From b8475008029397c59dd4fc6c2ea39df4321d7168 Mon Sep 17 00:00:00 2001 From: Thien Trung Vuong Date: Thu, 31 Oct 2024 11:48:55 -0700 Subject: [PATCH 1/6] kernel-uki: remove noxsaves parameter from cmdline (#10890) Signed-off-by: Thien Trung Vuong --- SPECS-SIGNED/kernel-signed/kernel-signed.spec | 5 ++++- .../kernel-uki-signed/kernel-uki-signed.spec | 5 ++++- SPECS/kernel-headers/kernel-headers.spec | 5 ++++- SPECS/kernel/kernel-uki.spec | 12 +++++------- SPECS/kernel/kernel.spec | 5 ++++- .../manifests/package/pkggen_core_aarch64.txt | 2 +- .../manifests/package/pkggen_core_x86_64.txt | 2 +- .../manifests/package/toolchain_aarch64.txt | 2 +- .../resources/manifests/package/toolchain_x86_64.txt | 4 ++-- 9 files changed, 26 insertions(+), 16 deletions(-) diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec index 25abcfe9084..4c89f2b0442 100644 --- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec +++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec @@ -10,7 +10,7 @@ Summary: Signed Linux Kernel for %{buildarch} systems Name: kernel-signed-%{buildarch} Version: 6.6.57.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -145,6 +145,9 @@ echo "initrd of kernel %{uname_r} removed" >&2 %exclude /module_info.ld %changelog +* Wed Oct 30 2024 Thien Trung Vuong - 6.6.57.1-2 +- Bump release to match kernel + * Tue Oct 29 2024 CBL-Mariner Servicing Account - 6.6.57.1-1 - Auto-upgrade to 6.6.57.1 diff --git a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec index 05867cf451a..551d54afac4 100644 --- a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec +++ b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec @@ -6,7 +6,7 @@ Summary: Signed Unified Kernel Image for %{buildarch} systems Name: kernel-uki-signed-%{buildarch} Version: 6.6.57.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -68,6 +68,9 @@ popd /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi %changelog +* Wed Oct 30 2024 Thien Trung Vuong - 6.6.57.1-2 +- Bump release to match kernel + * Tue Oct 29 2024 CBL-Mariner Servicing Account - 6.6.57.1-1 - Auto-upgrade to 6.6.57.1 diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec index cbf87fcbe2f..91f40200ba2 100644 --- a/SPECS/kernel-headers/kernel-headers.spec +++ b/SPECS/kernel-headers/kernel-headers.spec @@ -14,7 +14,7 @@ Summary: Linux API header files Name: kernel-headers Version: 6.6.57.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -75,6 +75,9 @@ done %endif %changelog +* Wed Oct 30 2024 Thien Trung Vuong - 6.6.57.1-2 +- Bump release to match kernel + * Tue Oct 29 2024 CBL-Mariner Servicing Account - 6.6.57.1-1 - Auto-upgrade to 6.6.57.1 diff --git a/SPECS/kernel/kernel-uki.spec b/SPECS/kernel/kernel-uki.spec index 0098ad9aea8..77d9dc52774 100644 --- a/SPECS/kernel/kernel-uki.spec +++ b/SPECS/kernel/kernel-uki.spec @@ -8,17 +8,12 @@ # suffix, our kernel version does not. %define kernelver %{version}-%{release} -# noxsaves: Azure CVM instances have trouble booting due to the hypervisor -# not reporting an available CPU feature - shadow stack (X86_FEATURE_SHSTK). -# We need to temporarily turn it off by disabling xsaves until the problem -# is fixed on Azure. Since shadow stack depends on xsaves, disabling xsaves -# ensures the feature bit for shadow stack is also turned off. -%define cmdline console=ttyS0 noxsaves +%define cmdline console=ttyS0 Summary: Unified Kernel Image Name: kernel-uki Version: 6.6.57.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -75,6 +70,9 @@ cp %{buildroot}/boot/vmlinuz-uki-%{kernelver}.efi %{buildroot}/boot/efi/EFI/Linu /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi %changelog +* Wed Oct 30 2024 Thien Trung Vuong - 6.6.57.1-2 +- Remove noxsaves parameter from cmdline + * Tue Oct 29 2024 CBL-Mariner Servicing Account - 6.6.57.1-1 - Auto-upgrade to 6.6.57.1 diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec index f14a9606cc2..f57b02d6367 100644 --- a/SPECS/kernel/kernel.spec +++ b/SPECS/kernel/kernel.spec @@ -30,7 +30,7 @@ Summary: Linux Kernel Name: kernel Version: 6.6.57.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -407,6 +407,9 @@ echo "initrd of kernel %{uname_r} removed" >&2 %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Wed Oct 30 2024 Thien Trung Vuong - 6.6.57.1-2 +- UKI: remove noxsaves parameter from cmdline + * Tue Oct 29 2024 CBL-Mariner Servicing Account - 6.6.57.1-1 - Auto-upgrade to 6.6.57.1 diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 62a8dc6412c..9d525530102 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,5 +1,5 @@ filesystem-1.1-21.azl3.aarch64.rpm -kernel-headers-6.6.57.1-1.azl3.noarch.rpm +kernel-headers-6.6.57.1-2.azl3.noarch.rpm glibc-2.38-8.azl3.aarch64.rpm glibc-devel-2.38-8.azl3.aarch64.rpm glibc-i18n-2.38-8.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index a8cd5987f0b..2cc91b471c6 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,5 +1,5 @@ filesystem-1.1-21.azl3.x86_64.rpm -kernel-headers-6.6.57.1-1.azl3.noarch.rpm +kernel-headers-6.6.57.1-2.azl3.noarch.rpm glibc-2.38-8.azl3.x86_64.rpm glibc-devel-2.38-8.azl3.x86_64.rpm glibc-i18n-2.38-8.azl3.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 45f17f39b98..d6aad71ae70 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -156,7 +156,7 @@ intltool-0.51.0-7.azl3.noarch.rpm itstool-2.0.7-1.azl3.noarch.rpm kbd-2.2.0-2.azl3.aarch64.rpm kbd-debuginfo-2.2.0-2.azl3.aarch64.rpm -kernel-headers-6.6.57.1-1.azl3.noarch.rpm +kernel-headers-6.6.57.1-2.azl3.noarch.rpm kmod-30-1.azl3.aarch64.rpm kmod-debuginfo-30-1.azl3.aarch64.rpm kmod-devel-30-1.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 93ebd330501..aacd1792796 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -161,8 +161,8 @@ intltool-0.51.0-7.azl3.noarch.rpm itstool-2.0.7-1.azl3.noarch.rpm kbd-2.2.0-2.azl3.x86_64.rpm kbd-debuginfo-2.2.0-2.azl3.x86_64.rpm -kernel-cross-headers-6.6.57.1-1.azl3.noarch.rpm -kernel-headers-6.6.57.1-1.azl3.noarch.rpm +kernel-cross-headers-6.6.57.1-2.azl3.noarch.rpm +kernel-headers-6.6.57.1-2.azl3.noarch.rpm kmod-30-1.azl3.x86_64.rpm kmod-debuginfo-30-1.azl3.x86_64.rpm kmod-devel-30-1.azl3.x86_64.rpm From 1f7349be9c4dbb96fb8138f46672579096d860a6 Mon Sep 17 00:00:00 2001 From: Christopher Co <35273088+christopherco@users.noreply.github.com> Date: Thu, 31 Oct 2024 11:52:39 -0700 Subject: [PATCH 2/6] fix: add fedora SBAT entries to grub2 (#10865) Since we pull secure boot patches from Fedora's grub2, we should include their SBAT entries into our Azure Linux grub2 SBAT. Signed-off-by: Chris Co --- .../grub2-efi-binary-signed/grub2-efi-binary-signed.spec | 5 ++++- SPECS/grub2/grub2.signatures.json | 2 +- SPECS/grub2/grub2.spec | 5 ++++- SPECS/grub2/sbat.csv.in | 1 + 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/SPECS-SIGNED/grub2-efi-binary-signed/grub2-efi-binary-signed.spec b/SPECS-SIGNED/grub2-efi-binary-signed/grub2-efi-binary-signed.spec index 5b01dfaeee9..48c2a193675 100644 --- a/SPECS-SIGNED/grub2-efi-binary-signed/grub2-efi-binary-signed.spec +++ b/SPECS-SIGNED/grub2-efi-binary-signed/grub2-efi-binary-signed.spec @@ -12,7 +12,7 @@ Summary: Signed GRand Unified Bootloader for %{buildarch} systems Name: grub2-efi-binary-signed-%{buildarch} Version: 2.06 -Release: 20%{?dist} +Release: 21%{?dist} License: GPLv3+ Vendor: Microsoft Corporation Distribution: Azure Linux @@ -79,6 +79,9 @@ cp %{SOURCE3} %{buildroot}/boot/efi/EFI/BOOT/%{grubpxeefiname} /boot/efi/EFI/BOOT/%{grubpxeefiname} %changelog +* Mon Oct 28 2024 Chris Co - 2.06-21 +- Bump release number to match grub release + * Tue Aug 13 2024 Daniel McIlvaney - 2.06-20 - Move grub2-rpm-macros to the azurelinux-rpm-macros package diff --git a/SPECS/grub2/grub2.signatures.json b/SPECS/grub2/grub2.signatures.json index 4add5867c59..1dec98a7e34 100644 --- a/SPECS/grub2/grub2.signatures.json +++ b/SPECS/grub2/grub2.signatures.json @@ -2,6 +2,6 @@ "Signatures": { "gnulib-d271f868a8df9bbec29049d01e056481b7a1a263.tar.gz": "4e23415ae2977ffca15e07419ceff3e9334d0369eafc9e7ae2578f8dd9a4839c", "grub-2.06.tar.gz": "660eaa2355a4045d8d0cdb5765169d1cad9912ec07873b86c9c6d55dbaa9dfca", - "sbat.csv.in": "040bcd900845b53ef9124f70f8b40fbd169740681fdd519a688663a59a958cf1" + "sbat.csv.in": "bda0c179d651655f126c508673bbf80505b4aa4b64c347409f4d7ec668b164f0" } } diff --git a/SPECS/grub2/grub2.spec b/SPECS/grub2/grub2.spec index 614c97ccb3f..f66cadf6cbf 100644 --- a/SPECS/grub2/grub2.spec +++ b/SPECS/grub2/grub2.spec @@ -6,7 +6,7 @@ Summary: GRand Unified Bootloader Name: grub2 Version: 2.06 -Release: 20%{?dist} +Release: 21%{?dist} License: GPLv3+ Vendor: Microsoft Corporation Distribution: Azure Linux @@ -428,6 +428,9 @@ cp $GRUB_PXE_MODULE_SOURCE $EFI_BOOT_DIR/$GRUB_PXE_MODULE_NAME %config(noreplace) %{_sysconfdir}/grub.d/41_custom %changelog +* Mon Oct 28 2024 Chris Co - 2.06-21 +- Add Fedora SBAT entries + * Tue Aug 13 2024 Daniel McIlvaney - 2.06-20 - Move grub2-rpm-macros to the azurelinux-rpm-macros package diff --git a/SPECS/grub2/sbat.csv.in b/SPECS/grub2/sbat.csv.in index 51319111ab8..76617ee24d1 100644 --- a/SPECS/grub2/sbat.csv.in +++ b/SPECS/grub2/sbat.csv.in @@ -1,3 +1,4 @@ sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md grub,4,Free Software Foundation,grub,@@VERSION@@,https://www.gnu.org/software/grub/ grub.azurelinux,3,Microsoft,grub2,@@VERSION_RELEASE@@,https://github.com/microsoft/azurelinux +grub.rh,2,Red Hat,grub2,@@VERSION_RELEASE@@,mailto:secalert@redhat.com From 6836510080a4b91427d7923850b2839de2cfb322 Mon Sep 17 00:00:00 2001 From: Chris Gunn Date: Thu, 31 Oct 2024 12:43:41 -0700 Subject: [PATCH 3/6] Image Customizer: Fix partition creation on Ubuntu build hosts. (#10902) The change #10804 (Toolkit: Add missing flock calls) seems to have caused a problem where on Ubuntu 22.04 build hosts, the partition info isn't populated quickly enough after partition creation and formatting. So, the `lsblk` call might return missing information. Adding a `partprobe` call before the `lsblk` call seems to fix the problem. --- toolkit/tools/pkg/imagecustomizerlib/imageutils.go | 6 ++++++ .../tools/pkg/imagecustomizerlib/partitionutils.go | 11 +++++++++++ .../tools/pkg/imagecustomizerlib/shrinkfilesystems.go | 4 ++-- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/toolkit/tools/pkg/imagecustomizerlib/imageutils.go b/toolkit/tools/pkg/imagecustomizerlib/imageutils.go index b8927491800..7ff6e306941 100644 --- a/toolkit/tools/pkg/imagecustomizerlib/imageutils.go +++ b/toolkit/tools/pkg/imagecustomizerlib/imageutils.go @@ -183,6 +183,12 @@ func createImageBoilerplate(imageConnection *ImageConnection, filename string, b return nil, "", fmt.Errorf("failed to create partitions on disk (%s):\n%w", imageConnection.Loopback().DevicePath(), err) } + // Refresh partition entries under /dev. + err = refreshPartitions(imageConnection.Loopback().DevicePath()) + if err != nil { + return nil, "", err + } + // Read the disk partitions. diskPartitions, err := diskutils.GetDiskPartitions(imageConnection.Loopback().DevicePath()) if err != nil { diff --git a/toolkit/tools/pkg/imagecustomizerlib/partitionutils.go b/toolkit/tools/pkg/imagecustomizerlib/partitionutils.go index 98c4695a4f9..a4a27886de3 100644 --- a/toolkit/tools/pkg/imagecustomizerlib/partitionutils.go +++ b/toolkit/tools/pkg/imagecustomizerlib/partitionutils.go @@ -18,6 +18,7 @@ import ( "github.com/microsoft/azurelinux/toolkit/tools/internal/logger" "github.com/microsoft/azurelinux/toolkit/tools/internal/safechroot" "github.com/microsoft/azurelinux/toolkit/tools/internal/safemount" + "github.com/microsoft/azurelinux/toolkit/tools/internal/shell" "github.com/microsoft/azurelinux/toolkit/tools/internal/sliceutils" ) @@ -460,3 +461,13 @@ func getPartitionNum(partitionLoopDevice string) (int, error) { return num, nil } + +func refreshPartitions(diskDevPath string) error { + err := shell.ExecuteLiveWithErr(1 /*stderrLines*/, "flock", "--timeout", "5", diskDevPath, + "partprobe", "-s", diskDevPath) + if err != nil { + return fmt.Errorf("partprobe failed:\n%w", err) + } + + return nil +} diff --git a/toolkit/tools/pkg/imagecustomizerlib/shrinkfilesystems.go b/toolkit/tools/pkg/imagecustomizerlib/shrinkfilesystems.go index 798616a87a2..0f7eadb2d43 100644 --- a/toolkit/tools/pkg/imagecustomizerlib/shrinkfilesystems.go +++ b/toolkit/tools/pkg/imagecustomizerlib/shrinkfilesystems.go @@ -108,9 +108,9 @@ func shrinkFilesystems(imageLoopDevice string, verity []imagecustomizerapi.Verit } // Re-read the partition table - err = shell.ExecuteLive(true, "flock", "--timeout", "5", imageLoopDevice, "partprobe", "-s", imageLoopDevice) + err = refreshPartitions(imageLoopDevice) if err != nil { - return fmt.Errorf("partprobe failed:\n%w", err) + return err } } return nil From d1598f3f3933a6037ccc2af73b25b385e02bfee9 Mon Sep 17 00:00:00 2001 From: Muhammad Falak R Wani Date: Fri, 1 Nov 2024 09:39:23 +0530 Subject: [PATCH 4/6] golang: support v1.22 and v1.23 (#10654) Signed-off-by: Muhammad Falak R Wani --- LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md | 2 +- LICENSES-AND-NOTICES/SPECS/data/licenses.json | 1 + SPECS/containerd/containerd.spec | 7 +- SPECS/gh/gh.spec | 7 +- SPECS/golang/golang-1.22.signatures.json | 8 + SPECS/golang/golang-1.22.spec | 359 ++++++++++++++++++ SPECS/golang/golang.signatures.json | 14 +- SPECS/golang/golang.spec | 20 +- SPECS/ig/ig.spec | 7 +- SPECS/libguestfs/libguestfs.spec | 7 +- .../moby-containerd-cc.spec | 7 +- SPECS/runc/runc.spec | 7 +- SPECS/vitess/vitess.spec | 7 +- cgmanifest.json | 10 + 14 files changed, 437 insertions(+), 26 deletions(-) create mode 100644 SPECS/golang/golang-1.22.signatures.json create mode 100644 SPECS/golang/golang-1.22.spec diff --git a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md index 6113639d173..848eb7120d1 100644 --- a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md +++ b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md @@ -16,7 +16,7 @@ The Azure Linux SPEC files originated from a variety of sources with varying lic | OpenEuler | [BSD-3 License](https://github.com/pytorch/pytorch/blob/master/LICENSE) | pytorch | | OpenMamba | [Openmamba GPLv2 License](https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt) | bash-completion | | OpenSUSE | Following [openSUSE guidelines](https://en.opensuse.org/openSUSE:Specfile_guidelines#Specfile_Licensing) | ant
