From 4a79d3cec483ac2b62794da31c1cfb5b6c56659f Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 22 Oct 2020 07:27:55 -0700 Subject: [PATCH 001/145] Nopatch CVE-2019-9674 --- SPECS/python2/CVE-2019-9674.nopatch | 0 SPECS/python2/python2.spec | 11 ++++++++--- 2 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 SPECS/python2/CVE-2019-9674.nopatch diff --git a/SPECS/python2/CVE-2019-9674.nopatch b/SPECS/python2/CVE-2019-9674.nopatch new file mode 100644 index 00000000000..e69de29bb2d diff --git a/SPECS/python2/python2.spec b/SPECS/python2/python2.spec index 307d3a67dde..a327a209295 100644 --- a/SPECS/python2/python2.spec +++ b/SPECS/python2/python2.spec @@ -3,7 +3,7 @@ Summary: A high-level scripting language Name: python2 Version: 2.7.18 -Release: 3%{?dist} +Release: 4%{?dist} License: PSF URL: http://www.python.org/ Group: System Environment/Programming @@ -19,8 +19,9 @@ Patch4: CVE-2015-5652.nopatch # Ignore CVE-2017-17522 as Upstream, Red Hat, Debian, and Ubuntu all agree it is not exploitable # and is not a security issue Patch5: CVE-2017-17522.nopatch -# Ignore CVE-2013-1753 as it was patched in upstream 2.7.9, but NVD has not been updated with that fact -Patch6: CVE-2013-1753.nopatch +# Ignore CVE-2019-9674 since the community agreed it shouldn't be patched and upstream +# documentation is updated +Patch6: CVE-2019-9674.nopatch BuildRequires: pkg-config >= 0.28 BuildRequires: bzip2-devel BuildRequires: openssl-devel @@ -241,6 +242,10 @@ make test %{_libdir}/python2.7/test/* %changelog +* Thu Oct 22 2020 Nicolas Ontiveros - 2.7.18-4 +- Remove CVE-2013-1753 nopatch +- Ignore CVE-2019-9674 + * Thu Sep 10 2020 Thomas Crain - 2.7.18-3 - Ignore CVE-2017-17522 because it is widely agreed upon to not be a security vulnerability - Ignore CVE-2013-1753 because NVD erroneously lists this version as being vulnerable From c6fd02ea17927497ef98b3690b535376f2b163b1 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 22 Oct 2020 08:54:06 -0700 Subject: [PATCH 002/145] Patch CVE-2019-20907 and CVE-2020-26116 --- SPECS/python2/CVE-2019-20907.patch | 27 ++++++++++ SPECS/python2/CVE-2020-26116.patch | 84 ++++++++++++++++++++++++++++++ SPECS/python2/python2.spec | 14 +++-- 3 files changed, 121 insertions(+), 4 deletions(-) create mode 100644 SPECS/python2/CVE-2019-20907.patch create mode 100644 SPECS/python2/CVE-2020-26116.patch diff --git a/SPECS/python2/CVE-2019-20907.patch b/SPECS/python2/CVE-2019-20907.patch new file mode 100644 index 00000000000..fccab202802 --- /dev/null +++ b/SPECS/python2/CVE-2019-20907.patch @@ -0,0 +1,27 @@ +--- a/Lib/tarfile.py ++++ b/Lib/tarfile.py +@@ -1400,6 +1400,8 @@ + + length, keyword = match.groups() + length = int(length) ++ if length == 0: ++ raise InvalidHeaderError("invalid header") + value = buf[match.end(2) + 1:match.start(1) + length - 1] + + keyword = keyword.decode("utf8") + +--- a/Lib/test/test_tarfile.py ++++ b/Lib/test/test_tarfile.py +@@ -321,6 +321,12 @@ + with self.assertRaisesRegexp(tarfile.ReadError, "unexpected end of data"): + tar.extractfile(t).read() + ++ def test_length_zero_header(self): ++ # bpo-39017 (CVE-2019-20907): reading a zero-length header should fail ++ # with an exception ++ with self.assertRaisesRegex(tarfile.ReadError, "file could not be opened successfully"): ++ with tarfile.open(support.findfile('recursion.tar')) as tar: ++ pass + + class MiscReadTest(CommonReadTest): + taropen = tarfile.TarFile.taropen diff --git a/SPECS/python2/CVE-2020-26116.patch b/SPECS/python2/CVE-2020-26116.patch new file mode 100644 index 00000000000..108c46ceb38 --- /dev/null +++ b/SPECS/python2/CVE-2020-26116.patch @@ -0,0 +1,84 @@ +--- a/Lib/httplib.py ++++ b/Lib/httplib.py +@@ -257,6 +257,10 @@ + # _is_allowed_url_pchars_re = re.compile(r"^[/!$&'()*+,;=:@%a-zA-Z0-9._~-]+$") + # We are more lenient for assumed real world compatibility purposes. + ++# These characters are not allowed within HTTP method names ++# to prevent http header injection. ++_contains_disallowed_method_pchar_re = re.compile('[\x00-\x1f]') ++ + # We always set the Content-Length header for these methods because some + # servers will otherwise respond with a 411 + _METHODS_EXPECTING_BODY = {'PATCH', 'POST', 'PUT'} +@@ -935,6 +939,8 @@ + else: + raise CannotSendRequest() + ++ self._validate_method(method) ++ + # Save the method for use later in the response phase + self._method = method + +@@ -1020,6 +1026,16 @@ + # On Python 2, request is already encoded (default) + return request + ++ def _validate_method(self, method): ++ """Validate a method name for putrequest.""" ++ # prevent http header injection ++ match = _contains_disallowed_method_pchar_re.search(method) ++ if match: ++ raise ValueError( ++ "method can't contain control characters. %r " ++ "(found at least %r)" ++ % (method, match.group())) ++ + def _validate_path(self, url): + """Validate a url for putrequest.""" + # Prevent CVE-2019-9740. + +--- a/Lib/test/test_httplib.py ++++ b/Lib/test/test_httplib.py +@@ -385,6 +385,28 @@ + conn.putheader(name, value) + + ++class HttpMethodTests(TestCase): ++ def test_invalid_method_names(self): ++ methods = ( ++ 'GET\r', ++ 'POST\n', ++ 'PUT\n\r', ++ 'POST\nValue', ++ 'POST\nHOST:abc', ++ 'GET\nrHost:abc\n', ++ 'POST\rRemainder:\r', ++ 'GET\rHOST:\n', ++ '\nPUT' ++ ) ++ ++ for method in methods: ++ with self.assertRaisesRegex( ++ ValueError, "method can't contain control characters"): ++ conn = client.HTTPConnection('example.com') ++ conn.sock = FakeSocket(None) ++ conn.request(method=method, url="/") ++ ++ + class BasicTest(TestCase): + def test_status_lines(self): + # Test HTTP status lines +@@ -1009,9 +1031,9 @@ + + @test_support.reap_threads + def test_main(verbose=None): +- test_support.run_unittest(HeaderTests, OfflineTest, BasicTest, TimeoutTest, +- HTTPTest, HTTPSTest, SourceAddressTest, +- TunnelTests) ++ test_support.run_unittest(HeaderTests, OfflineTest, HttpMethodTests, ++ BasicTest, TimeoutTest, HTTPTest, HTTPSTest, ++ SourceAddressTest, TunnelTests) + + if __name__ == '__main__': + test_main() diff --git a/SPECS/python2/python2.spec b/SPECS/python2/python2.spec index a327a209295..ac1bd7a8170 100644 --- a/SPECS/python2/python2.spec +++ b/SPECS/python2/python2.spec @@ -14,14 +14,16 @@ Patch0: cgi.patch Patch1: added-pyopenssl-ipaddress-certificate-validation.patch Patch2: python2-support-mariner-platform.patch Patch3: Replace-unsupported-TLS-methods.patch +Patch4: CVE-2019-20907.patch +Patch5: CVE-2020-26116.patch # Ignore CVE-2015-5652 because it only applies to Windows -Patch4: CVE-2015-5652.nopatch +Patch6: CVE-2015-5652.nopatch # Ignore CVE-2017-17522 as Upstream, Red Hat, Debian, and Ubuntu all agree it is not exploitable # and is not a security issue -Patch5: CVE-2017-17522.nopatch +Patch7: CVE-2017-17522.nopatch # Ignore CVE-2019-9674 since the community agreed it shouldn't be patched and upstream # documentation is updated -Patch6: CVE-2019-9674.nopatch +Patch8: CVE-2019-9674.nopatch BuildRequires: pkg-config >= 0.28 BuildRequires: bzip2-devel BuildRequires: openssl-devel @@ -123,6 +125,8 @@ The test package contains all regression tests for Python as well as the modules %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 +%patch5 -p1 %build export OPT="${CFLAGS} %{openssl_flags}" @@ -243,8 +247,10 @@ make test %changelog * Thu Oct 22 2020 Nicolas Ontiveros - 2.7.18-4 -- Remove CVE-2013-1753 nopatch +- Remove CVE-2013-1753 no patch - Ignore CVE-2019-9674 +- Fix CVE-2019-20907 +- Fix CVE-2020-26116 * Thu Sep 10 2020 Thomas Crain - 2.7.18-3 - Ignore CVE-2017-17522 because it is widely agreed upon to not be a security vulnerability From fc24befbadc445cf13be38d360c67de4f7b4bb15 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 22 Oct 2020 09:00:10 -0700 Subject: [PATCH 003/145] Update toolchain txt files --- .../manifests/package/toolchain_aarch64.txt | 12 ++++++------ .../manifests/package/toolchain_x86_64.txt | 18 ++++++------------ 2 files changed, 12 insertions(+), 18 deletions(-) diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index a440121be13..56bd18f96ec 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -316,12 +316,12 @@ procps-ng-3.3.15-3.cm1.aarch64.rpm procps-ng-debuginfo-3.3.15-3.cm1.aarch64.rpm procps-ng-devel-3.3.15-3.cm1.aarch64.rpm procps-ng-lang-3.3.15-3.cm1.aarch64.rpm -python2-2.7.18-3.cm1.aarch64.rpm -python2-debuginfo-2.7.18-3.cm1.aarch64.rpm -python2-devel-2.7.18-3.cm1.aarch64.rpm -python2-libs-2.7.18-3.cm1.aarch64.rpm -python2-test-2.7.18-3.cm1.aarch64.rpm -python2-tools-2.7.18-3.cm1.aarch64.rpm +python2-2.7.18-4.cm1.aarch64.rpm +python2-debuginfo-2.7.18-4.cm1.aarch64.rpm +python2-devel-2.7.18-4.cm1.aarch64.rpm +python2-libs-2.7.18-4.cm1.aarch64.rpm +python2-test-2.7.18-4.cm1.aarch64.rpm +python2-tools-2.7.18-4.cm1.aarch64.rpm python3-cracklib-2.9.7-2.cm1.aarch64.rpm python3-gpg-1.13.1-5.cm1.aarch64.rpm python3-libxml2-2.9.10-2.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index fe801ced5cf..ca658ef2370 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -17,12 +17,6 @@ bzip2-1.0.6-15.cm1.x86_64.rpm bzip2-debuginfo-1.0.6-15.cm1.x86_64.rpm bzip2-devel-1.0.6-15.cm1.x86_64.rpm bzip2-libs-1.0.6-15.cm1.x86_64.rpm -ca-certificates-20200720-9.cm1.noarch.rpm -ca-certificates-base-20200720-9.cm1.noarch.rpm -ca-certificates-legacy-20200720-9.cm1.noarch.rpm -ca-certificates-microsoft-20200720-9.cm1.noarch.rpm -ca-certificates-shared-20200720-9.cm1.noarch.rpm -ca-certificates-tools-20200720-9.cm1.noarch.rpm check-0.12.0-4.cm1.x86_64.rpm check-debuginfo-0.12.0-4.cm1.x86_64.rpm cmake-3.17.3-2.cm1.x86_64.rpm @@ -316,12 +310,12 @@ procps-ng-3.3.15-3.cm1.x86_64.rpm procps-ng-debuginfo-3.3.15-3.cm1.x86_64.rpm procps-ng-devel-3.3.15-3.cm1.x86_64.rpm procps-ng-lang-3.3.15-3.cm1.x86_64.rpm -python2-2.7.18-3.cm1.x86_64.rpm -python2-debuginfo-2.7.18-3.cm1.x86_64.rpm -python2-devel-2.7.18-3.cm1.x86_64.rpm -python2-libs-2.7.18-3.cm1.x86_64.rpm -python2-test-2.7.18-3.cm1.x86_64.rpm -python2-tools-2.7.18-3.cm1.x86_64.rpm +python2-2.7.18-4.cm1.x86_64.rpm +python2-debuginfo-2.7.18-4.cm1.x86_64.rpm +python2-devel-2.7.18-4.cm1.x86_64.rpm +python2-libs-2.7.18-4.cm1.x86_64.rpm +python2-test-2.7.18-4.cm1.x86_64.rpm +python2-tools-2.7.18-4.cm1.x86_64.rpm python3-cracklib-2.9.7-2.cm1.x86_64.rpm python3-gpg-1.13.1-5.cm1.x86_64.rpm python3-libxml2-2.9.10-2.cm1.x86_64.rpm From adbf690f2c240d745ccbbfe3d625c5d326fc8206 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 22 Oct 2020 09:02:16 -0700 Subject: [PATCH 004/145] Add ca-certificates back --- toolkit/resources/manifests/package/toolchain_x86_64.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index ca658ef2370..4ada2f79e16 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -17,6 +17,12 @@ bzip2-1.0.6-15.cm1.x86_64.rpm bzip2-debuginfo-1.0.6-15.cm1.x86_64.rpm bzip2-devel-1.0.6-15.cm1.x86_64.rpm bzip2-libs-1.0.6-15.cm1.x86_64.rpm +ca-certificates-20200720-9.cm1.noarch.rpm +ca-certificates-base-20200720-9.cm1.noarch.rpm +ca-certificates-legacy-20200720-9.cm1.noarch.rpm +ca-certificates-microsoft-20200720-9.cm1.noarch.rpm +ca-certificates-shared-20200720-9.cm1.noarch.rpm +ca-certificates-tools-20200720-9.cm1.noarch.rpm check-0.12.0-4.cm1.x86_64.rpm check-debuginfo-0.12.0-4.cm1.x86_64.rpm cmake-3.17.3-2.cm1.x86_64.rpm From 21eee62c1e3d5e6b98137fdda677bfddceeb8eef Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 22 Oct 2020 09:06:12 -0700 Subject: [PATCH 005/145] Fix python-curses/xml in toolchain txt files --- toolkit/resources/manifests/package/toolchain_aarch64.txt | 4 ++-- toolkit/resources/manifests/package/toolchain_x86_64.txt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 56bd18f96ec..5a56d30bb68 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -327,11 +327,11 @@ python3-gpg-1.13.1-5.cm1.aarch64.rpm python3-libxml2-2.9.10-2.cm1.aarch64.rpm python3-pwquality-1.4.2-4.cm1.aarch64.rpm python3-rpm-4.14.2-10.cm1.aarch64.rpm -python-curses-2.7.18-3.cm1.aarch64.rpm +python-curses-2.7.18-4.cm1.aarch64.rpm python-gpg-1.13.1-5.cm1.aarch64.rpm python-rpm-4.14.2-10.cm1.aarch64.rpm python-setuptools-40.2.0-5.cm1.noarch.rpm -python-xml-2.7.18-3.cm1.aarch64.rpm +python-xml-2.7.18-4.cm1.aarch64.rpm readline-7.0-4.cm1.aarch64.rpm readline-debuginfo-7.0-4.cm1.aarch64.rpm readline-devel-7.0-4.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 4ada2f79e16..1befe3e16e2 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -327,11 +327,11 @@ python3-gpg-1.13.1-5.cm1.x86_64.rpm python3-libxml2-2.9.10-2.cm1.x86_64.rpm python3-pwquality-1.4.2-4.cm1.x86_64.rpm python3-rpm-4.14.2-10.cm1.x86_64.rpm -python-curses-2.7.18-3.cm1.x86_64.rpm +python-curses-2.7.18-4.cm1.x86_64.rpm python-gpg-1.13.1-5.cm1.x86_64.rpm python-rpm-4.14.2-10.cm1.x86_64.rpm python-setuptools-40.2.0-5.cm1.noarch.rpm -python-xml-2.7.18-3.cm1.x86_64.rpm +python-xml-2.7.18-4.cm1.x86_64.rpm readline-7.0-4.cm1.x86_64.rpm readline-debuginfo-7.0-4.cm1.x86_64.rpm readline-devel-7.0-4.cm1.x86_64.rpm From 3799615a81fb45d985cc7b4e5366823ff3155964 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 22 Oct 2020 09:21:47 -0700 Subject: [PATCH 006/145] Fix CVE patch names for unzip --- ...ve-2014-8139.patch => CVE-2014-8139.patch} | 0 ...ve-2014-8140.patch => CVE-2014-8140.patch} | 0 ...ve-2014-8141.patch => CVE-2014-8141.patch} | 0 ...ve-2014-9636.patch => CVE-2014-9636.patch} | 0 ...VE-2014-9913.patch => CVE-2014-9913.patch} | 0 ...ve-2015-1315.patch => CVE-2015-1315.patch} | 0 ...VE-2016-9844.patch => CVE-2016-9844.patch} | 0 ...-overflow.patch => CVE-2018-1000035.patch} | 0 SPECS/unzip/unzip.spec | 20 ++++++++++--------- .../manifests/package/toolchain_aarch64.txt | 4 ++-- .../manifests/package/toolchain_x86_64.txt | 4 ++-- 11 files changed, 15 insertions(+), 13 deletions(-) rename SPECS/unzip/{unzip-6.0-cve-2014-8139.patch => CVE-2014-8139.patch} (100%) rename SPECS/unzip/{unzip-6.0-cve-2014-8140.patch => CVE-2014-8140.patch} (100%) rename SPECS/unzip/{unzip-6.0-cve-2014-8141.patch => CVE-2014-8141.patch} (100%) rename SPECS/unzip/{cve-2014-9636.patch => CVE-2014-9636.patch} (100%) rename SPECS/unzip/{unzip-CVE-2014-9913.patch => CVE-2014-9913.patch} (100%) rename SPECS/unzip/{cve-2015-1315.patch => CVE-2015-1315.patch} (100%) rename SPECS/unzip/{unzip-CVE-2016-9844.patch => CVE-2016-9844.patch} (100%) rename SPECS/unzip/{unzip-6.0-cve-2018-1000035-heap-based-overflow.patch => CVE-2018-1000035.patch} (100%) diff --git a/SPECS/unzip/unzip-6.0-cve-2014-8139.patch b/SPECS/unzip/CVE-2014-8139.patch similarity index 100% rename from SPECS/unzip/unzip-6.0-cve-2014-8139.patch rename to SPECS/unzip/CVE-2014-8139.patch diff --git a/SPECS/unzip/unzip-6.0-cve-2014-8140.patch b/SPECS/unzip/CVE-2014-8140.patch similarity index 100% rename from SPECS/unzip/unzip-6.0-cve-2014-8140.patch rename to SPECS/unzip/CVE-2014-8140.patch diff --git a/SPECS/unzip/unzip-6.0-cve-2014-8141.patch b/SPECS/unzip/CVE-2014-8141.patch similarity index 100% rename from SPECS/unzip/unzip-6.0-cve-2014-8141.patch rename to SPECS/unzip/CVE-2014-8141.patch diff --git a/SPECS/unzip/cve-2014-9636.patch b/SPECS/unzip/CVE-2014-9636.patch similarity index 100% rename from SPECS/unzip/cve-2014-9636.patch rename to SPECS/unzip/CVE-2014-9636.patch diff --git a/SPECS/unzip/unzip-CVE-2014-9913.patch b/SPECS/unzip/CVE-2014-9913.patch similarity index 100% rename from SPECS/unzip/unzip-CVE-2014-9913.patch rename to SPECS/unzip/CVE-2014-9913.patch diff --git a/SPECS/unzip/cve-2015-1315.patch b/SPECS/unzip/CVE-2015-1315.patch similarity index 100% rename from SPECS/unzip/cve-2015-1315.patch rename to SPECS/unzip/CVE-2015-1315.patch diff --git a/SPECS/unzip/unzip-CVE-2016-9844.patch b/SPECS/unzip/CVE-2016-9844.patch similarity index 100% rename from SPECS/unzip/unzip-CVE-2016-9844.patch rename to SPECS/unzip/CVE-2016-9844.patch diff --git a/SPECS/unzip/unzip-6.0-cve-2018-1000035-heap-based-overflow.patch b/SPECS/unzip/CVE-2018-1000035.patch similarity index 100% rename from SPECS/unzip/unzip-6.0-cve-2018-1000035-heap-based-overflow.patch rename to SPECS/unzip/CVE-2018-1000035.patch diff --git a/SPECS/unzip/unzip.spec b/SPECS/unzip/unzip.spec index 9c41e85de47..b4aefb08a49 100644 --- a/SPECS/unzip/unzip.spec +++ b/SPECS/unzip/unzip.spec @@ -1,7 +1,7 @@ Summary: Unzip-6.0 Name: unzip Version: 6.0 -Release: 16%{?dist} +Release: 17%{?dist} License: BSD URL: http://infozip.sourceforge.net/UnZip.html Source0: https://downloads.sourceforge.net/infozip/unzip60.tar.gz @@ -9,16 +9,16 @@ Group: System Environment/Utilities Vendor: Microsoft Corporation Distribution: Mariner -Patch0: cve-2014-9636.patch -Patch1: cve-2015-1315.patch +Patch0: CVE-2014-9636.patch +Patch1: CVE-2015-1315.patch Patch2: CVE-2015-7696.patch -Patch3: unzip-CVE-2016-9844.patch -Patch4: unzip-CVE-2014-9913.patch +Patch3: CVE-2016-9844.patch +Patch4: CVE-2014-9913.patch # Fixes CVE-2018-18384 Patch5: unzip_cfactor_overflow.patch -Patch6: unzip-6.0-cve-2014-8139.patch -Patch7: unzip-6.0-cve-2014-8140.patch -Patch8: unzip-6.0-cve-2014-8141.patch +Patch6: CVE-2014-8139.patch +Patch7: CVE-2014-8140.patch +Patch8: CVE-2014-8141.patch # Fixes CVE-2019-13232 Patch9: unzip-zipbomb-part1.patch Patch10: unzip-zipbomb-part2.patch @@ -26,7 +26,7 @@ Patch11: unzip-zipbomb-part3.patch Patch12: unzip-zipbomb-manpage.patch Patch13: CVE-2015-7697.patch # Fixes CVE-2018-1000035 -Patch14: unzip-6.0-cve-2018-1000035-heap-based-overflow.patch +Patch14: CVE-2018-1000035.patch # Upstream has fixed CVE-2008-0888 in 6.0 Patch15: CVE-2008-0888.nopatch @@ -86,6 +86,8 @@ make %{?_smp_mflags} check %{_bindir}/* %changelog +* Thu Oct 22 2020 Nicolas Ontiveros 6.0-17 +- Fix names for CVE patches * Mon Sep 28 2020 Daniel McIlvaney 6.0-16 - Nopatch CVE-2008-0888, fixed in 6.0 * Thu Jul 09 2020 Daniel McIlvaney 6.0-15 diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index a440121be13..e05545cb967 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -370,8 +370,8 @@ tdnf-plugin-repogpgcheck-2.1.0-4.cm1.aarch64.rpm tdnf-python-2.1.0-4.cm1.aarch64.rpm texinfo-6.5-7.cm1.aarch64.rpm texinfo-debuginfo-6.5-7.cm1.aarch64.rpm -unzip-6.0-16.cm1.aarch64.rpm -unzip-debuginfo-6.0-16.cm1.aarch64.rpm +unzip-6.0-17.cm1.aarch64.rpm +unzip-debuginfo-6.0-17.cm1.aarch64.rpm util-linux-2.32.1-3.cm1.aarch64.rpm util-linux-debuginfo-2.32.1-3.cm1.aarch64.rpm util-linux-devel-2.32.1-3.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index fe801ced5cf..a9f7188658b 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -370,8 +370,8 @@ tdnf-plugin-repogpgcheck-2.1.0-4.cm1.x86_64.rpm tdnf-python-2.1.0-4.cm1.x86_64.rpm texinfo-6.5-7.cm1.x86_64.rpm texinfo-debuginfo-6.5-7.cm1.x86_64.rpm -unzip-6.0-16.cm1.x86_64.rpm -unzip-debuginfo-6.0-16.cm1.x86_64.rpm +unzip-6.0-17.cm1.x86_64.rpm +unzip-debuginfo-6.0-17.cm1.x86_64.rpm util-linux-2.32.1-3.cm1.x86_64.rpm util-linux-debuginfo-2.32.1-3.cm1.x86_64.rpm util-linux-devel-2.32.1-3.cm1.x86_64.rpm From fca1bb79303a7d5e038b0e493ec982f569300261 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 22 Oct 2020 12:46:11 -0700 Subject: [PATCH 007/145] Patch CVE-2019-12972 in binutils --- SPECS/binutils/CVE-2019-12972.patch | 12 ++++++++++++ SPECS/binutils/binutils.spec | 11 +++++++---- 2 files changed, 19 insertions(+), 4 deletions(-) create mode 100644 SPECS/binutils/CVE-2019-12972.patch diff --git a/SPECS/binutils/CVE-2019-12972.patch b/SPECS/binutils/CVE-2019-12972.patch new file mode 100644 index 00000000000..fe0993efd29 --- /dev/null +++ b/SPECS/binutils/CVE-2019-12972.patch @@ -0,0 +1,12 @@ +--- a/bfd/elfcode.h ++++ b/bfd/elfcode.h +@@ -755,7 +755,8 @@ + /* A further sanity check. */ + if (i_ehdrp->e_shnum != 0) + { +- if (i_ehdrp->e_shstrndx >= elf_numsections (abfd)) ++ if (i_ehdrp->e_shstrndx >= elf_numsections (abfd) ++ || i_shdrp[i_ehdrp->e_shstrndx].sh_type != SHT_STRTAB) + { + /* PR 2257: + We used to just goto got_wrong_format_error here diff --git a/SPECS/binutils/binutils.spec b/SPECS/binutils/binutils.spec index bd55d405122..d06fea65e3e 100644 --- a/SPECS/binutils/binutils.spec +++ b/SPECS/binutils/binutils.spec @@ -1,7 +1,7 @@ Summary: Contains a linker, an assembler, and other tools Name: binutils Version: 2.32 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ URL: http://www.gnu.org/software/binutils Group: System Environment/Base @@ -11,6 +11,7 @@ Source0: http://ftp.gnu.org/gnu/binutils/%{name}-%{version}.tar.xz Patch0: CVE-2019-9070.nopatch Patch1: CVE-2019-9075.patch Patch2: CVE-2019-9077.patch +Patch3: CVE-2019-12972.patch %description The Binutils package contains a linker, an assembler, @@ -28,6 +29,7 @@ for handling compiled objects. %setup -q %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build %configure \ @@ -111,9 +113,10 @@ make %{?_smp_mflags} check %{_libdir}/libopcodes.so %changelog -* Sat May 09 00:21:17 PST 2020 Nick Samson - 2.32-3 -- Added %%license line automatically - +* Thu Oct 22 2020 Nicolas Ontiveros 2.32-4 +- Fix CVE-2019-12972. +* Sat May 09 2020 Nick Samson 2.32-3 +- Added %%license line automatically * Wed May 06 2020 Nicolas Ontiveros 2.32-2 - Fix CVE-2019-9077. - Fix CVE-2019-9075. From 234def32a825b6bf45b69a7f22cf88121df048d2 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 22 Oct 2020 12:57:58 -0700 Subject: [PATCH 008/145] Fix CVE-2019-14250 --- SPECS/binutils/CVE-2019-14250.patch | 17 +++++++++++++++++ SPECS/binutils/binutils.spec | 3 +++ 2 files changed, 20 insertions(+) create mode 100644 SPECS/binutils/CVE-2019-14250.patch diff --git a/SPECS/binutils/CVE-2019-14250.patch b/SPECS/binutils/CVE-2019-14250.patch new file mode 100644 index 00000000000..4ee873ac810 --- /dev/null +++ b/SPECS/binutils/CVE-2019-14250.patch @@ -0,0 +1,17 @@ +--- a/libiberty/simple-object-elf.c ++++ b/libiberty/simple-object-elf.c +@@ -548,6 +548,14 @@ + XDELETE (eor); + return NULL; + } ++ ++ if (!eor->shstrndx) ++ { ++ *errmsg = "invalid ELF shstrndx == 0"; ++ *err = 0; ++ XDELETE (eor); ++ return NULL; ++ } + + return (void *) eor; + } diff --git a/SPECS/binutils/binutils.spec b/SPECS/binutils/binutils.spec index d06fea65e3e..7cbfb0d63f6 100644 --- a/SPECS/binutils/binutils.spec +++ b/SPECS/binutils/binutils.spec @@ -12,6 +12,7 @@ Patch0: CVE-2019-9070.nopatch Patch1: CVE-2019-9075.patch Patch2: CVE-2019-9077.patch Patch3: CVE-2019-12972.patch +Patch4: CVE-2019-14250.patch %description The Binutils package contains a linker, an assembler, @@ -30,6 +31,7 @@ for handling compiled objects. %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 %build %configure \ @@ -115,6 +117,7 @@ make %{?_smp_mflags} check %changelog * Thu Oct 22 2020 Nicolas Ontiveros 2.32-4 - Fix CVE-2019-12972. +- Fix CVE-2019-14250. * Sat May 09 2020 Nick Samson 2.32-3 - Added %%license line automatically * Wed May 06 2020 Nicolas Ontiveros 2.32-2 From f6a5fb9955adb916e1058148d29e1e3bdb79d010 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 22 Oct 2020 13:18:07 -0700 Subject: [PATCH 009/145] Fix CVE-2019-14444 --- SPECS/binutils/CVE-2019-14444.patch | 11 +++++++++++ SPECS/binutils/binutils.spec | 3 +++ 2 files changed, 14 insertions(+) create mode 100644 SPECS/binutils/CVE-2019-14444.patch diff --git a/SPECS/binutils/CVE-2019-14444.patch b/SPECS/binutils/CVE-2019-14444.patch new file mode 100644 index 00000000000..4647fb9314c --- /dev/null +++ b/SPECS/binutils/CVE-2019-14444.patch @@ -0,0 +1,11 @@ +--- a/binutils/readelf.c ++++ b/binutils/readelf.c +@@ -13213,7 +13213,7 @@ + } + + rloc = start + rp->r_offset; +- if ((rloc + reloc_size) > end || (rloc < start)) ++ if (rloc >= end || (rloc + reloc_size) > end || (rloc < start)) + { + warn (_("skipping invalid relocation offset 0x%lx in section %s\n"), + (unsigned long) rp->r_offset, diff --git a/SPECS/binutils/binutils.spec b/SPECS/binutils/binutils.spec index 7cbfb0d63f6..c428e233d93 100644 --- a/SPECS/binutils/binutils.spec +++ b/SPECS/binutils/binutils.spec @@ -13,6 +13,7 @@ Patch1: CVE-2019-9075.patch Patch2: CVE-2019-9077.patch Patch3: CVE-2019-12972.patch Patch4: CVE-2019-14250.patch +Patch5: CVE-2019-14444.patch %description The Binutils package contains a linker, an assembler, @@ -32,6 +33,7 @@ for handling compiled objects. %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 %build %configure \ @@ -118,6 +120,7 @@ make %{?_smp_mflags} check * Thu Oct 22 2020 Nicolas Ontiveros 2.32-4 - Fix CVE-2019-12972. - Fix CVE-2019-14250. +- Fix CVE-2019-14444. * Sat May 09 2020 Nick Samson 2.32-3 - Added %%license line automatically * Wed May 06 2020 Nicolas Ontiveros 2.32-2 From fb1a9b4e37c247da2ead58e64c79b4c10f75739c Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 22 Oct 2020 13:42:33 -0700 Subject: [PATCH 010/145] Patch CVE-2019-9071 --- SPECS/binutils/CVE-2019-9071.patch | 110 +++++++++++++++++++++++++++++ SPECS/binutils/binutils.spec | 3 + 2 files changed, 113 insertions(+) create mode 100644 SPECS/binutils/CVE-2019-9071.patch diff --git a/SPECS/binutils/CVE-2019-9071.patch b/SPECS/binutils/CVE-2019-9071.patch new file mode 100644 index 00000000000..7ccf14066f6 --- /dev/null +++ b/SPECS/binutils/CVE-2019-9071.patch @@ -0,0 +1,110 @@ +--- a/libiberty/cp-demangle.c ++++ b/libiberty/cp-demangle.c +@@ -861,7 +861,7 @@ + int + cplus_demangle_fill_name (struct demangle_component *p, const char *s, int len) + { +- if (p == NULL || s == NULL || len == 0) ++ if (p == NULL || s == NULL || len <= 0) + return 0; + p->d_printing = 0; + p->type = DEMANGLE_COMPONENT_NAME; +@@ -4055,7 +4055,7 @@ + are larger than the actual numbers encountered. */ + + static void +-d_count_templates_scopes (int *num_templates, int *num_scopes, ++d_count_templates_scopes (struct d_print_info *dpi, + const struct demangle_component *dc) + { + if (dc == NULL) +@@ -4075,13 +4075,13 @@ + break; + + case DEMANGLE_COMPONENT_TEMPLATE: +- (*num_templates)++; ++ dpi->num_copy_templates++; + goto recurse_left_right; + + case DEMANGLE_COMPONENT_REFERENCE: + case DEMANGLE_COMPONENT_RVALUE_REFERENCE: + if (d_left (dc)->type == DEMANGLE_COMPONENT_TEMPLATE_PARAM) +- (*num_scopes)++; ++ dpi->num_saved_scopes++; + goto recurse_left_right; + + case DEMANGLE_COMPONENT_QUAL_NAME: +@@ -4146,42 +4146,42 @@ + case DEMANGLE_COMPONENT_TAGGED_NAME: + case DEMANGLE_COMPONENT_CLONE: + recurse_left_right: +- d_count_templates_scopes (num_templates, num_scopes, +- d_left (dc)); +- d_count_templates_scopes (num_templates, num_scopes, +- d_right (dc)); ++ /* PR 89394 - Check for too much recursion. */ ++ if (dpi->recursion > DEMANGLE_RECURSION_LIMIT) ++ /* FIXME: There ought to be a way to report to the ++ user that the recursion limit has been reached. */ ++ return; ++ ++ ++ dpi->recursion; ++ d_count_templates_scopes (dpi, d_left (dc)); ++ d_count_templates_scopes (dpi, d_right (dc)); ++ -- dpi->recursion; + break; + + case DEMANGLE_COMPONENT_CTOR: +- d_count_templates_scopes (num_templates, num_scopes, +- dc->u.s_ctor.name); ++ d_count_templates_scopes (dpi, dc->u.s_ctor.name); + break; + + case DEMANGLE_COMPONENT_DTOR: +- d_count_templates_scopes (num_templates, num_scopes, +- dc->u.s_dtor.name); ++ d_count_templates_scopes (dpi, dc->u.s_dtor.name); + break; + + case DEMANGLE_COMPONENT_EXTENDED_OPERATOR: +- d_count_templates_scopes (num_templates, num_scopes, +- dc->u.s_extended_operator.name); ++ d_count_templates_scopes (dpi, dc->u.s_extended_operator.name); + break; + + case DEMANGLE_COMPONENT_FIXED_TYPE: +- d_count_templates_scopes (num_templates, num_scopes, +- dc->u.s_fixed.length); ++ d_count_templates_scopes (dpi, dc->u.s_fixed.length); + break; + + case DEMANGLE_COMPONENT_GLOBAL_CONSTRUCTORS: + case DEMANGLE_COMPONENT_GLOBAL_DESTRUCTORS: +- d_count_templates_scopes (num_templates, num_scopes, +- d_left (dc)); ++ d_count_templates_scopes (dpi, d_left (dc)); + break; + + case DEMANGLE_COMPONENT_LAMBDA: + case DEMANGLE_COMPONENT_DEFAULT_ARG: +- d_count_templates_scopes (num_templates, num_scopes, +- dc->u.s_unary_num.sub); ++ d_count_templates_scopes (dpi, dc->u.s_unary_num.sub); + break; + } + } +@@ -4216,8 +4216,12 @@ + dpi->next_copy_template = 0; + dpi->num_copy_templates = 0; + +- d_count_templates_scopes (&dpi->num_copy_templates, +- &dpi->num_saved_scopes, dc); ++ d_count_templates_scopes (dpi, dc); ++ /* If we did not reach the recursion limit, then reset the ++ current recursion value back to 0, so that we can print ++ the templates. */ ++ if (dpi->recursion < DEMANGLE_RECURSION_LIMIT) ++ dpi->recursion = 0; + dpi->num_copy_templates *= dpi->num_saved_scopes; + + dpi->current_template = NULL; diff --git a/SPECS/binutils/binutils.spec b/SPECS/binutils/binutils.spec index c428e233d93..142e4133523 100644 --- a/SPECS/binutils/binutils.spec +++ b/SPECS/binutils/binutils.spec @@ -14,6 +14,7 @@ Patch2: CVE-2019-9077.patch Patch3: CVE-2019-12972.patch Patch4: CVE-2019-14250.patch Patch5: CVE-2019-14444.patch +Patch6: CVE-2019-9071.patch %description The Binutils package contains a linker, an assembler, @@ -34,6 +35,7 @@ for handling compiled objects. %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 %build %configure \ @@ -121,6 +123,7 @@ make %{?_smp_mflags} check - Fix CVE-2019-12972. - Fix CVE-2019-14250. - Fix CVE-2019-14444. +- Fix CVE-2019-9071. * Sat May 09 2020 Nick Samson 2.32-3 - Added %%license line automatically * Wed May 06 2020 Nicolas Ontiveros 2.32-2 From 95938a8b4ffeb9a6d2f422de25b2c4ff428641a4 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 22 Oct 2020 13:48:53 -0700 Subject: [PATCH 011/145] Nopatch CVE-2019-9072 --- SPECS/binutils/CVE-2019-9072.nopatch | 0 SPECS/binutils/binutils.spec | 5 +++++ 2 files changed, 5 insertions(+) create mode 100644 SPECS/binutils/CVE-2019-9072.nopatch diff --git a/SPECS/binutils/CVE-2019-9072.nopatch b/SPECS/binutils/CVE-2019-9072.nopatch new file mode 100644 index 00000000000..e69de29bb2d diff --git a/SPECS/binutils/binutils.spec b/SPECS/binutils/binutils.spec index 142e4133523..fc17f347867 100644 --- a/SPECS/binutils/binutils.spec +++ b/SPECS/binutils/binutils.spec @@ -16,6 +16,9 @@ Patch4: CVE-2019-14250.patch Patch5: CVE-2019-14444.patch Patch6: CVE-2019-9071.patch +# Binutils commmunity does not consider this a bug +Patch7: CVE-2019-9072.nopatch + %description The Binutils package contains a linker, an assembler, and other tools for handling object files. @@ -36,6 +39,7 @@ for handling compiled objects. %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 %build %configure \ @@ -124,6 +128,7 @@ make %{?_smp_mflags} check - Fix CVE-2019-14250. - Fix CVE-2019-14444. - Fix CVE-2019-9071. +- No patch CVE-2019-9072. * Sat May 09 2020 Nick Samson 2.32-3 - Added %%license line automatically * Wed May 06 2020 Nicolas Ontiveros 2.32-2 From 615d12fdd302e852404fed9b2803b0e6f4b8c8af Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 22 Oct 2020 14:02:40 -0700 Subject: [PATCH 012/145] Patch CVE-2019-9073 --- SPECS/binutils/CVE-2019-9073.patch | 13 +++++++++++++ SPECS/binutils/binutils.spec | 5 +++-- 2 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 SPECS/binutils/CVE-2019-9073.patch diff --git a/SPECS/binutils/CVE-2019-9073.patch b/SPECS/binutils/CVE-2019-9073.patch new file mode 100644 index 00000000000..0d44fe81a6e --- /dev/null +++ b/SPECS/binutils/CVE-2019-9073.patch @@ -0,0 +1,13 @@ +--- a/binutils/objdump.c ++++ b/binutils/objdump.c +@@ -3178,7 +3178,9 @@ + static void + dump_bfd_private_header (bfd *abfd) + { +- bfd_print_private_bfd_data (abfd, stdout); ++ if (!bfd_print_private_bfd_data (abfd, stdout)) ++ non_fatal (_("warning: private headers incomplete: %s"), ++ bfd_errmsg (bfd_get_error ())); + } + + static void diff --git a/SPECS/binutils/binutils.spec b/SPECS/binutils/binutils.spec index fc17f347867..0ba38b74b9a 100644 --- a/SPECS/binutils/binutils.spec +++ b/SPECS/binutils/binutils.spec @@ -15,9 +15,9 @@ Patch3: CVE-2019-12972.patch Patch4: CVE-2019-14250.patch Patch5: CVE-2019-14444.patch Patch6: CVE-2019-9071.patch - # Binutils commmunity does not consider this a bug Patch7: CVE-2019-9072.nopatch +Patch8: CVE-2019-9073.patch %description The Binutils package contains a linker, an assembler, @@ -39,7 +39,7 @@ for handling compiled objects. %patch4 -p1 %patch5 -p1 %patch6 -p1 -%patch7 -p1 +%patch8 -p1 %build %configure \ @@ -129,6 +129,7 @@ make %{?_smp_mflags} check - Fix CVE-2019-14444. - Fix CVE-2019-9071. - No patch CVE-2019-9072. +- Fix CVE-2019-9073. * Sat May 09 2020 Nick Samson 2.32-3 - Added %%license line automatically * Wed May 06 2020 Nicolas Ontiveros 2.32-2 From dd80c1657569c3f3da6befecf7ef4746b56ded48 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 22 Oct 2020 14:13:12 -0700 Subject: [PATCH 013/145] Patch CVE-2019-9074 --- SPECS/binutils/CVE-2019-9074.patch | 33 ++++++++++++++++++++++++++++++ SPECS/binutils/binutils.spec | 3 +++ 2 files changed, 36 insertions(+) create mode 100644 SPECS/binutils/CVE-2019-9074.patch diff --git a/SPECS/binutils/CVE-2019-9074.patch b/SPECS/binutils/CVE-2019-9074.patch new file mode 100644 index 00000000000..721b72a474a --- /dev/null +++ b/SPECS/binutils/CVE-2019-9074.patch @@ -0,0 +1,33 @@ +--- a/bfd/pei-x86_64.c ++++ b/bfd/pei-x86_64.c +@@ -541,7 +541,7 @@ + /* virt_size might be zero for objects. */ + if (stop == 0 && strcmp (abfd->xvec->name, "pe-x86-64") == 0) + { +- stop = (datasize / onaline) * onaline; ++ stop = datasize; + virt_size_is_zero = TRUE; + } + else if (datasize < stop) +@@ -551,8 +551,8 @@ + _("Warning: %s section size (%ld) is smaller than virtual size (%ld)\n"), + pdata_section->name, (unsigned long) datasize, + (unsigned long) stop); +- /* Be sure not to read passed datasize. */ +- stop = datasize / onaline; ++ /* Be sure not to read past datasize. */ ++ stop = datasize; + } + + /* Display functions table. */ +@@ -724,8 +724,7 @@ + altent += imagebase; + + if (altent >= pdata_vma +- && (altent + PDATA_ROW_SIZE <= pdata_vma +- + pei_section_data (abfd, pdata_section)->virt_size)) ++ && altent - pdata_vma + PDATA_ROW_SIZE <= stop) + { + pex64_get_runtime_function + (abfd, &arf, &pdata[altent - pdata_vma]); + diff --git a/SPECS/binutils/binutils.spec b/SPECS/binutils/binutils.spec index 0ba38b74b9a..f6b3edba2b3 100644 --- a/SPECS/binutils/binutils.spec +++ b/SPECS/binutils/binutils.spec @@ -18,6 +18,7 @@ Patch6: CVE-2019-9071.patch # Binutils commmunity does not consider this a bug Patch7: CVE-2019-9072.nopatch Patch8: CVE-2019-9073.patch +Patch9: CVE-2019-9074.patch %description The Binutils package contains a linker, an assembler, @@ -40,6 +41,7 @@ for handling compiled objects. %patch5 -p1 %patch6 -p1 %patch8 -p1 +%patch9 -p1 %build %configure \ @@ -130,6 +132,7 @@ make %{?_smp_mflags} check - Fix CVE-2019-9071. - No patch CVE-2019-9072. - Fix CVE-2019-9073. +- Fix CVE-2019-9074. * Sat May 09 2020 Nick Samson 2.32-3 - Added %%license line automatically * Wed May 06 2020 Nicolas Ontiveros 2.32-2 From dc1594122364334144a9909a3f8a3b47f819cf66 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 22 Oct 2020 14:32:13 -0700 Subject: [PATCH 014/145] Patch CVE-2019-17450 --- SPECS/binutils/CVE-2019-17450.patch | 62 ++++++++++++++++++++++++++++ SPECS/binutils/CVE-2019-9076.nopatch | 0 SPECS/binutils/binutils.spec | 6 +++ 3 files changed, 68 insertions(+) create mode 100644 SPECS/binutils/CVE-2019-17450.patch create mode 100644 SPECS/binutils/CVE-2019-9076.nopatch diff --git a/SPECS/binutils/CVE-2019-17450.patch b/SPECS/binutils/CVE-2019-17450.patch new file mode 100644 index 00000000000..1a6b98667a5 --- /dev/null +++ b/SPECS/binutils/CVE-2019-17450.patch @@ -0,0 +1,62 @@ +--- a/bfd/dwarf2.c ++++ b/bfd/dwarf2.c +@@ -2803,8 +2803,8 @@ + } + + static bfd_boolean +-find_abstract_instance (struct comp_unit * unit, +- bfd_byte * orig_info_ptr, ++find_abstract_instance (struct comp_unit *unit, ++ unsigned int recur_count, + struct attribute * attr_ptr, + const char ** pname, + bfd_boolean * is_linkage, +@@ -2820,6 +2820,14 @@ + struct attribute attr; + const char *name = NULL; + ++ if (recur_count == 100) ++ { ++ _bfd_error_handler ++ (_("DWARF error: abstract instance recursion detected")); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } ++ + /* DW_FORM_ref_addr can reference an entry in a different CU. It + is an offset from the .debug_info section, not the current CU. */ + if (attr_ptr->form == DW_FORM_ref_addr) +@@ -2939,15 +2947,6 @@ + info_ptr, info_ptr_end); + if (info_ptr == NULL) + break; +- /* It doesn't ever make sense for DW_AT_specification to +- refer to the same DIE. Stop simple recursion. */ +- if (info_ptr == orig_info_ptr) +- { +- _bfd_error_handler +- (_("DWARF error: abstract instance recursion detected")); +- bfd_set_error (bfd_error_bad_value); +- return FALSE; +- } + switch (attr.name) + { + case DW_AT_name: +@@ -2961,7 +2960,7 @@ + } + break; + case DW_AT_specification: +- if (!find_abstract_instance (unit, info_ptr, &attr, ++ if (!find_abstract_instance (unit, &attr, recur_count + 1, + &name, is_linkage, + filename_ptr, linenumber_ptr)) + return FALSE; +@@ -3175,7 +3174,7 @@ + + case DW_AT_abstract_origin: + case DW_AT_specification: +- if (!find_abstract_instance (unit, info_ptr, &attr, ++ if (!find_abstract_instance (unit, &attr, 0, + &func->name, + &func->is_linkage, + &func->file, diff --git a/SPECS/binutils/CVE-2019-9076.nopatch b/SPECS/binutils/CVE-2019-9076.nopatch new file mode 100644 index 00000000000..e69de29bb2d diff --git a/SPECS/binutils/binutils.spec b/SPECS/binutils/binutils.spec index f6b3edba2b3..4f57a02033e 100644 --- a/SPECS/binutils/binutils.spec +++ b/SPECS/binutils/binutils.spec @@ -19,6 +19,9 @@ Patch6: CVE-2019-9071.patch Patch7: CVE-2019-9072.nopatch Patch8: CVE-2019-9073.patch Patch9: CVE-2019-9074.patch +# Binutils community does not consider this a bug +Patch10: CVE-2019-9076.nopatch +Patch11: CVE-2019-17450.patch %description The Binutils package contains a linker, an assembler, @@ -42,6 +45,7 @@ for handling compiled objects. %patch6 -p1 %patch8 -p1 %patch9 -p1 +%patch11 -p1 %build %configure \ @@ -133,6 +137,8 @@ make %{?_smp_mflags} check - No patch CVE-2019-9072. - Fix CVE-2019-9073. - Fix CVE-2019-9074. +- No patch CVE-2019-9076. +- Fix CVE-2019-17450. * Sat May 09 2020 Nick Samson 2.32-3 - Added %%license line automatically * Wed May 06 2020 Nicolas Ontiveros 2.32-2 From 57bfd2059fac7f87a624dfafe4a83ecb05e6fbfe Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 22 Oct 2020 14:49:25 -0700 Subject: [PATCH 015/145] Fix CVE-2019-17451 --- SPECS/binutils/CVE-2019-17451.patch | 20 ++++++++++++++++++++ SPECS/binutils/binutils.spec | 3 +++ 2 files changed, 23 insertions(+) create mode 100644 SPECS/binutils/CVE-2019-17451.patch diff --git a/SPECS/binutils/CVE-2019-17451.patch b/SPECS/binutils/CVE-2019-17451.patch new file mode 100644 index 00000000000..1afa4c8d0f4 --- /dev/null +++ b/SPECS/binutils/CVE-2019-17451.patch @@ -0,0 +1,20 @@ +--- a/bfd/dwarf2.c ++++ b/bfd/dwarf2.c +@@ -4426,7 +4425,16 @@ + for (total_size = 0; + msec; + msec = find_debug_info (debug_bfd, debug_sections, msec)) +- total_size += msec->size; ++ { ++ /* Catch PR25070 testcase overflowing size calculation here. */ ++ if (total_size + msec->size < total_size ++ || total_size + msec->size < msec->size) ++ { ++ bfd_set_error (bfd_error_no_memory); ++ return FALSE; ++ } ++ total_size += msec->size; ++ } + + stash->info_ptr_memory = (bfd_byte *) bfd_malloc (total_size); + if (stash->info_ptr_memory == NULL) diff --git a/SPECS/binutils/binutils.spec b/SPECS/binutils/binutils.spec index 4f57a02033e..d402673fe65 100644 --- a/SPECS/binutils/binutils.spec +++ b/SPECS/binutils/binutils.spec @@ -22,6 +22,7 @@ Patch9: CVE-2019-9074.patch # Binutils community does not consider this a bug Patch10: CVE-2019-9076.nopatch Patch11: CVE-2019-17450.patch +Patch12: CVE-2019-17451.patch %description The Binutils package contains a linker, an assembler, @@ -46,6 +47,7 @@ for handling compiled objects. %patch8 -p1 %patch9 -p1 %patch11 -p1 +%patch12 -p1 %build %configure \ @@ -139,6 +141,7 @@ make %{?_smp_mflags} check - Fix CVE-2019-9074. - No patch CVE-2019-9076. - Fix CVE-2019-17450. +- Fix CVE-2019-17451. * Sat May 09 2020 Nick Samson 2.32-3 - Added %%license line automatically * Wed May 06 2020 Nicolas Ontiveros 2.32-2 From b9b483602dbdcf7323d5324dea2792f61c1c77d6 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 22 Oct 2020 14:51:52 -0700 Subject: [PATCH 016/145] Update pkggen and toolchain txt files --- toolkit/resources/manifests/package/pkggen_core_aarch64.txt | 4 ++-- toolkit/resources/manifests/package/pkggen_core_x86_64.txt | 4 ++-- toolkit/resources/manifests/package/toolchain_aarch64.txt | 6 +++--- toolkit/resources/manifests/package/toolchain_x86_64.txt | 6 +++--- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 5d03e1c1aaa..566399fa3e4 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -12,8 +12,8 @@ zlib-devel-1.2.11-3.cm1.aarch64.rpm file-5.38-1.cm1.aarch64.rpm file-devel-5.38-1.cm1.aarch64.rpm file-libs-5.38-1.cm1.aarch64.rpm -binutils-2.32-3.cm1.aarch64.rpm -binutils-devel-2.32-3.cm1.aarch64.rpm +binutils-2.32-4.cm1.aarch64.rpm +binutils-devel-2.32-4.cm1.aarch64.rpm gmp-6.1.2-5.cm1.aarch64.rpm gmp-devel-6.1.2-5.cm1.aarch64.rpm mpfr-4.0.1-3.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 4f7a37dd685..0052977013b 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -12,8 +12,8 @@ zlib-devel-1.2.11-3.cm1.x86_64.rpm file-5.38-1.cm1.x86_64.rpm file-devel-5.38-1.cm1.x86_64.rpm file-libs-5.38-1.cm1.x86_64.rpm -binutils-2.32-3.cm1.x86_64.rpm -binutils-devel-2.32-3.cm1.x86_64.rpm +binutils-2.32-4.cm1.x86_64.rpm +binutils-devel-2.32-4.cm1.x86_64.rpm gmp-6.1.2-5.cm1.x86_64.rpm gmp-devel-6.1.2-5.cm1.x86_64.rpm mpfr-4.0.1-3.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index a440121be13..325c7cb46ea 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -8,9 +8,9 @@ bash-4.4.18-5.cm1.aarch64.rpm bash-debuginfo-4.4.18-5.cm1.aarch64.rpm bash-devel-4.4.18-5.cm1.aarch64.rpm bash-lang-4.4.18-5.cm1.aarch64.rpm -binutils-2.32-3.cm1.aarch64.rpm -binutils-debuginfo-2.32-3.cm1.aarch64.rpm -binutils-devel-2.32-3.cm1.aarch64.rpm +binutils-2.32-4.cm1.aarch64.rpm +binutils-debuginfo-2.32-4.cm1.aarch64.rpm +binutils-devel-2.32-4.cm1.aarch64.rpm bison-3.1-3.cm1.aarch64.rpm bison-debuginfo-3.1-3.cm1.aarch64.rpm bzip2-1.0.6-15.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index fe801ced5cf..e7d1c6ea6d8 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -8,9 +8,9 @@ bash-4.4.18-5.cm1.x86_64.rpm bash-debuginfo-4.4.18-5.cm1.x86_64.rpm bash-devel-4.4.18-5.cm1.x86_64.rpm bash-lang-4.4.18-5.cm1.x86_64.rpm -binutils-2.32-3.cm1.x86_64.rpm -binutils-debuginfo-2.32-3.cm1.x86_64.rpm -binutils-devel-2.32-3.cm1.x86_64.rpm +binutils-2.32-4.cm1.x86_64.rpm +binutils-debuginfo-2.32-4.cm1.x86_64.rpm +binutils-devel-2.32-4.cm1.x86_64.rpm bison-3.1-3.cm1.x86_64.rpm bison-debuginfo-3.1-3.cm1.x86_64.rpm bzip2-1.0.6-15.cm1.x86_64.rpm From da7210e6cc7259f8c3ddf3c897f85192b45fd815 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Fri, 23 Oct 2020 08:38:38 -0700 Subject: [PATCH 017/145] No patch CVE-2007-4559 --- SPECS/python2/CVE-2007-4559.nopatch | 0 SPECS/python2/python2.spec | 3 +++ 2 files changed, 3 insertions(+) create mode 100644 SPECS/python2/CVE-2007-4559.nopatch diff --git a/SPECS/python2/CVE-2007-4559.nopatch b/SPECS/python2/CVE-2007-4559.nopatch new file mode 100644 index 00000000000..e69de29bb2d diff --git a/SPECS/python2/python2.spec b/SPECS/python2/python2.spec index ac1bd7a8170..b3ed8053c0d 100644 --- a/SPECS/python2/python2.spec +++ b/SPECS/python2/python2.spec @@ -24,6 +24,8 @@ Patch7: CVE-2017-17522.nopatch # Ignore CVE-2019-9674 since the community agreed it shouldn't be patched and upstream # documentation is updated Patch8: CVE-2019-9674.nopatch +# Ignore CVE-2007-4559 since upstream community agreed it shouldn't be patched +Patch9: CVE-2007-4559.nopatch BuildRequires: pkg-config >= 0.28 BuildRequires: bzip2-devel BuildRequires: openssl-devel @@ -251,6 +253,7 @@ make test - Ignore CVE-2019-9674 - Fix CVE-2019-20907 - Fix CVE-2020-26116 +- Ignore CVE-2007-4559 * Thu Sep 10 2020 Thomas Crain - 2.7.18-3 - Ignore CVE-2017-17522 because it is widely agreed upon to not be a security vulnerability From dca52581ad55044b871cb3dbafdffd79eaff4128 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Fri, 23 Oct 2020 12:04:05 -0700 Subject: [PATCH 018/145] Patch CVE-2017-18207 --- SPECS/python2/CVE-2017-18207.patch | 54 ++++++++++++++++++++++++++++++ SPECS/python2/python2.spec | 11 +++--- 2 files changed, 61 insertions(+), 4 deletions(-) create mode 100644 SPECS/python2/CVE-2017-18207.patch diff --git a/SPECS/python2/CVE-2017-18207.patch b/SPECS/python2/CVE-2017-18207.patch new file mode 100644 index 00000000000..0eb9489a0e5 --- /dev/null +++ b/SPECS/python2/CVE-2017-18207.patch @@ -0,0 +1,54 @@ +--- a/Lib/aifc.py ++++ b/Lib/aifc.py +@@ -465,6 +465,10 @@ + self._nframes = _read_long(chunk) + self._sampwidth = (_read_short(chunk) + 7) // 8 + self._framerate = int(_read_float(chunk)) ++ if self._sampwidth <= 0: ++ raise Error('bad sample width') ++ if self._nchannels <= 0: ++ raise Error('bad # of channels') + self._framesize = self._nchannels * self._sampwidth + if self._aifc: + #DEBUG: SGI's soundeditor produces a bad size :-( + +--- a/Lib/sunau.py ++++ b/Lib/sunau.py +@@ -194,6 +194,8 @@ + raise Error, 'unknown encoding' + self._framerate = int(_read_u32(file)) + self._nchannels = int(_read_u32(file)) ++ if not self._nchannels: ++ raise Error('bad # of channels') + self._framesize = self._framesize * self._nchannels + if self._hdr_size > 24: + self._info = file.read(self._hdr_size - 24) + +--- a/Lib/wave.py ++++ b/Lib/wave.py +@@ -266,12 +266,22 @@ + # + + def _read_fmt_chunk(self, chunk): +- wFormatTag, self._nchannels, self._framerate, dwAvgBytesPerSec, wBlockAlign = struct.unpack('= 0.28 BuildRequires: bzip2-devel BuildRequires: openssl-devel @@ -129,6 +130,7 @@ The test package contains all regression tests for Python as well as the modules %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 %build export OPT="${CFLAGS} %{openssl_flags}" @@ -254,6 +256,7 @@ make test - Fix CVE-2019-20907 - Fix CVE-2020-26116 - Ignore CVE-2007-4559 +- Fix CVE-2017-18207 * Thu Sep 10 2020 Thomas Crain - 2.7.18-3 - Ignore CVE-2017-17522 because it is widely agreed upon to not be a security vulnerability From 3f20b40dc66c98bc7d2a728d4bdc889184f1d3ef Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Fri, 23 Oct 2020 12:13:08 -0700 Subject: [PATCH 019/145] Ignore CVE-2019-18348 --- SPECS/python2/CVE-2019-18348.nopatch | 0 SPECS/python2/python2.spec | 5 ++++- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 SPECS/python2/CVE-2019-18348.nopatch diff --git a/SPECS/python2/CVE-2019-18348.nopatch b/SPECS/python2/CVE-2019-18348.nopatch new file mode 100644 index 00000000000..e69de29bb2d diff --git a/SPECS/python2/python2.spec b/SPECS/python2/python2.spec index 6303c4218fc..b923f292b25 100644 --- a/SPECS/python2/python2.spec +++ b/SPECS/python2/python2.spec @@ -26,7 +26,9 @@ Patch8: CVE-2017-17522.nopatch # documentation is updated Patch9: CVE-2019-9674.nopatch # Ignore CVE-2007-4559 since upstream community agreed it shouldn't be patched -Patch10: CVE-2007-4559.nopatch +Patch10: CVE-2007-4559.nopatch +# Ignore CVE-2019-18348 since it is patched in Python 2.7 +Patch11: CVE-2019-18348.nopatch BuildRequires: pkg-config >= 0.28 BuildRequires: bzip2-devel BuildRequires: openssl-devel @@ -257,6 +259,7 @@ make test - Fix CVE-2020-26116 - Ignore CVE-2007-4559 - Fix CVE-2017-18207 +- Ignore CVE-2019-18348 * Thu Sep 10 2020 Thomas Crain - 2.7.18-3 - Ignore CVE-2017-17522 because it is widely agreed upon to not be a security vulnerability From e9d587aa940037a9fccd328b9ef11c1399eeaa6e Mon Sep 17 00:00:00 2001 From: Henry Li Date: Fri, 23 Oct 2020 14:40:43 -0700 Subject: [PATCH 020/145] fix CVE-2020-14147 --- SPECS/redis/CVE-2020-14147.patch | 41 ++++++++++++++++++++++++++++++++ SPECS/redis/redis.spec | 6 ++++- 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 SPECS/redis/CVE-2020-14147.patch diff --git a/SPECS/redis/CVE-2020-14147.patch b/SPECS/redis/CVE-2020-14147.patch new file mode 100644 index 00000000000..71ca654917d --- /dev/null +++ b/SPECS/redis/CVE-2020-14147.patch @@ -0,0 +1,41 @@ +diff --git a/deps/lua/src/lua_struct.c b/../redis/deps/lua/src/lua_struct.c +index 4d5f027..c58c8e7 100644 +--- a/deps/lua/src/lua_struct.c ++++ b/../redis/deps/lua/src/lua_struct.c +@@ -89,12 +89,14 @@ typedef struct Header { + } Header; + + +-static int getnum (const char **fmt, int df) { ++static int getnum (lua_State *L, const char **fmt, int df) { + if (!isdigit(**fmt)) /* no number? */ + return df; /* return default value */ + else { + int a = 0; + do { ++ if (a > (INT_MAX / 10) || a * 10 > (INT_MAX - (**fmt - '0'))) ++ luaL_error(L, "integral size overflow"); + a = a*10 + *((*fmt)++) - '0'; + } while (isdigit(**fmt)); + return a; +@@ -115,9 +117,9 @@ static size_t optsize (lua_State *L, char opt, const char **fmt) { + case 'f': return sizeof(float); + case 'd': return sizeof(double); + case 'x': return 1; +- case 'c': return getnum(fmt, 1); ++ case 'c': return getnum(L, fmt, 1); + case 'i': case 'I': { +- int sz = getnum(fmt, sizeof(int)); ++ int sz = getnum(L, fmt, sizeof(int)); + if (sz > MAXINTSIZE) + luaL_error(L, "integral size %d is larger than limit of %d", + sz, MAXINTSIZE); +@@ -150,7 +152,7 @@ static void controloptions (lua_State *L, int opt, const char **fmt, + case '>': h->endian = BIG; return; + case '<': h->endian = LITTLE; return; + case '!': { +- int a = getnum(fmt, MAXALIGN); ++ int a = getnum(L, fmt, MAXALIGN); + if (!isp2(a)) + luaL_error(L, "alignment %d is not a power of 2", a); + h->align = a; diff --git a/SPECS/redis/redis.spec b/SPECS/redis/redis.spec index 8085d9be45a..ecd933762d2 100644 --- a/SPECS/redis/redis.spec +++ b/SPECS/redis/redis.spec @@ -1,7 +1,7 @@ Summary: advanced key-value store Name: redis Version: 5.0.5 -Release: 3%{?dist} +Release: 4%{?dist} License: BSD URL: http://redis.io/ Group: Applications/Databases @@ -10,6 +10,7 @@ Distribution: Mariner Source0: http://download.redis.io/releases/%{name}-%{version}.tar.gz %define sha1 redis=71e38ae09ac70012b5bc326522b976bcb8e269d6 Patch0: redis-conf.patch +Patch1: CVE-2020-14147.patch BuildRequires: gcc BuildRequires: systemd BuildRequires: make @@ -25,6 +26,7 @@ Redis is an in-memory data structure store, used as database, cache and message %prep %setup -q %patch0 -p1 +%patch1 -p1 %build make %{?_smp_mflags} @@ -84,6 +86,8 @@ exit 0 %config(noreplace) %attr(0640, %{name}, %{name}) %{_sysconfdir}/redis.conf %changelog +* Fri Oct 23 2020 Henry Li - 5.0.5-4 +- Add patch to resolve CVE-2020-14147 * Sat May 09 00:21:01 PST 2020 Nick Samson - 5.0.5-3 - Added %%license line automatically From 6182dbd17aff50213fc8a05ec71d739cb425ae70 Mon Sep 17 00:00:00 2001 From: Henry Li Date: Fri, 23 Oct 2020 16:09:17 -0700 Subject: [PATCH 021/145] resolve comments --- SPECS/redis/CVE-2020-14147.patch | 4 ++-- SPECS/redis/redis.spec | 17 ++++++++--------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/SPECS/redis/CVE-2020-14147.patch b/SPECS/redis/CVE-2020-14147.patch index 71ca654917d..7648c5e5ed6 100644 --- a/SPECS/redis/CVE-2020-14147.patch +++ b/SPECS/redis/CVE-2020-14147.patch @@ -1,7 +1,7 @@ -diff --git a/deps/lua/src/lua_struct.c b/../redis/deps/lua/src/lua_struct.c +diff --git a/deps/lua/src/lua_struct.c b/deps/lua/src/lua_struct.c index 4d5f027..c58c8e7 100644 --- a/deps/lua/src/lua_struct.c -+++ b/../redis/deps/lua/src/lua_struct.c ++++ b/deps/lua/src/lua_struct.c @@ -89,12 +89,14 @@ typedef struct Header { } Header; diff --git a/SPECS/redis/redis.spec b/SPECS/redis/redis.spec index ecd933762d2..12883f8f487 100644 --- a/SPECS/redis/redis.spec +++ b/SPECS/redis/redis.spec @@ -1,14 +1,13 @@ -Summary: advanced key-value store -Name: redis -Version: 5.0.5 +Summary: advanced key-value store +Name: redis +Version: 5.0.5 Release: 4%{?dist} -License: BSD -URL: http://redis.io/ -Group: Applications/Databases +License: BSD +URL: http://redis.io/ +Group: Applications/Databases Vendor: Microsoft Corporation Distribution: Mariner -Source0: http://download.redis.io/releases/%{name}-%{version}.tar.gz -%define sha1 redis=71e38ae09ac70012b5bc326522b976bcb8e269d6 +Source0: http://download.redis.io/releases/%{name}-%{version}.tar.gz Patch0: redis-conf.patch Patch1: CVE-2020-14147.patch BuildRequires: gcc @@ -17,7 +16,7 @@ BuildRequires: make BuildRequires: which BuildRequires: tcl BuildRequires: tcl-devel -Requires: systemd +Requires: systemd Requires(pre): /usr/sbin/useradd /usr/sbin/groupadd %description From 534d5bfc58ef98786aae06d8ddd9330dfe6455f5 Mon Sep 17 00:00:00 2001 From: jslobodzian Date: Sun, 25 Oct 2020 18:37:45 -0700 Subject: [PATCH 022/145] Revert "Implement "distroless" containers (#252)" (#264) This reverts commit e41efdda19f8fac9a582711a94c0f51b1edb5f92. --- SPECS/busybox/busybox-1.31.1-stime-fix.patch | 24 - SPECS/busybox/busybox-petitboot.config | 1138 ---------------- SPECS/busybox/busybox-static.config | 1147 ----------------- SPECS/busybox/busybox.signatures.json | 7 - SPECS/busybox/busybox.spec | 603 --------- SPECS/ca-certificates/ca-certificates.spec | 42 +- .../distroless-packages.spec | 51 - SPECS/glibc/glibc.spec | 24 +- SPECS/openssl/openssl.spec | 5 +- SPECS/uclibc/CVE-2016-6264.patch | 130 -- .../uclibc/uClibc-0.9.33.2_kernel_long.patch | 81 -- SPECS/uclibc/uClibc.config | 208 --- SPECS/uclibc/uclibc.signatures.json | 6 - SPECS/uclibc/uclibc.spec | 198 --- cgmanifest.json | 20 - toolkit/imageconfigs/distroless-base.json | 20 - .../distroless-packages-container.json | 5 - .../manifests/package/pkggen_core_aarch64.txt | 6 +- .../manifests/package/pkggen_core_x86_64.txt | 6 +- .../manifests/package/toolchain_aarch64.txt | 13 +- .../manifests/package/toolchain_x86_64.txt | 29 +- .../manifests/package/update_manifests.sh | 1 - .../imagegen/installutils/installutils.go | 167 +-- toolkit/tools/imager/imager.go | 23 +- 24 files changed, 67 insertions(+), 3887 deletions(-) delete mode 100644 SPECS/busybox/busybox-1.31.1-stime-fix.patch delete mode 100644 SPECS/busybox/busybox-petitboot.config delete mode 100644 SPECS/busybox/busybox-static.config delete mode 100644 SPECS/busybox/busybox.signatures.json delete mode 100644 SPECS/busybox/busybox.spec delete mode 100644 SPECS/distroless-packages/distroless-packages.spec delete mode 100644 SPECS/uclibc/CVE-2016-6264.patch delete mode 100644 SPECS/uclibc/uClibc-0.9.33.2_kernel_long.patch delete mode 100644 SPECS/uclibc/uClibc.config delete mode 100644 SPECS/uclibc/uclibc.signatures.json delete mode 100644 SPECS/uclibc/uclibc.spec delete mode 100644 toolkit/imageconfigs/distroless-base.json delete mode 100644 toolkit/imageconfigs/packagelists/distroless-packages-container.json diff --git a/SPECS/busybox/busybox-1.31.1-stime-fix.patch b/SPECS/busybox/busybox-1.31.1-stime-fix.patch deleted file mode 100644 index 15af3271520..00000000000 --- a/SPECS/busybox/busybox-1.31.1-stime-fix.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up busybox-1.31.1/libbb/Kbuild.src.stime busybox-1.31.1/libbb/Kbuild.src ---- busybox-1.31.1/libbb/Kbuild.src.stime 2019-11-13 17:08:22.808371597 -0500 -+++ busybox-1.31.1/libbb/Kbuild.src 2019-11-13 17:08:50.154882529 -0500 -@@ -198,3 +198,6 @@ lib-$(CONFIG_FEATURE_FIND_REGEX) += xreg - - # Add the experimental logging functionality, only used by zcip - lib-$(CONFIG_ZCIP) += logenv.o -+ -+lib-$(CONFIG_DATE) += stime.o -+lib-$(CONFIG_RDATE) += stime.o -diff -up busybox-1.31.1/libbb/stime.c.stime busybox-1.31.1/libbb/stime.c ---- busybox-1.31.1/libbb/stime.c.stime 2019-11-13 17:07:06.905723262 -0500 -+++ busybox-1.31.1/libbb/stime.c 2019-11-13 17:07:51.769924328 -0500 -@@ -0,0 +1,10 @@ -+#include -+#include -+ -+int stime(const time_t *t) { -+ struct timeval tv; -+ -+ tv.tv_sec = *t; -+ tv.tv_usec = 0; -+ return settimeofday(&tv, NULL); -+} diff --git a/SPECS/busybox/busybox-petitboot.config b/SPECS/busybox/busybox-petitboot.config deleted file mode 100644 index a655ebe5192..00000000000 --- a/SPECS/busybox/busybox-petitboot.config +++ /dev/null @@ -1,1138 +0,0 @@ -# -# Automatically generated make config: don't edit -# Busybox version: 1.30.1 -# Mon May 13 11:18:37 2019 -# -CONFIG_HAVE_DOT_CONFIG=y -# -# Settings -# -CONFIG_DESKTOP=y -CONFIG_EXTRA_COMPAT=y -CONFIG_FEDORA_COMPAT=y -CONFIG_INCLUDE_SUSv2=y -CONFIG_LONG_OPTS=y -CONFIG_SHOW_USAGE=y -CONFIG_FEATURE_VERBOSE_USAGE=y -CONFIG_FEATURE_COMPRESS_USAGE=y -CONFIG_LFS=y -# CONFIG_PAM is not set -CONFIG_FEATURE_DEVPTS=y -# CONFIG_FEATURE_UTMP is not set -# CONFIG_FEATURE_WTMP is not set -CONFIG_FEATURE_PIDFILE=y -CONFIG_PID_FILE_PATH="/var/run" -CONFIG_BUSYBOX=y -# CONFIG_FEATURE_SHOW_SCRIPT is not set -# CONFIG_FEATURE_INSTALLER is not set -# CONFIG_INSTALL_NO_USR is not set -CONFIG_FEATURE_SUID=y -# CONFIG_FEATURE_SUID_CONFIG is not set -# CONFIG_FEATURE_SUID_CONFIG_QUIET is not set -# CONFIG_FEATURE_PREFER_APPLETS is not set -CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe" -# CONFIG_SELINUX is not set -# CONFIG_FEATURE_CLEAN_UP is not set -CONFIG_PLATFORM_LINUX=y -# -# Build Options -# -# CONFIG_STATIC is not set -# CONFIG_PIE is not set -# CONFIG_NOMMU is not set -# CONFIG_BUILD_LIBBUSYBOX is not set -# CONFIG_FEATURE_LIBBUSYBOX_STATIC is not set -# CONFIG_FEATURE_INDIVIDUAL is not set -# CONFIG_FEATURE_SHARED_BUSYBOX is not set -CONFIG_CROSS_COMPILER_PREFIX="" -CONFIG_SYSROOT="" -CONFIG_EXTRA_CFLAGS="" -CONFIG_EXTRA_LDFLAGS="" -CONFIG_EXTRA_LDLIBS="" -# CONFIG_USE_PORTABLE_CODE is not set -CONFIG_STACK_OPTIMIZATION_386=y -# -# Installation Options ("make install" behavior) -# -CONFIG_INSTALL_APPLET_SYMLINKS=y -# CONFIG_INSTALL_APPLET_HARDLINKS is not set -# CONFIG_INSTALL_APPLET_SCRIPT_WRAPPERS is not set -# CONFIG_INSTALL_APPLET_DONT is not set -# CONFIG_INSTALL_SH_APPLET_SYMLINK is not set -# CONFIG_INSTALL_SH_APPLET_HARDLINK is not set -# CONFIG_INSTALL_SH_APPLET_SCRIPT_WRAPPER is not set -CONFIG_PREFIX="./_install" -# -# Debugging Options -# -# CONFIG_DEBUG is not set -# CONFIG_DEBUG_PESSIMIZE is not set -# CONFIG_DEBUG_SANITIZE is not set -# CONFIG_UNIT_TEST is not set -# CONFIG_WERROR is not set -CONFIG_NO_DEBUG_LIB=y -# CONFIG_DMALLOC is not set -# CONFIG_EFENCE is not set -# -# Library Tuning -# -# CONFIG_FEATURE_USE_BSS_TAIL is not set -CONFIG_FLOAT_DURATION=y -CONFIG_FEATURE_RTMINMAX=y -CONFIG_FEATURE_RTMINMAX_USE_LIBC_DEFINITIONS=y -CONFIG_FEATURE_BUFFERS_USE_MALLOC=y -# CONFIG_FEATURE_BUFFERS_GO_ON_STACK is not set -# CONFIG_FEATURE_BUFFERS_GO_IN_BSS is not set -CONFIG_PASSWORD_MINLEN=6 -CONFIG_MD5_SMALL=3 -CONFIG_SHA3_SMALL=1 -# CONFIG_FEATURE_FAST_TOP is not set -# CONFIG_FEATURE_ETC_NETWORKS is not set -# CONFIG_FEATURE_ETC_SERVICES is not set -CONFIG_FEATURE_EDITING=y -CONFIG_FEATURE_EDITING_MAX_LEN=1024 -CONFIG_FEATURE_EDITING_VI=y -CONFIG_FEATURE_EDITING_HISTORY=15 -CONFIG_FEATURE_EDITING_SAVEHISTORY=y -# CONFIG_FEATURE_EDITING_SAVE_ON_EXIT is not set -CONFIG_FEATURE_REVERSE_SEARCH=y -CONFIG_FEATURE_TAB_COMPLETION=y -# CONFIG_FEATURE_USERNAME_COMPLETION is not set -# CONFIG_FEATURE_EDITING_FANCY_PROMPT is not set -CONFIG_FEATURE_EDITING_WINCH=y -# CONFIG_FEATURE_EDITING_ASK_TERMINAL is not set -# CONFIG_LOCALE_SUPPORT is not set -# CONFIG_UNICODE_SUPPORT is not set -# CONFIG_UNICODE_USING_LOCALE is not set -# CONFIG_FEATURE_CHECK_UNICODE_IN_ENV is not set -CONFIG_SUBST_WCHAR=0 -CONFIG_LAST_SUPPORTED_WCHAR=0 -# CONFIG_UNICODE_COMBINING_WCHARS is not set -# CONFIG_UNICODE_WIDE_WCHARS is not set -# CONFIG_UNICODE_BIDI_SUPPORT is not set -# CONFIG_UNICODE_NEUTRAL_TABLE is not set -# CONFIG_UNICODE_PRESERVE_BROKEN is not set -CONFIG_FEATURE_NON_POSIX_CP=y -# CONFIG_FEATURE_VERBOSE_CP_MESSAGE is not set -CONFIG_FEATURE_USE_SENDFILE=y -CONFIG_FEATURE_COPYBUF_KB=4 -CONFIG_FEATURE_SKIP_ROOTFS=y -CONFIG_MONOTONIC_SYSCALL=y -CONFIG_IOCTL_HEX2STR_ERROR=y -CONFIG_FEATURE_HWIB=y -# -# Applets -# -# -# Archival Utilities -# -CONFIG_FEATURE_SEAMLESS_XZ=y -CONFIG_FEATURE_SEAMLESS_LZMA=y -CONFIG_FEATURE_SEAMLESS_BZ2=y -CONFIG_FEATURE_SEAMLESS_GZ=y -CONFIG_FEATURE_SEAMLESS_Z=y -# CONFIG_AR is not set -# CONFIG_FEATURE_AR_LONG_FILENAMES is not set -# CONFIG_FEATURE_AR_CREATE is not set -# CONFIG_UNCOMPRESS is not set -CONFIG_GUNZIP=y -CONFIG_ZCAT=y -CONFIG_FEATURE_GUNZIP_LONG_OPTIONS=y -CONFIG_BUNZIP2=y -CONFIG_BZCAT=y -CONFIG_UNLZMA=y -CONFIG_LZCAT=y -# CONFIG_LZMA is not set -CONFIG_UNXZ=y -CONFIG_XZCAT=y -# CONFIG_XZ is not set -# CONFIG_BZIP2 is not set -CONFIG_BZIP2_SMALL=0 -CONFIG_FEATURE_BZIP2_DECOMPRESS=y -CONFIG_CPIO=y -CONFIG_FEATURE_CPIO_O=y -CONFIG_FEATURE_CPIO_P=y -# CONFIG_DPKG is not set -# CONFIG_DPKG_DEB is not set -CONFIG_GZIP=y -CONFIG_FEATURE_GZIP_LONG_OPTIONS=y -CONFIG_GZIP_FAST=0 -# CONFIG_FEATURE_GZIP_LEVELS is not set -CONFIG_FEATURE_GZIP_DECOMPRESS=y -# CONFIG_LZOP is not set -# CONFIG_UNLZOP is not set -# CONFIG_LZOPCAT is not set -# CONFIG_LZOP_COMPR_HIGH is not set -# CONFIG_RPM is not set -# CONFIG_RPM2CPIO is not set -CONFIG_TAR=y -CONFIG_FEATURE_TAR_LONG_OPTIONS=y -CONFIG_FEATURE_TAR_CREATE=y -CONFIG_FEATURE_TAR_AUTODETECT=y -CONFIG_FEATURE_TAR_FROM=y -CONFIG_FEATURE_TAR_OLDGNU_COMPATIBILITY=y -CONFIG_FEATURE_TAR_OLDSUN_COMPATIBILITY=y -CONFIG_FEATURE_TAR_GNU_EXTENSIONS=y -CONFIG_FEATURE_TAR_TO_COMMAND=y -CONFIG_FEATURE_TAR_UNAME_GNAME=y -CONFIG_FEATURE_TAR_NOPRESERVE_TIME=y -# CONFIG_FEATURE_TAR_SELINUX is not set -CONFIG_UNZIP=y -CONFIG_FEATURE_UNZIP_CDF=y -CONFIG_FEATURE_UNZIP_BZIP2=y -CONFIG_FEATURE_UNZIP_LZMA=y -CONFIG_FEATURE_UNZIP_XZ=y -# CONFIG_FEATURE_LZMA_FAST is not set -# -# Coreutils -# -CONFIG_BASENAME=y -CONFIG_CAT=y -CONFIG_FEATURE_CATN=y -CONFIG_FEATURE_CATV=y -# CONFIG_CHGRP is not set -# CONFIG_CHMOD is not set -# CONFIG_CHOWN is not set -# CONFIG_FEATURE_CHOWN_LONG_OPTIONS is not set -CONFIG_CHROOT=y -# CONFIG_CKSUM is not set -# CONFIG_COMM is not set -CONFIG_CP=y -CONFIG_FEATURE_CP_LONG_OPTIONS=y -CONFIG_FEATURE_CP_REFLINK=y -CONFIG_CUT=y -CONFIG_DATE=y -CONFIG_FEATURE_DATE_ISOFMT=y -# CONFIG_FEATURE_DATE_NANO is not set -CONFIG_FEATURE_DATE_COMPAT=y -CONFIG_DD=y -# CONFIG_FEATURE_DD_SIGNAL_HANDLING is not set -# CONFIG_FEATURE_DD_THIRD_STATUS_LINE is not set -CONFIG_FEATURE_DD_IBS_OBS=y -CONFIG_FEATURE_DD_STATUS=y -CONFIG_DF=y -CONFIG_FEATURE_DF_FANCY=y -CONFIG_DIRNAME=y -# CONFIG_DOS2UNIX is not set -# CONFIG_UNIX2DOS is not set -CONFIG_DU=y -# CONFIG_FEATURE_DU_DEFAULT_BLOCKSIZE_1K is not set -CONFIG_ECHO=y -CONFIG_FEATURE_FANCY_ECHO=y -CONFIG_ENV=y -# CONFIG_EXPAND is not set -# CONFIG_UNEXPAND is not set -CONFIG_EXPR=y -# CONFIG_EXPR_MATH_SUPPORT_64 is not set -# CONFIG_FACTOR is not set -CONFIG_FALSE=y -# CONFIG_FOLD is not set -# CONFIG_FSYNC is not set -CONFIG_HEAD=y -CONFIG_FEATURE_FANCY_HEAD=y -# CONFIG_HOSTID is not set -# CONFIG_ID is not set -# CONFIG_GROUPS is not set -# CONFIG_INSTALL is not set -# CONFIG_FEATURE_INSTALL_LONG_OPTIONS is not set -# CONFIG_LINK is not set -CONFIG_LN=y -# CONFIG_LOGNAME is not set -CONFIG_LS=y -CONFIG_FEATURE_LS_FILETYPES=y -CONFIG_FEATURE_LS_FOLLOWLINKS=y -CONFIG_FEATURE_LS_RECURSIVE=y -CONFIG_FEATURE_LS_WIDTH=y -# CONFIG_FEATURE_LS_SORTFILES is not set -CONFIG_FEATURE_LS_TIMESTAMPS=y -# CONFIG_FEATURE_LS_USERNAME is not set -# CONFIG_FEATURE_LS_COLOR is not set -# CONFIG_FEATURE_LS_COLOR_IS_DEFAULT is not set -CONFIG_MD5SUM=y -CONFIG_SHA1SUM=y -CONFIG_SHA256SUM=y -CONFIG_SHA512SUM=y -CONFIG_SHA3SUM=y -# -# Common options for md5sum, sha1sum, sha256sum, sha512sum, sha3sum -# -CONFIG_FEATURE_MD5_SHA1_SUM_CHECK=y -CONFIG_MKDIR=y -# CONFIG_MKFIFO is not set -CONFIG_MKNOD=y -# CONFIG_MKTEMP is not set -CONFIG_MV=y -# CONFIG_NICE is not set -# CONFIG_NL is not set -# CONFIG_NOHUP is not set -# CONFIG_NPROC is not set -# CONFIG_OD is not set -# CONFIG_PASTE is not set -# CONFIG_PRINTENV is not set -# CONFIG_PRINTF is not set -CONFIG_PWD=y -# CONFIG_READLINK is not set -# CONFIG_FEATURE_READLINK_FOLLOW is not set -# CONFIG_REALPATH is not set -CONFIG_RM=y -CONFIG_RMDIR=y -# CONFIG_SEQ is not set -# CONFIG_SHRED is not set -CONFIG_SHUF=y -CONFIG_SLEEP=y -CONFIG_FEATURE_FANCY_SLEEP=y -# CONFIG_SORT is not set -# CONFIG_FEATURE_SORT_BIG is not set -# CONFIG_FEATURE_SORT_OPTIMIZE_MEMORY is not set -# CONFIG_SPLIT is not set -# CONFIG_FEATURE_SPLIT_FANCY is not set -# CONFIG_STAT is not set -# CONFIG_FEATURE_STAT_FORMAT is not set -# CONFIG_FEATURE_STAT_FILESYSTEM is not set -# CONFIG_STTY is not set -# CONFIG_SUM is not set -CONFIG_SYNC=y -# CONFIG_FEATURE_SYNC_FANCY is not set -# CONFIG_TAC is not set -CONFIG_TAIL=y -CONFIG_FEATURE_FANCY_TAIL=y -CONFIG_TEE=y -# CONFIG_FEATURE_TEE_USE_BLOCK_IO is not set -CONFIG_TEST=y -CONFIG_TEST1=y -CONFIG_TEST2=y -# CONFIG_FEATURE_TEST_64 is not set -# CONFIG_TIMEOUT is not set -# CONFIG_TOUCH is not set -# CONFIG_FEATURE_TOUCH_NODEREF is not set -# CONFIG_FEATURE_TOUCH_SUSV3 is not set -# CONFIG_TR is not set -# CONFIG_FEATURE_TR_CLASSES is not set -# CONFIG_FEATURE_TR_EQUIV is not set -CONFIG_TRUE=y -CONFIG_TRUNCATE=y -# CONFIG_TTY is not set -CONFIG_UNAME=y -CONFIG_UNAME_OSNAME="GNU/Linux" -# CONFIG_BB_ARCH is not set -# CONFIG_UNIQ is not set -CONFIG_UNLINK=y -# CONFIG_USLEEP is not set -# CONFIG_UUDECODE is not set -# CONFIG_BASE64 is not set -# CONFIG_UUENCODE is not set -# CONFIG_WC is not set -# CONFIG_FEATURE_WC_LARGE is not set -# CONFIG_WHO is not set -# CONFIG_W is not set -# CONFIG_USERS is not set -# CONFIG_WHOAMI is not set -CONFIG_YES=y -# -# Common options -# -CONFIG_FEATURE_VERBOSE=y -# -# Common options for cp and mv -# -CONFIG_FEATURE_PRESERVE_HARDLINKS=y -# -# Common options for df, du, ls -# -CONFIG_FEATURE_HUMAN_READABLE=y -# -# Console Utilities -# -CONFIG_CHVT=y -CONFIG_CLEAR=y -# CONFIG_DEALLOCVT is not set -# CONFIG_DUMPKMAP is not set -CONFIG_FGCONSOLE=y -# CONFIG_KBD_MODE is not set -# CONFIG_LOADFONT is not set -# CONFIG_SETFONT is not set -# CONFIG_FEATURE_SETFONT_TEXTUAL_MAP is not set -CONFIG_DEFAULT_SETFONT_DIR="" -# CONFIG_FEATURE_LOADFONT_PSF2 is not set -# CONFIG_FEATURE_LOADFONT_RAW is not set -# CONFIG_LOADKMAP is not set -# CONFIG_OPENVT is not set -CONFIG_RESET=y -# CONFIG_RESIZE is not set -# CONFIG_FEATURE_RESIZE_PRINT is not set -# CONFIG_SETCONSOLE is not set -# CONFIG_FEATURE_SETCONSOLE_LONG_OPTIONS is not set -CONFIG_SETKEYCODES=y -# CONFIG_SETLOGCONS is not set -# CONFIG_SHOWKEY is not set -# -# Debian Utilities -# -# CONFIG_PIPE_PROGRESS is not set -CONFIG_RUN_PARTS=y -CONFIG_FEATURE_RUN_PARTS_LONG_OPTIONS=y -# CONFIG_FEATURE_RUN_PARTS_FANCY is not set -# CONFIG_START_STOP_DAEMON is not set -# CONFIG_FEATURE_START_STOP_DAEMON_LONG_OPTIONS is not set -# CONFIG_FEATURE_START_STOP_DAEMON_FANCY is not set -# CONFIG_WHICH is not set -# -# klibc-utils -# -# CONFIG_MINIPS is not set -# CONFIG_NUKE is not set -# CONFIG_RESUME is not set -# CONFIG_RUN_INIT is not set -# -# Editors -# -# CONFIG_AWK is not set -# CONFIG_FEATURE_AWK_LIBM is not set -# CONFIG_FEATURE_AWK_GNU_EXTENSIONS is not set -# CONFIG_CMP is not set -# CONFIG_DIFF is not set -# CONFIG_FEATURE_DIFF_LONG_OPTIONS is not set -# CONFIG_FEATURE_DIFF_DIR is not set -# CONFIG_ED is not set -# CONFIG_PATCH is not set -# CONFIG_SED is not set -# CONFIG_VI is not set -CONFIG_FEATURE_VI_MAX_LEN=0 -# CONFIG_FEATURE_VI_8BIT is not set -# CONFIG_FEATURE_VI_COLON is not set -# CONFIG_FEATURE_VI_YANKMARK is not set -# CONFIG_FEATURE_VI_SEARCH is not set -# CONFIG_FEATURE_VI_REGEX_SEARCH is not set -# CONFIG_FEATURE_VI_USE_SIGNALS is not set -# CONFIG_FEATURE_VI_DOT_CMD is not set -# CONFIG_FEATURE_VI_READONLY is not set -# CONFIG_FEATURE_VI_SETOPTS is not set -# CONFIG_FEATURE_VI_SET is not set -# CONFIG_FEATURE_VI_WIN_RESIZE is not set -# CONFIG_FEATURE_VI_ASK_TERMINAL is not set -# CONFIG_FEATURE_VI_UNDO is not set -# CONFIG_FEATURE_VI_UNDO_QUEUE is not set -CONFIG_FEATURE_VI_UNDO_QUEUE_MAX=0 -# CONFIG_FEATURE_ALLOW_EXEC is not set -# -# Finding Utilities -# -# CONFIG_FIND is not set -# CONFIG_FEATURE_FIND_PRINT0 is not set -# CONFIG_FEATURE_FIND_MTIME is not set -# CONFIG_FEATURE_FIND_MMIN is not set -# CONFIG_FEATURE_FIND_PERM is not set -# CONFIG_FEATURE_FIND_TYPE is not set -# CONFIG_FEATURE_FIND_EXECUTABLE is not set -# CONFIG_FEATURE_FIND_XDEV is not set -# CONFIG_FEATURE_FIND_MAXDEPTH is not set -# CONFIG_FEATURE_FIND_NEWER is not set -# CONFIG_FEATURE_FIND_INUM is not set -# CONFIG_FEATURE_FIND_EXEC is not set -# CONFIG_FEATURE_FIND_EXEC_PLUS is not set -# CONFIG_FEATURE_FIND_USER is not set -# CONFIG_FEATURE_FIND_GROUP is not set -# CONFIG_FEATURE_FIND_NOT is not set -# CONFIG_FEATURE_FIND_DEPTH is not set -# CONFIG_FEATURE_FIND_PAREN is not set -# CONFIG_FEATURE_FIND_SIZE is not set -# CONFIG_FEATURE_FIND_PRUNE is not set -# CONFIG_FEATURE_FIND_QUIT is not set -# CONFIG_FEATURE_FIND_DELETE is not set -# CONFIG_FEATURE_FIND_PATH is not set -# CONFIG_FEATURE_FIND_REGEX is not set -# CONFIG_FEATURE_FIND_CONTEXT is not set -# CONFIG_FEATURE_FIND_LINKS is not set -# CONFIG_GREP is not set -CONFIG_EGREP=y -CONFIG_FGREP=y -# CONFIG_FEATURE_GREP_CONTEXT is not set -# CONFIG_XARGS is not set -# CONFIG_FEATURE_XARGS_SUPPORT_CONFIRMATION is not set -# CONFIG_FEATURE_XARGS_SUPPORT_QUOTES is not set -# CONFIG_FEATURE_XARGS_SUPPORT_TERMOPT is not set -# CONFIG_FEATURE_XARGS_SUPPORT_ZERO_TERM is not set -# CONFIG_FEATURE_XARGS_SUPPORT_REPL_STR is not set -# CONFIG_FEATURE_XARGS_SUPPORT_PARALLEL is not set -# CONFIG_FEATURE_XARGS_SUPPORT_ARGS_FILE is not set -# -# Init Utilities -# -# CONFIG_BOOTCHARTD is not set -# CONFIG_FEATURE_BOOTCHARTD_BLOATED_HEADER is not set -# CONFIG_FEATURE_BOOTCHARTD_CONFIG_FILE is not set -CONFIG_HALT=y -CONFIG_POWEROFF=y -CONFIG_REBOOT=y -CONFIG_FEATURE_WAIT_FOR_INIT=y -# CONFIG_FEATURE_CALL_TELINIT is not set -CONFIG_TELINIT_PATH="" -# CONFIG_INIT is not set -# CONFIG_LINUXRC is not set -# CONFIG_FEATURE_USE_INITTAB is not set -# CONFIG_FEATURE_KILL_REMOVED is not set -CONFIG_FEATURE_KILL_DELAY=0 -# CONFIG_FEATURE_INIT_SCTTY is not set -# CONFIG_FEATURE_INIT_SYSLOG is not set -# CONFIG_FEATURE_INIT_QUIET is not set -# CONFIG_FEATURE_INIT_COREDUMPS is not set -CONFIG_INIT_TERMINAL_TYPE="" -# CONFIG_FEATURE_INIT_MODIFY_CMDLINE is not set -# -# Login/Password Management Utilities -# -# CONFIG_FEATURE_SHADOWPASSWDS is not set -CONFIG_USE_BB_PWD_GRP=y -# CONFIG_USE_BB_SHADOW is not set -CONFIG_USE_BB_CRYPT=y -# CONFIG_USE_BB_CRYPT_SHA is not set -# CONFIG_ADD_SHELL is not set -# CONFIG_REMOVE_SHELL is not set -# CONFIG_ADDGROUP is not set -# CONFIG_FEATURE_ADDUSER_TO_GROUP is not set -# CONFIG_ADDUSER is not set -# CONFIG_FEATURE_CHECK_NAMES is not set -CONFIG_LAST_ID=0 -CONFIG_FIRST_SYSTEM_ID=0 -CONFIG_LAST_SYSTEM_ID=0 -# CONFIG_CHPASSWD is not set -CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="" -# CONFIG_CRYPTPW is not set -# CONFIG_MKPASSWD is not set -# CONFIG_DELUSER is not set -# CONFIG_DELGROUP is not set -# CONFIG_FEATURE_DEL_USER_FROM_GROUP is not set -# CONFIG_GETTY is not set -# CONFIG_LOGIN is not set -# CONFIG_LOGIN_SESSION_AS_CHILD is not set -# CONFIG_LOGIN_SCRIPTS is not set -# CONFIG_FEATURE_NOLOGIN is not set -# CONFIG_FEATURE_SECURETTY is not set -# CONFIG_PASSWD is not set -# CONFIG_FEATURE_PASSWD_WEAK_CHECK is not set -# CONFIG_SU is not set -# CONFIG_FEATURE_SU_SYSLOG is not set -# CONFIG_FEATURE_SU_CHECKS_SHELLS is not set -# CONFIG_FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY is not set -# CONFIG_SULOGIN is not set -# CONFIG_VLOCK is not set -# -# Linux Ext2 FS Progs -# -# CONFIG_CHATTR is not set -# CONFIG_FSCK is not set -# CONFIG_LSATTR is not set -# CONFIG_TUNE2FS is not set -# -# Linux Module Utilities -# -# CONFIG_MODPROBE_SMALL is not set -CONFIG_DEPMOD=y -CONFIG_INSMOD=y -CONFIG_LSMOD=y -# CONFIG_FEATURE_LSMOD_PRETTY_2_6_OUTPUT is not set -CONFIG_MODINFO=y -CONFIG_MODPROBE=y -CONFIG_FEATURE_MODPROBE_BLACKLIST=y -CONFIG_RMMOD=y -# -# Options common to multiple modutils -# -CONFIG_FEATURE_CMDLINE_MODULE_OPTIONS=y -# CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED is not set -# CONFIG_FEATURE_2_4_MODULES is not set -# CONFIG_FEATURE_INSMOD_VERSION_CHECKING is not set -# CONFIG_FEATURE_INSMOD_KSYMOOPS_SYMBOLS is not set -# CONFIG_FEATURE_INSMOD_LOADINKMEM is not set -# CONFIG_FEATURE_INSMOD_LOAD_MAP is not set -# CONFIG_FEATURE_INSMOD_LOAD_MAP_FULL is not set -CONFIG_FEATURE_CHECK_TAINTED_MODULE=y -# CONFIG_FEATURE_INSMOD_TRY_MMAP is not set -CONFIG_FEATURE_MODUTILS_ALIAS=y -CONFIG_FEATURE_MODUTILS_SYMBOLS=y -CONFIG_DEFAULT_MODULES_DIR="/lib/modules" -CONFIG_DEFAULT_DEPMOD_FILE="modules.dep" -# -# Linux System Utilities -# -# CONFIG_ACPID is not set -# CONFIG_FEATURE_ACPID_COMPAT is not set -# CONFIG_BLKDISCARD is not set -# CONFIG_BLKID is not set -# CONFIG_FEATURE_BLKID_TYPE is not set -CONFIG_BLOCKDEV=y -# CONFIG_CAL is not set -# CONFIG_CHRT is not set -CONFIG_DMESG=y -CONFIG_FEATURE_DMESG_PRETTY=y -CONFIG_EJECT=y -CONFIG_FEATURE_EJECT_SCSI=y -# CONFIG_FALLOCATE is not set -# CONFIG_FATATTR is not set -CONFIG_FBSET=y -CONFIG_FEATURE_FBSET_FANCY=y -CONFIG_FEATURE_FBSET_READMODE=y -# CONFIG_FDFORMAT is not set -CONFIG_FDISK=y -# CONFIG_FDISK_SUPPORT_LARGE_DISKS is not set -# CONFIG_FEATURE_FDISK_WRITABLE is not set -# CONFIG_FEATURE_AIX_LABEL is not set -# CONFIG_FEATURE_SGI_LABEL is not set -# CONFIG_FEATURE_SUN_LABEL is not set -# CONFIG_FEATURE_OSF_LABEL is not set -# CONFIG_FEATURE_GPT_LABEL is not set -# CONFIG_FEATURE_FDISK_ADVANCED is not set -# CONFIG_FINDFS is not set -# CONFIG_FLOCK is not set -# CONFIG_FDFLUSH is not set -# CONFIG_FREERAMDISK is not set -# CONFIG_FSCK_MINIX is not set -# CONFIG_FSFREEZE is not set -# CONFIG_FSTRIM is not set -# CONFIG_GETOPT is not set -# CONFIG_FEATURE_GETOPT_LONG is not set -# CONFIG_HEXDUMP is not set -# CONFIG_FEATURE_HEXDUMP_REVERSE is not set -# CONFIG_HD is not set -# CONFIG_XXD is not set -# CONFIG_HWCLOCK is not set -# CONFIG_FEATURE_HWCLOCK_ADJTIME_FHS is not set -# CONFIG_IONICE is not set -# CONFIG_IPCRM is not set -# CONFIG_IPCS is not set -# CONFIG_LAST is not set -# CONFIG_FEATURE_LAST_FANCY is not set -# CONFIG_LOSETUP is not set -# CONFIG_LSPCI is not set -# CONFIG_LSUSB is not set -CONFIG_MDEV=y -CONFIG_FEATURE_MDEV_CONF=y -CONFIG_FEATURE_MDEV_RENAME=y -CONFIG_FEATURE_MDEV_RENAME_REGEXP=y -CONFIG_FEATURE_MDEV_EXEC=y -CONFIG_FEATURE_MDEV_LOAD_FIRMWARE=y -# CONFIG_MESG is not set -# CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP is not set -# CONFIG_MKE2FS is not set -# CONFIG_MKFS_EXT2 is not set -# CONFIG_MKFS_MINIX is not set -# CONFIG_FEATURE_MINIX2 is not set -# CONFIG_MKFS_REISER is not set -# CONFIG_MKDOSFS is not set -# CONFIG_MKFS_VFAT is not set -# CONFIG_MKSWAP is not set -# CONFIG_FEATURE_MKSWAP_UUID is not set -# CONFIG_MORE is not set -CONFIG_MOUNT=y -CONFIG_FEATURE_MOUNT_FAKE=y -CONFIG_FEATURE_MOUNT_VERBOSE=y -# CONFIG_FEATURE_MOUNT_HELPERS is not set -CONFIG_FEATURE_MOUNT_LABEL=y -# CONFIG_FEATURE_MOUNT_NFS is not set -CONFIG_FEATURE_MOUNT_CIFS=y -CONFIG_FEATURE_MOUNT_FLAGS=y -CONFIG_FEATURE_MOUNT_FSTAB=y -CONFIG_FEATURE_MOUNT_OTHERTAB=y -# CONFIG_MOUNTPOINT is not set -# CONFIG_NOLOGIN is not set -# CONFIG_NOLOGIN_DEPENDENCIES is not set -# CONFIG_NSENTER is not set -# CONFIG_PIVOT_ROOT is not set -# CONFIG_RDATE is not set -# CONFIG_RDEV is not set -# CONFIG_READPROFILE is not set -# CONFIG_RENICE is not set -# CONFIG_REV is not set -# CONFIG_RTCWAKE is not set -# CONFIG_SCRIPT is not set -# CONFIG_SCRIPTREPLAY is not set -# CONFIG_SETARCH is not set -CONFIG_LINUX32=y -CONFIG_LINUX64=y -# CONFIG_SETPRIV is not set -# CONFIG_FEATURE_SETPRIV_DUMP is not set -# CONFIG_FEATURE_SETPRIV_CAPABILITIES is not set -# CONFIG_FEATURE_SETPRIV_CAPABILITY_NAMES is not set -# CONFIG_SETSID is not set -CONFIG_SWAPON=y -CONFIG_FEATURE_SWAPON_DISCARD=y -# CONFIG_FEATURE_SWAPON_PRI is not set -CONFIG_SWAPOFF=y -CONFIG_FEATURE_SWAPONOFF_LABEL=y -# CONFIG_SWITCH_ROOT is not set -# CONFIG_TASKSET is not set -# CONFIG_FEATURE_TASKSET_FANCY is not set -# CONFIG_UEVENT is not set -CONFIG_UMOUNT=y -CONFIG_FEATURE_UMOUNT_ALL=y -# CONFIG_UNSHARE is not set -# CONFIG_WALL is not set -# -# Common options for mount/umount -# -# CONFIG_FEATURE_MOUNT_LOOP is not set -# CONFIG_FEATURE_MOUNT_LOOP_CREATE is not set -# CONFIG_FEATURE_MTAB_SUPPORT is not set -CONFIG_VOLUMEID=y -# -# Filesystem/Volume identification -# -CONFIG_FEATURE_VOLUMEID_BCACHE=y -CONFIG_FEATURE_VOLUMEID_BTRFS=y -# CONFIG_FEATURE_VOLUMEID_CRAMFS is not set -CONFIG_FEATURE_VOLUMEID_EXFAT=y -# CONFIG_FEATURE_VOLUMEID_EXT is not set -CONFIG_FEATURE_VOLUMEID_F2FS=y -# CONFIG_FEATURE_VOLUMEID_FAT is not set -# CONFIG_FEATURE_VOLUMEID_HFS is not set -# CONFIG_FEATURE_VOLUMEID_ISO9660 is not set -# CONFIG_FEATURE_VOLUMEID_JFS is not set -# CONFIG_FEATURE_VOLUMEID_LFS is not set -# CONFIG_FEATURE_VOLUMEID_LINUXRAID is not set -# CONFIG_FEATURE_VOLUMEID_LINUXSWAP is not set -# CONFIG_FEATURE_VOLUMEID_LUKS is not set -# CONFIG_FEATURE_VOLUMEID_MINIX is not set -CONFIG_FEATURE_VOLUMEID_NILFS=y -# CONFIG_FEATURE_VOLUMEID_NTFS is not set -# CONFIG_FEATURE_VOLUMEID_OCFS2 is not set -# CONFIG_FEATURE_VOLUMEID_REISERFS is not set -# CONFIG_FEATURE_VOLUMEID_ROMFS is not set -# CONFIG_FEATURE_VOLUMEID_SQUASHFS is not set -# CONFIG_FEATURE_VOLUMEID_SYSV is not set -CONFIG_FEATURE_VOLUMEID_UBIFS=y -# CONFIG_FEATURE_VOLUMEID_UDF is not set -# CONFIG_FEATURE_VOLUMEID_XFS is not set -# -# Miscellaneous Utilities -# -# CONFIG_ADJTIMEX is not set -# CONFIG_BBCONFIG is not set -# CONFIG_FEATURE_COMPRESS_BBCONFIG is not set -# CONFIG_BC is not set -# CONFIG_DC is not set -# CONFIG_FEATURE_DC_BIG is not set -# CONFIG_FEATURE_DC_LIBM is not set -# CONFIG_FEATURE_BC_INTERACTIVE is not set -# CONFIG_FEATURE_BC_LONG_OPTIONS is not set -# CONFIG_BEEP is not set -CONFIG_FEATURE_BEEP_FREQ=0 -CONFIG_FEATURE_BEEP_LENGTH_MS=0 -# CONFIG_CHAT is not set -# CONFIG_FEATURE_CHAT_NOFAIL is not set -# CONFIG_FEATURE_CHAT_TTY_HIFI is not set -# CONFIG_FEATURE_CHAT_IMPLICIT_CR is not set -# CONFIG_FEATURE_CHAT_SWALLOW_OPTS is not set -# CONFIG_FEATURE_CHAT_SEND_ESCAPES is not set -# CONFIG_FEATURE_CHAT_VAR_ABORT_LEN is not set -# CONFIG_FEATURE_CHAT_CLR_ABORT is not set -# CONFIG_CONSPY is not set -# CONFIG_CROND is not set -# CONFIG_FEATURE_CROND_D is not set -# CONFIG_FEATURE_CROND_CALL_SENDMAIL is not set -# CONFIG_FEATURE_CROND_SPECIAL_TIMES is not set -CONFIG_FEATURE_CROND_DIR="" -# CONFIG_CRONTAB is not set -# CONFIG_DEVFSD is not set -# CONFIG_DEVFSD_MODLOAD is not set -# CONFIG_DEVFSD_FG_NP is not set -# CONFIG_DEVFSD_VERBOSE is not set -# CONFIG_FEATURE_DEVFS is not set -# CONFIG_DEVMEM is not set -# CONFIG_FBSPLASH is not set -# CONFIG_FLASH_ERASEALL is not set -# CONFIG_FLASH_LOCK is not set -# CONFIG_FLASH_UNLOCK is not set -# CONFIG_FLASHCP is not set -# CONFIG_HDPARM is not set -# CONFIG_FEATURE_HDPARM_GET_IDENTITY is not set -# CONFIG_FEATURE_HDPARM_HDIO_SCAN_HWIF is not set -# CONFIG_FEATURE_HDPARM_HDIO_UNREGISTER_HWIF is not set -# CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET is not set -# CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF is not set -# CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA is not set -# CONFIG_HEXEDIT is not set -# CONFIG_I2CGET is not set -# CONFIG_I2CSET is not set -# CONFIG_I2CDUMP is not set -# CONFIG_I2CDETECT is not set -# CONFIG_INOTIFYD is not set -# CONFIG_LESS is not set -CONFIG_FEATURE_LESS_MAXLINES=0 -# CONFIG_FEATURE_LESS_BRACKETS is not set -# CONFIG_FEATURE_LESS_FLAGS is not set -# CONFIG_FEATURE_LESS_TRUNCATE is not set -# CONFIG_FEATURE_LESS_MARKS is not set -# CONFIG_FEATURE_LESS_REGEXP is not set -# CONFIG_FEATURE_LESS_WINCH is not set -# CONFIG_FEATURE_LESS_ASK_TERMINAL is not set -# CONFIG_FEATURE_LESS_DASHCMD is not set -# CONFIG_FEATURE_LESS_LINENUMS is not set -# CONFIG_FEATURE_LESS_RAW is not set -# CONFIG_FEATURE_LESS_ENV is not set -# CONFIG_LSSCSI is not set -# CONFIG_MAKEDEVS is not set -# CONFIG_FEATURE_MAKEDEVS_LEAF is not set -# CONFIG_FEATURE_MAKEDEVS_TABLE is not set -# CONFIG_MAN is not set -# CONFIG_MICROCOM is not set -# CONFIG_MT is not set -# CONFIG_NANDWRITE is not set -# CONFIG_NANDDUMP is not set -# CONFIG_PARTPROBE is not set -# CONFIG_RAIDAUTORUN is not set -# CONFIG_READAHEAD is not set -# CONFIG_RFKILL is not set -# CONFIG_RUNLEVEL is not set -# CONFIG_RX is not set -# CONFIG_SETFATTR is not set -# CONFIG_SETSERIAL is not set -# CONFIG_STRINGS is not set -# CONFIG_TIME is not set -# CONFIG_TTYSIZE is not set -# CONFIG_UBIATTACH is not set -# CONFIG_UBIDETACH is not set -# CONFIG_UBIMKVOL is not set -# CONFIG_UBIRMVOL is not set -# CONFIG_UBIRSVOL is not set -# CONFIG_UBIUPDATEVOL is not set -# CONFIG_UBIRENAME is not set -# CONFIG_VOLNAME is not set -# CONFIG_WATCHDOG is not set -# -# Networking Utilities -# -CONFIG_FEATURE_IPV6=y -# CONFIG_FEATURE_UNIX_LOCAL is not set -CONFIG_FEATURE_PREFER_IPV4_ADDRESS=y -# CONFIG_VERBOSE_RESOLUTION_ERRORS is not set -# CONFIG_FEATURE_TLS_SHA1 is not set -# CONFIG_ARP is not set -# CONFIG_ARPING is not set -# CONFIG_BRCTL is not set -# CONFIG_FEATURE_BRCTL_FANCY is not set -# CONFIG_FEATURE_BRCTL_SHOW is not set -# CONFIG_DNSD is not set -# CONFIG_ETHER_WAKE is not set -# CONFIG_FTPD is not set -# CONFIG_FEATURE_FTPD_WRITE is not set -# CONFIG_FEATURE_FTPD_ACCEPT_BROKEN_LIST is not set -# CONFIG_FEATURE_FTPD_AUTHENTICATION is not set -CONFIG_FTPGET=y -# CONFIG_FTPPUT is not set -CONFIG_FEATURE_FTPGETPUT_LONG_OPTIONS=y -# CONFIG_HOSTNAME is not set -CONFIG_DNSDOMAINNAME=y -# CONFIG_HTTPD is not set -# CONFIG_FEATURE_HTTPD_RANGES is not set -# CONFIG_FEATURE_HTTPD_SETUID is not set -# CONFIG_FEATURE_HTTPD_BASIC_AUTH is not set -# CONFIG_FEATURE_HTTPD_AUTH_MD5 is not set -# CONFIG_FEATURE_HTTPD_CGI is not set -# CONFIG_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR is not set -# CONFIG_FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV is not set -# CONFIG_FEATURE_HTTPD_ENCODE_URL_STR is not set -# CONFIG_FEATURE_HTTPD_ERROR_PAGES is not set -# CONFIG_FEATURE_HTTPD_PROXY is not set -# CONFIG_FEATURE_HTTPD_GZIP is not set -# CONFIG_IFCONFIG is not set -# CONFIG_FEATURE_IFCONFIG_STATUS is not set -# CONFIG_FEATURE_IFCONFIG_SLIP is not set -# CONFIG_FEATURE_IFCONFIG_MEMSTART_IOADDR_IRQ is not set -# CONFIG_FEATURE_IFCONFIG_HW is not set -# CONFIG_FEATURE_IFCONFIG_BROADCAST_PLUS is not set -# CONFIG_IFENSLAVE is not set -# CONFIG_IFPLUGD is not set -# CONFIG_IFUP is not set -# CONFIG_IFDOWN is not set -CONFIG_IFUPDOWN_IFSTATE_PATH="" -# CONFIG_FEATURE_IFUPDOWN_IP is not set -# CONFIG_FEATURE_IFUPDOWN_IPV4 is not set -# CONFIG_FEATURE_IFUPDOWN_IPV6 is not set -# CONFIG_FEATURE_IFUPDOWN_MAPPING is not set -# CONFIG_FEATURE_IFUPDOWN_EXTERNAL_DHCP is not set -# CONFIG_INETD is not set -# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_ECHO is not set -# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DISCARD is not set -# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_TIME is not set -# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DAYTIME is not set -# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN is not set -# CONFIG_FEATURE_INETD_RPC is not set -CONFIG_IP=y -CONFIG_IPADDR=y -CONFIG_IPLINK=y -CONFIG_IPROUTE=y -# CONFIG_IPTUNNEL is not set -# CONFIG_IPRULE is not set -# CONFIG_IPNEIGH is not set -CONFIG_FEATURE_IP_ADDRESS=y -CONFIG_FEATURE_IP_LINK=y -CONFIG_FEATURE_IP_ROUTE=y -CONFIG_FEATURE_IP_ROUTE_DIR="/etc/iproute2" -# CONFIG_FEATURE_IP_TUNNEL is not set -# CONFIG_FEATURE_IP_RULE is not set -# CONFIG_FEATURE_IP_NEIGH is not set -# CONFIG_FEATURE_IP_RARE_PROTOCOLS is not set -# CONFIG_IPCALC is not set -# CONFIG_FEATURE_IPCALC_LONG_OPTIONS is not set -# CONFIG_FEATURE_IPCALC_FANCY is not set -# CONFIG_FAKEIDENTD is not set -# CONFIG_NAMEIF is not set -# CONFIG_FEATURE_NAMEIF_EXTENDED is not set -# CONFIG_NBDCLIENT is not set -# CONFIG_NC is not set -# CONFIG_NETCAT is not set -# CONFIG_NC_SERVER is not set -# CONFIG_NC_EXTRA is not set -# CONFIG_NC_110_COMPAT is not set -# CONFIG_NETSTAT is not set -# CONFIG_FEATURE_NETSTAT_WIDE is not set -# CONFIG_FEATURE_NETSTAT_PRG is not set -# CONFIG_NSLOOKUP is not set -# CONFIG_FEATURE_NSLOOKUP_BIG is not set -# CONFIG_FEATURE_NSLOOKUP_LONG_OPTIONS is not set -# CONFIG_NTPD is not set -# CONFIG_FEATURE_NTPD_SERVER is not set -# CONFIG_FEATURE_NTPD_CONF is not set -# CONFIG_FEATURE_NTP_AUTH is not set -CONFIG_PING=y -CONFIG_PING6=y -# CONFIG_FEATURE_FANCY_PING is not set -# CONFIG_PSCAN is not set -# CONFIG_ROUTE is not set -# CONFIG_SLATTACH is not set -# CONFIG_SSL_CLIENT is not set -# CONFIG_TC is not set -# CONFIG_FEATURE_TC_INGRESS is not set -# CONFIG_TCPSVD is not set -# CONFIG_UDPSVD is not set -# CONFIG_TELNET is not set -# CONFIG_FEATURE_TELNET_TTYPE is not set -# CONFIG_FEATURE_TELNET_AUTOLOGIN is not set -# CONFIG_FEATURE_TELNET_WIDTH is not set -# CONFIG_TELNETD is not set -# CONFIG_FEATURE_TELNETD_STANDALONE is not set -# CONFIG_FEATURE_TELNETD_INETD_WAIT is not set -# CONFIG_TFTP is not set -# CONFIG_FEATURE_TFTP_PROGRESS_BAR is not set -# CONFIG_TFTPD is not set -# CONFIG_FEATURE_TFTP_GET is not set -# CONFIG_FEATURE_TFTP_PUT is not set -# CONFIG_FEATURE_TFTP_BLOCKSIZE is not set -# CONFIG_TFTP_DEBUG is not set -# CONFIG_TLS is not set -# CONFIG_TRACEROUTE is not set -# CONFIG_TRACEROUTE6 is not set -# CONFIG_FEATURE_TRACEROUTE_VERBOSE is not set -# CONFIG_FEATURE_TRACEROUTE_USE_ICMP is not set -# CONFIG_TUNCTL is not set -# CONFIG_FEATURE_TUNCTL_UG is not set -# CONFIG_VCONFIG is not set -# CONFIG_WGET is not set -# CONFIG_FEATURE_WGET_LONG_OPTIONS is not set -# CONFIG_FEATURE_WGET_STATUSBAR is not set -# CONFIG_FEATURE_WGET_AUTHENTICATION is not set -# CONFIG_FEATURE_WGET_TIMEOUT is not set -# CONFIG_FEATURE_WGET_HTTPS is not set -# CONFIG_FEATURE_WGET_OPENSSL is not set -# CONFIG_WHOIS is not set -# CONFIG_ZCIP is not set -# CONFIG_UDHCPD is not set -# CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set -# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set -CONFIG_DHCPD_LEASES_FILE="" -# CONFIG_DUMPLEASES is not set -# CONFIG_DHCPRELAY is not set -# CONFIG_UDHCPC is not set -# CONFIG_FEATURE_UDHCPC_ARPING is not set -# CONFIG_FEATURE_UDHCPC_SANITIZEOPT is not set -CONFIG_UDHCPC_DEFAULT_SCRIPT="" -# CONFIG_UDHCPC6 is not set -# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set -# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set -# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set -# CONFIG_FEATURE_UDHCPC6_RFC5970 is not set -# CONFIG_FEATURE_UDHCP_PORT is not set -CONFIG_UDHCP_DEBUG=0 -CONFIG_UDHCPC_SLACK_FOR_BUGGY_SERVERS=0 -# CONFIG_FEATURE_UDHCP_RFC3397 is not set -# CONFIG_FEATURE_UDHCP_8021Q is not set -CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="" -# -# Print Utilities -# -# CONFIG_LPD is not set -# CONFIG_LPR is not set -# CONFIG_LPQ is not set -# -# Mail Utilities -# -# CONFIG_MAKEMIME is not set -# CONFIG_POPMAILDIR is not set -# CONFIG_FEATURE_POPMAILDIR_DELIVERY is not set -# CONFIG_REFORMIME is not set -# CONFIG_FEATURE_REFORMIME_COMPAT is not set -# CONFIG_SENDMAIL is not set -CONFIG_FEATURE_MIME_CHARSET="" -# -# Process Utilities -# -# CONFIG_FREE is not set -# CONFIG_FUSER is not set -# CONFIG_IOSTAT is not set -CONFIG_KILL=y -CONFIG_KILLALL=y -CONFIG_KILLALL5=y -# CONFIG_LSOF is not set -# CONFIG_MPSTAT is not set -# CONFIG_NMETER is not set -# CONFIG_PGREP is not set -# CONFIG_PKILL is not set -# CONFIG_PIDOF is not set -# CONFIG_FEATURE_PIDOF_SINGLE is not set -# CONFIG_FEATURE_PIDOF_OMIT is not set -# CONFIG_PMAP is not set -# CONFIG_POWERTOP is not set -# CONFIG_FEATURE_POWERTOP_INTERACTIVE is not set -CONFIG_PS=y -# CONFIG_FEATURE_PS_WIDE is not set -# CONFIG_FEATURE_PS_LONG is not set -CONFIG_FEATURE_PS_TIME=y -# CONFIG_FEATURE_PS_UNUSUAL_SYSTEMS is not set -CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS=y -# CONFIG_PSTREE is not set -# CONFIG_PWDX is not set -# CONFIG_SMEMCAP is not set -# CONFIG_BB_SYSCTL is not set -# CONFIG_TOP is not set -# CONFIG_FEATURE_TOP_INTERACTIVE is not set -# CONFIG_FEATURE_TOP_CPU_USAGE_PERCENTAGE is not set -# CONFIG_FEATURE_TOP_CPU_GLOBAL_PERCENTS is not set -# CONFIG_FEATURE_TOP_SMP_CPU is not set -# CONFIG_FEATURE_TOP_DECIMALS is not set -# CONFIG_FEATURE_TOP_SMP_PROCESS is not set -# CONFIG_FEATURE_TOPMEM is not set -# CONFIG_UPTIME is not set -# CONFIG_FEATURE_UPTIME_UTMP_SUPPORT is not set -# CONFIG_WATCH is not set -CONFIG_FEATURE_SHOW_THREADS=y -# -# Runit Utilities -# -# CONFIG_CHPST is not set -# CONFIG_SETUIDGID is not set -# CONFIG_ENVUIDGID is not set -# CONFIG_ENVDIR is not set -# CONFIG_SOFTLIMIT is not set -# CONFIG_RUNSV is not set -# CONFIG_RUNSVDIR is not set -# CONFIG_FEATURE_RUNSVDIR_LOG is not set -# CONFIG_SV is not set -CONFIG_SV_DEFAULT_SERVICE_DIR="" -# CONFIG_SVC is not set -# CONFIG_SVOK is not set -# CONFIG_SVLOGD is not set -# CONFIG_CHCON is not set -# CONFIG_GETENFORCE is not set -# CONFIG_GETSEBOOL is not set -# CONFIG_LOAD_POLICY is not set -# CONFIG_MATCHPATHCON is not set -# CONFIG_RUNCON is not set -# CONFIG_SELINUXENABLED is not set -# CONFIG_SESTATUS is not set -# CONFIG_SETENFORCE is not set -# CONFIG_SETFILES is not set -# CONFIG_FEATURE_SETFILES_CHECK_OPTION is not set -# CONFIG_RESTORECON is not set -# CONFIG_SETSEBOOL is not set -# -# Shells -# -CONFIG_SH_IS_ASH=y -# CONFIG_SH_IS_HUSH is not set -# CONFIG_SH_IS_NONE is not set -# CONFIG_BASH_IS_ASH is not set -# CONFIG_BASH_IS_HUSH is not set -CONFIG_BASH_IS_NONE=y -CONFIG_ASH=y -CONFIG_ASH_OPTIMIZE_FOR_SIZE=y -CONFIG_ASH_INTERNAL_GLOB=y -CONFIG_ASH_BASH_COMPAT=y -# CONFIG_ASH_BASH_SOURCE_CURDIR is not set -CONFIG_ASH_BASH_NOT_FOUND_HOOK=y -CONFIG_ASH_JOB_CONTROL=y -CONFIG_ASH_ALIAS=y -CONFIG_ASH_RANDOM_SUPPORT=y -CONFIG_ASH_EXPAND_PRMT=y -# CONFIG_ASH_IDLE_TIMEOUT is not set -# CONFIG_ASH_MAIL is not set -CONFIG_ASH_ECHO=y -CONFIG_ASH_PRINTF=y -CONFIG_ASH_TEST=y -CONFIG_ASH_HELP=y -CONFIG_ASH_GETOPTS=y -CONFIG_ASH_CMDCMD=y -# CONFIG_CTTYHACK is not set -# CONFIG_HUSH is not set -# CONFIG_HUSH_BASH_COMPAT is not set -# CONFIG_HUSH_BRACE_EXPANSION is not set -# CONFIG_HUSH_LINENO_VAR is not set -# CONFIG_HUSH_BASH_SOURCE_CURDIR is not set -# CONFIG_HUSH_INTERACTIVE is not set -# CONFIG_HUSH_SAVEHISTORY is not set -# CONFIG_HUSH_JOB is not set -# CONFIG_HUSH_TICK is not set -# CONFIG_HUSH_IF is not set -# CONFIG_HUSH_LOOPS is not set -# CONFIG_HUSH_CASE is not set -# CONFIG_HUSH_FUNCTIONS is not set -# CONFIG_HUSH_LOCAL is not set -# CONFIG_HUSH_RANDOM_SUPPORT is not set -# CONFIG_HUSH_MODE_X is not set -# CONFIG_HUSH_ECHO is not set -# CONFIG_HUSH_PRINTF is not set -# CONFIG_HUSH_TEST is not set -# CONFIG_HUSH_HELP is not set -# CONFIG_HUSH_EXPORT is not set -# CONFIG_HUSH_EXPORT_N is not set -# CONFIG_HUSH_READONLY is not set -# CONFIG_HUSH_KILL is not set -# CONFIG_HUSH_WAIT is not set -# CONFIG_HUSH_COMMAND is not set -# CONFIG_HUSH_TRAP is not set -# CONFIG_HUSH_TYPE is not set -# CONFIG_HUSH_TIMES is not set -# CONFIG_HUSH_READ is not set -# CONFIG_HUSH_SET is not set -# CONFIG_HUSH_UNSET is not set -# CONFIG_HUSH_ULIMIT is not set -# CONFIG_HUSH_UMASK is not set -# CONFIG_HUSH_GETOPTS is not set -# CONFIG_HUSH_MEMLEAK is not set -# -# Options common to all shells -# -CONFIG_FEATURE_SH_MATH=y -CONFIG_FEATURE_SH_MATH_64=y -CONFIG_FEATURE_SH_EXTRA_QUIET=y -# CONFIG_FEATURE_SH_STANDALONE is not set -# CONFIG_FEATURE_SH_NOFORK is not set -CONFIG_FEATURE_SH_READ_FRAC=y -# CONFIG_FEATURE_SH_HISTFILESIZE is not set -# CONFIG_FEATURE_SH_EMBEDDED_SCRIPTS is not set -# -# System Logging Utilities -# -# CONFIG_KLOGD is not set -# CONFIG_FEATURE_KLOGD_KLOGCTL is not set -# CONFIG_LOGGER is not set -# CONFIG_LOGREAD is not set -# CONFIG_FEATURE_LOGREAD_REDUCED_LOCKING is not set -# CONFIG_SYSLOGD is not set -# CONFIG_FEATURE_ROTATE_LOGFILE is not set -# CONFIG_FEATURE_REMOTE_LOG is not set -# CONFIG_FEATURE_SYSLOGD_DUP is not set -# CONFIG_FEATURE_SYSLOGD_CFG is not set -CONFIG_FEATURE_SYSLOGD_READ_BUFFER_SIZE=0 -# CONFIG_FEATURE_IPC_SYSLOG is not set -CONFIG_FEATURE_IPC_SYSLOG_BUFFER_SIZE=0 -# CONFIG_FEATURE_KMSG_SYSLOG is not set diff --git a/SPECS/busybox/busybox-static.config b/SPECS/busybox/busybox-static.config deleted file mode 100644 index c66d90ebfaf..00000000000 --- a/SPECS/busybox/busybox-static.config +++ /dev/null @@ -1,1147 +0,0 @@ -# -# Automatically generated make config: don't edit -# Busybox version: 1.30.1 -# Mon May 13 11:17:19 2019 -# -CONFIG_HAVE_DOT_CONFIG=y -# -# Settings -# -CONFIG_DESKTOP=y -CONFIG_EXTRA_COMPAT=y -CONFIG_FEDORA_COMPAT=y -CONFIG_INCLUDE_SUSv2=y -CONFIG_LONG_OPTS=y -CONFIG_SHOW_USAGE=y -CONFIG_FEATURE_VERBOSE_USAGE=y -CONFIG_FEATURE_COMPRESS_USAGE=y -CONFIG_LFS=y -# CONFIG_PAM is not set -CONFIG_FEATURE_DEVPTS=y -CONFIG_FEATURE_UTMP=y -CONFIG_FEATURE_WTMP=y -CONFIG_FEATURE_PIDFILE=y -CONFIG_PID_FILE_PATH="/var/run" -CONFIG_BUSYBOX=y -CONFIG_FEATURE_SHOW_SCRIPT=y -CONFIG_FEATURE_INSTALLER=y -# CONFIG_INSTALL_NO_USR is not set -CONFIG_FEATURE_SUID=y -CONFIG_FEATURE_SUID_CONFIG=y -CONFIG_FEATURE_SUID_CONFIG_QUIET=y -# CONFIG_FEATURE_PREFER_APPLETS is not set -CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe" -# CONFIG_SELINUX is not set -# CONFIG_FEATURE_CLEAN_UP is not set -CONFIG_PLATFORM_LINUX=y -# -# Build Options -# -CONFIG_STATIC=y -# CONFIG_PIE is not set -# CONFIG_NOMMU is not set -# CONFIG_BUILD_LIBBUSYBOX is not set -# CONFIG_FEATURE_LIBBUSYBOX_STATIC is not set -# CONFIG_FEATURE_INDIVIDUAL is not set -# CONFIG_FEATURE_SHARED_BUSYBOX is not set -CONFIG_CROSS_COMPILER_PREFIX="" -CONFIG_SYSROOT="" -CONFIG_EXTRA_CFLAGS="" -CONFIG_EXTRA_LDFLAGS="" -CONFIG_EXTRA_LDLIBS="" -# CONFIG_USE_PORTABLE_CODE is not set -CONFIG_STACK_OPTIMIZATION_386=y -# -# Installation Options ("make install" behavior) -# -CONFIG_INSTALL_APPLET_SYMLINKS=y -# CONFIG_INSTALL_APPLET_HARDLINKS is not set -# CONFIG_INSTALL_APPLET_SCRIPT_WRAPPERS is not set -# CONFIG_INSTALL_APPLET_DONT is not set -# CONFIG_INSTALL_SH_APPLET_SYMLINK is not set -# CONFIG_INSTALL_SH_APPLET_HARDLINK is not set -# CONFIG_INSTALL_SH_APPLET_SCRIPT_WRAPPER is not set -CONFIG_PREFIX="./_install" -# -# Debugging Options -# -# CONFIG_DEBUG is not set -# CONFIG_DEBUG_PESSIMIZE is not set -# CONFIG_DEBUG_SANITIZE is not set -# CONFIG_UNIT_TEST is not set -# CONFIG_WERROR is not set -CONFIG_NO_DEBUG_LIB=y -# CONFIG_DMALLOC is not set -# CONFIG_EFENCE is not set -# -# Library Tuning -# -# CONFIG_FEATURE_USE_BSS_TAIL is not set -CONFIG_FLOAT_DURATION=y -CONFIG_FEATURE_RTMINMAX=y -CONFIG_FEATURE_RTMINMAX_USE_LIBC_DEFINITIONS=y -CONFIG_FEATURE_BUFFERS_USE_MALLOC=y -# CONFIG_FEATURE_BUFFERS_GO_ON_STACK is not set -# CONFIG_FEATURE_BUFFERS_GO_IN_BSS is not set -CONFIG_PASSWORD_MINLEN=6 -CONFIG_MD5_SMALL=1 -CONFIG_SHA3_SMALL=1 -CONFIG_FEATURE_FAST_TOP=y -# CONFIG_FEATURE_ETC_NETWORKS is not set -# CONFIG_FEATURE_ETC_SERVICES is not set -CONFIG_FEATURE_EDITING=y -CONFIG_FEATURE_EDITING_MAX_LEN=1024 -CONFIG_FEATURE_EDITING_VI=y -CONFIG_FEATURE_EDITING_HISTORY=15 -CONFIG_FEATURE_EDITING_SAVEHISTORY=y -# CONFIG_FEATURE_EDITING_SAVE_ON_EXIT is not set -CONFIG_FEATURE_REVERSE_SEARCH=y -CONFIG_FEATURE_TAB_COMPLETION=y -# CONFIG_FEATURE_USERNAME_COMPLETION is not set -CONFIG_FEATURE_EDITING_FANCY_PROMPT=y -CONFIG_FEATURE_EDITING_WINCH=y -# CONFIG_FEATURE_EDITING_ASK_TERMINAL is not set -# CONFIG_LOCALE_SUPPORT is not set -CONFIG_UNICODE_SUPPORT=y -# CONFIG_UNICODE_USING_LOCALE is not set -CONFIG_FEATURE_CHECK_UNICODE_IN_ENV=y -CONFIG_SUBST_WCHAR=63 -CONFIG_LAST_SUPPORTED_WCHAR=767 -# CONFIG_UNICODE_COMBINING_WCHARS is not set -# CONFIG_UNICODE_WIDE_WCHARS is not set -# CONFIG_UNICODE_BIDI_SUPPORT is not set -# CONFIG_UNICODE_NEUTRAL_TABLE is not set -# CONFIG_UNICODE_PRESERVE_BROKEN is not set -CONFIG_FEATURE_NON_POSIX_CP=y -CONFIG_FEATURE_VERBOSE_CP_MESSAGE=y -CONFIG_FEATURE_USE_SENDFILE=y -CONFIG_FEATURE_COPYBUF_KB=4 -CONFIG_FEATURE_SKIP_ROOTFS=y -CONFIG_MONOTONIC_SYSCALL=y -CONFIG_IOCTL_HEX2STR_ERROR=y -CONFIG_FEATURE_HWIB=y -# -# Applets -# -# -# Archival Utilities -# -CONFIG_FEATURE_SEAMLESS_XZ=y -CONFIG_FEATURE_SEAMLESS_LZMA=y -CONFIG_FEATURE_SEAMLESS_BZ2=y -CONFIG_FEATURE_SEAMLESS_GZ=y -CONFIG_FEATURE_SEAMLESS_Z=y -CONFIG_AR=y -CONFIG_FEATURE_AR_LONG_FILENAMES=y -CONFIG_FEATURE_AR_CREATE=y -CONFIG_UNCOMPRESS=y -CONFIG_GUNZIP=y -CONFIG_ZCAT=y -CONFIG_FEATURE_GUNZIP_LONG_OPTIONS=y -CONFIG_BUNZIP2=y -CONFIG_BZCAT=y -CONFIG_UNLZMA=y -CONFIG_LZCAT=y -CONFIG_LZMA=y -CONFIG_UNXZ=y -CONFIG_XZCAT=y -CONFIG_XZ=y -CONFIG_BZIP2=y -CONFIG_BZIP2_SMALL=8 -CONFIG_FEATURE_BZIP2_DECOMPRESS=y -CONFIG_CPIO=y -CONFIG_FEATURE_CPIO_O=y -CONFIG_FEATURE_CPIO_P=y -CONFIG_DPKG=y -CONFIG_DPKG_DEB=y -CONFIG_GZIP=y -CONFIG_FEATURE_GZIP_LONG_OPTIONS=y -CONFIG_GZIP_FAST=0 -# CONFIG_FEATURE_GZIP_LEVELS is not set -CONFIG_FEATURE_GZIP_DECOMPRESS=y -CONFIG_LZOP=y -CONFIG_UNLZOP=y -CONFIG_LZOPCAT=y -# CONFIG_LZOP_COMPR_HIGH is not set -CONFIG_RPM=y -CONFIG_RPM2CPIO=y -CONFIG_TAR=y -CONFIG_FEATURE_TAR_LONG_OPTIONS=y -CONFIG_FEATURE_TAR_CREATE=y -CONFIG_FEATURE_TAR_AUTODETECT=y -CONFIG_FEATURE_TAR_FROM=y -CONFIG_FEATURE_TAR_OLDGNU_COMPATIBILITY=y -CONFIG_FEATURE_TAR_OLDSUN_COMPATIBILITY=y -CONFIG_FEATURE_TAR_GNU_EXTENSIONS=y -CONFIG_FEATURE_TAR_TO_COMMAND=y -CONFIG_FEATURE_TAR_UNAME_GNAME=y -CONFIG_FEATURE_TAR_NOPRESERVE_TIME=y -# CONFIG_FEATURE_TAR_SELINUX is not set -CONFIG_UNZIP=y -CONFIG_FEATURE_UNZIP_CDF=y -CONFIG_FEATURE_UNZIP_BZIP2=y -CONFIG_FEATURE_UNZIP_LZMA=y -CONFIG_FEATURE_UNZIP_XZ=y -CONFIG_FEATURE_LZMA_FAST=y -# -# Coreutils -# -CONFIG_BASENAME=y -CONFIG_CAT=y -CONFIG_FEATURE_CATN=y -CONFIG_FEATURE_CATV=y -CONFIG_CHGRP=y -CONFIG_CHMOD=y -CONFIG_CHOWN=y -CONFIG_FEATURE_CHOWN_LONG_OPTIONS=y -CONFIG_CHROOT=y -CONFIG_CKSUM=y -CONFIG_COMM=y -CONFIG_CP=y -CONFIG_FEATURE_CP_LONG_OPTIONS=y -CONFIG_FEATURE_CP_REFLINK=y -CONFIG_CUT=y -CONFIG_DATE=y -CONFIG_FEATURE_DATE_ISOFMT=y -# CONFIG_FEATURE_DATE_NANO is not set -CONFIG_FEATURE_DATE_COMPAT=y -CONFIG_DD=y -CONFIG_FEATURE_DD_SIGNAL_HANDLING=y -CONFIG_FEATURE_DD_THIRD_STATUS_LINE=y -CONFIG_FEATURE_DD_IBS_OBS=y -CONFIG_FEATURE_DD_STATUS=y -CONFIG_DF=y -CONFIG_FEATURE_DF_FANCY=y -CONFIG_DIRNAME=y -CONFIG_DOS2UNIX=y -CONFIG_UNIX2DOS=y -CONFIG_DU=y -CONFIG_FEATURE_DU_DEFAULT_BLOCKSIZE_1K=y -CONFIG_ECHO=y -CONFIG_FEATURE_FANCY_ECHO=y -CONFIG_ENV=y -CONFIG_EXPAND=y -CONFIG_UNEXPAND=y -CONFIG_EXPR=y -CONFIG_EXPR_MATH_SUPPORT_64=y -CONFIG_FACTOR=y -CONFIG_FALSE=y -CONFIG_FOLD=y -CONFIG_FSYNC=y -CONFIG_HEAD=y -CONFIG_FEATURE_FANCY_HEAD=y -CONFIG_HOSTID=y -CONFIG_ID=y -CONFIG_GROUPS=y -CONFIG_INSTALL=y -CONFIG_FEATURE_INSTALL_LONG_OPTIONS=y -CONFIG_LINK=y -CONFIG_LN=y -CONFIG_LOGNAME=y -CONFIG_LS=y -CONFIG_FEATURE_LS_FILETYPES=y -CONFIG_FEATURE_LS_FOLLOWLINKS=y -CONFIG_FEATURE_LS_RECURSIVE=y -CONFIG_FEATURE_LS_WIDTH=y -CONFIG_FEATURE_LS_SORTFILES=y -CONFIG_FEATURE_LS_TIMESTAMPS=y -CONFIG_FEATURE_LS_USERNAME=y -CONFIG_FEATURE_LS_COLOR=y -CONFIG_FEATURE_LS_COLOR_IS_DEFAULT=y -CONFIG_MD5SUM=y -CONFIG_SHA1SUM=y -CONFIG_SHA256SUM=y -CONFIG_SHA512SUM=y -CONFIG_SHA3SUM=y -# -# Common options for md5sum, sha1sum, sha256sum, sha512sum, sha3sum -# -CONFIG_FEATURE_MD5_SHA1_SUM_CHECK=y -CONFIG_MKDIR=y -CONFIG_MKFIFO=y -CONFIG_MKNOD=y -CONFIG_MKTEMP=y -CONFIG_MV=y -CONFIG_NICE=y -CONFIG_NL=y -CONFIG_NOHUP=y -CONFIG_NPROC=y -CONFIG_OD=y -CONFIG_PASTE=y -CONFIG_PRINTENV=y -CONFIG_PRINTF=y -CONFIG_PWD=y -CONFIG_READLINK=y -CONFIG_FEATURE_READLINK_FOLLOW=y -CONFIG_REALPATH=y -CONFIG_RM=y -CONFIG_RMDIR=y -CONFIG_SEQ=y -CONFIG_SHRED=y -CONFIG_SHUF=y -CONFIG_SLEEP=y -CONFIG_FEATURE_FANCY_SLEEP=y -CONFIG_SORT=y -CONFIG_FEATURE_SORT_BIG=y -# CONFIG_FEATURE_SORT_OPTIMIZE_MEMORY is not set -CONFIG_SPLIT=y -CONFIG_FEATURE_SPLIT_FANCY=y -CONFIG_STAT=y -CONFIG_FEATURE_STAT_FORMAT=y -CONFIG_FEATURE_STAT_FILESYSTEM=y -CONFIG_STTY=y -CONFIG_SUM=y -CONFIG_SYNC=y -# CONFIG_FEATURE_SYNC_FANCY is not set -CONFIG_TAC=y -CONFIG_TAIL=y -CONFIG_FEATURE_FANCY_TAIL=y -CONFIG_TEE=y -CONFIG_FEATURE_TEE_USE_BLOCK_IO=y -CONFIG_TEST=y -CONFIG_TEST1=y -CONFIG_TEST2=y -CONFIG_FEATURE_TEST_64=y -CONFIG_TIMEOUT=y -CONFIG_TOUCH=y -CONFIG_FEATURE_TOUCH_NODEREF=y -CONFIG_FEATURE_TOUCH_SUSV3=y -CONFIG_TR=y -CONFIG_FEATURE_TR_CLASSES=y -CONFIG_FEATURE_TR_EQUIV=y -CONFIG_TRUE=y -CONFIG_TRUNCATE=y -CONFIG_TTY=y -CONFIG_UNAME=y -CONFIG_UNAME_OSNAME="GNU/Linux" -CONFIG_BB_ARCH=y -CONFIG_UNIQ=y -CONFIG_UNLINK=y -CONFIG_USLEEP=y -CONFIG_UUDECODE=y -CONFIG_BASE64=y -CONFIG_UUENCODE=y -CONFIG_WC=y -CONFIG_FEATURE_WC_LARGE=y -CONFIG_WHO=y -CONFIG_W=y -CONFIG_USERS=y -CONFIG_WHOAMI=y -CONFIG_YES=y -# -# Common options -# -CONFIG_FEATURE_VERBOSE=y -# -# Common options for cp and mv -# -CONFIG_FEATURE_PRESERVE_HARDLINKS=y -# -# Common options for df, du, ls -# -CONFIG_FEATURE_HUMAN_READABLE=y -# -# Console Utilities -# -CONFIG_CHVT=y -CONFIG_CLEAR=y -CONFIG_DEALLOCVT=y -CONFIG_DUMPKMAP=y -CONFIG_FGCONSOLE=y -CONFIG_KBD_MODE=y -CONFIG_LOADFONT=y -CONFIG_SETFONT=y -CONFIG_FEATURE_SETFONT_TEXTUAL_MAP=y -CONFIG_DEFAULT_SETFONT_DIR="" -# -# Common options for loadfont and setfont -# -CONFIG_FEATURE_LOADFONT_PSF2=y -CONFIG_FEATURE_LOADFONT_RAW=y -CONFIG_LOADKMAP=y -CONFIG_OPENVT=y -CONFIG_RESET=y -CONFIG_RESIZE=y -CONFIG_FEATURE_RESIZE_PRINT=y -CONFIG_SETCONSOLE=y -CONFIG_FEATURE_SETCONSOLE_LONG_OPTIONS=y -CONFIG_SETKEYCODES=y -CONFIG_SETLOGCONS=y -CONFIG_SHOWKEY=y -# -# Debian Utilities -# -CONFIG_PIPE_PROGRESS=y -CONFIG_RUN_PARTS=y -CONFIG_FEATURE_RUN_PARTS_LONG_OPTIONS=y -CONFIG_FEATURE_RUN_PARTS_FANCY=y -CONFIG_START_STOP_DAEMON=y -CONFIG_FEATURE_START_STOP_DAEMON_LONG_OPTIONS=y -CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y -CONFIG_WHICH=y -# -# klibc-utils -# -# CONFIG_MINIPS is not set -# CONFIG_NUKE is not set -CONFIG_RESUME=y -CONFIG_RUN_INIT=y -# -# Editors -# -CONFIG_AWK=y -CONFIG_FEATURE_AWK_LIBM=y -CONFIG_FEATURE_AWK_GNU_EXTENSIONS=y -CONFIG_CMP=y -CONFIG_DIFF=y -CONFIG_FEATURE_DIFF_LONG_OPTIONS=y -CONFIG_FEATURE_DIFF_DIR=y -CONFIG_ED=y -CONFIG_PATCH=y -CONFIG_SED=y -CONFIG_VI=y -CONFIG_FEATURE_VI_MAX_LEN=4096 -CONFIG_FEATURE_VI_8BIT=y -CONFIG_FEATURE_VI_COLON=y -CONFIG_FEATURE_VI_YANKMARK=y -CONFIG_FEATURE_VI_SEARCH=y -CONFIG_FEATURE_VI_REGEX_SEARCH=y -CONFIG_FEATURE_VI_USE_SIGNALS=y -CONFIG_FEATURE_VI_DOT_CMD=y -CONFIG_FEATURE_VI_READONLY=y -CONFIG_FEATURE_VI_SETOPTS=y -CONFIG_FEATURE_VI_SET=y -CONFIG_FEATURE_VI_WIN_RESIZE=y -CONFIG_FEATURE_VI_ASK_TERMINAL=y -CONFIG_FEATURE_VI_UNDO=y -CONFIG_FEATURE_VI_UNDO_QUEUE=y -CONFIG_FEATURE_VI_UNDO_QUEUE_MAX=256 -CONFIG_FEATURE_ALLOW_EXEC=y -# -# Finding Utilities -# -CONFIG_FIND=y -CONFIG_FEATURE_FIND_PRINT0=y -CONFIG_FEATURE_FIND_MTIME=y -CONFIG_FEATURE_FIND_MMIN=y -CONFIG_FEATURE_FIND_PERM=y -CONFIG_FEATURE_FIND_TYPE=y -CONFIG_FEATURE_FIND_EXECUTABLE=y -CONFIG_FEATURE_FIND_XDEV=y -CONFIG_FEATURE_FIND_MAXDEPTH=y -CONFIG_FEATURE_FIND_NEWER=y -CONFIG_FEATURE_FIND_INUM=y -CONFIG_FEATURE_FIND_EXEC=y -CONFIG_FEATURE_FIND_EXEC_PLUS=y -CONFIG_FEATURE_FIND_USER=y -CONFIG_FEATURE_FIND_GROUP=y -CONFIG_FEATURE_FIND_NOT=y -CONFIG_FEATURE_FIND_DEPTH=y -CONFIG_FEATURE_FIND_PAREN=y -CONFIG_FEATURE_FIND_SIZE=y -CONFIG_FEATURE_FIND_PRUNE=y -CONFIG_FEATURE_FIND_QUIT=y -CONFIG_FEATURE_FIND_DELETE=y -CONFIG_FEATURE_FIND_PATH=y -CONFIG_FEATURE_FIND_REGEX=y -# CONFIG_FEATURE_FIND_CONTEXT is not set -CONFIG_FEATURE_FIND_LINKS=y -CONFIG_GREP=y -CONFIG_EGREP=y -CONFIG_FGREP=y -CONFIG_FEATURE_GREP_CONTEXT=y -CONFIG_XARGS=y -CONFIG_FEATURE_XARGS_SUPPORT_CONFIRMATION=y -CONFIG_FEATURE_XARGS_SUPPORT_QUOTES=y -CONFIG_FEATURE_XARGS_SUPPORT_TERMOPT=y -CONFIG_FEATURE_XARGS_SUPPORT_ZERO_TERM=y -CONFIG_FEATURE_XARGS_SUPPORT_REPL_STR=y -CONFIG_FEATURE_XARGS_SUPPORT_PARALLEL=y -CONFIG_FEATURE_XARGS_SUPPORT_ARGS_FILE=y -# -# Init Utilities -# -CONFIG_BOOTCHARTD=y -CONFIG_FEATURE_BOOTCHARTD_BLOATED_HEADER=y -CONFIG_FEATURE_BOOTCHARTD_CONFIG_FILE=y -CONFIG_HALT=y -CONFIG_POWEROFF=y -CONFIG_REBOOT=y -CONFIG_FEATURE_WAIT_FOR_INIT=y -# CONFIG_FEATURE_CALL_TELINIT is not set -CONFIG_TELINIT_PATH="" -CONFIG_INIT=y -CONFIG_LINUXRC=y -CONFIG_FEATURE_USE_INITTAB=y -# CONFIG_FEATURE_KILL_REMOVED is not set -CONFIG_FEATURE_KILL_DELAY=0 -CONFIG_FEATURE_INIT_SCTTY=y -CONFIG_FEATURE_INIT_SYSLOG=y -CONFIG_FEATURE_INIT_QUIET=y -CONFIG_FEATURE_INIT_COREDUMPS=y -CONFIG_INIT_TERMINAL_TYPE="linux" -CONFIG_FEATURE_INIT_MODIFY_CMDLINE=y -# -# Login/Password Management Utilities -# -CONFIG_FEATURE_SHADOWPASSWDS=y -CONFIG_USE_BB_PWD_GRP=y -CONFIG_USE_BB_SHADOW=y -CONFIG_USE_BB_CRYPT=y -CONFIG_USE_BB_CRYPT_SHA=y -CONFIG_ADD_SHELL=y -CONFIG_REMOVE_SHELL=y -CONFIG_ADDGROUP=y -CONFIG_FEATURE_ADDUSER_TO_GROUP=y -CONFIG_ADDUSER=y -# CONFIG_FEATURE_CHECK_NAMES is not set -CONFIG_LAST_ID=60000 -CONFIG_FIRST_SYSTEM_ID=100 -CONFIG_LAST_SYSTEM_ID=999 -CONFIG_CHPASSWD=y -CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="des" -CONFIG_CRYPTPW=y -CONFIG_MKPASSWD=y -CONFIG_DELUSER=y -CONFIG_DELGROUP=y -CONFIG_FEATURE_DEL_USER_FROM_GROUP=y -CONFIG_GETTY=y -CONFIG_LOGIN=y -# CONFIG_LOGIN_SESSION_AS_CHILD is not set -CONFIG_LOGIN_SCRIPTS=y -CONFIG_FEATURE_NOLOGIN=y -CONFIG_FEATURE_SECURETTY=y -CONFIG_PASSWD=y -CONFIG_FEATURE_PASSWD_WEAK_CHECK=y -CONFIG_SU=y -CONFIG_FEATURE_SU_SYSLOG=y -CONFIG_FEATURE_SU_CHECKS_SHELLS=y -# CONFIG_FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY is not set -CONFIG_SULOGIN=y -CONFIG_VLOCK=y -# -# Linux Ext2 FS Progs -# -CONFIG_CHATTR=y -CONFIG_FSCK=y -CONFIG_LSATTR=y -# CONFIG_TUNE2FS is not set -# -# Linux Module Utilities -# -# CONFIG_MODPROBE_SMALL is not set -CONFIG_DEPMOD=y -CONFIG_INSMOD=y -CONFIG_LSMOD=y -CONFIG_FEATURE_LSMOD_PRETTY_2_6_OUTPUT=y -CONFIG_MODINFO=y -CONFIG_MODPROBE=y -CONFIG_FEATURE_MODPROBE_BLACKLIST=y -CONFIG_RMMOD=y -# -# Options common to multiple modutils -# -CONFIG_FEATURE_CMDLINE_MODULE_OPTIONS=y -# CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED is not set -# CONFIG_FEATURE_2_4_MODULES is not set -# CONFIG_FEATURE_INSMOD_VERSION_CHECKING is not set -# CONFIG_FEATURE_INSMOD_KSYMOOPS_SYMBOLS is not set -# CONFIG_FEATURE_INSMOD_LOADINKMEM is not set -# CONFIG_FEATURE_INSMOD_LOAD_MAP is not set -# CONFIG_FEATURE_INSMOD_LOAD_MAP_FULL is not set -CONFIG_FEATURE_CHECK_TAINTED_MODULE=y -# CONFIG_FEATURE_INSMOD_TRY_MMAP is not set -CONFIG_FEATURE_MODUTILS_ALIAS=y -CONFIG_FEATURE_MODUTILS_SYMBOLS=y -CONFIG_DEFAULT_MODULES_DIR="/lib/modules" -CONFIG_DEFAULT_DEPMOD_FILE="modules.dep" -# -# Linux System Utilities -# -CONFIG_ACPID=y -CONFIG_FEATURE_ACPID_COMPAT=y -CONFIG_BLKDISCARD=y -CONFIG_BLKID=y -CONFIG_FEATURE_BLKID_TYPE=y -CONFIG_BLOCKDEV=y -CONFIG_CAL=y -CONFIG_CHRT=y -CONFIG_DMESG=y -CONFIG_FEATURE_DMESG_PRETTY=y -CONFIG_EJECT=y -CONFIG_FEATURE_EJECT_SCSI=y -# CONFIG_FALLOCATE is not set -CONFIG_FATATTR=y -CONFIG_FBSET=y -CONFIG_FEATURE_FBSET_FANCY=y -CONFIG_FEATURE_FBSET_READMODE=y -CONFIG_FDFORMAT=y -CONFIG_FDISK=y -CONFIG_FDISK_SUPPORT_LARGE_DISKS=y -CONFIG_FEATURE_FDISK_WRITABLE=y -# CONFIG_FEATURE_AIX_LABEL is not set -# CONFIG_FEATURE_SGI_LABEL is not set -# CONFIG_FEATURE_SUN_LABEL is not set -# CONFIG_FEATURE_OSF_LABEL is not set -# CONFIG_FEATURE_GPT_LABEL is not set -CONFIG_FEATURE_FDISK_ADVANCED=y -CONFIG_FINDFS=y -CONFIG_FLOCK=y -CONFIG_FDFLUSH=y -CONFIG_FREERAMDISK=y -CONFIG_FSCK_MINIX=y -CONFIG_FSFREEZE=y -CONFIG_FSTRIM=y -CONFIG_GETOPT=y -CONFIG_FEATURE_GETOPT_LONG=y -CONFIG_HEXDUMP=y -CONFIG_FEATURE_HEXDUMP_REVERSE=y -CONFIG_HD=y -CONFIG_XXD=y -CONFIG_HWCLOCK=y -CONFIG_FEATURE_HWCLOCK_ADJTIME_FHS=y -CONFIG_IONICE=y -CONFIG_IPCRM=y -CONFIG_IPCS=y -CONFIG_LAST=y -CONFIG_FEATURE_LAST_FANCY=y -CONFIG_LOSETUP=y -CONFIG_LSPCI=y -CONFIG_LSUSB=y -CONFIG_MDEV=y -CONFIG_FEATURE_MDEV_CONF=y -CONFIG_FEATURE_MDEV_RENAME=y -CONFIG_FEATURE_MDEV_RENAME_REGEXP=y -CONFIG_FEATURE_MDEV_EXEC=y -CONFIG_FEATURE_MDEV_LOAD_FIRMWARE=y -CONFIG_MESG=y -CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y -CONFIG_MKE2FS=y -CONFIG_MKFS_EXT2=y -CONFIG_MKFS_MINIX=y -CONFIG_FEATURE_MINIX2=y -# CONFIG_MKFS_REISER is not set -CONFIG_MKDOSFS=y -CONFIG_MKFS_VFAT=y -CONFIG_MKSWAP=y -CONFIG_FEATURE_MKSWAP_UUID=y -CONFIG_MORE=y -CONFIG_MOUNT=y -CONFIG_FEATURE_MOUNT_FAKE=y -CONFIG_FEATURE_MOUNT_VERBOSE=y -# CONFIG_FEATURE_MOUNT_HELPERS is not set -CONFIG_FEATURE_MOUNT_LABEL=y -# CONFIG_FEATURE_MOUNT_NFS is not set -CONFIG_FEATURE_MOUNT_CIFS=y -CONFIG_FEATURE_MOUNT_FLAGS=y -CONFIG_FEATURE_MOUNT_FSTAB=y -CONFIG_FEATURE_MOUNT_OTHERTAB=y -CONFIG_MOUNTPOINT=y -CONFIG_NOLOGIN=y -CONFIG_NOLOGIN_DEPENDENCIES=y -# CONFIG_NSENTER is not set -CONFIG_PIVOT_ROOT=y -CONFIG_RDATE=y -CONFIG_RDEV=y -CONFIG_READPROFILE=y -CONFIG_RENICE=y -CONFIG_REV=y -CONFIG_RTCWAKE=y -CONFIG_SCRIPT=y -CONFIG_SCRIPTREPLAY=y -CONFIG_SETARCH=y -CONFIG_LINUX32=y -CONFIG_LINUX64=y -CONFIG_SETPRIV=y -CONFIG_FEATURE_SETPRIV_DUMP=y -CONFIG_FEATURE_SETPRIV_CAPABILITIES=y -CONFIG_FEATURE_SETPRIV_CAPABILITY_NAMES=y -CONFIG_SETSID=y -CONFIG_SWAPON=y -CONFIG_FEATURE_SWAPON_DISCARD=y -CONFIG_FEATURE_SWAPON_PRI=y -CONFIG_SWAPOFF=y -CONFIG_FEATURE_SWAPONOFF_LABEL=y -CONFIG_SWITCH_ROOT=y -# CONFIG_TASKSET is not set -# CONFIG_FEATURE_TASKSET_FANCY is not set -CONFIG_UEVENT=y -CONFIG_UMOUNT=y -CONFIG_FEATURE_UMOUNT_ALL=y -CONFIG_UNSHARE=y -CONFIG_WALL=y -# -# Common options for mount/umount -# -CONFIG_FEATURE_MOUNT_LOOP=y -CONFIG_FEATURE_MOUNT_LOOP_CREATE=y -# CONFIG_FEATURE_MTAB_SUPPORT is not set -CONFIG_VOLUMEID=y -# -# Filesystem/Volume identification -# -CONFIG_FEATURE_VOLUMEID_BCACHE=y -CONFIG_FEATURE_VOLUMEID_BTRFS=y -CONFIG_FEATURE_VOLUMEID_CRAMFS=y -CONFIG_FEATURE_VOLUMEID_EXFAT=y -CONFIG_FEATURE_VOLUMEID_EXT=y -CONFIG_FEATURE_VOLUMEID_F2FS=y -CONFIG_FEATURE_VOLUMEID_FAT=y -CONFIG_FEATURE_VOLUMEID_HFS=y -CONFIG_FEATURE_VOLUMEID_ISO9660=y -CONFIG_FEATURE_VOLUMEID_JFS=y -CONFIG_FEATURE_VOLUMEID_LFS=y -CONFIG_FEATURE_VOLUMEID_LINUXRAID=y -CONFIG_FEATURE_VOLUMEID_LINUXSWAP=y -CONFIG_FEATURE_VOLUMEID_LUKS=y -CONFIG_FEATURE_VOLUMEID_MINIX=y -CONFIG_FEATURE_VOLUMEID_NILFS=y -CONFIG_FEATURE_VOLUMEID_NTFS=y -CONFIG_FEATURE_VOLUMEID_OCFS2=y -CONFIG_FEATURE_VOLUMEID_REISERFS=y -CONFIG_FEATURE_VOLUMEID_ROMFS=y -CONFIG_FEATURE_VOLUMEID_SQUASHFS=y -CONFIG_FEATURE_VOLUMEID_SYSV=y -CONFIG_FEATURE_VOLUMEID_UBIFS=y -CONFIG_FEATURE_VOLUMEID_UDF=y -CONFIG_FEATURE_VOLUMEID_XFS=y -# -# Miscellaneous Utilities -# -CONFIG_ADJTIMEX=y -CONFIG_BBCONFIG=y -CONFIG_FEATURE_COMPRESS_BBCONFIG=y -CONFIG_BC=y -CONFIG_DC=y -CONFIG_FEATURE_DC_BIG=y -# CONFIG_FEATURE_DC_LIBM is not set -CONFIG_FEATURE_BC_INTERACTIVE=y -CONFIG_FEATURE_BC_LONG_OPTIONS=y -CONFIG_BEEP=y -CONFIG_FEATURE_BEEP_FREQ=4000 -CONFIG_FEATURE_BEEP_LENGTH_MS=30 -CONFIG_CHAT=y -CONFIG_FEATURE_CHAT_NOFAIL=y -CONFIG_FEATURE_CHAT_TTY_HIFI=y -CONFIG_FEATURE_CHAT_IMPLICIT_CR=y -CONFIG_FEATURE_CHAT_SWALLOW_OPTS=y -CONFIG_FEATURE_CHAT_SEND_ESCAPES=y -CONFIG_FEATURE_CHAT_VAR_ABORT_LEN=y -CONFIG_FEATURE_CHAT_CLR_ABORT=y -CONFIG_CONSPY=y -CONFIG_CROND=y -CONFIG_FEATURE_CROND_D=y -CONFIG_FEATURE_CROND_CALL_SENDMAIL=y -CONFIG_FEATURE_CROND_SPECIAL_TIMES=y -CONFIG_FEATURE_CROND_DIR="/var/spool/cron" -CONFIG_CRONTAB=y -# CONFIG_DEVFSD is not set -# CONFIG_DEVFSD_MODLOAD is not set -# CONFIG_DEVFSD_FG_NP is not set -# CONFIG_DEVFSD_VERBOSE is not set -# CONFIG_FEATURE_DEVFS is not set -CONFIG_DEVMEM=y -CONFIG_FBSPLASH=y -# CONFIG_FLASH_ERASEALL is not set -# CONFIG_FLASH_LOCK is not set -# CONFIG_FLASH_UNLOCK is not set -# CONFIG_FLASHCP is not set -CONFIG_HDPARM=y -CONFIG_FEATURE_HDPARM_GET_IDENTITY=y -CONFIG_FEATURE_HDPARM_HDIO_SCAN_HWIF=y -CONFIG_FEATURE_HDPARM_HDIO_UNREGISTER_HWIF=y -CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET=y -CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF=y -CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA=y -CONFIG_HEXEDIT=y -CONFIG_I2CGET=y -CONFIG_I2CSET=y -CONFIG_I2CDUMP=y -CONFIG_I2CDETECT=y -# CONFIG_INOTIFYD is not set -CONFIG_LESS=y -CONFIG_FEATURE_LESS_MAXLINES=9999999 -CONFIG_FEATURE_LESS_BRACKETS=y -CONFIG_FEATURE_LESS_FLAGS=y -CONFIG_FEATURE_LESS_TRUNCATE=y -CONFIG_FEATURE_LESS_MARKS=y -CONFIG_FEATURE_LESS_REGEXP=y -CONFIG_FEATURE_LESS_WINCH=y -CONFIG_FEATURE_LESS_ASK_TERMINAL=y -CONFIG_FEATURE_LESS_DASHCMD=y -CONFIG_FEATURE_LESS_LINENUMS=y -CONFIG_FEATURE_LESS_RAW=y -CONFIG_FEATURE_LESS_ENV=y -CONFIG_LSSCSI=y -CONFIG_MAKEDEVS=y -# CONFIG_FEATURE_MAKEDEVS_LEAF is not set -CONFIG_FEATURE_MAKEDEVS_TABLE=y -CONFIG_MAN=y -CONFIG_MICROCOM=y -CONFIG_MT=y -CONFIG_NANDWRITE=y -CONFIG_NANDDUMP=y -CONFIG_PARTPROBE=y -CONFIG_RAIDAUTORUN=y -CONFIG_READAHEAD=y -# CONFIG_RFKILL is not set -CONFIG_RUNLEVEL=y -CONFIG_RX=y -CONFIG_SETFATTR=y -CONFIG_SETSERIAL=y -CONFIG_STRINGS=y -CONFIG_TIME=y -CONFIG_TTYSIZE=y -CONFIG_UBIATTACH=y -CONFIG_UBIDETACH=y -CONFIG_UBIMKVOL=y -CONFIG_UBIRMVOL=y -CONFIG_UBIRSVOL=y -CONFIG_UBIUPDATEVOL=y -CONFIG_UBIRENAME=y -CONFIG_VOLNAME=y -CONFIG_WATCHDOG=y -# -# Networking Utilities -# -CONFIG_FEATURE_IPV6=y -# CONFIG_FEATURE_UNIX_LOCAL is not set -CONFIG_FEATURE_PREFER_IPV4_ADDRESS=y -CONFIG_VERBOSE_RESOLUTION_ERRORS=y -CONFIG_FEATURE_TLS_SHA1=y -CONFIG_ARP=y -CONFIG_ARPING=y -CONFIG_BRCTL=y -CONFIG_FEATURE_BRCTL_FANCY=y -CONFIG_FEATURE_BRCTL_SHOW=y -CONFIG_DNSD=y -CONFIG_ETHER_WAKE=y -CONFIG_FTPD=y -CONFIG_FEATURE_FTPD_WRITE=y -CONFIG_FEATURE_FTPD_ACCEPT_BROKEN_LIST=y -CONFIG_FEATURE_FTPD_AUTHENTICATION=y -CONFIG_FTPGET=y -CONFIG_FTPPUT=y -CONFIG_FEATURE_FTPGETPUT_LONG_OPTIONS=y -CONFIG_HOSTNAME=y -CONFIG_DNSDOMAINNAME=y -CONFIG_HTTPD=y -CONFIG_FEATURE_HTTPD_RANGES=y -CONFIG_FEATURE_HTTPD_SETUID=y -CONFIG_FEATURE_HTTPD_BASIC_AUTH=y -CONFIG_FEATURE_HTTPD_AUTH_MD5=y -CONFIG_FEATURE_HTTPD_CGI=y -CONFIG_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR=y -CONFIG_FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV=y -CONFIG_FEATURE_HTTPD_ENCODE_URL_STR=y -CONFIG_FEATURE_HTTPD_ERROR_PAGES=y -CONFIG_FEATURE_HTTPD_PROXY=y -CONFIG_FEATURE_HTTPD_GZIP=y -CONFIG_IFCONFIG=y -CONFIG_FEATURE_IFCONFIG_STATUS=y -CONFIG_FEATURE_IFCONFIG_SLIP=y -CONFIG_FEATURE_IFCONFIG_MEMSTART_IOADDR_IRQ=y -CONFIG_FEATURE_IFCONFIG_HW=y -CONFIG_FEATURE_IFCONFIG_BROADCAST_PLUS=y -CONFIG_IFENSLAVE=y -CONFIG_IFPLUGD=y -CONFIG_IFUP=y -CONFIG_IFDOWN=y -CONFIG_IFUPDOWN_IFSTATE_PATH="/var/run/ifstate" -CONFIG_FEATURE_IFUPDOWN_IP=y -CONFIG_FEATURE_IFUPDOWN_IPV4=y -CONFIG_FEATURE_IFUPDOWN_IPV6=y -CONFIG_FEATURE_IFUPDOWN_MAPPING=y -# CONFIG_FEATURE_IFUPDOWN_EXTERNAL_DHCP is not set -CONFIG_INETD=y -CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_ECHO=y -CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DISCARD=y -CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_TIME=y -CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DAYTIME=y -CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN=y -CONFIG_FEATURE_INETD_RPC=y -CONFIG_IP=y -CONFIG_IPADDR=y -CONFIG_IPLINK=y -CONFIG_IPROUTE=y -CONFIG_IPTUNNEL=y -CONFIG_IPRULE=y -CONFIG_IPNEIGH=y -CONFIG_FEATURE_IP_ADDRESS=y -CONFIG_FEATURE_IP_LINK=y -CONFIG_FEATURE_IP_ROUTE=y -CONFIG_FEATURE_IP_ROUTE_DIR="/etc/iproute2" -CONFIG_FEATURE_IP_TUNNEL=y -CONFIG_FEATURE_IP_RULE=y -CONFIG_FEATURE_IP_NEIGH=y -# CONFIG_FEATURE_IP_RARE_PROTOCOLS is not set -CONFIG_IPCALC=y -CONFIG_FEATURE_IPCALC_LONG_OPTIONS=y -CONFIG_FEATURE_IPCALC_FANCY=y -CONFIG_FAKEIDENTD=y -CONFIG_NAMEIF=y -CONFIG_FEATURE_NAMEIF_EXTENDED=y -CONFIG_NBDCLIENT=y -CONFIG_NC=y -# CONFIG_NETCAT is not set -CONFIG_NC_SERVER=y -CONFIG_NC_EXTRA=y -CONFIG_NC_110_COMPAT=y -CONFIG_NETSTAT=y -CONFIG_FEATURE_NETSTAT_WIDE=y -CONFIG_FEATURE_NETSTAT_PRG=y -CONFIG_NSLOOKUP=y -CONFIG_FEATURE_NSLOOKUP_BIG=y -CONFIG_FEATURE_NSLOOKUP_LONG_OPTIONS=y -CONFIG_NTPD=y -CONFIG_FEATURE_NTPD_SERVER=y -CONFIG_FEATURE_NTPD_CONF=y -CONFIG_FEATURE_NTP_AUTH=y -CONFIG_PING=y -CONFIG_PING6=y -CONFIG_FEATURE_FANCY_PING=y -CONFIG_PSCAN=y -CONFIG_ROUTE=y -CONFIG_SLATTACH=y -CONFIG_SSL_CLIENT=y -CONFIG_TC=y -CONFIG_FEATURE_TC_INGRESS=y -CONFIG_TCPSVD=y -CONFIG_UDPSVD=y -CONFIG_TELNET=y -CONFIG_FEATURE_TELNET_TTYPE=y -CONFIG_FEATURE_TELNET_AUTOLOGIN=y -CONFIG_FEATURE_TELNET_WIDTH=y -CONFIG_TELNETD=y -CONFIG_FEATURE_TELNETD_STANDALONE=y -CONFIG_FEATURE_TELNETD_INETD_WAIT=y -CONFIG_TFTP=y -CONFIG_FEATURE_TFTP_PROGRESS_BAR=y -CONFIG_TFTPD=y -CONFIG_FEATURE_TFTP_GET=y -CONFIG_FEATURE_TFTP_PUT=y -CONFIG_FEATURE_TFTP_BLOCKSIZE=y -# CONFIG_TFTP_DEBUG is not set -CONFIG_TLS=y -CONFIG_TRACEROUTE=y -CONFIG_TRACEROUTE6=y -CONFIG_FEATURE_TRACEROUTE_VERBOSE=y -# CONFIG_FEATURE_TRACEROUTE_USE_ICMP is not set -CONFIG_TUNCTL=y -CONFIG_FEATURE_TUNCTL_UG=y -CONFIG_VCONFIG=y -CONFIG_WGET=y -CONFIG_FEATURE_WGET_LONG_OPTIONS=y -CONFIG_FEATURE_WGET_STATUSBAR=y -CONFIG_FEATURE_WGET_AUTHENTICATION=y -CONFIG_FEATURE_WGET_TIMEOUT=y -CONFIG_FEATURE_WGET_HTTPS=y -CONFIG_FEATURE_WGET_OPENSSL=y -CONFIG_WHOIS=y -CONFIG_ZCIP=y -CONFIG_UDHCPD=y -# CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set -CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY=y -CONFIG_DHCPD_LEASES_FILE="/var/lib/misc/udhcpd.leases" -CONFIG_DUMPLEASES=y -CONFIG_DHCPRELAY=y -CONFIG_UDHCPC=y -CONFIG_FEATURE_UDHCPC_ARPING=y -CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y -CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script" -# CONFIG_UDHCPC6 is not set -# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set -# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set -# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set -# CONFIG_FEATURE_UDHCPC6_RFC5970 is not set -# -# Common options for DHCP applets -# -CONFIG_FEATURE_UDHCP_PORT=y -CONFIG_UDHCP_DEBUG=0 -CONFIG_UDHCPC_SLACK_FOR_BUGGY_SERVERS=80 -CONFIG_FEATURE_UDHCP_RFC3397=y -CONFIG_FEATURE_UDHCP_8021Q=y -CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="-R -n" -# -# Print Utilities -# -CONFIG_LPD=y -CONFIG_LPR=y -CONFIG_LPQ=y -# -# Mail Utilities -# -CONFIG_MAKEMIME=y -CONFIG_POPMAILDIR=y -CONFIG_FEATURE_POPMAILDIR_DELIVERY=y -CONFIG_REFORMIME=y -CONFIG_FEATURE_REFORMIME_COMPAT=y -CONFIG_SENDMAIL=y -CONFIG_FEATURE_MIME_CHARSET="us-ascii" -# -# Process Utilities -# -CONFIG_FREE=y -CONFIG_FUSER=y -CONFIG_IOSTAT=y -CONFIG_KILL=y -CONFIG_KILLALL=y -CONFIG_KILLALL5=y -CONFIG_LSOF=y -CONFIG_MPSTAT=y -CONFIG_NMETER=y -CONFIG_PGREP=y -CONFIG_PKILL=y -CONFIG_PIDOF=y -CONFIG_FEATURE_PIDOF_SINGLE=y -CONFIG_FEATURE_PIDOF_OMIT=y -CONFIG_PMAP=y -CONFIG_POWERTOP=y -CONFIG_FEATURE_POWERTOP_INTERACTIVE=y -CONFIG_PS=y -# CONFIG_FEATURE_PS_WIDE is not set -# CONFIG_FEATURE_PS_LONG is not set -CONFIG_FEATURE_PS_TIME=y -# CONFIG_FEATURE_PS_UNUSUAL_SYSTEMS is not set -CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS=y -CONFIG_PSTREE=y -CONFIG_PWDX=y -CONFIG_SMEMCAP=y -CONFIG_BB_SYSCTL=y -CONFIG_TOP=y -CONFIG_FEATURE_TOP_INTERACTIVE=y -CONFIG_FEATURE_TOP_CPU_USAGE_PERCENTAGE=y -CONFIG_FEATURE_TOP_CPU_GLOBAL_PERCENTS=y -CONFIG_FEATURE_TOP_SMP_CPU=y -CONFIG_FEATURE_TOP_DECIMALS=y -CONFIG_FEATURE_TOP_SMP_PROCESS=y -CONFIG_FEATURE_TOPMEM=y -CONFIG_UPTIME=y -CONFIG_FEATURE_UPTIME_UTMP_SUPPORT=y -CONFIG_WATCH=y -CONFIG_FEATURE_SHOW_THREADS=y -# -# Runit Utilities -# -CONFIG_CHPST=y -CONFIG_SETUIDGID=y -CONFIG_ENVUIDGID=y -CONFIG_ENVDIR=y -CONFIG_SOFTLIMIT=y -CONFIG_RUNSV=y -CONFIG_RUNSVDIR=y -# CONFIG_FEATURE_RUNSVDIR_LOG is not set -CONFIG_SV=y -CONFIG_SV_DEFAULT_SERVICE_DIR="/var/service" -CONFIG_SVC=y -CONFIG_SVOK=y -CONFIG_SVLOGD=y -# CONFIG_CHCON is not set -# CONFIG_GETENFORCE is not set -# CONFIG_GETSEBOOL is not set -# CONFIG_LOAD_POLICY is not set -# CONFIG_MATCHPATHCON is not set -# CONFIG_RUNCON is not set -# CONFIG_SELINUXENABLED is not set -# CONFIG_SESTATUS is not set -# CONFIG_SETENFORCE is not set -# CONFIG_SETFILES is not set -# CONFIG_FEATURE_SETFILES_CHECK_OPTION is not set -# CONFIG_RESTORECON is not set -# CONFIG_SETSEBOOL is not set -# -# Shells -# -CONFIG_SH_IS_ASH=y -# CONFIG_SH_IS_HUSH is not set -# CONFIG_SH_IS_NONE is not set -# CONFIG_BASH_IS_ASH is not set -# CONFIG_BASH_IS_HUSH is not set -CONFIG_BASH_IS_NONE=y -CONFIG_ASH=y -CONFIG_ASH_OPTIMIZE_FOR_SIZE=y -CONFIG_ASH_INTERNAL_GLOB=y -CONFIG_ASH_BASH_COMPAT=y -# CONFIG_ASH_BASH_SOURCE_CURDIR is not set -CONFIG_ASH_BASH_NOT_FOUND_HOOK=y -CONFIG_ASH_JOB_CONTROL=y -CONFIG_ASH_ALIAS=y -CONFIG_ASH_RANDOM_SUPPORT=y -CONFIG_ASH_EXPAND_PRMT=y -# CONFIG_ASH_IDLE_TIMEOUT is not set -# CONFIG_ASH_MAIL is not set -CONFIG_ASH_ECHO=y -CONFIG_ASH_PRINTF=y -CONFIG_ASH_TEST=y -CONFIG_ASH_HELP=y -CONFIG_ASH_GETOPTS=y -CONFIG_ASH_CMDCMD=y -CONFIG_CTTYHACK=y -CONFIG_HUSH=y -CONFIG_HUSH_BASH_COMPAT=y -CONFIG_HUSH_BRACE_EXPANSION=y -CONFIG_HUSH_LINENO_VAR=y -# CONFIG_HUSH_BASH_SOURCE_CURDIR is not set -CONFIG_HUSH_INTERACTIVE=y -CONFIG_HUSH_SAVEHISTORY=y -CONFIG_HUSH_JOB=y -CONFIG_HUSH_TICK=y -CONFIG_HUSH_IF=y -CONFIG_HUSH_LOOPS=y -CONFIG_HUSH_CASE=y -CONFIG_HUSH_FUNCTIONS=y -CONFIG_HUSH_LOCAL=y -CONFIG_HUSH_RANDOM_SUPPORT=y -CONFIG_HUSH_MODE_X=y -CONFIG_HUSH_ECHO=y -CONFIG_HUSH_PRINTF=y -CONFIG_HUSH_TEST=y -CONFIG_HUSH_HELP=y -CONFIG_HUSH_EXPORT=y -CONFIG_HUSH_EXPORT_N=y -CONFIG_HUSH_READONLY=y -CONFIG_HUSH_KILL=y -CONFIG_HUSH_WAIT=y -CONFIG_HUSH_COMMAND=y -CONFIG_HUSH_TRAP=y -CONFIG_HUSH_TYPE=y -CONFIG_HUSH_TIMES=y -CONFIG_HUSH_READ=y -CONFIG_HUSH_SET=y -CONFIG_HUSH_UNSET=y -CONFIG_HUSH_ULIMIT=y -CONFIG_HUSH_UMASK=y -CONFIG_HUSH_GETOPTS=y -# CONFIG_HUSH_MEMLEAK is not set -# -# Options common to all shells -# -CONFIG_FEATURE_SH_MATH=y -CONFIG_FEATURE_SH_MATH_64=y -CONFIG_FEATURE_SH_EXTRA_QUIET=y -# CONFIG_FEATURE_SH_STANDALONE is not set -# CONFIG_FEATURE_SH_NOFORK is not set -CONFIG_FEATURE_SH_READ_FRAC=y -CONFIG_FEATURE_SH_HISTFILESIZE=y -CONFIG_FEATURE_SH_EMBEDDED_SCRIPTS=y -# -# System Logging Utilities -# -CONFIG_KLOGD=y -# -# klogd should not be used together with syslog to kernel printk buffer -# -CONFIG_FEATURE_KLOGD_KLOGCTL=y -CONFIG_LOGGER=y -CONFIG_LOGREAD=y -CONFIG_FEATURE_LOGREAD_REDUCED_LOCKING=y -CONFIG_SYSLOGD=y -CONFIG_FEATURE_ROTATE_LOGFILE=y -CONFIG_FEATURE_REMOTE_LOG=y -CONFIG_FEATURE_SYSLOGD_DUP=y -CONFIG_FEATURE_SYSLOGD_CFG=y -CONFIG_FEATURE_SYSLOGD_READ_BUFFER_SIZE=256 -CONFIG_FEATURE_IPC_SYSLOG=y -CONFIG_FEATURE_IPC_SYSLOG_BUFFER_SIZE=16 -CONFIG_FEATURE_KMSG_SYSLOG=y diff --git a/SPECS/busybox/busybox.signatures.json b/SPECS/busybox/busybox.signatures.json deleted file mode 100644 index 8a88b60df62..00000000000 --- a/SPECS/busybox/busybox.signatures.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "Signatures": { - "busybox-1.31.1.tar.bz2": "d0f940a72f648943c1f2211e0e3117387c31d765137d92bd8284a3fb9752a998", - "busybox-petitboot.config": "28a4006863e0125bb564159c120067cb83b52ee0a829579cd399274cc78a10be", - "busybox-static.config": "6f2f534548da57df8b1f5fd4dfe6ceece0f1b97bf7d0baa4c484ac9850cf8e37" - } -} \ No newline at end of file diff --git a/SPECS/busybox/busybox.spec b/SPECS/busybox/busybox.spec deleted file mode 100644 index 7cf961f140c..00000000000 --- a/SPECS/busybox/busybox.spec +++ /dev/null @@ -1,603 +0,0 @@ -Summary: Statically linked binary providing simplified versions of system commands -Name: busybox -Version: 1.31.1 -Release: 3%{?dist} -License: GPLv2 -URL: http://www.busybox.net - -Source: http://www.busybox.net/downloads/%{name}-%{version}.tar.bz2 -Source1: busybox-static.config -Source2: busybox-petitboot.config - -Patch0: busybox-1.31.1-stime-fix.patch - -BuildRequires: gcc -BuildRequires: libselinux-devel >= 1.27.7-2 -BuildRequires: libsepol-devel -BuildRequires: glibc-devel -# This package used to include a bundled copy of uClibc, but we now -# use the system copy. -%ifnarch aarch64 -BuildRequires: uclibc-devel -%endif - -# libbb/hash_md5_sha.c -# https://bugzilla.redhat.com/1024549 -Provides: bundled(md5-drepper2) - -%package petitboot -Summary: Version of busybox configured for use with petitboot - -%description -Busybox is a single binary which includes versions of a large number -of system commands, including a shell. This package can be very -useful for recovering from certain types of system failures, -particularly those involving broken shared libraries. - -%description petitboot -Busybox is a single binary which includes versions of a large number -of system commands, including a shell. The version contained in this -package is a minimal configuration intended for use with the Petitboot -bootloader used on PlayStation 3. The busybox package provides a binary -better suited to normal use. - -%prep -%setup -q -%patch0 -p1 -b .stime - -%build -# create static busybox - the executable is kept as busybox-static -# We use uclibc instead of system glibc, uclibc is several times -# smaller, this is important for static build. -# uclibc can't be built on ppc64,s390,ia64, we set $arch to "" in this case -arch=`uname -m | sed -e 's/i.86/i386/' -e 's/armv7l/arm/' -e 's/armv5tel/arm/' -e 's/aarch64//' -e 's/ppc64le//' -e 's/ppc64//' -e 's/powerpc64//' -e 's/ppc//' -e 's/ia64//' -e 's/s390.*//'` - -cp %{SOURCE1} .config -# set all new options to defaults -yes "" | make oldconfig -# gcc needs to be convinced to use neither system headers, nor libs, -# nor startfiles (i.e. crtXXX.o files) -# Also turn the stack protector off, otherwise the program segfaults. -if test "$arch"; then \ - mv .config .config1 && \ - grep -v ^CONFIG_SELINUX .config1 >.config && \ - yes "" | make oldconfig && \ - cat .config && \ - make V=1 \ - EXTRA_CFLAGS="-g -isystem %{_includedir}/uClibc -fno-stack-protector" \ - CFLAGS_busybox="-static -nostartfiles -L%{_libdir}/uClibc %{_libdir}/uClibc/crt1.o %{_libdir}/uClibc/crti.o %{_libdir}/uClibc/crtn.o"; \ -else \ - mv .config .config1 && \ - grep -v \ - -e ^CONFIG_FEATURE_HAVE_RPC \ - -e ^CONFIG_FEATURE_MOUNT_NFS \ - -e ^CONFIG_FEATURE_INETD_RPC \ - .config1 >.config && \ - echo "# CONFIG_FEATURE_HAVE_RPC is not set" >>.config && \ - echo "# CONFIG_FEATURE_MOUNT_NFS is not set" >>.config && \ - echo "# CONFIG_FEATURE_INETD_RPC is not set" >>.config && \ - yes "" | make oldconfig && \ - cat .config && \ - make V=1 CC="gcc $RPM_OPT_FLAGS"; \ -fi -cp busybox_unstripped busybox.static -cp docs/busybox.1 docs/busybox.static.1 - -# create busybox optimized for petitboot -make clean -# copy new configuration file -cp %{SOURCE2} .config -# set all new options to defaults -yes "" | make oldconfig -# -g is needed for generation of debuginfo. -# (Don't want to use full-blown $RPM_OPT_FLAGS for this, -# it makes binary much bigger: -O2 instead of -Os, many other options) -if test "$arch"; then \ - cat .config && \ - make V=1 \ - EXTRA_CFLAGS="-g -isystem %{_includedir}/uClibc" \ - CFLAGS_busybox="-static -nostartfiles -L%{_libdir}/uClibc %{_libdir}/uClibc/crt1.o %{_libdir}/uClibc/crti.o %{_libdir}/uClibc/crtn.o"; \ -else \ - cat .config && \ - make V=1 CC="%__cc $RPM_OPT_FLAGS"; \ -fi -cp busybox_unstripped busybox.petitboot -cp docs/busybox.1 docs/busybox.petitboot.1 - -%install -mkdir -p $RPM_BUILD_ROOT/sbin -install -m 755 busybox.static $RPM_BUILD_ROOT/sbin/busybox -install -m 755 busybox.petitboot $RPM_BUILD_ROOT/sbin/busybox.petitboot -mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man1 -install -m 644 docs/busybox.static.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1 -install -m 644 docs/busybox.petitboot.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.petitboot.1 - -%files -%doc LICENSE README -/sbin/busybox -%{_mandir}/man1/busybox.1.gz - -%files petitboot -%doc LICENSE README -/sbin/busybox.petitboot -%{_mandir}/man1/busybox.petitboot.1.gz - -%changelog -* Thu Oct 15 2020 Mateusz Malisz - 1.31.1-3 -- Initial CBL-Mariner import from Fedora 32 (license: MIT) -- Add -fno-stack-protector for x86 builds - -* Tue Jan 28 2020 Fedora Release Engineering - 1:1.31.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Wed Nov 13 2019 Tom Callaway - 1:1.31.1-1 -- update to 1.31.1 (fix FTBFS) - -* Wed Jul 24 2019 Fedora Release Engineering - 1:1.30.1-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Mon May 13 2019 Denys Vlasenko - 1:1.30.1-2 -- Tweak .config files - -* Mon May 13 2019 Denys Vlasenko - 1:1.30.1-1 -- Update to 1.30.1 - -* Thu Jan 31 2019 Fedora Release Engineering - 1:1.28.3-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Thu Jul 12 2018 Fedora Release Engineering - 1:1.28.3-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Thu Apr 05 2018 Denys Vlasenko - 1:1.28.3-1 -- Update to 1.28.3 - -* Mon Mar 26 2018 Denys Vlasenko - 1:1.28.2-1 -- Update to 1.28.2 - -* Wed Feb 07 2018 Fedora Release Engineering - 1:1.26.2-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Wed Aug 02 2017 Fedora Release Engineering - 1:1.26.2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Wed Jul 26 2017 Fedora Release Engineering - 1:1.26.2-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Thu Mar 30 2017 Denys Vlasenko - 1:1.26.2-1 -- Update to 1.26.2 - -* Fri Feb 10 2017 Fedora Release Engineering - 1:1.22.1-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Wed Feb 03 2016 Fedora Release Engineering - 1:1.22.1-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Wed Jun 17 2015 Fedora Release Engineering - 1:1.22.1-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Tue Apr 14 2015 Michael Schwendt - 1:1.22.1-3 -- Provides: bundled(md5-drepper2) (rhbz #1024549) - -* Thu Mar 05 2015 Dan Horák - 1:1.22.1-2 -- drop unneeded patch (#1182677) - -* Tue Dec 16 2014 Denys Vlasenko - 1:1.22.1-1 -- Update to 1.22.1 - -* Fri Aug 15 2014 Fedora Release Engineering - 1:1.19.4-15 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Sat Jun 07 2014 Fedora Release Engineering - 1:1.19.4-14 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Mon May 19 2014 Peter Robinson 1:1.19.4-13 -- uClibc not supported on aarch64 - -* Fri May 16 2014 Jaromir Capik - 1:1.19.4-12 -- Disabled uClibc on ppc64le - -* Sat Aug 03 2013 Fedora Release Engineering - 1:1.19.4-11 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Fri May 24 2013 Dan Horák - 1.19.4-10 -- disable uClib on s390(x) - -* Wed May 15 2013 Karsten Hopp 1.19.4-9 -- disable uClibc on ppc, too - -* Wed May 15 2013 Karsten Hopp 1.19.4-8 -- include sys/resource.h for RLIMIT_FSIZE (rhbz #961542) on PPC* - -* Wed Feb 13 2013 Fedora Release Engineering - 1:1.19.4-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild - -* Wed Jul 18 2012 Fedora Release Engineering - 1:1.19.4-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Fri Jun 1 2012 Denys Vlasenko - 1:1.19.4-5 -- Added bboconfig applet - useful for running testsuite - -* Fri Apr 13 2012 Denys Vlasenko - 1:1.19.4-4 -- Fixed breakage with newer kernel headers -- Excluded Sun-RPC dependednt features not available in newer static glibc - -* Mon Mar 12 2012 Denys Vlasenko - 1:1.19.4-3 -- Tweaked spec file again to generate even more proper debuginfo package - -* Wed Mar 7 2012 Denys Vlasenko - 1:1.19.4-2 -- Tweaked spec file to generate proper debuginfo package - -* Tue Feb 28 2012 Denys Vlasenko - 1:1.19.4-1 -- update to 1.19.4 - -* Thu Jan 12 2012 Fedora Release Engineering - 1:1.19.3-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild - -* Mon Oct 31 2011 Denys Vlasenko - 1:1.19.3-1 -- update to 1.19.3 - -* Sat Aug 27 2011 Daniel Drake - 1:1.18.2-6 -- Fix compilation against uClibc and Linux-3.0 headers - -* Fri Aug 26 2011 Daniel Drake - 1:1.18.2-5 -- Remove Linux 2.4 support from insmod/modprobe/etc. -- Fixes build failures on ARM, where such ancient syscalls are not present - -* Sat Jun 11 2011 Peter Robinson - 1:1.18.2-4 -- Add support for ARM - -* Tue Feb 08 2011 Fedora Release Engineering - 1:1.18.2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Mon Feb 7 2011 Tom Callaway - 1:1.18.2-2 -- apply fixes from upstream - -* Mon Feb 7 2011 Tom Callaway - 1:1.18.2-1 -- update to 1.18.2 -- use system uClibc - -* Mon Oct 4 2010 Denys Vlasenko - 1:1.15.1-10 -- add compatibility with man-db config file (#639461) - -* Wed Sep 29 2010 jkeating - 1:1.15.1-9 -- Rebuilt for gcc bug 634757 - -* Fri Sep 17 2010 Denys Vlasenko - 1:1.15.1-8 -- fix build system so that it works with make 3.82 too - -* Wed May 5 2010 Denys Vlasenko - 1:1.15.1-7 -- teach uclibc to use /etc/localtime - -* Wed Feb 24 2010 Denys Vlasenko - 1:1.15.1-6 -- tweak installed docs - -* Wed Jan 27 2010 Denys Vlasenko - 1:1.15.1-5 -- enable Fedora-specific uname -p behavior (#534081) - -* Fri Nov 26 2009 Denys Vlasenko - 1:1.15.1-4 -- make uclibc use 32-bit compat struct utmp (#541587) - -* Fri Nov 10 2009 Denys Vlasenko - 1:1.15.1-3 -- re-enable rpm applet (#534092) - -* Fri Oct 2 2009 Denys Vlasenko - 1:1.15.1-2 -- add manpage generation (#525658) - -* Sun Sep 13 2009 Denys Vlasenko - 1:1.15.1-1 -- Rebase to 1.15.1 - -* Fri Sep 11 2009 Denys Vlasenko - 1:1.14.1-6 -- REALLY fix build on s390, ia64 - -* Fri Sep 11 2009 Denys Vlasenko - 1:1.14.1-5 -- fix build on s390, ia64 - -* Wed Sep 02 2009 Chris Lumens 1.14.1-4 -- Remove busybox-anaconda (#514319). - -* Fri Jul 24 2009 Fedora Release Engineering - 1:1.14.1-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Fri Jun 12 2009 Ivana Varekova - 1:1.14.1-2 -- add new options to readlink - patch created by Denys Valsenko - -* Thu May 28 2009 Ivana Varekova - 1:1.14.1-1 -- fix ppc problem -- update to 1.14.1 - -* Sun May 24 2009 Milos Jakubicek - 1:1.13.2-4 -- Fixing FTBFS on i586/x86_64/ppc, ppc64 still an issue: -- Updated uClibc to 0.9.30.1, subsequently: -- Removed uClibc-0.9.30 patch (merged upstream). -- Added uClibc-0.9.30.1-getline.patch -- prevents conflicts with getline() - from stdio.h -- Temporarily disable C99 math to bypass ppc bug, see https://bugs.uclibc.org/show_bug.cgi?id=55 - -* Mon Feb 23 2009 Fedora Release Engineering - 1:1.13.2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - -* Mon Feb 9 2009 Ivana Varekova - 1:1.13.2-2 -- use uClibc instead of glibc for static build - thanks Denys Vlasenko - -* Mon Jan 19 2009 Ivana Varekova - 1:1.13.2-1 -- update to 1.13.2 - -* Tue Dec 2 2008 Ivana Varekova - 1:1.12.1-2 -- enable selinux in static version of busybox (#462724) - -* Mon Nov 10 2008 Ivana Varekova - 1:1.12.1-1 -- update to 1.12.1 - -* Tue Aug 26 2008 Ivana Varekova - 1:1.10.3-3 -- fix findfs problem - #455998 - -* Wed Jul 23 2008 Ivana Varekova - 1:1.10.3-2 -- add findfs to static version of busybox - (kexec-tools need it #455998) - -* Tue Jun 10 2008 Ivana Varekova - 1:1.10.3-1 -- update to 1.10.3 - -* Fri May 16 2008 Ivana Varekova - 1:1.10.2-1 -- update to 1.10.2 - -* Thu May 9 2008 Ivana Varekova - 1:1.10.1-1 -- update to 1.10.1 - -* Thu Feb 14 2008 Ivana Varekova - 1:1.9.1-1 -- update to 1.9.1 -- fix a problem with netfilter.h - thanks dwmw2 - -* Fri Feb 8 2008 Ivana Varekova - 1:1.9.0-2 -- fix hwclock on ia64 machines - -* Mon Jan 7 2008 Ivana Varekova - 1:1.9.0-1 -- update to 1.9.0 - -* Mon Dec 3 2007 Ivana Varekova - 1:1.8.2-1 -- update to 1.8.2 - -* Wed Nov 21 2007 Ivana Varekova - 1:1.8.1-1 -- update to 1.8.1 - -* Tue Nov 6 2007 Ivana Varekova - 1:1.7.3-1 -- update to 1.7.3 -- remove --gc-sections from static build Makefile - -* Thu Nov 1 2007 Ivana Varekova - 1:1.7.2-4 -- fix 359371 - problem with grep output - -* Wed Oct 31 2007 Ivana Varekova - 1:1.7.2-3 -- fix another sed problem (forgotten fflush - #356111) - -* Mon Oct 29 2007 Ivana Varekova - 1:1.7.2-2 -- fix sed problem with output (#356111) - -* Mon Oct 22 2007 Ivana Varekova - 1:1.7.2-1 -- update to 1.7.2 - -* Tue Sep 4 2007 Ivana Varekova - 1:1.6.1-2 -- spec file cleanup - -* Mon Jul 23 2007 Ivana Varekova - 1:1.6.1-1 -- update to 1.6.1 - -* Fri Jun 1 2007 Ivana Varekova - 1:1.5.1-2 -- add msh shell - -* Thu May 24 2007 Ivana Varekova - 1:1.5.1-1 -- update to 1.5.1 - -* Sat Apr 7 2007 David Woodhouse - 1:1.2.2-8 -- Add busybox-petitboot subpackage - -* Mon Apr 2 2007 Ivana Varekova - 1:1.2.2-7 -- Resolves: 234769 - busybox ls does not work without a tty - -* Mon Feb 19 2007 Ivana Varekova - 1:1.2.2-6 -- incorporate package review feedback - -* Fri Feb 2 2007 Ivana Varekova - 1:1.2.2-5 -- fix id_ps patch (thanks Chris MacGregor) - -* Tue Jan 30 2007 Ivana Varekova - 1:1.2.2-4 -- remove debuginfo - -* Mon Jan 22 2007 Ivana Varekova - 1:1.2.2-3 -- Resolves: 223620 - id output shows context twice -- fix iptunnel x kernel-headers problem - -* Mon Dec 10 2006 Ivana Varekova - 1:1.2.2-2 -- enable ash - -* Thu Nov 16 2006 Ivana Varekova - 1:1.2.2-1 -- update to 1.2.2 - -* Mon Aug 28 2006 Ivana Varekova - 1:1.2.0-3 -- fix #200470 - dmesg aborts - backport dmesg upstream changes - -* Mon Aug 28 2006 Ivana Varekova - 1:1.2.0-2 -- fix #202891 - tar problem - -* Wed Jul 12 2006 Jesse Keating - 1:1.2.0-1.1 -- rebuild - -* Tue Jul 4 2006 Ivana Varekova - 1:1.2.0-1 -- update to 1.2.0 - -* Thu Jun 8 2006 Jeremy Katz - 1:1.1.3-2 -- fix so that busybox.anaconda has sh - -* Wed May 31 2006 Ivana Varekova - 1:1.1.3-1 -- update to 1.1.3 - -* Mon May 29 2006 Ivana Varekova - 1:1.1.2-3 -- fix Makefile typo (#193354) - -* Fri May 5 2006 Ivana Varekova - 1:1.1.2-1 -- update to 1.1.2 - -* Thu May 4 2006 Ivana Varekova - 1:1.1.1-2 -- add -Z option to id command, rename ps command -Z option (#190534) - -* Wed May 03 2006 Ivana Varekova - 1:1.1.1-1 -- update to 1.1.1 -- fix CVE-2006-1058 - BusyBox passwd command - fails to generate password with salt (#187386) -- add -minimal-toc option -- add RPM_OPT_FLAGS -- remove asm/page.h used sysconf command to get PAGE_SIZE -- add overfl patch to aviod Buffer warning - -* Fri Feb 10 2006 Jesse Keating - 1:1.01-2.2.1 -- bump again for double-long bug on ppc(64) - -* Tue Feb 07 2006 Jesse Keating - 1:1.01-2.2 -- rebuilt for new gcc4.1 snapshot and glibc changes - -* Fri Dec 09 2005 Jesse Keating -- rebuilt - -* Thu Oct 13 2005 Daniel Walsh - 1.01-2 -- Add sepol for linking load_policy - -* Thu Sep 1 2005 Ivana Varekova - 1.01-1 -- update to 1.01 - -* Tue May 11 2005 Ivana Varekova - 1.00-5 -- add debug files to debug_package - -* Mon Mar 7 2005 Ivana Varekova - 1.00-4 -- rebuilt - -* Wed Jan 26 2005 Ivana Varekova - 1.00-3 -- update to 1.00 - fix bug #145681 -- rebuild - -* Thu Jan 13 2005 Jeremy Katz - 1.00.rc1-6 -- enable ash as the shell in busybox-anaconda - -* Sat Oct 2 2004 Bill Nottingham - 1.00.rc1-5 -- fix segfault in SELinux patch (#134404, #134406) - -* Fri Sep 17 2004 Phil Knirsch - 1.00.rc1-4 -- Fixed double free in freecon() call (#132809) - -* Fri Sep 10 2004 Daniel Walsh - 1.00.rc1-3 -- Add CONFIG_STATIC=y for static builds - -* Wed Aug 25 2004 Jeremy Katz - 1.00.rc1-2 -- rebuild - -* Fri Jun 25 2004 Dan Walsh 1.00-pre10.1 -- Add BuildRequires libselinux-devel -- Update to latest from upstream - -* Tue Jun 15 2004 Elliot Lee -- rebuilt - -* Tue May 11 2004 Karsten Hopp 1.00.pre8-4 -- add mknod to busybox-anaconda - -* Wed Apr 21 2004 Karsten Hopp 1.00.pre8-3 -- fix LS_COLOR in anaconda patch - -* Tue Mar 23 2004 Jeremy Katz 1.00.pre8-2 -- add awk to busybox-anaconda - -* Sat Mar 20 2004 Dan Walsh 1.00-pre8.1 -- Update with latest patch. -- Turn off LS_COLOR in static patch - -* Fri Feb 13 2004 Elliot Lee -- rebuilt - -* Tue Jan 27 2004 Dan Walsh 1.00-pre5.2 -- Fix is_selinux_enabled calls - -* Mon Dec 29 2003 Dan Walsh 1.00-pre5.1 --Latest update - -* Wed Nov 26 2003 Dan Walsh 1.00-pre3.2 -- Add insmod - -* Mon Sep 15 2003 Dan Walsh 1.00-pre3.1 -- Upgrade to pre3 - -* Thu Sep 11 2003 Dan Walsh 1.00.2 -- Upgrade selinux support - -* Wed Jul 23 2003 Dan Walsh 1.00.1 -- Upgrade to 1.00 package - -* Wed Jul 16 2003 Elliot Lee 0.60.5-10 -- Rebuild - -* Mon Jul 14 2003 Jeremy Katz 0.60.5-9 -- rebuild - -* Mon Jul 14 2003 Jeremy Katz 0.60.5-8 -- add dmesg to busybox-anaconda - -* Wed Jun 04 2003 Elliot Lee -- rebuilt - -* Wed Jan 22 2003 Tim Powers -- rebuilt - -* Mon Jan 13 2003 Jeremy Katz 0.60.5-5 -- lost nolock for anaconda mount when rediffing, it returns (#81764) - -* Mon Jan 6 2003 Dan Walsh 0.60.5-4 -- Upstream developers wanted to eliminate the use of floats - -* Thu Jan 3 2003 Dan Walsh 0.60.5-3 -- Fix free to work on large memory machines. - -* Sat Dec 28 2002 Jeremy Katz 0.60.5-2 -- update Config.h for anaconda build to include more useful utils - -* Thu Dec 19 2002 Dan Walsh 0.60.5-1 -- update latest release - -* Thu Dec 19 2002 Dan Walsh 0.60.2-8 -- incorporate hammer changes - -* Fri Jun 21 2002 Tim Powers -- automated rebuild - -* Thu May 23 2002 Tim Powers -- automated rebuild - -* Mon May 06 2002 Florian La Roche -- fix compilation on mainframe - -* Tue Apr 2 2002 Jeremy Katz -- fix static busybox (#60701) - -* Thu Feb 28 2002 Jeremy Katz -- don't include mknod in busybox.anaconda so we get collage mknod - -* Fri Feb 22 2002 Jeremy Katz -- rebuild in new environment - -* Wed Jan 30 2002 Jeremy Katz -- update to 0.60.2 -- include more pieces for the anaconda version so that collage can go away -- make the mount in busybox.anaconda default to -onolock - -* Wed Jan 09 2002 Tim Powers -`- automated rebuild - -* Mon Jul 9 2001 Tim Powers -- don't obsolete sash -- fix URL and spelling in desc. to satisfy rpmlint - -* Thu Jul 05 2001 Florian La Roche -- add missing defattr for anaconda subpackage - -* Thu Jun 28 2001 Erik Troan -- initial build for Red Hat diff --git a/SPECS/ca-certificates/ca-certificates.spec b/SPECS/ca-certificates/ca-certificates.spec index a22516e67ca..a134d7fa513 100644 --- a/SPECS/ca-certificates/ca-certificates.spec +++ b/SPECS/ca-certificates/ca-certificates.spec @@ -63,7 +63,7 @@ Name: ca-certificates # The files, certdata.txt and nssckbi.h, should be taken from a released version of NSS, as published # at https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/ # -# The versions that are used by the latest released version of +# The versions that are used by the latest released version of # Mozilla Firefox should be available from: # https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h # https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt @@ -74,7 +74,7 @@ Name: ca-certificates # (but these files might have not yet been released). Version: 20200720 -Release: 10%{?dist} +Release: 9%{?dist} License: MPLv2.0 URL: https://hg.mozilla.org Group: System Environment/Security @@ -189,14 +189,6 @@ Requires: %{name}-shared = %{version}-%{release} Provides a legacy version of ca-bundle.crt in the format of "[hash].0 -> [hash].pem" pairs under /etc/pki/tls/certs. -%package static -Summary: ca-certs package with minimized runtime requirements -Group: System Environment/Security -Requires: %{name}-shared = %{version}-%{release} - -%description static -Provides ca-certificates while minimizing the runtime dependencies. This package does not contain the post section. - %prep -q rm -rf %{name} mkdir %{name} @@ -371,21 +363,6 @@ rm -f %{pkidir}/tls/certs/*.{0,pem} %files shared %license LICENSE -%files static -# base files -%{_datadir}/pki/ca-trust-source/%{p11_format_base_bundle} -%{_datadir}/pki/ca-trust-legacy/%{legacy_default_base_bundle} -%{_datadir}/pki/ca-trust-legacy/%{legacy_disable_base_bundle} -# main pkg files -%{_datadir}/pki/ca-trust-source/%{p11_format_mozilla_bundle} -%{_datadir}/pki/ca-trust-legacy/%{legacy_default_mozilla_bundle} -%{_datadir}/pki/ca-trust-legacy/%{legacy_disable_mozilla_bundle} -# microsoft files -%{_datadir}/pki/ca-trust-source/%{p11_format_microsoft_bundle} -%{_datadir}/pki/ca-trust-legacy/%{legacy_default_microsoft_bundle} -%{_datadir}/pki/ca-trust-legacy/%{legacy_disable_microsoft_bundle} - - %config(noreplace) %{catrustdir}/ca-legacy.conf # symlinks for old locations @@ -448,9 +425,6 @@ rm -f %{pkidir}/tls/certs/*.{0,pem} %{_bindir}/bundle2pem.sh %changelog -* Fri Oct 23 2020 Mateusz Malisz - 2020.7.20-10 -- Added "static" package which provides certificates while minimizing dependencies. - * Wed Oct 21 2020 Pawel Winogrodzki - 20200720-9 - Switching to the correct source for the Microsoft bundle. @@ -506,7 +480,7 @@ rm -f %{pkidir}/tls/certs/*.{0,pem} *Wed Jun 19 2019 Bob Relyea 2019.2.32-1.0 - Update to CKBI 2.32 from NSS 3.44 - Removing: + Removing: # Certificate "Visa eCommerce Root" # Certificate "AC Raiz Certicamara S.A." # Certificate "Certplus Root CA G1" @@ -514,7 +488,7 @@ rm -f %{pkidir}/tls/certs/*.{0,pem} # Certificate "OpenTrust Root CA G1" # Certificate "OpenTrust Root CA G2" # Certificate "OpenTrust Root CA G3" - Adding: + Adding: # Certificate "GTS Root R1" # Certificate "GTS Root R2" # Certificate "GTS Root R3" @@ -717,7 +691,7 @@ rm -f %{pkidir}/tls/certs/*.{0,pem} - Update to CKBI 1.95 from NSS 3.15.3.1 * Fri Sep 06 2013 Kai Engert - 2013.1.94-18 -- Update the Entrust root stapled extension for compatibility with +- Update the Entrust root stapled extension for compatibility with p11-kit version 0.19.2, patch by Stef Walter, rhbz#988745 * Tue Sep 03 2013 Kai Engert - 2013.1.94-17 @@ -750,7 +724,7 @@ rm -f %{pkidir}/tls/certs/*.{0,pem} - adjust to changed and new functionality provided by p11-kit 0.17.3 - updated READMEs to describe the new directory-specific treatment of files - ship a new file that contains certificates with neutral trust -- ship a new file that contains distrust objects, and also staple a +- ship a new file that contains distrust objects, and also staple a basic constraint extension to one legacy root contained in the Mozilla CA list - adjust the build script to dynamically produce most of above files @@ -764,7 +738,7 @@ rm -f %{pkidir}/tls/certs/*.{0,pem} other file format bundles. - Convert old file locations to symbolic links that point to dynamically generated files. -- Old files, which might have been locally modified, will be saved in backup +- Old files, which might have been locally modified, will be saved in backup files with .rpmsave extension. - Added a update-ca-certificates script which can be used to regenerate the merged trusted output. @@ -788,7 +762,7 @@ rm -f %{pkidir}/tls/certs/*.{0,pem} * Wed Oct 24 2012 Paul Wouters - 2012.86-2 - Updated blacklist with 20 entries (Diginotar, Trustwave, Comodo(?) -- Fix to certdata2pem.py to also check for CKT_NSS_NOT_TRUSTED +- Fix to certdata2pem.py to also check for CKT_NSS_NOT_TRUSTED * Tue Oct 23 2012 Paul Wouters - 2012.86-1 - update to r1.86 diff --git a/SPECS/distroless-packages/distroless-packages.spec b/SPECS/distroless-packages/distroless-packages.spec deleted file mode 100644 index 7cbc4a3ab42..00000000000 --- a/SPECS/distroless-packages/distroless-packages.spec +++ /dev/null @@ -1,51 +0,0 @@ -Name: distroless-packages -Summary: Metapackage with core sets of packages for distroless containers -Version: 0.1 -Release: 2%{?dist} -License: MIT -Group: System Environment/Base -URL: http://aka.ms/cbl-mariner -Vendor: Microsoft Corporation -Distribution: Mariner - -%description -Metapackage holding sets of core packages for different applications. - -%package base -Summary: Metapackage defining the basic set of packages (no kernel) used to create a "distroless" container. - -Requires: filesystem -Requires: tzdata -Requires: iana-etc -Requires: ca-certificates-static -Requires: mariner-release -Requires: openssl -Requires: openssl-libs -Requires: glibc-iconv - -%description base -%{summary} - -%package debug -Summary: Debug packages for distroless -Requires: busybox -Requires: %{name}-base = %{version}-%{release} - -%description debug -%{summary} - -%prep - -%build - -%files base - -%files debug - -%changelog -* Thu Oct 15 2020 Mateusz Malisz - 0.1-2 -- Extend the set of requirements for the base image -- Add debug package with busybox - -* Tue Sep 01 2020 Jon Slobodzian - 0.1-1 -- Initial Mariner Version diff --git a/SPECS/glibc/glibc.spec b/SPECS/glibc/glibc.spec index 646b3f1f4a1..e5e258f149d 100644 --- a/SPECS/glibc/glibc.spec +++ b/SPECS/glibc/glibc.spec @@ -1,8 +1,6 @@ %global security_hardening nonow %define glibc_target_cpu %{_build} %define debug_package %{nil} -# Don't depend on bash by default -%define __requires_exclude ^/(bin|usr/bin).*$ Summary: Main C library Name: glibc @@ -32,7 +30,7 @@ Patch9: CVE-2019-6488.nopatch Patch10: CVE-2020-1751.nopatch # Marked by upstream/Ubuntu/Red Hat as not a security bug, no fix available # Rationale: Exploit requires crafted pattern in regex compiler meant only for trusted content -Patch11: CVE-2018-20796.nopatch +Patch11: CVE-2018-20796.nopatch ExcludeArch: armv7 ppc i386 i686 Provides: rtld(GNU_HASH) Provides: /sbin/ldconfig @@ -98,9 +96,8 @@ sed -i 's/\\$$(pwd)/`pwd`/' timezone/Makefile %patch7 -p1 install -vdm 755 %{_builddir}/%{name}-build # do not try to explicitly provide GLIBC_PRIVATE versioned libraries - -%global __find_provides %{_builddir}/%{name}-%{version}/find_provides.sh -%global __find_requires %{_builddir}/%{name}-%{version}/find_requires.sh +%define __find_provides %{_builddir}/%{name}-%{version}/find_provides.sh +%define __find_requires %{_builddir}/%{name}-%{version}/find_requires.sh # create find-provides and find-requires script in order to ignore GLIBC_PRIVATE errors cat > find_provides.sh << _EOF @@ -114,6 +111,17 @@ exit 0 _EOF chmod +x find_provides.sh +cat > find_requires.sh << _EOF +#! /bin/sh +if [ -d /tools ]; then +/tools/lib/rpm/find-requires %{buildroot} %{glibc_target_cpu} | grep -v GLIBC_PRIVATE +else +%{_prefix}/lib/rpm/find-requires %{buildroot} %{glibc_target_cpu} | grep -v GLIBC_PRIVATE +fi +_EOF +chmod +x find_requires.sh +#___EOF + %build CFLAGS="`echo " %{build_cflags} " | sed 's/-Wp,-D_FORTIFY_SOURCE=2//'`" CXXFLAGS="`echo " %{build_cxxflags} " | sed 's/-Wp,-D_FORTIFY_SOURCE=2//'`" @@ -231,8 +239,8 @@ grep "^FAIL: nptl/tst-eintr1" tests.sum >/dev/null && n=$((n+1)) ||: %ifarch aarch64 %exclude /lib %endif +%exclude /lib64/libpcprofile.so %{_lib64dir}/*.so -%{_lib64dir}/audit/* /sbin/ldconfig /sbin/locale-gen.sh %{_bindir}/* @@ -269,6 +277,8 @@ grep "^FAIL: nptl/tst-eintr1" tests.sum >/dev/null && n=$((n+1)) ||: /usr/sbin/zdump /usr/sbin/zic /sbin/sln +%{_lib64dir}/audit/* +/lib64/libpcprofile.so %files nscd %defattr(-,root,root) diff --git a/SPECS/openssl/openssl.spec b/SPECS/openssl/openssl.spec index 12911f3e47a..e69f3bb2ab4 100644 --- a/SPECS/openssl/openssl.spec +++ b/SPECS/openssl/openssl.spec @@ -1,6 +1,3 @@ -# Don't depend on bash by default -%define __requires_exclude ^/(bin|usr/bin).*$ - Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.1.1g @@ -20,6 +17,7 @@ Conflicts: httpd <= 2.4.37 BuildRequires: perl-Test-Warnings BuildRequires: perl-Text-Template +Requires: bash Requires: glibc Requires: libgcc Requires: %{name}-libs = %{version}-%{release} @@ -40,6 +38,7 @@ Group: System Environment/Libraries OpenSSL is a toolkit for supporting cryptography. The openssl-libs package contains the libraries that are used by various applications which support cryptographic algorithms and protocols. +Requires: openssl = %{version}-%{release} %package devel Summary: Development Libraries for openssl diff --git a/SPECS/uclibc/CVE-2016-6264.patch b/SPECS/uclibc/CVE-2016-6264.patch deleted file mode 100644 index 390ef11319d..00000000000 --- a/SPECS/uclibc/CVE-2016-6264.patch +++ /dev/null @@ -1,130 +0,0 @@ -From e3848e3dd64a8d6437531488fe341354bc02eaed Mon Sep 17 00:00:00 2001 -From: Lucian Cojocar -Date: Fri, 10 Jun 2016 18:44:44 +0200 -Subject: [PATCH] bugfix: ARM: memset.S: use unsigned comparisons - -The 'BLT' instruction checks for *signed* values. So if a3, length -parameter of memset, is negative, then value added to the PC will be -large. - -memset(buf, 0xaa, 0xffff0000) triggers the bug. - -GDB session without the patch: - -""" -$ gdb ./main-buggy-memset.elf -q -Reading symbols from ./main-buggy-memset.elf...done. -(gdb) x/i memset - 0x8770 : mov r3, r0 -(gdb) r -Starting program: /root/memset/main-buggy-memset.elf - -Program received signal SIGSEGV, Segmentation fault. -0x00048808 in ?? () -""" - -The $pc is outside of the memset function because: - -""" -(gdb) x/i $pc -=> 0x87e4 : add pc, pc, r2, lsl #2 -(gdb) info reg $r2 -r2 0x10007 65543 -""" - -GDB session with the bug fixed (patch applied): - -""" -$ gdb ./main-fixed-memset.elf -q -Reading symbols from ./main-fixed-memset.elf...done. -(gdb) x/i memset - 0x8770 : mov r3, r0 -(gdb) r -Starting program: /root/memset/main-fixed-memset.elf - -Program received signal SIGSEGV, Segmentation fault. -memset () at libc/string/arm/memset.S:92 -92 libc/string/arm/memset.S: No such file or directory. -(gdb) x/i $pc -=> 0x87b0 : stmia r3!, {r1, r12} -(gdb) info reg $r3 -r3 0x15000 86016 -(gdb) info proc mappings -process 5822 -Mapped address spaces: - - Start Addr End Addr Size Offset objfile - 0x8000 0xb000 0x3000 0x0 -/root/memset/main-fixed-memset.elf - 0x12000 0x15000 0x3000 0x2000 -/root/memset/main-fixed-memset.elf - 0xb6fff000 0xb7000000 0x1000 0x0 [sigpage] - 0xbefdf000 0xbf000000 0x21000 0x0 - 0xffff0000 0xffff1000 0x1000 0x0 [vectors] -(gdb) info reg $sp -sp 0x14d78 0x14d78 -""" - -GDB crashes inside the memset function, on the store instruction. This -time the crash is (as expected) because of a memory access imediately -after the memory region that contains the stack -- the buffer that's -being memset'd is allocated on the stack. - -Signed-off-by: Lucian Cojocar ---- - libc/string/arm/memset.S | 20 ++++++++++---------- - 1 file changed, 10 insertions(+), 10 deletions(-) - -diff --git a/libc/string/arm/memset.S b/libc/string/arm/memset.S -index 2be4850..412270f 100644 ---- a/libc/string/arm/memset.S -+++ b/libc/string/arm/memset.S -@@ -67,7 +67,7 @@ memset: - memset: - mov a4, a1 - cmp a3, $8 @ at least 8 bytes to do? -- blt 2f -+ blo 2f - orr a2, a2, a2, lsl $8 - orr a2, a2, a2, lsl $16 - 1: -@@ -84,27 +84,27 @@ memset: - mov ip, a2 - 1: - cmp a3, $8 @ 8 bytes still to do? -- blt 2f -+ blo 2f - stmia a4!, {a2, ip} - sub a3, a3, $8 - cmp a3, $8 @ 8 bytes still to do? -- blt 2f -+ blo 2f - stmia a4!, {a2, ip} - sub a3, a3, $8 - cmp a3, $8 @ 8 bytes still to do? -- blt 2f -+ blo 2f - stmia a4!, {a2, ip} - sub a3, a3, $8 - cmp a3, $8 @ 8 bytes still to do? - #if defined(__thumb2__) -- itt ge -- stmiage a4!, {a2, ip} -- subge a3, a3, $8 -+ itt hs -+ stmiahs a4!, {a2, ip} -+ subhs a3, a3, $8 - #else -- stmgeia a4!, {a2, ip} -- subge a3, a3, $8 -+ stmhsia a4!, {a2, ip} -+ subhs a3, a3, $8 - #endif -- bge 1b -+ bhs 1b - 2: - movs a3, a3 @ anything left? - IT(t, eq) --- -2.7.4.GIT - diff --git a/SPECS/uclibc/uClibc-0.9.33.2_kernel_long.patch b/SPECS/uclibc/uClibc-0.9.33.2_kernel_long.patch deleted file mode 100644 index 99023b907c3..00000000000 --- a/SPECS/uclibc/uClibc-0.9.33.2_kernel_long.patch +++ /dev/null @@ -1,81 +0,0 @@ -diff -urpN uClibc-0.9.33.2.old/libc/sysdeps/linux/arm/bits/kernel_types.h uClibc-0.9.33.2/libc/sysdeps/linux/arm/bits/kernel_types.h ---- uClibc-0.9.33.2.old/libc/sysdeps/linux/arm/bits/kernel_types.h 2012-05-15 09:20:09.000000000 +0200 -+++ uClibc-0.9.33.2/libc/sysdeps/linux/arm/bits/kernel_types.h 2013-05-06 16:59:13.539258761 +0200 -@@ -16,6 +16,8 @@ typedef int __kernel_pid_t; - typedef unsigned short __kernel_ipc_pid_t; - typedef unsigned short __kernel_uid_t; - typedef unsigned short __kernel_gid_t; -+typedef long __kernel_long_t; -+typedef unsigned long __kernel_ulong_t; - typedef unsigned int __kernel_size_t; - typedef int __kernel_ssize_t; - typedef int __kernel_ptrdiff_t; -diff -urpN uClibc-0.9.33.2.old/libc/sysdeps/linux/i386/bits/kernel_types.h uClibc-0.9.33.2/libc/sysdeps/linux/i386/bits/kernel_types.h ---- uClibc-0.9.33.2.old/libc/sysdeps/linux/i386/bits/kernel_types.h 2012-05-15 09:20:09.000000000 +0200 -+++ uClibc-0.9.33.2/libc/sysdeps/linux/i386/bits/kernel_types.h 2013-05-06 16:57:50.881426451 +0200 -@@ -25,6 +25,8 @@ typedef int __kernel_pid_t; - typedef unsigned short __kernel_ipc_pid_t; - typedef unsigned short __kernel_uid_t; - typedef unsigned short __kernel_gid_t; -+typedef long __kernel_long_t; -+typedef unsigned long __kernel_ulong_t; - typedef unsigned int __kernel_size_t; - typedef int __kernel_ssize_t; - typedef int __kernel_ptrdiff_t; -diff -urpN uClibc-0.9.33.2.old/libc/sysdeps/linux/ia64/bits/kernel_types.h uClibc-0.9.33.2/libc/sysdeps/linux/ia64/bits/kernel_types.h ---- uClibc-0.9.33.2.old/libc/sysdeps/linux/ia64/bits/kernel_types.h 2012-05-15 09:20:09.000000000 +0200 -+++ uClibc-0.9.33.2/libc/sysdeps/linux/ia64/bits/kernel_types.h 2013-05-06 16:59:29.934225595 +0200 -@@ -27,6 +27,8 @@ typedef int __kernel_pid_t; - typedef int __kernel_ipc_pid_t; - typedef unsigned int __kernel_uid_t; - typedef unsigned int __kernel_gid_t; -+typedef long __kernel_long_t; -+typedef unsigned long __kernel_ulong_t; - typedef unsigned long __kernel_size_t; - typedef long __kernel_ssize_t; - typedef long __kernel_ptrdiff_t; -diff -urpN uClibc-0.9.33.2.old/libc/sysdeps/linux/mips/bits/kernel_types.h uClibc-0.9.33.2/libc/sysdeps/linux/mips/bits/kernel_types.h ---- uClibc-0.9.33.2.old/libc/sysdeps/linux/mips/bits/kernel_types.h 2012-05-15 09:20:09.000000000 +0200 -+++ uClibc-0.9.33.2/libc/sysdeps/linux/mips/bits/kernel_types.h 2016-02-18 12:35:35.951010968 +0100 -@@ -17,6 +17,8 @@ typedef int __kernel_pid_t; - typedef long int __kernel_ipc_pid_t; - typedef int __kernel_uid_t; - typedef int __kernel_gid_t; -+typedef long __kernel_long_t; -+typedef unsigned long __kernel_ulong_t; - typedef unsigned long __kernel_size_t; - typedef long __kernel_ssize_t; - typedef long __kernel_ptrdiff_t; -@@ -53,6 +55,8 @@ typedef int __kernel_pid_t; - typedef long int __kernel_ipc_pid_t; - typedef int __kernel_uid_t; - typedef int __kernel_gid_t; -+typedef long __kernel_long_t; -+typedef unsigned long __kernel_ulong_t; - typedef unsigned int __kernel_size_t; - typedef int __kernel_ssize_t; - typedef int __kernel_ptrdiff_t; -diff -urpN uClibc-0.9.33.2.old/libc/sysdeps/linux/powerpc/bits/kernel_types.h uClibc-0.9.33.2/libc/sysdeps/linux/powerpc/bits/kernel_types.h ---- uClibc-0.9.33.2.old/libc/sysdeps/linux/powerpc/bits/kernel_types.h 2012-05-15 09:20:09.000000000 +0200 -+++ uClibc-0.9.33.2/libc/sysdeps/linux/powerpc/bits/kernel_types.h 2013-05-06 16:58:17.379372606 +0200 -@@ -21,6 +21,8 @@ typedef int __kernel_pid_t; - typedef int __kernel_ipc_pid_t; - typedef unsigned int __kernel_uid_t; - typedef unsigned int __kernel_gid_t; -+typedef long __kernel_long_t; -+typedef unsigned long __kernel_ulong_t; - typedef unsigned long __kernel_size_t; - typedef long __kernel_ssize_t; - typedef long __kernel_ptrdiff_t; -diff -urpN uClibc-0.9.33.2.old/libc/sysdeps/linux/x86_64/bits/kernel_types.h uClibc-0.9.33.2/libc/sysdeps/linux/x86_64/bits/kernel_types.h ---- uClibc-0.9.33.2.old/libc/sysdeps/linux/x86_64/bits/kernel_types.h 2012-05-15 09:20:09.000000000 +0200 -+++ uClibc-0.9.33.2/libc/sysdeps/linux/x86_64/bits/kernel_types.h 2013-05-06 16:57:33.139462550 +0200 -@@ -25,6 +25,8 @@ typedef int __kernel_pid_t; - typedef int __kernel_ipc_pid_t; - typedef unsigned int __kernel_uid_t; - typedef unsigned int __kernel_gid_t; -+typedef long __kernel_long_t; -+typedef unsigned long __kernel_ulong_t; - typedef unsigned long __kernel_size_t; - typedef long __kernel_ssize_t; - typedef long __kernel_ptrdiff_t; diff --git a/SPECS/uclibc/uClibc.config b/SPECS/uclibc/uClibc.config deleted file mode 100644 index e1c1d390541..00000000000 --- a/SPECS/uclibc/uClibc.config +++ /dev/null @@ -1,208 +0,0 @@ -# -# Target Architecture Features and Options -# -FORCE_OPTIONS_FOR_ARCH=y -TARGET_SUBARCH="" - -# -# Using ELF file format -# -ARCH_LITTLE_ENDIAN=y - -# -# Using Little Endian -# -ARCH_HAS_MMU=y -ARCH_USE_MMU=y -UCLIBC_HAS_FLOATS=y -UCLIBC_HAS_FPU=y -DO_C99_MATH=y -# DO_XSI_MATH is not set -UCLIBC_HAS_FENV=y -UCLIBC_HAS_LONG_DOUBLE_MATH=y -KERNEL_HEADERS="./kernel-include" -HAVE_DOT_CONFIG=y - -# -# General Library Settings -# -# HAVE_NO_PIC is not set -# DOPIC is not set -# ARCH_HAS_NO_SHARED is not set -# ARCH_HAS_NO_LDSO is not set -# HAVE_SHARED is not set -UCLIBC_CTOR_DTOR=y - -HAS_NO_THREADS=y -# LINUXTHREADS_OLD is not set -# LINUXTHREADS_NEW is not set -# UCLIBC_HAS_THREADS is not set -# PTHREADS_DEBUG_SUPPORT is not set -UCLIBC_HAS_SYSLOG=y -UCLIBC_HAS_LFS=y -# MALLOC is not set -# MALLOC_SIMPLE is not set -MALLOC_STANDARD=y -MALLOC_GLIBC_COMPAT=y -UCLIBC_DYNAMIC_ATEXIT=y -# COMPAT_ATEXIT is not set -UCLIBC_SUSV3_LEGACY=y -# UCLIBC_SUSV3_LEGACY_MACROS is not set -UCLIBC_SUSV4_LEGACY=y -# UCLIBC_HAS_STUBS is not set -UCLIBC_HAS_SHADOW=y -# UCLIBC_HAS_PROGRAM_INVOCATION_NAME is not set -# UCLIBC_HAS___PROGNAME is not set -UCLIBC_HAS_PTY=y -ASSUME_DEVPTS=y -UNIX98PTY_ONLY=y -UCLIBC_HAS_GETPT=y -UCLIBC_HAS_LIBUTIL=y -UCLIBC_HAS_TM_EXTENSIONS=y -UCLIBC_HAS_TZ_CACHING=y -UCLIBC_HAS_TZ_FILE=y -UCLIBC_HAS_TZ_FILE_READ_MANY=y -UCLIBC_TZ_FILE_PATH="/etc/TZ" -UCLIBC_FALLBACK_TO_ETC_LOCALTIME=y - -# -# Advanced Library Settings -# -UCLIBC_PWD_BUFFER_SIZE=256 -UCLIBC_GRP_BUFFER_SIZE=256 - -# -# Support various families of functions -# -UCLIBC_LINUX_MODULE_26=y -UCLIBC_LINUX_MODULE_24=y -UCLIBC_LINUX_SPECIFIC=y -UCLIBC_HAS_GNU_ERROR=y -UCLIBC_BSD_SPECIFIC=y -UCLIBC_HAS_BSD_ERR=y -UCLIBC_HAS_OBSOLETE_BSD_SIGNAL=y -UCLIBC_HAS_OBSOLETE_SYSV_SIGNAL=y -UCLIBC_NTP_LEGACY=y -UCLIBC_SV4_DEPRECATED=y -UCLIBC_HAS_REALTIME=y -UCLIBC_HAS_ADVANCED_REALTIME=y -UCLIBC_HAS_EPOLL=y -UCLIBC_HAS_XATTR=y -UCLIBC_HAS_PROFILING=y -UCLIBC_HAS_CRYPT_IMPL=y -UCLIBC_HAS_SHA256_CRYPT_IMPL=y -UCLIBC_HAS_SHA512_CRYPT_IMPL=y -UCLIBC_HAS_CRYPT=y -UCLIBC_HAS_NETWORK_SUPPORT=y -UCLIBC_HAS_SOCKET=y -UCLIBC_HAS_IPV4=y -UCLIBC_HAS_IPV6=y -UCLIBC_HAS_RPC=y -UCLIBC_HAS_FULL_RPC=y -UCLIBC_HAS_REENTRANT_RPC=y -UCLIBC_USE_NETLINK=y -# UCLIBC_SUPPORT_AI_ADDRCONFIG is not set -# UCLIBC_HAS_BSD_RES_CLOSE is not set -UCLIBC_HAS_COMPAT_RES_STATE=y -# UCLIBC_HAS_EXTRA_COMPAT_RES_STATE is not set -UCLIBC_HAS_RESOLVER_SUPPORT=y -UCLIBC_HAS_LIBRESOLV_STUB=y -UCLIBC_HAS_LIBNSL_STUB=y - -# -# String and Stdio Support -# -UCLIBC_HAS_STRING_GENERIC_OPT=y -UCLIBC_HAS_STRING_ARCH_OPT=y -UCLIBC_HAS_CTYPE_TABLES=y -UCLIBC_HAS_CTYPE_SIGNED=y -UCLIBC_HAS_CTYPE_UNSAFE=y -# UCLIBC_HAS_CTYPE_CHECKED is not set -UCLIBC_HAS_CTYPE_ENFORCED=y -# UCLIBC_HAS_WCHAR is not set -# UCLIBC_HAS_LOCALE is not set -UCLIBC_HAS_HEXADECIMAL_FLOATS=y -# UCLIBC_HAS_GLIBC_DIGIT_GROUPING is not set -UCLIBC_HAS_GLIBC_CUSTOM_PRINTF=y -# USE_OLD_VFPRINTF is not set -UCLIBC_PRINTF_SCANF_POSITIONAL_ARGS=9 -UCLIBC_HAS_SCANF_GLIBC_A_FLAG=y -# UCLIBC_HAS_STDIO_BUFSIZ_NONE is not set -# UCLIBC_HAS_STDIO_BUFSIZ_256 is not set -# UCLIBC_HAS_STDIO_BUFSIZ_512 is not set -# UCLIBC_HAS_STDIO_BUFSIZ_1024 -# UCLIBC_HAS_STDIO_BUFSIZ_2048 is not set -UCLIBC_HAS_STDIO_BUFSIZ_4096=y -# UCLIBC_HAS_STDIO_BUFSIZ_8192 is not set -UCLIBC_HAS_STDIO_BUILTIN_BUFFER_NONE=y -# UCLIBC_HAS_STDIO_BUILTIN_BUFFER_4 is not set -# UCLIBC_HAS_STDIO_BUILTIN_BUFFER_8 is not set -# UCLIBC_HAS_STDIO_SHUTDOWN_ON_ABORT is not set -UCLIBC_HAS_STDIO_GETC_MACRO=y -UCLIBC_HAS_STDIO_PUTC_MACRO=y -UCLIBC_HAS_STDIO_AUTO_RW_TRANSITION=y -# UCLIBC_HAS_FOPEN_LARGEFILE_MODE is not set -UCLIBC_HAS_FOPEN_EXCLUSIVE_MODE=y -UCLIBC_HAS_FOPEN_CLOSEEXEC_MODE=y -UCLIBC_HAS_GLIBC_CUSTOM_STREAMS=y -UCLIBC_HAS_PRINTF_M_SPEC=y -UCLIBC_HAS_ERRNO_MESSAGES=y -# UCLIBC_HAS_SYS_ERRLIST is not set -UCLIBC_HAS_SIGNUM_MESSAGES=y -# UCLIBC_HAS_SYS_SIGLIST is not set -UCLIBC_HAS_GNU_GETOPT=y -UCLIBC_HAS_GNU_GETSUBOPT=y - -# -# Big and Tall -# -UCLIBC_HAS_REGEX=y -# UCLIBC_HAS_REGEX_OLD is not set -UCLIBC_HAS_FNMATCH=y -UCLIBC_HAS_FNMATCH_OLD=y -UCLIBC_HAS_WORDEXP=y -UCLIBC_HAS_NFTW=y -UCLIBC_HAS_FTW=y -# UCLIBC_HAS_FTS is not set -UCLIBC_HAS_GLOB=y -UCLIBC_HAS_GNU_GLOB=y -UCLIBC_HAS_UTMPX=y - -# -# Library Installation Options -# -RUNTIME_PREFIX="/lib_uc" -DEVEL_PREFIX="" -# HARDWIRED_ABSPATH is not set - -# -# Security options -# -# UCLIBC_BUILD_PIE is not set -# UCLIBC_HAS_ARC4RANDOM is not set -# HAVE_NO_SSP is not set -UCLIBC_HAS_SSP=y -# UCLIBC_HAS_SSP_COMPAT is not set -# SSP_QUICK_CANARY is not set -PROPOLICE_BLOCK_ABRT=y -# PROPOLICE_BLOCK_SEGV is not set -# UCLIBC_BUILD_SSP is not set -UCLIBC_BUILD_RELRO=y -UCLIBC_BUILD_NOW=y -UCLIBC_BUILD_NOEXECSTACK=y - -# -# uClibc development/debugging options -# -CROSS_COMPILER_PREFIX="" -UCLIBC_EXTRA_CFLAGS="" -DODEBUG=y -DOSTRIP=y -# DOASSERTS is not set -# SUPPORT_LD_DEBUG is not set -# SUPPORT_LD_DEBUG_EARLY is not set -# UCLIBC_MALLOC_DEBUGGING is not set -WARNINGS="-Wall" -# EXTRA_WARNINGS is not set -# DOMULTI is not set -# UCLIBC_MJN3_ONLY is not set diff --git a/SPECS/uclibc/uclibc.signatures.json b/SPECS/uclibc/uclibc.signatures.json deleted file mode 100644 index 02b4a60c7bf..00000000000 --- a/SPECS/uclibc/uclibc.signatures.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "Signatures": { - "uClibc-0.9.33.2.tar.xz": "62333167b79afb0b25a843513288c67b59547acf653e8fbe62ee64e71ebd1587", - "uClibc.config": "5cd0bebdcc29597e6abdcfcbb0d7309633dd843b273b0baca718e6d5f2fb0f1f" - } -} \ No newline at end of file diff --git a/SPECS/uclibc/uclibc.spec b/SPECS/uclibc/uclibc.spec deleted file mode 100644 index 56f0f00a5f9..00000000000 --- a/SPECS/uclibc/uclibc.spec +++ /dev/null @@ -1,198 +0,0 @@ -%global uclibc_name uClibc - -Name: uclibc -Version: 0.9.33.2 -Release: 22%{?dist} -Summary: C library for embedded Linux - -License: LGPLv2 -URL: http://www.uclibc.org/ -Source0: http://www.uclibc.org/downloads/%{uclibc_name}-%{version}.tar.xz -Source1: uClibc.config -Patch1: uClibc-0.9.33.2_kernel_long.patch -Patch2: CVE-2016-6264.patch - -BuildRequires: gcc - -# This package only contains a static library -%global debug_package %{nil} - -%description -uClibc is a C library for developing embedded Linux systems. -It is much smaller than the GNU C Library, but nearly all applications -supported by glibc also work perfectly with uClibc. - -%package devel -Summary: Header files and libraries for uClibc library -Provides: uclibc-static = %{version}-%{release} - -%description devel -uClibc is a C library for developing embedded Linux systems. -It is much smaller than the GNU C Library, but nearly all applications -supported by glibc also work perfectly with uClibc. -This package contains the header files and libraries -needed for uClibc package. - -%prep -%setup -q -n %{uclibc_name}-%{version} -%patch1 -b .kernel_long -p1 -%patch2 -b .CVE-2016-6264 -p1 - -cat %{SOURCE1} >.config1 -iconv -f windows-1252 -t utf-8 README >README.pom -mv README.pom README - -%build -mkdir kernel-include -cp -a /usr/include/asm kernel-include -cp -a /usr/include/asm-generic kernel-include -cp -a /usr/include/linux kernel-include - -arch=`uname -m | sed -e 's/i.86/i386/' -e 's/ppc/powerpc/' -e 's/armv7l/arm/' -e 's/armv5tel/arm/'` -echo "TARGET_$arch=y" >.config -echo "TARGET_ARCH=\"$arch\"" >>.config -%ifarch %{arm} -echo "CONFIG_ARM_EABI=y" >>.config -echo "ARCH_ANY_ENDIAN=n" >>.config -echo "ARCH_LITTLE_ENDIAN=y" >>.config -echo "ARCH_WANTS_LITTLE_ENDIAN=y" >>.config -%endif -cat .config1 >>.config - -yes "" | make oldconfig %{?_smp_mflags} -make V=1 %{?_smp_mflags} - -%install -mkdir -p $RPM_BUILD_ROOT/lib -make install PREFIX="$RPM_BUILD_ROOT/" -make install_headers PREFIX="$RPM_BUILD_ROOT/" DEVEL_PREFIX="" -cp -a kernel-include/* $RPM_BUILD_ROOT/include/ - -# move libraries to proper subdirectory -mkdir -p $RPM_BUILD_ROOT/%{_libdir}/uClibc -mv $RPM_BUILD_ROOT/lib/* $RPM_BUILD_ROOT/%{_libdir}/uClibc/ -rm -rf $RPM_BUILD_ROOT/lib/ - -# move the header files to /usr subdirectory -mkdir -p $RPM_BUILD_ROOT/%{_includedir}/uClibc -mv $RPM_BUILD_ROOT/include/* $RPM_BUILD_ROOT/%{_includedir}/uClibc -rm -rf $RPM_BUILD_ROOT/include/ - -%files devel -%doc README docs/Glibc_vs_uClibc_Differences.txt docs/threads.txt docs/uClibc_vs_SuSv3.txt -%doc TODO DEDICATION.mjn3 MAINTAINERS -%doc docs/PORTING COPYING.LIB -%{_includedir}/uClibc -%{_libdir}/uClibc - -%changelog -* Thu Oct 15 2020 Mateusz Malisz - 0.9.33.2-22 -- Initial CBL-Mariner import from Fedora 32 (license: MIT) - -* Fri Jan 31 2020 Fedora Release Engineering - 0.9.33.2-21 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Sat Jul 27 2019 Fedora Release Engineering - 0.9.33.2-20 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Sun Feb 03 2019 Fedora Release Engineering - 0.9.33.2-19 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Sat Jul 14 2018 Fedora Release Engineering - 0.9.33.2-18 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Tue Feb 20 2018 Nikola Forró - 0.9.33.2-17 -- add missing gcc build dependency - -* Fri Feb 09 2018 Fedora Release Engineering - 0.9.33.2-16 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Thu Aug 03 2017 Fedora Release Engineering - 0.9.33.2-15 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Thu Jul 27 2017 Fedora Release Engineering - 0.9.33.2-14 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Sat Feb 11 2017 Fedora Release Engineering - 0.9.33.2-13 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Wed Oct 20 2016 Dan Horák - 0.9.33.2-12 -- switch to ExclusiveArch - -* Mon Aug 15 2016 Peter Robinson 0.9.33.2-11 -- Update Power64 macro - -* Mon Jul 11 2016 Nikola Forró - 0.9.33.2-10 -- fix CVE-2016-6264 - resolves #1352460 - -* Thu Feb 18 2016 Nikola Forró - 0.9.33.2-9 -- add support for MIPS - resolves #1305957 - -* Fri Feb 05 2016 Fedora Release Engineering - 0.9.33.2-8 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Fri Jun 19 2015 Fedora Release Engineering - 0.9.33.2-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Mon Aug 18 2014 Fedora Release Engineering - 0.9.33.2-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Sun Jun 08 2014 Fedora Release Engineering - 0.9.33.2-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Mon May 19 2014 Peter Robinson 0.9.33.2-5 -- No aarch64 support - -* Sun Aug 04 2013 Fedora Release Engineering - 0.9.33.2-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Mon May 6 2013 Denys Vlasenko - 0.9.32-3 -- Enable UCLIBC_HAS_RESOLVER_SUPPORT, UCLIBC_LINUX_MODULE_26, - UCLIBC_HAS_SHA256/512_CRYPT_IMPL, UCLIBC_HAS_FOPEN_CLOSEEXEC_MODE - config options. -- fix __kernel_long_t problem. - -* Fri Feb 15 2013 Fedora Release Engineering - 0.9.33.2-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild - -* Fri Jul 27 2012 Peter Schiffer - 0.9.33.2-1 -- resolves: #771041 - update to 0.9.33.2 - -* Sun Jul 22 2012 Fedora Release Engineering - 0.9.32-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Sat Jan 14 2012 Fedora Release Engineering - 0.9.32-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild - -* Thu Aug 18 2011 Peter Schiffer - 0.9.32-2 -- fixed compile error on i686 - -* Tue Aug 16 2011 Peter Schiffer - 0.9.32-1 -- resolves: #712040 - resolves: #716134 - update to 0.9.32 final - -* Mon Jun 13 2011 Peter Robinson - 0.9.32-0.5.rc2 -- And set the ARM build to little endian - -* Sat Jun 11 2011 Peter Robinson - 0.9.32-0.4.rc2 -- It seems we need to set the ARM ABI to EABI too - -* Sat Jun 11 2011 Peter Robinson - 0.9.32-0.3.rc2 -- Add support for ARM - -* Mon Feb 07 2011 Fedora Release Engineering - 0.9.32-0.2.rc2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Mon Feb 7 2011 Tom Callaway - 0.9.32-0.1.rc2 -- update config for 0.9.32-rc2, busybox -- patch getutent - -* Tue Nov 9 2010 Ivana Hutarova Varekova - 0.9.31-2 -- update to 0.9.31 - -* Fri Jun 5 2009 Ivana Varekova - 0.9.30.1-2 -- initial build for Red Hat diff --git a/cgmanifest.json b/cgmanifest.json index ebb9711bab9..c22e3371597 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -360,16 +360,6 @@ } } }, - { - "component": { - "type": "other", - "other": { - "name": "busybox", - "version": "1.31.1", - "downloadUrl": "http://www.busybox.net/downloads/busybox-1.31.1.tar.bz2" - } - } - }, { "component": { "type": "other", @@ -5501,16 +5491,6 @@ } } }, - { - "component": { - "type": "other", - "other": { - "name": "uclibc", - "version": "0.9.33.2", - "downloadUrl": "http://www.uclibc.org/downloads/uClibc-0.9.33.2.tar.xz" - } - } - }, { "component": { "type": "other", diff --git a/toolkit/imageconfigs/distroless-base.json b/toolkit/imageconfigs/distroless-base.json deleted file mode 100644 index 8681842490e..00000000000 --- a/toolkit/imageconfigs/distroless-base.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "Disks": [ - { - "Artifacts": [ - { - "Name": "core", - "Compression": "tar.gz" - } - ] - } - ], - "SystemConfigs": [ - { - "Name": "Standard", - "PackageLists": [ - "packagelists/distroless-packages-container.json" - ] - } - ] -} diff --git a/toolkit/imageconfigs/packagelists/distroless-packages-container.json b/toolkit/imageconfigs/packagelists/distroless-packages-container.json deleted file mode 100644 index 8d734b6a2a7..00000000000 --- a/toolkit/imageconfigs/packagelists/distroless-packages-container.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "packages": [ - "distroless-packages-base" - ] -} diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 9f224ee8af0..4959063f210 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -161,6 +161,6 @@ libffi-3.2.1-12.cm1.aarch64.rpm libtasn1-4.14-2.cm1.aarch64.rpm p11-kit-0.23.16.1-2.cm1.aarch64.rpm p11-kit-trust-0.23.16.1-2.cm1.aarch64.rpm -ca-certificates-shared-20200720-10.cm1.noarch.rpm -ca-certificates-tools-20200720-10.cm1.noarch.rpm -ca-certificates-base-20200720-10.cm1.noarch.rpm +ca-certificates-shared-20200720-9.cm1.noarch.rpm +ca-certificates-tools-20200720-9.cm1.noarch.rpm +ca-certificates-base-20200720-9.cm1.noarch.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 739afd4c4c7..935e0cfb438 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -161,6 +161,6 @@ libffi-3.2.1-12.cm1.x86_64.rpm libtasn1-4.14-2.cm1.x86_64.rpm p11-kit-0.23.16.1-2.cm1.x86_64.rpm p11-kit-trust-0.23.16.1-2.cm1.x86_64.rpm -ca-certificates-shared-20200720-10.cm1.noarch.rpm -ca-certificates-tools-20200720-10.cm1.noarch.rpm -ca-certificates-base-20200720-10.cm1.noarch.rpm +ca-certificates-shared-20200720-9.cm1.noarch.rpm +ca-certificates-tools-20200720-9.cm1.noarch.rpm +ca-certificates-base-20200720-9.cm1.noarch.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 96306c1b177..3a92cb8a1c4 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -17,13 +17,12 @@ bzip2-1.0.6-15.cm1.aarch64.rpm bzip2-debuginfo-1.0.6-15.cm1.aarch64.rpm bzip2-devel-1.0.6-15.cm1.aarch64.rpm bzip2-libs-1.0.6-15.cm1.aarch64.rpm -ca-certificates-20200720-10.cm1.noarch.rpm -ca-certificates-base-20200720-10.cm1.noarch.rpm -ca-certificates-legacy-20200720-10.cm1.noarch.rpm -ca-certificates-microsoft-20200720-10.cm1.noarch.rpm -ca-certificates-shared-20200720-10.cm1.noarch.rpm -ca-certificates-static-20200720-10.cm1.noarch.rpm -ca-certificates-tools-20200720-10.cm1.noarch.rpm +ca-certificates-20200720-9.cm1.noarch.rpm +ca-certificates-base-20200720-9.cm1.noarch.rpm +ca-certificates-legacy-20200720-9.cm1.noarch.rpm +ca-certificates-microsoft-20200720-9.cm1.noarch.rpm +ca-certificates-shared-20200720-9.cm1.noarch.rpm +ca-certificates-tools-20200720-9.cm1.noarch.rpm check-0.12.0-4.cm1.aarch64.rpm check-debuginfo-0.12.0-4.cm1.aarch64.rpm cmake-3.17.3-2.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 53347ab2076..c9a443a6243 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -17,13 +17,12 @@ bzip2-1.0.6-15.cm1.x86_64.rpm bzip2-debuginfo-1.0.6-15.cm1.x86_64.rpm bzip2-devel-1.0.6-15.cm1.x86_64.rpm bzip2-libs-1.0.6-15.cm1.x86_64.rpm -ca-certificates-20200720-10.cm1.noarch.rpm -ca-certificates-base-20200720-10.cm1.noarch.rpm -ca-certificates-legacy-20200720-10.cm1.noarch.rpm -ca-certificates-microsoft-20200720-10.cm1.noarch.rpm -ca-certificates-shared-20200720-10.cm1.noarch.rpm -ca-certificates-static-20200720-10.cm1.noarch.rpm -ca-certificates-tools-20200720-10.cm1.noarch.rpm +ca-certificates-20200720-9.cm1.noarch.rpm +ca-certificates-base-20200720-9.cm1.noarch.rpm +ca-certificates-legacy-20200720-9.cm1.noarch.rpm +ca-certificates-microsoft-20200720-9.cm1.noarch.rpm +ca-certificates-shared-20200720-9.cm1.noarch.rpm +ca-certificates-tools-20200720-9.cm1.noarch.rpm check-0.12.0-4.cm1.x86_64.rpm check-debuginfo-0.12.0-4.cm1.x86_64.rpm cmake-3.17.3-2.cm1.x86_64.rpm @@ -105,9 +104,6 @@ gettext-0.19.8.1-3.cm1.x86_64.rpm gettext-debuginfo-0.19.8.1-3.cm1.x86_64.rpm gfortran-9.1.0-7.cm1.x86_64.rpm glib-2.58.0-6.cm1.x86_64.rpm -glib-debuginfo-2.58.0-6.cm1.x86_64.rpm -glib-devel-2.58.0-6.cm1.x86_64.rpm -glib-schemas-2.58.0-6.cm1.x86_64.rpm glibc-2.28-12.cm1.x86_64.rpm glibc-devel-2.28-12.cm1.x86_64.rpm glibc-i18n-2.28-12.cm1.x86_64.rpm @@ -115,6 +111,9 @@ glibc-iconv-2.28-12.cm1.x86_64.rpm glibc-lang-2.28-12.cm1.x86_64.rpm glibc-nscd-2.28-12.cm1.x86_64.rpm glibc-tools-2.28-12.cm1.x86_64.rpm +glib-debuginfo-2.58.0-6.cm1.x86_64.rpm +glib-devel-2.58.0-6.cm1.x86_64.rpm +glib-schemas-2.58.0-6.cm1.x86_64.rpm gmock-1.8.1-5.cm1.x86_64.rpm gmock-devel-1.8.1-5.cm1.x86_64.rpm gmock-static-1.8.1-5.cm1.x86_64.rpm @@ -317,11 +316,6 @@ procps-ng-3.3.15-3.cm1.x86_64.rpm procps-ng-debuginfo-3.3.15-3.cm1.x86_64.rpm procps-ng-devel-3.3.15-3.cm1.x86_64.rpm procps-ng-lang-3.3.15-3.cm1.x86_64.rpm -python-curses-2.7.18-3.cm1.x86_64.rpm -python-gpg-1.13.1-5.cm1.x86_64.rpm -python-rpm-4.14.2-10.cm1.x86_64.rpm -python-setuptools-40.2.0-5.cm1.noarch.rpm -python-xml-2.7.18-3.cm1.x86_64.rpm python2-2.7.18-3.cm1.x86_64.rpm python2-debuginfo-2.7.18-3.cm1.x86_64.rpm python2-devel-2.7.18-3.cm1.x86_64.rpm @@ -333,6 +327,11 @@ python3-gpg-1.13.1-5.cm1.x86_64.rpm python3-libxml2-2.9.10-2.cm1.x86_64.rpm python3-pwquality-1.4.2-4.cm1.x86_64.rpm python3-rpm-4.14.2-10.cm1.x86_64.rpm +python-curses-2.7.18-3.cm1.x86_64.rpm +python-gpg-1.13.1-5.cm1.x86_64.rpm +python-rpm-4.14.2-10.cm1.x86_64.rpm +python-setuptools-40.2.0-5.cm1.noarch.rpm +python-xml-2.7.18-3.cm1.x86_64.rpm readline-7.0-4.cm1.x86_64.rpm readline-debuginfo-7.0-4.cm1.x86_64.rpm readline-devel-7.0-4.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/update_manifests.sh b/toolkit/resources/manifests/package/update_manifests.sh index 2c1a59c5421..c80f327ff3d 100755 --- a/toolkit/resources/manifests/package/update_manifests.sh +++ b/toolkit/resources/manifests/package/update_manifests.sh @@ -43,7 +43,6 @@ remove_packages_for_pkggen_core () { sed -i '/alsa-lib-/d' $TmpPkgGen sed -i '/ca-certificates-[0-9]/d' $TmpPkgGen sed -i '/ca-certificates-legacy/d' $TmpPkgGen - sed -i '/ca-certificates-static/d' $TmpPkgGen sed -i '/ca-certificates-microsoft/d' $TmpPkgGen sed -i '/libtasn1-d/d' $TmpPkgGen sed -i '/libffi-d/d' $TmpPkgGen diff --git a/toolkit/tools/imagegen/installutils/installutils.go b/toolkit/tools/imagegen/installutils/installutils.go index 2370bd1c51c..de50102a6d5 100644 --- a/toolkit/tools/imagegen/installutils/installutils.go +++ b/toolkit/tools/imagegen/installutils/installutils.go @@ -24,20 +24,15 @@ import ( "microsoft.com/pkggen/internal/retry" "microsoft.com/pkggen/internal/safechroot" "microsoft.com/pkggen/internal/shell" - "microsoft.com/pkggen/internal/sliceutils" ) const ( rootMountPoint = "/" rootUser = "root" - // rpmDependenciesDirectory is the directory which contains RPM database. It is not required for images that do not contain RPM. - rpmDependenciesDirectory = "/var/lib/rpm" - // /boot directory should be only accesible by root. The directories need the execute bit as well. bootDirectoryFileMode = 0600 bootDirectoryDirMode = 0700 - shadowFile = "/etc/shadow" ) // PackageList represents the list of packages to install into an image @@ -278,7 +273,6 @@ func PopulateInstallRoot(installChroot *safechroot.Chroot, packagesToInstall []s if err != nil { return } - defer cleanupRpmDatabase(installRoot, isRootFS, packagesToInstall) // Calculate how many packages need to be installed so an accurate percent complete can be reported totalPackages, err := calculateTotalPackages(packagesToInstall, installRoot) @@ -849,15 +843,8 @@ func addUsers(installChroot *safechroot.Chroot, users []configuration.User) (err // If no root entry was specified in the config file, never expire the root password if !rootUserAdded { logger.Log.Debugf("No root user entry found in config file. Setting root password to never expire.") - - // Ignore updating if there is no shadow file to update - if exists, _ := file.PathExists(shadowFile); !exists { - logger.Log.Debugf("No shadow file to update. Skipping.") - return - } - err = installChroot.UnsafeRun(func() error { - return chage("-1", "root") + return shell.ExecuteLive(squashErrors, "chage", "-M", "-1", "root") }) } return @@ -913,16 +900,8 @@ func createUserWithPassword(installChroot *safechroot.Chroot, user configuration logger.Log.Warnf("Ignoring UID for (%s) user, using default", rootUser) } - if exists, _ := file.PathExists(shadowFile); !exists { - logger.Log.Debugf("No shadow file to update. Skipping.") - } else { - // Update shadow file - err = updateUserPassword(installChroot.RootDir(), user.Name, hashedPassword) - if err != nil { - logger.Log.Warnf("Encountered a problem when updating root user password: %s", err) - return - } - } + // Update shadow file + err = updateUserPassword(installChroot.RootDir(), user.Name, hashedPassword) isRoot = true } else { homeDir = filepath.Join(userHomeDirPrefix, user.Name) @@ -943,109 +922,14 @@ func createUserWithPassword(installChroot *safechroot.Chroot, user configuration // Update password expiration if user.PasswordExpiresDays != 0 { - // Ignore updating if there is no shadow file to update - if exists, _ := file.PathExists(shadowFile); !exists { - logger.Log.Debugf("No shadow file to update. Skipping.") - return - } - err = installChroot.UnsafeRun(func() error { - return chage(strconv.FormatUint(user.PasswordExpiresDays, passwordExpiresBase), user.Name) + return shell.ExecuteLive(squashErrors, "chage", "-M", strconv.FormatUint(user.PasswordExpiresDays, passwordExpiresBase), user.Name) }) } return } -// chage works in the same way as invoking "chage -M passwordExpirationInDays username" -// i.e. it sets the maximum password expiration date. -func chage(passwordExpirationInDays string, username string) (err error) { - var ( - shadow []string - passwordExpiration int64 - usernameWithColon = fmt.Sprintf("%s:", username) - ) - - shadow, err = file.ReadLines(shadowFile) - if err != nil { - return - } - - passwordExpiration, err = strconv.ParseInt(passwordExpirationInDays, 10, 64) - if err != nil { - return - } - - for n, entry := range shadow { - done := false - // Entries in shadow are separated by colon and start with a username - // Finding one that starts like that means we've found our entry - if strings.HasPrefix(entry, usernameWithColon) { - // Each line in shadow contains 9 fields separated by colon ("") in the following order: - // login name, encrypted password, date of last password change, - // minimum password age, maximum password age, password warning period, - // password inactivity period, account expiration date, reserved field for future use - const ( - loginNameField = 0 - encryptedPasswordField = 1 - passwordChangedField = 2 - minPasswordAgeField = 3 - maxPasswordAgeField = 4 - warnPeriodField = 5 - inactivityPeriodField = 6 - expirationField = 7 - reservedField = 8 - ) - - fields := strings.Split(entry, ":") - // Any value other than 9 indicates error in parsing - if len(fields) != 9 { - return fmt.Errorf(`invalid shadow entry "%v" for user "%s": 9 fields expected, but %d found.`, fields, username, len(fields)) - } - - if passwordExpiration == -1 { - // If passwordExpiration is equal to -1, it means that password never expires. - // This is expressed by leaving account expiration date field (and fields after it) empty. - for _, fieldToChange := range []int{maxPasswordAgeField, warnPeriodField, inactivityPeriodField, expirationField, reservedField} { - fields[fieldToChange] = "" - } - // Each user is unique, so we are done here; save the changes and exit. - done = true - } else if passwordExpiration < -1 { - // Values smaller than -1 make no sense - return fmt.Errorf(`invalid value for maximum user's "%s" password expiration: %d`, username, passwordExpiration) - } else { - // If passwordExpiration has any other value, it's the maximum expiration date: set it accordingly - // To do so, we need to ensure that passwordChangedField holds a valid value and then sum it with passwordExpiration. - var ( - passwordAge int64 - passwordChanged = fields[passwordChangedField] - ) - - if passwordChanged == "" { - // Set to the number of days since epoch - fields[passwordChangedField] = fmt.Sprintf("%d", int64(time.Since(time.Unix(0, 0)).Hours()/24)) - } - passwordAge, err = strconv.ParseInt(fields[passwordChangedField], 10, 64) - if err != nil { - return - } - fields[expirationField] = fmt.Sprintf("%d", passwordAge+passwordExpiration) - - //Each user is unique, so we are done here; save the changes and exit. - done = true - } - if done { - shadow[n] = strings.Join(fields, ":") - err = file.Write(strings.Join(shadow, "\n"), shadowFile) - return - } - } - } - - return fmt.Errorf(`user "%s" not found when trying to change the password expiration date`, username) -} - func configureUserGroupMembership(installChroot *safechroot.Chroot, user configuration.User) (err error) { const squashErrors = false @@ -1152,11 +1036,14 @@ func provisionUserSSHCerts(installChroot *safechroot.Chroot, user configuration. } func updateUserPassword(installRoot, username, password string) (err error) { - const sedDelimiter = "|" + const ( + shadowFilePath = "etc/shadow" + sedDelimiter = "|" + ) findPattern := fmt.Sprintf("%v:x:", username) replacePattern := fmt.Sprintf("%v:%v:", username, password) - filePath := filepath.Join(installRoot, shadowFile) + filePath := filepath.Join(installRoot, shadowFilePath) err = sed(findPattern, replacePattern, sedDelimiter, filePath) if err != nil { logger.Log.Warnf("Failed to write hashed password to shadow file") @@ -1393,42 +1280,6 @@ func copyAdditionalFiles(installChroot *safechroot.Chroot, config configuration. return } -// cleanupRpmDatabase removes RPM database if the image does not require a package manager. -// rootPrefix is prepended to the RPM database path - useful when RPM database resides in a chroot and cleanupRpmDatabase can't be called from within the chroot. -// isRootFS should be set to true if the resulting image will be a rootfs (not a file) -// packagesToInstall is a list of packages that will be installed on the image -func cleanupRpmDatabase(rootPrefix string, isRootFS bool, packagesToInstall []string) { - if !isRootFS { - logger.Log.Debug("Processing a non-rootfs. Skipping RPM database cleanup.") - return - } - - // If the image doesn't contain the package manager - // We can remove the RPM database files - rpmInChroot := false - - for _, name := range []string{"rpm", "dnf", "tdnf", "yum"} { - if sliceutils.Find(packagesToInstall, name) != -1 { - logger.Log.Infof(`Package manager "%s" found in package list. Keeping the RPM database.`, name) - rpmInChroot = true - break - } - } - - if !rpmInChroot { - logger.Log.Info("No package manager found in package list. Removing the RPM database.") - rpmDir := strings.Join([]string{rootPrefix, rpmDependenciesDirectory}, "") - err := os.RemoveAll(rpmDir) - if err != nil { - logger.Log.Errorf("Failed to remove RPM database (%s). Error: %s", rpmDir, err) - } else { - logger.Log.Infof("Cleaned up RPM database (%s)", rpmDir) - } - - } - -} - func runPostInstallScripts(installChroot *safechroot.Chroot, config configuration.SystemConfig) (err error) { const squashErrors = false diff --git a/toolkit/tools/imager/imager.go b/toolkit/tools/imager/imager.go index 2298af28741..70e672b089d 100644 --- a/toolkit/tools/imager/imager.go +++ b/toolkit/tools/imager/imager.go @@ -110,7 +110,7 @@ func buildSystemConfig(systemConfig configuration.SystemConfig, disks []configur return } - isRootFS = isRootFs(systemConfig) + isRootFS = (len(systemConfig.PartitionSettings) == 0) if isRootFS { logger.Log.Infof("Creating rootfs") additionalExtraMountPoints, additionalExtraDirectories, err := setupRootFS(outputDir, installRoot) @@ -188,7 +188,7 @@ func buildSystemConfig(systemConfig configuration.SystemConfig, disks []configur return } - err = cleanupExtraFilesInChroot(setupChroot) + err = cleanupExtraFilesInChroot(setupChroot, systemConfig) if err != nil { logger.Log.Error("Failed to cleanup extra files in setup chroot") return @@ -403,24 +403,15 @@ func fixupExtraFilesIntoChroot(installChroot *safechroot.Chroot, config *configu return } -func cleanupExtraFiles() { +func cleanupExtraFilesInChroot(installChroot *safechroot.Chroot, config configuration.SystemConfig) (err error) { dirsToRemove := []string{additionalFilesTempDirectory, postInstallScriptTempDirectory, sshPubKeysTempDirectory} - for _, dir := range dirsToRemove { - logger.Log.Infof("Cleaning up directory %s", dir) - err := os.RemoveAll(dir) + err = os.RemoveAll(dir) if err != nil { logger.Log.Errorf("Failed to cleanup directory (%s). Error: %s", dir, err) + return } } -} - -func cleanupExtraFilesInChroot(chroot *safechroot.Chroot) (err error) { - logger.Log.Infof("Proceeding to cleanup extra files in chroot %s.", chroot.RootDir()) - err = chroot.Run(func() error { - cleanupExtraFiles() - return nil - }) return } @@ -520,7 +511,3 @@ func configureDiskBootloader(systemConfig configuration.SystemConfig, installChr return } - -func isRootFs(config configuration.SystemConfig) bool { - return len(config.PartitionSettings) == 0 -} From d05bd17433f029eb9a17212360192f0a5e0b237c Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Mon, 26 Oct 2020 06:10:45 -0700 Subject: [PATCH 023/145] Fix CVE-2017-18207 patch --- SPECS/python2/CVE-2017-18207.patch | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SPECS/python2/CVE-2017-18207.patch b/SPECS/python2/CVE-2017-18207.patch index 0eb9489a0e5..9aa7f30b5fd 100644 --- a/SPECS/python2/CVE-2017-18207.patch +++ b/SPECS/python2/CVE-2017-18207.patch @@ -34,13 +34,13 @@ + try: + wFormatTag, self._nchannels, self._framerate, dwAvgBytesPerSec, wBlockAlign = struct.unpack_from(' Date: Mon, 26 Oct 2020 06:13:04 -0700 Subject: [PATCH 024/145] Update toolchain txt --- .../manifests/package/toolchain_x86_64.txt | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 53347ab2076..cf0d04144bd 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -317,17 +317,17 @@ procps-ng-3.3.15-3.cm1.x86_64.rpm procps-ng-debuginfo-3.3.15-3.cm1.x86_64.rpm procps-ng-devel-3.3.15-3.cm1.x86_64.rpm procps-ng-lang-3.3.15-3.cm1.x86_64.rpm -python-curses-2.7.18-3.cm1.x86_64.rpm +python-curses-2.7.18-4.cm1.x86_64.rpm python-gpg-1.13.1-5.cm1.x86_64.rpm python-rpm-4.14.2-10.cm1.x86_64.rpm python-setuptools-40.2.0-5.cm1.noarch.rpm -python-xml-2.7.18-3.cm1.x86_64.rpm -python2-2.7.18-3.cm1.x86_64.rpm -python2-debuginfo-2.7.18-3.cm1.x86_64.rpm -python2-devel-2.7.18-3.cm1.x86_64.rpm -python2-libs-2.7.18-3.cm1.x86_64.rpm -python2-test-2.7.18-3.cm1.x86_64.rpm -python2-tools-2.7.18-3.cm1.x86_64.rpm +python-xml-2.7.18-4.cm1.x86_64.rpm +python2-2.7.18-4.cm1.x86_64.rpm +python2-debuginfo-2.7.18-4.cm1.x86_64.rpm +python2-devel-2.7.18-4.cm1.x86_64.rpm +python2-libs-2.7.18-4.cm1.x86_64.rpm +python2-test-2.7.18-4.cm1.x86_64.rpm +python2-tools-2.7.18-4.cm1.x86_64.rpm python3-cracklib-2.9.7-2.cm1.x86_64.rpm python3-gpg-1.13.1-5.cm1.x86_64.rpm python3-libxml2-2.9.10-2.cm1.x86_64.rpm From 651aee049fa1455cab7600814f157c2e2bfe2514 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Mon, 26 Oct 2020 08:24:34 -0700 Subject: [PATCH 025/145] Use autosetup for binutils --- SPECS/binutils/CVE-2019-9070.nopatch | 2 -- SPECS/binutils/binutils.spec | 13 ++----------- 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/SPECS/binutils/CVE-2019-9070.nopatch b/SPECS/binutils/CVE-2019-9070.nopatch index 6e4a2bf36ea..e69de29bb2d 100644 --- a/SPECS/binutils/CVE-2019-9070.nopatch +++ b/SPECS/binutils/CVE-2019-9070.nopatch @@ -1,2 +0,0 @@ -CVE-2019-9070 addresses a bug in GNU libiberty. GNU libiberty is now part of -gcc. This bug was fixed in the gcc upstream. \ No newline at end of file diff --git a/SPECS/binutils/binutils.spec b/SPECS/binutils/binutils.spec index d402673fe65..353921a73f4 100644 --- a/SPECS/binutils/binutils.spec +++ b/SPECS/binutils/binutils.spec @@ -37,17 +37,7 @@ It contains the libraries and header files to create applications for handling compiled objects. %prep -%setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch8 -p1 -%patch9 -p1 -%patch11 -p1 -%patch12 -p1 +%autosetup -p1 %build %configure \ @@ -132,6 +122,7 @@ make %{?_smp_mflags} check %changelog * Thu Oct 22 2020 Nicolas Ontiveros 2.32-4 +- Use autosetup - Fix CVE-2019-12972. - Fix CVE-2019-14250. - Fix CVE-2019-14444. From b4938c2b313da13be058cc9a7cd9b2f4da94e91d Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Mon, 26 Oct 2020 08:41:51 -0700 Subject: [PATCH 026/145] Use autosetup in unzip --- SPECS/unzip/CVE-2008-0888.nopatch | 1 - SPECS/unzip/unzip.spec | 18 ++---------------- 2 files changed, 2 insertions(+), 17 deletions(-) diff --git a/SPECS/unzip/CVE-2008-0888.nopatch b/SPECS/unzip/CVE-2008-0888.nopatch index b504f8f1801..e69de29bb2d 100644 --- a/SPECS/unzip/CVE-2008-0888.nopatch +++ b/SPECS/unzip/CVE-2008-0888.nopatch @@ -1 +0,0 @@ -# Upstream has fixed CVE-2008-0888 in 6.0 \ No newline at end of file diff --git a/SPECS/unzip/unzip.spec b/SPECS/unzip/unzip.spec index b4aefb08a49..6c3584d2c87 100644 --- a/SPECS/unzip/unzip.spec +++ b/SPECS/unzip/unzip.spec @@ -36,22 +36,7 @@ for extracting files from ZIP archives. ZIP archives are created with PKZIP or Info-ZIP utilities, primarily in a DOS environment. %prep -%setup -qn unzip60 -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 +%autosetup -p1 -n unzip60 %build case `uname -m` in @@ -87,6 +72,7 @@ make %{?