44a jdk8u212-b04.tar.bz2 f882210b76376e3fa006b11dbd890e56ec0942bc56e65d1249ff4af86f90b857 kbproto-1.0.7.tar.bz2 -480ecf777d684ba029397bfb21b7617e68275180c433ec48c4f45e5629ad4bc1 kernel-5.10.123.1.tar.gz +648e92ed6c42730054c3c147b52169003dee23b00b0ee2612a48ab4202ebcb35 kernel-5.10.131.1.tar.gz b60d58d12632ecf1e8fad7316dc82c6b9738a35625746b47ecdcaf4aed176176 libarchive-3.4.2.tar.gz b630b7c484271b3ba867680d6a14b10a86cfa67247a14631b14c06731d5a458b libcap-2.26.tar.xz c97da36d2e56a2d7b6e4f896241785acc95e97eb9557465fd66ba2a155a7b201 libdmx-1.1.3.tar.bz2 diff --git a/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh b/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh index 938bf7fcd2b..8affa41590e 100755 --- a/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh +++ b/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh @@ -57,7 +57,7 @@ set -e # cd /sources -KERNEL_VERSION="5.10.123.1" +KERNEL_VERSION="5.10.131.1" echo Linux-${KERNEL_VERSION} API Headers tar xf kernel-${KERNEL_VERSION}.tar.gz pushd CBL-Mariner-Linux-Kernel-rolling-lts-mariner-${KERNEL_VERSION} diff --git a/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh b/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh index 4be5e82ace7..6441b3487e0 100755 --- a/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh +++ b/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh @@ -114,7 +114,7 @@ rm -rf gcc-9.1.0 touch $LFS/logs/temptoolchain/status_gcc_pass1_complete -KERNEL_VERSION="5.10.123.1" +KERNEL_VERSION="5.10.131.1" echo Linux-${KERNEL_VERSION} API Headers tar xf kernel-${KERNEL_VERSION}.tar.gz pushd CBL-Mariner-Linux-Kernel-rolling-lts-mariner-${KERNEL_VERSION}