merge 1.0 into dev (#299)
* Update trademark section of the readme Signed-off-by: Jim Perrin <Jim.Perrin@microsoft.com> * Update building.md (#104) * add wants=sshd-keygen.service to sshd (#58) * add wants=sshd-keygen.service to sshd Signed-off-by: Jim Perrin <Jim.Perrin@microsoft.com> * modify signatures.json and bump release for pr Signed-off-by: Jim Perrin <Jim.Perrin@microsoft.com> * Fix libffi normal package build (#116) * Fix libffi normal package build * Add comment explaining the purpose of the sed call * Upgrade golang to 1.13.15 (#93) * Adding a small build tip to the quick start instructions. (#123) * Add cloud-init-vmware-guestinfo package (#124) * Add cloud-init-vmware-guestinfo package * Updating 'ca-certificates' nssckbi.h header and unifying changelog entries with package version (#125) * Updating changelog to be consistent with package version. * Fixing missed update to 'nssckbi.h'. * Updating manifests. * Updating signatures. * Markdown lint-induced clean-up of doc files. (#122) * Makrdownlint-induced clean-up. * Removing redundant lines. * Removing redundant lines 2. * Add IMA feature to the kernel, add config for it (#135) * Add IMA feature to the kernel, add config for it - Add IMA measurement configs to the x86_64, and aarch64 kernel configs (IMA_APPRAISE currently disabled). - Add KernelCommandLine config field to control IMA, and allow additional configs to be passed. Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com> Co-authored-by: Christopher Co <christopher.co@microsoft.com> * Update tpm2 tools to 4.2, tss to 2.4.0 (#134) Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com> * Enable Mellanox kernel configs * Update tpm2-abrmd to 2.3.3 (#144) * Update tpm2-abrmd to 2.3.3 * Create quickstart.yml (#119) This patch adds a GitHub Action to verify our Quickstart instructions * Nopatch httpd CVE-1999-0236, CVE-1999-1412 (#148) * Nopatch httpd CVE-1999-0236, CVE-1999-1412 Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com> * Nopatch groff CVE-2000-0803 (#149) * Nopatch groff CVE-2000-0803 Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com> * Nopatch apparmor CVE-2016-1585 (#150) * Nopatch apparmor CVE-2016-1585 Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com> * Nopatch qemu CVE-2016-7161 (#152) * Nopatch qemu CVE-2016-7161 Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com> * Nopatch lua CVE-2020-15889 (#153) * nopatch lua CVE-2020-15889 Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com> * Nopatch unzip CVE-2008-0888 (#154) Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com> * full: Always install the default kernel (#132) Currently, when installing CBL-Mariner via ISO, the ISO will install the standard kernel package or the kernel-hyperv package depending on if installing on HyperV VM or not. The HyperV kernel is still under evaluation so use the standard kernel package across the board. * Support downloading preview SRPMs (#160) Replace SRPM_URL* with SRPM_URL_LIST * Patch CVE-2020-14342 in cifs-utils * Replace mariner-repos's %post script as %posttrans - After looking at here, it shows that %post script for a new version runs before the %preun script for an old version. Which means, after an upgrade, the keys would be removed by the older version: https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#ordering * Update pkggen_core_aarch64.txt * Update pkggen_core_x86_64.txt * Update toolchain_aarch64.txt * Update toolchain_x86_64.txt * Add a more verbose changelog * Remove chrony-wait as a boot service dependency (#166) * Remove chrony-wait as a boot service dependency * Add cgmanifest entry for chrony * Address changelog and prep section comments * initramfs: Regenerate initrd using host-only mode on file-based trigger (#170) * initramfs: Always use host-only mode kdump currently uses the host system's initrd when enrolling a crash kernel and initrd. There is a limitation where the kdump initrd must be generated with dracut in "host-only" mode. The -k option forces a host-only initrd build. The -q option suppresses verbose output If mkinitrd is called without <image> and <kernel-version> parameters, it will default to calling dracut in "host-mode" mode on every kernel version it can find in /boot. If mkinitrd is called with <image> and <kernel-version> parameters, it will default to calling dracut in "generic host" mode for rebuilding the specific initrd. Therefore we need to make sure to add the -k option when invoking mkinitrd with an explicit <image> and <kernel version> * Reword comment block * Fix kernel specs' %postun scripts (#164) * Fix `kernel.spec`'s `%postun` script * Fix `kernel-signed-aarch64`'s `%postun` script * Fix kernel-signed-x64.spec's %postun script * Fix kernel-hyperv.spec's %postun script * Adding new 'preview' repository. (#146) * Adding new 'preview' repository. * Addressing comments. * Fix kernel aarch64 package build break due to missing CONFIG_IMA_KEXEC (#171) * Fix kernel aarch64 package build break due to missing CONFIG_IMA_KEXEC (#171) * Update fontconfig to 2.13.91 (#175) * Extending 'strongswan' test timeout. (#173) * Fix CVE-2020-14342 patch to not depend on PATH * installutils: Supply blank /etc/machine-id file (#147) From https://www.freedesktop.org/software/systemd/man/machine-id.html: For operating system images which are created once and used on multiple machines, for example for containers or in the cloud, /etc/machine-id should be an empty file in the generic file system image. An ID will be generated during boot and saved to this file if possible. * installutils: Remove root password expiry when no root user is specified in imageconfig file (#161) * Add SELinux packages to Mariner. (#100) * Add SELinux packages to Mariner. This commit add the following packages to Mariner to provide basic SELinux support: - checkpolicy - libsemanage - mcstrans - policycoreutils - secilc - selinux-policy - setools The selinux-policy provided here is a generic base policy, which is not specifically tuned for Mariner, therefore only permissive mode support is enabled in this commit. (Although users could load a custom policy to run in enforcing mode). Future phases have been discussed to add SELinux enforcing mode support. This commit does not enable SELinux by default. In order to enable SELinux support, one must first install necessary packages (libselinux, policycoreutils, secilc, selinux-policy), and then append "lsm=selinux selinux=1" to the kernel command line. This will trigger an initial boot to relabel the system, at which point the system will reboot, and boot into an SELinux enabled system. SELinux state can be queried with the "getenforce" command line tool. If SELinux has not been enabled, it will report "Disabled" (the default). If SELinux support has been enabled as described in this paragraph, it will report "permissive". This commit also modifies the following packages to enabled SELinux functionality in existing packages: - coreutils - cronie - dbus - openssh - pam - rpm - shadow-utils - systemd - util-linux This enables them to build with SELinux support so that when SELinux is enabled, they have SELinux related functionality available. Because coreutils is a basic package and requires building with libselinux-devel present in order to enable key SELinux functionality, several dependencies in other packages that rely on coreutils (namely python2, python3 and systemd-bootstrap) had to be removed in order to avoid circular dependencies. There does not appear to be a functional impact from this change based on my testing. * Remove "::set-env" commands in GitHub Actions (#178) * Adding a .nopatch for CVE-2007-0086. (#176) * Updating cert bundle paths. (#181) * Updating cert bundle paths. * Updating cgmanifest.json. * Adding the `gflags` and `rocksdb` packages. (#183) * Adding the 'rocksdb' package. * Adding the 'gflags' package. * Add missing %libsepolver definition in secilc.spec (#192) * Removing 'TERMINAL_ISO_INSTALLER' from the docs. (#189) * Add architecture at the end of toolkit archive (#182) - Also add `version.txt` file in the toolkit archive as an easy way to verify toolkit version. * Adding a missing '%{?dist}' tag. (#195) * enable fetching RPMs from pacakges.microsoft.com for Docker based build (#198) * Update README.md (#180) * Update README.md (#180) * Build Break Fix: Rollback selinux checkins. (#204) * Revert "Add missing %libsepolver definition in secilc.spec (#192)" This reverts commit9cff088bec
. * Revert "Add SELinux packages to Mariner. (#100)" This reverts commitb2d918efac
. * Natively support pulling from the preview repo (#199) * Fix CVE-2020-26159 in oniguruma (#211) * Fix CVE-2020-26159 * Increment release, fix autosetup. * Adding the 'syslog-ng' package. (#205) * Adding the 'tinyxml2' package. (#206) * Adding the 'toml11' package. (#207) * Adding the 'tracelogging' and 'zipper' packages. (#208) * Add mm-common and libxml++ packages (#215) * Add liblogging package (#214) * Add nlohmann-json package (#217) * Add msgpack package (#216) * Adding the 'span-lite' and 'telegraf' packages. (#220) * Remove toolchain-local-wget-list after use (#212) * Remove toolchain-local-wget-list after use - toolchain-local-wget-list has been left at the end of a toolchain build. It shows up on `git status` whene toolchain is built locally. - Another solution would be adding it to `.gitignore`. * Add temporary toolchain build files to toolkit/.gitignore * Remove implicit git repository dependency from toolkit (#197) * Remove implicit git repository dependency * Remove the new GIT_REV variable * Add jsonbuilder package (#223) * update libffi to use https source0 (#227) * Update libestr (#213) * Add babeltrace2 and lttng-consume packages (#226) * Add pugixml package (#222) * Disable debug package for nlohmann-json (#228) * Add rapidjson package (#225) * Upgrade ruby to 2.6.6 to resolve CVE-2019-16255, CVE-2019-16201, CVE-2020-10933, CVE-2020-5247, CVE-2019-15845, CVE-2019-16254 (#224) * Upgrade ruby to 2.6.6 to resolve CVEs * Update cgmanifest * Nopatch qemu CVE-2015-7504 CVE-2017-5931 CVE-2017-14167 (#162) * Fix CVE-2020-26159 in oniguruma (#211) * Fix CVE-2020-26159 * Increment release, fix autosetup. * Enable QAT kernel configs in CBL-Mariner * Nopatch kernel CVE-2020-10757, CVE-2020-12653, CVE-2020-12657, CVE-2010-3865, CVE-2020-11668, CVE-2020-12654, CVE-2020-24394, CVE-2020-8428 (#193) * Address CVE-2020-10757, CVE-2020-12653, CVE-2020-12657, CVE-2010-3865, CVE-2020-11668, CVE-2020-12654, CVE-2020-24394, CVE-2020-8428 * Adding the `bond`, `fluent-bit`, and `ivykis` packages. (#234) * Joslobo/add azure storage (#232) * Add azure-storage spec file to mariner-core * Register with legal and update map file * Fixed #source0 link * Updated per code review comments * Fixed URL to use https * Initial spec lint action commit (#172) (#191) * Initial spec-cleaner commit for CBL-Mariner * Add cgmanifest.json file for GitHub workflows folder * Set continue-on-error to true for a trial period * patch openssh (#238) * Update pull_request_template.md (#236) * Fix check tests for git, make, krb5 and libcap-ng (#241) * fix check tests * update toolchain manifests * fix blank spaces and tabs in make.spec * Fix CVE-2019-12735 in vim (#230) * Fix CVE-2019-12735 in vim * Update the changelog to address only one CVE. * Switching to correct source for the Microsoft bundle. (#244) * Fix check tests for brotli, gzip and python-certifi (#245) * fix check test for brotli, gzip, python-cerifi * update manifest release version for gzip * skip check for vim * Patch unbound CVE-2020-12662 and CVE-2020-12663 (#246) * Portablectl patches for to support --now --enable and --no-block flags (#139) * Portablectl patches for to support --now --enable and --no-block flags * Portablectl patches for to support --now --enable and --no-block flags * Patch lua CVE-2019-6706, CVE-2020-15888, nopatch CVE-2020-24342 (#169) * Patch lua CVE-2019-6706, CVE-2020-15888, CVE-2020-15945, nopatch CVE-2020-24342 Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com> * Roll back CVE-2020-15945, patch ineffective Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com> * Nopatch ed CVE-2015-2987 (#209) ed CVE-2015-2987 applies to a different program named ed. * Patch gnutls CVE-2020-24659 (#247) Upstream CVE discussion: https://gitlab.com/gnutls/gnutls/-/issues/1071 * update ant verision * fix changelog comment * update cgmanifest * Nopatch sqlite CVE-2015-3717 (#254) * Added omi package * Adding the `ccache` and `clamav` packages. (#251) * Generate ant signatures (#260) * Add auoms package (#258) * add auoms package * add auoms original source url comments * fix changelog history * fix auoms signatures * fix changelog * use %license * update licenses-map * add omi to LICENSES-MAP * merge latest LICENSES-MAP * Implement "distroless" containers (#252) * Create distroless container without bash and surplus dependencies * Remove RPM database for distroless * Add busybox and uclibc. Add distroless-packages-debug * Update cgmanifest Co-authored-by: Jon Slobodzian <joslobo@microsoft.com> Co-authored-by: MateuszMalisz <mamalisz@microsoft.com> * Updated mariner-release package version (#262) * fix setup (#263) * fix missed merge file * Fixed bad file merge * Fixed poorly merged files * Merge distroless container revert to 1.0 (#265) * Revert "Implement "distroless" containers (#252)" This reverts commite41efdda19
. * Revert "Implement "distroless" containers (#252)" (#264) This reverts commite41efdda19
. * fix package manifest merge issues * fix issues building input-srpms * fix package manifest issues * remove duplicate patch and sed cmd from lua spec * revert package ignore list and graphoptimizer changes * remove runc from LICENSES-MAP.md * Update pkggen merge (#316) * Clean up lua.spec 1.0 to dev merge (#318) * update lua.spec and licenses-map.md per feedback * revert gzip changes * revert krb5 change Co-authored-by: Jim Perrin <Jim.Perrin@microsoft.com> Co-authored-by: Jason Goscinski <jasongos@users.noreply.github.com> Co-authored-by: Mateusz Malisz <maliszmat@outlook.com> Co-authored-by: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com> Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com> Co-authored-by: Daniel McIlvaney <damcilva@microsoft.com> Co-authored-by: Christopher Co <christopher.co@microsoft.com> Co-authored-by: chalamalasetty <chalamalasetty@live.com> Co-authored-by: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com> Co-authored-by: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com> Co-authored-by: Henry Beberman <henry.beberman@microsoft.com> Co-authored-by: Emre Girgin <50592283+mrgirgin@users.noreply.github.com> Co-authored-by: Thomas Crain <thcrain@microsoft.com> Co-authored-by: Jon Slobodzian <joslobo@microsoft.com> Co-authored-by: Emre Girgin <mrgirgin@microsoft.com> Co-authored-by: Daniel Burgener <burgener.daniel@gmail.com> Co-authored-by: nicolas guibourge <nicogbg@gmail.com> Co-authored-by: Chirag Shah <chsha@microsoft.com> Co-authored-by: Henry Li <lihl@microsoft.com> Co-authored-by: Henry Li <69694695+henryli001@users.noreply.github.com> Co-authored-by: rychenf1 <rychenf1@gmail.com> Co-authored-by: Nick Samson <nick.samson@microsoft.com> Co-authored-by: MateuszMalisz <mamalisz@microsoft.com>
This commit is contained in:
parent
2749d3a2c6
commit
498f926e43
|
@ -11,6 +11,7 @@ Feel free to delete sections of the template which do not apply to your PR, or a
|
|||
- [ ] Any updated packages successfully build (or no packages were changed)
|
||||
- [ ] All package sources are available
|
||||
- [ ] cgmanifest files are up-to-date and sorted (`./cgmanifest.json`, `./toolkit/tools/cgmanifest.json`, `./toolkit/scripts/toolchain/cgmanifest.json`)
|
||||
- [ ] LICENSE-MAP files are up-to-date (`./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md`, `./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON`)
|
||||
- [ ] All source files have up-to-date hashes in the `*.signatures.json` files
|
||||
- [ ] `sudo make go-tidy-all` and `sudo make go-test-coverage` pass
|
||||
- [ ] Documentation has been updated to match any changes to the build system
|
||||
|
|
|
@ -0,0 +1,80 @@
|
|||
# Copyright (c) Microsoft Corporation.
|
||||
# Licensed under the MIT License.
|
||||
#
|
||||
# Workflow to automatedly verify the quickstart instructions
|
||||
|
||||
name: Verify Quickstart
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
schedule:
|
||||
- cron: "0 15 * * *"
|
||||
|
||||
jobs:
|
||||
iso_quickstart:
|
||||
runs-on: ubuntu-18.04
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2.3.2
|
||||
with:
|
||||
ref: '1.0-stable'
|
||||
|
||||
- name: Set up Go 1.13
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: 1.13
|
||||
id: go
|
||||
|
||||
- name: Install Remaining Prerequisites
|
||||
run: |
|
||||
# Golang and docker are already installed on the agent
|
||||
sudo apt-get update
|
||||
sudo apt -y install make tar wget curl rpm qemu-utils genisoimage pigz
|
||||
|
||||
- name: Configure the Environment
|
||||
run: |
|
||||
pushd toolkit
|
||||
sudo make go-tools REBUILD_TOOLS=y
|
||||
sudo make input-srpms DOWNLOAD_SRPMS=y
|
||||
popd
|
||||
|
||||
- name: ISO Quick Start
|
||||
run: |
|
||||
pushd toolkit
|
||||
sudo make iso REBUILD_TOOLS=y REBUILD_PACKAGES=n
|
||||
popd
|
||||
|
||||
vhdx_quickstart:
|
||||
runs-on: ubuntu-18.04
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2.3.2
|
||||
with:
|
||||
ref: '1.0-stable'
|
||||
|
||||
- name: Set up Go 1.13
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: 1.13
|
||||
id: go
|
||||
|
||||
- name: Install Remaining Prerequisites
|
||||
run: |
|
||||
# Golang and docker are already installed on the agent
|
||||
sudo apt-get update
|
||||
sudo apt -y install make tar wget curl rpm qemu-utils genisoimage pigz
|
||||
|
||||
- name: Configure Environment
|
||||
run: |
|
||||
pushd toolkit
|
||||
sudo make go-tools REBUILD_TOOLS=y
|
||||
sudo make input-srpms DOWNLOAD_SRPMS=y
|
||||
popd
|
||||
|
||||
- name: VHDX Quick Start
|
||||
run: |
|
||||
pushd toolkit
|
||||
sudo make image REBUILD_TOOLS=y REBUILD_PACKAGES=n
|
||||
popd
|
|
@ -2,7 +2,7 @@
|
|||
Summary: Signed Linux Kernel for aarch64 systems
|
||||
Name: kernel-signed-aarch64
|
||||
Version: 5.4.51
|
||||
Release: 5%{?dist}
|
||||
Release: 11%{?dist}
|
||||
License: GPLv2
|
||||
URL: https://github.com/microsoft/WSL2-Linux-Kernel
|
||||
Group: System Environment/Kernel
|
||||
|
@ -67,7 +67,8 @@ echo "initrd of kernel %{uname_r} removed" >&2
|
|||
%postun
|
||||
if [ ! -e /boot/mariner.cfg ]
|
||||
then
|
||||
if [ `ls /boot/linux-*.cfg 1> /dev/null 2>&1` ]
|
||||
ls /boot/linux-*.cfg 1> /dev/null 2>&1
|
||||
if [ $? -eq 0 ]
|
||||
then
|
||||
list=`ls -tu /boot/linux-*.cfg | head -n1`
|
||||
test -n "$list" && ln -sf "$list" /boot/mariner.cfg
|
||||
|
@ -84,6 +85,18 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
|
|||
%config %{_localstatedir}/lib/initramfs/kernel/%{uname_r}
|
||||
|
||||
%changelog
|
||||
* Fri Oct 16 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> 5.4.51-11
|
||||
- Update release number
|
||||
* Fri Oct 02 2020 Chris Co <chrco@microsoft.com> 5.4.51-10
|
||||
- Update release number to match kernel spec
|
||||
* Fri Oct 02 2020 Chris Co <chrco@microsoft.com> 5.4.51-9
|
||||
- Update release number
|
||||
* Wed Sep 30 2020 Emre Girgin <mrgirgin@microsoft.com> 5.4.51-8
|
||||
- Update postun script to deal with removal in case of another installed kernel.
|
||||
* Fri Sep 25 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> 5.4.51-7
|
||||
- Update release number
|
||||
* Wed Sep 23 2020 Daniel McIlvaney <damcilva@microsoft.com> 5.4.51-6
|
||||
- Update release number
|
||||
* Thu Sep 03 2020 Daniel McIlvaney <damcilva@microsoft.com> 5.4.51-5
|
||||
- Update release number
|
||||
* Thu Sep 03 2020 Chris Co <chrco@microsoft.com> 5.4.51-4
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
Summary: Signed Linux Kernel for x86_64 systems
|
||||
Name: kernel-signed-x64
|
||||
Version: 5.4.51
|
||||
Release: 5%{?dist}
|
||||
Release: 11%{?dist}
|
||||
License: GPLv2
|
||||
URL: https://github.com/microsoft/WSL2-Linux-Kernel
|
||||
Group: System Environment/Kernel
|
||||
|
@ -67,7 +67,8 @@ echo "initrd of kernel %{uname_r} removed" >&2
|
|||
%postun
|
||||
if [ ! -e /boot/mariner.cfg ]
|
||||
then
|
||||
if [ `ls /boot/linux-*.cfg 1> /dev/null 2>&1` ]
|
||||
ls /boot/linux-*.cfg 1> /dev/null 2>&1
|
||||
if [ $? -eq 0 ]
|
||||
then
|
||||
list=`ls -tu /boot/linux-*.cfg | head -n1`
|
||||
test -n "$list" && ln -sf "$list" /boot/mariner.cfg
|
||||
|
@ -84,6 +85,18 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
|
|||
%config %{_localstatedir}/lib/initramfs/kernel/%{uname_r}
|
||||
|
||||
%changelog
|
||||
* Fri Oct 16 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> 5.4.51-11
|
||||
- Update release number
|
||||
* Fri Oct 02 2020 Chris Co <chrco@microsoft.com> 5.4.51-10
|
||||
- Update release number to match kernel spec
|
||||
* Fri Oct 02 2020 Chris Co <chrco@microsoft.com> 5.4.51-9
|
||||
- Update release number
|
||||
* Wed Sep 30 2020 Emre Girgin <mrgirgin@microsoft.com> 5.4.51-8
|
||||
- Update postun script to deal with removal in case of another installed kernel.
|
||||
* Fri Sep 25 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> 5.4.51-7
|
||||
- Update release number
|
||||
* Wed Sep 23 2020 Daniel McIlvaney <damcilva@microsoft.com> 5.4.51-6
|
||||
- Update release number
|
||||
* Thu Sep 03 2020 Daniel McIlvaney <damcilva@microsoft.com> 5.4.51-5
|
||||
- Update release number
|
||||
* Thu Sep 03 2020 Chris Co <chrco@microsoft.com> 5.4.51-4
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"apache-ant-1.10.8-src.tar.gz": "53d06ed062297366569fe563b77e8187973be1383749181938b597177514d318",
|
||||
"apache-ant-1.10.9-src.tar.gz": "3f00fe29988ff1af83cb100089bfcbaf5d3e533d42fba3ea4861a982c920e874",
|
||||
"hamcrest-1.3.tgz": "c6428e40d069fff3f99780efaae96c35ebdbf7cbfd475504254ebffcc19620c2",
|
||||
"maven-ant-tasks-2.1.3.tar.gz": "ae5b6548dbb3f0d71865e1be9bffd13ca7bb65a3cb5d89eaee97ea7e70e1f0ba"
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
Summary: Apache Ant
|
||||
Name: ant
|
||||
Version: 1.10.8
|
||||
Version: 1.10.9
|
||||
Release: 1%{?dist}
|
||||
License: ASL 2.0 and BSD and W3C
|
||||
URL: https://ant.apache.org
|
||||
|
@ -118,6 +118,8 @@ bootstrap/bin/ant -v run-tests
|
|||
%{_bindir}/runant.pl
|
||||
|
||||
%changelog
|
||||
* Wed Oct 21 2020 Henry Li <lihl@microsoft.com> - 1.10.9-1
|
||||
- Updated to version 1.10.9 to resolve CVE-2020-11979
|
||||
* Thu May 21 2020 Ruying Chen <v-ruyche@microsoft.com> - 1.10.8-1
|
||||
- Updated to version 1.10.8 to resolve CVE-2020-1945
|
||||
* Sat May 09 00:21:39 PST 2020 Nick Samson <nisamson@microsoft.com> - 1.10.5-8
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
# CVE-2016-1585 has no upstream fix.
|
|
@ -1,15 +1,16 @@
|
|||
%{!?python3_sitelib: %global python3_sitelib %(python3 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")}
|
||||
Name: apparmor
|
||||
Version: 2.13
|
||||
Release: 10%{?dist}
|
||||
Release: 11%{?dist}
|
||||
Summary: AppArmor is an effective and easy-to-use Linux application security system.