_smp_mflags} check %changelog * Thu Oct 22 2020 Nicolas Ontiveros 6.0-17 +- Use autosetup - Fix names for CVE patches * Mon Sep 28 2020 Daniel McIlvaney 6.0-16 - Nopatch CVE-2008-0888, fixed in 6.0 From a1ab27c95b1a7e03c4c5c51a2f3076be7584b050 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Mon, 26 Oct 2020 09:30:11 -0700 Subject: [PATCH 027/145] Patch CVE-2018-19876 --- SPECS/cairo/CVE-2018-19876.patch | 14 ++++++++++++++ SPECS/cairo/cairo.spec | 12 +++++++----- 2 files changed, 21 insertions(+), 5 deletions(-) create mode 100644 SPECS/cairo/CVE-2018-19876.patch diff --git a/SPECS/cairo/CVE-2018-19876.patch b/SPECS/cairo/CVE-2018-19876.patch new file mode 100644 index 00000000000..5aeda204272 --- /dev/null +++ b/SPECS/cairo/CVE-2018-19876.patch @@ -0,0 +1,14 @@ +--- a/src/cairo-ft-font.c ++++ b/src/cairo-ft-font.c +@@ -2393,7 +2393,11 @@ + done: + free (coords); + free (current_coords); ++#if HAVE_FT_DONE_MM_VAR ++ FT_Done_MM_Var (face->glyph->library, ft_mm_var); ++#else + free (ft_mm_var); ++#endif + } + } + diff --git a/SPECS/cairo/cairo.spec b/SPECS/cairo/cairo.spec index ff2ab538e3e..a406b24dbb4 100644 --- a/SPECS/cairo/cairo.spec +++ b/SPECS/cairo/cairo.spec @@ -1,13 +1,14 @@ Summary: A 2D graphics library. Name: cairo Version: 1.16.0 -Release: 4%{?dist} +Release: 5%{?dist} License: LGPLv2 or MPLv1.1 URL: http://cairographics.org Group: System Environment/Libraries Vendor: Microsoft Corporation Distribution: Mariner Source0: http://cairographics.org/releases/%{name}-%{version}.tar.xz +Patch0: CVE-2018-19876.patch BuildRequires: pkg-config BuildRequires: libpng-devel BuildRequires: libxml2-devel @@ -33,7 +34,7 @@ Requires: pixman-devel It contains the libraries and header files to create applications %prep -%setup -q +%autosetup -p1 %build ./configure \ @@ -72,9 +73,10 @@ find %{buildroot} -name '*.la' -delete %{_libdir}/pkgconfig/*.pc %changelog -* Sat May 09 00:21:39 PST 2020 Nick Samson - 1.16.0-4 -- Added %%license line automatically - +* Mon Oct 26 2020 Nicolas Ontiveros 1.16.0-5 +- Fix CVE-2018-19876 +* Sat May 09 2020 Nick Samson 1.16.0-4 +- Added %%license line automatically * Mon Apr 20 2020 Nicolas Ontiveros 1.16.0-3 - Rename freetype2-devel to freetype-devel. - Remove sha1 macro. From 2f6f3d48e69c120637f008e5de124810a7844a68 Mon Sep 17 00:00:00 2001 From: Henry Li Date: Mon, 26 Oct 2020 10:42:36 -0700 Subject: [PATCH 028/145] resolve comments --- SPECS/redis/redis.spec | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/SPECS/redis/redis.spec b/SPECS/redis/redis.spec index 12883f8f487..7646d748821 100644 --- a/SPECS/redis/redis.spec +++ b/SPECS/redis/redis.spec @@ -3,11 +3,11 @@ Name: redis Version: 5.0.5 Release: 4%{?dist} License: BSD -URL: http://redis.io/ +URL: https://redis.io/ Group: Applications/Databases Vendor: Microsoft Corporation Distribution: Mariner -Source0: http://download.redis.io/releases/%{name}-%{version}.tar.gz +Source0: https://download.redis.io/releases/%{name}-%{version}.tar.gz Patch0: redis-conf.patch Patch1: CVE-2020-14147.patch BuildRequires: gcc @@ -23,9 +23,7 @@ Requires(pre): /usr/sbin/useradd /usr/sbin/groupadd Redis is an in-memory data structure store, used as database, cache and message broker. %prep -%setup -q -%patch0 -p1 -%patch1 -p1 +%autosetup -p1 %build make %{?_smp_mflags} From 18b70f464b84a13675bb74d69b8b470ed04504d5 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Mon, 26 Oct 2020 10:53:50 -0700 Subject: [PATCH 029/145] Use autosetup in python2 --- SPECS/python2/python2.spec | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/SPECS/python2/python2.spec b/SPECS/python2/python2.spec index b923f292b25..7a4137c99c0 100644 --- a/SPECS/python2/python2.spec +++ b/SPECS/python2/python2.spec @@ -125,14 +125,7 @@ Requires: python2 = %{version}-%{release} The test package contains all regression tests for Python as well as the modules test.support and test.regrtest. test.support is used to enhance your tests while test.regrtest drives the testing suite. %prep -%setup -q -n Python-%{version} -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 +%autosetup -p1 -n Python-%{version} %build export OPT="${CFLAGS} %{openssl_flags}" @@ -253,6 +246,7 @@ make test %changelog * Thu Oct 22 2020 Nicolas Ontiveros - 2.7.18-4 +- Use autosetup - Remove CVE-2013-1753 no patch - Ignore CVE-2019-9674 - Fix CVE-2019-20907 From 40ffdc7961a57a6c14eaa2e57e069d6975bfd7d0 Mon Sep 17 00:00:00 2001 From: Nick Samson Date: Fri, 23 Oct 2020 15:05:20 -0700 Subject: [PATCH 030/145] Updated unzip spec to ensure CVE tooling detection --- ....patch => unzip-zipbomb-part1-CVE-2019-13232.patch} | 0 SPECS/unzip/unzip.spec | 10 +++++----- ...tch => unzip_cfactor_overflow-CVE-2018-18384.patch} | 0 .../resources/manifests/package/toolchain_aarch64.txt | 4 ++-- .../resources/manifests/package/toolchain_x86_64.txt | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) rename SPECS/unzip/{unzip-zipbomb-part1.patch => unzip-zipbomb-part1-CVE-2019-13232.patch} (100%) rename SPECS/unzip/{unzip_cfactor_overflow.patch => unzip_cfactor_overflow-CVE-2018-18384.patch} (100%) diff --git a/SPECS/unzip/unzip-zipbomb-part1.patch b/SPECS/unzip/unzip-zipbomb-part1-CVE-2019-13232.patch similarity index 100% rename from SPECS/unzip/unzip-zipbomb-part1.patch rename to SPECS/unzip/unzip-zipbomb-part1-CVE-2019-13232.patch diff --git a/SPECS/unzip/unzip.spec b/SPECS/unzip/unzip.spec index 6c3584d2c87..b4d0c63df69 100644 --- a/SPECS/unzip/unzip.spec +++ b/SPECS/unzip/unzip.spec @@ -1,7 +1,7 @@ Summary: Unzip-6.0 Name: unzip Version: 6.0 -Release: 17%{?dist} +Release: 18%{?dist} License: BSD URL: http://infozip.sourceforge.net/UnZip.html Source0: https://downloads.sourceforge.net/infozip/unzip60.tar.gz @@ -14,13 +14,11 @@ Patch1: CVE-2015-1315.patch Patch2: CVE-2015-7696.patch Patch3: CVE-2016-9844.patch Patch4: CVE-2014-9913.patch -# Fixes CVE-2018-18384 -Patch5: unzip_cfactor_overflow.patch +Patch5: unzip_cfactor_overflow-CVE-2018-18384.patch Patch6: CVE-2014-8139.patch Patch7: CVE-2014-8140.patch Patch8: CVE-2014-8141.patch -# Fixes CVE-2019-13232 -Patch9: unzip-zipbomb-part1.patch +Patch9: unzip-zipbomb-part1-CVE-2019-13232.patch Patch10: unzip-zipbomb-part2.patch Patch11: unzip-zipbomb-part3.patch Patch12: unzip-zipbomb-manpage.patch @@ -71,6 +69,8 @@ make %{?_smp_mflags} check %{_bindir}/* %changelog +* Fri Oct 23 2020 Nick Samson 6.0-18 +- Renamed patch files for CVE-2019-13232 and CVE-2018-18384 to ensure detection by CVE tooling * Thu Oct 22 2020 Nicolas Ontiveros 6.0-17 - Use autosetup - Fix names for CVE patches diff --git a/SPECS/unzip/unzip_cfactor_overflow.patch b/SPECS/unzip/unzip_cfactor_overflow-CVE-2018-18384.patch similarity index 100% rename from SPECS/unzip/unzip_cfactor_overflow.patch rename to SPECS/unzip/unzip_cfactor_overflow-CVE-2018-18384.patch diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 7d5cdf17f6b..1995877c380 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -370,8 +370,8 @@ tdnf-plugin-repogpgcheck-2.1.0-4.cm1.aarch64.rpm tdnf-python-2.1.0-4.cm1.aarch64.rpm texinfo-6.5-7.cm1.aarch64.rpm texinfo-debuginfo-6.5-7.cm1.aarch64.rpm -unzip-6.0-17.cm1.aarch64.rpm -unzip-debuginfo-6.0-17.cm1.aarch64.rpm +unzip-6.0-18.cm1.aarch64.rpm +unzip-debuginfo-6.0-18.cm1.aarch64.rpm util-linux-2.32.1-3.cm1.aarch64.rpm util-linux-debuginfo-2.32.1-3.cm1.aarch64.rpm util-linux-devel-2.32.1-3.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index daaa66efdbd..43e854b5c5f 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -370,8 +370,8 @@ tdnf-plugin-repogpgcheck-2.1.0-4.cm1.x86_64.rpm tdnf-python-2.1.0-4.cm1.x86_64.rpm texinfo-6.5-7.cm1.x86_64.rpm texinfo-debuginfo-6.5-7.cm1.x86_64.rpm -unzip-6.0-17.cm1.x86_64.rpm -unzip-debuginfo-6.0-17.cm1.x86_64.rpm +unzip-6.0-18.cm1.x86_64.rpm +unzip-debuginfo-6.0-18.cm1.x86_64.rpm util-linux-2.32.1-3.cm1.x86_64.rpm util-linux-debuginfo-2.32.1-3.cm1.x86_64.rpm util-linux-devel-2.32.1-3.cm1.x86_64.rpm From fdb0ec1de231ab925f8525339133150532e1b7cc Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Mon, 26 Oct 2020 11:31:58 -0700 Subject: [PATCH 031/145] Patch CVE-2020-8631 --- SPECS/cloud-init/CVE-2020-8631.patch | 29 ++++++++++++++++++++++++++ SPECS/cloud-init/cloud-init.spec | 31 ++++++++++++---------------- 2 files changed, 42 insertions(+), 18 deletions(-) create mode 100644 SPECS/cloud-init/CVE-2020-8631.patch diff --git a/SPECS/cloud-init/CVE-2020-8631.patch b/SPECS/cloud-init/CVE-2020-8631.patch new file mode 100644 index 00000000000..150d8e166d3 --- /dev/null +++ b/SPECS/cloud-init/CVE-2020-8631.patch @@ -0,0 +1,29 @@ +From 9e9a317f48e2b84949607c9e2cb74af53868f701 Mon Sep 17 00:00:00 2001 +From: Dimitri John Ledkov +Date: Wed, 5 Feb 2020 00:33:05 +0000 +Subject: [PATCH] utils: use SystemRandom when generating random password. + +As noticed by Seth Arnold, non-deterministic SystemRandom should be +used when creating security sensitive random strings. + +LP: #1860795 +--- + cloudinit/util.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/cloudinit/util.py b/cloudinit/util.py +index d99e82fa5..c02b3d9a5 100644 +--- a/cloudinit/util.py ++++ b/cloudinit/util.py +@@ -397,9 +397,10 @@ def translate_bool(val, addons=None): + + + def rand_str(strlen=32, select_from=None): ++ r = random.SystemRandom() + if not select_from: + select_from = string.ascii_letters + string.digits +- return "".join([random.choice(select_from) for _x in range(0, strlen)]) ++ return "".join([r.choice(select_from) for _x in range(0, strlen)]) + + + def rand_dict_key(dictionary, postfix=None): diff --git a/SPECS/cloud-init/cloud-init.spec b/SPECS/cloud-init/cloud-init.spec index 9cd09bd9bb3..bbbf5f48042 100644 --- a/SPECS/cloud-init/cloud-init.spec +++ b/SPECS/cloud-init/cloud-init.spec @@ -14,14 +14,15 @@ Source1: cloud-mariner.cfg Source2: 99-disable-networking-config.cfg Patch0: mariner-distro.patch -Patch2: vca-admin-pwd.patch -Patch3: mariner-hosts-template.patch -Patch5: datasource-guestinfo.patch -Patch6: systemd-service-changes.patch -Patch7: makecheck.patch -Patch8: systemd-resolved-config.patch -Patch9: cloud-init-azureds.patch -Patch10: ds-identity.patch +Patch1: vca-admin-pwd.patch +Patch2: mariner-hosts-template.patch +Patch3: datasource-guestinfo.patch +Patch4: systemd-service-changes.patch +Patch5: makecheck.patch +Patch6: systemd-resolved-config.patch +Patch7: cloud-init-azureds.patch +Patch8: ds-identity.patch +Patch9: CVE-2020-8631.patch BuildRequires: python3 BuildRequires: python3-libs @@ -68,16 +69,7 @@ ssh keys and to let the user run various scripts. %prep -%setup -q -n %{name}-%{version} -%patch0 -p1 -%patch2 -p1 -%patch3 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 +%autosetup -p1 -n %{name}-%{version} find systemd -name "cloud*.service*" | xargs sed -i s/StandardOutput=journal+console/StandardOutput=journal/g @@ -146,6 +138,9 @@ rm -rf $RPM_BUILD_ROOT %dir /var/lib/cloud %changelog +* Mon Oct 26 2020 Nicolas Ontiveros 19.1-5 +- Use autosetup +- Fix CVE-2020-8631 * Mon Apr 13 2020 Emre Girgin 19.1-4 - Rename iproute2 to iproute. - License verified. From cbb64e4bdc1712093248d48804d564f3c5706517 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Mon, 26 Oct 2020 11:45:01 -0700 Subject: [PATCH 032/145] Patch CVE-2020-8632 --- SPECS/cloud-init/CVE-2020-8632.patch | 11 +++++++++++ SPECS/cloud-init/cloud-init.spec | 4 +++- 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 SPECS/cloud-init/CVE-2020-8632.patch diff --git a/SPECS/cloud-init/CVE-2020-8632.patch b/SPECS/cloud-init/CVE-2020-8632.patch new file mode 100644 index 00000000000..483b4b6e556 --- /dev/null +++ b/SPECS/cloud-init/CVE-2020-8632.patch @@ -0,0 +1,11 @@ +--- a/cloudinit/config/cc_set_passwords.py ++++ b/cloudinit/config/cc_set_passwords.py +@@ -220,7 +220,7 @@ + raise errors[-1] + + +-def rand_user_password(pwlen=9): ++def rand_user_password(pwlen=20): + return util.rand_str(pwlen, select_from=PW_SET) + + # vi: ts=4 expandtab diff --git a/SPECS/cloud-init/cloud-init.spec b/SPECS/cloud-init/cloud-init.spec index bbbf5f48042..9cf224245d1 100644 --- a/SPECS/cloud-init/cloud-init.spec +++ b/SPECS/cloud-init/cloud-init.spec @@ -2,7 +2,7 @@ Name: cloud-init Version: 19.1 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Cloud instance init scripts Group: System Environment/Base License: GPLv3 @@ -23,6 +23,7 @@ Patch6: systemd-resolved-config.patch Patch7: cloud-init-azureds.patch Patch8: ds-identity.patch Patch9: CVE-2020-8631.patch +Patch10: CVE-2020-8632.patch BuildRequires: python3 BuildRequires: python3-libs @@ -141,6 +142,7 @@ rm -rf $RPM_BUILD_ROOT * Mon Oct 26 2020 Nicolas Ontiveros 19.1-5 - Use autosetup - Fix CVE-2020-8631 +- Fix CVE-2020-8632 * Mon Apr 13 2020 Emre Girgin 19.1-4 - Rename iproute2 to iproute. - License verified. From ff296a7d059a00cc0b40d2ad813325a1c068e158 Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Mon, 26 Oct 2020 11:48:18 -0700 Subject: [PATCH 033/145] Add validatechroot tool to check worker chroot dependencies (#231) * Add validatechroot tool to check chroot worker deps. Run `sudo make validate-chroot` Signed-off-by: Daniel McIlvaney --- toolkit/docs/how_it_works/1_initial_prep.md | 3 + toolkit/scripts/tools.mk | 16 ++- .../tools/validatechroot/validatechroot.go | 131 ++++++++++++++++++ 3 files changed, 148 insertions(+), 2 deletions(-) create mode 100644 toolkit/tools/validatechroot/validatechroot.go diff --git a/toolkit/docs/how_it_works/1_initial_prep.md b/toolkit/docs/how_it_works/1_initial_prep.md index 455cf9b3d01..5dfe9957c78 100644 --- a/toolkit/docs/how_it_works/1_initial_prep.md +++ b/toolkit/docs/how_it_works/1_initial_prep.md @@ -24,6 +24,7 @@ Prepping the Build Environment - [specreader](#specreader) - [srpmpacker](#srpmpacker) - [unravel](#unravel) + - [validatechroot](#validatechroot) ## The Makefile @@ -93,5 +94,7 @@ The `specreader` tool scans all the `*.spec` files in a directory and generates The `srpmpacker` tool creates `.src.rpm` files from local specs and sources. The sources can be found locally, or downloaded from a source server. It is responsible for enforcing a matching hash for every source file. #### unravel The `unravel` tool converts a dependency graph into a set of build instructions which can be used to successfully build all local packages. +#### validatechroot +A tool which double checks the worker chroot has all its dependencies correctly installed. ## Prev: [Intro](0_intro.md), Next: [Local Packages](2_local_packages.md) \ No newline at end of file diff --git a/toolkit/scripts/tools.mk b/toolkit/scripts/tools.mk index bec17d0a4f9..47ed0924fcc 100644 --- a/toolkit/scripts/tools.mk +++ b/toolkit/scripts/tools.mk @@ -29,6 +29,7 @@ go_tool_list = \ specreader \ srpmpacker \ unravel \ + validatechroot \ # For each utility "util", create a "out/tools/util" target which references code in "tools/util/" go_tool_targets = $(foreach target,$(go_tool_list),$(TOOL_BINS_DIR)/$(target)) @@ -112,7 +113,7 @@ go-test-coverage: $(test_coverage_report) chroot_worker = $(BUILD_DIR)/worker/worker_chroot.tar.gz -.PHONY: chroot-tools clean-chroot-tools +.PHONY: chroot-tools clean-chroot-tools validate-chroot chroot-tools: $(chroot_worker) clean: clean-chroot-tools @@ -120,7 +121,9 @@ clean-chroot-tools: rm -f $(chroot_worker) @echo Verifying no mountpoints present in $(BUILD_DIR)/worker/ $(SCRIPTS_DIR)/safeunmount.sh "$(BUILD_DIR)/worker/" && \ - rm -rf $(BUILD_DIR)/worker + $(SCRIPTS_DIR)/safeunmount.sh "$(BUILD_DIR)/validatechroot/" && \ + rm -rf $(BUILD_DIR)/worker && \ + rm -rf $(BUILD_DIR)/validatechroot worker_chroot_manifest = $(TOOLCHAIN_MANIFESTS_DIR)/pkggen_core_$(build_arch).txt # Find the *.rpm corresponding to each of the entries in the manifest @@ -140,6 +143,15 @@ worker_chroot_deps := \ $(chroot_worker): $(worker_chroot_deps) $(PKGGEN_DIR)/worker/create_worker_chroot.sh $(BUILD_DIR)/worker $(worker_chroot_manifest) $(toolchain_rpms_dir) $(LOGS_DIR) +validate-chroot: $(go-validatechroot) $(chroot_worker) + $(go-validatechroot) \ + --rpm-dir="$(toolchain_rpms_dir)" \ + --tmp-dir="$(BUILD_DIR)/validatechroot" \ + --worker-chroot="$(chroot_worker)" \ + --worker-manifest="$(worker_chroot_manifest)" \ + --log-file="$(LOGS_DIR)/worker/validate.log" \ + --log-level="$(LOG_LEVEL)" + ######## MACRO TOOLS ######## macro_rpmrc = $(RPMRC_DIR)/rpmrc diff --git a/toolkit/tools/validatechroot/validatechroot.go b/toolkit/tools/validatechroot/validatechroot.go new file mode 100644 index 00000000000..bc720b8776d --- /dev/null +++ b/toolkit/tools/validatechroot/validatechroot.go @@ -0,0 +1,131 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + +package main + +import ( + "fmt" + "os" + "path" + "path/filepath" + "regexp" + + "gopkg.in/alecthomas/kingpin.v2" + "microsoft.com/pkggen/internal/exe" + "microsoft.com/pkggen/internal/file" + "microsoft.com/pkggen/internal/logger" + "microsoft.com/pkggen/internal/safechroot" + "microsoft.com/pkggen/internal/shell" +) + +const ( + leaveChrootFilesOnDisk = false +) + +var ( + app = kingpin.New("validatechroot", "A tool to validate that the worker chroot is well configured and all dependencies are satisfied.") + + toolchainRpmsDir = app.Flag("rpm-dir", "Directory that contains already built toolchain RPMs. Should contain top level directories for architecture.").Required().ExistingDir() + tmpDir = app.Flag("tmp-dir", "Temporary chroot directory.").String() + + workerTar = app.Flag("worker-chroot", "Full path to worker_chroot.tar.gz").Required().ExistingFile() + workerManifest = app.Flag("worker-manifest", "Full path to the worker manifest file").Required().ExistingFile() + + logFile = exe.LogFileFlag(app) + logLevel = exe.LogLevelFlag(app) +) + +func main() { + app.Version(exe.ToolkitVersion) + kingpin.MustParse(app.Parse(os.Args[1:])) + logger.InitBestEffort(*logFile, *logLevel) + + err := validateWorker(*toolchainRpmsDir, *tmpDir, *workerTar, *workerManifest) + + if err != nil { + logger.Log.Fatalf("Failed to validate worker. Error: %s", err) + } +} + +func validateWorker(rpmsDir, chrootDir, workerTarPath, manifestPath string) (err error) { + const ( + chrootToolchainRpmsDir = "/toolchainrpms" + isExistingDir = false + ) + + var ( + chroot *safechroot.Chroot + // Every valid line will be of the form: -..rpm + packageArchLookupRegex = regexp.MustCompile(`^.+(?Px86_64|aarch64|noarch)\.rpm$`) + ) + + // Ensure that if initialization fails, the chroot is closed + defer func() { + if chroot != nil { + closeErr := chroot.Close(leaveChrootFilesOnDisk) + if closeErr != nil { + logger.Log.Panicf("Unable to close chroot on failed initialization. Error: %s", closeErr) + } + } + }() + + logger.Log.Infof("Creating chroot environment to validate '%s' against '%s'", workerTarPath, manifestPath) + + chroot = safechroot.NewChroot(chrootDir, isExistingDir) + rpmMount := safechroot.NewMountPoint(rpmsDir, chrootToolchainRpmsDir, "", safechroot.BindMountPointFlags, "") + extraDirectories := []string{chrootToolchainRpmsDir} + rpmMounts := []*safechroot.MountPoint{rpmMount} + err = chroot.Initialize(workerTarPath, extraDirectories, rpmMounts) + if err != nil { + chroot = nil + return + } + + manifestEntries, err := file.ReadLines(manifestPath) + if err != nil { + return + } + badEntries := make(map[string]string) + + err = chroot.Run(func() (err error) { + for _, rpm := range manifestEntries { + archMatches := packageArchLookupRegex.FindStringSubmatch(rpm) + if len(archMatches) != 2 { + logger.Log.Errorf("%v", archMatches) + return fmt.Errorf("'%s' is an invalid rpm file path", rpm) + } + arch := archMatches[1] + rpmPath := path.Join(chrootToolchainRpmsDir, arch, rpm) + + // --replacepkgs instructs RPM to gracefully re-install a package, including checking dependencies + args := []string{ + "-ihv", + "--replacepkgs", + "--nosignature", + rpmPath, + } + logger.Log.Infof("Validating %s", filepath.Base(rpmPath)) + stdout, stderr, err := shell.Execute("rpm", args...) + + logger.Log.Debug(stdout) + + if err != nil || len(stderr) > 0 { + logger.Log.Warn(stderr) + if len(stderr) > 0 { + badEntries[rpm] = stderr + } else { + badEntries[rpm] = err.Error() + } + } + } + return + }) + + if len(badEntries) > 0 { + for rpm, errMsg := range badEntries { + logger.Log.Errorf("%s:\n %s", rpm, errMsg) + } + err = fmt.Errorf("found invalid packages in the worker chroot") + } + return +} From f256824e5da150fea0aa4fae2743dfd1471a4959 Mon Sep 17 00:00:00 2001 From: Henry Li Date: Mon, 26 Oct 2020 14:24:01 -0700 Subject: [PATCH 034/145] fix CVE --- SPECS/openldap/openldap.spec | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/SPECS/openldap/openldap.spec b/SPECS/openldap/openldap.spec index 133d1de2323..3a8118807ec 100644 --- a/SPECS/openldap/openldap.spec +++ b/SPECS/openldap/openldap.spec @@ -2,7 +2,7 @@ Summary: OpenLDAP (Lightweight Directory Access Protocol) Name: openldap Version: 2.4.50 -Release: 1%{?dist} +Release: 2%{?dist} License: OpenLDAP URL: https://www.openldap.org/ Group: System Environment/Security @@ -13,6 +13,7 @@ Source0: https://gpl.savoirfairelinux.net/pub/mirrors/openldap/openldap-r Patch0: openldap-2.4.40-gssapi-1.patch Patch1: openldap-2.4.44-consolidated-2.patch +Patch2: CVE-2015-3276.patch Requires: openssl >= 1.0.1, cyrus-sasl >= 2.1 BuildRequires: cyrus-sasl >= 2.1 BuildRequires: openssl-devel >= 1.0.1 @@ -29,9 +30,7 @@ over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. %prep -%setup -q -%patch0 -p1 -%patch1 -p1 +%autosetup -p1 %build autoconf @@ -77,6 +76,9 @@ rm -rf %{buildroot}/* /etc/openldap/* %changelog +* Mon Oct 26 2020 Henry Li 2.4.50-2 +- Used autosetup. +- Added patch to resolve CVE-2015-3276. * Wed Jun 03 2020 Nicolas Ontiveros 2.4.50-1 - Upgrade to version 2.4.50, which resolves CVE-2020-12243. * Tue May 12 2020 Nicolas Ontiveros 2.4.48-1 From d0e4bb0134c29b9124ab2093a2d7589946023a4b Mon Sep 17 00:00:00 2001 From: Henry Li Date: Mon, 26 Oct 2020 14:39:58 -0700 Subject: [PATCH 035/145] check in patch file --- SPECS/openldap/CVE-2015-3276.patch | 39 ++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 SPECS/openldap/CVE-2015-3276.patch diff --git a/SPECS/openldap/CVE-2015-3276.patch b/SPECS/openldap/CVE-2015-3276.patch new file mode 100644 index 00000000000..83d5b094af2 --- /dev/null +++ b/SPECS/openldap/CVE-2015-3276.patch @@ -0,0 +1,39 @@ +diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c +index 715b433..c999602 100644 +--- a/libraries/libldap/tls_m.c ++++ b/libraries/libldap/tls_m.c +@@ -620,18 +620,23 @@ nss_parse_ciphers(const char *cipherstr, int cipher_list[ciphernum]) + */ + if (mask || strength || protocol) { + for (i=0; i Date: Mon, 26 Oct 2020 16:30:35 -0700 Subject: [PATCH 036/145] Patch CVE-2020-25637 --- SPECS/libvirt/CVE-2020-25637.patch | 138 +++++++++++++++++++++++++++++ SPECS/libvirt/libvirt.spec | 8 +- 2 files changed, 144 insertions(+), 2 deletions(-) create mode 100644 SPECS/libvirt/CVE-2020-25637.patch diff --git a/SPECS/libvirt/CVE-2020-25637.patch b/SPECS/libvirt/CVE-2020-25637.patch new file mode 100644 index 00000000000..370a82bc90c --- /dev/null +++ b/SPECS/libvirt/CVE-2020-25637.patch @@ -0,0 +1,138 @@ +--- a/src/rpc/gendispatch.pl ++++ b/src/rpc/gendispatch.pl +@@ -2105,17 +2105,22 @@ + my @acl; + foreach (@{$acl}) { + my @bits = split /:/; +- push @acl, { object => $bits[0], perm => $bits[1], flags => $bits[2] } ++ push @acl, { object => $bits[0], perm => $bits[1], flags => $bits[2], ++ param => $bits[3], value => $bits[4] } + } + + my $checkflags = 0; ++ my $paramtocheck = undef; + for (my $i = 1 ; $i <= $#acl ; $i++) { + if ($acl[$i]->{object} ne $acl[0]->{object}) { + die "acl for '$call->{ProcName}' cannot check different objects"; + } +- if (defined $acl[$i]->{flags}) { ++ if (defined $acl[$i]->{flags} && length $acl[$i]->{flags}) { + $checkflags = 1; + } ++ if (defined $acl[$i]->{param}) { ++ $paramtocheck = $acl[$i]->{param}; ++ } + } + + my $apiname = $prefix . $call->{ProcName}; +@@ -2151,6 +2156,9 @@ + if ($checkflags) { + push @argdecls, "unsigned int flags"; + } ++ if (defined $paramtocheck) { ++ push @argdecls, "unsigned int " . $paramtocheck; ++ } + + my $ret; + my $pass; +@@ -2201,7 +2209,7 @@ + my $method = "virAccessManagerCheck" . $object; + my $space = ' ' x length($method); + print " if ("; +- if (defined $acl->{flags}) { ++ if (defined $acl->{flags} && length $acl->{flags}) { + my $flags = $acl->{flags}; + if ($flags =~ /^\!/) { + $flags = substr $flags, 1; +@@ -2211,6 +2219,17 @@ + } + print " "; + } ++ if (defined $acl->{param}) { ++ my $param = $acl->{param}; ++ my $value = $acl->{value}; ++ if ($value =~ /^\!/) { ++ $value = substr $value, 1; ++ print "($param != ($value)) &&\n"; ++ } else { ++ print "($param == ($value)) &&\n"; ++ } ++ print " "; ++ } + print "(rv = $method(" . join(", ", @argvars, $perm) . ")) <= 0) {\n"; + print " virObjectUnref(mgr);\n"; + if ($action eq "Ensure") { + +--- a/src/remote/remote_protocol.x ++++ b/src/remote/remote_protocol.x +@@ -3805,6 +3805,7 @@ + * + * - @acl: : + * - @acl: :: ++ * - @acl: :::: + * + * Declare the access control requirements for the API. May be repeated + * multiple times, if multiple rules are required. +@@ -3814,6 +3815,8 @@ + * is one of the permissions in access/viraccessperm.h + * indicates the rule only applies if the named flag + * is set in the API call ++ * and can be used to check an unsigned int parameter ++ * against value + * + * - @aclfilter: : + * +@@ -6208,6 +6211,7 @@ + /** + * @generate: none + * @acl: domain:read ++ * @acl: domain:write::source:VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT + */ + REMOTE_PROC_DOMAIN_INTERFACE_ADDRESSES = 353, + +--- a/src/libxl/libxl_driver.c ++++ b/src/libxl/libxl_driver.c +@@ -6331,7 +6331,7 @@ + if (!(vm = libxlDomObjFromDomain(dom))) + goto cleanup; + +- if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def) < 0) ++ if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def, source) < 0) + goto cleanup; + + if (virDomainObjCheckActive(vm) < 0) + +--- a/src/lxc/lxc_driver.c ++++ b/src/lxc/lxc_driver.c +@@ -1698,7 +1698,7 @@ + if (!(vm = lxcDomObjFromDomain(dom))) + goto cleanup; + +- if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def) < 0) ++ if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def, source) < 0) + goto cleanup; + + if (virDomainObjCheckActive(vm) < 0) + +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -21846,7 +21846,7 @@ + if (!(vm = qemuDomainObjFromDomain(dom))) + goto cleanup; + +- if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def) < 0) ++ if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def, source) < 0) + goto cleanup; + + if (virDomainObjCheckActive(vm) < 0) + +--- a/src/qemu/qemu_agent.c ++++ b/src/qemu/qemu_agent.c +@@ -2186,6 +2186,7 @@ + + /* Has to be freed for each interface. */ + virStringListFree(ifname); ++ ifname = NULL; + + /* as well as IP address which - moreover - + * can be presented multiple times */ diff --git a/SPECS/libvirt/libvirt.spec b/SPECS/libvirt/libvirt.spec index be2ad4a1d1b..a63ede26795 100644 --- a/SPECS/libvirt/libvirt.spec +++ b/SPECS/libvirt/libvirt.spec @@ -1,7 +1,7 @@ Summary: Virtualization API library that supports KVM, QEMU, Xen, ESX etc Name: libvirt Version: 6.1.0 -Release: 1%{?dist} +Release: 2%{?dist} License: LGPL URL: https://libvirt.org/ Source0: https://libvirt.org/sources/%{name}-%{version}.tar.xz @@ -9,6 +9,7 @@ Source0: https://libvirt.org/sources/%{name}-%{version}.tar.xz Patch0: CVE-2019-3886.nopatch # The fix for this CVE is already in 6.1.0. Patch1: CVE-2017-1000256.nopatch +Patch2: CVE-2020-25637.patch Group: Virtualization/Libraries Vendor: Microsoft Corporation Distribution: Mariner @@ -62,7 +63,7 @@ Requires: libtirpc-devel This contains development tools and libraries for libvirt. %prep -%setup -q +%autosetup -p1 %define _vpath_builddir build %build @@ -127,6 +128,9 @@ make check %{_mandir}/* %changelog +* Mon Oct 26 2020 Nicolas Ontiveros 6.1.0-2 +- Use autosetup +- Patch CVE-2020-25637 * Fri May 29 2020 Emre Girgin 6.1.0-1 - Upgrade to 6.1.0. * Sat May 09 00:21:42 PST 2020 Nick Samson - 4.7.0-5 From 85330c701ff534f268100106d10c26ee7114008d Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Tue, 27 Oct 2020 14:02:06 +0100 Subject: [PATCH 037/145] Disabling the MD4 algorithm. (#272) Co-authored-by: Henry Beberman --- SPECS/openssl/openssl.spec | 7 +++++-- .../manifests/package/pkggen_core_aarch64.txt | 12 ++++++------ .../manifests/package/pkggen_core_x86_64.txt | 12 ++++++------ .../manifests/package/toolchain_aarch64.txt | 12 ++++++------ .../resources/manifests/package/toolchain_x86_64.txt | 12 ++++++------ 5 files changed, 29 insertions(+), 26 deletions(-) diff --git a/SPECS/openssl/openssl.spec b/SPECS/openssl/openssl.spec index e69f3bb2ab4..377516f0ed5 100644 --- a/SPECS/openssl/openssl.spec +++ b/SPECS/openssl/openssl.spec @@ -1,7 +1,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.1.1g -Release: 6%{?dist} +Release: 7%{?dist} License: OpenSSL URL: http://www.openssl.org/ Group: System Environment/Security @@ -122,7 +122,7 @@ export HASHBANGPERL=/usr/bin/perl no-idea \ no-mdc2 \ no-md2 \ - enable-md4 \ + no-md4 \ no-poly1305 \ enable-rc2 \ enable-rc4 \ @@ -257,6 +257,9 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist rm -rf $RPM_BUILD_ROOT %changelog +* Mon Oct 26 2020 Pawel Winogrodzki 1.1.1g-7 +- Removing support for the deprecated MD4 algorithm. + * Tue Jul 28 2020 Pawel Winogrodzki 1.1.1g-6 - Replacing removal of functions through the 'no--method' option with returning a method negotiating the highest supported protocol diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 81e0779bc14..227436125ed 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -105,12 +105,12 @@ perl-5.30.3-1.cm1.aarch64.rpm texinfo-6.5-7.cm1.aarch64.rpm autoconf-2.69-9.cm1.noarch.rpm automake-1.16.1-3.cm1.noarch.rpm -openssl-1.1.1g-6.cm1.aarch64.rpm -openssl-devel-1.1.1g-6.cm1.aarch64.rpm -openssl-libs-1.1.1g-6.cm1.aarch64.rpm -openssl-perl-1.1.1g-6.cm1.aarch64.rpm -openssl-static-1.1.1g-6.cm1.aarch64.rpm -openssl-debuginfo-1.1.1g-6.cm1.aarch64.rpm +openssl-1.1.1g-7.cm1.aarch64.rpm +openssl-devel-1.1.1g-7.cm1.aarch64.rpm +openssl-libs-1.1.1g-7.cm1.aarch64.rpm +openssl-perl-1.1.1g-7.cm1.aarch64.rpm +openssl-static-1.1.1g-7.cm1.aarch64.rpm +openssl-debuginfo-1.1.1g-7.cm1.aarch64.rpm libcap-2.26-2.cm1.aarch64.rpm libcap-devel-2.26-2.cm1.aarch64.rpm libdb-5.3.28-4.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 4371d305298..c8794df198a 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -105,12 +105,12 @@ perl-5.30.3-1.cm1.x86_64.rpm texinfo-6.5-7.cm1.x86_64.rpm autoconf-2.69-9.cm1.noarch.rpm automake-1.16.1-3.cm1.noarch.rpm -openssl-1.1.1g-6.cm1.x86_64.rpm -openssl-devel-1.1.1g-6.cm1.x86_64.rpm -openssl-libs-1.1.1g-6.cm1.x86_64.rpm -openssl-perl-1.1.1g-6.cm1.x86_64.rpm -openssl-static-1.1.1g-6.cm1.x86_64.rpm -openssl-debuginfo-1.1.1g-6.cm1.x86_64.rpm +openssl-1.1.1g-7.cm1.x86_64.rpm +openssl-devel-1.1.1g-7.cm1.x86_64.rpm +openssl-libs-1.1.1g-7.cm1.x86_64.rpm +openssl-perl-1.1.1g-7.cm1.x86_64.rpm +openssl-static-1.1.1g-7.cm1.x86_64.rpm +openssl-debuginfo-1.1.1g-7.cm1.x86_64.rpm libcap-2.26-2.cm1.x86_64.rpm libcap-devel-2.26-2.cm1.x86_64.rpm libdb-5.3.28-4.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 63259e6d82d..1bc5ccac1c9 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -269,12 +269,12 @@ openjdk8-doc-1.8.0.181-8.cm1.aarch64.rpm openjdk8-sample-1.8.0.181-8.cm1.aarch64.rpm openjdk8-src-1.8.0.181-8.cm1.aarch64.rpm openjre8-1.8.0.181-8.cm1.aarch64.rpm -openssl-1.1.1g-6.cm1.aarch64.rpm -openssl-debuginfo-1.1.1g-6.cm1.aarch64.rpm -openssl-devel-1.1.1g-6.cm1.aarch64.rpm -openssl-libs-1.1.1g-6.cm1.aarch64.rpm -openssl-perl-1.1.1g-6.cm1.aarch64.rpm -openssl-static-1.1.1g-6.cm1.aarch64.rpm +openssl-1.1.1g-7.cm1.aarch64.rpm +openssl-debuginfo-1.1.1g-7.cm1.aarch64.rpm +openssl-devel-1.1.1g-7.cm1.aarch64.rpm +openssl-libs-1.1.1g-7.cm1.aarch64.rpm +openssl-perl-1.1.1g-7.cm1.aarch64.rpm +openssl-static-1.1.1g-7.cm1.aarch64.rpm p11-kit-0.23.16.1-2.cm1.aarch64.rpm p11-kit-debuginfo-0.23.16.1-2.cm1.aarch64.rpm p11-kit-devel-0.23.16.1-2.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 93b4e97ba2e..1da6d530e44 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -269,12 +269,12 @@ openjdk8-doc-1.8.0.212-10.cm1.x86_64.rpm openjdk8-sample-1.8.0.212-10.cm1.x86_64.rpm openjdk8-src-1.8.0.212-10.cm1.x86_64.rpm openjre8-1.8.0.212-10.cm1.x86_64.rpm -openssl-1.1.1g-6.cm1.x86_64.rpm -openssl-debuginfo-1.1.1g-6.cm1.x86_64.rpm -openssl-devel-1.1.1g-6.cm1.x86_64.rpm -openssl-libs-1.1.1g-6.cm1.x86_64.rpm -openssl-perl-1.1.1g-6.cm1.x86_64.rpm -openssl-static-1.1.1g-6.cm1.x86_64.rpm +openssl-1.1.1g-7.cm1.x86_64.rpm +openssl-debuginfo-1.1.1g-7.cm1.x86_64.rpm +openssl-devel-1.1.1g-7.cm1.x86_64.rpm +openssl-libs-1.1.1g-7.cm1.x86_64.rpm +openssl-perl-1.1.1g-7.cm1.x86_64.rpm +openssl-static-1.1.1g-7.cm1.x86_64.rpm p11-kit-0.23.16.1-2.cm1.x86_64.rpm p11-kit-debuginfo-0.23.16.1-2.cm1.x86_64.rpm p11-kit-devel-0.23.16.1-2.cm1.x86_64.rpm From f327334eaa2e786643ea3f3f15e75f8a4b768d23 Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Tue, 27 Oct 2020 09:24:52 -0700 Subject: [PATCH 038/145] Enable spec lint PR gating (#270) --- .github/workflows/lint-specs.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/lint-specs.yml b/.github/workflows/lint-specs.yml index a5cd33357f6..0057e7cca1b 100644 --- a/.github/workflows/lint-specs.yml +++ b/.github/workflows/lint-specs.yml @@ -77,19 +77,20 @@ jobs: # Set continue-on-error to true if we're blocking too many PRs here # We don't want this tool to have a low signal-to-noise ratio - name: Lint changed spec files - continue-on-error: true run: | mkdir -p linted_specs spec-cleaner -o linted_specs ${{ env.updated-specs }} [ -n "$(ls -A linted_specs)" ] \ && echo "Specs are not correctly formatted." \ - && echo "The linted_specs artifact contains linted versions of the specs you're checking in." \ + && echo "Linting output is available in the linted_specs artifact." && echo "Please properly format your specs according to that output before merging." \ + && echo "A diff of the changes required is printed below:" + && spec-cleaner -d --diff-prog="git --no-pager diff" ${{ env.updated-specs }} \ && exit 1 - uses: actions/upload-artifact@v2 + if: ${{ always() }} with: name: linted_specs path: linted_specs if-no-files-found: ignore - if: always() From 48dbe4a6e0fadb84fd38fe39b3d885247cdaf19a Mon Sep 17 00:00:00 2001 From: Henry Li Date: Tue, 27 Oct 2020 12:04:07 -0700 Subject: [PATCH 039/145] save current changes --- SPECS/qemu-kvm/CVE-2020-10702.patch | 48 ++++++++ SPECS/qemu-kvm/CVE-2020-10761.patch | 180 ++++++++++++++++++++++++++++ SPECS/qemu-kvm/qemu-kvm.spec | 12 +- 3 files changed, 238 insertions(+), 2 deletions(-) create mode 100644 SPECS/qemu-kvm/CVE-2020-10702.patch create mode 100644 SPECS/qemu-kvm/CVE-2020-10761.patch diff --git a/SPECS/qemu-kvm/CVE-2020-10702.patch b/SPECS/qemu-kvm/CVE-2020-10702.patch new file mode 100644 index 00000000000..0eedda36dab --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2020-10702.patch @@ -0,0 +1,48 @@ +From de0b1bae6461f67243282555475f88b2384a1eb9 Mon Sep 17 00:00:00 2001 +From: Vincent Dehors +Date: Thu, 23 Jan 2020 15:22:38 +0000 +Subject: [PATCH] target/arm: Fix PAuth sbox functions + +In the PAC computation, sbox was applied over wrong bits. +As this is a 4-bit sbox, bit index should be incremented by 4 instead of 16. + +Test vector from QARMA paper (https://eprint.iacr.org/2016/444.pdf) was +used to verify one computation of the pauth_computepac() function which +uses sbox2. + +Launchpad: https://bugs.launchpad.net/bugs/1859713 +Reviewed-by: Richard Henderson +Signed-off-by: Vincent DEHORS +Signed-off-by: Adrien GRASSEIN +Message-id: 20200116230809.19078-2-richard.henderson@linaro.org +Reviewed-by: Peter Maydell +Signed-off-by: Peter Maydell +--- + target/arm/pauth_helper.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/target/arm/pauth_helper.c b/target/arm/pauth_helper.c +index d3194f2..0a5f41e 100644 +--- a/target/arm/pauth_helper.c ++++ b/target/arm/pauth_helper.c +@@ -89,7 +89,7 @@ static uint64_t pac_sub(uint64_t i) + uint64_t o = 0; + int b; + +- for (b = 0; b < 64; b += 16) { ++ for (b = 0; b < 64; b += 4) { + o |= (uint64_t)sub[(i >> b) & 0xf] << b; + } + return o; +@@ -104,7 +104,7 @@ static uint64_t pac_inv_sub(uint64_t i) + uint64_t o = 0; + int b; + +- for (b = 0; b < 64; b += 16) { ++ for (b = 0; b < 64; b += 4) { + o |= (uint64_t)inv_sub[(i >> b) & 0xf] << b; + } + return o; +-- +1.8.3.1 + diff --git a/SPECS/qemu-kvm/CVE-2020-10761.patch b/SPECS/qemu-kvm/CVE-2020-10761.patch new file mode 100644 index 00000000000..725c0c2acd2 --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2020-10761.patch @@ -0,0 +1,180 @@ +In qemu 4.2, I accidentally introduced the ability for an NBD client +obeying the specification to kill qemu as NBD server with an assertion +failure when the client requests an unusually long export name, as a +regression from the intended graceful server error message back to the +client. Given that the DoS security hole can be mitigated by +requiring TLS (and a client with TLS credentials is less likely to +play such games), the plan is to make the issue public today and send +a pull request through my NBD tree on Tuesday. + +We may still want to revisit whether the block layer caps display +names to 4095 bytes, or whether it should track a malloc'd name even +when that name exceeds 4k. + +Eric Blake (2): + nbd/server: Avoid long error message assertions CVE-2020-10761 + block: Call attention to truncation of long NBD exports + + block.c | 7 +++++-- + block/nbd.c | 21 +++++++++++++-------- + nbd/server.c | 28 +++++++++++++++++++++++++--- + tests/qemu-iotests/143 | 4 ++++ + tests/qemu-iotests/143.out | 2 ++ + 5 files changed, 49 insertions(+), 13 deletions(-) + +diff --git a/block.c b/block.c +index 8416376c9b71..6dbcb7e083ea 100644 +--- a/block.c ++++ b/block.c +@@ -6809,8 +6809,11 @@ void bdrv_refresh_filename(BlockDriverState *bs) + pstrcpy(bs->filename, sizeof(bs->filename), bs->exact_filename); + } else { + QString *json = qobject_to_json(QOBJECT(bs->full_open_options)); +- snprintf(bs->filename, sizeof(bs->filename), "json:%s", +- qstring_get_str(json)); ++ if (snprintf(bs->filename, sizeof(bs->filename), "json:%s", ++ qstring_get_str(json)) >= sizeof(bs->filename)) { ++ /* Give user a hint if we truncated things. */ ++ strcpy(bs->filename + sizeof(bs->filename) - 4, "..."); ++ } + qobject_unref(json); + } + } +diff --git a/block/nbd.c b/block/nbd.c +index 4ac23c8f6299..eed160c5cda1 100644 +--- a/block/nbd.c ++++ b/block/nbd.c +@@ -1984,6 +1984,7 @@ static void nbd_refresh_filename(BlockDriverState *bs) + { + BDRVNBDState *s = bs->opaque; + const char *host = NULL, *port = NULL, *path = NULL; ++ size_t len = 0; + + if (s->saddr->type == SOCKET_ADDRESS_TYPE_INET) { + const InetSocketAddress *inet = &s->saddr->u.inet; +@@ -1996,17 +1997,21 @@ static void nbd_refresh_filename(BlockDriverState *bs) + } /* else can't represent as pseudo-filename */ + + if (path && s->export) { +- snprintf(bs->exact_filename, sizeof(bs->exact_filename), +- "nbd+unix:///%s?socket=%s", s->export, path); ++ len = snprintf(bs->exact_filename, sizeof(bs->exact_filename), ++ "nbd+unix:///%s?socket=%s", s->export, path); + } else if (path && !s->export) { +- snprintf(bs->exact_filename, sizeof(bs->exact_filename), +- "nbd+unix://?socket=%s", path); ++ len = snprintf(bs->exact_filename, sizeof(bs->exact_filename), ++ "nbd+unix://?socket=%s", path); + } else if (host && s->export) { +- snprintf(bs->exact_filename, sizeof(bs->exact_filename), +- "nbd://%s:%s/%s", host, port, s->export); ++ len = snprintf(bs->exact_filename, sizeof(bs->exact_filename), ++ "nbd://%s:%s/%s", host, port, s->export); + } else if (host && !s->export) { +- snprintf(bs->exact_filename, sizeof(bs->exact_filename), +- "nbd://%s:%s", host, port); ++ len = snprintf(bs->exact_filename, sizeof(bs->exact_filename), ++ "nbd://%s:%s", host, port); ++ } ++ if (len > sizeof(bs->exact_filename)) { ++ /* Name is too long to represent exactly, so leave it empty. */ ++ bs->exact_filename[0] = '\0'; + } + } + +diff --git a/nbd/server.c b/nbd/server.c +index 02b1ed080145..ec130303586d 100644 +--- a/nbd/server.c ++++ b/nbd/server.c +@@ -217,7 +217,7 @@ nbd_negotiate_send_rep_verr(NBDClient *client, uint32_t +type, + + msg = g_strdup_vprintf(fmt, va); + len = strlen(msg); +- assert(len < 4096); ++ assert(len < NBD_MAX_STRING_SIZE); + trace_nbd_negotiate_send_rep_err(msg); + ret = nbd_negotiate_send_rep_len(client, type, len, errp); + if (ret < 0) { +@@ -231,6 +231,27 @@ nbd_negotiate_send_rep_verr(NBDClient *client, uint32_t +type, + return 0; + } + ++/* ++ * Truncate a potentially-long user-supplied string into something ++ * more suitable for an error reply. ++ */ ++static const char * ++nbd_truncate_name(const char *name) ++{ ++#define SANE_LENGTH 80 ++ static char buf[SANE_LENGTH + 3 + 1]; /* Trailing '...', NUL */ ++ ++ if (strlen(name) < SANE_LENGTH) { ++ return name; ++ } ++ memcpy(buf, name, SANE_LENGTH); ++ buf[SANE_LENGTH] = '.'; ++ buf[SANE_LENGTH + 1] = '.'; ++ buf[SANE_LENGTH + 2] = '.'; ++ buf[SANE_LENGTH + 3] = '\0'; ++ return buf; ++} ++ + /* Send an error reply. + * Return -errno on error, 0 on success. */ + static int GCC_FMT_ATTR(4, 5) +@@ -597,7 +618,7 @@ static int nbd_negotiate_handle_info(NBDClient *client, +Error **errp) + if (!exp) { + return nbd_negotiate_send_rep_err(client, NBD_REP_ERR_UNKNOWN, + errp, "export '%s' not present", +- name); ++ nbd_truncate_name(name)); + } + + /* Don't bother sending NBD_INFO_NAME unless client requested it */ +@@ -996,7 +1017,8 @@ static int nbd_negotiate_meta_queries(NBDClient *client, + meta->exp = nbd_export_find(export_name); + if (meta->exp == NULL) { + return nbd_opt_drop(client, NBD_REP_ERR_UNKNOWN, errp, +- "export '%s' not present", export_name); ++ "export '%s' not present", ++ nbd_truncate_name(export_name)); + } + + ret = nbd_opt_read(client, &nb_queries, sizeof(nb_queries), errp); +diff --git a/tests/qemu-iotests/143 b/tests/qemu-iotests/143 +index f649b3619501..b0b1cff86cb6 100755 +--- a/tests/qemu-iotests/143 ++++ b/tests/qemu-iotests/143 +@@ -58,6 +58,10 @@ _send_qemu_cmd $QEMU_HANDLE \ + $QEMU_IO_PROG -f raw -c quit \ + "nbd+unix:///no_such_export?socket=$SOCK_DIR/nbd" 2>&1 \ + | _filter_qemu_io | _filter_nbd ++# Likewise, with longest possible name permitted in NBD protocol ++$QEMU_IO_PROG -f raw -c quit \ ++ "nbd+unix:///$(printf %4096d 1 | tr ' ' a)?socket=$SOCK_DIR/nbd" 2>&1 \ ++ | _filter_qemu_io | _filter_nbd | sed 's/aa.*aa/aa...aa/' + + _send_qemu_cmd $QEMU_HANDLE \ + "{ 'execute': 'quit' }" \ +diff --git a/tests/qemu-iotests/143.out b/tests/qemu-iotests/143.out +index 1f4001c60131..be1f3a625458 100644 +--- a/tests/qemu-iotests/143.out ++++ b/tests/qemu-iotests/143.out +@@ -5,6 +5,8 @@ QA output created by 143 + {"return": {}} + qemu-io: can't open device nbd+unix:///no_such_export?socket=SOCK_DIR/nbd: +Requested export not available + server reported: export 'no_such_export' not present ++qemu-io: can't open device nbd+unix:///aa...aa1?socket=SOCK_DIR/nbd: Requested +export not available ++server reported: export 'aa...aa...' not present + { 'execute': 'quit' } + {"return": {}} + {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": +"SHUTDOWN", "data": {"guest": false, "reason": "host-qmp-quit"}} +-- +2.27.0 \ No newline at end of file diff --git a/SPECS/qemu-kvm/qemu-kvm.spec b/SPECS/qemu-kvm/qemu-kvm.spec index 6becd32182b..020f379e893 100644 --- a/SPECS/qemu-kvm/qemu-kvm.spec +++ b/SPECS/qemu-kvm/qemu-kvm.spec @@ -1,7 +1,7 @@ Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 4.2.0 -Release: 13%{?dist} +Release: 14%{?dist} License: GPLv2 and GPLv2+ and CC-BY and BSD Group: Development/Tools URL: https://www.qemu.org/ @@ -28,6 +28,8 @@ Patch9: CVE-2015-7504.nopatch Patch10: CVE-2017-5931.nopatch # CVE-2017-14167 was fixed in 2.11.0, but the CVE database was not updated. (ed4f86e8b6eff8e600c69adee68c7cd34dd2cccb) Patch11: CVE-2017-14167.nopatch +Patch12: CVE-2020-10702.patch +Patch13: CVE-2020-10761.patch BuildRequires: python3-devel BuildRequires: glib-devel @@ -62,7 +64,8 @@ This package provides a command line tool for manipulating disk images. %patch5 -p1 %patch6 -p1 %patch7 -p1 - +%patch12 -p1 +%patch13 -p1 %build %ifarch aarch64 @@ -122,6 +125,11 @@ chmod 755 %{buildroot}%{_bindir}/qemu %{_bindir}/qemu-nbd %changelog +* Tue Oct 27 2020 Henry Li 4.2.0-14 +- Add patch for CVE-2020-10702 +- Add patch for CVE-2020-10761 +- Nopatch CVE-2017-5931, it was fixed in 2.9.0 +- Nopatch CVE-2017-14167, it was fixed in 2.11.0 * Tue Sep 29 2020 Daniel McIlvaney 4.2.0-13 - Nopatch CVE-2015-7504, it was fixed in 2.5.0 - Nopatch CVE-2017-5931, it was fixed in 2.9.0 From 993d242031eed44fb39035cf2aa50cf1c75ef2ca Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Tue, 27 Oct 2020 12:40:39 -0700 Subject: [PATCH 040/145] Fix CVE-2019-17450 patch file --- SPECS/binutils/CVE-2019-17450.patch | 32 +++++++++++++++++++---------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/SPECS/binutils/CVE-2019-17450.patch b/SPECS/binutils/CVE-2019-17450.patch index 1a6b98667a5..a0956623966 100644 --- a/SPECS/binutils/CVE-2019-17450.patch +++ b/SPECS/binutils/CVE-2019-17450.patch @@ -1,27 +1,37 @@ --- a/bfd/dwarf2.c +++ b/bfd/dwarf2.c -@@ -2803,8 +2803,8 @@ +@@ -2803,13 +2803,13 @@ } static bfd_boolean -find_abstract_instance (struct comp_unit * unit, - bfd_byte * orig_info_ptr, +- struct attribute * attr_ptr, +- const char ** pname, +- bfd_boolean * is_linkage, +- char ** filename_ptr, +- int * linenumber_ptr) +find_abstract_instance (struct comp_unit *unit, -+ unsigned int recur_count, - struct attribute * attr_ptr, - const char ** pname, - bfd_boolean * is_linkage, ++ struct attribute *attr_ptr, ++ unsigned int recur_count, ++ const char **pname, ++ bfd_boolean *is_linkage, ++ char **filename_ptr, ++ int *linenumber_ptr) + { + bfd *abfd = unit->abfd; + bfd_byte *info_ptr; @@ -2820,6 +2820,14 @@ struct attribute attr; const char *name = NULL; + if (recur_count == 100) -+ { -+ _bfd_error_handler -+ (_("DWARF error: abstract instance recursion detected")); -+ bfd_set_error (bfd_error_bad_value); -+ return FALSE; -+ } ++ { ++ _bfd_error_handler ++ (_("DWARF error: abstract instance recursion detected")); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } + /* DW_FORM_ref_addr can reference an entry in a different CU. It is an offset from the .debug_info section, not the current CU. */ From 612528d6e645c6dd4dc8c04315ef55ffdb5212c7 Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Tue, 27 Oct 2020 12:52:47 -0700 Subject: [PATCH 041/145] Fix bash script issue (#284) --- .github/workflows/lint-specs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-specs.yml b/.github/workflows/lint-specs.yml index 0057e7cca1b..b439664319e 100644 --- a/.github/workflows/lint-specs.yml +++ b/.github/workflows/lint-specs.yml @@ -82,9 +82,9 @@ jobs: spec-cleaner -o linted_specs ${{ env.updated-specs }} [ -n "$(ls -A linted_specs)" ] \ && echo "Specs are not correctly formatted." \ - && echo "Linting output is available in the linted_specs artifact." + && echo "Linting output is available in the linted_specs artifact." \ && echo "Please properly format your specs according to that output before merging." \ - && echo "A diff of the changes required is printed below:" + && echo "A diff of the changes required is printed below:" \ && spec-cleaner -d --diff-prog="git --no-pager diff" ${{ env.updated-specs }} \ && exit 1 From 2e70583100e6f79d90403491e4ad72ee0c402982 Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Tue, 27 Oct 2020 15:59:35 -0700 Subject: [PATCH 042/145] Revamp failure test for spec linting action (#290) --- .github/workflows/lint-specs.yml | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/.github/workflows/lint-specs.yml b/.github/workflows/lint-specs.yml index b439664319e..939efc9d261 100644 --- a/.github/workflows/lint-specs.yml +++ b/.github/workflows/lint-specs.yml @@ -78,19 +78,22 @@ jobs: # We don't want this tool to have a low signal-to-noise ratio - name: Lint changed spec files run: | - mkdir -p linted_specs - spec-cleaner -o linted_specs ${{ env.updated-specs }} - [ -n "$(ls -A linted_specs)" ] \ - && echo "Specs are not correctly formatted." \ - && echo "Linting output is available in the linted_specs artifact." \ - && echo "Please properly format your specs according to that output before merging." \ - && echo "A diff of the changes required is printed below:" \ - && spec-cleaner -d --diff-prog="git --no-pager diff" ${{ env.updated-specs }} \ - && exit 1 + touch linted_specs.diff + spec-cleaner -d --diff-prog="git --no-pager diff" ${{ env.updated-specs }} | tee linted_specs.diff + if [ -s linted_specs.diff ] + then + echo -e "\n====================== LINTING FAILED ======================" + echo "Specs are not correctly formatted." + echo "A diff of the changes required is printed above." + echo "Linting output is available in the linted_specs artifact." + echo "Please properly format your specs according to the output before merging." + exit 1 + fi + exit 0 - uses: actions/upload-artifact@v2 if: ${{ always() }} with: name: linted_specs - path: linted_specs + path: linted_specs.diff if-no-files-found: ignore From a0eecf077b5ef1f6260f3d5629dae684afff74a3 Mon Sep 17 00:00:00 2001 From: Henry Li Date: Tue, 27 Oct 2020 22:51:40 -0700 Subject: [PATCH 043/145] format SPEC file --- SPECS/qemu-kvm/qemu-kvm.spec | 93 ++++++++++++++++++++---------------- 1 file changed, 53 insertions(+), 40 deletions(-) diff --git a/SPECS/qemu-kvm/qemu-kvm.spec b/SPECS/qemu-kvm/qemu-kvm.spec index 020f379e893..612059394eb 100644 --- a/SPECS/qemu-kvm/qemu-kvm.spec +++ b/SPECS/qemu-kvm/qemu-kvm.spec @@ -1,44 +1,43 @@ -Summary: QEMU is a machine emulator and virtualizer -Name: qemu-kvm -Version: 4.2.0 -Release: 14%{?dist} -License: GPLv2 and GPLv2+ and CC-BY and BSD -Group: Development/Tools -URL: https://www.qemu.org/ -Vendor: Microsoft Corporation -Distribution: Mariner -Source0: https://download.qemu.org/qemu-%{version}.tar.xz -Source1: 65-kvm.rules +Summary: QEMU is a machine emulator and virtualizer +Name: qemu-kvm +Version: 4.2.0 +Release: 14%{?dist} +License: GPLv2 AND GPLv2+ AND CC-BY AND BSD +Vendor: Microsoft Corporation +Distribution: Mariner +Group: Development/Tools +URL: https://www.qemu.org/ +Source0: https://download.qemu.org/qemu-%{version}.tar.xz +Source1: 65-kvm.rules # https://git.qemu.org/?p=qemu.git;a=commit;h=8ffb7265af64ec81748335ec8f20e7ab542c3850 -Patch0: CVE-2020-11102.patch +Patch0: CVE-2020-11102.patch # This vulnerability is in libslirp source code. And qemu is exposed to it when configured with libslirp. # Since Mariner does not have libslirp, it is not applicable. -Patch1: CVE-2020-7039.nopatch -Patch2: CVE-2020-1711.patch -Patch3: CVE-2020-7211.patch -Patch4: CVE-2019-20175.patch -Patch5: CVE-2020-13659.patch -Patch6: CVE-2020-16092.patch -Patch7: CVE-2020-15863.patch +Patch1: CVE-2020-7039.nopatch +Patch2: CVE-2020-1711.patch +Patch3: CVE-2020-7211.patch +Patch4: CVE-2019-20175.patch +Patch5: CVE-2020-13659.patch +Patch6: CVE-2020-16092.patch +Patch7: CVE-2020-15863.patch # CVE-2016-7161 was fixed in 2.7.0, but the CVE database was not updated. (a0d1cbdacff5df4ded16b753b38fdd9da6092968) -Patch8: CVE-2016-7161.nopatch +Patch8: CVE-2016-7161.nopatch # CVE-2015-7504 was fixed in 2.5.0, but the CVE database was not updated. (837f21aacf5a714c23ddaadbbc5212f9b661e3f7) -Patch9: CVE-2015-7504.nopatch +Patch9: CVE-2015-7504.nopatch # CVE-2017-5931 was fixed in 2.9.0, but the CVE database was not updated. (a08aaff811fb194950f79711d2afe5a892ae03a4) -Patch10: CVE-2017-5931.nopatch +Patch10: CVE-2017-5931.nopatch # CVE-2017-14167 was fixed in 2.11.0, but the CVE database was not updated. (ed4f86e8b6eff8e600c69adee68c7cd34dd2cccb) -Patch11: CVE-2017-14167.nopatch -Patch12: CVE-2020-10702.patch -Patch13: CVE-2020-10761.patch - -BuildRequires: python3-devel -BuildRequires: glib-devel -BuildRequires: pixman-devel -BuildRequires: alsa-lib-devel -BuildRequires: zlib-devel -Requires: alsa-lib -Requires: cyrus-sasl -Requires: pixman +Patch11: CVE-2017-14167.nopatch +Patch12: CVE-2020-10702.patch +Patch13: CVE-2020-10761.patch +BuildRequires: alsa-lib-devel +BuildRequires: glib-devel +BuildRequires: pixman-devel +BuildRequires: python3-devel +BuildRequires: zlib-devel +Requires: alsa-lib +Requires: cyrus-sasl +Requires: pixman %description QEMU is a generic and open source machine & userspace emulator and virtualizer. @@ -46,11 +45,11 @@ QEMU is a generic and open source machine & userspace emulator and virtualizer. %global debug_package %{nil} %package -n qemu-img -Summary: QEMU command line tool for manipulating disk images -Group: Development/Tools -Requires: glib -Requires: pixman -Requires: libstdc++ +Summary: QEMU command line tool for manipulating disk images +Group: Development/Tools +Requires: glib +Requires: libstdc++ +Requires: pixman %description -n qemu-img This package provides a command line tool for manipulating disk images. @@ -66,6 +65,7 @@ This package provides a command line tool for manipulating disk images. %patch7 -p1 %patch12 -p1 %patch13 -p1 + %build %ifarch aarch64 @@ -125,41 +125,54 @@ chmod 755 %{buildroot}%{_bindir}/qemu %{_bindir}/qemu-nbd %changelog -* Tue Oct 27 2020 Henry Li 4.2.0-14 +* Tue Oct 27 2020 Henry Li - 4.2.0-14 - Add patch for CVE-2020-10702 - Add patch for CVE-2020-10761 - Nopatch CVE-2017-5931, it was fixed in 2.9.0 - Nopatch CVE-2017-14167, it was fixed in 2.11.0 + * Tue Sep 29 2020 Daniel McIlvaney 4.2.0-13 - Nopatch CVE-2015-7504, it was fixed in 2.5.0 - Nopatch CVE-2017-5931, it was fixed in 2.9.0 - Nopatch CVE-2017-14167, it was fixed in 2.11.0 + * Mon Sep 28 2020 Daniel McIlvaney 4.2.0-12 - Nopatch CVE-2016-7161, it was fixed in 2.7 + * Mon Sep 14 2020 Nicolas Guibourge 4.2.0-11 - Add patch for CVE-2020-15863 + * Wed Sep 02 2020 Nicolas Ontiveros 4.2.0-10 - Add patch for CVE-2020-16092 + * Tue Jun 09 2020 Paul Monson 4.2.0-9 - Add patch for CVE-2019-20175 - Add patch for CVE-2020-13659 + * Thu May 21 2020 Suresh Babu Chalamalasetty 4.2.0-8 - Fix CVE-2020-1711 and CVE-2020-7211. + * Sat May 09 00:20:51 PST 2020 Nick Samson - 4.2.0-7 - Added %%license line automatically + * Fri May 1 2020 Emre Girgin 4.2.0-6 - Renaming qemu to qemu-kvm + * Tue Apr 21 2020 Emre Girgin 4.2.0-5 - Fix CVE-2020-11102. - Ignore CVE-2020-7039. - Update license and URL. - License verified. + * Mon Mar 30 2020 Chris Co 4.2.0-4 - Fix changelog to not define a sha1 macro + * Fri Mar 27 2020 Chris Co 4.2.0-3 - Add elf2dmp and virtfs-proxy-helper binaries to package - Delete unused sha1 + * Tue Mar 24 2020 Suresh Babu Chalamalasetty 4.2.0-2 - Add Qemu KVM support + * Wed Jan 8 2020 Paul Monson 4.2.0-1 - Original version for CBL-Mariner. From e90b112b41f9cd5e2c3e2dfba2d9721a75597f13 Mon Sep 17 00:00:00 2001 From: Henry Li Date: Wed, 28 Oct 2020 09:55:36 -0700 Subject: [PATCH 044/145] re-fix SPEC format --- SPECS/qemu-kvm/qemu-kvm.spec | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/SPECS/qemu-kvm/qemu-kvm.spec b/SPECS/qemu-kvm/qemu-kvm.spec index 612059394eb..b0507c71c4b 100644 --- a/SPECS/qemu-kvm/qemu-kvm.spec +++ b/SPECS/qemu-kvm/qemu-kvm.spec @@ -125,11 +125,11 @@ chmod 755 %{buildroot}%{_bindir}/qemu %{_bindir}/qemu-nbd %changelog -* Tue Oct 27 2020 Henry Li - 4.2.0-14 -- Add patch for CVE-2020-10702 -- Add patch for CVE-2020-10761 -- Nopatch CVE-2017-5931, it was fixed in 2.9.0 -- Nopatch CVE-2017-14167, it was fixed in 2.11.0 +* Tue Oct 27 2020 Henry Li - 4.2.0-14 +- Add patch for CVE-2020-10702 +- Add patch for CVE-2020-10761 +- Nopatch CVE-2017-5931, it was fixed in 2.9.0 +- Nopatch CVE-2017-14167, it was fixed in 2.11.0 * Tue Sep 29 2020 Daniel McIlvaney 4.2.0-13 - Nopatch CVE-2015-7504, it was fixed in 2.5.0 From b4894f7ab75a6cc68e576c8f1edd40fb22459581 Mon Sep 17 00:00:00 2001 From: Henry Li Date: Wed, 28 Oct 2020 10:59:41 -0700 Subject: [PATCH 045/145] fix nginx CVE --- SPECS/nginx/CVE-2019-20372.patch | 17 +++++++++++++++++ SPECS/nginx/nginx.spec | 9 ++++++--- 2 files changed, 23 insertions(+), 3 deletions(-) create mode 100644 SPECS/nginx/CVE-2019-20372.patch diff --git a/SPECS/nginx/CVE-2019-20372.patch b/SPECS/nginx/CVE-2019-20372.patch new file mode 100644 index 00000000000..ed5ad95f08a --- /dev/null +++ b/SPECS/nginx/CVE-2019-20372.patch @@ -0,0 +1,17 @@ +diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c +index 4ffb2cc..76e6705 100644 +--- a/src/http/ngx_http_special_response.c ++++ b/src/http/ngx_http_special_response.c +@@ -623,6 +623,12 @@ ngx_http_send_error_page(ngx_http_request_t *r, ngx_http_err_page_t *err_page) + return ngx_http_named_location(r, &uri); + } + ++ r->expect_tested = 1; ++ ++ if (ngx_http_discard_request_body(r) != NGX_OK) { ++ r->keepalive = 0; ++ } ++ + location = ngx_list_push(&r->headers_out.headers); + + if (location == NULL) { diff --git a/SPECS/nginx/nginx.spec b/SPECS/nginx/nginx.spec index a1b4299c415..4940c39aa3f 100644 --- a/SPECS/nginx/nginx.spec +++ b/SPECS/nginx/nginx.spec @@ -1,7 +1,7 @@ Summary: High-performance HTTP server and reverse proxy Name: nginx Version: 1.16.1 -Release: 2%{?dist} +Release: 3%{?dist} License: BSD 2-Clause URL: http://nginx.org/ Group: Applications/System @@ -10,7 +10,7 @@ Distribution: Mariner Source0: https://nginx.org/download/%{name}-%{version}.tar.gz Source1: nginx.service Source2: nginx-njs-0.2.1.tar.gz -%define sha1 nginx-njs=fd8c3f2d219f175be958796e3beaa17f3b465126 +Patch0: CVE-2019-20372.patch BuildRequires: openssl-devel BuildRequires: pcre-devel BuildRequires: which @@ -18,7 +18,7 @@ BuildRequires: which NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. %prep -%setup -q +%autosetup -p1 pushd ../ mkdir nginx-njs tar -C nginx-njs -xf %{SOURCE2} @@ -76,6 +76,9 @@ install -p -m 0644 %{SOURCE1} %{buildroot}/usr/lib/systemd/system/nginx.service %{_var}/log/nginx %changelog +* Wed Oct 28 2020 Henry Li - 1.16.1-3 +- Used autosetup +- Added patch to resolve CVE-2019-20372 * Sat May 09 00:21:09 PST 2020 Nick Samson - 1.16.1-2 - Added %%license line automatically From 85df8b47e40469de6b0853c7d0bd2565e7fdfba5 Mon Sep 17 00:00:00 2001 From: Henry Li Date: Wed, 28 Oct 2020 11:16:29 -0700 Subject: [PATCH 046/145] fix patch --- SPECS/qemu-kvm/CVE-2020-10761.patch | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/SPECS/qemu-kvm/CVE-2020-10761.patch b/SPECS/qemu-kvm/CVE-2020-10761.patch index b0dd6ceb0de..6c1f34d87f0 100644 --- a/SPECS/qemu-kvm/CVE-2020-10761.patch +++ b/SPECS/qemu-kvm/CVE-2020-10761.patch @@ -58,10 +58,10 @@ index 4ac23c8f6299..eed160c5cda1 100644 } } -diff --git a/./nbd/server.c b/../qemu2/nbd/server.c +diff --git a/nbd/server.c b/nbd/server.c index 24ebc1a..92d5207 100644 ---- a/./nbd/server.c -+++ b/../qemu2/nbd/server.c +--- a/nbd/server.c ++++ b/nbd/server.c @@ -217,7 +217,7 @@ nbd_negotiate_send_rep_verr(NBDClient *client, uint32_t type, msg = g_strdup_vprintf(fmt, va); @@ -118,10 +118,10 @@ index 24ebc1a..92d5207 100644 } ret = nbd_opt_read(client, &nb_queries, sizeof(nb_queries), errp); -diff --git a/./tests/qemu-iotests/143 b/../qemu2/tests/qemu-iotests/143 +diff --git a/tests/qemu-iotests/143 b/tests/qemu-iotests/143 index f649b36..b0b1cff 100755 ---- a/./tests/qemu-iotests/143 -+++ b/../qemu2/tests/qemu-iotests/143 +--- a/tests/qemu-iotests/143 ++++ b/tests/qemu-iotests/143 @@ -58,6 +58,10 @@ _send_qemu_cmd $QEMU_HANDLE \ $QEMU_IO_PROG -f raw -c quit \ "nbd+unix:///no_such_export?socket=$SOCK_DIR/nbd" 2>&1 \ @@ -133,10 +133,10 @@ index f649b36..b0b1cff 100755 _send_qemu_cmd $QEMU_HANDLE \ "{ 'execute': 'quit' }" \ -diff --git a/./tests/qemu-iotests/143.out b/../qemu2/tests/qemu-iotests/143.out +diff --git a/tests/qemu-iotests/143.out b/tests/qemu-iotests/143.out index 1f4001c..be1f3a6 100644 ---- a/./tests/qemu-iotests/143.out -+++ b/../qemu2/tests/qemu-iotests/143.out +--- a/tests/qemu-iotests/143.out ++++ b/tests/qemu-iotests/143.out @@ -5,6 +5,8 @@ QA output created by 143 {"return": {}} qemu-io: can't open device nbd+unix:///no_such_export?socket=SOCK_DIR/nbd: Requested export not available From 453926a1ca1ef88f874bb5500163e64822cf15fb Mon Sep 17 00:00:00 2001 From: Henry Li Date: Wed, 28 Oct 2020 11:26:27 -0700 Subject: [PATCH 047/145] fix SPEC format --- SPECS/nginx/nginx.spec | 40 ++++++++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/SPECS/nginx/nginx.spec b/SPECS/nginx/nginx.spec index 4940c39aa3f..393c8d70ec5 100644 --- a/SPECS/nginx/nginx.spec +++ b/SPECS/nginx/nginx.spec @@ -3,10 +3,10 @@ Name: nginx Version: 1.16.1 Release: 3%{?dist} License: BSD 2-Clause -URL: http://nginx.org/ -Group: Applications/System Vendor: Microsoft Corporation Distribution: Mariner +Group: Applications/System +URL: https://nginx.org/ Source0: https://nginx.org/download/%{name}-%{version}.tar.gz Source1: nginx.service Source2: nginx-njs-0.2.1.tar.gz @@ -14,6 +14,7 @@ Patch0: CVE-2019-20372.patch BuildRequires: openssl-devel BuildRequires: pcre-devel BuildRequires: which + %description NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. @@ -27,12 +28,12 @@ popd %build sh configure \ --prefix=%{_sysconfdir}//nginx \ - --sbin-path=/usr/sbin/nginx \ - --conf-path=/etc/nginx/nginx.conf \ - --pid-path=/var/run/nginx.pid \ - --lock-path=/var/run/nginx.lock \ - --error-log-path=/var/log/nginx/error.log \ - --http-log-path=/var/log/nginx/access.log \ + --sbin-path=%{_sbindir}/nginx \ + --conf-path=%{_sysconfdir}/nginx/nginx.conf \ + --pid-path=%{_var}/run/nginx.pid \ + --lock-path=%{_var}/run/nginx.lock \ + --error-log-path=%{_var}/log/nginx/error.log \ + --http-log-path=%{_var}/log/nginx/access.log \ --add-module=../nginx-njs/njs-0.2.1/nginx \ --with-http_ssl_module \ --with-pcre \ @@ -43,13 +44,14 @@ sh configure \ --with-http_stub_status_module make %{?_smp_mflags} + %install make DESTDIR=%{buildroot} install -install -vdm755 %{buildroot}/usr/lib/systemd/system +install -vdm755 %{buildroot}%{_lib}/systemd/system install -vdm755 %{buildroot}%{_var}/log install -vdm755 %{buildroot}%{_var}/opt/nginx/log ln -sfv %{_var}/opt/nginx/log %{buildroot}%{_var}/log/nginx -install -p -m 0644 %{SOURCE1} %{buildroot}/usr/lib/systemd/system/nginx.service +install -p -m 0644 %{SOURCE1} %{buildroot}%{_lib}/systemd/system/nginx.service %files %defattr(-,root,root) @@ -79,42 +81,60 @@ install -p -m 0644 %{SOURCE1} %{buildroot}/usr/lib/systemd/system/nginx.service * Wed Oct 28 2020 Henry Li - 1.16.1-3 - Used autosetup - Added patch to resolve CVE-2019-20372 + * Sat May 09 00:21:09 PST 2020 Nick Samson - 1.16.1-2 - Added %%license line automatically * Fri Mar 13 2020 Paul Monson 1.16.1-1 - Update to version 1.16.1. License verified. + * Tue Sep 03 2019 Mateusz Malisz 1.15.3-5 - Initial CBL-Mariner import from Photon (license: Apache2). + * Fri Mar 15 2019 Keerthana K 1.15.3-4 - Enable http_stub_status_module. + * Wed Nov 07 2018 Ajay Kaher 1.15.3-3 - mark config files as non replaceable on upgrade. + * Mon Sep 17 2018 Keerthana K 1.15.3-2 - Adding http_auth_request_module and http_sub_module. + * Fri Sep 7 2018 Him Kalyan Bordoloi 1.15.3-1 - Upgrade to version 1.15.3 + * Fri Jul 20 2018 Keerthana K 1.13.8-3 - Restarting nginx on failure. + * Fri Jun 08 2018 Dheeraj Shetty 1.13.8-2 - adding module njs. + * Fri May 18 2018 Srivatsa S. Bhat 1.13.8-1 - Update to version 1.13.8 to support nginx-ingress + * Thu Dec 28 2017 Divya Thaluru 1.13.5-2 - Fixed the log file directory structure + * Wed Oct 04 2017 Xiaolin Li 1.13.5-1 - Update to version 1.13.5 + * Mon May 01 2017 Dheeraj Shetty 1.11.13-2 - adding module stream to nginx. + * Wed Apr 05 2017 Priyesh Padmavilasom 1.11.13-1 - update to 1.11.13 + * Fri Nov 18 2016 Anish Swaminathan 1.10.0-5 - Add patch for CVE-2016-4450 + * Wed Jul 27 2016 Divya Thaluru 1.10.0-4 - Removed packaging of debug files + * Fri Jul 8 2016 Divya Thaluru 1.10.0-3 - Modified default pid filepath and fixed nginx systemd service + * Tue May 24 2016 Priyesh Padmavilasom 1.10.0-2 - GA - Bump release of all rpms + * Mon May 16 2016 Xiaolin Li 1.10.0-1 - Initial build. First version From 3159d7df3fa360ef5fe36bfd57e91d390a9d7556 Mon Sep 17 00:00:00 2001 From: jslobodzian Date: Wed, 28 Oct 2020 11:47:40 -0700 Subject: [PATCH 048/145] Corrected URL_LIST links to preview repo (#295) --- toolkit/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/toolkit/Makefile b/toolkit/Makefile index 2fc73112300..c52cf499ab3 100644 --- a/toolkit/Makefile +++ b/toolkit/Makefile @@ -96,8 +96,8 @@ SRPM_URL_LIST += https://packages.microsoft.com/cbl-mariner/$(RELEASE_MAJOR endif ifeq ($(USE_PREVIEW_REPO),y) -PACKAGE_URL_LIST += https://packages.microsoft.com/cbl-mariner/$(RELEASE_MAJOR_ID)/prod/preview/$(build_arch)/rpms -SRPM_URL_LIST += https://packages.microsoft.com/cbl-mariner/$(RELEASE_MAJOR_ID)/prod/preview/srpms +PACKAGE_URL_LIST += https://packages.microsoft.com/cbl-mariner/$(RELEASE_MAJOR_ID)/preview/update/$(build_arch)/rpms +SRPM_URL_LIST += https://packages.microsoft.com/cbl-mariner/$(RELEASE_MAJOR_ID)/preview/update/srpms endif REPO_LIST ?= From 8d9d99c99bd6cefe3f16a084d72e673e2c029d2b Mon Sep 17 00:00:00 2001 From: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com> Date: Wed, 28 Oct 2020 12:29:12 -0700 Subject: [PATCH 049/145] Prevent AdditionalFiles from being modified during iteration (#297) (#298) --- toolkit/scripts/imggen.mk | 1 + toolkit/tools/imagegen/configuration/configuration.go | 6 +++--- toolkit/tools/isomaker/maker.go | 6 +++--- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/toolkit/scripts/imggen.mk b/toolkit/scripts/imggen.mk index 213d6b5cc4f..5fbd8f75b7b 100644 --- a/toolkit/scripts/imggen.mk +++ b/toolkit/scripts/imggen.mk @@ -177,6 +177,7 @@ iso: $(go-isomaker) $(go-liveinstaller) $(go-imager) $(depend_CONFIG_FILE) $(CON --resources $(RESOURCES_DIR) \ --iso-repo $(local_and_external_rpm_cache) \ --log-level $(LOG_LEVEL) \ + --log-file $(LOGS_DIR)/imggen/isomaker.log \ $(if $(UNATTENDED_INSTALLER),--unattended-install) \ --output-dir $(artifact_dir) \ --image-tag=$(IMAGE_TAG) diff --git a/toolkit/tools/imagegen/configuration/configuration.go b/toolkit/tools/imagegen/configuration/configuration.go index ed5802f74a8..567c03a4154 100644 --- a/toolkit/tools/imagegen/configuration/configuration.go +++ b/toolkit/tools/imagegen/configuration/configuration.go @@ -208,12 +208,12 @@ func convertRawBinariesPath(baseDirPath string, diskConfig *Disk) { } func convertAdditionalFilesPath(baseDirPath string, systemConfig *SystemConfig) { + absAdditionalFiles := make(map[string]string) for localFilePath, targetFilePath := range systemConfig.AdditionalFiles { - delete(systemConfig.AdditionalFiles, localFilePath) - localFilePath = file.GetAbsPathWithBase(baseDirPath, localFilePath) - systemConfig.AdditionalFiles[localFilePath] = targetFilePath + absAdditionalFiles[localFilePath] = targetFilePath } + systemConfig.AdditionalFiles = absAdditionalFiles } func convertPackageListPaths(baseDirPath string, systemConfig *SystemConfig) { diff --git a/toolkit/tools/isomaker/maker.go b/toolkit/tools/isomaker/maker.go index 936debb8817..2c9cb030f2b 100644 --- a/toolkit/tools/isomaker/maker.go +++ b/toolkit/tools/isomaker/maker.go @@ -305,12 +305,12 @@ func (im *IsoMaker) copyAndRenameAdditionalFiles(configFilesAbsDirPath string) { const additionalFilesSubDirName = "additionalfiles" for _, systemConfig := range im.config.SystemConfigs { + absAdditionalFiles := make(map[string]string) for localAbsFilePath, installedSystemAbsFilePath := range systemConfig.AdditionalFiles { - delete(systemConfig.AdditionalFiles, localAbsFilePath) isoRelativeFilePath := im.copyFileToConfigRoot(configFilesAbsDirPath, additionalFilesSubDirName, localAbsFilePath) - - systemConfig.AdditionalFiles[isoRelativeFilePath] = installedSystemAbsFilePath + absAdditionalFiles[isoRelativeFilePath] = installedSystemAbsFilePath } + systemConfig.AdditionalFiles = absAdditionalFiles } } From 545af35e7c1c8001875e28daef249aface1f6556 Mon Sep 17 00:00:00 2001 From: Henry Li Date: Wed, 28 Oct 2020 13:45:22 -0700 Subject: [PATCH 050/145] fix glibc CVE --- SPECS/glibc/CVE-2019-7309.patch | 217 ++++++++++++++++++++++++++++++++ SPECS/glibc/glibc.spec | 17 ++- 2 files changed, 224 insertions(+), 10 deletions(-) create mode 100644 SPECS/glibc/CVE-2019-7309.patch diff --git a/SPECS/glibc/CVE-2019-7309.patch b/SPECS/glibc/CVE-2019-7309.patch new file mode 100644 index 00000000000..5ec8fec5d34 --- /dev/null +++ b/SPECS/glibc/CVE-2019-7309.patch @@ -0,0 +1,217 @@ +diff --git a/./ChangeLog b/ChangeLog +index 08b42bd..0e82190 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,14 @@ ++2019-02-04 H.J. Lu ++ ++ [BZ #24155] ++ CVE-2019-7309 ++ * NEWS: Updated for CVE-2019-7309. ++ * sysdeps/x86_64/memcmp.S: Use RDX_LP for size. Clear the ++ upper 32 bits of RDX register for x32. Use unsigned Jcc ++ instructions, instead of signed. ++ * sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memcmp-2. ++ * sysdeps/x86_64/x32/tst-size_t-memcmp-2.c: New test. ++ + 2018-08-01 Carlos O'Donel + + * version.h (RELEASE): Set to "stable". +diff --git a/NEWS b/NEWS +index 154ab22..d254097 100644 +--- a/NEWS ++++ b/NEWS +@@ -240,6 +240,14 @@ Security related changes: + architecture could write beyond the target buffer, resulting in a buffer + overflow. Reported by Andreas Schwab. + ++ CVE-2019-7309: x86-64 memcmp used signed Jcc instructions to check ++ size. For x86-64, memcmp on an object size larger than SSIZE_MAX ++ has undefined behavior. On x32, the size_t argument may be passed ++ in the lower 32 bits of the 64-bit RDX register with non-zero upper ++ 32 bits. When it happened with the sign bit of RDX register set, ++ memcmp gave the wrong result since it treated the size argument as ++ zero. Reported by H.J. Lu. ++ + The following bugs are resolved with this release: + + [1190] stdio: fgetc()/fread() behaviour is not POSIX compliant +@@ -422,6 +430,7 @@ The following bugs are resolved with this release: + [23459] libc: COMMON_CPUID_INDEX_80000001 isn't populated for Intel + processors + [23467] dynamic-link: x86/CET: A property note parser bug ++ [24155] x32 memcmp can treat positive length as 0 (if sign bit in RDX is set) (CVE-2019-7309) + + + Version 2.27 + +diff --git a/sysdeps/x86_64/memcmp.S b/sysdeps/x86_64/memcmp.S +index bcb4a2e88d..45918d375a 100644 +--- a/sysdeps/x86_64/memcmp.S ++++ b/sysdeps/x86_64/memcmp.S +@@ -21,14 +21,18 @@ + + .text + ENTRY (memcmp) +- test %rdx, %rdx ++#ifdef __ILP32__ ++ /* Clear the upper 32 bits. */ ++ movl %edx, %edx ++#endif ++ test %RDX_LP, %RDX_LP + jz L(finz) + cmpq $1, %rdx +- jle L(finr1b) ++ jbe L(finr1b) + subq %rdi, %rsi + movq %rdx, %r10 + cmpq $32, %r10 +- jge L(gt32) ++ jae L(gt32) + /* Handle small chunks and last block of less than 32 bytes. */ + L(small): + testq $1, %r10 +@@ -156,7 +160,7 @@ L(A32): + movq %r11, %r10 + andq $-32, %r10 + cmpq %r10, %rdi +- jge L(mt16) ++ jae L(mt16) + /* Pre-unroll to be ready for unrolled 64B loop. */ + testq $32, %rdi + jz L(A64) +@@ -178,7 +182,7 @@ L(A64): + movq %r11, %r10 + andq $-64, %r10 + cmpq %r10, %rdi +- jge L(mt32) ++ jae L(mt32) + + L(A64main): + movdqu (%rdi,%rsi), %xmm0 +@@ -216,7 +220,7 @@ L(mt32): + movq %r11, %r10 + andq $-32, %r10 + cmpq %r10, %rdi +- jge L(mt16) ++ jae L(mt16) + + L(A32main): + movdqu (%rdi,%rsi), %xmm0 +@@ -254,7 +258,7 @@ L(ATR): + movq %r11, %r10 + andq $-32, %r10 + cmpq %r10, %rdi +- jge L(mt16) ++ jae L(mt16) + testq $16, %rdi + jz L(ATR32) + +@@ -325,7 +329,7 @@ L(ATR64main): + movq %r11, %r10 + andq $-32, %r10 + cmpq %r10, %rdi +- jge L(mt16) ++ jae L(mt16) + + L(ATR32res): + movdqa (%rdi,%rsi), %xmm0 +diff --git a/sysdeps/x86_64/x32/Makefile b/sysdeps/x86_64/x32/Makefile +index f2ebc24..457c707 100644 +--- a/sysdeps/x86_64/x32/Makefile ++++ b/sysdeps/x86_64/x32/Makefile +@@ -4,3 +4,7 @@ ifeq ($(subdir),math) + # 64-bit llround. Add -fno-builtin-lround to silence the compiler. + CFLAGS-s_llround.c += -fno-builtin-lround + endif ++ ++ifeq ($(subdir),string) ++ tests += tst-size_t-memcmp-2 ++endif +\ No newline at end of file +diff --git a/sysdeps/x86_64/x32/tst-size_t-memcmp-2.c b/sysdeps/x86_64/x32/tst-size_t-memcmp-2.c +new file mode 100644 +index 0000000000..d8ae1a0813 +--- /dev/null ++++ b/sysdeps/x86_64/x32/tst-size_t-memcmp-2.c +@@ -0,0 +1,79 @@ ++/* Test memcmp with size_t in the lower 32 bits of 64-bit register. ++ Copyright (C) 2019 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#define TEST_MAIN ++#ifdef WIDE ++# define TEST_NAME "wmemcmp" ++#else ++# define TEST_NAME "memcmp" ++#endif ++ ++#include "test-size_t.h" ++ ++#ifdef WIDE ++# include ++# include ++ ++# define MEMCMP wmemcmp ++# define CHAR wchar_t ++#else ++# define MEMCMP memcmp ++# define CHAR char ++#endif ++ ++IMPL (MEMCMP, 1) ++ ++typedef int (*proto_t) (const CHAR *, const CHAR *, size_t); ++ ++static int ++__attribute__ ((noinline, noclone)) ++do_memcmp (parameter_t a, parameter_t b) ++{ ++ return CALL (&b, a.p, b.p, a.len); ++} ++ ++static int ++test_main (void) ++{ ++ test_init (); ++ ++ parameter_t dest = { { page_size / sizeof (CHAR) }, buf1 }; ++ parameter_t src = { { 0 }, buf2 }; ++ ++ memcpy (buf1, buf2, page_size); ++ ++ CHAR *p = (CHAR *) buf1; ++ p[page_size / sizeof (CHAR) - 1] = (CHAR) 1; ++ ++ int ret = 0; ++ FOR_EACH_IMPL (impl, 0) ++ { ++ src.fn = impl->fn; ++ int res = do_memcmp (dest, src); ++ if (res >= 0) ++ { ++ error (0, 0, "Wrong result in function %s: %i >= 0", ++ impl->name, res); ++ ret = 1; ++ } ++ } ++ ++ return ret ? EXIT_FAILURE : EXIT_SUCCESS; ++} ++ ++#include +-- diff --git a/SPECS/glibc/glibc.spec b/SPECS/glibc/glibc.spec index e5e258f149d..f1262af908f 100644 --- a/SPECS/glibc/glibc.spec +++ b/SPECS/glibc/glibc.spec @@ -5,7 +5,7 @@ Summary: Main C library Name: glibc Version: 2.28 -Release: 12%{?dist} +Release: 13%{?dist} License: LGPLv2+ URL: https://www.gnu.org/software/libc Group: Applications/System @@ -31,6 +31,7 @@ Patch10: CVE-2020-1751.nopatch # Marked by upstream/Ubuntu/Red Hat as not a security bug, no fix available # Rationale: Exploit requires crafted pattern in regex compiler meant only for trusted content Patch11: CVE-2018-20796.nopatch +Patch12: CVE-2019-7309.patch ExcludeArch: armv7 ppc i386 i686 Provides: rtld(GNU_HASH) Provides: /sbin/ldconfig @@ -84,16 +85,8 @@ Requires: %{name} = %{version}-%{release} Name Service Cache Daemon %prep -%setup -q +%autosetup -p1 sed -i 's/\\$$(pwd)/`pwd`/' timezone/Makefile -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 install -vdm 755 %{_builddir}/%{name}-build # do not try to explicitly provide GLIBC_PRIVATE versioned libraries %define __find_provides %{_builddir}/%{name}-%{version}/find_provides.sh @@ -308,6 +301,10 @@ grep "^FAIL: nptl/tst-eintr1" tests.sum >/dev/null && n=$((n+1)) ||: %changelog +* Wed Oct 28 2020 Henry Li - 2.28-13 +- Used autosetup +- Added patch to resolve CVE-2019-7309 + * Wed Jul 29 2020 Thomas Crain - 2.28-12 - Ignore CVE-2018-20796, as it is not a security issue From 4be01ba170b7d6d8759e464e05a62ed3679a0ce4 Mon Sep 17 00:00:00 2001 From: Henry Li Date: Wed, 28 Oct 2020 14:14:57 -0700 Subject: [PATCH 051/145] fix spec format --- SPECS/glibc/glibc.spec | 117 +++++++++++++++++++++-------------------- 1 file changed, 60 insertions(+), 57 deletions(-) diff --git a/SPECS/glibc/glibc.spec b/SPECS/glibc/glibc.spec index f1262af908f..d009a29b782 100644 --- a/SPECS/glibc/glibc.spec +++ b/SPECS/glibc/glibc.spec @@ -1,16 +1,15 @@ %global security_hardening nonow %define glibc_target_cpu %{_build} %define debug_package %{nil} - Summary: Main C library Name: glibc Version: 2.28 Release: 13%{?dist} License: LGPLv2+ -URL: https://www.gnu.org/software/libc -Group: Applications/System Vendor: Microsoft Corporation Distribution: Mariner +Group: Applications/System +URL: https://www.gnu.org/software/libc Source0: https://ftp.gnu.org/gnu/glibc/%{name}-%{version}.tar.xz Source1: locale-gen.sh Source2: locale-gen.conf @@ -30,12 +29,13 @@ Patch9: CVE-2019-6488.nopatch Patch10: CVE-2020-1751.nopatch # Marked by upstream/Ubuntu/Red Hat as not a security bug, no fix available # Rationale: Exploit requires crafted pattern in regex compiler meant only for trusted content -Patch11: CVE-2018-20796.nopatch -Patch12: CVE-2019-7309.patch -ExcludeArch: armv7 ppc i386 i686 +Patch11: CVE-2018-20796.nopatch +Patch12: CVE-2019-7309.patch +Requires: filesystem Provides: rtld(GNU_HASH) Provides: /sbin/ldconfig -Requires: filesystem +ExcludeArch: armv7 ppc i386 i686 + %description This library provides the basic routines for allocating memory, searching directories, opening and closing files, reading and @@ -43,44 +43,50 @@ writing files, string handling, pattern matching, arithmetic, and so on. %package devel -Summary: Header files for glibc -Group: Applications/System -Requires: %{name} = %{version}-%{release} +Summary: Header files for glibc +Group: Applications/System +Requires: %{name} = %{version}-%{release} + %description devel These are the header files of glibc. %package lang -Summary: Additional language files for glibc -Group: Applications/System -Requires: %{name} = %{version}-%{release} +Summary: Additional language files for glibc +Group: Applications/System +Requires: %{name} = %{version}-%{release} + %description lang These are the additional language files of glibc. %package i18n -Summary: Additional internationalization files for glibc -Group: Applications/System -Requires: %{name} = %{version}-%{release} +Summary: Additional internationalization files for glibc +Group: Applications/System +Requires: %{name} = %{version}-%{release} + %description i18n These are the additional internationalization files of glibc. %package iconv -Summary: gconv modules for glibc -Group: Applications/System -Requires: %{name} = %{version}-%{release} +Summary: gconv modules for glibc +Group: Applications/System +Requires: %{name} = %{version}-%{release} + %description iconv These is gconv modules for iconv() and iconv tools. %package tools -Summary: tools for glibc -Group: Applications/System -Requires: %{name} = %{version}-%{release} +Summary: tools for glibc +Group: Applications/System +Requires: %{name} = %{version}-%{release} + %description tools Extra tools for glibc. %package nscd -Summary: Name Service Cache Daemon -Group: Applications/System -Requires: %{name} = %{version}-%{release} +Summary: Name Service Cache Daemon +Group: Applications/System +Requires: %{name} = %{version}-%{release} + %description nscd Name Service Cache Daemon @@ -98,7 +104,7 @@ cat > find_provides.sh << _EOF if [ -d /tools ]; then /tools/lib/rpm/find-provides | grep -v GLIBC_PRIVATE else -%{_prefix}/lib/rpm/find-provides | grep -v GLIBC_PRIVATE +%{_lib}/rpm/find-provides | grep -v GLIBC_PRIVATE fi exit 0 _EOF @@ -109,7 +115,7 @@ cat > find_requires.sh << _EOF if [ -d /tools ]; then /tools/lib/rpm/find-requires %{buildroot} %{glibc_target_cpu} | grep -v GLIBC_PRIVATE else -%{_prefix}/lib/rpm/find-requires %{buildroot} %{glibc_target_cpu} | grep -v GLIBC_PRIVATE +%{_lib}/rpm/find-requires %{buildroot} %{glibc_target_cpu} | grep -v GLIBC_PRIVATE fi _EOF chmod +x find_requires.sh @@ -144,7 +150,7 @@ pushd %{_builddir}/glibc-build # Create directories make install_root=%{buildroot} install install -vdm 755 %{buildroot}%{_sysconfdir}/ld.so.conf.d -install -vdm 755 %{buildroot}/var/cache/nscd +install -vdm 755 %{buildroot}%{_var}/cache/nscd install -vdm 755 %{buildroot}%{_libdir}/locale cp -v ../%{name}-%{version}/nscd/nscd.conf %{buildroot}%{_sysconfdir}/nscd.conf # Install locale generation script and config file @@ -175,21 +181,21 @@ cat > %{buildroot}%{_sysconfdir}/nsswitch.conf <<- "EOF" EOF cat > %{buildroot}%{_sysconfdir}/ld.so.conf <<- "EOF" # Begin /etc/ld.so.conf - /usr/local/lib + %{_prefix}/local/lib /opt/lib - include /etc/ld.so.conf.d/*.conf + include %{_sysconfdir}/ld.so.conf.d/*.conf EOF popd %find_lang %{name} --all-name pushd localedata # Generate out of locale-archive an (en_US.) UTF-8 locale -mkdir -p %{buildroot}/usr/lib/locale +mkdir -p %{buildroot}%{_lib}/locale I18NPATH=. GCONV_PATH=../../glibc-build/iconvdata LC_ALL=C ../../glibc-build/locale/localedef --no-archive --prefix=%{buildroot} -A ../intl/locale.alias -i locales/en_US -c -f charmaps/UTF-8 en_US.UTF-8 -mv %{buildroot}/usr/lib/locale/en_US.utf8 %{buildroot}/usr/lib/locale/en_US.UTF-8 +mv %{buildroot}%{_lib}/locale/en_US.utf8 %{buildroot}%{_lib}/locale/en_US.UTF-8 popd # to do not depend on /bin/bash -sed -i 's@#! /bin/bash@#! /bin/sh@' %{buildroot}/usr/bin/ldd -sed -i 's@#!/bin/bash@#!/bin/sh@' %{buildroot}/usr/bin/tzselect +sed -i 's@#! /bin/bash@#! /bin/sh@' %{buildroot}%{_bindir}/ldd +sed -i 's@#!/bin/bash@#!/bin/sh@' %{buildroot}%{_bindir}/tzselect %check cd %{_builddir}/glibc-build @@ -215,7 +221,6 @@ grep "^FAIL: nptl/tst-eintr1" tests.sum >/dev/null && n=$((n+1)) ||: [ `grep ^FAIL tests.sum | wc -l` -ne $n ] && exit 1 ||: %post -p /sbin/ldconfig - %postun -p /sbin/ldconfig %files @@ -243,32 +248,32 @@ grep "^FAIL: nptl/tst-eintr1" tests.sum >/dev/null && n=$((n+1)) ||: %{_datadir}/i18n/locales/en_US %{_datarootdir}/locale/locale.alias %exclude %{_localstatedir}/lib/nss_db/Makefile -%exclude /usr/bin/catchsegv -%exclude /usr/bin/iconv -%exclude /usr/bin/mtrace -%exclude /usr/bin/pcprofiledump -%exclude /usr/bin/pldd -%exclude /usr/bin/sotruss -%exclude /usr/bin/sprof -%exclude /usr/bin/xtrace +%exclude %{_bindir}/catchsegv +%exclude %{_bindir}/iconv +%exclude %{_bindir}/mtrace +%exclude %{_bindir}/pcprofiledump +%exclude %{_bindir}/pldd +%exclude %{_bindir}/sotruss +%exclude %{_bindir}/sprof +%exclude %{_bindir}/xtrace %files iconv %defattr(-,root,root) %{_lib64dir}/gconv/* -/usr/bin/iconv -/usr/sbin/iconvconfig +%{_bindir}/iconv +%{_sbindir}/iconvconfig %files tools %defattr(-,root,root) -/usr/bin/catchsegv -/usr/bin/mtrace -/usr/bin/pcprofiledump -/usr/bin/pldd -/usr/bin/sotruss -/usr/bin/sprof -/usr/bin/xtrace -/usr/sbin/zdump -/usr/sbin/zic +%{_bindir}/catchsegv +%{_bindir}/mtrace +%{_bindir}/pcprofiledump +%{_bindir}/pldd +%{_bindir}/sotruss +%{_bindir}/sprof +%{_bindir}/xtrace +%{_sbindir}/zdump +%{_sbindir}/zic /sbin/sln %{_lib64dir}/audit/* /lib64/libpcprofile.so @@ -276,7 +281,7 @@ grep "^FAIL: nptl/tst-eintr1" tests.sum >/dev/null && n=$((n+1)) ||: %files nscd %defattr(-,root,root) %config(noreplace) %{_sysconfdir}/nscd.conf -/usr/sbin/nscd +%{_sbindir}/nscd %dir %{_localstatedir}/cache/nscd %files i18n @@ -287,7 +292,6 @@ grep "^FAIL: nptl/tst-eintr1" tests.sum >/dev/null && n=$((n+1)) ||: %exclude %{_datadir}/i18n/charmaps/ISO-8859-1.gz %exclude %{_datadir}/i18n/locales/en_US - %files devel %defattr(-,root,root) # TODO: Excluding for now to remove dependency on PERL @@ -299,7 +303,6 @@ grep "^FAIL: nptl/tst-eintr1" tests.sum >/dev/null && n=$((n+1)) ||: %files -f %{name}.lang lang %defattr(-,root,root) - %changelog * Wed Oct 28 2020 Henry Li - 2.28-13 - Used autosetup From 9ec95b3ddcaa55c8e92dd2cb63abb51eee4fc61c Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Wed, 28 Oct 2020 22:24:57 +0100 Subject: [PATCH 052/145] Revert "Disabling the MD4 algorithm. (#272)" (#301) This reverts commit 85330c701ff534f268100106d10c26ee7114008d. --- SPECS/openssl/openssl.spec | 7 ++----- .../manifests/package/pkggen_core_aarch64.txt | 12 ++++++------ .../manifests/package/pkggen_core_x86_64.txt | 12 ++++++------ .../manifests/package/toolchain_aarch64.txt | 12 ++++++------ .../resources/manifests/package/toolchain_x86_64.txt | 12 ++++++------ 5 files changed, 26 insertions(+), 29 deletions(-) diff --git a/SPECS/openssl/openssl.spec b/SPECS/openssl/openssl.spec index 377516f0ed5..e69f3bb2ab4 100644 --- a/SPECS/openssl/openssl.spec +++ b/SPECS/openssl/openssl.spec @@ -1,7 +1,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.1.1g -Release: 7%{?dist} +Release: 6%{?dist} License: OpenSSL URL: http://www.openssl.org/ Group: System Environment/Security @@ -122,7 +122,7 @@ export HASHBANGPERL=/usr/bin/perl no-idea \ no-mdc2 \ no-md2 \ - no-md4 \ + enable-md4 \ no-poly1305 \ enable-rc2 \ enable-rc4 \ @@ -257,9 +257,6 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist rm -rf $RPM_BUILD_ROOT %changelog -* Mon Oct 26 2020 Pawel Winogrodzki 1.1.1g-7 -- Removing support for the deprecated MD4 algorithm. - * Tue Jul 28 2020 Pawel Winogrodzki 1.1.1g-6 - Replacing removal of functions through the 'no--method' option with returning a method negotiating the highest supported protocol diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 227436125ed..81e0779bc14 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -105,12 +105,12 @@ perl-5.30.3-1.cm1.aarch64.rpm texinfo-6.5-7.cm1.aarch64.rpm autoconf-2.69-9.cm1.noarch.rpm automake-1.16.1-3.cm1.noarch.rpm -openssl-1.1.1g-7.cm1.aarch64.rpm -openssl-devel-1.1.1g-7.cm1.aarch64.rpm -openssl-libs-1.1.1g-7.cm1.aarch64.rpm -openssl-perl-1.1.1g-7.cm1.aarch64.rpm -openssl-static-1.1.1g-7.cm1.aarch64.rpm -openssl-debuginfo-1.1.1g-7.cm1.aarch64.rpm +openssl-1.1.1g-6.cm1.aarch64.rpm +openssl-devel-1.1.1g-6.cm1.aarch64.rpm +openssl-libs-1.1.1g-6.cm1.aarch64.rpm +openssl-perl-1.1.1g-6.cm1.aarch64.rpm +openssl-static-1.1.1g-6.cm1.aarch64.rpm +openssl-debuginfo-1.1.1g-6.cm1.aarch64.rpm libcap-2.26-2.cm1.aarch64.rpm libcap-devel-2.26-2.cm1.aarch64.rpm libdb-5.3.28-4.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index c8794df198a..4371d305298 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -105,12 +105,12 @@ perl-5.30.3-1.cm1.x86_64.rpm texinfo-6.5-7.cm1.x86_64.rpm autoconf-2.69-9.cm1.noarch.rpm automake-1.16.1-3.cm1.noarch.rpm -openssl-1.1.1g-7.cm1.x86_64.rpm -openssl-devel-1.1.1g-7.cm1.x86_64.rpm -openssl-libs-1.1.1g-7.cm1.x86_64.rpm -openssl-perl-1.1.1g-7.cm1.x86_64.rpm -openssl-static-1.1.1g-7.cm1.x86_64.rpm -openssl-debuginfo-1.1.1g-7.cm1.x86_64.rpm +openssl-1.1.1g-6.cm1.x86_64.rpm +openssl-devel-1.1.1g-6.cm1.x86_64.rpm +openssl-libs-1.1.1g-6.cm1.x86_64.rpm +openssl-perl-1.1.1g-6.cm1.x86_64.rpm +openssl-static-1.1.1g-6.cm1.x86_64.rpm +openssl-debuginfo-1.1.1g-6.cm1.x86_64.rpm libcap-2.26-2.cm1.x86_64.rpm libcap-devel-2.26-2.cm1.x86_64.rpm libdb-5.3.28-4.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 1bc5ccac1c9..63259e6d82d 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -269,12 +269,12 @@ openjdk8-doc-1.8.0.181-8.cm1.aarch64.rpm openjdk8-sample-1.8.0.181-8.cm1.aarch64.rpm openjdk8-src-1.8.0.181-8.cm1.aarch64.rpm openjre8-1.8.0.181-8.cm1.aarch64.rpm -openssl-1.1.1g-7.cm1.aarch64.rpm -openssl-debuginfo-1.1.1g-7.cm1.aarch64.rpm -openssl-devel-1.1.1g-7.cm1.aarch64.rpm -openssl-libs-1.1.1g-7.cm1.aarch64.rpm -openssl-perl-1.1.1g-7.cm1.aarch64.rpm -openssl-static-1.1.1g-7.cm1.aarch64.rpm +openssl-1.1.1g-6.cm1.aarch64.rpm +openssl-debuginfo-1.1.1g-6.cm1.aarch64.rpm +openssl-devel-1.1.1g-6.cm1.aarch64.rpm +openssl-libs-1.1.1g-6.cm1.aarch64.rpm +openssl-perl-1.1.1g-6.cm1.aarch64.rpm +openssl-static-1.1.1g-6.cm1.aarch64.rpm p11-kit-0.23.16.1-2.cm1.aarch64.rpm p11-kit-debuginfo-0.23.16.1-2.cm1.aarch64.rpm p11-kit-devel-0.23.16.1-2.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 1da6d530e44..93b4e97ba2e 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -269,12 +269,12 @@ openjdk8-doc-1.8.0.212-10.cm1.x86_64.rpm openjdk8-sample-1.8.0.212-10.cm1.x86_64.rpm openjdk8-src-1.8.0.212-10.cm1.x86_64.rpm openjre8-1.8.0.212-10.cm1.x86_64.rpm -openssl-1.1.1g-7.cm1.x86_64.rpm -openssl-debuginfo-1.1.1g-7.cm1.x86_64.rpm -openssl-devel-1.1.1g-7.cm1.x86_64.rpm -openssl-libs-1.1.1g-7.cm1.x86_64.rpm -openssl-perl-1.1.1g-7.cm1.x86_64.rpm -openssl-static-1.1.1g-7.cm1.x86_64.rpm +openssl-1.1.1g-6.cm1.x86_64.rpm +openssl-debuginfo-1.1.1g-6.cm1.x86_64.rpm +openssl-devel-1.1.1g-6.cm1.x86_64.rpm +openssl-libs-1.1.1g-6.cm1.x86_64.rpm +openssl-perl-1.1.1g-6.cm1.x86_64.rpm +openssl-static-1.1.1g-6.cm1.x86_64.rpm p11-kit-0.23.16.1-2.cm1.x86_64.rpm p11-kit-debuginfo-0.23.16.1-2.cm1.x86_64.rpm p11-kit-devel-0.23.16.1-2.cm1.x86_64.rpm From f901742520dc7a2cf1d93f7c3cedfacc6b180170 Mon Sep 17 00:00:00 2001 From: rychenf1 Date: Wed, 28 Oct 2020 14:48:57 -0700 Subject: [PATCH 053/145] Patch CVE-2020-24977 in libxml2 (#282) --- SPECS/libxml2/CVE-2020-24977.patch | 35 +++++++++++++++++++ SPECS/libxml2/libxml2.spec | 23 ++++++------ .../manifests/package/pkggen_core_aarch64.txt | 4 +-- .../manifests/package/pkggen_core_x86_64.txt | 4 +-- .../manifests/package/toolchain_aarch64.txt | 10 +++--- .../manifests/package/toolchain_x86_64.txt | 10 +++--- 6 files changed, 62 insertions(+), 24 deletions(-) create mode 100644 SPECS/libxml2/CVE-2020-24977.patch diff --git a/SPECS/libxml2/CVE-2020-24977.patch b/SPECS/libxml2/CVE-2020-24977.patch new file mode 100644 index 00000000000..f8ad63065c5 --- /dev/null +++ b/SPECS/libxml2/CVE-2020-24977.patch @@ -0,0 +1,35 @@ +From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Fri, 7 Aug 2020 21:54:27 +0200 +Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout' + +Make sure that truncated UTF-8 sequences don't cause an out-of-bounds +array access. + +Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for +the report. + +Fixes #178. +--- + xmllint.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/xmllint.c b/xmllint.c +index f6a8e4636..c647486f3 100644 +--- a/xmllint.c ++++ b/xmllint.c +@@ -528,6 +528,12 @@ static void + xmlHTMLEncodeSend(void) { + char *result; + ++ /* ++ * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might ++ * end with a truncated UTF-8 sequence. This is a hack to at least avoid ++ * an out-of-bounds read. ++ */ ++ memset(&buffer[sizeof(buffer)-4], 0, 4); + result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer); + if (result) { + xmlGenericError(xmlGenericErrorContext, "%s", result); +-- +GitLab diff --git a/SPECS/libxml2/libxml2.spec b/SPECS/libxml2/libxml2.spec index 33282bda622..526488eb322 100644 --- a/SPECS/libxml2/libxml2.spec +++ b/SPECS/libxml2/libxml2.spec @@ -1,19 +1,18 @@ %{!?python2_sitelib: %define python2_sitelib %(python2 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")} %{!?python3_sitelib: %define python3_sitelib %(python3 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")} - Summary: Libxml2 Name: libxml2 Version: 2.9.10 -Release: 2%{?dist} +Release: 3%{?dist} License: MIT -URL: http://www.xmlsoft.org/ -Group: System Environment/General Libraries Vendor: Microsoft Corporation Distribution: Mariner +Group: System Environment/General Libraries +URL: http://www.xmlsoft.org/ Source0: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz Patch0: CVE-2019-20388.patch Patch1: CVE-2020-7595.patch - +Patch2: CVE-2020-24977.patch BuildRequires: python2-devel BuildRequires: python2-libs BuildRequires: python3-devel @@ -42,8 +41,8 @@ Requires: python3 Python3 libxml2. %package devel -Summary: Libraries and header files for libxml -Requires: %{name} = %{version} +Summary: Libraries and header files for libxml +Requires: %{name} = %{version} %description devel Static libraries and header files for the support library for libxml @@ -60,13 +59,13 @@ make %{?_smp_mflags} %install [ %{buildroot} != "/"] && rm -rf %{buildroot}/* make DESTDIR=%{buildroot} install -find %{buildroot}/%{_libdir} -name '*.la' -delete +find %{buildroot} -type f -name "*.la" -delete -print %{_fixperms} %{buildroot}/* make clean %configure \ --disable-static \ - --with-python=/usr/bin/python3 + --with-python=%{_bindir}/python3 make %{?_smp_mflags} make install DESTDIR=%{buildroot} @@ -75,8 +74,10 @@ make %{?_smp_mflags} check %post -p /sbin/ldconfig %postun -p /sbin/ldconfig + %clean rm -rf %{buildroot}/* + %files %defattr(-,root,root) %license COPYING @@ -88,7 +89,6 @@ rm -rf %{buildroot}/* %{_datadir}/gtk-doc/* %{_mandir}/man1/* - %files python %defattr(-,root,root) %{python2_sitelib}/* @@ -105,6 +105,9 @@ rm -rf %{buildroot}/* %{_libdir}/cmake/libxml2/libxml2-config.cmake %changelog +* Mon Oct 26 2020 Ruying Chen - 2.9.10-3 +- Patch CVE-2020-24977. + * Wed Sep 09 2020 Thomas Crain - 2.9.10-2 - Patch CVE-2019-20388 and CVE-2020-7595. diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 81e0779bc14..9af45dc9299 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -137,8 +137,8 @@ tdnf-cli-libs-2.1.0-4.cm1.aarch64.rpm tdnf-devel-2.1.0-4.cm1.aarch64.rpm tdnf-plugin-repogpgcheck-2.1.0-4.cm1.aarch64.rpm createrepo_c-0.11.1-6.cm1.aarch64.rpm -libxml2-2.9.10-2.cm1.aarch64.rpm -libxml2-devel-2.9.10-2.cm1.aarch64.rpm +libxml2-2.9.10-3.cm1.aarch64.rpm +libxml2-devel-2.9.10-3.cm1.aarch64.rpm glib-2.58.0-6.cm1.aarch64.rpm libltdl-2.4.6-5.cm1.aarch64.rpm libltdl-devel-2.4.6-5.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 4371d305298..31ce364ff2b 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -137,8 +137,8 @@ tdnf-cli-libs-2.1.0-4.cm1.x86_64.rpm tdnf-devel-2.1.0-4.cm1.x86_64.rpm tdnf-plugin-repogpgcheck-2.1.0-4.cm1.x86_64.rpm createrepo_c-0.11.1-6.cm1.x86_64.rpm -libxml2-2.9.10-2.cm1.x86_64.rpm -libxml2-devel-2.9.10-2.cm1.x86_64.rpm +libxml2-2.9.10-3.cm1.x86_64.rpm +libxml2-devel-2.9.10-3.cm1.x86_64.rpm glib-2.58.0-6.cm1.x86_64.rpm libltdl-2.4.6-5.cm1.x86_64.rpm libltdl-devel-2.4.6-5.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 46348fbc1f3..5fa080bd4d5 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -218,10 +218,10 @@ libtasn1-debuginfo-4.14-2.cm1.aarch64.rpm libtasn1-devel-4.14-2.cm1.aarch64.rpm libtool-2.4.6-5.cm1.aarch64.rpm libtool-debuginfo-2.4.6-5.cm1.aarch64.rpm -libxml2-2.9.10-2.cm1.aarch64.rpm -libxml2-debuginfo-2.9.10-2.cm1.aarch64.rpm -libxml2-devel-2.9.10-2.cm1.aarch64.rpm -libxml2-python-2.9.10-2.cm1.aarch64.rpm +libxml2-2.9.10-3.cm1.aarch64.rpm +libxml2-debuginfo-2.9.10-3.cm1.aarch64.rpm +libxml2-devel-2.9.10-3.cm1.aarch64.rpm +libxml2-python-2.9.10-3.cm1.aarch64.rpm libxslt-1.1.34-2.cm1.aarch64.rpm libxslt-debuginfo-1.1.34-2.cm1.aarch64.rpm libxslt-devel-1.1.34-2.cm1.aarch64.rpm @@ -324,7 +324,7 @@ python2-test-2.7.18-4.cm1.aarch64.rpm python2-tools-2.7.18-4.cm1.aarch64.rpm python3-cracklib-2.9.7-2.cm1.aarch64.rpm python3-gpg-1.13.1-5.cm1.aarch64.rpm -python3-libxml2-2.9.10-2.cm1.aarch64.rpm +python3-libxml2-2.9.10-3.cm1.aarch64.rpm python3-pwquality-1.4.2-4.cm1.aarch64.rpm python3-rpm-4.14.2-10.cm1.aarch64.rpm python-curses-2.7.18-4.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 435ea25378b..84e6fe5ca6e 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -218,10 +218,10 @@ libtasn1-debuginfo-4.14-2.cm1.x86_64.rpm libtasn1-devel-4.14-2.cm1.x86_64.rpm libtool-2.4.6-5.cm1.x86_64.rpm libtool-debuginfo-2.4.6-5.cm1.x86_64.rpm -libxml2-2.9.10-2.cm1.x86_64.rpm -libxml2-debuginfo-2.9.10-2.cm1.x86_64.rpm -libxml2-devel-2.9.10-2.cm1.x86_64.rpm -libxml2-python-2.9.10-2.cm1.x86_64.rpm +libxml2-2.9.10-3.cm1.x86_64.rpm +libxml2-debuginfo-2.9.10-3.cm1.x86_64.rpm +libxml2-devel-2.9.10-3.cm1.x86_64.rpm +libxml2-python-2.9.10-3.cm1.x86_64.rpm libxslt-1.1.34-2.cm1.x86_64.rpm libxslt-debuginfo-1.1.34-2.cm1.x86_64.rpm libxslt-devel-1.1.34-2.cm1.x86_64.rpm @@ -324,7 +324,7 @@ python2-test-2.7.18-4.cm1.x86_64.rpm python2-tools-2.7.18-4.cm1.x86_64.rpm python3-cracklib-2.9.7-2.cm1.x86_64.rpm python3-gpg-1.13.1-5.cm1.x86_64.rpm -python3-libxml2-2.9.10-2.cm1.x86_64.rpm +python3-libxml2-2.9.10-3.cm1.x86_64.rpm python3-pwquality-1.4.2-4.cm1.x86_64.rpm python3-rpm-4.14.2-10.cm1.x86_64.rpm python-curses-2.7.18-4.cm1.x86_64.rpm From 880573c82ac3e588158fd0888b1aa70dd9a849c9 Mon Sep 17 00:00:00 2001 From: Henry Li Date: Wed, 28 Oct 2020 15:00:48 -0700 Subject: [PATCH 054/145] update toolchain information --- .../manifests/package/pkggen_core_aarch64.txt | 30 +++++------ .../manifests/package/pkggen_core_x86_64.txt | 30 +++++------ .../manifests/package/toolchain_aarch64.txt | 52 +++++++++---------- .../manifests/package/toolchain_x86_64.txt | 52 +++++++++---------- 4 files changed, 82 insertions(+), 82 deletions(-) diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 227436125ed..bb9db30dc2f 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,19 +1,19 @@ filesystem-1.1-7.cm1.aarch64.rpm kernel-headers-5.4.51-2.cm1.noarch.rpm -glibc-2.28-12.cm1.aarch64.rpm -glibc-devel-2.28-12.cm1.aarch64.rpm -glibc-i18n-2.28-12.cm1.aarch64.rpm -glibc-iconv-2.28-12.cm1.aarch64.rpm -glibc-lang-2.28-12.cm1.aarch64.rpm -glibc-nscd-2.28-12.cm1.aarch64.rpm -glibc-tools-2.28-12.cm1.aarch64.rpm +glibc-2.28-13.cm1.aarch64.rpm +glibc-devel-2.28-13.cm1.aarch64.rpm +glibc-i18n-2.28-13.cm1.aarch64.rpm +glibc-iconv-2.28-13.cm1.aarch64.rpm +glibc-lang-2.28-13.cm1.aarch64.rpm +glibc-nscd-2.28-13.cm1.aarch64.rpm +glibc-tools-2.28-13.cm1.aarch64.rpm zlib-1.2.11-3.cm1.aarch64.rpm zlib-devel-1.2.11-3.cm1.aarch64.rpm file-5.38-1.cm1.aarch64.rpm file-devel-5.38-1.cm1.aarch64.rpm file-libs-5.38-1.cm1.aarch64.rpm -binutils-2.32-4.cm1.aarch64.rpm -binutils-devel-2.32-4.cm1.aarch64.rpm +binutils-2.32-3.cm1.aarch64.rpm +binutils-devel-2.32-3.cm1.aarch64.rpm gmp-6.1.2-5.cm1.aarch64.rpm gmp-devel-6.1.2-5.cm1.aarch64.rpm mpfr-4.0.1-3.cm1.aarch64.rpm @@ -105,12 +105,12 @@ perl-5.30.3-1.cm1.aarch64.rpm texinfo-6.5-7.cm1.aarch64.rpm autoconf-2.69-9.cm1.noarch.rpm automake-1.16.1-3.cm1.noarch.rpm -openssl-1.1.1g-7.cm1.aarch64.rpm -openssl-devel-1.1.1g-7.cm1.aarch64.rpm -openssl-libs-1.1.1g-7.cm1.aarch64.rpm -openssl-perl-1.1.1g-7.cm1.aarch64.rpm -openssl-static-1.1.1g-7.cm1.aarch64.rpm -openssl-debuginfo-1.1.1g-7.cm1.aarch64.rpm +openssl-1.1.1g-6.cm1.aarch64.rpm +openssl-devel-1.1.1g-6.cm1.aarch64.rpm +openssl-libs-1.1.1g-6.cm1.aarch64.rpm +openssl-perl-1.1.1g-6.cm1.aarch64.rpm +openssl-static-1.1.1g-6.cm1.aarch64.rpm +openssl-debuginfo-1.1.1g-6.cm1.aarch64.rpm libcap-2.26-2.cm1.aarch64.rpm libcap-devel-2.26-2.cm1.aarch64.rpm libdb-5.3.28-4.