Merge branch '1.0-dev' into schalam/qatengine

.github/workflows/cgmanifest.json

@@ -0,0 +1,14 @@
+{
+    "Registrations": [
+      {
+        "Component": {
+          "Type": "git",
+          "Git": {
+            "RepositoryUrl": "https://github.com/rpm-software-management/spec-cleaner",
+            "CommitHash": "f24cd83e5e2775b061696d4fd7fcf47f63514b50"
+          }
+        }
+      }
+    ],
+    "Version": 1
+  }

.github/workflows/lint-specs.yml

@@ -0,0 +1,95 @@
+name: Spec Linting
+
+on:
+  push:
+    paths:
+      - '**.spec'
+    branches: [main, dev, 1.0*]
+  pull_request:
+    paths:
+      - '**.spec'
+    branches: [main, dev, 1.0*]
+
+jobs:
+  spec-lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      # Checkout the branch of our repo that triggered this action
+      - name: Workflow trigger checkout
+        uses: actions/checkout@v2
+
+      - name: Get base commit for PRs
+        if: ${{ github.event_name == 'pull_request' }}
+        run: |
+          git fetch origin ${{ github.base_ref }}
+          echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> $GITHUB_ENV 
+          echo "Merging ${{ github.sha }} into ${{ github.base_ref }}"
+
+      - name: Get base commit for Pushes
+        if: ${{ github.event_name == 'push' }}
+        run: |
+          git fetch origin ${{ github.event.before }}
+          echo "base_sha=${{ github.event.before }}" >> $GITHUB_ENV 
+          echo "Merging ${{ github.sha }} into ${{ github.event.before }}"
+
+      - name: Get the changed files
+        run: |
+          echo "Files changed: '$(git diff-tree --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }})'"
+          changed_specs=$(git diff-tree --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }} | { grep "\.spec$" || test $? = 1; })
+          echo "Files to validate: '${changed_specs}'"
+          echo "updated-specs=$(echo ${changed_specs})" >> $GITHUB_ENV
+
+      - name: Main branch checkout 
+        uses: actions/checkout@v2
+        with:
+          ref: 'main'
+          path: 'main-checkout'
+
+      # Our linter is based on the spec-cleaner tool from the folks at openSUSE
+      # We apply a patch to modify it for CBL-Mariner's needs
+      - name: spec-cleaner checkout
+        uses: actions/checkout@v2
+        with:
+          repository: 'rpm-software-management/spec-cleaner'
+          ref: 'spec-cleaner-1.2.0'
+          path: 'spec-cleaner'
+
+      # For consistency, we use the same major/minor version of Python that CBL-Mariner ships
+      - name: Setup Python 3.7
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.7
+        
+      # We take our version of the linting tool from the master branch to ensure rules
+      # are consistent across all branches
+      - name: Patch spec-cleaner with Mariner-specific lints
+        run: |
+          pushd spec-cleaner
+          git apply ../main-checkout/.github/workflows/mariner-spec-cleaner.patch
+          popd
+
+      - name: Install patched spec-cleaner
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ./spec-cleaner
+      
+      # Set continue-on-error to true if we're blocking too many PRs here
+      # We don't want this tool to have a low signal-to-noise ratio
+      - name: Lint changed spec files
+        continue-on-error: true
+        run: |
+          mkdir -p linted_specs
+          spec-cleaner -o linted_specs ${{ env.updated-specs }}
+          [ -n "$(ls -A linted_specs)" ] \
+          && echo "Specs are not correctly formatted." \
+          && echo "The linted_specs artifact contains linted versions of the specs you're checking in." \
+          && echo "Please properly format your specs according to that output before merging." \
+          && exit 1
+
+      - uses: actions/upload-artifact@v2
+        with:
+          name: linted_specs
+          path: linted_specs
+          if-no-files-found: ignore
+          if: always()

SPECS-SIGNED/kernel-signed-aarch64/kernel-signed-aarch64.spec

@@ -2,7 +2,7 @@
 Summary:        Signed Linux Kernel for aarch64 systems
 Name:           kernel-signed-aarch64
 Version:        5.4.51
-Release:        10%{?dist}
+Release:        11%{?dist}
 License:        GPLv2
 URL:            https://github.com/microsoft/WSL2-Linux-Kernel
 Group:          System Environment/Kernel
@@ -85,8 +85,10 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %config %{_localstatedir}/lib/initramfs/kernel/%{uname_r}
 