|
||||
License: GNU LGPL v2.1
|
||||
URL: https://launchpad.net/apparmor
|
||||
Source0: https://launchpad.net/apparmor/2.13/2.13.0/+download/%{name}-%{version}.tar.gz
|
||||
%define sha1 apparmor=54202cafce24911c45141d66e2d1e037e8aa5746
|
||||
Patch0: apparmor-set-profiles-complain-mode.patch
|
||||
Patch1: apparmor-service-start-fix.patch
|
||||
Patch2: apparmor-fix-make-check.patch
|
||||
# CVE-2016-1585 has no upstream fix as of 2020/09/28
|
||||
Patch100: CVE-2016-1585.nopatch
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Group: Productivity/Security
|
||||
|
@ -354,9 +355,10 @@ make DESTDIR=%{buildroot} install
|
|||
%exclude %{perl_archlib}/perllocal.pod
|
||||
|
||||
%changelog
|
||||
* Sat May 09 00:20:37 PST 2020 Nick Samson <nisamson@microsoft.com> - 2.13-10
|
||||
* Mon Sep 28 2020 Daniel McIlvaney <damcilva@microsoft.com> 2.13-11
|
||||
- Nopatch CVE-2016-1585
|
||||
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 2.13-10
|
||||
- Added %%license line automatically
|
||||
|
||||
* Tue Apr 28 2020 Emre Girgin <mrgirgin@microsoft.com> 2.13-9
|
||||
- Renaming Linux-PAM to pam
|
||||
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 2.13-8
|
||||
|
|
|
@ -0,0 +1,480 @@
|
|||
diff --git a/build/Makefile b/build/Makefile
|
||||
--- a/build/Makefile 2020-07-14 13:50:43.000000000 -0700
|
||||
+++ b/build/Makefile 2020-10-15 11:48:50.361506677 -0700
|
||||
@@ -24,8 +24,8 @@
|
||||
$(error "ENABLE_DEBUG is not set. Please re-run configure")
|
||||
endif
|
||||
|
||||
-INTERMEDIATE_DIR=$(BASE_DIR)/intermediate/$(BUILD_CONFIGURATION)
|
||||
-TARGET_DIR := $(BASE_DIR)/target/$(BUILD_CONFIGURATION)
|
||||
+INTERMEDIATE_DIR=$(BASE_DIR)/intermediate
|
||||
+TARGET_DIR := $(BASE_DIR)/target
|
||||
BUILD_DIR=$(INTERMEDIATE_DIR)/builddir
|
||||
RELEASE_DIR=$(BUILD_DIR)/release
|
||||
AUOMS_BIN=$(RELEASE_DIR)/bin/auoms
|
||||
@@ -78,7 +78,7 @@
|
||||
|
||||
#--------------------------------------------------------------------------------
|
||||
# Build targets
|
||||
-.PHONY: all clean distclean clean-status kit
|
||||
+.PHONY: all clean distclean clean-status packages kit
|
||||
.PHONY: tests test
|
||||
|
||||
all : $(AUOMS_BIN) sepolicy kit
|
||||
@@ -89,7 +89,7 @@
|
||||
|
||||
clean-kit :
|
||||
$(RMDIR) $(BASE_DIR)/target
|
||||
- $(RMDIR) $(INTERMEDIATE_DIR)/*.{tar,rpm,deb}
|
||||
+ $(RMDIR) $(INTERMEDIATE_DIR)/*.{tar,rpm}
|
||||
|
||||
distclean : clean
|
||||
-$(RM) $(BASE_DIR)/build/Makefile.version
|
||||
@@ -131,7 +131,9 @@
|
||||
@echo "========================= Building selinux policy module"
|
||||
$(MKPATH) $(SEPOLICY_DIR)
|
||||
$(COPY) $(SEPOLICY_SRC_DIR)/auoms.te $(SEPOLICY_SRC_DIR)/auoms.fc $(SEPOLICY_DIR)
|
||||
- cd $(SEPOLICY_DIR); make -f /usr/share/selinux/devel/Makefile
|
||||
+ # Will revert this change once SeLinux is supported in Mariner
|
||||
+ # cd $(SEPOLICY_DIR); make -f /usr/share/selinux/devel/Makefile
|
||||
+ touch $(SEPOLICY_DIR)/auoms.pp
|
||||
else
|
||||
$(SEPOLICY_DIR)/auoms.pp : $(SEPOLICY_SRC_DIR)/auoms.te $(SEPOLICY_SRC_DIR)/auoms.fc
|
||||
@echo "========================= Building selinux policy module"
|
||||
@@ -182,21 +184,28 @@
|
||||
# While the "formal build" only builds ULINUX, we may build something else for DEV purposes.
|
||||
# Assume we ALWAYS build RPM, but only build DPKG if --enable-ulinux is specified in configure.
|
||||
|
||||
+$(TARGET_DIR):
|
||||
+ mkdir -p $(TARGET_DIR)
|
||||
+
|
||||
ifeq ($(ULINUX),1)
|
||||
|
||||
ifeq ($(CMAKE_BUILD_TYPE),RelWithDebInfo)
|
||||
-kit : $(TARGET_DIR)/auoms-bundle-test.sh $(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX).sh $(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX_DEBUG).rpm $(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX_DEBUG).deb
|
||||
+
|
||||
+packages: $(TARGET_DIR) $(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX).rpm $(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX_DEBUG).rpm
|
||||
+
|
||||
+kit : $(TARGET_DIR)/auoms-bundle-test.sh $(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX).sh $(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX_DEBUG).rpm
|
||||
|
||||
$(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX_DEBUG).rpm : $(INTERMEDIATE_DIR)/$(OUTPUT_PACKAGE_PREFIX_DEBUG).rpm
|
||||
$(COPY) $(INTERMEDIATE_DIR)/$(OUTPUT_PACKAGE_PREFIX_DEBUG).rpm $(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX_DEBUG).rpm
|
||||
|
||||
-$(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX_DEBUG).deb : $(INTERMEDIATE_DIR)/$(OUTPUT_PACKAGE_PREFIX_DEBUG).deb
|
||||
- $(COPY) $(INTERMEDIATE_DIR)/$(OUTPUT_PACKAGE_PREFIX_DEBUG).deb $(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX_DEBUG).deb
|
||||
-
|
||||
else
|
||||
+packages: $(TARGET_DIR) $(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX_DEBUG).rpm $(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX_DEBUG).deb
|
||||
kit : $(TARGET_DIR)/auoms-bundle-test.sh $(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX).sh
|
||||
endif
|
||||
|
||||
+$(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX).rpm : $(INTERMEDIATE_DIR)/$(OUTPUT_PACKAGE_PREFIX).rpm
|
||||
+ $(COPY) $(INTERMEDIATE_DIR)/$(OUTPUT_PACKAGE_PREFIX).rpm $(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX).rpm
|
||||
+
|
||||
$(TARGET_DIR)/auoms-bundle-test.sh : $(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX).sh
|
||||
$(COPY) ../installer/bundle/auoms-bundle-test.sh $(TARGET_DIR)/auoms-bundle-test.sh
|
||||
|
||||
@@ -205,13 +214,12 @@
|
||||
$(MKPATH) $(TARGET_DIR)
|
||||
../installer/bundle/create_bundle.sh $(TARGET_DIR) $(INTERMEDIATE_DIR) $(OUTPUT_PACKAGE_PREFIX).tar
|
||||
|
||||
-$(INTERMEDIATE_DIR)/$(OUTPUT_PACKAGE_PREFIX).tar : \
|
||||
- $(INTERMEDIATE_DIR)/$(OUTPUT_PACKAGE_PREFIX).rpm $(INTERMEDIATE_DIR)/$(OUTPUT_PACKAGE_PREFIX).deb
|
||||
+$(INTERMEDIATE_DIR)/$(OUTPUT_PACKAGE_PREFIX).tar : packages
|
||||
|
||||
@echo "========================= Performing Building .tar file"
|
||||
|
||||
# Build the tar file containing both .rpm and .deb packages
|
||||
- cd $(INTERMEDIATE_DIR); tar cvf $(OUTPUT_PACKAGE_PREFIX).tar $(OUTPUT_PACKAGE_PREFIX).{deb,rpm}
|
||||
+ cd $(INTERMEDIATE_DIR); tar cvf $(OUTPUT_PACKAGE_PREFIX).tar $(OUTPUT_PACKAGE_PREFIX).rpm
|
||||
|
||||
$(INTERMEDIATE_DIR)/$(OUTPUT_PACKAGE_PREFIX).rpm: $(AUOMS_BIN) sepolicy
|
||||
@echo "========================= Performing Building RPM package"
|
||||
@@ -237,32 +245,6 @@
|
||||
$(INSTALLER_DATAFILES_RPM)
|
||||
sudo $(RMDIR) $(STAGING_DIR)
|
||||
|
||||
-$(INTERMEDIATE_DIR)/$(OUTPUT_PACKAGE_PREFIX).deb: $(AUOMS_BIN) sepolicy
|
||||
- @echo "========================= Performing Building DEB package"
|
||||
- $(MKPATH) $(INSTALLER_TMPDIR)
|
||||
-
|
||||
- sudo $(RMDIR) $(STAGING_DIR)
|
||||
- sudo python $(PAL_DIR)/installer/InstallBuilder/installbuilder.py \
|
||||
- --BASE_DIR=$(BASE_DIR) \
|
||||
- --TARGET_DIR=$(INTERMEDIATE_DIR) \
|
||||
- --INTERMEDIATE_DIR=$(INSTALLER_TMPDIR) \
|
||||
- --STAGING_DIR=$(STAGING_DIR) \
|
||||
- --BUILD_TYPE=$(BUILD_TYPE) \
|
||||
- --BUILD_CONFIGURATION=$(BUILD_CONFIGURATION) \
|
||||
- --PFARCH=$(PF_ARCH) \
|
||||
- --PFDISTRO=$(PF_DISTRO) \
|
||||
- --PFMAJOR=$(PF_MAJOR) \
|
||||
- --PFMINOR=$(PF_MINOR) \
|
||||
- --VERSION=$(AUOMS_BUILDVERSION_MAJOR).$(AUOMS_BUILDVERSION_MINOR).$(AUOMS_BUILDVERSION_PATCH) \
|
||||
- --RELEASE=$(AUOMS_BUILDVERSION_BUILDNR) \
|
||||
- --VERSION_IDENT="$(AUOMS_BUILDVERSION_DATE) $(AUOMS_BUILDVERSION_STATUS)" \
|
||||
- $(DPKG_LOCATION) \
|
||||
- --DATAFILE_PATH=$(BASE_DIR)/installer/datafiles \
|
||||
- --OUTPUTFILE=$(OUTPUT_PACKAGE_PREFIX) \
|
||||
- $(INSTALLER_DATAFILES_DPKG)
|
||||
- sudo chown --reference=$(BASE_DIR) $(INTERMEDIATE_DIR)/$(OUTPUT_PACKAGE_PREFIX).deb
|
||||
- sudo $(RMDIR) $(STAGING_DIR)
|
||||
-
|
||||
ifeq ($(CMAKE_BUILD_TYPE),RelWithDebInfo)
|
||||
$(INTERMEDIATE_DIR)/$(OUTPUT_PACKAGE_PREFIX_DEBUG).rpm: $(AUOMS_BIN).debug
|
||||
@echo "========================= Performing Building RPM package"
|
||||
@@ -288,39 +270,16 @@
|
||||
$(INSTALLER_DATAFILES_RPM)
|
||||
sudo $(RMDIR) $(STAGING_DIR)
|
||||
|
||||
-$(INTERMEDIATE_DIR)/$(OUTPUT_PACKAGE_PREFIX_DEBUG).deb: $(AUOMS_BIN).debug
|
||||
- @echo "========================= Performing Building DEB package"
|
||||
- $(MKPATH) $(INSTALLER_TMPDIR)
|
||||
-
|
||||
- sudo $(RMDIR) $(STAGING_DIR)
|
||||
- sudo python $(PAL_DIR)/installer/InstallBuilder/installbuilder.py \
|
||||
- --BASE_DIR=$(BASE_DIR) \
|
||||
- --TARGET_DIR=$(INTERMEDIATE_DIR) \
|
||||
- --INTERMEDIATE_DIR=$(INSTALLER_TMPDIR) \
|
||||
- --STAGING_DIR=$(STAGING_DIR) \
|
||||
- --BUILD_TYPE=$(BUILD_TYPE) \
|
||||
- --BUILD_CONFIGURATION=$(BUILD_CONFIGURATION) \
|
||||
- --PFARCH=$(PF_ARCH) \
|
||||
- --PFDISTRO=$(PF_DISTRO) \
|
||||
- --PFMAJOR=$(PF_MAJOR) \
|
||||
- --PFMINOR=$(PF_MINOR) \
|
||||
- --VERSION=$(AUOMS_BUILDVERSION_MAJOR).$(AUOMS_BUILDVERSION_MINOR).$(AUOMS_BUILDVERSION_PATCH) \
|
||||
- --RELEASE=$(AUOMS_BUILDVERSION_BUILDNR) \
|
||||
- --VERSION_IDENT="$(AUOMS_BUILDVERSION_DATE) $(AUOMS_BUILDVERSION_STATUS)" \
|
||||
- $(DPKG_LOCATION) \
|
||||
- --DATAFILE_PATH=$(BASE_DIR)/installer/datafiles-debug \
|
||||
- --OUTPUTFILE=$(OUTPUT_PACKAGE_PREFIX_DEBUG) \
|
||||
- $(INSTALLER_DATAFILES_DPKG)
|
||||
- sudo chown --reference=$(BASE_DIR) $(INTERMEDIATE_DIR)/$(OUTPUT_PACKAGE_PREFIX_DEBUG).deb
|
||||
- sudo $(RMDIR) $(STAGING_DIR)
|
||||
endif
|
||||
|
||||
else
|
||||
|
||||
ifeq ($(CMAKE_BUILD_TYPE),RelWithDebInfo)
|
||||
-kit : $(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX).$(PACKAGE_SUFFIX) $(INTERMEDIATE_DIR)/$(OUTPUT_PACKAGE_PREFIX_DEBUG).rpm $(INTERMEDIATE_DIR)/$(OUTPUT_PACKAGE_PREFIX_DEBUG).deb
|
||||
+packages : $(TARGET_DIR) $(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX).$(PACKAGE_SUFFIX) $(INTERMEDIATE_DIR)/$(OUTPUT_PACKAGE_PREFIX_DEBUG).rpm
|
||||
+kit: packages
|
||||
else
|
||||
-kit : $(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX).$(PACKAGE_SUFFIX)
|
||||
+packages : $(TARGET_DIR) $(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX).$(PACKAGE_SUFFIX)
|
||||
+kit: packages
|
||||
endif
|
||||
|
||||
$(TARGET_DIR)/$(OUTPUT_PACKAGE_PREFIX).$(PACKAGE_SUFFIX) : $(AUOMS_BIN) sepolicy
|
||||
diff --git a/CollectionMonitor.cpp b/CollectionMonitor.cpp
|
||||
--- a/CollectionMonitor.cpp 2020-07-14 13:50:43.000000000 -0700
|
||||
+++ b/CollectionMonitor.cpp 2020-10-15 14:43:21.914099396 -0700
|
||||
@@ -207,15 +207,15 @@
|
||||
_builder.CancelEvent();
|
||||
return;
|
||||
}
|
||||
- if (_builder.AddField("pid", std::to_string(pid), nullptr, field_type_t::UNCLASSIFIED) != 1) {
|
||||
+ if (_builder.AddField("pid", std::to_string(pid), "", field_type_t::UNCLASSIFIED) != 1) {
|
||||
_builder.CancelEvent();
|
||||
return;
|
||||
}
|
||||
- if(_builder.AddField("ppid", std::to_string(ppid), nullptr, field_type_t::UNCLASSIFIED) != 1) {
|
||||
+ if(_builder.AddField("ppid", std::to_string(ppid), "", field_type_t::UNCLASSIFIED) != 1) {
|
||||
_builder.CancelEvent();
|
||||
return;
|
||||
}
|
||||
- if(_builder.AddField("exe", exe, nullptr, field_type_t::UNCLASSIFIED) != 1) {
|
||||
+ if(_builder.AddField("exe", exe, "", field_type_t::UNCLASSIFIED) != 1) {
|
||||
_builder.CancelEvent();
|
||||
return;
|
||||
}
|
||||
diff --git a/Event.cpp b/Event.cpp
|
||||
--- a/Event.cpp 2020-07-14 13:50:43.000000000 -0700
|
||||
+++ b/Event.cpp 2020-10-15 14:44:10.713610363 -0700
|
||||
@@ -421,7 +421,7 @@
|
||||
size_t name_size = strlen(field_name);
|
||||
size_t raw_size = strlen(raw_value);
|
||||
std::string_view interp;
|
||||
- if (interp_value != nullptr) {
|
||||
+ if (interp_value != nullptr && strlen(interp_value) != 0) {
|
||||
interp = std::string_view(interp_value, strlen(interp_value));
|
||||
}
|
||||
|
||||
diff --git a/EventTests.cpp b/EventTests.cpp
|
||||
--- a/EventTests.cpp 2020-07-14 13:50:43.000000000 -0700
|
||||
+++ b/EventTests.cpp 2020-10-15 14:44:51.257204228 -0700
|
||||
@@ -63,7 +63,7 @@
|
||||
if (ret != 1) {
|
||||
BOOST_FAIL("BeginRecord failed: " + std::to_string(ret));
|
||||
}
|
||||
- ret = builder.AddField("field1", "raw1", nullptr, field_type_t::UNCLASSIFIED);
|
||||
+ ret = builder.AddField("field1", "raw1", "", field_type_t::UNCLASSIFIED);
|
||||
if (ret != 1) {
|
||||
BOOST_FAIL("AddField failed: " + std::to_string(ret));
|
||||
}
|
||||
diff --git a/installer/bundle/create_bundle.sh b/installer/bundle/create_bundle.sh
|
||||
--- a/installer/bundle/create_bundle.sh 2020-07-14 13:50:43.000000000 -0700
|
||||
+++ b/installer/bundle/create_bundle.sh 2020-10-15 11:52:05.299985451 -0700
|
||||
@@ -115,27 +115,6 @@
|
||||
# Fetch the bundle skeleton file
|
||||
cp $SOURCE_DIR/$BUNDLE_FILE .
|
||||
|
||||
-# See if we can resolve git references for output
|
||||
-# (See if we can find the master project)
|
||||
-TEMP_FILE=/tmp/create_bundle.$$
|
||||
-
|
||||
-# Get the git reference hashes in a file
|
||||
-(
|
||||
-cd $SOURCE_DIR/../..
|
||||
-echo "Entering 'OMS-Auditd-Plugin'" > $TEMP_FILE
|
||||
-git rev-parse HEAD >> $TEMP_FILE
|
||||
-cd ../pal
|
||||
-echo "Entering 'pal'" >> $TEMP_FILE
|
||||
-git rev-parse HEAD >> $TEMP_FILE
|
||||
-)
|
||||
-
|
||||
-# Change lines like: "Entering 'pal'\n<refhash>" to "pal: <refhash>"
|
||||
-perl -i -pe "s/Entering '([^\n]*)'\n/\$1: /" $TEMP_FILE
|
||||
-
|
||||
-# Grab the reference hashes in a variable
|
||||
-SOURCE_REFS=`cat $TEMP_FILE`
|
||||
-rm $TEMP_FILE
|
||||
-
|
||||
# Update the bundle file w/the ref hash (much easier with perl since multi-line)
|
||||
perl -i -pe "s/-- Source code references --/${SOURCE_REFS}/" $BUNDLE_FILE
|
||||
|
||||
diff --git a/Metrics.cpp b/Metrics.cpp
|
||||
--- a/Metrics.cpp 2020-07-14 13:50:43.000000000 -0700
|
||||
+++ b/Metrics.cpp 2020-10-15 14:46:23.976275931 -0700
|
||||
@@ -80,47 +80,47 @@
|
||||
_builder->CancelEvent();
|
||||
return false;
|
||||
}
|
||||
- if (_builder->AddField("version", AUOMS_VERSION, nullptr, field_type_t::UNCLASSIFIED) != 1) {
|
||||
+ if (_builder->AddField("version", AUOMS_VERSION, "", field_type_t::UNCLASSIFIED) != 1) {
|
||||
_builder->CancelEvent();
|
||||
return false;
|
||||
}
|
||||
- if (_builder->AddField("StartTime", system_time_to_iso3339(snap.start_time), nullptr,
|
||||
+ if (_builder->AddField("StartTime", system_time_to_iso3339(snap.start_time), "",
|
||||
field_type_t::UNCLASSIFIED) != 1) {
|
||||
_builder->CancelEvent();
|
||||
return false;
|
||||
}
|
||||
- if (_builder->AddField("EndTime", system_time_to_iso3339(snap.end_time), nullptr,
|
||||
+ if (_builder->AddField("EndTime", system_time_to_iso3339(snap.end_time), "",
|
||||
field_type_t::UNCLASSIFIED) != 1) {
|
||||
_builder->CancelEvent();
|
||||
return false;
|
||||
}
|
||||
- if (_builder->AddField("Namespace", snap.namespace_name, nullptr, field_type_t::UNCLASSIFIED) != 1) {
|
||||
+ if (_builder->AddField("Namespace", snap.namespace_name, "", field_type_t::UNCLASSIFIED) != 1) {
|
||||
_builder->CancelEvent();
|
||||
return false;
|
||||
}
|
||||
- if (_builder->AddField("Name", snap.name, nullptr, field_type_t::UNCLASSIFIED) != 1) {
|
||||
+ if (_builder->AddField("Name", snap.name, "", field_type_t::UNCLASSIFIED) != 1) {
|
||||
_builder->CancelEvent();
|
||||
return false;
|
||||
}
|
||||
- if (_builder->AddField("SamplePeriod", std::to_string(snap.sample_period), nullptr,
|
||||
+ if (_builder->AddField("SamplePeriod", std::to_string(snap.sample_period), "",
|
||||
field_type_t::UNCLASSIFIED) != 1) {
|
||||
_builder->CancelEvent();
|
||||
return false;
|
||||
}
|
||||
- if (_builder->AddField("NumSamples", std::to_string(snap.num_samples), nullptr,
|
||||
+ if (_builder->AddField("NumSamples", std::to_string(snap.num_samples), "",
|
||||
field_type_t::UNCLASSIFIED) != 1) {
|
||||
_builder->CancelEvent();
|
||||
return false;
|
||||
}
|
||||
- if (_builder->AddField("Min", std::to_string(snap.min), nullptr, field_type_t::UNCLASSIFIED) != 1) {
|
||||
+ if (_builder->AddField("Min", std::to_string(snap.min), "", field_type_t::UNCLASSIFIED) != 1) {
|
||||
_builder->CancelEvent();
|
||||
return false;
|
||||
}
|
||||
- if (_builder->AddField("Max", std::to_string(snap.max), nullptr, field_type_t::UNCLASSIFIED) != 1) {
|
||||
+ if (_builder->AddField("Max", std::to_string(snap.max), "", field_type_t::UNCLASSIFIED) != 1) {
|
||||
_builder->CancelEvent();
|
||||
return false;
|
||||
}
|
||||
- if (_builder->AddField("Avg", std::to_string(snap.avg), nullptr, field_type_t::UNCLASSIFIED) != 1) {
|
||||
+ if (_builder->AddField("Avg", std::to_string(snap.avg), "", field_type_t::UNCLASSIFIED) != 1) {
|
||||
_builder->CancelEvent();
|
||||
return false;
|
||||
}
|
||||
diff --git a/OperationalStatus.cpp b/OperationalStatus.cpp
|
||||
--- a/OperationalStatus.cpp 2020-07-14 13:50:43.000000000 -0700
|
||||
+++ b/OperationalStatus.cpp 2020-10-15 14:46:52.727988196 -0700
|
||||
@@ -192,12 +192,12 @@
|
||||
_builder.CancelEvent();
|
||||
return false;
|
||||
}
|
||||
- if (_builder.AddField("version", AUOMS_VERSION, nullptr, field_type_t::UNCLASSIFIED) != 1) {
|
||||
+ if (_builder.AddField("version", AUOMS_VERSION, "", field_type_t::UNCLASSIFIED) != 1) {
|
||||
_builder.CancelEvent();
|
||||
return false;
|
||||
}
|
||||
if (!errors.empty()) {
|
||||
- if (_builder.AddField("errors", errors, nullptr, field_type_t::UNCLASSIFIED) != 1) {
|
||||
+ if (_builder.AddField("errors", errors, "", field_type_t::UNCLASSIFIED) != 1) {
|
||||
_builder.CancelEvent();
|
||||
return false;
|
||||
}
|
||||
diff --git a/OutputInputTests.cpp b/OutputInputTests.cpp
|
||||
--- a/OutputInputTests.cpp 2020-07-14 13:50:43.000000000 -0700
|
||||
+++ b/OutputInputTests.cpp 2020-10-15 14:47:09.019825179 -0700
|
||||
@@ -39,7 +39,7 @@
|
||||
builder->CancelEvent();
|
||||
return false;
|
||||
}
|
||||
- if (builder->AddField("seq", std::to_string(seq), nullptr, field_type_t::UNCLASSIFIED) != 1) {
|
||||
+ if (builder->AddField("seq", std::to_string(seq), "", field_type_t::UNCLASSIFIED) != 1) {
|
||||
builder->CancelEvent();
|
||||
return false;
|
||||
}
|
||||
diff --git a/RawEventProcessor.cpp b/RawEventProcessor.cpp
|
||||
--- a/RawEventProcessor.cpp 2020-07-14 13:50:43.000000000 -0700
|
||||
+++ b/RawEventProcessor.cpp 2020-10-15 14:48:34.222972890 -0700
|
||||
@@ -567,7 +567,7 @@
|
||||
_path_ouid.append(SV_JSON_ARRAY_END);
|
||||
_path_ogid.append(SV_JSON_ARRAY_END);
|
||||
|
||||
- auto ret = _builder->AddField(SV_PATH_NAME, _path_name, nullptr, field_type_t::UNCLASSIFIED);
|
||||
+ auto ret = _builder->AddField(SV_PATH_NAME, _path_name, "", field_type_t::UNCLASSIFIED);
|
||||
if (ret != 1) {
|
||||
if (ret == Queue::CLOSED) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
@@ -576,7 +576,7 @@
|
||||
return false;
|
||||
}
|
||||
|
||||
- ret = _builder->AddField(SV_PATH_NAMETYPE, _path_nametype, nullptr, field_type_t::UNCLASSIFIED);
|
||||
+ ret = _builder->AddField(SV_PATH_NAMETYPE, _path_nametype, "", field_type_t::UNCLASSIFIED);
|
||||
if (ret != 1) {
|
||||
if (ret == Queue::CLOSED) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
@@ -585,7 +585,7 @@
|
||||
return false;
|
||||
}
|
||||
|
||||
- ret = _builder->AddField(SV_PATH_MODE, _path_mode, nullptr, field_type_t::UNCLASSIFIED);
|
||||
+ ret = _builder->AddField(SV_PATH_MODE, _path_mode, "", field_type_t::UNCLASSIFIED);
|
||||
if (ret != 1) {
|
||||
if (ret == Queue::CLOSED) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
@@ -594,7 +594,7 @@
|
||||
return false;
|
||||
}
|
||||
|
||||
- ret = _builder->AddField(SV_PATH_OUID, _path_ouid, nullptr, field_type_t::UNCLASSIFIED);
|
||||
+ ret = _builder->AddField(SV_PATH_OUID, _path_ouid, "", field_type_t::UNCLASSIFIED);
|
||||
if (ret != 1) {
|
||||
if (ret == Queue::CLOSED) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
@@ -603,7 +603,7 @@
|
||||
return false;
|
||||
}
|
||||
|
||||
- ret = _builder->AddField(SV_PATH_OGID, _path_ogid, nullptr, field_type_t::UNCLASSIFIED);
|
||||
+ ret = _builder->AddField(SV_PATH_OGID, _path_ogid, "", field_type_t::UNCLASSIFIED);
|
||||
if (ret != 1) {
|
||||
if (ret == Queue::CLOSED) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
@@ -626,7 +626,7 @@
|
||||
proctitle_field = EventRecordField();
|
||||
|
||||
_execve_converter.Convert(execve_recs, _cmdline);
|
||||
- ret = _builder->AddField(SV_CMDLINE, _cmdline, nullptr, field_type_t::UNESCAPED);
|
||||
+ ret = _builder->AddField(SV_CMDLINE, _cmdline, "", field_type_t::UNESCAPED);
|
||||
|
||||
if (ret != 1) {
|
||||
if (ret == Queue::CLOSED) {
|
||||
@@ -657,7 +657,7 @@
|
||||
unescape_raw_field(_unescaped_val, proctitle_field.RawValuePtr(), proctitle_field.RawValueSize());
|
||||
ExecveConverter::ConvertRawCmdline(_unescaped_val, _cmdline);
|
||||
|
||||