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index c8794df198a..1620c2ce01d 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,19 +1,19 @@ filesystem-1.1-7.cm1.x86_64.rpm kernel-headers-5.4.51-2.cm1.noarch.rpm -glibc-2.28-12.cm1.x86_64.rpm -glibc-devel-2.28-12.cm1.x86_64.rpm -glibc-i18n-2.28-12.cm1.x86_64.rpm -glibc-iconv-2.28-12.cm1.x86_64.rpm -glibc-lang-2.28-12.cm1.x86_64.rpm -glibc-nscd-2.28-12.cm1.x86_64.rpm -glibc-tools-2.28-12.cm1.x86_64.rpm +glibc-2.28-13.cm1.x86_64.rpm +glibc-devel-2.28-13.cm1.x86_64.rpm +glibc-i18n-2.28-13.cm1.x86_64.rpm +glibc-iconv-2.28-13.cm1.x86_64.rpm +glibc-lang-2.28-13.cm1.x86_64.rpm +glibc-nscd-2.28-13.cm1.x86_64.rpm +glibc-tools-2.28-13.cm1.x86_64.rpm zlib-1.2.11-3.cm1.x86_64.rpm zlib-devel-1.2.11-3.cm1.x86_64.rpm file-5.38-1.cm1.x86_64.rpm file-devel-5.38-1.cm1.x86_64.rpm file-libs-5.38-1.cm1.x86_64.rpm -binutils-2.32-4.cm1.x86_64.rpm -binutils-devel-2.32-4.cm1.x86_64.rpm +binutils-2.32-3.cm1.x86_64.rpm +binutils-devel-2.32-3.cm1.x86_64.rpm gmp-6.1.2-5.cm1.x86_64.rpm gmp-devel-6.1.2-5.cm1.x86_64.rpm mpfr-4.0.1-3.cm1.x86_64.rpm @@ -105,12 +105,12 @@ perl-5.30.3-1.cm1.x86_64.rpm texinfo-6.5-7.cm1.x86_64.rpm autoconf-2.69-9.cm1.noarch.rpm automake-1.16.1-3.cm1.noarch.rpm -openssl-1.1.1g-7.cm1.x86_64.rpm -openssl-devel-1.1.1g-7.cm1.x86_64.rpm -openssl-libs-1.1.1g-7.cm1.x86_64.rpm -openssl-perl-1.1.1g-7.cm1.x86_64.rpm -openssl-static-1.1.1g-7.cm1.x86_64.rpm -openssl-debuginfo-1.1.1g-7.cm1.x86_64.rpm +openssl-1.1.1g-6.cm1.x86_64.rpm +openssl-devel-1.1.1g-6.cm1.x86_64.rpm +openssl-libs-1.1.1g-6.cm1.x86_64.rpm +openssl-perl-1.1.1g-6.cm1.x86_64.rpm +openssl-static-1.1.1g-6.cm1.x86_64.rpm +openssl-debuginfo-1.1.1g-6.cm1.x86_64.rpm libcap-2.26-2.cm1.x86_64.rpm libcap-devel-2.26-2.cm1.x86_64.rpm libdb-5.3.28-4.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 1bc5ccac1c9..c34e5d3d813 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -8,9 +8,9 @@ bash-4.4.18-5.cm1.aarch64.rpm bash-debuginfo-4.4.18-5.cm1.aarch64.rpm bash-devel-4.4.18-5.cm1.aarch64.rpm bash-lang-4.4.18-5.cm1.aarch64.rpm -binutils-2.32-4.cm1.aarch64.rpm -binutils-debuginfo-2.32-4.cm1.aarch64.rpm -binutils-devel-2.32-4.cm1.aarch64.rpm +binutils-2.32-3.cm1.aarch64.rpm +binutils-debuginfo-2.32-3.cm1.aarch64.rpm +binutils-devel-2.32-3.cm1.aarch64.rpm bison-3.1-3.cm1.aarch64.rpm bison-debuginfo-3.1-3.cm1.aarch64.rpm bzip2-1.0.6-15.cm1.aarch64.rpm @@ -104,13 +104,13 @@ gettext-0.19.8.1-3.cm1.aarch64.rpm gettext-debuginfo-0.19.8.1-3.cm1.aarch64.rpm gfortran-9.1.0-7.cm1.aarch64.rpm glib-2.58.0-6.cm1.aarch64.rpm -glibc-2.28-12.cm1.aarch64.rpm -glibc-devel-2.28-12.cm1.aarch64.rpm -glibc-i18n-2.28-12.cm1.aarch64.rpm -glibc-iconv-2.28-12.cm1.aarch64.rpm -glibc-lang-2.28-12.cm1.aarch64.rpm -glibc-nscd-2.28-12.cm1.aarch64.rpm -glibc-tools-2.28-12.cm1.aarch64.rpm +glibc-2.28-13.cm1.aarch64.rpm +glibc-devel-2.28-13.cm1.aarch64.rpm +glibc-i18n-2.28-13.cm1.aarch64.rpm +glibc-iconv-2.28-13.cm1.aarch64.rpm +glibc-lang-2.28-13.cm1.aarch64.rpm +glibc-nscd-2.28-13.cm1.aarch64.rpm +glibc-tools-2.28-13.cm1.aarch64.rpm glib-debuginfo-2.58.0-6.cm1.aarch64.rpm glib-devel-2.58.0-6.cm1.aarch64.rpm glib-schemas-2.58.0-6.cm1.aarch64.rpm @@ -269,12 +269,12 @@ openjdk8-doc-1.8.0.181-8.cm1.aarch64.rpm openjdk8-sample-1.8.0.181-8.cm1.aarch64.rpm openjdk8-src-1.8.0.181-8.cm1.aarch64.rpm openjre8-1.8.0.181-8.cm1.aarch64.rpm -openssl-1.1.1g-7.cm1.aarch64.rpm -openssl-debuginfo-1.1.1g-7.cm1.aarch64.rpm -openssl-devel-1.1.1g-7.cm1.aarch64.rpm -openssl-libs-1.1.1g-7.cm1.aarch64.rpm -openssl-perl-1.1.1g-7.cm1.aarch64.rpm -openssl-static-1.1.1g-7.cm1.aarch64.rpm +openssl-1.1.1g-6.cm1.aarch64.rpm +openssl-debuginfo-1.1.1g-6.cm1.aarch64.rpm +openssl-devel-1.1.1g-6.cm1.aarch64.rpm +openssl-libs-1.1.1g-6.cm1.aarch64.rpm +openssl-perl-1.1.1g-6.cm1.aarch64.rpm +openssl-static-1.1.1g-6.cm1.aarch64.rpm p11-kit-0.23.16.1-2.cm1.aarch64.rpm p11-kit-debuginfo-0.23.16.1-2.cm1.aarch64.rpm p11-kit-devel-0.23.16.1-2.cm1.aarch64.rpm @@ -316,22 +316,22 @@ procps-ng-3.3.15-3.cm1.aarch64.rpm procps-ng-debuginfo-3.3.15-3.cm1.aarch64.rpm procps-ng-devel-3.3.15-3.cm1.aarch64.rpm procps-ng-lang-3.3.15-3.cm1.aarch64.rpm -python2-2.7.18-4.cm1.aarch64.rpm -python2-debuginfo-2.7.18-4.cm1.aarch64.rpm -python2-devel-2.7.18-4.cm1.aarch64.rpm -python2-libs-2.7.18-4.cm1.aarch64.rpm -python2-test-2.7.18-4.cm1.aarch64.rpm -python2-tools-2.7.18-4.cm1.aarch64.rpm +python2-2.7.18-3.cm1.aarch64.rpm +python2-debuginfo-2.7.18-3.cm1.aarch64.rpm +python2-devel-2.7.18-3.cm1.aarch64.rpm +python2-libs-2.7.18-3.cm1.aarch64.rpm +python2-test-2.7.18-3.cm1.aarch64.rpm +python2-tools-2.7.18-3.cm1.aarch64.rpm python3-cracklib-2.9.7-2.cm1.aarch64.rpm python3-gpg-1.13.1-5.cm1.aarch64.rpm python3-libxml2-2.9.10-2.cm1.aarch64.rpm python3-pwquality-1.4.2-4.cm1.aarch64.rpm python3-rpm-4.14.2-10.cm1.aarch64.rpm -python-curses-2.7.18-4.cm1.aarch64.rpm +python-curses-2.7.18-3.cm1.aarch64.rpm python-gpg-1.13.1-5.cm1.aarch64.rpm python-rpm-4.14.2-10.cm1.aarch64.rpm python-setuptools-40.2.0-5.cm1.noarch.rpm -python-xml-2.7.18-4.cm1.aarch64.rpm +python-xml-2.7.18-3.cm1.aarch64.rpm readline-7.0-4.cm1.aarch64.rpm readline-debuginfo-7.0-4.cm1.aarch64.rpm readline-devel-7.0-4.cm1.aarch64.rpm @@ -370,8 +370,8 @@ tdnf-plugin-repogpgcheck-2.1.0-4.cm1.aarch64.rpm tdnf-python-2.1.0-4.cm1.aarch64.rpm texinfo-6.5-7.cm1.aarch64.rpm texinfo-debuginfo-6.5-7.cm1.aarch64.rpm -unzip-6.0-17.cm1.aarch64.rpm -unzip-debuginfo-6.0-17.cm1.aarch64.rpm +unzip-6.0-16.cm1.aarch64.rpm +unzip-debuginfo-6.0-16.cm1.aarch64.rpm util-linux-2.32.1-3.cm1.aarch64.rpm util-linux-debuginfo-2.32.1-3.cm1.aarch64.rpm util-linux-devel-2.32.1-3.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 1da6d530e44..b7ab7026ea9 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -8,9 +8,9 @@ bash-4.4.18-5.cm1.x86_64.rpm bash-debuginfo-4.4.18-5.cm1.x86_64.rpm bash-devel-4.4.18-5.cm1.x86_64.rpm bash-lang-4.4.18-5.cm1.x86_64.rpm -binutils-2.32-4.cm1.x86_64.rpm -binutils-debuginfo-2.32-4.cm1.x86_64.rpm -binutils-devel-2.32-4.cm1.x86_64.rpm +binutils-2.32-3.cm1.x86_64.rpm +binutils-debuginfo-2.32-3.cm1.x86_64.rpm +binutils-devel-2.32-3.cm1.x86_64.rpm bison-3.1-3.cm1.x86_64.rpm bison-debuginfo-3.1-3.cm1.x86_64.rpm bzip2-1.0.6-15.cm1.x86_64.rpm @@ -104,13 +104,13 @@ gettext-0.19.8.1-3.cm1.x86_64.rpm gettext-debuginfo-0.19.8.1-3.cm1.x86_64.rpm gfortran-9.1.0-7.cm1.x86_64.rpm glib-2.58.0-6.cm1.x86_64.rpm -glibc-2.28-12.cm1.x86_64.rpm -glibc-devel-2.28-12.cm1.x86_64.rpm -glibc-i18n-2.28-12.cm1.x86_64.rpm -glibc-iconv-2.28-12.cm1.x86_64.rpm -glibc-lang-2.28-12.cm1.x86_64.rpm -glibc-nscd-2.28-12.cm1.x86_64.rpm -glibc-tools-2.28-12.cm1.x86_64.rpm +glibc-2.28-13.cm1.x86_64.rpm +glibc-devel-2.28-13.cm1.x86_64.rpm +glibc-i18n-2.28-13.cm1.x86_64.rpm +glibc-iconv-2.28-13.cm1.x86_64.rpm +glibc-lang-2.28-13.cm1.x86_64.rpm +glibc-nscd-2.28-13.cm1.x86_64.rpm +glibc-tools-2.28-13.cm1.x86_64.rpm glib-debuginfo-2.58.0-6.cm1.x86_64.rpm glib-devel-2.58.0-6.cm1.x86_64.rpm glib-schemas-2.58.0-6.cm1.x86_64.rpm @@ -269,12 +269,12 @@ openjdk8-doc-1.8.0.212-10.cm1.x86_64.rpm openjdk8-sample-1.8.0.212-10.cm1.x86_64.rpm openjdk8-src-1.8.0.212-10.cm1.x86_64.rpm openjre8-1.8.0.212-10.cm1.x86_64.rpm -openssl-1.1.1g-7.cm1.x86_64.rpm -openssl-debuginfo-1.1.1g-7.cm1.x86_64.rpm -openssl-devel-1.1.1g-7.cm1.x86_64.rpm -openssl-libs-1.1.1g-7.cm1.x86_64.rpm -openssl-perl-1.1.1g-7.cm1.x86_64.rpm -openssl-static-1.1.1g-7.cm1.x86_64.rpm +openssl-1.1.1g-6.cm1.x86_64.rpm +openssl-debuginfo-1.1.1g-6.cm1.x86_64.rpm +openssl-devel-1.1.1g-6.cm1.x86_64.rpm +openssl-libs-1.1.1g-6.cm1.x86_64.rpm +openssl-perl-1.1.1g-6.cm1.x86_64.rpm +openssl-static-1.1.1g-6.cm1.x86_64.rpm p11-kit-0.23.16.1-2.cm1.x86_64.rpm p11-kit-debuginfo-0.23.16.1-2.cm1.x86_64.rpm p11-kit-devel-0.23.16.1-2.cm1.x86_64.rpm @@ -316,22 +316,22 @@ procps-ng-3.3.15-3.cm1.x86_64.rpm procps-ng-debuginfo-3.3.15-3.cm1.x86_64.rpm procps-ng-devel-3.3.15-3.cm1.x86_64.rpm procps-ng-lang-3.3.15-3.cm1.x86_64.rpm -python2-2.7.18-4.cm1.x86_64.rpm -python2-debuginfo-2.7.18-4.cm1.x86_64.rpm -python2-devel-2.7.18-4.cm1.x86_64.rpm -python2-libs-2.7.18-4.cm1.x86_64.rpm -python2-test-2.7.18-4.cm1.x86_64.rpm -python2-tools-2.7.18-4.cm1.x86_64.rpm +python2-2.7.18-3.cm1.x86_64.rpm +python2-debuginfo-2.7.18-3.cm1.x86_64.rpm +python2-devel-2.7.18-3.cm1.x86_64.rpm +python2-libs-2.7.18-3.cm1.x86_64.rpm +python2-test-2.7.18-3.cm1.x86_64.rpm +python2-tools-2.7.18-3.cm1.x86_64.rpm python3-cracklib-2.9.7-2.cm1.x86_64.rpm python3-gpg-1.13.1-5.cm1.x86_64.rpm python3-libxml2-2.9.10-2.cm1.x86_64.rpm python3-pwquality-1.4.2-4.cm1.x86_64.rpm python3-rpm-4.14.2-10.cm1.x86_64.rpm -python-curses-2.7.18-4.cm1.x86_64.rpm +python-curses-2.7.18-3.cm1.x86_64.rpm python-gpg-1.13.1-5.cm1.x86_64.rpm python-rpm-4.14.2-10.cm1.x86_64.rpm python-setuptools-40.2.0-5.cm1.noarch.rpm -python-xml-2.7.18-4.cm1.x86_64.rpm +python-xml-2.7.18-3.cm1.x86_64.rpm readline-7.0-4.cm1.x86_64.rpm readline-debuginfo-7.0-4.cm1.x86_64.rpm readline-devel-7.0-4.cm1.x86_64.rpm @@ -370,8 +370,8 @@ tdnf-plugin-repogpgcheck-2.1.0-4.cm1.x86_64.rpm tdnf-python-2.1.0-4.cm1.x86_64.rpm texinfo-6.5-7.cm1.x86_64.rpm texinfo-debuginfo-6.5-7.cm1.x86_64.rpm -unzip-6.0-17.cm1.x86_64.rpm -unzip-debuginfo-6.0-17.cm1.x86_64.rpm +unzip-6.0-16.cm1.x86_64.rpm +unzip-debuginfo-6.0-16.cm1.x86_64.rpm util-linux-2.32.1-3.cm1.x86_64.rpm util-linux-debuginfo-2.32.1-3.cm1.x86_64.rpm util-linux-devel-2.32.1-3.cm1.x86_64.rpm From ca583e3df442e57f8fb5491ee04b8eccc01620ee Mon Sep 17 00:00:00 2001 From: Henry Li Date: Wed, 28 Oct 2020 16:07:22 -0700 Subject: [PATCH 055/145] save toolchain pkg changes --- toolkit/resources/manifests/package/pkggen_core_aarch64.txt | 4 ++-- toolkit/resources/manifests/package/pkggen_core_x86_64.txt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 2d4032083b7..93e3555b790 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -12,8 +12,8 @@ zlib-devel-1.2.11-3.cm1.aarch64.rpm file-5.38-1.cm1.aarch64.rpm file-devel-5.38-1.cm1.aarch64.rpm file-libs-5.38-1.cm1.aarch64.rpm -binutils-2.32-3.cm1.aarch64.rpm -binutils-devel-2.32-3.cm1.aarch64.rpm +binutils-2.32-4.cm1.aarch64.rpm +binutils-devel-2.32-4.cm1.aarch64.rpm gmp-6.1.2-5.cm1.aarch64.rpm gmp-devel-6.1.2-5.cm1.aarch64.rpm mpfr-4.0.1-3.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 23b42c28c3c..73da4a7d2cc 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -12,8 +12,8 @@ zlib-devel-1.2.11-3.cm1.x86_64.rpm file-5.38-1.cm1.x86_64.rpm file-devel-5.38-1.cm1.x86_64.rpm file-libs-5.38-1.cm1.x86_64.rpm -binutils-2.32-3.cm1.x86_64.rpm -binutils-devel-2.32-3.cm1.x86_64.rpm +binutils-2.32-4.cm1.x86_64.rpm +binutils-devel-2.32-4.cm1.x86_64.rpm gmp-6.1.2-5.cm1.x86_64.rpm gmp-devel-6.1.2-5.cm1.x86_64.rpm mpfr-4.0.1-3.cm1.x86_64.rpm From d0e7c246ff4516ab107ecb25fea97b59df1f2df0 Mon Sep 17 00:00:00 2001 From: Henry Li Date: Wed, 28 Oct 2020 16:11:45 -0700 Subject: [PATCH 056/145] fix more toolchain manifest issue --- .../manifests/package/toolchain_aarch64.txt | 22 +++++++++---------- .../manifests/package/toolchain_x86_64.txt | 22 +++++++++---------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 79208405127..f101f90bac4 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -8,9 +8,9 @@ bash-4.4.18-5.cm1.aarch64.rpm bash-debuginfo-4.4.18-5.cm1.aarch64.rpm bash-devel-4.4.18-5.cm1.aarch64.rpm bash-lang-4.4.18-5.cm1.aarch64.rpm -binutils-2.32-3.cm1.aarch64.rpm -binutils-debuginfo-2.32-3.cm1.aarch64.rpm -binutils-devel-2.32-3.cm1.aarch64.rpm +binutils-2.32-4.cm1.aarch64.rpm +binutils-debuginfo-2.32-4.cm1.aarch64.rpm +binutils-devel-2.32-4.cm1.aarch64.rpm bison-3.1-3.cm1.aarch64.rpm bison-debuginfo-3.1-3.cm1.aarch64.rpm bzip2-1.0.6-15.cm1.aarch64.rpm @@ -316,22 +316,22 @@ procps-ng-3.3.15-3.cm1.aarch64.rpm procps-ng-debuginfo-3.3.15-3.cm1.aarch64.rpm procps-ng-devel-3.3.15-3.cm1.aarch64.rpm procps-ng-lang-3.3.15-3.cm1.aarch64.rpm -python2-2.7.18-3.cm1.aarch64.rpm -python2-debuginfo-2.7.18-3.cm1.aarch64.rpm -python2-devel-2.7.18-3.cm1.aarch64.rpm -python2-libs-2.7.18-3.cm1.aarch64.rpm -python2-test-2.7.18-3.cm1.aarch64.rpm -python2-tools-2.7.18-3.cm1.aarch64.rpm +python2-2.7.18-4.cm1.aarch64.rpm +python2-debuginfo-2.7.18-4.cm1.aarch64.rpm +python2-devel-2.7.18-4.cm1.aarch64.rpm +python2-libs-2.7.18-4.cm1.aarch64.rpm +python2-test-2.7.18-4.cm1.aarch64.rpm +python2-tools-2.7.18-4.cm1.aarch64.rpm python3-cracklib-2.9.7-2.cm1.aarch64.rpm python3-gpg-1.13.1-5.cm1.aarch64.rpm python3-libxml2-2.9.10-3.cm1.aarch64.rpm python3-pwquality-1.4.2-4.cm1.aarch64.rpm python3-rpm-4.14.2-10.cm1.aarch64.rpm -python-curses-2.7.18-3.cm1.aarch64.rpm +python-curses-2.7.18-4.cm1.aarch64.rpm python-gpg-1.13.1-5.cm1.aarch64.rpm python-rpm-4.14.2-10.cm1.aarch64.rpm python-setuptools-40.2.0-5.cm1.noarch.rpm -python-xml-2.7.18-3.cm1.aarch64.rpm +python-xml-2.7.18-4.cm1.aarch64.rpm readline-7.0-4.cm1.aarch64.rpm readline-debuginfo-7.0-4.cm1.aarch64.rpm readline-devel-7.0-4.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index fb6d3c8ffc2..8540fae08d1 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -8,9 +8,9 @@ bash-4.4.18-5.cm1.x86_64.rpm bash-debuginfo-4.4.18-5.cm1.x86_64.rpm bash-devel-4.4.18-5.cm1.x86_64.rpm bash-lang-4.4.18-5.cm1.x86_64.rpm -binutils-2.32-3.cm1.x86_64.rpm -binutils-debuginfo-2.32-3.cm1.x86_64.rpm -binutils-devel-2.32-3.cm1.x86_64.rpm +binutils-2.32-4.cm1.x86_64.rpm +binutils-debuginfo-2.32-4.cm1.x86_64.rpm +binutils-devel-2.32-4.cm1.x86_64.rpm bison-3.1-3.cm1.x86_64.rpm bison-debuginfo-3.1-3.cm1.x86_64.rpm bzip2-1.0.6-15.cm1.x86_64.rpm @@ -316,22 +316,22 @@ procps-ng-3.3.15-3.cm1.x86_64.rpm procps-ng-debuginfo-3.3.15-3.cm1.x86_64.rpm procps-ng-devel-3.3.15-3.cm1.x86_64.rpm procps-ng-lang-3.3.15-3.cm1.x86_64.rpm -python2-2.7.18-3.cm1.x86_64.rpm -python2-debuginfo-2.7.18-3.cm1.x86_64.rpm -python2-devel-2.7.18-3.cm1.x86_64.rpm -python2-libs-2.7.18-3.cm1.x86_64.rpm -python2-test-2.7.18-3.cm1.x86_64.rpm -python2-tools-2.7.18-3.cm1.x86_64.rpm +python2-2.7.18-4.cm1.x86_64.rpm +python2-debuginfo-2.7.18-4.cm1.x86_64.rpm +python2-devel-2.7.18-4.cm1.x86_64.rpm +python2-libs-2.7.18-4.cm1.x86_64.rpm +python2-test-2.7.18-4.cm1.x86_64.rpm +python2-tools-2.7.18-4.cm1.x86_64.rpm python3-cracklib-2.9.7-2.cm1.x86_64.rpm python3-gpg-1.13.1-5.cm1.x86_64.rpm python3-libxml2-2.9.10-3.cm1.x86_64.rpm python3-pwquality-1.4.2-4.cm1.x86_64.rpm python3-rpm-4.14.2-10.cm1.x86_64.rpm -python-curses-2.7.18-3.cm1.x86_64.rpm +python-curses-2.7.18-4.cm1.x86_64.rpm python-gpg-1.13.1-5.cm1.x86_64.rpm python-rpm-4.14.2-10.cm1.x86_64.rpm python-setuptools-40.2.0-5.cm1.noarch.rpm -python-xml-2.7.18-3.cm1.x86_64.rpm +python-xml-2.7.18-4.cm1.x86_64.rpm readline-7.0-4.cm1.x86_64.rpm readline-debuginfo-7.0-4.cm1.x86_64.rpm readline-devel-7.0-4.cm1.x86_64.rpm From 2b43e91b33456073ba1b3535b4edfea6ab1f565d Mon Sep 17 00:00:00 2001 From: Henry Li Date: Wed, 28 Oct 2020 16:27:45 -0700 Subject: [PATCH 057/145] address comment --- SPECS/qemu-kvm/qemu-kvm.spec | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/SPECS/qemu-kvm/qemu-kvm.spec b/SPECS/qemu-kvm/qemu-kvm.spec index b0507c71c4b..1fb063fb7ca 100644 --- a/SPECS/qemu-kvm/qemu-kvm.spec +++ b/SPECS/qemu-kvm/qemu-kvm.spec @@ -55,16 +55,7 @@ Requires: pixman This package provides a command line tool for manipulating disk images. %prep -%setup -q -n qemu-%{version} -%patch0 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch12 -p1 -%patch13 -p1 +%autosetup -p1 -n qemu-%{version} %build @@ -128,8 +119,7 @@ chmod 755 %{buildroot}%{_bindir}/qemu * Tue Oct 27 2020 Henry Li - 4.2.0-14 - Add patch for CVE-2020-10702 - Add patch for CVE-2020-10761 -- Nopatch CVE-2017-5931, it was fixed in 2.9.0 -- Nopatch CVE-2017-14167, it was fixed in 2.11.0 +- Use autosetup * Tue Sep 29 2020 Daniel McIlvaney 4.2.0-13 - Nopatch CVE-2015-7504, it was fixed in 2.5.0 From 6aebeb578b344ef63ffecefc634cb50771abc21c Mon Sep 17 00:00:00 2001 From: nicolas guibourge Date: Wed, 28 Oct 2020 16:45:03 -0700 Subject: [PATCH 058/145] Address source RPM publishing issue on packages.microsoft.com (#303) --- SPECS/liblogging/liblogging.spec | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/SPECS/liblogging/liblogging.spec b/SPECS/liblogging/liblogging.spec index 50969d8b15a..8f9b23bcfa5 100644 --- a/SPECS/liblogging/liblogging.spec +++ b/SPECS/liblogging/liblogging.spec @@ -1,7 +1,7 @@ Summary: Logging Libraries Name: liblogging Version: 1.0.6 -Release: 3%{?dist} +Release: 4%{?dist} License: BSD Vendor: Microsoft Corporation Distribution: Mariner @@ -11,8 +11,7 @@ Source0: https://download.rsyslog.com/%{name}/%{name}-%{version}.tar.gz BuildRequires: gcc %description -liblogging (the upstream project) is a collection of several components. -Namely: stdlog, journalemu, rfc3195. +liblogging (the upstream project) is a collection of several components: stdlog, journalemu and rfc3195. The stdlog component of liblogging can be viewed as an enhanced version of the syslog(3) API. It retains the easy semantics, but makes the API more sophisticated "behind the scenes" with better support for multiple threads @@ -60,6 +59,9 @@ make %{?_smp_mflags} check %{_includedir}/liblogging/*.h %changelog +* Wed Oct 28 2020 Nicolas Guibourge - 1.0.6-4 +- Address source RPM publishing issue on packages.microsoft.com + * Mon Oct 12 2020 Thomas Crain - 1.0.6-3 - Remove .la files - Lint to Mariner style From 729cdc5224cade8f4d6632510093f5c75fe427f3 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Thu, 29 Oct 2020 19:05:05 +0100 Subject: [PATCH 059/145] Fixing `qemu-kvm` CVE-2020-13253 and CVE-2020-13754. (#304) * Adding a patch for CVE-2020-13754. * Adding a patch for CVE-2020-13253. * Moving back to %setup. --- SPECS/qemu-kvm/CVE-2020-13253.patch | 134 ++++++++++++++++++++++++++++ SPECS/qemu-kvm/CVE-2020-13754.patch | 59 ++++++++++++ SPECS/qemu-kvm/qemu-kvm.spec | 91 +++++++++++-------- 3 files changed, 249 insertions(+), 35 deletions(-) create mode 100644 SPECS/qemu-kvm/CVE-2020-13253.patch create mode 100644 SPECS/qemu-kvm/CVE-2020-13754.patch diff --git a/SPECS/qemu-kvm/CVE-2020-13253.patch b/SPECS/qemu-kvm/CVE-2020-13253.patch new file mode 100644 index 00000000000..284511aed97 --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2020-13253.patch @@ -0,0 +1,134 @@ +###################################### PATCH NOTICE ####################################### + +From Pawel Winogrodzki : + +The patch below has been backported to the 4.2.0 version of QEMU. +Retained original version in terms of code changes, only affected line numbers have been +modified in order to apply the patch. + +############################## ORIGINAL PATCH BELOW THIS LINE ############################## +From 790762e5487114341cccc5bffcec4cb3c022c3cd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Thu, 4 Jun 2020 19:22:29 +0200 +Subject: [PATCH] hw/sd/sdcard: Do not switch to ReceivingData if address is + invalid +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Only move the state machine to ReceivingData if there is no +pending error. This avoids later OOB access while processing +commands queued. + + "SD Specifications Part 1 Physical Layer Simplified Spec. v3.01" + + 4.3.3 Data Read + + Read command is rejected if BLOCK_LEN_ERROR or ADDRESS_ERROR + occurred and no data transfer is performed. + + 4.3.4 Data Write + + Write command is rejected if BLOCK_LEN_ERROR or ADDRESS_ERROR + occurred and no data transfer is performed. + +WP_VIOLATION errors are not modified: the error bit is set, we +stay in receive-data state, wait for a stop command. All further +data transfer is ignored. See the check on sd->card_status at the +beginning of sd_read_data() and sd_write_data(). + +Fixes: CVE-2020-13253 +Cc: qemu-stable@nongnu.org +Reported-by: Alexander Bulekov +Buglink: https://bugs.launchpad.net/qemu/+bug/1880822 +Reviewed-by: Peter Maydell +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Alistair Francis +Message-Id: <20200630133912.9428-6-f4bug@amsat.org> +--- + hw/sd/sd.c | 34 ++++++++++++++++++++++++---------- + 1 file changed, 24 insertions(+), 10 deletions(-) + +diff --git a/hw/sd/sd.c b/hw/sd/sd.c +index 49b83576..5b4760d5 100644 +--- a/hw/sd/sd.c ++++ b/hw/sd/sd.c +@@ -1150,12 +1150,15 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) + case 17: /* CMD17: READ_SINGLE_BLOCK */ + switch (sd->state) { + case sd_transfer_state: ++ ++ if (addr + sd->blk_len > sd->size) { ++ sd->card_status |= ADDRESS_ERROR; ++ return sd_r1; ++ } ++ + sd->state = sd_sendingdata_state; + sd->data_start = addr; + sd->data_offset = 0; +- +- if (sd->data_start + sd->blk_len > sd->size) +- sd->card_status |= ADDRESS_ERROR; + return sd_r1; + + default: +@@ -1166,12 +1169,15 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) + case 18: /* CMD18: READ_MULTIPLE_BLOCK */ + switch (sd->state) { + case sd_transfer_state: ++ ++ if (addr + sd->blk_len > sd->size) { ++ sd->card_status |= ADDRESS_ERROR; ++ return sd_r1; ++ } ++ + sd->state = sd_sendingdata_state; + sd->data_start = addr; + sd->data_offset = 0; +- +- if (sd->data_start + sd->blk_len > sd->size) +- sd->card_status |= ADDRESS_ERROR; + return sd_r1; + + default: +@@ -1211,13 +1217,17 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) + /* Writing in SPI mode not implemented. */ + if (sd->spi) + break; ++ ++ if (addr + sd->blk_len > sd->size) { ++ sd->card_status |= ADDRESS_ERROR; ++ return sd_r1; ++ } ++ + sd->state = sd_receivingdata_state; + sd->data_start = addr; + sd->data_offset = 0; + sd->blk_written = 0; + +- if (sd->data_start + sd->blk_len > sd->size) +- sd->card_status |= ADDRESS_ERROR; + if (sd_wp_addr(sd, sd->data_start)) + sd->card_status |= WP_VIOLATION; + if (sd->csd[14] & 0x30) +@@ -1235,13 +1245,17 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) + /* Writing in SPI mode not implemented. */ + if (sd->spi) + break; ++ ++ if (addr + sd->blk_len > sd->size) { ++ sd->card_status |= ADDRESS_ERROR; ++ return sd_r1; ++ } ++ + sd->state = sd_receivingdata_state; + sd->data_start = addr; + sd->data_offset = 0; + sd->blk_written = 0; + +- if (sd->data_start + sd->blk_len > sd->size) +- sd->card_status |= ADDRESS_ERROR; + if (sd_wp_addr(sd, sd->data_start)) + sd->card_status |= WP_VIOLATION; + if (sd->csd[14] & 0x30) +-- diff --git a/SPECS/qemu-kvm/CVE-2020-13754.patch b/SPECS/qemu-kvm/CVE-2020-13754.patch new file mode 100644 index 00000000000..b06ce09c3a9 --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2020-13754.patch @@ -0,0 +1,59 @@ +Cc: qemu-stable@nongnu.org +Reviewed-by: Richard Henderson +Fixes: CVE-2020-13754 +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1842363 +Fixes: a014ed07bd5a ("memory: accept mismatching sizes in +memory_region_access_valid") +Signed-off-by: Michael S. Tsirkin +--- + memory.c | 29 +++++++++-------------------- + 1 file changed, 9 insertions(+), 20 deletions(-) + +diff --git a/memory.c b/memory.c +index 91ceaf9fcf..3e9388fb74 100644 +--- a/memory.c ++++ b/memory.c +@@ -1352,35 +1352,24 @@ bool memory_region_access_valid(MemoryRegion *mr, + bool is_write, + MemTxAttrs attrs) + { +- int access_size_min, access_size_max; +- int access_size, i; ++ if (mr->ops->valid.accepts ++ && !mr->ops->valid.accepts(mr->opaque, addr, size, is_write, attrs)) { ++ return false; ++ } + + if (!mr->ops->valid.unaligned && (addr & (size - 1))) { + return false; + } + +- if (!mr->ops->valid.accepts) { ++ /* Treat zero as compatibility all valid */ ++ if (!mr->ops->valid.max_access_size) { + return true; + } + +- access_size_min = mr->ops->valid.min_access_size; +- if (!mr->ops->valid.min_access_size) { +- access_size_min = 1; ++ if (size > mr->ops->valid.max_access_size ++ || size < mr->ops->valid.min_access_size) { ++ return false; + } +- +- access_size_max = mr->ops->valid.max_access_size; +- if (!mr->ops->valid.max_access_size) { +- access_size_max = 4; +- } +- +- access_size = MAX(MIN(size, access_size_max), access_size_min); +- for (i = 0; i < size; i += access_size) { +- if (!mr->ops->valid.accepts(mr->opaque, addr + i, access_size, +- is_write, attrs)) { +- return false; +- } +- } +- + return true; + } diff --git a/SPECS/qemu-kvm/qemu-kvm.spec b/SPECS/qemu-kvm/qemu-kvm.spec index 1fb063fb7ca..d28d6467a8a 100644 --- a/SPECS/qemu-kvm/qemu-kvm.spec +++ b/SPECS/qemu-kvm/qemu-kvm.spec @@ -1,7 +1,7 @@ Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 4.2.0 -Release: 14%{?dist} +Release: 15%{?dist} License: GPLv2 AND GPLv2+ AND CC-BY AND BSD Vendor: Microsoft Corporation Distribution: Mariner @@ -30,11 +30,16 @@ Patch10: CVE-2017-5931.nopatch Patch11: CVE-2017-14167.nopatch Patch12: CVE-2020-10702.patch Patch13: CVE-2020-10761.patch +# CVE-2020-13253 backported to 4.2.0. Original version: https://github.com/qemu/qemu/commit/790762e5487114341cccc5bffcec4cb3c022c3cd +Patch14: CVE-2020-13253.patch +Patch15: CVE-2020-13754.patch + BuildRequires: alsa-lib-devel BuildRequires: glib-devel BuildRequires: pixman-devel BuildRequires: python3-devel BuildRequires: zlib-devel + Requires: alsa-lib Requires: cyrus-sasl Requires: pixman @@ -55,7 +60,18 @@ Requires: pixman This package provides a command line tool for manipulating disk images. %prep -%autosetup -p1 -n qemu-%{version} +%setup -q -n qemu-%{version} +%patch0 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 %build @@ -116,53 +132,58 @@ chmod 755 %{buildroot}%{_bindir}/qemu %{_bindir}/qemu-nbd %changelog +* Wed Oct 28 2020 Pawel Winogrodzki - 4.2.0-15 +- Add patch for CVE-2020-13253. +- Add patch for CVE-2020-13754. +- Adding back regular %%setup as %%autosetup fails on the *.nopatch files. + * Tue Oct 27 2020 Henry Li - 4.2.0-14 - Add patch for CVE-2020-10702 - Add patch for CVE-2020-10761 - Use autosetup -* Tue Sep 29 2020 Daniel McIlvaney 4.2.0-13 -- Nopatch CVE-2015-7504, it was fixed in 2.5.0 -- Nopatch CVE-2017-5931, it was fixed in 2.9.0 -- Nopatch CVE-2017-14167, it was fixed in 2.11.0 +* Tue Sep 29 2020 Daniel McIlvaney - 4.2.0-13 +- Nopatch CVE-2015-7504, it was fixed in 2.5.0 +- Nopatch CVE-2017-5931, it was fixed in 2.9.0 +- Nopatch CVE-2017-14167, it was fixed in 2.11.0 -* Mon Sep 28 2020 Daniel McIlvaney 4.2.0-12 -- Nopatch CVE-2016-7161, it was fixed in 2.7 +* Mon Sep 28 2020 Daniel McIlvaney - 4.2.0-12 +- Nopatch CVE-2016-7161, it was fixed in 2.7 -* Mon Sep 14 2020 Nicolas Guibourge 4.2.0-11 -- Add patch for CVE-2020-15863 +* Mon Sep 14 2020 Nicolas Guibourge - 4.2.0-11 +- Add patch for CVE-2020-15863 -* Wed Sep 02 2020 Nicolas Ontiveros 4.2.0-10 -- Add patch for CVE-2020-16092 +* Wed Sep 02 2020 Nicolas Ontiveros - 4.2.0-10 +- Add patch for CVE-2020-16092 -* Tue Jun 09 2020 Paul Monson 4.2.0-9 -- Add patch for CVE-2019-20175 -- Add patch for CVE-2020-13659 +* Tue Jun 09 2020 Paul Monson - 4.2.0-9 +- Add patch for CVE-2019-20175 +- Add patch for CVE-2020-13659 -* Thu May 21 2020 Suresh Babu Chalamalasetty 4.2.0-8 -- Fix CVE-2020-1711 and CVE-2020-7211. +* Thu May 21 2020 Suresh Babu Chalamalasetty - 4.2.0-8 +- Fix CVE-2020-1711 and CVE-2020-7211. -* Sat May 09 00:20:51 PST 2020 Nick Samson - 4.2.0-7 -- Added %%license line automatically +* Sat May 09 00:20:51 PST 2020 Nick Samson - 4.2.0-7 +- Added %%license line automatically -* Fri May 1 2020 Emre Girgin 4.2.0-6 -- Renaming qemu to qemu-kvm +* Fri May 1 2020 Emre Girgin - 4.2.0-6 +- Renaming qemu to qemu-kvm -* Tue Apr 21 2020 Emre Girgin 4.2.0-5 -- Fix CVE-2020-11102. -- Ignore CVE-2020-7039. -- Update license and URL. -- License verified. +* Tue Apr 21 2020 Emre Girgin - 4.2.0-5 +- Fix CVE-2020-11102. +- Ignore CVE-2020-7039. +- Update license and URL. +- License verified. -* Mon Mar 30 2020 Chris Co 4.2.0-4 -- Fix changelog to not define a sha1 macro +* Mon Mar 30 2020 Chris Co - 4.2.0-4 +- Fix changelog to not define a sha1 macro -* Fri Mar 27 2020 Chris Co 4.2.0-3 -- Add elf2dmp and virtfs-proxy-helper binaries to package -- Delete unused sha1 +* Fri Mar 27 2020 Chris Co - 4.2.0-3 +- Add elf2dmp and virtfs-proxy-helper binaries to package +- Delete unused sha1 -* Tue Mar 24 2020 Suresh Babu Chalamalasetty 4.2.0-2 -- Add Qemu KVM support +* Tue Mar 24 2020 Suresh Babu Chalamalasetty - 4.2.0-2 +- Add Qemu KVM support -* Wed Jan 8 2020 Paul Monson 4.2.0-1 -- Original version for CBL-Mariner. +* Wed Jan 8 2020 Paul Monson - 4.2.0-1 +- Original version for CBL-Mariner. From 0fc247576dccfedb05d55f8f0cc8631d28e15b33 Mon Sep 17 00:00:00 2001 From: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com> Date: Thu, 29 Oct 2020 11:23:21 -0700 Subject: [PATCH 060/145] Fix qemu CVE-2020-13800 and CVE-2020-14364 (#306) --- SPECS/qemu-kvm/CVE-2020-13800.patch | 59 +++++++++++++++++++ SPECS/qemu-kvm/CVE-2020-14364.patch | 88 +++++++++++++++++++++++++++++ SPECS/qemu-kvm/qemu-kvm.spec | 10 +++- 3 files changed, 156 insertions(+), 1 deletion(-) create mode 100644 SPECS/qemu-kvm/CVE-2020-13800.patch create mode 100644 SPECS/qemu-kvm/CVE-2020-14364.patch diff --git a/SPECS/qemu-kvm/CVE-2020-13800.patch b/SPECS/qemu-kvm/CVE-2020-13800.patch new file mode 100644 index 00000000000..14f9d1a1689 --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2020-13800.patch @@ -0,0 +1,59 @@ +From a98610c429d52db0937c1e48659428929835c455 Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit +Date: Thu, 4 Jun 2020 14:38:30 +0530 +Subject: [PATCH] ati-vga: check mm_index before recursive call + (CVE-2020-13800) +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +While accessing VGA registers via ati_mm_read/write routines, +a guest may set 's->regs.mm_index' such that it leads to infinite +recursion. Check mm_index value to avoid such recursion. Log an +error message for wrong values. + +Reported-by: Ren Ding +Reported-by: Hanqing Zhao +Reported-by: Yi Ren +Message-id: 20200604090830.33885-1-ppandit@redhat.com +Suggested-by: BALATON Zoltan +Suggested-by: Philippe Mathieu-Daudé +Signed-off-by: Prasad J Pandit +Signed-off-by: Gerd Hoffmann +--- + hw/display/ati.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/hw/display/ati.c b/hw/display/ati.c +index 065f197..67604e6 100644 +--- a/hw/display/ati.c ++++ b/hw/display/ati.c +@@ -285,8 +285,11 @@ static uint64_t ati_mm_read(void *opaque, hwaddr addr, unsigned int size) + if (idx <= s->vga.vram_size - size) { + val = ldn_le_p(s->vga.vram_ptr + idx, size); + } +- } else { ++ } else if (s->regs.mm_index > MM_DATA + 3) { + val = ati_mm_read(s, s->regs.mm_index + addr - MM_DATA, size); ++ } else { ++ qemu_log_mask(LOG_GUEST_ERROR, ++ "ati_mm_read: mm_index too small: %u\n", s->regs.mm_index); + } + break; + case BIOS_0_SCRATCH ... BUS_CNTL - 1: +@@ -520,8 +523,11 @@ static void ati_mm_write(void *opaque, hwaddr addr, + if (idx <= s->vga.vram_size - size) { + stn_le_p(s->vga.vram_ptr + idx, size, data); + } +- } else { ++ } else if (s->regs.mm_index > MM_DATA + 3) { + ati_mm_write(s, s->regs.mm_index + addr - MM_DATA, data, size); ++ } else { ++ qemu_log_mask(LOG_GUEST_ERROR, ++ "ati_mm_write: mm_index too small: %u\n", s->regs.mm_index); + } + break; + case BIOS_0_SCRATCH ... BUS_CNTL - 1: +-- +1.8.3.1 + diff --git a/SPECS/qemu-kvm/CVE-2020-14364.patch b/SPECS/qemu-kvm/CVE-2020-14364.patch new file mode 100644 index 00000000000..d0037bb60ed --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2020-14364.patch @@ -0,0 +1,88 @@ +From b946434f2659a182afc17e155be6791ebfb302eb Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Tue, 25 Aug 2020 07:36:36 +0200 +Subject: [PATCH] usb: fix setup_len init (CVE-2020-14364) + +Store calculated setup_len in a local variable, verify it, and only +write it to the struct (USBDevice->setup_len) in case it passed the +sanity checks. + +This prevents other code (do_token_{in,out} functions specifically) +from working with invalid USBDevice->setup_len values and overrunning +the USBDevice->setup_buf[] buffer. + +Fixes: CVE-2020-14364 +Signed-off-by: Gerd Hoffmann +Tested-by: Gonglei +Reviewed-by: Li Qiang +Message-id: 20200825053636.29648-1-kraxel@redhat.com +--- + hw/usb/core.c | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + +diff --git a/hw/usb/core.c b/hw/usb/core.c +index 5abd128..5234dcc 100644 +--- a/hw/usb/core.c ++++ b/hw/usb/core.c +@@ -129,6 +129,7 @@ void usb_wakeup(USBEndpoint *ep, unsigned int stream) + static void do_token_setup(USBDevice *s, USBPacket *p) + { + int request, value, index; ++ unsigned int setup_len; + + if (p->iov.size != 8) { + p->status = USB_RET_STALL; +@@ -138,14 +139,15 @@ static void do_token_setup(USBDevice *s, USBPacket *p) + usb_packet_copy(p, s->setup_buf, p->iov.size); + s->setup_index = 0; + p->actual_length = 0; +- s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; +- if (s->setup_len > sizeof(s->data_buf)) { ++ setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; ++ if (setup_len > sizeof(s->data_buf)) { + fprintf(stderr, + "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n", +- s->setup_len, sizeof(s->data_buf)); ++ setup_len, sizeof(s->data_buf)); + p->status = USB_RET_STALL; + return; + } ++ s->setup_len = setup_len; + + request = (s->setup_buf[0] << 8) | s->setup_buf[1]; + value = (s->setup_buf[3] << 8) | s->setup_buf[2]; +@@ -259,26 +261,28 @@ static void do_token_out(USBDevice *s, USBPacket *p) + static void do_parameter(USBDevice *s, USBPacket *p) + { + int i, request, value, index; ++ unsigned int setup_len; + + for (i = 0; i < 8; i++) { + s->setup_buf[i] = p->parameter >> (i*8); + } + + s->setup_state = SETUP_STATE_PARAM; +- s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; + s->setup_index = 0; + + request = (s->setup_buf[0] << 8) | s->setup_buf[1]; + value = (s->setup_buf[3] << 8) | s->setup_buf[2]; + index = (s->setup_buf[5] << 8) | s->setup_buf[4]; + +- if (s->setup_len > sizeof(s->data_buf)) { ++ setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; ++ if (setup_len > sizeof(s->data_buf)) { + fprintf(stderr, + "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n", +- s->setup_len, sizeof(s->data_buf)); ++ setup_len, sizeof(s->data_buf)); + p->status = USB_RET_STALL; + return; + } ++ s->setup_len = setup_len; + + if (p->pid == USB_TOKEN_OUT) { + usb_packet_copy(p, s->data_buf, s->setup_len); +-- +1.8.3.1 + diff --git a/SPECS/qemu-kvm/qemu-kvm.spec b/SPECS/qemu-kvm/qemu-kvm.spec index d28d6467a8a..f065fcc5708 100644 --- a/SPECS/qemu-kvm/qemu-kvm.spec +++ b/SPECS/qemu-kvm/qemu-kvm.spec @@ -1,7 +1,7 @@ Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 4.2.0 -Release: 15%{?dist} +Release: 16%{?dist} License: GPLv2 AND GPLv2+ AND CC-BY AND BSD Vendor: Microsoft Corporation Distribution: Mariner @@ -33,6 +33,8 @@ Patch13: CVE-2020-10761.patch # CVE-2020-13253 backported to 4.2.0. Original version: https://github.com/qemu/qemu/commit/790762e5487114341cccc5bffcec4cb3c022c3cd Patch14: CVE-2020-13253.patch Patch15: CVE-2020-13754.patch +Patch16: CVE-2020-13800.patch +Patch17: CVE-2020-14364.patch BuildRequires: alsa-lib-devel BuildRequires: glib-devel @@ -72,6 +74,8 @@ This package provides a command line tool for manipulating disk images. %patch13 -p1 %patch14 -p1 %patch15 -p1 +%patch16 -p1 +%patch17 -p1 %build @@ -132,6 +136,10 @@ chmod 755 %{buildroot}%{_bindir}/qemu %{_bindir}/qemu-nbd %changelog +* Thu Oct 29 2020 Joe Schmitt - 4.2.0-16 +- Patch CVE-2020-13800. +- Patch CVE-2020-14364. + * Wed Oct 28 2020 Pawel Winogrodzki - 4.2.0-15 - Add patch for CVE-2020-13253. - Add patch for CVE-2020-13754. From ac39c207f45dacbd1b27b5692419c568bea1be3d Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 29 Oct 2020 14:47:02 -0700 Subject: [PATCH 061/145] Nopatch CVE-2016-2781 --- SPECS/coreutils/CVE-2016-2781.nopatch | 0 SPECS/coreutils/coreutils.spec | 10 ++++++---- 2 files changed, 6 insertions(+), 4 deletions(-) create mode 100644 SPECS/coreutils/CVE-2016-2781.nopatch diff --git a/SPECS/coreutils/CVE-2016-2781.nopatch b/SPECS/coreutils/CVE-2016-2781.nopatch new file mode 100644 index 00000000000..e69de29bb2d diff --git a/SPECS/coreutils/coreutils.spec b/SPECS/coreutils/coreutils.spec index 944500f2352..b6d215e6f24 100644 --- a/SPECS/coreutils/coreutils.spec +++ b/SPECS/coreutils/coreutils.spec @@ -1,7 +1,7 @@ Summary: Basic system utilities Name: coreutils Version: 8.30 -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv3 URL: http://www.gnu.org/software/coreutils Group: System Environment/Base @@ -12,6 +12,8 @@ Source0: http://ftp.gnu.org/gnu/coreutils/%{name}-%{version}.tar.xz Source1: serial-console.sh Patch0: http://www.linuxfromscratch.org/patches/downloads/coreutils/coreutils-8.30-i18n-1.patch Patch1: http://www.linuxfromscratch.org/patches/downloads/coreutils/coreutils-8.10-uname-1.patch +# Upstream community agreed to not fix this +Patch2: CVE-2016-2781.nopatch Requires: gmp Provides: sh-utils Conflicts: toybox @@ -27,9 +29,7 @@ Requires: coreutils >= %{version} These are the additional language files of coreutils. %prep -%setup -q -%patch0 -p1 -%patch1 -p1 +%autosetup -p1 %build autoreconf -fi @@ -84,6 +84,8 @@ sudo -u nobody -s /bin/bash -c "PATH=$PATH make -k check" %defattr(-,root,root) %changelog +* Thu Oct 29 2020 Nicolas Ontiveros 8.30-6 +- No patch CVE-2016-2781 * Mon Jun 15 2020 Andrew Phelps 8.30-5 - Add patch for uname processor type * Sat May 09 2020 Nick Samson 8.30-4 From 81fc6423a7bd46c1252163f26847fa1b3b7d9741 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 29 Oct 2020 15:18:53 -0700 Subject: [PATCH 062/145] No patch CVE-2013-0221 --- SPECS/coreutils/CVE-2013-0221.nopatch | 0 SPECS/coreutils/coreutils.spec | 3 +++ 2 files changed, 3 insertions(+) create mode 100644 SPECS/coreutils/CVE-2013-0221.nopatch diff --git a/SPECS/coreutils/CVE-2013-0221.nopatch b/SPECS/coreutils/CVE-2013-0221.nopatch new file mode 100644 index 00000000000..e69de29bb2d diff --git a/SPECS/coreutils/coreutils.spec b/SPECS/coreutils/coreutils.spec index b6d215e6f24..c96d10076bf 100644 --- a/SPECS/coreutils/coreutils.spec +++ b/SPECS/coreutils/coreutils.spec @@ -14,6 +14,8 @@ Patch0: http://www.linuxfromscratch.org/patches/downloads/coreutils/core Patch1: http://www.linuxfromscratch.org/patches/downloads/coreutils/coreutils-8.10-uname-1.patch # Upstream community agreed to not fix this Patch2: CVE-2016-2781.nopatch +# Fixed in coreutils-8.30-i18n-1.patch +Patch3: CVE-2013-0221.nopatch Requires: gmp Provides: sh-utils Conflicts: toybox @@ -86,6 +88,7 @@ sudo -u nobody -s /bin/bash -c "PATH=$PATH make -k check" %changelog * Thu Oct 29 2020 Nicolas Ontiveros 8.30-6 - No patch CVE-2016-2781 +- No patch CVE-2013-0221 * Mon Jun 15 2020 Andrew Phelps 8.30-5 - Add patch for uname processor type * Sat May 09 2020 Nick Samson 8.30-4 From 4d4e91ea687bb1c62b6d09257d69e65c4f0a4e0f Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 29 Oct 2020 15:22:00 -0700 Subject: [PATCH 063/145] Update toolchain and pkggen txt files --- toolkit/resources/manifests/package/pkggen_core_aarch64.txt | 4 ++-- toolkit/resources/manifests/package/pkggen_core_x86_64.txt | 4 ++-- toolkit/resources/manifests/package/toolchain_aarch64.txt | 6 +++--- toolkit/resources/manifests/package/toolchain_x86_64.txt | 6 +++--- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 227436125ed..2f31bc73290 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -35,8 +35,8 @@ ncurses-libs-6.2-4.cm1.aarch64.rpm ncurses-term-6.2-4.cm1.aarch64.rpm readline-7.0-4.cm1.aarch64.rpm readline-devel-7.0-4.cm1.aarch64.rpm -coreutils-8.30-5.cm1.aarch64.rpm -coreutils-lang-8.30-5.cm1.aarch64.rpm +coreutils-8.30-6.cm1.aarch64.rpm +coreutils-lang-8.30-6.cm1.aarch64.rpm bash-4.4.18-5.cm1.aarch64.rpm bash-devel-4.4.18-5.cm1.aarch64.rpm bash-lang-4.4.18-5.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index c8794df198a..c04e331ce37 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -35,8 +35,8 @@ ncurses-libs-6.2-4.cm1.x86_64.rpm ncurses-term-6.2-4.cm1.x86_64.rpm readline-7.0-4.cm1.x86_64.rpm readline-devel-7.0-4.cm1.x86_64.rpm -coreutils-8.30-5.cm1.x86_64.rpm -coreutils-lang-8.30-5.cm1.x86_64.rpm +coreutils-8.30-6.cm1.x86_64.rpm +coreutils-lang-8.30-6.cm1.x86_64.rpm bash-4.4.18-5.cm1.x86_64.rpm bash-devel-4.4.18-5.cm1.x86_64.rpm bash-lang-4.4.18-5.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 1bc5ccac1c9..7eaa55dd836 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -27,9 +27,9 @@ check-0.12.0-4.cm1.aarch64.rpm check-debuginfo-0.12.0-4.cm1.aarch64.rpm cmake-3.17.3-2.cm1.aarch64.rpm cmake-debuginfo-3.17.3-2.cm1.aarch64.rpm -coreutils-8.30-5.cm1.aarch64.rpm -coreutils-debuginfo-8.30-5.cm1.aarch64.rpm -coreutils-lang-8.30-5.cm1.aarch64.rpm +coreutils-8.30-6.cm1.aarch64.rpm +coreutils-debuginfo-8.30-6.cm1.aarch64.rpm +coreutils-lang-8.30-6.cm1.aarch64.rpm cpio-2.13-2.cm1.aarch64.rpm cpio-debuginfo-2.13-2.cm1.aarch64.rpm cpio-lang-2.13-2.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 1da6d530e44..57273cb308d 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -27,9 +27,9 @@ check-0.12.0-4.cm1.x86_64.rpm check-debuginfo-0.12.0-4.cm1.x86_64.rpm cmake-3.17.3-2.cm1.x86_64.rpm cmake-debuginfo-3.17.3-2.cm1.x86_64.rpm -coreutils-8.30-5.cm1.x86_64.rpm -coreutils-debuginfo-8.30-5.cm1.x86_64.rpm -coreutils-lang-8.30-5.cm1.x86_64.rpm +coreutils-8.30-6.cm1.x86_64.rpm +coreutils-debuginfo-8.30-6.cm1.x86_64.rpm +coreutils-lang-8.30-6.cm1.x86_64.rpm cpio-2.13-2.cm1.x86_64.rpm cpio-debuginfo-2.13-2.cm1.x86_64.rpm cpio-lang-2.13-2.cm1.x86_64.rpm From 147f0ff68e66fe76d2ad76fe23cc9d028e20e50f Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 29 Oct 2020 15:29:52 -0700 Subject: [PATCH 064/145] Fix spec linting --- SPECS/coreutils/coreutils.spec | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/SPECS/coreutils/coreutils.spec b/SPECS/coreutils/coreutils.spec index c96d10076bf..8c49f5ef8e8 100644 --- a/SPECS/coreutils/coreutils.spec +++ b/SPECS/coreutils/coreutils.spec @@ -4,9 +4,10 @@ Version: 8.30 Release: 6%{?dist} License: GPLv3 URL: http://www.gnu.org/software/coreutils -Group: System Environment/Base Vendor: Microsoft Corporation Distribution: Mariner +Group: System Environment/Base +URL: http://www.gnu.org/software/coreutils Source0: http://ftp.gnu.org/gnu/coreutils/%{name}-%{version}.tar.xz # make this package to own serial console profile since it utilizes stty tool Source1: serial-console.sh @@ -17,16 +18,18 @@ Patch2: CVE-2016-2781.nopatch # Fixed in coreutils-8.30-i18n-1.patch Patch3: CVE-2013-0221.nopatch Requires: gmp -Provides: sh-utils Conflicts: toybox +Provides: sh-utils + %description The Coreutils package contains utilities for showing and setting the basic system %package lang -Summary: Additional language files for coreutils -Group: System Environment/Base -Requires: coreutils >= %{version} +Summary: Additional language files for coreutils +Group: System Environment/Base +Requires: coreutils >= %{version} + %description lang These are the additional language files of coreutils. @@ -54,8 +57,8 @@ mv -v %{buildroot}%{_mandir}/man1/chroot.1 %{buildroot}%{_mandir}/man8/chroot.8 sed -i s/\"1\"/\"8\"/1 %{buildroot}%{_mandir}/man8/chroot.8 mv -v %{buildroot}%{_bindir}/{head,sleep,nice} %{buildroot}/bin rm -rf %{buildroot}%{_infodir} -install -vdm755 %{buildroot}/etc/profile.d -install -m 0644 %{SOURCE1} %{buildroot}/etc/profile.d/ +install -vdm755 %{buildroot}%{_sysconfdir}/profile.d +install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/profile.d/ %find_lang %{name} %check @@ -86,7 +89,7 @@ sudo -u nobody -s /bin/bash -c "PATH=$PATH make -k check" %defattr(-,root,root) %changelog -* Thu Oct 29 2020 Nicolas Ontiveros 8.30-6 +* Thu Oct 29 2020 Nicolas Ontiveros - 8.30-6 - No patch CVE-2016-2781 - No patch CVE-2013-0221 * Mon Jun 15 2020 Andrew Phelps 8.30-5 From b508adacaa2cadba9e62d62683d2a5cf0fd173ed Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 29 Oct 2020 15:35:56 -0700 Subject: [PATCH 065/145] Remove extra "url" --- SPECS/coreutils/coreutils.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/SPECS/coreutils/coreutils.spec b/SPECS/coreutils/coreutils.spec index 8c49f5ef8e8..5220acc601e 100644 --- a/SPECS/coreutils/coreutils.spec +++ b/SPECS/coreutils/coreutils.spec @@ -3,7 +3,6 @@ Name: coreutils Version: 8.30 Release: 6%{?dist} License: GPLv3 -URL: http://www.gnu.org/software/coreutils Vendor: Microsoft Corporation Distribution: Mariner Group: System Environment/Base From f267d1d72d36439265689d89f3aaa91a3a3866d6 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 29 Oct 2020 15:37:49 -0700 Subject: [PATCH 066/145] Fix url HTTPS and changelog spaces --- SPECS/coreutils/coreutils.spec | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/SPECS/coreutils/coreutils.spec b/SPECS/coreutils/coreutils.spec index 5220acc601e..17a9aa2e16b 100644 --- a/SPECS/coreutils/coreutils.spec +++ b/SPECS/coreutils/coreutils.spec @@ -6,7 +6,7 @@ License: GPLv3 Vendor: Microsoft Corporation Distribution: Mariner Group: System Environment/Base -URL: http://www.gnu.org/software/coreutils +URL: https://www.gnu.org/software/coreutils Source0: http://ftp.gnu.org/gnu/coreutils/%{name}-%{version}.tar.xz # make this package to own serial console profile since it utilizes stty tool Source1: serial-console.sh @@ -91,29 +91,42 @@ sudo -u nobody -s /bin/bash -c "PATH=$PATH make -k check" * Thu Oct 29 2020 Nicolas Ontiveros - 8.30-6 - No patch CVE-2016-2781 - No patch CVE-2013-0221 + * Mon Jun 15 2020 Andrew Phelps 8.30-5 - Add patch for uname processor type + * Sat May 09 2020 Nick Samson 8.30-4 - Added %%license line automatically + * Tue Dec 03 2019 Andrew Phelps 8.30-3 - Run autoconf to remake build system files + * Tue Sep 03 2019 Mateusz Malisz 8.30-2 - Initial CBL-Mariner import from Photon (license: Apache2). + * Fri Sep 07 2018 Alexey Makhalov 8.30-1 - Version update to support glibc-2.28 + * Tue Aug 28 2018 Alexey Makhalov 8.27-4 - Add serial-console profile.d script + * Mon Oct 02 2017 Alexey Makhalov 8.27-3 - Added conflicts toybox + * Wed Aug 09 2017 Rongrong Qiu 8.27-2 - Fix make check for bug 1900253 + * Thu Apr 06 2017 Anish Swaminathan 8.27-1 - Upgraded to version 8.27 + * Tue May 24 2016 Priyesh Padmavilasom 8.25-2 - GA - Bump release of all rpms + * Tue May 17 2016 Divya Thaluru 8.25-1 - Updated to version 8.25 + * Tue Jan 12 2016 Xiaolin Li 8.24-1 - Updated to version 8.24 + * Wed Nov 5 2014 Divya Thaluru 8.22-1 - Initial build. First version From a44aea8298507f85b15f5bafce79e355db43e3b5 Mon Sep 17 00:00:00 2001 From: rychenf1 Date: Thu, 29 Oct 2020 16:32:07 -0700 Subject: [PATCH 067/145] Patch CVE-2020-13791 in qemu (#281) * Patch CVE-2020-13791 in qemu * Run spec-cleaner * rebase, adjust release and patch number --- SPECS/qemu-kvm/CVE-2020-13791.patch | 70 +++++++++++++++++++++++++++++ SPECS/qemu-kvm/qemu-kvm.spec | 7 ++- 2 files changed, 76 insertions(+), 1 deletion(-) create mode 100644 SPECS/qemu-kvm/CVE-2020-13791.patch diff --git a/SPECS/qemu-kvm/CVE-2020-13791.patch b/SPECS/qemu-kvm/CVE-2020-13791.patch new file mode 100644 index 00000000000..f3348baee8f --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2020-13791.patch @@ -0,0 +1,70 @@ +From: Prasad J Pandit + +While reading PCI configuration bytes, a guest may send an +address towards the end of the configuration space. It may lead +to an OOB access issue. Add check to ensure 'address + size' is +within PCI configuration space. + +Reported-by: Ren Ding +Reported-by: Hanqing Zhao +Reported-by: Yi Ren +Signed-off-by: Prasad J Pandit +--- + hw/display/ati.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +Update v2: add check to avoid OOB PCI configuration space access + -> https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00711.html + +diff --git a/hw/display/ati.c b/hw/display/ati.c +index bda4a2d816..6671959e5d 100644 +--- a/hw/display/ati.c ++++ b/hw/display/ati.c +@@ -384,7 +384,10 @@ static uint64_t ati_mm_read(void *opaque + val = s->regs.crtc_pitch; + break; + case 0xf00 ... 0xfff: +- val = pci_default_read_config(&s->dev, addr - 0xf00, size); ++ addr = addr - 0xf00; ++ if (addr + size <= 0xff) { ++ val = pci_default_read_config(&s->dev, addr, size); ++ } + break; + case CUR_OFFSET: + val = s->regs.cur_offset; +-- +2.26.2 + + +From: Prasad J Pandit + +While reading PCI configuration bytes, a guest may send an +address towards the end of the configuration space. It may lead +to an OOB access issue. Add check to ensure 'address + len' is +within PCI configuration space. + +Reported-by: Ren Ding +Reported-by: Hanqing Zhao +Reported-by: Yi Ren +Signed-off-by: Prasad J Pandit +--- + hw/pci/pci.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/hw/pci/pci.c b/hw/pci/pci.c +index 70c66965f5..4429fa9401 100644 +--- a/hw/pci/pci.c ++++ b/hw/pci/pci.c +@@ -1385,7 +1385,9 @@ uint32_t pci_default_read_config(PCIDevice *d, + ranges_overlap(address, len, d->exp.exp_cap + PCI_EXP_LNKSTA, 2)) { + pcie_sync_bridge_lnk(d); + } +- memcpy(&val, d->config + address, len); ++ if (address + len <= pci_config_size(d)) { ++ memcpy(&val, d->config + address, len); ++ } + return le32_to_cpu(val); + } + +-- +2.26.2 \ No newline at end of file diff --git a/SPECS/qemu-kvm/qemu-kvm.spec b/SPECS/qemu-kvm/qemu-kvm.spec index f065fcc5708..df82244bf23 100644 --- a/SPECS/qemu-kvm/qemu-kvm.spec +++ b/SPECS/qemu-kvm/qemu-kvm.spec @@ -1,7 +1,7 @@ Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 4.2.0 -Release: 16%{?dist} +Release: 17%{?dist} License: GPLv2 AND GPLv2+ AND CC-BY AND BSD Vendor: Microsoft Corporation Distribution: Mariner @@ -35,6 +35,7 @@ Patch14: CVE-2020-13253.patch Patch15: CVE-2020-13754.patch Patch16: CVE-2020-13800.patch Patch17: CVE-2020-14364.patch +Patch18: CVE-2020-13791.patch BuildRequires: alsa-lib-devel BuildRequires: glib-devel @@ -76,6 +77,7 @@ This package provides a command line tool for manipulating disk images. %patch15 -p1 %patch16 -p1 %patch17 -p1 +%patch18 -p1 %build @@ -136,6 +138,9 @@ chmod 755 %{buildroot}%{_bindir}/qemu %{_bindir}/qemu-nbd %changelog +* Thu Oct 29 2020 Ruying Chen - 4.2.0-17 +- Patch CVE-2020-13791. + * Thu Oct 29 2020 Joe Schmitt - 4.2.0-16 - Patch CVE-2020-13800. - Patch CVE-2020-14364. From 6a01bda8c7c3b8284df8a3b059430a6e16c51e8a Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 29 Oct 2020 16:42:16 -0700 Subject: [PATCH 068/145] No patch CVE-2019-6293 --- SPECS/flex/CVE-2019-6293.nopatch | 0 SPECS/flex/flex.spec | 21 ++++++++++++++++++--- 2 files changed, 18 insertions(+), 3 deletions(-) create mode 100644 SPECS/flex/CVE-2019-6293.nopatch diff --git a/SPECS/flex/CVE-2019-6293.nopatch b/SPECS/flex/CVE-2019-6293.nopatch new file mode 100644 index 00000000000..e69de29bb2d diff --git a/SPECS/flex/flex.spec b/SPECS/flex/flex.spec index 4ef9b4d9fd4..b72f725b36d 100644 --- a/SPECS/flex/flex.spec +++ b/SPECS/flex/flex.spec @@ -1,7 +1,7 @@ Summary: A utility for generating programs that recognize patterns in text Name: flex Version: 2.6.4 -Release: 5%{?dist} +Release: 6%{?dist} License: BSD URL: https://github.com/westes/flex Group: Applications/System @@ -10,6 +10,8 @@ Distribution: Mariner Source0: https://github.com/westes/flex/releases/download/v%{version}/%{name}-%{version}.tar.gz BuildRequires: m4 Requires: m4 +# Upstream community decided to not fix this +Patch0: CVE-2019-6293.nopatch %description The Flex package contains a utility for generating programs @@ -70,29 +72,42 @@ make %{?_smp_mflags} check %{_includedir}/* %changelog -* Sat May 09 00:21:32 PST 2020 Nick Samson - 2.6.4-5 -- Added %%license line automatically +* Thu Oct 29 2020 Nicolas Ontiveros - 2.6.4-6 +- No patch CVE-2019-6293 + +* Sat May 09 2020 Nick Samson - 2.6.4-5 +- Added %%license line automatically * Thu Apr 23 2020 Andrew Phelps 2.6.4-4 - Fix URL. - License verified. + * Tue Sep 03 2019 Mateusz Malisz 2.6.4-3 - Initial CBL-Mariner import from Photon (license: Apache2). + * Fri Aug 4 2017 Alexey Makhalov 2.6.4-2 - Use _GNU_SOURCE + * Thu May 11 2017 Chang Lee 2.6.4-1 - Updated to version 2.6.4 + * Tue Apr 04 2017 Chang Lee 2.6.0-1 - Updated to version 2.6.0 + * Thu Oct 13 2016 Kumar Kaushik 2.5.39-3 - Fixing Security bug CVE-2016-6354. + * Tue May 24 2016 Priyesh Padmavilasom 2.5.39-2 - GA - Bump release of all rpms + * Tue Jan 12 2016 Xiaolin Li 2.5.39-1 - Updated to version 2.5.39 + * Mon Oct 12 2015 Xiaolin Li 2.5.38-3 - Moving static lib files to devel package. + * Fri Jun 5 2015 Divya Thaluru 2.5.38-2 - Adding m4 package to build and run time required package + * Wed Nov 5 2014 Divya Thaluru 2.5.38-1 - Initial build. First version From 8276cd532bf9c1eedc7242fad27d239972f6b324 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 29 Oct 2020 17:03:54 -0700 Subject: [PATCH 069/145] Update toolchain txt files --- toolkit/resources/manifests/package/pkggen_core_aarch64.txt | 4 ++-- toolkit/resources/manifests/package/pkggen_core_x86_64.txt | 4 ++-- toolkit/resources/manifests/package/toolchain_aarch64.txt | 6 +++--- toolkit/resources/manifests/package/toolchain_x86_64.txt | 6 +++--- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 227436125ed..5fad63a4087 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -72,8 +72,8 @@ zstd-1.4.4-1.cm1.aarch64.rpm zstd-devel-1.4.4-1.cm1.aarch64.rpm zstd-libs-1.4.4-1.cm1.aarch64.rpm libtool-2.4.6-5.cm1.aarch64.rpm -flex-2.6.4-5.cm1.aarch64.rpm -flex-devel-2.6.4-5.cm1.aarch64.rpm +flex-2.6.4-6.cm1.aarch64.rpm +flex-devel-2.6.4-6.cm1.aarch64.rpm bison-3.1-3.cm1.aarch64.rpm popt-1.16-7.cm1.aarch64.rpm popt-devel-1.16-7.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index c8794df198a..80193357c5e 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -72,8 +72,8 @@ zstd-1.4.4-1.cm1.x86_64.rpm zstd-devel-1.4.4-1.cm1.x86_64.rpm zstd-libs-1.4.4-1.cm1.x86_64.rpm libtool-2.4.6-5.cm1.x86_64.rpm -flex-2.6.4-5.cm1.x86_64.rpm -flex-devel-2.6.4-5.cm1.x86_64.rpm +flex-2.6.4-6.cm1.x86_64.rpm +flex-devel-2.6.4-6.cm1.x86_64.rpm bison-3.1-3.cm1.x86_64.rpm popt-1.16-7.cm1.x86_64.rpm popt-devel-1.16-7.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 1bc5ccac1c9..b0a8c7a760e 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -86,9 +86,9 @@ filesystem-1.1-7.cm1.aarch64.rpm findutils-4.6.0-7.cm1.aarch64.rpm findutils-debuginfo-4.6.0-7.cm1.aarch64.rpm findutils-lang-4.6.0-7.cm1.aarch64.rpm -flex-2.6.4-5.cm1.aarch64.rpm -flex-debuginfo-2.6.4-5.cm1.aarch64.rpm -flex-devel-2.6.4-5.cm1.aarch64.rpm +flex-2.6.4-6.cm1.aarch64.rpm +flex-debuginfo-2.6.4-6.cm1.aarch64.rpm +flex-devel-2.6.4-6.cm1.aarch64.rpm freetype-2.9.1-4.cm1.aarch64.rpm freetype-debuginfo-2.9.1-4.cm1.aarch64.rpm freetype-devel-2.9.1-4.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 1da6d530e44..5420cde1435 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -86,9 +86,9 @@ filesystem-1.1-7.cm1.x86_64.rpm findutils-4.6.0-7.cm1.x86_64.rpm findutils-debuginfo-4.6.0-7.cm1.x86_64.rpm findutils-lang-4.6.0-7.cm1.x86_64.rpm -flex-2.6.4-5.cm1.x86_64.rpm -flex-debuginfo-2.6.4-5.cm1.x86_64.rpm -flex-devel-2.6.4-5.cm1.x86_64.rpm +flex-2.6.4-6.cm1.x86_64.rpm +flex-debuginfo-2.6.4-6.cm1.x86_64.rpm +flex-devel-2.6.4-6.cm1.x86_64.rpm freetype-2.9.1-4.cm1.x86_64.rpm freetype-debuginfo-2.9.1-4.cm1.x86_64.rpm freetype-devel-2.9.1-4.cm1.x86_64.rpm From 79f39d9a42e6d6738a03e7f39c16889adcde8c1b Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 29 Oct 2020 17:08:40 -0700 Subject: [PATCH 070/145] Lint changelog --- SPECS/flex/flex.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/SPECS/flex/flex.spec b/SPECS/flex/flex.spec index b72f725b36d..81801f8ecbb 100644 --- a/SPECS/flex/flex.spec +++ b/SPECS/flex/flex.spec @@ -72,11 +72,11 @@ make %{?_smp_mflags} check %{_includedir}/* %changelog -* Thu Oct 29 2020 Nicolas Ontiveros - 2.6.4-6 -- No patch CVE-2019-6293 +* Thu Oct 29 2020 Nicolas Ontiveros - 2.6.4-6 +- No patch CVE-2019-6293 -* Sat May 09 2020 Nick Samson - 2.6.4-5 -- Added %%license line automatically +* Sat May 09 2020 Nick Samson - 2.6.4-5 +- Added %%license line automatically * Thu Apr 23 2020 Andrew Phelps 2.6.4-4 - Fix URL. From 95329c70132d6e0d309b5c757836d9414aac5428 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 29 Oct 2020 17:13:44 -0700 Subject: [PATCH 071/145] More linting --- SPECS/flex/flex.spec | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/SPECS/flex/flex.spec b/SPECS/flex/flex.spec index 81801f8ecbb..ee59aa34e76 100644 --- a/SPECS/flex/flex.spec +++ b/SPECS/flex/flex.spec @@ -3,24 +3,24 @@ Name: flex Version: 2.6.4 Release: 6%{?dist} License: BSD -URL: https://github.com/westes/flex -Group: Applications/System Vendor: Microsoft Corporation Distribution: Mariner +Group: Applications/System +URL: https://github.com/westes/flex Source0: https://github.com/westes/flex/releases/download/v%{version}/%{name}-%{version}.tar.gz -BuildRequires: m4 -Requires: m4 # Upstream community decided to not fix this Patch0: CVE-2019-6293.nopatch +BuildRequires: m4 +Requires: m4 %description The Flex package contains a utility for generating programs that recognize patterns in text. %package devel -Summary: Development libraries and header files for the flex library -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} +Summary: Development libraries and header files for the flex library +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} %description devel The flex-devel package contains the development libraries and header files for @@ -29,6 +29,7 @@ flex. %prep %setup -q sed -i -e '/test-bison/d' tests/Makefile.in + %build CFLAGS="-D_GNU_SOURCE" \ ./configure \ @@ -36,10 +37,11 @@ CFLAGS="-D_GNU_SOURCE" \ --docdir=%{_defaultdocdir}/%{name}-%{version} \ --disable-silent-rules make VERBOSE=1 %{?_smp_mflags} + %install make DESTDIR=%{buildroot} install -find %{buildroot}%{_libdir} -name '*.la' -delete -cat > %{buildroot}/usr/bin/lex <<- "EOF" +find %{buildroot} -type f -name "*.la" -delete -print +cat > %{buildroot}%{_bindir}/lex <<- "EOF" #!/bin/sh # Begin /usr/bin/lex @@ -55,6 +57,7 @@ make %{?_smp_mflags} check %post -p /sbin/ldconfig %postun -p /sbin/ldconfig + %files -f %{name}.lang %defattr(-,root,root) %license COPYING From cc2128b11c8661dd92aa31e7b0d233b5dbd3346e Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 29 Oct 2020 17:26:59 -0700 Subject: [PATCH 072/145] Move lex to separate script --- SPECS/flex/flex.signatures.json | 3 ++- SPECS/flex/flex.spec | 11 +++-------- SPECS/flex/lex | 6 ++++++ 3 files changed, 11 insertions(+), 9 deletions(-) create mode 100644 SPECS/flex/lex diff --git a/SPECS/flex/flex.signatures.json b/SPECS/flex/flex.signatures.json index a459af5b49f..083eb2cb897 100644 --- a/SPECS/flex/flex.signatures.json +++ b/SPECS/flex/flex.signatures.json @@ -1,5 +1,6 @@ { "Signatures": { - "flex-2.6.4.tar.gz": "e87aae032bf07c26f85ac0ed3250998c37621d95f8bd748b31f15b33c45ee995" + "flex-2.6.4.tar.gz": "e87aae032bf07c26f85ac0ed3250998c37621d95f8bd748b31f15b33c45ee995", + "lex": "7d09257b0186b94b3a5f972c295e3c1b912015dd18f9e45cd38c99375eacb08c" } } \ No newline at end of file diff --git a/SPECS/flex/flex.spec b/SPECS/flex/flex.spec index ee59aa34e76..ddbaa7f607a 100644 --- a/SPECS/flex/flex.spec +++ b/SPECS/flex/flex.spec @@ -8,6 +8,7 @@ Distribution: Mariner Group: Applications/System URL: https://github.com/westes/flex Source0: https://github.com/westes/flex/releases/download/v%{version}/%{name}-%{version}.tar.gz +Source1: lex # Upstream community decided to not fix this Patch0: CVE-2019-6293.nopatch BuildRequires: m4 @@ -41,14 +42,7 @@ make VERBOSE=1 %{?_smp_mflags} %install make DESTDIR=%{buildroot} install find %{buildroot} -type f -name "*.la" -delete -print -cat > %{buildroot}%{_bindir}/lex <<- "EOF" -#!/bin/sh -# Begin /usr/bin/lex - - exec /usr/bin/flex -l "$@" - -# End /usr/bin/lex -EOF +install -m 755 %{SOURCE1} %{buildroot}/usr/bin/lex rm -rf %{buildroot}%{_infodir} %find_lang %{name} @@ -77,6 +71,7 @@ make %{?_smp_mflags} check %changelog * Thu Oct 29 2020 Nicolas Ontiveros - 2.6.4-6 - No patch CVE-2019-6293 +- Move "lex" script to separate file * Sat May 09 2020 Nick Samson - 2.6.4-5 - Added %%license line automatically diff --git a/SPECS/flex/lex b/SPECS/flex/lex new file mode 100644 index 00000000000..8d85e8ea88c --- /dev/null +++ b/SPECS/flex/lex @@ -0,0 +1,6 @@ +#!/bin/sh +# Begin /usr/bin/lex + + exec /usr/bin/flex -l "$@" + +# End /usr/bin/lex \ No newline at end of file From 9ce1c1bacc086eef5d3f01b4f99ee75d1051267d Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 29 Oct 2020 17:28:36 -0700 Subject: [PATCH 073/145] More flex spec linting --- SPECS/flex/flex.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SPECS/flex/flex.spec b/SPECS/flex/flex.spec index ddbaa7f607a..5f4d07cd34f 100644 --- a/SPECS/flex/flex.spec +++ b/SPECS/flex/flex.spec @@ -42,7 +42,7 @@ make VERBOSE=1 %{?_smp_mflags} %install make DESTDIR=%{buildroot} install find %{buildroot} -type f -name "*.la" -delete -print -install -m 755 %{SOURCE1} %{buildroot}/usr/bin/lex +install -m 755 %{SOURCE1} %{buildroot}%{_bindir}/lex rm -rf %{buildroot}%{_infodir} %find_lang %{name} From 33a0035ec2469be18970e45013a4891f119e7c2e Mon Sep 17 00:00:00 2001 From: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com> Date: Fri, 30 Oct 2020 13:02:08 -0700 Subject: [PATCH 074/145] Use pointer to systemconfig (#311) --- toolkit/tools/isomaker/maker.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/toolkit/tools/isomaker/maker.go b/toolkit/tools/isomaker/maker.go index 2c9cb030f2b..60da7f30a7d 100644 --- a/toolkit/tools/isomaker/maker.go +++ b/toolkit/tools/isomaker/maker.go @@ -304,7 +304,9 @@ func (im *IsoMaker) copyAndRenameConfigFiles() { func (im *IsoMaker) copyAndRenameAdditionalFiles(configFilesAbsDirPath string) { const additionalFilesSubDirName = "additionalfiles" - for _, systemConfig := range im.config.SystemConfigs { + for i := range im.config.SystemConfigs { + systemConfig := &im.config.SystemConfigs[i] + absAdditionalFiles := make(map[string]string) for localAbsFilePath, installedSystemAbsFilePath := range systemConfig.AdditionalFiles { isoRelativeFilePath := im.copyFileToConfigRoot(configFilesAbsDirPath, additionalFilesSubDirName, localAbsFilePath) From f0ab9457fa2411ab262e3826721352c027092a39 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Fri, 30 Oct 2020 23:33:57 +0100 Subject: [PATCH 075/145] Updating `net-snmp` to fix CVE-2019-20892. (#313) --- SPECS/net-snmp/net-snmp.signatures.json | 2 +- SPECS/net-snmp/net-snmp.spec | 105 +++++++++++++++--------- cgmanifest.json | 4 +- 3 files changed, 67 insertions(+), 44 deletions(-) diff --git a/SPECS/net-snmp/net-snmp.signatures.json b/SPECS/net-snmp/net-snmp.signatures.json index 1502c1193e6..83cb310cdb9 100644 --- a/SPECS/net-snmp/net-snmp.signatures.json +++ b/SPECS/net-snmp/net-snmp.signatures.json @@ -1,6 +1,6 @@ { "Signatures": { - "net-snmp-5.8.tar.gz": "b2fc3500840ebe532734c4786b0da4ef0a5f67e51ef4c86b3345d697e4976adf", + "net-snmp-5.9.tar.gz": "04303a66f85d6d8b16d3cc53bde50428877c82ab524e17591dfceaeb94df6071", "snmpd.service": "5e17bf9f66f2b77e1a6c6dff7356cecb8ed488ce3df361738a72b4436096b694", "snmptrapd.service": "ef3e3dbe80c8ab455b30cd83db23db136263c1295ce2f23dcc4a1a1b60799229" } diff --git a/SPECS/net-snmp/net-snmp.spec b/SPECS/net-snmp/net-snmp.spec index 1e219e58016..73068f3fa9a 100644 --- a/SPECS/net-snmp/net-snmp.spec +++ b/SPECS/net-snmp/net-snmp.spec @@ -1,35 +1,38 @@ %global __requires_exclude perl\\(.*\\) Summary: Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and IPv6. Name: net-snmp -Version: 5.8 -Release: 4%{?dist} -License: BSD (like) -URL: http://net-snmp.sourceforge.net/ -Group: Productivity/Networking/Other +Version: 5.9 +Release: 1%{?dist} +License: MIT Vendor: Microsoft Corporation Distribution: Mariner +Group: Productivity/Networking/Other +URL: http://net-snmp.sourceforge.net/ Source0: http://sourceforge.net/projects/%{name}/files/%{name}/%{version}/%{name}-%{version}.tar.gz -%define sha1 net-snmp=78f70731df9dcdb13fe8f60eb7d80d7583da4d2c Source1: snmpd.service Source2: snmptrapd.service + BuildRequires: openssl-devel BuildRequires: perl BuildRequires: systemd + Requires: perl Requires: systemd + %description Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and IPv6. %package devel -Group: Development/Libraries -Summary: The includes and static libraries from the Net-SNMP package. -Requires: net-snmp = %{version} +Summary: The includes and static libraries from the Net-SNMP package. +Group: Development/Libraries + +Requires: net-snmp = %{version} %description devel The net-snmp-devel package contains headers and libraries for building SNMP applications. %prep -%setup -q +%autosetup %build %configure \ @@ -38,8 +41,8 @@ The net-snmp-devel package contains headers and libraries for building SNMP appl --target=ia64-linux \ --sbindir=/sbin \ --with-sys-location="unknown" \ - --with-logfile=/var/log/net-snmpd.log \ - --with-persistent-directory=/var/lib/net-snmp \ + --with-logfile=%{_var}/log/net-snmpd.log \ + --with-persistent-directory=%{_sharedstatedir}/net-snmp \ --with-sys-contact="root@localhost" \ --with-defaults \ --with-systemd \ @@ -74,10 +77,11 @@ make %{?_smp_mflags} test %clean rm -rf %{buildroot}/* + %files -%doc COPYING NEWS README ChangeLog -%defattr(-,root,root) %license COPYING +%doc NEWS README ChangeLog +%defattr(-,root,root) /lib/systemd/system/snmpd.service /lib/systemd/system/snmptrapd.service %{_bindir} @@ -86,38 +90,57 @@ rm -rf %{buildroot}/* %files devel %defattr(-,root,root) +%{_datadir} %{_includedir} %{_libdir}/*.la -%{_libdir}/perl5 %{_libdir}/*.so -%{_datadir} -%exclude /usr/lib/perl5/*/*/perllocal.pod +%{_libdir}/perl5 +%{_libdir}/pkgconfig/*.pc +%exclude %{_lib}/perl5/*/*/perllocal.pod %changelog +* Fri Oct 30 2020 Pawel Winogrodzki - 5.9-1 +- Updating to 5.9 to fix CVE-2019-20892. A patch couldn't be applied without backporting. +- Switching to %%autosetup. +- License verified. +- Removed %%sha1 macro. +- Updating whitespaces to fix issues reported by the linter. + * Sat May 09 00:20:48 PST 2020 Nick Samson - 5.8-4 - Added %%license line automatically -* Tue Sep 03 2019 Mateusz Malisz 5.8-3 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Fri Sep 21 2018 Dweep Advani 5.8-2 -- Using %configure and changing for perl upgrade -* Wed Sep 19 2018 Keerthana K 5.8-1 -- Update to version 5.8 -* Tue Jul 31 2018 Ajay Kaher 5.7.3-9 -- Excluded perllocal.pod for aarch64 -* Mon Apr 16 2018 Xiaolin Li 5.7.3-8 -- Apply patch for CVE-2018-1000116 -* Mon Jul 24 2017 Dheeraj Shetty 5.7.3-7 -- Make service file a different source -* Tue Apr 04 2017 Priyesh Padmavilasom 5.7.3-6 -- Patch to remove U64 typedef -* Tue Oct 04 2016 ChangLee 5.7.3-5 -- Modified %check -* Thu May 26 2016 Harish Udaiya Kumar 5.7.3-4 -- Excluded the perllocal.pod log. -* Tue May 24 2016 Priyesh Padmavilasom 5.7.3-3 -- GA - Bump release of all rpms -* Wed May 04 2016 Nick Shi 5.7.3-2 -- Add snmpd and snmptrapd to systemd service. -* Mon Nov 30 2015 Harish Udaiya Kumar 5.7.3-1 -- Initial build. First version +* Tue Sep 03 2019 Mateusz Malisz - 5.8-3 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Fri Sep 21 2018 Dweep Advani - 5.8-2 +- Using %configure and changing for perl upgrade + +* Wed Sep 19 2018 Keerthana K - 5.8-1 +- Update to version 5.8 + +* Tue Jul 31 2018 Ajay Kaher - 5.7.3-9 +- Excluded perllocal.pod for aarch64 + +* Mon Apr 16 2018 Xiaolin Li - 5.7.3-8 +- Apply patch for CVE-2018-1000116 + +* Mon Jul 24 2017 Dheeraj Shetty - 5.7.3-7 +- Make service file a different source + +* Tue Apr 04 2017 Priyesh Padmavilasom - 5.7.3-6 +- Patch to remove U64 typedef + +* Tue Oct 04 2016 ChangLee - 5.7.3-5 +- Modified %check + +* Thu May 26 2016 Harish Udaiya Kumar - 5.7.3-4 +- Excluded the perllocal.pod log. + +* Tue May 24 2016 Priyesh Padmavilasom - 5.7.3-3 +- GA - Bump release of all rpms + +* Wed May 04 2016 Nick Shi - 5.7.3-2 +- Add snmpd and snmptrapd to systemd service. + +* Mon Nov 30 2015 Harish Udaiya Kumar - 5.7.3-1 +- Initial build. First version diff --git a/cgmanifest.json b/cgmanifest.json index c22e3371597..dc4f7478d25 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -3276,8 +3276,8 @@ "type": "other", "other": { "name": "net-snmp", - "version": "5.8", - "downloadUrl": "http://sourceforge.net/projects/net-snmp/files/net-snmp/5.8/net-snmp-5.8.tar.gz" + "version": "5.9", + "downloadUrl": "http://sourceforge.net/projects/net-snmp/files/net-snmp/5.9/net-snmp-5.9.tar.gz" } } }, From bde3e86b7b97e2705fbad74ad6f0d42820e8c9be Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Sat, 31 Oct 2020 00:29:33 +0100 Subject: [PATCH 076/145] Updating `vim` to version 8.1.1667 to fix CVE-2019-20807. (#320) * Updating `vim` to version 8.1.1667 to fix CVE-2019-20807. * Adding linter's suggestions. --- SPECS/vim/CVE-2019-12735.patch | 47 ---------- SPECS/vim/vim.signatures.json | 2 +- SPECS/vim/vim.spec | 165 +++++++++++++++++++-------------- cgmanifest.json | 4 +- 4 files changed, 96 insertions(+), 122 deletions(-) delete mode 100644 SPECS/vim/CVE-2019-12735.patch diff --git a/SPECS/vim/CVE-2019-12735.patch b/SPECS/vim/CVE-2019-12735.patch deleted file mode 100644 index 83c6cbc0b48..00000000000 --- a/SPECS/vim/CVE-2019-12735.patch +++ /dev/null @@ -1,47 +0,0 @@ -diff --git a/src/getchar.c b/src/getchar.c -index cc8b344e1..53f3a76be 100644 ---- a/src/getchar.c -+++ b/src/getchar.c -@@ -1442,6 +1442,12 @@ openscript( - EMSG(_(e_nesting)); - return; - } -+ -+ // Disallow sourcing a file in the sandbox, the commands would be executed -+ // later, possibly outside of the sandbox. -+ if (check_secure()) -+ return; -+ - #ifdef FEAT_EVAL - if (ignore_script) - /* Not reading from script, also don't open one. Warning message? */ -diff --git a/src/testdir/test_source_utf8.vim b/src/testdir/test_source_utf8.vim -index c29c2ec1f..f13906242 100644 ---- a/src/testdir/test_source_utf8.vim -+++ b/src/testdir/test_source_utf8.vim -@@ -61,3 +61,12 @@ func Test_source_ctrl_v() - unmap __4 - unmap __5 - endfunc -+ -+func Test_source_sandbox() -+ new -+ call writefile(["Ohello\"], 'Xsourcehello') -+ source! Xsourcehello | echo -+ call assert_equal('hello', getline(1)) -+ call assert_fails('sandbox source! Xsourcehello', 'E48:') -+ bwipe! -+endfunc -diff --git a/src/version.c b/src/version.c -index dce4643c2..c6e64ea76 100644 ---- a/src/version.c -+++ b/src/version.c -@@ -794,6 +794,8 @@ static char *(features[]) = - - static int included_patches[] = - { /* Add new patch number below this line */ -+/**/ -+ 1365, - /**/ - 388, - /**/ diff --git a/SPECS/vim/vim.signatures.json b/SPECS/vim/vim.signatures.json index 9318958178e..28ea332ec22 100644 --- a/SPECS/vim/vim.signatures.json +++ b/SPECS/vim/vim.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "vim-8.1.0388.tar.gz": "34cff3096a712ee0682ddc9ebfc8df8ade8303cf7069a189f14bca48dd0d02b7" + "vim-8.1.1667.tar.gz": "9896654b6729f4007222505b52784786441bcafcc7c81ed937255bf5ea250309" } } \ No newline at end of file diff --git a/SPECS/vim/vim.spec b/SPECS/vim/vim.spec index 4e0eaeb3c95..e5525340e96 100644 --- a/SPECS/vim/vim.spec +++ b/SPECS/vim/vim.spec @@ -1,20 +1,15 @@ %define debug_package %{nil} - Summary: Text editor Name: vim -Version: 8.1.0388 -Release: 7%{?dist} +Version: 8.1.1667 +Release: 1%{?dist} License: Vim -URL: https://www.vim.org -Group: Applications/Editors Vendor: Microsoft Corporation Distribution: Mariner +Group: Applications/Editors +URL: https://www.vim.org #Source0: https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz Source0: %{name}-%{version}.tar.gz -# Based on: -# https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040.patch -# Had some modifications for patch to apply cleanly. -Patch0: CVE-2019-12735.patch BuildRequires: ncurses-devel @@ -22,18 +17,21 @@ BuildRequires: ncurses-devel The Vim package contains a powerful text editor. %package extra -Summary: Extra files for Vim text editor -Group: Applications/Editors -Requires: tcsh -Conflicts: toybox +Summary: Extra files for Vim text editor +Group: Applications/Editors + +Requires: tcsh + +Conflicts: toybox %description extra The vim extra package contains a extra files for powerful text editor. %prep -%autosetup -p1 +%autosetup echo '#define SYS_VIMRC_FILE "/etc/vimrc"' >> src/feature.h + %build %configure --enable-multibyte @@ -43,9 +41,9 @@ make VERBOSE=1 %{?_smp_mflags} #cd %{_builddir}/%{name}74 make DESTDIR=%{buildroot} install ln -sv vim %{buildroot}%{_bindir}/vi -install -vdm 755 %{buildroot}/etc -cat > %{buildroot}/etc/vimrc << "EOF" -" Begin /etc/vimrc +install -vdm 755 %{buildroot}%{_sysconfdir} +cat > %{buildroot}%{_sysconfdir}/vimrc << "EOF" +" Begin %{_sysconfdir}/vimrc set shell=/bin/bash set nocompatible @@ -70,7 +68,7 @@ if ! isdirectory("~/.vim/swap/") call system('install -d -m 700 ~/.vim/swap') endif set directory=~/.vim/swap// -" End /etc/vimrc +" End %{_sysconfdir}/vimrc EOF %check @@ -86,12 +84,12 @@ then fi %files extra -%defattr(-,root,root) %license README.txt +%doc %{_datarootdir}/vim/vim81/doc/* +%defattr(-,root,root) %{_bindir}/vimtutor %{_bindir}/xxd %{_mandir}/*/* -%doc %{_datarootdir}/vim/vim81/doc/* %{_datarootdir}/vim/vim81/autoload/* %{_datarootdir}/vim/vim81/bugreport.vim %{_datarootdir}/vim/vim81/colors/* @@ -162,21 +160,21 @@ fi %lang(zh_CN) %{_datarootdir}/vim/vim81/lang/zh_CN/LC_MESSAGES/vim.mo %lang(zh_TW.UTF-8) %{_datarootdir}/vim/vim81/lang/zh_TW.UTF-8/LC_MESSAGES/vim.mo %lang(zh_TW) %{_datarootdir}/vim/vim81/lang/zh_TW/LC_MESSAGES/vim.mo -%lang(cs.cp1250) %{_datarootdir}/vim/vim81/lang/cs.cp1250/LC_MESSAGES/vim.mo -%lang(ja.euc-jp) %{_datarootdir}/vim/vim81/lang/ja.euc-jp/LC_MESSAGES/vim.mo -%lang(ja.sjis) %{_datarootdir}/vim/vim81/lang/ja.sjis/LC_MESSAGES/vim.mo -%lang(nl) %{_datarootdir}/vim/vim81/lang/nl/LC_MESSAGES/vim.mo -%lang(pl.UTF-8) %{_datarootdir}/vim/vim81/lang/pl.UTF-8/LC_MESSAGES/vim.mo -%lang(pl.cp1250) %{_datarootdir}/vim/vim81/lang/pl.cp1250/LC_MESSAGES/vim.mo -%lang(ru.cp1251) %{_datarootdir}/vim/vim81/lang/ru.cp1251/LC_MESSAGES/vim.mo -%lang(sk.cp1250) %{_datarootdir}/vim/vim81/lang/sk.cp1250/LC_MESSAGES/vim.mo -%lang(uk.cp1251) %{_datarootdir}/vim/vim81/lang/uk.cp1251/LC_MESSAGES/vim.mo +%lang(cs.cp1250) %{_datarootdir}/vim/vim81/lang/cs.cp1250/LC_MESSAGES/vim.mo +%lang(ja.euc-jp) %{_datarootdir}/vim/vim81/lang/ja.euc-jp/LC_MESSAGES/vim.mo +%lang(ja.sjis) %{_datarootdir}/vim/vim81/lang/ja.sjis/LC_MESSAGES/vim.mo +%lang(nl) %{_datarootdir}/vim/vim81/lang/nl/LC_MESSAGES/vim.mo +%lang(pl.UTF-8) %{_datarootdir}/vim/vim81/lang/pl.UTF-8/LC_MESSAGES/vim.mo +%lang(pl.cp1250) %{_datarootdir}/vim/vim81/lang/pl.cp1250/LC_MESSAGES/vim.mo +%lang(ru.cp1251) %{_datarootdir}/vim/vim81/lang/ru.cp1251/LC_MESSAGES/vim.mo +%lang(sk.cp1250) %{_datarootdir}/vim/vim81/lang/sk.cp1250/LC_MESSAGES/vim.mo +%lang(uk.cp1251) %{_datarootdir}/vim/vim81/lang/uk.cp1251/LC_MESSAGES/vim.mo %lang(zh_CN.cp936) %{_datarootdir}/vim/vim81/lang/zh_CN.cp936/LC_MESSAGES/vim.mo %files %defattr(-,root,root) %license README.txt -%config(noreplace) /etc/vimrc +%config(noreplace) %{_sysconfdir}/vimrc %{_datarootdir}/vim/vim81/syntax/syntax.vim %{_datarootdir}/vim/vim81/rgb.txt %{_datarootdir}/vim/vim81/colors/desert.vim @@ -189,45 +187,68 @@ fi %{_bindir}/vimdiff %changelog -* Thu Oct 15 2020 Emre Girgin 8.1.0388-7 -- Fix CVE-2019-12735. -* Mon Jun 01 2020 Pawel Winogrodzki 8.1.0388-6 -- Adding a license reference. -* Mon Apr 13 2020 Eric Li 8.1.0388-5 -- Add #Source0: comment and delete sha1. Verified license. -* Tue Sep 03 2019 Mateusz Malisz 8.1.0388-4 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Tue Jan 29 2019 Dweep Advani 8.1.0388-3 -- Fixed swap file creation error for custom login shell -* Wed Sep 12 2018 Anish Swaminathan 8.1.0388-2 -- Add conflicts toybox for vim-extra. -* Wed Sep 12 2018 Anish Swaminathan 8.1.0388-1 -- Update to version 8.1.0388. -* Tue Jul 10 2018 Tapas Kundu 8.0.0533-4 -- Fix for CVE-2017-17087 and CVE-2017-1000382. -* Mon Aug 14 2017 Chang Lee 8.0.0533-3 -- Disabled Test_recover_root_dir in %check. -* Tue May 02 2017 Anish Swaminathan 8.0.0533-2 -- Remove tcsh requires. -* Fri Apr 14 2017 Xiaolin Li 8.0.0533-1 -- Updated to version 8.0.0533. -* Tue Feb 28 2017 Anish Swaminathan 7.4-10 -- Fix for CVE-2017-6349 and CVE-2017-6350. -* Fri Feb 17 2017 Anish Swaminathan 7.4-9 -- Fix for CVE-2017-5953. -* Fri Nov 18 2016 Anish Swaminathan 7.4-8 -- Fix for CVE-2016-1248. -* Wed Oct 05 2016 ChangLee 7.4-7 -- Modified %check. -* Wed Aug 24 2016 Alexey Makhalov 7.4-6 -- vimrc: Added tags search, tab->spaces and some bindings. -* Tue May 24 2016 Priyesh Padmavilasom 7.4-5 -- GA - Bump release of all rpms. -* Thu Jul 16 2015 Touseef Liaqat 7.4-3 -- Added profile related files in minimal vim package. -* Tue Jun 30 2015 Touseef Liaqat 7.4-3 -- Pack extra files separately, to make vim package small. -* Fri Jun 19 2015 Alexey Makhalov 7.4-2 -- Disable debug package. Use 'desert' colorscheme. -* Wed Nov 5 2014 Divya Thaluru 7.4-1 -- Initial build First version. +* Fri Oct 30 2020 Pawel Winogrodzki - 8.1.1667-1 +- Fix CVE-2019-20807 by updating to 8.1.1667. + +* Thu Oct 15 2020 Emre Girgin - 8.1.0388-7 +- Fix CVE-2019-12735. + +* Mon Jun 01 2020 Pawel Winogrodzki - 8.1.0388-6 +- Adding a license reference. + +* Mon Apr 13 2020 Eric Li - 8.1.0388-5 +- Add #Source0: comment and delete sha1. Verified license. + +* Tue Sep 03 2019 Mateusz Malisz - 8.1.0388-4 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Tue Jan 29 2019 Dweep Advani - 8.1.0388-3 +- Fixed swap file creation error for custom login shell + +* Wed Sep 12 2018 Anish Swaminathan - 8.1.0388-2 +- Add conflicts toybox for vim-extra. + +* Wed Sep 12 2018 Anish Swaminathan - 8.1.0388-1 +- Update to version 8.1.0388. + +* Tue Jul 10 2018 Tapas Kundu - 8.0.0533-4 +- Fix for CVE-2017-17087 and CVE-2017-1000382. + +* Mon Aug 14 2017 Chang Lee - 8.0.0533-3 +- Disabled Test_recover_root_dir in %check. + +* Tue May 02 2017 Anish Swaminathan - 8.0.0533-2 +- Remove tcsh requires. + +* Fri Apr 14 2017 Xiaolin Li - 8.0.0533-1 +- Updated to version 8.0.0533. + +* Tue Feb 28 2017 Anish Swaminathan - 7.4-10 +- Fix for CVE-2017-6349 and CVE-2017-6350. + +* Fri Feb 17 2017 Anish Swaminathan - 7.4-9 +- Fix for CVE-2017-5953. + +* Fri Nov 18 2016 Anish Swaminathan - 7.4-8 +- Fix for CVE-2016-1248. + +* Wed Oct 05 2016 ChangLee - 7.4-7 +- Modified %check. + +* Wed Aug 24 2016 Alexey Makhalov - 7.4-6 +- vimrc: Added tags search, tab->spaces and some bindings. + +* Tue May 24 2016 Priyesh Padmavilasom - 7.4-5 +- GA - Bump release of all rpms. + +* Thu Jul 16 2015 Touseef Liaqat - 7.4-3 +- Added profile related files in minimal vim package. + +* Tue Jun 30 2015 Touseef Liaqat - 7.4-3 +- Pack extra files separately, to make vim package small. + +* Fri Jun 19 2015 Alexey Makhalov - 7.4-2 +- Disable debug package. Use 'desert' colorscheme. + +* Wed Nov 5 2014 Divya Thaluru - 7.4-1 +- Initial build First version. diff --git a/cgmanifest.json b/cgmanifest.json index dc4f7478d25..f957667cb89 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -5826,8 +5826,8 @@ "type": "other", "other": { "name": "vim", - "version": "8.1.0388", - "downloadUrl": "https://github.com/vim/vim/archive/v8.1.0388.tar.gz" + "version": "8.1.1667", + "downloadUrl": "https://github.com/vim/vim/archive/v8.1.1667.tar.gz" } } }, From a510f75be7e6d11cc657754f3e25a9a50c0bf531 Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Mon, 2 Nov 2020 07:52:41 -0800 Subject: [PATCH 077/145] Patch CVE-2020-24553 in go --- SPECS/golang/CVE-2020-24553.patch | 412 ++++++++++++++++++++++++++++++ SPECS/golang/golang-1.13.spec | 172 +++++++------ 2 files changed, 510 insertions(+), 74 deletions(-) create mode 100644 SPECS/golang/CVE-2020-24553.patch diff --git a/SPECS/golang/CVE-2020-24553.patch b/SPECS/golang/CVE-2020-24553.patch new file mode 100644 index 00000000000..983bbe73d71 --- /dev/null +++ b/SPECS/golang/CVE-2020-24553.patch @@ -0,0 +1,412 @@ +From 4f5cd0c0331943c7ec72df3b827d972584f77833 Mon Sep 17 00:00:00 2001 +From: Roberto Clapis +Date: Wed, 26 Aug 2020 08:53:03 +0200 +Subject: [PATCH] net/http/cgi,net/http/fcgi: add Content-Type detection + +This CL ensures that responses served via CGI and FastCGI +have a Content-Type header based on the content of the +response if not explicitly set by handlers. + +If the implementers of the handler did not explicitly +specify a Content-Type both CGI implementations would default +to "text/html", potentially causing cross-site scripting. + +Thanks to RedTeam Pentesting GmbH for reporting this. + +Fixes #40928 +Fixes CVE-2020-24553 + +Change-Id: I82cfc396309b5ab2e8d6e9a87eda8ea7e3799473 +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/823217 +Reviewed-by: Russ Cox +Reviewed-on: https://go-review.googlesource.com/c/go/+/252179 +Run-TryBot: Filippo Valsorda +TryBot-Result: Go Bot +Reviewed-by: Katie Hockman +--- + src/net/http/cgi/child.go | 36 +++++++++++------ + src/net/http/cgi/child_test.go | 58 ++++++++++++++++++++++++++++ + src/net/http/cgi/integration_test.go | 53 ++++++++++++++++++++++++- + src/net/http/fcgi/child.go | 39 ++++++++++++++----- + src/net/http/fcgi/fcgi_test.go | 52 +++++++++++++++++++++++++ + 5 files changed, 216 insertions(+), 22 deletions(-) + +diff --git a/src/net/http/cgi/child.go b/src/net/http/cgi/child.go +index d7d813e68a83..690986335c07 100644 +--- a/src/net/http/cgi/child.go ++++ b/src/net/http/cgi/child.go +@@ -166,10 +166,12 @@ func Serve(handler http.Handler) error { + } + + type response struct { +- req *http.Request +- header http.Header +- bufw *bufio.Writer +- headerSent bool ++ req *http.Request ++ header http.Header ++ code int ++ wroteHeader bool ++ wroteCGIHeader bool ++ bufw *bufio.Writer + } + + func (r *response) Flush() { +@@ -181,26 +183,38 @@ func (r *response) Header() http.Header { + } + + func (r *response) Write(p []byte) (n int, err error) { +- if !r.headerSent { ++ if !r.wroteHeader { + r.WriteHeader(http.StatusOK) + } ++ if !r.wroteCGIHeader { ++ r.writeCGIHeader(p) ++ } + return r.bufw.Write(p) + } + + func (r *response) WriteHeader(code int) { +- if r.headerSent { ++ if r.wroteHeader { + // Note: explicitly using Stderr, as Stdout is our HTTP output. + fmt.Fprintf(os.Stderr, "CGI attempted to write header twice on request for %s", r.req.URL) + return + } +- r.headerSent = true +- fmt.Fprintf(r.bufw, "Status: %d %s\r\n", code, http.StatusText(code)) ++ r.wroteHeader = true ++ r.code = code ++} + +- // Set a default Content-Type ++// writeCGIHeader finalizes the header sent to the client and writes it to the output. ++// p is not written by writeHeader, but is the first chunk of the body ++// that will be written. It is sniffed for a Content-Type if none is ++// set explicitly. ++func (r *response) writeCGIHeader(p []byte) { ++ if r.wroteCGIHeader { ++ return ++ } ++ r.wroteCGIHeader = true ++ fmt.Fprintf(r.bufw, "Status: %d %s\r\n", r.code, http.StatusText(r.code)) + if _, hasType := r.header["Content-Type"]; !hasType { +- r.header.Add("Content-Type", "text/html; charset=utf-8") ++ r.header.Set("Content-Type", http.DetectContentType(p)) + } +- + r.header.Write(r.bufw) + r.bufw.WriteString("\r\n") + r.bufw.Flush() +diff --git a/src/net/http/cgi/child_test.go b/src/net/http/cgi/child_test.go +index 14e0af475f5a..18cf789bd59d 100644 +--- a/src/net/http/cgi/child_test.go ++++ b/src/net/http/cgi/child_test.go +@@ -7,6 +7,11 @@ + package cgi + + import ( ++ "bufio" ++ "bytes" ++ "net/http" ++ "net/http/httptest" ++ "strings" + "testing" + ) + +@@ -148,3 +153,56 @@ func TestRequestWithoutRemotePort(t *testing.T) { + t.Errorf("RemoteAddr: got %q; want %q", g, e) + } + } ++ ++func TestResponse(t *testing.T) { ++ var tests = []struct { ++ name string ++ body string ++ wantCT string ++ }{ ++ { ++ name: "no body", ++ wantCT: "text/plain; charset=utf-8", ++ }, ++ { ++ name: "html", ++ body: "test pageThis is a body", ++ wantCT: "text/html; charset=utf-8", ++ }, ++ { ++ name: "text", ++ body: strings.Repeat("gopher", 86), ++ wantCT: "text/plain; charset=utf-8", ++ }, ++ { ++ name: "jpg", ++ body: "\xFF\xD8\xFF" + strings.Repeat("B", 1024), ++ wantCT: "image/jpeg", ++ }, ++ } ++ for _, tt := range tests { ++ t.Run(tt.name, func(t *testing.T) { ++ var buf bytes.Buffer ++ resp := response{ ++ req: httptest.NewRequest("GET", "/", nil), ++ header: http.Header{}, ++ bufw: bufio.NewWriter(&buf), ++ } ++ n, err := resp.Write([]byte(tt.body)) ++ if err != nil { ++ t.Errorf("Write: unexpected %v", err) ++ } ++ if want := len(tt.body); n != want { ++ t.Errorf("reported short Write: got %v want %v", n, want) ++ } ++ resp.writeCGIHeader(nil) ++ resp.Flush() ++ if got := resp.Header().Get("Content-Type"); got != tt.wantCT { ++ t.Errorf("wrong content-type: got %q, want %q", got, tt.wantCT) ++ } ++ if !bytes.HasSuffix(buf.Bytes(), []byte(tt.body)) { ++ t.Errorf("body was not correctly written") ++ } ++ }) ++ } ++} +diff --git a/src/net/http/cgi/integration_test.go b/src/net/http/cgi/integration_test.go +index eaa090f6fe4f..76cbca8e6036 100644 +--- a/src/net/http/cgi/integration_test.go ++++ b/src/net/http/cgi/integration_test.go +@@ -16,7 +16,9 @@ import ( + "io" + "net/http" + "net/http/httptest" ++ "net/url" + "os" ++ "strings" + "testing" + "time" + ) +@@ -52,7 +54,7 @@ func TestHostingOurselves(t *testing.T) { + } + replay := runCgiTest(t, h, "GET /test.go?foo=bar&a=b HTTP/1.0\nHost: example.com\n\n", expectedMap) + +- if expected, got := "text/html; charset=utf-8", replay.Header().Get("Content-Type"); got != expected { ++ if expected, got := "text/plain; charset=utf-8", replay.Header().Get("Content-Type"); got != expected { + t.Errorf("got a Content-Type of %q; expected %q", got, expected) + } + if expected, got := "X-Test-Value", replay.Header().Get("X-Test-Header"); got != expected { +@@ -169,6 +171,51 @@ func TestNilRequestBody(t *testing.T) { + _ = runCgiTest(t, h, "POST /test.go?nil-request-body=1 HTTP/1.0\nHost: example.com\nContent-Length: 0\n\n", expectedMap) + } + ++func TestChildContentType(t *testing.T) { ++ testenv.MustHaveExec(t) ++ ++ h := &Handler{ ++ Path: os.Args[0], ++ Root: "/test.go", ++ Args: []string{"-test.run=TestBeChildCGIProcess"}, ++ } ++ var tests = []struct { ++ name string ++ body string ++ wantCT string ++ }{ ++ { ++ name: "no body", ++ wantCT: "text/plain; charset=utf-8", ++ }, ++ { ++ name: "html", ++ body: "test pageThis is a body", ++ wantCT: "text/html; charset=utf-8", ++ }, ++ { ++ name: "text", ++ body: strings.Repeat("gopher", 86), ++ wantCT: "text/plain; charset=utf-8", ++ }, ++ { ++ name: "jpg", ++ body: "\xFF\xD8\xFF" + strings.Repeat("B", 1024), ++ wantCT: "image/jpeg", ++ }, ++ } ++ for _, tt := range tests { ++ t.Run(tt.name, func(t *testing.T) { ++ expectedMap := map[string]string{"_body": tt.body} ++ req := fmt.Sprintf("GET /test.go?exact-body=%s HTTP/1.0\nHost: example.com\n\n", url.QueryEscape(tt.body)) ++ replay := runCgiTest(t, h, req, expectedMap) ++ if got := replay.Header().Get("Content-Type"); got != tt.wantCT { ++ t.Errorf("got a Content-Type of %q; expected it to start with %q", got, tt.wantCT) ++ } ++ }) ++ } ++} ++ + // golang.org/issue/7198 + func Test500WithNoHeaders(t *testing.T) { want500Test(t, "/immediate-disconnect") } + func Test500WithNoContentType(t *testing.T) { want500Test(t, "/no-content-type") } +@@ -224,6 +271,10 @@ func TestBeChildCGIProcess(t *testing.T) { + if req.FormValue("no-body") == "1" { + return + } ++ if eb, ok := req.Form["exact-body"]; ok { ++ io.WriteString(rw, eb[0]) ++ return ++ } + if req.FormValue("write-forever") == "1" { + io.Copy(rw, neverEnding('a')) + for { +diff --git a/src/net/http/fcgi/child.go b/src/net/http/fcgi/child.go +index 0e91042543b5..34761f32ee18 100644 +--- a/src/net/http/fcgi/child.go ++++ b/src/net/http/fcgi/child.go +@@ -74,10 +74,12 @@ func (r *request) parseParams() { + + // response implements http.ResponseWriter. + type response struct { +- req *request +- header http.Header +- w *bufWriter +- wroteHeader bool ++ req *request ++ header http.Header ++ code int ++ wroteHeader bool ++ wroteCGIHeader bool ++ w *bufWriter + } + + func newResponse(c *child, req *request) *response { +@@ -92,11 +94,14 @@ func (r *response) Header() http.Header { + return r.header + } + +-func (r *response) Write(data []byte) (int, error) { ++func (r *response) Write(p []byte) (n int, err error) { + if !r.wroteHeader { + r.WriteHeader(http.StatusOK) + } +- return r.w.Write(data) ++ if !r.wroteCGIHeader { ++ r.writeCGIHeader(p) ++ } ++ return r.w.Write(p) + } + + func (r *response) WriteHeader(code int) { +@@ -104,22 +109,34 @@ func (r *response) WriteHeader(code int) { + return + } + r.wroteHeader = true ++ r.code = code + if code == http.StatusNotModified { + // Must not have body. + r.header.Del("Content-Type") + r.header.Del("Content-Length") + r.header.Del("Transfer-Encoding") +- } else if r.header.Get("Content-Type") == "" { +- r.header.Set("Content-Type", "text/html; charset=utf-8") + } +- + if r.header.Get("Date") == "" { + r.header.Set("Date", time.Now().UTC().Format(http.TimeFormat)) + } ++} + +- fmt.Fprintf(r.w, "Status: %d %s\r\n", code, http.StatusText(code)) ++// writeCGIHeader finalizes the header sent to the client and writes it to the output. ++// p is not written by writeHeader, but is the first chunk of the body ++// that will be written. It is sniffed for a Content-Type if none is ++// set explicitly. ++func (r *response) writeCGIHeader(p []byte) { ++ if r.wroteCGIHeader { ++ return ++ } ++ r.wroteCGIHeader = true ++ fmt.Fprintf(r.w, "Status: %d %s\r\n", r.code, http.StatusText(r.code)) ++ if _, hasType := r.header["Content-Type"]; r.code != http.StatusNotModified && !hasType { ++ r.header.Set("Content-Type", http.DetectContentType(p)) ++ } + r.header.Write(r.w) + r.w.WriteString("\r\n") ++ r.w.Flush() + } + + func (r *response) Flush() { +@@ -293,6 +310,8 @@ func (c *child) serveRequest(req *request, body io.ReadCloser) { + httpReq = httpReq.WithContext(envVarCtx) + c.handler.ServeHTTP(r, httpReq) + } ++ // Make sure we serve something even if nothing was written to r ++ r.Write(nil) + r.Close() + c.mu.Lock() + delete(c.requests, req.reqId) +diff --git a/src/net/http/fcgi/fcgi_test.go b/src/net/http/fcgi/fcgi_test.go +index e9d2b34023c8..4a27a12c35a9 100644 +--- a/src/net/http/fcgi/fcgi_test.go ++++ b/src/net/http/fcgi/fcgi_test.go +@@ -10,6 +10,7 @@ import ( + "io" + "io/ioutil" + "net/http" ++ "strings" + "testing" + ) + +@@ -344,3 +345,54 @@ func TestChildServeReadsEnvVars(t *testing.T) { + <-done + } + } ++ ++func TestResponseWriterSniffsContentType(t *testing.T) { ++ var tests = []struct { ++ name string ++ body string ++ wantCT string ++ }{ ++ { ++ name: "no body", ++ wantCT: "text/plain; charset=utf-8", ++ }, ++ { ++ name: "html", ++ body: "test pageThis is a body", ++ wantCT: "text/html; charset=utf-8", ++ }, ++ { ++ name: "text", ++ body: strings.Repeat("gopher", 86), ++ wantCT: "text/plain; charset=utf-8", ++ }, ++ { ++ name: "jpg", ++ body: "\xFF\xD8\xFF" + strings.Repeat("B", 1024), ++ wantCT: "image/jpeg", ++ }, ++ } ++ for _, tt := range tests { ++ t.Run(tt.name, func(t *testing.T) { ++ input := make([]byte, len(streamFullRequestStdin)) ++ copy(input, streamFullRequestStdin) ++ rc := nopWriteCloser{bytes.NewBuffer(input)} ++ done := make(chan bool) ++ var resp *response ++ c := newChild(rc, http.HandlerFunc(func( ++ w http.ResponseWriter, ++ r *http.Request, ++ ) { ++ io.WriteString(w, tt.body) ++ resp = w.(*response) ++ done <- true ++ })) ++ defer c.cleanUp() ++ go c.serve() ++ <-done ++ if got := resp.Header().Get("Content-Type"); got != tt.wantCT { ++ t.Errorf("got a Content-Type of %q; expected it to start with %q", got, tt.wantCT) ++ } ++ }) ++ } ++} diff --git a/SPECS/golang/golang-1.13.spec b/SPECS/golang/golang-1.13.spec index 431a5c5fd05..33df860cbeb 100644 --- a/SPECS/golang/golang-1.13.spec +++ b/SPECS/golang/golang-1.13.spec @@ -1,4 +1,4 @@ -%global goroot /usr/lib/golang +%global goroot %{_lib}/golang %global gopath %{_datadir}/gocode %ifarch aarch64 %global gohostarch arm64 @@ -7,23 +7,22 @@ %endif %define debug_package %{nil} %define __strip /bin/true - # rpmbuild magic to keep from having meta dependency on libc.so.6 %define _use_internal_dependency_generator 0 %define __find_requires %{nil} - Summary: Go Name: golang Version: 1.13.15 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD -URL: https://golang.org -Group: System Environment/Security Vendor: Microsoft Corporation Distribution: Mariner +Group: System Environment/Security +URL: https://golang.org Source0: https://dl.google.com/go/go%{version}.src.tar.gz Source1: https://dl.google.com/go/go1.4-bootstrap-20171003.tar.gz Patch0: go14_bootstrap_aarch64.patch +Patch1: CVE-2020-24553.patch Obsoletes: %{name} < %{version} Provides: %{name} = %{version} @@ -34,19 +33,20 @@ Go is an open source programming language that makes it easy to build simple, re # Setup go 1.4 bootstrap source tar xf %{SOURCE1} --no-same-owner %ifarch aarch64 -patch -Np1 --ignore-whitespace < /usr/src/mariner/SOURCES/go14_bootstrap_aarch64.patch +patch -Np1 --ignore-whitespace < %{_prefix}/src/mariner/SOURCES/go14_bootstrap_aarch64.patch %endif mv -v go go-bootstrap -%setup -qn go +%setup -q -n go +%patch1 -p1 %build # Build go 1.4 bootstrap -pushd /usr/src/mariner/BUILD/go-bootstrap/src +pushd %{_prefix}/src/mariner/BUILD/go-bootstrap/src CGO_ENABLED=0 ./make.bash popd -mv -v /usr/src/mariner/BUILD/go-bootstrap /usr/lib/golang -export GOROOT=/usr/lib/golang +mv -v %{_prefix}/src/mariner/BUILD/go-bootstrap %{_lib}/golang +export GOROOT=%{_lib}/golang # Build current go version export GOHOSTOS=linux @@ -62,7 +62,6 @@ pushd src popd %install -rm -rf %{buildroot} mkdir -p %{buildroot}%{_bindir} mkdir -p %{buildroot}%{goroot} @@ -88,8 +87,8 @@ mkdir -p %{buildroot}%{gopath}/src/github.com/ mkdir -p %{buildroot}%{gopath}/src/bitbucket.org/ mkdir -p %{buildroot}%{gopath}/src/code.google.com/p/ -install -vdm755 %{buildroot}/etc/profile.d -cat >> %{buildroot}/etc/profile.d/go-exports.sh <<- "EOF" +install -vdm755 %{buildroot}%{_sysconfdir}/profile.d +cat >> %{buildroot}%{_sysconfdir}/profile.d/go-exports.sh <<- "EOF" export GOROOT=%{goroot} export GOPATH=%{_datadir}/gocode export GOHOSTOS=linux @@ -98,25 +97,21 @@ export GOOS=linux EOF %post -p /sbin/ldconfig - %postun /sbin/ldconfig if [ $1 -eq 0 ]; then #This is uninstall - rm /etc/profile.d/go-exports.sh + rm %{_sysconfdir}/profile.d/go-exports.sh rm -rf /opt/go exit 0 fi -%clean -rm -rf %{buildroot}/* - %files %defattr(-,root,root) %license LICENSE %exclude %{goroot}/src/*.rc %exclude %{goroot}/include/plan9 -/etc/profile.d/go-exports.sh +%{_sysconfdir}/profile.d/go-exports.sh %{goroot}/* %{gopath}/src %exclude %{goroot}/src/pkg/debug/dwarf/testdata @@ -124,57 +119,86 @@ rm -rf %{buildroot}/* %{_bindir}/* %changelog -* Tue Sep 08 2020 Nicolas Ontiveros 1.13.15-1 -- Updated to version 1.13.15, which fixes CVE-2020-14039 and CVE-2020-16845. -* Sun May 24 2020 Mateusz Malisz 1.13.11-1 -- Updated to version 1.13.11 -* Sat May 09 2020 Nick Samson 1.12.5-7 -- Added %%license line automatically -* Thu Apr 30 2020 Emre Girgin 1.12.5-6 -- Renaming go to golang -* Thu Apr 23 2020 Nicolas Ontiveros 1.12.5-5 -- Fix CVE-2019-14809. -* Fri Mar 27 2020 Andrew Phelps 1.12.5-4 -- Support building standalone by adding go 1.4 bootstrap. -* Thu Feb 27 2020 Henry Beberman 1.12.5-3 -- Remove meta dependency on libc.so.6 -* Thu Feb 6 2020 Andrew Phelps 1.12.5-2 -- Remove ExtraBuildRequires -* Tue Sep 03 2019 Mateusz Malisz 1.12.5-1 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Mon Jan 21 2019 Bo Gan 1.9.7-1 -- Update to 1.9.7 -* Wed Oct 24 2018 Alexey Makhalov 1.9.4-3 -- Use extra build requires -* Mon Apr 02 2018 Dheeraj Shetty 1.9.4-2 -- Fix for CVE-2018-7187 -* Thu Mar 15 2018 Xiaolin Li 1.9.4-1 -- Update to golang release v1.9.4 -* Tue Nov 14 2017 Alexey Makhalov 1.9.1-2 -- Aarch64 support -* Wed Nov 01 2017 Vinay Kulkarni 1.9.1-1 -- Update to golang release v1.9.1 -* Wed May 31 2017 Xiaolin Li 1.8.1-2 -- Remove mercurial from buildrequires and requires. -* Tue Apr 11 2017 Danut Moraru 1.8.1-1 -- Update Golang to version 1.8.1, updated patch0 -* Wed Dec 28 2016 Xiaolin Li 1.7.4-1 -- Updated Golang to 1.7.4. -* Thu Oct 06 2016 ChangLee 1.6.3-2 -- Modified %check -* Wed Jul 27 2016 Anish Swaminathan 1.6.3-1 -- Update Golang to version 1.6.3 - fixes CVE 2016-5386 -* Fri Jul 8 2016 Harish Udaiya Kumar 1.6.2-1 -- Updated the Golang to version 1.6.2 -* Thu Jun 2 2016 Priyesh Padmavilasom 1.4.2-5 -- Fix script syntax -* Tue May 24 2016 Priyesh Padmavilasom 1.4.2-4 -- GA - Bump release of all rpms -* Thu May 05 2016 Kumar Kaushik 1.4.2-3 -- Handling upgrade scenario pre/post/un scripts. -* Wed Dec 09 2015 Anish Swaminathan 1.4.2-2 -- Edit post script. -* Mon Aug 03 2015 Vinay Kulkarni 1.4.2-1 -- Update to golang release version 1.4.2 -* Fri Oct 17 2014 Divya Thaluru 1.3.3-1 -- Initial build. First version +* Fri Oct 30 2020 Thomas Crain - 1.13.15-2 +- Patch CVE-2020-24553 + +* Tue Sep 08 2020 Nicolas Ontiveros - 1.13.15-1 +- Updated to version 1.13.15, which fixes CVE-2020-14039 and CVE-2020-16845. + +* Sun May 24 2020 Mateusz Malisz - 1.13.11-1 +- Updated to version 1.13.11 + +* Sat May 09 2020 Nick Samson - 1.12.5-7 +- Added %%license line automatically + +* Thu Apr 30 2020 Emre Girgin - 1.12.5-6 +- Renaming go to golang + +* Thu Apr 23 2020 Nicolas Ontiveros - 1.12.5-5 +- Fix CVE-2019-14809. + +* Fri Mar 27 2020 Andrew Phelps - 1.12.5-4 +- Support building standalone by adding go 1.4 bootstrap. + +* Thu Feb 27 2020 Henry Beberman - 1.12.5-3 +- Remove meta dependency on libc.so.6 + +* Thu Feb 6 2020 Andrew Phelps - 1.12.5-2 +- Remove ExtraBuildRequires + +* Tue Sep 03 2019 Mateusz Malisz - 1.12.5-1 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Mon Jan 21 2019 Bo Gan - 1.9.7-1 +- Update to 1.9.7 + +* Wed Oct 24 2018 Alexey Makhalov - 1.9.4-3 +- Use extra build requires + +* Mon Apr 02 2018 Dheeraj Shetty - 1.9.4-2 +- Fix for CVE-2018-7187 + +* Thu Mar 15 2018 Xiaolin Li - 1.9.4-1 +- Update to golang release v1.9.4 + +* Tue Nov 14 2017 Alexey Makhalov - 1.9.1-2 +- Aarch64 support + +* Wed Nov 01 2017 Vinay Kulkarni - 1.9.1-1 +- Update to golang release v1.9.1 + +* Wed May 31 2017 Xiaolin Li - 1.8.1-2 +- Remove mercurial from buildrequires and requires. + +* Tue Apr 11 2017 Danut Moraru - 1.8.1-1 +- Update Golang to version 1.8.1, updated patch0 + +* Wed Dec 28 2016 Xiaolin Li - 1.7.4-1 +- Updated Golang to 1.7.4. + +* Thu Oct 06 2016 ChangLee - 1.6.3-2 +- Modified %check + +* Wed Jul 27 2016 Anish Swaminathan - 1.6.3-1 +- Update Golang to version 1.6.3 - fixes CVE 2016-5386 + +* Fri Jul 8 2016 Harish Udaiya Kumar - 1.6.2-1 +- Updated the Golang to version 1.6.2 + +* Thu Jun 2 2016 Priyesh Padmavilasom - 1.4.2-5 +- Fix script syntax + +* Tue May 24 2016 Priyesh Padmavilasom - 1.4.2-4 +- GA - Bump release of all rpms + +* Thu May 05 2016 Kumar Kaushik - 1.4.2-3 +- Handling upgrade scenario pre/post/un scripts. + +* Wed Dec 09 2015 Anish Swaminathan - 1.4.2-2 +- Edit post script. + +* Mon Aug 03 2015 Vinay Kulkarni - 1.4.2-1 +- Update to golang release version 1.4.2 + +* Fri Oct 17 2014 Divya Thaluru - 1.3.3-1 +- Initial build. First version From d8f24c1187b32e49de8355655c75e557ce8932ec Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Tue, 3 Nov 2020 15:20:26 -0800 Subject: [PATCH 078/145] Patch CVE-2020-27619 in python2 (#330) --- SPECS/python2/CVE-2020-27619.patch | 55 +++++++++++++++++++ SPECS/python2/python2.spec | 7 ++- .../manifests/package/toolchain_aarch64.txt | 16 +++--- .../manifests/package/toolchain_x86_64.txt | 16 +++--- 4 files changed, 77 insertions(+), 17 deletions(-) create mode 100644 SPECS/python2/CVE-2020-27619.patch diff --git a/SPECS/python2/CVE-2020-27619.patch b/SPECS/python2/CVE-2020-27619.patch new file mode 100644 index 00000000000..dac59bb12b9 --- /dev/null +++ b/SPECS/python2/CVE-2020-27619.patch @@ -0,0 +1,55 @@ +From e912e945f2960029d039d3390ea08835ad39374b Mon Sep 17 00:00:00 2001 +From: "Miss Skeleton (bot)" <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 19 Oct 2020 21:46:10 -0700 +Subject: [PATCH] bpo-41944: No longer call eval() on content received via HTTP + in the CJK codec tests (GH-22566) (GH-22579) + +(cherry picked from commit 2ef5caa58febc8968e670e39e3d37cf8eef3cab8) + +Co-authored-by: Serhiy Storchaka +--- + Lib/test/multibytecodec_support.py | 22 +++++++------------ + 1 file changed, 7 insertions(+), 15 deletions(-) + +diff --git a/Lib/test/multibytecodec_support.py b/Lib/test/multibytecodec_support.py +index f9884c68ebaa4..98feec2f60b19 100644 +--- a/Lib/test/multibytecodec_support.py ++++ b/Lib/test/multibytecodec_support.py +@@ -279,30 +279,22 @@ def test_mapping_file(self): + self._test_mapping_file_plain() + + def _test_mapping_file_plain(self): +- _unichr = lambda c: eval("u'\\U%08x'" % int(c, 16)) +- unichrs = lambda s: u''.join(_unichr(c) for c in s.split('+')) ++ def unichrs(s): ++ return u''.join(unichr(int(x, 16)) for x in s.split('+')) + urt_wa = {} + + with self.open_mapping_file() as f: + for line in f: + if not line: + break +- data = line.split('#')[0].strip().split() ++ data = line.split('#')[0].split() + if len(data) != 2: + continue + +- csetval = eval(data[0]) +- if csetval <= 0x7F: +- csetch = chr(csetval & 0xff) +- elif csetval >= 0x1000000: +- csetch = chr(csetval >> 24) + chr((csetval >> 16) & 0xff) + \ +- chr((csetval >> 8) & 0xff) + chr(csetval & 0xff) +- elif csetval >= 0x10000: +- csetch = chr(csetval >> 16) + \ +- chr((csetval >> 8) & 0xff) + chr(csetval & 0xff) +- elif csetval >= 0x100: +- csetch = chr(csetval >> 8) + chr(csetval & 0xff) +- else: ++ if data[0][:2] != '0x': ++ self.fail('Invalid line: %s' % repr(line)) ++ csetch = bytes.fromhex(data[0][2:]) ++ if len(csetch) == 1 and 0x80 <= csetch[0]: + continue + + unich = unichrs(data[1]) diff --git a/SPECS/python2/python2.spec b/SPECS/python2/python2.spec index 7a4137c99c0..82371d8675e 100644 --- a/SPECS/python2/python2.spec +++ b/SPECS/python2/python2.spec @@ -3,7 +3,7 @@ Summary: A high-level scripting language Name: python2 Version: 2.7.18 -Release: 4%{?dist} +Release: 5%{?dist} License: PSF URL: http://www.python.org/ Group: System Environment/Programming @@ -29,6 +29,8 @@ Patch9: CVE-2019-9674.nopatch Patch10: CVE-2007-4559.nopatch # Ignore CVE-2019-18348 since it is patched in Python 2.7 Patch11: CVE-2019-18348.nopatch +# CVE-2020-27619 patch backported from 3.6 +Patch12: CVE-2020-27619.patch BuildRequires: pkg-config >= 0.28 BuildRequires: bzip2-devel BuildRequires: openssl-devel @@ -245,6 +247,9 @@ make test %{_libdir}/python2.7/test/* %changelog +* Tue Nov 03 2020 Thomas Crain - 2.7.18-5 +- Patch CVE-2020-27619 + * Thu Oct 22 2020 Nicolas Ontiveros - 2.7.18-4 - Use autosetup - Remove CVE-2013-1753 no patch diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 060e5924c03..189c680c226 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -316,22 +316,22 @@ procps-ng-3.3.15-3.cm1.aarch64.rpm procps-ng-debuginfo-3.3.15-3.cm1.aarch64.rpm procps-ng-devel-3.3.15-3.cm1.aarch64.rpm procps-ng-lang-3.3.15-3.cm1.aarch64.rpm -python2-2.7.18-4.cm1.aarch64.rpm -python2-debuginfo-2.7.18-4.cm1.aarch64.rpm -python2-devel-2.7.18-4.cm1.aarch64.rpm -python2-libs-2.7.18-4.cm1.aarch64.rpm -python2-test-2.7.18-4.cm1.aarch64.rpm -python2-tools-2.7.18-4.cm1.aarch64.rpm +python2-2.7.18-5.cm1.aarch64.rpm +python2-debuginfo-2.7.18-5.cm1.aarch64.rpm +python2-devel-2.7.18-5.cm1.aarch64.rpm +python2-libs-2.7.18-5.cm1.aarch64.rpm +python2-test-2.7.18-5.cm1.aarch64.rpm +python2-tools-2.7.18-5.cm1.aarch64.rpm python3-cracklib-2.9.7-2.cm1.aarch64.rpm python3-gpg-1.13.1-5.cm1.aarch64.rpm python3-libxml2-2.9.10-3.cm1.aarch64.rpm python3-pwquality-1.4.2-4.cm1.aarch64.rpm python3-rpm-4.14.2-10.cm1.aarch64.rpm -python-curses-2.7.18-4.cm1.aarch64.rpm +python-curses-2.7.18-5.cm1.aarch64.rpm python-gpg-1.13.1-5.cm1.aarch64.rpm python-rpm-4.14.2-10.cm1.aarch64.rpm python-setuptools-40.2.0-5.cm1.noarch.rpm -python-xml-2.7.18-4.cm1.aarch64.rpm +python-xml-2.7.18-5.cm1.aarch64.rpm readline-7.0-4.cm1.aarch64.rpm readline-debuginfo-7.0-4.cm1.aarch64.rpm readline-devel-7.0-4.