ant-junit
antlr
aopalliance
apache-commons-beanutils
apache-commons-cli
apache-commons-codec
apache-commons-collections
apache-commons-collections4
apache-commons-compress
apache-commons-daemon
apache-commons-dbcp
apache-commons-digester
apache-commons-httpclient
apache-commons-io
apache-commons-jexl
apache-commons-lang
apache-commons-lang3
apache-commons-logging
apache-commons-net
apache-commons-pool
apache-commons-pool2
apache-commons-validator
apache-commons-vfs2
apache-parent
args4j
atinject
base64coder
bcel
bea-stax
beust-jcommander
bsf
byaccj
cal10n
cdparanoia
cglib
cni
containerized-data-importer
cpulimit
cri-o
ecj
fillup
flux
gd
geronimo-specs
glassfish-annotation-api
gnu-getopt
gnu-regexp
golang-packaging
guava
guava20
hamcrest
hawtjni-runtime
httpcomponents-core
influx-cli
influxdb
jakarta-taglibs-standard
jansi
jarjar
java-cup
java-cup-bootstrap
javacc
javacc-bootstrap
javassist
jboss-interceptors-1.2-api
jdepend
jflex
jflex-bootstrap
jlex
jline
jna
jsch
jsoup
jsr-305
jtidy
junit
junitperf
jzlib
kubevirt
kured
libcontainers-common
libtheora
libva
libvdpau
lynx
maven-parent
multus
objectweb-anttask
objectweb-asm
objenesis
oro
osgi-annotation
osgi-compendium
osgi-core
patterns-ceph-containers
plexus-classworlds
plexus-interpolation
plexus-pom
plexus-utils
proj
psl-make-dafsa
publicsuffix
qdox
regexp
relaxngDatatype
rhino
ripgrep
servletapi4
servletapi5
shapelib
slf4j
trilead-ssh2
virtiofsd
xalan-j2
xbean
xcursor-themes
xerces-j2
xml-commons-apis
xml-commons-resolver
xmldb-api
xmlrpc-c
xmlunit
xpp2
xpp3
xz-java | -| Photon | [Photon License](LICENSE-PHOTON.md) and [Photon Notice](NOTICE.APACHE2).
Also see [LICENSE-EXCEPTIONS.PHOTON](LICENSE-EXCEPTIONS.PHOTON). | acl
alsa-lib
alsa-utils
ansible
apr
apr-util
asciidoc
atftp
audit
autoconf
autoconf-archive
autofs
autogen
automake
babel
bash
bc
bcc
bind
binutils
bison
blktrace
boost
btrfs-progs
bubblewrap
build-essential
bzip2
c-ares
cairo
cassandra
cdrkit
check
chkconfig
chrpath
cifs-utils
clang
cloud-init
cloud-utils-growpart
cmake
cni-plugins
core-packages
coreutils
cpio
cppunit
cracklib
crash
crash-gcore-command
createrepo_c
cri-tools
cronie
curl
cyrus-sasl
cyrus-sasl-bootstrap
dbus
dbus-glib
dejagnu
device-mapper-multipath
dialog
diffutils
dkms
dmidecode
dnsmasq
docbook-dtd-xml
docbook-style-xsl
dosfstools
dracut
dstat
e2fsprogs
ed
efibootmgr
efivar
elfutils
emacs
erlang
etcd
ethtool
expat
expect
fcgi
file
filesystem
findutils
flex
fontconfig
fping
freetype
fuse
gawk
gc
gcc
gdb
gdbm
gettext
git
git-lfs
glib
glib-networking
glibc
glibmm
gmp
gnome-common
gnupg2
gnuplot
gnutls
gobject-introspection
golang
gperf
gperftools
gpgme
gptfdisk
grep
groff
grub2
gtest
gtk-doc
guile
gzip
haproxy
harfbuzz
haveged
hdparm
http-parser
httpd
i2c-tools
iana-etc
icu
initramfs
initscripts
inotify-tools
intltool
iotop
iperf3
iproute
ipset
iptables
iputils
ipvsadm
ipxe
irqbalance
itstool
jansson
jq
json-c
json-glib
kbd
keepalived
kernel
kernel-headers
kernel-mshv
kernel-rt
kernel-uvm
keyutils
kmod
krb5
less
libaio
libarchive
libassuan
libatomic_ops
libcap
libcap-ng
libconfig
libdb
libdnet
libedit
libestr
libevent
libfastjson
libffi
libgcrypt
libgpg-error
libgssglue
libgudev
libjpeg-turbo
libksba
liblogging
libmbim
libmnl
libmodulemd
libmpc
libmspack
libndp
libnetfilter_conntrack
libnetfilter_cthelper
libnetfilter_cttimeout
libnetfilter_queue
libnfnetlink
libnftnl
libnl3
libnsl2
libpcap
libpipeline
libpng
libpsl
libqmi
librelp
librepo
librsync
libseccomp
libselinux
libsepol
libserf
libsigc++30
libsolv
libsoup
libssh2
libtalloc
libtar
libtasn1
libtiff
libtirpc
libtool
libunistring
libunwind
libusb
libvirt
libwebp
libxml2
libxslt
libyaml
linux-firmware
lldb
lldpad
llvm
lm-sensors
lmdb
log4cpp
logrotate
lshw
lsof
lsscsi
ltrace
lttng-tools
lttng-ust
lvm2
lz4
lzo
m2crypto
m4
make
man-db
man-pages
mariadb
maven
mc
mercurial
meson
mlocate
ModemManager
mpfr
msr-tools
mysql
nano
nasm
ncurses
ndctl
net-snmp
net-tools
nettle
newt
nfs-utils
nghttp2
nginx
ninja-build
nodejs
npth
nspr
nss
nss-altfiles
ntp
numactl
nvme-cli
oniguruma
OpenIPMI
openldap
openscap
openssh
openvswitch
ostree
pam
pango
parted
patch
pciutils
perl-Canary-Stability
perl-CGI
perl-common-sense
perl-Crypt-SSLeay
perl-DBD-SQLite
perl-DBI
perl-DBIx-Simple
perl-Exporter-Tiny
perl-File-HomeDir
perl-File-Which
perl-IO-Socket-SSL
perl-JSON-Any
perl-JSON-XS
perl-libintl-perl
perl-List-MoreUtils
perl-Module-Build
perl-Module-Install
perl-Module-ScanDeps
perl-Net-SSLeay
perl-NetAddr-IP
perl-Object-Accessor
perl-Path-Class
perl-Try-Tiny
perl-Types-Serialiser
perl-WWW-Curl
perl-XML-Parser
perl-YAML
perl-YAML-Tiny
pgbouncer
pinentry
polkit
popt
postgresql
procps-ng
protobuf
protobuf-c
psmisc
pth
pyasn1-modules
pyOpenSSL
pyparsing
pytest
python-appdirs
python-asn1crypto
python-atomicwrites
python-attrs
python-bcrypt
python-certifi
python-cffi
python-chardet
python-configobj
python-constantly
python-coverage
python-cryptography
python-daemon
python-dateutil
python-defusedxml
python-distro
python-docopt
python-docutils
python-ecdsa
python-gevent
python-hyperlink
python-hypothesis
python-idna
python-imagesize
python-incremental
python-iniparse
python-ipaddr
python-jinja2
python-jmespath
python-jsonpatch
python-jsonpointer
python-jsonschema
python-lockfile
python-lxml
python-mako
python-markupsafe
python-mistune
python-msgpack
python-netaddr
python-netifaces
python-ntplib
python-oauthlib
python-packaging
python-pam
python-pbr
python-ply
python-prettytable
python-psutil
python-psycopg2
python-py
python-pyasn1
python-pycodestyle
python-pycparser
python-pycurl
python-pygments
python-pynacl
python-requests
python-setuptools_scm
python-simplejson
python-six
python-snowballstemmer
python-sphinx-theme-alabaster
python-twisted
python-urllib3
python-vcversioner
python-virtualenv
python-wcwidth
python-webob
python-websocket-client
python-werkzeug
python-zope-event
python-zope-interface
python3
pytz
PyYAML
rapidjson
readline
rng-tools
rpcbind
rpcsvc-proto
rpm
rpm-ostree
rrdtool
rsync
rsyslog
ruby
rust
scons
sed
sg3_utils
shadow-utils
slang
snappy
socat
sqlite
sshpass
strace
strongswan
subversion
sudo
swig
syslinux
syslog-ng
sysstat
systemd-bootstrap
systemtap
tar
tboot
tcl
tcpdump
tcsh
tdnf
telegraf
texinfo
tmux
tpm2-abrmd
tpm2-pkcs11
tpm2-pytss
tpm2-tools
tpm2-tss
traceroute
tree
tzdata
unbound
unixODBC
unzip
usbutils
userspace-rcu
utf8proc
util-linux
valgrind
vim
vsftpd
WALinuxAgent
which
wpa_supplicant
xfsprogs
xinetd
xmlsec1
xmlto
xz
zchunk
zeromq
zip
zlib
zsh | +| Photon | [Photon License](LICENSE-PHOTON.md) and [Photon Notice](NOTICE.APACHE2).