- ret = _builder->AddField(SV_PROCTITLE, _cmdline, nullptr, field_type_t::PROCTITLE);
|
||||
+ ret = _builder->AddField(SV_PROCTITLE, _cmdline, "", field_type_t::PROCTITLE);
|
||||
if (ret != 1) {
|
||||
if (ret == Queue::CLOSED) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
@@ -682,7 +682,7 @@
|
||||
for (auto& field: dropped_rec) {
|
||||
_field_name.assign(SV_DROPPED);
|
||||
_field_name.append(field.FieldName());
|
||||
- ret = _builder->AddField(_field_name, field.RawValue(), nullptr, field_type_t::UNCLASSIFIED);
|
||||
+ ret = _builder->AddField(_field_name, field.RawValue(), "", field_type_t::UNCLASSIFIED);
|
||||
if (ret != 1) {
|
||||
if (ret == Queue::CLOSED) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
@@ -707,7 +707,7 @@
|
||||
containerid = p->_containerid;
|
||||
}
|
||||
|
||||
- ret = _builder->AddField(SV_CONTAINERID, containerid, nullptr, field_type_t::UNCLASSIFIED);
|
||||
+ ret = _builder->AddField(SV_CONTAINERID, containerid, "", field_type_t::UNCLASSIFIED);
|
||||
if (ret != 1) {
|
||||
if (ret == Queue::CLOSED) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
@@ -842,7 +842,7 @@
|
||||
}
|
||||
|
||||
bool RawEventProcessor::add_str_field(const std::string_view& name, const std::string_view& val, field_type_t ft) {
|
||||
- int ret = _builder->AddField(name, val, nullptr, ft);
|
||||
+ int ret = _builder->AddField(name, val, "", ft);
|
||||
if (ret != 1) {
|
||||
if (ret == Queue::CLOSED) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
diff --git a/RawEventRecord.cpp b/RawEventRecord.cpp
|
||||
--- a/RawEventRecord.cpp 2020-07-14 13:50:43.000000000 -0700
|
||||
+++ b/RawEventRecord.cpp 2020-10-15 14:49:06.070654420 -0700
|
||||
@@ -176,7 +176,7 @@
|
||||
}
|
||||
|
||||
if (!_node.empty()) {
|
||||
- ret = builder.AddField(SV_NODE, _node, nullptr, field_type_t::UNCLASSIFIED);
|
||||
+ ret = builder.AddField(SV_NODE, _node, "", field_type_t::UNCLASSIFIED);
|
||||
if (ret != 1) {
|
||||
return ret;
|
||||
}
|
||||
@@ -185,7 +185,7 @@
|
||||
// If record is marked as unparsable, then the text (after the 'audit():' section is included as the only value in
|
||||
// _record_fields
|
||||
if (_unparsable) {
|
||||
- ret = builder.AddField(SV_UNPARSED_TEXT, _record_fields[0], nullptr, field_type_t::UNESCAPED);
|
||||
+ ret = builder.AddField(SV_UNPARSED_TEXT, _record_fields[0], "", field_type_t::UNESCAPED);
|
||||
if (ret != 1) {
|
||||
return ret;
|
||||
}
|
||||
@@ -195,9 +195,9 @@
|
||||
for (auto f: _record_fields) {
|
||||
auto idx = f.find_first_of('=');
|
||||
if (idx == std::string_view::npos) {
|
||||
- ret = builder.AddField(f, std::string_view(), nullptr, field_type_t::UNCLASSIFIED);
|
||||
+ ret = builder.AddField(f, std::string_view(), "", field_type_t::UNCLASSIFIED);
|
||||
} else {
|
||||
- ret = builder.AddField(f.substr(0, idx), f.substr(idx + 1), nullptr, field_type_t::UNCLASSIFIED);
|
||||
+ ret = builder.AddField(f.substr(0, idx), f.substr(idx + 1), "", field_type_t::UNCLASSIFIED);
|
||||
}
|
||||
if (ret != 1) {
|
||||
return ret;
|
||||
diff --git a/TestEventData.h b/TestEventData.h
|
||||
--- a/TestEventData.h 2020-07-14 13:50:43.000000000 -0700
|
||||
+++ b/TestEventData.h 2020-10-15 14:49:48.162233590 -0700
|
||||
@@ -33,7 +33,12 @@
|
||||
field_type_t _field_type;
|
||||
|
||||
void Write(const std::shared_ptr<EventBuilder>& builder) {
|
||||
- builder->AddField(_name, _raw, _interp, _field_type);
|
||||
+ if (_interp == nullptr) {
|
||||
+ builder->AddField(_name, _raw, "", _field_type);
|
||||
+ }
|
||||
+ else {
|
||||
+ builder->AddField(_name, _raw, _interp, _field_type);
|
||||
+ }
|
||||
}
|
||||
};
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"auoms-2.2.5.tar.gz": "77fb7b561c597a99333d933fa738e184a6070c5f3c37fa09fb5bc8c5faacb0c3",
|
||||
"msgpack-c-cpp-2.0.0.zip": "9f3860bc014355dbdf6519ffb78d54d120bb8d134dcb4eba35eb5103c1ac3cd1",
|
||||
"pal-1.6.6-0.tar.gz": "f55a83636ed721ab2a347837b7ed517ece41fd179848995111032ebcd2370405",
|
||||
"rapidjson-1.0.2.tar.gz": "c3711ed2b3c76a5565ee9f0128bb4ec6753dbcc23450b713842df8f236d08666"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,193 @@
|
|||
%define debug_package %{nil}
|
||||
|
||||
Summary: Auditd plugin that forwards audit events to OMS Agent for Linux
|
||||
Name: auoms
|
||||
Version: 2.2.5
|
||||
Release: 2%{?dist}
|
||||
License: MIT
|
||||
URL: https://github.com/microsoft/OMS-Auditd-Plugin
|
||||
#Source0: https://github.com/microsoft/OMS-Auditd-Plugin/archive/v2.2.5-0.tar.gz
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
#Source1: https://github.com/microsoft/pal/archive/v1.6.6-0.tar.gz
|
||||
Source1: pal-1.6.6-0.tar.gz
|
||||
#Source2: https://github.com/msgpack/msgpack-c/archive/cpp-2.0.0.zip
|
||||
Source2: msgpack-c-cpp-2.0.0.zip
|
||||
#Source3: https://github.com/Tencent/rapidjson/archive/v1.0.2.tar.gz
|
||||
Source3: rapidjson-1.0.2.tar.gz
|
||||
Patch0: auoms.patch
|
||||
Group: Applications/System
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
|
||||
BuildRequires: unzip
|
||||
BuildRequires: cmake
|
||||
BuildRequires: wget
|
||||
BuildRequires: sudo
|
||||
BuildRequires: grep
|
||||
BuildRequires: sed
|
||||
BuildRequires: bash
|
||||
BuildRequires: bash-devel
|
||||
BuildRequires: audit-devel
|
||||
BuildRequires: boost-devel
|
||||
BuildRequires: python2
|
||||
BuildRequires: python2-devel
|
||||
|
||||
Requires: audit
|
||||
Requires: sudo
|
||||
Requires: bash
|
||||
Requires: sed
|
||||
Requires: libstdc++
|
||||
Requires: perl
|
||||
Requires: glibc
|
||||
|
||||
%description
|
||||
OMS Audit data collection daemon
|
||||
|
||||
%prep
|
||||
tar xf %{SOURCE1} --no-same-owner --one-top-level=pal --strip-components 1
|
||||
cp %{SOURCE2} ./
|
||||
cp %{SOURCE3} ./
|
||||
%setup -q -n OMS-Auditd-Plugin-2.2.5-0
|
||||
%patch0 -p1
|
||||
|
||||
%build
|
||||
grep AUOMS_BUILDVERSION auoms.version | head -n 4 | cut -d'=' -f2 | tr '\n' '.' | sed 's/.$//' | sed 's/^/#define AUOMS_VERSION "/' > auoms_version.h
|
||||
sed -i 's/$/"/' auoms_version.h
|
||||
cp -R /usr/include/boost /usr/local/include/boost
|
||||
mv /usr/include/boost /usr/include/boost148
|
||||
cd build
|
||||
./configure --enable-ulinux && make clean && make
|
||||
|
||||
%install
|
||||
install -vdm 755 %{buildroot}%{_sysconfdir}/init.d
|
||||
install -vdm 755 %{buildroot}%{_sysconfdir}/opt/microsoft/auoms
|
||||
install -vdm 755 %{buildroot}%{_sysconfdir}/opt/microsoft/auoms/outconf.d
|
||||
install -vdm 755 %{buildroot}%{_sysconfdir}/opt/microsoft/auoms/rules.d
|
||||
install -vdm 755 %{buildroot}/opt/microsoft/auoms
|
||||
install -vdm 755 %{buildroot}/opt/microsoft/auoms/bin
|
||||
install -vdm 755 %{buildroot}/usr/share/selinux/packages/auoms
|
||||
install -vdm 750 %{buildroot}/var/opt/microsoft/auoms/data
|
||||
install -vdm 750 %{buildroot}/var/opt/microsoft/auoms/data/outputs
|
||||
|
||||
install -m 644 intermediate/selinux/* %{buildroot}/usr/share/selinux/packages/auoms
|
||||
install -m 555 installer/auoms.init %{buildroot}%{_sysconfdir}/init.d/auoms
|
||||
install -m 644 installer/conf/auoms.conf %{buildroot}%{_sysconfdir}/opt/microsoft/auoms
|
||||
install -m 644 installer/conf/auomscollect.conf %{buildroot}%{_sysconfdir}/opt/microsoft/auoms
|
||||
install -m 644 installer/conf/example_output.conf %{buildroot}%{_sysconfdir}/opt/microsoft/auoms
|
||||
install -m 444 ./LICENSE %{buildroot}/opt/microsoft/auoms
|
||||
install -m 444 ./THIRD_PARTY_IP_NOTICE %{buildroot}/opt/microsoft/auoms
|
||||
install -m 444 installer/auoms.service %{buildroot}/opt/microsoft/auoms
|
||||
install -m 755 intermediate/builddir/release/bin/auomscollect %{buildroot}/opt/microsoft/auoms/bin
|
||||
install -m 755 intermediate/builddir/release/bin/auoms %{buildroot}/opt/microsoft/auoms/bin
|
||||
install -m 755 intermediate/builddir/release/bin/auomsctl %{buildroot}/opt/microsoft/auoms/bin
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%pre
|
||||
#!/bin/sh
|
||||
|
||||
if [ $1 -gt 1 ] ; then
|
||||
if [ -e /etc/audisp/plugins.d/auoms.conf ]; then
|
||||
echo "Pre: found etc/audisp/plugins.d/auoms.conf"
|
||||
if [ -e /etc/audisp/plugins.d/auoms.conf.auomssave ]; then
|
||||
rm /etc/audisp/plugins.d/auoms.conf.auomssave
|
||||
fi
|
||||
cp -p /etc/audisp/plugins.d/auoms.conf /etc/audisp/plugins.d/auoms.conf.auomssave
|
||||
fi
|
||||
if [ -e /etc/audit/plugins.d/auoms.conf ]; then
|
||||
echo "Pre: found etc/audit/plugins.d/auoms.conf"
|
||||
if [ -e /etc/audit/plugins.d/auoms.conf.auomssave ]; then
|
||||
rm /etc/audit/plugins.d/auoms.conf.auomssave
|
||||
fi
|
||||
cp -p /etc/audit/plugins.d/auoms.conf /etc/audit/plugins.d/auoms.conf.auomssave
|
||||
fi
|
||||
fi
|
||||
|
||||
%preun
|
||||
#!/bin/sh
|
||||
|
||||
if [ $1 -eq 0 ]; then
|
||||
/opt/microsoft/auoms/bin/auomsctl disable
|
||||
fi
|
||||
|
||||
%post
|
||||
#!/bin/sh
|
||||
|
||||
SERVICEDIR=/opt/microsoft/auoms
|
||||
|
||||
if [ $1 -gt 1 ] ; then
|
||||
if [ -e /etc/audisp/plugins.d/auoms.conf.auomssave ]; then
|
||||
echo "Post: found /etc/audisp/plugins.d/auoms.conf"
|
||||
if [ -e /etc/audisp/plugins.d/auoms.conf ]; then
|
||||
rm /etc/audisp/plugins.d/auoms.conf
|
||||
fi
|
||||
cp -p /etc/audisp/plugins.d/auoms.conf.auomssave /etc/audisp/plugins.d/auoms.conf
|
||||
fi
|
||||
if [ -e /etc/audit/plugins.d/auoms.conf.auomssave ]; then
|
||||
echo "Post: found /etc/audit/plugins.d/auoms.conf"
|
||||
if [ -e /etc/audit/plugins.d/auoms.conf ]; then
|
||||
rm /etc/audit/plugins.d/auoms.conf
|
||||
fi
|
||||
cp -p /etc/audit/plugins.d/auoms.conf.auomssave /etc/audit/plugins.d/auoms.conf
|
||||
fi
|
||||
echo "Post: executing upgrade"
|
||||
/opt/microsoft/auoms/bin/auomsctl upgrade
|
||||
fi
|
||||
for dir in /usr/lib/systemd/system /lib/systemd/system; do
|
||||
if [ -e $dir ]; then
|
||||
install -m 644 ${SERVICEDIR}/auoms.service $dir
|
||||
systemctl enable auoms.service
|
||||
break
|
||||
fi
|
||||
done
|
||||
sudo /opt/microsoft/auoms/bin/auomsctl enable
|
||||
rm -f /etc/audisp/plugins.d/auoms.conf.*
|
||||
rm -f /etc/audit/plugins.d/auoms.conf.*
|
||||
|
||||
%postun
|
||||
#!/bin/sh
|
||||
|
||||
if [ $1 -eq 0 ]; then
|
||||
rm -f /etc/audisp/plugins.d/auoms.conf*
|
||||
rm -f /etc/audit/plugins.d/auoms.conf*
|
||||
|
||||
rm -rf -v /etc/opt/microsoft/auoms
|
||||
rm -rf -v /var/opt/microsoft/auoms
|
||||
fi
|
||||
for dir in /usr/lib/systemd/system /lib/systemd/system; do
|
||||
if [ -e ${dir}/auoms.service ]; then
|
||||
systemctl disable auoms.service
|
||||
rm -f ${dir}/auoms.service
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
/usr/share/selinux/packages/auoms
|
||||
/usr/share/selinux/packages/auoms/*
|
||||
%{_sysconfdir}/init.d/auoms
|
||||
%{_sysconfdir}/opt/microsoft/auoms
|
||||
%{_sysconfdir}/opt/microsoft/auoms/auoms.conf
|
||||
%{_sysconfdir}/opt/microsoft/auoms/auomscollect.conf
|
||||
%{_sysconfdir}/opt/microsoft/auoms/example_output.conf
|
||||
%{_sysconfdir}/opt/microsoft/auoms/outconf.d
|
||||
%{_sysconfdir}/opt/microsoft/auoms/rules.d
|
||||
/opt/microsoft/auoms
|
||||
%license /opt/microsoft/auoms/LICENSE
|
||||
%license /opt/microsoft/auoms/THIRD_PARTY_IP_NOTICE
|
||||
/opt/microsoft/auoms/auoms.service
|
||||
/opt/microsoft/auoms/bin
|
||||
/opt/microsoft/auoms/bin/auomscollect
|
||||
/opt/microsoft/auoms/bin/auoms
|
||||
/opt/microsoft/auoms/bin/auomsctl
|
||||
/var/opt/microsoft/auoms
|
||||
/var/opt/microsoft/auoms/data
|
||||
/var/opt/microsoft/auoms/data/outputs
|
||||
|
||||
%changelog
|
||||
* Sat Oct 24 2020 Andrew Phelps <anphel@microsoft.com> 2.2.5-2
|
||||
- Fix setup macro
|
||||
* Thu Oct 22 2020 Andrew Phelps <anphel@microsoft.com> 2.2.5-1
|
||||
- Initial CBL-Mariner version.
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"azure-storage-cpp-7.3.0.tar.gz" : "d333757a6065ae2d63f8dfac5bf3033fa1e70bd6e518bf7f97e8d256b9154324"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,72 @@
|
|||
%define _build_id_links none
|
||||
|
||||
Name: azure-storage-cpp
|
||||
Summary: Azure Storage Client Library for C++
|
||||
Version: 7.3.0
|
||||
Release: 2%{?dist}
|
||||
License: ASL 2.0
|
||||
URL: https://azure.github.io/azure-storage-cpp/
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
#Source0: https://github.com/Azure/azure-storage-cpp/archive/v%{version}.tar.gz
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
|
||||
BuildRequires: util-linux-devel
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: boost-devel
|
||||
BuildRequires: libxml2-devel
|
||||
BuildRequires: cpprest-devel
|
||||
BuildRequires: cmake
|
||||
|
||||
Requires: openssl
|
||||
Requires: libxml2
|
||||
Requires: cpprest
|
||||
Requires: util-linux
|
||||
Requires: boost
|
||||
|
||||
%description
|
||||
The Azure Storage Client Library for C++ allows you to build applications against Microsoft Azure Storage.
|
||||
|
||||
%package devel
|
||||
Summary: Development files for %{name}
|
||||
Requires: %{name} = %{version}
|
||||
Requires: cpprest-devel
|
||||
|
||||
%description devel
|
||||
The Azure Storage Client Library for C++ allows you to build applications against Microsoft Azure Storage.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
CMAKE_OPTS="\
|
||||
-DCMAKE_BUILD_TYPE=Release \
|
||||
-DCMAKE_INSTALL_PREFIX=%{_prefix} \
|
||||
"
|
||||
|
||||
mkdir -pv Microsoft.WindowsAzure.Storage/build
|
||||
cd Microsoft.WindowsAzure.Storage/build
|
||||
cmake $CMAKE_OPTS ..
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
cd Microsoft.WindowsAzure.Storage/build
|
||||
make %{?_smp_mflags} DESTDIR=%{buildroot} install
|
||||
|
||||
%files
|
||||
%license LICENSE.txt
|
||||
%doc README.md
|
||||
%{_libdir}/*.so.*
|
||||
|
||||
%files devel
|
||||
%{_includedir}/was/*
|
||||
%{_includedir}/wascore/*
|
||||
%{_libdir}/libazurestorage.so
|
||||
|
||||
%changelog
|
||||
* Fri Oct 16 2020 Jonathan Slobodzian <joslobo@microsoft.com> 7.3.0-2
|
||||
- License Verified. Update Source0 Location. Integrated into Mariner Core.
|
||||
|
||||
* Mon Mar 30 2020 Jonathan Chiu <jochi@microsoft.com> 7.3.0-1
|
||||
- Original version for CBL-Mariner.
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
diff -Naur babeltrace2-2.0.1/src/plugins/ctf/common/msg-iter/msg-iter.c babeltrace2-2.0.1-copy/src/plugins/ctf/common/msg-iter/msg-iter.c
|
||||
--- babeltrace2-2.0.1/src/plugins/ctf/common/msg-iter/msg-iter.c 2020-02-28 22:26:47.194726018 -0800
|
||||
+++ babeltrace2-2.0.1-copy/src/plugins/ctf/common/msg-iter/msg-iter.c 2020-02-28 22:29:36.318373106 -0800
|
||||
@@ -2001,6 +2001,9 @@
|
||||
}
|
||||
|
||||
if (G_UNLIKELY(int_fc->storing_index >= 0)) {
|
||||
+ if ((uint64_t) int_fc->storing_index >= msg_it->stored_values->len) {
|
||||
+ g_array_set_size(msg_it->stored_values, (uint64_t) int_fc->storing_index + 1);
|
||||
+ }
|
||||
g_array_index(msg_it->stored_values, uint64_t,
|
||||
(uint64_t) int_fc->storing_index) = value;
|
||||
}
|
||||
@@ -2090,6 +2093,9 @@
|
||||
BT_ASSERT_DBG(int_fc->meaning == CTF_FIELD_CLASS_MEANING_NONE);
|
||||
|
||||
if (G_UNLIKELY(int_fc->storing_index >= 0)) {
|
||||
+ if ((uint64_t) int_fc->storing_index >= msg_it->stored_values->len) {
|
||||
+ g_array_set_size(msg_it->stored_values, (uint64_t) int_fc->storing_index + 1);
|
||||
+ }
|
||||
g_array_index(msg_it->stored_values, uint64_t,
|
||||
(uint64_t) int_fc->storing_index) = (uint64_t) value;
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"babeltrace2-2.0.1.tar.bz2": "87f0acc134bac8e897f4eb0f5a02cbfffeb94d3bc0396ecb74a6667581988ecf"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,99 @@
|
|||
Summary: A trace manipulation toolkit
|
||||
Name: babeltrace2
|
||||
Version: 2.0.1
|
||||
Release: 3%{?dist}
|
||||
License: MIT AND GPLv2
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Group: System Environment
|
||||
URL: https://www.efficios.com/babeltrace
|
||||
Source0: https://www.efficios.com/files/babeltrace/%{name}-%{version}.tar.bz2
|
||||
Patch0: 00-fix-lttng-live-array-access.patch
|
||||
BuildRequires: elfutils-devel >= 0.154
|
||||
BuildRequires: gcc
|
||||
BuildRequires: glib-devel >= 2.28.0
|
||||
Requires: libbabeltrace2%{?_isa} = %{version}-%{release}
|
||||
|
||||
%description
|
||||
The Babeltrace 2 project offers a library with a C API, Python 3 bindings, and
|
||||
a command-line tool which makes it very easy for mere mortals to view,
|
||||
convert, transform, and analyze traces.
|
||||
|
||||
Babeltrace 2 is also the reference parser implementation of the Common Trace
|
||||
Format (CTF), a very versatile trace format followed by various tracers and
|
||||
tools such as LTTng and barectf.
|
||||
|
||||
%package -n libbabeltrace2
|
||||
Summary: A trace manipulation library
|
||||
Requires: glib >= 2.28.0
|
||||
|
||||
%description -n libbabeltrace2
|
||||
The libbabeltrace2 package contains a library and plugin system to view,
|
||||
convert, transform, and analyze traces.
|
||||
|
||||
%package -n libbabeltrace2-devel
|
||||
Summary: Development files for libbabeltrace2
|
||||
Requires: glib >= 2.28.0
|
||||
Requires: libbabeltrace2%{?_isa} = %{version}-%{release}
|
||||
|
||||
%description -n libbabeltrace2-devel
|
||||
The libbabeltrace2-devel package contains the header files and libraries
|
||||
needed to develop programs that use the libbabeltrace2 trace manipulation
|
||||
library.
|
||||
|
||||
%prep
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
%configure --disable-static \
|
||||
--enable-debug-info \
|
||||
--disable-Werror
|
||||
|
||||
%make_build
|
||||
|
||||
%check
|
||||
make check
|
||||
|
||||
%install
|
||||
%make_install
|
||||
find %{buildroot} -type f -name "*.la" -delete -print
|
||||
# Clean installed doc
|
||||
rm -fv %{buildroot}%{_docdir}/babeltrace2/*
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%license LICENSE gpl-2.0.txt mit-license.txt
|
||||
%doc ChangeLog README.adoc
|
||||
%{_bindir}/babeltrace2
|
||||
%{_mandir}/man1/*.1*
|
||||
%{_mandir}/man7/*.7*
|
||||
|
||||
%files -n libbabeltrace2
|
||||
%defattr(-,root,root)
|
||||
%{_libdir}/*.so.*
|
||||
%{_libdir}/babeltrace2/plugins/*.so
|
||||
|
||||
%files -n libbabeltrace2-devel
|
||||
%defattr(-,root,root)
|
||||
%{_includedir}/*
|
||||
%{_libdir}/*.so
|
||||
%{_libdir}/pkgconfig/babeltrace2.pc
|
||||
%{_libdir}/pkgconfig/babeltrace2-ctf-writer.pc
|
||||
|
||||
%changelog
|
||||
* Wed Oct 14 2020 Thomas Crain <thcrain@microsoft.com> - 2.0.1-3
|
||||
- Update Source0
|
||||
- License verified
|
||||
|
||||
* Tue Feb 11 2020 Nick Bopp <nichbop@microsoft.com> - 2.0.1-2
|
||||
- Initial import from Fedora 32 (license: MIT and GPLv2)
|
||||
- Added runtime dependency on glib2
|
||||
- Remove python requirements
|
||||
- Removed ldconfig_scriptlets
|
||||
- Fix installed file cleanup
|
||||
|
||||
* Mon Feb 10 2020 Michael Jeanson <mjeanson@efficios.com> - 2.0.1-1
|
||||
- New upstream release
|
|
@ -0,0 +1,7 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"bond-8.0.1.tar.gz": "d22428a40ab158813c6b0d6548a9a4c1304c1873bd4f2f62a0f36c0ba2855a8b",
|
||||
"gbc-0.11.0.3-aarch64" : "2fa232b3ceb79ff2e002ad06f8da93bd59f81599102f95258b4dadb84d6b847d",
|
||||
"gbc-0.11.0.3-x86_64": "c64f9db841b8cccad4c8ec0bd724e52d28b51a15af145fe40223cd92d7356d71"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,73 @@
|
|||
Name: bond
|
||||
Summary: Microsoft Bond Library
|
||||
Version: 8.0.1
|
||||
Release: 3%{?dist}
|
||||
License: MIT
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
URL: https://github.com/microsoft/bond
|
||||
#Source0: %{url}/archive/%{version}.tar.gz
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
Source1: gbc-0.11.0.3-%{_arch}
|
||||
|
||||
BuildRequires: clang
|
||||
BuildRequires: cmake
|
||||
BuildRequires: zlib-devel
|
||||
BuildRequires: boost-devel
|
||||
BuildRequires: ncurses-devel
|
||||
BuildRequires: rapidjson-devel
|
||||
BuildRequires: gmp-devel
|
||||
|
||||
%description
|
||||
Bond is an open-source, cross-platform framework for working with schematized data.
|
||||
It supports cross-language serialization/deserialization and powerful generic mechanisms
|
||||
for efficiently manipulating data. Bond is broadly used at Microsoft in high scale services.
|
||||
|
||||
%package devel
|
||||
Summary: Development files for %{name}
|
||||
Requires: %{name} = %{version}
|
||||
|
||||
%description devel
|
||||
Development files for %{name}
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
CMAKE_OPTS="\
|
||||
-DBOND_ENABLE_GRPC=FALSE \
|
||||
-DBOND_FIND_RAPIDJSON=TRUE \
|
||||
-DBOND_SKIP_CORE_TESTS=TRUE \
|
||||
-DBOND_SKIP_GBC_TESTS=TRUE \
|
||||
-DBOND_GBC_PATH=%{SOURCE1} \
|
||||
-DCMAKE_INSTALL_PREFIX=%{_prefix} \
|
||||
"
|
||||
|
||||
mkdir -v build
|
||||
cd build
|
||||
cmake $CMAKE_OPTS ..