 %changelog
-*   Fri Oct 16 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> 5.4.51-10
+*   Fri Oct 16 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> 5.4.51-11
 -   Update release number
+*   Fri Oct 02 2020 Chris Co <chrco@microsoft.com> 5.4.51-10
+-   Update release number to match kernel spec
 *   Fri Oct 02 2020 Chris Co <chrco@microsoft.com> 5.4.51-9
 -   Update release number
 *   Wed Sep 30 2020 Emre Girgin <mrgirgin@microsoft.com> 5.4.51-8

SPECS-SIGNED/kernel-signed-x64/kernel-signed-x64.spec

@@ -2,7 +2,7 @@
 Summary:        Signed Linux Kernel for x86_64 systems
 Name:           kernel-signed-x64
 Version:        5.4.51
-Release:        10%{?dist}
+Release:        11%{?dist}
 License:        GPLv2
 URL:            https://github.com/microsoft/WSL2-Linux-Kernel
 Group:          System Environment/Kernel
@@ -85,8 +85,10 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %config %{_localstatedir}/lib/initramfs/kernel/%{uname_r}
 
 %changelog
-*   Fri Oct 16 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> 5.4.51-10
+*   Fri Oct 16 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> 5.4.51-11
 -   Update release number
+*   Fri Oct 02 2020 Chris Co <chrco@microsoft.com> 5.4.51-10
+-   Update release number to match kernel spec
 *   Fri Oct 02 2020 Chris Co <chrco@microsoft.com> 5.4.51-9
 -   Update release number
 *   Wed Sep 30 2020 Emre Girgin <mrgirgin@microsoft.com> 5.4.51-8

SPECS/azure-storage-cpp/azure-storage-cpp.signatures.json

@@ -0,0 +1,5 @@
+{
+    "Signatures": {
+        "azure-storage-cpp-7.3.0.tar.gz" : "d333757a6065ae2d63f8dfac5bf3033fa1e70bd6e518bf7f97e8d256b9154324"
+    }
+}

SPECS/azure-storage-cpp/azure-storage-cpp.spec

@@ -0,0 +1,72 @@
+%define _build_id_links none
+
+Name:           azure-storage-cpp
+Summary:        Azure Storage Client Library for C++
+Version:        7.3.0
+Release:        2%{?dist}
+License:        ASL 2.0
+URL:            https://azure.github.io/azure-storage-cpp/
+Vendor:         Microsoft Corporation
+Distribution:   Mariner
+#Source0:       https://github.com/Azure/azure-storage-cpp/archive/v%{version}.tar.gz
+Source0:        %{name}-%{version}.tar.gz
+
+BuildRequires:  util-linux-devel
+BuildRequires:  openssl-devel
+BuildRequires:  boost-devel
+BuildRequires:  libxml2-devel
+BuildRequires:  cpprest-devel
+BuildRequires:  cmake
+
+Requires:       openssl
+Requires:       libxml2
+Requires:       cpprest
+Requires:       util-linux
+Requires:       boost
+
+%description
+The Azure Storage Client Library for C++ allows you to build applications against Microsoft Azure Storage.
+
+%package devel
+Summary:        Development files for %{name}
+Requires:       %{name} = %{version}
+Requires:       cpprest-devel
+
+%description devel
+The Azure Storage Client Library for C++ allows you to build applications against Microsoft Azure Storage.
+
+%prep
+%setup -q
+
+%build
+CMAKE_OPTS="\
+    -DCMAKE_BUILD_TYPE=Release \
+    -DCMAKE_INSTALL_PREFIX=%{_prefix} \
+"
+
+mkdir -pv Microsoft.WindowsAzure.Storage/build
+cd Microsoft.WindowsAzure.Storage/build
+cmake $CMAKE_OPTS ..
+make %{?_smp_mflags}
+
+%install
+cd Microsoft.WindowsAzure.Storage/build
+make %{?_smp_mflags} DESTDIR=%{buildroot} install
+
+%files
+%license LICENSE.txt
+%doc README.md
+%{_libdir}/*.so.*
+
+%files devel
+%{_includedir}/was/*
+%{_includedir}/wascore/*
+%{_libdir}/libazurestorage.so
+
+%changelog
+*   Fri Oct 16 2020 Jonathan Slobodzian <joslobo@microsoft.com> 7.3.0-2
+-   License Verified.  Update Source0 Location.  Integrated into Mariner Core.
+
+*   Mon Mar 30 2020 Jonathan Chiu <jochi@microsoft.com> 7.3.0-1
+-   Original version for CBL-Mariner.
+