Also see [LICENSE-EXCEPTIONS.PHOTON](LICENSE-EXCEPTIONS.PHOTON). | acl
alsa-lib
alsa-utils
ansible
apr
apr-util
asciidoc
atftp
audit
autoconf
autoconf-archive
autofs
autogen
automake
babel
bash
bc
bcc
bind
binutils
bison
blktrace
boost
btrfs-progs
bubblewrap
build-essential
bzip2
c-ares
cairo
cassandra
cdrkit
check
chkconfig
chrpath
cifs-utils
clang
cloud-init
cloud-utils-growpart
cmake
cni-plugins
core-packages
coreutils
cpio
cppunit
cracklib
crash
crash-gcore-command
createrepo_c
cri-tools
cronie
curl
cyrus-sasl
cyrus-sasl-bootstrap
dbus
dbus-glib
dejagnu
device-mapper-multipath
dialog
diffutils
dkms
dmidecode
dnsmasq
docbook-dtd-xml
docbook-style-xsl
dosfstools
dracut
dstat
e2fsprogs
ed
efibootmgr
efivar
elfutils
emacs
erlang
etcd
ethtool
expat
expect
fcgi
file
filesystem
findutils
flex
fontconfig
fping
freetype
fuse
gawk
gc
gcc
gdb
gdbm
gettext
git
git-lfs
glib
glib-networking
glibc
glibmm
gmp
gnome-common
gnupg2
gnuplot
gnutls
gobject-introspection
golang
golang-1.22
gperf
gperftools
gpgme
gptfdisk
grep
groff
grub2
gtest
gtk-doc
guile
gzip
haproxy
harfbuzz
haveged
hdparm
http-parser
httpd
i2c-tools
iana-etc
icu
initramfs
initscripts
inotify-tools
intltool
iotop
iperf3
iproute
ipset
iptables
iputils
ipvsadm
ipxe
irqbalance
itstool
jansson
jq
json-c
json-glib
kbd
keepalived
kernel
kernel-headers
kernel-mshv
kernel-rt
kernel-uvm
keyutils
kmod
krb5
less
libaio
libarchive
libassuan
libatomic_ops
libcap
libcap-ng
libconfig
libdb
libdnet
libedit
libestr
libevent
libfastjson
libffi
libgcrypt
libgpg-error
libgssglue
libgudev
libjpeg-turbo
libksba
liblogging
libmbim
libmnl
libmodulemd
libmpc
libmspack
libndp
libnetfilter_conntrack
libnetfilter_cthelper
libnetfilter_cttimeout
libnetfilter_queue
libnfnetlink
libnftnl
libnl3
libnsl2
libpcap
libpipeline
libpng
libpsl
libqmi
librelp
librepo
librsync
libseccomp
libselinux
libsepol
libserf
libsigc++30
libsolv
libsoup
libssh2
libtalloc
libtar
libtasn1
libtiff
libtirpc
libtool
libunistring
libunwind
libusb
libvirt
libwebp
libxml2
libxslt
libyaml
linux-firmware
lldb
lldpad
llvm
lm-sensors
lmdb
log4cpp
logrotate
lshw
lsof
lsscsi
ltrace
lttng-tools
lttng-ust
lvm2
lz4
lzo
m2crypto
m4
make
man-db
man-pages
mariadb
maven
mc
mercurial
meson
mlocate
ModemManager
mpfr
msr-tools
mysql
nano
nasm
ncurses
ndctl
net-snmp
net-tools
nettle
newt
nfs-utils
nghttp2
nginx
ninja-build
nodejs
npth
nspr
nss
nss-altfiles
ntp
numactl
nvme-cli
oniguruma
OpenIPMI
openldap
openscap
openssh
openvswitch
ostree
pam
pango
parted
patch
pciutils
perl-Canary-Stability
perl-CGI
perl-common-sense
perl-Crypt-SSLeay
perl-DBD-SQLite
perl-DBI
perl-DBIx-Simple
perl-Exporter-Tiny
perl-File-HomeDir
perl-File-Which
perl-IO-Socket-SSL
perl-JSON-Any
perl-JSON-XS
perl-libintl-perl
perl-List-MoreUtils
perl-Module-Build
perl-Module-Install
perl-Module-ScanDeps
perl-Net-SSLeay
perl-NetAddr-IP
perl-Object-Accessor
perl-Path-Class
perl-Try-Tiny
perl-Types-Serialiser
perl-WWW-Curl
perl-XML-Parser
perl-YAML
perl-YAML-Tiny
pgbouncer
pinentry
polkit
popt
postgresql
procps-ng
protobuf
protobuf-c
psmisc
pth
pyasn1-modules
pyOpenSSL
pyparsing
pytest
python-appdirs
python-asn1crypto
python-atomicwrites
python-attrs
python-bcrypt
python-certifi
python-cffi
python-chardet
python-configobj
python-constantly
python-coverage
python-cryptography
python-daemon
python-dateutil
python-defusedxml
python-distro
python-docopt
python-docutils
python-ecdsa
python-gevent
python-hyperlink
python-hypothesis
python-idna
python-imagesize
python-incremental
python-iniparse
python-ipaddr
python-jinja2
python-jmespath
python-jsonpatch
python-jsonpointer
python-jsonschema
python-lockfile
python-lxml
python-mako
python-markupsafe
python-mistune
python-msgpack
python-netaddr
python-netifaces
python-ntplib
python-oauthlib
python-packaging
python-pam
python-pbr
python-ply
python-prettytable
python-psutil
python-psycopg2
python-py
python-pyasn1
python-pycodestyle
python-pycparser
python-pycurl
python-pygments
python-pynacl
python-requests
python-setuptools_scm
python-simplejson
python-six
python-snowballstemmer
python-sphinx-theme-alabaster
python-twisted
python-urllib3
python-vcversioner
python-virtualenv
python-wcwidth
python-webob
python-websocket-client
python-werkzeug
python-zope-event
python-zope-interface
python3
pytz
PyYAML
rapidjson
readline
rng-tools
rpcbind
rpcsvc-proto
rpm
rpm-ostree
rrdtool
rsync
rsyslog
ruby
rust
scons
sed
sg3_utils
shadow-utils
slang
snappy
socat
sqlite
sshpass
strace
strongswan
subversion
sudo
swig
syslinux
syslog-ng
sysstat
systemd-bootstrap
systemtap
tar
tboot
tcl
tcpdump
tcsh
tdnf
telegraf
texinfo
tmux
tpm2-abrmd
tpm2-pkcs11
tpm2-pytss
tpm2-tools
tpm2-tss
traceroute
tree
tzdata
unbound
unixODBC
unzip
usbutils
userspace-rcu
utf8proc
util-linux
valgrind
vim
vsftpd
WALinuxAgent
which
wpa_supplicant
xfsprogs
xinetd
xmlsec1
xmlto
xz
zchunk
zeromq
zip
zlib
zsh | | RPM software management source | [GPLv2+ License](https://github.com/rpm-software-management/dnf5/blob/main/COPYING.md) | dnf5 | | Source project | Same as the source project. | python-nocaselist | | Sysbench source | [GPLv2+ License](https://github.com/akopytov/sysbench/blob/master/COPYING) | sysbench | diff --git a/LICENSES-AND-NOTICES/SPECS/data/licenses.json b/LICENSES-AND-NOTICES/SPECS/data/licenses.json index 634aa3d3fdc..063158becdc 100644 --- a/LICENSES-AND-NOTICES/SPECS/data/licenses.json +++ b/LICENSES-AND-NOTICES/SPECS/data/licenses.json @@ -2713,6 +2713,7 @@ "gnutls", "gobject-introspection", "golang", + "golang-1.22", "gperf", "gperftools", "gpgme", diff --git a/SPECS/containerd/containerd.spec b/SPECS/containerd/containerd.spec index fd7dfbf34df..0131e8910ca 100644 --- a/SPECS/containerd/containerd.spec +++ b/SPECS/containerd/containerd.spec @@ -4,7 +4,7 @@ Summary: Industry-standard container runtime Name: containerd Version: 1.7.13 -Release: 3%{?dist} +Release: 4%{?dist} License: ASL 2.0 Group: Tools/Container URL: https://www.containerd.io @@ -22,7 +22,7 @@ Patch3: CVE-2023-47108.patch %{?systemd_requires} BuildRequires: git -BuildRequires: golang +BuildRequires: golang < 1.23 