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
cd build
|
||||
make DESTDIR=%{buildroot} install
|
||||
chmod 0755 %{buildroot}%{_bindir}/gbc
|
||||
|
||||
%files
|
||||
%license LICENSE
|
||||
%doc README.md
|
||||
%{_bindir}/*
|
||||
|
||||
%files devel
|
||||
%{_includedir}/%{name}/*
|
||||
%{_libdir}/%{name}/*
|
||||
|
||||
%changelog
|
||||
* Mon Oct 19 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 8.0.1-3
|
||||
- License verified.
|
||||
- Added source URL.
|
||||
- Added 'Vendor' and 'Distribution' tags.
|
||||
* Tue May 19 2020 Jonathan Chiu <jochi@microsoft.com> 8.0.1-2
|
||||
- Add aarch64 support
|
||||
* Mon Apr 06 2020 Jonathan Chiu <jochi@microsoft.com> 8.0.1-1
|
||||
- Original version for CBL-Mariner.
|
Binary file not shown.
Binary file not shown.
|
@ -4,7 +4,7 @@
|
|||
|
||||
Name: brotli
|
||||
Version: 1.0.7
|
||||
Release: 7%{?dist}
|
||||
Release: 8%{?dist}
|
||||
Summary: Lossless compression algorithm
|
||||
Group: Applications/File
|
||||
|
||||
|
@ -18,6 +18,9 @@ Distribution: Mariner
|
|||
BuildRequires: cmake
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: python3-setuptools
|
||||
%if %{with_check}
|
||||
BuildRequires: python3-xml
|
||||
%endif
|
||||
|
||||
%description
|
||||
Brotli is a generic-purpose lossless compression algorithm that compresses
|
||||
|
@ -130,6 +133,9 @@ python3 setup.py test
|
|||
|
||||
|
||||
%changelog
|
||||
* Tue Oct 20 2020 Andrew Phelps <anphel@microsoft.com> 1.0.7-8
|
||||
- Fix check test
|
||||
|
||||
* Mon Dec 9 2019 Emre Girgin <mrgirgin@microsoft.com> 1.0.7-7
|
||||
- Initial CBL-Mariner import from Fedora 31 (license: MIT).
|
||||
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
"certdata.microsoft.txt": "d647ba9622bd973b2a2cb5114825a8ff6016ba3a5499a6a7cccdc1d07af25fdb",
|
||||
"certdata.txt": "cc6408bd4be7fbfb8699bdb40ccb7f6de5780d681d87785ea362646e4dad5e8e",
|
||||
"certdata2pem.py": "0be02cecc27a6e55e1cad1783033b147f502b26f9fb1bb5a53e7a43bbcb68fa0",
|
||||
"nssckbi.h": "4019b4b68df6b89b22d350ffea652707864ee995b399de2f876c6d52d41f11ac",
|
||||
"nssckbi.h": "9d916fe1586259d94632f186a736449e8344b8a18f7ac97253f13efc764d77ea",
|
||||
"pem2bundle.sh": "79012e7fabf560c3b950349e500770a314006e5b330621a50147eeda11c633ea",
|
||||
"trust-fixes": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
|
||||
"update-ca-trust": "0c0c0600587db7f59ba5e399666152ea6de6059f37408f3946c43438d607efdd",
|
||||
|
|
|
@ -74,7 +74,7 @@ Name: ca-certificates
|
|||
# (but these files might have not yet been released).
|
||||
|
||||
Version: 20200720
|
||||
Release: 7%{?dist}
|
||||
Release: 9%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: https://hg.mozilla.org
|
||||
Group: System Environment/Security
|
||||
|
@ -198,7 +198,7 @@ cp -p %{SOURCE20} .
|
|||
|
||||
%convert_certdata %{SOURCE0}
|
||||
%convert_certdata %{SOURCE21}
|
||||
%convert_certdata %{SOURCE22}
|
||||
%convert_certdata %{SOURCE23}
|
||||
|
||||
#manpage
|
||||
cp %{SOURCE10} %{name}/update-ca-trust.8.txt
|
||||
|
@ -250,7 +250,7 @@ install -p -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{catrustdir}/ca-legacy.conf
|
|||
%install_bundles %{SOURCE21} %{p11_format_base_bundle} %{legacy_default_base_bundle} %{legacy_disable_base_bundle}
|
||||
|
||||
# Microsoft certs
|
||||
%install_bundles %{SOURCE22} %{p11_format_microsoft_bundle} %{legacy_default_microsoft_bundle} %{legacy_disable_microsoft_bundle}
|
||||
%install_bundles %{SOURCE23} %{p11_format_microsoft_bundle} %{legacy_default_microsoft_bundle} %{legacy_disable_microsoft_bundle}
|
||||
|
||||
# TODO: consider to dynamically create the update-ca-trust script from within
|
||||
# this .spec file, in order to have the output file+directory names at once place only.
|
||||
|
@ -425,42 +425,48 @@ rm -f %{pkidir}/tls/certs/*.{0,pem}
|
|||
%{_bindir}/bundle2pem.sh
|
||||
|
||||
%changelog
|
||||
* Mon Sep 13 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 2020.7.20-7
|
||||
* Wed Oct 21 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200720-9
|
||||
- Switching to the correct source for the Microsoft bundle.
|
||||
|
||||
* Mon Sep 13 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200720-8
|
||||
- Aligning 'nssckbi.h' with the used 'certdata.txt' version for the Mozilla bundle.
|
||||
|
||||
* Mon Sep 13 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200720-7
|
||||
- Removing unused 'Requires*'.
|
||||
|
||||
* Wed Sep 09 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 2020.7.20-6
|
||||
* Wed Sep 09 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200720-6
|
||||
- Adding 2 Microsoft-trusted, intermediate CAs into 'ca-certificates-base'.
|
||||
|
||||
* Mon Aug 24 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 2020.7.20-5
|
||||
* Mon Aug 24 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200720-5
|
||||
- Adding 'ca-certificates-legacy' to support apps, which only work with
|
||||
a single cert per *.pem file. Adding a new 'ca-certificates-microsoft' subpackage with CAs trusted through
|
||||
the Microsoft Trusted Root Program. Converting common steps into parametrized macros.
|
||||
|
||||
* Tue Aug 11 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 2020.7.20-4
|
||||
* Tue Aug 11 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200720-4
|
||||
- Updating base certificates to current intermediate CAs.
|
||||
- Re-assigning ownership of legacy bundles from '*-shared' to subpackages creating them.
|
||||
- Removing commented lines.
|
||||
|
||||
* Fri Jul 31 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 2020.7.20-3
|
||||
* Fri Jul 31 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200720-3
|
||||
- Changing base certificates to trust packages.microsoft.com.
|
||||
|
||||
* Fri Jul 31 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 2020.7.20-2
|
||||
* Fri Jul 31 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200720-2
|
||||
- Removed redundant 'ca-bundle.trust.p11-kit' certs bundle.
|
||||
- Removed unnecessary pre-install step.
|
||||
- Moved license and config to 'ca-certificates-shared' subpackage
|
||||
to guarantee these to be always present regardless of the installed
|
||||
certificates bundle.
|
||||
|
||||
* Thu Jul 23 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 2020.7.20-1
|
||||
* Thu Jul 23 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200720-1
|
||||
- Updating certdata.txt to Mozilla version from 2020/07/20.
|
||||
|
||||
* Thu Jul 23 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 2020.4.28-4
|
||||
* Thu Jul 23 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200428-4
|
||||
- Fixing installation of 'ca-certificates-base` subpackage by making
|
||||
shared files and directory structure a 'Requires' for all certificate packages.
|
||||
- Updating '%%uninstall_clean_up' macro to use pk11kit tooling.
|
||||
- Reordering (Build)Requires to increase clarity.
|
||||
|
||||
* Tue May 26 2020 Paul Monson <paulmon@microsoft.com> - 2020.4.28-3
|
||||
* Tue May 26 2020 Paul Monson <paulmon@microsoft.com> - 20200428-3
|
||||
- Initial CBL-Mariner import from Fedora 27 (license: MIT).
|
||||
- License verified.
|
||||
- Updated Mozilla certdata.txt to latest version from the "FIREFOX_76_0_RELEASE" release.
|
||||
|
|
|
@ -46,8 +46,8 @@
|
|||
* It's recommend to switch back to 0 after having reached version 98/99.
|
||||
*/
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 40
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION "2.40"
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 42
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION "2.42"
|
||||
|
||||
/* These version numbers detail the semantic changes to the ckfw engine. */
|
||||
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"ccache-3.6.tar.gz" : "a3f2b91a2353b65a863c5901251efe48060ecdebec46b5eaec8ea8e092b9e871"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,38 @@
|
|||
Name: ccache
|
||||
Summary: Compiler Cache
|
||||
Version: 3.6
|
||||
Release: 2%{?dist}
|
||||
License: BeOpen and BSD and GPLv3+ and (Patrick Powell's and Holger Weiss' license) and Public Domain and Python and zlib
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
URL: https://ccache.dev
|
||||
Source0: https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
|
||||
|
||||
BuildRequires: make
|
||||
|
||||
%description
|
||||
Ccache (or “ccache”) is a compiler cache. It speeds up recompilation by caching previous
|
||||
compilations and detecting when the same compilation is being done again.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
%configure
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
make install DESTDIR=%{buildroot}
|
||||
|
||||
%files
|
||||
%license LICENSE.adoc
|
||||
%doc README.md
|
||||
%{_mandir}/*
|
||||
%{_bindir}/ccache
|
||||
|
||||
%changelog
|
||||
* Mon Oct 19 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 3.6-2
|
||||
- License verified.
|
||||
- Added 'Vendor' and 'Distribution' tags.
|
||||
* Mon Mar 30 2020 Jonathan Chiu <jochi@microsoft.com> 3.6-1
|
||||
- Original version for CBL-Mariner.
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
Name: chrony
|
||||
Version: 3.5.1
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: An NTP client/server
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
|
@ -77,13 +77,17 @@ sed -e 's|^pool.*|server time.windows.com|' \
|
|||
-e 's|#\(keyfile\)|\1|' \
|
||||
< examples/chrony.conf.example2 > chrony.conf
|
||||
|
||||
# use the example chrony-wait service, but comment out the line adding
|
||||
# chrony-wait as a boot dependency
|
||||
sed -i '/WantedBy=multi-user.target/s/^/#/g' examples/chrony-wait.service
|
||||
|
||||
cat >> chrony.conf << EOF
|
||||
|
||||
# Setting larger 'maxdistance' to tolerate time.windows.com delay
|
||||
maxdistance 16.0
|
||||
EOF
|
||||
|
||||
touch -r examples/chrony.conf.example2 chrony.conf
|
||||
touch -r examples/chrony.conf.example2 examples/chrony-wait.service chrony.conf
|
||||
|
||||
# regenerate the file from getdate.y
|
||||
rm -f getdate.c
|
||||
|
@ -191,6 +195,9 @@ systemctl start chronyd.service
|
|||
%dir %attr(-,chrony,chrony) %{_localstatedir}/log/chrony
|
||||
|
||||
%changelog
|
||||
* Thu Oct 01 2020 Thomas Crain <thcrain@microsoft.com> - 3.5.1-2
|
||||
- Remove chrony-wait service as a boot dependency
|
||||
|
||||
* Tue Sep 01 2020 Mateusz Malisz <mamalisz@microsoft.com> - 3.5.1-1
|
||||
- Update version to 3.5.1
|
||||
- Remove gpg signature check
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
From f7e13c34bc2f820ff124f1425c5d92dbdaa2e8da Mon Sep 17 00:00:00 2001
|
||||
From: Leandro Pereira <lpereira@linux.microsoft.com>
|
||||
Date: Thu, 1 Oct 2020 15:51:32 -0700
|
||||
Subject: [PATCH] CVE-2020-13342: Do not rely on $PATH to find
|
||||
systemd-ask-password
|
||||
|
||||
The execlp() call will look at the $PATH environment variable to
|
||||
determine which binary to execute; if a binary naemd
|
||||
"systemd-ask-password" is present, that will be called with the same
|
||||
privileges as "mount.cifs", which could be elevated as that might be
|
||||
executed under sudo or the executable might be SUID root. Moreover,
|
||||
this could be used to exfiltrate the password if somebody has access to
|
||||
the environment.
|
||||
|
||||
This patch makes the call using /usr/bin/systemd-ask-password directly.
|
||||
|
||||
Signed-off-by: Leandro Pereira <lpereira@linux.microsoft.com>
|
||||
---
|
||||
mount.cifs.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/mount.cifs.c b/mount.cifs.c
|
||||
index 4feb397..af0a796 100644
|
||||
--- a/mount.cifs.c
|
||||
+++ b/mount.cifs.c
|
||||
@@ -1669,7 +1669,8 @@ static int get_passwd_by_systemd(const char *prompt, char *input, int capacity)
|
||||
if (pid == 0) {
|
||||
close(fd[0]);
|
||||
dup2(fd[1], STDOUT_FILENO);
|
||||
- if (execlp("systemd-ask-password", "systemd-ask-password", prompt, NULL) == -1) {
|
||||
+ if (execlp("/usr/bin/systemd-ask-password",
|
||||
+ "/usr/bin/systemd-ask-password", prompt, NULL) == -1) {
|
||||
fprintf(stderr, "Failed to execute systemd-ask-password: %s\n",
|
||||
strerror(errno));
|
||||
}
|
||||
--
|
||||
1.8.3.1
|
|
@ -0,0 +1,121 @@
|
|||
diff -Naur cifs-utils-6.8.orig/mount.cifs.c cifs-utils-6.8.mod/mount.cifs.c
|
||||
--- cifs-utils-6.8.orig/mount.cifs.c 2020-09-30 17:26:48.250924409 -0700
|
||||
+++ cifs-utils-6.8.mod/mount.cifs.c 2020-09-30 17:27:19.002733900 -0700
|
||||
@@ -1646,6 +1646,73 @@
|
||||
return 0;
|
||||
}
|
||||
|
||||
+#ifdef ENABLE_SYSTEMD
|
||||
+static int get_passwd_by_systemd(const char *prompt, char *input, int capacity)
|
||||
+{
|
||||
+ int fd[2];
|
||||
+ pid_t pid;
|
||||
+ int offs = 0;
|
||||
+ int rc = 1;
|
||||
+
|
||||
+ if (pipe(fd) == -1) {
|
||||
+ fprintf(stderr, "Failed to create pipe: %s\n", strerror(errno));
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ pid = fork();
|
||||
+ if (pid == -1) {
|
||||
+ fprintf(stderr, "Unable to fork: %s\n", strerror(errno));
|
||||
+ close(fd[0]);
|
||||
+ close(fd[1]);
|
||||
+ return 1;
|
||||
+ }
|
||||
+ if (pid == 0) {
|
||||
+ close(fd[0]);
|
||||
+ dup2(fd[1], STDOUT_FILENO);
|
||||
+ if (execlp("systemd-ask-password", "systemd-ask-password", prompt, NULL) == -1) {
|
||||
+ fprintf(stderr, "Failed to execute systemd-ask-password: %s\n",
|
||||
+ strerror(errno));
|
||||
+ }
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
+ close(fd[1]);
|
||||
+ for (;;) {
|
||||
+ if (offs+1 >= capacity) {
|
||||
+ fprintf(stderr, "Password too long.\n");
|
||||
+ kill(pid, SIGTERM);
|
||||
+ rc = 1;
|
||||
+ break;
|
||||
+ }
|
||||
+ rc = read(fd[0], input + offs, capacity - offs);
|
||||
+ if (rc == -1) {
|
||||
+ fprintf(stderr, "Failed to read from pipe: %s\n", strerror(errno));
|
||||
+ rc = 1;
|
||||
+ break;
|
||||
+ }
|
||||
+ if (!rc)
|
||||
+ break;
|
||||
+ offs += rc;
|
||||
+ input[offs] = '\0';
|
||||
+ }
|
||||
+ if (wait(&rc) == -1) {
|
||||
+ fprintf(stderr, "Failed to wait child: %s\n", strerror(errno));
|
||||
+ rc = 1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+ if (!WIFEXITED(rc) || WEXITSTATUS(rc)) {
|
||||
+ rc = 1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ rc = 0;
|
||||
+
|
||||
+out:
|
||||
+ close(fd[0]);
|
||||
+ return rc;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* If systemd is running and systemd-ask-password --
|
||||
* is available, then use that else fallback on getpass(..)
|
||||
@@ -1659,35 +1726,22 @@
|
||||
int is_systemd_running;
|
||||
struct stat a, b;
|
||||
|
||||
+ memset(input, 0, capacity);
|
||||
+
|
||||
/* We simply test whether the systemd cgroup hierarchy is
|
||||
* mounted */
|
||||
is_systemd_running = (lstat("/sys/fs/cgroup", &a) == 0)
|
||||
&& (lstat("/sys/fs/cgroup/systemd", &b) == 0)
|
||||
&& (a.st_dev != b.st_dev);
|
||||
|
||||
- if (is_systemd_running) {
|
||||
- char *cmd, *ret;
|
||||
- FILE *ask_pass_fp = NULL;
|
||||
-
|
||||
- cmd = ret = NULL;
|
||||
- if (asprintf(&cmd, "systemd-ask-password \"%s\"", prompt) >= 0) {
|
||||
- ask_pass_fp = popen (cmd, "re");
|
||||
- free (cmd);
|
||||
- }
|
||||
-
|
||||
- if (ask_pass_fp) {
|
||||
- ret = fgets(input, capacity, ask_pass_fp);
|
||||
- pclose(ask_pass_fp);
|
||||
- }
|
||||
-
|
||||
- if (ret) {
|
||||
- int len = strlen(input);
|
||||
- if (input[len - 1] == '\n')
|
||||
- input[len - 1] = '\0';
|
||||
- return input;
|
||||
- }
|
||||
+ if (is_systemd_running && !get_passwd_by_systemd(prompt, input, capacity)) {
|
||||
+ int len = strlen(input);
|
||||
+ if (input[len - 1] == '\n')
|
||||
+ input[len - 1] = '\0';
|
||||
+ return input;
|
||||
}
|
||||
#endif
|
||||
+ memset(input, 0, capacity);
|
||||
|
||||
/*
|
||||
* Falling back to getpass(..)
|
|
@ -1,12 +1,16 @@
|
|||
Summary: cifs client utils
|
||||
Name: cifs-utils
|
||||
Version: 6.8
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: GPLv3
|
||||
URL: http://wiki.samba.org/index.php/LinuxCIFS_utils
|
||||
Group: Applications/Nfs-utils-client
|
||||
Source0: https://ftp.samba.org/pub/linux-cifs/cifs-utils/cifs-utils-%{version}.tar.bz2
|
||||
%define sha1 cifs-utils=3440625e73a2e8ea58c63c61b46a61f5b7f95bac
|
||||
|
||||
Patch0: CVE-2020-14342.patch
|
||||
Patch1: CVE-2020-14342-fix.patch
|
||||
|
||||
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
BuildRequires: libcap-ng-devel
|
||||
|
@ -26,7 +30,7 @@ Requires: cifs-utils = %{version}-%{release}
|
|||
Provides header files needed for Cifs-Utils development.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%autosetup
|
||||
|
||||
%build
|
||||
autoreconf -fiv &&./configure --prefix=%{_prefix}
|
||||
|
@ -48,9 +52,10 @@ make %{?_smp_mflags} check
|
|||
%{_includedir}/cifsidmap.h
|
||||
|
||||
%changelog
|
||||
* Sat May 09 00:20:52 PST 2020 Nick Samson <nisamson@microsoft.com> - 6.8-3
|
||||
* Wed Sep 30 2020 Henry Beberman <henry.beberman@microsoft.com> 6.8-4
|
||||
- Add patch for CVE-2020-14342
|
||||
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 6.8-3
|
||||
- Added %%license line automatically
|
||||
|
||||
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 6.8-2
|
||||
- Initial CBL-Mariner import from Photon (license: Apache2).
|
||||
* Fri Sep 07 2017 Ajay Kaher <akaher@vmware.com> 6.8-1
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"clamav-0.101.2.tar.gz": "0a12ebdf6ff7a74c0bde2bdc2b55cae33449e6dd953ec90824a9e01291277634"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,77 @@
|
|||
%{!?python2_sitelib: %global python2_sitelib %(python2 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")}
|
||||
%{!?python3_sitelib: %global python3_sitelib %(python3 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")}
|
||||
|
||||
Summary: Open source antivirus engine
|
||||
Name: clamav
|
||||
Version: 0.101.2
|
||||
Release: 3%{?dist}
|
||||
License: ASL 2.0 and BSD and bzip2-1.0.4 and GPLv2 and LGPLv2+ and MIT and Public Domain and UnRar
|
||||
Group: System Environment/Security
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
URL: https://www.clamav.net
|
||||
Source0: %{url}/downloads/production/%{name}-%{version}.tar.gz
|
||||
|
||||
BuildRequires: libtool
|
||||
BuildRequires: zlib-devel
|
||||
# Workaround for coreutils missing requirement flex
|
||||
BuildRequires: flex-devel
|
||||
# Required to produce systemd files
|
||||
BuildRequires: systemd-devel
|
||||
BuildRequires: openssl-devel
|
||||
Requires: zlib
|
||||
Requires: openssl
|
||||
|
||||
%description
|
||||
ClamAV® is an open source (GPL) anti-virus engine used in a variety of situations
|
||||
including email scanning, web scanning, and end point security. It provides a number
|
||||
of utilities including a flexible and scalable multi-threaded daemon, a command
|
||||
line scanner and an advanced tool for automatic database updates.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
%configure
|
||||
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
make install DESTDIR=%{buildroot}
|
||||
|
||||
%check
|
||||
make %{?_smp_mflags} check
|
||||
|
||||
%post
|
||||
/sbin/ldconfig
|
||||
|
||||
%postun
|
||||
/sbin/ldconfig
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%license COPYING COPYING.bzip2 COPYING.file COPYING.getopt COPYING.LGPL COPYING.llvm COPYING.lzma COPYING.pcre COPYING.regex COPYING.unrar COPYING.YARA COPYING.zlib
|
||||
%{_bindir}/*
|
||||
%{_sysconfdir}/*.sample
|
||||
%{_includedir}/*.h
|
||||
%{_libdir}/*.la
|
||||
%{_libdir}/*.so
|
||||
%{_libdir}/*.so.*
|
||||
%{_libdir}/pkgconfig/*.pc
|
||||
/lib/systemd/*
|
||||
%{_sbindir}/*
|
||||
%{_mandir}/man1/*
|
||||
%{_mandir}/man5/*
|
||||
%{_mandir}/man8/*
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Oct 19 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 0.101.2-3
|
||||
- License verified.
|
||||
- Added %%license macro.
|
||||
- Switching to using the %%configure macro.
|
||||
- Extended package's summary and description.
|
||||
* Wed Oct 02 2019 Mateusz Malisz <mamalisz@microsoft.com> 0.101.2-2
|
||||
- Fix vendor and distribution. Add systemd files to the list.
|
||||
* Thu Jul 25 2019 Chad Zawistowski <chzawist@microsoft.com> 0.101.2-1
|
||||
- Initial CBL-Mariner import from Azure.
