From a5a46d4270426ef6cb998fd7761fc4b13590c34d Mon Sep 17 00:00:00 2001 From: Christopher Co <35273088+christopherco@users.noreply.github.com> Date: Mon, 23 May 2022 11:05:27 -0700 Subject: [PATCH 01/21] qemu: add patch for CVE-2022-26353 (#3042) Signed-off-by: Chris Co --- SPECS/qemu/CVE-2022-26353.patch | 39 +++++++++++++++++++++++++++++++++ SPECS/qemu/qemu.spec | 6 ++++- 2 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 SPECS/qemu/CVE-2022-26353.patch diff --git a/SPECS/qemu/CVE-2022-26353.patch b/SPECS/qemu/CVE-2022-26353.patch new file mode 100644 index 00000000000..13ef3f3801d --- /dev/null +++ b/SPECS/qemu/CVE-2022-26353.patch @@ -0,0 +1,39 @@ +From abe300d9d894f7138e1af7c8e9c88c04bfe98b37 Mon Sep 17 00:00:00 2001 +From: Jason Wang +Date: Tue, 8 Mar 2022 10:42:51 +0800 +Subject: [PATCH] virtio-net: fix map leaking on error during receive + +Commit bedd7e93d0196 ("virtio-net: fix use after unmap/free for sg") +tries to fix the use after free of the sg by caching the virtqueue +elements in an array and unmap them at once after receiving the +packets, But it forgot to unmap the cached elements on error which +will lead to leaking of mapping and other unexpected results. + +Fixing this by detaching the cached elements on error. This addresses +CVE-2022-26353. + +Reported-by: Victor Tom +Cc: qemu-stable@nongnu.org +Fixes: CVE-2022-26353 +Fixes: bedd7e93d0196 ("virtio-net: fix use after unmap/free for sg") +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Jason Wang +--- + hw/net/virtio-net.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c +index b02a0632df..2087516253 100644 +--- a/hw/net/virtio-net.c ++++ b/hw/net/virtio-net.c +@@ -1870,6 +1870,7 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, + + err: + for (j = 0; j < i; j++) { ++ virtqueue_detach_element(q->rx_vq, elems[j], lens[j]); + g_free(elems[j]); + } + +-- +GitLab + diff --git a/SPECS/qemu/qemu.spec b/SPECS/qemu/qemu.spec index e1bfe1809e5..a84d0aa5b24 100644 --- a/SPECS/qemu/qemu.spec +++ b/SPECS/qemu/qemu.spec @@ -217,7 +217,7 @@ Obsoletes: %{name}-system-unicore32-core <= %{version}-%{release} Summary: QEMU is a FAST! processor emulator Name: qemu Version: 6.2.0 -Release: 2%{?dist} +Release: 3%{?dist} License: BSD AND CC-BY AND GPLv2+ AND LGPLv2+ AND MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -254,6 +254,7 @@ Patch1001: CVE-2021-20255.patch Patch1002: CVE-2022-1050.patch # CVE-2022-26354 is fixed in 7.0.0 by https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf Patch1003: CVE-2022-26354.patch +Patch1004: CVE-2022-26353.patch # alsa audio output BuildRequires: alsa-lib-devel @@ -2275,6 +2276,9 @@ useradd -r -u 107 -g qemu -G kvm -d / -s %{_sbindir}/nologin \ %changelog +* Fri May 20 2022 Chris Co - 6.2.0-3 +- Patched CVE-2022-26353 + * Fri May 06 2022 Daniel McIlvaney - 6.2.0-2 - Remove multiboot_dma.bin from aarch64 builds From 20e31defe78a29636310557953fff55da1b68cd7 Mon Sep 17 00:00:00 2001 From: Christopher Co <35273088+christopherco@users.noreply.github.com> Date: Mon, 23 May 2022 11:05:41 -0700 Subject: [PATCH 02/21] mariadb: update to v10.6.8 to address CVE-2022-27448, CVE-2022-27449, CVE-2022-27451, CVE-2022-27457, CVE-2022-27458 (#3044) * mariadb: update to v10.6.8 v10.6.8 addresses CVE-2022-27448, CVE-2022-27449, CVE-2022-27451, CVE-2022-27457, CVE-2022-27458 * cgmanifest: update mariadb entry * mariadb: add new files Signed-off-by: Chris Co --- SPECS/mariadb/CVE-2022-27448.nopatch | 3 +++ SPECS/mariadb/CVE-2022-27449.nopatch | 3 +++ SPECS/mariadb/CVE-2022-27451.nopatch | 3 +++ SPECS/mariadb/CVE-2022-27457.nopatch | 3 +++ SPECS/mariadb/CVE-2022-27458.nopatch | 3 +++ SPECS/mariadb/mariadb.signatures.json | 2 +- SPECS/mariadb/mariadb.spec | 12 ++++++++++-- cgmanifest.json | 4 ++-- 8 files changed, 28 insertions(+), 5 deletions(-) create mode 100644 SPECS/mariadb/CVE-2022-27448.nopatch create mode 100644 SPECS/mariadb/CVE-2022-27449.nopatch create mode 100644 SPECS/mariadb/CVE-2022-27451.nopatch create mode 100644 SPECS/mariadb/CVE-2022-27457.nopatch create mode 100644 SPECS/mariadb/CVE-2022-27458.nopatch diff --git a/SPECS/mariadb/CVE-2022-27448.nopatch b/SPECS/mariadb/CVE-2022-27448.nopatch new file mode 100644 index 00000000000..8431af6208c --- /dev/null +++ b/SPECS/mariadb/CVE-2022-27448.nopatch @@ -0,0 +1,3 @@ +CVE-2022-27448 - Fixed in v10.6.8 + +https://jira.mariadb.org/browse/MDEV-28095 diff --git a/SPECS/mariadb/CVE-2022-27449.nopatch b/SPECS/mariadb/CVE-2022-27449.nopatch new file mode 100644 index 00000000000..52a096e9e87 --- /dev/null +++ b/SPECS/mariadb/CVE-2022-27449.nopatch @@ -0,0 +1,3 @@ +CVE-2022-27449 - Fixed in v10.6.8 + +https://jira.mariadb.org/browse/MDEV-28089 diff --git a/SPECS/mariadb/CVE-2022-27451.nopatch b/SPECS/mariadb/CVE-2022-27451.nopatch new file mode 100644 index 00000000000..4d8564d2d9a --- /dev/null +++ b/SPECS/mariadb/CVE-2022-27451.nopatch @@ -0,0 +1,3 @@ +CVE-2022-27451 - Fixed in v10.6.8 + +https://jira.mariadb.org/browse/MDEV-28094 diff --git a/SPECS/mariadb/CVE-2022-27457.nopatch b/SPECS/mariadb/CVE-2022-27457.nopatch new file mode 100644 index 00000000000..a1aac2e7dd9 --- /dev/null +++ b/SPECS/mariadb/CVE-2022-27457.nopatch @@ -0,0 +1,3 @@ +CVE-2022-27457 - Fixed in v10.6.8 + +https://jira.mariadb.org/browse/MDEV-28098 diff --git a/SPECS/mariadb/CVE-2022-27458.nopatch b/SPECS/mariadb/CVE-2022-27458.nopatch new file mode 100644 index 00000000000..f3307185f74 --- /dev/null +++ b/SPECS/mariadb/CVE-2022-27458.nopatch @@ -0,0 +1,3 @@ +CVE-2022-27458 - Fixed in v10.6.8 + +https://jira.mariadb.org/browse/MDEV-28099 diff --git a/SPECS/mariadb/mariadb.signatures.json b/SPECS/mariadb/mariadb.signatures.json index 1d6e016e9ee..f428dd0e96d 100644 --- a/SPECS/mariadb/mariadb.signatures.json +++ b/SPECS/mariadb/mariadb.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "mariadb-10.6.7.tar.gz": "e1814b386a1f2b42506f7bb332a8ddcbe3521d79c363282de18329892911b912" + "mariadb-10.6.8.tar.gz": "ce5297cb8fc0875a29bba4cff90a09090f0bfccf788e8d04d9361ba955d4ee41" } } \ No newline at end of file diff --git a/SPECS/mariadb/mariadb.spec b/SPECS/mariadb/mariadb.spec index fa5685a2c6d..a64b4215533 100644 --- a/SPECS/mariadb/mariadb.spec +++ b/SPECS/mariadb/mariadb.spec @@ -1,7 +1,7 @@ Summary: Database servers made by the original developers of MySQL. Name: mariadb -Version: 10.6.7 -Release: 2%{?dist} +Version: 10.6.8 +Release: 1%{?dist} License: GPLv2 WITH exceptions AND LGPLv2 AND BSD Vendor: Microsoft Corporation Distribution: Mariner @@ -302,6 +302,7 @@ fi %{_bindir}/replace %{_bindir}/resolve_stack_dump %{_bindir}/resolveip +%{_bindir}/wsrep_sst_backup %{_bindir}/wsrep_sst_common %{_bindir}/wsrep_sst_mariabackup %{_bindir}/wsrep_sst_mysqldump @@ -427,6 +428,8 @@ fi %{_mandir}/man3/*.3.gz %files errmsg +%{_datadir}/mysql/bulgarian/errmsg.sys +%{_datadir}/mysql/chinese/errmsg.sys %{_datadir}/mysql/czech/errmsg.sys %{_datadir}/mysql/danish/errmsg.sys %{_datadir}/mysql/dutch/errmsg.sys @@ -454,6 +457,11 @@ fi %{_datadir}/mysql/hindi/errmsg.sys %changelog +* Fri May 20 2022 Chris Co - 10.6.8-1 +- Upgrade to v10.6.8 to address CVE-2022-27448, CVE-2022-27449, + CVE-2022-27451, CVE-2022-27457, CVE-2022-27458 +- Add new files bulgarian errmsg.sys, chinese errmsg.sys, wsrep_sst_backup + * Fri Apr 29 2022 Olivia Crain - 10.6.7-2 - Fix conflicts with mariadb-connector-c diff --git a/cgmanifest.json b/cgmanifest.json index a8702e56ca9..4653b72e394 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -11191,8 +11191,8 @@ "type": "other", "other": { "name": "mariadb", - "version": "10.6.7", - "downloadUrl": "https://github.com/MariaDB/server/archive/mariadb-10.6.7.tar.gz" + "version": "10.6.8", + "downloadUrl": "https://github.com/MariaDB/server/archive/mariadb-10.6.8.tar.gz" } } }, From 83ba8dc572900e776a8edc3e6cb74464d82bc904 Mon Sep 17 00:00:00 2001 From: Christopher Co <35273088+christopherco@users.noreply.github.com> Date: Mon, 23 May 2022 11:06:09 -0700 Subject: [PATCH 03/21] haproxy: Add nopatch for CVE-2022-0711 (#3043) Already patched in haproxy stable release 2.4.13 Upstream: https://github.com/haproxy/haproxy/commit/bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8 Stable release notes: http://git.haproxy.org/?p=haproxy-2.4.git;a=log;h=refs/tags/v2.4.13 Signed-off-by: Chris Co --- SPECS/haproxy/CVE-2022-0711.nopatch | 4 ++++ SPECS/haproxy/haproxy.spec | 1 + 2 files changed, 5 insertions(+) create mode 100644 SPECS/haproxy/CVE-2022-0711.nopatch diff --git a/SPECS/haproxy/CVE-2022-0711.nopatch b/SPECS/haproxy/CVE-2022-0711.nopatch new file mode 100644 index 00000000000..c9b39933312 --- /dev/null +++ b/SPECS/haproxy/CVE-2022-0711.nopatch @@ -0,0 +1,4 @@ +CVE-2022-0711 - Already patched in haproxy stable release 2.4.13 + +Upstream: https://github.com/haproxy/haproxy/commit/bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8 +Stable release notes: http://git.haproxy.org/?p=haproxy-2.4.git;a=log;h=refs/tags/v2.4.13 \ No newline at end of file diff --git a/SPECS/haproxy/haproxy.spec b/SPECS/haproxy/haproxy.spec index 4cc70a586b5..792aa8b6f63 100644 --- a/SPECS/haproxy/haproxy.spec +++ b/SPECS/haproxy/haproxy.spec @@ -61,6 +61,7 @@ install -vDm644 examples/transparent_proxy.cfg %{buildroot}/%{_sysconfdir}/hapr * Thu Feb 24 2022 Minghe Ren 2.4.13-1 - Update to 2.4.13 - License verified +- Add nopatch for CVE-2022-0711 * Thu Jun 04 2020 Ruying Chen 2.1.5-1 - Update to 2.1.5 * Tue May 19 2020 Nicolas Ontiveros 1.9.6-5 From 344c087e5224b71b6a08c03a5ca0cc580cb6c302 Mon Sep 17 00:00:00 2001 From: Neha Agarwal <58672330+neha170@users.noreply.github.com> Date: Tue, 24 May 2022 11:43:10 -0700 Subject: [PATCH 04/21] kernel configs to bring down boot time for initrd (#3048) * change config for boot time * Remove ring_buffer_allow_swap * Update release in headers/signed --- SPECS-SIGNED/kernel-signed/kernel-signed.spec | 5 +++- SPECS/kernel-headers/kernel-headers.spec | 5 +++- SPECS/kernel/config | 23 +++++++------------ SPECS/kernel/kernel.signatures.json | 2 +- SPECS/kernel/kernel.spec | 5 +++- .../manifests/package/pkggen_core_aarch64.txt | 2 +- .../manifests/package/pkggen_core_x86_64.txt | 2 +- .../manifests/package/toolchain_aarch64.txt | 2 +- .../manifests/package/toolchain_x86_64.txt | 2 +- 9 files changed, 25 insertions(+), 23 deletions(-) diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec index 8ad6533f341..dcd173f004d 100644 --- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec +++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec @@ -10,7 +10,7 @@ Summary: Signed Linux Kernel for %{buildarch} systems Name: kernel-signed-%{buildarch} Version: 5.15.37.1 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -153,6 +153,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %exclude /module_info.ld %changelog +* Tue May 24 2022 Neha Agarwal - 5.15.37.1-3 +- Bump release number to match kernel release + * Mon May 16 2022 Neha Agarwal - 5.15.37.1-2 - Bump release number to match kernel release diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec index ba1dce89f92..ab808b1782f 100644 --- a/SPECS/kernel-headers/kernel-headers.spec +++ b/SPECS/kernel-headers/kernel-headers.spec @@ -1,7 +1,7 @@ Summary: Linux API header files Name: kernel-headers Version: 5.15.37.1 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -37,6 +37,9 @@ cp -rv usr/include/* /%{buildroot}%{_includedir} %{_includedir}/* %changelog +* Tue May 24 2022 Neha Agarwal - 5.15.37.1-3 +- Bump release number to match kernel release + * Mon May 16 2022 Neha Agarwal - 5.15.37.1-2 - Bump release number to match kernel release diff --git a/SPECS/kernel/config b/SPECS/kernel/config index bc56f734061..b2eef6d7e14 100644 --- a/SPECS/kernel/config +++ b/SPECS/kernel/config @@ -220,7 +220,7 @@ CONFIG_RD_XZ=y CONFIG_RD_LZO=y CONFIG_RD_LZ4=y CONFIG_RD_ZSTD=y -CONFIG_BOOT_CONFIG=y +# CONFIG_BOOT_CONFIG is not set CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y # CONFIG_CC_OPTIMIZE_FOR_SIZE is not set CONFIG_LD_ORPHAN_WARN=y @@ -7347,8 +7347,6 @@ CONFIG_LOCK_DEBUGGING_SUPPORT=y # CONFIG_CSD_LOCK_WAIT_DEBUG is not set # end of Lock Debugging (spinlocks, mutexes, etc...) -CONFIG_TRACE_IRQFLAGS=y -CONFIG_TRACE_IRQFLAGS_NMI=y # CONFIG_DEBUG_IRQFLAGS is not set CONFIG_STACKTRACE=y # CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set @@ -7393,18 +7391,15 @@ CONFIG_HAVE_SYSCALL_TRACEPOINTS=y CONFIG_HAVE_FENTRY=y CONFIG_HAVE_OBJTOOL_MCOUNT=y CONFIG_HAVE_C_RECORDMCOUNT=y -CONFIG_TRACER_MAX_TRACE=y CONFIG_TRACE_CLOCK=y CONFIG_RING_BUFFER=y CONFIG_EVENT_TRACING=y CONFIG_CONTEXT_SWITCH_TRACER=y -CONFIG_RING_BUFFER_ALLOW_SWAP=y -CONFIG_PREEMPTIRQ_TRACEPOINTS=y CONFIG_TRACING=y CONFIG_GENERIC_TRACER=y CONFIG_TRACING_SUPPORT=y CONFIG_FTRACE=y -CONFIG_BOOTTIME_TRACING=y +# CONFIG_BOOTTIME_TRACING is not set CONFIG_FUNCTION_TRACER=y CONFIG_FUNCTION_GRAPH_TRACER=y CONFIG_DYNAMIC_FTRACE=y @@ -7413,15 +7408,14 @@ CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y CONFIG_DYNAMIC_FTRACE_WITH_ARGS=y # CONFIG_FUNCTION_PROFILER is not set CONFIG_STACK_TRACER=y -CONFIG_IRQSOFF_TRACER=y -CONFIG_SCHED_TRACER=y -CONFIG_HWLAT_TRACER=y +# CONFIG_IRQSOFF_TRACER is not set +# CONFIG_SCHED_TRACER is not set +# CONFIG_HWLAT_TRACER is not set # CONFIG_OSNOISE_TRACER is not set # CONFIG_TIMERLAT_TRACER is not set -CONFIG_MMIOTRACE=y -CONFIG_FTRACE_SYSCALLS=y -CONFIG_TRACER_SNAPSHOT=y -CONFIG_TRACER_SNAPSHOT_PER_CPU_SWAP=y +# CONFIG_MMIOTRACE is not set +# CONFIG_FTRACE_SYSCALLS is not set +# CONFIG_TRACER_SNAPSHOT is not set CONFIG_BRANCH_PROFILE_NONE=y # CONFIG_PROFILE_ANNOTATED_BRANCHES is not set # CONFIG_BLK_DEV_IO_TRACE is not set @@ -7444,7 +7438,6 @@ CONFIG_FTRACE_MCOUNT_USE_CC=y # CONFIG_FTRACE_STARTUP_TEST is not set # CONFIG_RING_BUFFER_STARTUP_TEST is not set # CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS is not set -# CONFIG_MMIOTRACE_TEST is not set # CONFIG_PREEMPTIRQ_DELAY_TEST is not set # CONFIG_KPROBE_EVENT_GEN_TEST is not set # CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json index 546b3616652..0ef333ca389 100644 --- a/SPECS/kernel/kernel.signatures.json +++ b/SPECS/kernel/kernel.signatures.json @@ -1,7 +1,7 @@ { "Signatures": { "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0", - "config": "3560c598f7ce53efb57e5501bb590c759f531184069f3a254771b59893641fac", + "config": "3cabd319bf43e024e72845aded0ad38944e23638758072173fcf726b50fc585d", "config_aarch64": "bb57007c3507e676ec99e8c913e040b6e59762bc8449e7acc03423e09c5808dc", "kernel-5.15.37.1.tar.gz": "d104e2a9055b470ddd8e08bfffb14f46c237cefee39b4711e3a35b304e4a6303", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f" diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec index 20966c7a34e..5ed18d5e4b5 100644 --- a/SPECS/kernel/kernel.spec +++ b/SPECS/kernel/kernel.spec @@ -7,7 +7,7 @@ Summary: Linux Kernel Name: kernel Version: 5.15.37.1 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -366,6 +366,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Mon May 23 2022 Neha Agarwal - 5.15.37.1-3 +- Fix configs to bring down initrd boot time + * Mon May 16 2022 Neha Agarwal - 5.15.37.1-2 - Fix cdrom, hyperv-mouse, kexec and crash-on-demand config in aarch64 diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index bef0b02294b..7ad9b37f739 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,5 +1,5 @@ filesystem-1.1-9.cm2.aarch64.rpm -kernel-headers-5.15.37.1-2.cm2.noarch.rpm +kernel-headers-5.15.37.1-3.cm2.noarch.rpm glibc-2.35-2.cm2.aarch64.rpm glibc-devel-2.35-2.cm2.aarch64.rpm glibc-i18n-2.35-2.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index e3bf6ce7f04..734dc2ad0ff 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,5 +1,5 @@ filesystem-1.1-9.cm2.x86_64.rpm -kernel-headers-5.15.37.1-2.cm2.noarch.rpm +kernel-headers-5.15.37.1-3.cm2.noarch.rpm glibc-2.35-2.cm2.x86_64.rpm glibc-devel-2.35-2.cm2.x86_64.rpm glibc-i18n-2.35-2.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index db885f07be0..da4cf5f1354 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -131,7 +131,7 @@ intltool-0.51.0-7.cm2.noarch.rpm itstool-2.0.6-4.cm2.noarch.rpm kbd-2.2.0-1.cm2.aarch64.rpm kbd-debuginfo-2.2.0-1.cm2.aarch64.rpm -kernel-headers-5.15.37.1-2.cm2.noarch.rpm +kernel-headers-5.15.37.1-3.cm2.noarch.rpm kmod-29-1.cm2.aarch64.rpm kmod-debuginfo-29-1.cm2.aarch64.rpm kmod-devel-29-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index f7278af4aa5..0bb7c02e3b2 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -131,7 +131,7 @@ intltool-0.51.0-7.cm2.noarch.rpm itstool-2.0.6-4.cm2.noarch.rpm kbd-2.2.0-1.cm2.x86_64.rpm kbd-debuginfo-2.2.0-1.cm2.x86_64.rpm -kernel-headers-5.15.37.1-2.cm2.noarch.rpm +kernel-headers-5.15.37.1-3.cm2.noarch.rpm kmod-29-1.cm2.x86_64.rpm kmod-debuginfo-29-1.cm2.x86_64.rpm kmod-devel-29-1.cm2.x86_64.rpm From 3af618dbe3257f955e804061396f1ef2521b0e5e Mon Sep 17 00:00:00 2001 From: Cameron E Baird Date: Tue, 24 May 2022 14:23:42 -0700 Subject: [PATCH 05/21] Update libxml2 to 2.9.14 to address CVE-2022-29824 (#3046) * update libxml2 to 2.9.14 to address CVE-2022-29824 * aarch64 manifests --- SPECS/libxml2/libxml2.signatures.json | 2 +- SPECS/libxml2/libxml2.spec | 5 ++++- cgmanifest.json | 4 ++-- .../resources/manifests/package/pkggen_core_aarch64.txt | 4 ++-- .../resources/manifests/package/pkggen_core_x86_64.txt | 4 ++-- toolkit/resources/manifests/package/toolchain_aarch64.txt | 8 ++++---- toolkit/resources/manifests/package/toolchain_x86_64.txt | 8 ++++---- 7 files changed, 19 insertions(+), 16 deletions(-) diff --git a/SPECS/libxml2/libxml2.signatures.json b/SPECS/libxml2/libxml2.signatures.json index 191edf639fb..25c6335e1c1 100644 --- a/SPECS/libxml2/libxml2.signatures.json +++ b/SPECS/libxml2/libxml2.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "libxml2-v2.9.13.tar.gz": "0d676b10cfd13ab966907a3917bd86b17a1c22befdf42144cdc1ad5bb9e65c45" + "libxml2-v2.9.14.tar.gz": "80efe9e6b48f8aa7b9b0c47be427e2ef2dbfb2999124220ffbc0f43ca6adb98c" } } diff --git a/SPECS/libxml2/libxml2.spec b/SPECS/libxml2/libxml2.spec index b7697246900..9ebc2b8d321 100644 --- a/SPECS/libxml2/libxml2.spec +++ b/SPECS/libxml2/libxml2.spec @@ -1,6 +1,6 @@ Summary: Libxml2 Name: libxml2 -Version: 2.9.13 +Version: 2.9.14 Release: 1%{?dist} License: MIT Vendor: Microsoft Corporation @@ -80,6 +80,9 @@ find %{buildroot} -type f -name "*.la" -delete -print %{_libdir}/cmake/libxml2/libxml2-config.cmake %changelog +* Mon May 23 2022 Cameron Baird - 2.9.14-1 +- Updating to version 2.9.14 to fix CVE-2022-29824. + * Thu Mar 10 2022 Pawel Winogrodzki - 2.9.13-1 - Updating to version 2.9.13 to fix CVE-2022-23308. diff --git a/cgmanifest.json b/cgmanifest.json index 4653b72e394..706fb3d3a8f 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -10381,8 +10381,8 @@ "type": "other", "other": { "name": "libxml2", - "version": "2.9.13", - "downloadUrl": "https://gitlab.gnome.org/GNOME/libxml2/-/archive/v2.9.13/libxml2-v2.9.13.tar.gz" + "version": "2.9.14", + "downloadUrl": "https://gitlab.gnome.org/GNOME/libxml2/-/archive/v2.9.14/libxml2-v2.9.14.tar.gz" } } }, diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 7ad9b37f739..137f58a6b45 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -198,8 +198,8 @@ tdnf-cli-libs-3.2.2-4.cm2.aarch64.rpm tdnf-devel-3.2.2-4.cm2.aarch64.rpm tdnf-plugin-repogpgcheck-3.2.2-4.cm2.aarch64.rpm createrepo_c-0.17.5-1.cm2.aarch64.rpm -libxml2-2.9.13-1.cm2.aarch64.rpm -libxml2-devel-2.9.13-1.cm2.aarch64.rpm +libxml2-2.9.14-1.cm2.aarch64.rpm +libxml2-devel-2.9.14-1.cm2.aarch64.rpm libsepol-3.2-2.cm2.aarch64.rpm glib-2.71.0-1.cm2.aarch64.rpm libltdl-2.4.6-8.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 734dc2ad0ff..4dff78c4d87 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -198,8 +198,8 @@ tdnf-cli-libs-3.2.2-4.cm2.x86_64.rpm tdnf-devel-3.2.2-4.cm2.x86_64.rpm tdnf-plugin-repogpgcheck-3.2.2-4.cm2.x86_64.rpm createrepo_c-0.17.5-1.cm2.x86_64.rpm -libxml2-2.9.13-1.cm2.x86_64.rpm -libxml2-devel-2.9.13-1.cm2.x86_64.rpm +libxml2-2.9.14-1.cm2.x86_64.rpm +libxml2-devel-2.9.14-1.cm2.x86_64.rpm libsepol-3.2-2.cm2.x86_64.rpm glib-2.71.0-1.cm2.x86_64.rpm libltdl-2.4.6-8.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index da4cf5f1354..ea335566902 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -200,9 +200,9 @@ libtasn1-debuginfo-4.18.0-2.cm2.aarch64.rpm libtasn1-devel-4.18.0-2.cm2.aarch64.rpm libtool-2.4.6-8.cm2.aarch64.rpm libtool-debuginfo-2.4.6-8.cm2.aarch64.rpm -libxml2-2.9.13-1.cm2.aarch64.rpm -libxml2-debuginfo-2.9.13-1.cm2.aarch64.rpm -libxml2-devel-2.9.13-1.cm2.aarch64.rpm +libxml2-2.9.14-1.cm2.aarch64.rpm +libxml2-debuginfo-2.9.14-1.cm2.aarch64.rpm +libxml2-devel-2.9.14-1.cm2.aarch64.rpm libxslt-1.1.34-6.cm2.aarch64.rpm libxslt-debuginfo-1.1.34-6.cm2.aarch64.rpm libxslt-devel-1.1.34-6.cm2.aarch64.rpm @@ -509,7 +509,7 @@ python3-devel-3.9.12-1.cm2.aarch64.rpm python3-gpg-1.16.0-1.cm2.aarch64.rpm python3-jinja2-3.0.3-2.cm2.noarch.rpm python3-libs-3.9.12-1.cm2.aarch64.rpm -python3-libxml2-2.9.13-1.cm2.aarch64.rpm +python3-libxml2-2.9.14-1.cm2.aarch64.rpm python3-lxml-4.8.0-1.cm2.aarch64.rpm python3-magic-5.40-2.cm2.noarch.rpm python3-markupsafe-2.1.0-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 0bb7c02e3b2..b1863755152 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -200,9 +200,9 @@ libtasn1-debuginfo-4.18.0-2.cm2.x86_64.rpm libtasn1-devel-4.18.0-2.cm2.x86_64.rpm libtool-2.4.6-8.cm2.x86_64.rpm libtool-debuginfo-2.4.6-8.cm2.x86_64.rpm -libxml2-2.9.13-1.cm2.x86_64.rpm -libxml2-debuginfo-2.9.13-1.cm2.x86_64.rpm -libxml2-devel-2.9.13-1.cm2.x86_64.rpm +libxml2-2.9.14-1.cm2.x86_64.rpm +libxml2-debuginfo-2.9.14-1.cm2.x86_64.rpm +libxml2-devel-2.9.14-1.cm2.x86_64.rpm libxslt-1.1.34-6.cm2.x86_64.rpm libxslt-debuginfo-1.1.34-6.cm2.x86_64.rpm libxslt-devel-1.1.34-6.cm2.x86_64.rpm @@ -509,7 +509,7 @@ python3-devel-3.9.12-1.cm2.x86_64.rpm python3-gpg-1.16.0-1.cm2.x86_64.rpm python3-jinja2-3.0.3-2.cm2.noarch.rpm python3-libs-3.9.12-1.cm2.x86_64.rpm -python3-libxml2-2.9.13-1.cm2.x86_64.rpm +python3-libxml2-2.9.14-1.cm2.x86_64.rpm python3-lxml-4.8.0-1.cm2.x86_64.rpm python3-magic-5.40-2.cm2.noarch.rpm python3-markupsafe-2.1.0-1.cm2.x86_64.rpm From 3c7d331845dd5cdac417a0f1b952b53c16c58278 Mon Sep 17 00:00:00 2001 From: Sriram Nambakam Date: Tue, 24 May 2022 17:10:23 -0700 Subject: [PATCH 06/21] Update libwpe and wpebackend-fdo to 1.12.0 (#3032) --- SPECS-EXTENDED/libwpe/libwpe.signatures.json | 4 +- SPECS-EXTENDED/libwpe/libwpe.spec | 26 ++++++----- .../wpebackend-fdo.signatures.json | 4 +- .../wpebackend-fdo/wpebackend-fdo.spec | 46 ++++++++++--------- cgmanifest.json | 8 ++-- 5 files changed, 47 insertions(+), 41 deletions(-) diff --git a/SPECS-EXTENDED/libwpe/libwpe.signatures.json b/SPECS-EXTENDED/libwpe/libwpe.signatures.json index 549dafb1fd5..2e0172c1158 100644 --- a/SPECS-EXTENDED/libwpe/libwpe.signatures.json +++ b/SPECS-EXTENDED/libwpe/libwpe.