BuildRequires: go-md2man BuildRequires: make BuildRequires: systemd-rpm-macros @@ -87,6 +87,9 @@ fi %dir /opt/containerd/lib %changelog +* Tue Oct 15 2024 Muhammad Falak - 1.7.13-4 +- Pin golang version to <= 1.22 + * Wed Jun 26 2024 Nicolas Guibourge - 1.7.13-3 - Address CVE-2023-44487 and CVE-2023-47108 diff --git a/SPECS/gh/gh.spec b/SPECS/gh/gh.spec index 85c0bd1cb31..a58348b95fd 100644 --- a/SPECS/gh/gh.spec +++ b/SPECS/gh/gh.spec @@ -1,7 +1,7 @@ Summary: GitHub official command line tool Name: gh Version: 2.43.1 -Release: 1%{?dist} +Release: 2%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Azure Linux @@ -28,7 +28,7 @@ Source0: https://github.com/cli/cli/archive/refs/tags/v%{version}.tar.gz# # - For the value of "--mtime" use the date "2021-04-26 00:00Z" to simplify future updates. Source1: %{name}-%{version}-vendor.tar.gz -BuildRequires: golang >= 1.21.1 +BuildRequires: golang < 1.23 BuildRequires: git Requires: git %global debug_package %{nil} @@ -70,6 +70,9 @@ make test %{_datadir}/zsh/site-functions/_gh %changelog +* Tue Oct 15 2024 Muhammad Falak - 2.43.1-2 +- Pin golang version to <= 1.22 + * Mon Feb 26 2024 Neha Agarwal - 2.43.1-1 - Update to v2.43.1 diff --git a/SPECS/golang/golang-1.22.signatures.json b/SPECS/golang/golang-1.22.signatures.json new file mode 100644 index 00000000000..72551b05f50 --- /dev/null +++ b/SPECS/golang/golang-1.22.signatures.json @@ -0,0 +1,8 @@ +{ + "Signatures": { + "go.20230802.5.src.tar.gz": "56b9e0e0c3c13ca95d5efa6de4e7d49a9d190eca77919beff99d33cd3fa74e95", + "go.20240206.2.src.tar.gz": "7982e0011aa9ab95fd0530404060410af4ba57326d26818690f334fdcb6451cd", + "go1.22.7-20240925.5.src.tar.gz": "6577057080f0d61f9b7b1c5e3a029c8a24f8c4b38a91a497115ecd259bd987ab", + "go1.4-bootstrap-20171003.tar.gz": "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52" + } +} \ No newline at end of file diff --git a/SPECS/golang/golang-1.22.spec b/SPECS/golang/golang-1.22.spec new file mode 100644 index 00000000000..ece19983a45 --- /dev/null +++ b/SPECS/golang/golang-1.22.spec @@ -0,0 +1,359 @@ +%global goroot %{_libdir}/golang +%global gopath %{_datadir}/gocode +%global ms_go_filename go1.22.7-20240925.5.src.tar.gz +%global ms_go_revision 3 +%global go_priority %(echo %{version}.%{ms_go_revision} | tr -d .) +%ifarch aarch64 +%global gohostarch arm64 +%else +%global gohostarch amd64 +%endif +%define debug_package %{nil} +%define __strip /bin/true +# rpmbuild magic to keep from having meta dependency on libc.so.6 +%define _use_internal_dependency_generator 0 +%define __find_requires %{nil} +Summary: Go +Name: golang +Version: 1.22.7 +Release: 3%{?dist} +License: BSD-3-Clause +Vendor: Microsoft Corporation +Distribution: Azure Linux +Group: System Environment/Security +URL: https://github.com/microsoft/go +Source0: https://github.com/microsoft/go/releases/download/v%{version}-%{ms_go_revision}/%{ms_go_filename} + +# bootstrap 00, same content as https://dl.google.com/go/go1.4-bootstrap-20171003.tar.gz +Source1: https://github.com/microsoft/go/releases/download/v1.4.0-1/go1.4-bootstrap-20171003.tar.gz +Patch0: go14_bootstrap_aarch64.patch +# bootstrap 01 +Source2: https://github.com/microsoft/go/releases/download/v1.19.12-1/go.20230802.5.src.tar.gz +# bootstrap 02 +Source3: https://github.com/microsoft/go/releases/download/v1.20.14-1/go.20240206.2.src.tar.gz + +Provides: %{name} = %{version} +Provides: go = %{version}-%{release} +Provides: golang = %{version}-%{release} +Provides: msft-golang = %{version}-%{release} + +%description +Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. + +%prep +# Setup bootstrap source +tar xf %{SOURCE1} --no-same-owner +patch -Np1 --ignore-whitespace < %{PATCH0} +mv -v go go-bootstrap-00 + +tar xf %{SOURCE2} --no-same-owner +mv -v go go-bootstrap-01 + +tar xf %{SOURCE3} --no-same-owner +mv -v go go-bootstrap-02 + +%setup -q -n go + +%build +# go 1.4 bootstraps with C. +# go 1.20 bootstraps with go >= 1.17.13 +# go >= 1.22 bootstraps with go >= 1.20.14 +# +# These conditions make building the current go compiler from C a multistep +# process. Approximately once a year, the bootstrap requirement is moved +# forward, adding another step. +# +# PS: Since go compiles fairly quickly, the extra overhead is around 2-3 minutes +# on a reasonable machine. + +# Use prev bootstrap to compile next bootstrap. +function go_bootstrap() { + local bootstrap=$1 + local new_root=%{_topdir}/BUILD/go-bootstrap-${bootstrap} + ( + cd ${new_root}/src + CGO_ENABLED=0 ./make.bash + ) + # Nuke the older bootstrapper + rm -rf %{_libdir}/golang + # Install the new bootstrapper + mv -v $new_root %{_libdir}/golang + export GOROOT=%{_libdir}/golang + export GOROOT_BOOTSTRAP=%{_libdir}/golang +} + +go_bootstrap 00 +go_bootstrap 01 +go_bootstrap 02 + +# Build current go version +export GOHOSTOS=linux +export GOHOSTARCH=%{gohostarch} +export GOROOT_BOOTSTRAP=%{goroot} + +export GOROOT="`pwd`" +export GOPATH=%{gopath} +export GOROOT_FINAL=%{_bindir}/go +rm -f %{gopath}/src/runtime/*.c +( + cd src + ./make.bash --no-clean +) + +%install + +mkdir -p %{buildroot}%{_bindir} +mkdir -p %{buildroot}%{goroot} + +cp -R api bin doc lib pkg src misc VERSION go.env %{buildroot}%{goroot} + +# remove the unnecessary zoneinfo file (Go will always use the system one first) +rm -rfv %{buildroot}%{goroot}/lib/time + +# remove the doc Makefile +rm -rfv %{buildroot}%{goroot}/doc/Makefile + +# put binaries to bindir, linked to the arch we're building, +# leave the arch independent pieces in %{goroot} +mkdir -p %{buildroot}%{goroot}/bin/linux_%{gohostarch} +ln -sfv ../go %{buildroot}%{goroot}/bin/linux_%{gohostarch}/go +ln -sfv ../gofmt %{buildroot}%{goroot}/bin/linux_%{gohostarch}/gofmt +ln -sfv %{goroot}/bin/gofmt %{buildroot}%{_bindir}/gofmt +ln -sfv %{goroot}/bin/go %{buildroot}%{_bindir}/go + +# ensure these exist and are owned +mkdir -p %{buildroot}%{gopath}/src/github.com/ +mkdir -p %{buildroot}%{gopath}/src/bitbucket.org/ +mkdir -p %{buildroot}%{gopath}/src/code.google.com/p/ + +# This file is not necessary: recent Go