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"cloud-init-vmware-guestinfo-1.3.1.tar.gz": "1f6c74b75d3697d62f0b5b8613e0d66bc06b2fd962f9b7c827c459d8c72505b9"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,43 @@
|
|||
%{!?python3_sitelib: %define python3_sitelib %(python3 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")}
|
||||
Name: cloud-init-vmware-guestinfo
|
||||
Version: 1.3.1
|
||||
Release: 2%{?dist}
|
||||
Summary: A cloud-init datasource for VMware
|
||||
Group: System/Management
|
||||
License: ASL 2.0
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
URL: https://github.com/vmware/cloud-init-vmware-guestinfo
|
||||
|
||||
#Source0: https://github.com/vmware/%{name}/archive/v%{version}.tar.gz
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
BuildRequires: python3
|
||||
Requires: cloud-init
|
||||
BuildArch: noarch
|
||||
|
||||
%description
|
||||
Provides a cloud-init datasource for pulling meta, user,
|
||||
and vendor data from VMware vSphere's GuestInfo interface.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
|
||||
%install
|
||||
install -dm 0755 %{buildroot}%{_sysconfdir}/cloud/cloud.cfg.d
|
||||
install -m 0644 99-DataSourceVMwareGuestInfo.cfg %{buildroot}%{_sysconfdir}/cloud/cloud.cfg.d/99-DataSourceVMwareGuestInfo.cfg
|
||||
install -dm 0755 %{buildroot}%{python3_sitelib}/cloudinit/sources/
|
||||
install -m 0644 DataSourceVMwareGuestInfo.py %{buildroot}%{python3_sitelib}/cloudinit/sources/DataSourceVMwareGuestInfo.py
|
||||
|
||||
%files
|
||||
%license LICENSE
|
||||
%config %{_sysconfdir}/cloud/cloud.cfg.d/99-DataSourceVMwareGuestInfo.cfg
|
||||
%{python3_sitelib}/cloudinit/sources/DataSourceVMwareGuestInfo.py
|
||||
|
||||
%changelog
|
||||
* Mon Oct 12 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 1.3.1-2
|
||||
- Adding a missing %%{?dist} tag.
|
||||
* Thu Sep 17 2020 Mateusz Malisz <mamalisz@microsoft.com> 1.3.1-1
|
||||
- Original version for CBL-Mariner.
|
||||
- License Verified
|
|
@ -1,7 +1,7 @@
|
|||
Summary: An URL retrieval utility and library
|
||||
Name: curl
|
||||
Version: 7.68.0
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: MIT
|
||||
URL: http://curl.haxx.se
|
||||
Group: System Environment/NetworkingLibraries
|
||||
|
@ -49,7 +49,7 @@ This package contains minimal set of shared curl libraries.
|
|||
--with-ssl \
|
||||
--with-gssapi \
|
||||
--with-libssh2 \
|
||||
--with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt \
|
||||
--with-ca-bundle=/etc/pki/tls/certs/ca-bundle.trust.crt \
|
||||
--with-ca-path=/etc/ssl/certs
|
||||
make %{?_smp_mflags}
|
||||
|
||||
|
@ -89,6 +89,8 @@ rm -rf %{buildroot}/*
|
|||
%{_libdir}/libcurl.so.*
|
||||
|
||||
%changelog
|
||||
* Wed Oct 07 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 7.68.0-3
|
||||
- Updating certificate bundle path to include full set of trust information.
|
||||
* Mon Sep 28 2020 Ruying Chen <v-ruyche@microsoft.com> 7.68.0-2
|
||||
- Add explicit provides for libcurl and libcurl-devel
|
||||
* Tue Aug 11 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 7.68.0-1
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Summary: Ed - A line-oriented text editor
|
||||
Name: ed
|
||||
Version: 1.14.2
|
||||
Release: 7%{?dist}
|
||||
Release: 8%{?dist}
|
||||
URL: https://www.gnu.org/software/ed/
|
||||
License: GPLv3
|
||||
Group: Applications/System
|
||||
|
@ -10,11 +10,15 @@ Distribution: Mariner
|
|||
# Official source under https://ftp.gnu.org/gnu/ed/ed-1.14.2.tar.lz.
|
||||
# We don't have lzip to decompress it.
|
||||
Source0: https://src.fedoraproject.org/repo/pkgs/%{name}/%{name}-%{version}.tar.xz/sha512/de838a6df785c7dc80f4b5ba84330bbe743983fd81218321d4ab84c4c3688fdafb4c005502f3228f0bfa2b6bcf342d64d9523ab73ee440b4f305a033f567cbc2/%{name}-%{version}.tar.xz
|
||||
|
||||
# CVE-2015-2987 applies to a different program named ED
|
||||
Patch0: CVE-2015-2987.nopatch
|
||||
|
||||
%description
|
||||
Ed - A line-oriented text editor
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
./configure \
|
||||
|
@ -42,6 +46,9 @@ make %{?_smp_mflags} check
|
|||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Wed Oct 14 2020 Henry Beberman <henry.beberman@microsoft.com> 1.14.2-8
|
||||
- Nopatch CVE-2015-2987. Applies to a different program named ed.
|
||||
- Switch setup to autosetup
|
||||
* Wed Aug 05 2020 Andrew Phelps <anphel@microsoft.com> 1.14.2-7
|
||||
- Remove conflicting 'dir' file from _infodir
|
||||
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 1.14.2-6
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"fluent-bit-1.4.1.tar.gz" : "f5e2e10133d2a266e508db9d95e425108a1a7e43ca713bedd0d9005d962b0cff"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,58 @@
|
|||
%define _build_id_links none
|
||||
|
||||
Name: fluent-bit
|
||||
Summary: Fast and Lightweight Log processor and forwarder for Linux, BSD and OSX
|
||||
Version: 1.4.1
|
||||
Release: 2%{?dist}
|
||||
License: ASL 2.0
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
URL: https://fluentbit.io
|
||||
#Source0: https://github.com/fluent/%{name}/archive/v%{version}.tar.gz
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
|
||||
BuildRequires: cmake
|
||||
|
||||
%description
|
||||
Fluent Bit is a fast Log Processor and Forwarder for Linux, Embedded Linux, MacOS and BSD
|
||||
family operating systems. It's part of the Fluentd Ecosystem and a CNCF sub-project.
|
||||
|
||||
%package devel
|
||||
Summary: Development files for %{name}
|
||||
Requires: %{name} = %{version}
|
||||
|
||||
%description devel
|
||||
Development files for %{name}
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
cd build
|
||||
cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} ..
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
cd build
|
||||
make install DESTDIR=%{buildroot}
|
||||
|
||||
%files
|
||||
%license LICENSE
|
||||
%doc README.md
|
||||
%exclude /usr/src/debug
|
||||
/lib/systemd/system/fluent-bit.service
|
||||
%{_bindir}/*
|
||||
/usr/etc/fluent-bit/*
|
||||
|
||||
%files devel
|
||||
%{_includedir}/*
|
||||
/usr/lib64/*.so
|
||||
|
||||
%changelog
|
||||
* Mon Oct 19 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 1.4.1-2
|
||||
- License verified.
|
||||
- Fixed source URL.
|
||||
- Added 'Vendor' and 'Distribution' tags.
|
||||
* Mon Mar 30 2020 Jonathan Chiu <jochi@microsoft.com> 1.4.1-1
|
||||
- Original version for CBL-Mariner.
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"fontconfig-2.13.1.tar.gz": "9f0d852b39d75fc655f9f53850eb32555394f36104a044bb2b2fc9e66dbbfa7f"
|
||||
"fontconfig-2.13.91.tar.gz": "19e5b1bc9d013a52063a44e1307629711f0bfef35b9aca16f9c793971e2eb1e5"
|
||||
}
|
||||
}
|
|
@ -1,7 +1,7 @@
|
|||
Summary: library for configuring and customizing font access.
|
||||
Name: fontconfig
|
||||
Version: 2.13.1
|
||||
Release: 4%{?dist}
|
||||
Version: 2.13.91
|
||||
Release: 1%{?dist}
|
||||
License: BSD/GPL
|
||||
URL: https://www.freedesktop.org/wiki/Software/fontconfig/
|
||||
Group: System Environment/Libraries
|
||||
|
@ -13,6 +13,7 @@ BuildRequires: libxml2
|
|||
BuildRequires: expat-devel
|
||||
BuildRequires: gperf
|
||||
Provides: pkgconfig(fontconfig)
|
||||
|
||||
%description
|
||||
Fontconfig can discover new fonts when installed automatically, removing a common source of configuration problems, perform font name substitution, so that appropriate alternative fonts can be selected if fonts are missing, identify the set of fonts required to completely cover a set of languages.
|
||||
|
||||
|
@ -32,6 +33,7 @@ It contains the libraries and header files to create applications
|
|||
--localstatedir=/var \
|
||||
--docdir=/usr/share/doc/%{name}-%{version} \
|
||||
--disable-static
|
||||
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
|
@ -66,9 +68,10 @@ make -k check
|
|||
%{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Sat May 09 00:20:59 PST 2020 Nick Samson <nisamson@microsoft.com> - 2.13.1-4
|
||||
* Mon Oct 5 2020 Mateusz Malisz <mamalisz@microsoft.com> - 2.13.91-1
|
||||
- Update to 2.13.91
|
||||
* Sat May 9 2020 Nick Samson <nisamson@microsoft.com> - 2.13.1-4
|
||||
- Added %%license line automatically
|
||||
|
||||
* Fri Apr 17 2020 Nicolas Ontiveros <niontive@microsoft.com> 2.13.1-3
|
||||
- Rename freetype2-devel to freetype-devel.
|
||||
- Remove sha1 hash.
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"gflags-2.2.2.tar.gz": "34af2f15cf7367513b352bdcd2493ab14ce43692d2dcd9dfc499492966c64dcf"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,65 @@
|
|||
Name: gflags
|
||||
Summary: The gflags package contains a C++ library that implements commandline flags processing.
|
||||
Version: 2.2.2
|
||||
Release: 3%{?dist}
|
||||
License: BSD
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
URL: https://gflags.github.io/gflags/
|
||||
#Source0: https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
|
||||
BuildRequires: cmake
|
||||
BuildRequires: build-essential
|
||||
|
||||
%description
|
||||
The gflags package contains a C++ library that implements commandline flags processing.
|
||||
It includes built-in support for standard types such as string and the ability to define
|
||||
flags in the source file in which they are used.
|
||||
|
||||
%package devel
|
||||
Summary: Development files for %{name}
|
||||
Requires: %{name} = %{version}
|
||||
|
||||
%description devel
|
||||
Development files for %{name}
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
mkdir build
|
||||
cd build
|
||||
%cmake -DBUILD_SHARED_LIBS=ON ..
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
cd build
|
||||
make install DESTDIR=%{buildroot}
|
||||
|
||||
# Remove unused files
|
||||
rm %{buildroot}/root/.cmake/packages/gflags/*
|
||||
|
||||
%files
|
||||
%doc README.md
|
||||
%license COPYING.txt
|
||||
%{_bindir}/*
|
||||
%{_libdir}/*.so*
|
||||
|
||||
%files devel
|
||||
%{_includedir}/*
|
||||
%{_libdir}/cmake/%{name}
|
||||
%{_libdir}/*.so
|
||||
%{_libdir}/pkgconfig/gflags.pc
|
||||
|
||||
%changelog
|
||||
* Thu Oct 08 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 2.2.2-3
|
||||
- License verified.
|
||||
- Added %%license macro.
|
||||
- Added debug package.
|
||||
- Fixed extra file exclude.
|
||||
- Fixed 'Source0' URL.
|
||||
* Fri Jun 05 2020 Jonathan Chiu <jochi@microsoft.com> 2.2.2-2
|
||||
- Exclude extra files
|
||||
* Thu Apr 09 2020 Jonathan Chiu <jochi@microsoft.com> 2.2.2-1
|
||||
- Original version for CBL-Mariner.
|
|
@ -1,7 +1,7 @@
|
|||
Summary: Fast distributed version control system
|
||||
Name: git
|
||||
Version: 2.23.3
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: GPLv2
|
||||
URL: https://git-scm.com/
|
||||
Group: System Environment/Programming
|
||||
|
@ -57,10 +57,7 @@ install -m 0644 contrib/completion/git-completion.bash %{buildroot}/usr/share/ba
|
|||
%{_fixperms} %{buildroot}/*
|
||||
|
||||
%check
|
||||
# git expect nonroot user to run tests
|
||||
chmod g+w . -R
|
||||
useradd test -G root -m
|
||||
sudo -u test make %{?_smp_mflags} test
|
||||
make %{?_smp_mflags} test
|
||||
|
||||
%post
|
||||
if [ $1 -eq 1 ];then
|
||||
|
@ -92,6 +89,8 @@ rm -rf %{buildroot}/*
|
|||
%defattr(-,root,root)
|
||||
|
||||
%changelog
|
||||
* Mon Oct 19 2020 Andrew Phelps <anphel@microsoft.com> 2.23.3-3
|
||||
- Fix check test
|
||||
* Mon Oct 12 2020 Joe Schmitt <joschmit@microsoft.com> 2.23.3-2
|
||||
- Use new perl package names.
|
||||
- Provide git-core.
|
||||
|
|
|
@ -0,0 +1,97 @@
|
|||
diff --git a/fuzz/gnutls_client_fuzzer.in/00ea40761ce11e769f1817a04b3d3f7dcc0ab4571cf0df3b67ab7e1005e9e7a8 b/fuzz/gnutls_client_fuzzer.in/00ea40761ce11e769f1817a04b3d3f7dcc0ab4571cf0df3b67ab7e1005e9e7a8
|
||||
new file mode 100644
|
||||
index 0000000000000000000000000000000000000000..73a2d97ba20483dc4f8c7766a043cb737e27c942
|
||||
Binary files /dev/null and b/fuzz/gnutls_client_fuzzer.in/00ea40761ce11e769f1817a04b3d3f7dcc0ab4571cf0df3b67ab7e1005e9e7a8 differ
|
||||
diff --git a/fuzz/gnutls_psk_client_fuzzer.in/b16434290b77e13d7a983d1da801fb3c6d1f7f846f227721e221adea08aa319c b/fuzz/gnutls_psk_client_fuzzer.in/b16434290b77e13d7a983d1da801fb3c6d1f7f846f227721e221adea08aa319c
|
||||
new file mode 100644
|
||||
index 0000000000000000000000000000000000000000..7ebb883f4d4c3401f32834f3bcc725d2404996f5
|
||||
Binary files /dev/null and b/fuzz/gnutls_psk_client_fuzzer.in/b16434290b77e13d7a983d1da801fb3c6d1f7f846f227721e221adea08aa319c differ
|
||||
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
|
||||
index bb6c19713851e1f59f98237b587deb86429ad0e0..31cec5c0cddbe2562d726368bebc5bba224f534c 100644
|
||||
--- a/lib/gnutls_int.h
|
||||
+++ b/lib/gnutls_int.h
|
||||
@@ -1370,6 +1370,7 @@ typedef struct {
|
||||
#define HSK_RECORD_SIZE_LIMIT_RECEIVED (1<<26) /* server: record_size_limit extension was seen but not accepted yet */
|
||||
#define HSK_OCSP_REQUESTED (1<<27) /* server: client requested OCSP stapling */
|
||||
#define HSK_CLIENT_OCSP_REQUESTED (1<<28) /* client: server requested OCSP stapling */
|
||||
+#define HSK_SERVER_HELLO_RECEIVED (1<<29) /* client: Server Hello message has been received */
|
||||
|
||||
/* The hsk_flags are for use within the ongoing handshake;
|
||||
* they are reset to zero prior to handshake start by gnutls_handshake. */
|
||||
diff --git a/lib/handshake.c b/lib/handshake.c
|
||||
index b40f84b3d972057be1c2dccdbc2f4fc4ab2948a8..ce2d160e2077c6d971de58e63ec86b9b035af853 100644
|
||||
--- a/lib/handshake.c
|
||||
+++ b/lib/handshake.c
|
||||
@@ -2061,6 +2061,8 @@ read_server_hello(gnutls_session_t session,
|
||||
if (ret < 0)
|
||||
return gnutls_assert_val(ret);
|
||||
|
||||
+ session->internals.hsk_flags |= HSK_SERVER_HELLO_RECEIVED;
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -2585,16 +2587,42 @@ int gnutls_rehandshake(gnutls_session_t session)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+/* This function checks whether the error code should be treated fatal
|
||||
+ * or not, and also does the necessary state transition. In
|
||||
+ * particular, in the case of a rehandshake abort it resets the
|
||||
+ * handshake's internal state.
|
||||
+ */
|
||||
inline static int
|
||||
_gnutls_abort_handshake(gnutls_session_t session, int ret)
|
||||
{
|
||||
- if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) &&
|
||||
- (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION))
|
||||
- || ret == GNUTLS_E_GOT_APPLICATION_DATA)
|
||||
- return 0;
|
||||
+ switch (ret) {
|
||||
+ case GNUTLS_E_WARNING_ALERT_RECEIVED:
|
||||
+ if (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION) {
|
||||
+ /* The server always toleretes a "no_renegotiation" alert. */
|
||||
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
|
||||
+ STATE = STATE0;
|
||||
+ return ret;
|
||||
+ }
|
||||
+
|
||||
+ /* The client should tolerete a "no_renegotiation" alert only if:
|
||||
+ * - the initial handshake has completed, or
|
||||
+ * - a Server Hello is not yet received
|
||||
+ */
|
||||
+ if (session->internals.initial_negotiation_completed ||
|
||||
+ !(session->internals.hsk_flags & HSK_SERVER_HELLO_RECEIVED)) {
|
||||
+ STATE = STATE0;
|
||||
+ return ret;
|
||||
+ }
|
||||
|
||||
- /* this doesn't matter */
|
||||
- return GNUTLS_E_INTERNAL_ERROR;
|
||||
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
|
||||
+ }
|
||||
+ return ret;
|
||||
+ case GNUTLS_E_GOT_APPLICATION_DATA:
|
||||
+ STATE = STATE0;
|
||||
+ return ret;
|
||||
+ default:
|
||||
+ return ret;
|
||||
+ }
|
||||
}
|
||||
|
||||
|
||||
@@ -2756,13 +2784,7 @@ int gnutls_handshake(gnutls_session_t session)
|
||||
}
|
||||
|
||||
if (ret < 0) {
|
||||
- /* In the case of a rehandshake abort
|
||||
- * we should reset the handshake's internal state.
|
||||
- */
|
||||
- if (_gnutls_abort_handshake(session, ret) == 0)
|
||||
- STATE = STATE0;
|
||||
-
|
||||
- return ret;
|
||||
+ return _gnutls_abort_handshake(session, ret);
|
||||
}
|
||||
|
||||
/* clear handshake buffer */
|
|
@ -1,7 +1,7 @@
|
|||
Summary: The GnuTLS Transport Layer Security Library
|
||||
Name: gnutls
|
||||
Version: 3.6.14
|
||||
Release: 1%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: GPLv3+ and LGPLv2+
|
||||
URL: https://www.gnutls.org
|
||||
Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz
|
||||
|
@ -22,6 +22,8 @@ Requires: gmp
|
|||
Requires: guile
|
||||
Requires: gc
|
||||
|
||||
Patch0: CVE-2020-24659.patch
|
||||
|
||||
%description
|
||||
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other required structures. It is aimed to be portable and efficient with focus on security and interoperability.
|
||||
|
||||
|
@ -36,7 +38,8 @@ The package contains libraries and header files for
|
|||
developing applications that use gnutls.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
|
||||
%configure \
|
||||
|
@ -44,7 +47,7 @@ developing applications that use gnutls.
|
|||
--disable-openssl-compatibility \
|
||||
--with-included-unistring \
|
||||
--with-system-priority-file=%{_sysconfdir}/gnutls/default-priorities \
|
||||
--with-default-trust-store-file=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt \
|
||||
--with-default-trust-store-file=%{_sysconfdir}/pki/tls/certs/ca-bundle.trust.crt \
|
||||
--with-default-trust-store-dir=%{_sysconfdir}/ssl/certs
|
||||
make %{?_smp_mflags}
|
||||
|
||||
|
@ -88,6 +91,11 @@ make %{?_smp_mflags} check
|
|||
%{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Wed Oct 21 2020 Henry Beberman <henry.beberman@microsoft.com> 3.6.14-3
|
||||
- Apply patch for CVE-2020-24659 from upstream.
|
||||
- Switch setup to autosetup.
|
||||
* Wed Oct 07 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 3.6.14-2
|
||||
- Updating certificate bundle path to include full set of trust information.
|
||||
* Fri Aug 21 2020 Andrew Phelps <anphel@microsoft.com> 3.6.14-1
|
||||
- Update to version 3.6.14 for CVE-2020-13777
|
||||
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 3.6.8-3
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"go1.13.11.src.tar.gz": "89ed1abce25ad003521c125d6583c93c1280de200ad221f961085200a6c00679",
|
||||
"go1.13.15.src.tar.gz": "5fb43171046cf8784325e67913d55f88a683435071eef8e9da1aa8a1588fcf5d",
|
||||
"go1.4-bootstrap-20171003.tar.gz": "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52"
|
||||
}
|
||||
}
|
|
@ -14,7 +14,7 @@
|
|||
|
||||
Summary: Go
|
||||
Name: golang
|
||||
Version: 1.13.11
|
||||
Version: 1.13.15
|
||||
Release: 1%{?dist}
|
||||
License: BSD
|
||||
URL: https://golang.org
|
||||
|
@ -124,9 +124,11 @@ rm -rf %{buildroot}/*
|
|||
%{_bindir}/*
|
||||
|
||||
%changelog
|
||||
* Tue Sep 08 2020 Nicolas Ontiveros <niontive@microsoft.com> 1.13.15-1
|
||||
- Updated to version 1.13.15, which fixes CVE-2020-14039 and CVE-2020-16845.
|
||||
* Sun May 24 2020 Mateusz Malisz <mamalisz@microsoft.com> 1.13.11-1
|
||||
- Updated to version 1.13.11
|
||||
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> - 1.12.5-7
|
||||
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 1.12.5-7
|
||||
- Added %%license line automatically
|
||||
* Thu Apr 30 2020 Emre Girgin <mrgirgin@microsoft.com> 1.12.5-6
|
||||
- Renaming go to golang
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
# No patch has been made available for CVE-2000-0803
|
|
@ -1,19 +1,15 @@
|
|||
Summary: Programs for processing and formatting text
|
||||
Name: groff
|
||||
Version: 1.22.3
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
License: GPLv3+
|
||||
URL: http://www.gnu.org/software/groff
|
||||
Group: Applications/Text
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Source0: http://ftp.gnu.org/gnu/groff/%{name}-%{version}.tar.gz
|
||||
%define sha1 groff=61a6808ea1ef715df9fa8e9b424e1f6b9fa8c091
|
||||
Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
|
||||
Requires: perl-DBI
|
||||
Requires: perl-DBIx-Simple
|
||||
Requires: perl-DBD-SQLite
|
||||
Requires: perl-File-HomeDir
|
||||
# No patch has been made available for CVE-2000-0803
|
||||
Patch0: CVE-2000-0803.nopatch
|
||||
|
||||
Provides: perl(oop_fh.pl) = %{version}-%{release}
|
||||
Provides: perl(main_subs.pl) = %{version}-%{release}
|
||||
|
@ -21,6 +17,12 @@ Provides: perl(man.pl) = %{version}-%{release}
|
|||
Provides: perl(subs.pl) = %{version}-%{release}
|
||||
Provides: groff-base = %{version}-%{release}
|
||||
|
||||
Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
|
||||
Requires: perl-DBI
|
||||
Requires: perl-DBIx-Simple
|
||||
Requires: perl-DBD-SQLite
|
||||
Requires: perl-File-HomeDir
|
||||
|
||||
%description
|
||||
The Groff package contains programs for processing
|
||||
and formatting text.
|
||||
|
@ -45,10 +47,13 @@ rm -rf %{buildroot}%{_infodir}
|
|||
%{_defaultdocdir}/%{name}-%{version}/*
|
||||
%{_datarootdir}/%{name}/*
|
||||
%{_mandir}/*/*
|
||||
|
||||
%changelog
|
||||
* Mon Oct 12 2020 Joe Schmitt <joschmit@microsoft.com> 1.22.3-5
|
||||
* Mon Oct 12 2020 Joe Schmitt <joschmit@microsoft.com> 1.22.3-6
|
||||
- Use new perl package names.
|
||||
- Provide groff-base.
|
||||
* Mon Sep 28 2020 Daniel McIlvaney <damcilva@microsoft.com> 1.22.3-5
|
||||
- Nopatch CVE-2000-0803.nopatch
|
||||
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 1.22.3-4
|
||||
- Added %%license line automatically
|
||||
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 1.22.3-3
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
# CVE-1999-0236 must be mitigated by the user. See "Server Side Includes" on https://httpd.apache.org/docs/2.4/misc/security_tips.html
|
|
@ -0,0 +1 @@
|
|||
# CVE-1999-1412 applies only to MacOS X
|
|
@ -0,0 +1,9 @@
|
|||
# CVE-2007-0086 has been disputed to be an actual vulnerability. Official Red Hat statement from 1st of November 2007:
|
||||
|
||||
"Red Hat does not consider this issue to be a security vulnerability. The pottential attacker has to send acknowledgement
|
||||
packets periodically to make server generate traffic. Exactly the same effect could be achieved by simply downloading the file.
|
||||
The statement that setting the TCP window size to arbitrarily high value would permit the attacker to disconnect and stop
|
||||
sending ACKs is false, because Red Hat Enterprise Linux limits the size of the TCP send buffer to 4MB by default."
|
||||
|
||||
In case of CBL-Mariner the default max TCP send buffer size is set to 4 MBs as well.
|
||||
The configuration is available under '/proc/sys/net/ipv4/tcp_wmem'.
|
|
@ -1,7 +1,7 @@
|
|||
Summary: The Apache HTTP Server
|
||||
Name: httpd
|
||||
Version: 2.4.46
|
||||
Release: 1%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: ASL 2.0
|
||||
URL: https://httpd.apache.org/
|
||||
Group: Applications/System
|
||||
|
@ -11,6 +11,13 @@ Source0: https://archive.apache.org/dist/%{name}/%{name}-%{version}.tar.b
|
|||
Patch0: httpd-blfs_layout-1.patch
|
||||
Patch1: httpd-uncomment-ServerName.patch
|
||||
|
||||
# CVE-1999-0236 must be mitigated by the user. See "Server Side Includes" at https://httpd.apache.org/docs/2.4/misc/security_tips.html
|
||||
Patch100: CVE-1999-0236.nopatch
|
||||
# CVE-1999-1412 applies only to MacOS X
|
||||
Patch101: CVE-1999-1412.nopatch
|
||||
# CVE-2007-0086 has been disputed to not be a vulnerability since 2007 due to default system configurations securing against it.
|
||||
Patch102: CVE-2007-0086.nopatch
|
||||
|
||||
BuildRequires: openssl
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: pcre-devel
|
||||
|
@ -185,17 +192,18 @@ fi
|
|||
%{_bindir}/dbmmanage
|
||||
|
||||
%changelog
|
||||
* Tue Oct 06 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 2.4.46-3
|
||||
- Mark CVE-2007-0086 as nopatch
|
||||
* Mon Sep 28 2020 Daniel McIlvaney <damcilva@microsoft.com> 2.4.46-2
|
||||
- Mark CVE-1999-0236 CVE-1999-1412 as nopatch
|
||||
* Tue Aug 18 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 2.4.46-1
|
||||
- Updated to 2.4.46 to resolve CVE-2020-11984.
|
||||
|
||||
* Tue May 19 2020 Ruying Chen <v-ruyche@microsoft.com> 2.4.43-1
|
||||
- Updated to 2.4.43 to resolve the following CVEs
|
||||
- CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097
|
||||
- CVE-2019-10098, CVE-2020-1927, CVE-2020-1934
|
||||
|
||||
* Sat May 09 00:20:57 PST 2020 Nick Samson <nisamson@microsoft.com> - 2.4.39-4
|
||||
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 2.4.39-4
|
||||
- Added %%license line automatically
|
||||
|
||||
* Tue Apr 07 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 2.4.39-3
|
||||
- Updated and verified 'Source0', 'Patch0' and 'URL' tags.
|
||||
- License verified.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Summary: initramfs
|
||||
Name: initramfs
|
||||
Version: 2.0
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
Source0: fscks.conf
|
||||
License: Apache License
|
||||
Group: System Environment/Base
|
||||
|
@ -66,6 +66,22 @@ mkdir -p %{_localstatedir}/lib/rpm-state/initramfs \
|
|||
touch %{_localstatedir}/lib/rpm-state/initramfs/regenerate \
|
||||
echo "initramfs (re)generation" %* >&2
|
||||
|
||||
# kdump currently uses the host system's initrd when enrolling a crash kernel
|
||||
# and initrd. There is a limitation where the kdump initrd must be generated
|
||||
# with dracut in "host-only" mode.
|
||||
#
|
||||
# The -k option forces "host-only" initrd build for the specified kernel version.
|
||||
# The -q option suppresses verbose output
|
||||
#
|
||||
# If mkinitrd is called without <image> and <kernel-version> parameters, it will
|
||||
# default to invoking dracut in "host-mode" mode on every kernel version it can
|
||||
# find in /boot.
|
||||
#
|
||||
# If mkinitrd is called with <image> and <kernel-version> parameters, it will
|
||||
# default to invoking dracut in "generic host" mode to create an initrd.
|
||||
#
|
||||
# So in order to be compatible with kdump, we need to make sure to add the -k
|
||||
# option when invoking mkinitrd with an explicit <image> and <kernel version>
|
||||
%define file_trigger_action() \
|
||||
cat > /dev/null \
|
||||
if [ -f %{_localstatedir}/lib/rpm-state/initramfs/regenerate ]; then \
|
||||
|
@ -74,7 +90,7 @@ if [ -f %{_localstatedir}/lib/rpm-state/initramfs/regenerate ]; then \
|
|||
elif [ -d %{_localstatedir}/lib/rpm-state/initramfs/pending ]; then \
|
||||
for k in `ls %{_localstatedir}/lib/rpm-state/initramfs/pending/`; do \
|
||||
echo "(re)generate initramfs for $k," %* >&2 \
|
||||
mkinitrd -q /boot/initrd.img-$k $k \
|
||||
mkinitrd -q /boot/initrd.img-$k $k -k \
|
||||
done; \
|
||||
fi \
|
||||
%removal_action
|
||||
|
@ -111,6 +127,8 @@ echo "initramfs" %{version}-%{release} "postun" >&2
|
|||
%dir %{_localstatedir}/lib/initramfs/kernel
|
||||
|
||||
%changelog
|
||||
* Thu Oct 01 2020 Chris Co <chrco@microsoft.com> 2.0-6
|
||||
- Update file-triggered initrd generation to workaround kdump initrd limitations
|
||||
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 2.0-5
|
||||
- Initial CBL-Mariner import from Photon (license: Apache2).
|
||||
* Mon Aug 27 2018 Dheeraj Shetty <dheerajs@vmware.com> 2.0-4
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"ivykis-0.42.4.tar.gz" : "1ce0341648daedd6d5408e8512bf3999d9aa4f1c1d1432f5eeb37436c9dbecdd"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,48 @@
|
|||
Name: ivykis
|
||||
Summary: Library for asynchronous I/O readiness notification
|
||||
Version: 0.42.4
|
||||
Release: 2%{?dist}
|
||||
License: LGPLv2+
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
URL: https://github.com/buytenh/ivykis
|
||||
#Source0: %{url}/archive/v%{version}.tar.gz
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
|
||||
%description
|
||||
Ivykis is a library for asynchronous I/O readiness notification.
|
||||
|
||||
%package devel
|
||||
Summary: Development files for %{name}
|
||||
Requires: %{name} = %{version}
|
||||
|
||||
%description devel
|
||||
Development files for %{name}
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
%configure
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
make DESTDIR=%{buildroot} install
|
||||
|
||||
%files
|
||||
%license COPYING
|
||||
%{_libdir}/*.so.*
|
||||
%{_mandir}/man3/*.3.gz
|
||||
|
||||
%files devel
|
||||
%{_libdir}/{*.a,*.la,*.so}
|
||||
%{_libdir}/pkgconfig/%{name}.pc
|
||||
%{_includedir}/*
|
||||
|
||||
%changelog
|
||||
* Mon Oct 19 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 0.42.4-2
|
||||
- License verified.
|
||||
- Added source URL.
|
||||
- Added 'URL', 'Vendor', and 'Distribution' tags.
|
||||
* Mon Apr 13 2020 Jonathan Chiu <jochi@microsoft.com> 0.42.4-1
|
||||
- Original version for CBL-Mariner.