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 09d8fc9062c..5d58e30e1b2 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -316,22 +316,22 @@ procps-ng-3.3.15-3.cm1.x86_64.rpm procps-ng-debuginfo-3.3.15-3.cm1.x86_64.rpm procps-ng-devel-3.3.15-3.cm1.x86_64.rpm procps-ng-lang-3.3.15-3.cm1.x86_64.rpm -python2-2.7.18-4.cm1.x86_64.rpm -python2-debuginfo-2.7.18-4.cm1.x86_64.rpm -python2-devel-2.7.18-4.cm1.x86_64.rpm -python2-libs-2.7.18-4.cm1.x86_64.rpm -python2-test-2.7.18-4.cm1.x86_64.rpm -python2-tools-2.7.18-4.cm1.x86_64.rpm +python2-2.7.18-5.cm1.x86_64.rpm +python2-debuginfo-2.7.18-5.cm1.x86_64.rpm +python2-devel-2.7.18-5.cm1.x86_64.rpm +python2-libs-2.7.18-5.cm1.x86_64.rpm +python2-test-2.7.18-5.cm1.x86_64.rpm +python2-tools-2.7.18-5.cm1.x86_64.rpm python3-cracklib-2.9.7-2.cm1.x86_64.rpm python3-gpg-1.13.1-5.cm1.x86_64.rpm python3-libxml2-2.9.10-3.cm1.x86_64.rpm python3-pwquality-1.4.2-4.cm1.x86_64.rpm python3-rpm-4.14.2-10.cm1.x86_64.rpm -python-curses-2.7.18-4.cm1.x86_64.rpm +python-curses-2.7.18-5.cm1.x86_64.rpm python-gpg-1.13.1-5.cm1.x86_64.rpm python-rpm-4.14.2-10.cm1.x86_64.rpm python-setuptools-40.2.0-5.cm1.noarch.rpm -python-xml-2.7.18-4.cm1.x86_64.rpm +python-xml-2.7.18-5.cm1.x86_64.rpm readline-7.0-4.cm1.x86_64.rpm readline-debuginfo-7.0-4.cm1.x86_64.rpm readline-devel-7.0-4.cm1.x86_64.rpm From c98d3110271720d8e77c4713ca91b1bc2cd8551b Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com> Date: Tue, 3 Nov 2020 15:40:13 -0800 Subject: [PATCH 079/145] Patch systemd CVEs: 2019-3842, 2019-3843, 2019-3844, 2019-6454, 2019-20386, 2020-1712, 2020-13776 (#248) * Patch CVE-2019-3842 * Patch CVE-2019-3843 * Fix URL in CVE-2019-3843.patch * Patch CVE-2019-3844 * Patch CVE-2019-6454 * Update CVE-2019-6454 patch * Patch CVE-2019-20386 * Patch CVE-2020-1712 * Patch CVE-2020-13776 * Update toolchain txt files * Update systemd-bootstrap * Fix toolchain aarch64 * Fix linting for systemd-bootstrap * Address more systemd-bootstrap linting * Addres systemd spec linting * Add newline at end of systemd spec * Fix systemd-bootstrap spec --- SPECS/systemd/CVE-2019-20386.patch | 10 + SPECS/systemd/CVE-2019-3842.patch | 134 ++++++ SPECS/systemd/CVE-2019-3843.patch | 428 ++++++++++++++++++ SPECS/systemd/CVE-2019-3844.patch | 25 + SPECS/systemd/CVE-2019-6454.patch | 187 ++++++++ SPECS/systemd/CVE-2020-13776.patch | 43 ++ SPECS/systemd/CVE-2020-1712.patch | 409 +++++++++++++++++ SPECS/systemd/systemd-bootstrap.spec | 272 +++++++---- SPECS/systemd/systemd.spec | 307 ++++++++----- .../manifests/package/toolchain_aarch64.txt | 14 +- .../manifests/package/toolchain_x86_64.txt | 14 +- 11 files changed, 1626 insertions(+), 217 deletions(-) create mode 100644 SPECS/systemd/CVE-2019-20386.patch create mode 100644 SPECS/systemd/CVE-2019-3842.patch create mode 100644 SPECS/systemd/CVE-2019-3843.patch create mode 100644 SPECS/systemd/CVE-2019-3844.patch create mode 100644 SPECS/systemd/CVE-2019-6454.patch create mode 100644 SPECS/systemd/CVE-2020-13776.patch create mode 100644 SPECS/systemd/CVE-2020-1712.patch diff --git a/SPECS/systemd/CVE-2019-20386.patch b/SPECS/systemd/CVE-2019-20386.patch new file mode 100644 index 00000000000..59788bc955f --- /dev/null +++ b/SPECS/systemd/CVE-2019-20386.patch @@ -0,0 +1,10 @@ +--- a/src/login/logind-button.c ++++ b/src/login/logind-button.c +@@ -341,6 +341,7 @@ + + (void) button_set_mask(b); + ++ b->io_event_source = sd_event_source_unref(b->io_event_source); + r = sd_event_add_io(b->manager->event, &b->io_event_source, b->fd, EPOLLIN, button_dispatch, b); + if (r < 0) { + log_error_errno(r, "Failed to add button event: %m"); diff --git a/SPECS/systemd/CVE-2019-3842.patch b/SPECS/systemd/CVE-2019-3842.patch new file mode 100644 index 00000000000..e99f1ac8335 --- /dev/null +++ b/SPECS/systemd/CVE-2019-3842.patch @@ -0,0 +1,134 @@ +--- a/src/login/pam_systemd.c ++++ b/src/login/pam_systemd.c +@@ -37,6 +37,7 @@ + int argc, const char **argv, + const char **class, + const char **type, ++ const char **desktop, + bool *debug) { + + unsigned i; +@@ -45,24 +46,30 @@ + assert(argc == 0 || argv); + + for (i = 0; i < (unsigned) argc; i++) { +- if (startswith(argv[i], "class=")) { ++ const char *p; ++ ++ if ((p = startswith(argv[i], "class="))) { + if (class) +- *class = argv[i] + 6; ++ *class = p; + +- } else if (startswith(argv[i], "type=")) { ++ } else if ((p = startswith(argv[i], "type="))) { + if (type) +- *type = argv[i] + 5; ++ *type = p; ++ ++ } else if ((p = startswith(argv[i], "desktop="))) { ++ if (desktop) ++ *desktop = p; + + } else if (streq(argv[i], "debug")) { + if (debug) + *debug = true; + +- } else if (startswith(argv[i], "debug=")) { ++ } else if ((p = startswith(argv[i], "debug="))) { + int k; + +- k = parse_boolean(argv[i] + 6); ++ k = parse_boolean(p); + if (k < 0) +- pam_syslog(handle, LOG_WARNING, "Failed to parse debug= argument, ignoring."); ++ pam_syslog(handle, LOG_WARNING, "Failed to parse debug= argument, ignoring: %s", p); + else if (debug) + *debug = k; + +@@ -274,6 +281,33 @@ + return 0; + } + ++ static const char* getenv_harder(pam_handle_t *handle, const char *key, const char *fallback) { ++ const char *v; ++ ++ assert(handle); ++ assert(key); ++ ++ /* Looks for an environment variable, preferrably in the environment block associated with the ++ * specified PAM handle, falling back to the process' block instead. Why check both? Because we want ++ * to permit configuration of session properties from unit files that invoke PAM services, so that ++ * PAM services don't have to be reworked to set systemd-specific properties, but these properties ++ * can still be set from the unit file Environment= block. */ ++ ++ v = pam_getenv(handle, key); ++ if (!isempty(v)) ++ return v; ++ ++ /* We use secure_getenv() here, since we might get loaded into su/sudo, which are SUID. Ideally ++ * they'd clean up the environment before invoking foreign code (such as PAM modules), but alas they ++ * currently don't (to be precise, they clean up the environment they pass to their children, but ++ * not their own environ[]). */ ++ v = secure_getenv(key); ++ if (!isempty(v)) ++ return v; ++ ++ return fallback; ++} ++ + _public_ PAM_EXTERN int pam_sm_open_session( + pam_handle_t *handle, + int flags, +@@ -288,7 +322,7 @@ + *remote_user = NULL, *remote_host = NULL, + *seat = NULL, + *type = NULL, *class = NULL, +- *class_pam = NULL, *type_pam = NULL, *cvtnr = NULL, *desktop = NULL, ++ *class_pam = NULL, *type_pam = NULL, *cvtnr = NULL, *desktop = NULL, *desktop_pam = NULL, + *memory_max = NULL, *tasks_max = NULL, *cpu_weight = NULL, *io_weight = NULL; + _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; + int session_fd = -1, existing, r; +@@ -307,6 +341,7 @@ + argc, argv, + &class_pam, + &type_pam, ++ &desktop_pam, + &debug) < 0) + return PAM_SESSION_ERR; + +@@ -352,29 +387,11 @@ + pam_get_item(handle, PAM_RUSER, (const void**) &remote_user); + pam_get_item(handle, PAM_RHOST, (const void**) &remote_host); + +- seat = pam_getenv(handle, "XDG_SEAT"); +- if (isempty(seat)) +- seat = getenv("XDG_SEAT"); +- +- cvtnr = pam_getenv(handle, "XDG_VTNR"); +- if (isempty(cvtnr)) +- cvtnr = getenv("XDG_VTNR"); +- +- type = pam_getenv(handle, "XDG_SESSION_TYPE"); +- if (isempty(type)) +- type = getenv("XDG_SESSION_TYPE"); +- if (isempty(type)) +- type = type_pam; +- +- class = pam_getenv(handle, "XDG_SESSION_CLASS"); +- if (isempty(class)) +- class = getenv("XDG_SESSION_CLASS"); +- if (isempty(class)) +- class = class_pam; +- +- desktop = pam_getenv(handle, "XDG_SESSION_DESKTOP"); +- if (isempty(desktop)) +- desktop = getenv("XDG_SESSION_DESKTOP"); ++ seat = getenv_harder(handle, "XDG_SEAT", NULL); ++ cvtnr = getenv_harder(handle, "XDG_VTNR", NULL); ++ type = getenv_harder(handle, "XDG_SESSION_TYPE", type_pam); ++ class = getenv_harder(handle, "XDG_SESSION_CLASS", class_pam); ++ desktop = getenv_harder(handle, "XDG_SESSION_DESKTOP", desktop_pam); + + tty = strempty(tty); + diff --git a/SPECS/systemd/CVE-2019-3843.patch b/SPECS/systemd/CVE-2019-3843.patch new file mode 100644 index 00000000000..ff7e38170e4 --- /dev/null +++ b/SPECS/systemd/CVE-2019-3843.patch @@ -0,0 +1,428 @@ +--- a/src/shared/seccomp-util.c ++++ b/src/shared/seccomp-util.c +@@ -1,12 +1,14 @@ + /* SPDX-License-Identifier: LGPL-2.1+ */ + + #include ++#include + #include + #include + #include + #include + #include + #include ++#include + + #include "af-list.h" + #include "alloc-util.h" +@@ -1742,3 +1744,133 @@ + + return 0; + } ++ ++int seccomp_restrict_suid_sgid(void) { ++ uint32_t arch; ++ int r; ++ ++ SECCOMP_FOREACH_LOCAL_ARCH(arch) { ++ _cleanup_(seccomp_releasep) scmp_filter_ctx seccomp = NULL; ++ ++ r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW); ++ if (r < 0) ++ return r; ++ ++ /* Checks the mode_t parameter of the following system calls: ++ * ++ * → chmod() + fchmod() + fchmodat() ++ * → open() + creat() + openat() ++ * → mkdir() + mkdirat() ++ * → mknod() + mknodat() ++ */ ++ ++ for (unsigned bit = 0; bit < 2; bit ++) { ++ /* Block S_ISUID in the first iteration, S_ISGID in the second */ ++ mode_t m = bit == 0 ? S_ISUID : S_ISGID; ++ ++ r = seccomp_rule_add_exact( ++ seccomp, ++ SCMP_ACT_ERRNO(EPERM), ++ SCMP_SYS(chmod), ++ 1, ++ SCMP_A1(SCMP_CMP_MASKED_EQ, m, m)); ++ if (r < 0) ++ break; ++ ++ r = seccomp_rule_add_exact( ++ seccomp, ++ SCMP_ACT_ERRNO(EPERM), ++ SCMP_SYS(fchmod), ++ 1, ++ SCMP_A1(SCMP_CMP_MASKED_EQ, m, m)); ++ if (r < 0) ++ break; ++ ++ r = seccomp_rule_add_exact( ++ seccomp, ++ SCMP_ACT_ERRNO(EPERM), ++ SCMP_SYS(fchmodat), ++ 1, ++ SCMP_A2(SCMP_CMP_MASKED_EQ, m, m)); ++ if (r < 0) ++ break; ++ ++ r = seccomp_rule_add_exact( ++ seccomp, ++ SCMP_ACT_ERRNO(EPERM), ++ SCMP_SYS(mkdir), ++ 1, ++ SCMP_A1(SCMP_CMP_MASKED_EQ, m, m)); ++ if (r < 0) ++ break; ++ ++ r = seccomp_rule_add_exact( ++ seccomp, ++ SCMP_ACT_ERRNO(EPERM), ++ SCMP_SYS(mkdirat), ++ 1, ++ SCMP_A2(SCMP_CMP_MASKED_EQ, m, m)); ++ if (r < 0) ++ break; ++ ++ r = seccomp_rule_add_exact( ++ seccomp, ++ SCMP_ACT_ERRNO(EPERM), ++ SCMP_SYS(mknod), ++ 1, ++ SCMP_A1(SCMP_CMP_MASKED_EQ, m, m)); ++ if (r < 0) ++ break; ++ ++ r = seccomp_rule_add_exact( ++ seccomp, ++ SCMP_ACT_ERRNO(EPERM), ++ SCMP_SYS(mknodat), ++ 1, ++ SCMP_A2(SCMP_CMP_MASKED_EQ, m, m)); ++ if (r < 0) ++ break; ++ ++ r = seccomp_rule_add_exact( ++ seccomp, ++ SCMP_ACT_ERRNO(EPERM), ++ SCMP_SYS(open), ++ 2, ++ SCMP_A1(SCMP_CMP_MASKED_EQ, O_CREAT, O_CREAT), ++ SCMP_A2(SCMP_CMP_MASKED_EQ, m, m)); ++ if (r < 0) ++ break; ++ ++ r = seccomp_rule_add_exact( ++ seccomp, ++ SCMP_ACT_ERRNO(EPERM), ++ SCMP_SYS(openat), ++ 2, ++ SCMP_A2(SCMP_CMP_MASKED_EQ, O_CREAT, O_CREAT), ++ SCMP_A3(SCMP_CMP_MASKED_EQ, m, m)); ++ if (r < 0) ++ break; ++ ++ r = seccomp_rule_add_exact( ++ seccomp, ++ SCMP_ACT_ERRNO(EPERM), ++ SCMP_SYS(creat), ++ 1, ++ SCMP_A1(SCMP_CMP_MASKED_EQ, m, m)); ++ if (r < 0) ++ break; ++ } ++ if (r < 0) { ++ log_debug_errno(r, "Failed to add suid/sgid rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); ++ continue; ++ } ++ ++ r = seccomp_load(seccomp); ++ if (IN_SET(r, -EPERM, -EACCES)) ++ return r; ++ if (r < 0) ++ log_debug_errno(r, "Failed to apply suid/sgid restrictions for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); ++ } ++ ++ return 0; ++} +\ No newline at end of file +--- a/src/shared/seccomp-util.h ++++ b/src/shared/seccomp-util.h +@@ -85,6 +85,7 @@ + int seccomp_restrict_realtime(void); + int seccomp_memory_deny_write_execute(void); + int seccomp_lock_personality(unsigned long personality); ++ int seccomp_restrict_suid_sgid(void); + + extern const uint32_t seccomp_local_archs[]; + +--- a/src/core/dbus-execute.c ++++ b/src/core/dbus-execute.c +@@ -769,6 +769,7 @@ + SD_BUS_PROPERTY("ConfigurationDirectory", "as", NULL, offsetof(ExecContext, directories[EXEC_DIRECTORY_CONFIGURATION].paths), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("MemoryDenyWriteExecute", "b", bus_property_get_bool, offsetof(ExecContext, memory_deny_write_execute), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("RestrictRealtime", "b", bus_property_get_bool, offsetof(ExecContext, restrict_realtime), SD_BUS_VTABLE_PROPERTY_CONST), ++ SD_BUS_PROPERTY("RestrictSUIDSGID", "b", bus_property_get_bool, offsetof(ExecContext, restrict_suid_sgid), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("RestrictNamespaces", "t", bus_property_get_ulong, offsetof(ExecContext, restrict_namespaces), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("BindPaths", "a(ssbt)", property_get_bind_paths, 0, SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("BindReadOnlyPaths", "a(ssbt)", property_get_bind_paths, 0, SD_BUS_VTABLE_PROPERTY_CONST), +@@ -1127,6 +1128,9 @@ + if (streq(name, "RestrictRealtime")) + return bus_set_transient_bool(u, name, &c->restrict_realtime, message, flags, error); + ++ if (streq(name, "RestrictSUIDSGID")) ++ return bus_set_transient_bool(u, name, &c->restrict_suid_sgid, message, flags, error); ++ + if (streq(name, "DynamicUser")) + return bus_set_transient_bool(u, name, &c->dynamic_user, message, flags, error); + +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -1366,6 +1366,7 @@ + return context_has_address_families(c) || + c->memory_deny_write_execute || + c->restrict_realtime || ++ c->restrict_suid_sgid || + exec_context_restrict_namespaces_set(c) || + c->protect_kernel_tunables || + c->protect_kernel_modules || +@@ -1470,6 +1471,19 @@ + return seccomp_restrict_realtime(); + } + ++static int apply_restrict_suid_sgid(const Unit* u, const ExecContext *c) { ++ assert(u); ++ assert(c); ++ ++ if (!c->restrict_suid_sgid) ++ return 0; ++ ++ if (skip_seccomp_unavailable(u, "RestrictSUIDSGID=")) ++ return 0; ++ ++ return seccomp_restrict_suid_sgid(); ++} ++ + static int apply_protect_sysctl(const Unit *u, const ExecContext *c) { + assert(u); + assert(c); +@@ -3331,6 +3345,12 @@ + return log_unit_error_errno(unit, r, "Failed to apply realtime restrictions: %m"); + } + ++ r = apply_restrict_suid_sgid(unit, context); ++ if (r < 0) { ++ *exit_status = EXIT_SECCOMP; ++ return log_unit_error_errno(unit, r, "Failed to apply SUID/SGID restrictions: %m"); ++ } ++ + r = apply_restrict_namespaces(unit, context); + if (r < 0) { + *exit_status = EXIT_SECCOMP; +@@ -3920,6 +3940,7 @@ + "%sIgnoreSIGPIPE: %s\n" + "%sMemoryDenyWriteExecute: %s\n" + "%sRestrictRealtime: %s\n" ++ "%sRestrictSUIDSGID: %s\n" + "%sKeyringMode: %s\n", + prefix, c->umask, + prefix, c->working_directory ? c->working_directory : "/", +@@ -3938,6 +3959,7 @@ + prefix, yes_no(c->ignore_sigpipe), + prefix, yes_no(c->memory_deny_write_execute), + prefix, yes_no(c->restrict_realtime), ++ prefix, yes_no(c->restrict_suid_sgid), + prefix, exec_keyring_mode_to_string(c->keyring_mode)); + + if (c->root_image) + +--- a/src/core/execute.h ++++ b/src/core/execute.h +@@ -260,6 +260,7 @@ + + bool memory_deny_write_execute; + bool restrict_realtime; ++ bool restrict_suid_sgid; + + bool oom_score_adjust_set:1; + bool nice_set:1; + +--- a/src/core/load-fragment-gperf.gperf.m4 ++++ b/src/core/load-fragment-gperf.gperf.m4 +@@ -72,6 +72,7 @@ + $1.MemoryDenyWriteExecute, config_parse_bool, 0, offsetof($1, exec_context.memory_deny_write_execute) + $1.RestrictNamespaces, config_parse_restrict_namespaces, 0, offsetof($1, exec_context) + $1.RestrictRealtime, config_parse_bool, 0, offsetof($1, exec_context.restrict_realtime) ++$1.RestrictSUIDSGID, config_parse_bool, 0, offsetof($1, exec_context.restrict_suid_sgid) + $1.RestrictAddressFamilies, config_parse_address_families, 0, offsetof($1, exec_context) + $1.LockPersonality, config_parse_bool, 0, offsetof($1, exec_context.lock_personality)', + `$1.SystemCallFilter, config_parse_warn_compat, DISABLED_CONFIGURATION, 0 +@@ -80,6 +81,7 @@ + $1.MemoryDenyWriteExecute, config_parse_warn_compat, DISABLED_CONFIGURATION, 0 + $1.RestrictNamespaces, config_parse_warn_compat, DISABLED_CONFIGURATION, 0 + $1.RestrictRealtime, config_parse_warn_compat, DISABLED_CONFIGURATION, 0 ++$1.RestrictSUIDSGID, config_parse_warn_compat, DISABLED_CONFIGURATION, 0 + $1.RestrictAddressFamilies, config_parse_warn_compat, DISABLED_CONFIGURATION, 0 + $1.LockPersonality, config_parse_warn_compat, DISABLED_CONFIGURATION, 0') + $1.LimitCPU, config_parse_rlimit, RLIMIT_CPU, offsetof($1, exec_context.rlimit) + +--- a/src/shared/bus-unit-util.c ++++ b/src/shared/bus-unit-util.c +@@ -697,7 +697,7 @@ + "PrivateMounts", "NoNewPrivileges", "SyslogLevelPrefix", + "MemoryDenyWriteExecute", "RestrictRealtime", "DynamicUser", "RemoveIPC", + "ProtectKernelTunables", "ProtectKernelModules", "ProtectControlGroups", +- "MountAPIVFS", "CPUSchedulingResetOnFork", "LockPersonality")) ++ "MountAPIVFS", "CPUSchedulingResetOnFork", "LockPersonality", "RestrictSUIDSGID")) + + return bus_append_parse_boolean(m, field, eq); + +--- a/test/fuzz-corpus/unit-file/directives.service ++++ b/test/fuzz-corpus/unit-file/directives.service +@@ -847,6 +847,7 @@ + RestrictAddressFamilies= + RestrictNamespaces= + RestrictRealtime= ++RestrictSUIDSGID= + RuntimeDirectory= + RuntimeDirectoryMode= + RuntimeDirectoryPreserve= + +--- a/doc/TRANSIENT-SETTINGS.md ++++ b/doc/TRANSIENT-SETTINGS.md +@@ -147,6 +147,7 @@ + ✓ MemoryDenyWriteExecute= + ✓ RestrictNamespaces= + ✓ RestrictRealtime= ++✓ RestrictSUIDSGID= + ✓ RestrictAddressFamilies= + ✓ LockPersonality= + ✓ LimitCPU= + +--- a/units/systemd-coredump@.service.in ++++ b/units/systemd-coredump@.service.in +@@ -31,6 +31,7 @@ + ProtectKernelModules=yes + MemoryDenyWriteExecute=yes + RestrictRealtime=yes ++RestrictSUIDSGID=yes + RestrictNamespaces=yes + RestrictAddressFamilies=AF_UNIX + SystemCallFilter=@system-service + +--- a/units/systemd-hostnamed.service.in ++++ b/units/systemd-hostnamed.service.in +@@ -27,6 +27,7 @@ + ProtectKernelModules=yes + MemoryDenyWriteExecute=yes + RestrictRealtime=yes ++RestrictSUIDSGID=yes + RestrictNamespaces=yes + RestrictAddressFamilies=AF_UNIX + SystemCallFilter=@system-service sethostname + +--- a/units/systemd-journal-remote.service.in ++++ b/units/systemd-journal-remote.service.in +@@ -26,6 +26,7 @@ + ProtectKernelModules=yes + MemoryDenyWriteExecute=yes + RestrictRealtime=yes ++RestrictSUIDSGID=yes + RestrictNamespaces=yes + RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 + SystemCallArchitectures=native + +--- a/units/systemd-journald.service.in ++++ b/units/systemd-journald.service.in +@@ -27,6 +27,7 @@ + CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE + MemoryDenyWriteExecute=yes + RestrictRealtime=yes ++RestrictSUIDSGID=yes + RestrictNamespaces=yes + RestrictAddressFamilies=AF_UNIX AF_NETLINK + SystemCallFilter=@system-service + +--- a/units/systemd-localed.service.in ++++ b/units/systemd-localed.service.in +@@ -27,6 +27,7 @@ + ProtectKernelModules=yes + MemoryDenyWriteExecute=yes + RestrictRealtime=yes ++RestrictSUIDSGID=yes + RestrictNamespaces=yes + RestrictAddressFamilies=AF_UNIX + SystemCallFilter=@system-service + +--- a/units/systemd-logind.service.in ++++ b/units/systemd-logind.service.in +@@ -28,6 +28,7 @@ + CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG + MemoryDenyWriteExecute=yes + RestrictRealtime=yes ++RestrictSUIDSGID=yes + RestrictNamespaces=yes + RestrictAddressFamilies=AF_UNIX AF_NETLINK + SystemCallFilter=@system-service + +--- a/units/systemd-networkd.service.in ++++ b/units/systemd-networkd.service.in +@@ -33,6 +33,7 @@ + ProtectKernelModules=yes + MemoryDenyWriteExecute=yes + RestrictRealtime=yes ++RestrictSUIDSGID=yes + RestrictNamespaces=yes + RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 AF_PACKET + SystemCallFilter=@system-service + +--- a/units/systemd-resolved.service.in ++++ b/units/systemd-resolved.service.in +@@ -36,6 +36,7 @@ + ProtectKernelModules=yes + MemoryDenyWriteExecute=yes + RestrictRealtime=yes ++RestrictSUIDSGID=yes + RestrictNamespaces=yes + RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 + SystemCallFilter=@system-service + +--- a/units/systemd-timedated.service.in ++++ b/units/systemd-timedated.service.in +@@ -25,6 +25,7 @@ + ProtectKernelModules=yes + MemoryDenyWriteExecute=yes + RestrictRealtime=yes ++RestrictSUIDSGID=yes + RestrictNamespaces=yes + RestrictAddressFamilies=AF_UNIX + SystemCallFilter=@system-service @clock + +--- a/units/systemd-timesyncd.service.in ++++ b/units/systemd-timesyncd.service.in +@@ -35,6 +35,7 @@ + ProtectKernelModules=yes + MemoryDenyWriteExecute=yes + RestrictRealtime=yes ++RestrictSUIDSGID=yes + RestrictNamespaces=yes + RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 + RuntimeDirectory=systemd/timesync + +--- a/units/systemd-udevd.service.in ++++ b/units/systemd-udevd.service.in +@@ -27,8 +27,9 @@ + TasksMax=infinity + PrivateMounts=yes + MemoryDenyWriteExecute=yes +-RestrictRealtime=yes + RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 ++RestrictRealtime=yes ++RestrictSUIDSGID=yes + SystemCallFilter=@system-service @module @raw-io + SystemCallErrorNumber=EPERM + SystemCallArchitectures=native diff --git a/SPECS/systemd/CVE-2019-3844.patch b/SPECS/systemd/CVE-2019-3844.patch new file mode 100644 index 00000000000..edaf998e277 --- /dev/null +++ b/SPECS/systemd/CVE-2019-3844.patch @@ -0,0 +1,25 @@ +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -4131,14 +4131,20 @@ + return -ENOMEM; + } + +- /* If the dynamic user option is on, let's make sure that the unit can't leave its UID/GID +- * around in the file system or on IPC objects. Hence enforce a strict sandbox. */ ++ /* If the dynamic user option is on, let's make sure that the unit can't leave its ++ * UID/GID around in the file system or on IPC objects. Hence enforce a strict ++ * sandbox. */ + + ec->private_tmp = true; + ec->remove_ipc = true; + ec->protect_system = PROTECT_SYSTEM_STRICT; + if (ec->protect_home == PROTECT_HOME_NO) + ec->protect_home = PROTECT_HOME_READ_ONLY; ++ ++ /* Make sure this service can neither benefit from SUID/SGID binaries nor create ++ * them. */ ++ ec->no_new_privileges = true; ++ ec->restrict_suid_sgid = true; + } + } + diff --git a/SPECS/systemd/CVE-2019-6454.patch b/SPECS/systemd/CVE-2019-6454.patch new file mode 100644 index 00000000000..e98dd653c49 --- /dev/null +++ b/SPECS/systemd/CVE-2019-6454.patch @@ -0,0 +1,187 @@ +--- a/src/libsystemd/sd-bus/bus-internal.c ++++ b/src/libsystemd/sd-bus/bus-internal.c +@@ -45,7 +45,7 @@ + if (slash) + return false; + +- return true; ++ return (q - p) <= BUS_PATH_SIZE_MAX; + } + + char* object_path_startswith(const char *a, const char *b) { + +--- a/src/libsystemd/sd-bus/bus-internal.h ++++ b/src/libsystemd/sd-bus/bus-internal.h +@@ -333,6 +333,10 @@ + + #define BUS_MESSAGE_SIZE_MAX (128*1024*1024) + #define BUS_AUTH_SIZE_MAX (64*1024) ++/* Note that the D-Bus specification states that bus paths shall have no size limit. We enforce here one ++ * anyway, since truly unbounded strings are a security problem. The limit we pick is relatively large however, ++ * to not clash unnecessarily with real-life applications. */ ++#define BUS_PATH_SIZE_MAX (64*1024) + + #define BUS_CONTAINER_DEPTH 128 + +--- a/src/libsystemd/sd-bus/bus-objects.c ++++ b/src/libsystemd/sd-bus/bus-objects.c +@@ -1134,7 +1134,8 @@ + const char *path, + sd_bus_error *error) { + +- char *prefix; ++ _cleanup_free_ char *prefix = NULL; ++ size_t pl; + int r; + + assert(bus); +@@ -1150,7 +1151,12 @@ + return 0; + + /* Second, add fallback vtables registered for any of the prefixes */ +- prefix = alloca(strlen(path) + 1); ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; ++ + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + r = object_manager_serialize_path(bus, reply, prefix, path, true, error); + if (r < 0) +@@ -1346,6 +1352,7 @@ + } + + int bus_process_object(sd_bus *bus, sd_bus_message *m) { ++ _cleanup_free_ char *prefix = NULL; + int r; + size_t pl; + bool found_object = false; +@@ -1370,9 +1377,11 @@ + assert(m->member); + + pl = strlen(m->path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; + do { +- char prefix[pl+1]; +- + bus->nodes_modified = false; + + r = object_find_and_run(bus, m, m->path, false, &found_object); +@@ -1499,9 +1508,15 @@ + + n = hashmap_get(bus->nodes, path); + if (!n) { +- char *prefix; ++ _cleanup_free_ char *prefix = NULL; ++ size_t pl; ++ ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; + +- prefix = alloca(strlen(path) + 1); + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + n = hashmap_get(bus->nodes, prefix); + if (n) +@@ -2091,8 +2106,9 @@ + char **names) { + + BUS_DONT_DESTROY(bus); ++ _cleanup_free_ char *prefix = NULL; + bool found_interface = false; +- char *prefix; ++ size_t pl; + int r; + + assert_return(bus, -EINVAL); +@@ -2110,6 +2126,12 @@ + included in the PropertiesChanged message. */ + if (names && names[0] == NULL) + return 0; ++ ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; + + do { + bus->nodes_modified = false; +@@ -2252,7 +2274,8 @@ + + static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *path) { + _cleanup_set_free_ Set *s = NULL; +- char *prefix; ++ _cleanup_free_ char *prefix = NULL; ++ size_t pl; + int r; + + assert(bus); +@@ -2297,7 +2320,12 @@ + if (bus->nodes_modified) + return 0; + +- prefix = alloca(strlen(path) + 1); ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; ++ + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + r = object_added_append_all_prefix(bus, m, s, prefix, path, true); + if (r < 0) +@@ -2436,7 +2464,8 @@ + + static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char *path) { + _cleanup_set_free_ Set *s = NULL; +- char *prefix; ++ _cleanup_free_ char *prefix = NULL; ++ size_t pl; + int r; + + assert(bus); +@@ -2468,7 +2497,12 @@ + if (bus->nodes_modified) + return 0; + +- prefix = alloca(strlen(path) + 1); ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; ++ + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + r = object_removed_append_all_prefix(bus, m, s, prefix, path, true); + if (r < 0) +@@ -2618,7 +2652,8 @@ + const char *path, + const char *interface) { + +- char *prefix; ++ _cleanup_free_ char *prefix = NULL; ++ size_t pl; + int r; + + assert(bus); +@@ -2632,7 +2667,12 @@ + if (bus->nodes_modified) + return 0; + +- prefix = alloca(strlen(path) + 1); ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; ++ + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + r = interfaces_added_append_one_prefix(bus, m, prefix, path, interface, true); + if (r != 0) diff --git a/SPECS/systemd/CVE-2020-13776.patch b/SPECS/systemd/CVE-2020-13776.patch new file mode 100644 index 00000000000..d935469d89f --- /dev/null +++ b/SPECS/systemd/CVE-2020-13776.patch @@ -0,0 +1,43 @@ +--- a/src/basic/user-util.c ++++ b/src/basic/user-util.c +@@ -49,7 +49,7 @@ + assert(s); + + assert_cc(sizeof(uid_t) == sizeof(uint32_t)); +- r = safe_atou32(s, &uid); ++ r = safe_atou32_full(s, 10, &uid); + if (r < 0) + return r; + +--- a/src/test/test-user-util.c ++++ b/src/test/test-user-util.c +@@ -49,6 +49,14 @@ + + r = parse_uid("asdsdas", &uid); + assert_se(r == -EINVAL); ++ ++ r = parse_uid("0x1234", &uid); ++ assert_se(r == -EINVAL); ++ assert_se(uid == 100); ++ ++ r = parse_uid("01234", &uid); ++ assert_se(r == 0); ++ assert_se(uid == 1234); + } + + static void test_uid_ptr(void) { + +--- a/src/basic/parse-util.h ++++ b/src/basic/parse-util.h +@@ -50,6 +50,11 @@ + + int safe_atoi16(const char *s, int16_t *ret); + ++static inline int safe_atou32_full(const char *s, unsigned base, uint32_t *ret_u) { ++ assert_cc(sizeof(uint32_t) == sizeof(unsigned)); ++ return safe_atou_full(s, base, (unsigned*) ret_u); ++} ++ + static inline int safe_atou32(const char *s, uint32_t *ret_u) { + assert_cc(sizeof(uint32_t) == sizeof(unsigned)); + return safe_atou(s, (unsigned*) ret_u); diff --git a/SPECS/systemd/CVE-2020-1712.patch b/SPECS/systemd/CVE-2020-1712.patch new file mode 100644 index 00000000000..15eab5437d8 --- /dev/null +++ b/SPECS/systemd/CVE-2020-1712.patch @@ -0,0 +1,409 @@ +--- a/src/shared/bus-util.c ++++ b/src/shared/bus-util.c +@@ -319,10 +319,9 @@ + + typedef struct AsyncPolkitQuery { + sd_bus_message *request, *reply; +- sd_bus_message_handler_t callback; +- void *userdata; + sd_bus_slot *slot; + Hashmap *registry; ++ sd_event_source *defer_event_source; + } AsyncPolkitQuery; + + static void async_polkit_query_free(AsyncPolkitQuery *q) { +@@ -338,9 +337,22 @@ + sd_bus_message_unref(q->request); + sd_bus_message_unref(q->reply); + ++ sd_event_source_disable_unref(q->defer_event_source); + free(q); + } + ++static int async_polkit_defer(sd_event_source *s, void *userdata) { ++ AsyncPolkitQuery *q = userdata; ++ ++ assert(s); ++ ++ /* This is called as idle event source after we processed the async polkit reply, hopefully after the ++ * method call we re-enqueued has been properly processed. */ ++ ++ async_polkit_query_free(q); ++ return 0; ++} ++ + static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_error *error) { + _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL; + AsyncPolkitQuery *q = userdata; +@@ -349,19 +361,44 @@ + assert(reply); + assert(q); + ++ assert(q->slot); + q->slot = sd_bus_slot_unref(q->slot); ++ ++ assert(!q->reply); + q->reply = sd_bus_message_ref(reply); + ++ /* Now, let's dispatch the original message a second time be re-enqueing. This will then traverse the ++ * whole message processing again, and thus re-validating and re-retrieving the "userdata" field ++ * again. ++ * ++ * We install an idle event loop event to clean-up the PolicyKit request data when we are idle again, ++ * i.e. after the second time the message is processed is complete. */ ++ ++ assert(!q->defer_event_source); ++ r = sd_event_add_defer(sd_bus_get_event(sd_bus_message_get_bus(reply)), &q->defer_event_source, async_polkit_defer, q); ++ if (r < 0) ++ goto fail; ++ ++ r = sd_event_source_set_priority(q->defer_event_source, SD_EVENT_PRIORITY_IDLE); ++ if (r < 0) ++ goto fail; ++ ++ r = sd_event_source_set_enabled(q->defer_event_source, SD_EVENT_ONESHOT); ++ if (r < 0) ++ goto fail; ++ + r = sd_bus_message_rewind(q->request, true); +- if (r < 0) { +- r = sd_bus_reply_method_errno(q->request, r, NULL); +- goto finish; +- } +- +- r = q->callback(q->request, q->userdata, &error_buffer); +- r = bus_maybe_reply_error(q->request, r, &error_buffer); ++ if (r < 0) ++ goto fail; + +-finish: ++ r = sd_bus_enqueue_for_read(sd_bus_message_get_bus(q->request), q->request); ++ if (r < 0) ++ goto fail; ++ ++ return 1; ++fail: ++ log_debug_errno(r, "Processing asynchronous PolicyKit reply failed, ignoring: %m"); ++ (void) sd_bus_reply_method_errno(q->request, r, NULL); + async_polkit_query_free(q); + + return r; +@@ -382,11 +419,12 @@ + #if ENABLE_POLKIT + _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL; + AsyncPolkitQuery *q; +- const char *sender, **k, **v; ++ const char **k, **v; + sd_bus_message_handler_t callback; + void *userdata; + int c; + #endif ++ const char *sender; + int r; + + assert(call); +@@ -444,20 +482,11 @@ + else if (r > 0) + return 1; + +-#if ENABLE_POLKIT +- if (sd_bus_get_current_message(call->bus) != call) +- return -EINVAL; +- +- callback = sd_bus_get_current_handler(call->bus); +- if (!callback) +- return -EINVAL; +- +- userdata = sd_bus_get_current_userdata(call->bus); +- + sender = sd_bus_message_get_sender(call); + if (!sender) + return -EBADMSG; + ++#if ENABLE_POLKIT + c = sd_bus_message_get_allow_interactive_authorization(call); + if (c < 0) + return c; +@@ -509,8 +538,6 @@ + return -ENOMEM; + + q->request = sd_bus_message_ref(call); +- q->callback = callback; +- q->userdata = userdata; + + r = hashmap_put(*registry, call, q); + if (r < 0) { + +--- a/src/libsystemd/libsystemd.sym ++++ b/src/libsystemd/libsystemd.sym +@@ -556,6 +556,7 @@ + + LIBSYSTEMD_239 { + global: ++ sd_bus_enqueue_for_read; + sd_bus_open_with_description; + sd_bus_open_user_with_description; + sd_bus_open_system_with_description; + +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -148,13 +148,13 @@ + assert(b); + + while (b->rqueue_size > 0) +- sd_bus_message_unref(b->rqueue[--b->rqueue_size]); ++ bus_message_unref_queued(b->rqueue[--b->rqueue_size], b); + + b->rqueue = mfree(b->rqueue); + b->rqueue_allocated = 0; + + while (b->wqueue_size > 0) +- sd_bus_message_unref(b->wqueue[--b->wqueue_size]); ++ bus_message_unref_queued(b->wqueue[--b->wqueue_size], b); + + b->wqueue = mfree(b->wqueue); + b->wqueue_allocated = 0; +@@ -493,7 +493,7 @@ + + /* Insert at the very front */ + memmove(bus->rqueue + 1, bus->rqueue, sizeof(sd_bus_message*) * bus->rqueue_size); +- bus->rqueue[0] = TAKE_PTR(m); ++ bus->rqueue[0] = bus_message_ref_queued(m, bus); + bus->rqueue_size++; + + return 0; +@@ -1716,7 +1716,7 @@ + * anyway. */ + + bus->wqueue_size--; +- sd_bus_message_unref(bus->wqueue[0]); ++ bus_message_unref_queued(bus->wqueue[0], bus); + memmove(bus->wqueue, bus->wqueue + 1, sizeof(sd_bus_message*) * bus->wqueue_size); + bus->windex = 0; + +@@ -1838,7 +1838,7 @@ + * of the wqueue array is always allocated so + * that we always can remember how much was + * written. */ +- bus->wqueue[0] = sd_bus_message_ref(m); ++ bus->wqueue[0] = bus_message_ref_queued(m, bus); + bus->wqueue_size = 1; + bus->windex = idx; + } +@@ -1852,7 +1852,7 @@ + if (!GREEDY_REALLOC(bus->wqueue, bus->wqueue_allocated, bus->wqueue_size + 1)) + return -ENOMEM; + +- bus->wqueue[bus->wqueue_size++] = sd_bus_message_ref(m); ++ bus->wqueue[bus->wqueue_size++] = bus_message_ref_queued(m, bus); + } + + finish: +@@ -2084,7 +2084,7 @@ + + if (incoming->reply_cookie == cookie) { + /* Found a match! */ +- ++ bus_message_unref_queued(bus->rqueue[i], bus); + memmove(bus->rqueue + i, bus->rqueue + i + 1, sizeof(sd_bus_message*) * (bus->rqueue_size - i - 1)); + bus->rqueue_size--; + log_debug_bus_message(incoming); +@@ -2118,6 +2118,7 @@ + incoming->sender && + streq(bus->unique_name, incoming->sender)) { + ++ bus_message_unref_queued(bus->rqueue[i], bus); + memmove(bus->rqueue + i, bus->rqueue + i + 1, sizeof(sd_bus_message*) * (bus->rqueue_size - i - 1)); + bus->rqueue_size--; + +@@ -4075,3 +4076,27 @@ + *ret = bus->wqueue_size; + return 0; + } ++ ++_public_ int sd_bus_enqueue_for_read(sd_bus *bus, sd_bus_message *m) { ++ int r; ++ ++ assert_return(bus, -EINVAL); ++ assert_return(bus = bus_resolve(bus), -ENOPKG); ++ assert_return(m, -EINVAL); ++ assert_return(m->sealed, -EINVAL); ++ assert_return(!bus_pid_changed(bus), -ECHILD); ++ ++ if (!BUS_IS_OPEN(bus->state)) ++ return -ENOTCONN; ++ ++ /* Re-enqueue a message for reading. This is primarily useful for PolicyKit-style authentication, ++ * where we want accept a message, then determine we need to interactively authenticate the user, and then ++ * when we want to process the message again. */ ++ ++ r = bus_rqueue_make_room(bus); ++ if (r < 0) ++ return r; ++ ++ bus->rqueue[bus->rqueue_size++] = bus_message_ref_queued(m, bus); ++ return 0; ++} + +--- a/src/systemd/sd-bus.h ++++ b/src/systemd/sd-bus.h +@@ -193,6 +193,7 @@ + int sd_bus_process_priority(sd_bus *bus, int64_t max_priority, sd_bus_message **r); + int sd_bus_wait(sd_bus *bus, uint64_t timeout_usec); + int sd_bus_flush(sd_bus *bus); ++int sd_bus_enqueue_for_read(sd_bus *bus, sd_bus_message *m); + + sd_bus_slot* sd_bus_get_current_slot(sd_bus *bus); + sd_bus_message* sd_bus_get_current_message(sd_bus *bus); + +--- a/src/libsystemd/sd-bus/bus-message.c ++++ b/src/libsystemd/sd-bus/bus-message.c +@@ -876,28 +876,78 @@ + return 0; + } + +-_public_ sd_bus_message* sd_bus_message_ref(sd_bus_message *m) { + ++_public_ sd_bus_message* sd_bus_message_ref(sd_bus_message *m) { + if (!m) + return NULL; + +- assert(m->n_ref > 0); ++ /* We are fine if this message so far was either explicitly reffed or not reffed but queued into at ++ * least one bus connection object. */ ++ assert(m->n_ref > 0 || m->n_queued > 0); ++ + m->n_ref++; + ++ /* Each user reference to a bus message shall also be considered a ref on the bus */ ++ sd_bus_ref(m->bus); + return m; + } + + _public_ sd_bus_message* sd_bus_message_unref(sd_bus_message *m) { +- + if (!m) + return NULL; + + assert(m->n_ref > 0); ++ ++ sd_bus_unref(m->bus); /* Each regular ref is also a ref on the bus connection. Let's hence drop it ++ * here. Note we have to do this before decrementing our own n_ref here, since ++ * otherwise, if this message is currently queued sd_bus_unref() might call ++ * bus_message_unref_queued() for this which might then destroy the message ++ * while we are still processing it. */ + m->n_ref--; + +- if (m->n_ref > 0) ++ if (m->n_ref > 0 || m->n_queued > 0) ++ return NULL; ++ ++ /* Unset the bus field if neither the user has a reference nor this message is queued. We are careful ++ * to reset the field only after the last reference to the bus is dropped, after all we might keep ++ * multiple references to the bus, once for each reference kept on ourselves. */ ++ m->bus = NULL; ++ ++ return message_free(m); ++} ++ ++sd_bus_message* bus_message_ref_queued(sd_bus_message *m, sd_bus *bus) { ++ if (!m) ++ return NULL; ++ ++ /* If this is a different bus than the message is associated with, then implicitly turn this into a ++ * regular reference. This means that you can create a memory leak by enqueuing a message generated ++ * on one bus onto another at the same time as enqueueing a message from the second one on the first, ++ * as we'll not detect the cyclic references there. */ ++ if (bus != m->bus) ++ return sd_bus_message_ref(m); ++ ++ assert(m->n_ref > 0 || m->n_queued > 0); ++ m->n_queued++; ++ ++ return m; ++} ++ ++sd_bus_message* bus_message_unref_queued(sd_bus_message *m, sd_bus *bus) { ++ if (!m) ++ return NULL; ++ ++ if (bus != m->bus) ++ return sd_bus_message_unref(m); ++ ++ assert(m->n_queued > 0); ++ m->n_queued--; ++ ++ if (m->n_ref > 0 || m->n_queued > 0) + return NULL; + ++ m->bus = NULL; ++ + return message_free(m); + } + +--- a/src/libsystemd/sd-bus/bus-message.h ++++ b/src/libsystemd/sd-bus/bus-message.h +@@ -51,7 +51,16 @@ + }; + + struct sd_bus_message { +- unsigned n_ref; ++ /* Caveat: a message can be referenced in two different ways: the main (user-facing) way will also ++ * pin the bus connection object the message is associated with. The secondary way ("queued") is used ++ * when a message is in the read or write queues of the bus connection object, which will not pin the ++ * bus connection object. This is necessary so that we don't have to have a pair of cyclic references ++ * between a message that is queued and its connection: as soon as a message is only referenced by ++ * the connection (by means of being queued) and the connection itself has no other references it ++ * will be freed. */ ++ ++ unsigned n_ref; /* Counter of references that pin the connection */ ++ unsigned n_queued; /* Counter of references that do not pin the connection */ + + sd_bus *bus; + +@@ -216,3 +225,6 @@ + + void bus_message_set_sender_driver(sd_bus *bus, sd_bus_message *m); + void bus_message_set_sender_local(sd_bus *bus, sd_bus_message *m); ++ ++sd_bus_message* bus_message_ref_queued(sd_bus_message *m, sd_bus *bus); ++sd_bus_message* bus_message_unref_queued(sd_bus_message *m, sd_bus *bus); +\ No newline at end of file + +--- a/src/libsystemd/sd-bus/bus-socket.c ++++ b/src/libsystemd/sd-bus/bus-socket.c +@@ -1117,7 +1117,7 @@ + bus->fds = NULL; + bus->n_fds = 0; + +- bus->rqueue[bus->rqueue_size++] = t; ++ bus->rqueue[bus->rqueue_size++] = bus_message_ref_queued(t, bus); + + return 1; + } + +--- a/src/systemd/sd-event.h ++++ b/src/systemd/sd-event.h +@@ -84,6 +84,7 @@ + int sd_event_new(sd_event **e); + sd_event* sd_event_ref(sd_event *e); + sd_event* sd_event_unref(sd_event *e); ++sd_event_source* sd_event_source_disable_unref(sd_event_source *s); + + int sd_event_add_io(sd_event *e, sd_event_source **s, int fd, uint32_t events, sd_event_io_handler_t callback, void *userdata); + int sd_event_add_time(sd_event *e, sd_event_source **s, clockid_t clock, uint64_t usec, uint64_t accuracy, sd_event_time_handler_t callback, void *userdata); + +--- a/src/libsystemd/sd-event/sd-event.c ++++ b/src/libsystemd/sd-event/sd-event.c +@@ -580,6 +580,12 @@ + return NULL; + } + ++_public_ sd_event_source* sd_event_source_disable_unref(sd_event_source *s) { ++ if (s) ++ (void) sd_event_source_set_enabled(s, SD_EVENT_OFF); ++ return sd_event_source_unref(s); ++} ++ + static bool event_pid_changed(sd_event *e) { + assert(e); diff --git a/SPECS/systemd/systemd-bootstrap.spec b/SPECS/systemd/systemd-bootstrap.spec index 897c7d2f095..528362f3108 100644 --- a/SPECS/systemd/systemd-bootstrap.spec +++ b/SPECS/systemd/systemd-bootstrap.spec @@ -1,65 +1,70 @@ -Summary: Bootstrap version of systemd. Workaround for systemd circular dependency. -Name: systemd-bootstrap -Version: 239 -Release: 29%{?dist} -License: LGPLv2+ and GPLv2+ and MIT -URL: https://www.freedesktop.org/wiki/Software/systemd/ -Group: System Environment/Security -Vendor: Microsoft Corporation -Distribution: Mariner -#Source0: https://github.com/systemd/systemd-stable/archive/v%{version}.tar.gz -Source0: systemd-%{version}.tar.gz -Source1: 50-security-hardening.conf -Source2: systemd.cfg -Source3: 99-dhcp-en.network - -Patch0: 01-enoX-uses-instance-number-for-vmware-hv.patch -Patch1: 02-install-general-aliases.patch -Patch2: systemd-239-default-dns-from-env.patch -Patch3: systemd-macros.patch -Patch4: systemd-239-query-duid.patch +Summary: Bootstrap version of systemd. Workaround for systemd circular dependency. +Name: systemd-bootstrap +Version: 239 +Release: 30%{?dist} +License: LGPLv2+ AND GPLv2+ AND MIT +Vendor: Microsoft Corporation +Distribution: Mariner +Group: System Environment/Security +URL: https://www.freedesktop.org/wiki/Software/systemd/ +#Source0: https://github.com/systemd/systemd-stable/archive/v%{version}.tar.gz +Source0: systemd-%{version}.tar.gz +Source1: 50-security-hardening.conf +Source2: systemd.cfg +Source3: 99-dhcp-en.network +Patch0: 01-enoX-uses-instance-number-for-vmware-hv.patch +Patch1: 02-install-general-aliases.patch +Patch2: systemd-239-default-dns-from-env.patch +Patch3: systemd-macros.patch +Patch4: systemd-239-query-duid.patch # Fix glibc-2.28 build issue. Checked in upstream after v239 -Patch5: systemd-239-glibc-build-fix.patch -Patch6: systemd-239-revert-mtu.patch -Patch7: systemd-239-CVE-2018-15688.patch -Patch8: systemd-239-CVE-2018-15686.patch -Patch9: systemd-239-CVE-2018-15687.patch -Patch10: systemd-239-CVE-2018-16864.patch -Patch11: systemd-239-CVE-2018-16865.patch -Patch12: systemd-239-CVE-2018-16866.patch -Patch13: Backport-FOREACH_STRING-fix-for-gcc9.patch -Patch14: Disable-argument-to-mount_cgroup_controllers.patch +Patch5: systemd-239-glibc-build-fix.patch +Patch6: systemd-239-revert-mtu.patch +Patch7: systemd-239-CVE-2018-15688.patch +Patch8: systemd-239-CVE-2018-15686.patch +Patch9: systemd-239-CVE-2018-15687.patch +Patch10: systemd-239-CVE-2018-16864.patch +Patch11: systemd-239-CVE-2018-16865.patch +Patch12: systemd-239-CVE-2018-16866.patch +Patch13: Backport-FOREACH_STRING-fix-for-gcc9.patch +Patch14: Disable-argument-to-mount_cgroup_controllers.patch # This commit from upstream fixes an issue caused by using a later version of meson. -Patch15: https://github.com/systemd/systemd/commit/8f6b442a78d0b485f044742ad90b2e8271b4e68e.patch +Patch15: https://github.com/systemd/systemd/commit/8f6b442a78d0b485f044742ad90b2e8271b4e68e.patch +Patch16: CVE-2019-3842.patch +Patch17: CVE-2019-3843.patch +Patch18: CVE-2019-3844.patch +Patch19: CVE-2019-6454.patch +Patch20: CVE-2019-20386.patch +Patch21: CVE-2020-1712.patch +Patch22: CVE-2020-13776.patch # This vulnerability is in the strict DNS-over-TLS (DoT) mechanism of systemd-resolve. # DoT is only enabled when systemd is build against gnutls. # Furthermore, strict mode DoT is not supported before v243. -Patch16: CVE-2018-21029.nopatch - -Requires: pam -Requires: libcap -Requires: xz -Requires: kmod -Requires: glib -Requires: libgcrypt -Requires: filesystem >= 1.1 -BuildRequires: intltool -BuildRequires: gperf -BuildRequires: libcap-devel -BuildRequires: xz-devel -BuildRequires: pam-devel -BuildRequires: perl-XML-Parser -BuildRequires: kbd -BuildRequires: kmod-devel -BuildRequires: util-linux-devel >= 2.30 -BuildRequires: libxslt -BuildRequires: docbook-style-xsl -BuildRequires: docbook-dtd-xml -BuildRequires: glib-devel -BuildRequires: meson -BuildRequires: gettext -BuildRequires: shadow-utils -BuildRequires: libgcrypt-devel +Patch23: CVE-2018-21029.nopatch +BuildRequires: docbook-dtd-xml +BuildRequires: docbook-style-xsl +BuildRequires: gettext +BuildRequires: glib-devel +BuildRequires: gperf +BuildRequires: intltool +BuildRequires: kbd +BuildRequires: kmod-devel +BuildRequires: libcap-devel +BuildRequires: libgcrypt-devel +BuildRequires: libxslt +BuildRequires: meson +BuildRequires: pam-devel +BuildRequires: perl-XML-Parser +BuildRequires: shadow-utils +BuildRequires: util-linux-devel >= 2.30 +BuildRequires: xz-devel +Requires: filesystem >= 1.1 +Requires: glib +Requires: kmod +Requires: libcap +Requires: libgcrypt +Requires: pam +Requires: xz %description Systemd is an init replacement with better process control and security @@ -73,7 +78,7 @@ Requires: glib-devel Development headers for developing applications linking to libsystemd %prep -%setup -q -n systemd-%{version} +%autosetup -p1 -n systemd-%{version} cat > config.cache << "EOF" KILL=/bin/kill HAVE_BLKID=1 @@ -82,23 +87,6 @@ BLKID_CFLAGS="-I/usr/include/blkid" cc_cv_CFLAGS__flto=no EOF -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 - sed -i "s#\#DefaultTasksMax=512#DefaultTasksMax=infinity#g" src/core/system.conf.in %build @@ -106,8 +94,8 @@ export LANG=en_US.UTF-8 export LC_ALL=en_US.UTF-8 CFLAGS="%{build_cflags} -Wno-error=format-overflow=" \ meson --prefix %{_prefix} \ - --sysconfdir /etc \ - --localstatedir /var \ + --sysconfdir %{_sysconfdir} \ + --localstatedir %{_var} \ -Dblkid=true \ -Dbuildtype=release \ -Ddefault-dnssec=no \ @@ -121,11 +109,11 @@ meson --prefix %{_prefix} \ -Dpam=true \ -Dlibcurl=false \ -Dpolkit=true \ - -Ddbuspolicydir=/etc/dbus-1/system.d \ - -Ddbussessionservicedir=%{_prefix}/share/dbus-1/services \ - -Ddbussystemservicedir=%{_prefix}/share/dbus-1/system-services \ - -Dsysvinit-path=/etc/rc.d/init.d \ - -Drc-local=/etc/rc.d/rc.local \ + -Ddbuspolicydir=%{_sysconfdir}/dbus-1/system.d \ + -Ddbussessionservicedir=%{_datadir}/dbus-1/services \ + -Ddbussystemservicedir=%{_datadir}/dbus-1/system-services \ + -Dsysvinit-path=%{_sysconfdir}/rc.d/init.d \ + -Drc-local=%{_sysconfdir}/rc.d/rc.local \ $PWD build && cd build && %ninja_build @@ -138,16 +126,16 @@ for tool in runlevel reboot shutdown poweroff halt telinit; do ln -sfv ../bin/systemctl %{buildroot}/sbin/${tool} done ln -sfv ../lib/systemd/systemd %{buildroot}/sbin/init -sed -i '/srv/d' %{buildroot}/usr/lib/tmpfiles.d/home.conf -sed -i "s:0775 root lock:0755 root root:g" %{buildroot}/usr/lib/tmpfiles.d/legacy.conf +sed -i '/srv/d' %{buildroot}%{_lib}/tmpfiles.d/home.conf +sed -i "s:0775 root lock:0755 root root:g" %{buildroot}%{_lib}/tmpfiles.d/legacy.conf sed -i "s:NamePolicy=kernel database onboard slot path:NamePolicy=kernel database:g" %{buildroot}/lib/systemd/network/99-default.link -sed -i "s:#LLMNR=yes:LLMNR=false:g" %{buildroot}/etc/systemd/resolved.conf +sed -i "s:#LLMNR=yes:LLMNR=false:g" %{buildroot}%{_sysconfdir}/systemd/resolved.conf rm -f %{buildroot}%{_var}/log/README mkdir -p %{buildroot}%{_localstatedir}/opt/journal/log mkdir -p %{buildroot}%{_localstatedir}/log ln -sfv %{_localstatedir}/opt/journal/log %{buildroot}%{_localstatedir}/log/journal -find %{buildroot} -name '*.la' -delete +find %{buildroot} -type f -name "*.la" -delete -print install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysctl.d install -dm 0755 %{buildroot}/boot/ install -m 0644 %{SOURCE2} %{buildroot}/boot/ @@ -156,12 +144,12 @@ ln -sfv multi-user.target %{buildroot}/lib/systemd/system/default.target install -dm 0755 %{buildroot}/%{_sysconfdir}/systemd/network install -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/systemd/network -%post -/sbin/ldconfig -%postun -/sbin/ldconfig +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + %clean rm -rf %{buildroot}/* + %files %defattr(-,root,root) %license LICENSE.GPL2 @@ -235,7 +223,7 @@ rm -rf %{buildroot}/* %{_datadir}/bash-completion/* %{_datadir}/factory/* %{_datadir}/dbus-1 -%{_datadir}/doc/* +%{_docdir}/* %{_mandir}/man[1578]/* %{_datadir}/polkit-1 %{_datadir}/systemd @@ -256,191 +244,293 @@ rm -rf %{buildroot}/* %{_mandir}/man3/* %changelog +* Thu Oct 22 2020 Nicolas Ontiveros - 239-30 +- Use autosetup +- Fix CVE-2019-3842 +- Fix CVE-2019-3843 +- Fix CVE-2019-3844 +- Fix CVE-2019-6454 +- Fix CVE-2019-20386 +- Fix CVE-2020-1712 +- Fix CVE-2020-13776 + * Tue Aug 11 2020 Mateusz Malisz 239-29 - Reduce kptr_restrict to 1 + * Tue Jun 09 2020 Nicolas Ontiveros 239-28 - Change summary to address circular dependency. + * Fri May 29 2020 Nicolas Ontiveros 239-27 - Fork from systemd.spec. - Do not include cryptsetup in BR. This breaks a circular dependency. + * Wed May 20 2020 Joe Schmitt 239-26 - Remove 99-vmware-hotplug.rules. + * Sat May 09 00:20:49 PST 2020 Nick Samson - 239-25 - Added %%license line automatically + * Wed May 06 2020 Emre Girgin 239-24 - Renaming docbook-xsl to docbook-style-xsl + * Wed May 06 2020 Emre Girgin 239-23 - Renaming docbook-xml to docbook-dtd-xml + * Wed May 06 2020 Emre Girgin 239-22 - Renaming Linux-PAM to pam + * Wed May 06 2020 Emre Girgin 239-21 - Renaming XML-Parser to perl-XML-Parser + * Tue May 05 2020 Joe Schmitt 239-20 - Remove unused rdrand-rng after kernel update. + * Thu Apr 23 2020 Emre Girgin 239-19 - Ignore CVE-2018-21029. + * Fri Apr 17 2020 Emre Girgin 239-18 - Rename shadow to shadow-utils. + * Thu Apr 16 2020 Emre Girgin 239-17 - Resolve build issues arising from upgrading meson to 0.49.2. + * Thu Apr 09 2020 Henry Beberman 239-16 - Add patch to disable arguments to mount_cgroup_controllers as in upstream latest. + * Tue Apr 07 2020 Paul Monson 239-15 - Update Source0 link. License verified. + * Tue Mar 31 2020 Henry Beberman 239-14 - Backport upstream fix for FOREACH_STRING macro. + * Tue Mar 24 2020 Henry Beberman 239-13 - Add -Wno-error=format-overflow= to fix gcc9 build. + * Thu Feb 27 2020 Henry Beberman 239-12 - Disable libcurl auto-configure + * Tue Sep 03 2019 Mateusz Malisz 239-11 - Initial CBL-Mariner import from Photon (license: Apache2). + * Thu Jan 10 2019 Anish Swaminathan 239-10 - Fix CVE-2018-16864, CVE-2018-16865, CVE-2018-16866 + * Wed Jan 09 2019 Keerthana K 239-9 - Seting default values for tcp_timestamps, tcp_challenge_ack_limit and ip_forward. + * Wed Jan 02 2019 Anish Swaminathan 239-8 - Fix CVE-2018-15686, CVE-2018-15687 + * Sun Nov 11 2018 Tapas Kundu 239-7 - Fix CVE-2018-15688 + * Fri Oct 26 2018 Srivatsa S. Bhat (VMware) 239-6 - Auto-load rdrand-rng kernel module only on x86. + * Fri Oct 26 2018 Anish Swaminathan 239-5 - Revert the commit that causes GCE networkd timeout - https://github.com/systemd/systemd/commit/44b598a1c9d11c23420a5ef45ff11bcb0ed195eb + * Mon Oct 08 2018 Srinidhi Rao 239-4 - Add glib-devel as a Requirement to systemd-devel + * Fri Sep 21 2018 Alexey Makhalov 239-3 - Fix compilation issue against glibc-2.28 + * Tue Sep 18 2018 Srivatsa S. Bhat 239-2 - Automatically load rdrand-rng kernel module on every boot. + * Tue Aug 28 2018 Anish Swaminathan 239-1 - Update systemd to 239 + * Wed Apr 11 2018 Xiaolin Li 236-3 - Build systemd with util-linux 2.32. + * Wed Jan 17 2018 Divya Thaluru 236-2 - Fixed the log file directory structure + * Fri Dec 29 2017 Anish Swaminathan 236-1 - Update systemd to 236 + * Thu Nov 09 2017 Vinay Kulkarni 233-11 - Fix CVE-2017-15908 dns packet loop fix. + * Tue Nov 07 2017 Vinay Kulkarni 233-10 - Fix nullptr access during link disable. + * Mon Sep 18 2017 Anish Swaminathan 233-9 - Backport router solicitation backoff from systemd 234 + * Fri Sep 15 2017 Anish Swaminathan 233-8 - Move network file to systemd package + * Tue Aug 15 2017 Alexey Makhalov 233-7 - Fix compilation issue for glibc-2.26 + * Fri Jul 21 2017 Vinay Kulkarni 233-6 - Fix for CVE-2017-1000082. + * Fri Jul 07 2017 Vinay Kulkarni 233-5 - Fix default-dns-from-env patch. + * Wed Jul 05 2017 Xiaolin Li 233-4 - Add kmod-devel to BuildRequires + * Thu Jun 29 2017 Vinay Kulkarni 233-3 - Fix for CVE-2017-9445. + * Tue Jun 20 2017 Anish Swaminathan 233-2 - Fix for CVE-2017-9217 + * Mon Mar 06 2017 Vinay Kulkarni 233-1 - Update systemd to 233 + * Tue Jan 3 2017 Alexey Makhalov 232-5 - Added /boot/systemd.cfg + * Tue Dec 20 2016 Alexey Makhalov 232-4 - Fix initrd-switch-root issue + * Wed Dec 07 2016 Xiaolin Li 232-3 - BuildRequires Linux-PAM-devel + * Thu Dec 01 2016 Xiaolin Li 232-2 - disable-elfutils. + * Fri Nov 18 2016 Anish Swaminathan 232-1 - Update systemd to 232 + * Thu Nov 3 2016 Divya Thaluru 228-32 - Added logic to reload services incase of rpm upgrade + * Thu Sep 29 2016 Vinay Kulkarni 228-31 - Fix a CVE in systemd-notify socket. + * Mon Aug 29 2016 Alexey Makhalov 228-30 - 02-install-general-aliases.patch to create absolute symlinks + * Fri Aug 26 2016 Anish Swaminathan 228-29 - Change config file properties for 99-default.link + * Tue Aug 16 2016 Vinay Kulkarni 228-28 - systemd-resolved: Fix DNS_TRANSACTION_PENDING assert. + * Mon Aug 1 2016 Divya Thaluru 228-27 - Removed packaging of symlinks and will be created during installation + * Tue Jul 12 2016 Vinay Kulkarni 228-26 - systemd-resolved: Fix DNS domains resolv.conf search issue for static DNS. + * Mon Jul 11 2016 Vinay Kulkarni 228-25 - systemd-networkd: Update DUID/IAID config interface to systemd v230 spec. + * Tue Jun 21 2016 Anish Swaminathan 228-24 - Change config file properties + * Fri Jun 17 2016 Vinay Kulkarni 228-23 - systemd-resolved: Configure initial DNS servers from environment var. + * Mon Jun 06 2016 Alexey Makhalov 228-22 - systemd-resolved: disable LLMNR + * Tue May 24 2016 Priyesh Padmavilasom 228-21 - GA - Bump release of all rpms + * Tue May 17 2016 Anish Swaminathan 228-20 - Added patch for letting kernel handle ndisc + * Tue May 17 2016 Divya Thaluru 228-19 - Updated systemd-user PAM configuration + * Mon May 16 2016 Harish Udaiya Kumar 228-18 - Updated the MaxTasks to infinity in system.conf file + * Thu Apr 21 2016 Mahmoud Bassiouny 228-17 - Set the default.target to the multi-user.target + * Tue Apr 12 2016 Vinay Kulkarni 228-16 - Disable network interface renaming. + * Thu Mar 31 2016 Vinay Kulkarni 228-15 - Patch to query DHCP DUID, IAID.f + * Wed Mar 30 2016 Vinay Kulkarni 228-14 - Update DHCP DUID, IAID configuration patch. + * Wed Mar 30 2016 Kumar Kaushik 228-13 - Install the security hardening script as part of systemd. + * Tue Mar 29 2016 Kumar Kaushik 228-12 - Added patch for timedatectl /etc/adjtime PR2749. + * Fri Mar 11 2016 Anish Swaminathan 228-11 - Added patch for dhcp preservation via duid iaid configurability + * Fri Mar 11 2016 Anish Swaminathan 228-10 - Added patch for swap disconnect order + * Thu Mar 10 2016 XIaolin Li 228-9 - Enable manpages. + * Fri Feb 19 2016 Anish Swaminathan 228-8 - Added patch to get around systemd-networkd wait online timeout + * Sat Feb 06 2016 Alexey Makhalov 228-7 - Added patch: fix-reading-routes. + * Wed Feb 03 2016 Anish Swaminathan 228-6 - Add hotplug udev rules. + * Tue Jan 12 2016 Anish Swaminathan 228-5 - Change config file attributes. + * Wed Jan 06 2016 Anish Swaminathan 228-4 - Patches for minor network fixes. + * Wed Dec 16 2015 Anish Swaminathan 228-3 - Patch for ostree. + * Wed Dec 16 2015 Anish Swaminathan 228-2 - Patch for loopback address. + * Fri Dec 11 2015 Anish Swaminathan 228-1 - Upgrade systemd version. + * Mon Nov 30 2015 Mahmoud Bassiouny 216-13 - Removing the reference of lock user + * Fri Oct 9 2015 Xiaolin Li 216-12 - Removing la files from packages. + * Fri Sep 18 2015 Divya Thaluru 216-11 - Packaging journal log directory + * Thu Sep 10 2015 Alexey Makhalov 216-10 - Improve enoX renaming in VMware HV case. Patch is added. + * Tue Aug 25 2015 Alexey Makhalov 216-9 - Reduce systemd-networkd boot time (exclude if-rename patch). + * Mon Jul 20 2015 Divya Thaluru 216-8 - Adding sysvinit support + * Mon Jul 06 2015 Kumar Kaushik 216-7 - Fixing networkd/udev race condition for renaming interface. + * Thu Jun 25 2015 Sharath George 216-6 - Remove debug files. + * Tue Jun 23 2015 Divya Thaluru 216-5 - Building compat libs + * Mon Jun 1 2015 Alexey Makhalov 216-4 - gudev support + * Wed May 27 2015 Divya Thaluru 216-3 - Removing packing of PAM configuration files + * Mon May 18 2015 Touseef Liaqat 216-2 - Update according to UsrMove. + * Mon Oct 27 2014 Sharath George 216-1 - Initial build. First version diff --git a/SPECS/systemd/systemd.spec b/SPECS/systemd/systemd.spec index 795793355ea..31c4b4a9fcf 100644 --- a/SPECS/systemd/systemd.spec +++ b/SPECS/systemd/systemd.spec @@ -1,76 +1,80 @@ -Summary: Systemd-239 -Name: systemd -Version: 239 -Release: 32%{?dist} -License: LGPLv2+ and GPLv2+ and MIT -URL: https://www.freedesktop.org/wiki/Software/systemd/ -Group: System Environment/Security -Vendor: Microsoft Corporation -Distribution: Mariner -#Source0: https://github.com/systemd/systemd-stable/archive/v%{version}.tar.gz -Source0: %{name}-%{version}.tar.gz -Source1: 50-security-hardening.conf -Source2: systemd.cfg -Source3: 99-dhcp-en.network - -Patch0: 01-enoX-uses-instance-number-for-vmware-hv.patch -Patch1: 02-install-general-aliases.patch -Patch2: systemd-239-default-dns-from-env.patch -Patch3: systemd-macros.patch -Patch4: systemd-239-query-duid.patch +Summary: Systemd-239 +Name: systemd +Version: 239 +Release: 33%{?dist} +License: LGPLv2+ AND GPLv2+ AND MIT +Vendor: Microsoft Corporation +Distribution: Mariner +Group: System Environment/Security +URL: https://www.freedesktop.org/wiki/Software/systemd/ +#Source0: https://github.com/systemd/systemd-stable/archive/v%{version}.tar.gz +Source0: %{name}-%{version}.tar.gz +Source1: 50-security-hardening.conf +Source2: systemd.cfg +Source3: 99-dhcp-en.network +Patch0: 01-enoX-uses-instance-number-for-vmware-hv.patch +Patch1: 02-install-general-aliases.patch +Patch2: systemd-239-default-dns-from-env.patch +Patch3: systemd-macros.patch +Patch4: systemd-239-query-duid.patch # Fix glibc-2.28 build issue. Checked in upstream after v239 -Patch5: systemd-239-glibc-build-fix.patch -Patch6: systemd-239-revert-mtu.patch -Patch7: systemd-239-CVE-2018-15688.patch -Patch8: systemd-239-CVE-2018-15686.patch -Patch9: systemd-239-CVE-2018-15687.patch -Patch10: systemd-239-CVE-2018-16864.patch -Patch11: systemd-239-CVE-2018-16865.patch -Patch12: systemd-239-CVE-2018-16866.patch -Patch13: Backport-FOREACH_STRING-fix-for-gcc9.patch -Patch14: Disable-argument-to-mount_cgroup_controllers.patch +Patch5: systemd-239-glibc-build-fix.patch +Patch6: systemd-239-revert-mtu.patch +Patch7: systemd-239-CVE-2018-15688.patch +Patch8: systemd-239-CVE-2018-15686.patch +Patch9: systemd-239-CVE-2018-15687.patch +Patch10: systemd-239-CVE-2018-16864.patch +Patch11: systemd-239-CVE-2018-16865.patch +Patch12: systemd-239-CVE-2018-16866.patch +Patch13: Backport-FOREACH_STRING-fix-for-gcc9.patch +Patch14: Disable-argument-to-mount_cgroup_controllers.patch # This commit from upstream fixes an issue caused by using a later version of meson. -Patch15: https://github.com/systemd/systemd/commit/8f6b442a78d0b485f044742ad90b2e8271b4e68e.patch +Patch15: https://github.com/systemd/systemd/commit/8f6b442a78d0b485f044742ad90b2e8271b4e68e.patch +Patch16: CVE-2019-3842.patch +Patch17: CVE-2019-3843.patch +Patch18: CVE-2019-3844.patch +Patch19: CVE-2019-6454.patch +Patch20: CVE-2019-20386.patch +Patch21: CVE-2020-1712.patch +Patch22: CVE-2020-13776.patch # This vulnerability is in the strict DNS-over-TLS (DoT) mechanism of systemd-resolve. # DoT is only enabled when systemd is build against gnutls. # Furthermore, strict mode DoT is not supported before v243. -Patch16: CVE-2018-21029.nopatch - +Patch23: CVE-2018-21029.nopatch #Portablectl patches for --now --enable and --no-block flags support -Patch100: 100-portabled-allow-to-detach-an-image-with-a-unit-in-li.patch -Patch101: 101-Portabled-fix-inspect-on-image-attached-as-directory.patch -Patch102: 102-portablectl-add-now-and-enable-to-attach-detach.patch -Patch103: 103-core-allow-portablectl-to-load-new-services-without-.patch -Patch104: 104-portablectl-block-when-stopping-a-unit-on-detach-now.patch -Patch105: 105-portablectl-use-replace-unload-when-stopping-a-servi.patch -Patch106: 106-portabled-implement-container-host-os-release-interf.patch - -Obsoletes: systemd-bootstrap -Requires: pam -Requires: libcap -Requires: xz -Requires: kmod -Requires: glib -Requires: libgcrypt -Requires: filesystem >= 1.1 -BuildRequires: intltool -BuildRequires: gperf -BuildRequires: libcap-devel -BuildRequires: xz-devel -BuildRequires: pam-devel -BuildRequires: perl-XML-Parser -BuildRequires: kbd -BuildRequires: kmod-devel -BuildRequires: util-linux-devel >= 2.30 -BuildRequires: libxslt -BuildRequires: docbook-style-xsl -BuildRequires: docbook-dtd-xml -BuildRequires: glib-devel -BuildRequires: meson -BuildRequires: gettext -BuildRequires: shadow-utils -BuildRequires: libgcrypt-devel -BuildRequires: cryptsetup-devel +Patch100: 100-portabled-allow-to-detach-an-image-with-a-unit-in-li.patch +Patch101: 101-Portabled-fix-inspect-on-image-attached-as-directory.patch +Patch102: 102-portablectl-add-now-and-enable-to-attach-detach.patch +Patch103: 103-core-allow-portablectl-to-load-new-services-without-.patch +Patch104: 104-portablectl-block-when-stopping-a-unit-on-detach-now.patch +Patch105: 105-portablectl-use-replace-unload-when-stopping-a-servi.patch +Patch106: 106-portabled-implement-container-host-os-release-interf.patch +BuildRequires: cryptsetup-devel +BuildRequires: docbook-dtd-xml +BuildRequires: docbook-style-xsl +BuildRequires: gettext +BuildRequires: glib-devel +BuildRequires: gperf +BuildRequires: intltool +BuildRequires: kbd +BuildRequires: kmod-devel +BuildRequires: libcap-devel +BuildRequires: libgcrypt-devel +BuildRequires: libxslt +BuildRequires: meson +BuildRequires: pam-devel +BuildRequires: perl-XML-Parser +BuildRequires: shadow-utils +BuildRequires: util-linux-devel >= 2.30 +BuildRequires: xz-devel +Requires: filesystem >= 1.1 +Requires: glib +Requires: kmod +Requires: libcap +Requires: libgcrypt +Requires: pam +Requires: xz +Obsoletes: systemd-bootstrap %description Systemd is an init replacement with better process control and security @@ -78,7 +82,7 @@ Systemd is an init replacement with better process control and security %package devel Summary: Development headers for systemd Requires: %{name} = %{version}-%{release} -Requires: glib-devel +Requires: glib-devel %description devel Development headers for developing applications linking to libsystemd @@ -91,7 +95,7 @@ Requires: %{name} = %{version}-%{release} Language pack for systemd %prep -%setup -q +%autosetup -p1 cat > config.cache << "EOF" KILL=/bin/kill HAVE_BLKID=1 @@ -100,32 +104,6 @@ BLKID_CFLAGS="-I/usr/include/blkid" cc_cv_CFLAGS__flto=no EOF -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 - -# Portablectl patches -%patch100 -p1 -%patch101 -p1 -%patch102 -p1 -%patch103 -p1 -%patch104 -p1 -%patch105 -p1 -%patch106 -p1 - sed -i "s#\#DefaultTasksMax=512#DefaultTasksMax=infinity#g" src/core/system.conf.in %build @@ -133,8 +111,8 @@ export LANG=en_US.UTF-8 export LC_ALL=en_US.UTF-8 CFLAGS="%{build_cflags} -Wno-error=format-overflow=" \ meson --prefix %{_prefix} \ - --sysconfdir /etc \ - --localstatedir /var \ + --sysconfdir %{_sysconfdir} \ + --localstatedir %{_var} \ -Dblkid=true \ -Dbuildtype=release \ -Ddefault-dnssec=no \ @@ -150,11 +128,11 @@ meson --prefix %{_prefix} \ -Dpolkit=true \ -Dlibcryptsetup=true \ -Dgcrypt=true \ - -Ddbuspolicydir=/etc/dbus-1/system.d \ - -Ddbussessionservicedir=%{_prefix}/share/dbus-1/services \ - -Ddbussystemservicedir=%{_prefix}/share/dbus-1/system-services \ - -Dsysvinit-path=/etc/rc.d/init.d \ - -Drc-local=/etc/rc.d/rc.local \ + -Ddbuspolicydir=%{_sysconfdir}/dbus-1/system.d \ + -Ddbussessionservicedir=%{_datadir}/dbus-1/services \ + -Ddbussystemservicedir=%{_datadir}/dbus-1/system-services \ + -Dsysvinit-path=%{_sysconfdir}/rc.d/init.d \ + -Drc-local=%{_sysconfdir}/rc.d/rc.local \ $PWD build && cd build && %ninja_build @@ -167,17 +145,17 @@ for tool in runlevel reboot shutdown poweroff halt telinit; do ln -sfv ../bin/systemctl %{buildroot}/sbin/${tool} done ln -sfv ../lib/systemd/systemd %{buildroot}/sbin/init -sed -i '/srv/d' %{buildroot}/usr/lib/tmpfiles.d/home.conf -sed -i "s:0775 root lock:0755 root root:g" %{buildroot}/usr/lib/tmpfiles.d/legacy.conf +sed -i '/srv/d' %{buildroot}%{_lib}/tmpfiles.d/home.conf +sed -i "s:0775 root lock:0755 root root:g" %{buildroot}%{_lib}/tmpfiles.d/legacy.conf sed -i "s:NamePolicy=kernel database onboard slot path:NamePolicy=kernel database:g" %{buildroot}/lib/systemd/network/99-default.link -sed -i "s:#LLMNR=yes:LLMNR=false:g" %{buildroot}/etc/systemd/resolved.conf -sed -i "s:#NTP=:NTP=time.windows.com:g" %{buildroot}/etc/systemd/timesyncd.conf +sed -i "s:#LLMNR=yes:LLMNR=false:g" %{buildroot}%{_sysconfdir}/systemd/resolved.conf +sed -i "s:#NTP=:NTP=time.windows.com:g" %{buildroot}%{_sysconfdir}/systemd/timesyncd.conf rm -f %{buildroot}%{_var}/log/README mkdir -p %{buildroot}%{_localstatedir}/opt/journal/log mkdir -p %{buildroot}%{_localstatedir}/log ln -sfv %{_localstatedir}/opt/journal/log %{buildroot}%{_localstatedir}/log/journal -find %{buildroot} -name '*.la' -delete +find %{buildroot} -type f -name "*.la" -delete -print install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysctl.d install -dm 0700 %{buildroot}/boot/ install -m 0600 %{SOURCE2} %{buildroot}/boot/ @@ -187,12 +165,12 @@ install -dm 0755 %{buildroot}/%{_sysconfdir}/systemd/network install -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/systemd/network %find_lang %{name} ../%{name}.lang -%post -/sbin/ldconfig -%postun -/sbin/ldconfig +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + %clean rm -rf %{buildroot}/* + %files %defattr(-,root,root) %license LICENSE.GPL2 @@ -266,7 +244,7 @@ rm -rf %{buildroot}/* %{_datadir}/bash-completion/* %{_datadir}/factory/* %{_datadir}/dbus-1 -%{_datadir}/doc/* +%{_docdir}/* %{_mandir}/man[1578]/* %{_datadir}/polkit-1 %{_datadir}/systemd @@ -289,196 +267,301 @@ rm -rf %{buildroot}/* %files lang -f %{name}.lang %changelog +* Thu Oct 22 2020 Nicolas Ontiveros - 239-33 +- Use autosetup +- Fix CVE-2019-3842 +- Fix CVE-2019-3843 +- Fix CVE-2019-3844 +- Fix CVE-2019-6454 +- Fix CVE-2019-20386 +- Fix CVE-2020-1712 +- Fix CVE-2020-13776 + * Wed Sep 23 2020 Suresh Babu Chalamalasetty 239-32 - Portablectl patches for --now --enable and --no-block flags support + * Mon Aug 24 2020 Leandro Pereira 239-31 - Use time.windows.com as the default NTP server in timesyncd. + * Tue Aug 11 2020 Mateusz Malisz 239-30 - Reduce kptr_restrict to 1 + * Fri May 29 2020 Nicolas Ontiveros 239-29 - Include cryptsetup to build cryptsetup generator. + * Wed May 27 2020 Chris Co 239-28 - Disable IPv6 router advertisements by default + * Wed May 20 2020 Emre Girgin 239-27 - Change /boot directory permissions to 600. + * Wed May 20 2020 Joe Schmitt 239-26 - Remove 99-vmware-hotplug.rules. + * Sat May 09 00:20:49 PST 2020 Nick Samson - 239-25 - Added %%license line automatically + * Wed May 06 2020 Emre Girgin 239-24 - Renaming docbook-xsl to docbook-style-xsl + * Wed May 06 2020 Emre Girgin 239-23 - Renaming docbook-xml to docbook-dtd-xml + * Wed May 06 2020 Emre Girgin 239-22 - Renaming Linux-PAM to pam + * Wed May 06 2020 Emre Girgin 239-21 - Renaming XML-Parser to perl-XML-Parser + * Tue May 05 2020 Joe Schmitt 239-20 - Remove unused rdrand-rng after kernel update. + * Thu Apr 23 2020 Emre Girgin 239-19 - Ignore CVE-2018-21029. + * Fri Apr 17 2020 Emre Girgin 239-18 - Rename shadow to shadow-utils. + * Thu Apr 16 2020 Emre Girgin 239-17 - Resolve build issues arising from upgrading meson to 0.49.2. + * Thu Apr 09 2020 Henry Beberman 239-16 - Add patch to disable arguments to mount_cgroup_controllers as in upstream latest. + * Tue Apr 07 2020 Paul Monson 239-15 - Update Source0 link. License verified. + * Tue Mar 31 2020 Henry Beberman 239-14 - Backport upstream fix for FOREACH_STRING macro. + * Tue Mar 24 2020 Henry Beberman 239-13 - Add -Wno-error=format-overflow= to fix gcc9 build. + * Thu Feb 27 2020 Henry Beberman 239-12 - Disable libcurl auto-configure + * Tue Sep 03 2019 Mateusz Malisz 239-11 - Initial CBL-Mariner import from Photon (license: Apache2). + * Thu Jan 10 2019 Anish Swaminathan 239-10 - Fix CVE-2018-16864, CVE-2018-16865, CVE-2018-16866 + * Wed Jan 09 2019 Keerthana K 239-9 - Seting default values for tcp_timestamps, tcp_challenge_ack_limit and ip_forward. + * Wed Jan 02 2019 Anish Swaminathan 239-8 - Fix CVE-2018-15686, CVE-2018-15687 + * Sun Nov 11 2018 Tapas Kundu 239-7 - Fix CVE-2018-15688 + * Fri Oct 26 2018 Srivatsa S. Bhat (VMware) 239-6 - Auto-load rdrand-rng kernel module only on x86. + * Fri Oct 26 2018 Anish Swaminathan 239-5 - Revert the commit that causes GCE networkd timeout - https://github.com/systemd/systemd/commit/44b598a1c9d11c23420a5ef45ff11bcb0ed195eb + * Mon Oct 08 2018 Srinidhi Rao 239-4 - Add glib-devel as a Requirement to systemd-devel + * Fri Sep 21 2018 Alexey Makhalov 239-3 - Fix compilation issue against glibc-2.28 + * Tue Sep 18 2018 Srivatsa S. Bhat 239-2 - Automatically load rdrand-rng kernel module on every boot. + * Tue Aug 28 2018 Anish Swaminathan 239-1 - Update systemd to 239 + * Wed Apr 11 2018 Xiaolin Li 236-3 - Build systemd with util-linux 2.32. + * Wed Jan 17 2018 Divya Thaluru 236-2 - Fixed the log file directory structure + * Fri Dec 29 2017 Anish Swaminathan 236-1 - Update systemd to 236 + * Thu Nov 09 2017 Vinay Kulkarni 233-11 - Fix CVE-2017-15908 dns packet loop fix. + * Tue Nov 07 2017 Vinay Kulkarni 233-10 - Fix nullptr access during link disable. + * Mon Sep 18 2017 Anish Swaminathan 233-9 - Backport router solicitation backoff from systemd 234 + * Fri Sep 15 2017 Anish Swaminathan 233-8 - Move network file to systemd package + * Tue Aug 15 2017 Alexey Makhalov 233-7 - Fix compilation issue for glibc-2.26 + * Fri Jul 21 2017 Vinay Kulkarni 233-6 - Fix for CVE-2017-1000082. + * Fri Jul 07 2017 Vinay Kulkarni 233-5 - Fix default-dns-from-env patch. + * Wed Jul 05 2017 Xiaolin Li 233-4 - Add kmod-devel to BuildRequires + * Thu Jun 29 2017 Vinay Kulkarni 233-3 - Fix for CVE-2017-9445. + * Tue Jun 20 2017 Anish Swaminathan 233-2 - Fix for CVE-2017-9217 + * Mon Mar 06 2017 Vinay Kulkarni 233-1 - Update systemd to 233 + * Tue Jan 3 2017 Alexey Makhalov 232-5 - Added /boot/systemd.cfg + * Tue Dec 20 2016 Alexey Makhalov 232-4 - Fix initrd-switch-root issue + * Wed Dec 07 2016 Xiaolin Li 232-3 - BuildRequires Linux-PAM-devel + * Thu Dec 01 2016 Xiaolin Li 232-2 - disable-elfutils. + * Fri Nov 18 2016 Anish Swaminathan 232-1 - Update systemd to 232 + * Thu Nov 3 2016 Divya Thaluru 228-32 - Added logic to reload services incase of rpm upgrade + * Thu Sep 29 2016 Vinay Kulkarni 228-31 - Fix a CVE in systemd-notify socket. + * Mon Aug 29 2016 Alexey Makhalov 228-30 - 02-install-general-aliases.patch to create absolute symlinks + * Fri Aug 26 2016 Anish Swaminathan 228-29 - Change config file properties for 99-default.link + * Tue Aug 16 2016 Vinay Kulkarni 228-28 - systemd-resolved: Fix DNS_TRANSACTION_PENDING assert. + * Mon Aug 1 2016 Divya Thaluru 228-27 - Removed packaging of symlinks and will be created during installation + * Tue Jul 12 2016 Vinay Kulkarni 228-26 - systemd-resolved: Fix DNS domains resolv.conf search issue for static DNS. + * Mon Jul 11 2016 Vinay Kulkarni 228-25 - systemd-networkd: Update DUID/IAID config interface to systemd v230 spec. + * Tue Jun 21 2016 Anish Swaminathan 228-24 - Change config file properties + * Fri Jun 17 2016 Vinay Kulkarni 228-23 - systemd-resolved: Configure initial DNS servers from environment var. + * Mon Jun 06 2016 Alexey Makhalov 228-22 - systemd-resolved: disable LLMNR + * Tue May 24 2016 Priyesh Padmavilasom 228-21 - GA - Bump release of all rpms + * Tue May 17 2016 Anish Swaminathan 228-20 - Added patch for letting kernel handle ndisc + * Tue May 17 2016 Divya Thaluru 228-19 - Updated systemd-user PAM configuration + * Mon May 16 2016 Harish Udaiya Kumar 228-18 - Updated the MaxTasks to infinity in system.conf file + * Thu Apr 21 2016 Mahmoud Bassiouny 228-17 - Set the default.target to the multi-user.target + * Tue Apr 12 2016 Vinay Kulkarni 228-16 - Disable network interface renaming. + * Thu Mar 31 2016 Vinay Kulkarni 228-15 - Patch to query DHCP DUID, IAID.f + * Wed Mar 30 2016 Vinay Kulkarni 228-14 - Update DHCP DUID, IAID configuration patch. + * Wed Mar 30 2016 Kumar Kaushik 228-13 - Install the security hardening script as part of systemd. + * Tue Mar 29 2016 Kumar Kaushik 228-12 - Added patch for timedatectl /etc/adjtime PR2749. + * Fri Mar 11 2016 Anish Swaminathan 228-11 - Added patch for dhcp preservation via duid iaid configurability + * Fri Mar 11 2016 Anish Swaminathan 228-10 - Added patch for swap disconnect order + * Thu Mar 10 2016 XIaolin Li 228-9 - Enable manpages. + * Fri Feb 19 2016 Anish Swaminathan 228-8 - Added patch to get around systemd-networkd wait online timeout + * Sat Feb 06 2016 Alexey Makhalov 228-7 - Added patch: fix-reading-routes. + * Wed Feb 03 2016 Anish Swaminathan 228-6 - Add hotplug udev rules. + * Tue Jan 12 2016 Anish Swaminathan 228-5 - Change config file attributes. + * Wed Jan 06 2016 Anish Swaminathan 228-4 - Patches for minor network fixes. + * Wed Dec 16 2015 Anish Swaminathan 228-3 - Patch for ostree. + * Wed Dec 16 2015 Anish Swaminathan 228-2 - Patch for loopback address. + * Fri Dec 11 2015 Anish Swaminathan 228-1 - Upgrade systemd version. + * Mon Nov 30 2015 Mahmoud Bassiouny 216-13 - Removing the reference of lock user + * Fri Oct 9 2015 Xiaolin Li 216-12 - Removing la files from packages. + * Fri Sep 18 2015 Divya Thaluru 216-11 - Packaging journal log directory + * Thu Sep 10 2015 Alexey Makhalov 216-10 - Improve enoX renaming in VMware HV case. Patch is added. + * Tue Aug 25 2015 Alexey Makhalov 216-9 - Reduce systemd-networkd boot time (exclude if-rename patch). + * Mon Jul 20 2015 Divya Thaluru 216-8 - Adding sysvinit support + * Mon Jul 06 2015 Kumar Kaushik 216-7 - Fixing networkd/udev race condition for renaming interface. + * Thu Jun 25 2015 Sharath George 216-6 - Remove debug files. + * Tue Jun 23 2015 Divya Thaluru 216-5 - Building compat libs + * Mon Jun 1 2015 Alexey Makhalov 216-4 - gudev support + * Wed May 27 2015 Divya Thaluru 216-3 - Removing packing of PAM configuration files + * Mon May 18 2015 Touseef Liaqat 216-2 - Update according to UsrMove. + * Mon Oct 27 2014 Sharath George 216-1 - Initial build. First version diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 189c680c226..8fdcc98568f 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -353,13 +353,13 @@ sqlite-devel-3.32.3-2.cm1.aarch64.rpm sqlite-libs-3.32.3-2.cm1.aarch64.rpm swig-3.0.12-4.cm1.aarch64.rpm swig-debuginfo-3.0.12-4.cm1.aarch64.rpm -systemd-239-32.cm1.aarch64.rpm -systemd-bootstrap-239-29.cm1.aarch64.rpm -systemd-bootstrap-debuginfo-239-29.cm1.aarch64.rpm -systemd-bootstrap-devel-239-29.cm1.aarch64.rpm -systemd-debuginfo-239-32.cm1.aarch64.rpm -systemd-devel-239-32.cm1.aarch64.rpm -systemd-lang-239-32.cm1.aarch64.rpm +systemd-239-33.cm1.aarch64.rpm +systemd-bootstrap-239-30.cm1.aarch64.rpm +systemd-bootstrap-debuginfo-239-30.cm1.aarch64.rpm +systemd-bootstrap-devel-239-30.cm1.aarch64.rpm +systemd-debuginfo-239-33.cm1.aarch64.rpm +systemd-devel-239-33.cm1.aarch64.rpm +systemd-lang-239-33.cm1.aarch64.rpm tar-1.32-2.cm1.aarch64.rpm tar-debuginfo-1.32-2.cm1.aarch64.rpm tdnf-2.1.0-4.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 5d58e30e1b2..a1c42afb728 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -353,13 +353,13 @@ sqlite-devel-3.32.3-2.cm1.x86_64.rpm sqlite-libs-3.32.3-2.cm1.x86_64.rpm swig-3.0.12-4.cm1.x86_64.rpm swig-debuginfo-3.0.12-4.cm1.x86_64.rpm -systemd-239-32.cm1.x86_64.rpm -systemd-bootstrap-239-29.cm1.x86_64.rpm -systemd-bootstrap-debuginfo-239-29.cm1.x86_64.rpm -systemd-bootstrap-devel-239-29.cm1.x86_64.rpm -systemd-debuginfo-239-32.cm1.x86_64.rpm -systemd-devel-239-32.cm1.x86_64.rpm -systemd-lang-239-32.cm1.x86_64.rpm +systemd-239-33.cm1.x86_64.rpm +systemd-bootstrap-239-30.cm1.x86_64.rpm +systemd-bootstrap-debuginfo-239-30.cm1.x86_64.rpm +systemd-bootstrap-devel-239-30.cm1.x86_64.rpm +systemd-debuginfo-239-33.cm1.x86_64.rpm +systemd-devel-239-33.cm1.x86_64.rpm +systemd-lang-239-33.cm1.x86_64.rpm tar-1.32-2.cm1.x86_64.rpm tar-debuginfo-1.32-2.cm1.x86_64.rpm tdnf-2.1.0-4.cm1.x86_64.rpm From 94a74df40fe3de64a39f1c4153b21ab39ba1c79c Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Tue, 3 Nov 2020 16:14:02 -0800 Subject: [PATCH 080/145] Updating `postgresql` to 12.4 to fix CVE-2020-14349 and CVE-2020-14350. (#336) * Updating `postgresql` to 12.4 to fix CVE-2020-14349 and CVE-2020-14350. * Addressing linter's suggestions. --- SPECS/postgresql/CVE-2016-5423.patch | 330 -------------------- SPECS/postgresql/postgresql.signatures.json | 2 +- SPECS/postgresql/postgresql.spec | 157 ++++++---- cgmanifest.json | 4 +- 4 files changed, 97 insertions(+), 396 deletions(-) delete mode 100644 SPECS/postgresql/CVE-2016-5423.patch diff --git a/SPECS/postgresql/CVE-2016-5423.patch b/SPECS/postgresql/CVE-2016-5423.patch deleted file mode 100644 index cb2061cc555..00000000000 --- a/SPECS/postgresql/CVE-2016-5423.patch +++ /dev/null @@ -1,330 +0,0 @@ -From f0c7b789ab12fbc8248b671c7882dd96ac932ef4 Mon Sep 17 00:00:00 2001 -From: Tom Lane -Date: Mon, 8 Aug 2016 10:33:46 -0400 -Subject: [PATCH] Fix two errors with nested CASE/WHEN constructs. - -ExecEvalCase() tried to save a cycle or two by passing -&econtext->caseValue_isNull as the isNull argument to its sub-evaluation of -the CASE value expression. If that subexpression itself contained a CASE, -then *isNull was an alias for econtext->caseValue_isNull within the -recursive call of ExecEvalCase(), leading to confusion about whether the -inner call's caseValue was null or not. In the worst case this could lead -to a core dump due to dereferencing a null pointer. Fix by not assigning -to the global variable until control comes back from the subexpression. -Also, avoid using the passed-in isNull pointer transiently for evaluation -of WHEN expressions. (Either one of these changes would have been -sufficient to fix the known misbehavior, but it's clear now that each of -these choices was in itself dangerous coding practice and best avoided. -There do not seem to be any similar hazards elsewhere in execQual.c.) - -Also, it was possible for inlining of a SQL function that implements the -equality operator used for a CASE comparison to result in one CASE -expression's CaseTestExpr node being inserted inside another CASE -expression. This would certainly result in wrong answers since the -improperly nested CaseTestExpr would be caused to return the inner CASE's -comparison value not the outer's. If the CASE values were of different -data types, a crash might result; moreover such situations could be abused -to allow disclosure of portions of server memory. To fix, teach -inline_function to check for "bare" CaseTestExpr nodes in the arguments of -a function to be inlined, and avoid inlining if there are any. - -Heikki Linnakangas, Michael Paquier, Tom Lane - -Report: https://github.com/greenplum-db/gpdb/pull/327 -Report: <4DDCEEB8.50602@enterprisedb.com> -Security: CVE-2016-5423 ---- - src/backend/executor/execQual.c | 22 +++++++--- - src/backend/optimizer/util/clauses.c | 81 ++++++++++++++++++++++++++++++++++++ - src/test/regress/expected/case.out | 44 ++++++++++++++++++++ - src/test/regress/sql/case.sql | 43 +++++++++++++++++++ - 4 files changed, 185 insertions(+), 5 deletions(-) - -diff --git a/src/backend/executor/execQual.c b/src/backend/executor/execQual.c -index 69bf65d..cbb76d1 100644 ---- a/src/backend/executor/execQual.c -+++ b/src/backend/executor/execQual.c -@@ -2943,19 +2943,30 @@ ExecEvalCase(CaseExprState *caseExpr, ExprContext *econtext, - - /* - * If there's a test expression, we have to evaluate it and save the value -- * where the CaseTestExpr placeholders can find it. We must save and -+ * where the CaseTestExpr placeholders can find it. We must save and - * restore prior setting of econtext's caseValue fields, in case this node -- * is itself within a larger CASE. -+ * is itself within a larger CASE. Furthermore, don't assign to the -+ * econtext fields until after returning from evaluation of the test -+ * expression. We used to pass &econtext->caseValue_isNull to the -+ * recursive call, but that leads to aliasing that variable within said -+ * call, which can (and did) produce bugs when the test expression itself -+ * contains a CASE. -+ * -+ * If there's no test expression, we don't actually need to save and -+ * restore these fields; but it's less code to just do so unconditionally. - */ - save_datum = econtext->caseValue_datum; - save_isNull = econtext->caseValue_isNull; - - if (caseExpr->arg) - { -+ bool arg_isNull; -+ - econtext->caseValue_datum = ExecEvalExpr(caseExpr->arg, - econtext, -- &econtext->caseValue_isNull, -+ &arg_isNull, - NULL); -+ econtext->caseValue_isNull = arg_isNull; - } - - /* -@@ -2994,10 +3005,11 @@ ExecEvalCase(CaseExprState *caseExpr, ExprContext *econtext, - { - CaseWhenState *wclause = lfirst(clause); - Datum clause_value; -+ bool clause_isNull; - - clause_value = ExecEvalExpr(wclause->expr, - econtext, -- isNull, -+ &clause_isNull, - NULL); - - /* -@@ -3005,7 +3017,7 @@ ExecEvalCase(CaseExprState *caseExpr, ExprContext *econtext, - * statement is satisfied. A NULL result from the test is not - * considered true. - */ -- if (DatumGetBool(clause_value) && !*isNull) -+ if (DatumGetBool(clause_value) && !clause_isNull) - { - econtext->caseValue_datum = save_datum; - econtext->caseValue_isNull = save_isNull; -diff --git a/src/backend/optimizer/util/clauses.c b/src/backend/optimizer/util/clauses.c -index a69af7c..4e23898 100644 ---- a/src/backend/optimizer/util/clauses.c -+++ b/src/backend/optimizer/util/clauses.c -@@ -97,6 +97,8 @@ static bool contain_mutable_functions_walker(Node *node, void *context); - static bool contain_volatile_functions_walker(Node *node, void *context); - static bool contain_volatile_functions_not_nextval_walker(Node *node, void *context); - static bool contain_nonstrict_functions_walker(Node *node, void *context); -+static bool contain_context_dependent_node(Node *clause); -+static bool contain_context_dependent_node_walker(Node *node, int *flags); - static bool contain_leaked_vars_walker(Node *node, void *context); - static Relids find_nonnullable_rels_walker(Node *node, bool top_level); - static List *find_nonnullable_vars_walker(Node *node, bool top_level); -@@ -1323,6 +1325,76 @@ contain_nonstrict_functions_walker(Node *node, void *context) - } - - /***************************************************************************** -+ * Check clauses for context-dependent nodes -+ *****************************************************************************/ -+ -+/* -+ * contain_context_dependent_node -+ * Recursively search for context-dependent nodes within a clause. -+ * -+ * CaseTestExpr nodes must appear directly within the corresponding CaseExpr, -+ * not nested within another one, or they'll see the wrong test value. If one -+ * appears "bare" in the arguments of a SQL function, then we can't inline the -+ * SQL function for fear of creating such a situation. -+ * -+ * CoerceToDomainValue would have the same issue if domain CHECK expressions -+ * could get inlined into larger expressions, but presently that's impossible. -+ * Still, it might be allowed in future, or other node types with similar -+ * issues might get invented. So give this function a generic name, and set -+ * up the recursion state to allow multiple flag bits. -+ */ -+static bool -+contain_context_dependent_node(Node *clause) -+{ -+ int flags = 0; -+ -+ return contain_context_dependent_node_walker(clause, &flags); -+} -+ -+#define CCDN_IN_CASEEXPR 0x0001 /* CaseTestExpr okay here? */ -+ -+static bool -+contain_context_dependent_node_walker(Node *node, int *flags) -+{ -+ if (node == NULL) -+ return false; -+ if (IsA(node, CaseTestExpr)) -+ return !(*flags & CCDN_IN_CASEEXPR); -+ if (IsA(node, CaseExpr)) -+ { -+ CaseExpr *caseexpr = (CaseExpr *) node; -+ -+ /* -+ * If this CASE doesn't have a test expression, then it doesn't create -+ * a context in which CaseTestExprs should appear, so just fall -+ * through and treat it as a generic expression node. -+ */ -+ if (caseexpr->arg) -+ { -+ int save_flags = *flags; -+ bool res; -+ -+ /* -+ * Note: in principle, we could distinguish the various sub-parts -+ * of a CASE construct and set the flag bit only for some of them, -+ * since we are only expecting CaseTestExprs to appear in the -+ * "expr" subtree of the CaseWhen nodes. But it doesn't really -+ * seem worth any extra code. If there are any bare CaseTestExprs -+ * elsewhere in the CASE, something's wrong already. -+ */ -+ *flags |= CCDN_IN_CASEEXPR; -+ res = expression_tree_walker(node, -+ contain_context_dependent_node_walker, -+ (void *) flags); -+ *flags = save_flags; -+ return res; -+ } -+ } -+ return expression_tree_walker(node, contain_context_dependent_node_walker, -+ (void *) flags); -+} -+ -+/***************************************************************************** - * Check clauses for Vars passed to non-leakproof functions - *****************************************************************************/ - -@@ -4230,6 +4302,8 @@ evaluate_function(Oid funcid, Oid result_type, int32 result_typmod, - * doesn't work in the general case because it discards information such - * as OUT-parameter declarations. - * -+ * Also, context-dependent expression nodes in the argument list are trouble. -+ * - * Returns a simplified expression if successful, or NULL if cannot - * simplify the function. - */ -@@ -4424,6 +4498,13 @@ inline_function(Oid funcid, Oid result_type, Oid result_collid, - contain_nonstrict_functions(newexpr)) - goto fail; - -+ /* -+ * If any parameter expression contains a context-dependent node, we can't -+ * inline, for fear of putting such a node into the wrong context. -+ */ -+ if (contain_context_dependent_node((Node *) args)) -+ goto fail; -+ - /* - * We may be able to do it; there are still checks on parameter usage to - * make, but those are most easily done in combination with the actual -diff --git a/src/test/regress/expected/case.out b/src/test/regress/expected/case.out -index c564eed..35b6476 100644 ---- a/src/test/regress/expected/case.out -+++ b/src/test/regress/expected/case.out -@@ -297,7 +297,51 @@ SELECT * FROM CASE_TBL; - (4 rows) - - -- -+-- Nested CASE expressions -+-- -+-- This test exercises a bug caused by aliasing econtext->caseValue_isNull -+-- with the isNull argument of the inner CASE's ExecEvalCase() call. After -+-- evaluating the vol(null) expression in the inner CASE's second WHEN-clause, -+-- the isNull flag for the case test value incorrectly became true, causing -+-- the third WHEN-clause not to match. The volatile function calls are needed -+-- to prevent constant-folding in the planner, which would hide the bug. -+CREATE FUNCTION vol(text) returns text as -+ 'begin return $1; end' language plpgsql volatile; -+SELECT CASE -+ (CASE vol('bar') -+ WHEN 'foo' THEN 'it was foo!' -+ WHEN vol(null) THEN 'null input' -+ WHEN 'bar' THEN 'it was bar!' END -+ ) -+ WHEN 'it was foo!' THEN 'foo recognized' -+ WHEN 'it was bar!' THEN 'bar recognized' -+ ELSE 'unrecognized' END; -+ case -+---------------- -+ bar recognized -+(1 row) -+ -+-- In this case, we can't inline the SQL function without confusing things. -+CREATE DOMAIN foodomain AS text; -+CREATE FUNCTION volfoo(text) returns foodomain as -+ 'begin return $1::foodomain; end' language plpgsql volatile; -+CREATE FUNCTION inline_eq(foodomain, foodomain) returns boolean as -+ 'SELECT CASE $2::text WHEN $1::text THEN true ELSE false END' language sql; -+CREATE OPERATOR = (procedure = inline_eq, -+ leftarg = foodomain, rightarg = foodomain); -+SELECT CASE volfoo('bar') WHEN 'foo'::foodomain THEN 'is foo' ELSE 'is not foo' END; -+ case -+------------ -+ is not foo -+(1 row) -+ -+-- - -- Clean up - -- - DROP TABLE CASE_TBL; - DROP TABLE CASE2_TBL; -+DROP OPERATOR = (foodomain, foodomain); -+DROP FUNCTION inline_eq(foodomain, foodomain); -+DROP FUNCTION volfoo(text); -+DROP DOMAIN foodomain; -+DROP FUNCTION vol(text); -diff --git a/src/test/regress/sql/case.sql b/src/test/regress/sql/case.sql -index 5f41753..b2377e4 100644 ---- a/src/test/regress/sql/case.sql -+++ b/src/test/regress/sql/case.sql -@@ -157,8 +157,51 @@ UPDATE CASE_TBL - SELECT * FROM CASE_TBL; - - -- -+-- Nested CASE expressions -+-- -+ -+-- This test exercises a bug caused by aliasing econtext->caseValue_isNull -+-- with the isNull argument of the inner CASE's ExecEvalCase() call. After -+-- evaluating the vol(null) expression in the inner CASE's second WHEN-clause, -+-- the isNull flag for the case test value incorrectly became true, causing -+-- the third WHEN-clause not to match. The volatile function calls are needed -+-- to prevent constant-folding in the planner, which would hide the bug. -+ -+CREATE FUNCTION vol(text) returns text as -+ 'begin return $1; end' language plpgsql volatile; -+ -+SELECT CASE -+ (CASE vol('bar') -+ WHEN 'foo' THEN 'it was foo!' -+ WHEN vol(null) THEN 'null input' -+ WHEN 'bar' THEN 'it was bar!' END -+ ) -+ WHEN 'it was foo!' THEN 'foo recognized' -+ WHEN 'it was bar!' THEN 'bar recognized' -+ ELSE 'unrecognized' END; -+ -+-- In this case, we can't inline the SQL function without confusing things. -+CREATE DOMAIN foodomain AS text; -+ -+CREATE FUNCTION volfoo(text) returns foodomain as -+ 'begin return $1::foodomain; end' language plpgsql volatile; -+ -+CREATE FUNCTION inline_eq(foodomain, foodomain) returns boolean as -+ 'SELECT CASE $2::text WHEN $1::text THEN true ELSE false END' language sql; -+ -+CREATE OPERATOR = (procedure = inline_eq, -+ leftarg = foodomain, rightarg = foodomain); -+ -+SELECT CASE volfoo('bar') WHEN 'foo'::foodomain THEN 'is foo' ELSE 'is not foo' END; -+ -+-- - -- Clean up - -- - - DROP TABLE CASE_TBL; - DROP TABLE CASE2_TBL; -+DROP OPERATOR = (foodomain, foodomain); -+DROP FUNCTION inline_eq(foodomain, foodomain); -+DROP FUNCTION volfoo(text); -+DROP DOMAIN foodomain; -+DROP FUNCTION vol(text); --- -2.1.4 - diff --git a/SPECS/postgresql/postgresql.signatures.json b/SPECS/postgresql/postgresql.signatures.json index 865190cdc71..3ba8c12ca6a 100644 --- a/SPECS/postgresql/postgresql.signatures.json +++ b/SPECS/postgresql/postgresql.