toolsets have good defaults. +# Keep the file, but leave it blank. This makes the upgrade path very simple. +install -vdm755 %{buildroot}%{_sysconfdir}/profile.d +cat >> %{buildroot}%{_sysconfdir}/profile.d/go-exports.sh <<- "EOF" +EOF + +%post -p /sbin/ldconfig + +alternatives --install %{_bindir}/go go %{goroot}/bin/go %{go_priority} +alternatives --install %{_bindir}/gofmt gofmt %{goroot}/bin/gofmt %{go_priority} + +%postun +/sbin/ldconfig +if [ $1 -eq 0 ]; then + # This is uninstall + alternatives --remove go %{goroot}/bin/go + alternatives --remove gofmt %{goroot}/bin/gofmt + + rm %{_sysconfdir}/profile.d/go-exports.sh + rm -rf /opt/go + exit 0 +fi + +%files +%defattr(-,root,root) +%license LICENSE +%exclude %{goroot}/src/*.rc +%exclude %{goroot}/include/plan9 +%{_sysconfdir}/profile.d/go-exports.sh +%{goroot}/* +%{gopath}/src +%exclude %{goroot}/src/pkg/debug/dwarf/testdata +%exclude %{goroot}/src/pkg/debug/elf/testdata +%{_bindir}/* + +%changelog +* Tue Oct 08 2024 Muhammad Falak - 1.22.7-3 +- Fork out 1.22 as supported version + +* Thu Sep 26 2024 Microsoft Golang Bot - 1.22.7-2 +- Bump version to 1.22.7-3 + +* Fri Sep 06 2024 Microsoft Golang Bot - 1.22.7-1 +- Bump version to 1.22.7-1 + +* Wed Aug 07 2024 Davis Goodin - 1.22.6-1 +- Bump version to 1.22.6-1 + +* Tue Jul 02 2024 Davis Goodin - 1.22.5-1 +- Bump version to 1.22.5-1 + +* Tue Jun 04 2024 Davis Goodin - 1.22.4-1 +- Bump version to 1.22.4-1 + +* Tue May 07 2024 Davis Goodin - 1.22.3-1 +- Bump version to 1.22.3-1 + +* Wed May 08 2024 Davis Goodin - 1.21.9-2 +- Remove explicit Go env variable defaults + +* Wed Apr 03 2024 Davis Goodin - 1.21.9-1 +- Bump version to 1.21.9-1 + +* Thu Mar 21 2024 Davis Goodin - 1.21.8-1 +- Bump version to 1.21.8-1, build version to 1.21.8-2 + +* Thu Feb 22 2024 Muhammad Falak - 1.21.6-2 +- Include go.env file in GOROOT + +* Wed Jan 24 2024 Davis Goodin - 1.21.6-1 +- Bump version to 1.21.6-1 +- Switch from upstream Go to the Microsoft build of Go + +* Mon Oct 16 2023 Nan Liu - 1.20.10-1 +- Bump version to 1.20.10 to address CVE-2023-29409, CVE-2023-39318, CVE-2023-39319, CVE-2023-39323, CVE-2023-39533, CVE-2023-29406, CVE-2023-39325, CVE-2023-44487 +- Remove patches that no longer apply + +* Tue Oct 10 2023 Dan Streetman - 1.20.7-2 +- Patch CVE-2023-44487 + +* Tue Aug 15 2023 Muhammad Falak - 1.20.7-1 +- Bump version to 1.20.7 +- Introduce patch to permit requests with invalid host header + +* Tue Aug 15 2023 Muhammad Falak - 1.19.12-1 +- Auto-upgrade to 1.19.12 to address CVE-2023-29409 +- Introduce patch to permit requests with invalid header + +* Thu Jul 13 2023 CBL-Mariner Servicing Account - 1.19.11-1 +- Auto-upgrade to 1.19.11 - Fix CVE-2023-29406 + +* Thu Jun 15 2023 CBL-Mariner Servicing Account - 1.19.10-1 +- Auto-upgrade to 1.19.10 - address CVE-2023-24540, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405 + +* Wed Apr 05 2023 CBL-Mariner Servicing Account - 1.19.8-1 +- Auto-upgrade to 1.19.8 - address CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538 + +* Tue Mar 28 2023 CBL-Mariner Servicing Account - 1.19.7-1 +- Auto-upgrade to 1.19.7 - address CVE-2023-24532 + +* Wed Mar 15 2023 CBL-Mariner Servicing Account - 1.19.6-1 +- Auto-upgrade to 1.19.6 - Address CVE-2022-41722, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723 + +* Fri Feb 03 2023 CBL-Mariner Servicing Account - 1.19.5-1 +- Auto-upgrade to 1.19.5 - upgrade to latest + +* Wed Jan 18 2023 CBL-Mariner Servicing Account - 1.19.4-1 +- Auto-upgrade to 1.19.4 + +* Thu Dec 15 2022 Daniel McIlvaney - 1.18.8-2 +- Patch CVE-2022-41717 + +* Tue Nov 01 2022 Olivia Crain - 1.18.8-1 +- Upgrade to version 1.18.8 (fixes CVE-2022-41716, which only applies to Windows environments) +- Also fixes CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 (fixed in 1.18.7) +- Also fixes CVE-2022-27664, CVE-2022-32190 (fixed in 1.18.6) +- Use SPDX short identifier for license tag + +* Fri Aug 19 2022 Olivia Crain - 1.18.5-1 +- Upgrade to version to fix CVE-2022-1705, CVE-2022-1962, CVE-2022-28131, + CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, + CVE-2022-32148, and CVE-2022-32189 + +* Tue Jun 14 2022 Muhammad Falak - 1.18.3-1 +- Bump version to 1.18.3 to address CVE-2022-24675 & CVE-2022-28327 + +* Tue Apr 12 2022 Muhammad Falak - 1.17.8-1 +- Bump version to 1.17.8 to address CVE-2021-44716 + +* Thu Feb 17 2022 Andrew Phelps - 1.17.1-2 +- Use _topdir instead of hard-coded value /usr/src/mariner +- License verified + +* Wed Sep 15 2021 Andrew Phelps - 1.17.1-1 +- Updated to version 1.17.1 + +* Tue Jun 08 2021 Henry Beberman - 1.15.13-1 +- Updated to version 1.15.13 to fix CVE-2021-33194 and CVE-2021-31525 + +* Mon Apr 26 2021 Nicolas Guibourge - 1.15.11-1 +- Updated to version 1.15.11 to fix CVE-2021-27918 + +* Wed Feb 03 2021 Andrew Phelps - 1.15.7-1 +- Updated to version 1.15.7 to fix CVE-2021-3114 + +* Mon Nov 23 2020 Henry Beberman - 1.15.5-1 +- Updated to version 1.15.5 + +* Fri Oct 30 2020 Thomas Crain - 1.13.15-2 +- Patch CVE-2020-24553 + +* Tue Sep 08 2020 Nicolas Ontiveros - 1.13.15-1 +- Updated to version 1.13.15, which fixes CVE-2020-14039 and CVE-2020-16845. + +* Sun May 24 2020 Mateusz Malisz - 1.13.11-1 +- Updated to version 1.13.11 + +* Sat May 09 2020 Nick Samson - 1.12.5-7 +- Added %%license line automatically + +* Thu Apr 30 2020 Emre Girgin - 1.12.5-6 +- Renaming go to golang + +* Thu Apr 23 2020 Nicolas Ontiveros - 1.12.5-5 +- Fix CVE-2019-14809. + +* Fri Mar 27 2020 Andrew Phelps - 1.12.5-4 +- Support building standalone by adding go 1.4 bootstrap. + +* Thu Feb 27 2020 Henry Beberman - 1.12.5-3 +- Remove meta dependency on libc.so.6 + +* Thu Feb 6 2020 Andrew Phelps - 1.12.5-2 +- Remove ExtraBuildRequires + +* Tue Sep 03 2019 Mateusz Malisz - 1.12.5-1 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Mon Jan 21 2019 Bo Gan - 1.9.7-1 +- Update to 1.9.7 + +* Wed Oct 24 2018 Alexey Makhalov - 1.9.4-3 +- Use extra build requires + +* Mon Apr 02 2018 Dheeraj Shetty - 1.9.4-2 +- Fix for CVE-2018-7187 + +* Thu Mar 15 2018 Xiaolin Li - 1.9.4-1 +- Update to golang release v1.9.4 + +* Tue Nov 14 2017 Alexey Makhalov - 1.9.1-2 +- Aarch64 support + +* Wed Nov 01 2017 Vinay Kulkarni - 1.9.1-1 +- Update to golang release v1.9.1 + +* Wed May 31 2017 Xiaolin Li - 1.8.1-2 +- Remove mercurial from buildrequires and requires. + +* Tue Apr 11 2017 Danut Moraru - 1.8.1-1 +- Update Golang to version 1.8.1, updated patch0 + +* Wed Dec 28 2016 Xiaolin Li - 1.7.4-1 +- Updated Golang to 1.7.4. + +* Thu Oct 06 2016 ChangLee - 1.6.3-2 +- Modified %check + +* Wed Jul 27 2016 Anish Swaminathan - 1.6.3-1 +- Update Golang to version 1.6.3 - fixes CVE 2016-5386 + +* Fri Jul 8 2016 Harish Udaiya Kumar - 1.6.2-1 +- Updated the Golang to version 1.6.2 + +* Thu Jun 2 2016 Priyesh Padmavilasom - 1.4.2-5 +- Fix script syntax + +* Tue May 24 2016 Priyesh Padmavilasom - 1.4.2-4 +- GA - Bump release of all rpms + +* Thu May 05 2016 Kumar Kaushik - 1.4.2-3 +- Handling upgrade scenario pre/post/un scripts. + +* Wed Dec 09 2015 Anish Swaminathan - 1.4.2-2 +- Edit post script. + +* Mon Aug 03 2015 Vinay Kulkarni - 1.4.2-1 +- Update to golang release version 1.4.2 + +* Fri Oct 17 2014 Divya Thaluru - 1.3.3-1 +- Initial build. First version diff --git a/SPECS/golang/golang.signatures.json b/SPECS/golang/golang.signatures.json index 271da468ced..8d5815566e4 100644 --- a/SPECS/golang/golang.signatures.json +++ b/SPECS/golang/golang.signatures.json @@ -1,8 +1,8 @@ { - "Signatures": { - "go.20230802.5.src.tar.gz": "56b9e0e0c3c13ca95d5efa6de4e7d49a9d190eca77919beff99d33cd3fa74e95", - "go.20240206.2.src.tar.gz": "7982e0011aa9ab95fd0530404060410af4ba57326d26818690f334fdcb6451cd", - "go1.22.7-20240925.5.src.tar.gz": "6577057080f0d61f9b7b1c5e3a029c8a24f8c4b38a91a497115ecd259bd987ab", - "go1.4-bootstrap-20171003.tar.gz": "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52" - } -} + "Signatures": { + "go.20230802.5.src.tar.gz": "56b9e0e0c3c13ca95d5efa6de4e7d49a9d190eca77919beff99d33cd3fa74e95", + "go.20240206.2.src.tar.gz": "7982e0011aa9ab95fd0530404060410af4ba57326d26818690f334fdcb6451cd", + "go1.23.1-20240925.6.src.tar.gz": "53e289f57eb96ba15011f3e85213946adb4bdc49fd029114c415d5220373247a", + "go1.4-bootstrap-20171003.tar.gz": "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52" + } +} \ No newline at end of file diff --git a/SPECS/golang/golang.spec b/SPECS/golang/golang.spec index 2379baf4c46..b9fb6c5b654 100644 --- a/SPECS/golang/golang.spec +++ b/SPECS/golang/golang.spec @@ -1,7 +1,8 @@ %global goroot %{_libdir}/golang %global gopath %{_datadir}/gocode -%global ms_go_filename go1.22.7-20240925.5.src.tar.gz +%global ms_go_filename go1.23.1-20240925.6.src.tar.gz %global ms_go_revision 3 +%global go_priority %(echo %{version}.%{ms_go_revision} | tr -d .) %ifarch aarch64 %global gohostarch arm64 %else @@ -14,8 +15,8 @@ %define __find_requires %{nil} Summary: Go Name: golang -Version: 1.22.7 -Release: 2%{?dist} +Version: 1.23.1 +Release: 1%{?dist} License: BSD-3-Clause Vendor: Microsoft Corporation Distribution: Azure Linux @@ -33,6 +34,7 @@ Source3: https://github.com/microsoft/go/releases/download/v1.20.14-1/go. Provides: %{name} = %{version} Provides: go = %{version}-%{release} +Provides: golang = %{version}-%{release} Provides: msft-golang = %{version}-%{release} %description @@ -131,10 +133,17 @@ cat >> %{buildroot}%{_sysconfdir}/profile.d/go-exports.sh <<- "EOF" EOF %post -p /sbin/ldconfig + +alternatives --install %{_bindir}/go go %{goroot}/bin/go %{go_priority} +alternatives --install %{_bindir}/gofmt gofmt %{goroot}/bin/gofmt %{go_priority} + %postun /sbin/ldconfig if [ $1 -eq 0 ]; then - #This is uninstall + # This is uninstall + alternatives --remove go %{goroot}/bin/go + alternatives --remove gofmt %{goroot}/bin/gofmt + rm %{_sysconfdir}/profile.d/go-exports.sh rm -rf /opt/go exit 0 @@ -153,6 +162,9 @@ fi %{_bindir}/* %changelog +* Tue Oct 08 2024 Muhammad Falak - 1.23.1-1 +- Upgrade to 1.23.1 + * Thu Sep 26 2024 Microsoft Golang Bot - 1.22.7-2 - Bump version to 1.22.7-3 diff --git a/SPECS/ig/ig.spec b/SPECS/ig/ig.spec index abc3b675400..936193ec7bb 100644 --- a/SPECS/ig/ig.spec +++ b/SPECS/ig/ig.spec @@ -1,7 +1,7 @@ Summary: The eBPF tool and systems inspection framework for Kubernetes, containers and Linux hosts. Name: ig Version: 0.32.0 -Release: 1%{?dist} +Release: 2%{?dist} License: Apache 2.0 and GPL 2.0 for eBPF code Vendor: Microsoft Corporation Distribution: Azure Linux @@ -9,7 +9,7 @@ Group: Tools/Container URL: https://github.com/inspektor-gadget/inspektor-gadget Source0: https://github.com/inspektor-gadget/inspektor-gadget/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source1: %{name}-%{version}-govendor-v1.tar.gz -BuildRequires: golang +BuildRequires: golang < 1.23 %description @@ -64,6 +64,9 @@ fi %{_bindir}/ig %changelog +* Tue Oct 15 2024 Muhammad Falak - 0.32.0-2 +- Pin golang version to <= 1.22 + * Tue Sep 03 2024 Francis Laniel - 0.32.0-1 - Bump to version 0.32.0 diff --git a/SPECS/libguestfs/libguestfs.spec b/SPECS/libguestfs/libguestfs.spec index 725094c69eb..1d1b844cafd 100644 --- a/SPECS/libguestfs/libguestfs.spec +++ b/SPECS/libguestfs/libguestfs.spec @@ -25,7 +25,7 @@ Summary: Access and modify virtual machine disk images Name: libguestfs Version: 1.52.0 -Release: 9%{?dist} +Release: 10%{?dist} License: LGPLv2+ Vendor: Microsoft Corporation Distribution: Azure Linux @@ -215,7 +215,7 @@ BuildRequires: php-devel %endif %ifarch %{golang_arches} -BuildRequires: golang +BuildRequires: golang < 1.23 %endif %ifarch x86_64 @@ -1147,6 +1147,9 @@ rm ocaml/html/.gitignore %endif %changelog +* Tue Oct 15 2024 Muhammad Falak - 1.52.0-10 +- Pin golang version to <= 1.22 + * Mon Aug 26 2024 Rachel Menge - 1.52.0-9 - Update to build dep latest glibc-static version diff --git a/SPECS/moby-containerd-cc/moby-containerd-cc.spec b/SPECS/moby-containerd-cc/moby-containerd-cc.spec index 2b7db13af54..429530122b0 100644 --- a/SPECS/moby-containerd-cc/moby-containerd-cc.spec +++ b/SPECS/moby-containerd-cc/moby-containerd-cc.spec @@ -6,7 +6,7 @@ Summary: Industry-standard container runtime for confidential containers Name: moby-%{upstream_name} Version: 1.7.7 -Release: 3%{?dist} +Release: 4%{?dist} License: ASL 2.0 Group: Tools/Container URL: https://www.containerd.io @@ -23,7 +23,7 @@ Patch2: fix_cc_tests_for_golang1.21.patch %{?systemd_requires} BuildRequires: git -BuildRequires: golang >= 1.19.0 +BuildRequires: golang < 1.23 BuildRequires: go-md2man BuildRequires: make BuildRequires: systemd-rpm-macros @@ -76,6 +76,9 @@ fi %config(noreplace) %{_sysconfdir}/containerd/config.toml %changelog +* Tue Oct 15 2024 Muhammad Falak - 1.7.7-4 +- Pin golang version to <= 1.22 + * Mon Apr 08 2024 Mitch Zhu - 1.7.7-3 - Drop obsolete btrfs-progs-devel build dependency diff --git a/SPECS/runc/runc.spec b/SPECS/runc/runc.spec index dbdbe314bcb..332add7b584 100644 --- a/SPECS/runc/runc.spec +++ b/SPECS/runc/runc.spec @@ -3,7 +3,7 @@ Summary: CLI tool for spawning and running containers per OCI spec. Name: runc # update "commit_hash" above when upgrading version Version: 1.1.12 -Release: 1%{?dist} +Release: 2%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -12,7 +12,7 @@ URL: https://github.com/opencontainers/runc Source0: https://github.com/opencontainers/runc/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz BuildRequires: git BuildRequires: go-md2man -BuildRequires: golang +BuildRequires: golang < 1.23 BuildRequires: libseccomp-devel BuildRequires: make Requires: glibc @@ -43,6 +43,9 @@ make install-man DESTDIR=%{buildroot} PREFIX=%{_prefix} %{_mandir}/* %changelog +* Tue Oct 15 2024 Muhammad Falak - 1.1.12-2 +- Pin golang version to <= 1.22 + * Mon Feb 05 2024 Henry Beberman - 1.1.12-1 - Bump version to 1.1.12 - Drop cgroups cpuset patch because it's included upstream now diff --git a/SPECS/vitess/vitess.spec b/SPECS/vitess/vitess.spec index 285056520ad..a0b950aeeb2 100644 --- a/SPECS/vitess/vitess.spec +++ b/SPECS/vitess/vitess.spec @@ -3,7 +3,7 @@ Name: vitess Version: 19.0.4 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Database clustering system for horizontal scaling of MySQL # Upstream license specification: MIT and Apache-2.0 License: MIT and ASL 2.0 @@ -27,7 +27,7 @@ Source0: %{name}-%{version}.tar.gz # Source1: %{name}-%{version}-vendor.tar.gz Patch0: CVE-2017-14623.patch -BuildRequires: golang +BuildRequires: golang < 1.23 %description Vitess is a database clustering system for horizontal scaling of MySQL through @@ -104,6 +104,9 @@ go check -t go/cmd \ %{_bindir}/* %changelog +* Tue Oct 15 2024 Muhammad Falak - 19.0.4-3 +- Pin golang version to <= 1.22 + * Thu Jun 27 2024 Nicolas Guibourge - 19.0.4-2 - Address CVE-2017-14623 diff --git a/cgmanifest.json b/cgmanifest.json index 79dcf675b00..f5fc36f4594 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -4595,6 +4595,16 @@ } } }, + { + "component": { + "type": "other", + "other": { + "name": "golang", + "version": "1.23.1", + "downloadUrl": "https://github.com/microsoft/go/releases/download/v1.23.1-3/go1.23.1-20240925.6.src.tar.gz" + } + } + }, { "component": { "type": "other", From 918bcf05dc78b1cc15abbe3262f35c6513ff83f7 Mon Sep 17 00:00:00 2001 From: Riken Maharjan <106988478+rikenm1@users.noreply.github.com> Date: Fri, 1 Nov 2024 08:40:04 -0700 Subject: [PATCH 5/6] Make pytorch vendor generation script executable (#10908) --- SPECS/pytorch/generate_source_tarball.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 SPECS/pytorch/generate_source_tarball.sh diff --git a/SPECS/pytorch/generate_source_tarball.sh b/SPECS/pytorch/generate_source_tarball.sh old mode 100644 new mode 100755 From f52c8e60cbae31d70ae3ccbb3b74a2fd6099ae7e Mon Sep 17 00:00:00 2001 From: Chris Gunn Date: Fri, 1 Nov 2024 13:58:19 -0700 Subject: [PATCH 6/6] Partial revert of "Toolkit: Add missing `flock` calls. (#10804)". (#10917) Reverting toolkit/imager changes in #10804. Leaving off the changes to image customizer to avoid conflicts with #10902, --- toolkit/tools/imagegen/diskutils/diskutils.go | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/toolkit/tools/imagegen/diskutils/diskutils.go b/toolkit/tools/imagegen/diskutils/diskutils.go index a19fb8e2d65..289b7d6eceb 100644 --- a/toolkit/tools/imagegen/diskutils/diskutils.go +++ b/toolkit/tools/imagegen/diskutils/diskutils.go @@ -492,7 +492,7 @@ func CreatePartitions(diskDevPath string, disk configuration.Disk, rootEncryptio return partDevPathMap, partIDToFsTypeMap, encryptedRoot, readOnlyRoot, err } - partFsType, err := formatSinglePartition(diskDevPath, partDevPath, partition) + partFsType, err := FormatSinglePartition(partDevPath, partition) if err != nil { err = fmt.Errorf("failed to format partition:\n%w", err) return partDevPathMap, partIDToFsTypeMap, encryptedRoot, readOnlyRoot, err @@ -792,13 +792,12 @@ func setGptPartitionType(partition configuration.Partition, timeoutInSeconds, di return } -// formatSinglePartition formats the given partition to the type specified in the partition configuration -func formatSinglePartition(diskDevPath string, partDevPath string, partition configuration.Partition, +// FormatSinglePartition formats the given partition to the type specified in the partition configuration +func FormatSinglePartition(partDevPath string, partition configuration.Partition, ) (fsType string, err error) { const ( - totalAttempts = 5 - retryDuration = time.Second - timeoutInSeconds = "5" + totalAttempts = 5 + retryDuration = time.Second ) fsType = partition.FsType @@ -814,14 +813,14 @@ func formatSinglePartition(diskDevPath string, partDevPath string, partition con fsType = "vfat" } - mkfsArgs := []string{"--timeout", timeoutInSeconds, diskDevPath, "mkfs", "-t", fsType} + mkfsArgs := []string{"-t", fsType} mkfsArgs = append(mkfsArgs, mkfsOptions...) mkfsArgs = append(mkfsArgs, partDevPath) err = retry.Run(func() error { - _, stderr, err := shell.Execute("flock", mkfsArgs...) + _, stderr, err := shell.Execute("mkfs", mkfsArgs...) if err != nil { - logger.Log.Warnf("Failed to format partition using mkfs (and flock): %v", stderr) + logger.Log.Warnf("Failed to format partition using mkfs: %v", stderr) return err }