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"jsonbuilder-0.2.1.tar.gz": "185010e7e4de00040d0245cd03d3a638698eabadd3b0e4f0591ad9f0f41d5158"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,68 @@
|
|||
Summary: Modern C++ library for an efficient container for building JSON objects
|
||||
Name: jsonbuilder
|
||||
Version: 0.2.1
|
||||
Release: 2%{?dist}
|
||||
License: MIT
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Group: System Environment
|
||||
URL: https://github.com/microsoft/jsonbuilder
|
||||
#Source0: https://github.com/microsoft/%{name}/archive/v%{version}.tar.gz
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
BuildRequires: catch-devel
|
||||
BuildRequires: cmake
|
||||
BuildRequires: gcc
|
||||
BuildRequires: util-linux-devel
|
||||
|
||||
%description
|
||||
JsonBuilder is a small C++ library for building a space-efficient binary representation of structured data and,
|
||||
when ready, rendering it to JSON. The library offers STL-like syntax for adding and finding data as well as STL-like
|
||||
iterators for efficiently tracking location.
|
||||
|
||||
%package devel
|
||||
Summary: Development files for jsonbuilder
|
||||
Group: System Environment/Libraries
|
||||
Requires: jsonbuilder = %{version}-%{release}
|
||||
|
||||
%description devel
|
||||
This package contains the headers and symlinks for using jsonbuilder from libraries and applications.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
mkdir build && cd build
|
||||
%cmake ..
|
||||
%make_build
|
||||
|
||||
%check
|
||||
make test -C build
|
||||
|
||||
%install
|
||||
%make_install -C build
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%license LICENSE
|
||||
%doc README.md
|
||||
%{_libdir}/libjsonbuilder.so.*
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root)
|
||||
%{_libdir}/libjsonbuilder.so
|
||||
%{_libdir}/cmake/jsonbuilder
|
||||
%{_includedir}/jsonbuilder
|
||||
|
||||
%changelog
|
||||
* Wed Oct 07 2020 Thomas Crain <thcrain@microsoft.com> - 0.2.1-2
|
||||
- Updated #Source0 URL
|
||||
- Verified License field and %%license macro
|
||||
|
||||
* Fri Aug 28 2020 Francisco Huelsz Prince <frhuelsz@microsoft.com> - 0.2.1-1
|
||||
- Update to v0.2.1
|
||||
|
||||
* Wed Feb 12 2020 Nick Bopp <nichbop@microsoft.com> - 0.2-1
|
||||
- Original version for CBL-Mariner.
|
|
@ -2,7 +2,7 @@
|
|||
Summary: Linux Kernel optimized for Hyper-V
|
||||
Name: kernel-hyperv
|
||||
Version: 5.4.51
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: GPLv2
|
||||
URL: https://github.com/microsoft/WSL2-Linux-Kernel
|
||||
Group: System Environment/Kernel
|
||||
|
@ -202,7 +202,8 @@ echo "initrd of kernel %{uname_r} removed" >&2
|
|||
%postun
|
||||
if [ ! -e /boot/mariner.cfg ]
|
||||
then
|
||||
if [ `ls /boot/linux-*.cfg 1> /dev/null 2>&1` ]
|
||||
ls /boot/linux-*.cfg 1> /dev/null 2>&1
|
||||
if [ $? -eq 0 ]
|
||||
then
|
||||
list=`ls -tu /boot/linux-*.cfg | head -n1`
|
||||
test -n "$list" && ln -sf "$list" /boot/mariner.cfg
|
||||
|
@ -257,6 +258,8 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
|
|||
%{_libdir}/perf/include/bpf/*
|
||||
|
||||
%changelog
|
||||
* Wed Sep 30 2020 Emre Girgin <mrgirgin@microsoft.com> 5.4.51-4
|
||||
- Update postun script to deal with removal in case of another installed kernel.
|
||||
* Thu Sep 03 2020 Daniel McIlvaney <damcilva@microsoft.com> 5.4.51-3
|
||||
- Add code to check for missing config flags in the checked in configs
|
||||
* Tue Sep 01 2020 Chris Co <chrco@microsoft.com> 5.4.51-2
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
CVE-2010-3865 - Already patched in 5.4.51 stable kernel
|
||||
Upstream commit - 1b1f693d7ad6d193862dcb1118540a030c5e761f
|
||||
Same commit id in stable branch
|
|
@ -0,0 +1,3 @@
|
|||
CVE-2020-10757 - Already patched in 5.4.51 stable kernel
|
||||
Upstream commit - 5bfea2d9b17f1034a68147a8b03b9789af5700f9
|
||||
Stable commit - 5a047df0b5fce377df37de75380321d1c8ca07a0
|
|
@ -0,0 +1,3 @@
|
|||
CVE-2020-11668 - Already patched in 5.4.51 stable kernel
|
||||
Upstream commit - a246b4d547708f33ff4d4b9a7a5dbac741dc89d8
|
||||
Stable commit - cb595cb0a1e8e07213337f063cd39a3e80fc43a0
|
|
@ -0,0 +1,3 @@
|
|||
CVE-2020-12653 - Already patched in 5.4.51 stable kernel
|
||||
Upstream commit - b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d
|
||||
Stable commit - 3c822e1f31186767d6b7261c3c066f01907ecfca
|
|
@ -0,0 +1,3 @@
|
|||
CVE-2020-12654 - Already patched in 5.4.51 stable kernel
|
||||
Upstream commit - 3a9b153c5591548612c3955c9600a98150c81875
|
||||
Stable commit - c5b071e3f44d1125694ad4dcf1234fb9a78d0be6
|
|
@ -0,0 +1,3 @@
|
|||
CVE-2020-12657 - Already patched in 5.4.51 stable kernel
|
||||
Upstream commit - 2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9
|
||||
Stable commit - b2ae36d220eddd88f9a1264176e3104d988f72fe
|
|
@ -0,0 +1,3 @@
|
|||
CVE-2020-24394 - Already patched in 5.4.51 stable kernel
|
||||
Upstream commit - 22cf8419f1319ff87ec759d0ebdff4cbafaee832
|
||||
Stable commit - c506f985d8d151383559c0760bb1ef7466e218d4
|
|
@ -0,0 +1,3 @@
|
|||
CVE-2020-8428 - Already patched in 5.4.51 stable kernel
|
||||
Upstream commit - d0cb50185ae942b03c4327be322055d622dc79f6
|
||||
Stable commit - 454759886d0b463213fad0f1c733469e2c501ab9
|
|
@ -974,6 +974,7 @@ CONFIG_UNIX_SCM=y
|
|||
CONFIG_UNIX_DIAG=m
|
||||
# CONFIG_TLS is not set
|
||||
CONFIG_XFRM=y
|
||||
CONFIG_XFRM_OFFLOAD=y
|
||||
CONFIG_XFRM_ALGO=m
|
||||
CONFIG_XFRM_USER=m
|
||||
# CONFIG_XFRM_INTERFACE is not set
|
||||
|
@ -1013,7 +1014,7 @@ CONFIG_NET_UDP_TUNNEL=m
|
|||
# CONFIG_NET_FOU_IP_TUNNELS is not set
|
||||
CONFIG_INET_AH=m
|
||||
CONFIG_INET_ESP=m
|
||||
# CONFIG_INET_ESP_OFFLOAD is not set
|
||||
CONFIG_INET_ESP_OFFLOAD=m
|
||||
CONFIG_INET_IPCOMP=m
|
||||
CONFIG_INET_XFRM_TUNNEL=m
|
||||
CONFIG_INET_TUNNEL=m
|
||||
|
@ -1045,7 +1046,7 @@ CONFIG_IPV6_ROUTE_INFO=y
|
|||
CONFIG_IPV6_OPTIMISTIC_DAD=y
|
||||
CONFIG_INET6_AH=m
|
||||
CONFIG_INET6_ESP=m
|
||||
# CONFIG_INET6_ESP_OFFLOAD is not set
|
||||
CONFIG_INET6_ESP_OFFLOAD=m
|
||||
CONFIG_INET6_IPCOMP=m
|
||||
CONFIG_IPV6_MIP6=m
|
||||
# CONFIG_IPV6_ILA is not set
|
||||
|
@ -1546,7 +1547,7 @@ CONFIG_NET_MPLS_GSO=m
|
|||
# CONFIG_MPLS_ROUTING is not set
|
||||
CONFIG_NET_NSH=m
|
||||
# CONFIG_HSR is not set
|
||||
# CONFIG_NET_SWITCHDEV is not set
|
||||
CONFIG_NET_SWITCHDEV=y
|
||||
CONFIG_NET_L3_MASTER_DEV=y
|
||||
# CONFIG_NET_NCSI is not set
|
||||
CONFIG_RPS=y
|
||||
|
@ -2424,7 +2425,9 @@ CONFIG_IXGBE=m
|
|||
CONFIG_IXGBE_HWMON=y
|
||||
CONFIG_IXGBE_DCA=y
|
||||
CONFIG_IXGBE_DCB=y
|
||||
CONFIG_IXGBE_IPSEC=y
|
||||
CONFIG_IXGBEVF=m
|
||||
CONFIG_IXGBEVF_IPSEC=y
|
||||
CONFIG_I40E=m
|
||||
CONFIG_I40E_DCB=y
|
||||
CONFIG_IAVF=m
|
||||
|
@ -2447,15 +2450,29 @@ CONFIG_MLX4_CORE=m
|
|||
CONFIG_MLX4_DEBUG=y
|
||||
# CONFIG_MLX4_CORE_GEN2 is not set
|
||||
CONFIG_MLX5_CORE=m
|
||||
# CONFIG_MLX5_FPGA is not set
|
||||
CONFIG_MLX5_ACCEL=y
|
||||
CONFIG_MLX5_FPGA=y
|
||||
CONFIG_MLX5_CORE_EN=y
|
||||
CONFIG_MLX5_EN_ARFS=y
|
||||
CONFIG_MLX5_EN_RXNFC=y
|
||||
CONFIG_MLX5_MPFS=y
|
||||
CONFIG_MLX5_ESWITCH=y
|
||||
CONFIG_MLX5_CORE_EN_DCB=y
|
||||
CONFIG_MLX5_CORE_IPOIB=y
|
||||
# CONFIG_MLXSW_CORE is not set
|
||||
# CONFIG_MLXFW is not set
|
||||
CONFIG_MLX5_FPGA_IPSEC=y
|
||||
CONFIG_MLX5_EN_IPSEC=y
|
||||
CONFIG_MLX5_SW_STEERING=y
|
||||
CONFIG_MLXSW_CORE=m
|
||||
CONFIG_MLXSW_CORE_HWMON=y
|
||||
CONFIG_MLXSW_CORE_THERMAL=y
|
||||
CONFIG_MLXSW_PCI=m
|
||||
CONFIG_MLXSW_I2C=m
|
||||
CONFIG_MLXSW_SWITCHIB=m
|
||||
CONFIG_MLXSW_SWITCHX2=m
|
||||
CONFIG_MLXSW_SPECTRUM=m
|
||||
CONFIG_MLXSW_SPECTRUM_DCB=y
|
||||
CONFIG_MLXSW_MINIMAL=m
|
||||
CONFIG_MLXFW=m
|
||||
# CONFIG_NET_VENDOR_MICREL is not set
|
||||
CONFIG_NET_VENDOR_MICROCHIP=y
|
||||
# CONFIG_LAN743X is not set
|
||||
|
@ -2496,6 +2513,7 @@ CONFIG_8139TOO_8129=y
|
|||
CONFIG_R8169=m
|
||||
CONFIG_NET_VENDOR_RENESAS=y
|
||||
CONFIG_NET_VENDOR_ROCKER=y
|
||||
CONFIG_ROCKER=m
|
||||
CONFIG_NET_VENDOR_SAMSUNG=y
|
||||
# CONFIG_SXGBE_ETH is not set
|
||||
# CONFIG_NET_VENDOR_SEEQ is not set
|
||||
|
@ -2957,7 +2975,7 @@ CONFIG_IPMI_SI=m
|
|||
# CONFIG_IPMI_SSIF is not set
|
||||
CONFIG_IPMI_WATCHDOG=m
|
||||
CONFIG_IPMI_POWEROFF=m
|
||||
CONFIG_HW_RANDOM=m
|
||||
CONFIG_HW_RANDOM=y
|
||||
CONFIG_HW_RANDOM_TIMERIOMEM=m
|
||||
CONFIG_HW_RANDOM_INTEL=m
|
||||
CONFIG_HW_RANDOM_AMD=m
|
||||
|
@ -2972,10 +2990,10 @@ CONFIG_HPET=y
|
|||
CONFIG_HPET_MMAP=y
|
||||
CONFIG_HPET_MMAP_DEFAULT=y
|
||||
CONFIG_HANGCHECK_TIMER=m
|
||||
CONFIG_TCG_TPM=m
|
||||
CONFIG_TCG_TPM=y
|
||||
CONFIG_HW_RANDOM_TPM=y
|
||||
CONFIG_TCG_TIS_CORE=m
|
||||
CONFIG_TCG_TIS=m
|
||||
CONFIG_TCG_TIS_CORE=y
|
||||
CONFIG_TCG_TIS=y
|
||||
CONFIG_TCG_TIS_I2C_ATMEL=m
|
||||
CONFIG_TCG_TIS_I2C_INFINEON=m
|
||||
CONFIG_TCG_TIS_I2C_NUVOTON=m
|
||||
|
@ -2983,7 +3001,7 @@ CONFIG_TCG_NSC=m
|
|||
CONFIG_TCG_ATMEL=m
|
||||
CONFIG_TCG_INFINEON=m
|
||||
CONFIG_TCG_XEN=m
|
||||
CONFIG_TCG_CRB=m
|
||||
CONFIG_TCG_CRB=y
|
||||
# CONFIG_TCG_VTPM_PROXY is not set
|
||||
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
|
||||
# CONFIG_TELCLOCK is not set
|
||||
|
@ -5141,7 +5159,7 @@ CONFIG_MXM_WMI=m
|
|||
# CONFIG_INTEL_PMC_IPC is not set
|
||||
# CONFIG_SURFACE_PRO3_BUTTON is not set
|
||||
CONFIG_INTEL_PUNIT_IPC=m
|
||||
# CONFIG_MLX_PLATFORM is not set
|
||||
CONFIG_MLX_PLATFORM=m
|
||||
# CONFIG_INTEL_TURBO_MAX_3 is not set
|
||||
# CONFIG_I2C_MULTI_INSTANTIATE is not set
|
||||
# CONFIG_INTEL_ATOMISP2_PM is not set
|
||||
|
@ -6027,7 +6045,22 @@ CONFIG_SECURITY_SAFESETID=y
|
|||
CONFIG_INTEGRITY=y
|
||||
# CONFIG_INTEGRITY_SIGNATURE is not set
|
||||
CONFIG_INTEGRITY_AUDIT=y
|
||||
# CONFIG_IMA is not set
|
||||
CONFIG_IMA=y
|
||||
CONFIG_IMA_MEASURE_PCR_IDX=10
|
||||
CONFIG_IMA_LSM_RULES=y
|
||||
# CONFIG_IMA_TEMPLATE is not set
|
||||
# CONFIG_IMA_NG_TEMPLATE is not set
|
||||
CONFIG_IMA_SIG_TEMPLATE=y
|
||||
CONFIG_IMA_DEFAULT_TEMPLATE="ima-sig"
|
||||
# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
|
||||
CONFIG_IMA_DEFAULT_HASH_SHA256=y
|
||||
# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
|
||||
CONFIG_IMA_DEFAULT_HASH="sha256"
|
||||
CONFIG_IMA_WRITE_POLICY=y
|
||||
CONFIG_IMA_READ_POLICY=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
|
||||
CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
|
||||
# CONFIG_EVM is not set
|
||||
# CONFIG_DEFAULT_SECURITY_SELINUX is not set
|
||||
# CONFIG_DEFAULT_SECURITY_SMACK is not set
|
||||
|
@ -6106,7 +6139,7 @@ CONFIG_CRYPTO_ENGINE=m
|
|||
# Public-key cryptography
|
||||
#
|
||||
CONFIG_CRYPTO_RSA=y
|
||||
# CONFIG_CRYPTO_DH is not set
|
||||
CONFIG_CRYPTO_DH=m
|
||||
CONFIG_CRYPTO_ECC=m
|
||||
CONFIG_CRYPTO_ECDH=m
|
||||
# CONFIG_CRYPTO_ECRDSA is not set
|
||||
|
@ -6144,7 +6177,7 @@ CONFIG_CRYPTO_ESSIV=m
|
|||
# Hash modes
|
||||
#
|
||||
CONFIG_CRYPTO_CMAC=m
|
||||
CONFIG_CRYPTO_HMAC=m
|
||||
CONFIG_CRYPTO_HMAC=y
|
||||
# CONFIG_CRYPTO_XCBC is not set
|
||||
# CONFIG_CRYPTO_VMAC is not set
|
||||
|
||||
|
@ -6253,12 +6286,13 @@ CONFIG_CRYPTO_HW=y
|
|||
# CONFIG_CRYPTO_DEV_ATMEL_ECC is not set
|
||||
# CONFIG_CRYPTO_DEV_ATMEL_SHA204A is not set
|
||||
# CONFIG_CRYPTO_DEV_CCP is not set
|
||||
# CONFIG_CRYPTO_DEV_QAT_DH895xCC is not set
|
||||
# CONFIG_CRYPTO_DEV_QAT_C3XXX is not set
|
||||
# CONFIG_CRYPTO_DEV_QAT_C62X is not set
|
||||
# CONFIG_CRYPTO_DEV_QAT_DH895xCCVF is not set
|
||||
# CONFIG_CRYPTO_DEV_QAT_C3XXXVF is not set
|
||||
# CONFIG_CRYPTO_DEV_QAT_C62XVF is not set
|
||||
CONFIG_CRYPTO_DEV_QAT=m
|
||||
CONFIG_CRYPTO_DEV_QAT_DH895xCC=m
|
||||
CONFIG_CRYPTO_DEV_QAT_C3XXX=m
|
||||
CONFIG_CRYPTO_DEV_QAT_C62X=m
|
||||
CONFIG_CRYPTO_DEV_QAT_DH895xCCVF=m
|
||||
CONFIG_CRYPTO_DEV_QAT_C3XXXVF=m
|
||||
CONFIG_CRYPTO_DEV_QAT_C62XVF=m
|
||||
# CONFIG_CRYPTO_DEV_NITROX_CNN55XX is not set
|
||||
# CONFIG_CRYPTO_DEV_CHELSIO is not set
|
||||
CONFIG_CRYPTO_DEV_VIRTIO=m
|
||||
|
@ -6393,6 +6427,8 @@ CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y
|
|||
CONFIG_ARCH_HAS_UACCESS_MCSAFE=y
|
||||
CONFIG_ARCH_STACKWALK=y
|
||||
CONFIG_SBITMAP=y
|
||||
CONFIG_PARMAN=m
|
||||
CONFIG_OBJAGG=m
|
||||
# CONFIG_STRING_SELFTEST is not set
|
||||
# end of Library routines
|
||||
|
||||
|
@ -6613,6 +6649,7 @@ CONFIG_RUNTIME_TESTING_MENU=y
|
|||
# CONFIG_TEST_RHASHTABLE is not set
|
||||
# CONFIG_TEST_HASH is not set
|
||||
# CONFIG_TEST_IDA is not set
|
||||
# CONFIG_TEST_PARMAN is not set
|
||||
# CONFIG_TEST_LKM is not set
|
||||
# CONFIG_TEST_VMALLOC is not set
|
||||
# CONFIG_TEST_USER_COPY is not set
|
||||
|
@ -6625,6 +6662,7 @@ CONFIG_RUNTIME_TESTING_MENU=y
|
|||
# CONFIG_TEST_STATIC_KEYS is not set
|
||||
# CONFIG_TEST_KMOD is not set
|
||||
# CONFIG_TEST_MEMCAT_P is not set
|
||||
# CONFIG_TEST_OBJAGG is not set
|
||||
# CONFIG_TEST_STACKINIT is not set
|
||||
# CONFIG_TEST_MEMINIT is not set
|
||||
CONFIG_MEMTEST=y
|
||||
|
|
|
@ -2879,7 +2879,7 @@ CONFIG_IPMI_SI=m
|
|||
CONFIG_IPMI_WATCHDOG=m
|
||||
CONFIG_IPMI_POWEROFF=m
|
||||
# CONFIG_IPMB_DEVICE_INTERFACE is not set
|
||||
CONFIG_HW_RANDOM=m
|
||||
CONFIG_HW_RANDOM=y
|
||||
CONFIG_HW_RANDOM_TIMERIOMEM=m
|
||||
CONFIG_HW_RANDOM_BCM2835=m
|
||||
CONFIG_HW_RANDOM_IPROC_RNG200=m
|
||||
|
@ -2894,10 +2894,10 @@ CONFIG_HW_RANDOM_CAVIUM=m
|
|||
# CONFIG_APPLICOM is not set
|
||||
CONFIG_RAW_DRIVER=m
|
||||
CONFIG_MAX_RAW_DEVS=8192
|
||||
CONFIG_TCG_TPM=m
|
||||
CONFIG_TCG_TPM=y
|
||||
CONFIG_HW_RANDOM_TPM=y
|
||||
CONFIG_TCG_TIS_CORE=m
|
||||
CONFIG_TCG_TIS=m
|
||||
CONFIG_TCG_TIS_CORE=y
|
||||
CONFIG_TCG_TIS=y
|
||||
CONFIG_TCG_TIS_SPI=m
|
||||
CONFIG_TCG_TIS_I2C_ATMEL=m
|
||||
CONFIG_TCG_TIS_I2C_INFINEON=m
|
||||
|
@ -2905,7 +2905,7 @@ CONFIG_TCG_TIS_I2C_NUVOTON=m
|
|||
CONFIG_TCG_ATMEL=m
|
||||
CONFIG_TCG_INFINEON=m
|
||||
CONFIG_TCG_XEN=m
|
||||
# CONFIG_TCG_CRB is not set
|
||||
CONFIG_TCG_CRB=y
|
||||
# CONFIG_TCG_VTPM_PROXY is not set
|
||||
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
|
||||
# CONFIG_TCG_TIS_ST33ZP24_SPI is not set
|
||||
|
@ -6290,7 +6290,23 @@ CONFIG_SECURITY_SAFESETID=y
|
|||
CONFIG_INTEGRITY=y
|
||||
# CONFIG_INTEGRITY_SIGNATURE is not set
|
||||
CONFIG_INTEGRITY_AUDIT=y
|
||||
# CONFIG_IMA is not set
|
||||
CONFIG_IMA=y
|
||||
# CONFIG_IMA_KEXEC is not set
|
||||
CONFIG_IMA_MEASURE_PCR_IDX=10
|
||||
CONFIG_IMA_LSM_RULES=y
|
||||
# CONFIG_IMA_TEMPLATE is not set
|
||||
# CONFIG_IMA_NG_TEMPLATE is not set
|
||||
CONFIG_IMA_SIG_TEMPLATE=y
|
||||
CONFIG_IMA_DEFAULT_TEMPLATE="ima-sig"
|
||||
# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
|
||||
CONFIG_IMA_DEFAULT_HASH_SHA256=y
|
||||
# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
|
||||
CONFIG_IMA_DEFAULT_HASH="sha256"
|
||||
CONFIG_IMA_WRITE_POLICY=y
|
||||
CONFIG_IMA_READ_POLICY=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
|
||||
CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
|
||||
# CONFIG_EVM is not set
|
||||
# CONFIG_DEFAULT_SECURITY_SELINUX is not set
|
||||
# CONFIG_DEFAULT_SECURITY_SMACK is not set
|
||||
|
@ -6399,7 +6415,7 @@ CONFIG_CRYPTO_ESSIV=m
|
|||
# Hash modes
|
||||
#
|
||||
CONFIG_CRYPTO_CMAC=m
|
||||
CONFIG_CRYPTO_HMAC=m
|
||||
CONFIG_CRYPTO_HMAC=y
|
||||
# CONFIG_CRYPTO_XCBC is not set
|
||||
# CONFIG_CRYPTO_VMAC is not set
|
||||
|
||||
|
@ -6420,8 +6436,8 @@ CONFIG_CRYPTO_MD5=y
|
|||
# CONFIG_CRYPTO_RMD256 is not set
|
||||
# CONFIG_CRYPTO_RMD320 is not set
|
||||
CONFIG_CRYPTO_SHA1=y
|
||||
CONFIG_CRYPTO_LIB_SHA256=m
|
||||
CONFIG_CRYPTO_SHA256=m
|
||||
CONFIG_CRYPTO_LIB_SHA256=y
|
||||
CONFIG_CRYPTO_SHA256=y
|
||||
CONFIG_CRYPTO_SHA512=y
|
||||
# CONFIG_CRYPTO_SHA3 is not set
|
||||
# CONFIG_CRYPTO_SM3 is not set
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"config": "cb99faaac82f05b84539e4b99633b5a444de5b2db01ed37946afa0360d1f94f0",
|
||||
"config_aarch64": "98bcf0f9c9fa02e11ad255ae352461b8ef7d53daf02c707a8a9b53f9bfb32db3",
|
||||
"config": "b8c9e2a875e4e6655fdbeb626088529fd1cef401b8f67a481fc301d2a3a026c5",
|
||||
"config_aarch64": "3057cf5c5f04b57c4d69f9783d4809de217fb46a4278694c19f6c3ffd81249c5",
|
||||
"linux-msft-5.4.51.tar.gz": "3bcd6b09e952fac4f708614658b508ce80c8e25c04780b6b44a481b1479a08e7"
|
||||
}
|
||||
}
|
|
@ -2,7 +2,7 @@
|
|||
Summary: Linux Kernel
|
||||
Name: kernel
|
||||
Version: 5.4.51
|
||||
Release: 6%{?dist}
|
||||
Release: 12%{?dist}
|
||||
License: GPLv2
|
||||
URL: https://github.com/microsoft/WSL2-Linux-Kernel
|
||||
Group: System Environment/Kernel
|
||||
|
@ -35,6 +35,14 @@ Patch1011: CVE-2020-8648.nopatch
|
|||
Patch1012: CVE-2020-8649.nopatch
|
||||
Patch1013: CVE-2020-9383.nopatch
|
||||
Patch1014: CVE-2020-11725.nopatch
|
||||
Patch1015: CVE-2020-10757.nopatch
|
||||
Patch1016: CVE-2020-12653.nopatch
|
||||
Patch1017: CVE-2020-12657.nopatch
|
||||
Patch1018: CVE-2010-3865.nopatch
|
||||
Patch1019: CVE-2020-11668.nopatch
|
||||
Patch1020: CVE-2020-12654.nopatch
|
||||
Patch1021: CVE-2020-24394.nopatch
|
||||
Patch1022: CVE-2020-8428.nopatch
|
||||
|
||||
BuildRequires: bc
|
||||
BuildRequires: diffutils
|
||||
|
@ -264,7 +272,8 @@ echo "initrd of kernel %{uname_r} removed" >&2
|
|||
%postun
|
||||
if [ ! -e /boot/mariner.cfg ]
|
||||
then
|
||||
if [ `ls /boot/linux-*.cfg 1> /dev/null 2>&1` ]
|
||||
ls /boot/linux-*.cfg 1> /dev/null 2>&1
|
||||
if [ $? -eq 0 ]
|
||||
then
|
||||
list=`ls -tu /boot/linux-*.cfg | head -n1`
|
||||
test -n "$list" && ln -sf "$list" /boot/mariner.cfg
|
||||
|
@ -337,8 +346,21 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
|
|||
%{_libdir}/perf/include/bpf/*
|
||||
|
||||
%changelog
|
||||
* Thu Sep 24 2020 Emre Girgin <mrgirgin@microsoft.cpm> 5.4.51-6
|
||||
* Fri Oct 16 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> 5.4.51-12
|
||||
- Enable QAT kernel configs
|
||||
* Fri Oct 02 2020 Chris Co <chrco@microsoft.com> 5.4.51-11
|
||||
- Address CVE-2020-10757, CVE-2020-12653, CVE-2020-12657, CVE-2010-3865,
|
||||
- CVE-2020-11668, CVE-2020-12654, CVE-2020-24394, CVE-2020-8428
|
||||
* Fri Oct 02 2020 Chris Co <chrco@microsoft.com> 5.4.51-10
|
||||
- Fix aarch64 build error
|
||||
* Wed Sep 30 2020 Emre Girgin <mrgirgin@microsoft.com> 5.4.51-9
|
||||
- Update postun script to deal with removal in case of another installed kernel.