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "postgresql-12.1.tar.bz2": "a09bf3abbaf6763980d0f8acbb943b7629a8b20073de18d867aecdb7988483ed" + "postgresql-12.4.tar.bz2": "bee93fbe2c32f59419cb162bcc0145c58da9a8644ee154a30b9a5ce47de606cc" } } \ No newline at end of file diff --git a/SPECS/postgresql/postgresql.spec b/SPECS/postgresql/postgresql.spec index 9e696b1cc44..fbc8d6a74a5 100644 --- a/SPECS/postgresql/postgresql.spec +++ b/SPECS/postgresql/postgresql.spec @@ -1,39 +1,39 @@ Summary: PostgreSQL database engine Name: postgresql -Version: 12.1 -Release: 3%{?dist} +Version: 12.4 +Release: 1%{?dist} License: PostgreSQL -URL: https://www.postgresql.org -Group: Applications/Databases Vendor: Microsoft Corporation Distribution: Mariner - +Group: Applications/Databases +URL: https://www.postgresql.org Source0: https://ftp.postgresql.org/pub/source/v%{version}/%{name}-%{version}.tar.bz2 + # Common libraries needed BuildRequires: krb5-devel BuildRequires: libxml2-devel BuildRequires: openldap +BuildRequires: openssl-devel BuildRequires: perl BuildRequires: readline-devel -BuildRequires: openssl-devel -BuildRequires: zlib-devel BuildRequires: tzdata +BuildRequires: zlib-devel + +Requires: %{name}-libs = %{version}-%{release} Requires: krb5 Requires: libxml2 Requires: openldap Requires: openssl Requires: readline -Requires: zlib Requires: tzdata - -Requires: %{name}-libs = %{version}-%{release} +Requires: zlib %description PostgreSQL is an object-relational database management system. %package libs -Summary: Libraries for use with PostgreSQL -Group: Applications/Databases +Summary: Libraries for use with PostgreSQL +Group: Applications/Databases %description libs The postgresql-libs package provides the essential shared libraries for any @@ -44,6 +44,7 @@ PostgreSQL server. %package devel Summary: Development files for postgresql. Group: Development/Libraries + Requires: postgresql = %{version}-%{release} %description devel @@ -52,6 +53,7 @@ developing applications that use postgresql. %prep %setup -q + %build sed -i '/DEFAULT_PGSOCKET_DIR/s@/tmp@/run/postgresql@' src/include/pg_config_manual.h && ./configure \ @@ -87,9 +89,11 @@ sudo -u nobody -s /bin/bash -c "PATH=$PATH make -k check" %post -p /sbin/ldconfig %postun -p /sbin/ldconfig + %clean rm -rf %{buildroot}/* + %files %defattr(-,root,root) %license COPYRIGHT @@ -161,56 +165,83 @@ rm -rf %{buildroot}/* %{_libdir}/libpgtypes.a %changelog -* Sat May 09 00:20:43 PST 2020 Nick Samson - 12.1-3 +* Tue Nov 03 2020 Pawel Winogrodzki - 12.4-1 +- Upgrading to 12.4 to fix CVE-2020-14349 and CVE-2020-14350. + +* Sat May 09 2020 Nick Samson - 12.1-3 - Added %%license line automatically -* Thu Mar 26 2020 Henry Beberman 12.1-2 -- Manually run header generation. -* Fri Mar 13 2020 Paul Monson 12.1-1 -- Update to version 12.1. License verified. -* Tue Sep 03 2019 Mateusz Malisz 10.5-2 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Fri Sep 21 2018 Dweep Advani 10.5-1 -- Updated to version 10.5 -* Tue Mar 27 2018 Dheeraj Shetty 9.6.8-1 -- Updated to version 9.6.8 to fix CVE-2018-1058 -* Mon Feb 12 2018 Dheeraj Shetty 9.6.7-1 -- Updated to version 9.6.7 -* Mon Nov 27 2017 Xiaolin Li 9.6.6-1 -- Updated to version 9.6.6 -* Fri Sep 08 2017 Xiaolin Li 9.6.5-1 -- Updated to version 9.6.5 -* Tue Aug 15 2017 Xiaolin Li 9.6.4-1 -- Updated to version 9.6.4 -* Thu Aug 10 2017 Rongrong Qiu 9.6.3-3 -- add sleep 5 when initdb in make check for bug 1900371 -* Wed Jul 05 2017 Divya Thaluru 9.6.3-2 -- Added postgresql-devel -* Tue Jun 06 2017 Divya Thaluru 9.6.3-1 -- Upgraded to 9.6.3 -* Mon Apr 03 2017 Rongrong Qiu 9.6.2-1 -- Upgrade to 9.6.2 for Photon upgrade bump -* Thu Dec 15 2016 Xiaolin Li 9.5.3-6 -- Applied CVE-2016-5423.patch -* Thu Nov 24 2016 Alexey Makhalov 9.5.3-5 -- Required krb5-devel. -* Mon Oct 03 2016 ChangLee 9.5.3-4 -- Modified %check -* Thu May 26 2016 Xiaolin Li 9.5.3-3 -- Add tzdata to buildrequires and requires. -* Tue May 24 2016 Priyesh Padmavilasom 9.5.3-2 -- GA - Bump release of all rpms -* Fri May 20 2016 Divya Thaluru 9.5.3-1 -- Updated to version 9.5.3 -* Wed Apr 13 2016 Michael Paquier 9.5.2-1 -- Updated to version 9.5.2 -* Tue Feb 23 2016 Xiaolin Li 9.5.1-1 -- Updated to version 9.5.1 -* Thu Jan 21 2016 Xiaolin Li 9.5.0-1 -- Updated to version 9.5.0 -* Thu Aug 13 2015 Divya Thaluru 9.4.4-1 -- Update to version 9.4.4. -* Mon Jul 13 2015 Alexey Makhalov 9.4.1-2 -- Exclude /usr/lib/debug -* Fri May 15 2015 Sharath George 9.4.1-1 -- Initial build. First version +* Thu Mar 26 2020 Henry Beberman - 12.1-2 +- Manually run header generation. + +* Fri Mar 13 2020 Paul Monson - 12.1-1 +- Update to version 12.1. License verified. + +* Tue Sep 03 2019 Mateusz Malisz - 10.5-2 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Fri Sep 21 2018 Dweep Advani - 10.5-1 +- Updated to version 10.5 + +* Tue Mar 27 2018 Dheeraj Shetty - 9.6.8-1 +- Updated to version 9.6.8 to fix CVE-2018-1058 + +* Mon Feb 12 2018 Dheeraj Shetty - 9.6.7-1 +- Updated to version 9.6.7 + +* Mon Nov 27 2017 Xiaolin Li - 9.6.6-1 +- Updated to version 9.6.6 + +* Fri Sep 08 2017 Xiaolin Li - 9.6.5-1 +- Updated to version 9.6.5 + +* Tue Aug 15 2017 Xiaolin Li - 9.6.4-1 +- Updated to version 9.6.4 + +* Thu Aug 10 2017 Rongrong Qiu - 9.6.3-3 +- add sleep 5 when initdb in make check for bug 1900371 + +* Wed Jul 05 2017 Divya Thaluru - 9.6.3-2 +- Added postgresql-devel + +* Tue Jun 06 2017 Divya Thaluru - 9.6.3-1 +- Upgraded to 9.6.3 + +* Mon Apr 03 2017 Rongrong Qiu - 9.6.2-1 +- Upgrade to 9.6.2 for Photon upgrade bump + +* Thu Dec 15 2016 Xiaolin Li - 9.5.3-6 +- Applied CVE-2016-5423.patch + +* Thu Nov 24 2016 Alexey Makhalov - 9.5.3-5 +- Required krb5-devel. + +* Mon Oct 03 2016 ChangLee - 9.5.3-4 +- Modified %check + +* Thu May 26 2016 Xiaolin Li - 9.5.3-3 +- Add tzdata to buildrequires and requires. + +* Tue May 24 2016 Priyesh Padmavilasom - 9.5.3-2 +- GA - Bump release of all rpms + +* Fri May 20 2016 Divya Thaluru - 9.5.3-1 +- Updated to version 9.5.3 + +* Wed Apr 13 2016 Michael Paquier - 9.5.2-1 +- Updated to version 9.5.2 + +* Tue Feb 23 2016 Xiaolin Li - 9.5.1-1 +- Updated to version 9.5.1 + +* Thu Jan 21 2016 Xiaolin Li - 9.5.0-1 +- Updated to version 9.5.0 + +* Thu Aug 13 2015 Divya Thaluru - 9.4.4-1 +- Update to version 9.4.4. + +* Mon Jul 13 2015 Alexey Makhalov - 9.4.1-2 +- Exclude /usr/lib/debug + +* Fri May 15 2015 Sharath George - 9.4.1-1 +- Initial build. First version diff --git a/cgmanifest.json b/cgmanifest.json index f957667cb89..d8f97f0816d 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -4036,8 +4036,8 @@ "type": "other", "other": { "name": "postgresql", - "version": "12.1", - "downloadUrl": "https://ftp.postgresql.org/pub/source/v12.1/postgresql-12.1.tar.bz2" + "version": "12.4", + "downloadUrl": "https://ftp.postgresql.org/pub/source/v12.4/postgresql-12.4.tar.bz2" } } }, From cd525707726e5168ab3290ee4173a5bda8b11a93 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Tue, 3 Nov 2020 16:16:06 -0800 Subject: [PATCH 081/145] Updating `nghttp2` to 1.41.0 to fix CVE-2020-11080. (#333) * Updating `nghttp2` to 1.41.0 to fix CVE-2020-11080. * Addressing linter's suggestions. --- SPECS/nghttp2/nghttp2.signatures.json | 2 +- SPECS/nghttp2/nghttp2.spec | 56 +++++++++++++++------------ cgmanifest.json | 4 +- 3 files changed, 34 insertions(+), 28 deletions(-) diff --git a/SPECS/nghttp2/nghttp2.signatures.json b/SPECS/nghttp2/nghttp2.signatures.json index 213d8ac30bd..954a40ef400 100644 --- a/SPECS/nghttp2/nghttp2.signatures.json +++ b/SPECS/nghttp2/nghttp2.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "nghttp2-1.33.0.tar.xz": "4879ce9ff3320f5344b910ee1c46ed5e366edc2272620cf17d8e762724d7df1e" + "nghttp2-1.41.0.tar.xz": "abc25b8dc601f5b3fefe084ce50fcbdc63e3385621bee0cbfa7b57f9ec3e67c2" } } \ No newline at end of file diff --git a/SPECS/nghttp2/nghttp2.spec b/SPECS/nghttp2/nghttp2.spec index 52cc385bd7d..7c263598974 100644 --- a/SPECS/nghttp2/nghttp2.spec +++ b/SPECS/nghttp2/nghttp2.spec @@ -1,30 +1,29 @@ -Summary: nghttp2 is an implementation of HTTP/2 and its header compression algorithm, HPACK. -Name: nghttp2 -Version: 1.33.0 -Release: 3%{?dist} -License: MIT -URL: https://nghttp2.org -Group: Applications/System +Summary: nghttp2 is an implementation of HTTP/2 and its header compression algorithm, HPACK. +Name: nghttp2 +Version: 1.41.0 +Release: 1%{?dist} +License: MIT Vendor: Microsoft Corporation Distribution: Mariner -Source0: https://github.com/nghttp2/nghttp2/releases/download/v%{version}/%{name}-%{version}.tar.xz -%define sha1 nghttp2=0a11f7de6ea8e66fbecc9fe4ddc61b6ab40af469 +Group: Applications/System +URL: https://nghttp2.org +Source0: https://github.com/nghttp2/nghttp2/releases/download/v%{version}/%{name}-%{version}.tar.xz -BuildRequires: c-ares-devel -BuildRequires: openssl-devel -BuildRequires: systemd -BuildRequires: zlib-devel -BuildRequires: libxml2-devel -BuildRequires: libevent-devel -BuildRequires: jansson-devel +BuildRequires: c-ares-devel +BuildRequires: jansson-devel +BuildRequires: libevent-devel +BuildRequires: libxml2-devel +BuildRequires: openssl-devel +BuildRequires: systemd +BuildRequires: zlib-devel %description Implementation of the Hypertext Transfer Protocol version 2 in C. %package devel -Summary: Header files for nghttp2 -#Requires: %{name} -Requires: %{name} = %{version}-%{release} +Summary: Header files for nghttp2 + +Requires: %{name} = %{version}-%{release} %description devel These are the header files of nghttp2. @@ -59,12 +58,19 @@ rm %{buildroot}/%{_libdir}/*.la %{_libdir}/pkgconfig/*.pc %changelog +* Tue Nov 03 2020 Pawel Winogrodzki - 1.41.0-1 +- Upgrading to 1.41.0 to fix CVE-2020-11080. +- License verified. +- Removed %%sha1 macro. + * Sat May 09 00:20:46 PST 2020 Nick Samson - 1.33.0-3 - Added %%license line automatically -* Tue Sep 03 2019 Mateusz Malisz 1.33.0-2 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Fri Sep 7 2018 Him Kalyan Bordoloi 1.33.0-1 -- Upgrade to version 1.33.0 -* Tue Jun 13 2017 Dheeraj Shetty 1.23.1-1 -- First version +* Tue Sep 03 2019 Mateusz Malisz - 1.33.0-2 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Fri Sep 7 2018 Him Kalyan Bordoloi - 1.33.0-1 +- Upgrade to version 1.33.0 + +* Tue Jun 13 2017 Dheeraj Shetty - 1.23.1-1 +- First version diff --git a/cgmanifest.json b/cgmanifest.json index d8f97f0816d..cfbcced970b 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -3326,8 +3326,8 @@ "type": "other", "other": { "name": "nghttp2", - "version": "1.33.0", - "downloadUrl": "https://github.com/nghttp2/nghttp2/releases/download/v1.33.0/nghttp2-1.33.0.tar.xz" + "version": "1.41.0", + "downloadUrl": "https://github.com/nghttp2/nghttp2/releases/download/v1.41.0/nghttp2-1.41.0.tar.xz" } } }, From b6dde3a5e78798014e7d282a4da439755adf7d07 Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Wed, 4 Nov 2020 06:20:10 -0800 Subject: [PATCH 082/145] Patch CVE-2019-12749 in dbus (#267) --- SPECS/dbus/CVE-2019-12749.patch | 116 ++++++++++++++++++++++++++++++++ SPECS/dbus/dbus.spec | 101 +++++++++++++++------------ 2 files changed, 175 insertions(+), 42 deletions(-) create mode 100644 SPECS/dbus/CVE-2019-12749.patch diff --git a/SPECS/dbus/CVE-2019-12749.patch b/SPECS/dbus/CVE-2019-12749.patch new file mode 100644 index 00000000000..213966c67c7 --- /dev/null +++ b/SPECS/dbus/CVE-2019-12749.patch @@ -0,0 +1,116 @@ +From 2a11ab9bbd21066b1508c8673821ba5c6d627321 Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Thu, 30 May 2019 12:53:03 +0100 +Subject: [PATCH] auth: Reject DBUS_COOKIE_SHA1 for users other than the server + owner + +The DBUS_COOKIE_SHA1 authentication mechanism aims to prove ownership +of a shared home directory by having the server write a secret "cookie" +into a .dbus-keyrings subdirectory of the desired identity's home +directory with 0700 permissions, and having the client prove that it can +read the cookie. This never actually worked for non-malicious clients in +the case where server uid != client uid (unless the server and client +both have privileges, such as Linux CAP_DAC_OVERRIDE or traditional +Unix uid 0) because an unprivileged server would fail to write out the +cookie, and an unprivileged client would be unable to read the resulting +file owned by the server. + +Additionally, since dbus 1.7.10 we have checked that ~/.dbus-keyrings +is owned by the uid of the server (a side-effect of a check added to +harden our use of XDG_RUNTIME_DIR), further ruling out successful use +by a non-malicious client with a uid differing from the server's. + +Joe Vennix of Apple Information Security discovered that the +implementation of DBUS_COOKIE_SHA1 was susceptible to a symbolic link +attack: a malicious client with write access to its own home directory +could manipulate a ~/.dbus-keyrings symlink to cause the DBusServer to +read and write in unintended locations. In the worst case this could +result in the DBusServer reusing a cookie that is known to the +malicious client, and treating that cookie as evidence that a subsequent +client connection came from an attacker-chosen uid, allowing +authentication bypass. + +This is mitigated by the fact that by default, the well-known system +dbus-daemon (since 2003) and the well-known session dbus-daemon (in +stable releases since dbus 1.10.0 in 2015) only accept the EXTERNAL +authentication mechanism, and as a result will reject DBUS_COOKIE_SHA1 +at an early stage, before manipulating cookies. As a result, this +vulnerability only applies to: + +* system or session dbus-daemons with non-standard configuration +* third-party dbus-daemon invocations such as at-spi2-core (although + in practice at-spi2-core also only accepts EXTERNAL by default) +* third-party uses of DBusServer such as the one in Upstart + +Avoiding symlink attacks in a portable way is difficult, because APIs +like openat() and Linux /proc/self/fd are not universally available. +However, because DBUS_COOKIE_SHA1 already doesn't work in practice for +a non-matching uid, we can solve this vulnerability in an easier way +without regressions, by rejecting it early (before looking at +~/.dbus-keyrings) whenever the requested identity doesn't match the +identity of the process hosting the DBusServer. + +Signed-off-by: Simon McVittie +Closes: https://gitlab.freedesktop.org/dbus/dbus/issues/269 +Closes: CVE-2019-12749 +--- + dbus/dbus-auth.c | 30 ++++++++++++++++++++++++++++++ + 1 file changed, 30 insertions(+) + +diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c +index 1c5d54587..9e8b2bc09 100644 +--- a/dbus/dbus-auth.c ++++ b/dbus/dbus-auth.c +@@ -529,6 +529,7 @@ sha1_handle_first_client_response (DBusAuth *auth, + DBusString tmp2; + dbus_bool_t retval = FALSE; + DBusError error = DBUS_ERROR_INIT; ++ DBusCredentials *myself = NULL; + + _dbus_string_set_length (&auth->challenge, 0); + +@@ -574,6 +575,34 @@ sha1_handle_first_client_response (DBusAuth *auth, + return FALSE; + } + ++ myself = _dbus_credentials_new_from_current_process (); ++ ++ if (myself == NULL) ++ goto out; ++ ++ if (!_dbus_credentials_same_user (myself, auth->desired_identity)) ++ { ++ /* ++ * DBUS_COOKIE_SHA1 is not suitable for authenticating that the ++ * client is anyone other than the user owning the process ++ * containing the DBusServer: we probably aren't allowed to write ++ * to other users' home directories. Even if we can (for example ++ * uid 0 on traditional Unix or CAP_DAC_OVERRIDE on Linux), we ++ * must not, because the other user controls their home directory, ++ * and could carry out symlink attacks to make us read from or ++ * write to unintended locations. It's difficult to avoid symlink ++ * attacks in a portable way, so we just don't try. This isn't a ++ * regression, because DBUS_COOKIE_SHA1 never worked for other ++ * users anyway. ++ */ ++ _dbus_verbose ("%s: client tried to authenticate as \"%s\", " ++ "but that doesn't match this process", ++ DBUS_AUTH_NAME (auth), ++ _dbus_string_get_const_data (data)); ++ retval = send_rejected (auth); ++ goto out; ++ } ++ + /* we cache the keyring for speed, so here we drop it if it's the + * wrong one. FIXME caching the keyring here is useless since we use + * a different DBusAuth for every connection. +@@ -687,6 +716,7 @@ sha1_handle_first_client_response (DBusAuth *auth, + _dbus_string_free (&tmp); + _dbus_string_zero (&tmp2); + _dbus_string_free (&tmp2); ++ _dbus_clear_credentials (&myself); + + return retval; + } +-- +GitLab diff --git a/SPECS/dbus/dbus.spec b/SPECS/dbus/dbus.spec index ee8b9147e9f..7858fadd11e 100644 --- a/SPECS/dbus/dbus.spec +++ b/SPECS/dbus/dbus.spec @@ -1,41 +1,45 @@ +%{!?_versioneddocdir: %global _versioneddocdir %{_docdir}/%{name}-%{version}} Summary: DBus for systemd Name: dbus Version: 1.13.6 -Release: 3%{?dist} -License: GPLv2+ or AFL -URL: http://www.freedesktop.org/wiki/Software/dbus -Group: Applications/File -Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz -%define sha1 dbus=368c14e3dde9524dd9d0775227ebf3932802c023 +Release: 4%{?dist} +License: GPLv2+ OR AFL Vendor: Microsoft Corporation Distribution: Mariner +Group: Applications/File +URL: https://www.freedesktop.org/wiki/Software/dbus +Source0: https://%{name}.freedesktop.org/releases/%{name}/%{name}-%{version}.tar.gz +Patch0: CVE-2019-12749.patch BuildRequires: expat-devel BuildRequires: systemd-devel BuildRequires: xz-devel Requires: expat Requires: systemd Requires: xz + %description The dbus package contains dbus. -%package devel -Summary: Header and development files -Requires: %{name} = %{version} -Requires: expat-devel +%package devel +Summary: Header and development files +Requires: %{name} = %{version} +Requires: expat-devel + %description devel It contains the libraries and header files to create applications %prep -%setup -q +%autosetup -p1 + %build -./configure --prefix=%{_prefix} \ - --sysconfdir=%{_sysconfdir} \ - --localstatedir=%{_var} \ - --docdir=%{_datadir}/doc/dbus-1.11.12 \ - --enable-libaudit=no --enable-selinux=no \ - --with-console-auth-dir=/run/console +%configure \ + --docdir=%{_versioneddocdir} \ + --enable-libaudit=no \ + --enable-selinux=no \ + --with-console-auth-dir=/run/console make %{?_smp_mflags} + %install make DESTDIR=%{buildroot} install install -vdm755 %{buildroot}%{_lib} @@ -59,9 +63,9 @@ make %{?_smp_mflags} check %{_docdir}/* %{_datadir}/dbus-1 -#%{_sharedstatedir}/* +#%%{_sharedstatedir}/* -%files devel +%files devel %defattr(-,root,root) %{_includedir}/* %{_datadir}/xml/dbus-1 @@ -74,28 +78,41 @@ make %{?_smp_mflags} check %{_libdir}/*.so %changelog -* Sat May 09 00:21:00 PST 2020 Nick Samson - 1.13.6-3 +* Thu Oct 22 2020 Thomas Crain - 1.13.6-4 +- Patch CVE-2019-12749 + +* Sat May 09 2020 Nick Samson - 1.13.6-3 - Added %%license line automatically -* Tue Sep 03 2019 Mateusz Malisz 1.13.6-2 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Mon Sep 10 2018 Ajay Kaher 1.13.6-1 -- Update to 1.13.6 -* Fri Apr 21 2017 Bo Gan 1.11.12-1 -- Update to 1.11.12 -* Tue Dec 20 2016 Xiaolin Li 1.8.8-8 -- Move all header files to devel subpackage. -* Fri Nov 18 2016 Anish Swaminathan 1.8.8-7 -- Change systemd dependency -* Wed Oct 05 2016 ChangLee 1.8.8-6 -- Modified %check -* Tue May 24 2016 Priyesh Padmavilasom 1.8.8-5 -- GA - Bump release of all rpms -* Tue Sep 22 2015 Harish Udaiya Kumar 1.8.8-4 -- Created devel sub-package -* Thu Jun 25 2015 Sharath George 1.8.8-3 -- Remove debug files. -* Mon May 18 2015 Touseef Liaqat 1.8.8-2 -- Update according to UsrMove. -* Sun Apr 06 2014 Sharath George 1.8.8 -- Initial build. First version +* Tue Sep 03 2019 Mateusz Malisz - 1.13.6-2 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Mon Sep 10 2018 Ajay Kaher - 1.13.6-1 +- Update to 1.13.6 + +* Fri Apr 21 2017 Bo Gan - 1.11.12-1 +- Update to 1.11.12 + +* Tue Dec 20 2016 Xiaolin Li - 1.8.8-8 +- Move all header files to devel subpackage. + +* Fri Nov 18 2016 Anish Swaminathan 1.8.8-7 +- Change systemd dependency + +* Wed Oct 05 2016 ChangLee - 1.8.8-6 +- Modified %check + +* Tue May 24 2016 Priyesh Padmavilasom - 1.8.8-5 +- GA - Bump release of all rpms + +* Tue Sep 22 2015 Harish Udaiya Kumar - 1.8.8-4 +- Created devel sub-package + +* Thu Jun 25 2015 Sharath George - 1.8.8-3 +- Remove debug files. + +* Mon May 18 2015 Touseef Liaqat - 1.8.8-2 +- Update according to UsrMove. + +* Sun Apr 06 2014 Sharath George - 1.8.8 +- Initial build. First version From 4239db8249265ede6bfbc4f2f2daaecb159b24bc Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Wed, 4 Nov 2020 06:23:04 -0800 Subject: [PATCH 083/145] Patch CVE-2020-25613 in ruby (#268) * Patch CVE-2020-25613 in ruby * Fix patch --- SPECS/ruby/CVE-2020-25613.patch | 35 ++++++++++++++++++++++ SPECS/ruby/ruby.spec | 52 ++++++++++++++++++++++++++------- 2 files changed, 76 insertions(+), 11 deletions(-) create mode 100644 SPECS/ruby/CVE-2020-25613.patch diff --git a/SPECS/ruby/CVE-2020-25613.patch b/SPECS/ruby/CVE-2020-25613.patch new file mode 100644 index 00000000000..d1b52ed33ba --- /dev/null +++ b/SPECS/ruby/CVE-2020-25613.patch @@ -0,0 +1,35 @@ +From 8946bb38b4d87549f0d99ed73c62c41933f97cc7 Mon Sep 17 00:00:00 2001 +From: Yusuke Endoh +Date: Tue, 29 Sep 2020 13:15:58 +0900 +Subject: [PATCH] Make it more strict to interpret some headers + +Some regexps were too tolerant. +--- + lib/webrick/httprequest.rb | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb +index 294bd91..d34eac7 100644 +--- a/lib/webrick/httprequest.rb ++++ b/lib/webrick/httprequest.rb +@@ -226,9 +226,9 @@ def parse(socket=nil) + raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'." + end + +- if /close/io =~ self["connection"] ++ if /\Aclose\z/io =~ self["connection"] + @keep_alive = false +- elsif /keep-alive/io =~ self["connection"] ++ elsif /\Akeep-alive\z/io =~ self["connection"] + @keep_alive = true + elsif @http_version < "1.1" + @keep_alive = false +@@ -503,7 +503,7 @@ def read_body(socket, block) + return unless socket + if tc = self['transfer-encoding'] + case tc +- when /chunked/io then read_chunked(socket, block) ++ when /\Achunked\z/io then read_chunked(socket, block) + else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}." + end + elsif self['content-length'] || @remaining_size diff --git a/SPECS/ruby/ruby.spec b/SPECS/ruby/ruby.spec index 8fbb4e49624..3a0ac044262 100644 --- a/SPECS/ruby/ruby.spec +++ b/SPECS/ruby/ruby.spec @@ -1,34 +1,39 @@ Summary: Ruby Name: ruby Version: 2.6.6 -Release: 1%{?dist} -License: (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD -URL: https://www.ruby-lang.org/en/ -Group: System Environment/Security +Release: 2%{?dist} +License: (Ruby OR BSD) AND Public Domain AND MIT AND CC0 AND zlib AND UCD Vendor: Microsoft Corporation Distribution: Mariner +Group: System Environment/Security +URL: https://www.ruby-lang.org/en/ Source0: https://cache.ruby-lang.org/pub/ruby/2.6/%{name}-%{version}.tar.xz +Patch0: CVE-2020-25613.patch BuildRequires: openssl-devel -BuildRequires: readline-devel BuildRequires: readline +BuildRequires: readline-devel BuildRequires: tzdata -Requires: openssl Requires: gmp +Requires: openssl + %description The Ruby package contains the Ruby development environment. This is useful for object-oriented scripting. %prep -%setup -q +%autosetup -p1 + %build %configure \ --enable-shared \ --with-compress-debug-sections=no \ --docdir=%{_docdir}/%{name}-%{version} make %{?_smp_mflags} COPY="cp -p" + %install [ %{buildroot} != "/"] && rm -rf %{buildroot}/* make DESTDIR=%{buildroot} install + %check chmod g+w . -R useradd test -G root -m @@ -36,8 +41,7 @@ sudo -u test make check TESTS="-v" %post -p /sbin/ldconfig %postun -p /sbin/ldconfig -%clean -rm -rf %{buildroot}/* + %files %defattr(-,root,root) %license COPYING @@ -53,52 +57,78 @@ rm -rf %{buildroot}/* %{_mandir}/man5/* %changelog -* Thu Oct 15 2020 Emre Girgin 2.6.6-1 -- Upgrade to 2.6.6 to resolve CVEs. +* Thu Oct 22 2020 Thomas Crain - 2.6.6-2 +- Patch CVE-2020-25613 + +* Thu Oct 15 2020 Emre Girgin - 2.6.6-1 +- Upgrade to 2.6.6 to resolve CVEs. + * Sat May 09 00:20:42 PST 2020 Nick Samson - 2.6.3-3 - Added %%license line automatically + * Wed May 06 2020 Pawel Winogrodzki 2.6.3-2 - Removing *Requires for "ca-certificates". + * Fri Mar 13 2020 Paul Monson 2.6.3-1 - Update to version 2.6.3. License verified. + * Mon Feb 3 2020 Andrew Phelps 2.5.3-3 - Disable compressing debug sections + * Tue Sep 03 2019 Mateusz Malisz 2.5.3-2 - Initial CBL-Mariner import from Photon (license: Apache2). + * Tue Jan 01 2019 Sujay G 2.5.3-1 - Update to version 2.5.3, to fix CVE-2018-16395 & CVE-2018-16396 + * Tue Sep 11 2018 srinidhira0 2.5.1-1 - Update to version 2.5.1 + * Fri Jan 12 2018 Xiaolin Li 2.4.3-2 - Fix CVE-2017-17790 + * Wed Jan 03 2018 Xiaolin Li 2.4.3-1 - Update to version 2.4.3, fix CVE-2017-17405 + * Fri Sep 29 2017 Xiaolin Li 2.4.2-1 - Update to version 2.4.2 + * Fri Sep 15 2017 Xiaolin Li 2.4.1-5 - [security] CVE-2017-14064 + * Tue Sep 05 2017 Chang Lee 2.4.1-4 - Built with copy preserve mode and fixed %check + * Mon Jul 24 2017 Priyesh Padmavilasom 2.4.1-3 - [security] CVE-2017-9228 + * Tue Jun 13 2017 Priyesh Padmavilasom 2.4.1-2 - [security] CVE-2017-9224,CVE-2017-9225 - [security] CVE-2017-9227,CVE-2017-9229 + * Thu Apr 13 2017 Siju Maliakkal 2.4.1-1 - Update to latest 2.4.1 + * Wed Jan 18 2017 Anish Swaminathan 2.4.0-1 - Update to 2.4.0 - Fixes CVE-2016-2339 + * Mon Oct 10 2016 ChangLee 2.3.0-4 - Modified %check + * Tue May 24 2016 Priyesh Padmavilasom 2.3.0-3 - GA - Bump release of all rpms + * Wed Mar 09 2016 Divya Thaluru 2.3.0-2 - Adding readline support + * Wed Jan 20 2016 Priyesh Padmavilasom 2.3.0-1 - Updated to 2.3.0-1 + * Tue Apr 28 2015 Fabio Rapposelli 2.2.1-2 - Added SSL support + * Mon Apr 6 2015 Mahmoud Bassiouny 2.2.1-1 - Version upgrade to 2.2.1 + * Fri Oct 10 2014 Divya Thaluru 2.1.3-1 - Initial build. First version From 172fef1cf5e85de14773641c3af58e3900b421fd Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Wed, 4 Nov 2020 10:21:07 -0800 Subject: [PATCH 084/145] Updating `clamav` to 0.103.0. (#278) --- SPECS/clamav/clamav.signatures.json | 2 +- SPECS/clamav/clamav.spec | 6 ++++-- cgmanifest.json | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/SPECS/clamav/clamav.signatures.json b/SPECS/clamav/clamav.signatures.json index 1e5420d890d..63fbbd12831 100644 --- a/SPECS/clamav/clamav.signatures.json +++ b/SPECS/clamav/clamav.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "clamav-0.101.2.tar.gz": "0a12ebdf6ff7a74c0bde2bdc2b55cae33449e6dd953ec90824a9e01291277634" + "clamav-0.103.0.tar.gz": "32a9745277bfdda80e77ac9ca2f5990897418e9416880f3c31553ca673e80546" } } \ No newline at end of file diff --git a/SPECS/clamav/clamav.spec b/SPECS/clamav/clamav.spec index 6ba7e9f22ff..f393317db4b 100644 --- a/SPECS/clamav/clamav.spec +++ b/SPECS/clamav/clamav.spec @@ -3,8 +3,8 @@ Summary: Open source antivirus engine Name: clamav -Version: 0.101.2 -Release: 3%{?dist} +Version: 0.103.0 +Release: 1%{?dist} License: ASL 2.0 and BSD and bzip2-1.0.4 and GPLv2 and LGPLv2+ and MIT and Public Domain and UnRar Group: System Environment/Security Vendor: Microsoft Corporation @@ -66,6 +66,8 @@ make %{?_smp_mflags} check %changelog +* Tue Oct 27 2020 Pawel Winogrodzki 0.103.0-1 +- Updating to 0.103.0 to fix: CVE-2019-12625, CVE-2019-15961. * Mon Oct 19 2020 Pawel Winogrodzki 0.101.2-3 - License verified. - Added %%license macro. diff --git a/cgmanifest.json b/cgmanifest.json index cfbcced970b..815a36c81ac 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -525,8 +525,8 @@ "type": "other", "other": { "name": "clamav", - "version": "0.101.2", - "downloadUrl": "https://www.clamav.net/downloads/production/clamav-0.101.2.tar.gz" + "version": "0.103.0", + "downloadUrl": "https://www.clamav.net/downloads/production/clamav-0.103.0.tar.gz" } } }, From 22ee5318959d0513dba1cedf7c68f2016194e736 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Wed, 4 Nov 2020 10:29:29 -0800 Subject: [PATCH 085/145] Fixing CVE-2020-15705 in `grub2`. (#319) * Applying spec linter's suggestions. * Adding a patch for CVE-2020-15705. --- .../grub2-efi-binary-signed-aarch64.spec | 14 +- .../grub2-efi-binary-signed-x64.spec | 14 +- SPECS/grub2/CVE-2020-15705.patch | 75 ++++ SPECS/grub2/grub2.spec | 335 ++++++++++-------- 4 files changed, 277 insertions(+), 161 deletions(-) create mode 100644 SPECS/grub2/CVE-2020-15705.patch diff --git a/SPECS-SIGNED/grub2-efi-binary-signed-aarch64/grub2-efi-binary-signed-aarch64.spec b/SPECS-SIGNED/grub2-efi-binary-signed-aarch64/grub2-efi-binary-signed-aarch64.spec index 1a539e29a5d..bfb5d43560c 100644 --- a/SPECS-SIGNED/grub2-efi-binary-signed-aarch64/grub2-efi-binary-signed-aarch64.spec +++ b/SPECS-SIGNED/grub2-efi-binary-signed-aarch64/grub2-efi-binary-signed-aarch64.spec @@ -2,12 +2,11 @@ Summary: Signed GRand Unified Bootloader for aarch64 systems Name: grub2-efi-binary-signed-aarch64 Version: 2.02 -Release: 24%{?dist} -URL: https://www.gnu.org/software/grub +Release: 25%{?dist} License: GPLv3+ Vendor: Microsoft Corporation Distribution: Mariner - +URL: https://www.gnu.org/software/grub # This package's "version" and "release" must reflect the unsigned version that # was signed. # An important consequence is that when making a change to this package, the @@ -22,10 +21,8 @@ Distribution: Mariner # 4. Build this spec Source0: grub2-efi-unsigned-%{version}-%{release}.aarch64.rpm Source1: grubaa64.efi - -ExclusiveArch: aarch64 - Conflicts: grub2-efi-binary +ExclusiveArch: aarch64 %description This package contains the GRUB EFI image signed for secure boot. The package is @@ -43,5 +40,8 @@ cp %{SOURCE1} %{buildroot}/boot/efi/EFI/BOOT/grubaa64.efi /boot/efi/EFI/BOOT/grubaa64.efi %changelog +* Tue Nov 03 2020 Pawel Winogrodzki - 2.02-25 +- Updating release to be aligned with the unsigned bits. + * Thu Aug 13 2020 Chris Co 2.02-24 -- Original version for CBL-Mariner. \ No newline at end of file +- Original version for CBL-Mariner. diff --git a/SPECS-SIGNED/grub2-efi-binary-signed-x64/grub2-efi-binary-signed-x64.spec b/SPECS-SIGNED/grub2-efi-binary-signed-x64/grub2-efi-binary-signed-x64.spec index b90a7dcc136..965cf6c4668 100644 --- a/SPECS-SIGNED/grub2-efi-binary-signed-x64/grub2-efi-binary-signed-x64.spec +++ b/SPECS-SIGNED/grub2-efi-binary-signed-x64/grub2-efi-binary-signed-x64.spec @@ -2,12 +2,11 @@ Summary: Signed GRand Unified Bootloader for x86_64 systems Name: grub2-efi-binary-signed-x64 Version: 2.02 -Release: 24%{?dist} -URL: https://www.gnu.org/software/grub +Release: 25%{?dist} License: GPLv3+ Vendor: Microsoft Corporation Distribution: Mariner - +URL: https://www.gnu.org/software/grub # This package's "version" and "release" must reflect the unsigned version that # was signed. # An important consequence is that when making a change to this package, the @@ -22,10 +21,8 @@ Distribution: Mariner # 4. Build this spec Source0: grub2-efi-unsigned-%{version}-%{release}.x86_64.rpm Source1: grubx64.efi - -ExclusiveArch: x86_64 - Conflicts: grub2-efi-binary +ExclusiveArch: x86_64 %description This package contains the GRUB EFI image signed for secure boot. The package is @@ -43,5 +40,8 @@ cp %{SOURCE1} %{buildroot}/boot/efi/EFI/BOOT/grubx64.efi /boot/efi/EFI/BOOT/grubx64.efi %changelog +* Tue Nov 03 2020 Pawel Winogrodzki - 2.02-25 +- Updating release to be aligned with the unsigned bits. + * Thu Aug 13 2020 Chris Co 2.02-24 -- Original version for CBL-Mariner. \ No newline at end of file +- Original version for CBL-Mariner. diff --git a/SPECS/grub2/CVE-2020-15705.patch b/SPECS/grub2/CVE-2020-15705.patch new file mode 100644 index 00000000000..b8269075157 --- /dev/null +++ b/SPECS/grub2/CVE-2020-15705.patch @@ -0,0 +1,75 @@ +###################################### PATCH NOTICE ####################################### + +From Pawel Winogrodzki : + +The patch below has been backported to CBL-Mariner's version of the code. +Retained original version in terms of code changes, only affected line numbers have been +modified in order to be able to apply the patch. + +############################## ORIGINAL PATCH BELOW THIS LINE ############################## +commit 53d1b600123f4a8229a6bc43ffb27ebeaf9a4917 +Author: Dimitri John Ledkov +Date: Wed Jul 22 11:31:43 2020 +0100 + + linuxefi: fail kernel validation without shim protocol. + + If certificates that signed grub are installed into db, grub can be + booted directly. It will then boot any kernel without signature + validation. The booted kernel will think it was booted in secureboot + mode and will implement lockdown, yet it could have been tampered. + + CVE-2020-15705 + + Reported-by: Mathieu Trudel-Lapierre + Signed-off-by: Dimitri John Ledkov + +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index a1ac7a3..83b19b7 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -328,7 +328,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); + + rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size); +- if (rc < 0) ++ if (rc <= 0) + { + grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); + goto fail; +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 80f4492..6e741f4 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -1084,6 +1084,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + + return 0; + } ++ // -1 fall-through to fail + + fail: + if (dev) +diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c +index 0622dfa..c42c47c 100644 +--- a/grub-core/loader/efi/linux.c ++++ b/grub-core/loader/efi/linux.c +@@ -33,6 +33,7 @@ struct grub_efi_shim_lock + }; + typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; + ++// Returns 1 on success, -1 on error, 0 when not available + int + grub_linuxefi_secure_validate (void *data, grub_uint32_t size) + { +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index ea9f513..9318fdb 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -202,7 +202,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_print_error(); + + rc = grub_linuxefi_secure_validate (kernel, filelen); +- if (rc < 0) ++ if (rc <= 0) + { + grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), + argv[0]); diff --git a/SPECS/grub2/grub2.spec b/SPECS/grub2/grub2.spec index 0efc527c2c4..4d16dc1af79 100644 --- a/SPECS/grub2/grub2.spec +++ b/SPECS/grub2/grub2.spec @@ -3,141 +3,153 @@ Summary: GRand Unified Bootloader Name: grub2 Version: 2.02 -Release: 24%{?dist} +Release: 25%{?dist} License: GPLv3+ -URL: https://www.gnu.org/software/grub -Group: Applications/System Vendor: Microsoft Corporation Distribution: Mariner +Group: Applications/System +URL: https://www.gnu.org/software/grub Source0: ftp://ftp.gnu.org/gnu/grub/grub-2.02.tar.xz -Patch0: release-to-master.patch -Patch1: 0001-Add-support-for-Linux-EFI-stub-loading.patch -Patch2: 0002-Rework-linux-command.patch -Patch3: 0003-Rework-linux16-command.patch -Patch4: 0004-Add-secureboot-support-on-efi-chainloader.patch -Patch5: 0005-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch -Patch6: 0006-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch - +Patch0: release-to-master.patch +Patch1: 0001-Add-support-for-Linux-EFI-stub-loading.patch +Patch2: 0002-Rework-linux-command.patch +Patch3: 0003-Rework-linux16-command.patch +Patch4: 0004-Add-secureboot-support-on-efi-chainloader.patch +Patch5: 0005-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch +Patch6: 0006-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch # CVE-2015-8370 -Patch7: 0067-Fix-security-issue-when-reading-username-and-passwor.patch - -Patch8: 0127-Core-TPM-support.patch -Patch9: 0128-Measure-kernel-initrd.patch -Patch10: 0131-Measure-the-kernel-commandline.patch -Patch11: 0132-Measure-commands.patch -Patch12: 0133-Measure-multiboot-images-and-modules.patch -Patch13: 0135-Rework-TPM-measurements.patch -Patch14: 0136-Fix-event-log-prefix.patch -Patch15: 0139-Make-TPM-errors-less-fatal.patch -Patch16: 0156-TPM-Fix-hash_log_extend_event-function-prototype.patch -Patch17: 0157-TPM-Fix-compiler-warnings.patch -Patch18: 0216-Disable-multiboot-multiboot2-and-linux16-modules-on-.patch -Patch19: 0224-Rework-how-the-fdt-command-builds.patch - +Patch7: 0067-Fix-security-issue-when-reading-username-and-passwor.patch +Patch8: 0127-Core-TPM-support.patch +Patch9: 0128-Measure-kernel-initrd.patch +Patch10: 0131-Measure-the-kernel-commandline.patch +Patch11: 0132-Measure-commands.patch +Patch12: 0133-Measure-multiboot-images-and-modules.patch +Patch13: 0135-Rework-TPM-measurements.patch +Patch14: 0136-Fix-event-log-prefix.patch +Patch15: 0139-Make-TPM-errors-less-fatal.patch +Patch16: 0156-TPM-Fix-hash_log_extend_event-function-prototype.patch +Patch17: 0157-TPM-Fix-compiler-warnings.patch +Patch18: 0216-Disable-multiboot-multiboot2-and-linux16-modules-on-.patch +Patch19: 0224-Rework-how-the-fdt-command-builds.patch # These patches are not required but help to apply the BootHole patches and are # low risk to take on (mostly just additional security or bug fixes) -Patch20: 0001-chainloader-Fix-gcc9-error-Waddress-of-packed-member.patch -Patch21: 0001-efi-Fix-gcc9-error-Waddress-of-packed-member.patch -Patch22: 0001-hfsplus-Fix-gcc9-error-with-Waddress-of-packed-membe.patch -Patch23: 0001-btrfs-Move-the-error-logging-from-find_device-to-its.patch -Patch24: 0001-btrfs-Avoid-a-rescan-for-a-device-which-was-already-.patch -Patch25: 0001-multiboot2-Set-min-address-for-mbi-allocation-to-0x1.patch -Patch26: 0001-Add-missing-strtoull_test.c.patch -Patch27: 0001-misc-Make-grub_strtol-end-pointers-have-safer-const-.patch +Patch20: 0001-chainloader-Fix-gcc9-error-Waddress-of-packed-member.patch +Patch21: 0001-efi-Fix-gcc9-error-Waddress-of-packed-member.patch +Patch22: 0001-hfsplus-Fix-gcc9-error-with-Waddress-of-packed-membe.patch +Patch23: 0001-btrfs-Move-the-error-logging-from-find_device-to-its.patch +Patch24: 0001-btrfs-Avoid-a-rescan-for-a-device-which-was-already-.patch +Patch25: 0001-multiboot2-Set-min-address-for-mbi-allocation-to-0x1.patch +Patch26: 0001-Add-missing-strtoull_test.c.patch +Patch27: 0001-misc-Make-grub_strtol-end-pointers-have-safer-const-.patch # Start of BootHole security patches # CVE-2020-10713 - 0001-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch -Patch28: CVE-2020-10713.patch -Patch29: 0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch -Patch30: 0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch +Patch28: CVE-2020-10713.patch +Patch29: 0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch +Patch30: 0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch # CVE-2020-14308 - 0004-calloc-Use-calloc-at-most-places.patch -Patch31: CVE-2020-14308.patch +Patch31: CVE-2020-14308.patch # CVE-2020-14309 - 0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch # CVE-2020-14310 - 0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch # CVE-2020-14311 - 0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch -Patch32: CVE-2020-14309.patch -Patch33: CVE-2020-14310.nopatch -Patch34: CVE-2020-14311.nopatch -Patch35: 0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch -Patch36: 0007-font-Do-not-load-more-than-one-NAME-section.patch -Patch37: 0008-gfxmenu-Fix-double-free-in-load_image.patch -Patch38: 0009-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch +Patch32: CVE-2020-14309.patch +Patch33: CVE-2020-14310.nopatch +Patch34: CVE-2020-14311.nopatch +Patch35: 0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch +Patch36: 0007-font-Do-not-load-more-than-one-NAME-section.patch +Patch37: 0008-gfxmenu-Fix-double-free-in-load_image.patch +Patch38: 0009-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch # Ignore the json double-free patch. Grub added a json library well after 2.02. # Revisit this if we want to enable LUKS2 encryption. # 0010-json-Avoid-a-double-free-when-parsing-fails.patch -Patch39: 0011-lzma-Make-sure-we-don-t-dereference-past-array.patch -Patch40: 0012-term-Fix-overflow-on-user-inputs.patch -Patch41: 0013-udf-Fix-memory-leak.patch +Patch39: 0011-lzma-Make-sure-we-don-t-dereference-past-array.patch +Patch40: 0012-term-Fix-overflow-on-user-inputs.patch +Patch41: 0013-udf-Fix-memory-leak.patch # Ignore the multiboot memleak patch. The patch is to fix a memleak that was # introduced with Grub's verifiers feature, which landed after 2.02. # Revisit this if we want to enable the verifiers feature. # 0014-multiboot2-Fix-memory-leak-if-grub_create_loader_cmd.patch -Patch42: 0015-tftp-Do-not-use-priority-queue.patch -Patch43: 0016-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch -Patch44: 0017-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch -Patch45: 0018-script-Remove-unused-fields-from-grub_script_functio.patch +Patch42: 0015-tftp-Do-not-use-priority-queue.patch +Patch43: 0016-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch +Patch44: 0017-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch +Patch45: 0018-script-Remove-unused-fields-from-grub_script_functio.patch # CVE-2020-15706 - 0019-script-Avoid-a-use-after-free-when-redefining-a-func.patch -Patch46: CVE-2020-15706.patch -Patch47: 0020-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch -Patch48: 0021-hfsplus-Fix-two-more-overflows.patch -Patch49: 0022-lvm-Fix-two-more-potential-data-dependent-alloc-over.patch -Patch50: 0023-emu-Make-grub_free-NULL-safe.patch -Patch51: 0024-efi-Fix-some-malformed-device-path-arithmetic-errors.patch -Patch52: 0025-efi-chainloader-Propagate-errors-from-copy_file_path.patch -Patch53: 0026-efi-Fix-use-after-free-in-halt-reboot-path.patch -Patch54: 0027-loader-linux-Avoid-overflow-on-initrd-size-calculati.patch +Patch46: CVE-2020-15706.patch +Patch47: 0020-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch +Patch48: 0021-hfsplus-Fix-two-more-overflows.patch +Patch49: 0022-lvm-Fix-two-more-potential-data-dependent-alloc-over.patch +Patch50: 0023-emu-Make-grub_free-NULL-safe.patch +Patch51: 0024-efi-Fix-some-malformed-device-path-arithmetic-errors.patch +Patch52: 0025-efi-chainloader-Propagate-errors-from-copy_file_path.patch +Patch53: 0026-efi-Fix-use-after-free-in-halt-reboot-path.patch +Patch54: 0027-loader-linux-Avoid-overflow-on-initrd-size-calculati.patch # CVE-2020-15707 - 0028-linux-Fix-integer-overflows-in-initrd-size-handling.patch -Patch55: CVE-2020-15707.patch +Patch55: CVE-2020-15707.patch +# CVE-2020-15705 - 0029-linuxefi-fail-kernel-validation-without-shim-protocol.patch +# Patch adjusted to CBL-Mariner's git code. See comments inside the patch for more info. +# Original version: https://bugzilla.suse.com/attachment.cgi?id=839944 (https://bugzilla.suse.com/show_bug.cgi?id=1174421). +Patch56: CVE-2020-15705.patch + # End of BootHole security patches -Patch100: 0001-efinet-do-not-start-EFI-networking-at-module-init-ti.patch +Patch100: 0001-efinet-do-not-start-EFI-networking-at-module-init-ti.patch BuildRequires: device-mapper-devel -BuildRequires: xz-devel BuildRequires: systemd-devel -Requires: xz -Requires: device-mapper +BuildRequires: xz-devel + +Requires: device-mapper +Requires: xz + %description The GRUB package contains the GRand Unified Bootloader. %package lang -Summary: Additional language files for grub -Group: System Environment/Programming -Requires: %{name} = %{version} +Summary: Additional language files for grub +Group: System Environment/Programming + +Requires: %{name} = %{version} + %description lang These are the additional language files of grub. %ifarch x86_64 %package pc -Summary: GRUB Library for BIOS -Group: System Environment/Programming -Requires: %{name} = %{version} +Summary: GRUB Library for BIOS +Group: System Environment/Programming + +Requires: %{name} = %{version} + %description pc Additional library files for grub %endif %package efi -Summary: GRUB Library for UEFI -Group: System Environment/Programming -Requires: %{name} = %{version} +Summary: GRUB Library for UEFI +Group: System Environment/Programming + +Requires: %{name} = %{version} + %description efi Additional library files for grub %package efi-unsigned -Summary: Unsigned GRUB UEFI image -Group: System Environment/Base +Summary: Unsigned GRUB UEFI image +Group: System Environment/Base + %description efi-unsigned Unsigned GRUB UEFI image %package efi-binary -Summary: GRUB UEFI image -Group: System Environment/Base +Summary: GRUB UEFI image +Group: System Environment/Base + %description efi-binary GRUB UEFI bootloader binaries %prep -%setup -qn grub-%{version} +%setup -q -n grub-%{version} %patch0 -p1 %patch1 -p1 %patch2 -p1 @@ -196,6 +208,7 @@ GRUB UEFI bootloader binaries %patch53 -p1 %patch54 -p1 %patch55 -p1 +%patch56 -p1 %build ./autogen.sh @@ -275,12 +288,12 @@ chmod 600 %{buildroot}/boot/%{name}/grub.cfg rm -rf %{buildroot}%{_infodir} # Generate grub efi image -install -d %{buildroot}/usr/share/grub2-efi +install -d %{buildroot}%{_datadir}/grub2-efi %ifarch x86_64 -./install-for-efi/usr/bin/grub2-mkimage -d ./install-for-efi/usr/lib/grub/x86_64-efi/ -o %{buildroot}/usr/share/grub2-efi/grubx64.efi -p /boot/grub2 -O x86_64-efi fat iso9660 part_gpt part_msdos normal boot linux configfile loopback chain efifwsetup efi_gop efi_uga ls search search_label search_fs_uuid search_fs_file gfxterm gfxterm_background gfxterm_menu test all_video loadenv exfat ext2 udf halt gfxmenu png tga lsefi help probe echo lvm cryptodisk luks gcry_rijndael gcry_sha512 +./install-for-efi/usr/bin/grub2-mkimage -d ./install-for-efi/usr/lib/grub/x86_64-efi/ -o %{buildroot}%{_datadir}/grub2-efi/grubx64.efi -p /boot/grub2 -O x86_64-efi fat iso9660 part_gpt part_msdos normal boot linux configfile loopback chain efifwsetup efi_gop efi_uga ls search search_label search_fs_uuid search_fs_file gfxterm gfxterm_background gfxterm_menu test all_video loadenv exfat ext2 udf halt gfxmenu png tga lsefi help probe echo lvm cryptodisk luks gcry_rijndael gcry_sha512 %endif %ifarch aarch64 -./install-for-efi/usr/bin/grub2-mkimage -d ./install-for-efi/usr/lib/grub/arm64-efi/ -o %{buildroot}/usr/share/grub2-efi/grubaa64.efi -p /boot/grub2 -O arm64-efi fat iso9660 part_gpt part_msdos normal boot linux configfile loopback chain efifwsetup efi_gop ls search search_label search_fs_uuid search_fs_file gfxterm gfxterm_background gfxterm_menu test all_video loadenv exfat ext2 udf halt gfxmenu png tga lsefi help probe echo lvm cryptodisk luks gcry_rijndael gcry_sha512 +./install-for-efi/usr/bin/grub2-mkimage -d ./install-for-efi/usr/lib/grub/arm64-efi/ -o %{buildroot}%{_datadir}/grub2-efi/grubaa64.efi -p /boot/grub2 -O arm64-efi fat iso9660 part_gpt part_msdos normal boot linux configfile loopback chain efifwsetup efi_gop ls search search_label search_fs_uuid search_fs_file gfxterm gfxterm_background gfxterm_menu test all_video loadenv exfat ext2 udf halt gfxmenu png tga lsefi help probe echo lvm cryptodisk luks gcry_rijndael gcry_sha512 %endif # Install to efi directory @@ -292,12 +305,12 @@ install -d $EFI_BOOT_DIR %ifarch x86_64 GRUB_MODULE_NAME=grubx64.efi -GRUB_MODULE_SOURCE=%{buildroot}/usr/share/grub2-efi/grubx64.efi +GRUB_MODULE_SOURCE=%{buildroot}%{_datadir}/grub2-efi/grubx64.efi %endif %ifarch aarch64 GRUB_MODULE_NAME=grubaa64.efi -GRUB_MODULE_SOURCE=%{buildroot}/usr/share/grub2-efi/grubaa64.efi +GRUB_MODULE_SOURCE=%{buildroot}%{_datadir}/grub2-efi/grubaa64.efi %endif cp $GRUB_MODULE_SOURCE $EFI_BOOT_DIR/$GRUB_MODULE_NAME @@ -328,12 +341,13 @@ cp $GRUB_MODULE_SOURCE $EFI_BOOT_DIR/$GRUB_MODULE_NAME %ifarch x86_64 %files pc %{_libdir}/grub/i386-pc + %files efi %{_libdir}/grub/x86_64-efi %endif %files efi-unsigned -/usr/share/grub2-efi/* +%{_datadir}/grub2-efi/* %files efi-binary %ifarch x86_64 @@ -353,64 +367,91 @@ cp $GRUB_MODULE_SOURCE $EFI_BOOT_DIR/$GRUB_MODULE_NAME %{_datarootdir}/locale/* %changelog -* Thu Aug 13 2020 Chris Co 2.02-24 -- Remove signed subpackage and macro -* Thu Jul 30 2020 Chris Co 2.02-23 -- Fix CVE-2020-10713 (BootHole) -- Fix CVE-2020-14308 -- Fix CVE-2020-14309 -- Fix CVE-2020-14310 -- Fix CVE-2020-14311 -- Fix CVE-2020-15706 -- Fix CVE-2020-15707 -* Wed Jul 22 2020 Joe Schmitt 2.02-22 -- Always include Patch100, but conditionally apply it. -- Switch URL to https. -* Tue Jun 30 2020 Nicolas Ontiveros 2.02-21 -- Add cryptodisk, luks, gcry_rijndael and gcry_sha512 modules to EFI files. -* Fri Jun 19 2020 Chris Co 2.02-20 -- Add grub2-efi-binary subpackage -- Add grub2-efi-binary-signed subpackage and macros for adding offline signed grub binaries -* Mon Jun 01 2020 Henry Beberman 2.02-19 -- Address compilation errors from hardened cflags. -* Tue May 26 2020 Emre Girgin 2.02-18 -- Change /boot directory permissions to 600. -* Fri May 22 2020 Chris Co - 2.02-17 -- Create grubaa64.efi as part of the grub2-efi-unsigned subpackage -* Wed May 13 2020 Nick Samson - 2.02-16 -- Added %%license line automatically -* Mon May 11 2020 Chris Co 2.02-15 -- Create new grub2-efi-unsigned subpackage containing grubx64.efi -* Thu Apr 30 2020 Chris Co 2.02-14 -- Add fdt rework patch to fix aarch64 build errors -- Enable aarch64 build -* Tue Sep 03 2019 Mateusz Malisz 2.02-13 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Thu Feb 21 2019 Alexey Makhalov 2.02-12 -- Update grub version from ~rc3 to release. -- Enhance SB + TPM support (19 patches from grub2-2.02-70.fc30) -- Remove i386-pc modules from grub2-efi -* Fri Jan 25 2019 Alexey Makhalov 2.02-11 -- Disable efinet for aarch64 to workwround NXP ls1012a frwy PFE bug. -* Tue Nov 14 2017 Alexey Makhalov 2.02-10 -- Aarch64 support -* Fri Jun 2 2017 Bo Gan 2.02-9 -- Split grub2 to grub2 and grub2-pc, remove grub2-efi spec -* Fri Apr 14 2017 Alexey Makhalov 2.02-8 -- Version update to 2.02~rc2 -* Fri Nov 18 2016 Anish Swaminathan 2.02-7 -- Add fix for CVE-2015-8370 -* Fri Nov 18 2016 Anish Swaminathan 2.02-6 -- Change systemd dependency -* Thu Oct 06 2016 ChangLee 2.02-5 -- Modified %check -* Tue May 24 2016 Priyesh Padmavilasom 2.02-4 -- GA - Bump release of all rpms -* Fri Oct 02 2015 Divya Thaluru 2.02-3 -- Adding patch to boot entries with out password. -* Wed Jul 22 2015 Divya Thaluru 2.02-2 -- Changing program name from grub to grub2. -* Mon Jun 29 2015 Divya Thaluru 2.02-1 -- Updating grub to 2.02 -* Wed Nov 5 2014 Divya Thaluru 2.00-1 -- Initial build. First version +* Fri Oct 30 2020 Pawel Winogrodzki - 2.02-25 +- Fix CVE-2020-15705 (BootHole cont.). + +* Thu Aug 13 2020 Chris Co - 2.02-24 +- Remove signed subpackage and macro + +* Thu Jul 30 2020 Chris Co - 2.02-23 +- Fix CVE-2020-10713 (BootHole) +- Fix CVE-2020-14308 +- Fix CVE-2020-14309 +- Fix CVE-2020-14310 +- Fix CVE-2020-14311 +- Fix CVE-2020-15706 +- Fix CVE-2020-15707 + +* Wed Jul 22 2020 Joe Schmitt - 2.02-22 +- Always include Patch100, but conditionally apply it. +- Switch URL to https. + +* Tue Jun 30 2020 Nicolas Ontiveros - 2.02-21 +- Add cryptodisk, luks, gcry_rijndael and gcry_sha512 modules to EFI files. + +* Fri Jun 19 2020 Chris Co - 2.02-20 +- Add grub2-efi-binary subpackage +- Add grub2-efi-binary-signed subpackage and macros for adding offline signed grub binaries + +* Mon Jun 01 2020 Henry Beberman - 2.02-19 +- Address compilation errors from hardened cflags. + +* Tue May 26 2020 Emre Girgin - 2.02-18 +- Change /boot directory permissions to 600. + +* Fri May 22 2020 Chris Co - 2.02-17 +- Create grubaa64.efi as part of the grub2-efi-unsigned subpackage + +* Wed May 13 2020 Nick Samson - 2.02-16 +- Added %%license line automatically + +* Mon May 11 2020 Chris Co - 2.02-15 +- Create new grub2-efi-unsigned subpackage containing grubx64.efi + +* Thu Apr 30 2020 Chris Co - 2.02-14 +- Add fdt rework patch to fix aarch64 build errors +- Enable aarch64 build + +* Tue Sep 03 2019 Mateusz Malisz - 2.02-13 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Thu Feb 21 2019 Alexey Makhalov - 2.02-12 +- Update grub version from ~rc3 to release. +- Enhance SB + TPM support (19 patches from grub2-2.02-70.fc30) +- Remove i386-pc modules from grub2-efi + +* Fri Jan 25 2019 Alexey Makhalov - 2.02-11 +- Disable efinet for aarch64 to workwround NXP ls1012a frwy PFE bug. + +* Tue Nov 14 2017 Alexey Makhalov - 2.02-10 +- Aarch64 support + +* Fri Jun 2 2017 Bo Gan - 2.02-9 +- Split grub2 to grub2 and grub2-pc, remove grub2-efi spec + +* Fri Apr 14 2017 Alexey Makhalov - 2.02-8 +- Version update to 2.02~rc2 + +* Fri Nov 18 2016 Anish Swaminathan - 2.02-7 +- Add fix for CVE-2015-8370 + +* Fri Nov 18 2016 Anish Swaminathan - 2.02-6 +- Change systemd dependency + +* Thu Oct 06 2016 ChangLee - 2.02-5 +- Modified %check + +* Tue May 24 2016 Priyesh Padmavilasom - 2.02-4 +- GA - Bump release of all rpms + +* Fri Oct 02 2015 Divya Thaluru - 2.02-3 +- Adding patch to boot entries with out password. + +* Wed Jul 22 2015 Divya Thaluru - 2.02-2 +- Changing program name from grub to grub2. + +* Mon Jun 29 2015 Divya Thaluru - 2.02-1 +- Updating grub to 2.02 + +* Wed Nov 5 2014 Divya Thaluru - 2.00-1 +- Initial build. First version From 157fad7d83e4d6dad278ae8196adab6426454306 Mon Sep 17 00:00:00 2001 From: Christopher Co Date: Wed, 4 Nov 2020 10:57:49 -0800 Subject: [PATCH 086/145] Update kernel to 5.4.72, Address 54 kernel CVEs, Add license file (#273) Update kernel source to 5.4.72. New kernel source contains fixes for many kernel CVEs flagged by our tooling so address the CVEs. As part of this update, also add the kernel COPYING file to the packages missing the license file. --- .../kernel-signed-aarch64.spec | 85 +- .../kernel-signed-x64/kernel-signed-x64.spec | 85 +- .../hyperv-daemons.signatures.json | 2 +- SPECS/hyperv-daemons/hyperv-daemons.spec | 100 +- .../kernel-headers.signatures.json | 2 +- SPECS/kernel-headers/kernel-headers.spec | 236 ++-- SPECS/kernel-hyperv/config | 29 +- .../kernel-hyperv.signatures.json | 4 +- SPECS/kernel-hyperv/kernel-hyperv.spec | 1070 ++++++++------ SPECS/kernel/CVE-1999-0524.nopatch | 3 + SPECS/kernel/CVE-1999-0656.nopatch | 2 + SPECS/kernel/CVE-2007-4998.nopatch | 2 + SPECS/kernel/CVE-2008-4609.nopatch | 2 + SPECS/kernel/CVE-2009-4484.nopatch | 2 + SPECS/kernel/CVE-2010-0298.nopatch | 3 + SPECS/kernel/CVE-2010-0309.nopatch | 3 + SPECS/kernel/CVE-2010-4563.nopatch | 1 + SPECS/kernel/CVE-2011-0640.nopatch | 4 + SPECS/kernel/CVE-2011-2519.nopatch | 2 + SPECS/kernel/CVE-2015-5738.nopatch | 2 + SPECS/kernel/CVE-2017-8244.nopatch | 2 + SPECS/kernel/CVE-2017-8245.nopatch | 2 + SPECS/kernel/CVE-2017-8246.nopatch | 2 + SPECS/kernel/CVE-2018-1000026.nopatch | 3 + SPECS/kernel/CVE-2018-16880.nopatch | 3 + SPECS/kernel/CVE-2019-19338.nopatch | 10 + SPECS/kernel/CVE-2019-20794.nopatch | 4 + SPECS/kernel/CVE-2019-20810.nopatch | 3 + SPECS/kernel/CVE-2019-3016.nopatch | 16 + SPECS/kernel/CVE-2019-3819.nopatch | 3 + SPECS/kernel/CVE-2019-3887.nopatch | 7 + SPECS/kernel/CVE-2020-10690.nopatch | 3 + SPECS/kernel/CVE-2020-10711.nopatch | 3 + SPECS/kernel/CVE-2020-10766.nopatch | 3 + SPECS/kernel/CVE-2020-10767.nopatch | 3 + SPECS/kernel/CVE-2020-10768.nopatch | 3 + SPECS/kernel/CVE-2020-10781.nopatch | 3 + SPECS/kernel/CVE-2020-10942.nopatch | 3 + SPECS/kernel/CVE-2020-11608.nopatch | 3 + SPECS/kernel/CVE-2020-11609.nopatch | 3 + SPECS/kernel/CVE-2020-12464.nopatch | 3 + SPECS/kernel/CVE-2020-12465.nopatch | 3 + SPECS/kernel/CVE-2020-12656.nopatch | 2 + SPECS/kernel/CVE-2020-12659.nopatch | 3 + SPECS/kernel/CVE-2020-12768.nopatch | 3 + SPECS/kernel/CVE-2020-12826.nopatch | 3 + SPECS/kernel/CVE-2020-12888.nopatch | 3 + SPECS/kernel/CVE-2020-14314.nopatch | 3 + SPECS/kernel/CVE-2020-14331.nopatch | 3 + SPECS/kernel/CVE-2020-14356.nopatch | 3 + SPECS/kernel/CVE-2020-14385.nopatch | 3 + SPECS/kernel/CVE-2020-14386.nopatch | 3 + SPECS/kernel/CVE-2020-14390.nopatch | 3 + SPECS/kernel/CVE-2020-15780.nopatch | 3 + SPECS/kernel/CVE-2020-16166.nopatch | 3 + SPECS/kernel/CVE-2020-25211.nopatch | 3 + SPECS/kernel/CVE-2020-25212.nopatch | 3 + SPECS/kernel/CVE-2020-25284.nopatch | 3 + SPECS/kernel/CVE-2020-25285.nopatch | 3 + SPECS/kernel/CVE-2020-25641.nopatch | 3 + SPECS/kernel/CVE-2020-25643.nopatch | 3 + SPECS/kernel/CVE-2020-25645.nopatch | 3 + SPECS/kernel/CVE-2020-26088.nopatch | 3 + SPECS/kernel/config | 29 +- SPECS/kernel/config_aarch64 | 25 +- .../e1000e-add-support-for-comet-lake.patch | 51 - SPECS/kernel/kernel.signatures.json | 6 +- SPECS/kernel/kernel.spec | 1248 ++++++++++------- cgmanifest.json | 16 +- .../manifests/package/pkggen_core_aarch64.txt | 2 +- .../manifests/package/pkggen_core_x86_64.txt | 2 +- .../manifests/package/toolchain_aarch64.txt | 2 +- .../manifests/package/toolchain_x86_64.txt | 2 +- .../toolchain/container/toolchain-md5sums | 2 +- .../container/toolchain-remote-wget-list | 2 +- .../container/toolchain_build_in_chroot.sh | 8 +- .../container/toolchain_build_temp_tools.sh | 8 +- 77 files changed, 1929 insertions(+), 1263 deletions(-) create mode 100644 SPECS/kernel/CVE-1999-0524.nopatch create mode 100644 SPECS/kernel/CVE-1999-0656.nopatch create mode 100644 SPECS/kernel/CVE-2007-4998.nopatch create mode 100644 SPECS/kernel/CVE-2008-4609.nopatch create mode 100644 SPECS/kernel/CVE-2009-4484.nopatch create mode 100644 SPECS/kernel/CVE-2010-0298.nopatch create mode 100644 SPECS/kernel/CVE-2010-0309.nopatch create mode 100644 SPECS/kernel/CVE-2010-4563.nopatch create mode 100644 SPECS/kernel/CVE-2011-0640.nopatch create mode 100644 SPECS/kernel/CVE-2011-2519.nopatch create mode 100644 SPECS/kernel/CVE-2015-5738.nopatch create mode 100644 SPECS/kernel/CVE-2017-8244.nopatch create mode 100644 SPECS/kernel/CVE-2017-8245.nopatch create mode 100644 SPECS/kernel/CVE-2017-8246.nopatch create mode 100644 SPECS/kernel/CVE-2018-1000026.nopatch create mode 100644 SPECS/kernel/CVE-2018-16880.nopatch create mode 100644 SPECS/kernel/CVE-2019-19338.nopatch create mode 100644 SPECS/kernel/CVE-2019-20794.nopatch create mode 100644 SPECS/kernel/CVE-2019-20810.nopatch create mode 100644 SPECS/kernel/CVE-2019-3016.nopatch create mode 100644 SPECS/kernel/CVE-2019-3819.nopatch create mode 100644 SPECS/kernel/CVE-2019-3887.nopatch create mode 100644 SPECS/kernel/CVE-2020-10690.nopatch create mode 100644 SPECS/kernel/CVE-2020-10711.nopatch create mode 100644 SPECS/kernel/CVE-2020-10766.nopatch create mode 100644 SPECS/kernel/CVE-2020-10767.nopatch create mode 100644 SPECS/kernel/CVE-2020-10768.nopatch create mode 100644 SPECS/kernel/CVE-2020-10781.nopatch create mode 100644 SPECS/kernel/CVE-2020-10942.nopatch create mode 100644 SPECS/kernel/CVE-2020-11608.nopatch create mode 100644 SPECS/kernel/CVE-2020-11609.nopatch create mode 100644 SPECS/kernel/CVE-2020-12464.nopatch create mode 100644 SPECS/kernel/CVE-2020-12465.nopatch create mode 100644 SPECS/kernel/CVE-2020-12656.nopatch create mode 100644 SPECS/kernel/CVE-2020-12659.nopatch create mode 100644 SPECS/kernel/CVE-2020-12768.nopatch create mode 100644 SPECS/kernel/CVE-2020-12826.nopatch create mode 100644 SPECS/kernel/CVE-2020-12888.nopatch create mode 100644 SPECS/kernel/CVE-2020-14314.nopatch create mode 100644 SPECS/kernel/CVE-2020-14331.nopatch create mode 100644 SPECS/kernel/CVE-2020-14356.nopatch create mode 100644 SPECS/kernel/CVE-2020-14385.nopatch create mode 100644 SPECS/kernel/CVE-2020-14386.nopatch create mode 100644 SPECS/kernel/CVE-2020-14390.nopatch create mode 100644 SPECS/kernel/CVE-2020-15780.nopatch create mode 100644 SPECS/kernel/CVE-2020-16166.nopatch create mode 100644 SPECS/kernel/CVE-2020-25211.nopatch create mode 100644 SPECS/kernel/CVE-2020-25212.nopatch create mode 100644 SPECS/kernel/CVE-2020-25284.nopatch create mode 100644 SPECS/kernel/CVE-2020-25285.nopatch create mode 100644 SPECS/kernel/CVE-2020-25641.nopatch create mode 100644 SPECS/kernel/CVE-2020-25643.nopatch create mode 100644 SPECS/kernel/CVE-2020-25645.nopatch create mode 100644 SPECS/kernel/CVE-2020-26088.nopatch delete mode 100644 SPECS/kernel/e1000e-add-support-for-comet-lake.patch diff --git a/SPECS-SIGNED/kernel-signed-aarch64/kernel-signed-aarch64.spec b/SPECS-SIGNED/kernel-signed-aarch64/kernel-signed-aarch64.spec index b5863ca549a..4d9215d9fe3 100644 --- a/SPECS-SIGNED/kernel-signed-aarch64/kernel-signed-aarch64.spec +++ b/SPECS-SIGNED/kernel-signed-aarch64/kernel-signed-aarch64.spec @@ -1,14 +1,14 @@ %global debug_package %{nil} +%define uname_r %{version}-%{release} Summary: Signed Linux Kernel for aarch64 systems Name: kernel-signed-aarch64 -Version: 5.4.51 -Release: 11%{?dist} +Version: 5.4.72 +Release: 1%{?dist} License: GPLv2 -URL: https://github.com/microsoft/WSL2-Linux-Kernel -Group: System Environment/Kernel Vendor: Microsoft Corporation Distribution: Mariner - +Group: System Environment/Kernel +URL: https://github.com/microsoft/WSL2-Linux-Kernel # This package's "version" and "release" must reflect the unsigned version that # was signed. # An important consequence is that when making a change to this package, the @@ -23,18 +23,13 @@ Distribution: Mariner # 4. Build this spec Source0: kernel-%{version}-%{release}.aarch64.rpm Source1: vmlinuz-%{version}-%{release} - -ExclusiveArch: aarch64 - BuildRequires: cpio Requires: filesystem Requires: kmod Requires(post): coreutils Requires(postun): coreutils - Conflicts: kernel - -%define uname_r %{version}-%{release} +ExclusiveArch: aarch64 %description This package contains the Linux kernel package with kernel signed with the production key @@ -85,29 +80,45 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %config %{_localstatedir}/lib/initramfs/kernel/%{uname_r} %changelog -* Fri Oct 16 2020 Suresh Babu Chalamalasetty 5.4.51-11 -- Update release number -* Fri Oct 02 2020 Chris Co 5.4.51-10 -- Update release number to match kernel spec -* Fri Oct 02 2020 Chris Co 5.4.51-9 -- Update release number -* Wed Sep 30 2020 Emre Girgin 5.4.51-8 -- Update postun script to deal with removal in case of another installed kernel. -* Fri Sep 25 2020 Suresh Babu Chalamalasetty 5.4.51-7 -- Update release number -* Wed Sep 23 2020 Daniel McIlvaney 5.4.51-6 -- Update release number -* Thu Sep 03 2020 Daniel McIlvaney 5.4.51-5 -- Update release number -* Thu Sep 03 2020 Chris Co 5.4.51-4 -- Update release number -* Thu Sep 03 2020 Chris Co 5.4.51-3 -- Add missing requires -* Tue Sep 01 2020 Chris Co 5.4.51-2 -- Update release number -* Wed Aug 19 2020 Chris Co 5.4.51-1 -- Update source to 5.4.51 -* Wed Aug 19 2020 Chris Co 5.4.42-12 -- Update release number -* Tue Aug 18 2020 Chris Co 5.4.42-11 -- Original version for CBL-Mariner. +* Mon Oct 26 2020 Chris Co - 5.4.72-1 +- Update source to 5.4.72 +- Lint spec + +* Fri Oct 16 2020 Suresh Babu Chalamalasetty - 5.4.51-11 +- Update release number + +* Fri Oct 02 2020 Chris Co - 5.4.51-10 +- Update release number to match kernel spec + +* Fri Oct 02 2020 Chris Co - 5.4.51-9 +- Update release number + +* Wed Sep 30 2020 Emre Girgin - 5.4.51-8 +- Update postun script to deal with removal in case of another installed kernel. + +* Fri Sep 25 2020 Suresh Babu Chalamalasetty - 5.4.51-7 +- Update release number + +* Wed Sep 23 2020 Daniel McIlvaney - 5.4.51-6 +- Update release number + +* Thu Sep 03 2020 Daniel McIlvaney - 5.4.51-5 +- Update release number + +* Thu Sep 03 2020 Chris Co - 5.4.51-4 +- Update release number + +* Thu Sep 03 2020 Chris Co - 5.4.51-3 +- Add missing requires + +* Tue Sep 01 2020 Chris Co - 5.4.51-2 +- Update release number + +* Wed Aug 19 2020 Chris Co - 5.4.51-1 +- Update source to 5.4.51 + +* Wed Aug 19 2020 Chris Co - 5.4.42-12 +- Update release number + +* Tue Aug 18 2020 Chris Co - 5.4.42-11 +- Original version for CBL-Mariner. diff --git a/SPECS-SIGNED/kernel-signed-x64/kernel-signed-x64.spec b/SPECS-SIGNED/kernel-signed-x64/kernel-signed-x64.spec index d5aa308a4af..99686c97b14 100644 --- a/SPECS-SIGNED/kernel-signed-x64/kernel-signed-x64.spec +++ b/SPECS-SIGNED/kernel-signed-x64/kernel-signed-x64.spec @@ -1,14 +1,14 @@ %global debug_package %{nil} +%define uname_r %{version}-%{release} Summary: Signed Linux Kernel for x86_64 systems Name: kernel-signed-x64 -Version: 5.4.51 -Release: 11%{?dist} +Version: 5.4.72 +Release: 1%{?dist} License: GPLv2 -URL: https://github.com/microsoft/WSL2-Linux-Kernel -Group: System Environment/Kernel Vendor: Microsoft Corporation Distribution: Mariner - +Group: System Environment/Kernel +URL: https://github.com/microsoft/WSL2-Linux-Kernel # This package's "version" and "release" must reflect the unsigned version that # was signed. # An important consequence is that when making a change to this package, the @@ -23,18 +23,13 @@ Distribution: Mariner # 4. Build this spec Source0: kernel-%{version}-%{release}.x86_64.rpm Source1: vmlinuz-%{version}-%{release} - -ExclusiveArch: x86_64 - BuildRequires: cpio Requires: filesystem Requires: kmod Requires(post): coreutils Requires(postun): coreutils - Conflicts: kernel - -%define uname_r %{version}-%{release} +ExclusiveArch: x86_64 %description This package contains the Linux kernel package with kernel signed with the production key @@ -85,29 +80,45 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %config %{_localstatedir}/lib/initramfs/kernel/%{uname_r} %changelog -* Fri Oct 16 2020 Suresh Babu Chalamalasetty 5.4.51-11 -- Update release number -* Fri Oct 02 2020 Chris Co 5.4.51-10 -- Update release number to match kernel spec -* Fri Oct 02 2020 Chris Co 5.4.51-9 -- Update release number -* Wed Sep 30 2020 Emre Girgin 5.4.51-8 -- Update postun script to deal with removal in case of another installed kernel. -* Fri Sep 25 2020 Suresh Babu Chalamalasetty 5.4.51-7 -- Update release number -* Wed Sep 23 2020 Daniel McIlvaney 5.4.51-6 -- Update release number -* Thu Sep 03 2020 Daniel McIlvaney 5.4.51-5 -- Update release number -* Thu Sep 03 2020 Chris Co 5.4.51-4 -- Update release number -* Thu Sep 03 2020 Chris Co 5.4.51-3 -- Add missing requires -* Tue Sep 01 2020 Chris Co 5.4.51-2 -- Update release number -* Wed Aug 19 2020 Chris Co 5.4.51-1 -- Update source to 5.4.51 -* Wed Aug 19 2020 Chris Co 5.4.42-12 -- Update release number -* Tue Aug 18 2020 Chris Co 5.4.42-11 -- Original version for CBL-Mariner. +* Mon Oct 26 2020 Chris Co - 5.4.72-1 +- Update source to 5.4.72 +- Lint spec + +* Fri Oct 16 2020 Suresh Babu Chalamalasetty - 5.4.51-11 +- Update release number + +* Fri Oct 02 2020 Chris Co - 5.4.51-10 +- Update release number to match kernel spec + +* Fri Oct 02 2020 Chris Co - 5.4.51-9 +- Update release number + +* Wed Sep 30 2020 Emre Girgin - 5.4.51-8 +- Update postun script to deal with removal in case of another installed kernel. + +* Fri Sep 25 2020 Suresh Babu Chalamalasetty - 5.4.51-7 +- Update release number + +* Wed Sep 23 2020 Daniel McIlvaney - 5.4.51-6 +- Update release number + +* Thu Sep 03 2020 Daniel McIlvaney - 5.4.51-5 +- Update release number + +* Thu Sep 03 2020 Chris Co - 5.4.51-4 +- Update release number + +* Thu Sep 03 2020 Chris Co - 5.4.51-3 +- Add missing requires + +* Tue Sep 01 2020 Chris Co - 5.4.51-2 +- Update release number + +* Wed Aug 19 2020 Chris Co - 5.4.51-1 +- Update source to 5.4.51 + +* Wed Aug 19 2020 Chris Co - 5.4.42-12 +- Update release number + +* Tue Aug 18 2020 Chris Co - 5.4.42-11 +- Original version for CBL-Mariner. diff --git a/SPECS/hyperv-daemons/hyperv-daemons.signatures.json b/SPECS/hyperv-daemons/hyperv-daemons.signatures.json index 7c8319a6e19..7049cf65e6e 100644 --- a/SPECS/hyperv-daemons/hyperv-daemons.signatures.json +++ b/SPECS/hyperv-daemons/hyperv-daemons.signatures.json @@ -6,6 +6,6 @@ "hypervkvpd.service": "25339871302f7a47e1aecfa9fc2586c78bc37edb98773752f0a5dec30f0ed3a1", "hypervvss.rules": "94cead44245ef6553ab79c0bbac8419e3ff4b241f01bcec66e6f508098cbedd1", "hypervvssd.service": "22270d9f0f23af4ea7905f19c1d5d5495e40c1f782cbb87a99f8aec5a011078d", - "linux-msft-5.4.51.tar.gz": "3bcd6b09e952fac4f708614658b508ce80c8e25c04780b6b44a481b1479a08e7" + "linux-msft-5.4.72.tar.gz": "3407ccf8505595ae3e7a7b30c206190a0762f3e202f21f9de88a8d59e182ddef" } } \ No newline at end of file diff --git a/SPECS/hyperv-daemons/hyperv-daemons.spec b/SPECS/hyperv-daemons/hyperv-daemons.spec index 73376f872cf..6fbea1e32a4 100644 --- a/SPECS/hyperv-daemons/hyperv-daemons.spec +++ b/SPECS/hyperv-daemons/hyperv-daemons.spec @@ -6,52 +6,46 @@ %global hv_fcopy_daemon hypervfcopyd # udev rules prefix %global udev_prefix 70 - Summary: Hyper-V daemons suite Name: hyperv-daemons -Version: 5.4.51 -Release: 2%{?dist} +Version: 5.4.72 +Release: 1%{?dist} License: GPLv2+ -URL: https://github.com/microsoft/WSL2-Linux-Kernel -Group: System/Kernel Vendor: Microsoft Corporation Distribution: Mariner +Group: System/Kernel +URL: https://github.com/microsoft/WSL2-Linux-Kernel Source0: https://github.com/microsoft/WSL2-Linux-Kernel/archive/linux-msft-%{version}.tar.gz - # HYPERV KVP DAEMON -Source1: hypervkvpd.service -Source2: hypervkvp.rules - +Source1: hypervkvpd.service +Source2: hypervkvp.rules # HYPERV VSS DAEMON -Source101: hypervvssd.service -Source102: hypervvss.rules - +Source101: hypervvssd.service +Source102: hypervvss.rules # HYPERV FCOPY DAEMON -Source201: hypervfcopyd.service -Source202: hypervfcopy.rules - +Source201: hypervfcopyd.service +Source202: hypervfcopy.rules +BuildRequires: gcc +Requires: hypervfcopyd = %{version}-%{release} +Requires: hypervkvpd = %{version}-%{release} +Requires: hypervvssd = %{version}-%{release} # Hyper-V is available only on x86 architectures # The base empty (a.k.a. virtual) package can not be noarch # due to http://www.rpm.org/ticket/78 ExclusiveArch: x86_64 -Requires: hypervkvpd = %{version}-%{release} -Requires: hypervvssd = %{version}-%{release} -Requires: hypervfcopyd = %{version}-%{release} -BuildRequires: gcc - %description Suite of daemons that are needed when Linux guest is running on Windows Host with Hyper-V. - %package -n hypervkvpd -Summary: Hyper-V key value pair (KVP) daemon -Requires: %{name}-license = %{version}-%{release} -BuildRequires: systemd, kernel-headers -Requires(post): systemd -Requires(preun): systemd +Summary: Hyper-V key value pair (KVP) daemon +BuildRequires: kernel-headers +BuildRequires: systemd +Requires: %{name}-license = %{version}-%{release} +Requires(post): systemd Requires(postun): systemd +Requires(preun): systemd %description -n hypervkvpd Hypervkvpd is an implementation of Hyper-V key value pair (KVP) @@ -60,14 +54,14 @@ kernel driver. After this is done it collects information requested by Windows Host about the Linux Guest. It also supports IP injection functionality on the Guest. - %package -n hypervvssd -Summary: Hyper-V VSS daemon -Requires: %{name}-license = %{version}-%{release} -BuildRequires: systemd, kernel-headers -Requires(post): systemd -Requires(preun): systemd +Summary: Hyper-V VSS daemon +BuildRequires: kernel-headers +BuildRequires: systemd +Requires: %{name}-license = %{version}-%{release} +Requires(post): systemd Requires(postun): systemd +Requires(preun): systemd %description -n hypervvssd Hypervvssd is an implementation of Hyper-V VSS functionality @@ -77,14 +71,14 @@ kernel driver. After this is done it waits for instructions from Windows Host if to "freeze" or "thaw" the filesystem on the Linux Guest. - %package -n hypervfcopyd -Summary: Hyper-V FCOPY daemon -Requires: %{name}-license = %{version}-%{release} -BuildRequires: systemd, kernel-headers -Requires(post): systemd -Requires(preun): systemd +Summary: Hyper-V FCOPY daemon +BuildRequires: kernel-headers +BuildRequires: systemd +Requires: %{name}-license = %{version}-%{release} +Requires(post): systemd Requires(postun): systemd +Requires(preun): systemd %description -n hypervfcopyd Hypervfcopyd is an implementation of file copy service functionality @@ -93,17 +87,16 @@ a file (over VMBUS) into the Linux Guest. The daemon first registers with the kernel driver. After this is done it waits for instructions from Windows Host. - %package license -Summary: License of the Hyper-V daemons suite -BuildArch: noarch +Summary: License of the Hyper-V daemons suite +BuildArch: noarch %description license Contains license of the Hyper-V daemons suite. %package -n hyperv-tools -Summary: Tools for Hyper-V guests -BuildArch: noarch +Summary: Tools for Hyper-V guests +BuildArch: noarch %description -n hyperv-tools Contains tools and scripts useful for Hyper-V guests. @@ -115,21 +108,20 @@ Contains tools and scripts useful for Hyper-V guests. pushd tools/hv # HYPERV KVP DAEMON -%{__cc} $RPM_OPT_FLAGS -c hv_kvp_daemon.c +%{__cc} %{optflags} -c hv_kvp_daemon.c %{__cc} $RPM_LD_FLAGS hv_kvp_daemon.o -o %{hv_kvp_daemon} # HYPERV VSS DAEMON -%{__cc} $RPM_OPT_FLAGS -c hv_vss_daemon.c +%{__cc} %{optflags} -c hv_vss_daemon.c %{__cc} $RPM_LD_FLAGS hv_vss_daemon.o -o %{hv_vss_daemon} # HYPERV FCOPY DAEMON -%{__cc} $RPM_OPT_FLAGS -c hv_fcopy_daemon.c +%{__cc} %{optflags} -c hv_fcopy_daemon.c %{__cc} $RPM_LD_FLAGS hv_fcopy_daemon.o -o %{hv_fcopy_daemon} popd %install -rm -rf %{buildroot} mkdir -p %{buildroot}%{_sbindir} install -p -m 0755 tools/hv/%{hv_kvp_daemon} %{buildroot}%{_sbindir} @@ -174,7 +166,6 @@ if [ "$1" -eq "0" ] ; then rm -rf %{_sharedstatedir}/hyperv || : fi - %post -n hypervvssd if [ $1 -gt 1 ] ; then # Upgrade @@ -187,7 +178,6 @@ fi %preun -n hypervvssd %systemd_preun hypervvssd.service - %post -n hypervfcopyd if [ $1 -gt 1 ] ; then # Upgrade @@ -200,7 +190,6 @@ fi %preun -n hypervfcopyd %systemd_preun hypervfcopyd.service - %files # the base package does not contain any files. @@ -228,15 +217,18 @@ fi %files -n hyperv-tools %{_sbindir}/lsvmbus - %changelog -* Tue Sep 01 2020 Chris Co 5.4.51-2 +* Mon Oct 26 2020 Chris Co - 5.4.72-1 +- Update source to 5.4.72 +- Lint spec + +* Tue Sep 01 2020 Chris Co - 5.4.51-2 - Update source hash -* Wed Aug 19 2020 Chris Co 5.4.51-1 +* Wed Aug 19 2020 Chris Co - 5.4.51-1 - Update source to 5.4.51 -* Tue Jun 16 2020 Paul Monson 5.4.42-1 +* Tue Jun 16 2020 Paul Monson - 5.4.42-1 - Initial CBL-Mariner import from Fedora 32 (license: MIT) - Update to match version 5.4.42 of the kernel. diff --git a/SPECS/kernel-headers/kernel-headers.signatures.json b/SPECS/kernel-headers/kernel-headers.signatures.json index 5b8cb3407f4..77d9da1173f 100644 --- a/SPECS/kernel-headers/kernel-headers.signatures.json +++ b/SPECS/kernel-headers/kernel-headers.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "linux-msft-5.4.51.tar.gz": "3bcd6b09e952fac4f708614658b508ce80c8e25c04780b6b44a481b1479a08e7" + "linux-msft-5.4.72.tar.gz": "3407ccf8505595ae3e7a7b30c206190a0762f3e202f21f9de88a8d59e182ddef" } } \ No newline at end of file diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec index 02722f4bd62..2d83909dec2 100644 --- a/SPECS/kernel-headers/kernel-headers.spec +++ b/SPECS/kernel-headers/kernel-headers.spec @@ -1,21 +1,25 @@ Summary: Linux API header files Name: kernel-headers -Version: 5.4.51 -Release: 2%{?dist} +Version: 5.4.72 +Release: 1%{?dist} License: GPLv2 -URL: https://github.com/microsoft/WSL2-Linux-Kernel -Group: System Environment/Kernel Vendor: Microsoft Corporation Distribution: Mariner +Group: System Environment/Kernel +URL: https://github.com/microsoft/WSL2-Linux-Kernel Source0: https://github.com/microsoft/WSL2-Linux-Kernel/archive/linux-msft-%{version}.tar.gz BuildArch: noarch + %description The Linux API Headers expose the kernel's API for use by Glibc. + %prep %setup -q -n WSL2-Linux-Kernel-linux-msft-%{version} + %build make mrproper make headers_check + %install cd %{_builddir}/WSL2-Linux-Kernel-linux-msft-%{version} make headers @@ -23,94 +27,144 @@ find usr/include -name '.*' -delete rm usr/include/Makefile mkdir -p /%{buildroot}%{_includedir} cp -rv usr/include/* /%{buildroot}%{_includedir} + %files %defattr(-,root,root) +%license COPYING %{_includedir}/* + %changelog -* Tue Sep 01 2020 Chris Co 5.4.51-2 -- Update source hash -* Wed Aug 19 2020 Chris Co 5.4.51-1 -- Update source to 5.4.51 -* Fri Jun 12 2020 Chris Co 5.4.42-1 -- Update source to 5.4.42 -* Thu Apr 30 2020 Emre Girgin 5.4.23-2 -- Renaming linux-api-headers to kernel-headers -* Tue Dec 10 2019 Chris Co 5.4.23-1 -- Update to Microsoft Linux Kernel 5.4.23. -- Use make headers since with 5.4, headers_install now requires rsync. -* Tue Sep 03 2019 Mateusz Malisz 4.19.52-2 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Mon Jun 17 2019 Srivatsa S. Bhat (VMware) 4.19.52-1 -- Update to version 4.19.52 -* Tue May 07 2019 Ajay Kaher 4.19.40-1 -- Update to version 4.19.40 -* Wed Mar 27 2019 Srivatsa S. Bhat (VMware) 4.19.32-1 -- Update to version 4.19.32 -* Thu Mar 14 2019 Srivatsa S. Bhat (VMware) 4.19.29-1 -- Update to version 4.19.29 -* Tue Mar 05 2019 Ajay Kaher 4.19.26-1 -- Update to version 4.19.26 -* Tue Jan 15 2019 Srivatsa S. Bhat (VMware) 4.19.15-1 -- Update to version 4.19.15 -* Mon Dec 10 2018 Srivatsa S. Bhat (VMware) 4.19.6-1 -- Update to version 4.19.6 -* Mon Nov 05 2018 Srivatsa S. Bhat (VMware) 4.19.1-1 -- Update to version 4.19.1 -* Thu Sep 20 2018 Srivatsa S. Bhat 4.18.9-1 -- Update to version 4.18.9 -* Wed Sep 19 2018 Srivatsa S. Bhat 4.14.67-1 -- Update to version 4.14.67 -* Mon Jul 09 2018 Him Kalyan Bordoloi 4.14.54-1 -- Update to version 4.14.54 -* Fri Dec 22 2017 Alexey Makhalov 4.14.8-1 -- Version update -* Mon Dec 04 2017 Srivatsa S. Bhat 4.9.66-1 -- Version update -* Tue Nov 21 2017 Srivatsa S. Bhat 4.9.64-1 -- Version update -* Mon Nov 06 2017 Srivatsa S. Bhat 4.9.60-1 -- Version update -* Thu Oct 05 2017 Srivatsa S. Bhat 4.9.53-1 -- Version update -* Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-1 -- Version update -* Mon Sep 04 2017 Alexey Makhalov 4.9.47-1 -- Version update -* Mon Aug 14 2017 Alexey Makhalov 4.9.43-1 -- Version update -* Wed Jun 28 2017 Alexey Makhalov 4.9.34-1 -- Version update -* Fri May 26 2017 Alexey Makhalov 4.9.30-1 -- Version update -* Tue May 16 2017 Alexey Makhalov 4.9.28-1 -- Version update -* Wed May 10 2017 Alexey Makhalov 4.9.27-1 -- Update to linux-4.9.27 -* Sun May 7 2017 Alexey Makhalov 4.9.26-1 -- Update to linux-4.9.26 -* Tue Apr 25 2017 Alexey Makhalov 4.9.24-1 -- Update to linux-4.9.24 -* Tue Feb 28 2017 Alexey Makhalov 4.9.13-1 -- Update to linux-4.9.13 -* Thu Feb 09 2017 Alexey Makhalov 4.9.9-1 -- Update to linux-4.9.9 -* Tue Jan 10 2017 Alexey Makhalov 4.9.2-1 -- Update to linux-4.9.2 -* Mon Dec 12 2016 Alexey Makhalov 4.9.0-1 -- Update to linux-4.9.0 -* Mon Nov 28 2016 Alexey Makhalov 4.4.35-1 -- Update to linux-4.4.35 -* Thu Nov 10 2016 Alexey Makhalov 4.4.31-1 -- Update to linux-4.4.31 -* Wed Sep 7 2016 Alexey Makhalov 4.4.20-1 -- Update kernel version to 4.4.20 -* Tue May 24 2016 Priyesh Padmavilasom 4.4.8-2 -- GA - Bump release of all rpms -* Thu Apr 28 2016 Alexey Makhalov 4.4.8-1 -- Update to linux-4.4.8 -* Wed Dec 16 2015 Harish Udaiya Kumar 4.2.0-1 -- Upgrading kernel version to 4.2.0. -* Wed Aug 12 2015 Sharath George 4.0.9-1 -- Upgrading kernel version. -* Wed Nov 5 2014 Divya Thaluru 3.13.3-1 -- Initial build. First version +* Mon Oct 26 2020 Chris Co - 5.4.72-1 +- Update source to 5.4.72 +- Add license file +- Lint spec + +* Tue Sep 01 2020 Chris Co - 5.4.51-2 +- Update source hash + +* Wed Aug 19 2020 Chris Co - 5.4.51-1 +- Update source to 5.4.51 + +* Fri Jun 12 2020 Chris Co - 5.4.42-1 +- Update source to 5.4.42 + +* Thu Apr 30 2020 Emre Girgin - 5.4.23-2 +- Renaming linux-api-headers to kernel-headers + +* Tue Dec 10 2019 Chris Co - 5.4.23-1 +- Update to Microsoft Linux Kernel 5.4.23. +- Use make headers since with 5.4, headers_install now requires rsync. + +* Tue Sep 03 2019 Mateusz Malisz - 4.19.52-2 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Mon Jun 17 2019 Srivatsa S. Bhat (VMware) 4.19.52-1 +- Update to version 4.19.52 + +* Tue May 07 2019 Ajay Kaher - 4.19.40-1 +- Update to version 4.19.40 + +* Wed Mar 27 2019 Srivatsa S. Bhat (VMware) 4.19.32-1 +- Update to version 4.19.32 + +* Thu Mar 14 2019 Srivatsa S. Bhat (VMware) 4.19.29-1 +- Update to version 4.19.29 + +* Tue Mar 05 2019 Ajay Kaher - 4.19.26-1 +- Update to version 4.19.26 + +* Tue Jan 15 2019 Srivatsa S. Bhat (VMware) 4.19.15-1 +- Update to version 4.19.15 + +* Mon Dec 10 2018 Srivatsa S. Bhat (VMware) 4.19.6-1 +- Update to version 4.19.6 + +* Mon Nov 05 2018 Srivatsa S. Bhat (VMware) 4.19.1-1 +- Update to version 4.19.1 + +* Thu Sep 20 2018 Srivatsa S. Bhat 4.18.9-1 +- Update to version 4.18.9 + +* Wed Sep 19 2018 Srivatsa S. Bhat 4.14.67-1 +- Update to version 4.14.67 + +* Mon Jul 09 2018 Him Kalyan Bordoloi - 4.14.54-1 +- Update to version 4.14.54 + +* Fri Dec 22 2017 Alexey Makhalov - 4.14.8-1 +- Version update + +* Mon Dec 04 2017 Srivatsa S. Bhat 4.9.66-1 +- Version update + +* Tue Nov 21 2017 Srivatsa S. Bhat 4.9.64-1 +- Version update + +* Mon Nov 06 2017 Srivatsa S. Bhat 4.9.60-1 +- Version update + +* Thu Oct 05 2017 Srivatsa S. Bhat 4.9.53-1 +- Version update + +* Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-1 +- Version update + +* Mon Sep 04 2017 Alexey Makhalov - 4.9.47-1 +- Version update + +* Mon Aug 14 2017 Alexey Makhalov - 4.9.43-1 +- Version update + +* Wed Jun 28 2017 Alexey Makhalov - 4.9.34-1 +- Version update + +* Fri May 26 2017 Alexey Makhalov - 4.9.30-1 +- Version update + +* Tue May 16 2017 Alexey Makhalov - 4.9.28-1 +- Version update + +* Wed May 10 2017 Alexey Makhalov - 4.9.27-1 +- Update to linux-4.9.27 + +* Sun May 7 2017 Alexey Makhalov - 4.9.26-1 +- Update to linux-4.9.26 + +* Tue Apr 25 2017 Alexey Makhalov - 4.9.24-1 +- Update to linux-4.9.24 + +* Tue Feb 28 2017 Alexey Makhalov - 4.9.13-1 +- Update to linux-4.9.13 + +* Thu Feb 09 2017 Alexey Makhalov - 4.9.9-1 +- Update to linux-4.9.9 + +* Tue Jan 10 2017 Alexey Makhalov - 4.9.2-1 +- Update to linux-4.9.2 + +* Mon Dec 12 2016 Alexey Makhalov - 4.9.0-1 +- Update to linux-4.9.0 + +* Mon Nov 28 2016 Alexey Makhalov - 4.4.35-1 +- Update to linux-4.4.35 + +* Thu Nov 10 2016 Alexey Makhalov - 4.4.31-1 +- Update to linux-4.4.31 + +* Wed Sep 7 2016 Alexey Makhalov - 4.4.20-1 +- Update kernel version to 4.4.20 + +* Tue May 24 2016 Priyesh Padmavilasom - 4.4.8-2 +- GA - Bump release of all rpms + +* Thu Apr 28 2016 Alexey Makhalov - 4.4.8-1 +- Update to linux-4.4.8 + +* Wed Dec 16 2015 Harish Udaiya Kumar - 4.2.0-1 +- Upgrading kernel version to 4.2.0. + +* Wed Aug 12 2015 Sharath George - 4.0.9-1 +- Upgrading kernel version. + +* Wed Nov 5 2014 Divya Thaluru - 3.13.3-1 +- Initial build. First version diff --git a/SPECS/kernel-hyperv/config b/SPECS/kernel-hyperv/config index 5c119d3230d..59677cefb0c 100644 --- a/SPECS/kernel-hyperv/config +++ b/SPECS/kernel-hyperv/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.4.51 Kernel Configuration +# Linux/x86_64 5.4.72 Kernel Configuration # # @@ -1761,7 +1761,6 @@ CONFIG_SCSI_NETLINK=y CONFIG_BLK_DEV_SD=y # CONFIG_CHR_DEV_ST is not set CONFIG_BLK_DEV_SR=y -# CONFIG_BLK_DEV_SR_VENDOR is not set CONFIG_CHR_DEV_SG=y # CONFIG_CHR_DEV_SCH is not set # CONFIG_SCSI_CONSTANTS is not set @@ -1982,6 +1981,7 @@ CONFIG_NETDEVICES=y CONFIG_NET_CORE=y # CONFIG_BONDING is not set CONFIG_DUMMY=m +# CONFIG_WIREGUARD is not set # CONFIG_EQUALIZER is not set # CONFIG_NET_FC is not set # CONFIG_IFB is not set @@ -2954,9 +2954,6 @@ CONFIG_HDMI=y # Console display driver support # CONFIG_VGA_CONSOLE=y -CONFIG_VGACON_SOFT_SCROLLBACK=y -CONFIG_VGACON_SOFT_SCROLLBACK_SIZE=64 -# CONFIG_VGACON_SOFT_SCROLLBACK_PERSISTENT_ENABLE_BY_DEFAULT is not set CONFIG_DUMMY_CONSOLE=y CONFIG_DUMMY_CONSOLE_COLUMNS=80 CONFIG_DUMMY_CONSOLE_ROWS=25 @@ -3883,6 +3880,8 @@ CONFIG_CRYPTO_RSA=y CONFIG_CRYPTO_ECC=m CONFIG_CRYPTO_ECDH=m # CONFIG_CRYPTO_ECRDSA is not set +# CONFIG_CRYPTO_CURVE25519 is not set +# CONFIG_CRYPTO_CURVE25519_X86 is not set # # Authenticated Encryption with Associated Data @@ -3929,6 +3928,8 @@ CONFIG_CRYPTO_CRC32C_INTEL=m # CONFIG_CRYPTO_CRC32 is not set # CONFIG_CRYPTO_CRC32_PCLMUL is not set # CONFIG_CRYPTO_XXHASH is not set +# CONFIG_CRYPTO_BLAKE2S is not set +# CONFIG_CRYPTO_BLAKE2S_X86 is not set CONFIG_CRYPTO_CRCT10DIF=y # CONFIG_CRYPTO_CRCT10DIF_PCLMUL is not set CONFIG_CRYPTO_GHASH=m @@ -3945,7 +3946,6 @@ CONFIG_CRYPTO_SHA1=y # CONFIG_CRYPTO_SHA1_SSSE3 is not set # CONFIG_CRYPTO_SHA256_SSSE3 is not set # CONFIG_CRYPTO_SHA512_SSSE3 is not set -CONFIG_CRYPTO_LIB_SHA256=y CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA512=y # CONFIG_CRYPTO_SHA3 is not set @@ -3958,12 +3958,10 @@ CONFIG_CRYPTO_SHA512=y # # Ciphers # -CONFIG_CRYPTO_LIB_AES=y CONFIG_CRYPTO_AES=y # CONFIG_CRYPTO_AES_TI is not set CONFIG_CRYPTO_AES_NI_INTEL=m # CONFIG_CRYPTO_ANUBIS is not set -CONFIG_CRYPTO_LIB_ARC4=m CONFIG_CRYPTO_ARC4=m # CONFIG_CRYPTO_BLOWFISH is not set # CONFIG_CRYPTO_BLOWFISH_X86_64 is not set @@ -3975,7 +3973,6 @@ CONFIG_CRYPTO_ARC4=m # CONFIG_CRYPTO_CAST5_AVX_X86_64 is not set # CONFIG_CRYPTO_CAST6 is not set # CONFIG_CRYPTO_CAST6_AVX_X86_64 is not set -CONFIG_CRYPTO_LIB_DES=m CONFIG_CRYPTO_DES=m # CONFIG_CRYPTO_DES3_EDE_X86_64 is not set # CONFIG_CRYPTO_FCRYPT is not set @@ -4021,6 +4018,20 @@ CONFIG_CRYPTO_USER_API_SKCIPHER=m # CONFIG_CRYPTO_USER_API_RNG is not set # CONFIG_CRYPTO_USER_API_AEAD is not set CONFIG_CRYPTO_HASH_INFO=y + +# +# Crypto library routines +# +CONFIG_CRYPTO_LIB_AES=y +CONFIG_CRYPTO_LIB_ARC4=m +# CONFIG_CRYPTO_LIB_BLAKE2S is not set +# CONFIG_CRYPTO_LIB_CHACHA is not set +# CONFIG_CRYPTO_LIB_CURVE25519 is not set +CONFIG_CRYPTO_LIB_DES=m +CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 +# CONFIG_CRYPTO_LIB_POLY1305 is not set +# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_LIB_SHA256=y CONFIG_CRYPTO_HW=y # CONFIG_CRYPTO_DEV_PADLOCK is not set # CONFIG_CRYPTO_DEV_ATMEL_ECC is not set diff --git a/SPECS/kernel-hyperv/kernel-hyperv.signatures.json b/SPECS/kernel-hyperv/kernel-hyperv.signatures.json index 8aee336018e..6832d423009 100644 --- a/SPECS/kernel-hyperv/kernel-hyperv.signatures.json +++ b/SPECS/kernel-hyperv/kernel-hyperv.signatures.json @@ -1,6 +1,6 @@ { "Signatures": { - "config": "d71a61261f1ef2b2f72d78066d9be7c8b08fac607fe79c40032e0566c02053cd", - "linux-msft-5.4.51.tar.gz": "3bcd6b09e952fac4f708614658b508ce80c8e25c04780b6b44a481b1479a08e7" + "config": "6e5719a3e1a9e0c15507acabfae4116298aaf45cc1764b8a9087b4e83339061e", + "linux-msft-5.4.72.tar.gz": "3407ccf8505595ae3e7a7b30c206190a0762f3e202f21f9de88a8d59e182ddef" } } \ No newline at end of file diff --git a/SPECS/kernel-hyperv/kernel-hyperv.spec b/SPECS/kernel-hyperv/kernel-hyperv.spec index a8e56f1591c..9986226f219 100644 --- a/SPECS/kernel-hyperv/kernel-hyperv.spec +++ b/SPECS/kernel-hyperv/kernel-hyperv.spec @@ -1,35 +1,33 @@ %global security_hardening none +%define uname_r %{version}-%{release} Summary: Linux Kernel optimized for Hyper-V Name: kernel-hyperv -Version: 5.4.51 -Release: 4%{?dist} +Version: 5.4.72 +Release: 1%{?dist} License: GPLv2 -URL: https://github.com/microsoft/WSL2-Linux-Kernel -Group: System Environment/Kernel Vendor: Microsoft Corporation Distribution: Mariner +Group: System Environment/Kernel +URL: https://github.com/microsoft/WSL2-Linux-Kernel Source0: https://github.com/microsoft/WSL2-Linux-Kernel/archive/linux-msft-%{version}.tar.gz Source1: config - -ExclusiveArch: x86_64 - +BuildRequires: audit-devel BuildRequires: bc BuildRequires: diffutils +BuildRequires: glib-devel BuildRequires: kbd BuildRequires: kmod-devel -BuildRequires: glib-devel -BuildRequires: xerces-c-devel BuildRequires: libdnet-devel BuildRequires: libmspack-devel -BuildRequires: pam-devel BuildRequires: openssl-devel +BuildRequires: pam-devel BuildRequires: procps-ng-devel -BuildRequires: audit-devel -Requires: filesystem kmod +BuildRequires: xerces-c-devel +Requires: filesystem +Requires: kmod Requires(post): coreutils Requires(postun): coreutils -%define uname_r %{version}-%{release} - +ExclusiveArch: x86_64 # When updating the config files it is important to sanitize them. # Steps for updating a config file: # 1. Extract the linux sources into a folder @@ -51,7 +49,9 @@ The kernel-hyperv package contains the Linux kernel, optimized for Hyper-V Summary: Kernel Dev Group: System Environment/Kernel Requires: %{name} = %{version}-%{release} -Requires: python3 gawk +Requires: gawk +Requires: python3 + %description devel This package contains the Linux kernel dev files @@ -59,6 +59,7 @@ This package contains the Linux kernel dev files Summary: Kernel docs Group: System Environment/Kernel Requires: python3 + %description docs This package contains the Linux kernel doc files @@ -66,6 +67,7 @@ This package contains the Linux kernel doc files Summary: Kernel driver for oprofile, a statistical profiler for Linux systems Group: System Environment/Kernel Requires: %{name} = %{version}-%{release} + %description oprofile Kernel driver for oprofile, a statistical profiler for Linux systems @@ -74,6 +76,7 @@ Summary: This package contains the 'perf' performance analysis tools for Group: System/Tools Requires: %{name} = %{version} Requires: audit + %description tools This package contains the 'perf' performance analysis tools for Linux kernel. @@ -120,16 +123,16 @@ for MODULE in `find %{buildroot}/lib/modules/%{uname_r} -name *.ko` ; do \ %define __spec_install_post\ %{?