SPECS/bond/bond.signatures.json

@@ -0,0 +1,7 @@
+{
+    "Signatures": {
+        "bond-8.0.1.tar.gz" : "d22428a40ab158813c6b0d6548a9a4c1304c1873bd4f2f62a0f36c0ba2855a8b",
+        "gbc-0.11.0.3-aarch64" : "2fa232b3ceb79ff2e002ad06f8da93bd59f81599102f95258b4dadb84d6b847d",
+        "gbc-0.11.0.3-x86_64" : "c64f9db841b8cccad4c8ec0bd724e52d28b51a15af145fe40223cd92d7356d71"
+    }
+}

SPECS/bond/bond.spec

@@ -0,0 +1,73 @@
+Name:           bond
+Summary:        Microsoft Bond Library
+Version:        8.0.1
+Release:        3%{?dist}
+License:        MIT
+Vendor:         Microsoft Corporation
+Distribution:   Mariner
+URL:            https://github.com/microsoft/bond
+#Source0:       %{url}/archive/%{version}.tar.gz
+Source0:        %{name}-%{version}.tar.gz
+Source1:        gbc-0.11.0.3-%{_arch}
+
+BuildRequires:  clang
+BuildRequires:  cmake
+BuildRequires:  zlib-devel
+BuildRequires:  boost-devel
+BuildRequires:  ncurses-devel
+BuildRequires:  rapidjson-devel
+BuildRequires:  gmp-devel
+
+%description
+Bond is an open-source, cross-platform framework for working with schematized data.
+It supports cross-language serialization/deserialization and powerful generic mechanisms
+for efficiently manipulating data. Bond is broadly used at Microsoft in high scale services.
+
+%package devel
+Summary:        Development files for %{name}
+Requires:       %{name} = %{version}
+
+%description devel
+Development files for %{name}
+
+%prep
+%setup -q
+
+%build
+CMAKE_OPTS="\
+    -DBOND_ENABLE_GRPC=FALSE \
+    -DBOND_FIND_RAPIDJSON=TRUE \
+    -DBOND_SKIP_CORE_TESTS=TRUE \
+    -DBOND_SKIP_GBC_TESTS=TRUE \
+    -DBOND_GBC_PATH=%{SOURCE1} \
+    -DCMAKE_INSTALL_PREFIX=%{_prefix} \
+"
+
+mkdir -v build
+cd build
+cmake $CMAKE_OPTS ..
+make %{?_smp_mflags}
+
+%install
+cd build
+make DESTDIR=%{buildroot} install
+chmod 0755 %{buildroot}%{_bindir}/gbc
+
+%files
+%license LICENSE
+%doc README.md
+%{_bindir}/*
+
+%files devel
+%{_includedir}/%{name}/*
+%{_libdir}/%{name}/*
+
+%changelog
+*   Mon Oct 19 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 8.0.1-3
+-   License verified.
+-   Added source URL.
+-   Added 'Vendor' and 'Distribution' tags.
+*   Tue May 19 2020 Jonathan Chiu <jochi@microsoft.com> 8.0.1-2
+-   Add aarch64 support
+*   Mon Apr 06 2020 Jonathan Chiu <jochi@microsoft.com> 8.0.1-1
+-   Original version for CBL-Mariner.

SPECS/fluent-bit/fluent-bit.signatures.json

@@ -0,0 +1,5 @@
+{
+    "Signatures": {
+        "fluent-bit-1.4.1.tar.gz" : "f5e2e10133d2a266e508db9d95e425108a1a7e43ca713bedd0d9005d962b0cff"
+    }
+}