|
||||
* Fri Sep 25 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> 5.4.51-8
|
||||
- Enable Mellanox kernel configs
|
||||
* Thu Sep 24 2020 Emre Girgin <mrgirgin@microsoft.cpm> 5.4.51-7
|
||||
- Replace the misuse of the 'archdir' and `arch` shell variables.
|
||||
* Wed Sep 23 2020 Daniel McIlvaney <damcilva@microsoft.com> 5.4.51-6
|
||||
- Enable CONFIG_IMA (measurement only) and associated configs
|
||||
* Thu Sep 03 2020 Daniel McIlvaney <damcilva@microsoft.com> 5.4.51-5
|
||||
- Add code to check for missing config flags in the checked in configs
|
||||
* Thu Sep 03 2020 Chris Co <chrco@microsoft.com> 5.4.51-4
|
||||
|
|
|
@ -12,6 +12,7 @@ Requires: openssl
|
|||
Requires: e2fsprogs-libs
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: e2fsprogs-devel
|
||||
|
||||
Provides: pkgconfig(mit-krb5)
|
||||
Provides: pkgconfig(mit-krb5-gssapi)
|
||||
%description
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
Summary: POSIX capability Library
|
||||
Name: libcap-ng
|
||||
Version: 0.7.9
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: LGPLv2+
|
||||
Group: System Environment/Libraries
|
||||
URL: http://people.redhat.com/sgrubb/libcap-ng
|
||||
|
@ -61,8 +61,7 @@ make DESTDIR=%{buildroot} install
|
|||
find %{buildroot} -name '*.la' -delete
|
||||
|
||||
%check
|
||||
chown -Rv nobody .
|
||||
sudo -u nobody -s /bin/bash -c "PATH=$PATH make -k check"
|
||||
make check
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
%postun -p /sbin/ldconfig
|
||||
|
@ -90,6 +89,8 @@ sudo -u nobody -s /bin/bash -c "PATH=$PATH make -k check"
|
|||
%{_libdir}/*.a
|
||||
|
||||
%changelog
|
||||
* Mon Oct 19 2020 Andrew Phelps <anphel@microsoft.com> 0.7.9-3
|
||||
- Fix check test
|
||||
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 0.7.9-2
|
||||
- Initial CBL-Mariner import from Photon (license: Apache2).
|
||||
- Added %%license line automatically
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
Summary: String handling essentials library
|
||||
Name: libestr
|
||||
Version: 0.1.10
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
License: LGPLv2+
|
||||
URL: http://libestr.adiscon.com/
|
||||
Source0: http://libestr.adiscon.com/files/download/%{name}-%{version}.tar.gz
|
||||
%define sha1 libestr=35cc717f5ae737a28140dd1472e13ce2ec317c6c
|
||||
Group: System Environment/Base
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Group: System Environment/Base
|
||||
URL: https://libestr.adiscon.com/
|
||||
Source0: http://%{name}.adiscon.com/files/download/%{name}-%{version}.tar.gz
|
||||
BuildRequires: gcc
|
||||
|
||||
%description
|
||||
This package compiles the string handling essentials library
|
||||
used by the Rsyslog daemon.
|
||||
|
@ -23,33 +24,45 @@ developing applications that use libestr.
|
|||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
./configure \
|
||||
--prefix=%{_prefix}
|
||||
%configure
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
make DESTDIR=%{buildroot} install
|
||||
find %{buildroot} -type f -name "*.la" -delete -print
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%license COPYING
|
||||
%{_libdir}/*.so.*
|
||||
%{_libdir}/*.a
|
||||
%{_libdir}/*.la
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root)
|
||||
%{_includedir}/*
|
||||
%{_libdir}/*.so
|
||||
%{_libdir}/pkgconfig/*.pc
|
||||
|
||||
%changelog
|
||||
* Sat May 09 00:21:00 PST 2020 Nick Samson <nisamson@microsoft.com> - 0.1.10-4
|
||||
* Mon Oct 12 2020 Thomas Crain <thcrain@microsoft.com> - 0.1.10-5
|
||||
- Remove %%sha1 line
|
||||
- Lint to Mariner style
|
||||
- Remove *.la files
|
||||
- License verified.
|
||||
|
||||
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> - 0.1.10-4
|
||||
- Added %%license line automatically
|
||||
|
||||
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 0.1.10-3
|
||||
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> - 0.1.10-3
|
||||
- Initial CBL-Mariner import from Photon (license: Apache2).
|
||||
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 0.1.10-2
|
||||
|
||||
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> - 0.1.10-2
|
||||
- GA - Bump release of all rpms
|
||||
* Wed Jun 17 2015 Divya Thaluru <dthaluru@vmware.com> 0.1.10-1
|
||||
|
||||
* Wed Jun 17 2015 Divya Thaluru <dthaluru@vmware.com> - 0.1.10-1
|
||||
- Initial build. First version
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
Summary: A portable, high level programming interface to various calling conventions
|
||||
Name: libffi
|
||||
Version: 3.2.1
|
||||
Release: 10%{?dist}
|
||||
Release: 12%{?dist}
|
||||
License: BSD
|
||||
URL: http://sourceware.org/libffi/
|
||||
Group: System Environment/GeneralLibraries
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Source0: ftp://sourceware.org/pub/libffi/%{name}-%{version}.tar.gz
|
||||
Source0: https://gcc.gnu.org/pub/libffi/%{name}-%{version}.tar.gz
|
||||
Provides: pkgconfig(libffi)
|
||||
#%if %{with_check}
|
||||
#BuildRequires: dejagnu
|
||||
|
@ -29,17 +29,18 @@ It contains the libraries and header files to create applications
|
|||
|
||||
%build
|
||||
sed -e '/^includesdir/ s:$(libdir)/@PACKAGE_NAME@-@PACKAGE_VERSION@/include:$(includedir):' \
|
||||
-i include/Makefile.in &&
|
||||
-i include/Makefile.in
|
||||
# Fix .so files getting placed in $(libdir)/../lib64/
|
||||
sed -e 's:$(DESTDIR)$(toolexeclibdir):$(DESTDIR)$(libdir):g' \
|
||||
-i Makefile.in
|
||||
|
||||
sed -e '/^includedir/ s:${libdir}/@PACKAGE_NAME@-@PACKAGE_VERSION@/include:@includedir@:' \
|
||||
-e 's/^Cflags: -I${includedir}/Cflags:/' \
|
||||
-i libffi.pc.in &&
|
||||
./configure \
|
||||
CFLAGS="%{optflags}" \
|
||||
CXXFLAGS="%{optflags}" \
|
||||
--prefix=%{_prefix} \
|
||||
--bindir=%{_bindir} \
|
||||
--libdir=%{_libdir} \
|
||||
-i libffi.pc.in
|
||||
|
||||
%configure \
|
||||
--disable-static
|
||||
|
||||
make %{?_smp_mflags}
|
||||
%install
|
||||
[ %{buildroot} != "/"] && rm -rf %{buildroot}/*
|
||||
|
@ -76,6 +77,11 @@ rm -rf %{buildroot}/*
|
|||
%{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Thu Oct 15 2020 Andrew Phelps <anphel@microsoft.com> 3.2.1-12
|
||||
- Update Source0 to use more reliable https URL instead of ftp
|
||||
* Fri Sep 18 2020 Mateusz Malisz <mamalisz@microsoft.com> 3.2.1-11
|
||||
- Fix normal libffi build by replacing destination for .so files from $(toolexeclibdir) to $(libdir)
|
||||
- Replace ./configure and manual options with %%configure macro
|
||||
* Tue Jul 07 2020 Henry Beberman <henry.beberman@microsoft.com> 3.2.1-10
|
||||
- Comment out dejagnu dependency and check to prevent a rebuild.
|
||||
* Wed May 13 2020 Nick Samson <nisamson@microsoft.com> 3.2.1-9
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"liblogging-1.0.6.tar.gz": "338c6174e5c8652eaa34f956be3451f7491a4416ab489aef63151f802b00bf93"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,78 @@
|
|||
Summary: Logging Libraries
|
||||
Name: liblogging
|
||||
Version: 1.0.6
|
||||
Release: 3%{?dist}
|
||||
License: BSD
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Group: System Environment/Libraries
|
||||
URL: http://www.liblogging.org/
|
||||
Source0: https://download.rsyslog.com/%{name}/%{name}-%{version}.tar.gz
|
||||
BuildRequires: gcc
|
||||
|
||||
%description
|
||||
liblogging (the upstream project) is a collection of several components.
|
||||
Namely: stdlog, journalemu, rfc3195.
|
||||
The stdlog component of liblogging can be viewed as an enhanced version of the
|
||||
syslog(3) API. It retains the easy semantics, but makes the API more
|
||||
sophisticated "behind the scenes" with better support for multiple threads
|
||||
and flexibility for different log destinations (e.g. syslog and systemd
|
||||
journal).
|
||||
|
||||
%package devel
|
||||
Summary: Development libraries and header files for liblogging
|
||||
Requires: liblogging
|
||||
|
||||
%description devel
|
||||
The package contains libraries and header files for
|
||||
developing applications that use liblogging.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
%configure --disable-journal
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
make DESTDIR=%{buildroot} install
|
||||
find %{buildroot} -type f -name "*.la" -delete -print
|
||||
|
||||
%check
|
||||
make %{?_smp_mflags} check
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%license COPYING
|
||||
%{_bindir}/*
|
||||
%{_libdir}/*.so.*
|
||||
%{_mandir}/man1/*
|
||||
%{_mandir}/man3/*
|
||||
%{_libdir}/*.a
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root)
|
||||
%{_libdir}/*.so
|
||||
%{_libdir}/pkgconfig/*.pc
|
||||
%{_includedir}/liblogging/*.h
|
||||
|
||||
%changelog
|
||||
* Mon Oct 12 2020 Thomas Crain <thcrain@microsoft.com> - 1.0.6-3
|
||||
- Remove .la files
|
||||
- Lint to Mariner style
|
||||
- License verified, %%license added
|
||||
|
||||
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> - 1.0.6-2
|
||||
- Initial CBL-Mariner import from Photon (license: Apache2).
|
||||
|
||||
* Tue Apr 11 2017 Harish Udaiya Kumar <hudaiyakumar@vmware.com> - 1.0.6-1
|
||||
- Updated to version 1.0.6
|
||||
|
||||
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> - 1.0.5-2
|
||||
- GA - Bump release of all rpms
|
||||
|
||||
* Wed Jun 17 2015 Divya Thaluru <dthaluru@vmware.com> - 1.0.5-1
|
||||
- Initial build. First version
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"libxml++-3.2.0.tar.xz": "b786fae7fd7820d356698069a787d107995c3efcbef50d8f4efd3766ab768e4f"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,73 @@
|
|||
Summary: libxml++
|
||||
Name: libxml++
|
||||
Version: 3.2.0
|
||||
Release: 3%{?dist}
|
||||
License: LGPLv2+
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
URL: http://libxmlplusplus.sourceforge.net/
|
||||
Source0: https://ftp.gnome.org/pub/GNOME/sources/%{name}/3.2/%{name}-%{version}.tar.xz
|
||||
BuildRequires: glibmm24-devel
|
||||
BuildRequires: libxml2-devel
|
||||
BuildRequires: mm-common
|
||||
BuildRequires: pkg-config
|
||||
Requires: glibmm24
|
||||
Requires: libxml2
|
||||
|
||||
%description
|
||||
This library provides a C++ interface to XML files. It uses libxml2 to access
|
||||
the XML files, and in order to configure libxml++ you must have both libxml2 and
|
||||
pkg-config installed.
|
||||
|
||||
%package doc
|
||||
Summary: Documentation for %{name}
|
||||
Group: Documentation/Other
|
||||
Requires: %{name} = %{version}
|
||||
|
||||
%description doc
|
||||
Documentation for %{name}
|
||||
|
||||
%package devel
|
||||
Summary: Development files for %{name}
|
||||
Requires: %{name} = %{version}
|
||||
|
||||
%description devel
|
||||
This library provides a C++ interface to XML files.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
./autogen.sh
|
||||
%configure
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
make install DESTDIR=%{buildroot}
|
||||
find %{buildroot} -type f -name "*.la" -delete -print
|
||||
|
||||
%files
|
||||
%license COPYING
|
||||
%doc README
|
||||
%{_libdir}/*.so.*
|
||||
|
||||
%files devel
|
||||
%{_includedir}/*
|
||||
%{_libdir}/libxml++-3.0/*
|
||||
%{_libdir}/*.so
|
||||
%{_libdir}/pkgconfig/*
|
||||
|
||||
%files doc
|
||||
%{_docdir}/*
|
||||
%{_datadir}/devhelp/*
|
||||
|
||||
%changelog
|
||||
* Mon Oct 12 2020 Thomas Crain <thcrain@microsoft.com> - 3.2.0-3
|
||||
- Remove .la files
|
||||
- License verified
|
||||
|
||||
* Fri Jun 05 2020 Jonathan Chiu <jochi@microsoft.com> - 3.2.0-2
|
||||
- Update dependency names
|
||||
|
||||
* Mon Mar 30 2020 Jonathan Chiu <jochi@microsoft.com> - 3.2.0-1
|
||||
- Original version for CBL-Mariner
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"lttng-consume-0.2.tar.gz": "c2d56990a28b59439e8bb14be2e342e285c1a3b66b20a21e96271ed886bdfeaa"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,70 @@
|
|||
Summary: Modern C++ library for realtime consumption of LTTNG events
|
||||
Name: lttng-consume
|
||||
Version: 0.2
|
||||
Release: 3%{?dist}
|
||||
License: MIT
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Group: System Environment
|
||||
URL: https://github.com/microsoft/lttng-consume
|
||||
#Source0: https://github.com/microsoft/%{name}/archive/v%{version}.tar.gz
|
||||
Source0: lttng-consume-%{version}.tar.gz
|
||||
BuildRequires: catch-devel
|
||||
BuildRequires: cmake
|
||||
BuildRequires: gcc
|
||||
BuildRequires: jsonbuilder-devel
|
||||
BuildRequires: libbabeltrace2-devel
|
||||
# 'lttng' tool needed for tests to run
|
||||
BuildRequires: lttng-tools
|
||||
BuildRequires: lttng-ust-devel
|
||||
BuildRequires: tracelogging-devel
|
||||
|
||||
%description
|
||||
The lttng-consume project produces JsonBuilder structures from a realtime
|
||||
LTTNG session.
|
||||
|
||||
%package devel
|
||||
Summary: Development files for lttng-consume
|
||||
Group: System Environment/Libraries
|
||||
Requires: lttng-consume = %{version}-%{release}
|
||||
|
||||
%description devel
|
||||
This package contains the headers and symlinks for applications and libraries to
|
||||
use lttng-consume.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
mkdir build && cd build
|
||||
%cmake ..
|
||||
%make_build
|
||||
|
||||
%install
|
||||
%make_install -C build
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc README.md
|
||||
%license LICENSE
|
||||
%{_libdir}/liblttng-consume.so.*
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root)
|
||||
%{_libdir}/liblttng-consume.so
|
||||
%{_libdir}/cmake/lttng-consume
|
||||
%{_includedir}/lttng-consume
|
||||
|
||||
%changelog
|
||||
* Wed Oct 07 2020 Thomas Crain <thcrain@microsoft.com> - 0.2-3
|
||||
- Add #Source0 URL
|
||||
- Verified License field and %%license macro
|
||||
|
||||
* Tue Apr 07 2020 Daniel McIlvaney <damcilva@microsoft.com> - 0.2-2
|
||||
- Require lttng-ust packages.
|
||||
|
||||
* Wed Feb 12 2020 Nick Bopp <nichbop@microsoft.com> - 0.2-1
|
||||
- Original version for CBL-Mariner.
|
|
@ -0,0 +1,34 @@
|
|||
From 6298903e35217ab69c279056f925fb72900ce0b7 Mon Sep 17 00:00:00 2001
|
||||
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
|
||||
Date: Mon, 6 Jul 2020 12:11:54 -0300
|
||||
Subject: [PATCH] Keep minimum size when shrinking a stack
|
||||
|
||||
When shrinking a stack (during GC), do not make it smaller than the
|
||||
initial stack size.
|
||||
---
|
||||
src/ldo.c | 5 ++---
|
||||
1 file changed, 2 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/ldo.c b/ldo.c
|
||||
index c563b1d9..a89ac010 100644
|
||||
--- a/src/ldo.c
|
||||
+++ b/src/ldo.c
|
||||
@@ -220,7 +220,7 @@ static int stackinuse (lua_State *L) {
|
||||
|
||||
void luaD_shrinkstack (lua_State *L) {
|
||||
int inuse = stackinuse(L);
|
||||
- int goodsize = inuse + (inuse / 8) + 2*EXTRA_STACK;
|
||||
+ int goodsize = inuse + BASIC_STACK_SIZE;
|
||||
if (goodsize > LUAI_MAXSTACK)
|
||||
goodsize = LUAI_MAXSTACK; /* respect stack limit */
|
||||
if (L->stacksize > LUAI_MAXSTACK) /* had been handling stack overflow? */
|
||||
@@ -229,8 +229,7 @@ void luaD_shrinkstack (lua_State *L) {
|
||||
luaE_shrinkCI(L); /* shrink list */
|
||||
/* if thread is currently not handling a stack overflow and its
|
||||
good size is smaller than current size, shrink its stack */
|
||||
- if (inuse <= (LUAI_MAXSTACK - EXTRA_STACK) &&
|
||||
- goodsize < L->stacksize)
|
||||
+ if (inuse <= (LUAI_MAXSTACK - EXTRA_STACK) && goodsize < L->stacksize)
|
||||
luaD_reallocstack(L, goodsize);
|
||||
else /* don't change stack */
|
||||
condmovestack(L,{},{}); /* (change only for debugging) */
|
|
@ -0,0 +1,3 @@
|
|||
# CVE-2020-15889 is in the Lua generational garbage collection code, which is new to 5.4.0. 5.3.5 is not affected.
|
||||
# NOTE: Patches needed if updating to 5.4:
|
||||
# - 127e7a6c8942b362aa3c6627f44d660a4fb75312
|
|
@ -0,0 +1,3 @@
|
|||
# CVE-2020-24342 appears to not affect 5.3.5 (no repro of exploit)
|
||||
# NOTE: Patches needed if updating to 5.4:
|
||||
# - 34affe7a63fc5d842580a9f23616d057e17dfe27
|
|
@ -0,0 +1,61 @@
|
|||
Submitted By: Igor Živković <contact@igor-zivkovic.from.hr>
|
||||
Date: 2013-06-19
|
||||
Initial Package Version: 5.2.2
|
||||
Upstream Status: Rejected
|
||||
Origin: Arch Linux packages repository
|
||||
Description: Adds the compilation of a shared library.