__debug_package:%{__debug_install_post}}\ %{__arch_install_post}\ - %{__os_install_post}\ + %__os_install_post\ %{__modules_install_post}\ %{nil} %install -install -vdm 755 %{buildroot}/etc +install -vdm 755 %{buildroot}%{_sysconfdir} install -vdm 700 %{buildroot}/boot install -vdm 755 %{buildroot}%{_defaultdocdir}/linux-%{uname_r} -install -vdm 755 %{buildroot}/usr/src/linux-headers-%{uname_r} -install -vdm 755 %{buildroot}/usr/lib/debug/lib/modules/%{uname_r} +install -vdm 755 %{buildroot}%{_prefix}/src/linux-headers-%{uname_r} +install -vdm 755 %{buildroot}%{_lib}/debug/lib/modules/%{uname_r} make INSTALL_MOD_PATH=%{buildroot} modules_install # Verify for build-id match @@ -150,9 +153,9 @@ install -vm 600 arch/x86/boot/bzImage %{buildroot}/boot/vmlinuz-%{uname_r} install -vm 400 System.map %{buildroot}/boot/System.map-%{uname_r} install -vm 600 .config %{buildroot}/boot/config-%{uname_r} cp -r Documentation/* %{buildroot}%{_defaultdocdir}/linux-%{uname_r} -install -vm 644 vmlinux %{buildroot}/usr/lib/debug/lib/modules/%{uname_r}/vmlinux-%{uname_r} +install -vm 644 vmlinux %{buildroot}%{_lib}/debug/lib/modules/%{uname_r}/vmlinux-%{uname_r} # `perf test vmlinux` needs it -ln -s vmlinux-%{uname_r} %{buildroot}/usr/lib/debug/lib/modules/%{uname_r}/vmlinux +ln -s vmlinux-%{uname_r} %{buildroot}%{_lib}/debug/lib/modules/%{uname_r}/vmlinux cat > %{buildroot}/boot/linux-%{uname_r}.cfg << "EOF" # GRUB Environment Block @@ -172,16 +175,16 @@ EOF rm -rf %{buildroot}/lib/modules/%{uname_r}/source rm -rf %{buildroot}/lib/modules/%{uname_r}/build -find . -name Makefile* -o -name Kconfig* -o -name *.pl | xargs sh -c 'cp --parents "$@" %{buildroot}/usr/src/linux-headers-%{uname_r}' copy -find arch/x86/include include scripts -type f | xargs sh -c 'cp --parents "$@" %{buildroot}/usr/src/linux-headers-%{uname_r}' copy -find $(find arch/x86 -name include -o -name scripts -type d) -type f | xargs sh -c 'cp --parents "$@" %{buildroot}/usr/src/linux-headers-%{uname_r}' copy -find arch/x86/include Module.symvers include scripts -type f | xargs sh -c 'cp --parents "$@" %{buildroot}/usr/src/linux-headers-%{uname_r}' copy +find . -name Makefile* -o -name Kconfig* -o -name *.pl | xargs sh -c 'cp --parents "$@" %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}' copy +find arch/x86/include include scripts -type f | xargs sh -c 'cp --parents "$@" %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}' copy +find $(find arch/x86 -name include -o -name scripts -type d) -type f | xargs sh -c 'cp --parents "$@" %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}' copy +find arch/x86/include Module.symvers include scripts -type f | xargs sh -c 'cp --parents "$@" %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}' copy # CONFIG_STACK_VALIDATION=y requires objtool to build external modules -install -vsm 755 tools/objtool/objtool %{buildroot}/usr/src/linux-headers-%{uname_r}/tools/objtool/ -install -vsm 755 tools/objtool/fixdep %{buildroot}/usr/src/linux-headers-%{uname_r}/tools/objtool/ +install -vsm 755 tools/objtool/objtool %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}/tools/objtool/ +install -vsm 755 tools/objtool/fixdep %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}/tools/objtool/ -cp .config %{buildroot}/usr/src/linux-headers-%{uname_r} # copy .config manually to be where it's expected to be -ln -sf "/usr/src/linux-headers-%{uname_r}" "%{buildroot}/lib/modules/%{uname_r}/build" +cp .config %{buildroot}%{_prefix}/src/linux-headers-%{uname_r} # copy .config manually to be where it's expected to be +ln -sf "%{_prefix}/src/linux-headers-%{uname_r}" "%{buildroot}/lib/modules/%{uname_r}/build" find %{buildroot}/lib/modules -name '*.ko' -print0 | xargs -0 chmod u+x # disable (JOBS=1) parallel build to fix this issue: @@ -219,6 +222,7 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %files %defattr(-,root,root) +%license COPYING /boot/System.map-%{uname_r} /boot/config-%{uname_r} /boot/vmlinuz-%{uname_r} @@ -238,7 +242,7 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %files devel %defattr(-,root,root) /lib/modules/%{uname_r}/build -/usr/src/linux-headers-%{uname_r} +%{_prefix}/src/linux-headers-%{uname_r} %files oprofile %defattr(-,root,root) @@ -246,434 +250,608 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %files tools %defattr(-,root,root) -/usr/libexec +%{_libexecdir} %exclude %{_libdir}/debug -/usr/lib64/traceevent +%{_lib64}/traceevent %{_bindir} -/etc/bash_completion.d/* -/usr/share/perf-core/strace/groups/file -/usr/share/perf-core/strace/groups/string -/usr/share/doc/* +%{_sysconfdir}/bash_completion.d/* +%{_datadir}/perf-core/strace/groups/file +%{_datadir}/perf-core/strace/groups/string +%{_docdir}/* %{_libdir}/perf/examples/bpf/* %{_libdir}/perf/include/bpf/* %changelog -* Wed Sep 30 2020 Emre Girgin 5.4.51-4 -- Update postun script to deal with removal in case of another installed kernel. -* Thu Sep 03 2020 Daniel McIlvaney 5.4.51-3 -- Add code to check for missing config flags in the checked in configs -* Tue Sep 01 2020 Chris Co 5.4.51-2 -- Update source hash -* Wed Aug 19 2020 Chris Co 5.4.51-1 -- Update source to 5.4.51 -- Remove signed subpackage -- Enable DXGKRNL config -* Fri Aug 07 2020 Mateusz Malisz 5.4.42-6 -- Add crashkernel=128M to kernel cmdline -* Tue Aug 04 2020 Pawel Winogrodzki 5.4.42-5 -- Updating "KBUILD_BUILD_VERSION" and "KBUILD_BUILD_HOST" with correct - distribution name. -* Mon Jul 06 2020 Chris Co 5.4.42-4 -- Add NVMe and Mellanox driver configs -* Wed Jun 24 2020 Chris Co 5.4.42-3 -- Add CONFIG_VETH=y to support virtual ethernet pair device -* Mon Jun 22 2020 Chris Co 5.4.42-2 -- Add kernel-hyperv-secure subpackage and macros for adding offline signed kernels -* Fri Jun 12 2020 Chris Co 5.4.42-1 -- Update source to 5.4.42 -* Thu Jun 11 2020 Chris Co 5.4.23-12 -- Enable PAGE_POISONING configs -- Enable RANDOM_TRUST_CPU config -- Clean up spec file entries -* Mon Jun 01 2020 Nicolas Ontiveros 5.4.23-11 -- Add CONFIG_CRYPTO_XTS=y to config. -* Sun May 31 2020 Daniel Mihai 5.4.23-10 -- Add CONFIG_ATA_PIIX, required for Hyper-V Gen1 DVD drive. -* Tue May 26 2020 Daniel Mihai 5.4.23-9 -- Disabled Reliable Datagram Sockets protocol (CONFIG_RDS). -* Fri May 22 2020 Emre Girgin 5.4.23-8 -- Change /boot directory permissions to 600. -* Thu May 21 2020 Daniel Mihai 5.4.23-7 -- Picked-up fixes from kernel.spec. -- Updated kernel config. -* Wed May 06 2020 Emre Girgin 5.4.23-6 -- Renaming Linux-PAM to pam. -- Update URL to use https. -* Thu Apr 30 2020 Chris Co 5.4.23-5 -- Add hyper-v optimized config and build steps -* Tue Apr 14 2020 Emre Girgin 5.4.23-4 -- Remove linux-aws and linux-esx references. -- Remove kat_build usage. -- Remove ENA module. -* Fri Apr 10 2020 Emre Girgin 5.4.23-3 -- Remove xml-security-c dependency. -* Wed Apr 08 2020 Nicolas Ontiveros 5.4.23-2 -- Remove toybox and only use coreutils for requires. -* Tue Dec 10 2019 Chris Co 5.4.23-1 -- Update to Microsoft Linux Kernel 5.4.23 -- Remove patches -- Update ENA module to 2.1.2 to work with Linux 5.4.23 -- Remove xr module -- Remove Xen tmem module from dracut module list to fix initramfs creation -- Add patch to fix missing trans_pgd header in aarch64 build -* Fri Oct 11 2019 Henry Beberman 4.19.52-8 -- Enable Hyper-V TPM in config -* Tue Sep 03 2019 Mateusz Malisz 4.19.52-7 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Thu Jul 25 2019 Keerthana K 4.19.52-6 -- Fix postun scriplet. -* Thu Jul 11 2019 Keerthana K 4.19.52-5 -- Enable kernel configs necessary for BPF Compiler Collection (BCC). -* Wed Jul 10 2019 Srivatsa S. Bhat (VMware) 4.19.52-4 -- Deprecate linux-aws-tools in favor of linux-tools. -* Tue Jul 02 2019 Alexey Makhalov 4.19.52-3 -- Fix 9p vsock 16bit port issue. -* Thu Jun 20 2019 Tapas Kundu 4.19.52-2 -- Enabled CONFIG_I2C_CHARDEV to support lm-sensors -* Mon Jun 17 2019 Srivatsa S. Bhat (VMware) 4.19.52-1 -- Update to version 4.19.52 -- Fix CVE-2019-12456, CVE-2019-12379, CVE-2019-12380, CVE-2019-12381, -- CVE-2019-12382, CVE-2019-12378, CVE-2019-12455 -* Tue May 28 2019 Srivatsa S. Bhat (VMware) 4.19.40-3 -- Change default I/O scheduler to 'deadline' to fix performance issue. -* Tue May 14 2019 Keerthana K 4.19.40-2 -- Fix to parse through /boot folder and update symlink (/boot/photon.cfg) if -- mulitple kernels are installed and current linux kernel is removed. -* Tue May 07 2019 Ajay Kaher 4.19.40-1 -- Update to version 4.19.40 -* Thu Apr 11 2019 Srivatsa S. Bhat (VMware) 4.19.32-3 -- Update config_aarch64 to fix ARM64 build. -* Fri Mar 29 2019 Srivatsa S. Bhat (VMware) 4.19.32-2 -- Fix CVE-2019-10125 -* Wed Mar 27 2019 Srivatsa S. Bhat (VMware) 4.19.32-1 -- Update to version 4.19.32 -* Thu Mar 14 2019 Srivatsa S. Bhat (VMware) 4.19.29-1 -- Update to version 4.19.29 -* Tue Mar 05 2019 Ajay Kaher 4.19.26-1 -- Update to version 4.19.26 -* Thu Feb 21 2019 Him Kalyan Bordoloi 4.19.15-3 -- Fix CVE-2019-8912 -* Thu Jan 24 2019 Alexey Makhalov 4.19.15-2 -- Add WiFi (ath10k), sensors (i2c,spi), usb support for NXP LS1012A board. -* Tue Jan 15 2019 Srivatsa S. Bhat (VMware) 4.19.15-1 -- Update to version 4.19.15 -* Fri Jan 11 2019 Srinidhi Rao 4.19.6-7 -- Add Network support for NXP LS1012A board. -* Wed Jan 09 2019 Ankit Jain 4.19.6-6 -- Enable following for x86_64 and aarch64: -- Enable Kernel Address Space Layout Randomization. -- Enable CONFIG_SECURITY_NETWORK_XFRM -* Fri Jan 04 2019 Srivatsa S. Bhat (VMware) 4.19.6-5 -- Enable AppArmor by default. -* Wed Jan 02 2019 Alexey Makhalov 4.19.6-4 -- .config: added Compulab fitlet2 device drivers -- .config_aarch64: added gpio sysfs support -- renamed -sound to -drivers-sound -* Tue Jan 01 2019 Ajay Kaher 4.19.6-3 -- .config: Enable CONFIG_PCI_HYPERV driver -* Wed Dec 19 2018 Srinidhi Rao 4.19.6-2 -- Add NXP LS1012A support. -* Mon Dec 10 2018 Srivatsa S. Bhat (VMware) 4.19.6-1 -- Update to version 4.19.6 -* Fri Dec 07 2018 Alexey Makhalov 4.19.1-3 -- .config: added qmi wwan module -* Mon Nov 12 2018 Ajay Kaher 4.19.1-2 -- Fix config_aarch64 for 4.19.1 -* Mon Nov 05 2018 Srivatsa S. Bhat (VMware) 4.19.1-1 -- Update to version 4.19.1 -* Tue Oct 16 2018 Him Kalyan Bordoloi 4.18.9-5 -- Change in config to enable drivers for zigbee and GPS -* Fri Oct 12 2018 Ajay Kaher 4.18.9-4 -- Enable LAN78xx for aarch64 rpi3 -* Fri Oct 5 2018 Ajay Kaher 4.18.9-3 -- Fix config_aarch64 for 4.18.9 -- Add module.lds for aarch64 -* Wed Oct 03 2018 Srivatsa S. Bhat 4.18.9-2 -- Use updated steal time accounting patch. -- .config: Enable CONFIG_CPU_ISOLATION and a few networking options -- that got accidentally dropped in the last update. -* Mon Oct 1 2018 Srivatsa S. Bhat 4.18.9-1 -- Update to version 4.18.9 -* Tue Sep 25 2018 Ajay Kaher 4.14.67-2 -- Build hang (at make oldconfig) fix in config_aarch64 -* Wed Sep 19 2018 Srivatsa S. Bhat 4.14.67-1 -- Update to version 4.14.67 -* Tue Sep 18 2018 Srivatsa S. Bhat 4.14.54-7 -- Add rdrand-based RNG driver to enhance kernel entropy. -* Sun Sep 02 2018 Srivatsa S. Bhat 4.14.54-6 -- Add full retpoline support by building with retpoline-enabled gcc. -* Thu Aug 30 2018 Srivatsa S. Bhat 4.14.54-5 -- Apply out-of-tree patches needed for AppArmor. -* Wed Aug 22 2018 Alexey Makhalov 4.14.54-4 -- Fix overflow kernel panic in rsi driver. -- .config: enable BT stack, enable GPIO sysfs. -- Add Exar USB serial driver. -* Fri Aug 17 2018 Ajay Kaher 4.14.54-3 -- Enabled USB PCI in config_aarch64 -- Build hang (at make oldconfig) fix in config_aarch64 -* Thu Jul 19 2018 Alexey Makhalov 4.14.54-2 -- .config: usb_serial_pl2303=m,wlan=y,can=m,gpio=y,pinctrl=y,iio=m -* Mon Jul 09 2018 Him Kalyan Bordoloi 4.14.54-1 -- Update to version 4.14.54 -* Fri Jan 26 2018 Alexey Makhalov 4.14.8-2 -- Added vchiq entry to rpi3 dts -- Added dtb-rpi3 subpackage -* Fri Dec 22 2017 Alexey Makhalov 4.14.8-1 -- Version update -* Wed Dec 13 2017 Alexey Makhalov 4.9.66-4 -- KAT build support -* Thu Dec 07 2017 Alexey Makhalov 4.9.66-3 -- Aarch64 support -* Tue Dec 05 2017 Alexey Makhalov 4.9.66-2 -- Sign and compress modules after stripping. fips=1 requires signed modules -* Mon Dec 04 2017 Srivatsa S. Bhat 4.9.66-1 -- Version update -* Tue Nov 21 2017 Srivatsa S. Bhat 4.9.64-1 -- Version update -* Mon Nov 06 2017 Srivatsa S. Bhat 4.9.60-1 -- Version update -* Wed Oct 11 2017 Srivatsa S. Bhat 4.9.53-3 -- Add patch "KVM: Don't accept obviously wrong gsi values via +* Mon Oct 26 2020 Chris Co - 5.4.72-1 +- Update source to 5.4.72 +- Add license file +- Lint spec + +* Wed Sep 30 2020 Emre Girgin - 5.4.51-4 +- Update postun script to deal with removal in case of another installed kernel. + +* Thu Sep 03 2020 Daniel McIlvaney - 5.4.51-3 +- Add code to check for missing config flags in the checked in configs + +* Tue Sep 01 2020 Chris Co - 5.4.51-2 +- Update source hash + +* Wed Aug 19 2020 Chris Co - 5.4.51-1 +- Update source to 5.4.51 +- Remove signed subpackage +- Enable DXGKRNL config + +* Fri Aug 07 2020 Mateusz Malisz - 5.4.42-6 +- Add crashkernel=128M to kernel cmdline + +* Tue Aug 04 2020 Pawel Winogrodzki - 5.4.42-5 +- Updating "KBUILD_BUILD_VERSION" and "KBUILD_BUILD_HOST" with correct + distribution name. + +* Mon Jul 06 2020 Chris Co - 5.4.42-4 +- Add NVMe and Mellanox driver configs + +* Wed Jun 24 2020 Chris Co - 5.4.42-3 +- Add CONFIG_VETH=y to support virtual ethernet pair device + +* Mon Jun 22 2020 Chris Co - 5.4.42-2 +- Add kernel-hyperv-secure subpackage and macros for adding offline signed kernels + +* Fri Jun 12 2020 Chris Co - 5.4.42-1 +- Update source to 5.4.42 + +* Thu Jun 11 2020 Chris Co - 5.4.23-12 +- Enable PAGE_POISONING configs +- Enable RANDOM_TRUST_CPU config +- Clean up spec file entries + +* Mon Jun 01 2020 Nicolas Ontiveros - 5.4.23-11 +- Add CONFIG_CRYPTO_XTS=y to config. + +* Sun May 31 2020 Daniel Mihai - 5.4.23-10 +- Add CONFIG_ATA_PIIX, required for Hyper-V Gen1 DVD drive. + +* Tue May 26 2020 Daniel Mihai - 5.4.23-9 +- Disabled Reliable Datagram Sockets protocol (CONFIG_RDS). + +* Fri May 22 2020 Emre Girgin - 5.4.23-8 +- Change /boot directory permissions to 600. + +* Thu May 21 2020 Daniel Mihai - 5.4.23-7 +- Picked-up fixes from kernel.spec. +- Updated kernel config. + +* Wed May 06 2020 Emre Girgin - 5.4.23-6 +- Renaming Linux-PAM to pam. +- Update URL to use https. + +* Thu Apr 30 2020 Chris Co - 5.4.23-5 +- Add hyper-v optimized config and build steps + +* Tue Apr 14 2020 Emre Girgin - 5.4.23-4 +- Remove linux-aws and linux-esx references. +- Remove kat_build usage. +- Remove ENA module. + +* Fri Apr 10 2020 Emre Girgin - 5.4.23-3 +- Remove xml-security-c dependency. + +* Wed Apr 08 2020 Nicolas Ontiveros - 5.4.23-2 +- Remove toybox and only use coreutils for requires. + +* Tue Dec 10 2019 Chris Co - 5.4.23-1 +- Update to Microsoft Linux Kernel 5.4.23 +- Remove patches +- Update ENA module to 2.1.2 to work with Linux 5.4.23 +- Remove xr module +- Remove Xen tmem module from dracut module list to fix initramfs creation +- Add patch to fix missing trans_pgd header in aarch64 build + +* Fri Oct 11 2019 Henry Beberman - 4.19.52-8 +- Enable Hyper-V TPM in config + +* Tue Sep 03 2019 Mateusz Malisz - 4.19.52-7 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Thu Jul 25 2019 Keerthana K - 4.19.52-6 +- Fix postun scriplet. + +* Thu Jul 11 2019 Keerthana K - 4.19.52-5 +- Enable kernel configs necessary for BPF Compiler Collection (BCC). + +* Wed Jul 10 2019 Srivatsa S. Bhat (VMware) 4.19.52-4 +- Deprecate linux-aws-tools in favor of linux-tools. + +* Tue Jul 02 2019 Alexey Makhalov - 4.19.52-3 +- Fix 9p vsock 16bit port issue. + +* Thu Jun 20 2019 Tapas Kundu - 4.19.52-2 +- Enabled CONFIG_I2C_CHARDEV to support lm-sensors + +* Mon Jun 17 2019 Srivatsa S. Bhat (VMware) 4.19.52-1 +- Update to version 4.19.52 +- Fix CVE-2019-12456, CVE-2019-12379, CVE-2019-12380, CVE-2019-12381, +- CVE-2019-12382, CVE-2019-12378, CVE-2019-12455 + +* Tue May 28 2019 Srivatsa S. Bhat (VMware) 4.19.40-3 +- Change default I/O scheduler to 'deadline' to fix performance issue. + +* Tue May 14 2019 Keerthana K - 4.19.40-2 +- Fix to parse through /boot folder and update symlink (/boot/photon.cfg) if +- mulitple kernels are installed and current linux kernel is removed. + +* Tue May 07 2019 Ajay Kaher - 4.19.40-1 +- Update to version 4.19.40 + +* Thu Apr 11 2019 Srivatsa S. Bhat (VMware) 4.19.32-3 +- Update config_aarch64 to fix ARM64 build. + +* Fri Mar 29 2019 Srivatsa S. Bhat (VMware) 4.19.32-2 +- Fix CVE-2019-10125 + +* Wed Mar 27 2019 Srivatsa S. Bhat (VMware) 4.19.32-1 +- Update to version 4.19.32 + +* Thu Mar 14 2019 Srivatsa S. Bhat (VMware) 4.19.29-1 +- Update to version 4.19.29 + +* Tue Mar 05 2019 Ajay Kaher - 4.19.26-1 +- Update to version 4.19.26 + +* Thu Feb 21 2019 Him Kalyan Bordoloi - 4.19.15-3 +- Fix CVE-2019-8912 + +* Thu Jan 24 2019 Alexey Makhalov - 4.19.15-2 +- Add WiFi (ath10k), sensors (i2c,spi), usb support for NXP LS1012A board. + +* Tue Jan 15 2019 Srivatsa S. Bhat (VMware) 4.19.15-1 +- Update to version 4.19.15 + +* Fri Jan 11 2019 Srinidhi Rao - 4.19.6-7 +- Add Network support for NXP LS1012A board. + +* Wed Jan 09 2019 Ankit Jain - 4.19.6-6 +- Enable following for x86_64 and aarch64: +- Enable Kernel Address Space Layout Randomization. +- Enable CONFIG_SECURITY_NETWORK_XFRM + +* Fri Jan 04 2019 Srivatsa S. Bhat (VMware) 4.19.6-5 +- Enable AppArmor by default. + +* Wed Jan 02 2019 Alexey Makhalov - 4.19.6-4 +- .config: added Compulab fitlet2 device drivers +- .config_aarch64: added gpio sysfs support +- renamed -sound to -drivers-sound + +* Tue Jan 01 2019 Ajay Kaher - 4.19.6-3 +- .config: Enable CONFIG_PCI_HYPERV driver + +* Wed Dec 19 2018 Srinidhi Rao - 4.19.6-2 +- Add NXP LS1012A support. + +* Mon Dec 10 2018 Srivatsa S. Bhat (VMware) 4.19.6-1 +- Update to version 4.19.6 + +* Fri Dec 07 2018 Alexey Makhalov - 4.19.1-3 +- .config: added qmi wwan module + +* Mon Nov 12 2018 Ajay Kaher - 4.19.1-2 +- Fix config_aarch64 for 4.19.1 + +* Mon Nov 05 2018 Srivatsa S. Bhat (VMware) 4.19.1-1 +- Update to version 4.19.1 + +* Tue Oct 16 2018 Him Kalyan Bordoloi - 4.18.9-5 +- Change in config to enable drivers for zigbee and GPS + +* Fri Oct 12 2018 Ajay Kaher - 4.18.9-4 +- Enable LAN78xx for aarch64 rpi3 + +* Fri Oct 5 2018 Ajay Kaher - 4.18.9-3 +- Fix config_aarch64 for 4.18.9 +- Add module.lds for aarch64 + +* Wed Oct 03 2018 Srivatsa S. Bhat 4.18.9-2 +- Use updated steal time accounting patch. +- .config: Enable CONFIG_CPU_ISOLATION and a few networking options +- that got accidentally dropped in the last update. + +* Mon Oct 1 2018 Srivatsa S. Bhat 4.18.9-1 +- Update to version 4.18.9 + +* Tue Sep 25 2018 Ajay Kaher - 4.14.67-2 +- Build hang (at make oldconfig) fix in config_aarch64 + +* Wed Sep 19 2018 Srivatsa S. Bhat 4.14.67-1 +- Update to version 4.14.67 + +* Tue Sep 18 2018 Srivatsa S. Bhat 4.14.54-7 +- Add rdrand-based RNG driver to enhance kernel entropy. + +* Sun Sep 02 2018 Srivatsa S. Bhat 4.14.54-6 +- Add full retpoline support by building with retpoline-enabled gcc. + +* Thu Aug 30 2018 Srivatsa S. Bhat 4.14.54-5 +- Apply out-of-tree patches needed for AppArmor. + +* Wed Aug 22 2018 Alexey Makhalov - 4.14.54-4 +- Fix overflow kernel panic in rsi driver. +- .config: enable BT stack, enable GPIO sysfs. +- Add Exar USB serial driver. + +* Fri Aug 17 2018 Ajay Kaher - 4.14.54-3 +- Enabled USB PCI in config_aarch64 +- Build hang (at make oldconfig) fix in config_aarch64 + +* Thu Jul 19 2018 Alexey Makhalov - 4.14.54-2 +- .config: usb_serial_pl2303=m,wlan=y,can=m,gpio=y,pinctrl=y,iio=m + +* Mon Jul 09 2018 Him Kalyan Bordoloi - 4.14.54-1 +- Update to version 4.14.54 + +* Fri Jan 26 2018 Alexey Makhalov - 4.14.8-2 +- Added vchiq entry to rpi3 dts +- Added dtb-rpi3 subpackage + +* Fri Dec 22 2017 Alexey Makhalov - 4.14.8-1 +- Version update + +* Wed Dec 13 2017 Alexey Makhalov - 4.9.66-4 +- KAT build support + +* Thu Dec 07 2017 Alexey Makhalov - 4.9.66-3 +- Aarch64 support + +* Tue Dec 05 2017 Alexey Makhalov - 4.9.66-2 +- Sign and compress modules after stripping. fips=1 requires signed modules + +* Mon Dec 04 2017 Srivatsa S. Bhat 4.9.66-1 +- Version update + +* Tue Nov 21 2017 Srivatsa S. Bhat 4.9.64-1 +- Version update + +* Mon Nov 06 2017 Srivatsa S. Bhat 4.9.60-1 +- Version update + +* Wed Oct 11 2017 Srivatsa S. Bhat 4.9.53-3 +- Add patch "KVM: Don't accept obviously wrong gsi values via KVM_IRQFD" to fix CVE-2017-1000252. -* Tue Oct 10 2017 Alexey Makhalov 4.9.53-2 -- Build hang (at make oldconfig) fix. -* Thu Oct 05 2017 Srivatsa S. Bhat 4.9.53-1 -- Version update -* Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-3 -- Allow privileged CLONE_NEWUSER from nested user namespaces. -* Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-2 -- Fix CVE-2017-11472 (ACPICA: Namespace: fix operand cache leak) -* Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-1 -- Version update -* Mon Sep 18 2017 Alexey Makhalov 4.9.47-2 -- Requires coreutils or toybox -* Mon Sep 04 2017 Alexey Makhalov 4.9.47-1 -- Fix CVE-2017-11600 -* Tue Aug 22 2017 Anish Swaminathan 4.9.43-2 -- Add missing xen block drivers -* Mon Aug 14 2017 Alexey Makhalov 4.9.43-1 -- Version update -- [feature] new sysctl option unprivileged_userns_clone -* Wed Aug 09 2017 Alexey Makhalov 4.9.41-2 -- Fix CVE-2017-7542 -- [bugfix] Added ccm,gcm,ghash,lzo crypto modules to avoid + +* Tue Oct 10 2017 Alexey Makhalov - 4.9.53-2 +- Build hang (at make oldconfig) fix. + +* Thu Oct 05 2017 Srivatsa S. Bhat 4.9.53-1 +- Version update + +* Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-3 +- Allow privileged CLONE_NEWUSER from nested user namespaces. + +* Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-2 +- Fix CVE-2017-11472 (ACPICA: Namespace: fix operand cache leak) + +* Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-1 +- Version update + +* Mon Sep 18 2017 Alexey Makhalov - 4.9.47-2 +- Requires coreutils or toybox + +* Mon Sep 04 2017 Alexey Makhalov - 4.9.47-1 +- Fix CVE-2017-11600 + +* Tue Aug 22 2017 Anish Swaminathan - 4.9.43-2 +- Add missing xen block drivers + +* Mon Aug 14 2017 Alexey Makhalov - 4.9.43-1 +- Version update +- [feature] new sysctl option unprivileged_userns_clone + +* Wed Aug 09 2017 Alexey Makhalov - 4.9.41-2 +- Fix CVE-2017-7542 +- [bugfix] Added ccm,gcm,ghash,lzo crypto modules to avoid panic on modprobe tcrypt -* Mon Aug 07 2017 Alexey Makhalov 4.9.41-1 -- Version update -* Fri Aug 04 2017 Bo Gan 4.9.38-6 -- Fix initramfs triggers -* Tue Aug 01 2017 Anish Swaminathan 4.9.38-5 -- Allow some algorithms in FIPS mode -- Reverts 284a0f6e87b0721e1be8bca419893902d9cf577a and backports -- bcf741cb779283081db47853264cc94854e7ad83 in the kernel tree -- Enable additional NF features -* Fri Jul 21 2017 Anish Swaminathan 4.9.38-4 -- Add patches in Hyperv codebase -* Fri Jul 21 2017 Anish Swaminathan 4.9.38-3 -- Add missing hyperv drivers -* Thu Jul 20 2017 Alexey Makhalov 4.9.38-2 -- Disable scheduler beef up patch -* Tue Jul 18 2017 Alexey Makhalov 4.9.38-1 -- Fix CVE-2017-11176 and CVE-2017-10911 -* Mon Jul 03 2017 Xiaolin Li 4.9.34-3 -- Add libdnet-devel, kmod-devel and libmspack-devel to BuildRequires -* Thu Jun 29 2017 Divya Thaluru 4.9.34-2 -- Added obsolete for deprecated linux-dev package -* Wed Jun 28 2017 Alexey Makhalov 4.9.34-1 -- [feature] 9P FS security support -- [feature] DM Delay target support -- Fix CVE-2017-1000364 ("stack clash") and CVE-2017-9605 -* Thu Jun 8 2017 Alexey Makhalov 4.9.31-1 -- Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076 + +* Mon Aug 07 2017 Alexey Makhalov - 4.9.41-1 +- Version update + +* Fri Aug 04 2017 Bo Gan - 4.9.38-6 +- Fix initramfs triggers + +* Tue Aug 01 2017 Anish Swaminathan - 4.9.38-5 +- Allow some algorithms in FIPS mode +- Reverts 284a0f6e87b0721e1be8bca419893902d9cf577a and backports +- bcf741cb779283081db47853264cc94854e7ad83 in the kernel tree +- Enable additional NF features + +* Fri Jul 21 2017 Anish Swaminathan - 4.9.38-4 +- Add patches in Hyperv codebase + +* Fri Jul 21 2017 Anish Swaminathan - 4.9.38-3 +- Add missing hyperv drivers + +* Thu Jul 20 2017 Alexey Makhalov - 4.9.38-2 +- Disable scheduler beef up patch + +* Tue Jul 18 2017 Alexey Makhalov - 4.9.38-1 +- Fix CVE-2017-11176 and CVE-2017-10911 + +* Mon Jul 03 2017 Xiaolin Li - 4.9.34-3 +- Add libdnet-devel, kmod-devel and libmspack-devel to BuildRequires + +* Thu Jun 29 2017 Divya Thaluru - 4.9.34-2 +- Added obsolete for deprecated linux-dev package + +* Wed Jun 28 2017 Alexey Makhalov - 4.9.34-1 +- [feature] 9P FS security support +- [feature] DM Delay target support +- Fix CVE-2017-1000364 ("stack clash") and CVE-2017-9605 + +* Thu Jun 8 2017 Alexey Makhalov - 4.9.31-1 +- Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076 CVE-2017-9077 and CVE-2017-9242 -- [feature] IPV6 netfilter NAT table support -* Fri May 26 2017 Alexey Makhalov 4.9.30-1 -- Added ENA driver for AMI -- Fix CVE-2017-7487 and CVE-2017-9059 -* Wed May 17 2017 Vinay Kulkarni 4.9.28-2 -- Enable IPVLAN module. -* Tue May 16 2017 Alexey Makhalov 4.9.28-1 -- Version update -* Wed May 10 2017 Alexey Makhalov 4.9.27-1 -- Version update -* Sun May 7 2017 Alexey Makhalov 4.9.26-1 -- Version update -- Removed version suffix from config file name -* Thu Apr 27 2017 Bo Gan 4.9.24-2 -- Support dynamic initrd generation -* Tue Apr 25 2017 Alexey Makhalov 4.9.24-1 -- Fix CVE-2017-6874 and CVE-2017-7618. -- Fix audit-devel BuildRequires. -- .config: build nvme and nvme-core in kernel. -* Mon Mar 6 2017 Alexey Makhalov 4.9.13-2 -- .config: NSX requirements for crypto and netfilter -* Tue Feb 28 2017 Alexey Makhalov 4.9.13-1 -- Update to linux-4.9.13 to fix CVE-2017-5986 and CVE-2017-6074 -* Thu Feb 09 2017 Alexey Makhalov 4.9.9-1 -- Update to linux-4.9.9 to fix CVE-2016-10153, CVE-2017-5546, +- [feature] IPV6 netfilter NAT table support + +* Fri May 26 2017 Alexey Makhalov - 4.9.30-1 +- Added ENA driver for AMI +- Fix CVE-2017-7487 and CVE-2017-9059 + +* Wed May 17 2017 Vinay Kulkarni - 4.9.28-2 +- Enable IPVLAN module. + +* Tue May 16 2017 Alexey Makhalov - 4.9.28-1 +- Version update + +* Wed May 10 2017 Alexey Makhalov - 4.9.27-1 +- Version update + +* Sun May 7 2017 Alexey Makhalov - 4.9.26-1 +- Version update +- Removed version suffix from config file name + +* Thu Apr 27 2017 Bo Gan - 4.9.24-2 +- Support dynamic initrd generation + +* Tue Apr 25 2017 Alexey Makhalov - 4.9.24-1 +- Fix CVE-2017-6874 and CVE-2017-7618. +- Fix audit-devel BuildRequires. +- .config: build nvme and nvme-core in kernel. + +* Mon Mar 6 2017 Alexey Makhalov - 4.9.13-2 +- .config: NSX requirements for crypto and netfilter + +* Tue Feb 28 2017 Alexey Makhalov - 4.9.13-1 +- Update to linux-4.9.13 to fix CVE-2017-5986 and CVE-2017-6074 + +* Thu Feb 09 2017 Alexey Makhalov - 4.9.9-1 +- Update to linux-4.9.9 to fix CVE-2016-10153, CVE-2017-5546, CVE-2017-5547, CVE-2017-5548 and CVE-2017-5576. -- .config: added CRYPTO_FIPS support. -* Tue Jan 10 2017 Alexey Makhalov 4.9.2-1 -- Update to linux-4.9.2 to fix CVE-2016-10088 -- Move linux-tools.spec to linux.spec as -tools subpackage -* Mon Dec 19 2016 Xiaolin Li 4.9.0-2 -- BuildRequires Linux-PAM-devel -* Mon Dec 12 2016 Alexey Makhalov 4.9.0-1 -- Update to linux-4.9.0 -- Add paravirt stolen time accounting feature (from linux-esx), +- .config: added CRYPTO_FIPS support. + +* Tue Jan 10 2017 Alexey Makhalov - 4.9.2-1 +- Update to linux-4.9.2 to fix CVE-2016-10088 +- Move linux-tools.spec to linux.spec as -tools subpackage + +* Mon Dec 19 2016 Xiaolin Li - 4.9.0-2 +- BuildRequires Linux-PAM-devel + +* Mon Dec 12 2016 Alexey Makhalov - 4.9.0-1 +- Update to linux-4.9.0 +- Add paravirt stolen time accounting feature (from linux-esx), but disable it by default (no-vmw-sta cmdline parameter) -* Thu Dec 8 2016 Alexey Makhalov 4.4.35-3 -- net-packet-fix-race-condition-in-packet_set_ring.patch + +* Thu Dec 8 2016 Alexey Makhalov - 4.4.35-3 +- net-packet-fix-race-condition-in-packet_set_ring.patch to fix CVE-2016-8655 -* Wed Nov 30 2016 Alexey Makhalov 4.4.35-2 -- Expand `uname -r` with release number -- Check for build-id matching -- Added syscalls tracing support -- Compress modules -* Mon Nov 28 2016 Alexey Makhalov 4.4.35-1 -- Update to linux-4.4.35 -- vfio-pci-fix-integer-overflows-bitmask-check.patch + +* Wed Nov 30 2016 Alexey Makhalov - 4.4.35-2 +- Expand `uname -r` with release number +- Check for build-id matching +- Added syscalls tracing support +- Compress modules + +* Mon Nov 28 2016 Alexey Makhalov - 4.4.35-1 +- Update to linux-4.4.35 +- vfio-pci-fix-integer-overflows-bitmask-check.patch to fix CVE-2016-9083 -* Tue Nov 22 2016 Alexey Makhalov 4.4.31-4 -- net-9p-vsock.patch -* Thu Nov 17 2016 Alexey Makhalov 4.4.31-3 -- tty-prevent-ldisc-drivers-from-re-using-stale-tty-fields.patch + +* Tue Nov 22 2016 Alexey Makhalov - 4.4.31-4 +- net-9p-vsock.patch + +* Thu Nov 17 2016 Alexey Makhalov - 4.4.31-3 +- tty-prevent-ldisc-drivers-from-re-using-stale-tty-fields.patch to fix CVE-2015-8964 -* Tue Nov 15 2016 Alexey Makhalov 4.4.31-2 -- .config: add cgrup_hugetlb support -- .config: add netfilter_xt_{set,target_ct} support -- .config: add netfilter_xt_match_{cgroup,ipvs} support -* Thu Nov 10 2016 Alexey Makhalov 4.4.31-1 -- Update to linux-4.4.31 -* Fri Oct 21 2016 Alexey Makhalov 4.4.26-1 -- Update to linux-4.4.26 -* Wed Oct 19 2016 Alexey Makhalov 4.4.20-6 -- net-add-recursion-limit-to-GRO.patch -- scsi-arcmsr-buffer-overflow-in-arcmsr_iop_message_xfer.patch -* Tue Oct 18 2016 Alexey Makhalov 4.4.20-5 -- ipip-properly-mark-ipip-GRO-packets-as-encapsulated.patch -- tunnels-dont-apply-GRO-to-multiple-layers-of-encapsulation.patch -* Mon Oct 3 2016 Alexey Makhalov 4.4.20-4 -- Package vmlinux with PROGBITS sections in -debuginfo subpackage -* Tue Sep 27 2016 Alexey Makhalov 4.4.20-3 -- .config: CONFIG_IP_SET_HASH_{IPMARK,MAC}=m -* Tue Sep 20 2016 Alexey Makhalov 4.4.20-2 -- Add -release number for /boot/* files -- Use initrd.img with version and release number -- Rename -dev subpackage to -devel -* Wed Sep 7 2016 Alexey Makhalov 4.4.20-1 -- Update to linux-4.4.20 -- apparmor-fix-oops-validate-buffer-size-in-apparmor_setprocattr.patch -- keys-fix-asn.1-indefinite-length-object-parsing.patch -* Thu Aug 25 2016 Alexey Makhalov 4.4.8-11 -- vmxnet3 patches to bumpup a version to 1.4.8.0 -* Wed Aug 10 2016 Alexey Makhalov 4.4.8-10 -- Added VSOCK-Detach-QP-check-should-filter-out-non-matching-QPs.patch -- .config: pmem hotplug + ACPI NFIT support -- .config: enable EXPERT mode, disable UID16 syscalls -* Thu Jul 07 2016 Alexey Makhalov 4.4.8-9 -- .config: pmem + fs_dax support -* Fri Jun 17 2016 Alexey Makhalov 4.4.8-8 -- patch: e1000e-prevent-div-by-zero-if-TIMINCA-is-zero.patch -- .config: disable rt group scheduling - not supported by systemd -* Wed Jun 15 2016 Harish Udaiya Kumar 4.4.8-7 -- fixed the capitalization for - System.map -* Thu May 26 2016 Alexey Makhalov 4.4.8-6 -- patch: REVERT-sched-fair-Beef-up-wake_wide.patch -* Tue May 24 2016 Priyesh Padmavilasom 4.4.8-5 -- GA - Bump release of all rpms -* Mon May 23 2016 Harish Udaiya Kumar 4.4.8-4 -- Fixed generation of debug symbols for kernel modules & vmlinux. -* Mon May 23 2016 Divya Thaluru 4.4.8-3 -- Added patches to fix CVE-2016-3134, CVE-2016-3135 -* Wed May 18 2016 Harish Udaiya Kumar 4.4.8-2 -- Enabled CONFIG_UPROBES in config as needed by ktap -* Wed May 04 2016 Alexey Makhalov 4.4.8-1 -- Update to linux-4.4.8 -- Added net-Drivers-Vmxnet3-set-... patch -* Tue May 03 2016 Vinay Kulkarni 4.2.0-27 -- Compile Intel GigE and VMXNET3 as part of kernel. -* Thu Apr 28 2016 Nick Shi 4.2.0-26 -- Compile cramfs.ko to allow mounting cramfs image -* Tue Apr 12 2016 Vinay Kulkarni 4.2.0-25 -- Revert network interface renaming disable in kernel. -* Tue Mar 29 2016 Alexey Makhalov 4.2.0-24 -- Support kmsg dumping to vmware.log on panic -- sunrpc: xs_bind uses ip_local_reserved_ports -* Mon Mar 28 2016 Harish Udaiya Kumar 4.2.0-23 -- Enabled Regular stack protection in Linux kernel in config -* Thu Mar 17 2016 Harish Udaiya Kumar 4.2.0-22 -- Restrict the permissions of the /boot/System.map-X file -* Fri Mar 04 2016 Alexey Makhalov 4.2.0-21 -- Patch: SUNRPC: Do not reuse srcport for TIME_WAIT socket. -* Wed Mar 02 2016 Alexey Makhalov 4.2.0-20 -- Patch: SUNRPC: Ensure that we wait for connections to complete + +* Tue Nov 15 2016 Alexey Makhalov - 4.4.31-2 +- .config: add cgrup_hugetlb support +- .config: add netfilter_xt_{set,target_ct} support +- .config: add netfilter_xt_match_{cgroup,ipvs} support + +* Thu Nov 10 2016 Alexey Makhalov - 4.4.31-1 +- Update to linux-4.4.31 + +* Fri Oct 21 2016 Alexey Makhalov - 4.4.26-1 +- Update to linux-4.4.26 + +* Wed Oct 19 2016 Alexey Makhalov - 4.4.20-6 +- net-add-recursion-limit-to-GRO.patch +- scsi-arcmsr-buffer-overflow-in-arcmsr_iop_message_xfer.patch + +* Tue Oct 18 2016 Alexey Makhalov - 4.4.20-5 +- ipip-properly-mark-ipip-GRO-packets-as-encapsulated.patch +- tunnels-dont-apply-GRO-to-multiple-layers-of-encapsulation.patch + +* Mon Oct 3 2016 Alexey Makhalov - 4.4.20-4 +- Package vmlinux with PROGBITS sections in -debuginfo subpackage + +* Tue Sep 27 2016 Alexey Makhalov - 4.4.20-3 +- .config: CONFIG_IP_SET_HASH_{IPMARK,MAC}=m + +* Tue Sep 20 2016 Alexey Makhalov - 4.4.20-2 +- Add -release number for /boot/* files +- Use initrd.img with version and release number +- Rename -dev subpackage to -devel + +* Wed Sep 7 2016 Alexey Makhalov - 4.4.20-1 +- Update to linux-4.4.20 +- apparmor-fix-oops-validate-buffer-size-in-apparmor_setprocattr.patch +- keys-fix-asn.1-indefinite-length-object-parsing.patch + +* Thu Aug 25 2016 Alexey Makhalov - 4.4.8-11 +- vmxnet3 patches to bumpup a version to 1.4.8.0 + +* Wed Aug 10 2016 Alexey Makhalov - 4.4.8-10 +- Added VSOCK-Detach-QP-check-should-filter-out-non-matching-QPs.patch +- .config: pmem hotplug + ACPI NFIT support +- .config: enable EXPERT mode, disable UID16 syscalls + +* Thu Jul 07 2016 Alexey Makhalov - 4.4.8-9 +- .config: pmem + fs_dax support + +* Fri Jun 17 2016 Alexey Makhalov - 4.4.8-8 +- patch: e1000e-prevent-div-by-zero-if-TIMINCA-is-zero.patch +- .config: disable rt group scheduling - not supported by systemd + +* Wed Jun 15 2016 Harish Udaiya Kumar - 4.4.8-7 +- fixed the capitalization for - System.map + +* Thu May 26 2016 Alexey Makhalov - 4.4.8-6 +- patch: REVERT-sched-fair-Beef-up-wake_wide.patch + +* Tue May 24 2016 Priyesh Padmavilasom - 4.4.8-5 +- GA - Bump release of all rpms + +* Mon May 23 2016 Harish Udaiya Kumar - 4.4.8-4 +- Fixed generation of debug symbols for kernel modules & vmlinux. + +* Mon May 23 2016 Divya Thaluru - 4.4.8-3 +- Added patches to fix CVE-2016-3134, CVE-2016-3135 + +* Wed May 18 2016 Harish Udaiya Kumar - 4.4.8-2 +- Enabled CONFIG_UPROBES in config as needed by ktap + +* Wed May 04 2016 Alexey Makhalov - 4.4.8-1 +- Update to linux-4.4.8 +- Added net-Drivers-Vmxnet3-set-... patch + +* Tue May 03 2016 Vinay Kulkarni - 4.2.0-27 +- Compile Intel GigE and VMXNET3 as part of kernel. + +* Thu Apr 28 2016 Nick Shi - 4.2.0-26 +- Compile cramfs.ko to allow mounting cramfs image + +* Tue Apr 12 2016 Vinay Kulkarni - 4.2.0-25 +- Revert network interface renaming disable in kernel. + +* Tue Mar 29 2016 Alexey Makhalov - 4.2.0-24 +- Support kmsg dumping to vmware.log on panic +- sunrpc: xs_bind uses ip_local_reserved_ports + +* Mon Mar 28 2016 Harish Udaiya Kumar - 4.2.0-23 +- Enabled Regular stack protection in Linux kernel in config + +* Thu Mar 17 2016 Harish Udaiya Kumar - 4.2.0-22 +- Restrict the permissions of the /boot/System.map-X file + +* Fri Mar 04 2016 Alexey Makhalov - 4.2.0-21 +- Patch: SUNRPC: Do not reuse srcport for TIME_WAIT socket. + +* Wed Mar 02 2016 Alexey Makhalov - 4.2.0-20 +- Patch: SUNRPC: Ensure that we wait for connections to complete before retrying -* Fri Feb 26 2016 Alexey Makhalov 4.2.0-19 -- Disable watchdog under VMware hypervisor. -* Thu Feb 25 2016 Alexey Makhalov 4.2.0-18 -- Added rpcsec_gss_krb5 and nfs_fscache -* Mon Feb 22 2016 Alexey Makhalov 4.2.0-17 -- Added sysctl param to control weighted_cpuload() behavior -* Thu Feb 18 2016 Divya Thaluru 4.2.0-16 -- Disabling network renaming -* Sun Feb 14 2016 Alexey Makhalov 4.2.0-15 -- veth patch: don’t modify ip_summed -* Thu Feb 11 2016 Alexey Makhalov 4.2.0-14 -- Full tickless -> idle tickless + simple CPU time accounting -- SLUB -> SLAB -- Disable NUMA balancing -- Disable stack protector -- No build_forced no-CBs CPUs -- Disable Expert configuration mode -- Disable most of debug features from 'Kernel hacking' -* Mon Feb 08 2016 Alexey Makhalov 4.2.0-13 -- Double tcp_mem limits, patch is added. -* Wed Feb 03 2016 Anish Swaminathan 4.2.0-12 -- Fixes for CVE-2015-7990/6937 and CVE-2015-8660. -* Tue Jan 26 2016 Anish Swaminathan 4.2.0-11 -- Revert CONFIG_HZ=250 -* Fri Jan 22 2016 Alexey Makhalov 4.2.0-10 -- Fix for CVE-2016-0728 -* Wed Jan 13 2016 Alexey Makhalov 4.2.0-9 -- CONFIG_HZ=250 -* Tue Jan 12 2016 Mahmoud Bassiouny 4.2.0-8 -- Remove rootfstype from the kernel parameter. -* Mon Jan 04 2016 Harish Udaiya Kumar 4.2.0-7 -- Disabled all the tracing options in kernel config. -- Disabled preempt. -- Disabled sched autogroup. -* Thu Dec 17 2015 Harish Udaiya Kumar 4.2.0-6 -- Enabled kprobe for systemtap & disabled dynamic function tracing in config -* Fri Dec 11 2015 Harish Udaiya Kumar 4.2.0-5 -- Added oprofile kernel driver sub-package. -* Fri Nov 13 2015 Mahmoud Bassiouny 4.2.0-4 -- Change the linux image directory. -* Wed Nov 11 2015 Harish Udaiya Kumar 4.2.0-3 -- Added the build essential files in the dev sub-package. -* Mon Nov 09 2015 Vinay Kulkarni 4.2.0-2 -- Enable Geneve module support for generic kernel. -* Fri Oct 23 2015 Harish Udaiya Kumar 4.2.0-1 -- Upgraded the generic linux kernel to version 4.2.0 & and updated timer handling to full tickless mode. -* Tue Sep 22 2015 Harish Udaiya Kumar 4.0.9-5 -- Added driver support for frame buffer devices and ACPI -* Wed Sep 2 2015 Alexey Makhalov 4.0.9-4 -- Added mouse ps/2 module. -* Fri Aug 14 2015 Alexey Makhalov 4.0.9-3 -- Use photon.cfg as a symlink. -* Thu Aug 13 2015 Alexey Makhalov 4.0.9-2 -- Added environment file(photon.cfg) for grub. -* Wed Aug 12 2015 Sharath George 4.0.9-1 -- Upgrading kernel version. -* Wed Aug 12 2015 Alexey Makhalov 3.19.2-5 -- Updated OVT to version 10.0.0. -- Rename -gpu-drivers to -drivers-gpu in accordance to directory structure. -- Added -sound package/ -* Tue Aug 11 2015 Anish Swaminathan 3.19.2-4 -- Removed Requires dependencies. -* Fri Jul 24 2015 Harish Udaiya Kumar 3.19.2-3 -- Updated the config file to include graphics drivers. -* Mon May 18 2015 Touseef Liaqat 3.13.3-2 -- Update according to UsrMove. -* Wed Nov 5 2014 Divya Thaluru 3.13.3-1 -- Initial build. First version + +* Fri Feb 26 2016 Alexey Makhalov - 4.2.0-19 +- Disable watchdog under VMware hypervisor. + +* Thu Feb 25 2016 Alexey Makhalov - 4.2.0-18 +- Added rpcsec_gss_krb5 and nfs_fscache + +* Mon Feb 22 2016 Alexey Makhalov - 4.2.0-17 +- Added sysctl param to control weighted_cpuload() behavior + +* Thu Feb 18 2016 Divya Thaluru - 4.2.0-16 +- Disabling network renaming + +* Sun Feb 14 2016 Alexey Makhalov - 4.2.0-15 +- veth patch: don’t modify ip_summed + +* Thu Feb 11 2016 Alexey Makhalov - 4.2.0-14 +- Full tickless -> idle tickless + simple CPU time accounting +- SLUB -> SLAB +- Disable NUMA balancing +- Disable stack protector +- No build_forced no-CBs CPUs +- Disable Expert configuration mode +- Disable most of debug features from 'Kernel hacking' + +* Mon Feb 08 2016 Alexey Makhalov - 4.2.0-13 +- Double tcp_mem limits, patch is added. + +* Wed Feb 03 2016 Anish Swaminathan - 4.2.0-12 +- Fixes for CVE-2015-7990/6937 and CVE-2015-8660. + +* Tue Jan 26 2016 Anish Swaminathan - 4.2.0-11 +- Revert CONFIG_HZ=250 + +* Fri Jan 22 2016 Alexey Makhalov - 4.2.0-10 +- Fix for CVE-2016-0728 + +* Wed Jan 13 2016 Alexey Makhalov - 4.2.0-9 +- CONFIG_HZ=250 + +* Tue Jan 12 2016 Mahmoud Bassiouny - 4.2.0-8 +- Remove rootfstype from the kernel parameter. + +* Mon Jan 04 2016 Harish Udaiya Kumar - 4.2.0-7 +- Disabled all the tracing options in kernel config. +- Disabled preempt. +- Disabled sched autogroup. + +* Thu Dec 17 2015 Harish Udaiya Kumar - 4.2.0-6 +- Enabled kprobe for systemtap & disabled dynamic function tracing in config + +* Fri Dec 11 2015 Harish Udaiya Kumar - 4.2.0-5 +- Added oprofile kernel driver sub-package. + +* Fri Nov 13 2015 Mahmoud Bassiouny - 4.2.0-4 +- Change the linux image directory. + +* Wed Nov 11 2015 Harish Udaiya Kumar - 4.2.0-3 +- Added the build essential files in the dev sub-package. + +* Mon Nov 09 2015 Vinay Kulkarni - 4.2.0-2 +- Enable Geneve module support for generic kernel. + +* Fri Oct 23 2015 Harish Udaiya Kumar - 4.2.0-1 +- Upgraded the generic linux kernel to version 4.2.0 & and updated timer handling to full tickless mode. + +* Tue Sep 22 2015 Harish Udaiya Kumar - 4.0.9-5 +- Added driver support for frame buffer devices and ACPI + +* Wed Sep 2 2015 Alexey Makhalov - 4.0.9-4 +- Added mouse ps/2 module. + +* Fri Aug 14 2015 Alexey Makhalov - 4.0.9-3 +- Use photon.cfg as a symlink. + +* Thu Aug 13 2015 Alexey Makhalov - 4.0.9-2 +- Added environment file(photon.cfg) for grub. + +* Wed Aug 12 2015 Sharath George - 4.0.9-1 +- Upgrading kernel version. + +* Wed Aug 12 2015 Alexey Makhalov - 3.19.2-5 +- Updated OVT to version 10.0.0. +- Rename -gpu-drivers to -drivers-gpu in accordance to directory structure. +- Added -sound package/ + +* Tue Aug 11 2015 Anish Swaminathan - 3.19.2-4 +- Removed Requires dependencies. + +* Fri Jul 24 2015 Harish Udaiya Kumar - 3.19.2-3 +- Updated the config file to include graphics drivers. + +* Mon May 18 2015 Touseef Liaqat - 3.13.3-2 +- Update according to UsrMove. + +* Wed Nov 5 2014 Divya Thaluru - 3.13.3-1 +- Initial build. First version diff --git a/SPECS/kernel/CVE-1999-0524.nopatch b/SPECS/kernel/CVE-1999-0524.nopatch new file mode 100644 index 00000000000..b517265255e --- /dev/null +++ b/SPECS/kernel/CVE-1999-0524.nopatch @@ -0,0 +1,3 @@ +CVE-1999-0524 - No upstream fix. Vulnerability is low severity. +Users can mitigate the vulnerability by configuring their system firewall to +not respond to certain ICMP requests. \ No newline at end of file diff --git a/SPECS/kernel/CVE-1999-0656.nopatch b/SPECS/kernel/CVE-1999-0656.nopatch new file mode 100644 index 00000000000..f875d73ec59 --- /dev/null +++ b/SPECS/kernel/CVE-1999-0656.nopatch @@ -0,0 +1,2 @@ +CVE-1999-0656 - Not a kernel vulnerability. It is a vulnerability in the +rpc.ugidd daemon, which is not provided by the kernel package. \ No newline at end of file diff --git a/SPECS/kernel/CVE-2007-4998.nopatch b/SPECS/kernel/CVE-2007-4998.nopatch new file mode 100644 index 00000000000..36b83288d95 --- /dev/null +++ b/SPECS/kernel/CVE-2007-4998.nopatch @@ -0,0 +1,2 @@ +CVE-2007-4998 - Not a kernel vulnerability. It is a vulnerability in the cp binary +which can be supplied from multiple packages (coreutils, busybox, etc.) \ No newline at end of file diff --git a/SPECS/kernel/CVE-2008-4609.nopatch b/SPECS/kernel/CVE-2008-4609.nopatch new file mode 100644 index 00000000000..eb8ef609e03 --- /dev/null +++ b/SPECS/kernel/CVE-2008-4609.nopatch @@ -0,0 +1,2 @@ +CVE-2008-4609 - No upstream fix. Vulnerability exploits design limitations in TCP protocol. +Recommend using iptables mitigation - https://bugzilla.redhat.com/show_bug.cgi?id=465932 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2009-4484.nopatch b/SPECS/kernel/CVE-2009-4484.nopatch new file mode 100644 index 00000000000..05ae34190a7 --- /dev/null +++ b/SPECS/kernel/CVE-2009-4484.nopatch @@ -0,0 +1,2 @@ +CVE-2009-4484 - Not a kernel vulnerability. It is a vulnerability in mysql when +using the specific yaSSL implementation. We use openssl. \ No newline at end of file diff --git a/SPECS/kernel/CVE-2010-0298.nopatch b/SPECS/kernel/CVE-2010-0298.nopatch new file mode 100644 index 00000000000..54be70a52ea --- /dev/null +++ b/SPECS/kernel/CVE-2010-0298.nopatch @@ -0,0 +1,3 @@ +CVE-2010-0298 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - 1871c6020d7308afb99127bba51f04548e7ca84e +Stable commit - 1871c6020d7308afb99127bba51f04548e7ca84e \ No newline at end of file diff --git a/SPECS/kernel/CVE-2010-0309.nopatch b/SPECS/kernel/CVE-2010-0309.nopatch new file mode 100644 index 00000000000..48c5c142990 --- /dev/null +++ b/SPECS/kernel/CVE-2010-0309.nopatch @@ -0,0 +1,3 @@ +CVE-2010-0309 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - ee73f656a604d5aa9df86a97102e4e462dd79924 +Stable commit - ee73f656a604d5aa9df86a97102e4e462dd79924 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2010-4563.nopatch b/SPECS/kernel/CVE-2010-4563.nopatch new file mode 100644 index 00000000000..02de956214f --- /dev/null +++ b/SPECS/kernel/CVE-2010-4563.nopatch @@ -0,0 +1 @@ +CVE-2010-4563 - No upstream fix. Low security impact. No plans to fix. \ No newline at end of file diff --git a/SPECS/kernel/CVE-2011-0640.nopatch b/SPECS/kernel/CVE-2011-0640.nopatch new file mode 100644 index 00000000000..dc0a734f954 --- /dev/null +++ b/SPECS/kernel/CVE-2011-0640.nopatch @@ -0,0 +1,4 @@ +CVE-2011-0640 - Vulnerability disputed. No fix upstream. +Vulnerability concerns arbitrary code execution when a malicious USB device is +plugged in. The malicious USB device poses as a HID device and sends keystrokes +to control the host system. \ No newline at end of file diff --git a/SPECS/kernel/CVE-2011-2519.nopatch b/SPECS/kernel/CVE-2011-2519.nopatch new file mode 100644 index 00000000000..ff8a501b174 --- /dev/null +++ b/SPECS/kernel/CVE-2011-2519.nopatch @@ -0,0 +1,2 @@ +CVE-2011-2519 - Not a kernel vulnerability. It is a vulnerability in the Xen +hypervisor project when the guest executes the SAHF instruction. \ No newline at end of file diff --git a/SPECS/kernel/CVE-2015-5738.nopatch b/SPECS/kernel/CVE-2015-5738.nopatch new file mode 100644 index 00000000000..2f4118629c0 --- /dev/null +++ b/SPECS/kernel/CVE-2015-5738.nopatch @@ -0,0 +1,2 @@ +CVE-2015-5738 - Not a kernel vulnerability. It is a vulnerability in the RSA-CRT +implementation within the Cavium SDK. \ No newline at end of file diff --git a/SPECS/kernel/CVE-2017-8244.nopatch b/SPECS/kernel/CVE-2017-8244.nopatch new file mode 100644 index 00000000000..61682a3a349 --- /dev/null +++ b/SPECS/kernel/CVE-2017-8244.nopatch @@ -0,0 +1,2 @@ +CVE-2017-8244 - Only applicable to Android kernel tree. +Not a vulnerability in our kernel source as our tree does not host the affected component (drivers/media/platform/msm) \ No newline at end of file diff --git a/SPECS/kernel/CVE-2017-8245.nopatch b/SPECS/kernel/CVE-2017-8245.nopatch new file mode 100644 index 00000000000..b28ca5fb5d2 --- /dev/null +++ b/SPECS/kernel/CVE-2017-8245.nopatch @@ -0,0 +1,2 @@ +CVE-2017-8245 - Only applicable to Android kernel tree. +Not a vulnerability in our kernel source as our tree does not host the affected component (drivers/soc/qcom/qdsp6v2) \ No newline at end of file diff --git a/SPECS/kernel/CVE-2017-8246.nopatch b/SPECS/kernel/CVE-2017-8246.nopatch new file mode 100644 index 00000000000..052d69d1f22 --- /dev/null +++ b/SPECS/kernel/CVE-2017-8246.nopatch @@ -0,0 +1,2 @@ +CVE-2017-8246 - Only applicable to Android kernel tree. +Not a vulnerability in our kernel source as our tree does not host the affected component (sound/soc/msm/qdsp6v2) \ No newline at end of file diff --git a/SPECS/kernel/CVE-2018-1000026.nopatch b/SPECS/kernel/CVE-2018-1000026.nopatch new file mode 100644 index 00000000000..1b402e44fa2 --- /dev/null +++ b/SPECS/kernel/CVE-2018-1000026.nopatch @@ -0,0 +1,3 @@ +CVE-2018-1000026 - Already patched in 5.4.51 stable kernel +Upstream commit - 8914a595110a6eca69a5e275b323f5d09e18f4f9 +Stable tree commit id same as upstream commit id. \ No newline at end of file diff --git a/SPECS/kernel/CVE-2018-16880.nopatch b/SPECS/kernel/CVE-2018-16880.nopatch new file mode 100644 index 00000000000..7c4a8c62c0c --- /dev/null +++ b/SPECS/kernel/CVE-2018-16880.nopatch @@ -0,0 +1,3 @@ +CVE-2018-16880 - Already patched in 5.4.51 stable kernel +Upstream commit - b46a0bf78ad7b150ef5910da83859f7f5a514ffd +Stable tree commit id same as upstream commit id. \ No newline at end of file diff --git a/SPECS/kernel/CVE-2019-19338.nopatch b/SPECS/kernel/CVE-2019-19338.nopatch new file mode 100644 index 00000000000..1b18daa233a --- /dev/null +++ b/SPECS/kernel/CVE-2019-19338.nopatch @@ -0,0 +1,10 @@ +CVE-2019-19338 - already patched in linux-msft-5.4.72 stable kernel +Patch 1 +Upstream commit - cbbaa2727aa3ae9e0a844803da7cef7fd3b94f2b +Stable commit - cbbaa2727aa3ae9e0a844803da7cef7fd3b94f2b +Patch 2 +Upstream commit - c11f83e0626bdc2b6c550fc8b9b6eeefbd8cefaa +Stable commit - c11f83e0626bdc2b6c550fc8b9b6eeefbd8cefaa +Patch 3 +Upstream commit - b07a5c53d42a8c87b208614129e947dd2338ff9c +Stable commit - b07a5c53d42a8c87b208614129e947dd2338ff9c \ No newline at end of file diff --git a/SPECS/kernel/CVE-2019-20794.nopatch b/SPECS/kernel/CVE-2019-20794.nopatch new file mode 100644 index 00000000000..894076a1c9b --- /dev/null +++ b/SPECS/kernel/CVE-2019-20794.nopatch @@ -0,0 +1,4 @@ +CVE-2019-20794 - No upstream fix. Mitigation available. +Mitigated by clearing the tasks stuck in Uninterruptible sleep state after the +user namespace is gone and inflight operations are still in progress: + # echo 1 > /sys/fs/fuse/connections/$NUM/abort \ No newline at end of file diff --git a/SPECS/kernel/CVE-2019-20810.nopatch b/SPECS/kernel/CVE-2019-20810.nopatch new file mode 100644 index 00000000000..c5ed87ae758 --- /dev/null +++ b/SPECS/kernel/CVE-2019-20810.nopatch @@ -0,0 +1,3 @@ +CVE-2019-20810 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - 9453264ef58638ce8976121ac44c07a3ef375983 +Stable commit - 47f7b553434000750f9f918df8ca8c137b7fc50b \ No newline at end of file diff --git a/SPECS/kernel/CVE-2019-3016.nopatch b/SPECS/kernel/CVE-2019-3016.nopatch new file mode 100644 index 00000000000..6394ce0743e --- /dev/null +++ b/SPECS/kernel/CVE-2019-3016.nopatch @@ -0,0 +1,16 @@ +CVE-2019-3016 - already patched in linux-msft-5.4.72 stable kernel +Patch 1 +Upstream commit - 1eff70a9abd46f175defafd29bc17ad456f398a7 +Stable commit - a3db2949904b81ae53a840d99f71021f02a01fd3 +Patch 2 +Upstream commit - 8c6de56a42e0c657955e12b882a81ef07d1d073e +Stable commit - 68460ceba319a46ea14b36129bfd0a152e0f00c3 +Patch 3 +Upstream commit - 917248144db5d7320655dbb41d3af0b8a0f3d589 +Stable commit - f7c1a6c67ff36532f1b0b339e3aae7701a2c0b1e +Patch 4 +Upstream commit - a6bd811f1209fe1c64c9f6fd578101d6436c6b6e +Stable commit - 2aebc6ed84efeb1e255fd6417f9230388f2206cd +Patch 5 +Upstream commit - b043138246a41064527cf019a3d51d9f015e9796 +Stable commit - d71eef9fcc0b81fd56e59afd305a215d81239894 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2019-3819.nopatch b/SPECS/kernel/CVE-2019-3819.nopatch new file mode 100644 index 00000000000..d4e5e2f406a --- /dev/null +++ b/SPECS/kernel/CVE-2019-3819.nopatch @@ -0,0 +1,3 @@ +CVE-2019-3819 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - 13054abbaa4f1fd4e6f3b4b63439ec033b4c8035 +Stable commit - 13054abbaa4f1fd4e6f3b4b63439ec033b4c8035 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2019-3887.nopatch b/SPECS/kernel/CVE-2019-3887.nopatch new file mode 100644 index 00000000000..aad4b1cab10 --- /dev/null +++ b/SPECS/kernel/CVE-2019-3887.nopatch @@ -0,0 +1,7 @@ +CVE-2019-3887 - already patched in linux-msft-5.4.72 stable kernel +Patch 1 +Upstream commit - acff78477b9b4f26ecdf65733a4ed77fe837e9dc +Stable commit - acff78477b9b4f26ecdf65733a4ed77fe837e9dc +Patch 2 +Upstream commit - c73f4c998e1fd4249b9edfa39e23f4fda2b9b041 +Stable commit - c73f4c998e1fd4249b9edfa39e23f4fda2b9b041 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-10690.nopatch b/SPECS/kernel/CVE-2020-10690.nopatch new file mode 100644 index 00000000000..eb01c526618 --- /dev/null +++ b/SPECS/kernel/CVE-2020-10690.nopatch @@ -0,0 +1,3 @@ +CVE-2020-10690 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - a33121e5487b424339636b25c35d3a180eaa5f5e +Stable commit - bfa2e0cd3dfda64fde43c3dca3aeba298d2fe7ad \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-10711.nopatch b/SPECS/kernel/CVE-2020-10711.nopatch new file mode 100644 index 00000000000..23763b33af7 --- /dev/null +++ b/SPECS/kernel/CVE-2020-10711.nopatch @@ -0,0 +1,3 @@ +CVE-2020-10711 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - eead1c2ea2509fd754c6da893a94f0e69e83ebe4 +Stable commit - 1c9dfc2d05d5edde2f8617e3087d9c7dfd55f3c7 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-10766.nopatch b/SPECS/kernel/CVE-2020-10766.nopatch new file mode 100644 index 00000000000..b65b9437732 --- /dev/null +++ b/SPECS/kernel/CVE-2020-10766.nopatch @@ -0,0 +1,3 @@ +CVE-2020-10766 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - dbbe2ad02e9df26e372f38cc3e70dab9222c832e +Stable commit - 209a76a5d46438011eab2eee2a17c8a93b6df8a5 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-10767.nopatch b/SPECS/kernel/CVE-2020-10767.nopatch new file mode 100644 index 00000000000..20902f79b4c --- /dev/null +++ b/SPECS/kernel/CVE-2020-10767.nopatch @@ -0,0 +1,3 @@ +CVE-2020-10767 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - 21998a351512eba4ed5969006f0c55882d995ada +Stable commit - 3e49da23913dc18ee4193dd6cdfd27efa1e58563 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-10768.nopatch b/SPECS/kernel/CVE-2020-10768.nopatch new file mode 100644 index 00000000000..87a114972f0 --- /dev/null +++ b/SPECS/kernel/CVE-2020-10768.nopatch @@ -0,0 +1,3 @@ +CVE-2020-10768 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - 4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf +Stable commit - 3027b9fecd11a63ed51804f982978c41c556537a \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-10781.nopatch b/SPECS/kernel/CVE-2020-10781.nopatch new file mode 100644 index 00000000000..f9a9e3e119c --- /dev/null +++ b/SPECS/kernel/CVE-2020-10781.nopatch @@ -0,0 +1,3 @@ +CVE-2020-10781 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - 853eab68afc80f59f36bbdeb715e5c88c501e680 +Stable commit - edda9fd73f6269354ed945ed67e75eca0d116672 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-10942.nopatch b/SPECS/kernel/CVE-2020-10942.nopatch new file mode 100644 index 00000000000..f5147a0b5f6 --- /dev/null +++ b/SPECS/kernel/CVE-2020-10942.nopatch @@ -0,0 +1,3 @@ +CVE-2020-10942 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - 42d84c8490f9f0931786f1623191fcab397c3d64 +Stable commit - f09fbb1175cffdbbb36b28e2ff7db96dcc90de08 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-11608.nopatch b/SPECS/kernel/CVE-2020-11608.nopatch new file mode 100644 index 00000000000..50886464ab2 --- /dev/null +++ b/SPECS/kernel/CVE-2020-11608.nopatch @@ -0,0 +1,3 @@ +CVE-2020-11608 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - 998912346c0da53a6dbb71fab3a138586b596b30 +Stable commit - 0e01661c14e1e9b254aa550eb08adf582cb3b81f \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-11609.nopatch b/SPECS/kernel/CVE-2020-11609.nopatch new file mode 100644 index 00000000000..aab1d92cd24 --- /dev/null +++ b/SPECS/kernel/CVE-2020-11609.nopatch @@ -0,0 +1,3 @@ +CVE-2020-11609 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - 485b06aadb933190f4bc44e006076bc27a23f205 +Stable commit - c06050a34b9c09fe3a367409892b31f77fc64168 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-12464.nopatch b/SPECS/kernel/CVE-2020-12464.nopatch new file mode 100644 index 00000000000..3f40a7de0c5 --- /dev/null +++ b/SPECS/kernel/CVE-2020-12464.nopatch @@ -0,0 +1,3 @@ +CVE-2020-12464 - Already fixed in 5.4.51 stable kernel +Upstream commit - 056ad39ee9253873522f6469c3364964a322912b +Stable commit - 4ea6153fc7f4deeb4b26b66f42c4d050b33df7f9 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-12465.nopatch b/SPECS/kernel/CVE-2020-12465.nopatch new file mode 100644 index 00000000000..c8b7e9593c3 --- /dev/null +++ b/SPECS/kernel/CVE-2020-12465.nopatch @@ -0,0 +1,3 @@ +CVE-2020-12465 - Already fixed in 5.4.51 stable kernel +Upstream commit - b102f0c522cf668c8382c56a4f771b37d011cda2 +Stable commit - 9980ae64ee8954e191a9f58663481dd584c2dc8a \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-12656.nopatch b/SPECS/kernel/CVE-2020-12656.nopatch new file mode 100644 index 00000000000..865b83287b2 --- /dev/null +++ b/SPECS/kernel/CVE-2020-12656.nopatch @@ -0,0 +1,2 @@ +CVE-2020-12656 - Disputed. Memory leak vulnerability occurs on module unload, +which is already considered a privileged operation. \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-12659.nopatch b/SPECS/kernel/CVE-2020-12659.nopatch new file mode 100644 index 00000000000..fd70f71af8a --- /dev/null +++ b/SPECS/kernel/CVE-2020-12659.nopatch @@ -0,0 +1,3 @@ +CVE-2020-12659 - Already patched in 5.4.51 stable kernel +Upstream commit - 99e3a236dd43d06c65af0a2ef9cb44306aef6e02 +Stable commit - 25de13b0ad039f81f5f1fe3f7f439ac8c489c96f \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-12768.nopatch b/SPECS/kernel/CVE-2020-12768.nopatch new file mode 100644 index 00000000000..85406359302 --- /dev/null +++ b/SPECS/kernel/CVE-2020-12768.nopatch @@ -0,0 +1,3 @@ +CVE-2020-12768 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - d80b64ff297e40c2b6f7d7abc1b3eba70d22a068 +Stable commit - 6c4587c0d1d9d5a182ce5cf72dff52b7b00c73b7 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-12826.nopatch b/SPECS/kernel/CVE-2020-12826.nopatch new file mode 100644 index 00000000000..b835fbd5eb2 --- /dev/null +++ b/SPECS/kernel/CVE-2020-12826.nopatch @@ -0,0 +1,3 @@ +CVE-2020-12826 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - d1e7fd6462ca9fc76650fbe6ca800e35b24267da +Stable commit - 5a4734362d07ea0ae10dc738f9f03f87f4f09e2d \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-12888.nopatch b/SPECS/kernel/CVE-2020-12888.nopatch new file mode 100644 index 00000000000..af5d238095d --- /dev/null +++ b/SPECS/kernel/CVE-2020-12888.nopatch @@ -0,0 +1,3 @@ +CVE-2020-12888 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - abafbc551fddede3e0a08dee1dcde08fc0eb8476 +Stable commit - baa21d56a0aa3d29a9354c0dca3179713c1f3e82 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-14314.nopatch b/SPECS/kernel/CVE-2020-14314.nopatch new file mode 100644 index 00000000000..06a30ddf169 --- /dev/null +++ b/SPECS/kernel/CVE-2020-14314.nopatch @@ -0,0 +1,3 @@ +CVE-2020-14314 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - 5872331b3d91820e14716632ebb56b1399b34fe1 +Stable commit - 96a56b5433b3e633c02eea283a4433d623b40d33 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-14331.nopatch b/SPECS/kernel/CVE-2020-14331.nopatch new file mode 100644 index 00000000000..95e2523ed55 --- /dev/null +++ b/SPECS/kernel/CVE-2020-14331.nopatch @@ -0,0 +1,3 @@ +CVE-2020-14331 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - ebfdfeeae8c01fcb2b3b74ffaf03876e20835d2d +Stable commit - 76b10c757e8554060f27f820f8f0079b9177fcea \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-14356.nopatch b/SPECS/kernel/CVE-2020-14356.nopatch new file mode 100644 index 00000000000..6db80838f66 --- /dev/null +++ b/SPECS/kernel/CVE-2020-14356.nopatch @@ -0,0 +1,3 @@ +CVE-2020-14356 - Already patched in 5.4.72 stable kernel +Upstream commit - ad0f75e5f57ccbceec13274e1e242f2b5a6397ed +Stable commit - 4eaeb927a3230427c5b414030f4b838616d65b29 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-14385.nopatch b/SPECS/kernel/CVE-2020-14385.nopatch new file mode 100644 index 00000000000..8ac1eb00ffc --- /dev/null +++ b/SPECS/kernel/CVE-2020-14385.nopatch @@ -0,0 +1,3 @@ +CVE-2020-14385 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - f4020438fab05364018c91f7e02ebdd192085933 +Stable commit - 23f6872d1a9c3bf544cfa43cba1302e20de640bc \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-14386.nopatch b/SPECS/kernel/CVE-2020-14386.nopatch new file mode 100644 index 00000000000..cabbbe7dfb9 --- /dev/null +++ b/SPECS/kernel/CVE-2020-14386.nopatch @@ -0,0 +1,3 @@ +CVE-2020-14386 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - acf69c946233259ab4d64f8869d4037a198c7f06 +Stable commit - 65f546d6c6586d0cc3dfc9ca65c9eee80c1abb80 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-14390.nopatch b/SPECS/kernel/CVE-2020-14390.nopatch new file mode 100644 index 00000000000..94fef1b9df9 --- /dev/null +++ b/SPECS/kernel/CVE-2020-14390.nopatch @@ -0,0 +1,3 @@ +CVE-2020-14390 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - 50145474f6ef4a9c19205b173da6264a644c7489 +Stable commit - f80b9009eee1e33de597245d9e09e27e76709673 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-15780.nopatch b/SPECS/kernel/CVE-2020-15780.nopatch new file mode 100644 index 00000000000..6ecdede66dc --- /dev/null +++ b/SPECS/kernel/CVE-2020-15780.nopatch @@ -0,0 +1,3 @@ +CVE-2020-15780 - Already fixed in 5.4.51 stable kernel +Upstream commit - 75b0cea7bf307f362057cc778efe89af4c615354 +Stable commit - 67fb5a8aedd12e8adb1dddd324e90f904a4e1e00 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-16166.nopatch b/SPECS/kernel/CVE-2020-16166.nopatch new file mode 100644 index 00000000000..4f00704c12b --- /dev/null +++ b/SPECS/kernel/CVE-2020-16166.nopatch @@ -0,0 +1,3 @@ +CVE-2020-16166 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - f227e3ec3b5cad859ad15666874405e8c1bbc1d4 +Stable commit - 2b9faf229ed2741644e418cf81697cd3aa81ceb7 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-25211.nopatch b/SPECS/kernel/CVE-2020-25211.nopatch new file mode 100644 index 00000000000..c77df952bcb --- /dev/null +++ b/SPECS/kernel/CVE-2020-25211.nopatch @@ -0,0 +1,3 @@ +CVE-2020-25211 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - 1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6 +Stable commit - 8d479c9e2a1c8fdd1b18a2f657ec917c79b9f430 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-25212.nopatch b/SPECS/kernel/CVE-2020-25212.nopatch new file mode 100644 index 00000000000..8e8db455c08 --- /dev/null +++ b/SPECS/kernel/CVE-2020-25212.nopatch @@ -0,0 +1,3 @@ +CVE-2020-25212 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - b4487b93545214a9db8cbf32e86411677b0cca21 +Stable commit - 4052ab9094b6efecb6dc7ed854b3579148ad4a09 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-25284.nopatch b/SPECS/kernel/CVE-2020-25284.nopatch new file mode 100644 index 00000000000..9778a9ae70b --- /dev/null +++ b/SPECS/kernel/CVE-2020-25284.nopatch @@ -0,0 +1,3 @@ +CVE-2020-25284 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - f44d04e696feaf13d192d942c4f14ad2e117065a +Stable commit - ac9737182fff4387cc133369767e9e68772fc3cd \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-25285.nopatch b/SPECS/kernel/CVE-2020-25285.nopatch new file mode 100644 index 00000000000..b3b5fb532a4 --- /dev/null +++ b/SPECS/kernel/CVE-2020-25285.nopatch @@ -0,0 +1,3 @@ +CVE-2020-25285 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - 17743798d81238ab13050e8e2833699b54e15467 +Stable commit - 5fc45104613466d95955a9aedef83d36e58fd276 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-25641.nopatch b/SPECS/kernel/CVE-2020-25641.nopatch new file mode 100644 index 00000000000..e333305b243 --- /dev/null +++ b/SPECS/kernel/CVE-2020-25641.nopatch @@ -0,0 +1,3 @@ +CVE-2020-25641 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - 7e24969022cbd61ddc586f14824fc205661bb124 +Stable commit - adc61d4e217f0ad6d75a1aaed80f3259ec2cd7c2 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-25643.nopatch b/SPECS/kernel/CVE-2020-25643.nopatch new file mode 100644 index 00000000000..68cacde5b93 --- /dev/null +++ b/SPECS/kernel/CVE-2020-25643.nopatch @@ -0,0 +1,3 @@ +CVE-2020-25643 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - 66d42ed8b25b64eb63111a2b8582c5afc8bf1105 +Stable commit - 4215ee9dcf0a05080206c392a14d624a09171db3 \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-25645.nopatch b/SPECS/kernel/CVE-2020-25645.nopatch new file mode 100644 index 00000000000..c7015b49231 --- /dev/null +++ b/SPECS/kernel/CVE-2020-25645.nopatch @@ -0,0 +1,3 @@ +CVE-2020-25645 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - 34beb21594519ce64a55a498c2fe7d567bc1ca20 +Stable commit - 700cfadb04a4f26008f882a2e945aa5a6884530f \ No newline at end of file diff --git a/SPECS/kernel/CVE-2020-26088.nopatch b/SPECS/kernel/CVE-2020-26088.nopatch new file mode 100644 index 00000000000..67dd897c24b --- /dev/null +++ b/SPECS/kernel/CVE-2020-26088.nopatch @@ -0,0 +1,3 @@ +CVE-2020-26088 - already patched in linux-msft-5.4.72 stable kernel +Upstream commit - 26896f01467a28651f7a536143fe5ac8449d4041 +Stable commit - 04d588bb1dcda5418cbe3a903b97eea43f0865b0 \ No newline at end of file diff --git a/SPECS/kernel/config b/SPECS/kernel/config index fa30fe05070..8ce64f67c54 100644 --- a/SPECS/kernel/config +++ b/SPECS/kernel/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.4.51 Kernel Configuration +# Linux/x86_64 5.4.72 Kernel Configuration # # @@ -1992,7 +1992,6 @@ CONFIG_SCSI_PROC_FS=y CONFIG_BLK_DEV_SD=y # CONFIG_CHR_DEV_ST is not set CONFIG_BLK_DEV_SR=y -# CONFIG_BLK_DEV_SR_VENDOR is not set CONFIG_CHR_DEV_SG=y # CONFIG_CHR_DEV_SCH is not set # CONFIG_SCSI_CONSTANTS is not set @@ -2276,6 +2275,7 @@ CONFIG_MII=m CONFIG_NET_CORE=y CONFIG_BONDING=m CONFIG_DUMMY=m +# CONFIG_WIREGUARD is not set # CONFIG_EQUALIZER is not set # CONFIG_NET_FC is not set # CONFIG_IFB is not set @@ -4065,9 +4065,6 @@ CONFIG_HDMI=y # Console display driver support # CONFIG_VGA_CONSOLE=y -CONFIG_VGACON_SOFT_SCROLLBACK=y -CONFIG_VGACON_SOFT_SCROLLBACK_SIZE=64 -# CONFIG_VGACON_SOFT_SCROLLBACK_PERSISTENT_ENABLE_BY_DEFAULT is not set CONFIG_DUMMY_CONSOLE=y CONFIG_DUMMY_CONSOLE_COLUMNS=80 CONFIG_DUMMY_CONSOLE_ROWS=25 @@ -6143,6 +6140,8 @@ CONFIG_CRYPTO_DH=m CONFIG_CRYPTO_ECC=m CONFIG_CRYPTO_ECDH=m # CONFIG_CRYPTO_ECRDSA is not set +# CONFIG_CRYPTO_CURVE25519 is not set +# CONFIG_CRYPTO_CURVE25519_X86 is not set # # Authenticated Encryption with Associated Data @@ -6189,6 +6188,8 @@ CONFIG_CRYPTO_CRC32C_INTEL=m # CONFIG_CRYPTO_CRC32 is not set # CONFIG_CRYPTO_CRC32_PCLMUL is not set # CONFIG_CRYPTO_XXHASH is not set +# CONFIG_CRYPTO_BLAKE2S is not set +# CONFIG_CRYPTO_BLAKE2S_X86 is not set CONFIG_CRYPTO_CRCT10DIF=y # CONFIG_CRYPTO_CRCT10DIF_PCLMUL is not set CONFIG_CRYPTO_GHASH=m @@ -6205,7 +6206,6 @@ CONFIG_CRYPTO_SHA1=y # CONFIG_CRYPTO_SHA1_SSSE3 is not set # CONFIG_CRYPTO_SHA256_SSSE3 is not set # CONFIG_CRYPTO_SHA512_SSSE3 is not set -CONFIG_CRYPTO_LIB_SHA256=y CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA512=y # CONFIG_CRYPTO_SHA3 is not set @@ -6218,12 +6218,10 @@ CONFIG_CRYPTO_SHA512=y # # Ciphers # -CONFIG_CRYPTO_LIB_AES=y CONFIG_CRYPTO_AES=y # CONFIG_CRYPTO_AES_TI is not set CONFIG_CRYPTO_AES_NI_INTEL=m # CONFIG_CRYPTO_ANUBIS is not set -CONFIG_CRYPTO_LIB_ARC4=m CONFIG_CRYPTO_ARC4=m # CONFIG_CRYPTO_BLOWFISH is not set # CONFIG_CRYPTO_BLOWFISH_X86_64 is not set @@ -6235,7 +6233,6 @@ CONFIG_CRYPTO_ARC4=m # CONFIG_CRYPTO_CAST5_AVX_X86_64 is not set # CONFIG_CRYPTO_CAST6 is not set # CONFIG_CRYPTO_CAST6_AVX_X86_64 is not set -CONFIG_CRYPTO_LIB_DES=m CONFIG_CRYPTO_DES=m # CONFIG_CRYPTO_DES3_EDE_X86_64 is not set # CONFIG_CRYPTO_FCRYPT is not set @@ -6281,6 +6278,20 @@ CONFIG_CRYPTO_USER_API_SKCIPHER=m # CONFIG_CRYPTO_USER_API_RNG is not set # CONFIG_CRYPTO_USER_API_AEAD is not set CONFIG_CRYPTO_HASH_INFO=y + +# +# Crypto library routines +# +CONFIG_CRYPTO_LIB_AES=y +CONFIG_CRYPTO_LIB_ARC4=m +# CONFIG_CRYPTO_LIB_BLAKE2S is not set +# CONFIG_CRYPTO_LIB_CHACHA is not set +# CONFIG_CRYPTO_LIB_CURVE25519 is not set +CONFIG_CRYPTO_LIB_DES=m +CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 +# CONFIG_CRYPTO_LIB_POLY1305 is not set +# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_LIB_SHA256=y CONFIG_CRYPTO_HW=y # CONFIG_CRYPTO_DEV_PADLOCK is not set # CONFIG_CRYPTO_DEV_ATMEL_ECC is not set diff --git a/SPECS/kernel/config_aarch64 b/SPECS/kernel/config_aarch64 index 078b4dbebc3..92c24607c4b 100644 --- a/SPECS/kernel/config_aarch64 +++ b/SPECS/kernel/config_aarch64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 5.4.51 Kernel Configuration +# Linux/arm64 5.4.72 Kernel Configuration # # @@ -1895,7 +1895,6 @@ CONFIG_SCSI_PROC_FS=y CONFIG_BLK_DEV_SD=y # CONFIG_CHR_DEV_ST is not set CONFIG_BLK_DEV_SR=y -# CONFIG_BLK_DEV_SR_VENDOR is not set CONFIG_CHR_DEV_SG=y # CONFIG_CHR_DEV_SCH is not set # CONFIG_SCSI_CONSTANTS is not set @@ -2183,6 +2182,7 @@ CONFIG_MII=m CONFIG_NET_CORE=y CONFIG_BONDING=m CONFIG_DUMMY=m +# CONFIG_WIREGUARD is not set # CONFIG_EQUALIZER is not set # CONFIG_NET_FC is not set # CONFIG_IFB is not set @@ -3082,6 +3082,7 @@ CONFIG_SPI_SPIDEV=m # CONFIG_SPI_LOOPBACK_TEST is not set # CONFIG_SPI_TLE62X0 is not set # CONFIG_SPI_SLAVE is not set +CONFIG_SPI_DYNAMIC=y # CONFIG_SPMI is not set # CONFIG_HSI is not set CONFIG_PPS=y @@ -6384,6 +6385,7 @@ CONFIG_CRYPTO_RSA=y # CONFIG_CRYPTO_DH is not set # CONFIG_CRYPTO_ECDH is not set # CONFIG_CRYPTO_ECRDSA is not set +# CONFIG_CRYPTO_CURVE25519 is not set # # Authenticated Encryption with Associated Data @@ -6425,6 +6427,7 @@ CONFIG_CRYPTO_HMAC=y CONFIG_CRYPTO_CRC32C=y # CONFIG_CRYPTO_CRC32 is not set # CONFIG_CRYPTO_XXHASH is not set +# CONFIG_CRYPTO_BLAKE2S is not set CONFIG_CRYPTO_CRCT10DIF=y CONFIG_CRYPTO_GHASH=m # CONFIG_CRYPTO_POLY1305 is not set @@ -6436,7 +6439,6 @@ CONFIG_CRYPTO_MD5=y # CONFIG_CRYPTO_RMD256 is not set # CONFIG_CRYPTO_RMD320 is not set CONFIG_CRYPTO_SHA1=y -CONFIG_CRYPTO_LIB_SHA256=y CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA512=y # CONFIG_CRYPTO_SHA3 is not set @@ -6448,17 +6450,14 @@ CONFIG_CRYPTO_SHA512=y # # Ciphers # -CONFIG_CRYPTO_LIB_AES=y CONFIG_CRYPTO_AES=y # CONFIG_CRYPTO_AES_TI is not set # CONFIG_CRYPTO_ANUBIS is not set -CONFIG_CRYPTO_LIB_ARC4=m CONFIG_CRYPTO_ARC4=m # CONFIG_CRYPTO_BLOWFISH is not set # CONFIG_CRYPTO_CAMELLIA is not set # CONFIG_CRYPTO_CAST5 is not set # CONFIG_CRYPTO_CAST6 is not set -CONFIG_CRYPTO_LIB_DES=m CONFIG_CRYPTO_DES=m # CONFIG_CRYPTO_FCRYPT is not set # CONFIG_CRYPTO_KHAZAD is not set @@ -6496,6 +6495,20 @@ CONFIG_CRYPTO_USER_API_SKCIPHER=m # CONFIG_CRYPTO_USER_API_RNG is not set # CONFIG_CRYPTO_USER_API_AEAD is not set CONFIG_CRYPTO_HASH_INFO=y + +# +# Crypto library routines +# +CONFIG_CRYPTO_LIB_AES=y +CONFIG_CRYPTO_LIB_ARC4=m +# CONFIG_CRYPTO_LIB_BLAKE2S is not set +# CONFIG_CRYPTO_LIB_CHACHA is not set +# CONFIG_CRYPTO_LIB_CURVE25519 is not set +CONFIG_CRYPTO_LIB_DES=m +CONFIG_CRYPTO_LIB_POLY1305_RSIZE=9 +# CONFIG_CRYPTO_LIB_POLY1305 is not set +# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_LIB_SHA256=y CONFIG_CRYPTO_HW=y # CONFIG_CRYPTO_DEV_MARVELL_CESA is not set CONFIG_CRYPTO_DEV_FSL_CAAM_COMMON=m diff --git a/SPECS/kernel/e1000e-add-support-for-comet-lake.patch b/SPECS/kernel/e1000e-add-support-for-comet-lake.patch deleted file mode 100644 index c2d994eb1f9..00000000000 --- a/SPECS/kernel/e1000e-add-support-for-comet-lake.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 914ee9c436cbe90c8ca8a46ec8433cb614a2ada5 Mon Sep 17 00:00:00 2001 -From: Sasha Neftin -Date: Thu, 10 Oct 2019 13:15:39 +0300 -Subject: [PATCH] e1000e: Add support for Comet Lake - -Add devices ID's for the next LOM generations that will be -available on the next Intel Client platform (Comet Lake) -This patch provides the initial support for these devices - -Signed-off-by: Sasha Neftin -Tested-by: Aaron Brown -Signed-off-by: Jeff Kirsher ---- - drivers/net/ethernet/intel/e1000e/hw.h | 6 ++++++ - drivers/net/ethernet/intel/e1000e/netdev.c | 6 ++++++ - 2 files changed, 12 insertions(+) - -diff --git a/drivers/net/ethernet/intel/e1000e/hw.h b/drivers/net/ethernet/intel/e1000e/hw.h -index eff75bd8a8f0b9..11fdc27faa82b8 100644 ---- a/drivers/net/ethernet/intel/e1000e/hw.h -+++ b/drivers/net/ethernet/intel/e1000e/hw.h -@@ -86,6 +86,12 @@ struct e1000_hw; - #define E1000_DEV_ID_PCH_ICP_I219_V8 0x15E0 - #define E1000_DEV_ID_PCH_ICP_I219_LM9 0x15E1 - #define E1000_DEV_ID_PCH_ICP_I219_V9 0x15E2 -+#define E1000_DEV_ID_PCH_CMP_I219_LM10 0x0D4E -+#define E1000_DEV_ID_PCH_CMP_I219_V10 0x0D4F -+#define E1000_DEV_ID_PCH_CMP_I219_LM11 0x0D4C -+#define E1000_DEV_ID_PCH_CMP_I219_V11 0x0D4D -+#define E1000_DEV_ID_PCH_CMP_I219_LM12 0x0D53 -+#define E1000_DEV_ID_PCH_CMP_I219_V12 0x0D55 - - #define E1000_REVISION_4 4 - -diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c -index 42f57ab8fb8eb9..731e1b3e103a15 100644 ---- a/drivers/net/ethernet/intel/e1000e/netdev.c -+++ b/drivers/net/ethernet/intel/e1000e/netdev.c -@@ -7749,6 +7749,12 @@ static const struct pci_device_id e1000_pci_tbl[] = { - { PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_ICP_I219_V8), board_pch_cnp }, - { PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_ICP_I219_LM9), board_pch_cnp }, - { PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_ICP_I219_V9), board_pch_cnp }, -+ { PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_CMP_I219_LM10), board_pch_cnp }, -+ { PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_CMP_I219_V10), board_pch_cnp }, -+ { PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_CMP_I219_LM11), board_pch_cnp }, -+ { PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_CMP_I219_V11), board_pch_cnp }, -+ { PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_CMP_I219_LM12), board_pch_spt }, -+ { PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_CMP_I219_V12), board_pch_spt }, - - { 0, 0, 0, 0, 0, 0, 0 } /* terminate list */ - }; diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json index 7de9927d3b6..63247935db3 100644 --- a/SPECS/kernel/kernel.signatures.json +++ b/SPECS/kernel/kernel.signatures.json @@ -1,7 +1,7 @@ { "Signatures": { - "config": "b8c9e2a875e4e6655fdbeb626088529fd1cef401b8f67a481fc301d2a3a026c5", - "config_aarch64": "3057cf5c5f04b57c4d69f9783d4809de217fb46a4278694c19f6c3ffd81249c5", - "linux-msft-5.4.51.tar.gz": "3bcd6b09e952fac4f708614658b508ce80c8e25c04780b6b44a481b1479a08e7" + "config": "681e8ff274fc3fc79eaf38d5152e99702e22346bd2aaff06925715dcf1a00fc3", + "config_aarch64": "e5e5d73cb64189a18c4129d466545f81b8cb8fe8ceeacddeb39b6e73e1822fc1", + "linux-msft-5.4.72.tar.gz": "3407ccf8505595ae3e7a7b30c206190a0762f3e202f21f9de88a8d59e182ddef" } } \ No newline at end of file diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec index 8f788dadb09..f06a1f59131 100644 --- a/SPECS/kernel/kernel.spec +++ b/SPECS/kernel/kernel.spec @@ -1,18 +1,17 @@ %global security_hardening none +%define uname_r %{version}-%{release} Summary: Linux Kernel Name: kernel -Version: 5.4.51 -Release: 11%{?dist} +Version: 5.4.72 +Release: 1%{?dist} License: GPLv2 -URL: https://github.com/microsoft/WSL2-Linux-Kernel -Group: System Environment/Kernel Vendor: Microsoft Corporation Distribution: Mariner +Group: System Environment/Kernel +URL: https://github.com/microsoft/WSL2-Linux-Kernel Source0: https://github.com/microsoft/WSL2-Linux-Kernel/archive/linux-msft-%{version}.tar.gz Source1: config Source2: config_aarch64 -Patch0: e1000e-add-support-for-comet-lake.patch - # Kernel CVEs are addressed by moving to a newer version of the stable kernel. # Since kernel CVEs are filed against the upstream kernel version and not the # stable kernel version, our automated tooling will still flag the CVE as not @@ -43,24 +42,76 @@ Patch1019: CVE-2020-11668.nopatch Patch1020: CVE-2020-12654.nopatch Patch1021: CVE-2020-24394.nopatch Patch1022: CVE-2020-8428.nopatch - +Patch1023: CVE-2018-1000026.nopatch +Patch1024: CVE-2018-16880.nopatch +Patch1025: CVE-2020-12464.nopatch +Patch1026: CVE-2020-12465.nopatch +Patch1027: CVE-2020-12659.nopatch +Patch1028: CVE-2020-15780.nopatch +Patch1029: CVE-2020-14356.nopatch +Patch1030: CVE-2020-14386.nopatch +Patch1031: CVE-2020-25645.nopatch +Patch1032: CVE-2020-25643.nopatch +Patch1033: CVE-2020-25211.nopatch +Patch1034: CVE-2020-25212.nopatch +Patch1035: CVE-2008-4609.nopatch +Patch1036: CVE-2020-14331.nopatch +Patch1037: CVE-2010-0298.nopatch +Patch1038: CVE-2020-10690.nopatch +Patch1039: CVE-2020-25285.nopatch +Patch1040: CVE-2020-10711.nopatch +Patch1041: CVE-2019-3887.nopatch +Patch1042: CVE-2020-14390.nopatch +Patch1043: CVE-2019-19338.nopatch +Patch1044: CVE-2019-20810.nopatch +Patch1045: CVE-2020-10766.nopatch +Patch1046: CVE-2020-10767.nopatch +Patch1047: CVE-2020-10768.nopatch +Patch1048: CVE-2020-10781.nopatch +Patch1049: CVE-2020-12768.nopatch +Patch1050: CVE-2020-14314.nopatch +Patch1051: CVE-2020-14385.nopatch +Patch1052: CVE-2020-25641.nopatch +Patch1053: CVE-2020-26088.nopatch +Patch1054: CVE-2020-10942.nopatch +Patch1055: CVE-2020-12826.nopatch +Patch1056: CVE-2019-3016.nopatch +Patch1057: CVE-2019-3819.nopatch +Patch1058: CVE-2020-16166.nopatch +Patch1059: CVE-2020-11608.nopatch +Patch1060: CVE-2020-11609.nopatch +Patch1061: CVE-2020-25284.nopatch +Patch1062: CVE-2020-12888.nopatch +Patch1063: CVE-2017-8244.nopatch +Patch1064: CVE-2017-8245.nopatch +Patch1065: CVE-2017-8246.nopatch +Patch1066: CVE-2009-4484.nopatch +Patch1067: CVE-2015-5738.nopatch +Patch1068: CVE-2007-4998.nopatch +Patch1069: CVE-2010-0309.nopatch +Patch1070: CVE-2011-0640.nopatch +Patch1071: CVE-2020-12656.nopatch +Patch1072: CVE-2011-2519.nopatch +Patch1073: CVE-1999-0656.nopatch +Patch1074: CVE-2010-4563.nopatch +Patch1075: CVE-2019-20794.nopatch +Patch1076: CVE-1999-0524.nopatch +BuildRequires: audit-devel BuildRequires: bc BuildRequires: diffutils +BuildRequires: glib-devel BuildRequires: kbd BuildRequires: kmod-devel -BuildRequires: glib-devel -BuildRequires: xerces-c-devel BuildRequires: libdnet-devel BuildRequires: libmspack-devel -BuildRequires: pam-devel BuildRequires: openssl-devel +BuildRequires: pam-devel BuildRequires: procps-ng-devel -BuildRequires: audit-devel -Requires: filesystem kmod +BuildRequires: xerces-c-devel +Requires: filesystem +Requires: kmod Requires(post): coreutils Requires(postun): coreutils -%define uname_r %{version}-%{release} - # When updating the config files it is important to sanitize them. # Steps for updating a config file: # 1. Extract the linux sources into a folder @@ -81,9 +132,11 @@ The kernel package contains the Linux kernel. %package devel Summary: Kernel Dev Group: System Environment/Kernel -Obsoletes: linux-dev Requires: %{name} = %{version}-%{release} -Requires: python3 gawk +Requires: gawk +Requires: python3 +Obsoletes: linux-dev + %description devel This package contains the Linux kernel dev files @@ -91,6 +144,7 @@ This package contains the Linux kernel dev files Summary: Kernel Sound modules Group: System Environment/Kernel Requires: %{name} = %{version}-%{release} + %description drivers-sound This package contains the Linux kernel sound support @@ -98,6 +152,7 @@ This package contains the Linux kernel sound support Summary: Kernel docs Group: System Environment/Kernel Requires: python3 + %description docs This package contains the Linux kernel doc files @@ -106,6 +161,7 @@ This package contains the Linux kernel doc files Summary: Kernel driver for oprofile, a statistical profiler for Linux systems Group: System Environment/Kernel Requires: %{name} = %{version}-%{release} + %description oprofile Kernel driver for oprofile, a statistical profiler for Linux systems %endif @@ -115,14 +171,13 @@ Summary: This package contains the 'perf' performance analysis tools for Group: System/Tools Requires: %{name} = %{version}-%{release} Requires: audit + %description tools This package contains the 'perf' performance analysis tools for Linux kernel. %prep %setup -q -n WSL2-Linux-Kernel-linux-msft-%{version} -%patch0 -p1 - %build make mrproper @@ -173,16 +228,16 @@ for MODULE in `find %{buildroot}/lib/modules/%{uname_r} -name *.ko` ; do \ %define __spec_install_post\ %{?__debug_package:%{__debug_install_post}}\ %{__arch_install_post}\ - %{__os_install_post}\ + %__os_install_post\ %{__modules_install_post}\ %{nil} %install -install -vdm 755 %{buildroot}/etc +install -vdm 755 %{buildroot}%{_sysconfdir} install -vdm 700 %{buildroot}/boot install -vdm 755 %{buildroot}%{_defaultdocdir}/linux-%{uname_r} -install -vdm 755 %{buildroot}/usr/src/linux-headers-%{uname_r} -install -vdm 755 %{buildroot}/usr/lib/debug/lib/modules/%{uname_r} +install -vdm 755 %{buildroot}%{_prefix}/src/linux-headers-%{uname_r} +install -vdm 755 %{buildroot}%{_lib}/debug/lib/modules/%{uname_r} make INSTALL_MOD_PATH=%{buildroot} modules_install %ifarch x86_64 @@ -209,9 +264,9 @@ install -vm 600 arch/arm64/boot/Image %{buildroot}/boot/vmlinuz-%{uname_r} install -vm 400 System.map %{buildroot}/boot/System.map-%{uname_r} install -vm 600 .config %{buildroot}/boot/config-%{uname_r} cp -r Documentation/* %{buildroot}%{_defaultdocdir}/linux-%{uname_r} -install -vm 644 vmlinux %{buildroot}/usr/lib/debug/lib/modules/%{uname_r}/vmlinux-%{uname_r} +install -vm 644 vmlinux %{buildroot}%{_lib}/debug/lib/modules/%{uname_r}/vmlinux-%{uname_r} # `perf test vmlinux` needs it -ln -s vmlinux-%{uname_r} %{buildroot}/usr/lib/debug/lib/modules/%{uname_r}/vmlinux +ln -s vmlinux-%{uname_r} %{buildroot}%{_lib}/debug/lib/modules/%{uname_r}/vmlinux cat > %{buildroot}/boot/linux-%{uname_r}.cfg << "EOF" # GRUB Environment Block @@ -231,22 +286,22 @@ EOF rm -rf %{buildroot}/lib/modules/%{uname_r}/source rm -rf %{buildroot}/lib/modules/%{uname_r}/build -find . -name Makefile* -o -name Kconfig* -o -name *.pl | xargs sh -c 'cp --parents "$@" %{buildroot}/usr/src/linux-headers-%{uname_r}' copy -find arch/${archdir}/include include scripts -type f | xargs sh -c 'cp --parents "$@" %{buildroot}/usr/src/linux-headers-%{uname_r}' copy -find $(find arch/${archdir} -name include -o -name scripts -type d) -type f | xargs sh -c 'cp --parents "$@" %{buildroot}/usr/src/linux-headers-%{uname_r}' copy -find arch/${archdir}/include Module.symvers include scripts -type f | xargs sh -c 'cp --parents "$@" %{buildroot}/usr/src/linux-headers-%{uname_r}' copy +find . -name Makefile* -o -name Kconfig* -o -name *.pl | xargs sh -c 'cp --parents "$@" %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}' copy +find arch/${archdir}/include include scripts -type f | xargs sh -c 'cp --parents "$@" %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}' copy +find $(find arch/${archdir} -name include -o -name scripts -type d) -type f | xargs sh -c 'cp --parents "$@" %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}' copy +find arch/${archdir}/include Module.symvers include scripts -type f | xargs sh -c 'cp --parents "$@" %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}' copy %ifarch x86_64 # CONFIG_STACK_VALIDATION=y requires objtool to build external modules -install -vsm 755 tools/objtool/objtool %{buildroot}/usr/src/linux-headers-%{uname_r}/tools/objtool/ -install -vsm 755 tools/objtool/fixdep %{buildroot}/usr/src/linux-headers-%{uname_r}/tools/objtool/ +install -vsm 755 tools/objtool/objtool %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}/tools/objtool/ +install -vsm 755 tools/objtool/fixdep %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}/tools/objtool/ %endif -cp .config %{buildroot}/usr/src/linux-headers-%{uname_r} # copy .config manually to be where it's expected to be -ln -sf "/usr/src/linux-headers-%{uname_r}" "%{buildroot}/lib/modules/%{uname_r}/build" +cp .config %{buildroot}%{_prefix}/src/linux-headers-%{uname_r} # copy .config manually to be where it's expected to be +ln -sf "%{_prefix}/src/linux-headers-%{uname_r}" "%{buildroot}/lib/modules/%{uname_r}/build" find %{buildroot}/lib/modules -name '*.ko' -print0 | xargs -0 chmod u+x %ifarch aarch64 -cp arch/arm64/kernel/module.lds %{buildroot}/usr/src/linux-headers-%{uname_r}/arch/arm64/kernel/ +cp arch/arm64/kernel/module.lds %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}/arch/arm64/kernel/ %endif # disable (JOBS=1) parallel build to fix this issue: @@ -289,6 +344,7 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %files %defattr(-,root,root) +%license COPYING /boot/System.map-%{uname_r} /boot/config-%{uname_r} /boot/vmlinuz-%{uname_r} @@ -310,7 +366,7 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %files devel %defattr(-,root,root) /lib/modules/%{uname_r}/build -/usr/src/linux-headers-%{uname_r} +%{_prefix}/src/linux-headers-%{uname_r} %files drivers-sound %defattr(-,root,root) @@ -324,482 +380,686 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %files tools %defattr(-,root,root) -/usr/libexec +%{_libexecdir} %exclude %{_libdir}/debug %ifarch x86_64 -/usr/lib64/traceevent +%{_lib64}/traceevent %endif %ifarch aarch64 -/usr/lib/traceevent +%{_lib}/traceevent %endif %{_bindir} -/etc/bash_completion.d/* -/usr/share/perf-core/strace/groups/file -/usr/share/perf-core/strace/groups/string -/usr/share/doc/* +%{_sysconfdir}/bash_completion.d/* +%{_datadir}/perf-core/strace/groups/file +%{_datadir}/perf-core/strace/groups/string +%{_docdir}/* %{_libdir}/perf/examples/bpf/* %{_libdir}/perf/include/bpf/* %changelog -* Fri Oct 16 2020 Suresh Babu Chalamalasetty 5.4.51-11 -- Enable QAT kernel configs -* Fri Oct 02 2020 Chris Co 5.4.51-10 -- Address CVE-2020-10757, CVE-2020-12653, CVE-2020-12657, CVE-2010-3865, -- CVE-2020-11668, CVE-2020-12654, CVE-2020-24394, CVE-2020-8428 -* Fri Oct 02 2020 Chris Co 5.4.51-9 -- Fix aarch64 build error -* Wed Sep 30 2020 Emre Girgin 5.4.51-8 -- Update postun script to deal with removal in case of another installed kernel. -* Fri Sep 25 2020 Suresh Babu Chalamalasetty 5.4.51-7 -- Enable Mellanox kernel configs -* Wed Sep 23 2020 Daniel McIlvaney 5.4.51-6 -- Enable CONFIG_IMA (measurement only) and associated configs -* Thu Sep 03 2020 Daniel McIlvaney 5.4.51-5 -- Add code to check for missing config flags in the checked in configs -* Thu Sep 03 2020 Chris Co 5.4.51-4 -- Apply additional kernel hardening configs -* Thu Sep 03 2020 Chris Co 5.4.51-3 -- Bump release number due to kernel-signed- package update -- Minor aarch64 config and changelog cleanup -* Tue Sep 01 2020 Chris Co 5.4.51-2 -- Update source hash -* Wed Aug 19 2020 Chris Co 5.4.51-1 -- Update source to 5.4.51 -- Enable DXGKRNL config -- Address CVE-2020-11494, CVE-2020-11565, CVE-2020-12655, CVE-2020-12771, -- CVE-2020-13974, CVE-2020-15393, CVE-2020-8647, CVE-2020-8648, CVE-2020-8649, -- CVE-2020-9383, CVE-2020-11725 -* Wed Aug 19 2020 Chris Co 5.4.42-12 -- Remove the signed package depends -* Tue Aug 18 2020 Chris Co 5.4.42-11 -- Remove signed subpackage -* Mon Aug 17 2020 Chris Co 5.4.42-10 -- Enable BPF, PC104, userfaultfd, SLUB sysfs, SMC, XDP sockets monitoring configs -* Fri Aug 07 2020 Mateusz Malisz 5.4.42-9 -- Add crashkernel=128M to the kernel cmdline -- Update config to support kexec and kexec_file_load -* Tue Aug 04 2020 Pawel Winogrodzki 5.4.42-8 -- Updating "KBUILD_BUILD_VERSION" and "KBUILD_BUILD_HOST" with correct - distribution name. -* Wed Jul 22 2020 Chris Co 5.4.42-7 -- Address CVE-2020-8992, CVE-2020-12770, CVE-2020-13143, CVE-2020-11884 -* Fri Jul 17 2020 Suresh Babu Chalamalasetty 5.4.42-6 -- Enable CONFIG_MLX5_CORE_IPOIB and CONFIG_INFINIBAND_IPOIB config flags -* Fri Jul 17 2020 Suresh Babu Chalamalasetty 5.4.42-5 -- Adding XDP config flag -* Thu Jul 09 2020 Anand Muthurajan 5.4.42-4 -- Enable CONFIG_QED, CONFIG_QEDE, CONFIG_QED_SRIOV and CONFIG_QEDE_VXLAN flags -* Wed Jun 24 2020 Chris Co 5.4.42-3 -- Regenerate input config files -* Fri Jun 19 2020 Chris Co 5.4.42-2 -- Add kernel-secure subpackage and macros for adding offline signed kernels -* Fri Jun 12 2020 Chris Co 5.4.42-1 -- Update source to 5.4.42 -* Thu Jun 11 2020 Chris Co 5.4.23-17 -- Enable PAGE_POISONING configs -- Disable PROC_KCORE config -- Enable RANDOM_TRUST_CPU config for x86_64 -* Fri Jun 05 2020 Suresh Babu Chalamalasetty 5.4.23-16 -- Adding BPF config flags -* Thu Jun 04 2020 Chris Co 5.4.23-15 -- Add config support for USB video class devices -* Wed Jun 03 2020 Nicolas Ontiveros 5.4.23-14 -- Add CONFIG_CRYPTO_XTS=y to config. -* Wed Jun 03 2020 Chris Co 5.4.23-13 -- Add patch to support CometLake e1000e ethernet -- Remove drivers-gpu subpackage -- Inline the initramfs trigger and postun source files -- Remove rpi3 dtb and ls1012 dtb subpackages -* Wed May 27 2020 Chris Co 5.4.23-12 -- Update arm64 security configs -- Disable devmem in x86_64 config -* Tue May 26 2020 Daniel Mihai 5.4.23-11 -- Disabled Reliable Datagram Sockets protocol (CONFIG_RDS). -* Fri May 22 2020 Emre Girgin 5.4.23-10 -- Change /boot directory permissions to 600. -* Thu May 21 2020 Chris Co 5.4.23-9 -- Update x86_64 security configs -* Wed May 20 2020 Suresh Babu Chalamalasetty 5.4.23-8 -- Adding InfiniBand config flags -* Mon May 11 2020 Anand Muthurajan 5.4.23-7 -- Adding PPP config flags -* Tue Apr 28 2020 Emre Girgin 5.4.23-6 -- Renaming Linux-PAM to pam -* Tue Apr 28 2020 Emre Girgin 5.4.23-5 -- Renaming linux to kernel -* Tue Apr 14 2020 Emre Girgin 5.4.23-4 -- Remove linux-aws and linux-esx references. -- Remove kat_build usage. -- Remove ENA module. -* Fri Apr 10 2020 Emre Girgin 5.4.23-3 -- Remove xml-security-c dependency. -* Wed Apr 08 2020 Nicolas Ontiveros 5.4.23-2 -- Remove toybox and only use coreutils for requires. -* Tue Dec 10 2019 Chris Co 5.4.23-1 -- Update to Microsoft Linux Kernel 5.4.23 -- Remove patches -- Update ENA module to 2.1.2 to work with Linux 5.4.23 -- Remove xr module -- Remove Xen tmem module from dracut module list to fix initramfs creation -- Add patch to fix missing trans_pgd header in aarch64 build -* Fri Oct 11 2019 Henry Beberman 4.19.52-8 -- Enable Hyper-V TPM in config -* Tue Sep 03 2019 Mateusz Malisz 4.19.52-7 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Thu Jul 25 2019 Keerthana K 4.19.52-6 -- Fix postun scriplet. -* Thu Jul 11 2019 Keerthana K 4.19.52-5 -- Enable kernel configs necessary for BPF Compiler Collection (BCC). -* Wed Jul 10 2019 Srivatsa S. Bhat (VMware) 4.19.52-4 -- Deprecate linux-aws-tools in favor of linux-tools. -* Tue Jul 02 2019 Alexey Makhalov 4.19.52-3 -- Fix 9p vsock 16bit port issue. -* Thu Jun 20 2019 Tapas Kundu 4.19.52-2 -- Enabled CONFIG_I2C_CHARDEV to support lm-sensors -* Mon Jun 17 2019 Srivatsa S. Bhat (VMware) 4.19.52-1 -- Update to version 4.19.52 -- Fix CVE-2019-12456, CVE-2019-12379, CVE-2019-12380, CVE-2019-12381, -- CVE-2019-12382, CVE-2019-12378, CVE-2019-12455 -* Tue May 28 2019 Srivatsa S. Bhat (VMware) 4.19.40-3 -- Change default I/O scheduler to 'deadline' to fix performance issue. -* Tue May 14 2019 Keerthana K 4.19.40-2 -- Fix to parse through /boot folder and update symlink (/boot/photon.cfg) if -- mulitple kernels are installed and current linux kernel is removed. -* Tue May 07 2019 Ajay Kaher 4.19.40-1 -- Update to version 4.19.40 -* Thu Apr 11 2019 Srivatsa S. Bhat (VMware) 4.19.32-3 -- Update config_aarch64 to fix ARM64 build. -* Fri Mar 29 2019 Srivatsa S. Bhat (VMware) 4.19.32-2 -- Fix CVE-2019-10125 -* Wed Mar 27 2019 Srivatsa S. Bhat (VMware) 4.19.32-1 -- Update to version 4.19.32 -* Thu Mar 14 2019 Srivatsa S. Bhat (VMware) 4.19.29-1 -- Update to version 4.19.29 -* Tue Mar 05 2019 Ajay Kaher 4.19.26-1 -- Update to version 4.19.26 -* Thu Feb 21 2019 Him Kalyan Bordoloi 4.19.15-3 -- Fix CVE-2019-8912 -* Thu Jan 24 2019 Alexey Makhalov 4.19.15-2 -- Add WiFi (ath10k), sensors (i2c,spi), usb support for NXP LS1012A board. -* Tue Jan 15 2019 Srivatsa S. Bhat (VMware) 4.19.15-1 -- Update to version 4.19.15 -* Fri Jan 11 2019 Srinidhi Rao 4.19.6-7 -- Add Network support for NXP LS1012A board. -* Wed Jan 09 2019 Ankit Jain 4.19.6-6 -- Enable following for x86_64 and aarch64: -- Enable Kernel Address Space Layout Randomization. -- Enable CONFIG_SECURITY_NETWORK_XFRM -* Fri Jan 04 2019 Srivatsa S. Bhat (VMware) 4.19.6-5 -- Enable AppArmor by default. -* Wed Jan 02 2019 Alexey Makhalov 4.19.6-4 -- .config: added Compulab fitlet2 device drivers -- .config_aarch64: added gpio sysfs support -- renamed -sound to -drivers-sound -* Tue Jan 01 2019 Ajay Kaher 4.19.6-3 -- .config: Enable CONFIG_PCI_HYPERV driver -* Wed Dec 19 2018 Srinidhi Rao 4.19.6-2 -- Add NXP LS1012A support. -* Mon Dec 10 2018 Srivatsa S. Bhat (VMware) 4.19.6-1 -- Update to version 4.19.6 -* Fri Dec 07 2018 Alexey Makhalov 4.19.1-3 -- .config: added qmi wwan module -* Mon Nov 12 2018 Ajay Kaher 4.19.1-2 -- Fix config_aarch64 for 4.19.1 -* Mon Nov 05 2018 Srivatsa S. Bhat (VMware) 4.19.1-1 -- Update to version 4.19.1 -* Tue Oct 16 2018 Him Kalyan Bordoloi 4.18.9-5 -- Change in config to enable drivers for zigbee and GPS -* Fri Oct 12 2018 Ajay Kaher 4.18.9-4 -- Enable LAN78xx for aarch64 rpi3 -* Fri Oct 5 2018 Ajay Kaher 4.18.9-3 -- Fix config_aarch64 for 4.18.9 -- Add module.lds for aarch64 -* Wed Oct 03 2018 Srivatsa S. Bhat 4.18.9-2 -- Use updated steal time accounting patch. -- .config: Enable CONFIG_CPU_ISOLATION and a few networking options -- that got accidentally dropped in the last update. -* Mon Oct 1 2018 Srivatsa S. Bhat 4.18.9-1 -- Update to version 4.18.9 -* Tue Sep 25 2018 Ajay Kaher 4.14.67-2 -- Build hang (at make oldconfig) fix in config_aarch64 -* Wed Sep 19 2018 Srivatsa S. Bhat 4.14.67-1 -- Update to version 4.14.67 -* Tue Sep 18 2018 Srivatsa S. Bhat 4.14.54-7 -- Add rdrand-based RNG driver to enhance kernel entropy. -* Sun Sep 02 2018 Srivatsa S. Bhat 4.14.54-6 -- Add full retpoline support by building with retpoline-enabled gcc. -* Thu Aug 30 2018 Srivatsa S. Bhat 4.14.54-5 -- Apply out-of-tree patches needed for AppArmor. -* Wed Aug 22 2018 Alexey Makhalov 4.14.54-4 -- Fix overflow kernel panic in rsi driver. -- .config: enable BT stack, enable GPIO sysfs. -- Add Exar USB serial driver. -* Fri Aug 17 2018 Ajay Kaher 4.14.54-3 -- Enabled USB PCI in config_aarch64 -- Build hang (at make oldconfig) fix in config_aarch64 -* Thu Jul 19 2018 Alexey Makhalov 4.14.54-2 -- .config: usb_serial_pl2303=m,wlan=y,can=m,gpio=y,pinctrl=y,iio=m -* Mon Jul 09 2018 Him Kalyan Bordoloi 4.14.54-1 -- Update to version 4.14.54 -* Fri Jan 26 2018 Alexey Makhalov 4.14.8-2 -- Added vchiq entry to rpi3 dts -- Added dtb-rpi3 subpackage -* Fri Dec 22 2017 Alexey Makhalov 4.14.8-1 -- Version update -* Wed Dec 13 2017 Alexey Makhalov 4.9.66-4 -- KAT build support -* Thu Dec 07 2017 Alexey Makhalov 4.9.66-3 -- Aarch64 support -* Tue Dec 05 2017 Alexey Makhalov 4.9.66-2 -- Sign and compress modules after stripping. fips=1 requires signed modules -* Mon Dec 04 2017 Srivatsa S. Bhat 4.9.66-1 -- Version update -* Tue Nov 21 2017 Srivatsa S. Bhat 4.9.64-1 -- Version update -* Mon Nov 06 2017 Srivatsa S. Bhat 4.9.60-1 -- Version update -* Wed Oct 11 2017 Srivatsa S. Bhat 4.9.53-3 -- Add patch "KVM: Don't accept obviously wrong gsi values via +* Mon Oct 26 2020 Chris Co - 5.4.72-1 +- Update source to 5.4.72 +- Remove patch to support CometLake e1000e ethernet. Integrated in 5.4.72. +- Add license file +- Lint spec +- Address CVE-2018-1000026, CVE-2018-16880, CVE-2020-12464, CVE-2020-12465, + CVE-2020-12659, CVE-2020-15780, CVE-2020-14356, CVE-2020-14386, CVE-2020-25645, + CVE-2020-25643, CVE-2020-25211, CVE-2020-25212, CVE-2008-4609, CVE-2020-14331, + CVE-2010-0298, CVE-2020-10690, CVE-2020-25285, CVE-2020-10711, CVE-2019-3887, + CVE-2020-14390, CVE-2019-19338, CVE-2019-20810, CVE-2020-10766, CVE-2020-10767, + CVE-2020-10768, CVE-2020-10781, CVE-2020-12768, CVE-2020-14314, CVE-2020-14385, + CVE-2020-25641, CVE-2020-26088, CVE-2020-10942, CVE-2020-12826, CVE-2019-3016, + CVE-2019-3819, CVE-2020-16166, CVE-2020-11608, CVE-2020-11609, CVE-2020-25284, + CVE-2020-12888, CVE-2017-8244, CVE-2017-8245, CVE-2017-8246, CVE-2009-4484, + CVE-2015-5738, CVE-2007-4998, CVE-2010-0309, CVE-2011-0640, CVE-2020-12656, + CVE-2011-2519, CVE-1999-0656, CVE-2010-4563, CVE-2019-20794, CVE-1999-0524 + +* Fri Oct 16 2020 Suresh Babu Chalamalasetty - 5.4.51-11 +- Enable QAT kernel configs + +* Fri Oct 02 2020 Chris Co - 5.4.51-10 +- Address CVE-2020-10757, CVE-2020-12653, CVE-2020-12657, CVE-2010-3865, + CVE-2020-11668, CVE-2020-12654, CVE-2020-24394, CVE-2020-8428 + +* Fri Oct 02 2020 Chris Co - 5.4.51-9 +- Fix aarch64 build error + +* Wed Sep 30 2020 Emre Girgin - 5.4.51-8 +- Update postun script to deal with removal in case of another installed kernel. + +* Fri Sep 25 2020 Suresh Babu Chalamalasetty - 5.4.51-7 +- Enable Mellanox kernel configs + +* Wed Sep 23 2020 Daniel McIlvaney - 5.4.51-6 +- Enable CONFIG_IMA (measurement only) and associated configs + +* Thu Sep 03 2020 Daniel McIlvaney - 5.4.51-5 +- Add code to check for missing config flags in the checked in configs + +* Thu Sep 03 2020 Chris Co - 5.4.51-4 +- Apply additional kernel hardening configs + +* Thu Sep 03 2020 Chris Co - 5.4.51-3 +- Bump release number due to kernel-signed- package update +- Minor aarch64 config and changelog cleanup + +* Tue Sep 01 2020 Chris Co - 5.4.51-2 +- Update source hash + +* Wed Aug 19 2020 Chris Co - 5.4.51-1 +- Update source to 5.4.51 +- Enable DXGKRNL config +- Address CVE-2020-11494, CVE-2020-11565, CVE-2020-12655, CVE-2020-12771, + CVE-2020-13974, CVE-2020-15393, CVE-2020-8647, CVE-2020-8648, CVE-2020-8649, + CVE-2020-9383, CVE-2020-11725 + +* Wed Aug 19 2020 Chris Co - 5.4.42-12 +- Remove the signed package depends + +* Tue Aug 18 2020 Chris Co - 5.4.42-11 +- Remove signed subpackage + +* Mon Aug 17 2020 Chris Co - 5.4.42-10 +- Enable BPF, PC104, userfaultfd, SLUB sysfs, SMC, XDP sockets monitoring configs + +* Fri Aug 07 2020 Mateusz Malisz - 5.4.42-9 +- Add crashkernel=128M to the kernel cmdline +- Update config to support kexec and kexec_file_load + +* Tue Aug 04 2020 Pawel Winogrodzki - 5.4.42-8 +- Updating "KBUILD_BUILD_VERSION" and "KBUILD_BUILD_HOST" with correct + distribution name. + +* Wed Jul 22 2020 Chris Co - 5.4.42-7 +- Address CVE-2020-8992, CVE-2020-12770, CVE-2020-13143, CVE-2020-11884 + +* Fri Jul 17 2020 Suresh Babu Chalamalasetty - 5.4.42-6 +- Enable CONFIG_MLX5_CORE_IPOIB and CONFIG_INFINIBAND_IPOIB config flags + +* Fri Jul 17 2020 Suresh Babu Chalamalasetty - 5.4.42-5 +- Adding XDP config flag + +* Thu Jul 09 2020 Anand Muthurajan - 5.4.42-4 +- Enable CONFIG_QED, CONFIG_QEDE, CONFIG_QED_SRIOV and CONFIG_QEDE_VXLAN flags + +* Wed Jun 24 2020 Chris Co - 5.4.42-3 +- Regenerate input config files + +* Fri Jun 19 2020 Chris Co - 5.4.42-2 +- Add kernel-secure subpackage and macros for adding offline signed kernels + +* Fri Jun 12 2020 Chris Co - 5.4.42-1 +- Update source to 5.4.42 + +* Thu Jun 11 2020 Chris Co - 5.4.23-17 +- Enable PAGE_POISONING configs +- Disable PROC_KCORE config +- Enable RANDOM_TRUST_CPU config for x86_64 + +* Fri Jun 05 2020 Suresh Babu Chalamalasetty - 5.4.23-16 +- Adding BPF config flags + +* Thu Jun 04 2020 Chris Co - 5.4.23-15 +- Add config support for USB video class devices + +* Wed Jun 03 2020 Nicolas Ontiveros - 5.4.23-14 +- Add CONFIG_CRYPTO_XTS=y to config. + +* Wed Jun 03 2020 Chris Co - 5.4.23-13 +- Add patch to support CometLake e1000e ethernet +- Remove drivers-gpu subpackage +- Inline the initramfs trigger and postun source files +- Remove rpi3 dtb and ls1012 dtb subpackages + +* Wed May 27 2020 Chris Co - 5.4.23-12 +- Update arm64 security configs +- Disable devmem in x86_64 config + +* Tue May 26 2020 Daniel Mihai - 5.4.23-11 +- Disabled Reliable Datagram Sockets protocol (CONFIG_RDS). + +* Fri May 22 2020 Emre Girgin - 5.4.23-10 +- Change /boot directory permissions to 600. + +* Thu May 21 2020 Chris Co - 5.4.23-9 +- Update x86_64 security configs + +* Wed May 20 2020 Suresh Babu Chalamalasetty - 5.4.23-8 +- Adding InfiniBand config flags + +* Mon May 11 2020 Anand Muthurajan - 5.4.23-7 +- Adding PPP config flags + +* Tue Apr 28 2020 Emre Girgin - 5.4.23-6 +- Renaming Linux-PAM to pam + +* Tue Apr 28 2020 Emre Girgin - 5.4.23-5 +- Renaming linux to kernel + +* Tue Apr 14 2020 Emre Girgin - 5.4.23-4 +- Remove linux-aws and linux-esx references. +- Remove kat_build usage. +- Remove ENA module. + +* Fri Apr 10 2020 Emre Girgin - 5.4.23-3 +- Remove xml-security-c dependency. + +* Wed Apr 08 2020 Nicolas Ontiveros - 5.4.23-2 +- Remove toybox and only use coreutils for requires. + +* Tue Dec 10 2019 Chris Co - 5.4.23-1 +- Update to Microsoft Linux Kernel 5.4.23 +- Remove patches +- Update ENA module to 2.1.2 to work with Linux 5.4.23 +- Remove xr module +- Remove Xen tmem module from dracut module list to fix initramfs creation +- Add patch to fix missing trans_pgd header in aarch64 build + +* Fri Oct 11 2019 Henry Beberman - 4.19.52-8 +- Enable Hyper-V TPM in config + +* Tue Sep 03 2019 Mateusz Malisz - 4.19.52-7 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Thu Jul 25 2019 Keerthana K - 4.19.52-6 +- Fix postun scriplet. + +* Thu Jul 11 2019 Keerthana K - 4.19.52-5 +- Enable kernel configs necessary for BPF Compiler Collection (BCC). + +* Wed Jul 10 2019 Srivatsa S. Bhat (VMware) 4.19.52-4 +- Deprecate linux-aws-tools in favor of linux-tools. + +* Tue Jul 02 2019 Alexey Makhalov - 4.19.52-3 +- Fix 9p vsock 16bit port issue. + +* Thu Jun 20 2019 Tapas Kundu - 4.19.52-2 +- Enabled CONFIG_I2C_CHARDEV to support lm-sensors + +* Mon Jun 17 2019 Srivatsa S. Bhat (VMware) 4.19.52-1 +- Update to version 4.19.52 +- Fix CVE-2019-12456, CVE-2019-12379, CVE-2019-12380, CVE-2019-12381, +- CVE-2019-12382, CVE-2019-12378, CVE-2019-12455 + +* Tue May 28 2019 Srivatsa S. Bhat (VMware) 4.19.40-3 +- Change default I/O scheduler to 'deadline' to fix performance issue. + +* Tue May 14 2019 Keerthana K - 4.19.40-2 +- Fix to parse through /boot folder and update symlink (/boot/photon.cfg) if +- mulitple kernels are installed and current linux kernel is removed. + +* Tue May 07 2019 Ajay Kaher - 4.19.40-1 +- Update to version 4.19.40 + +* Thu Apr 11 2019 Srivatsa S. Bhat (VMware) 4.19.32-3 +- Update config_aarch64 to fix ARM64 build. + +* Fri Mar 29 2019 Srivatsa S. Bhat (VMware) 4.19.32-2 +- Fix CVE-2019-10125 + +* Wed Mar 27 2019 Srivatsa S. Bhat (VMware) 4.19.32-1 +- Update to version 4.19.32 + +* Thu Mar 14 2019 Srivatsa S. Bhat (VMware) 4.19.29-1 +- Update to version 4.19.29 + +* Tue Mar 05 2019 Ajay Kaher - 4.19.26-1 +- Update to version 4.19.26 + +* Thu Feb 21 2019 Him Kalyan Bordoloi - 4.19.15-3 +- Fix CVE-2019-8912 + +* Thu Jan 24 2019 Alexey Makhalov - 4.19.15-2 +- Add WiFi (ath10k), sensors (i2c,spi), usb support for NXP LS1012A board. + +* Tue Jan 15 2019 Srivatsa S. Bhat (VMware) 4.19.15-1 +- Update to version 4.19.15 + +* Fri Jan 11 2019 Srinidhi Rao - 4.19.6-7 +- Add Network support for NXP LS1012A board. + +* Wed Jan 09 2019 Ankit Jain - 4.19.6-6 +- Enable following for x86_64 and aarch64: +- Enable Kernel Address Space Layout Randomization. +- Enable CONFIG_SECURITY_NETWORK_XFRM + +* Fri Jan 04 2019 Srivatsa S. Bhat (VMware) 4.19.6-5 +- Enable AppArmor by default. + +* Wed Jan 02 2019 Alexey Makhalov - 4.19.6-4 +- .config: added Compulab fitlet2 device drivers +- .config_aarch64: added gpio sysfs support +- renamed -sound to -drivers-sound + +* Tue Jan 01 2019 Ajay Kaher - 4.19.6-3 +- .config: Enable CONFIG_PCI_HYPERV driver + +* Wed Dec 19 2018 Srinidhi Rao - 4.19.6-2 +- Add NXP LS1012A support. + +* Mon Dec 10 2018 Srivatsa S. Bhat (VMware) 4.19.6-1 +- Update to version 4.19.6 + +* Fri Dec 07 2018 Alexey Makhalov - 4.19.1-3 +- .config: added qmi wwan module + +* Mon Nov 12 2018 Ajay Kaher - 4.19.1-2 +- Fix config_aarch64 for 4.19.1 + +* Mon Nov 05 2018 Srivatsa S. Bhat (VMware) 4.19.1-1 +- Update to version 4.19.1 + +* Tue Oct 16 2018 Him Kalyan Bordoloi - 4.18.9-5 +- Change in config to enable drivers for zigbee and GPS + +* Fri Oct 12 2018 Ajay Kaher - 4.18.9-4 +- Enable LAN78xx for aarch64 rpi3 + +* Fri Oct 5 2018 Ajay Kaher - 4.18.9-3 +- Fix config_aarch64 for 4.18.9 +- Add module.lds for aarch64 + +* Wed Oct 03 2018 Srivatsa S. Bhat 4.18.9-2 +- Use updated steal time accounting patch. +- .config: Enable CONFIG_CPU_ISOLATION and a few networking options +- that got accidentally dropped in the last update. + +* Mon Oct 1 2018 Srivatsa S. Bhat 4.18.9-1 +- Update to version 4.18.9 + +* Tue Sep 25 2018 Ajay Kaher - 4.14.67-2 +- Build hang (at make oldconfig) fix in config_aarch64 + +* Wed Sep 19 2018 Srivatsa S. Bhat 4.14.67-1 +- Update to version 4.14.67 + +* Tue Sep 18 2018 Srivatsa S. Bhat 4.14.54-7 +- Add rdrand-based RNG driver to enhance kernel entropy. + +* Sun Sep 02 2018 Srivatsa S. Bhat 4.14.54-6 +- Add full retpoline support by building with retpoline-enabled gcc. + +* Thu Aug 30 2018 Srivatsa S. Bhat 4.14.54-5 +- Apply out-of-tree patches needed for AppArmor. + +* Wed Aug 22 2018 Alexey Makhalov - 4.14.54-4 +- Fix overflow kernel panic in rsi driver. +- .config: enable BT stack, enable GPIO sysfs. +- Add Exar USB serial driver. + +* Fri Aug 17 2018 Ajay Kaher - 4.14.54-3 +- Enabled USB PCI in config_aarch64 +- Build hang (at make oldconfig) fix in config_aarch64 + +* Thu Jul 19 2018 Alexey Makhalov - 4.14.54-2 +- .config: usb_serial_pl2303=m,wlan=y,can=m,gpio=y,pinctrl=y,iio=m + +* Mon Jul 09 2018 Him Kalyan Bordoloi - 4.14.54-1 +- Update to version 4.14.54 + +* Fri Jan 26 2018 