SPECS/fluent-bit/fluent-bit.spec

@@ -0,0 +1,58 @@
+%define _build_id_links none
+
+Name:           fluent-bit
+Summary:        Fast and Lightweight Log processor and forwarder for Linux, BSD and OSX
+Version:        1.4.1
+Release:        2%{?dist}
+License:        ASL 2.0
+Vendor:         Microsoft Corporation
+Distribution:   Mariner
+URL:            https://fluentbit.io
+#Source0:       https://github.com/fluent/%{name}/archive/v%{version}.tar.gz
+Source0:        %{name}-%{version}.tar.gz
+
+BuildRequires:  cmake
+
+%description
+Fluent Bit is a fast Log Processor and Forwarder for Linux, Embedded Linux, MacOS and BSD 
+family operating systems. It's part of the Fluentd Ecosystem and a CNCF sub-project.
+
+%package devel
+Summary:        Development files for %{name}
+Requires:       %{name} = %{version}
+
+%description devel
+Development files for %{name}
+
+%prep
+%setup -q
+
+%build
+cd build
+cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} ..
+make %{?_smp_mflags}
+
+%install
+cd build
+make install DESTDIR=%{buildroot}
+
+%files
+%license LICENSE
+%doc README.md
+%exclude /usr/src/debug
+/lib/systemd/system/fluent-bit.service
+%{_bindir}/*
+/usr/etc/fluent-bit/*
+
+%files devel
+%{_includedir}/*
+/usr/lib64/*.so
+
+%changelog
+* Mon Oct 19 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 1.4.1-2
+- License verified.
+- Fixed source URL.
+- Added 'Vendor' and 'Distribution' tags.
+* Mon Mar 30 2020 Jonathan Chiu <jochi@microsoft.com> 1.4.1-1
+- Original version for CBL-Mariner.
+

SPECS/ivykis/ivykis.signatures.json

@@ -0,0 +1,5 @@
+{
+    "Signatures": {
+        "ivykis-0.42.4.tar.gz" : "1ce0341648daedd6d5408e8512bf3999d9aa4f1c1d1432f5eeb37436c9dbecdd"
+    }
+}

SPECS/ivykis/ivykis.spec

@@ -0,0 +1,48 @@
+Name:           ivykis
+Summary:        Library for asynchronous I/O readiness notification
+Version:        0.42.4
+Release:        2%{?dist}
+License:        LGPLv2+
+Vendor:         Microsoft Corporation
+Distribution:   Mariner
+URL:            https://github.com/buytenh/ivykis
+#Source0:       %{url}/archive/v%{version}.tar.gz
+Source0:        %{name}-%{version}.tar.gz
+
+%description
+Ivykis is a library for asynchronous I/O readiness notification.
+
+%package devel
+Summary:        Development files for %{name}
+Requires:       %{name} = %{version}
+
+%description devel
+Development files for %{name}
+
+%prep
+%setup -q
+
+%build
+%configure
+make %{?_smp_mflags}
+
+%install
+make DESTDIR=%{buildroot} install
+
+%files
+%license COPYING
+%{_libdir}/*.so.*
+%{_mandir}/man3/*.3.gz
+
+%files devel
+%{_libdir}/{*.a,*.la,*.so}
+%{_libdir}/pkgconfig/%{name}.pc
+%{_includedir}/*
+
+%changelog
+*   Mon Oct 19 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 0.42.4-2
+-   License verified.
+-   Added source URL.
+-   Added 'URL', 'Vendor', and 'Distribution' tags.
+*   Mon Apr 13 2020 Jonathan Chiu <jochi@microsoft.com> 0.42.4-1
+-   Original version for CBL-Mariner.

SPECS/kernel/CVE-2010-3865.nopatch

@@ -0,0 +1,3 @@
+CVE-2010-3865 - Already patched in 5.4.51 stable kernel
+Upstream commit - 1b1f693d7ad6d193862dcb1118540a030c5e761f
+Same commit id in stable branch

SPECS/kernel/CVE-2020-10757.nopatch

@@ -0,0 +1,3 @@
+CVE-2020-10757 - Already patched in 5.4.51 stable kernel
+Upstream commit - 5bfea2d9b17f1034a68147a8b03b9789af5700f9
+Stable commit - 5a047df0b5fce377df37de75380321d1c8ca07a0

SPECS/kernel/CVE-2020-11668.nopatch

@@ -0,0 +1,3 @@
+CVE-2020-11668 - Already patched in 5.4.51 stable kernel
+Upstream commit - a246b4d547708f33ff4d4b9a7a5dbac741dc89d8
+Stable commit - cb595cb0a1e8e07213337f063cd39a3e80fc43a0

SPECS/kernel/CVE-2020-12653.nopatch

@@ -0,0 +1,3 @@
+CVE-2020-12653 - Already patched in 5.4.51 stable kernel
+Upstream commit - b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d
+Stable commit - 3c822e1f31186767d6b7261c3c066f01907ecfca