|
||||
|
||||
diff -Naur lua-5.3.0.orig/Makefile lua-5.3.0/Makefile
|
||||
--- lua-5.3.0.orig/Makefile 2014-10-30 00:14:41.000000000 +0100
|
||||
+++ lua-5.3.0/Makefile 2015-01-19 22:14:09.822290828 +0100
|
||||
@@ -52,7 +52,7 @@
|
||||
all: $(PLAT)
|
||||
|
||||
$(PLATS) clean:
|
||||
- cd src && $(MAKE) $@
|
||||
+ cd src && $(MAKE) $@ V=$(V) R=$(R)
|
||||
|
||||
test: dummy
|
||||
src/lua -v
|
||||
diff -Naur lua-5.3.0.orig/src/Makefile lua-5.3.0/src/Makefile
|
||||
--- lua-5.3.0.orig/src/Makefile 2015-01-05 17:04:52.000000000 +0100
|
||||
+++ lua-5.3.0/src/Makefile 2015-01-19 22:14:52.559378543 +0100
|
||||
@@ -7,7 +7,7 @@
|
||||
PLAT= none
|
||||
|
||||
CC= gcc -std=gnu99
|
||||
-CFLAGS= -O2 -Wall -Wextra -DLUA_COMPAT_5_2 $(SYSCFLAGS) $(MYCFLAGS)
|
||||
+CFLAGS= -fPIC -O2 -Wall -Wextra -DLUA_COMPAT_5_2 $(SYSCFLAGS) $(MYCFLAGS)
|
||||
LDFLAGS= $(SYSLDFLAGS) $(MYLDFLAGS)
|
||||
LIBS= -lm $(SYSLIBS) $(MYLIBS)
|
||||
|
||||
@@ -29,6 +29,7 @@
|
||||
PLATS= aix bsd c89 freebsd generic linux macosx mingw posix solaris
|
||||
|
||||
LUA_A= liblua.a
|
||||
+LUA_SO= liblua.so
|
||||
CORE_O= lapi.o lcode.o lctype.o ldebug.o ldo.o ldump.o lfunc.o lgc.o llex.o \
|
||||
lmem.o lobject.o lopcodes.o lparser.o lstate.o lstring.o ltable.o \
|
||||
ltm.o lundump.o lvm.o lzio.o
|
||||
@@ -43,7 +44,7 @@
|
||||
LUAC_O= luac.o
|
||||
|
||||
ALL_O= $(BASE_O) $(LUA_O) $(LUAC_O)
|
||||
-ALL_T= $(LUA_A) $(LUA_T) $(LUAC_T)
|
||||
+ALL_T= $(LUA_A) $(LUA_T) $(LUAC_T) $(LUA_SO)
|
||||
ALL_A= $(LUA_A)
|
||||
|
||||
# Targets start here.
|
||||
@@ -59,6 +60,12 @@
|
||||
$(AR) $@ $(BASE_O)
|
||||
$(RANLIB) $@
|
||||
|
||||
+$(LUA_SO): $(CORE_O) $(LIB_O)
|
||||
+ $(CC) -shared -ldl -Wl,-soname,$(LUA_SO).$(V) -o $@.$(R) $? -lm $(MYLDFLAGS)
|
||||
+ ln -sf $(LUA_SO).$(R) $(LUA_SO).$(V)
|
||||
+ ln -sf $(LUA_SO).$(R) $(LUA_SO)
|
||||
+
|
||||
+
|
||||
$(LUA_T): $(LUA_O) $(LUA_A)
|
||||
$(CC) -o $@ $(LDFLAGS) $(LUA_O) $(LUA_A) $(LIBS)
|
||||
|
|
@ -8,14 +8,14 @@
|
|||
|
||||
Name: lua
|
||||
Version: %{major_version}.5
|
||||
Release: 9%{?dist}
|
||||
Release: 11%{?dist}
|
||||
Summary: Powerful light-weight programming language
|
||||
License: MIT
|
||||
URL: https://www.lua.org/
|
||||
Group: Development/Tools
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Source0: http://www.lua.org/ftp/lua-%{version}.tar.gz
|
||||
Source0: https://www.lua.org/ftp/%{name}-%{version}.tar.gz
|
||||
# copied from doc/readme.html on 2014-07-18
|
||||
Source1: mit.txt
|
||||
Source2: http://www.lua.org/tests/lua-%{test_version}-tests.tar.gz
|
||||
|
@ -23,12 +23,27 @@ Source2: http://www.lua.org/tests/lua-%{test_version}-tests.tar.gz
|
|||
Source3: luaconf.h
|
||||
# rpm-macro
|
||||
Source1000: macros.lua
|
||||
|
||||
Patch0: %{name}-5.3.0-autotoolize.patch
|
||||
Patch1: %{name}-5.3.0-idsize.patch
|
||||
Patch2: %{name}-5.2.2-configure-linux.patch
|
||||
Patch3: %{name}-5.3.0-configure-compat-module.patch
|
||||
# Fixes CVE-2019-6706
|
||||
# From http://lua.2524044.n2.nabble.com/CVE-2019-6706-use-after-free-in-lua-upvaluejoin-function-tt7685575.html
|
||||
Patch4: CVE-2019-6706-use-after-free-lua_upvaluejoin.patch
|
||||
Patch5: lua-5.3.4-shared_library-1.patch
|
||||
# CVE-2020-15888 patch taken from Open Embedded's Lua meta layer https://github.com/openembedded/meta-openembedded/blob/master/meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch
|
||||
# NOTE: Upstream patches needed if updating to 5.4:
|
||||
# - eb41999461b6f428186c55abd95f4ce1a76217d5
|
||||
# - 6298903e35217ab69c279056f925fb72900ce0b7
|
||||
Patch6: CVE-2020-15888.patch
|
||||
# CVE-2020-15889 is in the Lua generational garbage collection code, which is new to 5.4.0. 5.3.5 is not affected.
|
||||
# NOTE: Patches needed if updating to 5.4:
|
||||
# - 127e7a6c8942b362aa3c6627f44d660a4fb75312
|
||||
Patch7: CVE-2020-15889.nopatch
|
||||
# CVE-2020-24342 appears to not affect 5.3.5 (no repro of exploit)
|
||||
# NOTE: Patches needed if updating to 5.4:
|
||||
# - 34affe7a63fc5d842580a9f23616d057e17dfe27
|
||||
Patch8: CVE-2020-24342.nopatch
|
||||
|
||||
BuildRequires: automake autoconf libtool readline-devel ncurses-devel
|
||||
Requires: lua-libs = %{version}-%{release}
|
||||
|
@ -75,6 +90,9 @@ mv src/luaconf.h src/luaconf.h.template.in
|
|||
%patch2 -p1 -z .configure-linux
|
||||
%patch3 -p1 -z .configure-compat-all
|
||||
%patch4 -p1 -b .CVE-2019-6706
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
sed -i 's/CFLAGS= -fPIC -O2 /CFLAGS+= -fPIC -O2 -DLUA_COMPAT_MODULE /' src/Makefile
|
||||
# Put proper version in configure.ac, patch0 hardcodes 5.3.0
|
||||
sed -i 's|5.3.0|%{version}|g' configure.ac
|
||||
autoreconf -ifv
|
||||
|
@ -152,6 +170,13 @@ install -Dpm 0644 %{SOURCE1000} $RPM_BUILD_ROOT/%{macrosdir}/macros.lua
|
|||
|
||||
|
||||
%changelog
|
||||
* Thu Oct 01 2020 Daniel McIlvaney <damcilva@microsoft.com> 5.3.5-11
|
||||
- Nopatch CVE-2020-24342
|
||||
- Apply patch for CVE-2020-15888 from Open Embedded
|
||||
|
||||
* Mon Sep 28 2020 Daniel McIlvaney <damcilva@microsoft.com> 5.3.5-10
|
||||
- Nopatch CVE-2020-15889 since it only affects 5.4.0
|
||||
|
||||
* Mon Sep 28 2020 Joe Schmitt <joschmit@microsoft.com> - 5.3.5-9
|
||||
- Update URL to https.
|
||||
- License verified.
|
||||
|
|
|
@ -1,14 +1,13 @@
|
|||
Summary: Program for compiling packages
|
||||
Name: make
|
||||
Version: 4.2.1
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
License: GPLv3+
|
||||
URL: http://www.gnu.org/software/make
|
||||
Group: Development/Tools
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Source0: http://ftp.gnu.org/gnu/make/%{name}-%{version}.tar.bz2
|
||||
%define sha1 make=7d9d11eb36cfb752da1fb11bb3e521d2a3cc8830
|
||||
|
||||
%description
|
||||
The Make package contains a program for compiling packages.
|
||||
|
@ -31,6 +30,7 @@ rm -rf %{buildroot}%{_infodir}
|
|||
%find_lang %{name}
|
||||
|
||||
%check
|
||||
export PERL_USE_UNSAFE_INC=1
|
||||
make %{?_smp_mflags} check
|
||||
|
||||
%files -f %{name}.lang
|
||||
|
@ -41,9 +41,10 @@ make %{?_smp_mflags} check
|
|||
%{_mandir}/*/*
|
||||
|
||||
%changelog
|
||||
* Sat May 09 00:21:04 PST 2020 Nick Samson <nisamson@microsoft.com> - 4.2.1-4
|
||||
* Mon Oct 19 2020 Andrew Phelps <anphel@microsoft.com> 4.2.1-5
|
||||
- Fix check test
|
||||
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 4.2.1-4
|
||||
- Added %%license line automatically
|
||||
|
||||
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 4.2.1-3
|
||||
- Initial CBL-Mariner import from Photon (license: Apache2).
|
||||
* Sun Sep 09 2018 Alexey Makhalov <amakhalov@vmware.com> 4.2.1-2
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Summary: CBL-Mariner release files
|
||||
Name: mariner-release
|
||||
Version: 1.0
|
||||
Release: 9%{?dist}
|
||||
Release: 10%{?dist}
|
||||
License: MIT
|
||||
Group: System Environment/Base
|
||||
URL: https://aka.ms/cbl-mariner
|
||||
|
@ -67,6 +67,8 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%config(noreplace) /etc/issue.net
|
||||
|
||||
%changelog
|
||||
* Sat Oct 24 2020 Jon Slobodzian <joslobo@microsoft.com> - 1.0-10
|
||||
- Updating version for October update
|
||||
* Fri Sep 04 2020 Mateusz Malisz <mamalisz@microsoft.com> - 1.0-9
|
||||
- Remove empty %%post section, dropping dependency on /bin/sh
|
||||
* Tue Aug 24 2020 Jon Slobodzian <joslobo@microsoft.com> - 1.0-8
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
[mariner-preview]
|
||||
name=CBL-Mariner Official Preview $releasever $basearch
|
||||
baseurl=https://packages.microsoft.com/cbl-mariner/$releasever/preview/update/$basearch/rpms
|
||||
gpgkey=file:///etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY file:///etc/pki/rpm-gpg/MICROSOFT-METADATA-GPG-KEY
|
||||
gpgcheck=1
|
||||
repo_gpgcheck=1
|
||||
enabled=1
|
||||
skip_if_unavailable=True
|
||||
sslverify=1
|
|
@ -3,6 +3,7 @@
|
|||
"MICROSOFT-RPM-GPG-KEY": "1092f37ec429e58bf9c7f898df17c3c32eb2ce3c4c037afb8ffe2d2b42e16e89",
|
||||
"MICROSOFT-METADATA-GPG-KEY": "1824ecffeda90cfe4178a99bddde450f09fd40e8faf4f0124fba16ea79998c4c",
|
||||
"mariner-official-base.repo": "af485f85c5c856536c6ec2f73f0afd1d9c424396fce1c9ae6f40745a5f41503d",
|
||||
"mariner-official-update.repo": "d80ed87ba6cf1e535131a9a68499b832dc87fc9add29cbae0f6cc76ebc36fbf3"
|
||||
"mariner-official-update.repo": "d80ed87ba6cf1e535131a9a68499b832dc87fc9add29cbae0f6cc76ebc36fbf3",
|
||||
"mariner-preview.repo": "7b5731bce3d0c81647144822a886a01912e325db10f7519e105b5224a25f1568"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,17 +1,18 @@
|
|||
Summary: CBL-Mariner repo files, gpg keys
|
||||
Name: mariner-repos
|
||||
Version: 1.0
|
||||
Release: 9%{?dist}
|
||||
Release: 11%{?dist}
|
||||
License: Apache License
|
||||
Group: System Environment/Base
|
||||
URL: https://aka.ms/mariner
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Source0: MICROSOFT-RPM-GPG-KEY
|
||||
Source1: MICROSOFT-METADATA-GPG-KEY
|
||||
Source2: mariner-official-base.repo
|
||||
Source3: mariner-official-update.repo
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: mariner
|
||||
Provides: mariner-repos
|
||||
Source4: mariner-preview.repo
|
||||
|
||||
Requires(post): gpgme
|
||||
Requires(post): rpm
|
||||
Requires(preun): gpgme
|
||||
|
@ -21,11 +22,20 @@ BuildArch: noarch
|
|||
%description
|
||||
CBL-Mariner repo files and gpg keys
|
||||
|
||||
%package preview
|
||||
Summary: CBL-Mariner preview repo file.
|
||||
Group: System Environment/Base
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
|
||||
%description preview
|
||||
%{summary}
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
install -d -m 755 $RPM_BUILD_ROOT/etc/yum.repos.d
|
||||
install -m 644 %{SOURCE2} $RPM_BUILD_ROOT/etc/yum.repos.d
|
||||
install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/yum.repos.d
|
||||
install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/etc/yum.repos.d
|
||||
|
||||
install -d -m 755 $RPM_BUILD_ROOT/etc/pki/rpm-gpg
|
||||
install -m 644 %{SOURCE0} $RPM_BUILD_ROOT/etc/pki/rpm-gpg
|
||||
|
@ -34,7 +44,7 @@ install -m 644 %{SOURCE1} $RPM_BUILD_ROOT/etc/pki/rpm-gpg
|
|||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%post
|
||||
%posttrans
|
||||
gpg --import /etc/pki/rpm-gpg/MICROSOFT-METADATA-GPG-KEY
|
||||
gpg --import /etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY
|
||||
|
||||
|
@ -52,7 +62,16 @@ gpg --batch --yes --delete-keys 2BC94FFF7015A5F28F1537AD0CD9FED33135CE90
|
|||
%config(noreplace) /etc/yum.repos.d/mariner-official-base.repo
|
||||
%config(noreplace) /etc/yum.repos.d/mariner-official-update.repo
|
||||
|
||||
%files preview
|
||||
%defattr(-,root,root,-)
|
||||
%config(noreplace) /etc/yum.repos.d/mariner-preview.repo
|
||||
|
||||
%changelog
|
||||
* Thu Oct 01 2020 Emre Girgin <sarsoma@microsoft.com> - 1.0-11
|
||||
- Change %%post scriptlet to %%posttrans in order to ensure it runs after %%postun during an upgrade.
|
||||
* Mon Sep 28 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 1.0-10
|
||||
- Adding configuration to access the preview repository.
|
||||
- Removing redundant 'Provides'.
|
||||
* Tue Aug 11 2020 Saravanan Somasundaram <sarsoma@microsoft.com> - 1.0-9
|
||||
- Enable GPG Check and Import
|
||||
* Mon Aug 10 2020 Saravanan Somasundaram <sarsoma@microsoft.com> - 1.0-8
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"mm-common-1.0.0.tar.xz": "b97d9b041e5952486cab620b44ab09f6013a478f43b6699ae899b8a4da189cd4"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,52 @@
|
|||
Summary: mm-common module
|
||||
Name: mm-common
|
||||
Version: 1.0.0
|
||||
Release: 3%{?dist}
|
||||
License: LGPLv2+
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Group: Development/Libraries/C and C++
|
||||
URL: https://gtkmm.org
|
||||
Source0: https://ftp.gnome.org/pub/GNOME/sources/%{name}/1.0/%{name}-%{version}.tar.xz
|
||||
%define debug_package %{nil}
|
||||
BuildRequires: pkg-config
|
||||
BuildArch: noarch
|
||||
|
||||
%description
|
||||
The mm-common module provides the build infrastructure and utilities
|
||||
shared among the GNOME C++ binding libraries. It is only a required
|
||||
dependency for building the C++ bindings from the gnome.org version
|
||||
control repository.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
./autogen.sh
|
||||
%configure
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
make install DESTDIR=%{buildroot}
|
||||
|
||||
%files
|
||||
%license COPYING
|
||||
%doc README
|
||||
%{_bindir}/*
|
||||
%{_datadir}/%{name}/*
|
||||
%{_datadir}/pkgconfig/*
|
||||
%{_datadir}/aclocal/*
|
||||
%{_docdir}/%{name}/*
|
||||
%{_mandir}/*
|
||||
|
||||
%changelog
|
||||
* Mon Oct 12 2020 Thomas Crain <thcrain@microsoft.com> - 1.0.0-3
|
||||
- Update Source0 (removes need for libstdc++.tag file)
|
||||
- Lint for Mariner style
|
||||
- License verified
|
||||
|
||||
* Tue Jun 09 2020 Jonathan Chiu <jochi@microsoft.com> - 1.0.0-2
|
||||
- Include libstdc++.tag in source files so package can be built offline
|
||||
|
||||
* Mon Mar 30 2020 Jonathan Chiu <jochi@microsoft.com> - 1.0.0-1
|
||||
- Original version for CBL-Mariner
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"msgpack-c-cpp-3.2.1.tar.gz" : "464f46744a6be778626d11452c4db3c2d09461080c6db42e358e21af19d542f6"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,58 @@
|
|||
Summary: MessagePack implementation for C and C++
|
||||
Name: msgpack
|
||||
Version: 3.2.1
|
||||
Release: 2%{?dist}
|
||||
License: Boost
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
URL: https://msgpack.org
|
||||
#Source0: https://github.com/%{name}/%{name}-c/archive/cpp-%{version}.tar.gz
|
||||
Source0: %{name}-c-cpp-%{version}.tar.gz
|
||||
%define _build_id_links none
|
||||
BuildRequires: boost-devel
|
||||
BuildRequires: cmake
|
||||
BuildRequires: gcc
|
||||
|
||||
%description
|
||||
MessagePack is an efficient binary serialization format,
|
||||
which lets you exchange data among multiple languages like JSON,
|
||||
except that it's faster and smaller.
|
||||
|
||||
%package devel
|
||||
Summary: Development files for %{name}
|
||||
Requires: %{name} = %{version}
|
||||
|
||||
%description devel
|
||||
Development files for %{name}
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-c-cpp-%{version}
|
||||
|
||||
%build
|
||||
mkdir build
|
||||
cd build
|
||||
cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} ..
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
cd build
|
||||
make install DESTDIR=%{buildroot}
|
||||
|
||||
%files
|
||||
%license COPYING LICENSE_1_0.txt NOTICE
|
||||
%{_libdir}/*.so.*
|
||||
|
||||
%files devel
|
||||
%{_includedir}/*
|
||||
%{_libdir}/cmake/*
|
||||
%{_libdir}/pkgconfig/msgpack.pc
|
||||
%{_libdir}/*.so
|
||||
%{_libdir}/*.a
|
||||
|
||||
%changelog
|
||||
* Mon Oct 12 2020 Thomas Crain <thcrain@microsoft.com> - 3.2.1-2
|
||||
- License verified and %%license added
|
||||
- Update Source0
|
||||
|
||||
* Mon Mar 30 2020 Jonathan Chiu <jochi@microsoft.com> - 3.2.1-1
|
||||
- Original version for CBL-Mariner
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"nlohmann-json-3.6.1.tar.gz": "80c45b090e40bf3d7a7f2a6e9f36206d3ff710acfa8d8cc1f8c763bb3075e22e"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,55 @@
|
|||
Summary: Modern C++11 JSON library
|
||||
Name: nlohmann-json
|
||||
Version: 3.6.1
|
||||
Release: 2%{?dist}
|
||||
License: MIT
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Group: System Environment
|
||||
URL: https://github.com/nlohmann/json
|
||||
#Source0: https://github.com/nlohmann/json/archive/v%{version}.tar.gz
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
%global debug_package %{nil}
|
||||
BuildRequires: cmake
|
||||
BuildRequires: gcc
|
||||
|
||||
%description
|
||||
A modern C++ JSON library.
|
||||
|
||||
%package devel
|
||||
Summary: Development files for %{name}
|
||||
|
||||
%description devel
|
||||
Development files for %{name}
|
||||
|
||||
%prep
|
||||
%setup -q -n json-%{version}
|
||||
|
||||
%build
|
||||
mkdir build && cd build
|
||||
%cmake ..
|
||||
%make_build
|
||||
|
||||
%check
|
||||
make test -C build
|
||||
|
||||
%install
|
||||
%make_install -C build
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root)
|
||||
%license LICENSE.MIT
|
||||
%doc README.md
|
||||
%{_includedir}/nlohmann
|
||||
%{_libdir}/cmake/nlohmann_json
|
||||
|
||||
%changelog
|
||||
* Mon Oct 12 2020 Thomas Crain <thcrain@microsoft.com> - 3.6.1-2
|
||||
- Update Source0
|
||||
- License verified
|
||||
|
||||
* Tue Feb 11 2020 Nick Bopp <nichbop@microsoft.com> - 3.6.1-1
|
||||
- Original version for CBL-Mariner.
|
|
@ -0,0 +1,153 @@
|
|||
diff --git a/Unix/buildtool b/Unix/buildtool
|
||||
--- a/Unix/buildtool 2020-09-29 10:33:36.055821162 -0700
|
||||
+++ b/Unix/buildtool 2020-09-29 11:24:05.121922456 -0700
|
||||
@@ -274,9 +274,9 @@
|
||||
distro=`lsb_release -i | awk -F":" '{ print $2 }'`
|
||||
distro_version=`lsb_release -r | awk -F":" '{ print $2 }'`
|
||||
;;
|
||||
- arm*:Linux:*)
|
||||
+ aarch64*:Linux:*)
|
||||
os=LINUX
|
||||
- arch=ARM
|
||||
+ arch=AARCH64
|
||||
compiler=GNU
|
||||
distro=`lsb_release -i | awk -F":" '{ print $2 }'`
|
||||
distro_version=`lsb_release -r | awk -F":" '{ print $2 }'`
|
||||
@@ -293,7 +293,7 @@
|
||||
|
||||
case "$platform" in
|
||||
|
||||
- LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_ARM_GNU)
|
||||
+ LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_AARCH64_GNU)
|
||||
compiler_version=`gcc --version | awk -F" " 'match($0, /[0-9]*\.[0-9]*\.[0-9]*/){ if (match($0, /[0-9]*\.[0-9]*\.[0-9]*/, m)) print m[0] }'`
|
||||
compiler_major_version=`echo $compiler_version | awk -F'.' '{ print $1}'`
|
||||
compiler_minor_version=`echo $compiler_version | awk -F'.' '{ print $2}'`
|
||||
@@ -573,7 +573,7 @@
|
||||
|
||||
case "$platform" in
|
||||
|
||||
- LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_ARM_GNU)
|
||||
+ LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_AARCH64_GNU)
|
||||
echo gcc
|
||||
;;
|
||||
MONTAVISTA_IX86_GNU)
|
||||
@@ -614,7 +614,7 @@
|
||||
fi
|
||||
|
||||
case "$platform" in
|
||||
- LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_ARM_GNU)
|
||||
+ LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_AARCH64_GNU)
|
||||
echo g++
|
||||
;;
|
||||
MONTAVISTA_IX86_GNU)
|
||||
@@ -689,7 +689,7 @@
|
||||
LINUX_IX86_GNU|LINUX_X86_64_GNU)
|
||||
echo size
|
||||
;;
|
||||
- LINUX_ARM_GNU)
|
||||
+ LINUX_AARCH64_GNU)
|
||||
echo size
|
||||
;;
|
||||
MONTAVISTA_IX86_GNU)
|
||||
@@ -778,7 +778,7 @@
|
||||
r="$r -g"
|
||||
|
||||
case "$platform" in
|
||||
- LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|MONTAVISTA_IX86_GNU|NETBSD_IX86_GNU|LINUX_ARM_GNU)
|
||||
+ LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|MONTAVISTA_IX86_GNU|NETBSD_IX86_GNU|LINUX_AARCH64_GNU)
|
||||
if test $cxx_opt ; then
|
||||
r="$r -std=gnu++98"
|
||||
fi
|
||||
@@ -974,7 +974,7 @@
|
||||
r=""
|
||||
|
||||
case "$platform" in
|
||||
- LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_ARM_GNU)
|
||||
+ LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_AARCH64_GNU)
|
||||
r="$r -shared"
|
||||
test -n "$libpath_opt" && r="$r -Wl,-rpath=$libpath_opt"
|
||||
;;
|
||||
@@ -1098,7 +1098,7 @@
|
||||
r=""
|
||||
|
||||
case "$platform" in
|
||||
- LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_ARM_GNU)
|
||||
+ LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_AARCH64_GNU)
|
||||
test -n "$libpath_opt" && r="$r -Wl,-rpath=$libpath_opt"
|
||||
;;
|
||||
MONTAVISTA_IX86_GNU)
|
||||
@@ -1181,7 +1181,7 @@
|
||||
r=""
|
||||
|
||||
case "$platform" in
|
||||
- LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_ARM_GNU)
|
||||
+ LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_AARCH64_GNU)
|
||||
r="gcc -M"
|
||||
;;
|
||||
MONTAVISTA_IX86_GNU)
|
||||
@@ -1225,7 +1225,7 @@
|
||||
r=""
|
||||
|
||||
case "$platform" in
|
||||
- LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_ARM_GNU)
|
||||
+ LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_AARCH64_GNU)
|
||||
r="-lpthread -ldl -lpam"
|
||||
;;
|
||||
MONTAVISTA_IX86_GNU)
|
||||
@@ -1273,7 +1273,7 @@
|
||||
args="$arg2 $arg3 $arg4 $arg5 $arg6 $arg7 $arg8 $arg9"
|
||||
|
||||
case "$platform" in
|
||||
- LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_ARM_GNU)
|
||||
+ LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_AARCH64_GNU)
|
||||
for path in $args
|
||||
do
|
||||
r="$r -Wl,-rpath=$path"
|
||||
@@ -1360,7 +1360,7 @@
|
||||
r=""
|
||||
|
||||
case "$platform" in
|
||||
- LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_ARM_GNU)
|
||||
+ LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_AARCH64_GNU)
|
||||
;;
|
||||
MONTAVISTA_IX86_GNU)
|
||||
;;
|
||||
@@ -1441,7 +1441,7 @@
|
||||
fi
|
||||
|
||||
case "$platform" in
|
||||
- LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_ARM_GNU)
|
||||
+ LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_AARCH64_GNU)
|
||||
echo "lib$arg2.so"
|
||||
;;
|
||||
MONTAVISTA_IX86_GNU)
|
||||
@@ -1485,7 +1485,7 @@
|
||||
fi
|
||||
|
||||
case "$platform" in
|
||||
- LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_ARM_GNU)
|
||||
+ LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_AARCH64_GNU)
|
||||
echo "so"
|
||||
;;
|
||||
MONTAVISTA_IX86_GNU)
|
||||
@@ -1577,7 +1577,7 @@
|
||||
|
||||
if [ -z "$libdir" ]; then
|
||||
case "$platform" in
|
||||
- LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_ARM_GNU)
|
||||
+ LINUX_IX86_GNU|LINUX_X86_64_GNU|LINUX_PPC_GNU|LINUX_AARCH64_GNU)
|
||||
if [ -f "/usr/lib/libssl.so" ]; then
|
||||
libdir=/usr/lib
|
||||
fi
|
||||
diff --git a/Unix/pal/palcommon.h b/Unix/pal/palcommon.h
|
||||
--- a/Unix/pal/palcommon.h 2020-09-29 10:33:36.091821099 -0700
|
||||
+++ b/Unix/pal/palcommon.h 2020-09-29 11:23:09.370299157 -0700
|
||||
@@ -930,7 +930,7 @@
|
||||
}
|
||||
|
||||
|
||||
-#elif defined(CONFIG_ARCH_SPARC) || defined(CONFIG_ARCH_ARM)
|
||||
+#elif defined(CONFIG_ARCH_SPARC) || defined(CONFIG_ARCH_AARCH64)
|
||||
|
||||
/* Sparc only does big endian */
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue