Merge branch 'main' into 2.0

microsoft · Apr 1, 2024 · e873ade · e873ade
2 parents c5acd4e + 5d9f282
commit e873ade
Show file tree

Hide file tree

Showing 19 changed files with 103 additions and 2,400 deletions.
diff --git a/SPECS-SIGNED/kernel-mshv-signed/kernel-mshv-signed.spec b/SPECS-SIGNED/kernel-mshv-signed/kernel-mshv-signed.spec
@@ -7,7 +7,7 @@
 Summary:        Signed MSHV-enabled Linux Kernel for %{buildarch} systems
 Name:           kernel-mshv-signed-%{buildarch}
 Version:        5.15.126.mshv9
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -66,6 +66,7 @@ Source0:        kernel-mshv-%{version}-%{release}.%{buildarch}.rpm
 Source1:        vmlinuz-%{uname_r}
 Source2:        sha512hmac-openssl.sh
 BuildRequires:  cpio
+BuildRequires:  grub2-rpm-macros
 BuildRequires:  openssl
 BuildRequires:  sed
 
@@ -148,6 +149,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner-mshv.cfg
 %exclude /lib/modules/%{uname_r}/build
 
 %changelog
+* Mon Apr 01 2024 Cameron Baird <[email protected]> - 5.15.126.mshv9-3
+- BuildRequires: grub2-rpm-macros to expand mkconfig configuration requirement
+
 * Thu Jan 04 2024 Cameron Baird <[email protected]> - 5.15.126.mshv9-2
 - Original version for CBL-Mariner.
 - License verified
diff --git a/SPECS/ca-certificates/ca-certificates.signatures.json b/SPECS/ca-certificates/ca-certificates.signatures.json
@@ -11,7 +11,7 @@
     "README.usr": "0d2e90b6cf575678cd9d4f409d92258ef0d676995d4d733acdb2425309a38ff8",
     "bundle2pem.sh": "a61e0d9f34e21456cfe175e9a682f56959240e66dfeb75bd2457226226aa413a",
     "certdata.base.txt": "771a6c9995ea00bb4ce50fd842a252454fe9b26acad8b0568a1055207442db57",
-    "certdata.microsoft.txt": "8eea04b31e73f9e64040a2d905b02f05dc4c6f2e9964919f5921a31c1ace0d02",
+    "certdata.microsoft.txt": "71599549e0fd94f5afe074ef553cb102d0b38eb94fd8ce11fe9c29c33492ed24",
     "certdata2pem.py": "4f5848c14210758f19ab9fdc9ffd83733303a48642a3d47c4d682f904fdc0f33",
     "pem2bundle.sh": "f96a2f0071fb80e30332c0bd95853183f2f49a3c98d5e9fc4716aeeb001e3426",
     "trust-fixes": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",

diff --git a/SPECS/ca-certificates/ca-certificates.spec b/SPECS/ca-certificates/ca-certificates.spec
@@ -45,7 +45,7 @@ Name:           ca-certificates
 # When updating, "Epoch, "Version", AND "Release" tags must be updated in the "prebuilt-ca-certificates*" packages as well.
 Epoch:          1
 Version:        2.0.0
-Release:        15%{?dist}
+Release:        16%{?dist}
 License:        MPLv2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -324,6 +324,9 @@ rm -f %{pkidir}/tls/certs/*.{0,pem}
 %{_bindir}/bundle2pem.sh
 
 %changelog
+* Fri Mar 29 2024 CBL-Mariner Servicing Account <[email protected]> - 2.0.0-16
+- Updating Microsoft trusted root CAs.
+
 * Fri Jan 26 2024 CBL-Mariner Servicing Account <[email protected]> - 2.0.0-15
 - Updating Microsoft trusted root CAs.
 

diff --git a/SPECS/ca-certificates/certdata.microsoft.txt b/SPECS/ca-certificates/certdata.microsoft.txt
diff --git a/SPECS/distroless-packages/distroless-packages.spec b/SPECS/distroless-packages/distroless-packages.spec
@@ -1,7 +1,7 @@
 Summary:        Metapackage with core sets of packages for distroless containers.
 Name:           distroless-packages
 Version:        0.1
-Release:        4%{?dist}
+Release:        3%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -28,7 +28,6 @@ Requires:       %{name}-minimal = %{version}-%{release}
 Requires:       filesystem
 Requires:       glibc-iconv
 Requires:       iana-etc
-Requires:       libgcc
 Requires:       mariner-release
 Requires:       openssl
 Requires:       openssl-libs
@@ -56,9 +55,6 @@ Requires:       busybox
 %files debug
 
 %changelog
-* Mon Mar 25 2024 Mandeep Plaha <[email protected]> - 0.1-4
-- Explicitly add libgcc as a runtime dependency for distroless-base
-
 * Wed Nov 16 2022 Mandeep Plaha <[email protected]> - 0.1-3
 - Replace prebuilt-ca-certificates-base with prebuilt-ca-certificates in minimal
 - Add tzdata to minimal

diff --git a/SPECS/expat/expat.spec b/SPECS/expat/expat.spec
@@ -2,7 +2,7 @@
 Summary:        An XML parser library
 Name:           expat
 Version:        2.6.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -67,12 +67,11 @@ rm -rf %{buildroot}/%{_docdir}/%{name}
 %{_libdir}/libexpat.so.1*
 
 %changelog
+* Thu Mar 28 2024 Aditya Dubey <[email protected]> - 2.6.2-2
+- Removed unnecessary "-p2" argument in "%%autosetup".
+
 * Thu Mar 21 2024 Aditya Dubey <[email protected]> - 2.6.2-1
 - Upgrading to 2.6.2 to fix CVE-2023-52425 and CVE-2023-28757
-- No longer need Patch CVE-2023-52426 since 2.6.2 fixes it
-
-* Thu Mar 07 2024 Saul Paredes <[email protected]> - 2.5.0-2
-- Patch CVE-2023-52426
 
 * Wed Oct 26 2022 CBL-Mariner Servicing Account <[email protected]> - 2.5.0-1
 - Upgrade to 2.5.0

diff --git a/SPECS/kernel-mshv/kernel-mshv.spec b/SPECS/kernel-mshv/kernel-mshv.spec
@@ -11,7 +11,7 @@
 Summary:        Mariner kernel that has MSHV Host support
 Name:           kernel-mshv
 Version:        5.15.126.mshv9
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        GPLv2
 Group:          Development/Tools
 Vendor:         Microsoft Corporation
@@ -248,6 +248,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner-mshv.cfg
 %{_includedir}/perf/perf_dlfilter.h
 
 %changelog
+* Mon Apr 01 2024 Cameron Baird <[email protected]> - 5.15.126.mshv9-3
+- Bump release to match kernel-mshv-signed package
+
 * Mon Nov 20 2023 Rachel Menge <[email protected]> - 5.15.126.mshv9-2
 - Add cpio as BuildRequires
 

diff --git a/SPECS/libreswan/CVE-2023-38710.patch b/SPECS/libreswan/CVE-2023-38710.patch
diff --git a/SPECS/libreswan/CVE-2023-38711.patch b/SPECS/libreswan/CVE-2023-38711.patch