SPECS/kernel/CVE-2020-12654.nopatch

@@ -0,0 +1,3 @@
+CVE-2020-12654 - Already patched in 5.4.51 stable kernel
+Upstream commit - 3a9b153c5591548612c3955c9600a98150c81875
+Stable commit - c5b071e3f44d1125694ad4dcf1234fb9a78d0be6

SPECS/kernel/CVE-2020-12657.nopatch

@@ -0,0 +1,3 @@
+CVE-2020-12657 - Already patched in 5.4.51 stable kernel
+Upstream commit - 2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9
+Stable commit - b2ae36d220eddd88f9a1264176e3104d988f72fe

SPECS/kernel/CVE-2020-24394.nopatch

@@ -0,0 +1,3 @@
+CVE-2020-24394 - Already patched in 5.4.51 stable kernel
+Upstream commit - 22cf8419f1319ff87ec759d0ebdff4cbafaee832
+Stable commit - c506f985d8d151383559c0760bb1ef7466e218d4

SPECS/kernel/CVE-2020-8428.nopatch

@@ -0,0 +1,3 @@
+CVE-2020-8428 - Already patched in 5.4.51 stable kernel
+Upstream commit - d0cb50185ae942b03c4327be322055d622dc79f6
+Stable commit - 454759886d0b463213fad0f1c733469e2c501ab9

SPECS/kernel/kernel.spec

@@ -2,7 +2,7 @@
 Summary:        Linux Kernel
 Name:           kernel
 Version:        5.4.51
-Release:        10%{?dist}
+Release:        11%{?dist}
 License:        GPLv2
 URL:            https://github.com/microsoft/WSL2-Linux-Kernel
 Group:          System Environment/Kernel
@@ -35,6 +35,14 @@ Patch1011:      CVE-2020-8648.nopatch
 Patch1012:      CVE-2020-8649.nopatch
 Patch1013:      CVE-2020-9383.nopatch
 Patch1014:      CVE-2020-11725.nopatch
+Patch1015:      CVE-2020-10757.nopatch
+Patch1016:      CVE-2020-12653.nopatch
+Patch1017:      CVE-2020-12657.nopatch
+Patch1018:      CVE-2010-3865.nopatch
+Patch1019:      CVE-2020-11668.nopatch
+Patch1020:      CVE-2020-12654.nopatch
+Patch1021:      CVE-2020-24394.nopatch
+Patch1022:      CVE-2020-8428.nopatch
 
 BuildRequires:  bc
 BuildRequires:  diffutils
@@ -333,8 +341,11 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %{_libdir}/perf/include/bpf/*
 
 %changelog
-*   Fri Oct 16 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> 5.4.51-10
+*   Fri Oct 16 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> 5.4.51-11
 -   Enable QAT kernel configs
+*   Fri Oct 02 2020 Chris Co <chrco@microsoft.com> 5.4.51-10
+-   Address CVE-2020-10757, CVE-2020-12653, CVE-2020-12657, CVE-2010-3865,
+-   CVE-2020-11668, CVE-2020-12654, CVE-2020-24394, CVE-2020-8428
 *   Fri Oct 02 2020 Chris Co <chrco@microsoft.com> 5.4.51-9
 -   Fix aarch64 build error
 *   Wed Sep 30 2020 Emre Girgin <mrgirgin@microsoft.com> 5.4.51-8

SPECS/qemu-kvm/CVE-2015-7504.nopatch

@@ -0,0 +1 @@
+# CVE-2015-7504 was fixed in 2.5.0, but the CVE database was not updated. (837f21aacf5a714c23ddaadbbc5212f9b661e3f7)

SPECS/qemu-kvm/CVE-2016-7161.nopatch

@@ -1 +1 @@
-# CVE-2016-7161 was fixed in 2.7.0, but the CVE database was not updated.
+# CVE-2016-7161 was fixed in 2.7.0, but the CVE database was not updated. (a0d1cbdacff5df4ded16b753b38fdd9da6092968)

SPECS/qemu-kvm/CVE-2017-14167.nopatch

@@ -0,0 +1 @@
+# CVE-2017-14167 was fixed in 2.11.0, but the CVE database was not updated. (ed4f86e8b6eff8e600c69adee68c7cd34dd2cccb)

SPECS/qemu-kvm/CVE-2017-5931.nopatch

@@ -0,0 +1 @@
+# CVE-2017-5931 was fixed in 2.9.0, but the CVE database was not updated.  (a08aaff811fb194950f79711d2afe5a892ae03a4)

SPECS/qemu-kvm/qemu-kvm.spec

@@ -1,7 +1,7 @@
 Summary:       QEMU is a machine emulator and virtualizer
 Name:          qemu-kvm
 Version:       4.2.0
-Release:       12%{?dist}
+Release:       13%{?dist}
 License:       GPLv2 and GPLv2+ and CC-BY and BSD
 Group:         Development/Tools
 URL:           https://www.qemu.org/
@@ -20,8 +20,14 @@ Patch4:        CVE-2019-20175.patch
 Patch5:        CVE-2020-13659.patch
 Patch6:        CVE-2020-16092.patch
 Patch7:        CVE-2020-15863.patch
-# CVE-2016-7161 was fixed in 2.7.0, but the CVE database was not updated.
+# CVE-2016-7161 was fixed in 2.7.0, but the CVE database was not updated. (a0d1cbdacff5df4ded16b753b38fdd9da6092968)
 Patch8:        CVE-2016-7161.nopatch
+# CVE-2015-7504 was fixed in 2.5.0, but the CVE database was not updated. (837f21aacf5a714c23ddaadbbc5212f9b661e3f7)
+Patch9:        CVE-2015-7504.nopatch
+# CVE-2017-5931 was fixed in 2.9.0, but the CVE database was not updated.  (a08aaff811fb194950f79711d2afe5a892ae03a4)
+Patch10:       CVE-2017-5931.nopatch
+# CVE-2017-14167 was fixed in 2.11.0, but the CVE database was not updated. (ed4f86e8b6eff8e600c69adee68c7cd34dd2cccb)
+Patch11:       CVE-2017-14167.nopatch
 
 BuildRequires: python3-devel
 BuildRequires: glib-devel
@@ -116,6 +122,10 @@ chmod 755 %{buildroot}%{_bindir}/qemu
 %{_bindir}/qemu-nbd
 
 %changelog
+*   Tue Sep 29 2020 Daniel McIlvaney <damcilva@microsoft.com> 4.2.0-13
+-   Nopatch CVE-2015-7504, it was fixed in 2.5.0
+-   Nopatch CVE-2017-5931, it was fixed in 2.9.0
+-   Nopatch CVE-2017-14167, it was fixed in 2.11.0
 *   Mon Sep 28 2020 Daniel McIlvaney <damcilva@microsoft.com> 4.2.0-12
 -   Nopatch CVE-2016-7161, it was fixed in 2.7
 *   Mon Sep 14 2020 Nicolas Guibourge <nicolasg@microsoft.com> 4.2.0-11

SPECS/rapidjson/0000-Supress-implicit-fallthrough-in-GCC.patch

@@ -0,0 +1,23 @@
+From fe19b7b6016d446722621fb407738209d1a911e8 Mon Sep 17 00:00:00 2001
+From: Harry Wong <harrywong@live.com>
+Date: Thu, 4 May 2017 10:08:48 +0800
+Subject: [PATCH] Supress implicit fallthrough in GCC
+
+---
+ include/rapidjson/internal/regex.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/include/rapidjson/internal/regex.h b/include/rapidjson/internal/regex.h
+index 1369ea2..6d110bd 100644
+--- a/include/rapidjson/internal/regex.h
++++ b/include/rapidjson/internal/regex.h
+@@ -29,6 +29,7 @@ RAPIDJSON_DIAG_OFF(implicit-fallthrough)
+ #ifdef __GNUC__
+ RAPIDJSON_DIAG_PUSH
+ RAPIDJSON_DIAG_OFF(effc++)
++RAPIDJSON_DIAG_OFF(implicit-fallthrough)
+ #endif
+ 
+ #ifdef _MSC_VER
+-- 
+2.7.4

SPECS/rapidjson/0001-Onley-apply-to-GCC-7.patch

@@ -0,0 +1,26 @@
+From cba45fe9de6923b858edb0780e257b7257aa4f7b Mon Sep 17 00:00:00 2001
+From: Harry Wong <harrywong@live.com>
+Date: Thu, 4 May 2017 10:32:45 +0800
+Subject: [PATCH] Onley apply to GCC 7
+
+---
+ include/rapidjson/internal/regex.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/include/rapidjson/internal/regex.h b/include/rapidjson/internal/regex.h
+index 6d110bd..e1a2faa 100644
+--- a/include/rapidjson/internal/regex.h
++++ b/include/rapidjson/internal/regex.h
+@@ -29,8 +29,10 @@ RAPIDJSON_DIAG_OFF(implicit-fallthrough)
+ #ifdef __GNUC__
+ RAPIDJSON_DIAG_PUSH
+ RAPIDJSON_DIAG_OFF(effc++)
++#if __GNUC__ >= 7
+ RAPIDJSON_DIAG_OFF(implicit-fallthrough)
+ #endif
++#endif
+ 
+ #ifdef _MSC_VER
+ RAPIDJSON_DIAG_PUSH
+-- 
+2.7.4

SPECS/rapidjson/0002-Correct-object-copying-in-document_h.patch

@@ -0,0 +1,50 @@
+diff --git a/include/rapidjson/document.h b/include/rapidjson/document.h
+index e3e20dfb..95aa8999 100644
+--- a/include/rapidjson/document.h
++++ b/include/rapidjson/document.h
+@@ -22,6 +22,7 @@
+ #include "internal/strfunc.h"
+ #include "memorystream.h"
+ #include "encodedstream.h"
++#include <algorithm>
+ #include <new>      // placement new
+ #include <limits>
+ 
+@@ -69,6 +70,7 @@ class GenericDocument;
+ */
+ template <typename Encoding, typename Allocator> 
+ struct GenericMember { 
++    GenericMember() {}
+     GenericValue<Encoding, Allocator> name;     //!< name of member (must be a string)
+     GenericValue<Encoding, Allocator> value;    //!< value of member.
+ };
+@@ -1934,9 +1936,11 @@ private:
+     void SetArrayRaw(GenericValue* values, SizeType count, Allocator& allocator) {
+         data_.f.flags = kArrayFlag;
+         if (count) {
+-            GenericValue* e = static_cast<GenericValue*>(allocator.Malloc(count * sizeof(GenericValue)));
+-            SetElementsPointer(e);
+-            std::memcpy(e, values, count * sizeof(GenericValue));
++            auto arr = static_cast<GenericValue*>(allocator.Malloc(count * sizeof(GenericValue)));
++            for (SizeType idx = 0; idx < count; ++idx)
++                new (arr + idx) GenericValue;
++            SetElementsPointer(arr);
++            std::copy_n(values, count, arr);
+         }
+         else
+             SetElementsPointer(0);
+@@ -1947,9 +1951,11 @@ private:
+     void SetObjectRaw(Member* members, SizeType count, Allocator& allocator) {
+         data_.f.flags = kObjectFlag;
+         if (count) {
+-            Member* m = static_cast<Member*>(allocator.Malloc(count * sizeof(Member)));
+-            SetMembersPointer(m);
+-            std::memcpy(m, members, count * sizeof(Member));
++            auto arr = static_cast<Member*>(allocator.Malloc(count * sizeof(Member)));
++            for (SizeType idx = 0; idx < count; ++idx)
++                new (arr + idx) Member;
++            SetMembersPointer(arr);
++            std::copy_n(members, count, arr);
+         }
+         else
+             SetMembersPointer(0);

SPECS/rapidjson/rapidjson.signatures.json

@@ -0,0 +1,5 @@
+{
+ "Signatures": {
+  "rapidjson-1.1.0.tar.gz" : "bf7ced29704a1e696fbccf2a2b4ea068e7774fa37f6d7dd4039d0787f8bed98e"
+ }
+}

SPECS/rapidjson/rapidjson.spec

@@ -0,0 +1,72 @@
+Summary:        A fast JSON parser/generator for C++ with both SAX/DOM style API
+Name:           rapidjson
+Version:        1.1.0
+Release:        6%{?dist}
+License:        BSD and JSON and MIT
+Vendor:         Microsoft Corporation
+Distribution:   Mariner
+Group:          Development/Tools
+URL:            https://github.com/Tencent/rapidjson
+Source0:        https://github.com/Tencent/%{name}/archive/%{name}-%{version}.tar.gz
+Patch0:         0000-Supress-implicit-fallthrough-in-GCC.patch
+Patch1:         0001-Onley-apply-to-GCC-7.patch
+Patch2:         0002-Correct-object-copying-in-document_h.patch
+%global debug_package %{nil}
+BuildRequires:  cmake
+BuildRequires:  gcc
+
+%description
+RapidJSON is a JSON parser and generator for C++. It was inspired by RapidXml.
+
+%package devel
+Summary:        Fast JSON parser and generator for C++
+Group:          Development/Libraries/C and C++
+Provides:       %{name} = %{version}-%{release}
+
+%description devel
+RapidJSON is a header-only JSON parser and generator for C++.
+This package contains development headers and examples.
+
+%prep
+%autosetup -p 1
+
+%build
+mkdir build && cd build
+cmake -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} -DBUILD_SHARED_LIBS=ON ..
+make %{?_smp_mflags}
+
+%install
+cd build
+make DESTDIR=%{buildroot} install
+
+%check
+make test
+
+%files devel
+%defattr(-,root,root)
+%license license.txt
+%dir %{_libdir}/cmake/RapidJSON
+%{_libdir}/cmake/RapidJSON/*
+%{_libdir}/pkgconfig/*.pc
+%{_includedir}
+%{_datadir}
+
+%changelog
+* Mon Oct 12 2020 Thomas Crain <thcrain@microsoft.com> - 1.1.0-6
+- Update Source0
+- Licenses verified, added %%license macro
+
+* Fri May 08 2020 Jonathan Chiu <jochi@microsoft.com> - 1.1.0-5
+- Fix build failure with gcc 9
+
+* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> - 1.1.0-4
+- Initial CBL-Mariner import from Photon (license: Apache2).
+
+* Mon Nov 19 2018 Vasavi Sirnapalli <vsirnapalli@vmware.com> - 1.1.0-3
+- Fix makecheck
+
+* Wed Aug 08 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> - 1.1.0-2
+- Fix build failure with gcc 7.3
+
+* Fri Jun 09 2017 Harish Udaiya Kumar <hudaiyakumar@vmware.com> - 1.1.0-1
+- Initial build. First version

SPECS/ruby/ruby.signatures.json

@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "ruby-2.6.3.tar.xz": "11a83f85c03d3f0fc9b8a9b6cad1b2674f26c5aaa43ba858d4b0fcc2b54171e1"
+  "ruby-2.6.6.tar.xz": "5db187882b7ac34016cd48d7032e197f07e4968f406b0690e20193b9b424841f"
  }
 }

SPECS/ruby/ruby.spec

@@ -1,7 +1,7 @@
 Summary:        Ruby
 Name:           ruby
-Version:        2.6.3
-Release:        3%{?dist}
+Version:        2.6.6
+Release:        1%{?dist}
 License:        (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD
 URL:            https://www.ruby-lang.org/en/
 Group:          System Environment/Security
@@ -53,6 +53,8 @@ rm -rf %{buildroot}/*
 %{_mandir}/man5/*
 
 %changelog
+*   Thu Oct 15 2020 Emre Girgin <mrgirgin@microsoft.com> 2.6.6-1
+-   Upgrade to 2.6.6 to resolve CVEs.
 *   Sat May 09 00:20:42 PST 2020 Nick Samson <nisamson@microsoft.com> - 2.6.3-3
 -   Added %%license line automatically
 *   Wed May 06 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 2.6.3-2

cgmanifest.json

@@ -210,6 +210,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "azure-storage-cpp",
+          "version": "7.3.0",
+          "downloadUrl": "https://github.com/Azure/azure-storage-cpp/archive/v7.3.0.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -310,6 +320,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "bond",
+          "version": "8.0.1",
+          "downloadUrl": "https://github.com/microsoft/bond/archive/8.0.1.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -1061,6 +1081,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "fluent-bit",
+          "version": "1.4.1",
+          "downloadUrl": "https://github.com/fluent/fluent-bit/archive/v1.4.1.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -1691,6 +1721,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "ivykis",
+          "version": "0.42.4",
+          "downloadUrl": "https://github.com/buytenh/ivykis/archive/v0.42.4.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -5011,6 +5051,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "rapidjson",
+          "version": "1.1.0",
+          "downloadUrl": "https://github.com/Tencent/rapidjson/archive/v1.1.0.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -5136,8 +5186,8 @@
         "type": "other",
         "other": {
           "name": "ruby",
-          "version": "2.6.3",
-          "downloadUrl": "https://cache.ruby-lang.org/pub/ruby/2.6/ruby-2.6.3.tar.xz"
+          "version": "2.6.6",
+          "downloadUrl": "https://cache.ruby-lang.org/pub/ruby/2.6/ruby-2.6.6.tar.xz"
         }
       }
     },