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "libwpe-1.6.0.tar.xz": "3587c6b8a807f4bb76b268ba74ca82c6b395b90235db41ad8252224456193c90" + "libwpe-1.12.0.tar.xz": "e8eeca228a6b4c36294cfb63f7d3ba9ada47a430904a5a973b3c99c96a44c18c" } -} \ No newline at end of file +} diff --git a/SPECS-EXTENDED/libwpe/libwpe.spec b/SPECS-EXTENDED/libwpe/libwpe.spec index 49075444f19..faf93e1b916 100644 --- a/SPECS-EXTENDED/libwpe/libwpe.spec +++ b/SPECS-EXTENDED/libwpe/libwpe.spec @@ -1,27 +1,25 @@ -Vendor: Microsoft Corporation -Distribution: Mariner -Name: libwpe -Version: 1.6.0 -Release: 2%{?dist} Summary: General-purpose library for the WPE-flavored port of WebKit +Name: libwpe +Version: 1.12.0 +Release: 1%{?dist} License: BSD +Vendor: Microsoft Corporation +Distribution: Mariner URL: https://github.com/WebPlatformForEmbedded/%{name} Source0: https://github.com/WebPlatformForEmbedded/libwpe/releases/download/%{version}/%{name}-%{version}.tar.xz - BuildRequires: cmake BuildRequires: gcc-c++ -BuildRequires: mesa-libEGL-devel BuildRequires: libxkbcommon-devel - -Provides: wpebackend = %{version}-%{release} -Obsoletes: wpebackend < 0.2.0-2 +BuildRequires: mesa-libEGL-devel +Provides: wpebackend = %{version}-%{release} +Obsoletes: wpebackend < 0.2.0-2 %description General-purpose library developed for the WPE-flavored port of WebKit %package devel -Summary: Development files for %{name} -Requires: %{name}%{?_isa} = %{version}-%{release} +Summary: Development files for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} %description devel The %{name}-devel package contains libraries, build data, and header @@ -55,6 +53,10 @@ popd %{_libdir}/pkgconfig/wpe-1.0.pc %changelog +* Sat May 14 2022 Sriram Nambakam - 1.12.0-1 +- Update to 1.12.0 +- License verified + * Fri Oct 15 2021 Pawel Winogrodzki - 1.6.0-2 - Initial CBL-Mariner import from Fedora 32 (license: MIT). diff --git a/SPECS-EXTENDED/wpebackend-fdo/wpebackend-fdo.signatures.json b/SPECS-EXTENDED/wpebackend-fdo/wpebackend-fdo.signatures.json index f5d2ee8e357..51d9ae59b58 100644 --- a/SPECS-EXTENDED/wpebackend-fdo/wpebackend-fdo.signatures.json +++ b/SPECS-EXTENDED/wpebackend-fdo/wpebackend-fdo.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "wpebackend-fdo-1.6.0.tar.xz": "7f5bd7b9d8f97b1655f4dcd39fad92719d0fb3985b251da5802df13aaa09f567" + "wpebackend-fdo-1.12.0.tar.xz": "6239c9c15523410798d66315de6b491712ab30009ba180f3e0dd076d9b0074ac" } -} \ No newline at end of file +} diff --git a/SPECS-EXTENDED/wpebackend-fdo/wpebackend-fdo.spec b/SPECS-EXTENDED/wpebackend-fdo/wpebackend-fdo.spec index fadb4e773bd..5bad58102a4 100644 --- a/SPECS-EXTENDED/wpebackend-fdo/wpebackend-fdo.spec +++ b/SPECS-EXTENDED/wpebackend-fdo/wpebackend-fdo.spec @@ -1,47 +1,46 @@ -Vendor: Microsoft Corporation -Distribution: Mariner -Name: wpebackend-fdo -Version: 1.6.0 -Release: 2%{?dist} Summary: A WPE backend designed for Linux desktop systems - +Name: wpebackend-fdo +Version: 1.12.0 +Release: 1%{?dist} License: BSD +Vendor: Microsoft Corporation +Distribution: Mariner URL: https://github.com/Igalia/%{name} -Source0: https://github.com/Igalia/%{name}/archive/%{version}/%{name}-%{version}.tar.xz - +Source0: https://github.com/Igalia/WPEBackend-fdo/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz BuildRequires: cmake BuildRequires: gcc-c++ -BuildRequires: mesa-libEGL-devel -BuildRequires: libxkbcommon-devel +BuildRequires: glib2-devel +BuildRequires: libepoxy-devel BuildRequires: libwpe-devel +BuildRequires: libxkbcommon-devel +BuildRequires: mesa-libEGL-devel +BuildRequires: meson BuildRequires: wayland-devel -BuildRequires: glib2-devel %description A WPE backend designed for Linux desktop systems. %package devel -Summary: Development files for %{name} -Requires: %{name}%{?_isa} = %{version}-%{release} +Summary: Development files for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} %description devel The %{name}-devel package contains libraries, build data, and header files for developing applications that use %{name}. %prep -%autosetup -p1 -n %{name}-%{version} +%autosetup -p1 -n WPEBackend-fdo-%{version} %build mkdir -p %{_target_platform} pushd %{_target_platform} -%cmake \ - .. +meson --prefix=%{_prefix} --buildtype=release .. && \ +ninja popd -%make_build -C %{_target_platform} - %install -%make_install -C %{_target_platform} +cd %{_target_platform} +DESTDIR=%{buildroot}/ ninja install %files %license COPYING @@ -55,6 +54,11 @@ popd %{_libdir}/pkgconfig/wpebackend-fdo-1.0.pc %changelog +* Sat May 14 2022 Sriram Nambakam - 1.12.0-1 +- Update to 1.12.0 +- License verified +- Use meson and ninja instead of cmake + * Fri Oct 15 2021 Pawel Winogrodzki - 1.6.0-2 - Initial CBL-Mariner import from Fedora 32 (license: MIT). @@ -75,9 +79,9 @@ popd * Thu Sep 19 2019 Chris King - 1.4.0-2 - Change location of libWPEBackend-fdo.so to allow for WPE backend - + * Wed Sep 18 2019 Chris King - 1.4.0-1 -- new version +- New version * Sat Jul 27 2019 Fedora Release Engineering - 1.3.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild diff --git a/cgmanifest.json b/cgmanifest.json index 706fb3d3a8f..86ba0ae4d08 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -10151,8 +10151,8 @@ "type": "other", "other": { "name": "libwpe", - "version": "1.6.0", - "downloadUrl": "https://github.com/WebPlatformForEmbedded/libwpe/releases/download/1.6.0/libwpe-1.6.0.tar.xz" + "version": "1.12.0", + "downloadUrl": "https://github.com/WebPlatformForEmbedded/libwpe/releases/download/1.12.0/libwpe-1.12.0.tar.xz" } } }, @@ -26337,8 +26337,8 @@ "type": "other", "other": { "name": "wpebackend-fdo", - "version": "1.6.0", - "downloadUrl": "https://github.com/Igalia/wpebackend-fdo/archive/1.6.0/wpebackend-fdo-1.6.0.tar.xz" + "version": "1.12.0", + "downloadUrl": "https://github.com/Igalia/WPEBackend-fdo/archive/refs/tags/1.12.0.tar.gz" } } }, From d350dc32e72d15788b01aa0caba3410b68307c40 Mon Sep 17 00:00:00 2001 From: Sriram Nambakam Date: Tue, 24 May 2022 17:20:06 -0700 Subject: [PATCH 07/21] Fix signature for wpebackend-fdo (#3057) --- SPECS-EXTENDED/wpebackend-fdo/wpebackend-fdo.signatures.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SPECS-EXTENDED/wpebackend-fdo/wpebackend-fdo.signatures.json b/SPECS-EXTENDED/wpebackend-fdo/wpebackend-fdo.signatures.json index 51d9ae59b58..d54925f6f4f 100644 --- a/SPECS-EXTENDED/wpebackend-fdo/wpebackend-fdo.signatures.json +++ b/SPECS-EXTENDED/wpebackend-fdo/wpebackend-fdo.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "wpebackend-fdo-1.12.0.tar.xz": "6239c9c15523410798d66315de6b491712ab30009ba180f3e0dd076d9b0074ac" + "wpebackend-fdo-1.12.0.tar.gz": "7984e2c65b27ffc962417ee0f8a6ab5f7e4d2d175b515ba051fedbcef68932a4" } -} +} \ No newline at end of file From e8494950bef7c78a55d47eee35f66c30af931237 Mon Sep 17 00:00:00 2001 From: Cameron E Baird Date: Wed, 25 May 2022 10:24:08 -0700 Subject: [PATCH 08/21] Address CVE-2021-30560 with libxslt patch (#3049) * cherry-pick patch fix for libxslt * cleanup; manifests * address nits/linter * fix changelog date Co-authored-by: MaxBrodeurUrbas --- SPECS/libxslt/CVE-2021-30560.patch | 196 ++++++++++++++++++ SPECS/libxslt/libxslt.spec | 8 +- .../manifests/package/toolchain_aarch64.txt | 6 +- .../manifests/package/toolchain_x86_64.txt | 6 +- 4 files changed, 208 insertions(+), 8 deletions(-) create mode 100644 SPECS/libxslt/CVE-2021-30560.patch diff --git a/SPECS/libxslt/CVE-2021-30560.patch b/SPECS/libxslt/CVE-2021-30560.patch new file mode 100644 index 00000000000..bce6cc7f803 --- /dev/null +++ b/SPECS/libxslt/CVE-2021-30560.patch @@ -0,0 +1,196 @@ +From 07dad572c0c8e851390e64a734310deaf95dd686 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Sat, 12 Jun 2021 20:02:53 +0200 +Subject: [PATCH] Fix use-after-free in xsltApplyTemplates + +xsltApplyTemplates without a select expression could delete nodes in +the source document. + +1. Text nodes with strippable whitespace + +Whitespace from input documents is already stripped, so there's no +need to strip it again. Under certain circumstances, xsltApplyTemplates +could be fooled into deleting text nodes that are still referenced, +resulting in a use-after-free. + +2. The DTD + +The DTD was only unlinked, but there's no good reason to do this just +now. Maybe it was meant as a micro-optimization. + +3. Unknown nodes + +Useless and dangerous as well, especially with XInclude nodes. +See https://gitlab.gnome.org/GNOME/libxml2/-/issues/268 + +Simply stop trying to uselessly delete nodes when applying a template. +This part of the code is probably a leftover from a time where +xsltApplyStripSpaces wasn't implemented yet. Also note that +xsltApplyTemplates with a select expression never tried to delete +nodes. + +Also stop xsltDefaultProcessOneNode from deleting nodes for the same +reasons. +--- + libxslt/transform.c | 119 +++----------------------------------------- + 1 file changed, 7 insertions(+), 112 deletions(-) + +diff --git a/libxslt/transform.c b/libxslt/transform.c +index 04522154..3aba354f 100644 +--- a/libxslt/transform.c ++++ b/libxslt/transform.c +@@ -1895,7 +1895,7 @@ static void + xsltDefaultProcessOneNode(xsltTransformContextPtr ctxt, xmlNodePtr node, + xsltStackElemPtr params) { + xmlNodePtr copy; +- xmlNodePtr delete = NULL, cur; ++ xmlNodePtr cur; + int nbchild = 0, oldSize; + int childno = 0, oldPos; + xsltTemplatePtr template; +@@ -1968,54 +1968,13 @@ xsltDefaultProcessOneNode(xsltTransformContextPtr ctxt, xmlNodePtr node, + return; + } + /* +- * Handling of Elements: first pass, cleanup and counting ++ * Handling of Elements: first pass, counting + */ + cur = node->children; + while (cur != NULL) { +- switch (cur->type) { +- case XML_TEXT_NODE: +- case XML_CDATA_SECTION_NODE: +- case XML_DOCUMENT_NODE: +- case XML_HTML_DOCUMENT_NODE: +- case XML_ELEMENT_NODE: +- case XML_PI_NODE: +- case XML_COMMENT_NODE: +- nbchild++; +- break; +- case XML_DTD_NODE: +- /* Unlink the DTD, it's still reachable using doc->intSubset */ +- if (cur->next != NULL) +- cur->next->prev = cur->prev; +- if (cur->prev != NULL) +- cur->prev->next = cur->next; +- break; +- default: +-#ifdef WITH_XSLT_DEBUG_PROCESS +- XSLT_TRACE(ctxt,XSLT_TRACE_PROCESS_NODE,xsltGenericDebug(xsltGenericDebugContext, +- "xsltDefaultProcessOneNode: skipping node type %d\n", +- cur->type)); +-#endif +- delete = cur; +- } ++ if (IS_XSLT_REAL_NODE(cur)) ++ nbchild++; + cur = cur->next; +- if (delete != NULL) { +-#ifdef WITH_XSLT_DEBUG_PROCESS +- XSLT_TRACE(ctxt,XSLT_TRACE_PROCESS_NODE,xsltGenericDebug(xsltGenericDebugContext, +- "xsltDefaultProcessOneNode: removing ignorable blank node\n")); +-#endif +- xmlUnlinkNode(delete); +- xmlFreeNode(delete); +- delete = NULL; +- } +- } +- if (delete != NULL) { +-#ifdef WITH_XSLT_DEBUG_PROCESS +- XSLT_TRACE(ctxt,XSLT_TRACE_PROCESS_NODE,xsltGenericDebug(xsltGenericDebugContext, +- "xsltDefaultProcessOneNode: removing ignorable blank node\n")); +-#endif +- xmlUnlinkNode(delete); +- xmlFreeNode(delete); +- delete = NULL; + } + + /* +@@ -4864,7 +4823,7 @@ xsltApplyTemplates(xsltTransformContextPtr ctxt, xmlNodePtr node, + xsltStylePreCompPtr comp = (xsltStylePreCompPtr) castedComp; + #endif + int i; +- xmlNodePtr cur, delNode = NULL, oldContextNode; ++ xmlNodePtr cur, oldContextNode; + xmlNodeSetPtr list = NULL, oldList; + xsltStackElemPtr withParams = NULL; + int oldXPProximityPosition, oldXPContextSize; +@@ -4998,73 +4957,9 @@ xsltApplyTemplates(xsltTransformContextPtr ctxt, xmlNodePtr node, + else + cur = NULL; + while (cur != NULL) { +- switch (cur->type) { +- case XML_TEXT_NODE: +- if ((IS_BLANK_NODE(cur)) && +- (cur->parent != NULL) && +- (cur->parent->type == XML_ELEMENT_NODE) && +- (ctxt->style->stripSpaces != NULL)) { +- const xmlChar *val; +- +- if (cur->parent->ns != NULL) { +- val = (const xmlChar *) +- xmlHashLookup2(ctxt->style->stripSpaces, +- cur->parent->name, +- cur->parent->ns->href); +- if (val == NULL) { +- val = (const xmlChar *) +- xmlHashLookup2(ctxt->style->stripSpaces, +- BAD_CAST "*", +- cur->parent->ns->href); +- } +- } else { +- val = (const xmlChar *) +- xmlHashLookup2(ctxt->style->stripSpaces, +- cur->parent->name, NULL); +- } +- if ((val != NULL) && +- (xmlStrEqual(val, (xmlChar *) "strip"))) { +- delNode = cur; +- break; +- } +- } +- /* Intentional fall-through */ +- case XML_ELEMENT_NODE: +- case XML_DOCUMENT_NODE: +- case XML_HTML_DOCUMENT_NODE: +- case XML_CDATA_SECTION_NODE: +- case XML_PI_NODE: +- case XML_COMMENT_NODE: +- xmlXPathNodeSetAddUnique(list, cur); +- break; +- case XML_DTD_NODE: +- /* Unlink the DTD, it's still reachable +- * using doc->intSubset */ +- if (cur->next != NULL) +- cur->next->prev = cur->prev; +- if (cur->prev != NULL) +- cur->prev->next = cur->next; +- break; +- case XML_NAMESPACE_DECL: +- break; +- default: +-#ifdef WITH_XSLT_DEBUG_PROCESS +- XSLT_TRACE(ctxt,XSLT_TRACE_APPLY_TEMPLATES,xsltGenericDebug(xsltGenericDebugContext, +- "xsltApplyTemplates: skipping cur type %d\n", +- cur->type)); +-#endif +- delNode = cur; +- } ++ if (IS_XSLT_REAL_NODE(cur)) ++ xmlXPathNodeSetAddUnique(list, cur); + cur = cur->next; +- if (delNode != NULL) { +-#ifdef WITH_XSLT_DEBUG_PROCESS +- XSLT_TRACE(ctxt,XSLT_TRACE_APPLY_TEMPLATES,xsltGenericDebug(xsltGenericDebugContext, +- "xsltApplyTemplates: removing ignorable blank cur\n")); +-#endif +- xmlUnlinkNode(delNode); +- xmlFreeNode(delNode); +- delNode = NULL; +- } + } + } + +-- +2.20.1 (Apple Git-117) + diff --git a/SPECS/libxslt/libxslt.spec b/SPECS/libxslt/libxslt.spec index 5a3c7e602aa..3cc9776e59a 100644 --- a/SPECS/libxslt/libxslt.spec +++ b/SPECS/libxslt/libxslt.spec @@ -1,13 +1,14 @@ Summary: Libxslt is the XSLT C library developed for the GNOME project. XSLT is a an XML language to define transformation for XML. Name: libxslt Version: 1.1.34 -Release: 6%{?dist} +Release: 7%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner Group: System Environment/General Libraries URL: http://xmlsoft.org/libxslt/ Source0: http://xmlsoft.org/sources/%{name}-%{version}.tar.gz +Patch0: CVE-2021-30560.patch BuildRequires: libgcrypt-devel BuildRequires: libxml2-devel Requires: libgcrypt @@ -27,7 +28,7 @@ Provides: %{name}-devel%{?_isa} = %{version}-%{release} Header files for doing development with libxslt. %prep -%setup -q +%autosetup -p1 %build ./configure \ @@ -71,6 +72,9 @@ make %{?_smp_mflags} check %{_mandir}/man3/* %changelog +* Tue May 24 2022 Cameron Baird - 1.1.34-7 +- Applying patch for CVE-2021-30560. + * Fri Mar 04 2022 Muhammad Falak - 1.1.34-6 - Drop fuzz testing to enable ptest diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index ea335566902..b67a281566b 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -203,9 +203,9 @@ libtool-debuginfo-2.4.6-8.cm2.aarch64.rpm libxml2-2.9.14-1.cm2.aarch64.rpm libxml2-debuginfo-2.9.14-1.cm2.aarch64.rpm libxml2-devel-2.9.14-1.cm2.aarch64.rpm -libxslt-1.1.34-6.cm2.aarch64.rpm -libxslt-debuginfo-1.1.34-6.cm2.aarch64.rpm -libxslt-devel-1.1.34-6.cm2.aarch64.rpm +libxslt-1.1.34-7.cm2.aarch64.rpm +libxslt-debuginfo-1.1.34-7.cm2.aarch64.rpm +libxslt-devel-1.1.34-7.cm2.aarch64.rpm lua-5.4.3-2.cm2.aarch64.rpm lua-debuginfo-5.4.3-2.cm2.aarch64.rpm lua-devel-5.4.3-2.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index b1863755152..ad77ac5bba4 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -203,9 +203,9 @@ libtool-debuginfo-2.4.6-8.cm2.x86_64.rpm libxml2-2.9.14-1.cm2.x86_64.rpm libxml2-debuginfo-2.9.14-1.cm2.x86_64.rpm libxml2-devel-2.9.14-1.cm2.x86_64.rpm -libxslt-1.1.34-6.cm2.x86_64.rpm -libxslt-debuginfo-1.1.34-6.cm2.x86_64.rpm -libxslt-devel-1.1.34-6.cm2.x86_64.rpm +libxslt-1.1.34-7.cm2.x86_64.rpm +libxslt-debuginfo-1.1.34-7.cm2.x86_64.rpm +libxslt-devel-1.1.34-7.cm2.x86_64.rpm lua-5.4.3-2.cm2.x86_64.rpm lua-debuginfo-5.4.3-2.cm2.x86_64.rpm lua-devel-5.4.3-2.cm2.x86_64.rpm From 5435e6a447e2307979df595e10a5e728022e986e Mon Sep 17 00:00:00 2001 From: Cameron E Baird Date: Wed, 25 May 2022 10:24:28 -0700 Subject: [PATCH 09/21] Update zsh to v5.9 to address CVE-2021-45444 (#3055) * Update zsh to v5.9 to address CVE-2021-45444 * address linter --- ...01-Skipping-test-if-ran-as-superuser.patch | 25 +++++++++---------- SPECS/zsh/zsh.signatures.json | 2 +- SPECS/zsh/zsh.spec | 11 ++++---- cgmanifest.json | 4 +-- 4 files changed, 20 insertions(+), 22 deletions(-) diff --git a/SPECS/zsh/0001-Skipping-test-if-ran-as-superuser.patch b/SPECS/zsh/0001-Skipping-test-if-ran-as-superuser.patch index 5d0685b9f04..35cdfa89c4d 100644 --- a/SPECS/zsh/0001-Skipping-test-if-ran-as-superuser.patch +++ b/SPECS/zsh/0001-Skipping-test-if-ran-as-superuser.patch @@ -1,20 +1,19 @@ -From 0fbbbea15b38364830d7b341c86682f05575ae0b Mon Sep 17 00:00:00 2001 -From: Pawel -Date: Tue, 10 Nov 2020 18:37:47 -0800 -Subject: [PATCH] Skipping test if ran as superuser. +From c6a6995e482fca07771073417c5401d1e3d9fb0c Mon Sep 17 00:00:00 2001 +From: Cameron Baird +Date: Tue, 24 May 2022 14:58:59 -0700 +Subject: [PATCH] 0001-Skipping-test-if-ran-as-superuser --- - Test/D02glob.ztst | 14 +++++++++----- - 1 file changed, 9 insertions(+), 5 deletions(-) + Test/D02glob.ztst | 17 ++++++++++------- + 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/Test/D02glob.ztst b/Test/D02glob.ztst -index b0650c8..39d97c1 100644 ---- a/Test/D02glob.ztst -+++ b/Test/D02glob.ztst -@@ -729,11 +729,15 @@ +index 850a535..cb61eff 100644 +@@ -727,12 +727,15 @@ + >does/not/exist >not/exist >exist - +- - mkdir -m 000 glob.tmp/secret-d000 - mkdir -m 111 glob.tmp/secret-d111 - mkdir -m 444 glob.tmp/secret-d444 @@ -29,9 +28,9 @@ index b0650c8..39d97c1 100644 + else + ZTST_skip="cannot test unreadable directories globbing when tests run as superuser" + fi - -f:unreadable directories can be globbed (users/24619, users/24626) + 0:unreadable directories can be globbed (users/24619, users/24626) >glob.tmp/secret-d000/ glob.tmp/secret-d000 >glob.tmp/secret-d111/ glob.tmp/secret-d111 -- -2.17.1 +2.25.1 diff --git a/SPECS/zsh/zsh.signatures.json b/SPECS/zsh/zsh.signatures.json index 1c8c3e749ef..8cafb771348 100644 --- a/SPECS/zsh/zsh.signatures.json +++ b/SPECS/zsh/zsh.signatures.json @@ -1,7 +1,7 @@ { "Signatures": { "zprofile.rhs": "ff1d1e79c760b1f51ab0e85b6746124c592702c01a504c83b86057886ee79eda", - "zsh-5.8.tar.xz": "dcc4b54cc5565670a65581760261c163d720991f0d06486da61f8d839b52de27", + "zsh-5.9.tar.xz": "9b8d1ecedd5b5e81fbf1918e876752a7dd948e05c1a0dba10ab863842d45acd5", "zshrc": "13a8c524f9f137b34d40dddc0583ce3e95479d0b79e10f9796b26bad1c66e6ab" } } \ No newline at end of file diff --git a/SPECS/zsh/zsh.spec b/SPECS/zsh/zsh.spec index dd6d7b8e6c9..272282171c5 100644 --- a/SPECS/zsh/zsh.spec +++ b/SPECS/zsh/zsh.spec @@ -2,8 +2,8 @@ Summary: Z shell Name: zsh -Version: 5.8 -Release: 5%{?dist} +Version: 5.9 +Release: 1%{?dist} License: MIT AND GPLv2.0 AND GPLv3.0 AND GPLv2+ Vendor: Microsoft Corporation Distribution: Mariner @@ -12,9 +12,7 @@ URL: http://zsh.sourceforge.net/ Source0: https://sourceforge.net/projects/%{name}/files/%{name}/%{version}/%{name}-%{version}.tar.xz Source1: zprofile.rhs Source2: zshrc - Patch0: 0001-Skipping-test-if-ran-as-superuser.patch - BuildRequires: binutils BuildRequires: coreutils BuildRequires: diffutils @@ -28,11 +26,9 @@ BuildRequires: ncurses-devel BuildRequires: sed BuildRequires: tar BuildRequires: texinfo - Requires(post): /bin/grep Requires(postun): /bin/grep Requires(postun): coreutils - Provides: /bin/zsh %description @@ -133,6 +129,9 @@ fi %doc Doc/*.html %changelog +* Tue May 24 2022 Cameron Baird - 5.9-1 +- Update to v5.9 to address CVE-2021-45444 + * Thu Dec 16 2021 Pawel Winogrodzki - 5.8-5 - Removing the explicit %%clean stage. diff --git a/cgmanifest.json b/cgmanifest.json index 86ba0ae4d08..0f84fd1710e 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -27410,8 +27410,8 @@ "type": "other", "other": { "name": "zsh", - "version": "5.8", - "downloadUrl": "https://sourceforge.net/projects/zsh/files/zsh/5.8/zsh-5.8.tar.xz" + "version": "5.9", + "downloadUrl": "https://sourceforge.net/projects/zsh/files/zsh/5.9/zsh-5.9.tar.xz" } } }, From db82532d8943fe13008ac870062ae9adb0031d42 Mon Sep 17 00:00:00 2001 From: Andrew Phelps Date: Wed, 25 May 2022 10:26:18 -0700 Subject: [PATCH 10/21] Limit module_info.ld inclusion in LDFLAGS from mariner-rpm-macros (#3038) * restrict module_info.ls with include_mariner_package_note * fix changelog date * bump perl release * define module_ldflags at buildtime * define module_ldflags in toolchain * fix issue with gen-ld-script.sh os version and id. rename module_ldflags to mariner_module_ldflags * pass mariner_release_version to gen-ld-script.sh --- SPECS/mariner-rpm-macros/gen-ld-script.sh | 9 +- SPECS/mariner-rpm-macros/macros | 6 +- .../mariner-rpm-macros.signatures.json | 4 +- .../mariner-rpm-macros.spec | 6 +- SPECS/perl/perl.spec | 8 +- .../manifests/package/pkggen_core_aarch64.txt | 120 +++--- .../manifests/package/pkggen_core_x86_64.txt | 120 +++--- .../manifests/package/toolchain_aarch64.txt | 382 +++++++++--------- .../manifests/package/toolchain_x86_64.txt | 382 +++++++++--------- .../build_official_toolchain_rpms.sh | 1 + toolkit/tools/internal/rpm/rpm.go | 3 + toolkit/tools/pkgworker/pkgworker.go | 1 + 12 files changed, 529 insertions(+), 513 deletions(-) diff --git a/SPECS/mariner-rpm-macros/gen-ld-script.sh b/SPECS/mariner-rpm-macros/gen-ld-script.sh index a63d485cbdb..1dc5c7817e1 100755 --- a/SPECS/mariner-rpm-macros/gen-ld-script.sh +++ b/SPECS/mariner-rpm-macros/gen-ld-script.sh @@ -6,11 +6,10 @@ # gen-ld-script.sh # Generate linker script to embed ELF binaries with build metadata -# /usr/lib/rpm/mariner/gen-ld-script.sh %{name} %{version} %{_topdir} -echo "gen-ld-script.sh name($1) version($2) _topdir($3)" +# /usr/lib/rpm/mariner/gen-ld-script.sh %{name} %{version} %{_topdir} %{mariner_release_version} +echo "gen-ld-script.sh name($1) version($2) _topdir($3) osversion($4)" -OS_ID=$(sed -En 's/^ID="?([^"]+)"?/\1/p' /etc/os-release) -OS_VERSION=$(sed -En 's/^VERSION_ID="?([^"]+)"?/\1/p' /etc/os-release) +OS_VERSION=$(echo $4 | cut -d. -f1,2) # Count number of dot separators in $2 (version) NUM_DOT_SEPARATORS="${2//[^.]}" @@ -35,7 +34,7 @@ MODULE_INFO_DIR="$3/BUILD/" mkdir -pv $MODULE_INFO_DIR /usr/lib/rpm/mariner/generate-package-note.py \ - --os "$OS_ID" \ + --os "mariner" \ --osVersion "$OS_VERSION" \ --type "rpm" \ --name "$1" \ diff --git a/SPECS/mariner-rpm-macros/macros b/SPECS/mariner-rpm-macros/macros index 51786fc830d..47c5758ddee 100644 --- a/SPECS/mariner-rpm-macros/macros +++ b/SPECS/mariner-rpm-macros/macros @@ -36,7 +36,7 @@ # Generate metadata linker script before prep section of each SPEC %__spec_prep_template #!%{__spec_prep_shell}\ %{__spec_prep_pre}\ -/usr/lib/rpm/mariner/gen-ld-script.sh %{name} %{version} %{_topdir}\ +/usr/lib/rpm/mariner/gen-ld-script.sh %{name} %{version} %{_topdir} %{mariner_release_version}\ %{nil} # This section overrides the default behavior of the build macro to export @@ -82,11 +82,13 @@ # Binary macros %__make %{_bindir}/make +# Enable linking with module_info.ld in Mariner build environment by defining: mariner_module_ldflags -Wl,-dT,%{_topdir}/BUILD/module_info.ld + # Compilation and linking flag macros %build_cflags %{optflags} %build_cxxflags %{optflags} %build_fflags %{optflags} -I%{_fmoddir} -%build_ldflags -Wl,-z,relro %{_ld_as_needed_flags} %{_ld_symbols_flags} %{_hardened_ldflags} -Wl,-dT,%{_topdir}/BUILD/module_info.ld +%build_ldflags -Wl,-z,relro %{_ld_as_needed_flags} %{_ld_symbols_flags} %{_hardened_ldflags} %{?mariner_module_ldflags:%{mariner_module_ldflags}} # Deprecated names. For backwards compatibility only. %__global_cflags %{build_cflags} diff --git a/SPECS/mariner-rpm-macros/mariner-rpm-macros.signatures.json b/SPECS/mariner-rpm-macros/mariner-rpm-macros.signatures.json index 106d8025a8b..9d8d8fa066b 100644 --- a/SPECS/mariner-rpm-macros/mariner-rpm-macros.signatures.json +++ b/SPECS/mariner-rpm-macros/mariner-rpm-macros.signatures.json @@ -7,10 +7,10 @@ "default-hardened-cc1": "2102bdfbb06934d95ceb3c81f789c59c9f77f91b0f996fd39588e0aa052d6f77", "default-hardened-ld": "4dbb822a27eed292759bc4e9cabb4b84f34fc6701535fcac2fdddac33328678b", "forge.lua": "7390af6e81d8d61bc6957127fe9ebdbf5223e96d3810855641bdecc2a03800b4", - "gen-ld-script.sh": "10dc6b14204ccc373f261dcdc616d5dfe1918ae78e977bdfafa91fc187d64beb", + "gen-ld-script.sh": "894b394f376dae7be23c314b79f31772aa40a24895122242abd7a178aea9cade", "generate-package-note.py": "bd76a8e88a1356fed74863c38e5cf6a20c1c26426ac94ba21dd172578e8ca2a2", "gpgverify": "db0e050f56b694497d70603a6f5c17dd60ddbcf7cee670616851cd389f6767c4", - "macros": "2a236e2e0e876bb21dd68ca0018f8dedec1dbe72f266f1f9e5f92f3b79b68b01", + "macros": "faab13dae469ebf3812eac43dbd03ae145181bf47efdebb5cd3633dc7e00d749", "macros.check": "79367176c3c7d10c0158b6e5d881e0fc3c8fd50c5957dad2f097c2d4a37833e7", "macros.fonts": "f52edc646414c5dd0f5f4cdd570f2f9dbe6fb97d4f0db360908deb56d96492f8", "macros.forge": "8785fe3de4570d6b78dc40aa2f0a4124ce1ddb6282fe3060fb0ae2001178abe6", diff --git a/SPECS/mariner-rpm-macros/mariner-rpm-macros.spec b/SPECS/mariner-rpm-macros/mariner-rpm-macros.spec index e4fdac89c60..6e33fc75d97 100644 --- a/SPECS/mariner-rpm-macros/mariner-rpm-macros.spec +++ b/SPECS/mariner-rpm-macros/mariner-rpm-macros.spec @@ -6,7 +6,7 @@ Summary: Mariner specific rpm macro files Name: mariner-rpm-macros Version: 2.0 -Release: 14%{?dist} +Release: 15%{?dist} License: GPL+ AND MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -121,6 +121,10 @@ install -p -m 644 -t %{buildroot}%{rcluadir}/srpm forge.lua %{_rpmconfigdir}/macros.d/macros.check %changelog +* Fri May 20 2022 Andrew Phelps - 2.0-15 +- Remove module_info.ld from default LDFLAGS; require setting through "mariner_module_ldflags" +- Modify gen-ld-script.sh to pass OS Version and predefine OS ID instead of parsing from /etc/os-release (no longer in toolchain env) + * Tue Apr 26 2022 Pawel Winogrodzki - 2.0-14 - Adding the "_mariner_sources_url" macro. diff --git a/SPECS/perl/perl.spec b/SPECS/perl/perl.spec index 3580b4811e6..36c6a090e59 100644 --- a/SPECS/perl/perl.spec +++ b/SPECS/perl/perl.spec @@ -62,6 +62,9 @@ # https://bugzilla.redhat.com/show_bug.cgi?id=2043092 %undefine _package_note_file +# Skip module metadata notes for perl due to issue with embedded build ldflags +%undefine mariner_module_ldflags + Name: perl # These are all found licenses. They are distributed among various # subpackages. @@ -124,7 +127,7 @@ License: GPL+ or Artistic Epoch: %{perl_epoch} Version: %{perl_version} # release number must be even higher, because dual-lived modules will be broken otherwise -Release: 487%{?dist} +Release: 488%{?dist} Summary: Practical Extraction and Report Language Url: https://www.perl.org/ Vendor: Microsoft Corporation @@ -6810,6 +6813,9 @@ popd # Old changelog entries are preserved in CVS. %changelog +* Fri May 20 2022 Andrew Phelps - 4:5.34.1-488 +- Undefine "mariner_module_ldflags" to remove references to module_info.ld in embedded ldflags + * Wed Mar 30 2022 Andrew Phelps - 4:5.34.1-487 - Upgrade to version 5.34.1 referencing Fedora 37 (license: MIT) - Removed duplicate requires for perl(:VERSION) from gendep.macros diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 137f58a6b45..b0e7fa43d7b 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -103,64 +103,64 @@ libpipeline-devel-1.5.5-2.cm2.aarch64.rpm gdbm-1.21-1.cm2.aarch64.rpm gdbm-devel-1.21-1.cm2.aarch64.rpm gdbm-lang-1.21-1.cm2.aarch64.rpm -perl-B-1.82-487.cm2.aarch64.rpm -perl-Carp-1.52-487.cm2.noarch.rpm -perl-Class-Struct-0.66-487.cm2.noarch.rpm -perl-Data-Dumper-2.179-487.cm2.aarch64.rpm -perl-DynaLoader-1.50-487.cm2.aarch64.rpm -perl-Encode-3.08-487.cm2.aarch64.rpm -perl-Errno-1.33-487.cm2.aarch64.rpm -perl-Exporter-5.76-487.cm2.noarch.rpm -perl-Fcntl-1.14-487.cm2.aarch64.rpm -perl-File-Basename-2.85-487.cm2.noarch.rpm -perl-File-Compare-1.100.600-487.cm2.noarch.rpm -perl-File-Copy-2.35-487.cm2.noarch.rpm -perl-File-Path-2.18-487.cm2.noarch.rpm -perl-File-Temp-0.231.100-487.cm2.noarch.rpm -perl-File-stat-1.09-487.cm2.noarch.rpm -perl-FileHandle-2.03-487.cm2.noarch.rpm -perl-Getopt-Long-2.52-487.cm2.noarch.rpm -perl-Getopt-Std-1.13-487.cm2.noarch.rpm -perl-HTTP-Tiny-0.076-487.cm2.noarch.rpm -perl-I18N-Langinfo-0.19-487.cm2.aarch64.rpm -perl-IO-1.46-487.cm2.aarch64.rpm -perl-IPC-Open3-1.21-487.cm2.noarch.rpm -perl-MIME-Base64-3.16-487.cm2.aarch64.rpm -perl-POSIX-1.97-487.cm2.aarch64.rpm -perl-PathTools-3.80-487.cm2.aarch64.rpm -perl-Pod-Escapes-1.07-487.cm2.noarch.rpm -perl-Pod-Perldoc-3.28.01-487.cm2.noarch.rpm -perl-Pod-Simple-3.42-487.cm2.noarch.rpm -perl-Pod-Usage-2.01-487.cm2.noarch.rpm -perl-Scalar-List-Utils-1.55-487.cm2.aarch64.rpm -perl-SelectSaver-1.02-487.cm2.noarch.rpm -perl-Socket-2.031-487.cm2.aarch64.rpm -perl-Storable-3.23-487.cm2.aarch64.rpm -perl-Symbol-1.09-487.cm2.noarch.rpm -perl-Term-ANSIColor-5.01-487.cm2.noarch.rpm -perl-Term-Cap-1.17-487.cm2.noarch.rpm -perl-Text-ParseWords-3.30-487.cm2.noarch.rpm -perl-Text-Tabs+Wrap-2013.0523-487.cm2.noarch.rpm -perl-Thread-Queue-3.14-487.cm2.noarch.rpm -perl-Time-Local-1.300-487.cm2.noarch.rpm -perl-Unicode-Normalize-1.28-487.cm2.aarch64.rpm -perl-base-2.27-487.cm2.noarch.rpm -perl-constant-1.33-487.cm2.noarch.rpm -perl-if-0.60.900-487.cm2.noarch.rpm -perl-interpreter-5.34.1-487.cm2.aarch64.rpm -perl-libs-5.34.1-487.cm2.aarch64.rpm -perl-locale-1.10-487.cm2.noarch.rpm -perl-macros-5.34.1-487.cm2.noarch.rpm -perl-mro-1.25-487.cm2.aarch64.rpm -perl-overload-1.33-487.cm2.noarch.rpm -perl-overloading-0.02-487.cm2.noarch.rpm -perl-parent-0.238-487.cm2.noarch.rpm -perl-podlators-4.14-487.cm2.noarch.rpm -perl-subs-1.04-487.cm2.noarch.rpm -perl-threads-2.26-487.cm2.aarch64.rpm -perl-threads-shared-1.62-487.cm2.aarch64.rpm -perl-vars-1.05-487.cm2.noarch.rpm -perl-5.34.1-487.cm2.aarch64.rpm +perl-B-1.82-488.cm2.aarch64.rpm +perl-Carp-1.52-488.cm2.noarch.rpm +perl-Class-Struct-0.66-488.cm2.noarch.rpm +perl-Data-Dumper-2.179-488.cm2.aarch64.rpm +perl-DynaLoader-1.50-488.cm2.aarch64.rpm +perl-Encode-3.08-488.cm2.aarch64.rpm +perl-Errno-1.33-488.cm2.aarch64.rpm +perl-Exporter-5.76-488.cm2.noarch.rpm +perl-Fcntl-1.14-488.cm2.aarch64.rpm +perl-File-Basename-2.85-488.cm2.noarch.rpm +perl-File-Compare-1.100.600-488.cm2.noarch.rpm +perl-File-Copy-2.35-488.cm2.noarch.rpm +perl-File-Path-2.18-488.cm2.noarch.rpm +perl-File-Temp-0.231.100-488.cm2.noarch.rpm +perl-File-stat-1.09-488.cm2.noarch.rpm +perl-FileHandle-2.03-488.cm2.noarch.rpm +perl-Getopt-Long-2.52-488.cm2.noarch.rpm +perl-Getopt-Std-1.13-488.cm2.noarch.rpm +perl-HTTP-Tiny-0.076-488.cm2.noarch.rpm +perl-I18N-Langinfo-0.19-488.cm2.aarch64.rpm +perl-IO-1.46-488.cm2.aarch64.rpm +perl-IPC-Open3-1.21-488.cm2.noarch.rpm +perl-MIME-Base64-3.16-488.cm2.aarch64.rpm +perl-POSIX-1.97-488.cm2.aarch64.rpm +perl-PathTools-3.80-488.cm2.aarch64.rpm +perl-Pod-Escapes-1.07-488.cm2.noarch.rpm +perl-Pod-Perldoc-3.28.01-488.cm2.noarch.rpm +perl-Pod-Simple-3.42-488.cm2.noarch.rpm +perl-Pod-Usage-2.01-488.cm2.noarch.rpm +perl-Scalar-List-Utils-1.55-488.cm2.aarch64.rpm +perl-SelectSaver-1.02-488.cm2.noarch.rpm +perl-Socket-2.031-488.cm2.aarch64.rpm +perl-Storable-3.23-488.cm2.aarch64.rpm +perl-Symbol-1.09-488.cm2.noarch.rpm +perl-Term-ANSIColor-5.01-488.cm2.noarch.rpm +perl-Term-Cap-1.17-488.cm2.noarch.rpm +perl-Text-ParseWords-3.30-488.cm2.noarch.rpm +perl-Text-Tabs+Wrap-2013.0523-488.cm2.noarch.rpm +perl-Thread-Queue-3.14-488.cm2.noarch.rpm +perl-Time-Local-1.300-488.cm2.noarch.rpm +perl-Unicode-Normalize-1.28-488.cm2.aarch64.rpm +perl-base-2.27-488.cm2.noarch.rpm +perl-constant-1.33-488.cm2.noarch.rpm +perl-if-0.60.900-488.cm2.noarch.rpm +perl-interpreter-5.34.1-488.cm2.aarch64.rpm +perl-libs-5.34.1-488.cm2.aarch64.rpm +perl-locale-1.10-488.cm2.noarch.rpm +perl-macros-5.34.1-488.cm2.noarch.rpm +perl-mro-1.25-488.cm2.aarch64.rpm +perl-overload-1.33-488.cm2.noarch.rpm +perl-overloading-0.02-488.cm2.noarch.rpm +perl-parent-0.238-488.cm2.noarch.rpm +perl-podlators-4.14-488.cm2.noarch.rpm +perl-subs-1.04-488.cm2.noarch.rpm +perl-threads-2.26-488.cm2.aarch64.rpm +perl-threads-shared-1.62-488.cm2.aarch64.rpm +perl-vars-1.05-488.cm2.noarch.rpm +perl-5.34.1-488.cm2.aarch64.rpm texinfo-6.8-1.cm2.aarch64.rpm gtk-doc-1.33.2-1.cm2.noarch.rpm autoconf-2.71-3.cm2.noarch.rpm @@ -208,8 +208,8 @@ pcre-8.45-2.cm2.aarch64.rpm pcre-libs-8.45-2.cm2.aarch64.rpm lua-5.4.3-2.cm2.aarch64.rpm lua-libs-5.4.3-2.cm2.aarch64.rpm -mariner-rpm-macros-2.0-14.cm2.noarch.rpm -mariner-check-macros-2.0-14.cm2.noarch.rpm +mariner-rpm-macros-2.0-15.cm2.noarch.rpm +mariner-check-macros-2.0-15.cm2.noarch.rpm libassuan-2.5.5-2.cm2.aarch64.rpm libassuan-devel-2.5.5-2.cm2.aarch64.rpm libgpg-error-1.43-2.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 4dff78c4d87..41161553813 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -103,64 +103,64 @@ libpipeline-devel-1.5.5-2.cm2.x86_64.rpm gdbm-1.21-1.cm2.x86_64.rpm gdbm-devel-1.21-1.cm2.x86_64.rpm gdbm-lang-1.21-1.cm2.x86_64.rpm -perl-B-1.82-487.cm2.x86_64.rpm -perl-Carp-1.52-487.cm2.noarch.rpm -perl-Class-Struct-0.66-487.cm2.noarch.rpm -perl-Data-Dumper-2.179-487.cm2.x86_64.rpm -perl-DynaLoader-1.50-487.cm2.x86_64.rpm -perl-Encode-3.08-487.cm2.x86_64.rpm -perl-Errno-1.33-487.cm2.x86_64.rpm -perl-Exporter-5.76-487.cm2.noarch.rpm -perl-Fcntl-1.14-487.cm2.x86_64.rpm -perl-File-Basename-2.85-487.cm2.noarch.rpm -perl-File-Compare-1.100.600-487.cm2.noarch.rpm -perl-File-Copy-2.35-487.cm2.noarch.rpm -perl-File-Path-2.18-487.cm2.noarch.rpm -perl-File-Temp-0.231.100-487.cm2.noarch.rpm -perl-File-stat-1.09-487.cm2.noarch.rpm -perl-FileHandle-2.03-487.cm2.noarch.rpm -perl-Getopt-Long-2.52-487.cm2.noarch.rpm -perl-Getopt-Std-1.13-487.cm2.noarch.rpm -perl-HTTP-Tiny-0.076-487.cm2.noarch.rpm -perl-I18N-Langinfo-0.19-487.cm2.x86_64.rpm -perl-IO-1.46-487.cm2.x86_64.rpm -perl-IPC-Open3-1.21-487.cm2.noarch.rpm -perl-MIME-Base64-3.16-487.cm2.x86_64.rpm -perl-POSIX-1.97-487.cm2.x86_64.rpm -perl-PathTools-3.80-487.cm2.x86_64.rpm -perl-Pod-Escapes-1.07-487.cm2.noarch.rpm -perl-Pod-Perldoc-3.28.01-487.cm2.noarch.rpm -perl-Pod-Simple-3.42-487.cm2.noarch.rpm -perl-Pod-Usage-2.01-487.cm2.noarch.rpm -perl-Scalar-List-Utils-1.55-487.cm2.x86_64.rpm -perl-SelectSaver-1.02-487.cm2.noarch.rpm -perl-Socket-2.031-487.cm2.x86_64.rpm -perl-Storable-3.23-487.cm2.x86_64.rpm -perl-Symbol-1.09-487.cm2.noarch.rpm -perl-Term-ANSIColor-5.01-487.cm2.noarch.rpm -perl-Term-Cap-1.17-487.cm2.noarch.rpm -perl-Text-ParseWords-3.30-487.cm2.noarch.rpm -perl-Text-Tabs+Wrap-2013.0523-487.cm2.noarch.rpm -perl-Thread-Queue-3.14-487.cm2.noarch.rpm -perl-Time-Local-1.300-487.cm2.noarch.rpm -perl-Unicode-Normalize-1.28-487.cm2.x86_64.rpm -perl-base-2.27-487.cm2.noarch.rpm -perl-constant-1.33-487.cm2.noarch.rpm -perl-if-0.60.900-487.cm2.noarch.rpm -perl-interpreter-5.34.1-487.cm2.x86_64.rpm -perl-libs-5.34.1-487.cm2.x86_64.rpm -perl-locale-1.10-487.cm2.noarch.rpm -perl-macros-5.34.1-487.cm2.noarch.rpm -perl-mro-1.25-487.cm2.x86_64.rpm -perl-overload-1.33-487.cm2.noarch.rpm -perl-overloading-0.02-487.cm2.noarch.rpm -perl-parent-0.238-487.cm2.noarch.rpm -perl-podlators-4.14-487.cm2.noarch.rpm -perl-subs-1.04-487.cm2.noarch.rpm -perl-threads-2.26-487.cm2.x86_64.rpm -perl-threads-shared-1.62-487.cm2.x86_64.rpm -perl-vars-1.05-487.cm2.noarch.rpm -perl-5.34.1-487.cm2.x86_64.rpm +perl-B-1.82-488.cm2.x86_64.rpm +perl-Carp-1.52-488.cm2.noarch.rpm +perl-Class-Struct-0.66-488.cm2.noarch.rpm +perl-Data-Dumper-2.179-488.cm2.x86_64.rpm +perl-DynaLoader-1.50-488.cm2.x86_64.rpm +perl-Encode-3.08-488.cm2.x86_64.rpm +perl-Errno-1.33-488.cm2.x86_64.rpm +perl-Exporter-5.76-488.cm2.noarch.rpm +perl-Fcntl-1.14-488.cm2.x86_64.rpm +perl-File-Basename-2.85-488.cm2.noarch.rpm +perl-File-Compare-1.100.600-488.cm2.noarch.rpm +perl-File-Copy-2.35-488.cm2.noarch.rpm +perl-File-Path-2.18-488.cm2.noarch.rpm +perl-File-Temp-0.231.100-488.cm2.noarch.rpm +perl-File-stat-1.09-488.cm2.noarch.rpm +perl-FileHandle-2.03-488.cm2.noarch.rpm +perl-Getopt-Long-2.52-488.cm2.noarch.rpm +perl-Getopt-Std-1.13-488.cm2.noarch.rpm +perl-HTTP-Tiny-0.076-488.cm2.noarch.rpm +perl-I18N-Langinfo-0.19-488.cm2.x86_64.rpm +perl-IO-1.46-488.cm2.x86_64.rpm +perl-IPC-Open3-1.21-488.cm2.noarch.rpm +perl-MIME-Base64-3.16-488.cm2.x86_64.rpm +perl-POSIX-1.97-488.cm2.x86_64.rpm +perl-PathTools-3.80-488.cm2.x86_64.rpm +perl-Pod-Escapes-1.07-488.cm2.noarch.rpm +perl-Pod-Perldoc-3.28.01-488.cm2.noarch.rpm +perl-Pod-Simple-3.42-488.cm2.noarch.rpm +perl-Pod-Usage-2.01-488.cm2.noarch.rpm +perl-Scalar-List-Utils-1.55-488.cm2.x86_64.rpm +perl-SelectSaver-1.02-488.cm2.noarch.rpm +perl-Socket-2.031-488.cm2.x86_64.rpm +perl-Storable-3.23-488.cm2.x86_64.rpm +perl-Symbol-1.09-488.cm2.noarch.rpm +perl-Term-ANSIColor-5.01-488.cm2.noarch.rpm +perl-Term-Cap-1.17-488.cm2.noarch.rpm +perl-Text-ParseWords-3.30-488.cm2.noarch.rpm +perl-Text-Tabs+Wrap-2013.0523-488.cm2.noarch.rpm +perl-Thread-Queue-3.14-488.cm2.noarch.rpm +perl-Time-Local-1.300-488.cm2.noarch.rpm +perl-Unicode-Normalize-1.28-488.cm2.x86_64.rpm +perl-base-2.27-488.cm2.noarch.rpm +perl-constant-1.33-488.cm2.noarch.rpm +perl-if-0.60.900-488.cm2.noarch.rpm +perl-interpreter-5.34.1-488.cm2.x86_64.rpm +perl-libs-5.34.1-488.cm2.x86_64.rpm +perl-locale-1.10-488.cm2.noarch.rpm +perl-macros-5.34.1-488.cm2.noarch.rpm +perl-mro-1.25-488.cm2.x86_64.rpm +perl-overload-1.33-488.cm2.noarch.rpm +perl-overloading-0.02-488.cm2.noarch.rpm +perl-parent-0.238-488.cm2.noarch.rpm +perl-podlators-4.14-488.cm2.noarch.rpm +perl-subs-1.04-488.cm2.noarch.rpm +perl-threads-2.26-488.cm2.x86_64.rpm +perl-threads-shared-1.62-488.cm2.x86_64.rpm +perl-vars-1.05-488.cm2.noarch.rpm +perl-5.34.1-488.cm2.x86_64.rpm texinfo-6.8-1.cm2.x86_64.rpm gtk-doc-1.33.2-1.cm2.noarch.rpm autoconf-2.71-3.cm2.noarch.rpm @@ -208,8 +208,8 @@ pcre-8.45-2.cm2.x86_64.rpm pcre-libs-8.45-2.cm2.x86_64.rpm lua-5.4.3-2.cm2.x86_64.rpm lua-libs-5.4.3-2.cm2.x86_64.rpm -mariner-rpm-macros-2.0-14.cm2.noarch.rpm -mariner-check-macros-2.0-14.cm2.noarch.rpm +mariner-rpm-macros-2.0-15.cm2.noarch.rpm +mariner-check-macros-2.0-15.cm2.noarch.rpm libassuan-2.5.5-2.cm2.x86_64.rpm libassuan-devel-2.5.5-2.cm2.x86_64.rpm libgpg-error-1.43-2.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index b67a281566b..73dfb01a06b 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -220,7 +220,7 @@ m4-1.4.19-1.cm2.aarch64.rpm m4-debuginfo-1.4.19-1.cm2.aarch64.rpm make-4.3-2.cm2.aarch64.rpm make-debuginfo-4.3-2.cm2.aarch64.rpm -mariner-check-macros-2.0-14.cm2.noarch.rpm +mariner-check-macros-2.0-15.cm2.noarch.rpm mariner-repos-2.0-7.cm2.noarch.rpm mariner-repos-debug-2.0-7.cm2.noarch.rpm mariner-repos-debug-preview-2.0-7.cm2.noarch.rpm @@ -234,7 +234,7 @@ mariner-repos-microsoft-2.0-7.cm2.noarch.rpm mariner-repos-microsoft-preview-2.0-7.cm2.noarch.rpm mariner-repos-preview-2.0-7.cm2.noarch.rpm mariner-repos-shared-2.0-7.cm2.noarch.rpm -mariner-rpm-macros-2.0-14.cm2.noarch.rpm +mariner-rpm-macros-2.0-15.cm2.noarch.rpm meson-0.60.2-2.cm2.noarch.rpm mpfr-4.1.0-1.cm2.aarch64.rpm mpfr-debuginfo-4.1.0-1.cm2.aarch64.rpm @@ -280,207 +280,207 @@ pcre-8.45-2.cm2.aarch64.rpm pcre-debuginfo-8.45-2.cm2.aarch64.rpm pcre-devel-8.45-2.cm2.aarch64.rpm pcre-libs-8.45-2.cm2.aarch64.rpm -perl-5.34.1-487.cm2.aarch64.rpm -perl-Archive-Tar-2.38-487.cm2.noarch.rpm -perl-Attribute-Handlers-1.01-487.cm2.noarch.rpm -perl-autodie-2.34-487.cm2.noarch.rpm -perl-AutoLoader-5.74-487.cm2.noarch.rpm -perl-AutoSplit-5.74-487.cm2.noarch.rpm -perl-autouse-1.11-487.cm2.noarch.rpm -perl-B-1.82-487.cm2.aarch64.rpm -perl-base-2.27-487.cm2.noarch.rpm -perl-Benchmark-1.23-487.cm2.noarch.rpm -perl-bignum-0.51-487.cm2.noarch.rpm -perl-blib-1.07-487.cm2.noarch.rpm -perl-Carp-1.52-487.cm2.noarch.rpm -perl-Class-Struct-0.66-487.cm2.noarch.rpm -perl-Compress-Raw-Bzip2-2.101-487.cm2.aarch64.rpm -perl-Compress-Raw-Zlib-2.101-487.cm2.aarch64.rpm -perl-Config-Extensions-0.03-487.cm2.noarch.rpm -perl-Config-Perl-V-0.33-487.cm2.noarch.rpm -perl-constant-1.33-487.cm2.noarch.rpm -perl-CPAN-2.28-487.cm2.noarch.rpm -perl-CPAN-Meta-2.150010-487.cm2.noarch.rpm -perl-CPAN-Meta-Requirements-2.140-487.cm2.noarch.rpm -perl-CPAN-Meta-YAML-0.018-487.cm2.noarch.rpm -perl-Data-Dumper-2.179-487.cm2.aarch64.rpm +perl-5.34.1-488.cm2.aarch64.rpm +perl-Archive-Tar-2.38-488.cm2.noarch.rpm +perl-Attribute-Handlers-1.01-488.cm2.noarch.rpm +perl-autodie-2.34-488.cm2.noarch.rpm +perl-AutoLoader-5.74-488.cm2.noarch.rpm +perl-AutoSplit-5.74-488.cm2.noarch.rpm +perl-autouse-1.11-488.cm2.noarch.rpm +perl-B-1.82-488.cm2.aarch64.rpm +perl-base-2.27-488.cm2.noarch.rpm +perl-Benchmark-1.23-488.cm2.noarch.rpm +perl-bignum-0.51-488.cm2.noarch.rpm +perl-blib-1.07-488.cm2.noarch.rpm +perl-Carp-1.52-488.cm2.noarch.rpm +perl-Class-Struct-0.66-488.cm2.noarch.rpm +perl-Compress-Raw-Bzip2-2.101-488.cm2.aarch64.rpm +perl-Compress-Raw-Zlib-2.101-488.cm2.aarch64.rpm +perl-Config-Extensions-0.03-488.cm2.noarch.rpm +perl-Config-Perl-V-0.33-488.cm2.noarch.rpm +perl-constant-1.33-488.cm2.noarch.rpm +perl-CPAN-2.28-488.cm2.noarch.rpm +perl-CPAN-Meta-2.150010-488.cm2.noarch.rpm +perl-CPAN-Meta-Requirements-2.140-488.cm2.noarch.rpm +perl-CPAN-Meta-YAML-0.018-488.cm2.noarch.rpm +perl-Data-Dumper-2.179-488.cm2.aarch64.rpm perl-DBD-SQLite-1.70-1.cm2.aarch64.rpm perl-DBD-SQLite-debuginfo-1.70-1.cm2.aarch64.rpm perl-DBI-1.643-1.cm2.aarch64.rpm perl-DBI-debuginfo-1.643-1.cm2.aarch64.rpm perl-DBIx-Simple-1.37-5.cm2.noarch.rpm -perl-DBM_Filter-0.06-487.cm2.noarch.rpm -perl-debugger-1.60-487.cm2.noarch.rpm -perl-debuginfo-5.34.1-487.cm2.aarch64.rpm -perl-deprecate-0.04-487.cm2.noarch.rpm -perl-devel-5.34.1-487.cm2.aarch64.rpm -perl-Devel-Peek-1.30-487.cm2.aarch64.rpm -perl-Devel-PPPort-3.62-487.cm2.aarch64.rpm -perl-Devel-SelfStubber-1.06-487.cm2.noarch.rpm -perl-diagnostics-1.37-487.cm2.noarch.rpm -perl-Digest-1.19-487.cm2.noarch.rpm -perl-Digest-MD5-2.58-487.cm2.aarch64.rpm -perl-Digest-SHA-6.02-487.cm2.aarch64.rpm -perl-DirHandle-1.05-487.cm2.noarch.rpm -perl-doc-5.34.1-487.cm2.noarch.rpm -perl-Dumpvalue-2.27-487.cm2.noarch.rpm -perl-DynaLoader-1.50-487.cm2.aarch64.rpm -perl-Encode-3.08-487.cm2.aarch64.rpm -perl-Encode-devel-3.08-487.cm2.noarch.rpm -perl-encoding-3.00-487.cm2.aarch64.rpm -perl-encoding-warnings-0.13-487.cm2.noarch.rpm -perl-English-1.11-487.cm2.noarch.rpm -perl-Env-1.05-487.cm2.noarch.rpm -perl-Errno-1.33-487.cm2.aarch64.rpm -perl-experimental-0.024-487.cm2.noarch.rpm -perl-Exporter-5.76-487.cm2.noarch.rpm -perl-ExtUtils-CBuilder-0.280236-487.cm2.noarch.rpm -perl-ExtUtils-Command-7.62-487.cm2.noarch.rpm -perl-ExtUtils-Constant-0.25-487.cm2.noarch.rpm -perl-ExtUtils-Embed-1.35-487.cm2.noarch.rpm -perl-ExtUtils-Install-2.20-487.cm2.noarch.rpm -perl-ExtUtils-MakeMaker-7.62-487.cm2.noarch.rpm -perl-ExtUtils-Manifest-1.73-487.cm2.noarch.rpm -perl-ExtUtils-Miniperl-1.10-487.cm2.noarch.rpm -perl-ExtUtils-MM-Utils-7.44-487.cm2.noarch.rpm -perl-ExtUtils-ParseXS-3.43-487.cm2.noarch.rpm -perl-Fcntl-1.14-487.cm2.aarch64.rpm +perl-DBM_Filter-0.06-488.cm2.noarch.rpm +perl-debugger-1.60-488.cm2.noarch.rpm +perl-debuginfo-5.34.1-488.cm2.aarch64.rpm +perl-deprecate-0.04-488.cm2.noarch.rpm +perl-devel-5.34.1-488.cm2.aarch64.rpm +perl-Devel-Peek-1.30-488.cm2.aarch64.rpm +perl-Devel-PPPort-3.62-488.cm2.aarch64.rpm +perl-Devel-SelfStubber-1.06-488.cm2.noarch.rpm +perl-diagnostics-1.37-488.cm2.noarch.rpm +perl-Digest-1.19-488.cm2.noarch.rpm +perl-Digest-MD5-2.58-488.cm2.aarch64.rpm +perl-Digest-SHA-6.02-488.cm2.aarch64.rpm +perl-DirHandle-1.05-488.cm2.noarch.rpm +perl-doc-5.34.1-488.cm2.noarch.rpm +perl-Dumpvalue-2.27-488.cm2.noarch.rpm +perl-DynaLoader-1.50-488.cm2.aarch64.rpm +perl-Encode-3.08-488.cm2.aarch64.rpm +perl-Encode-devel-3.08-488.cm2.noarch.rpm +perl-encoding-3.00-488.cm2.aarch64.rpm +perl-encoding-warnings-0.13-488.cm2.noarch.rpm +perl-English-1.11-488.cm2.noarch.rpm +perl-Env-1.05-488.cm2.noarch.rpm +perl-Errno-1.33-488.cm2.aarch64.rpm +perl-experimental-0.024-488.cm2.noarch.rpm +perl-Exporter-5.76-488.cm2.noarch.rpm +perl-ExtUtils-CBuilder-0.280236-488.cm2.noarch.rpm +perl-ExtUtils-Command-7.62-488.cm2.noarch.rpm +perl-ExtUtils-Constant-0.25-488.cm2.noarch.rpm +perl-ExtUtils-Embed-1.35-488.cm2.noarch.rpm +perl-ExtUtils-Install-2.20-488.cm2.noarch.rpm +perl-ExtUtils-MakeMaker-7.62-488.cm2.noarch.rpm +perl-ExtUtils-Manifest-1.73-488.cm2.noarch.rpm +perl-ExtUtils-Miniperl-1.10-488.cm2.noarch.rpm +perl-ExtUtils-MM-Utils-7.44-488.cm2.noarch.rpm +perl-ExtUtils-ParseXS-3.43-488.cm2.noarch.rpm +perl-Fcntl-1.14-488.cm2.aarch64.rpm perl-Fedora-VSP-0.001-18.cm2.noarch.rpm -perl-fields-2.27-487.cm2.noarch.rpm -perl-File-Basename-2.85-487.cm2.noarch.rpm -perl-File-Compare-1.100.600-487.cm2.noarch.rpm -perl-File-Copy-2.35-487.cm2.noarch.rpm -perl-File-DosGlob-1.12-487.cm2.aarch64.rpm -perl-File-Fetch-1.00-487.cm2.noarch.rpm -perl-File-Find-1.39-487.cm2.noarch.rpm -perl-File-Path-2.18-487.cm2.noarch.rpm -perl-File-stat-1.09-487.cm2.noarch.rpm -perl-File-Temp-0.231.100-487.cm2.noarch.rpm -perl-FileCache-1.10-487.cm2.noarch.rpm -perl-FileHandle-2.03-487.cm2.noarch.rpm -perl-filetest-1.03-487.cm2.noarch.rpm -perl-Filter-1.59-487.cm2.aarch64.rpm -perl-Filter-Simple-0.96-487.cm2.noarch.rpm -perl-FindBin-1.52-487.cm2.noarch.rpm -perl-GDBM_File-1.19-487.cm2.aarch64.rpm +perl-fields-2.27-488.cm2.noarch.rpm +perl-File-Basename-2.85-488.cm2.noarch.rpm +perl-File-Compare-1.100.600-488.cm2.noarch.rpm +perl-File-Copy-2.35-488.cm2.noarch.rpm +perl-File-DosGlob-1.12-488.cm2.aarch64.rpm +perl-File-Fetch-1.00-488.cm2.noarch.rpm +perl-File-Find-1.39-488.cm2.noarch.rpm +perl-File-Path-2.18-488.cm2.noarch.rpm +perl-File-stat-1.09-488.cm2.noarch.rpm +perl-File-Temp-0.231.100-488.cm2.noarch.rpm +perl-FileCache-1.10-488.cm2.noarch.rpm +perl-FileHandle-2.03-488.cm2.noarch.rpm +perl-filetest-1.03-488.cm2.noarch.rpm +perl-Filter-1.59-488.cm2.aarch64.rpm +perl-Filter-Simple-0.96-488.cm2.noarch.rpm +perl-FindBin-1.52-488.cm2.noarch.rpm +perl-GDBM_File-1.19-488.cm2.aarch64.rpm perl-generators-1.11-8.cm2.noarch.rpm -perl-Getopt-Long-2.52-487.cm2.noarch.rpm -perl-Getopt-Std-1.13-487.cm2.noarch.rpm -perl-Hash-Util-0.25-487.cm2.aarch64.rpm -perl-Hash-Util-FieldHash-1.21-487.cm2.aarch64.rpm -perl-HTTP-Tiny-0.076-487.cm2.noarch.rpm -perl-I18N-Collate-1.02-487.cm2.noarch.rpm -perl-I18N-Langinfo-0.19-487.cm2.aarch64.rpm -perl-I18N-LangTags-0.45-487.cm2.noarch.rpm -perl-if-0.60.900-487.cm2.noarch.rpm -perl-interpreter-5.34.1-487.cm2.aarch64.rpm -perl-IO-1.46-487.cm2.aarch64.rpm -perl-IO-Compress-2.102-487.cm2.noarch.rpm -perl-IO-Socket-IP-0.41-487.cm2.noarch.rpm -perl-IO-Zlib-1.11-487.cm2.noarch.rpm -perl-IPC-Cmd-1.04-487.cm2.noarch.rpm -perl-IPC-Open3-1.21-487.cm2.noarch.rpm -perl-IPC-SysV-2.09-487.cm2.aarch64.rpm -perl-JSON-PP-4.06-487.cm2.noarch.rpm -perl-less-0.03-487.cm2.noarch.rpm -perl-lib-0.65-487.cm2.aarch64.rpm +perl-Getopt-Long-2.52-488.cm2.noarch.rpm +perl-Getopt-Std-1.13-488.cm2.noarch.rpm +perl-Hash-Util-0.25-488.cm2.aarch64.rpm +perl-Hash-Util-FieldHash-1.21-488.cm2.aarch64.rpm +perl-HTTP-Tiny-0.076-488.cm2.noarch.rpm +perl-I18N-Collate-1.02-488.cm2.noarch.rpm +perl-I18N-Langinfo-0.19-488.cm2.aarch64.rpm +perl-I18N-LangTags-0.45-488.cm2.noarch.rpm +perl-if-0.60.900-488.cm2.noarch.rpm +perl-interpreter-5.34.1-488.cm2.aarch64.rpm +perl-IO-1.46-488.cm2.aarch64.rpm +perl-IO-Compress-2.102-488.cm2.noarch.rpm +perl-IO-Socket-IP-0.41-488.cm2.noarch.rpm +perl-IO-Zlib-1.11-488.cm2.noarch.rpm +perl-IPC-Cmd-1.04-488.cm2.noarch.rpm +perl-IPC-Open3-1.21-488.cm2.noarch.rpm +perl-IPC-SysV-2.09-488.cm2.aarch64.rpm +perl-JSON-PP-4.06-488.cm2.noarch.rpm +perl-less-0.03-488.cm2.noarch.rpm +perl-lib-0.65-488.cm2.aarch64.rpm perl-libintl-perl-1.32-1.cm2.aarch64.rpm perl-libintl-perl-debuginfo-1.32-1.cm2.aarch64.rpm -perl-libnet-3.13-487.cm2.noarch.rpm -perl-libnetcfg-5.34.1-487.cm2.noarch.rpm -perl-libs-5.34.1-487.cm2.aarch64.rpm -perl-locale-1.10-487.cm2.noarch.rpm -perl-Locale-Maketext-1.29-487.cm2.noarch.rpm -perl-Locale-Maketext-Simple-0.21-487.cm2.noarch.rpm -perl-macros-5.34.1-487.cm2.noarch.rpm -perl-Math-BigInt-1.9998.18-487.cm2.noarch.rpm -perl-Math-BigInt-FastCalc-0.500.900-487.cm2.aarch64.rpm -perl-Math-BigRat-0.2614-487.cm2.noarch.rpm -perl-Math-Complex-1.59-487.cm2.noarch.rpm -perl-Memoize-1.03-487.cm2.noarch.rpm -perl-meta-notation-5.34.1-487.cm2.noarch.rpm -perl-MIME-Base64-3.16-487.cm2.aarch64.rpm -perl-Module-CoreList-5.20220313-487.cm2.noarch.rpm -perl-Module-CoreList-tools-5.20220313-487.cm2.noarch.rpm -perl-Module-Load-0.36-487.cm2.noarch.rpm -perl-Module-Load-Conditional-0.74-487.cm2.noarch.rpm -perl-Module-Loaded-0.08-487.cm2.noarch.rpm -perl-Module-Metadata-1.000037-487.cm2.noarch.rpm -perl-mro-1.25-487.cm2.aarch64.rpm -perl-NDBM_File-1.15-487.cm2.aarch64.rpm -perl-Net-1.02-487.cm2.noarch.rpm -perl-Net-Ping-2.74-487.cm2.noarch.rpm -perl-NEXT-0.68-487.cm2.noarch.rpm +perl-libnet-3.13-488.cm2.noarch.rpm +perl-libnetcfg-5.34.1-488.cm2.noarch.rpm +perl-libs-5.34.1-488.cm2.aarch64.rpm +perl-locale-1.10-488.cm2.noarch.rpm +perl-Locale-Maketext-1.29-488.cm2.noarch.rpm +perl-Locale-Maketext-Simple-0.21-488.cm2.noarch.rpm +perl-macros-5.34.1-488.cm2.noarch.rpm +perl-Math-BigInt-1.9998.18-488.cm2.noarch.rpm +perl-Math-BigInt-FastCalc-0.500.900-488.cm2.aarch64.rpm +perl-Math-BigRat-0.2614-488.cm2.noarch.rpm +perl-Math-Complex-1.59-488.cm2.noarch.rpm +perl-Memoize-1.03-488.cm2.noarch.rpm +perl-meta-notation-5.34.1-488.cm2.noarch.rpm +perl-MIME-Base64-3.16-488.cm2.aarch64.rpm +perl-Module-CoreList-5.20220313-488.cm2.noarch.rpm +perl-Module-CoreList-tools-5.20220313-488.cm2.noarch.rpm +perl-Module-Load-0.36-488.cm2.noarch.rpm +perl-Module-Load-Conditional-0.74-488.cm2.noarch.rpm +perl-Module-Loaded-0.08-488.cm2.noarch.rpm +perl-Module-Metadata-1.000037-488.cm2.noarch.rpm +perl-mro-1.25-488.cm2.aarch64.rpm +perl-NDBM_File-1.15-488.cm2.aarch64.rpm +perl-Net-1.02-488.cm2.noarch.rpm +perl-Net-Ping-2.74-488.cm2.noarch.rpm +perl-NEXT-0.68-488.cm2.noarch.rpm perl-Object-Accessor-0.48-8.cm2.noarch.rpm -perl-ODBM_File-1.17-487.cm2.aarch64.rpm -perl-Opcode-1.50-487.cm2.aarch64.rpm -perl-open-1.12-487.cm2.noarch.rpm -perl-overload-1.33-487.cm2.noarch.rpm -perl-overloading-0.02-487.cm2.noarch.rpm -perl-Params-Check-0.38-487.cm2.noarch.rpm -perl-parent-0.238-487.cm2.noarch.rpm -perl-PathTools-3.80-487.cm2.aarch64.rpm -perl-Perl-OSType-1.010-487.cm2.noarch.rpm -perl-perlfaq-5.20210411-487.cm2.noarch.rpm -perl-PerlIO-via-QuotedPrint-0.09-487.cm2.noarch.rpm -perl-ph-5.34.1-487.cm2.aarch64.rpm -perl-Pod-Checker-1.74-487.cm2.noarch.rpm -perl-Pod-Escapes-1.07-487.cm2.noarch.rpm -perl-Pod-Functions-1.13-487.cm2.noarch.rpm -perl-Pod-Html-1.27-487.cm2.noarch.rpm -perl-Pod-Perldoc-3.28.01-487.cm2.noarch.rpm -perl-Pod-Simple-3.42-487.cm2.noarch.rpm -perl-Pod-Usage-2.01-487.cm2.noarch.rpm -perl-podlators-4.14-487.cm2.noarch.rpm -perl-POSIX-1.97-487.cm2.aarch64.rpm -perl-Safe-2.43-487.cm2.noarch.rpm -perl-Scalar-List-Utils-1.55-487.cm2.aarch64.rpm -perl-Search-Dict-1.07-487.cm2.noarch.rpm -perl-SelectSaver-1.02-487.cm2.noarch.rpm -perl-SelfLoader-1.26-487.cm2.noarch.rpm -perl-sigtrap-1.09-487.cm2.noarch.rpm -perl-Socket-2.031-487.cm2.aarch64.rpm -perl-sort-2.04-487.cm2.noarch.rpm -perl-Storable-3.23-487.cm2.aarch64.rpm -perl-subs-1.04-487.cm2.noarch.rpm -perl-Symbol-1.09-487.cm2.noarch.rpm -perl-Sys-Hostname-1.23-487.cm2.aarch64.rpm -perl-Sys-Syslog-0.36-487.cm2.aarch64.rpm -perl-Term-ANSIColor-5.01-487.cm2.noarch.rpm -perl-Term-Cap-1.17-487.cm2.noarch.rpm -perl-Term-Complete-1.403-487.cm2.noarch.rpm -perl-Term-ReadLine-1.17-487.cm2.noarch.rpm -perl-Test-1.31-487.cm2.noarch.rpm -perl-Test-Harness-3.43-487.cm2.noarch.rpm -perl-Test-Simple-1.302183-487.cm2.noarch.rpm +perl-ODBM_File-1.17-488.cm2.aarch64.rpm +perl-Opcode-1.50-488.cm2.aarch64.rpm +perl-open-1.12-488.cm2.noarch.rpm +perl-overload-1.33-488.cm2.noarch.rpm +perl-overloading-0.02-488.cm2.noarch.rpm +perl-Params-Check-0.38-488.cm2.noarch.rpm +perl-parent-0.238-488.cm2.noarch.rpm +perl-PathTools-3.80-488.cm2.aarch64.rpm +perl-Perl-OSType-1.010-488.cm2.noarch.rpm +perl-perlfaq-5.20210411-488.cm2.noarch.rpm +perl-PerlIO-via-QuotedPrint-0.09-488.cm2.noarch.rpm +perl-ph-5.34.1-488.cm2.aarch64.rpm +perl-Pod-Checker-1.74-488.cm2.noarch.rpm +perl-Pod-Escapes-1.07-488.cm2.noarch.rpm +perl-Pod-Functions-1.13-488.cm2.noarch.rpm +perl-Pod-Html-1.27-488.cm2.noarch.rpm +perl-Pod-Perldoc-3.28.01-488.cm2.noarch.rpm +perl-Pod-Simple-3.42-488.cm2.noarch.rpm +perl-Pod-Usage-2.01-488.cm2.noarch.rpm +perl-podlators-4.14-488.cm2.noarch.rpm +perl-POSIX-1.97-488.cm2.aarch64.rpm +perl-Safe-2.43-488.cm2.noarch.rpm +perl-Scalar-List-Utils-1.55-488.cm2.aarch64.rpm +perl-Search-Dict-1.07-488.cm2.noarch.rpm +perl-SelectSaver-1.02-488.cm2.noarch.rpm +perl-SelfLoader-1.26-488.cm2.noarch.rpm +perl-sigtrap-1.09-488.cm2.noarch.rpm +perl-Socket-2.031-488.cm2.aarch64.rpm +perl-sort-2.04-488.cm2.noarch.rpm +perl-Storable-3.23-488.cm2.aarch64.rpm +perl-subs-1.04-488.cm2.noarch.rpm +perl-Symbol-1.09-488.cm2.noarch.rpm +perl-Sys-Hostname-1.23-488.cm2.aarch64.rpm +perl-Sys-Syslog-0.36-488.cm2.aarch64.rpm +perl-Term-ANSIColor-5.01-488.cm2.noarch.rpm +perl-Term-Cap-1.17-488.cm2.noarch.rpm +perl-Term-Complete-1.403-488.cm2.noarch.rpm +perl-Term-ReadLine-1.17-488.cm2.noarch.rpm +perl-Test-1.31-488.cm2.noarch.rpm +perl-Test-Harness-3.43-488.cm2.noarch.rpm +perl-Test-Simple-1.302183-488.cm2.noarch.rpm perl-Test-Warnings-0.031-1.cm2.noarch.rpm -perl-tests-5.34.1-487.cm2.aarch64.rpm -perl-Text-Abbrev-1.02-487.cm2.noarch.rpm -perl-Text-Balanced-2.04-487.cm2.noarch.rpm -perl-Text-ParseWords-3.30-487.cm2.noarch.rpm -perl-Text-Tabs+Wrap-2013.0523-487.cm2.noarch.rpm +perl-tests-5.34.1-488.cm2.aarch64.rpm +perl-Text-Abbrev-1.02-488.cm2.noarch.rpm +perl-Text-Balanced-2.04-488.cm2.noarch.rpm +perl-Text-ParseWords-3.30-488.cm2.noarch.rpm +perl-Text-Tabs+Wrap-2013.0523-488.cm2.noarch.rpm perl-Text-Template-1.60-1.cm2.noarch.rpm -perl-Thread-3.05-487.cm2.noarch.rpm -perl-Thread-Queue-3.14-487.cm2.noarch.rpm -perl-Thread-Semaphore-2.13-487.cm2.noarch.rpm -perl-threads-2.26-487.cm2.aarch64.rpm -perl-threads-shared-1.62-487.cm2.aarch64.rpm -perl-Tie-4.6-487.cm2.noarch.rpm -perl-Tie-File-1.06-487.cm2.noarch.rpm -perl-Tie-Memoize-1.1-487.cm2.noarch.rpm -perl-Tie-RefHash-1.40-487.cm2.noarch.rpm -perl-Time-1.03-487.cm2.noarch.rpm -perl-Time-HiRes-1.9767-487.cm2.aarch64.rpm -perl-Time-Local-1.300-487.cm2.noarch.rpm -perl-Time-Piece-1.3401-487.cm2.aarch64.rpm -perl-Unicode-Collate-1.29-487.cm2.aarch64.rpm -perl-Unicode-Normalize-1.28-487.cm2.aarch64.rpm -perl-Unicode-UCD-0.75-487.cm2.noarch.rpm -perl-User-pwent-1.03-487.cm2.noarch.rpm -perl-utils-5.34.1-487.cm2.noarch.rpm -perl-vars-1.05-487.cm2.noarch.rpm -perl-version-0.99.28-487.cm2.noarch.rpm -perl-vmsish-1.04-487.cm2.noarch.rpm +perl-Thread-3.05-488.cm2.noarch.rpm +perl-Thread-Queue-3.14-488.cm2.noarch.rpm +perl-Thread-Semaphore-2.13-488.cm2.noarch.rpm +perl-threads-2.26-488.cm2.aarch64.rpm +perl-threads-shared-1.62-488.cm2.aarch64.rpm +perl-Tie-4.6-488.cm2.noarch.rpm +perl-Tie-File-1.06-488.cm2.noarch.rpm +perl-Tie-Memoize-1.1-488.cm2.noarch.rpm +perl-Tie-RefHash-1.40-488.cm2.noarch.rpm +perl-Time-1.03-488.cm2.noarch.rpm +perl-Time-HiRes-1.9767-488.cm2.aarch64.rpm +perl-Time-Local-1.300-488.cm2.noarch.rpm +perl-Time-Piece-1.3401-488.cm2.aarch64.rpm +perl-Unicode-Collate-1.29-488.cm2.aarch64.rpm +perl-Unicode-Normalize-1.28-488.cm2.aarch64.rpm +perl-Unicode-UCD-0.75-488.cm2.noarch.rpm +perl-User-pwent-1.03-488.cm2.noarch.rpm +perl-utils-5.34.1-488.cm2.noarch.rpm +perl-vars-1.05-488.cm2.noarch.rpm +perl-version-0.99.28-488.cm2.noarch.rpm +perl-vmsish-1.04-488.cm2.noarch.rpm perl-XML-Parser-2.46-2.cm2.aarch64.rpm perl-XML-Parser-debuginfo-2.46-2.cm2.aarch64.rpm pinentry-1.2.0-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index ad77ac5bba4..a9eeb127250 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -220,7 +220,7 @@ m4-1.4.19-1.cm2.x86_64.rpm m4-debuginfo-1.4.19-1.cm2.x86_64.rpm make-4.3-2.cm2.x86_64.rpm make-debuginfo-4.3-2.cm2.x86_64.rpm -mariner-check-macros-2.0-14.cm2.noarch.rpm +mariner-check-macros-2.0-15.cm2.noarch.rpm mariner-repos-2.0-7.cm2.noarch.rpm mariner-repos-debug-2.0-7.cm2.noarch.rpm mariner-repos-debug-preview-2.0-7.cm2.noarch.rpm @@ -234,7 +234,7 @@ mariner-repos-microsoft-2.0-7.cm2.noarch.rpm mariner-repos-microsoft-preview-2.0-7.cm2.noarch.rpm mariner-repos-preview-2.0-7.cm2.noarch.rpm mariner-repos-shared-2.0-7.cm2.noarch.rpm -mariner-rpm-macros-2.0-14.cm2.noarch.rpm +mariner-rpm-macros-2.0-15.cm2.noarch.rpm meson-0.60.2-2.cm2.noarch.rpm mpfr-4.1.0-1.cm2.x86_64.rpm mpfr-debuginfo-4.1.0-1.cm2.x86_64.rpm @@ -280,207 +280,207 @@ pcre-8.45-2.cm2.x86_64.rpm pcre-debuginfo-8.45-2.cm2.x86_64.rpm pcre-devel-8.45-2.cm2.x86_64.rpm pcre-libs-8.45-2.cm2.x86_64.rpm -perl-5.34.1-487.cm2.x86_64.rpm -perl-Archive-Tar-2.38-487.cm2.noarch.rpm -perl-Attribute-Handlers-1.01-487.cm2.noarch.rpm -perl-autodie-2.34-487.cm2.noarch.rpm -perl-AutoLoader-5.74-487.cm2.noarch.rpm -perl-AutoSplit-5.74-487.cm2.noarch.rpm -perl-autouse-1.11-487.cm2.noarch.rpm -perl-B-1.82-487.cm2.x86_64.rpm -perl-base-2.27-487.cm2.noarch.rpm -perl-Benchmark-1.23-487.cm2.noarch.rpm -perl-bignum-0.51-487.cm2.noarch.rpm -perl-blib-1.07-487.cm2.noarch.rpm -perl-Carp-1.52-487.cm2.noarch.rpm -perl-Class-Struct-0.66-487.cm2.noarch.rpm -perl-Compress-Raw-Bzip2-2.101-487.cm2.x86_64.rpm -perl-Compress-Raw-Zlib-2.101-487.cm2.x86_64.rpm -perl-Config-Extensions-0.03-487.cm2.noarch.rpm -perl-Config-Perl-V-0.33-487.cm2.noarch.rpm -perl-constant-1.33-487.cm2.noarch.rpm -perl-CPAN-2.28-487.cm2.noarch.rpm -perl-CPAN-Meta-2.150010-487.cm2.noarch.rpm -perl-CPAN-Meta-Requirements-2.140-487.cm2.noarch.rpm -perl-CPAN-Meta-YAML-0.018-487.cm2.noarch.rpm -perl-Data-Dumper-2.179-487.cm2.x86_64.rpm +perl-5.34.1-488.cm2.x86_64.rpm +perl-Archive-Tar-2.38-488.cm2.noarch.rpm +perl-Attribute-Handlers-1.01-488.cm2.noarch.rpm +perl-autodie-2.34-488.cm2.noarch.rpm +perl-AutoLoader-5.74-488.cm2.noarch.rpm +perl-AutoSplit-5.74-488.cm2.noarch.rpm +perl-autouse-1.11-488.cm2.noarch.rpm +perl-B-1.82-488.cm2.x86_64.rpm +perl-base-2.27-488.cm2.noarch.rpm +perl-Benchmark-1.23-488.cm2.noarch.rpm +perl-bignum-0.51-488.cm2.noarch.rpm +perl-blib-1.07-488.cm2.noarch.rpm +perl-Carp-1.52-488.cm2.noarch.rpm +perl-Class-Struct-0.66-488.cm2.noarch.rpm +perl-Compress-Raw-Bzip2-2.101-488.cm2.x86_64.rpm +perl-Compress-Raw-Zlib-2.101-488.cm2.x86_64.rpm +perl-Config-Extensions-0.03-488.cm2.noarch.rpm +perl-Config-Perl-V-0.33-488.cm2.noarch.rpm +perl-constant-1.33-488.cm2.noarch.rpm +perl-CPAN-2.28-488.cm2.noarch.rpm +perl-CPAN-Meta-2.150010-488.cm2.noarch.rpm +perl-CPAN-Meta-Requirements-2.140-488.cm2.noarch.rpm +perl-CPAN-Meta-YAML-0.018-488.cm2.noarch.rpm +perl-Data-Dumper-2.179-488.cm2.x86_64.rpm perl-DBD-SQLite-1.70-1.cm2.x86_64.rpm perl-DBD-SQLite-debuginfo-1.70-1.cm2.x86_64.rpm perl-DBI-1.643-1.cm2.x86_64.rpm perl-DBI-debuginfo-1.643-1.cm2.x86_64.rpm perl-DBIx-Simple-1.37-5.cm2.noarch.rpm -perl-DBM_Filter-0.06-487.cm2.noarch.rpm -perl-debugger-1.60-487.cm2.noarch.rpm -perl-debuginfo-5.34.1-487.cm2.x86_64.rpm -perl-deprecate-0.04-487.cm2.noarch.rpm -perl-devel-5.34.1-487.cm2.x86_64.rpm -perl-Devel-Peek-1.30-487.cm2.x86_64.rpm -perl-Devel-PPPort-3.62-487.cm2.x86_64.rpm -perl-Devel-SelfStubber-1.06-487.cm2.noarch.rpm -perl-diagnostics-1.37-487.cm2.noarch.rpm -perl-Digest-1.19-487.cm2.noarch.rpm -perl-Digest-MD5-2.58-487.cm2.x86_64.rpm -perl-Digest-SHA-6.02-487.cm2.x86_64.rpm -perl-DirHandle-1.05-487.cm2.noarch.rpm -perl-doc-5.34.1-487.cm2.noarch.rpm -perl-Dumpvalue-2.27-487.cm2.noarch.rpm -perl-DynaLoader-1.50-487.cm2.x86_64.rpm -perl-Encode-3.08-487.cm2.x86_64.rpm -perl-Encode-devel-3.08-487.cm2.noarch.rpm -perl-encoding-3.00-487.cm2.x86_64.rpm -perl-encoding-warnings-0.13-487.cm2.noarch.rpm -perl-English-1.11-487.cm2.noarch.rpm -perl-Env-1.05-487.cm2.noarch.rpm -perl-Errno-1.33-487.cm2.x86_64.rpm -perl-experimental-0.024-487.cm2.noarch.rpm -perl-Exporter-5.76-487.cm2.noarch.rpm -perl-ExtUtils-CBuilder-0.280236-487.cm2.noarch.rpm -perl-ExtUtils-Command-7.62-487.cm2.noarch.rpm -perl-ExtUtils-Constant-0.25-487.cm2.noarch.rpm -perl-ExtUtils-Embed-1.35-487.cm2.noarch.rpm -perl-ExtUtils-Install-2.20-487.cm2.noarch.rpm -perl-ExtUtils-MakeMaker-7.62-487.cm2.noarch.rpm -perl-ExtUtils-Manifest-1.73-487.cm2.noarch.rpm -perl-ExtUtils-Miniperl-1.10-487.cm2.noarch.rpm -perl-ExtUtils-MM-Utils-7.44-487.cm2.noarch.rpm -perl-ExtUtils-ParseXS-3.43-487.cm2.noarch.rpm -perl-Fcntl-1.14-487.cm2.x86_64.rpm +perl-DBM_Filter-0.06-488.cm2.noarch.rpm +perl-debugger-1.60-488.cm2.noarch.rpm +perl-debuginfo-5.34.1-488.cm2.x86_64.rpm +perl-deprecate-0.04-488.cm2.noarch.rpm +perl-devel-5.34.1-488.cm2.x86_64.rpm +perl-Devel-Peek-1.30-488.cm2.x86_64.rpm +perl-Devel-PPPort-3.62-488.cm2.x86_64.rpm +perl-Devel-SelfStubber-1.06-488.cm2.noarch.rpm +perl-diagnostics-1.37-488.cm2.noarch.rpm +perl-Digest-1.19-488.cm2.noarch.rpm +perl-Digest-MD5-2.58-488.cm2.x86_64.rpm +perl-Digest-SHA-6.02-488.cm2.x86_64.rpm +perl-DirHandle-1.05-488.cm2.noarch.rpm +perl-doc-5.34.1-488.cm2.noarch.rpm +perl-Dumpvalue-2.27-488.cm2.noarch.rpm +perl-DynaLoader-1.50-488.cm2.x86_64.rpm +perl-Encode-3.08-488.cm2.x86_64.rpm +perl-Encode-devel-3.08-488.cm2.noarch.rpm +perl-encoding-3.00-488.cm2.x86_64.rpm +perl-encoding-warnings-0.13-488.cm2.noarch.rpm +perl-English-1.11-488.cm2.noarch.rpm +perl-Env-1.05-488.cm2.noarch.rpm +perl-Errno-1.33-488.cm2.x86_64.rpm +perl-experimental-0.024-488.cm2.noarch.rpm +perl-Exporter-5.76-488.cm2.noarch.rpm +perl-ExtUtils-CBuilder-0.280236-488.cm2.noarch.rpm +perl-ExtUtils-Command-7.62-488.cm2.noarch.rpm +perl-ExtUtils-Constant-0.25-488.cm2.noarch.rpm +perl-ExtUtils-Embed-1.35-488.cm2.noarch.rpm +perl-ExtUtils-Install-2.20-488.cm2.noarch.rpm +perl-ExtUtils-MakeMaker-7.62-488.cm2.noarch.rpm +perl-ExtUtils-Manifest-1.73-488.cm2.noarch.rpm +perl-ExtUtils-Miniperl-1.10-488.cm2.noarch.rpm +perl-ExtUtils-MM-Utils-7.44-488.cm2.noarch.rpm +perl-ExtUtils-ParseXS-3.43-488.cm2.noarch.rpm +perl-Fcntl-1.14-488.cm2.x86_64.rpm perl-Fedora-VSP-0.001-18.cm2.noarch.rpm -perl-fields-2.27-487.cm2.noarch.rpm -perl-File-Basename-2.85-487.cm2.noarch.rpm -perl-File-Compare-1.100.600-487.cm2.noarch.rpm -perl-File-Copy-2.35-487.cm2.noarch.rpm -perl-File-DosGlob-1.12-487.cm2.x86_64.rpm -perl-File-Fetch-1.00-487.cm2.noarch.rpm -perl-File-Find-1.39-487.cm2.noarch.rpm -perl-File-Path-2.18-487.cm2.noarch.rpm -perl-File-stat-1.09-487.cm2.noarch.rpm -perl-File-Temp-0.231.100-487.cm2.noarch.rpm -perl-FileCache-1.10-487.cm2.noarch.rpm -perl-FileHandle-2.03-487.cm2.noarch.rpm -perl-filetest-1.03-487.cm2.noarch.rpm -perl-Filter-1.59-487.cm2.x86_64.rpm -perl-Filter-Simple-0.96-487.cm2.noarch.rpm -perl-FindBin-1.52-487.cm2.noarch.rpm -perl-GDBM_File-1.19-487.cm2.x86_64.rpm +perl-fields-2.27-488.cm2.noarch.rpm +perl-File-Basename-2.85-488.cm2.noarch.rpm +perl-File-Compare-1.100.600-488.cm2.noarch.rpm +perl-File-Copy-2.35-488.cm2.noarch.rpm +perl-File-DosGlob-1.12-488.cm2.x86_64.rpm +perl-File-Fetch-1.00-488.cm2.noarch.rpm +perl-File-Find-1.39-488.cm2.noarch.rpm +perl-File-Path-2.18-488.cm2.noarch.rpm +perl-File-stat-1.09-488.cm2.noarch.rpm +perl-File-Temp-0.231.100-488.cm2.noarch.rpm +perl-FileCache-1.10-488.cm2.noarch.rpm +perl-FileHandle-2.03-488.cm2.noarch.rpm +perl-filetest-1.03-488.cm2.noarch.rpm +perl-Filter-1.59-488.cm2.x86_64.rpm +perl-Filter-Simple-0.96-488.cm2.noarch.rpm +perl-FindBin-1.52-488.cm2.noarch.rpm +perl-GDBM_File-1.19-488.cm2.x86_64.rpm perl-generators-1.11-8.cm2.noarch.rpm -perl-Getopt-Long-2.52-487.cm2.noarch.rpm -perl-Getopt-Std-1.13-487.cm2.noarch.rpm -perl-Hash-Util-0.25-487.cm2.x86_64.rpm -perl-Hash-Util-FieldHash-1.21-487.cm2.x86_64.rpm -perl-HTTP-Tiny-0.076-487.cm2.noarch.rpm -perl-I18N-Collate-1.02-487.cm2.noarch.rpm -perl-I18N-Langinfo-0.19-487.cm2.x86_64.rpm -perl-I18N-LangTags-0.45-487.cm2.noarch.rpm -perl-if-0.60.900-487.cm2.noarch.rpm -perl-interpreter-5.34.1-487.cm2.x86_64.rpm -perl-IO-1.46-487.cm2.x86_64.rpm -perl-IO-Compress-2.102-487.cm2.noarch.rpm -perl-IO-Socket-IP-0.41-487.cm2.noarch.rpm -perl-IO-Zlib-1.11-487.cm2.noarch.rpm -perl-IPC-Cmd-1.04-487.cm2.noarch.rpm -perl-IPC-Open3-1.21-487.cm2.noarch.rpm -perl-IPC-SysV-2.09-487.cm2.x86_64.rpm -perl-JSON-PP-4.06-487.cm2.noarch.rpm -perl-less-0.03-487.cm2.noarch.rpm -perl-lib-0.65-487.cm2.x86_64.rpm +perl-Getopt-Long-2.52-488.cm2.noarch.rpm +perl-Getopt-Std-1.13-488.cm2.noarch.rpm +perl-Hash-Util-0.25-488.cm2.x86_64.rpm +perl-Hash-Util-FieldHash-1.21-488.cm2.x86_64.rpm +perl-HTTP-Tiny-0.076-488.cm2.noarch.rpm +perl-I18N-Collate-1.02-488.cm2.noarch.rpm +perl-I18N-Langinfo-0.19-488.cm2.x86_64.rpm +perl-I18N-LangTags-0.45-488.cm2.noarch.rpm +perl-if-0.60.900-488.cm2.noarch.rpm +perl-interpreter-5.34.1-488.cm2.x86_64.rpm +perl-IO-1.46-488.cm2.x86_64.rpm +perl-IO-Compress-2.102-488.cm2.noarch.rpm +perl-IO-Socket-IP-0.41-488.cm2.noarch.rpm +perl-IO-Zlib-1.11-488.cm2.noarch.rpm +perl-IPC-Cmd-1.04-488.cm2.noarch.rpm +perl-IPC-Open3-1.21-488.cm2.noarch.rpm +perl-IPC-SysV-2.09-488.cm2.x86_64.rpm +perl-JSON-PP-4.06-488.cm2.noarch.rpm +perl-less-0.03-488.cm2.noarch.rpm +perl-lib-0.65-488.cm2.x86_64.rpm perl-libintl-perl-1.32-1.cm2.x86_64.rpm perl-libintl-perl-debuginfo-1.32-1.cm2.x86_64.rpm -perl-libnet-3.13-487.cm2.noarch.rpm -perl-libnetcfg-5.34.1-487.cm2.noarch.rpm -perl-libs-5.34.1-487.cm2.x86_64.rpm -perl-locale-1.10-487.cm2.noarch.rpm -perl-Locale-Maketext-1.29-487.cm2.noarch.rpm -perl-Locale-Maketext-Simple-0.21-487.cm2.noarch.rpm -perl-macros-5.34.1-487.cm2.noarch.rpm -perl-Math-BigInt-1.9998.18-487.cm2.noarch.rpm -perl-Math-BigInt-FastCalc-0.500.900-487.cm2.x86_64.rpm -perl-Math-BigRat-0.2614-487.cm2.noarch.rpm -perl-Math-Complex-1.59-487.cm2.noarch.rpm -perl-Memoize-1.03-487.cm2.noarch.rpm -perl-meta-notation-5.34.1-487.cm2.noarch.rpm -perl-MIME-Base64-3.16-487.cm2.x86_64.rpm -perl-Module-CoreList-5.20220313-487.cm2.noarch.rpm -perl-Module-CoreList-tools-5.20220313-487.cm2.noarch.rpm -perl-Module-Load-0.36-487.cm2.noarch.rpm -perl-Module-Load-Conditional-0.74-487.cm2.noarch.rpm -perl-Module-Loaded-0.08-487.cm2.noarch.rpm -perl-Module-Metadata-1.000037-487.cm2.noarch.rpm -perl-mro-1.25-487.cm2.x86_64.rpm -perl-NDBM_File-1.15-487.cm2.x86_64.rpm -perl-Net-1.02-487.cm2.noarch.rpm -perl-Net-Ping-2.74-487.cm2.noarch.rpm -perl-NEXT-0.68-487.cm2.noarch.rpm +perl-libnet-3.13-488.cm2.noarch.rpm +perl-libnetcfg-5.34.1-488.cm2.noarch.rpm +perl-libs-5.34.1-488.cm2.x86_64.rpm +perl-locale-1.10-488.cm2.noarch.rpm +perl-Locale-Maketext-1.29-488.cm2.noarch.rpm +perl-Locale-Maketext-Simple-0.21-488.cm2.noarch.rpm +perl-macros-5.34.1-488.cm2.noarch.rpm +perl-Math-BigInt-1.9998.18-488.cm2.noarch.rpm +perl-Math-BigInt-FastCalc-0.500.900-488.cm2.x86_64.rpm +perl-Math-BigRat-0.2614-488.cm2.noarch.rpm +perl-Math-Complex-1.59-488.cm2.noarch.rpm +perl-Memoize-1.03-488.cm2.noarch.rpm +perl-meta-notation-5.34.1-488.cm2.noarch.rpm +perl-MIME-Base64-3.16-488.cm2.x86_64.rpm +perl-Module-CoreList-5.20220313-488.cm2.noarch.rpm +perl-Module-CoreList-tools-5.20220313-488.cm2.noarch.rpm +perl-Module-Load-0.36-488.cm2.noarch.rpm +perl-Module-Load-Conditional-0.74-488.cm2.noarch.rpm +perl-Module-Loaded-0.08-488.cm2.noarch.rpm +perl-Module-Metadata-1.000037-488.cm2.noarch.rpm +perl-mro-1.25-488.cm2.x86_64.rpm +perl-NDBM_File-1.15-488.cm2.x86_64.rpm +perl-Net-1.02-488.cm2.noarch.rpm +perl-Net-Ping-2.74-488.cm2.noarch.rpm +perl-NEXT-0.68-488.cm2.noarch.rpm perl-Object-Accessor-0.48-8.cm2.noarch.rpm -perl-ODBM_File-1.17-487.cm2.x86_64.rpm -perl-Opcode-1.50-487.cm2.x86_64.rpm -perl-open-1.12-487.cm2.noarch.rpm -perl-overload-1.33-487.cm2.noarch.rpm -perl-overloading-0.02-487.cm2.noarch.rpm -perl-Params-Check-0.38-487.cm2.noarch.rpm -perl-parent-0.238-487.cm2.noarch.rpm -perl-PathTools-3.80-487.cm2.x86_64.rpm -perl-Perl-OSType-1.010-487.cm2.noarch.rpm -perl-perlfaq-5.20210411-487.cm2.noarch.rpm -perl-PerlIO-via-QuotedPrint-0.09-487.cm2.noarch.rpm -perl-ph-5.34.1-487.cm2.x86_64.rpm -perl-Pod-Checker-1.74-487.cm2.noarch.rpm -perl-Pod-Escapes-1.07-487.cm2.noarch.rpm -perl-Pod-Functions-1.13-487.cm2.noarch.rpm -perl-Pod-Html-1.27-487.cm2.noarch.rpm -perl-Pod-Perldoc-3.28.01-487.cm2.noarch.rpm -perl-Pod-Simple-3.42-487.cm2.noarch.rpm -perl-Pod-Usage-2.01-487.cm2.noarch.rpm -perl-podlators-4.14-487.cm2.noarch.rpm -perl-POSIX-1.97-487.cm2.x86_64.rpm -perl-Safe-2.43-487.cm2.noarch.rpm -perl-Scalar-List-Utils-1.55-487.cm2.x86_64.rpm -perl-Search-Dict-1.07-487.cm2.noarch.rpm -perl-SelectSaver-1.02-487.cm2.noarch.rpm -perl-SelfLoader-1.26-487.cm2.noarch.rpm -perl-sigtrap-1.09-487.cm2.noarch.rpm -perl-Socket-2.031-487.cm2.x86_64.rpm -perl-sort-2.04-487.cm2.noarch.rpm -perl-Storable-3.23-487.cm2.x86_64.rpm -perl-subs-1.04-487.cm2.noarch.rpm -perl-Symbol-1.09-487.cm2.noarch.rpm -perl-Sys-Hostname-1.23-487.cm2.x86_64.rpm -perl-Sys-Syslog-0.36-487.cm2.x86_64.rpm -perl-Term-ANSIColor-5.01-487.cm2.noarch.rpm -perl-Term-Cap-1.17-487.cm2.noarch.rpm -perl-Term-Complete-1.403-487.cm2.noarch.rpm -perl-Term-ReadLine-1.17-487.cm2.noarch.rpm -perl-Test-1.31-487.cm2.noarch.rpm -perl-Test-Harness-3.43-487.cm2.noarch.rpm -perl-Test-Simple-1.302183-487.cm2.noarch.rpm +perl-ODBM_File-1.17-488.cm2.x86_64.rpm +perl-Opcode-1.50-488.cm2.x86_64.rpm +perl-open-1.12-488.cm2.noarch.rpm +perl-overload-1.33-488.cm2.noarch.rpm +perl-overloading-0.02-488.cm2.noarch.rpm +perl-Params-Check-0.38-488.cm2.noarch.rpm +perl-parent-0.238-488.cm2.noarch.rpm +perl-PathTools-3.80-488.cm2.x86_64.rpm +perl-Perl-OSType-1.010-488.cm2.noarch.rpm +perl-perlfaq-5.20210411-488.cm2.noarch.rpm +perl-PerlIO-via-QuotedPrint-0.09-488.cm2.noarch.rpm +perl-ph-5.34.1-488.cm2.x86_64.rpm +perl-Pod-Checker-1.74-488.cm2.noarch.rpm +perl-Pod-Escapes-1.07-488.cm2.noarch.rpm +perl-Pod-Functions-1.13-488.cm2.noarch.rpm +perl-Pod-Html-1.27-488.cm2.noarch.rpm +perl-Pod-Perldoc-3.28.01-488.cm2.noarch.rpm +perl-Pod-Simple-3.42-488.cm2.noarch.rpm +perl-Pod-Usage-2.01-488.cm2.noarch.rpm +perl-podlators-4.14-488.cm2.noarch.rpm +perl-POSIX-1.97-488.cm2.x86_64.rpm +perl-Safe-2.43-488.cm2.noarch.rpm +perl-Scalar-List-Utils-1.55-488.cm2.x86_64.rpm +perl-Search-Dict-1.07-488.cm2.noarch.rpm +perl-SelectSaver-1.02-488.cm2.noarch.rpm +perl-SelfLoader-1.26-488.cm2.noarch.rpm +perl-sigtrap-1.09-488.cm2.noarch.rpm +perl-Socket-2.031-488.cm2.x86_64.rpm +perl-sort-2.04-488.cm2.noarch.rpm +perl-Storable-3.23-488.cm2.x86_64.rpm +perl-subs-1.04-488.cm2.noarch.rpm +perl-Symbol-1.09-488.cm2.noarch.rpm +perl-Sys-Hostname-1.23-488.cm2.x86_64.rpm +perl-Sys-Syslog-0.36-488.cm2.x86_64.rpm +perl-Term-ANSIColor-5.01-488.cm2.noarch.rpm +perl-Term-Cap-1.17-488.cm2.noarch.rpm +perl-Term-Complete-1.403-488.cm2.noarch.rpm +perl-Term-ReadLine-1.17-488.cm2.noarch.rpm +perl-Test-1.31-488.cm2.noarch.rpm +perl-Test-Harness-3.43-488.cm2.noarch.rpm +perl-Test-Simple-1.302183-488.cm2.noarch.rpm perl-Test-Warnings-0.031-1.cm2.noarch.rpm -perl-tests-5.34.1-487.cm2.x86_64.rpm -perl-Text-Abbrev-1.02-487.cm2.noarch.rpm -perl-Text-Balanced-2.04-487.cm2.noarch.rpm -perl-Text-ParseWords-3.30-487.cm2.noarch.rpm -perl-Text-Tabs+Wrap-2013.0523-487.cm2.noarch.rpm +perl-tests-5.34.1-488.cm2.x86_64.rpm +perl-Text-Abbrev-1.02-488.cm2.noarch.rpm +perl-Text-Balanced-2.04-488.cm2.noarch.rpm +perl-Text-ParseWords-3.30-488.cm2.noarch.rpm +perl-Text-Tabs+Wrap-2013.0523-488.cm2.noarch.rpm perl-Text-Template-1.60-1.cm2.noarch.rpm -perl-Thread-3.05-487.cm2.noarch.rpm -perl-Thread-Queue-3.14-487.cm2.noarch.rpm -perl-Thread-Semaphore-2.13-487.cm2.noarch.rpm -perl-threads-2.26-487.cm2.x86_64.rpm -perl-threads-shared-1.62-487.cm2.x86_64.rpm -perl-Tie-4.6-487.cm2.noarch.rpm -perl-Tie-File-1.06-487.cm2.noarch.rpm -perl-Tie-Memoize-1.1-487.cm2.noarch.rpm -perl-Tie-RefHash-1.40-487.cm2.noarch.rpm -perl-Time-1.03-487.cm2.noarch.rpm -perl-Time-HiRes-1.9767-487.cm2.x86_64.rpm -perl-Time-Local-1.300-487.cm2.noarch.rpm -perl-Time-Piece-1.3401-487.cm2.x86_64.rpm -perl-Unicode-Collate-1.29-487.cm2.x86_64.rpm -perl-Unicode-Normalize-1.28-487.cm2.x86_64.rpm -perl-Unicode-UCD-0.75-487.cm2.noarch.rpm -perl-User-pwent-1.03-487.cm2.noarch.rpm -perl-utils-5.34.1-487.cm2.noarch.rpm -perl-vars-1.05-487.cm2.noarch.rpm -perl-version-0.99.28-487.cm2.noarch.rpm -perl-vmsish-1.04-487.cm2.noarch.rpm +perl-Thread-3.05-488.cm2.noarch.rpm +perl-Thread-Queue-3.14-488.cm2.noarch.rpm +perl-Thread-Semaphore-2.13-488.cm2.noarch.rpm +perl-threads-2.26-488.cm2.x86_64.rpm +perl-threads-shared-1.62-488.cm2.x86_64.rpm +perl-Tie-4.6-488.cm2.noarch.rpm +perl-Tie-File-1.06-488.cm2.noarch.rpm +perl-Tie-Memoize-1.1-488.cm2.noarch.rpm +perl-Tie-RefHash-1.40-488.cm2.noarch.rpm +perl-Time-1.03-488.cm2.noarch.rpm +perl-Time-HiRes-1.9767-488.cm2.x86_64.rpm +perl-Time-Local-1.300-488.cm2.noarch.rpm +perl-Time-Piece-1.3401-488.cm2.x86_64.rpm +perl-Unicode-Collate-1.29-488.cm2.x86_64.rpm +perl-Unicode-Normalize-1.28-488.cm2.x86_64.rpm +perl-Unicode-UCD-0.75-488.cm2.noarch.rpm +perl-User-pwent-1.03-488.cm2.noarch.rpm +perl-utils-5.34.1-488.cm2.noarch.rpm +perl-vars-1.05-488.cm2.noarch.rpm +perl-version-0.99.28-488.cm2.noarch.rpm +perl-vmsish-1.04-488.cm2.noarch.rpm perl-XML-Parser-2.46-2.cm2.x86_64.rpm perl-XML-Parser-debuginfo-2.46-2.cm2.x86_64.rpm pinentry-1.2.0-1.cm2.x86_64.rpm diff --git a/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh b/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh index 55f9407bd13..c1f5d61ab58 100755 --- a/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh +++ b/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh @@ -154,6 +154,7 @@ chroot_and_run_rpmbuild () { $CHECK_SETTING \ --define "with_check 1" --define "dist $PARAM_DIST_TAG" --define "mariner_build_number $PARAM_BUILD_NUM" \ --define "mariner_release_version $PARAM_RELEASE_VER" $TOPDIR/SRPMS/$1 \ + --define "mariner_module_ldflags -Wl,-dT,%{_topdir}/BUILD/module_info.ld" \ || echo "$1" >> "$TOOLCHAIN_FAILURES" chroot_unmount diff --git a/toolkit/tools/internal/rpm/rpm.go b/toolkit/tools/internal/rpm/rpm.go index afd1d603b28..064864470e5 100644 --- a/toolkit/tools/internal/rpm/rpm.go +++ b/toolkit/tools/internal/rpm/rpm.go @@ -43,6 +43,9 @@ const ( // NoCompatibleArchError specifies the error message when processing a SPEC written for a different architecture. NoCompatibleArchError = "error: No compatible architectures found for build" + + // MarinerModuleLdflagsDefine specifies the variable used to enable linking ELF binaries with module_info.ld metadata. + MarinerModuleLdflagsDefine = "mariner_module_ldflags" ) const ( diff --git a/toolkit/tools/pkgworker/pkgworker.go b/toolkit/tools/pkgworker/pkgworker.go index 4047773279a..2ff21c5f224 100644 --- a/toolkit/tools/pkgworker/pkgworker.go +++ b/toolkit/tools/pkgworker/pkgworker.go @@ -80,6 +80,7 @@ func main() { defines[rpm.DistTagDefine] = *distTag defines[rpm.DistroReleaseVersionDefine] = *distroReleaseVersion defines[rpm.DistroBuildNumberDefine] = *distroBuildNumber + defines[rpm.MarinerModuleLdflagsDefine] = "-Wl,-dT,%{_topdir}/BUILD/module_info.ld" builtRPMs, err := buildSRPMInChroot(chrootDir, rpmsDirAbsPath, *workerTar, *srpmFile, *repoFile, *rpmmacrosFile, defines, *noCleanup, *runCheck, *packagesToInstall) logger.PanicOnError(err, "Failed to build SRPM '%s'. For details see log file: %s .", *srpmFile, *logFile) From b068621b129b28c17ce615d285f226b825c78626 Mon Sep 17 00:00:00 2001 From: Cameron E Baird Date: Wed, 25 May 2022 10:29:15 -0700 Subject: [PATCH 11/21] Update rsyslog to v8.2204.1 to address CVE-2022-24903 (#3054) * Update rsyslog to v8.2204.1 to address CVE-2022-24903 * fix cgmanifest version * Update cgmanifest.json http --> https Co-authored-by: Muhammad Falak R Wani * Update SPECS/rsyslog/rsyslog.spec http --> https Co-authored-by: Muhammad Falak R Wani * https source0 Co-authored-by: Muhammad Falak R Wani --- SPECS/rsyslog/rsyslog.signatures.json | 4 ++-- SPECS/rsyslog/rsyslog.spec | 15 +++++++++++---- cgmanifest.json | 4 ++-- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/SPECS/rsyslog/rsyslog.signatures.json b/SPECS/rsyslog/rsyslog.signatures.json index 7ca774a88b0..5ff34e4e823 100644 --- a/SPECS/rsyslog/rsyslog.signatures.json +++ b/SPECS/rsyslog/rsyslog.signatures.json @@ -1,8 +1,8 @@ { "Signatures": { "50-rsyslog-journald.conf": "c4c875396276951b491e799e9cdb5a090b2ca82a754967c7f310888373e51c40", - "rsyslog-8.2108.0.tar.gz": "4826c2b6d081a9c95f469fb0115be3f9512065297d3de00ec513758cdb30b1d9", - "rsyslog-doc-8.2108.0.tar.gz": "a0a994e8f6f470ba5c5b8e4e74261655543992f8a979edc0531f5535e7d89c52", + "rsyslog-8.2204.1.tar.gz": "a6d731e46ad3d64f6ad4b19bbf1bf56ca4760a44a24bb96823189dc2e71f7028", + "rsyslog-doc-8.2204.0.tar.gz": "e838ccdd74c146e5d3cd33e4602974f081b93a86b524c19a34f3eb8cbb5c2bfe", "rsyslog.conf": "d5fc0ae1f725ec2f09f02ea755f875782bd3466b729372222450277aa05a3c1d", "rsyslog.service": "df62c9fa758079016e3b73f39d3b5952dce1e0c14a063c7a776b86eeba405153" } diff --git a/SPECS/rsyslog/rsyslog.spec b/SPECS/rsyslog/rsyslog.spec index 25ae5cbaf70..7265deca412 100644 --- a/SPECS/rsyslog/rsyslog.spec +++ b/SPECS/rsyslog/rsyslog.spec @@ -1,17 +1,20 @@ +%define base_version %(echo %{version} | rev | cut -d'.' -f2- | rev) + Summary: Rocket-fast system for log processing Name: rsyslog -Version: 8.2108.0 -Release: 2%{?dist} +Version: 8.2204.1 +Release: 1%{?dist} License: GPLv3+ AND ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner Group: System Environment/Base URL: https://www.rsyslog.com/ -Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz +Source0: https://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz Source1: rsyslog.service Source2: 50-rsyslog-journald.conf Source3: rsyslog.conf -Source4: http://www.rsyslog.com/files/download/rsyslog/%{name}-doc-%{version}.tar.gz +# Upstream only publishes built docs for base_version.0 +Source4: https://www.rsyslog.com/files/download/rsyslog/%{name}-doc-%{base_version}.0.tar.gz BuildRequires: autogen BuildRequires: curl-devel BuildRequires: gnutls-devel @@ -153,6 +156,10 @@ find %{buildroot} -type f -name "*.la" -delete -print %doc %{_docdir}/%{name}/html %changelog +* Tue May 24 2022 Cameron Baird - 8.2204.1-1 +- Update to v8.2204.1 to address CVE-2022-24903 +- Add more robust macro for Source4 url (prebuilt docs tar) + * Thu Apr 07 2022 Daniel McIlvaney - 8.2108.0-2 - Bring rsyslog.conf in line with other distros - add /var/log/messages for normal logs diff --git a/cgmanifest.json b/cgmanifest.json index 0f84fd1710e..e6060360a00 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -22875,8 +22875,8 @@ "type": "other", "other": { "name": "rsyslog", - "version": "8.2108.0", - "downloadUrl": "http://www.rsyslog.com/files/download/rsyslog/rsyslog-8.2108.0.tar.gz" + "version": "8.2204.1", + "downloadUrl": "https://www.rsyslog.com/files/download/rsyslog/rsyslog-8.2204.1.tar.gz" } } }, From 0c1cca3b693b79275f96770223901e87808fd0f9 Mon Sep 17 00:00:00 2001 From: nicolas guibourge Date: Wed, 25 May 2022 15:53:41 -0700 Subject: [PATCH 12/21] fix iotop python3-curses dependency (#3060) * add missing ncurses dependency in iotop * fix iotop missing dependency Co-authored-by: Nicolas Guibourge --- SPECS/iotop/iotop.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/SPECS/iotop/iotop.spec b/SPECS/iotop/iotop.spec index 1bc73c0e383..93c3f9561f6 100644 --- a/SPECS/iotop/iotop.spec +++ b/SPECS/iotop/iotop.spec @@ -1,7 +1,7 @@ Summary: Iotop is a Python program with a top like UI used to show the processes and their corresponding IO activity. Name: iotop Version: 0.6 -Release: 9%{?dist} +Release: 10%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -16,6 +16,7 @@ Patch0: %{name}-itervalues.patch Patch1: %{name}-use-py3.patch BuildRequires: python3-devel Requires: python3 +Requires: python3-curses BuildArch: noarch %description @@ -43,6 +44,9 @@ Iotop is a Python program with a top like UI used to show the processes and thei %{_mandir}/man8/%{name}* %changelog +* Wed May 25 2022 Nicolas Guibourge - 0.6-10 +- Add dependency on python3-curses + * Tue Jan 25 2022 Thomas Crain - 0.6-9 - Build with python3 instead of python2 - Add upstream patches for building with python3 From 60fe21659417e5951efdba9b420fab50595c7219 Mon Sep 17 00:00:00 2001 From: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com> Date: Wed, 25 May 2022 17:06:46 -0700 Subject: [PATCH 13/21] Upgrade curl version to 7.83.0 (#3061) --- SPECS/curl/curl.signatures.json | 2 +- SPECS/curl/curl.spec | 5 ++++- cgmanifest.json | 4 ++-- .../resources/manifests/package/pkggen_core_aarch64.txt | 6 +++--- .../resources/manifests/package/pkggen_core_x86_64.txt | 6 +++--- toolkit/resources/manifests/package/toolchain_aarch64.txt | 8 ++++---- toolkit/resources/manifests/package/toolchain_x86_64.txt | 8 ++++---- 7 files changed, 21 insertions(+), 18 deletions(-) diff --git a/SPECS/curl/curl.signatures.json b/SPECS/curl/curl.signatures.json index f67aeba190a..515ff9f97b2 100644 --- a/SPECS/curl/curl.signatures.json +++ b/SPECS/curl/curl.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "curl-7.82.0.tar.gz": "910cc5fe279dc36e2cca534172c94364cf3fcf7d6494ba56e6c61a390881ddce" + "curl-7.83.0.tar.gz": "c0e64302a33d2fb79e0fc4e674260a22941e92ee2f11b894bf94d32b8f5531af" } } \ No newline at end of file diff --git a/SPECS/curl/curl.spec b/SPECS/curl/curl.spec index 90524f2393c..44a5007e254 100644 --- a/SPECS/curl/curl.spec +++ b/SPECS/curl/curl.spec @@ -1,6 +1,6 @@ Summary: An URL retrieval utility and library Name: curl -Version: 7.82.0 +Version: 7.83.0 Release: 1%{?dist} License: MIT Vendor: Microsoft Corporation @@ -89,6 +89,9 @@ find %{buildroot} -type f -name "*.la" -delete -print %{_libdir}/libcurl.so.* %changelog +* Wed May 25 2022 Suresh Babu Chalamalasetty - 7.83.0-1 +- Update to version 7.83.0 + * Mon Mar 07 2022 Andrew Phelps - 7.82.0-1 - Update to version 7.82.0 diff --git a/cgmanifest.json b/cgmanifest.json index e6060360a00..5d4f34334cc 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -2007,8 +2007,8 @@ "type": "other", "other": { "name": "curl", - "version": "7.82.0", - "downloadUrl": "https://curl.haxx.se/download/curl-7.82.0.tar.gz" + "version": "7.83.0", + "downloadUrl": "https://curl.haxx.se/download/curl-7.83.0.tar.gz" } } }, diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index b0e7fa43d7b..662a531677c 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -190,9 +190,9 @@ libsolv-devel-0.7.20-1.cm2.aarch64.rpm libssh2-1.9.0-2.cm2.aarch64.rpm libssh2-devel-1.9.0-2.cm2.aarch64.rpm krb5-1.19.2-1.cm2.aarch64.rpm -curl-7.82.0-1.cm2.aarch64.rpm -curl-devel-7.82.0-1.cm2.aarch64.rpm -curl-libs-7.82.0-1.cm2.aarch64.rpm +curl-7.83.0-1.cm2.aarch64.rpm +curl-devel-7.83.0-1.cm2.aarch64.rpm +curl-libs-7.83.0-1.cm2.aarch64.rpm tdnf-3.2.2-4.cm2.aarch64.rpm tdnf-cli-libs-3.2.2-4.cm2.aarch64.rpm tdnf-devel-3.2.2-4.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 41161553813..93ff6e37d0e 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -190,9 +190,9 @@ libsolv-devel-0.7.20-1.cm2.x86_64.rpm libssh2-1.9.0-2.cm2.x86_64.rpm libssh2-devel-1.9.0-2.cm2.x86_64.rpm krb5-1.19.2-1.cm2.x86_64.rpm -curl-7.82.0-1.cm2.x86_64.rpm -curl-devel-7.82.0-1.cm2.x86_64.rpm -curl-libs-7.82.0-1.cm2.x86_64.rpm +curl-7.83.0-1.cm2.x86_64.rpm +curl-devel-7.83.0-1.cm2.x86_64.rpm +curl-libs-7.83.0-1.cm2.x86_64.rpm tdnf-3.2.2-4.cm2.x86_64.rpm tdnf-cli-libs-3.2.2-4.cm2.x86_64.rpm tdnf-devel-3.2.2-4.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 73dfb01a06b..7f14dc90695 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -44,10 +44,10 @@ cracklib-lang-2.9.7-4.cm2.aarch64.rpm createrepo_c-0.17.5-1.cm2.aarch64.rpm createrepo_c-debuginfo-0.17.5-1.cm2.aarch64.rpm createrepo_c-devel-0.17.5-1.cm2.aarch64.rpm -curl-7.82.0-1.cm2.aarch64.rpm -curl-debuginfo-7.82.0-1.cm2.aarch64.rpm -curl-devel-7.82.0-1.cm2.aarch64.rpm -curl-libs-7.82.0-1.cm2.aarch64.rpm +curl-7.83.0-1.cm2.aarch64.rpm +curl-debuginfo-7.83.0-1.cm2.aarch64.rpm +curl-devel-7.83.0-1.cm2.aarch64.rpm +curl-libs-7.83.0-1.cm2.aarch64.rpm Cython-debuginfo-0.29.26-1.cm2.aarch64.rpm debugedit-5.0-1.cm2.aarch64.rpm debugedit-debuginfo-5.0-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index a9eeb127250..f59b868968d 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -44,10 +44,10 @@ cracklib-lang-2.9.7-4.cm2.x86_64.rpm createrepo_c-0.17.5-1.cm2.x86_64.rpm createrepo_c-debuginfo-0.17.5-1.cm2.x86_64.rpm createrepo_c-devel-0.17.5-1.cm2.x86_64.rpm -curl-7.82.0-1.cm2.x86_64.rpm -curl-debuginfo-7.82.0-1.cm2.x86_64.rpm -curl-devel-7.82.0-1.cm2.x86_64.rpm -curl-libs-7.82.0-1.cm2.x86_64.rpm +curl-7.83.0-1.cm2.x86_64.rpm +curl-debuginfo-7.83.0-1.cm2.x86_64.rpm +curl-devel-7.83.0-1.cm2.x86_64.rpm +curl-libs-7.83.0-1.cm2.x86_64.rpm Cython-debuginfo-0.29.26-1.cm2.x86_64.rpm debugedit-5.0-1.cm2.x86_64.rpm debugedit-debuginfo-5.0-1.cm2.x86_64.rpm From c34077ee03c0f3767f42448443aaaebb5b07bb68 Mon Sep 17 00:00:00 2001 From: Andrew Phelps Date: Thu, 26 May 2022 07:29:18 +0000 Subject: [PATCH 14/21] add usrsctp from fork --- SPECS/usrsctp/usrsctp.signature.json | 5 +++ SPECS/usrsctp/usrsctp.spec | 61 ++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 SPECS/usrsctp/usrsctp.signature.json create mode 100644 SPECS/usrsctp/usrsctp.spec diff --git a/SPECS/usrsctp/usrsctp.signature.json b/SPECS/usrsctp/usrsctp.signature.json new file mode 100644 index 00000000000..94389c563ac --- /dev/null +++ b/SPECS/usrsctp/usrsctp.signature.json @@ -0,0 +1,5 @@ +{ + "Signatures": { + "usrsctp-0.9.5.0.tar.gz": "260107caf318650a57a8caa593550e39bca6943e93f970c80d6c17e59d62cd92" + } +} diff --git a/SPECS/usrsctp/usrsctp.spec b/SPECS/usrsctp/usrsctp.spec new file mode 100644 index 00000000000..a68bace167a --- /dev/null +++ b/SPECS/usrsctp/usrsctp.spec @@ -0,0 +1,61 @@ +Summary: A portable SCTP userland stack +Name: usrsctp +Version: 0.9.5.0 +Release: 1%{?dist} +License: LGPLv2+ AND CC0 +Vendor: Microsoft Corporation +Distribution: Mariner +Group: System Environment/Libraries +URL: https://github.com/sctplab/usrsctp +Source0: %{url}/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz + +BuildRequires: cmake +BuildRequires: gcc +BuildRequires: make + +%description +SCTP is a message oriented, reliable transport protocol with direct support for +multihoming that runs on top of IP or UDP, and supports both v4 and v6 versions. + +Like TCP, SCTP provides reliable, connection oriented data delivery with +congestion control. Unlike TCP, SCTP also provides message boundary +preservation, ordered and unordered message delivery, multi-streaming +and multi-homing. Detection of data corruption, loss of data and duplication of +data is achieved by using checksums and sequence numbers. A selective +retransmission mechanism is applied to correct loss or corruption of data. + +%package devel +Summary: A portable SCTP userland stack +Group: Development/Libraries +Requires: %{name} = %{version} + +%prep +%autosetup +mkdir build + +%build +cd build +%cmake -DCMAKE_BUILD_TYPE=Release .. +cd * +%make_build + +%install +cd build/* +%make_install + +%files +%defattr(-,root,root) +%license LICENSE.md +%{_libdir}/*.so.* + +%files devel +%defattr(-,root,root) +%{_includedir}/* +%{_libdir}/*.so +%{_libdir}/pkgconfig/*.pc + +%changelog +* Fri May 20 2022 Rahul Sharma - 0.9.5.0-1 +- Initial SPEC +- Initial CBL-Mariner import from Azure (license: MIT). +- License verified. From a58d088129f6f9821544b7b5a35860111965919d Mon Sep 17 00:00:00 2001 From: Andrew Phelps Date: Thu, 26 May 2022 07:30:53 +0000 Subject: [PATCH 15/21] remove usrsctp --- SPECS/usrsctp/usrsctp.signature.json | 5 --- SPECS/usrsctp/usrsctp.spec | 61 ---------------------------- 2 files changed, 66 deletions(-) delete mode 100644 SPECS/usrsctp/usrsctp.signature.json delete mode 100644 SPECS/usrsctp/usrsctp.spec diff --git a/SPECS/usrsctp/usrsctp.signature.json b/SPECS/usrsctp/usrsctp.signature.json deleted file mode 100644 index 94389c563ac..00000000000 --- a/SPECS/usrsctp/usrsctp.signature.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "Signatures": { - "usrsctp-0.9.5.0.tar.gz": "260107caf318650a57a8caa593550e39bca6943e93f970c80d6c17e59d62cd92" - } -} diff --git a/SPECS/usrsctp/usrsctp.spec b/SPECS/usrsctp/usrsctp.spec deleted file mode 100644 index a68bace167a..00000000000 --- a/SPECS/usrsctp/usrsctp.spec +++ /dev/null @@ -1,61 +0,0 @@ -Summary: A portable SCTP userland stack -Name: usrsctp -Version: 0.9.5.0 -Release: 1%{?dist} -License: LGPLv2+ AND CC0 -Vendor: Microsoft Corporation -Distribution: Mariner -Group: System Environment/Libraries -URL: https://github.com/sctplab/usrsctp -Source0: %{url}/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz - -BuildRequires: cmake -BuildRequires: gcc -BuildRequires: make - -%description -SCTP is a message oriented, reliable transport protocol with direct support for -multihoming that runs on top of IP or UDP, and supports both v4 and v6 versions. - -Like TCP, SCTP provides reliable, connection oriented data delivery with -congestion control. Unlike TCP, SCTP also provides message boundary -preservation, ordered and unordered message delivery, multi-streaming -and multi-homing. Detection of data corruption, loss of data and duplication of -data is achieved by using checksums and sequence numbers. A selective -retransmission mechanism is applied to correct loss or corruption of data. - -%package devel -Summary: A portable SCTP userland stack -Group: Development/Libraries -Requires: %{name} = %{version} - -%prep -%autosetup -mkdir build - -%build -cd build -%cmake -DCMAKE_BUILD_TYPE=Release .. -cd * -%make_build - -%install -cd build/* -%make_install - -%files -%defattr(-,root,root) -%license LICENSE.md -%{_libdir}/*.so.* - -%files devel -%defattr(-,root,root) -%{_includedir}/* -%{_libdir}/*.so -%{_libdir}/pkgconfig/*.pc - -%changelog -* Fri May 20 2022 Rahul Sharma - 0.9.5.0-1 -- Initial SPEC -- Initial CBL-Mariner import from Azure (license: MIT). -- License verified. From bd04d2c95308d7250ff7e6ed621583ee1aad5263 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Thu, 26 May 2022 10:59:46 -0400 Subject: [PATCH 16/21] selinux-policy: Fixes from baremetal testing. (#3047) --- .../0021-lvm-Updates-for-multipath-LVM.patch | 99 ++++++++----------- ...low-containers-to-manipulate-own-fds.patch | 34 +++++++ ...ices-Add-type-for-infiniband-devices.patch | 44 +++++++++ ...-storage-Add-fc-for-dev-ng-n-devices.patch | 25 +++++ ...uisite-access-for-files_mounton_non_.patch | 29 ++++++ ...les-Make-etc_runtime_t-a-config-file.patch | 26 +++++ ...md-Fixes-for-coredumps-in-containers.patch | 91 +++++++++++++++++ ...container-engines-to-connect-to-http.patch | 72 ++++++++++++++ ...ntainer-Getattr-generic-device-nodes.patch | 30 ++++++ ...plication-Allow-apps-to-use-init-fds.patch | 36 +++++++ SPECS/selinux-policy/selinux-policy.spec | 18 +++- 11 files changed, 446 insertions(+), 58 deletions(-) create mode 100644 SPECS/selinux-policy/0030-container-allow-containers-to-manipulate-own-fds.patch create mode 100644 SPECS/selinux-policy/0031-devices-Add-type-for-infiniband-devices.patch create mode 100644 SPECS/selinux-policy/0032-storage-Add-fc-for-dev-ng-n-devices.patch create mode 100644 SPECS/selinux-policy/0033-files-Add-prerequisite-access-for-files_mounton_non_.patch create mode 100644 SPECS/selinux-policy/0034-files-Make-etc_runtime_t-a-config-file.patch create mode 100644 SPECS/selinux-policy/0035-systemd-Fixes-for-coredumps-in-containers.patch create mode 100644 SPECS/selinux-policy/0036-container-Allow-container-engines-to-connect-to-http.patch create mode 100644 SPECS/selinux-policy/0037-container-Getattr-generic-device-nodes.patch create mode 100644 SPECS/selinux-policy/0038-application-Allow-apps-to-use-init-fds.patch diff --git a/SPECS/selinux-policy/0021-lvm-Updates-for-multipath-LVM.patch b/SPECS/selinux-policy/0021-lvm-Updates-for-multipath-LVM.patch index d50a96cdd99..a6d1bbc67ad 100644 --- a/SPECS/selinux-policy/0021-lvm-Updates-for-multipath-LVM.patch +++ b/SPECS/selinux-policy/0021-lvm-Updates-for-multipath-LVM.patch @@ -1,15 +1,15 @@ -From 488c4d63d104ada4b950b7b344e2eaebd02c53ba Mon Sep 17 00:00:00 2001 +From f67295a29599a37bc4511e749d1475dc0d26fe7f Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mon, 2 May 2022 15:19:00 +0000 -Subject: [PATCH 21/28] lvm: Updates for multipath LVM. +Subject: [PATCH 21/37] lvm: Updates for multipath LVM. Signed-off-by: Chris PeBenito --- policy/modules/kernel/files.if | 18 ++++++++++++++++++ - policy/modules/system/lvm.if | 18 ++++++++++++++++++ - policy/modules/system/lvm.te | 8 +++++++- - policy/modules/system/udev.te | 5 +++-- - 4 files changed, 46 insertions(+), 3 deletions(-) + policy/modules/system/lvm.fc | 1 + + policy/modules/system/lvm.te | 10 +++++++++- + policy/modules/system/udev.te | 5 ++++- + 4 files changed, 32 insertions(+), 2 deletions(-) diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if index e3c22b94a..97a54d998 100644 @@ -40,37 +40,20 @@ index e3c22b94a..97a54d998 100644 ######################################## ## ## Get etc_t service status. -diff --git a/policy/modules/system/lvm.if b/policy/modules/system/lvm.if -index 468cbcaa8..bab3d4784 100644 ---- a/policy/modules/system/lvm.if -+++ b/policy/modules/system/lvm.if -@@ -81,6 +81,24 @@ interface(`lvm_signull',` - allow $1 lvm_t:process signull; - ') - -+######################################## -+## -+## Connect to LVM via abstract UNIX stream socket. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`lvm_abstract_stream_connect',` -+ gen_require(` -+ type lvm_t; -+ ') -+ -+ allow $1 lvm_t:unix_stream_socket connectto; -+') -+ - ######################################## - ## - ## Read LVM configuration files. +diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc +index 4a77c2cc1..adffdb82a 100644 +--- a/policy/modules/system/lvm.fc ++++ b/policy/modules/system/lvm.fc +@@ -104,6 +104,7 @@ + /usr/sbin/lvresize -- gen_context(system_u:object_r:lvm_exec_t,s0) + /usr/sbin/lvs -- gen_context(system_u:object_r:lvm_exec_t,s0) + /usr/sbin/lvscan -- gen_context(system_u:object_r:lvm_exec_t,s0) ++/usr/sbin/multipath -- gen_context(system_u:object_r:lvm_exec_t,s0) + /usr/sbin/multipathd -- gen_context(system_u:object_r:lvm_exec_t,s0) + /usr/sbin/multipath\.static -- gen_context(system_u:object_r:lvm_exec_t,s0) + /usr/sbin/pvchange -- gen_context(system_u:object_r:lvm_exec_t,s0) diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te -index 1cf6e1753..9937bce80 100644 +index 1cf6e1753..b0d1c02b7 100644 --- a/policy/modules/system/lvm.te +++ b/policy/modules/system/lvm.te @@ -51,7 +51,7 @@ files_type(lvm_var_lib_t) @@ -90,7 +73,16 @@ index 1cf6e1753..9937bce80 100644 # for when /usr is not mounted: kernel_dontaudit_search_unlabeled(lvm_t) # it has no reason to need this -@@ -159,6 +160,7 @@ domain_read_all_domains_state(lvm_t) +@@ -123,6 +124,8 @@ kernel_use_fds(lvm_t) + # for systemd-cryptsetup + kernel_read_crypto_sysctls(lvm_t) + kernel_search_debugfs(lvm_t) ++# multipath ++kernel_read_vm_overcommit_sysctl(lvm_t) + + corecmd_exec_bin(lvm_t) + corecmd_exec_shell(lvm_t) +@@ -159,6 +162,7 @@ domain_read_all_domains_state(lvm_t) files_read_usr_files(lvm_t) files_read_etc_files(lvm_t) @@ -98,7 +90,7 @@ index 1cf6e1753..9937bce80 100644 files_read_etc_runtime_files(lvm_t) fs_getattr_xattr_fs(lvm_t) -@@ -210,6 +212,10 @@ seutil_read_file_contexts(lvm_t) +@@ -210,6 +214,10 @@ seutil_read_file_contexts(lvm_t) seutil_search_default_contexts(lvm_t) seutil_sigchld_newrole(lvm_t) @@ -110,35 +102,28 @@ index 1cf6e1753..9937bce80 100644 ifdef(`init_systemd',` diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te -index 1a692b1f4..d3105f245 100644 +index 1a692b1f4..19c7fd29b 100644 --- a/policy/modules/system/udev.te +++ b/policy/modules/system/udev.te -@@ -42,7 +42,7 @@ ifdef(`enable_mcs',` +@@ -56,6 +56,8 @@ allow udev_t self:unix_stream_socket connectto; + allow udev_t self:netlink_kobject_uevent_socket create_socket_perms; + allow udev_t self:netlink_generic_socket create_socket_perms; + allow udev_t self:rawip_socket create_socket_perms; ++# rdma_rename ++allow udev_t self:netlink_rdma_socket create_socket_perms; - allow udev_t self:capability { chown dac_override dac_read_search fowner fsetid mknod net_admin net_raw setgid setuid sys_admin sys_nice sys_ptrace sys_rawio sys_resource }; - allow udev_t self:capability2 { wake_alarm block_suspend }; --allow udev_t self:process { transition signal_perms ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition execmem setkeycreate setsockcreate getrlimit }; -+allow udev_t self:process { transition signal_perms ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition execmem setkeycreate setsockcreate getrlimit setrlimit }; - allow udev_t self:fd use; - allow udev_t self:fifo_file rw_fifo_file_perms; - allow udev_t self:sock_file read_sock_file_perms; -@@ -101,7 +101,7 @@ kernel_rw_unix_dgram_sockets(udev_t) + ifdef(`init_systemd',` + # systemd-vconsole-setup will be called by udev during virtual terminal initialization +@@ -101,7 +103,8 @@ kernel_rw_unix_dgram_sockets(udev_t) kernel_signal(udev_t) kernel_search_debugfs(udev_t) kernel_search_key(udev_t) - -+kernel_read_fs_sysctls(udev_t) ++# kpartx: ++kernel_get_sysvipc_info(udev_t) #https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235182 kernel_rw_net_sysctls(udev_t) kernel_read_crypto_sysctls(udev_t) -@@ -324,6 +324,7 @@ optional_policy(` - - optional_policy(` - lvm_domtrans(udev_t) -+ lvm_abstract_stream_connect(udev_t) - ') - - optional_policy(` -- 2.25.1 diff --git a/SPECS/selinux-policy/0030-container-allow-containers-to-manipulate-own-fds.patch b/SPECS/selinux-policy/0030-container-allow-containers-to-manipulate-own-fds.patch new file mode 100644 index 00000000000..e4534f3136e --- /dev/null +++ b/SPECS/selinux-policy/0030-container-allow-containers-to-manipulate-own-fds.patch @@ -0,0 +1,34 @@ +From 7081fde476c41ded9847552addd807d57febaa14 Mon Sep 17 00:00:00 2001 +From: Kenton Groombridge +Date: Fri, 29 Apr 2022 21:36:10 -0400 +Subject: [PATCH 30/37] container: allow containers to manipulate own fds + +Signed-off-by: Kenton Groombridge +--- + policy/modules/services/container.te | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/policy/modules/services/container.te b/policy/modules/services/container.te +index 18cdc2dd5..ea76c1096 100644 +--- a/policy/modules/services/container.te ++++ b/policy/modules/services/container.te +@@ -151,6 +151,8 @@ corenet_port(container_port_t) + allow container_domain self:capability { dac_override kill setgid setuid sys_boot sys_chroot }; + allow container_domain self:cap_userns { chown dac_override fowner setgid setuid }; + allow container_domain self:process { execstack execmem getattr getsched getsession setsched setcap setpgid signal_perms }; ++allow container_domain self:dir rw_dir_perms; ++allow container_domain self:file create_file_perms; + allow container_domain self:fifo_file manage_fifo_file_perms; + allow container_domain self:sem create_sem_perms; + allow container_domain self:shm create_shm_perms; +@@ -179,6 +181,7 @@ corecmd_watch_bin_dirs(container_domain) + + kernel_getattr_proc(container_domain) + kernel_list_all_proc(container_domain) ++kernel_associate_proc(container_domain) + kernel_read_kernel_sysctls(container_domain) + kernel_rw_net_sysctls(container_domain) + kernel_read_system_state(container_domain) +-- +2.25.1 + diff --git a/SPECS/selinux-policy/0031-devices-Add-type-for-infiniband-devices.patch b/SPECS/selinux-policy/0031-devices-Add-type-for-infiniband-devices.patch new file mode 100644 index 00000000000..e1ecec51e6d --- /dev/null +++ b/SPECS/selinux-policy/0031-devices-Add-type-for-infiniband-devices.patch @@ -0,0 +1,44 @@ +From 4d47de6c6a302448e761e130d576bc2de1850277 Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Mon, 23 May 2022 14:42:58 +0000 +Subject: [PATCH 31/37] devices: Add type for infiniband devices. + +Signed-off-by: Chris PeBenito +--- + policy/modules/kernel/devices.fc | 2 ++ + policy/modules/kernel/devices.te | 6 ++++++ + 2 files changed, 8 insertions(+) + +diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc +index 009887934..78a2a09f2 100644 +--- a/policy/modules/kernel/devices.fc ++++ b/policy/modules/kernel/devices.fc +@@ -165,6 +165,8 @@ ifdef(`distro_suse', ` + + /dev/dvb/.* -c gen_context(system_u:object_r:v4l_device_t,s0) + ++/dev/infiniband/.* -c gen_context(system_u:object_r:infiniband_device_t,s0) ++ + /dev/input/.* -c gen_context(system_u:object_r:event_device_t,s0) + /dev/input/m.* -c gen_context(system_u:object_r:mouse_device_t,s0) + /dev/input/.*mouse.* -c gen_context(system_u:object_r:mouse_device_t,s0) +diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te +index 068419502..8ac7c212c 100644 +--- a/policy/modules/kernel/devices.te ++++ b/policy/modules/kernel/devices.te +@@ -122,6 +122,12 @@ dev_node(freefall_device_t) + type gpiochip_device_t; + dev_node(gpiochip_device_t) + ++# ++# Type for /dev/infiniband/* ++# ++type infiniband_device_t; ++dev_node(infiniband_device_t) ++ + # + # Type for /dev/ipmi/0 + # +-- +2.25.1 + diff --git a/SPECS/selinux-policy/0032-storage-Add-fc-for-dev-ng-n-devices.patch b/SPECS/selinux-policy/0032-storage-Add-fc-for-dev-ng-n-devices.patch new file mode 100644 index 00000000000..75dab137b57 --- /dev/null +++ b/SPECS/selinux-policy/0032-storage-Add-fc-for-dev-ng-n-devices.patch @@ -0,0 +1,25 @@ +From 626347b70d714d36f141967a6e16f4b4d16f22d6 Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Mon, 23 May 2022 14:43:46 +0000 +Subject: [PATCH 32/37] storage: Add fc for /dev/ng*n* devices. + +Signed-off-by: Chris PeBenito +--- + policy/modules/kernel/storage.fc | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/policy/modules/kernel/storage.fc b/policy/modules/kernel/storage.fc +index 46395b8fc..3033ac4de 100644 +--- a/policy/modules/kernel/storage.fc ++++ b/policy/modules/kernel/storage.fc +@@ -35,6 +35,7 @@ + /dev/mtd.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) + /dev/mtd.* -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) + /dev/nb[^/]+ -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) ++/dev/ng[0-9]+n[0-9]+ -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) + /dev/nvme[0-9]+ -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) + /dev/nvme[0-9]n[^/]+ -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) + /dev/optcd -b gen_context(system_u:object_r:removable_device_t,s0) +-- +2.25.1 + diff --git a/SPECS/selinux-policy/0033-files-Add-prerequisite-access-for-files_mounton_non_.patch b/SPECS/selinux-policy/0033-files-Add-prerequisite-access-for-files_mounton_non_.patch new file mode 100644 index 00000000000..482066ee42d --- /dev/null +++ b/SPECS/selinux-policy/0033-files-Add-prerequisite-access-for-files_mounton_non_.patch @@ -0,0 +1,29 @@ +From 345031d046d934e236ccab588f148c4b0e166066 Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Mon, 23 May 2022 14:44:39 +0000 +Subject: [PATCH 33/37] files: Add prerequisite access for + files_mounton_non_security(). + +Signed-off-by: Chris PeBenito +--- + policy/modules/kernel/files.if | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if +index 97a54d998..75fdaa872 100644 +--- a/policy/modules/kernel/files.if ++++ b/policy/modules/kernel/files.if +@@ -568,8 +568,8 @@ interface(`files_mounton_non_security',` + attribute non_security_file_type; + ') + +- allow $1 non_security_file_type:dir mounton; +- allow $1 non_security_file_type:file mounton; ++ allow $1 non_security_file_type:dir { getattr search mounton }; ++ allow $1 non_security_file_type:file { getattr mounton }; + ') + + ######################################## +-- +2.25.1 + diff --git a/SPECS/selinux-policy/0034-files-Make-etc_runtime_t-a-config-file.patch b/SPECS/selinux-policy/0034-files-Make-etc_runtime_t-a-config-file.patch new file mode 100644 index 00000000000..ec0118b4c7c --- /dev/null +++ b/SPECS/selinux-policy/0034-files-Make-etc_runtime_t-a-config-file.patch @@ -0,0 +1,26 @@ +From 22df79fe65d1eb8199a6c7e50e569d2d21460ecb Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Mon, 23 May 2022 14:45:00 +0000 +Subject: [PATCH 34/37] files: Make etc_runtime_t a config file. + +Signed-off-by: Chris PeBenito +--- + policy/modules/kernel/files.te | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te +index c1775f65d..2691a8611 100644 +--- a/policy/modules/kernel/files.te ++++ b/policy/modules/kernel/files.te +@@ -72,7 +72,7 @@ optional_policy(` + # files in /etc that are automatically + # generated during initialization. + # +-type etc_runtime_t; ++type etc_runtime_t, configfile; + files_type(etc_runtime_t) + + # +-- +2.25.1 + diff --git a/SPECS/selinux-policy/0035-systemd-Fixes-for-coredumps-in-containers.patch b/SPECS/selinux-policy/0035-systemd-Fixes-for-coredumps-in-containers.patch new file mode 100644 index 00000000000..cbc5d746ca5 --- /dev/null +++ b/SPECS/selinux-policy/0035-systemd-Fixes-for-coredumps-in-containers.patch @@ -0,0 +1,91 @@ +From b938bbb30cd1d92b3a5993eff4e898b0fa16e1dd Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Mon, 23 May 2022 14:56:55 +0000 +Subject: [PATCH 35/37] systemd: Fixes for coredumps in containers. + +Signed-off-by: Chris PeBenito +--- + policy/modules/kernel/filesystem.if | 18 ++++++++++++++++++ + policy/modules/system/systemd.te | 18 ++++++++++++++---- + 2 files changed, 32 insertions(+), 4 deletions(-) + +diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if +index abaf52626..b3e5817b1 100644 +--- a/policy/modules/kernel/filesystem.if ++++ b/policy/modules/kernel/filesystem.if +@@ -3941,6 +3941,24 @@ interface(`fs_rw_nfsd_fs',` + rw_files_pattern($1, nfsd_fs_t, nfsd_fs_t) + ') + ++######################################## ++## ++## Get the attributes of nsfs inodes (e.g. /proc/pid/ns/uts) ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`fs_getattr_nsfs_files',` ++ gen_require(` ++ type nsfs_t; ++ ') ++ ++ allow $1 nsfs_t:file getattr_file_perms; ++') ++ + ######################################## + ## + ## Read nsfs inodes (e.g. /proc/pid/ns/uts) +diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te +index 8997f2ac1..48613bd20 100644 +--- a/policy/modules/system/systemd.te ++++ b/policy/modules/system/systemd.te +@@ -410,29 +410,39 @@ ifdef(`enable_mls',` + # coredump local policy + # + +-allow systemd_coredump_t self:unix_dgram_socket { create write connect getopt setopt }; +-allow systemd_coredump_t self:capability { setgid setuid setpcap }; +-allow systemd_coredump_t self:cap_userns sys_ptrace; ++allow systemd_coredump_t self:capability { setgid setuid setpcap sys_ptrace }; ++allow systemd_coredump_t self:cap_userns { sys_admin sys_ptrace }; + allow systemd_coredump_t self:process { getcap setcap setfscreate }; ++allow systemd_coredump_t self:unix_dgram_socket { create write connect getopt setopt }; ++allow systemd_coredump_t self:unix_stream_socket { create_stream_socket_perms connectto }; ++allow systemd_coredump_t self:fifo_file rw_inherited_fifo_file_perms; ++dontaudit systemd_coredump_t self:capability net_admin; + +-manage_files_pattern(systemd_coredump_t, systemd_coredump_var_lib_t, systemd_coredump_var_lib_t) ++mmap_manage_files_pattern(systemd_coredump_t, systemd_coredump_var_lib_t, systemd_coredump_var_lib_t) + + kernel_domtrans_to(systemd_coredump_t, systemd_coredump_exec_t) + kernel_read_kernel_sysctls(systemd_coredump_t) + kernel_read_system_state(systemd_coredump_t) + kernel_rw_pipes(systemd_coredump_t) + kernel_use_fds(systemd_coredump_t) ++kernel_read_crypto_sysctls(systemd_coredump_t) + + corecmd_exec_bin(systemd_coredump_t) + corecmd_read_all_executables(systemd_coredump_t) + + dev_write_kmsg(systemd_coredump_t) + ++domain_read_all_domains_state(systemd_coredump_t) ++ + files_getattr_all_mountpoints(systemd_coredump_t) + files_read_etc_files(systemd_coredump_t) + files_search_var_lib(systemd_coredump_t) ++files_mounton_root(systemd_coredump_t) + + fs_getattr_xattr_fs(systemd_coredump_t) ++fs_getattr_nsfs_files(systemd_coredump_t) ++fs_search_cgroup_dirs(systemd_coredump_t) ++fs_getattr_cgroup(systemd_coredump_t) + + selinux_getattr_fs(systemd_coredump_t) + +-- +2.25.1 + diff --git a/SPECS/selinux-policy/0036-container-Allow-container-engines-to-connect-to-http.patch b/SPECS/selinux-policy/0036-container-Allow-container-engines-to-connect-to-http.patch new file mode 100644 index 00000000000..4f2d589b987 --- /dev/null +++ b/SPECS/selinux-policy/0036-container-Allow-container-engines-to-connect-to-http.patch @@ -0,0 +1,72 @@ +From b8b83e5c125f8389a26fd31fd0638af3c283359c Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Mon, 23 May 2022 15:16:36 +0000 +Subject: [PATCH 36/37] container: Allow container engines to connect to http + cache ports. + +Signed-off-by: Chris PeBenito +--- + policy/modules/kernel/files.if | 19 +++++++++++++++++++ + policy/modules/services/container.te | 1 + + policy/modules/system/systemd.te | 3 +++ + 3 files changed, 23 insertions(+) + +diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if +index 75fdaa872..12e427b45 100644 +--- a/policy/modules/kernel/files.if ++++ b/policy/modules/kernel/files.if +@@ -5003,6 +5003,25 @@ interface(`files_purge_tmp',` + delete_sock_files_pattern($1, tmpfile, tmpfile) + ') + ++######################################## ++## ++## Get the attributes of all tmpfs files. ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`files_getattr_all_tmpfs_files',` ++ gen_require(` ++ attribute tmpfsfile; ++ ') ++ ++ getattr_files_pattern($1, tmpfsfile, tmpfsfile) ++ fs_search_tmpfs($1) ++') ++ + ######################################## + ## + ## Set the attributes of the /usr directory. +diff --git a/policy/modules/services/container.te b/policy/modules/services/container.te +index ea76c1096..64b1ad918 100644 +--- a/policy/modules/services/container.te ++++ b/policy/modules/services/container.te +@@ -381,6 +381,7 @@ corecmd_dontaudit_exec_all_executables(container_engine_domain) + + corenet_tcp_bind_generic_node(container_engine_domain) + corenet_tcp_connect_http_port(container_engine_domain) ++corenet_tcp_connect_http_cache_port(container_engine_domain) + corenet_tcp_bind_all_ports(container_engine_domain) + corenet_udp_bind_all_ports(container_engine_domain) + corenet_rw_tun_tap_dev(container_engine_domain) +diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te +index 48613bd20..21932008d 100644 +--- a/policy/modules/system/systemd.te ++++ b/policy/modules/system/systemd.te +@@ -809,6 +809,9 @@ dev_setattr_video_dev(systemd_logind_t) + domain_obj_id_change_exemption(systemd_logind_t) + + files_search_runtime(systemd_logind_t) ++# Getattr all shm segments as part of cleaning up the ++# segments of deleted ephemeral users. ++files_getattr_all_tmpfs_files(systemd_logind_t) + + fs_getattr_cgroup(systemd_logind_t) + fs_getattr_tmpfs(systemd_logind_t) +-- +2.25.1 + diff --git a/SPECS/selinux-policy/0037-container-Getattr-generic-device-nodes.patch b/SPECS/selinux-policy/0037-container-Getattr-generic-device-nodes.patch new file mode 100644 index 00000000000..fcde29404cc --- /dev/null +++ b/SPECS/selinux-policy/0037-container-Getattr-generic-device-nodes.patch @@ -0,0 +1,30 @@ +From c9669f332fb3095c3eb0681034959287312f2c3c Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Mon, 23 May 2022 15:23:27 +0000 +Subject: [PATCH 37/37] container: Getattr generic device nodes. + +There should be no device_t device nodes, but add access in case they +exist. Saw containerd fail to start containers if it couldn't stat() all +devices. + +Signed-off-by: Chris PeBenito +--- + policy/modules/services/container.te | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/policy/modules/services/container.te b/policy/modules/services/container.te +index 64b1ad918..709f2e214 100644 +--- a/policy/modules/services/container.te ++++ b/policy/modules/services/container.te +@@ -388,6 +388,8 @@ corenet_rw_tun_tap_dev(container_engine_domain) + + dev_getattr_all_blk_files(container_engine_domain) + dev_getattr_all_chr_files(container_engine_domain) ++dev_getattr_generic_blk_files(container_engine_domain) ++dev_getattr_generic_chr_files(container_engine_domain) + dev_setattr_null_dev(container_engine_domain) + dev_getattr_fs(container_engine_domain) + dev_remount_fs(container_engine_domain) +-- +2.25.1 + diff --git a/SPECS/selinux-policy/0038-application-Allow-apps-to-use-init-fds.patch b/SPECS/selinux-policy/0038-application-Allow-apps-to-use-init-fds.patch new file mode 100644 index 00000000000..22b97779663 --- /dev/null +++ b/SPECS/selinux-policy/0038-application-Allow-apps-to-use-init-fds.patch @@ -0,0 +1,36 @@ +From 3f78663febf3bcda679737b73b85bafba72b3639 Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Mon, 23 May 2022 20:45:58 +0000 +Subject: [PATCH 38/38] application: Allow apps to use init fds. + +This is needed for console/serial logins: + +avc: denied { use } for pid=767 comm="semodule" path="/dev/ttyS0" +dev="devtmpfs" ino=83 +scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 +tcontext=system_u:system_r:init_t:s0 tclass=fd permissive=0 + +Signed-off-by: Chris PeBenito +--- + policy/modules/system/application.te | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/policy/modules/system/application.te b/policy/modules/system/application.te +index 658aeed0a..810d8e6c6 100644 +--- a/policy/modules/system/application.te ++++ b/policy/modules/system/application.te +@@ -6,6 +6,11 @@ attribute application_domain_type; + # Executables to be run by user + attribute application_exec_type; + ++ifdef(`init_systemd',` ++ # Needed for console/serial logins. ++ init_use_fds(application_domain_type) ++') ++ + optional_policy(` + cron_sigchld(application_domain_type) + ') +-- +2.25.1 + diff --git a/SPECS/selinux-policy/selinux-policy.spec b/SPECS/selinux-policy/selinux-policy.spec index fdb0f6db833..3e4b2c7aaad 100644 --- a/SPECS/selinux-policy/selinux-policy.spec +++ b/SPECS/selinux-policy/selinux-policy.spec @@ -9,7 +9,7 @@ Summary: SELinux policy Name: selinux-policy Version: %{refpolicy_major}.%{refpolicy_minor} -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -47,6 +47,15 @@ Patch26: 0026-devices-Add-type-for-SAS-management-devices.patch Patch27: 0027-devices-Add-file-context-for-dev-vhost-vsock.patch Patch28: 0028-Add-dac_read_search-perms.patch Patch29: 0029-iptables-Ioctl-cgroup-dirs.patch +Patch30: 0030-container-allow-containers-to-manipulate-own-fds.patch +Patch31: 0031-devices-Add-type-for-infiniband-devices.patch +Patch32: 0032-storage-Add-fc-for-dev-ng-n-devices.patch +Patch33: 0033-files-Add-prerequisite-access-for-files_mounton_non_.patch +Patch34: 0034-files-Make-etc_runtime_t-a-config-file.patch +Patch35: 0035-systemd-Fixes-for-coredumps-in-containers.patch +Patch36: 0036-container-Allow-container-engines-to-connect-to-http.patch +Patch37: 0037-container-Getattr-generic-device-nodes.patch +Patch38: 0038-application-Allow-apps-to-use-init-fds.patch BuildRequires: bzip2 BuildRequires: checkpolicy >= %{CHECKPOLICYVER} BuildRequires: m4 @@ -323,6 +332,13 @@ exit 0 selinuxenabled && semodule -nB exit 0 %changelog +* Mon May 23 2022 Chris PeBenito - 2.20220106-6 +- Fix previous multipath LVM changes. +- Add types for devices. +- Cherry pick upstream commit for container fds. +- Allow container engines to connect to http cache ports. +- Allow container engines to stat() generic (device_t) devices. + * Mon May 02 2022 Chris PeBenito - 2.20220106-5 - Additional compatibility for Fedora container-selinux. - Remove unneeded systemd_run_t domain From 8c17a38e2243314e5328a60fe234a6a1ec073cc2 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Thu, 26 May 2022 09:35:02 -0700 Subject: [PATCH 17/21] `SPECS-EXTENDED` regression fixes: `efi-rpm-macros`, `libftdi`, and `python-mccabe`. (#3062) --- .../efi-rpm-macros.signatures.json | 2 +- .../efi-rpm-macros/efi-rpm-macros.spec | 54 ++++---- .../libftdi-1.5-fix_pkgconfig_path.patch | 44 ++++++ .../libftdi/libftdi-cmake_swig.patch | 21 --- .../libftdi/libftdi.signatures.json | 2 +- SPECS-EXTENDED/libftdi/libftdi.spec | 125 ++++++++---------- .../python-mccabe/python-mccabe.spec | 42 +++--- cgmanifest.json | 18 +-- 8 files changed, 161 insertions(+), 147 deletions(-) create mode 100644 SPECS-EXTENDED/libftdi/libftdi-1.5-fix_pkgconfig_path.patch delete mode 100644 SPECS-EXTENDED/libftdi/libftdi-cmake_swig.patch diff --git a/SPECS-EXTENDED/efi-rpm-macros/efi-rpm-macros.signatures.json b/SPECS-EXTENDED/efi-rpm-macros/efi-rpm-macros.signatures.json index 14421994b6e..e6b48c12496 100644 --- a/SPECS-EXTENDED/efi-rpm-macros/efi-rpm-macros.signatures.json +++ b/SPECS-EXTENDED/efi-rpm-macros/efi-rpm-macros.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "efi-rpm-macros-4.tar.bz2": "1cfb087532e591b78b967969180ef392f13c7404db6fba097a0d753e596fee92" + "efi-rpm-macros-4.tar.gz": "896865fd477441f74c0cbbc971f4622a91c1605041fd5a9127b02cc329b778ac" } } \ No newline at end of file diff --git a/SPECS-EXTENDED/efi-rpm-macros/efi-rpm-macros.spec b/SPECS-EXTENDED/efi-rpm-macros/efi-rpm-macros.spec index 3b58e649145..763f842c214 100644 --- a/SPECS-EXTENDED/efi-rpm-macros/efi-rpm-macros.spec +++ b/SPECS-EXTENDED/efi-rpm-macros/efi-rpm-macros.spec @@ -1,42 +1,45 @@ +%global debug_package %{nil} +%global _efi_vendor_ %(eval echo $(sed -n -e 's/rhel/redhat/' -e 's/^ID=//p' %{_sysconfdir}/os-release)) + +Summary: Common RPM Macros for building EFI-related packages +Name: efi-rpm-macros +Version: 4 +Release: 6%{?dist} +License: GPLv3 Vendor: Microsoft Corporation Distribution: Mariner -Summary: Common RPM Macros for building EFI-related packages -Name: efi-rpm-macros -Version: 4 -Release: 5%{?dist} -License: GPLv3+ -URL: https://github.com/rhboot/%{name}/ -BuildRequires: git sed -BuildRequires: bash -BuildArch: noarch - -Source0: https://github.com/rhboot/%{name}/releases/download/%{version}/%{name}-4.tar.bz2 +URL: https://github.com/rhboot/%{name}/ +Source0: https://github.com/rhboot/%{name}/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz -%global debug_package %{nil} -%global _efi_vendor_ %(eval echo $(sed -n -e 's/rhel/redhat/' -e 's/^ID=//p' /etc/os-release)) +BuildArch: noarch + +BuildRequires: %{_sysconfdir}/os-release +BuildRequires: bash +BuildRequires: git +BuildRequires: sed %description %{name} provides a set of RPM macros for use in EFI-related packages. %package -n efi-srpm-macros -Summary: Common SRPM Macros for building EFI-related packages -BuildArch: noarch -Requires: rpm +Summary: Common SRPM Macros for building EFI-related packages + +Requires: rpm %description -n efi-srpm-macros efi-srpm-macros provides a set of SRPM macros for use in EFI-related packages. %package -n efi-filesystem -Summary: The basic directory layout for EFI machines -BuildArch: noarch -Requires: filesystem +Summary: The basic directory layout for EFI machines + +Requires: filesystem %description -n efi-filesystem The efi-filesystem package contains the basic directory layout for EFI machine bootloaders and tools. %prep -%autosetup -S git -n %{name}-4 +%autosetup -S git git config --local --add efi.vendor "%{_efi_vendor_}" git config --local --add efi.esp-root /boot/efi git config --local --add efi.arches "x86_64 aarch64 %{arm} %{ix86}" @@ -47,14 +50,7 @@ git config --local --add efi.arches "x86_64 aarch64 %{arm} %{ix86}" %install %make_install SHELL=/bin/bash -#%%files -#%%{!?_licensedir:%%global license %%%%doc} -#%%license LICENSE -#%%doc README -#%%{_rpmmacrodir}/macros.efi - %files -n efi-srpm-macros -%{!?_licensedir:%global license %%doc} %license LICENSE %doc README %{_rpmmacrodir}/macros.efi-srpm @@ -68,6 +64,10 @@ git config --local --add efi.arches "x86_64 aarch64 %{arm} %{ix86}" %dir /boot/efi/EFI/%{_efi_vendor_} %changelog +* Wed May 25 2022 Pawel Winogrodzki - 4-6 +- Fixing package build by adding an explicit BR on '/etc/os-release'. +- License verified. + * Mon Jun 07 2021 Thomas Crain - 4-5 - Initial CBL-Mariner import from Fedora 32 (license: MIT). - Set shell to bash during make invocations, since the Makefile uses bash built-in commands diff --git a/SPECS-EXTENDED/libftdi/libftdi-1.5-fix_pkgconfig_path.patch b/SPECS-EXTENDED/libftdi/libftdi-1.5-fix_pkgconfig_path.patch new file mode 100644 index 00000000000..77980c742b4 --- /dev/null +++ b/SPECS-EXTENDED/libftdi/libftdi-1.5-fix_pkgconfig_path.patch @@ -0,0 +1,44 @@ +From cdb28383402d248dbc6062f4391b038375c52385 Mon Sep 17 00:00:00 2001 +From: Fabrice Fontaine +Date: Fri, 17 Jul 2020 21:25:03 +0200 +Subject: [PATCH] CMakeLists.txt: fix paths when FTDIPP is set + +Use the same project name (i.e. libftdi1 and not libftdipp1) when FTDIPP +is enabled as suggested by Aurelien Jarno in +http://developer.intra2net.com/mailarchive/html/libftdi/2020/msg00044.html + +Without this change, the libftdi1.pc config file defines the include +path as /usr/local/include/libftdipp1 while the ftdi.h file is actually +installed in /usr/local/include/libftdi1 + +This is an issue for example for libsigrok which will fail on: + +In file included from src/hardware/asix-sigma/protocol.c:27: +src/hardware/asix-sigma/protocol.h:28:10: fatal error: ftdi.h: No such file or directory + 28 | #include + | ^~~~~~~~ + +Fixes: + - http://autobuild.buildroot.org/results/1427f44e36752c337791597fab47a1889552a2fe + +Signed-off-by: Fabrice Fontaine +--- + CMakeLists.txt | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 5aecafc..3b0b87c 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -136,7 +136,7 @@ endif () + + add_subdirectory(src) + if ( FTDIPP ) +- project(libftdipp1 C CXX) ++ project(libftdi1 C CXX) + add_subdirectory(ftdipp) + endif () + if ( PYTHON_BINDINGS ) +-- +1.7.1 + diff --git a/SPECS-EXTENDED/libftdi/libftdi-cmake_swig.patch b/SPECS-EXTENDED/libftdi/libftdi-cmake_swig.patch deleted file mode 100644 index bbbdd464d72..00000000000 --- a/SPECS-EXTENDED/libftdi/libftdi-cmake_swig.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- a/python/CMakeLists.txt -+++ b/python/CMakeLists.txt -@@ -1,3 +1,7 @@ -+# swig_add_module is deprecated and SWIG_MODULE__REAL_NAME is no -+# longer set by default so set policy to the old behavior. -+cmake_policy(SET CMP0078 OLD) -+ - option ( PYTHON_BINDINGS "Build python bindings via swig" ON ) - option ( LINK_PYTHON_LIBRARY "Link against python libraries" ON ) - -@@ -24,8 +28,9 @@ if ( SWIG_FOUND AND PYTHONLIBS_FOUND AND - - if ( DOCUMENTATION AND DOXYGEN_FOUND ) - set(CMAKE_SWIG_FLAGS -DDOXYGEN=${DOXYGEN_FOUND}) -+ set_property(SOURCE ftdi1.i PROPERTY DEPENDS ftdi1_doc.i) - endif() -- swig_add_module ( ftdi1 python ftdi1.i ) -+ swig_add_library ( ftdi1 LANGUAGE python SOURCES ftdi1.i ) - swig_link_libraries ( ftdi1 ftdi1 ) - - if ( LINK_PYTHON_LIBRARY ) diff --git a/SPECS-EXTENDED/libftdi/libftdi.signatures.json b/SPECS-EXTENDED/libftdi/libftdi.signatures.json index 07b5fa371a6..c1f0cefb425 100644 --- a/SPECS-EXTENDED/libftdi/libftdi.signatures.json +++ b/SPECS-EXTENDED/libftdi/libftdi.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "libftdi1-1.4.tar.bz2": "ec36fb49080f834690c24008328a5ef42d3cf584ef4060f3a35aa4681cb31b74" + "libftdi1-1.5.tar.bz2": "7c7091e9c86196148bd41177b4590dccb1510bfe6cea5bf7407ff194482eb049" } } \ No newline at end of file diff --git a/SPECS-EXTENDED/libftdi/libftdi.spec b/SPECS-EXTENDED/libftdi/libftdi.spec index bfe32fc02f1..89b4e7a7151 100644 --- a/SPECS-EXTENDED/libftdi/libftdi.spec +++ b/SPECS-EXTENDED/libftdi/libftdi.spec @@ -1,69 +1,70 @@ +Summary: Library to program and control the FTDI USB controller +Name: libftdi +Version: 1.5 +Release: 1%{?dist} +License: BSD and GPLv2 Vendor: Microsoft Corporation Distribution: Mariner -Name: libftdi -Version: 1.4 -Release: 3%{?dist} -Summary: Library to program and control the FTDI USB controller - -License: LGPLv2 -URL: http://www.intra2net.com/de/produkte/opensource/ftdi/ -Source0: http://www.intra2net.com/en/developer/%{name}/download/%{name}1-%{version}.tar.bz2 - -# Swig requirements have changed in newer versions of CMake. -# This has been reported to the mailing list -Patch0: libftdi-cmake_swig.patch - -BuildRequires: cmake3 gcc-c++ -BuildRequires: doxygen -BuildRequires: boost-devel -BuildRequires: libconfuse-devel -BuildRequires: libusbx-devel -BuildRequires: python3-devel -BuildRequires: swig - -Requires: systemd - +URL: https://www.intra2net.com/en/developer/libftdi/ +Source0: https://www.intra2net.com/en/developer/%{name}/download/%{name}1-%{version}.tar.bz2 +# http://developer.intra2net.com/git/?p=libftdi;a=commitdiff;h=cdb28383402d248dbc6062f4391b038375c52385;hp=5c2c58e03ea999534e8cb64906c8ae8b15536c30 +Patch0: libftdi-1.5-fix_pkgconfig_path.patch + +BuildRequires: boost-devel +BuildRequires: cmake +BuildRequires: doxygen +BuildRequires: gcc +BuildRequires: gcc-c++ +BuildRequires: libconfuse-devel +BuildRequires: libusbx-devel +BuildRequires: make +BuildRequires: python3-devel +BuildRequires: swig +BuildRequires: systemd + +Requires: systemd %description A library (using libusb) to talk to FTDI's FT2232C, FT232BM and FT245BM type chips including the popular bitbang mode. %package devel -Summary: Header files and static libraries for libftdi -Requires: %{name}%{?_isa} = %{version}-%{release} -Requires: python3-%{name}%{?_isa} = %{version}-%{release} +Summary: Header files and static libraries for libftdi + +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: cmake-filesystem +Requires: python3-%{name}%{?_isa} = %{version}-%{release} %description devel Header files and static libraries for libftdi - %package -n python3-libftdi %{?python_provide:%python_provide python3-libftdi} -Summary: Libftdi library Python 3 binding -Requires: %{name}%{?_isa} = %{version}-%{release} +Summary: Libftdi library Python 3 binding + +Requires: %{name}%{?_isa} = %{version}-%{release} %description -n python3-libftdi Libftdi Python 3 Language bindings. - %package c++ -Summary: Libftdi library C++ binding -Requires: %{name}%{?_isa} = %{version}-%{release} +Summary: Libftdi library C++ binding + +Requires: %{name}%{?_isa} = %{version}-%{release} %description c++ Libftdi library C++ language binding. - %package c++-devel -Summary: Libftdi library C++ binding development headers and libraries -Requires: %{name}-devel = %{version}-%{release} -Requires: %{name}-c++ = %{version}-%{release} +Summary: Libftdi library C++ binding development headers and libraries + +Requires: %{name}-c++ = %{version}-%{release} +Requires: %{name}-devel = %{version}-%{release} %description c++-devel Libftdi library C++ binding development headers and libraries for building C++ applications with libftdi. - %prep %autosetup -p1 -n %{name}1-%{version} @@ -72,31 +73,16 @@ sed -i -e 's/GROUP="plugdev"/TAG+="uaccess"/g' packages/99-libftdi.rules %build -export CMAKE_PREFIX_PATH=%{_prefix} - -mkdir build-py3 && pushd build-py3 -%{cmake3} -DPython_ADDITIONAL_VERSIONS=%{python3_version} -DLIB_SUFFIX:STRING="" .. -%make_build -popd - -# Fix python sheband lines -find python/examples -type f -exec sed -i '1s=^#!/usr/bin/\(python\|env python\)[23]\?=#!%{__python3}=' {} + - +%cmake -DSTATICLIBS=off -DFTDIPP=on -DPYTHON_BINDINGS=on -DDOCUMENTATION=on -DLIB_SUFFIX:STRING="" . +%cmake_build %install -pushd build-py3 -%make_install -popd - -mkdir -p %{buildroot}/lib/udev/rules.d/ -install -pm 0644 packages/99-libftdi.rules %{buildroot}/lib/udev/rules.d/69-libftdi.rules +%cmake_install -find %{buildroot} -type f -name "*.la" -delete -find %{buildroot} -type f -name "*.a" -delete +install -D -pm 0644 packages/99-libftdi.rules %{buildroot}%{_udevrulesdir}/69-libftdi.rules -#no man install -mkdir -p %{buildroot}%{_mandir}/man3 -install -pm 0644 build-py3/doc/man/man3/*.3 %{buildroot}%{_mandir}/man3 +mkdir -p %{buildroot}%{_libdir}/udev/rules.d/ +install -pm 0644 packages/99-libftdi.rules %{buildroot}%{_libdir}/udev/rules.d/69-libftdi.rules # Cleanup examples rm -f %{buildroot}%{_bindir}/simple @@ -109,9 +95,9 @@ rm -f %{buildroot}%{_bindir}/find_all_pp rm -f %{buildroot}%{_bindir}/baud_test rm -f %{buildroot}%{_bindir}/serial_read rm -f %{buildroot}%{_bindir}/serial_test -rm -rf %{buildroot}%{_libdir}/cmake* -rm -rf %{buildroot}%{_datadir}/doc/libftdi1/example.conf +rm -f %{buildroot}%{_docdir}/libftdi1/example.conf +rm -f %{buildroot}%{_docdir}/libftdipp1/example.conf %check @@ -119,20 +105,20 @@ rm -rf %{buildroot}%{_datadir}/doc/libftdi1/example.conf %files -%license COPYING.LIB -%doc AUTHORS ChangeLog README +%license COPYING-CMAKE-SCRIPTS COPYING.LIB %{_libdir}/libftdi1.so.2* -/lib/udev/rules.d/69-libftdi.rules +%{_udevrulesdir}/69-libftdi.rules %files devel -%doc build-py3/doc/html +%doc AUTHORS ChangeLog %doc %{_datadir}/libftdi/examples +%dir %{_includedir}/libftdi1 %{_bindir}/ftdi_eeprom %{_bindir}/libftdi1-config +%{_includedir}/libftdi1/*.h %{_libdir}/libftdi1.so -%{_includedir}/libftdi1 %{_libdir}/pkgconfig/libftdi1.pc -%{_mandir}/man3/* +%{_libdir}/cmake/libftdi1/ %files -n python3-libftdi %{python3_sitearch}/* @@ -143,15 +129,18 @@ rm -rf %{buildroot}%{_datadir}/doc/libftdi1/example.conf %files c++-devel %{_libdir}/libftdipp1.so -%{_includedir}/libftdi1/*hpp +%{_includedir}/libftdi1/*.hpp %{_libdir}/pkgconfig/libftdipp1.pc %ldconfig_scriptlets %ldconfig_scriptlets c++ - %changelog +* Wed May 25 2022 Pawel Winogrodzki - 1.5-1 +- Updating to 1.5 using Fedora 36 (license: MIT) for guidance. +- License verified. + * Wed Jun 02 2021 Thomas Crain - 1.4-3 - Initial CBL-Mariner import from Fedora 32 (license: MIT). - Explicitly set an empty libdir suffix for CMake diff --git a/SPECS-EXTENDED/python-mccabe/python-mccabe.spec b/SPECS-EXTENDED/python-mccabe/python-mccabe.spec index 1b2c51c1621..73a12e32a10 100644 --- a/SPECS-EXTENDED/python-mccabe/python-mccabe.spec +++ b/SPECS-EXTENDED/python-mccabe/python-mccabe.spec @@ -1,17 +1,24 @@ +%global modname mccabe + +Summary: McCabe complexity checker +Name: python-%{modname} +Version: 0.6.1 +Release: 18%{?dist} +License: MIT Vendor: Microsoft Corporation Distribution: Mariner -%global modname mccabe -Name: python-%{modname} -Version: 0.6.1 -Release: 17%{?dist} -Summary: McCabe complexity checker -License: MIT -URL: http://pypi.python.org/pypi/mccabe -Source0: https://files.pythonhosted.org/packages/source/m/%{modname}/%{modname}-%{version}.tar.gz#/python-%{modname}-%{version}.tar.gz -BuildArch: noarch +URL: https://pypi.python.org/pypi/mccabe +Source0: https://files.pythonhosted.org/packages/source/m/%{modname}/%{modname}-%{version}.tar.gz#/python-%{modname}-%{version}.tar.gz + +BuildArch: noarch + +BuildRequires: python%{python3_pkgversion}-devel +BuildRequires: python%{python3_pkgversion}-pytest +BuildRequires: python%{python3_pkgversion}-pytest-runner +BuildRequires: python%{python3_pkgversion}-setuptools %if %{with_check} -BuildRequires: python3-pip +BuildRequires: python3-pip %endif %description @@ -21,10 +28,8 @@ This module provides a plugin for flake8, the Python code checker. %package -n python%{python3_pkgversion}-%{modname} -Summary: McCabe checker, plugin for flake8 -BuildRequires: python%{python3_pkgversion}-devel -BuildRequires: python%{python3_pkgversion}-setuptools %{?python_provide:%python_provide python%{python3_pkgversion}-%{modname}} +Summary: McCabe checker, plugin for flake8 %description -n python%{python3_pkgversion}-%{modname} Ned's script to check McCabe complexity. @@ -32,23 +37,18 @@ Ned's script to check McCabe complexity. This module provides a plugin for flake8, the Python code checker. - %prep %autosetup -n %{modname}-%{version} - %build %py3_build - %install %py3_install - %check pip3 install pytest -%{__python3} -m pytest -v - +python3 -m pytest -v %files -n python%{python3_pkgversion}-%{modname} %license LICENSE @@ -57,8 +57,10 @@ pip3 install pytest %{python3_sitelib}/%{modname}-%{version}-* %{python3_sitelib}/__pycache__/%{modname}.* - %changelog +* Wed May 25 2022 Pawel Winogrodzki - 0.6.1-18 +- Bringing back removed BRs to fix package build. + * Thu Apr 28 2022 Muhammad Falak - 0.6.1-17 - Drop BR on pytest & pip install latest deps to enable ptest - License verified diff --git a/cgmanifest.json b/cgmanifest.json index 5d4f34334cc..07df68c53c5 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -2739,7 +2739,7 @@ "other": { "name": "efi-rpm-macros", "version": "4", - "downloadUrl": "https://github.com/rhboot/efi-rpm-macros/releases/download/4/efi-rpm-macros-4.tar.bz2" + "downloadUrl": "https://github.com/rhboot/efi-rpm-macros/archive/refs/tags/4.tar.gz" } } }, @@ -8211,8 +8211,8 @@ "type": "other", "other": { "name": "libftdi", - "version": "1.4", - "downloadUrl": "http://www.intra2net.com/en/developer/libftdi/download/libftdi1-1.4.tar.bz2" + "version": "1.5", + "downloadUrl": "https://www.intra2net.com/en/developer/libftdi/download/libftdi1-1.5.tar.bz2" } } }, @@ -24294,9 +24294,9 @@ "component": { "type": "other", "other": { - "name": "sdparm", - "version": "1.11", - "downloadUrl": "http://sg.danny.cz/sg/p/sdparm-1.11.tgz" + "name": "sdbus-cpp", + "version": "1.1.0", + "downloadUrl": "https://github.com/Kistler-Group/sdbus-cpp/archive/refs/tags/v1.1.0.tar.gz" } } }, @@ -24304,9 +24304,9 @@ "component": { "type": "other", "other": { - "name": "sdbus-cpp", - "version": "1.1.0", - "downloadUrl": "https://github.com/Kistler-Group/sdbus-cpp/archive/refs/tags/v1.1.0.tar.gz" + "name": "sdparm", + "version": "1.11", + "downloadUrl": "http://sg.danny.cz/sg/p/sdparm-1.11.tgz" } } }, From eb9bb8360bbaff71cf6ec7749f9b0ebb7c2ecce5 Mon Sep 17 00:00:00 2001 From: Cameron E Baird Date: Thu, 26 May 2022 11:42:59 -0700 Subject: [PATCH 18/21] Update kernel source to 5.15.41.1 to address CVE-2022-28893, CVE-2022-29581 (#3063) * Nopatch CVE-2020-35501 * Kernel update script --> 5.15.41.1 * correct hashes * correct kernel-rt signature; don't auto update kernel-rt (we need to check for a patch-version) * re-fix sig * Address more cves * fix kernel-rt cgmanifest entry * fix dockerfile and update_kernel script tag * remove tag errors in cgman * use nifty new cve tool to generate more accurate nopatch --- SPECS-SIGNED/kernel-signed/kernel-signed.spec | 7 +++++-- .../hyperv-daemons/hyperv-daemons.signatures.json | 2 +- SPECS/hyperv-daemons/hyperv-daemons.spec | 5 ++++- .../kernel-headers/kernel-headers.signatures.json | 2 +- SPECS/kernel-headers/kernel-headers.spec | 7 +++++-- SPECS/kernel/CVE-2020-35501.nopatch | 4 ++++ SPECS/kernel/CVE-2022-28893.nopatch | 3 +++ SPECS/kernel/CVE-2022-29581.nopatch | 2 ++ SPECS/kernel/config | 2 +- SPECS/kernel/config_aarch64 | 2 +- SPECS/kernel/kernel.signatures.json | 6 +++--- SPECS/kernel/kernel.spec | 8 ++++++-- cgmanifest.json | 14 +++++++------- .../manifests/package/pkggen_core_aarch64.txt | 2 +- .../manifests/package/pkggen_core_x86_64.txt | 2 +- .../manifests/package/toolchain_aarch64.txt | 2 +- .../manifests/package/toolchain_x86_64.txt | 2 +- toolkit/scripts/toolchain/container/Dockerfile | 2 +- .../toolchain/container/toolchain-sha256sums | 2 +- .../container/toolchain_build_in_chroot.sh | 8 ++++---- .../container/toolchain_build_temp_tools.sh | 8 ++++---- toolkit/scripts/update_kernel.sh | 6 +++--- 22 files changed, 60 insertions(+), 38 deletions(-) create mode 100644 SPECS/kernel/CVE-2020-35501.nopatch create mode 100644 SPECS/kernel/CVE-2022-28893.nopatch create mode 100644 SPECS/kernel/CVE-2022-29581.nopatch diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec index dcd173f004d..2cd5b030b2a 100644 --- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec +++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec @@ -9,8 +9,8 @@ %define uname_r %{version}-%{release} Summary: Signed Linux Kernel for %{buildarch} systems Name: kernel-signed-%{buildarch} -Version: 5.15.37.1 -Release: 3%{?dist} +Version: 5.15.41.1 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -153,6 +153,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %exclude /module_info.ld %changelog +* Tue May 24 2022 Cameron Baird - 5.15.41.1-1 +- Update source to 5.15.41.1 + * Tue May 24 2022 Neha Agarwal - 5.15.37.1-3 - Bump release number to match kernel release diff --git a/SPECS/hyperv-daemons/hyperv-daemons.signatures.json b/SPECS/hyperv-daemons/hyperv-daemons.signatures.json index 38191835272..c19525c92e9 100644 --- a/SPECS/hyperv-daemons/hyperv-daemons.signatures.json +++ b/SPECS/hyperv-daemons/hyperv-daemons.signatures.json @@ -7,6 +7,6 @@ "hypervkvpd.service": "25339871302f7a47e1aecfa9fc2586c78bc37edb98773752f0a5dec30f0ed3a1", "hypervvss.rules": "94cead44245ef6553ab79c0bbac8419e3ff4b241f01bcec66e6f508098cbedd1", "hypervvssd.service": "22270d9f0f23af4ea7905f19c1d5d5495e40c1f782cbb87a99f8aec5a011078d", - "kernel-5.15.37.1.tar.gz": "d104e2a9055b470ddd8e08bfffb14f46c237cefee39b4711e3a35b304e4a6303" + "kernel-5.15.41.1.tar.gz": "4542445b0a8d155c2079d3be8bd8cdcc2509348abf42743da408633bf1de8b82" } } \ No newline at end of file diff --git a/SPECS/hyperv-daemons/hyperv-daemons.spec b/SPECS/hyperv-daemons/hyperv-daemons.spec index 0b65a17d741..31c035a063d 100644 --- a/SPECS/hyperv-daemons/hyperv-daemons.spec +++ b/SPECS/hyperv-daemons/hyperv-daemons.spec @@ -8,7 +8,7 @@ %global udev_prefix 70 Summary: Hyper-V daemons suite Name: hyperv-daemons -Version: 5.15.37.1 +Version: 5.15.41.1 Release: 1%{?dist} License: GPLv2+ Vendor: Microsoft Corporation @@ -219,6 +219,9 @@ fi %{_sbindir}/lsvmbus %changelog +* Tue May 24 2022 Cameron Baird - 5.15.41.1-1 +- Update source to 5.15.41.1 + * Mon May 09 2022 Neha Agarwal - 5.15.37.1-1 - Update source to 5.15.37.1 diff --git a/SPECS/kernel-headers/kernel-headers.signatures.json b/SPECS/kernel-headers/kernel-headers.signatures.json index e1614f7819c..c7651bcb179 100644 --- a/SPECS/kernel-headers/kernel-headers.signatures.json +++ b/SPECS/kernel-headers/kernel-headers.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "kernel-5.15.37.1.tar.gz": "d104e2a9055b470ddd8e08bfffb14f46c237cefee39b4711e3a35b304e4a6303" + "kernel-5.15.41.1.tar.gz": "4542445b0a8d155c2079d3be8bd8cdcc2509348abf42743da408633bf1de8b82" } } \ No newline at end of file diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec index ab808b1782f..55272f1a074 100644 --- a/SPECS/kernel-headers/kernel-headers.spec +++ b/SPECS/kernel-headers/kernel-headers.spec @@ -1,7 +1,7 @@ Summary: Linux API header files Name: kernel-headers -Version: 5.15.37.1 -Release: 3%{?dist} +Version: 5.15.41.1 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -37,6 +37,9 @@ cp -rv usr/include/* /%{buildroot}%{_includedir} %{_includedir}/* %changelog +* Tue May 24 2022 Cameron Baird - 5.15.41.1-1 +- Update source to 5.15.41.1 + * Tue May 24 2022 Neha Agarwal - 5.15.37.1-3 - Bump release number to match kernel release diff --git a/SPECS/kernel/CVE-2020-35501.nopatch b/SPECS/kernel/CVE-2020-35501.nopatch new file mode 100644 index 00000000000..9a11f27f283 --- /dev/null +++ b/SPECS/kernel/CVE-2020-35501.nopatch @@ -0,0 +1,4 @@ +CVE-2020-35501 - No upstream fix. Vulnerability is low severity. +Users can mitigate the vulnerability by using the 'syscall auditing feature' +by passing open_by_handle_at to rules. Existing auditing ruleset requirements +generally use this mechanism. \ No newline at end of file diff --git a/SPECS/kernel/CVE-2022-28893.nopatch b/SPECS/kernel/CVE-2022-28893.nopatch new file mode 100644 index 00000000000..20f6314cd78 --- /dev/null +++ b/SPECS/kernel/CVE-2022-28893.nopatch @@ -0,0 +1,3 @@ +CVE-2022-28893 - Fix already present in 5.15.41: +Upstream: f00432063db1a0db484e85193eccc6845435b80e +Stable: 54f6834b283d9b4d070b0639d9ef5e1d156fe7b0 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2022-29581.nopatch b/SPECS/kernel/CVE-2022-29581.nopatch new file mode 100644 index 00000000000..abfa046301a --- /dev/null +++ b/SPECS/kernel/CVE-2022-29581.nopatch @@ -0,0 +1,2 @@ +CVE-2022-29581 - patched in 5.15.36 - (generated by autopatch tool) +upstream 3db09e762dc79584a69c10d74a6b98f89a9979f8 - stable ba9e9a794fd1689bf7e8a7452c55f3d3cbda7728 \ No newline at end of file diff --git a/SPECS/kernel/config b/SPECS/kernel/config index b2eef6d7e14..faf3b446ba1 100644 --- a/SPECS/kernel/config +++ b/SPECS/kernel/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.15.37.1 Kernel Configuration +# Linux/x86_64 5.15.41.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y diff --git a/SPECS/kernel/config_aarch64 b/SPECS/kernel/config_aarch64 index a2125dc0e8b..d487305d72c 100644 --- a/SPECS/kernel/config_aarch64 +++ b/SPECS/kernel/config_aarch64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 5.15.37.1 Kernel Configuration +# Linux/arm64 5.15.41.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json index 0ef333ca389..f02cf5c7537 100644 --- a/SPECS/kernel/kernel.signatures.json +++ b/SPECS/kernel/kernel.signatures.json @@ -1,9 +1,9 @@ { "Signatures": { "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0", - "config": "3cabd319bf43e024e72845aded0ad38944e23638758072173fcf726b50fc585d", - "config_aarch64": "bb57007c3507e676ec99e8c913e040b6e59762bc8449e7acc03423e09c5808dc", - "kernel-5.15.37.1.tar.gz": "d104e2a9055b470ddd8e08bfffb14f46c237cefee39b4711e3a35b304e4a6303", + "config": "138984568d28a88964abdc5833a4492ffacab83ffd7b9b0cf08fb27fc1c2d60b", + "config_aarch64": "eabc1de118f0cf7b3cfd6842b28264247af6d8dc55db02412ad37c5aed262205", + "kernel-5.15.41.1.tar.gz": "4542445b0a8d155c2079d3be8bd8cdcc2509348abf42743da408633bf1de8b82", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f" } } diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec index 5ed18d5e4b5..88d38872e5f 100644 --- a/SPECS/kernel/kernel.spec +++ b/SPECS/kernel/kernel.spec @@ -6,8 +6,8 @@ %endif Summary: Linux Kernel Name: kernel -Version: 5.15.37.1 -Release: 3%{?dist} +Version: 5.15.41.1 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -366,6 +366,10 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Tue May 24 2022 Cameron Baird - 5.15.41.1-1 +- Update source to 5.15.41.1 +- Nopatch CVE-2020-35501, CVE-2022-28893, CVE-2022-29581 + * Mon May 23 2022 Neha Agarwal - 5.15.37.1-3 - Fix configs to bring down initrd boot time diff --git a/cgmanifest.json b/cgmanifest.json index 07df68c53c5..65f14c319ea 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -5730,8 +5730,8 @@ "type": "other", "other": { "name": "hyperv-daemons", - "version": "5.15.37.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.37.1.tar.gz" + "version": "5.15.41.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.41.1.tar.gz" } } }, @@ -7171,8 +7171,8 @@ "type": "other", "other": { "name": "kernel", - "version": "5.15.37.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.37.1.tar.gz" + "version": "5.15.41.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.41.1.tar.gz" } } }, @@ -7181,8 +7181,8 @@ "type": "other", "other": { "name": "kernel-headers", - "version": "5.15.37.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.37.1.tar.gz" + "version": "5.15.41.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.41.1.tar.gz" } } }, @@ -7192,7 +7192,7 @@ "other": { "name": "kernel-rt", "version": "5.15.34.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.34.1.tar.gz" + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.15.34.1.tar.gz" } } }, diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 662a531677c..9fa2358c8b3 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,5 +1,5 @@ filesystem-1.1-9.cm2.aarch64.rpm -kernel-headers-5.15.37.1-3.cm2.noarch.rpm +kernel-headers-5.15.41.1-1.cm2.noarch.rpm glibc-2.35-2.cm2.aarch64.rpm glibc-devel-2.35-2.cm2.aarch64.rpm glibc-i18n-2.35-2.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 93ff6e37d0e..d6a52228b32 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,5 +1,5 @@ filesystem-1.1-9.cm2.x86_64.rpm -kernel-headers-5.15.37.1-3.cm2.noarch.rpm +kernel-headers-5.15.41.1-1.cm2.noarch.rpm glibc-2.35-2.cm2.x86_64.rpm glibc-devel-2.35-2.cm2.x86_64.rpm glibc-i18n-2.35-2.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 7f14dc90695..8ceea246b18 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -131,7 +131,7 @@ intltool-0.51.0-7.cm2.noarch.rpm itstool-2.0.6-4.cm2.noarch.rpm kbd-2.2.0-1.cm2.aarch64.rpm kbd-debuginfo-2.2.0-1.cm2.aarch64.rpm -kernel-headers-5.15.37.1-3.cm2.noarch.rpm +kernel-headers-5.15.41.1-1.cm2.noarch.rpm kmod-29-1.cm2.aarch64.rpm kmod-debuginfo-29-1.cm2.aarch64.rpm kmod-devel-29-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index f59b868968d..3ba100f1099 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -131,7 +131,7 @@ intltool-0.51.0-7.cm2.noarch.rpm itstool-2.0.6-4.cm2.noarch.rpm kbd-2.2.0-1.cm2.x86_64.rpm kbd-debuginfo-2.2.0-1.cm2.x86_64.rpm -kernel-headers-5.15.37.1-3.cm2.noarch.rpm +kernel-headers-5.15.41.1-1.cm2.noarch.rpm kmod-29-1.cm2.x86_64.rpm kmod-debuginfo-29-1.cm2.x86_64.rpm kmod-devel-29-1.cm2.x86_64.rpm diff --git a/toolkit/scripts/toolchain/container/Dockerfile b/toolkit/scripts/toolchain/container/Dockerfile index fb5eecf3996..ab82d7e33d5 100644 --- a/toolkit/scripts/toolchain/container/Dockerfile +++ b/toolkit/scripts/toolchain/container/Dockerfile @@ -57,7 +57,7 @@ COPY [ "./toolchain-sha256sums", \ WORKDIR $LFS/sources RUN wget -nv --no-clobber --timeout=30 --continue --input-file=$LFS/tools/toolchain-local-wget-list --directory-prefix=$LFS/sources; exit 0 RUN wget -nv --no-clobber --timeout=30 --continue --input-file=$LFS/tools/toolchain-remote-wget-list --directory-prefix=$LFS/sources; exit 0 -RUN wget -nv --no-clobber --timeout=30 --continue https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.37.1.tar.gz -O kernel-5.15.37.1.tar.gz --directory-prefix=$LFS/sources; exit 0 +RUN wget -nv --no-clobber --timeout=30 --continue https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.41.1.tar.gz -O kernel-5.15.41.1.tar.gz --directory-prefix=$LFS/sources; exit 0 USER root RUN sha256sum -c $LFS/tools/toolchain-sha256sums && \ groupadd lfs && \ diff --git a/toolkit/scripts/toolchain/container/toolchain-sha256sums b/toolkit/scripts/toolchain/container/toolchain-sha256sums index 60671bb971a..bf4eac0577f 100644 --- a/toolkit/scripts/toolchain/container/toolchain-sha256sums +++ b/toolkit/scripts/toolchain/container/toolchain-sha256sums @@ -26,7 +26,7 @@ fd4829912cddd12f84181c3451cc752be224643e87fac497b69edddadc49b4f2 gmp-6.2.1.tar. 5c10da312460aec721984d5d83246d24520ec438dd48d7ab5a05dbc0d6d6823c grep-3.7.tar.xz 3a48a9d6c97750bfbd535feeb5be0111db6406ddb7bb79fc680809cda6d828a5 groff-1.22.3.tar.gz 9b9a95d68fdcb936849a4d6fada8bf8686cddf58b9b26c9c4289ed0c92a77907 gzip-1.11.tar.xz -d104e2a9055b470ddd8e08bfffb14f46c237cefee39b4711e3a35b304e4a6303 kernel-5.15.37.1.tar.gz +4542445b0a8d155c2079d3be8bd8cdcc2509348abf42743da408633bf1de8b82 kernel-5.15.41.1.tar.gz a36613695ffa2905fdedc997b6df04a3006ccfd71d747a339b78aa8412c3d852 libarchive-3.6.0.tar.gz 06a92076ce39a78bd28089e32085f1bde7f3bfa448fad37d895c2358f760b2eb libcap-2.60.tar.xz 0d72e12e4f2afff67fd7b9df0a24d7ba42b5a7c9211ac5b3dcccc5cd8b286f2b libpipeline-1.5.0.tar.gz diff --git a/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh b/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh index 02946f6fd98..e42502fd47e 100755 --- a/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh +++ b/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh @@ -67,14 +67,14 @@ set -e # cd /sources -echo Linux-5.15.37.1 API Headers -tar xf kernel-5.15.37.1.tar.gz -pushd CBL-Mariner-Linux-Kernel-rolling-lts-mariner-2-5.15.37.1 +echo Linux-5.15.41.1 API Headers +tar xf kernel-5.15.41.1.tar.gz +pushd CBL-Mariner-Linux-Kernel-rolling-lts-mariner-2-5.15.41.1 make mrproper make headers cp -rv usr/include/* /usr/include popd -rm -rf CBL-Mariner-Linux-Kernel-rolling-lts-mariner-2-5.15.37.1 +rm -rf CBL-Mariner-Linux-Kernel-rolling-lts-mariner-2-5.15.41.1 touch /logs/status_kernel_headers_complete echo 6.8. Man-pages-5.02 diff --git a/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh b/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh index 66ad79af5c2..55646fb0910 100755 --- a/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh +++ b/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh @@ -114,14 +114,14 @@ rm -rf gcc-11.2.0 touch $LFS/logs/temptoolchain/status_gcc_pass1_complete -echo Linux-5.15.37.1 API Headers -tar xf kernel-5.15.37.1.tar.gz -pushd CBL-Mariner-Linux-Kernel-rolling-lts-mariner-2-5.15.37.1 +echo Linux-5.15.41.1 API Headers +tar xf kernel-5.15.41.1.tar.gz +pushd CBL-Mariner-Linux-Kernel-rolling-lts-mariner-2-5.15.41.1 make mrproper make headers cp -rv usr/include/* /tools/include popd -rm -rf CBL-Mariner-Linux-Kernel-rolling-lts-mariner-2-5.15.37.1 +rm -rf CBL-Mariner-Linux-Kernel-rolling-lts-mariner-2-5.15.41.1 touch $LFS/logs/temptoolchain/status_kernel_headers_complete diff --git a/toolkit/scripts/update_kernel.sh b/toolkit/scripts/update_kernel.sh index f351533eb5a..ca431603def 100755 --- a/toolkit/scripts/update_kernel.sh +++ b/toolkit/scripts/update_kernel.sh @@ -239,15 +239,15 @@ if [[ -z $WORKSPACE ]]; then fi # Create globals -TAG="rolling-lts/mariner/$VERSION" +TAG="rolling-lts/mariner-2/$VERSION" TMPDIR="tmp-dir" -SPECS="kernel-headers kernel kernel-rt hyperv-daemons" +SPECS="kernel-headers kernel hyperv-daemons" DEFAULT_URL="https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/" DEFAULT_EXTENSION=".tar.gz" FULL_URL=$DEFAULT_URL$TAG$DEFAULT_EXTENSION TARBALL_NAME="kernel-$VERSION$DEFAULT_EXTENSION" DOWNLOAD_FILE_PATH=$TMPDIR/$TARBALL_NAME -SPECS="kernel-headers kernel kernel-rt hyperv-daemons" +SPECS="kernel-headers kernel hyperv-daemons" SIGNED_SPECS="kernel-signed" NEW_RELEASE_NUMBER="Release: 1%{?dist}" CHANGELOG_ENTRY="Update source to $NEW_KERNEL_VERSION" From 59fff5466547754231148a363bd630208ca1210a Mon Sep 17 00:00:00 2001 From: Cameron E Baird Date: Thu, 26 May 2022 14:53:32 -0700 Subject: [PATCH 19/21] Update pcre2 to v10.40 to address CVE-2022-1586, CVE-2022-1587 (#3067) * Address pcre2 critical cves * undo unneeded setup macro change --- SPECS/pcre2/pcre2.signatures.json | 2 +- SPECS/pcre2/pcre2.spec | 5 ++++- cgmanifest.json | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/SPECS/pcre2/pcre2.signatures.json b/SPECS/pcre2/pcre2.signatures.json index 77213d024cc..b2f45eda0e1 100644 --- a/SPECS/pcre2/pcre2.signatures.json +++ b/SPECS/pcre2/pcre2.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "pcre2-10.39.tar.bz2": "0f03caf57f81d9ff362ac28cd389c055ec2bf0678d277349a1a4bee00ad6d440" + "pcre2-10.40.tar.bz2": "14e4b83c4783933dc17e964318e6324f7cae1bc75d8f3c79bc6969f00c159d68" } } \ No newline at end of file diff --git a/SPECS/pcre2/pcre2.spec b/SPECS/pcre2/pcre2.spec index abbbf322607..c106dff6663 100644 --- a/SPECS/pcre2/pcre2.spec +++ b/SPECS/pcre2/pcre2.spec @@ -1,6 +1,6 @@ Summary: A library for Perl-compatible regular expressions Name: pcre2 -Version: 10.39 +Version: 10.40 Release: 1%{?dist} License: BSD Vendor: Microsoft Corporation @@ -238,6 +238,9 @@ make check -j1 %{_libdir}/*.a %changelog +* Thu May 26 2022 Cameron Baird - 10.40-1 +- Upgrading to v10.40 to address CVE-2022-1586, CVE-2022-1587 + * Tue Feb 15 2022 Max Brodeur-Urbas - 10.39-1 - Upgrading to v10.39 - Fixing source URL. diff --git a/cgmanifest.json b/cgmanifest.json index 65f14c319ea..f74fd207837 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -13904,8 +13904,8 @@ "type": "other", "other": { "name": "pcre2", - "version": "10.39", - "downloadUrl": "https://github.com/PhilipHazel/pcre2/releases/download/pcre2-10.39/pcre2-10.39.tar.bz2" + "version": "10.40", + "downloadUrl": "https://github.com/PhilipHazel/pcre2/releases/download/pcre2-10.40/pcre2-10.40.tar.bz2" } } }, From 024943f05cd616b6d5e7c6b367264567675a27c3 Mon Sep 17 00:00:00 2001 From: jslobodzian Date: Thu, 26 May 2022 15:33:57 -0700 Subject: [PATCH 20/21] Add Mariner 2.0 ISO Download and reflect changes from 1.0 (#3066) * Add Mariner 2.0 ISO Download and reflect changes from 1.0 * Add line break --- README.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d6579860806..f9c8b382322 100644 --- a/README.md +++ b/README.md @@ -16,8 +16,17 @@ Whether deployed as a container or a container host, CBL-Mariner consumes limite When security vulnerabilities arise, CBL-Mariner supports both a package-based update model and an image based update model. Leveraging the common [RPM Package Manager](https://rpm.org/) system, CBL-Mariner makes the latest security patches and fixes available for download with the goal of fast turn-around times. # Getting Started with CBL-Mariner: +Build +Instructions for building CBL-Mariner may be found here: Toolkit Documentation. -Instructions for building CBL-Mariner may be found here: [Toolkit Documentation](./toolkit/README.md) +ISO +You can try CBL-Mariner with the following ISO Image: +- [Mariner 2.0 x86_64 ISO](https://aka.ms/mariner-2.0-x86_64-iso). +- [Mariner 1.0 x86_64 ISO](https://aka.ms/mariner-1.0-x86_64-iso). + +After downloading the ISO, use these instructions to install and use in a Hyper-V VM. + +Note: Support for the ISO is community based. Before filing a new bug or feature request, please search the list of Github Issues. If you are unable to find a matching issue, please report new bugs by clicking here or create a new feature request by clicking here. For additional information refer to the support.md file. # Trademarks From 8c3cf71ce1b93d68a636fcbccd5a72f155fe2a23 Mon Sep 17 00:00:00 2001 From: jslobodzian Date: Thu, 26 May 2022 21:58:02 -0700 Subject: [PATCH 21/21] Reduce base RPM package size, re-add in container image (#3056) * Reduce rpm size and reinstate in container image * Updated per code review comments --- SPECS/core-packages/core-packages.spec | 7 +++++-- SPECS/rpm/rpm.spec | 12 ++++++++---- .../manifests/package/pkggen_core_aarch64.txt | 12 ++++++------ .../manifests/package/pkggen_core_x86_64.txt | 12 ++++++------ .../manifests/package/toolchain_aarch64.txt | 16 ++++++++-------- .../manifests/package/toolchain_x86_64.txt | 16 ++++++++-------- 6 files changed, 41 insertions(+), 34 deletions(-) diff --git a/SPECS/core-packages/core-packages.spec b/SPECS/core-packages/core-packages.spec index 5d8b596d97b..13eddb878cc 100644 --- a/SPECS/core-packages/core-packages.spec +++ b/SPECS/core-packages/core-packages.spec @@ -1,7 +1,7 @@ Summary: Metapackage with core sets of packages Name: core-packages Version: 2.0 -Release: 5%{?dist} +Release: 6%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -39,7 +39,6 @@ Requires: net-tools Requires: openssh-clients Requires: pkg-config Requires: procps-ng -Requires: rpm Requires: sudo Requires: systemd Requires: tar @@ -69,6 +68,7 @@ Requires: nspr Requires: nss-libs Requires: openssl Requires: readline +Requires: rpm Requires: rpm-libs Requires: sed Requires: sqlite-libs @@ -89,6 +89,9 @@ Requires: zlib %files container %changelog +* Tue May 24 2022 Jon Slobodzian - 2.0-6 +- Add rpm to base container image + * Wed May 04 2022 Suresh Babu Chalamalasetty - 2.0-5 - Add gzip and sed to base container image diff --git a/SPECS/rpm/rpm.spec b/SPECS/rpm/rpm.spec index ef40dea4833..0e0f6a09ccc 100644 --- a/SPECS/rpm/rpm.spec +++ b/SPECS/rpm/rpm.spec @@ -1,7 +1,7 @@ Summary: Package manager Name: rpm Version: 4.17.0 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2+ AND LGPLv2+ AND BSD Vendor: Microsoft Corporation Distribution: Mariner @@ -34,7 +34,7 @@ BuildRequires: zstd-devel Requires: bash Requires: libarchive Requires: libselinux -Requires: lua +Requires: lua-libs Requires: rpm-libs = %{version}-%{release} Patch0: remove-docs-from-makefile.patch @@ -82,6 +82,7 @@ Requires: elfutils-devel Requires: elfutils-libelf Requires: file Requires: gzip +Requires: lua Requires: mariner-rpm-macros Requires: patch Requires: tar @@ -206,8 +207,6 @@ popd %{_libdir}/rpm/tgpg %{_libdir}/rpm/platform %{_libdir}/rpm-plugins/* -%{_libdir}/rpm/pythondistdeps.py -%{_fileattrsdir}/python.attr # Because of no doxygen dependency, we do not produce manpages that require it. # %{_mandir}/man8/rpm.8.gz # %{_mandir}/man8/rpm2cpio.8.gz @@ -248,6 +247,7 @@ popd %{_libdir}/rpm/mkinstalldirs %{_libdir}/rpm/pkgconfigdeps.sh %{_libdir}/rpm/*.prov +%{_libdir}/rpm/pythondistdeps.py %{_libdir}/rpm/pythondeps.sh %{_libdir}/rpm/ocamldeps.sh @@ -276,6 +276,10 @@ popd %{python3_sitelib}/* %changelog +* Tue May 24 2022 Jon Slobodzian - 4.17.0-8 +- Move lua runtime dependency from main rpm package. Move to rpm-build. +- Move python files to rpm-build package. This removes the implied dependency on python3 by the rpm package. + * Fri May 13 2022 Andy Caldwell - 4.17.0-7 - Add missing dependencies to rpmbuild (file, diff and patch) diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 9fa2358c8b3..038d4c9d350 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -176,12 +176,12 @@ libcap-devel-2.60-1.cm2.aarch64.rpm debugedit-5.0-1.cm2.aarch64.rpm libarchive-3.6.0-1.cm2.aarch64.rpm libarchive-devel-3.6.0-1.cm2.aarch64.rpm -rpm-4.17.0-7.cm2.aarch64.rpm -rpm-build-4.17.0-7.cm2.aarch64.rpm -rpm-build-libs-4.17.0-7.cm2.aarch64.rpm -rpm-devel-4.17.0-7.cm2.aarch64.rpm -rpm-lang-4.17.0-7.cm2.aarch64.rpm -rpm-libs-4.17.0-7.cm2.aarch64.rpm +rpm-4.17.0-8.cm2.aarch64.rpm +rpm-build-4.17.0-8.cm2.aarch64.rpm +rpm-build-libs-4.17.0-8.cm2.aarch64.rpm +rpm-devel-4.17.0-8.cm2.aarch64.rpm +rpm-lang-4.17.0-8.cm2.aarch64.rpm +rpm-libs-4.17.0-8.cm2.aarch64.rpm cpio-2.13-4.cm2.aarch64.rpm cpio-lang-2.13-4.cm2.aarch64.rpm e2fsprogs-libs-1.46.5-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index d6a52228b32..5ca82f34fbd 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -176,12 +176,12 @@ libcap-devel-2.60-1.cm2.x86_64.rpm debugedit-5.0-1.cm2.x86_64.rpm libarchive-3.6.0-1.cm2.x86_64.rpm libarchive-devel-3.6.0-1.cm2.x86_64.rpm -rpm-4.17.0-7.cm2.x86_64.rpm -rpm-build-4.17.0-7.cm2.x86_64.rpm -rpm-build-libs-4.17.0-7.cm2.x86_64.rpm -rpm-devel-4.17.0-7.cm2.x86_64.rpm -rpm-lang-4.17.0-7.cm2.x86_64.rpm -rpm-libs-4.17.0-7.cm2.x86_64.rpm +rpm-4.17.0-8.cm2.x86_64.rpm +rpm-build-4.17.0-8.cm2.x86_64.rpm +rpm-build-libs-4.17.0-8.cm2.x86_64.rpm +rpm-devel-4.17.0-8.cm2.x86_64.rpm +rpm-lang-4.17.0-8.cm2.x86_64.rpm +rpm-libs-4.17.0-8.cm2.x86_64.rpm cpio-2.13-4.cm2.x86_64.rpm cpio-lang-2.13-4.cm2.x86_64.rpm e2fsprogs-libs-1.46.5-1.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 8ceea246b18..70f3effe9e6 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -516,20 +516,20 @@ python3-markupsafe-2.1.0-1.cm2.aarch64.rpm python3-newt-0.52.21-4.cm2.aarch64.rpm python3-pip-3.9.12-1.cm2.noarch.rpm python3-pygments-2.4.2-7.cm2.noarch.rpm -python3-rpm-4.17.0-7.cm2.aarch64.rpm +python3-rpm-4.17.0-8.cm2.aarch64.rpm python3-setuptools-3.9.12-1.cm2.noarch.rpm python3-test-3.9.12-1.cm2.aarch64.rpm python3-tools-3.9.12-1.cm2.aarch64.rpm readline-8.1-1.cm2.aarch64.rpm readline-debuginfo-8.1-1.cm2.aarch64.rpm readline-devel-8.1-1.cm2.aarch64.rpm -rpm-4.17.0-7.cm2.aarch64.rpm -rpm-build-4.17.0-7.cm2.aarch64.rpm -rpm-build-libs-4.17.0-7.cm2.aarch64.rpm -rpm-debuginfo-4.17.0-7.cm2.aarch64.rpm -rpm-devel-4.17.0-7.cm2.aarch64.rpm -rpm-lang-4.17.0-7.cm2.aarch64.rpm -rpm-libs-4.17.0-7.cm2.aarch64.rpm +rpm-4.17.0-8.cm2.aarch64.rpm +rpm-build-4.17.0-8.cm2.aarch64.rpm +rpm-build-libs-4.17.0-8.cm2.aarch64.rpm +rpm-debuginfo-4.17.0-8.cm2.aarch64.rpm +rpm-devel-4.17.0-8.cm2.aarch64.rpm +rpm-lang-4.17.0-8.cm2.aarch64.rpm +rpm-libs-4.17.0-8.cm2.aarch64.rpm sed-4.8-2.cm2.aarch64.rpm sed-debuginfo-4.8-2.cm2.aarch64.rpm sed-lang-4.8-2.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 3ba100f1099..afd5b569813 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -516,20 +516,20 @@ python3-markupsafe-2.1.0-1.cm2.x86_64.rpm python3-newt-0.52.21-4.cm2.x86_64.rpm python3-pip-3.9.12-1.cm2.noarch.rpm python3-pygments-2.4.2-7.cm2.noarch.rpm -python3-rpm-4.17.0-7.cm2.x86_64.rpm +python3-rpm-4.17.0-8.cm2.x86_64.rpm python3-setuptools-3.9.12-1.cm2.noarch.rpm python3-test-3.9.12-1.cm2.x86_64.rpm python3-tools-3.9.12-1.cm2.x86_64.rpm readline-8.1-1.cm2.x86_64.rpm readline-debuginfo-8.1-1.cm2.x86_64.rpm readline-devel-8.1-1.cm2.x86_64.rpm -rpm-4.17.0-7.cm2.x86_64.rpm -rpm-build-4.17.0-7.cm2.x86_64.rpm -rpm-build-libs-4.17.0-7.cm2.x86_64.rpm -rpm-debuginfo-4.17.0-7.cm2.x86_64.rpm -rpm-devel-4.17.0-7.cm2.x86_64.rpm -rpm-lang-4.17.0-7.cm2.x86_64.rpm -rpm-libs-4.17.0-7.cm2.x86_64.rpm +rpm-4.17.0-8.cm2.x86_64.rpm +rpm-build-4.17.0-8.cm2.x86_64.rpm +rpm-build-libs-4.17.0-8.cm2.x86_64.rpm +rpm-debuginfo-4.17.0-8.cm2.x86_64.rpm +rpm-devel-4.17.0-8.cm2.x86_64.rpm +rpm-lang-4.17.0-8.cm2.x86_64.rpm +rpm-libs-4.17.0-8.cm2.x86_64.rpm sed-4.8-2.cm2.x86_64.rpm sed-debuginfo-4.8-2.cm2.x86_64.rpm sed-lang-4.8-2.cm2.x86_64.rpm