Alexey Makhalov - 4.14.8-2 +- Added vchiq entry to rpi3 dts +- Added dtb-rpi3 subpackage + +* Fri Dec 22 2017 Alexey Makhalov - 4.14.8-1 +- Version update + +* Wed Dec 13 2017 Alexey Makhalov - 4.9.66-4 +- KAT build support + +* Thu Dec 07 2017 Alexey Makhalov - 4.9.66-3 +- Aarch64 support + +* Tue Dec 05 2017 Alexey Makhalov - 4.9.66-2 +- Sign and compress modules after stripping. fips=1 requires signed modules + +* Mon Dec 04 2017 Srivatsa S. Bhat 4.9.66-1 +- Version update + +* Tue Nov 21 2017 Srivatsa S. Bhat 4.9.64-1 +- Version update + +* Mon Nov 06 2017 Srivatsa S. Bhat 4.9.60-1 +- Version update + +* Wed Oct 11 2017 Srivatsa S. Bhat 4.9.53-3 +- Add patch "KVM: Don't accept obviously wrong gsi values via KVM_IRQFD" to fix CVE-2017-1000252. -* Tue Oct 10 2017 Alexey Makhalov 4.9.53-2 -- Build hang (at make oldconfig) fix. -* Thu Oct 05 2017 Srivatsa S. Bhat 4.9.53-1 -- Version update -* Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-3 -- Allow privileged CLONE_NEWUSER from nested user namespaces. -* Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-2 -- Fix CVE-2017-11472 (ACPICA: Namespace: fix operand cache leak) -* Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-1 -- Version update -* Mon Sep 18 2017 Alexey Makhalov 4.9.47-2 -- Requires coreutils or toybox -* Mon Sep 04 2017 Alexey Makhalov 4.9.47-1 -- Fix CVE-2017-11600 -* Tue Aug 22 2017 Anish Swaminathan 4.9.43-2 -- Add missing xen block drivers -* Mon Aug 14 2017 Alexey Makhalov 4.9.43-1 -- Version update -- [feature] new sysctl option unprivileged_userns_clone -* Wed Aug 09 2017 Alexey Makhalov 4.9.41-2 -- Fix CVE-2017-7542 -- [bugfix] Added ccm,gcm,ghash,lzo crypto modules to avoid + +* Tue Oct 10 2017 Alexey Makhalov - 4.9.53-2 +- Build hang (at make oldconfig) fix. + +* Thu Oct 05 2017 Srivatsa S. Bhat 4.9.53-1 +- Version update + +* Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-3 +- Allow privileged CLONE_NEWUSER from nested user namespaces. + +* Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-2 +- Fix CVE-2017-11472 (ACPICA: Namespace: fix operand cache leak) + +* Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-1 +- Version update + +* Mon Sep 18 2017 Alexey Makhalov - 4.9.47-2 +- Requires coreutils or toybox + +* Mon Sep 04 2017 Alexey Makhalov - 4.9.47-1 +- Fix CVE-2017-11600 + +* Tue Aug 22 2017 Anish Swaminathan - 4.9.43-2 +- Add missing xen block drivers + +* Mon Aug 14 2017 Alexey Makhalov - 4.9.43-1 +- Version update +- [feature] new sysctl option unprivileged_userns_clone + +* Wed Aug 09 2017 Alexey Makhalov - 4.9.41-2 +- Fix CVE-2017-7542 +- [bugfix] Added ccm,gcm,ghash,lzo crypto modules to avoid panic on modprobe tcrypt -* Mon Aug 07 2017 Alexey Makhalov 4.9.41-1 -- Version update -* Fri Aug 04 2017 Bo Gan 4.9.38-6 -- Fix initramfs triggers -* Tue Aug 01 2017 Anish Swaminathan 4.9.38-5 -- Allow some algorithms in FIPS mode -- Reverts 284a0f6e87b0721e1be8bca419893902d9cf577a and backports -- bcf741cb779283081db47853264cc94854e7ad83 in the kernel tree -- Enable additional NF features -* Fri Jul 21 2017 Anish Swaminathan 4.9.38-4 -- Add patches in Hyperv codebase -* Fri Jul 21 2017 Anish Swaminathan 4.9.38-3 -- Add missing hyperv drivers -* Thu Jul 20 2017 Alexey Makhalov 4.9.38-2 -- Disable scheduler beef up patch -* Tue Jul 18 2017 Alexey Makhalov 4.9.38-1 -- Fix CVE-2017-11176 and CVE-2017-10911 -* Mon Jul 03 2017 Xiaolin Li 4.9.34-3 -- Add libdnet-devel, kmod-devel and libmspack-devel to BuildRequires -* Thu Jun 29 2017 Divya Thaluru 4.9.34-2 -- Added obsolete for deprecated linux-dev package -* Wed Jun 28 2017 Alexey Makhalov 4.9.34-1 -- [feature] 9P FS security support -- [feature] DM Delay target support -- Fix CVE-2017-1000364 ("stack clash") and CVE-2017-9605 -* Thu Jun 8 2017 Alexey Makhalov 4.9.31-1 -- Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076 + +* Mon Aug 07 2017 Alexey Makhalov - 4.9.41-1 +- Version update + +* Fri Aug 04 2017 Bo Gan - 4.9.38-6 +- Fix initramfs triggers + +* Tue Aug 01 2017 Anish Swaminathan - 4.9.38-5 +- Allow some algorithms in FIPS mode +- Reverts 284a0f6e87b0721e1be8bca419893902d9cf577a and backports +- bcf741cb779283081db47853264cc94854e7ad83 in the kernel tree +- Enable additional NF features + +* Fri Jul 21 2017 Anish Swaminathan - 4.9.38-4 +- Add patches in Hyperv codebase + +* Fri Jul 21 2017 Anish Swaminathan - 4.9.38-3 +- Add missing hyperv drivers + +* Thu Jul 20 2017 Alexey Makhalov - 4.9.38-2 +- Disable scheduler beef up patch + +* Tue Jul 18 2017 Alexey Makhalov - 4.9.38-1 +- Fix CVE-2017-11176 and CVE-2017-10911 + +* Mon Jul 03 2017 Xiaolin Li - 4.9.34-3 +- Add libdnet-devel, kmod-devel and libmspack-devel to BuildRequires + +* Thu Jun 29 2017 Divya Thaluru - 4.9.34-2 +- Added obsolete for deprecated linux-dev package + +* Wed Jun 28 2017 Alexey Makhalov - 4.9.34-1 +- [feature] 9P FS security support +- [feature] DM Delay target support +- Fix CVE-2017-1000364 ("stack clash") and CVE-2017-9605 + +* Thu Jun 8 2017 Alexey Makhalov - 4.9.31-1 +- Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076 CVE-2017-9077 and CVE-2017-9242 -- [feature] IPV6 netfilter NAT table support -* Fri May 26 2017 Alexey Makhalov 4.9.30-1 -- Added ENA driver for AMI -- Fix CVE-2017-7487 and CVE-2017-9059 -* Wed May 17 2017 Vinay Kulkarni 4.9.28-2 -- Enable IPVLAN module. -* Tue May 16 2017 Alexey Makhalov 4.9.28-1 -- Version update -* Wed May 10 2017 Alexey Makhalov 4.9.27-1 -- Version update -* Sun May 7 2017 Alexey Makhalov 4.9.26-1 -- Version update -- Removed version suffix from config file name -* Thu Apr 27 2017 Bo Gan 4.9.24-2 -- Support dynamic initrd generation -* Tue Apr 25 2017 Alexey Makhalov 4.9.24-1 -- Fix CVE-2017-6874 and CVE-2017-7618. -- Fix audit-devel BuildRequires. -- .config: build nvme and nvme-core in kernel. -* Mon Mar 6 2017 Alexey Makhalov 4.9.13-2 -- .config: NSX requirements for crypto and netfilter -* Tue Feb 28 2017 Alexey Makhalov 4.9.13-1 -- Update to linux-4.9.13 to fix CVE-2017-5986 and CVE-2017-6074 -* Thu Feb 09 2017 Alexey Makhalov 4.9.9-1 -- Update to linux-4.9.9 to fix CVE-2016-10153, CVE-2017-5546, +- [feature] IPV6 netfilter NAT table support + +* Fri May 26 2017 Alexey Makhalov - 4.9.30-1 +- Added ENA driver for AMI +- Fix CVE-2017-7487 and CVE-2017-9059 + +* Wed May 17 2017 Vinay Kulkarni - 4.9.28-2 +- Enable IPVLAN module. + +* Tue May 16 2017 Alexey Makhalov - 4.9.28-1 +- Version update + +* Wed May 10 2017 Alexey Makhalov - 4.9.27-1 +- Version update + +* Sun May 7 2017 Alexey Makhalov - 4.9.26-1 +- Version update +- Removed version suffix from config file name + +* Thu Apr 27 2017 Bo Gan - 4.9.24-2 +- Support dynamic initrd generation + +* Tue Apr 25 2017 Alexey Makhalov - 4.9.24-1 +- Fix CVE-2017-6874 and CVE-2017-7618. +- Fix audit-devel BuildRequires. +- .config: build nvme and nvme-core in kernel. + +* Mon Mar 6 2017 Alexey Makhalov - 4.9.13-2 +- .config: NSX requirements for crypto and netfilter + +* Tue Feb 28 2017 Alexey Makhalov - 4.9.13-1 +- Update to linux-4.9.13 to fix CVE-2017-5986 and CVE-2017-6074 + +* Thu Feb 09 2017 Alexey Makhalov - 4.9.9-1 +- Update to linux-4.9.9 to fix CVE-2016-10153, CVE-2017-5546, CVE-2017-5547, CVE-2017-5548 and CVE-2017-5576. -- .config: added CRYPTO_FIPS support. -* Tue Jan 10 2017 Alexey Makhalov 4.9.2-1 -- Update to linux-4.9.2 to fix CVE-2016-10088 -- Move linux-tools.spec to linux.spec as -tools subpackage -* Mon Dec 19 2016 Xiaolin Li 4.9.0-2 -- BuildRequires Linux-PAM-devel -* Mon Dec 12 2016 Alexey Makhalov 4.9.0-1 -- Update to linux-4.9.0 -- Add paravirt stolen time accounting feature (from linux-esx), +- .config: added CRYPTO_FIPS support. + +* Tue Jan 10 2017 Alexey Makhalov - 4.9.2-1 +- Update to linux-4.9.2 to fix CVE-2016-10088 +- Move linux-tools.spec to linux.spec as -tools subpackage + +* Mon Dec 19 2016 Xiaolin Li - 4.9.0-2 +- BuildRequires Linux-PAM-devel + +* Mon Dec 12 2016 Alexey Makhalov - 4.9.0-1 +- Update to linux-4.9.0 +- Add paravirt stolen time accounting feature (from linux-esx), but disable it by default (no-vmw-sta cmdline parameter) -* Thu Dec 8 2016 Alexey Makhalov 4.4.35-3 -- net-packet-fix-race-condition-in-packet_set_ring.patch + +* Thu Dec 8 2016 Alexey Makhalov - 4.4.35-3 +- net-packet-fix-race-condition-in-packet_set_ring.patch to fix CVE-2016-8655 -* Wed Nov 30 2016 Alexey Makhalov 4.4.35-2 -- Expand `uname -r` with release number -- Check for build-id matching -- Added syscalls tracing support -- Compress modules -* Mon Nov 28 2016 Alexey Makhalov 4.4.35-1 -- Update to linux-4.4.35 -- vfio-pci-fix-integer-overflows-bitmask-check.patch + +* Wed Nov 30 2016 Alexey Makhalov - 4.4.35-2 +- Expand `uname -r` with release number +- Check for build-id matching +- Added syscalls tracing support +- Compress modules + +* Mon Nov 28 2016 Alexey Makhalov - 4.4.35-1 +- Update to linux-4.4.35 +- vfio-pci-fix-integer-overflows-bitmask-check.patch to fix CVE-2016-9083 -* Tue Nov 22 2016 Alexey Makhalov 4.4.31-4 -- net-9p-vsock.patch -* Thu Nov 17 2016 Alexey Makhalov 4.4.31-3 -- tty-prevent-ldisc-drivers-from-re-using-stale-tty-fields.patch + +* Tue Nov 22 2016 Alexey Makhalov - 4.4.31-4 +- net-9p-vsock.patch + +* Thu Nov 17 2016 Alexey Makhalov - 4.4.31-3 +- tty-prevent-ldisc-drivers-from-re-using-stale-tty-fields.patch to fix CVE-2015-8964 -* Tue Nov 15 2016 Alexey Makhalov 4.4.31-2 -- .config: add cgrup_hugetlb support -- .config: add netfilter_xt_{set,target_ct} support -- .config: add netfilter_xt_match_{cgroup,ipvs} support -* Thu Nov 10 2016 Alexey Makhalov 4.4.31-1 -- Update to linux-4.4.31 -* Fri Oct 21 2016 Alexey Makhalov 4.4.26-1 -- Update to linux-4.4.26 -* Wed Oct 19 2016 Alexey Makhalov 4.4.20-6 -- net-add-recursion-limit-to-GRO.patch -- scsi-arcmsr-buffer-overflow-in-arcmsr_iop_message_xfer.patch -* Tue Oct 18 2016 Alexey Makhalov 4.4.20-5 -- ipip-properly-mark-ipip-GRO-packets-as-encapsulated.patch -- tunnels-dont-apply-GRO-to-multiple-layers-of-encapsulation.patch -* Mon Oct 3 2016 Alexey Makhalov 4.4.20-4 -- Package vmlinux with PROGBITS sections in -debuginfo subpackage -* Tue Sep 27 2016 Alexey Makhalov 4.4.20-3 -- .config: CONFIG_IP_SET_HASH_{IPMARK,MAC}=m -* Tue Sep 20 2016 Alexey Makhalov 4.4.20-2 -- Add -release number for /boot/* files -- Use initrd.img with version and release number -- Rename -dev subpackage to -devel -* Wed Sep 7 2016 Alexey Makhalov 4.4.20-1 -- Update to linux-4.4.20 -- apparmor-fix-oops-validate-buffer-size-in-apparmor_setprocattr.patch -- keys-fix-asn.1-indefinite-length-object-parsing.patch -* Thu Aug 25 2016 Alexey Makhalov 4.4.8-11 -- vmxnet3 patches to bumpup a version to 1.4.8.0 -* Wed Aug 10 2016 Alexey Makhalov 4.4.8-10 -- Added VSOCK-Detach-QP-check-should-filter-out-non-matching-QPs.patch -- .config: pmem hotplug + ACPI NFIT support -- .config: enable EXPERT mode, disable UID16 syscalls -* Thu Jul 07 2016 Alexey Makhalov 4.4.8-9 -- .config: pmem + fs_dax support -* Fri Jun 17 2016 Alexey Makhalov 4.4.8-8 -- patch: e1000e-prevent-div-by-zero-if-TIMINCA-is-zero.patch -- .config: disable rt group scheduling - not supported by systemd -* Wed Jun 15 2016 Harish Udaiya Kumar 4.4.8-7 -- fixed the capitalization for - System.map -* Thu May 26 2016 Alexey Makhalov 4.4.8-6 -- patch: REVERT-sched-fair-Beef-up-wake_wide.patch -* Tue May 24 2016 Priyesh Padmavilasom 4.4.8-5 -- GA - Bump release of all rpms -* Mon May 23 2016 Harish Udaiya Kumar 4.4.8-4 -- Fixed generation of debug symbols for kernel modules & vmlinux. -* Mon May 23 2016 Divya Thaluru 4.4.8-3 -- Added patches to fix CVE-2016-3134, CVE-2016-3135 -* Wed May 18 2016 Harish Udaiya Kumar 4.4.8-2 -- Enabled CONFIG_UPROBES in config as needed by ktap -* Wed May 04 2016 Alexey Makhalov 4.4.8-1 -- Update to linux-4.4.8 -- Added net-Drivers-Vmxnet3-set-... patch -* Tue May 03 2016 Vinay Kulkarni 4.2.0-27 -- Compile Intel GigE and VMXNET3 as part of kernel. -* Thu Apr 28 2016 Nick Shi 4.2.0-26 -- Compile cramfs.ko to allow mounting cramfs image -* Tue Apr 12 2016 Vinay Kulkarni 4.2.0-25 -- Revert network interface renaming disable in kernel. -* Tue Mar 29 2016 Alexey Makhalov 4.2.0-24 -- Support kmsg dumping to vmware.log on panic -- sunrpc: xs_bind uses ip_local_reserved_ports -* Mon Mar 28 2016 Harish Udaiya Kumar 4.2.0-23 -- Enabled Regular stack protection in Linux kernel in config -* Thu Mar 17 2016 Harish Udaiya Kumar 4.2.0-22 -- Restrict the permissions of the /boot/System.map-X file -* Fri Mar 04 2016 Alexey Makhalov 4.2.0-21 -- Patch: SUNRPC: Do not reuse srcport for TIME_WAIT socket. -* Wed Mar 02 2016 Alexey Makhalov 4.2.0-20 -- Patch: SUNRPC: Ensure that we wait for connections to complete + +* Tue Nov 15 2016 Alexey Makhalov - 4.4.31-2 +- .config: add cgrup_hugetlb support +- .config: add netfilter_xt_{set,target_ct} support +- .config: add netfilter_xt_match_{cgroup,ipvs} support + +* Thu Nov 10 2016 Alexey Makhalov - 4.4.31-1 +- Update to linux-4.4.31 + +* Fri Oct 21 2016 Alexey Makhalov - 4.4.26-1 +- Update to linux-4.4.26 + +* Wed Oct 19 2016 Alexey Makhalov - 4.4.20-6 +- net-add-recursion-limit-to-GRO.patch +- scsi-arcmsr-buffer-overflow-in-arcmsr_iop_message_xfer.patch + +* Tue Oct 18 2016 Alexey Makhalov - 4.4.20-5 +- ipip-properly-mark-ipip-GRO-packets-as-encapsulated.patch +- tunnels-dont-apply-GRO-to-multiple-layers-of-encapsulation.patch + +* Mon Oct 3 2016 Alexey Makhalov - 4.4.20-4 +- Package vmlinux with PROGBITS sections in -debuginfo subpackage + +* Tue Sep 27 2016 Alexey Makhalov - 4.4.20-3 +- .config: CONFIG_IP_SET_HASH_{IPMARK,MAC}=m + +* Tue Sep 20 2016 Alexey Makhalov - 4.4.20-2 +- Add -release number for /boot/* files +- Use initrd.img with version and release number +- Rename -dev subpackage to -devel + +* Wed Sep 7 2016 Alexey Makhalov - 4.4.20-1 +- Update to linux-4.4.20 +- apparmor-fix-oops-validate-buffer-size-in-apparmor_setprocattr.patch +- keys-fix-asn.1-indefinite-length-object-parsing.patch + +* Thu Aug 25 2016 Alexey Makhalov - 4.4.8-11 +- vmxnet3 patches to bumpup a version to 1.4.8.0 + +* Wed Aug 10 2016 Alexey Makhalov - 4.4.8-10 +- Added VSOCK-Detach-QP-check-should-filter-out-non-matching-QPs.patch +- .config: pmem hotplug + ACPI NFIT support +- .config: enable EXPERT mode, disable UID16 syscalls + +* Thu Jul 07 2016 Alexey Makhalov - 4.4.8-9 +- .config: pmem + fs_dax support + +* Fri Jun 17 2016 Alexey Makhalov - 4.4.8-8 +- patch: e1000e-prevent-div-by-zero-if-TIMINCA-is-zero.patch +- .config: disable rt group scheduling - not supported by systemd + +* Wed Jun 15 2016 Harish Udaiya Kumar - 4.4.8-7 +- fixed the capitalization for - System.map + +* Thu May 26 2016 Alexey Makhalov - 4.4.8-6 +- patch: REVERT-sched-fair-Beef-up-wake_wide.patch + +* Tue May 24 2016 Priyesh Padmavilasom - 4.4.8-5 +- GA - Bump release of all rpms + +* Mon May 23 2016 Harish Udaiya Kumar - 4.4.8-4 +- Fixed generation of debug symbols for kernel modules & vmlinux. + +* Mon May 23 2016 Divya Thaluru - 4.4.8-3 +- Added patches to fix CVE-2016-3134, CVE-2016-3135 + +* Wed May 18 2016 Harish Udaiya Kumar - 4.4.8-2 +- Enabled CONFIG_UPROBES in config as needed by ktap + +* Wed May 04 2016 Alexey Makhalov - 4.4.8-1 +- Update to linux-4.4.8 +- Added net-Drivers-Vmxnet3-set-... patch + +* Tue May 03 2016 Vinay Kulkarni - 4.2.0-27 +- Compile Intel GigE and VMXNET3 as part of kernel. + +* Thu Apr 28 2016 Nick Shi - 4.2.0-26 +- Compile cramfs.ko to allow mounting cramfs image + +* Tue Apr 12 2016 Vinay Kulkarni - 4.2.0-25 +- Revert network interface renaming disable in kernel. + +* Tue Mar 29 2016 Alexey Makhalov - 4.2.0-24 +- Support kmsg dumping to vmware.log on panic +- sunrpc: xs_bind uses ip_local_reserved_ports + +* Mon Mar 28 2016 Harish Udaiya Kumar - 4.2.0-23 +- Enabled Regular stack protection in Linux kernel in config + +* Thu Mar 17 2016 Harish Udaiya Kumar - 4.2.0-22 +- Restrict the permissions of the /boot/System.map-X file + +* Fri Mar 04 2016 Alexey Makhalov - 4.2.0-21 +- Patch: SUNRPC: Do not reuse srcport for TIME_WAIT socket. + +* Wed Mar 02 2016 Alexey Makhalov - 4.2.0-20 +- Patch: SUNRPC: Ensure that we wait for connections to complete before retrying -* Fri Feb 26 2016 Alexey Makhalov 4.2.0-19 -- Disable watchdog under VMware hypervisor. -* Thu Feb 25 2016 Alexey Makhalov 4.2.0-18 -- Added rpcsec_gss_krb5 and nfs_fscache -* Mon Feb 22 2016 Alexey Makhalov 4.2.0-17 -- Added sysctl param to control weighted_cpuload() behavior -* Thu Feb 18 2016 Divya Thaluru 4.2.0-16 -- Disabling network renaming -* Sun Feb 14 2016 Alexey Makhalov 4.2.0-15 -- veth patch: don’t modify ip_summed -* Thu Feb 11 2016 Alexey Makhalov 4.2.0-14 -- Full tickless -> idle tickless + simple CPU time accounting -- SLUB -> SLAB -- Disable NUMA balancing -- Disable stack protector -- No build_forced no-CBs CPUs -- Disable Expert configuration mode -- Disable most of debug features from 'Kernel hacking' -* Mon Feb 08 2016 Alexey Makhalov 4.2.0-13 -- Double tcp_mem limits, patch is added. -* Wed Feb 03 2016 Anish Swaminathan 4.2.0-12 -- Fixes for CVE-2015-7990/6937 and CVE-2015-8660. -* Tue Jan 26 2016 Anish Swaminathan 4.2.0-11 -- Revert CONFIG_HZ=250 -* Fri Jan 22 2016 Alexey Makhalov 4.2.0-10 -- Fix for CVE-2016-0728 -* Wed Jan 13 2016 Alexey Makhalov 4.2.0-9 -- CONFIG_HZ=250 -* Tue Jan 12 2016 Mahmoud Bassiouny 4.2.0-8 -- Remove rootfstype from the kernel parameter. -* Mon Jan 04 2016 Harish Udaiya Kumar 4.2.0-7 -- Disabled all the tracing options in kernel config. -- Disabled preempt. -- Disabled sched autogroup. -* Thu Dec 17 2015 Harish Udaiya Kumar 4.2.0-6 -- Enabled kprobe for systemtap & disabled dynamic function tracing in config -* Fri Dec 11 2015 Harish Udaiya Kumar 4.2.0-5 -- Added oprofile kernel driver sub-package. -* Fri Nov 13 2015 Mahmoud Bassiouny 4.2.0-4 -- Change the linux image directory. -* Wed Nov 11 2015 Harish Udaiya Kumar 4.2.0-3 -- Added the build essential files in the dev sub-package. -* Mon Nov 09 2015 Vinay Kulkarni 4.2.0-2 -- Enable Geneve module support for generic kernel. -* Fri Oct 23 2015 Harish Udaiya Kumar 4.2.0-1 -- Upgraded the generic linux kernel to version 4.2.0 & and updated timer handling to full tickless mode. -* Tue Sep 22 2015 Harish Udaiya Kumar 4.0.9-5 -- Added driver support for frame buffer devices and ACPI -* Wed Sep 2 2015 Alexey Makhalov 4.0.9-4 -- Added mouse ps/2 module. -* Fri Aug 14 2015 Alexey Makhalov 4.0.9-3 -- Use photon.cfg as a symlink. -* Thu Aug 13 2015 Alexey Makhalov 4.0.9-2 -- Added environment file(photon.cfg) for grub. -* Wed Aug 12 2015 Sharath George 4.0.9-1 -- Upgrading kernel version. -* Wed Aug 12 2015 Alexey Makhalov 3.19.2-5 -- Updated OVT to version 10.0.0. -- Rename -gpu-drivers to -drivers-gpu in accordance to directory structure. -- Added -sound package/ -* Tue Aug 11 2015 Anish Swaminathan 3.19.2-4 -- Removed Requires dependencies. -* Fri Jul 24 2015 Harish Udaiya Kumar 3.19.2-3 -- Updated the config file to include graphics drivers. -* Mon May 18 2015 Touseef Liaqat 3.13.3-2 -- Update according to UsrMove. -* Wed Nov 5 2014 Divya Thaluru 3.13.3-1 -- Initial build. First version + +* Fri Feb 26 2016 Alexey Makhalov - 4.2.0-19 +- Disable watchdog under VMware hypervisor. + +* Thu Feb 25 2016 Alexey Makhalov - 4.2.0-18 +- Added rpcsec_gss_krb5 and nfs_fscache + +* Mon Feb 22 2016 Alexey Makhalov - 4.2.0-17 +- Added sysctl param to control weighted_cpuload() behavior + +* Thu Feb 18 2016 Divya Thaluru - 4.2.0-16 +- Disabling network renaming + +* Sun Feb 14 2016 Alexey Makhalov - 4.2.0-15 +- veth patch: don’t modify ip_summed + +* Thu Feb 11 2016 Alexey Makhalov - 4.2.0-14 +- Full tickless -> idle tickless + simple CPU time accounting +- SLUB -> SLAB +- Disable NUMA balancing +- Disable stack protector +- No build_forced no-CBs CPUs +- Disable Expert configuration mode +- Disable most of debug features from 'Kernel hacking' + +* Mon Feb 08 2016 Alexey Makhalov - 4.2.0-13 +- Double tcp_mem limits, patch is added. + +* Wed Feb 03 2016 Anish Swaminathan - 4.2.0-12 +- Fixes for CVE-2015-7990/6937 and CVE-2015-8660. + +* Tue Jan 26 2016 Anish Swaminathan - 4.2.0-11 +- Revert CONFIG_HZ=250 + +* Fri Jan 22 2016 Alexey Makhalov - 4.2.0-10 +- Fix for CVE-2016-0728 + +* Wed Jan 13 2016 Alexey Makhalov - 4.2.0-9 +- CONFIG_HZ=250 + +* Tue Jan 12 2016 Mahmoud Bassiouny - 4.2.0-8 +- Remove rootfstype from the kernel parameter. + +* Mon Jan 04 2016 Harish Udaiya Kumar - 4.2.0-7 +- Disabled all the tracing options in kernel config. +- Disabled preempt. +- Disabled sched autogroup. + +* Thu Dec 17 2015 Harish Udaiya Kumar - 4.2.0-6 +- Enabled kprobe for systemtap & disabled dynamic function tracing in config + +* Fri Dec 11 2015 Harish Udaiya Kumar - 4.2.0-5 +- Added oprofile kernel driver sub-package. + +* Fri Nov 13 2015 Mahmoud Bassiouny - 4.2.0-4 +- Change the linux image directory. + +* Wed Nov 11 2015 Harish Udaiya Kumar - 4.2.0-3 +- Added the build essential files in the dev sub-package. + +* Mon Nov 09 2015 Vinay Kulkarni - 4.2.0-2 +- Enable Geneve module support for generic kernel. + +* Fri Oct 23 2015 Harish Udaiya Kumar - 4.2.0-1 +- Upgraded the generic linux kernel to version 4.2.0 & and updated timer handling to full tickless mode. + +* Tue Sep 22 2015 Harish Udaiya Kumar - 4.0.9-5 +- Added driver support for frame buffer devices and ACPI + +* Wed Sep 2 2015 Alexey Makhalov - 4.0.9-4 +- Added mouse ps/2 module. + +* Fri Aug 14 2015 Alexey Makhalov - 4.0.9-3 +- Use photon.cfg as a symlink. + +* Thu Aug 13 2015 Alexey Makhalov - 4.0.9-2 +- Added environment file(photon.cfg) for grub. + +* Wed Aug 12 2015 Sharath George - 4.0.9-1 +- Upgrading kernel version. + +* Wed Aug 12 2015 Alexey Makhalov - 3.19.2-5 +- Updated OVT to version 10.0.0. +- Rename -gpu-drivers to -drivers-gpu in accordance to directory structure. +- Added -sound package/ + +* Tue Aug 11 2015 Anish Swaminathan - 3.19.2-4 +- Removed Requires dependencies. + +* Fri Jul 24 2015 Harish Udaiya Kumar - 3.19.2-3 +- Updated the config file to include graphics drivers. + +* Mon May 18 2015 Touseef Liaqat - 3.13.3-2 +- Update according to UsrMove. + +* Wed Nov 5 2014 Divya Thaluru - 3.13.3-1 +- Initial build. First version diff --git a/cgmanifest.json b/cgmanifest.json index 815a36c81ac..2c0cac52f67 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -1576,8 +1576,8 @@ "type": "other", "other": { "name": "hyperv-daemons", - "version": "5.4.51", - "downloadUrl": "https://github.com/microsoft/WSL2-Linux-Kernel/archive/linux-msft-5.4.51.tar.gz" + "version": "5.4.72", + "downloadUrl": "https://github.com/microsoft/WSL2-Linux-Kernel/archive/linux-msft-5.4.72.tar.gz" } } }, @@ -1866,8 +1866,8 @@ "type": "other", "other": { "name": "kernel-headers", - "version": "5.4.51", - "downloadUrl": "https://github.com/microsoft/WSL2-Linux-Kernel/archive/linux-msft-5.4.51.tar.gz" + "version": "5.4.72", + "downloadUrl": "https://github.com/microsoft/WSL2-Linux-Kernel/archive/linux-msft-5.4.72.tar.gz" } } }, @@ -1876,8 +1876,8 @@ "type": "other", "other": { "name": "kernel-hyperv", - "version": "5.4.51", - "downloadUrl": "https://github.com/microsoft/WSL2-Linux-Kernel/archive/linux-msft-5.4.51.tar.gz" + "version": "5.4.72", + "downloadUrl": "https://github.com/microsoft/WSL2-Linux-Kernel/archive/linux-msft-5.4.72.tar.gz" } } }, @@ -1886,8 +1886,8 @@ "type": "other", "other": { "name": "kernel", - "version": "5.4.51", - "downloadUrl": "https://github.com/microsoft/WSL2-Linux-Kernel/archive/linux-msft-5.4.51.tar.gz" + "version": "5.4.72", + "downloadUrl": "https://github.com/microsoft/WSL2-Linux-Kernel/archive/linux-msft-5.4.72.tar.gz" } } }, diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 346bcc4beb6..2e1ad1aa7e4 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,5 +1,5 @@ filesystem-1.1-7.cm1.aarch64.rpm -kernel-headers-5.4.51-2.cm1.noarch.rpm +kernel-headers-5.4.72-1.cm1.noarch.rpm glibc-2.28-13.cm1.aarch64.rpm glibc-devel-2.28-13.cm1.aarch64.rpm glibc-i18n-2.28-13.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 45e9c77eff0..920e7944228 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,5 +1,5 @@ filesystem-1.1-7.cm1.x86_64.rpm -kernel-headers-5.4.51-2.cm1.noarch.rpm +kernel-headers-5.4.72-1.cm1.noarch.rpm glibc-2.28-13.cm1.x86_64.rpm glibc-devel-2.28-13.cm1.x86_64.rpm glibc-i18n-2.28-13.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 8fdcc98568f..066d54c0bb5 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -145,7 +145,7 @@ json-c-debuginfo-0.14-2.cm1.aarch64.rpm json-c-devel-0.14-2.cm1.aarch64.rpm kbd-2.0.4-5.cm1.aarch64.rpm kbd-debuginfo-2.0.4-5.cm1.aarch64.rpm -kernel-headers-5.4.51-2.cm1.noarch.rpm +kernel-headers-5.4.72-1.cm1.noarch.rpm kmod-25-4.cm1.aarch64.rpm kmod-debuginfo-25-4.cm1.aarch64.rpm kmod-devel-25-4.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index a1c42afb728..66afee6b525 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -145,7 +145,7 @@ json-c-debuginfo-0.14-2.cm1.x86_64.rpm json-c-devel-0.14-2.cm1.x86_64.rpm kbd-2.0.4-5.cm1.x86_64.rpm kbd-debuginfo-2.0.4-5.cm1.x86_64.rpm -kernel-headers-5.4.51-2.cm1.noarch.rpm +kernel-headers-5.4.72-1.cm1.noarch.rpm kmod-25-4.cm1.x86_64.rpm kmod-debuginfo-25-4.cm1.x86_64.rpm kmod-devel-25-4.cm1.x86_64.rpm diff --git a/toolkit/scripts/toolchain/container/toolchain-md5sums b/toolkit/scripts/toolchain/container/toolchain-md5sums index 5a79a133695..31f495b09d7 100644 --- a/toolkit/scripts/toolchain/container/toolchain-md5sums +++ b/toolkit/scripts/toolchain/container/toolchain-md5sums @@ -98,7 +98,7 @@ ef8c2c1d16a00bd95b9fdcef63b8a2ca libXtst-1.2.3.tar.bz2 4cbe1c1def7a5e1b0ed5fce8e512f4c6 libXvMC-1.0.10.tar.bz2 d7dd9b9df336b7dd4028b6b56542ff2c libXxf86dga-1.1.4.tar.bz2 298b8fff82df17304dfdb5fe4066fe3a libXxf86vm-1.1.4.tar.bz2 -a144b639702d36f8fc2b59bf8f5690a7 linux-msft-5.4.51.tar.gz +c7d15cd5b39d88dfb32fcc9cd3441ebd linux-msft-5.4.72.tar.gz 63ecacd3ff6552537a73f8c30c396caf lua-5.3.5-shared_library-1.patch 4f4b4f323fd3514a68e0ab3da8ce3455 lua-5.3.5.tar.gz 730bb15d96fffe47e148d1e09235af82 m4-1.4.18.tar.xz diff --git a/toolkit/scripts/toolchain/container/toolchain-remote-wget-list b/toolkit/scripts/toolchain/container/toolchain-remote-wget-list index 13b9cf8bafd..3b271b91035 100644 --- a/toolkit/scripts/toolchain/container/toolchain-remote-wget-list +++ b/toolkit/scripts/toolchain/container/toolchain-remote-wget-list @@ -39,7 +39,7 @@ http://ftp.gnu.org/gnu/readline/readline-7.0.tar.gz http://ftp.gnu.org/gnu/tar/tar-1.30.tar.xz http://ftp.gnu.org/gnu/texinfo/texinfo-6.5.tar.xz https://www.cpan.org/src/5.0/perl-5.30.3.tar.gz -https://github.com/microsoft/WSL2-Linux-Kernel/archive/linux-msft-5.4.51.tar.gz +https://github.com/microsoft/WSL2-Linux-Kernel/archive/linux-msft-5.4.72.tar.gz http://ftp.gnu.org/gnu/bash/bash-4.4.18.tar.gz https://ftp.gnu.org/gnu/bison/bison-3.1.tar.xz https://sourceware.org/pub/bzip2/bzip2-1.0.6.tar.gz diff --git a/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh b/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh index 3f57fe8a4cd..a4212c3cb74 100755 --- a/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh +++ b/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh @@ -57,14 +57,14 @@ set -e # cd /sources -echo Linux-5.4.51 API Headers -tar xf linux-msft-5.4.51.tar.gz -pushd WSL2-Linux-Kernel-linux-msft-5.4.51 +echo Linux-5.4.72 API Headers +tar xf linux-msft-5.4.72.tar.gz +pushd WSL2-Linux-Kernel-linux-msft-5.4.72 make mrproper make headers cp -rv usr/include/* /usr/include popd -rm -rf WSL2-Linux-Kernel-linux-msft-5.4.51 +rm -rf WSL2-Linux-Kernel-linux-msft-5.4.72 touch /logs/status_kernel_headers_complete echo 6.8. Man-pages-5.02 diff --git a/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh b/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh index 87c7af5ac1a..4ca776bf2cf 100755 --- a/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh +++ b/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh @@ -113,14 +113,14 @@ rm -rf gcc-9.1.0 touch $LFS/logs/temptoolchain/status_gcc_pass1_complete -echo Linux-5.4.51 API Headers -tar xf linux-msft-5.4.51.tar.gz -pushd WSL2-Linux-Kernel-linux-msft-5.4.51 +echo Linux-5.4.72 API Headers +tar xf linux-msft-5.4.72.tar.gz +pushd WSL2-Linux-Kernel-linux-msft-5.4.72 make mrproper make headers cp -rv usr/include/* /tools/include popd -rm -rf WSL2-Linux-Kernel-linux-msft-5.4.51 +rm -rf WSL2-Linux-Kernel-linux-msft-5.4.72 touch $LFS/logs/temptoolchain/status_kernel_headers_complete From f7a7f26f92e7c7d8e8e90c1ef9b9a827c2d833dd Mon Sep 17 00:00:00 2001 From: Henry Beberman Date: Wed, 4 Nov 2020 14:58:38 -0800 Subject: [PATCH 087/145] Add heimdal, ipv6calc, perl-JSON (#338) Add heimdal, ipv6calc, perl-JSON specs --- SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md | 2 +- .../heimdal/fix_test_rand_build_failure.patch | 24 + ...eimdal-1.6.0-c25f45a-rename-commands.patch | 55 ++ .../heimdal-7.5.0-explicit-python2.patch | 156 ++++ SPECS/heimdal/heimdal-7.7.0-configure.patch | 17 + SPECS/heimdal/heimdal-bashrc | 7 + SPECS/heimdal/heimdal-ipropd-master.init | 102 +++ SPECS/heimdal/heimdal-ipropd-master.service | 12 + SPECS/heimdal/heimdal-ipropd-slave-wrapper | 12 + SPECS/heimdal/heimdal-ipropd-slave.init | 102 +++ SPECS/heimdal/heimdal-ipropd-slave.service | 12 + SPECS/heimdal/heimdal-kadmind.init | 102 +++ SPECS/heimdal/heimdal-kadmind.service | 12 + SPECS/heimdal/heimdal-kdc.conf | 10 + SPECS/heimdal/heimdal-kdc.init | 102 +++ SPECS/heimdal/heimdal-kdc.service | 12 + SPECS/heimdal/heimdal-kpasswdd.init | 103 +++ SPECS/heimdal/heimdal-kpasswdd.service | 12 + SPECS/heimdal/heimdal.csh | 3 + SPECS/heimdal/heimdal.logrotate | 9 + SPECS/heimdal/heimdal.sh | 3 + SPECS/heimdal/heimdal.signatures.json | 23 + SPECS/heimdal/heimdal.spec | 866 ++++++++++++++++++ SPECS/heimdal/heimdal.sysconfig | 2 + SPECS/heimdal/krb5.conf.sample | 42 + .../ipv6calc-2.2.0-patch-8c7eea58.diff | 27 + SPECS/ipv6calc/ipv6calc.signatures.json | 5 + SPECS/ipv6calc/ipv6calc.spec | 634 +++++++++++++ SPECS/perl-JSON/perl-JSON.signatures.json | 5 + SPECS/perl-JSON/perl-JSON.spec | 305 ++++++ cgmanifest.json | 30 + 31 files changed, 2807 insertions(+), 1 deletion(-) create mode 100644 SPECS/heimdal/fix_test_rand_build_failure.patch create mode 100644 SPECS/heimdal/heimdal-1.6.0-c25f45a-rename-commands.patch create mode 100644 SPECS/heimdal/heimdal-7.5.0-explicit-python2.patch create mode 100644 SPECS/heimdal/heimdal-7.7.0-configure.patch create mode 100644 SPECS/heimdal/heimdal-bashrc create mode 100644 SPECS/heimdal/heimdal-ipropd-master.init create mode 100644 SPECS/heimdal/heimdal-ipropd-master.service create mode 100644 SPECS/heimdal/heimdal-ipropd-slave-wrapper create mode 100644 SPECS/heimdal/heimdal-ipropd-slave.init create mode 100644 SPECS/heimdal/heimdal-ipropd-slave.service create mode 100644 SPECS/heimdal/heimdal-kadmind.init create mode 100644 SPECS/heimdal/heimdal-kadmind.service create mode 100644 SPECS/heimdal/heimdal-kdc.conf create mode 100644 SPECS/heimdal/heimdal-kdc.init create mode 100644 SPECS/heimdal/heimdal-kdc.service create mode 100644 SPECS/heimdal/heimdal-kpasswdd.init create mode 100644 SPECS/heimdal/heimdal-kpasswdd.service create mode 100644 SPECS/heimdal/heimdal.csh create mode 100644 SPECS/heimdal/heimdal.logrotate create mode 100644 SPECS/heimdal/heimdal.sh create mode 100644 SPECS/heimdal/heimdal.signatures.json create mode 100644 SPECS/heimdal/heimdal.spec create mode 100644 SPECS/heimdal/heimdal.sysconfig create mode 100644 SPECS/heimdal/krb5.conf.sample create mode 100644 SPECS/ipv6calc/ipv6calc-2.2.0-patch-8c7eea58.diff create mode 100644 SPECS/ipv6calc/ipv6calc.signatures.json create mode 100644 SPECS/ipv6calc/ipv6calc.spec create mode 100644 SPECS/perl-JSON/perl-JSON.signatures.json create mode 100644 SPECS/perl-JSON/perl-JSON.spec diff --git a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md index d5ec285894e..8f08346bf20 100644 --- a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md +++ b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md @@ -2,7 +2,7 @@ The CBL-Mariner SPEC files originated from a variety of sources with varying lic | Origin | License | SPECS | |-----------|-----------------------------------|------------| -| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | attr
autoconf213
babeltrace2
brotli
calamares
catch
cpprest
cryptsetup
dnf
dos2unix
ebtables
extra-cmake-modules
gnu-efi
hardening-check
ipmitool
kde-settings
kexec-tools
kf5
kf5-kconfig
kf5-kcoreaddons
kf5-ki18n
kf5-kwidgetsaddons
kpmcore-3.3.0
libatasmart
libburn
libcgroup
libcomps
libdnf
libisoburn
libisofs
libpwquality
mokutil
mozjs60
open-vm-tools
openssl
p11-kit
qt5-qtbase
qt5-qtdeclarative
qt5-qtsvg
qt5-qttools
qt5-rpm-macros
squashfs-tools
websocketpp
words
yaml-cpp
zipper
| +| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | attr
autoconf213
babeltrace2
brotli
calamares
catch
cpprest
cryptsetup
dnf
dos2unix
ebtables
extra-cmake-modules
gnu-efi
hardening-check
heimdal
ipmitool
ipv6calc
kde-settings
kexec-tools
kf5
kf5-kconfig
kf5-kcoreaddons
kf5-ki18n
kf5-kwidgetsaddons
kpmcore-3.3.0
libatasmart
libburn
libcgroup
libcomps
libdnf
libisoburn
libisofs
libpwquality
mokutil
mozjs60
open-vm-tools
openssl
p11-kit
perl-JSON
qt5-qtbase
qt5-qtdeclarative
qt5-qtsvg
qt5-qttools
qt5-rpm-macros
squashfs-tools
websocketpp
words
yaml-cpp
zipper
| | Microsoft | [Microsoft MIT License](/LICENSES-AND-NOTICES/LICENSE.md) | auoms
azure-iot-sdk-c
azure-iotedge
azure-storage-cpp
bond
ccache
clamav
cloud-hypervisor
dtc
fluent-bit
freefont
gflags
go-md2man
GSL
ivykis
jsonbuilder
libiothsm-std
libuv
libxml++
lttng-consume
mariner-release
mariner-repos
mariner-rpm-macros
mm-common
msgpack
nlohmann-json
omi
pcre2
perl-Test-Warnings
rocksdb
shim-unsigned-x64
span-lite
swupdate
tinyxml2
toml11
tracelogging
vala
zstd | | Photon | [Photon License](LICENSE-PHOTON.md) and [Photon Notice](NOTICE.APACHE2).
Also see [LICENSE-EXCEPTIONS.PHOTON](LICENSE-EXCEPTIONS.PHOTON). | acl
alsa-lib
alsa-utils
ansible
ant
ant-contrib
apparmor
apr
apr-util
asciidoc
atftp
audit
autoconf
autoconf-archive
autofs
autogen
automake
babel
bash
bc
bcc
bind
binutils
bison
blktrace
boost
bridge-utils
btrfs-progs
bubblewrap
build-essential
bzip2
c-ares
ca-certificates
cairo
cdrkit
check
chkconfig
chrpath
cifs-utils
clang
cloud-init
cloud-utils-growpart
cmake
cni
core-packages
coreutils
cpio
cppunit
cracklib
crash
crash-gcore-command
createrepo_c
cri-tools
cronie
ctags
curl
cyrus-sasl
cython
dbus
dbus-glib
dejagnu
device-mapper-multipath
dhcp
dialog
diffutils
dkms
dmidecode
dnsmasq
docbook-dtd-xml
docbook-style-xsl
dosfstools
dotnet-runtime-3.1
dotnet-sdk-3.1
dracut
dstat
e2fsprogs
ed
efibootmgr
efivar
elfutils
erlang
etcd
ethtool
expat
expect
fcgi
file
filesystem
findutils
finger
flex
fontconfig
fping
freetype
fuse
gawk
gc
gcc
gdb
gdbm
gettext
git
glib
glib-networking
glibc
glibmm24
gmp
gnome-common
gnupg2
gnuplot
gnutls
gobject-introspection
golang
golang
gperf
gperftools
gpgme
gptfdisk
grep
groff
grub2
grub2-efi-binary-signed-aarch64
grub2-efi-binary-signed-x64
gtest
gtk-doc
guile
gzip
haproxy
harfbuzz
haveged
hdparm
http-parser
httpd
i2c-tools
iana-etc
icu
initramfs
initscripts
inotify-tools
intltool
iotop
iperf3
ipmitool
iproute
ipset
iptables
iputils
ipvsadm
ipxe
irqbalance
itstool
jansson
jna
jq
json-c
json-glib
kbd
keepalived
kernel
kernel-headers
kernel-hyperv
kernel-signed-aarch64
kernel-signed-x64
kexec-tools
keyutils
kmod
krb5
kubernetes
lapack
less
libaio
libarchive
libassuan
libatomic_ops
libcap
libcap-ng
libconfig
libdb
libdnet
libedit
libestr
libev
libevent
libfastjson
libffi
libgcrypt
libgpg-error
libgssglue
libgsystem
libgudev
libjpeg-turbo
libksba
liblogging
libmbim
libmnl
libmodulemd
libmpc
libmspack
libndp
libnetfilter_conntrack
libnetfilter_cthelper
libnetfilter_cttimeout
libnetfilter_queue
libnfnetlink
libnftnl
libnl3
libnsl2
libpcap
libpipeline
libpng
libpsl
libqmi
librelp
librepo
librsync
libseccomp
libselinux
libsepol
libserf
libsigc++20
libsolv
libsoup
libssh2
libtalloc
libtar
libtasn1
libtiff
libtirpc
libtool
libunistring
libunwind
libusb
libvirt
libwebp
libxml2
libxslt
libyaml
linux-firmware
lldb
lldpad
llvm
lm-sensors
lmdb
log4cpp
logrotate
lshw
lsof
lsscsi
ltrace
lttng-tools
lttng-ust
lua
lvm2
lz4
lzo
m2crypto
m4
make
man-db
man-pages
mariadb
maven
mc
mercurial
meson
mlocate
ModemManager
mpfr
msr-tools
mysql
nano
nasm
ncurses
ndctl
net-snmp
net-tools
nettle
newt
nfs-utils
nghttp2
nginx
ninja-build
nodejs
nodejs
npth
nspr
nss
nss-altfiles
ntp
numactl
numpy
nvme-cli
oniguruma
openipmi
openjdk8
openjdk8
openldap
openscap
openssh
openvswitch
ostree
pam
pango
parted
patch
pciutils
pcre
perl
perl-Canary-Stability
perl-CGI
perl-common-sense
perl-Crypt-SSLeay
perl-DBD-SQLite
perl-DBI
perl-DBIx-Simple
perl-Exporter-Tiny
perl-File-HomeDir
perl-File-Which
perl-IO-Socket-SSL
perl-JSON-Any
perl-JSON-XS
perl-libintl-perl
perl-List-MoreUtils
perl-Module-Build
perl-Module-Install
perl-Module-ScanDeps
perl-Net-SSLeay
perl-NetAddr-IP
perl-Object-Accessor
perl-Path-Class
perl-Try-Tiny
perl-Types-Serialiser
perl-WWW-Curl
perl-XML-Parser
perl-YAML
perl-YAML-Tiny
pgbouncer
pinentry
pixman
pkg-config
polkit
popt
postgresql
powershell
procps-ng
protobuf
protobuf-c
psmisc
pth
pyasn1-modules
pygobject3
pyOpenSSL
PyPAM
pyparsing
pytest
python-appdirs
python-asn1crypto
python-atomicwrites
python-attrs
python-backports-ssl_match_hostname
python-bcrypt
python-boto3
python-botocore
python-certifi
python-cffi
python-chardet
python-configobj
python-constantly
python-coverage
python-cryptography
python-daemon
python-dateutil
python-defusedxml
python-distro
python-docopt
python-docutils
python-ecdsa
python-enum34
python-futures
python-gevent
python-greenlet
python-hyperlink
python-hypothesis
python-idna
python-imagesize
python-incremental
python-iniparse
python-ipaddr
python-ipaddress
python-jinja2
python-jmespath
python-jsonpatch
python-jsonpointer
python-jsonschema
python-lockfile
python-lxml
python-m2r
python-mako
python-markupsafe
python-mistune
python-msgpack
python-netaddr
python-netifaces
python-ntplib
python-oauthlib
python-packaging
python-pam
python-pbr
python-pip
python-ply
python-prettytable
python-psutil
python-psycopg2
python-py
python-pyasn1
python-pycodestyle
python-pycparser
python-pycurl
python-Pygments
python-PyNaCl
python-pyvmomi
python-requests
python-setuptools
python-setuptools_scm
python-simplejson
python-six
python-snowballstemmer
python-sphinx
python-sphinx-theme-alabaster
python-sqlalchemy
python-Twisted
python-typing
python-urllib3
python-vcversioner
python-virtualenv
python-wcwidth
python-webob
python-websocket-client
python-werkzeug
python-zope-interface
python2
python3
pytz
PyYAML
rapidjson
readline
redis
rng-tools
rpcbind
rpcsvc-proto
rpm
rpm-ostree
rrdtool
rsync
rsyslog
ruby
rubygem-bundler
runc
rust
scons
sed
sg3_utils
shadow-utils
slang
snappy
socat
sqlite
sshpass
strace
strongswan
subversion
sudo
swig
syslinux
syslog-ng
sysstat
systemd
systemtap
tar
tboot
tcl
tcpdump
tcp_wrappers
tcsh
tdnf
telegraf
texinfo
tmux
tpm2-abrmd
tpm2-tools
tpm2-tss
traceroute
tree
trousers
tzdata
unbound
unixODBC
unzip
usbutils
userspace-rcu
utf8proc
util-linux
valgrind
vim
vsftpd
WALinuxAgent
wget
which
wpa_supplicant
xerces-c
xfsprogs
xinetd
xmlsec1
xmlto
xz
zchunk
zeromq
zip
zlib
zsh
| | OpenMamba | [Openmamba](https://openmamba.org/en/) | bash-completion
| \ No newline at end of file diff --git a/SPECS/heimdal/fix_test_rand_build_failure.patch b/SPECS/heimdal/fix_test_rand_build_failure.patch new file mode 100644 index 00000000000..171a32c8e51 --- /dev/null +++ b/SPECS/heimdal/fix_test_rand_build_failure.patch @@ -0,0 +1,24 @@ +diff -ur heimdal-7.7.0-orig/lib/hcrypto/Makefile.am heimdal-7.7.0/lib/hcrypto/Makefile.am +--- heimdal-7.7.0-orig/lib/hcrypto/Makefile.am 2019-06-07 06:21:35.000000000 +0000 ++++ heimdal-7.7.0/lib/hcrypto/Makefile.am 2020-09-11 22:54:02.955215077 +0000 +@@ -297,7 +297,7 @@ + libtommath/bn_mp_to_unsigned_bin_n.c + + +-$(libhcrypto_la_OBJECTS): hcrypto-link ++$(libhcrypto_la_OBJECTS) $(test_rand_OBJECTS): hcrypto-link + + libhcrypto_la_CPPFLAGS = -DBUILD_HCRYPTO_LIB $(AM_CPPFLAGS) + +diff -ur heimdal-7.7.0-orig/lib/hx509/Makefile.am heimdal-7.7.0/lib/hx509/Makefile.am +--- heimdal-7.7.0-orig/lib/hx509/Makefile.am 2019-06-07 06:21:35.000000000 +0000 ++++ heimdal-7.7.0/lib/hx509/Makefile.am 2020-09-12 00:13:46.535536094 +0000 +@@ -164,7 +164,7 @@ + dist_hxtool_SOURCES = hxtool.c + nodist_hxtool_SOURCES = hxtool-commands.c hxtool-commands.h + +-$(hxtool_OBJECTS): hxtool-commands.h hx509_err.h ++$(hxtool_OBJECTS): hxtool-commands.h hx509_err.h $(nodist_include_HEADERS) + + hxtool_LDADD = \ + libhx509.la \ diff --git a/SPECS/heimdal/heimdal-1.6.0-c25f45a-rename-commands.patch b/SPECS/heimdal/heimdal-1.6.0-c25f45a-rename-commands.patch new file mode 100644 index 00000000000..bc0f92bae23 --- /dev/null +++ b/SPECS/heimdal/heimdal-1.6.0-c25f45a-rename-commands.patch @@ -0,0 +1,55 @@ +From 15d0c5593079f0c75b0e3ed9209e549e5d2e7822 Mon Sep 17 00:00:00 2001 +From: Ken Dreyer +Date: Wed, 28 May 2014 15:00:44 -0600 +Subject: [PATCH 1/2] Fedora: add heimdal- prefixes to heimtools cmds + +The Fedora Heimdal package renames the klist and kswitch commands in +/usr/bin to use "heimdal-" prefixes in order to avoid conflicting with +MIT's utilities. + +Add these "heimdal-" names to the heimtools command configuration so +that heimtools will recognize the commands under the new names as well +as the old names. +--- + kuser/heimtools-commands.in | 2 ++ + kuser/heimtools.c | 4 ++-- + 2 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/kuser/heimtools-commands.in b/kuser/heimtools-commands.in +index b22a8c5..62388ce 100644 +--- a/kuser/heimtools-commands.in ++++ b/kuser/heimtools-commands.in +@@ -34,6 +34,7 @@ + command = { + name = "klist" + name = "list" ++ name = "heimdal-klist" + help = "List kerberos tickets" + option = { + long = "cache" +@@ -136,6 +137,7 @@ command = { + command = { + name = "kswitch" + name = "switch" ++ name = "heimdal-kswitch" + help = "Switch default kerberos cache" + option = { + long = "type" +diff --git a/kuser/heimtools.c b/kuser/heimtools.c +index 70b23d6..c1ef60e 100644 +--- a/kuser/heimtools.c ++++ b/kuser/heimtools.c +@@ -89,8 +89,8 @@ static int + command_alias(const char *name) + { + const char *aliases[] = { +- "kinit", "klist", "kswitch", "kgetcred", "kvno", "kdeltkt", +- "kdestroy", "kcpytkt", NULL ++ "kinit", "klist", "heimdal-klist", "kswitch", "heimdal-kswitch", ++ "kgetcred", "kvno", "kdeltkt", "kdestroy", "kcpytkt", NULL + }, **p = aliases; + + while (*p && strcmp(name, *p) != 0) +-- +1.9.3 + diff --git a/SPECS/heimdal/heimdal-7.5.0-explicit-python2.patch b/SPECS/heimdal/heimdal-7.5.0-explicit-python2.patch new file mode 100644 index 00000000000..a96b18ae048 --- /dev/null +++ b/SPECS/heimdal/heimdal-7.5.0-explicit-python2.patch @@ -0,0 +1,156 @@ +Index: heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/hx509/quote.py +=================================================================== +--- heimdal-3e58559362dd3f485e6d6659d587a9169a131391.orig/lib/hx509/quote.py ++++ heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/hx509/quote.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!/usr/bin/python2 + # -*- coding: utf-8 -*- + # + # Copyright (c) 2010 Kungliga Tekniska Högskolan +Index: heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/Makefile.am +=================================================================== +--- heimdal-3e58559362dd3f485e6d6659d587a9169a131391.orig/lib/wind/Makefile.am ++++ heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/Makefile.am +@@ -89,7 +89,7 @@ idn_lookup_SOURCES = idn-lookup.c + + LDADD = libwind.la $(LIB_roken) + +-PYTHON = python ++PYTHON = python2 + + if !MAINTAINER_MODE + skip_python = test -f $@ || +Index: heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/UnicodeData.py +=================================================================== +--- heimdal-3e58559362dd3f485e6d6659d587a9169a131391.orig/lib/wind/UnicodeData.py ++++ heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/UnicodeData.py +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/python ++#!/usr/bin/python2 + # -*- coding: iso-8859-1 -*- + + # $Id$ +Index: heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/gen-bidi.py +=================================================================== +--- heimdal-3e58559362dd3f485e6d6659d587a9169a131391.orig/lib/wind/gen-bidi.py ++++ heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/gen-bidi.py +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/python ++#!/usr/bin/python2 + # -*- coding: iso-8859-1 -*- + + # $Id$ +Index: heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/gen-combining.py +=================================================================== +--- heimdal-3e58559362dd3f485e6d6659d587a9169a131391.orig/lib/wind/gen-combining.py ++++ heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/gen-combining.py +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/python ++#!/usr/bin/python2 + # -*- coding: iso-8859-1 -*- + + # $Id$ +Index: heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/gen-errorlist.py +=================================================================== +--- heimdal-3e58559362dd3f485e6d6659d587a9169a131391.orig/lib/wind/gen-errorlist.py ++++ heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/gen-errorlist.py +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/python ++#!/usr/bin/python2 + # -*- coding: iso-8859-1 -*- + + # $Id$ +Index: heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/gen-map.py +=================================================================== +--- heimdal-3e58559362dd3f485e6d6659d587a9169a131391.orig/lib/wind/gen-map.py ++++ heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/gen-map.py +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/python ++#!/usr/bin/python2 + # -*- coding: iso-8859-1 -*- + + # $Id$ +Index: heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/gen-normalize.py +=================================================================== +--- heimdal-3e58559362dd3f485e6d6659d587a9169a131391.orig/lib/wind/gen-normalize.py ++++ heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/gen-normalize.py +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/python ++#!/usr/bin/python2 + # -*- coding: iso-8859-1 -*- + + # $Id$ +Index: heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/gen-punycode-examples.py +=================================================================== +--- heimdal-3e58559362dd3f485e6d6659d587a9169a131391.orig/lib/wind/gen-punycode-examples.py ++++ heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/gen-punycode-examples.py +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/python ++#!/usr/bin/python2 + # -*- coding: iso-8859-1 -*- + + # $Id$ +Index: heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/generate.py +=================================================================== +--- heimdal-3e58559362dd3f485e6d6659d587a9169a131391.orig/lib/wind/generate.py ++++ heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/generate.py +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/python ++#!/usr/bin/python2 + # -*- coding: iso-8859-1 -*- + + # $Id$ +Index: heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/rfc3454.py +=================================================================== +--- heimdal-3e58559362dd3f485e6d6659d587a9169a131391.orig/lib/wind/rfc3454.py ++++ heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/rfc3454.py +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/python ++#!/usr/bin/python2 + # -*- coding: iso-8859-1 -*- + + # $Id$ +Index: heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/rfc4518.py +=================================================================== +--- heimdal-3e58559362dd3f485e6d6659d587a9169a131391.orig/lib/wind/rfc4518.py ++++ heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/rfc4518.py +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/python ++#!/usr/bin/python2 + # -*- coding: iso-8859-1 -*- + + # $Id$ +Index: heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/stringprep.py +=================================================================== +--- heimdal-3e58559362dd3f485e6d6659d587a9169a131391.orig/lib/wind/stringprep.py ++++ heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/stringprep.py +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/python ++#!/usr/bin/python2 + # -*- coding: iso-8859-1 -*- + + # $Id$ +Index: heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/util.py +=================================================================== +--- heimdal-3e58559362dd3f485e6d6659d587a9169a131391.orig/lib/wind/util.py ++++ heimdal-3e58559362dd3f485e6d6659d587a9169a131391/lib/wind/util.py +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/python ++#!/usr/bin/python2 + # -*- coding: iso-8859-1 -*- + + # $Id$ +Index: heimdal-3e58559362dd3f485e6d6659d587a9169a131391/windows/NTMakefile.w32 +=================================================================== +--- heimdal-3e58559362dd3f485e6d6659d587a9169a131391.orig/windows/NTMakefile.w32 ++++ heimdal-3e58559362dd3f485e6d6659d587a9169a131391/windows/NTMakefile.w32 +@@ -120,7 +120,7 @@ RC=rc + AWK_CMD=gawk.exe + YACC_CMD=bison.exe + LEX_CMD=flex.exe +-PYTHON=python.exe ++PYTHON=python2.exe + PERL=perl.exe + CMP=cmp.exe + MAKECAT=makecat.exe diff --git a/SPECS/heimdal/heimdal-7.7.0-configure.patch b/SPECS/heimdal/heimdal-7.7.0-configure.patch new file mode 100644 index 00000000000..23f116ce496 --- /dev/null +++ b/SPECS/heimdal/heimdal-7.7.0-configure.patch @@ -0,0 +1,17 @@ +--- a/cf/check-var.m4 2013-04-24 20:07:35.000000000 -0600 ++++ b/cf/check-var.m4 2020-01-07 11:36:36.493955390 -0700 +@@ -6,12 +6,12 @@ AC_MSG_CHECKING(for $1) + AC_CACHE_VAL(ac_cv_var_$1, [ + m4_ifval([$2],[ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2 +- void * foo(void) { return &$1; }]],[[foo()]])], ++ __attribute__ ((used)) void * foo(void) { return &$1; }]],[[foo()]])], + [ac_cv_var_$1=yes],[ac_cv_var_$1=no])]) + if test "$ac_cv_var_$1" != yes ; then + AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2 + extern int $1; +-int foo(void) { return $1; }]],[[foo()]])], ++__attribute__ ((used)) int foo(void) { return $1; }]],[[foo()]])], + [ac_cv_var_$1=yes],[ac_cv_var_$1=no]) + fi + ]) diff --git a/SPECS/heimdal/heimdal-bashrc b/SPECS/heimdal/heimdal-bashrc new file mode 100644 index 00000000000..ceb7de64d86 --- /dev/null +++ b/SPECS/heimdal/heimdal-bashrc @@ -0,0 +1,7 @@ +alias kinit="/usr/bin/kinit.heimdal" +alias kdestroy="/usr/bin/kdestroy.heimdal" +alias klist="/usr/bin/klist.heimdal" +alias kpasswd="/usr/bin/kpasswd.heimdal" +alias kadmin="/usr/sbin/kadmin.heimdal" +alias krb5-config="/usr/bin/krb5-config.heimdal" +alias ktutil="/usr/sbin/ktutil.heimdal" diff --git a/SPECS/heimdal/heimdal-ipropd-master.init b/SPECS/heimdal/heimdal-ipropd-master.init new file mode 100644 index 00000000000..4931f0a71f4 --- /dev/null +++ b/SPECS/heimdal/heimdal-ipropd-master.init @@ -0,0 +1,102 @@ +#! /bin/sh +# +# ipropd-master Startup script for Heimdal ipropd-master +# +# chkconfig: - 39 61 +# description: Starts and stops the Heimdal ipropd-master + +### BEGIN INIT INFO +# Provides: ipropd-master +# Required-Start: $local_fs $network $named +# Required-Stop: $local_fs $network +# Default-Start: +# Default-Stop: +# Short-Description: Starts and stops the Heimdal ipropd-master +# Description: Heimdal ipropd-master implements incremental propagation +### END INIT INFO + +[ -f /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions + +exec=/usr/libexec/ipropd-master +prog=ipropd-master +MASTER_ARGS="--detach" +[ -e /etc/sysconfig/heimdal ] && . /etc/sysconfig/heimdal +args="${MASTER_ARGS}" + +lockfile=/var/lock/subsys/$prog + +start() { + [ -x $exec ] || exit 5 + [ -f $config ] || exit 6 + echo -n $"Starting $prog: " + daemon "$exec $args" + retval=$? + echo + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + echo -n $"Stopping $prog: " + killproc "$prog" + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + stop + start +} + +reload() { + restart +} + +force_reload() { + restart +} + +rh_status() { + # run checks to determine if the service is running or use generic status + status $prog +} + +rh_status_q() { + rh_status >/dev/null 2>&1 +} + + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + stop) + rh_status_q || exit 0 + $1 + ;; + restart) + $1 + ;; + reload) + rh_status_q || exit 7 + $1 + ;; + force-reload) + force_reload + ;; + status) + rh_status + ;; + condrestart|try-restart) + rh_status_q || exit 0 + restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" + exit 2 +esac +exit $? + diff --git a/SPECS/heimdal/heimdal-ipropd-master.service b/SPECS/heimdal/heimdal-ipropd-master.service new file mode 100644 index 00000000000..c873f72f786 --- /dev/null +++ b/SPECS/heimdal/heimdal-ipropd-master.service @@ -0,0 +1,12 @@ +[Unit] +Description=Heimdal ipropd-master incremental propagation service +Documentation=man:iprop(8) info:heimdal http://www.h5l.org/ +After=syslog.target network.target + +[Service] +Type=forking +ExecStart=/usr/libexec/ipropd-master --detach +PIDFile=/var/run/ipropd-master.pid + +[Install] +WantedBy=multi-user.target diff --git a/SPECS/heimdal/heimdal-ipropd-slave-wrapper b/SPECS/heimdal/heimdal-ipropd-slave-wrapper new file mode 100644 index 00000000000..6b7e2b4499a --- /dev/null +++ b/SPECS/heimdal/heimdal-ipropd-slave-wrapper @@ -0,0 +1,12 @@ +#!/bin/bash + +set -e; set -o pipefail + +. /etc/sysconfig/heimdal + +if [[ -z "$MASTER" ]]; then + echo >&2 "MASTER must be specified in /etc/sysconfig/heimdal" + exit 1 +fi + +exec /usr/libexec/ipropd-slave --detach "$MASTER" diff --git a/SPECS/heimdal/heimdal-ipropd-slave.init b/SPECS/heimdal/heimdal-ipropd-slave.init new file mode 100644 index 00000000000..78d60e905e7 --- /dev/null +++ b/SPECS/heimdal/heimdal-ipropd-slave.init @@ -0,0 +1,102 @@ +#! /bin/sh +# +# ipropd-slave Startup script for Heimdal ipropd-slave +# +# chkconfig: - 39 61 +# description: Starts and stops the Heimdal ipropd-slave + +### BEGIN INIT INFO +# Provides: ipropd-slave +# Required-Start: $local_fs $network $named +# Required-Stop: $local_fs $network +# Default-Start: +# Default-Stop: +# Short-Description: Starts and stops the Heimdal ipropd-slave +# Description: Heimdal ipropd-slave implements incremental propagation +### END INIT INFO + +[ -f /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions + +exec=/usr/libexec/ipropd-slave +prog=ipropd-slave +SLAVE_ARGS="--detach" +[ -e /etc/sysconfig/heimdal ] && . /etc/sysconfig/heimdal +args="${SLAVE_ARGS} ${MASTER}" + +lockfile=/var/lock/subsys/$prog + +start() { + [ -x $exec ] || exit 5 + [ -f $config ] || exit 6 + echo -n $"Starting $prog: " + daemon "$exec $args" + retval=$? + echo + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + echo -n $"Stopping $prog: " + killproc "$prog" + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + stop + start +} + +reload() { + restart +} + +force_reload() { + restart +} + +rh_status() { + # run checks to determine if the service is running or use generic status + status $prog +} + +rh_status_q() { + rh_status >/dev/null 2>&1 +} + + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + stop) + rh_status_q || exit 0 + $1 + ;; + restart) + $1 + ;; + reload) + rh_status_q || exit 7 + $1 + ;; + force-reload) + force_reload + ;; + status) + rh_status + ;; + condrestart|try-restart) + rh_status_q || exit 0 + restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" + exit 2 +esac +exit $? + diff --git a/SPECS/heimdal/heimdal-ipropd-slave.service b/SPECS/heimdal/heimdal-ipropd-slave.service new file mode 100644 index 00000000000..82171908eb8 --- /dev/null +++ b/SPECS/heimdal/heimdal-ipropd-slave.service @@ -0,0 +1,12 @@ +[Unit] +Description=Heimdal ipropd-slave incremental propagation service +Documentation=man:iprop(8) info:heimdal http://www.h5l.org/ +After=syslog.target network.target + +[Service] +Type=forking +ExecStart=/usr/libexec/ipropd-slave-wrapper +PIDFile=/var/run/ipropd-slave.pid + +[Install] +WantedBy=multi-user.target diff --git a/SPECS/heimdal/heimdal-kadmind.init b/SPECS/heimdal/heimdal-kadmind.init new file mode 100644 index 00000000000..212c141ed5a --- /dev/null +++ b/SPECS/heimdal/heimdal-kadmind.init @@ -0,0 +1,102 @@ +#! /bin/sh +# +# heimdal-kadmind Startup script for Heimdal kadmind +# +# chkconfig: - 39 61 +# description: Starts and stops the Heimdal kadmind + +### BEGIN INIT INFO +# Provides: heimdal-kadmind +# Required-Start: $local_fs $network $named +# Required-Stop: $local_fs $network +# Default-Start: +# Default-Stop: +# Short-Description: Starts and stops the Heimdal kadmind +# Description: Heimdal kadmind implements remote administration in Heimdal +### END INIT INFO + +[ -f /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions + +exec=/usr/libexec/heimdal-kadmind +prog=heimdal-kadmind +KADMIND_ARGS="" +[ -e /etc/sysconfig/heimdal ] && . /etc/sysconfig/heimdal +args="${KADMIND_ARGS} &" + +lockfile=/var/lock/subsys/$prog + +start() { + [ -x $exec ] || exit 5 + [ -f $config ] || exit 6 + echo -n $"Starting $prog: " + daemon "$exec $args" + retval=$? + echo + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + echo -n $"Stopping $prog: " + killproc "$prog" + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + stop + start +} + +reload() { + restart +} + +force_reload() { + restart +} + +rh_status() { + # run checks to determine if the service is running or use generic status + status $prog +} + +rh_status_q() { + rh_status >/dev/null 2>&1 +} + + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + stop) + rh_status_q || exit 0 + $1 + ;; + restart) + $1 + ;; + reload) + rh_status_q || exit 7 + $1 + ;; + force-reload) + force_reload + ;; + status) + rh_status + ;; + condrestart|try-restart) + rh_status_q || exit 0 + restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" + exit 2 +esac +exit $? + diff --git a/SPECS/heimdal/heimdal-kadmind.service b/SPECS/heimdal/heimdal-kadmind.service new file mode 100644 index 00000000000..8765bc1d7ad --- /dev/null +++ b/SPECS/heimdal/heimdal-kadmind.service @@ -0,0 +1,12 @@ +[Unit] +Description=Heimdal kadmind remote administration service +Documentation=man:heimdal-kadmind(8) info:heimdal http://www.h5l.org/ +After=syslog.target network.target + +[Service] +Type=simple +ExecStart=/usr/libexec/heimdal-kadmind +PIDFile=/var/run/heimdal-kadmind.pid + +[Install] +WantedBy=multi-user.target diff --git a/SPECS/heimdal/heimdal-kdc.conf b/SPECS/heimdal/heimdal-kdc.conf new file mode 100644 index 00000000000..0cc6488cf05 --- /dev/null +++ b/SPECS/heimdal/heimdal-kdc.conf @@ -0,0 +1,10 @@ +[logging] + default = FILE:/var/log/heimdal/heimdal.log + kdc = FILE:/var/log/heimdal/kdc.log + admin_server = FILE:/var/log/heimdal/kadmind.log + +[kdc] + enable-http = true + +[kadmin] + require-preauth = true diff --git a/SPECS/heimdal/heimdal-kdc.init b/SPECS/heimdal/heimdal-kdc.init new file mode 100644 index 00000000000..625f2b973c8 --- /dev/null +++ b/SPECS/heimdal/heimdal-kdc.init @@ -0,0 +1,102 @@ +#! /bin/sh +# +# kdc Startup script for Heimdal kdc +# +# chkconfig: - 39 61 +# description: Starts and stops the Heimdal kdc + +### BEGIN INIT INFO +# Provides: kdc +# Required-Start: $local_fs $network $named +# Required-Stop: $local_fs $network +# Default-Start: +# Default-Stop: +# Short-Description: Starts and stops the Heimdal kdc +# Description: Heimdal KDC is a Kerberos 5 Key Distribution Center server +### END INIT INFO + +[ -f /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions + +exec=/usr/libexec/kdc +prog=kdc +KDC_ARGS="--detach" +[ -e /etc/sysconfig/heimdal ] && . /etc/sysconfig/heimdal +args="${KDC_ARGS}" + +lockfile=/var/lock/subsys/$prog + +start() { + [ -x $exec ] || exit 5 + [ -f $config ] || exit 6 + echo -n $"Starting $prog: " + daemon "$exec $args" + retval=$? + echo + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + echo -n $"Stopping $prog: " + killproc "$prog" + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + stop + start +} + +reload() { + restart +} + +force_reload() { + restart +} + +rh_status() { + # run checks to determine if the service is running or use generic status + status $prog +} + +rh_status_q() { + rh_status >/dev/null 2>&1 +} + + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + stop) + rh_status_q || exit 0 + $1 + ;; + restart) + $1 + ;; + reload) + rh_status_q || exit 7 + $1 + ;; + force-reload) + force_reload + ;; + status) + rh_status + ;; + condrestart|try-restart) + rh_status_q || exit 0 + restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" + exit 2 +esac +exit $? + diff --git a/SPECS/heimdal/heimdal-kdc.service b/SPECS/heimdal/heimdal-kdc.service new file mode 100644 index 00000000000..e4461f541fc --- /dev/null +++ b/SPECS/heimdal/heimdal-kdc.service @@ -0,0 +1,12 @@ +[Unit] +Description=Heimdal KDC is a Kerberos 5 Key Distribution Center server +Documentation=man:kdc(8) info:heimdal http://www.h5l.org/ +After=syslog.target network.target + +[Service] +Type=simple +ExecStart=/usr/libexec/kdc +PIDFile=/var/run/kdc.pid + +[Install] +WantedBy=multi-user.target diff --git a/SPECS/heimdal/heimdal-kpasswdd.init b/SPECS/heimdal/heimdal-kpasswdd.init new file mode 100644 index 00000000000..a7dd64b7818 --- /dev/null +++ b/SPECS/heimdal/heimdal-kpasswdd.init @@ -0,0 +1,103 @@ +#! /bin/sh +# +# kpasswdd Startup script for Heimdal kpasswdd +# +# chkconfig: - 39 61 +# description: Starts and stops the Heimdal kpasswdd + +### BEGIN INIT INFO +# Provides: kpasswdd +# Required-Start: $local_fs $network $named +# Required-Stop: $local_fs $network +# Default-Start: +# Default-Stop: +# Short-Description: Starts and stops the Heimdal kpasswdd +# Description: Heimdal kpasswdd allows Kerberos 5 users to change \ +# their KDC passwords +### END INIT INFO + +[ -f /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions + +exec=/usr/libexec/kpasswdd +prog=kpasswdd +KPASSWD_ARGS="" +[ -e /etc/sysconfig/heimdal ] && . /etc/sysconfig/heimdal +args="${KPASSWD_ARGS} &" + +lockfile=/var/lock/subsys/$prog + +start() { + [ -x $exec ] || exit 5 + [ -f $config ] || exit 6 + echo -n $"Starting $prog: " + daemon "$exec $args" + retval=$? + echo + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + echo -n $"Stopping $prog: " + killproc "$prog" + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + stop + start +} + +reload() { + restart +} + +force_reload() { + restart +} + +rh_status() { + # run checks to determine if the service is running or use generic status + status $prog +} + +rh_status_q() { + rh_status >/dev/null 2>&1 +} + + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + stop) + rh_status_q || exit 0 + $1 + ;; + restart) + $1 + ;; + reload) + rh_status_q || exit 7 + $1 + ;; + force-reload) + force_reload + ;; + status) + rh_status + ;; + condrestart|try-restart) + rh_status_q || exit 0 + restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" + exit 2 +esac +exit $? + diff --git a/SPECS/heimdal/heimdal-kpasswdd.service b/SPECS/heimdal/heimdal-kpasswdd.service new file mode 100644 index 00000000000..1876f97a2e6 --- /dev/null +++ b/SPECS/heimdal/heimdal-kpasswdd.service @@ -0,0 +1,12 @@ +[Unit] +Description=Heimdal kpasswdd allows users to change their KDC passwords +Documentation=man:kpasswdd(8) info:heimdal http://www.h5l.org/ +After=syslog.target network.target + +[Service] +Type=simple +ExecStart=/usr/libexec/kpasswdd +PIDFile=/var/run/kpasswdd.pid + +[Install] +WantedBy=multi-user.target diff --git a/SPECS/heimdal/heimdal.csh b/SPECS/heimdal/heimdal.csh new file mode 100644 index 00000000000..cc7836afbbd --- /dev/null +++ b/SPECS/heimdal/heimdal.csh @@ -0,0 +1,3 @@ +if ( "${path}" !~ */usr/lib/heimdal/bin* ) then + set path = ( /usr/lib/heimdal/bin $path ) +endif diff --git a/SPECS/heimdal/heimdal.logrotate b/SPECS/heimdal/heimdal.logrotate new file mode 100644 index 00000000000..8b9fc012f81 --- /dev/null +++ b/SPECS/heimdal/heimdal.logrotate @@ -0,0 +1,9 @@ +/var/log/heimdal/*.log { + compress + delaycompress + maxage 100 + minsize 100M + missingok + notifempty +} + diff --git a/SPECS/heimdal/heimdal.sh b/SPECS/heimdal/heimdal.sh new file mode 100644 index 00000000000..4e9b14ae207 --- /dev/null +++ b/SPECS/heimdal/heimdal.sh @@ -0,0 +1,3 @@ +if ! echo ${PATH} | /bin/grep -q /usr/lib/heimdal/bin ; then + PATH=/usr/lib/heimdal/bin:${PATH} +fi diff --git a/SPECS/heimdal/heimdal.signatures.json b/SPECS/heimdal/heimdal.signatures.json new file mode 100644 index 00000000000..2428c10fa58 --- /dev/null +++ b/SPECS/heimdal/heimdal.signatures.json @@ -0,0 +1,23 @@ +{ + "Signatures": { + "heimdal-7.7.0.tar.gz": "f02d3314d634cc55eb9cf04a1eae0d96b293e45a1f837de9d894e800161b7d1b", + "heimdal-bashrc": "606045acea4cddb8f0cb7697225382aa89505aa5e0b89c244da333650a372e4f", + "heimdal-ipropd-master.init": "ecd6d7dd613dcf4e255bc296ad0c6f76ffd0931ee9e8e2b94b0a7edeb92d1264", + "heimdal-ipropd-master.service": "fc70e57eb6118132d21bad1c01bf16ee5a8572867ee369a09d3f4dbd63adbf7a", + "heimdal-ipropd-slave-wrapper": "635cd27b5c669454edd8dcc824fe312e32208dfae64c31f712c66e52e7e9f22a", + "heimdal-ipropd-slave.init": "6b231843e5ebce922cfc4babfc05066a9c4db54cdd1a85f93cd3678e26e693f0", + "heimdal-ipropd-slave.service": "4f47b03fe7dda11538cc5044b64000ccb5fd6f2b5e25f1a8fae3000a0b291379", + "heimdal-kadmind.init": "8949c6b7ff7c5d155cca1a063b5379423d343373af804dbeb221f73487fabe72", + "heimdal-kadmind.service": "b1e9552b1eecfb6aecef4377df1ea2f1463cd1ab5e8b8f302711ad807ccc3279", + "heimdal-kdc.conf": "45deebc4d962e72ab98836cb68ef1b9db983f9ff32985389b1281713c0416f0f", + "heimdal-kdc.init": "5638e9097dba55d0b3262a2d7fe04953fe4bbb415368e2f9ad4ade5dbaea00f9", + "heimdal-kdc.service": "3f8b60c93dceca5ab87968b0b6a0a4bcaf3456da581b6285d555a0aa49e51cf0", + "heimdal-kpasswdd.init": "9a223d4c5f3f5b6a70683732cf17d39a747c1747052c00f3577134b60efb2350", + "heimdal-kpasswdd.service": "4a45e86920f02099a36d540b872a2d59304752f2b398ec20151682c6e647b437", + "heimdal.csh": "3b39878656dc4d8cca369da7ff48a006f6cb8e8f6840a3c297126c12f052dfed", + "heimdal.logrotate": "a92e7da78889cde1a228d38cd018536141b1a49be7e7c728573c6c4b0ff811d5", + "heimdal.sh": "dbdc05028a6679fa2309b78f51e868dcb85a4b257bc2b3cb9300cb9ecca41610", + "heimdal.sysconfig": "39f5e7a93d3cdcebeabdda5d049d0df14620b9767eedaa2565ac2eaa8d981d3a", + "krb5.conf.sample": "7352381f918c539c9197ea18d415668dc37bc44395ead4ea86ba50a7431a27cb" + } +} \ No newline at end of file diff --git a/SPECS/heimdal/heimdal.spec b/SPECS/heimdal/heimdal.spec new file mode 100644 index 00000000000..870f13bc5ad --- /dev/null +++ b/SPECS/heimdal/heimdal.spec @@ -0,0 +1,866 @@ +%global _hardened_build 1 +%global libdir %{_libdir}/heimdal +%global bindir %{_lib}/heimdal +# Use systemd unit files on RHEL 7 and above. +%if ! (0%{?rhel} && 0%{?rhel} < 7) + %global _with_systemd 1 +%endif +# This macro was added in Fedora 20. Use the old version if it's undefined +# on older Fedoras and RHELs prior to RHEL 8. +# https://fedoraproject.org/wiki/Changes/UnversionedDocdirs +%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} +Summary: A Kerberos 5 implementation without export restrictions +Name: heimdal +Version: 7.7.0 +Release: 5%{?dist} +License: BSD AND MIT +Vendor: Microsoft Corporation +Distribution: Mariner +URL: https://www.heimdal.software/ +Source0: https://github.com/%{name}/%{name}/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz +Source3: %{name}.sysconfig +Source4: %{name}.sh +Source5: %{name}.csh +Source9: krb5.conf.sample +Source10: %{name}.logrotate +Source11: %{name}-bashrc +Source20: %{name}-kdc.init +Source21: %{name}-ipropd-master.init +Source22: %{name}-ipropd-slave.init +Source23: %{name}-kadmind.init +Source24: %{name}-kpasswdd.init +Source25: %{name}-kdc.conf +Source26: %{name}-kdc.service +Source27: %{name}-ipropd-master.service +Source28: %{name}-ipropd-slave.service +Source29: %{name}-kadmind.service +Source30: %{name}-kpasswdd.service +Source31: %{name}-ipropd-slave-wrapper +# klist, kswitch, and kvno are symlinks to "heimtools", and this utility needs +# to know how to interpret the "heimdal-" prefixes. +Patch1: heimdal-1.6.0-c25f45a-rename-commands.patch +# Use Python2 explicity. +Patch3: heimdal-7.5.0-explicit-python2.patch +Patch4: heimdal-7.7.0-configure.patch +Patch5: fix_test_rand_build_failure.patch +BuildRequires: bison +#libcom_err-devel is in +#BuildRequires: libcom_err-devel +BuildRequires: e2fsprogs-devel +BuildRequires: e2fsprogs-libs +BuildRequires: flex +BuildRequires: gettext +BuildRequires: groff +BuildRequires: libcap-ng-devel +BuildRequires: libedit-devel +BuildRequires: libtool +BuildRequires: ncurses-devel +BuildRequires: openssl-devel +#BuildRequires: openldap-devel +#Required for tests/ldap +#BuildRequires: openldap-servers +BuildRequires: pam-devel +BuildRequires: perl-JSON +#BuildRequires: doxygen +#BuildRequires: graphviz +BuildRequires: python2 +BuildRequires: sqlite-devel +BuildRequires: systemd-devel +BuildRequires: texinfo +#%if 0%{?_with_systemd} +#BuildRequires: systemd-units +#%endif +# Bundled libtommath (https://bugzilla.redhat.com/1118462) +Provides: bundled(libtommath) = 0.42.0 +%if (0%{?rhel} && 0%{?rhel} < 7) +BuildRequires: db4-devel +%else +BuildRequires: libdb-devel +%endif + +%description +Kerberos 5 is a network authentication and single sign-on system. +Heimdal is a free Kerberos 5 implementation without export restrictions +written from the spec (rfc1510 and successors) including advanced features +like thread safety, IPv6, master-slave replication of Kerberos Key +Distribution Center server and support for ticket delegation (S4U2Self, +S4U2Proxy). +This package can coexist with MIT Kerberos 5 packages. Hesiod is disabled +by default since it is deemed too big a security risk by the packager. + +%package workstation +Summary: Heimdal kerberos programs for use on workstations + +%description workstation +This package contains Heimdal Kerberos 5 programs and utilities for +use on workstations (kinit, klist, kdestroy, kpasswd) + +%package server +Summary: Heimdal kerberos server +Requires: logrotate +Provides: heimdal-kdc = %{version}-%{release} +Obsoletes: heimdal-kdc < 1.5 +%if 0%{?_with_systemd} +Requires(post): systemd +Requires(postun): systemd +Requires(preun): systemd +%else +Requires(post): chkconfig +Requires(postun): initscripts +Requires(preun): chkconfig +Requires(preun): initscripts +%endif + +%description server +This package contains the master Heimdal kerberos Key Distribution +Center (KDC), admin interface server (admind) and master-slave +synchronisation daemons. Install this package if you intend to +set up Kerberos server. + +%package libs +Summary: Heimdal kerberos shared libraries +#Requires(post): info +#Requires(preun): info + +%description libs +This package contains shared libraries required by several of the other +Heimdal packages. + +%package devel +Summary: Header and other development files for Heimdal kerberos +Provides: %{name}-static = %{version}-%{release} + +%description devel +Contains files needed to compile and link software using the Heimdal +kerberos headers/libraries. + +%package path +Summary: Heimdal kerberos PATH manipulation +Requires: %{name}-libs +# For /etc/profile.d +#Requires: setup + +%description path +This package prepends the Heimdal binary directory to the beginning of +PATH. + +%prep +%setup -q +%patch1 -p1 -b .cmds +%patch3 -p1 -b .python2 +%patch4 -p1 -b .config +%patch5 -p1 + +./autogen.sh + +%build +%ifarch i386 +%global build_fix "-march=i686" +%else +%global build_fix "" +%endif +autoreconf -ivf +%configure \ + --prefix=%{_prefix} \ + --includedir=%{_includedir}/%{name} \ + --libdir=%{libdir} \ + --enable-static \ + --enable-shared \ + --enable-pthread-support \ + --without-x \ + --without-hesiod \ + --with-ipv6 \ + --enable-kcm \ + --enable-pk-init \ + --with-openldap=%{_prefix} \ + --with-sqlite3=%{_prefix} \ + --with-libedit=%{_prefix} \ + LIBS="-ltermcap" \ + CFLAGS="-fPIC %{optflags} %{build_fix}" +%make_build -j1 -C include krb5-types.h +%make_build -j1 +%make_build -j1 -C doc html + +# po/localefiles is not in the tarball, which causes install to fail +touch po/localefiles +%make_build -C po mo + +%check +# Several intermittent test failures here, so make this non-fatal: +# (timeout to debug hard to reproduce stuck build) +timeout 20m %make_build check || : + +%install +%make_install +# install the init files +%if 0%{?_with_systemd} + # install systemd service files + mkdir -p %{buildroot}%{_unitdir} + pushd %{buildroot}%{_unitdir} + install -p -D -m 644 %{SOURCE26} heimdal-kdc.service + install -p -D -m 644 %{SOURCE27} heimdal-ipropd-master.service + install -p -D -m 644 %{SOURCE28} heimdal-ipropd-slave.service + install -p -D -m 644 %{SOURCE29} heimdal-kadmind.service + install -p -D -m 644 %{SOURCE30} heimdal-kpasswdd.service + popd + install -p -D -m 755 %{SOURCE31} %{buildroot}%{_libexecdir}/ipropd-slave-wrapper +%else + # install legacy SysV init scripts + mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d + pushd %{buildroot}%{_sysconfdir}/rc.d/init.d + install -p -D -m 755 %{SOURCE20} heimdal-kdc + install -p -D -m 755 %{SOURCE21} heimdal-ipropd-master + install -p -D -m 755 %{SOURCE22} heimdal-ipropd-slave + install -p -D -m 755 %{SOURCE23} heimdal-kadmind + install -p -D -m 755 %{SOURCE24} heimdal-kpasswdd + popd +%endif +install -p -D -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/heimdal +install -p -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/profile.d/heimdal.sh +install -p -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/profile.d/heimdal.csh +install -p -D -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/logrotate.d/heimdal +mkdir -p %{buildroot}%{_localstatedir}/heimdal/ +install -p -D -m 755 %{SOURCE25} %{buildroot}%{_sysconfdir}/heimdal-kdc.conf +ln -s %{_sysconfdir}/heimdal-kdc.conf %{buildroot}%{_localstatedir}/heimdal/kdc.conf +echo "# see man heimdal-kadmind(8)" > %{buildroot}%{_sysconfdir}/heimdal-kadmind.acl +ln -s %{_sysconfdir}/heimdal-kadmind.acl %{buildroot}%{_localstatedir}/heimdal/kadmind.acl +touch %{buildroot}%{_sysconfdir}/heimdal-slaves +ln -s %{_sysconfdir}/heimdal-slaves %{buildroot}%{_localstatedir}/heimdal/slaves +install -d -m 700 %{buildroot}%{_localstatedir}/log/heimdal +install -d -m 755 %{buildroot}/%{_pkgdocdir} +install -p -D -m 644 LICENSE %{buildroot}/%{_pkgdocdir}/LICENSE +install -p -D -m 644 %{SOURCE9} %{buildroot}/%{_pkgdocdir}/krb5.conf.sample +install -p -D -m 644 %{SOURCE11} %{buildroot}/%{_pkgdocdir}/bashrc +# we don't need pkgconfig file and info/dir +rm -rf %{buildroot}%{libdir}/pkgconfig +rm -rf %{buildroot}%{_infodir}/dir +# NOTICE: no support for X11 +rm -f %{buildroot}%{_mandir}/man1/kx.1* +rm -f %{buildroot}%{_mandir}/man1/rxtelnet.1* +rm -f %{buildroot}%{_mandir}/man1/rxterm.1* +rm -f %{buildroot}%{_mandir}/man1/tenletxr.1* +rm -f %{buildroot}%{_mandir}/man1/xnlock.1* +rm -f %{buildroot}%{_mandir}/man8/kxd.8* +# Remove CAT files, they are not needed +rm -rf %{buildroot}%{_mandir}/cat* +# Remove libtool archives +find %{buildroot} -type f -name "*.la" -delete -print + +mkdir -p %{buildroot}%{_sysconfdir}/ld.so.conf.d/ +cat >> %{buildroot}%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf << EOF +%{_libdir}/%{name} +EOF + +mkdir -p %{buildroot}%{bindir}/bin +mkdir -p %{buildroot}%{_mandir}/%{name}/man{1,5,8} + +# rename clashes with other pkgs from to heimdal- +for prog in kadmin kadmind kdestroy kinit klist kpasswd krb5-config ktutil su pagsh compile_et +do + if [ -e %{buildroot}%{_bindir}/${prog} ]; then + mv %{buildroot}%{_bindir}/{,%{name}-}${prog} + ln -s %{_bindir}/%{name}-${prog} %{buildroot}%{bindir}/bin/${prog} + elif [ -e %{buildroot}%{_sbindir}/${prog} ]; then + mv %{buildroot}%{_sbindir}/{,%{name}-}${prog} + ln -s %{_sbindir}/%{name}-${prog} %{buildroot}%{bindir}/bin/${prog} + elif [ -e %{buildroot}%{_libexecdir}/${prog} ]; then + mv %{buildroot}%{_libexecdir}/{,%{name}-}${prog} + fi + + if [ -e %{buildroot}%{_mandir}/man1/${prog}.1 ]; then + mv %{buildroot}%{_mandir}/man1/{,%{name}-}${prog}.1 + elif [ -e %{buildroot}%{_mandir}/man8/${prog}.8 ]; then + mv %{buildroot}%{_mandir}/man8/{,%{name}-}${prog}.8 + fi +done + +# If we have the prefixed name in one pkg we want it in all. +mv %{buildroot}%{_bindir}/{,%{name}-}kswitch +ln -s %{_bindir}/%{name}-kswitch %{buildroot}%{bindir}/bin/kswitch +mv %{buildroot}%{_mandir}/man1/{,%{name}-}kswitch.1 + +ln -s %{name}-kinit %{buildroot}%{_bindir}/kauth + +mv %{buildroot}%{_mandir}/man5/{,%{name}-}krb5.conf.5 + +rm %{buildroot}%{_mandir}/man5/qop.5 +ln -s mech.5.gz %{buildroot}%{_mandir}/man5/qop.5.gz + +%find_lang %{name} --all-name + +%post server +%if 0%{?_with_systemd} + %systemd_post heimdal-kdc.service + %systemd_post heimdal-ipropd-master.service + %systemd_post heimdal-ipropd-slave.service + %systemd_post heimdal-kadmind.service + %systemd_post heimdal-kpasswdd.service +%else + /sbin/chkconfig --add heimdal-kdc + /sbin/chkconfig --add heimdal-ipropd-master + /sbin/chkconfig --add heimdal-ipropd-slave + /sbin/chkconfig --add heimdal-kadmind + /sbin/chkconfig --add heimdal-kpasswdd +%endif + +%preun server +%if 0%{?_with_systemd} + %systemd_preun heimdal-kdc.service + %systemd_preun heimdal-ipropd-master.service + %systemd_preun heimdal-ipropd-slave.service + %systemd_preun heimdal-kadmind.service + %systemd_preun heimdal-kpasswdd.service +%else + if [ $1 -eq 0 ] ; then + /sbin/service heimdal-kdc stop >/dev/null 2>&1 || : + /sbin/chkconfig --del heimdal-kdc + /sbin/service heimdal-ipropd-master stop >/dev/null 2>&1 || : + /sbin/chkconfig --del heimdal-ipropd-master + /sbin/service heimdal-ipropd-slave stop >/dev/null 2>&1 || : + /sbin/chkconfig --del heimdal-ipropd-slave + /sbin/service heimdal-kadmind stop >/dev/null 2>&1 || : + /sbin/chkconfig --del heimdal-kadmind + /sbin/service heimdal-kpasswdd stop >/dev/null 2>&1 || : + /sbin/chkconfig --del >/dev/null + fi +%endif + +%postun server +%if 0%{?_with_systemd} + %systemd_postun heimdal-kdc.service + %systemd_postun heimdal-ipropd-master.service + %systemd_postun heimdal-ipropd-slave.service + %systemd_postun heimdal-kadmind.service + %systemd_postun heimdal-kpasswdd.service +%else + if [ $1 -eq 1 ] ; then + /sbin/service heimdal-kdc condrestart >/dev/null 2>&1 || : + /sbin/service heimdal-ipropd-master condrestart >/dev/null 2>&1 || : + /sbin/service heimdal-ipropd-slave condrestart >/dev/null 2>&1 || : + /sbin/service heimdal-kadmind condrestart >/dev/null 2>&1 || : + /sbin/service heimdal-kpasswdd condrestart >/dev/null 2>&1 || : + fi +%endif + +%if (0%{?rhel} && 0%{?rhel} < 8) +%post libs +/sbin/ldconfig +/sbin/install-info %{_infodir}/%{name}.info %{_infodir}/dir || : + +%preun libs +if [ $1 = 0 ] ; then + /sbin/install-info --delete %{_infodir}/%{name}.info %{_infodir}/dir || : +fi + +%postun libs -p /sbin/ldconfig +%endif + +%files libs -f %{name}.lang +%license LICENSE +%doc %{_pkgdocdir} +%dir %{bindir} +%dir %{bindir}/bin +%dir %{libdir} +%config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf +%{libdir}/lib*.so* +%{libdir}/windc.so* +%{_infodir}/heimdal.info* +%{_infodir}/hx509.info* +%{_mandir}/man5/%{name}-krb5.conf.5* +%{_mandir}/man5/qop.5* +%{_mandir}/man5/mech.5* +%{_mandir}/man8/kerberos.8* +%{_bindir}/string2key +%{_mandir}/man8/string2key.8* +%{_libexecdir}/kdigest +%{_mandir}/man8/kdigest.8* +%{_bindir}/verify_krb5_conf +%{_mandir}/man8/verify_krb5_conf.8* +%{_libexecdir}/digest-service + +%files server +%if 0%{?_with_systemd} +%{_unitdir}/*.service +%else +%{_initrddir}/* +%endif +%{_sysconfdir}/logrotate.d/heimdal +%config(noreplace) %{_sysconfdir}/sysconfig/heimdal +%dir %attr(700,root,root) %{_localstatedir}/heimdal +%dir %attr(700,root,root) %{_localstatedir}/log/heimdal +%config(noreplace) %attr(600,root,root) %{_sysconfdir}/heimdal-kdc.conf +%config(noreplace) %{_localstatedir}/heimdal/kdc.conf +%config(noreplace) %attr(600,root,root) %{_sysconfdir}/heimdal-kadmind.acl +%config(noreplace) %{_localstatedir}/heimdal/kadmind.acl +%config(noreplace) %attr(600,root,root) %{_sysconfdir}/heimdal-slaves +%config(noreplace) %{_localstatedir}/heimdal/slaves +%{_libexecdir}/hprop +%{_mandir}/man8/hprop.8* +%{_libexecdir}/hpropd +%{_mandir}/man8/hpropd.8* +%{_mandir}/man8/iprop.8* +%{_sbindir}/iprop-log +%{_mandir}/man8/iprop-log.8* +%{_libexecdir}/ipropd-master +%{_mandir}/man8/ipropd-master.8* +%{_libexecdir}/ipropd-slave +%{_mandir}/man8/ipropd-slave.8* +%if 0%{?_with_systemd} +%{_libexecdir}/ipropd-slave-wrapper +%endif +%{_libexecdir}/%{name}-kadmind +%{_mandir}/man8/%{name}-kadmind.8* +%{_libexecdir}/kdc +%{_mandir}/man8/kdc.8* +%{_libexecdir}/kpasswdd +%{_mandir}/man8/kpasswdd.8* +%{_sbindir}/kstash +%{_mandir}/man8/kstash.8* + +%files workstation +%{_bindir}/afslog +%{_mandir}/man1/afslog.1* +%{_bindir}/bsearch +%{_mandir}/man1/bsearch.1* +%{_bindir}/%{name}-pagsh +%{bindir}/bin/pagsh +%{_mandir}/man1/%{name}-pagsh.1* +%{_bindir}/gsstool +%{_bindir}/heimtools +%{_bindir}/hxtool +%{_bindir}/idn-lookup +%{_bindir}/%{name}-kdestroy +%{bindir}/bin/kdestroy +%{_mandir}/man1/%{name}-kdestroy.1* +%{_bindir}/kf +%{_mandir}/man1/kf.1* +%{_bindir}/kgetcred +%{_mandir}/man1/kgetcred.1* +%{_libexecdir}/kimpersonate +%{_mandir}/man8/kimpersonate.8* +%{_bindir}/%{name}-kinit +%{bindir}/bin/kinit +%{_bindir}/kauth +%{_mandir}/man1/%{name}-kinit.1* +%{_bindir}/%{name}-klist +%{bindir}/bin/klist +%{_mandir}/man1/%{name}-klist.1* +%{_bindir}/%{name}-kpasswd +%{bindir}/bin/kpasswd +%{_mandir}/man1/%{name}-kpasswd.1* +%{_bindir}/heimdal-kswitch +%{bindir}/bin/kswitch +%{_mandir}/man1/heimdal-kswitch.1* +%{_bindir}/otp +%{_mandir}/man1/otp.1* +%{_bindir}/otpprint +%{_mandir}/man1/otpprint.1* +%{_bindir}/%{name}-kadmin +%{bindir}/bin/kadmin +%{_mandir}/man1/%{name}-kadmin.1* +%{_libexecdir}/kcm +%{_mandir}/man8/kcm.8* +%{_libexecdir}/kfd +%{_mandir}/man8/kfd.8* +%{_bindir}/%{name}-ktutil +%{bindir}/bin/ktutil +%{_mandir}/man1/%{name}-ktutil.1* +%attr(04550,root,root) %{_bindir}/%{name}-su +%{bindir}/bin/su +%{_mandir}/man1/%{name}-su.1* + +%files devel +%dir %{_libexecdir}/%{name} +%{_bindir}/%{name}-krb5-config +%{bindir}/bin/krb5-config +%{_mandir}/man1/%{name}-krb5-config.1* +%{_includedir}/* +%{libdir}/lib*.a +%{libdir}/windc.a +%{_mandir}/man3/* +%{_mandir}/man7/* +%{_libexecdir}/%{name}/asn1_compile +%{_libexecdir}/%{name}/asn1_print +%{_libexecdir}/%{name}/slc + +%files path +%{_sysconfdir}/profile.d/%{name}.sh +%{_sysconfdir}/profile.d/%{name}.csh + +%changelog +* Wed Oct 21 2020 Henry Beberman - 7.7.0-5 +- Initial CBL-Mariner import from Fedora 32 (license: MIT). +- License verified. + +* Wed Jan 29 2020 Fedora Release Engineering - 7.7.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Jan 17 2020 Jeff Law - 7.7.0-3 +- Fix configure tests compromised by LTO + +* Sat Dec 21 2019 Alexander Boström - 7.7.0-2 +- Set timeout on make check + +* Fri Dec 20 2019 Alexander Boström - 7.7.0-1 +- Update to 7.7.0 +- Remove upstreamed patch +- New project URL +- Update buildreqs +- Add locale build fix + +* Thu Jul 25 2019 Fedora Release Engineering - 7.5.0-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Feb 01 2019 Fedora Release Engineering - 7.5.0-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jan 14 2019 Björn Esser - 7.5.0-7 +- Rebuilt for libcrypt.so.2 (#1666033) + +* Sun Jan 06 2019 Björn Esser - 7.5.0-6 +- Add patch to explicitly use python2 binary, fixes FTBFS (#1604316) +- Do not run 'make dist', fixes FTBFS (#1604316) +- Make sure 'krb5-types.h' is build, fixes FTBFS (#1604316) +- Remove el5 bits +- Drop unneeded scriptlets for newer distros +- Use %%make_build and %%make_install macros +- Install license file using %%license in libs package + +* Fri Jul 13 2018 Fedora Release Engineering - 7.5.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu Mar 15 2018 Iryna Shcherbina - 7.5.0-4 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Wed Feb 07 2018 Fedora Release Engineering - 7.5.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Jan 20 2018 Björn Esser - 7.5.0-2 +- Rebuilt for switch to libxcrypt + +* Thu Dec 14 2017 Ken Dreyer - 7.5.0-1 +- Update to 7.5.0 GA release (CVE-2017-17439) + +* Mon Oct 23 2017 Alexander Boström - 7.4.0-5 +- Backport fix to prevent wait() loop on non-existant child process + +* Wed Aug 02 2017 Fedora Release Engineering - 7.4.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 7.4.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed Jul 12 2017 Ken Dreyer - 7.4.0-2 +- Make test failures non-fatal + +* Tue Jul 11 2017 Ken Dreyer - 7.4.0-1 +- Update to 7.4.0 GA release (CVE-2017-11103) + +* Mon Apr 17 2017 Ken Dreyer - 7.3.0-1 +- Update to 7.3.0 GA release (CVE-2017-6594) + +* Fri Feb 10 2017 Fedora Release Engineering - 7.1.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Dec 29 2016 Ken Dreyer - 7.1.0-1 +- Update to 7.1.0 GA release +- Drop all remaining xinetd bits + +* Wed Feb 03 2016 Fedora Release Engineering - 1.6.0-0.13.20150115gitc25f45a +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Aug 10 2015 Ken Dreyer - 1.6.0-0.12.20150115gitc25f45a +- Fix ld.so.conf.d file conflict between 32-bit and 64-bit packages + (rhbz#1244316) +- Mark ld.so.conf.d as %%config(noreplace) + +* Wed Jun 17 2015 Fedora Release Engineering - 1.6.0-0.11.20150115gitc25f45a +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Thu Jan 15 2015 Ken Dreyer - 1.6.0-0.10.20150115gitc25f45a +- Update git snapshot to latest tip of heimdal-1-6-branch +- Remove upstreamed patches +- Add virtual provides for bundled(libtommath) (RHBZ #1118462) + +* Sat Aug 16 2014 Fedora Release Engineering - 1.6.0-0.10.20140621gita5adc06 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Mon Jul 07 2014 Ken Dreyer - 1.6.0-0.9.20140621gita5adc06 +- Remove OpenSSL BR and go back to using hcrypto with bundled libtommath. + OpenSSL is not thread safe without callbacks (RHBZ #1118462) + +* Tue Jul 01 2014 Ken Dreyer - 1.6.0-0.8.20140621gita5adc06 +- Patch for parallel build failure in kadm5. Thanks Jakub Čajka. +- Remove comments about X11 binaries (we will never ship those). + +* Sun Jun 22 2014 Ken Dreyer - 1.6.0-0.7.20140621gita5adc06 +- Update git snapshot to latest tip of heimdal-1-6-branch + +* Sat Jun 07 2014 Ken Dreyer - 1.6.0-0.6.20140606git966108b +- Update git snapshot to latest tip of heimdal-1-6-branch +- Don't ship xinetd support if the distro has systemd (RHBZ #613001) + +* Fri May 30 2014 Ken Dreyer - 1.6.0-0.5.20140529gitddde77b +- Update git snapshot to latest tip of heimdal-1-6-branch +- Use /sbin path in %%pre/%%post scripts for EL6 and EL5 +- Install login.users(5) normally, since it doesn't conflict with anything + (RHBZ #613001) +- Don't ship ftpusers(5) (RHBZ #613001) +- Patch heimtools to deal with the commands' "heimdal-" prefixes (RHBZ #613001) +- Use "simple" systemd service type for kdc, kadmind, kpasswdd +- Add "--detach" flag in heimdal-ipropd-slave-wrapper to match the systemd + forking service type +- Patch kadmind to handle systemd's restrictions on setpgid() (RHBZ #613001) + +* Thu May 22 2014 Ken Dreyer - 1.6.0-0.4.20140522git229d8c7 +- Update git snapshot to latest tip of heimdal-1-6-branch +- Drop upstreamed text-fx patch +- Install Texinfo files (RHBZ #613001) +- Add Provides: heimdal-static to -devel subpackage (RHBZ #613001) +- Drop %%defattr (RHBZ #613001) +- Add text content to kadmind.acl to help users (and remove a zero-length file) +- Install profile.d scripts with non-executable permissions +- Remove .la files +- Patch to remove AC_PROG_LIBTOOL macro +- Reload xinetd when using systemd +- Require logrotate and setup, since we drop config files into directories that + these packages own. +- Add unowned Heimdal directories in %%files +- Replace "heimdal" with %%{name} in %%files +- Do not BR libcap-ng-devel on EL5 + +* Tue Apr 29 2014 Ken Dreyer - 1.6.0-0.3.20140429gitd60ba47 +- Add BR libdb-devel on Fedora (RHBZ #613001) +- Add BR openssl-devel and libcap-ng-devel (RHBZ #613001) +- Only set BuildRoot on el5 +- Alphabetize non-conditional BuildRequires +- Remove duplicate BR openldap-devel + +* Tue Apr 29 2014 Ken Dreyer - 1.6.0-0.2.20140326git7e6b55 +- Update git snapshot to latest tip of heimdal-1-6-branch +- Rename Source11 with "heimdal-" prefix +- Use newer macro for UnversionedDocdirs change + +* Mon Jan 06 2014 Ken Dreyer - 1.6.0-0.1.20140106git46a508 +- Package git snapshot from master branch + +* Wed Oct 16 2013 Ken Dreyer - 1.5.3-24.20130903gitb074e0b +- Disable autogen and parallel make on EL5 +- Add pregenerated autoconf tarball as Source1 +- Add script to pregenerate autoconf files as Source2 + +* Tue Sep 10 2013 Alexander Boström - 1.5.3-23.20130903gitb074e0b +- Fix build. (Problem with symlinks to kcc.) + +* Thu Sep 05 2013 Alexander Boström - 1.5.3-22.20130903gitb074e0b +- Rename rename kcc to heimdal-kcc (conflicts in el5 and fedora) +- Rename kswitch to heimdal-kswitch in el6 too + +* Tue Sep 03 2013 Alexander Boström - 1.5.3-21.20130903gitb074e0b +- Update to latest git snapshot of heimdal-1-5-branch +- remove upstreamed patch + +* Tue Sep 03 2013 Alexander Boström - 1.5.3-20.20130813gitdcc7c13 +- Split ipv6_loopbacks_fix.patch into one backport and one smaller change + +* Tue Aug 20 2013 Ken Dreyer - 1.5.3-19.20130813gitdcc7c13 +- Build against libedit instead of readline (avoid GPL entanglements) + +* Tue Aug 13 2013 Ken Dreyer - 1.5.3-18.20130813gitdcc7c13 +- Update to latest git snapshot of heimdal-1-5-branch +- remove upstreamed texinfo patches + +* Tue Aug 13 2013 Alexander Boström - 1.5.3-17.20130730gitd9b3691 +- remove workaround for bogus check-iprop check failure + +* Mon Aug 12 2013 Alexander Boström - 1.5.3-16.20130730gitd9b3691 +- buildreq groff on el6 and older +- remove most comments from sysconfig file +- systemd: only use /etc/sysconfig/heimdal to specify the iprop master + host, via a wrapper script +- systemd: use Type=forking +- make systemd the default, check for known sysv systems + +* Mon Aug 12 2013 Ken Dreyer - 1.5.3-15.20130812git29f0a90 +- Update to latest git snapshot of heimdal-1-5-branch + +* Mon Aug 12 2013 Alexander Boström - 1.5.3-14.20130730gitd9b3691 +- do not ghost files in owned directory + +* Mon Aug 12 2013 Alexander Boström - 1.5.3-13.20130730gitd9b3691 +- use global instead of define + +* Mon Aug 12 2013 Alexander Boström - 1.5.3-12.20130730gitd9b3691 +- add doc references to unit files + +* Mon Aug 12 2013 Alexander Boström - 1.5.3-11.20130730gitd9b3691 +- add missing req on xinetd +- remove slash after buildroot macro usage +- preserve timestamps of installed files +- move slaves config file to /etc +- no attributes on symlinks +- only ghost own the slave-stats file + +* Fri Aug 09 2013 Ken Dreyer - 1.5.3-10.20130730gitd9b3691 +- add systemd files and _with_systemd conditional +- remove "--detach" from sysconfig comments +- tweak kadmind service description +- add comments about texinfo patches + +* Fri Aug 09 2013 Alexander Boström - 1.5.3-9.20130730gitd9b3691 +- SysV scriptlets and initscript cleanups +- xinetd services ipv6 enabled + +* Thu Aug 08 2013 Ken Dreyer - 1.5.3-8.20130730gitd9b3691 +- Add Debian's texinfo patch to hx509, plus my own hacks for 5.1 + +* Thu Aug 08 2013 Ken Dreyer - 1.5.3-7.20130730gitd9b3691 +- Add missing groff buildreq on F19 and above +- Tweak Summary + +* Thu Aug 08 2013 Alexander Boström - 1.5.3-6 +- Add missing buildreqs + +* Thu Aug 08 2013 Alexander Boström - 1.5.3-5 +- Update to post 1.5.3 snapshot, deprecating a couple of patches +- Add autogen.sh and extra BRs, build fixes. + +* Thu Aug 08 2013 Alexander Boström - 1.5.3-4 +- No autoreconf +- More robust ?rhel macro usage +- BR libcom_err-devel instead of e2fsprogs-devel (but not on el5) +- el5 build fixes + +* Tue Aug 06 2013 Alexander Boström - 1.5.3-3 +- Add heimdal-des-key-selection.patch + +* Tue Aug 06 2013 Alexander Boström - 1.5.3-2 +- Use upstream tarball. +- Remove unused patches. +- Fix heimdal-kdc.conf +- Handle the case of no .mo files + +* Tue Aug 06 2013 Ken Dreyer - 1.5.3-1 +- Update to 1.5.3 (tag from Git) +- Use the find_lang macro to include the translation files +- Add Getopt patch in order to build with Fedora's newer Perl +- Adjust Group to satisfy rpmlint +- Remove macros from comments to satisfy rpmlint + +* Mon Jul 29 2013 Alexander Boström - 1.5.2-3.kth.19 +- really fix prefix munge patch +- fix texi build + +* Wed Jul 3 2013 Alexander Boström - 1.5.2-3.kth.18 +- fix prefix munge patch + +* Tue Jul 2 2013 Alexander Boström - 1.5.2-3.kth.17 +- rename kswitch to heimdal-kswitch (except on el6) + +* Tue Jul 2 2013 Alexander Boström - 1.5.2-3.kth.16 +- ignore missing otp binaries + +* Fri Jun 28 2013 Alexander Boström - 1.5.2-3.kth.15 +- fix license, fix macro-in-changelog + +* Fri Jun 28 2013 Alexander Boström - 1.5.2-3.kth.14 +- enable dns_lookup_realm and dns_lookup_kdc in the sample config file +- changed logrotate conf, postrotate should not be required +- add kdc.conf +- move kadmind.acl to sysconfdir + +* Thu Jun 27 2013 Alexander Boström - 1.5.2-3.kth.13 +- fix qop man symlink + +* Thu Jun 27 2013 Alexander Boström - 1.5.2-3.kth.12 +- workstation does not require xinetd +- fix paths in xinetd confs + +* Wed Jun 26 2013 Alexander Boström - 1.5.2-3.kth.11 +- fix symlinks + +* Wed Jun 26 2013 Alexander Boström - 1.5.2-3.kth.10 +- provide/obsolete heimdal-kdc + +* Wed Apr 10 2013 Alexander Boström - 1.5.2-3.kth.9 +- make PATH manipulation an optional subpackage + +* Wed Apr 10 2013 Alexander Boström - 1.5.2-3.kth.8 +- rename to heimdal-* instead of *.heimdal + +* Tue Apr 9 2013 Alexander Boström - 1.5.2-3.kth.7 +- split init script into multiple services + +* Tue Apr 9 2013 Alexander Boström - 1.5.2-3.kth.6 +- move su to the workstation subpkg + +* Tue Apr 9 2013 Alexander Boström - 1.5.2-3.kth.5 +- Add symlinks in the bin dir. + +* Tue Apr 9 2013 Alexander Boström - 1.5.2-3.kth.4 +- Reuse /etc/security/access.conf from PAM. + +* Tue Apr 9 2013 Alexander Boström - 1.5.2-3.kth.3 +- move daemon binaries to regular libexec dir, with executable name suffix + +* Mon Apr 8 2013 Alexander Boström - 1.5.2-3.kth.2 +- move binaries from /usr/lib64/heimdal/bin to /usr/lib/heimdal/bin + +* Mon Apr 8 2013 Alexander Boström - 1.5.2-3.kth.1 +- disable tests + +* Wed Jul 4 2012 Rok Papež, ARNES - 1.5.2-3 + - updated to upstream 1.5.2 + - added support for Fedora 17 + - fixed wrong PATH on x86_64 + - fixed IPv6 and multiple interfaces bug in krb5_parse_address: + https://bugzilla.redhat.com/show_bug.cgi?id=808147 + - added support for .heimdal prefix to kcc + +* Tue Oct 4 2011 Rok Papež, ARNES - 1.5.1-1 + - updated to upstream 1.5.1 + +* Tue Sep 27 2011 Rok Papež, ARNES - 1.5.1.pre20110912git-2 + - FESCo updates: https://fedorahosted.org/fesco/ticket/577 + - Implicit requires removed, rpmbuild can figure them out itself + - Implicit provides removed, we are NOT compatible with krb5 + - Enable hardened build: + https://fedoraproject.org/wiki/Packaging:Guidelines#PIE + https://fedoraproject.org/wiki/User:Kevin/DRAFT_When_to_use_PIE_compiler_flags + - Merged updates from Orion Poplawski + +* Mon Sep 12 2011 Rok Papež, ARNES - 1.5.1.pre20110912git-1.arnes + - Updated to Heimdal 1.5.1.pre20110912git + +* Tue Nov 30 2010 Rok Papež, ARNES - 1.4.1rc1-1.arnes + - Updated to Heimdal 1.4.1rc1 + +* Fri Jul 09 2010 Rok Papež, ARNES - 1.3.3-1.arnes + - Updated to Heimdal 1.3.3 + +* Wed Apr 21 2010 Rok Papež, ARNES - 1.3.2-2.arnes + - Updated to Heimdal 1.3.2 + +* Thu Sep 17 2009 Rok Papež, ARNES - 1.3.0pre9-1 + - Updated to Heimdal 1.3.0pre9 + - Building on CentOS 5.3 i386 and Fedora 11 x86_64. + +* Wed Jun 10 2009 Rok Papež, ARNES - 1.2.1-9 + - Fixed build for CentOS 4.7 (thanks to Nitzan Zaifman for bugreport) + +* Mon Jun 8 2009 Rok Papež, ARNES - 1.2.1-8 + - Fixed paths for building on CentOS 5.3 + - Rebuilt for CentOS 5.3 + - removed obsolete X11 dependency + +* Thu Feb 19 2009 Mitja Mihelic, ARNES - 1.2.1-7 + - added dependency on xinetd for heimdal-workstation + +* Tue Jan 20 2009 Rok Papež, ARNES + - Fixed permissions + +* Wed Oct 8 2008 Rok Papež, ARNES + - New specs for Heimdel 1.2.1, suggestions taken from both PDC and Mandrake specs file. + - Need to be compatible with MIT Kerberos 5 installation. + - Let MIT have priority diff --git a/SPECS/heimdal/heimdal.sysconfig b/SPECS/heimdal/heimdal.sysconfig new file mode 100644 index 00000000000..75271206cea --- /dev/null +++ b/SPECS/heimdal/heimdal.sysconfig @@ -0,0 +1,2 @@ +# hostname of the iprop master +#MASTER="" diff --git a/SPECS/heimdal/krb5.conf.sample b/SPECS/heimdal/krb5.conf.sample new file mode 100644 index 00000000000..af92166075b --- /dev/null +++ b/SPECS/heimdal/krb5.conf.sample @@ -0,0 +1,42 @@ +[logging] + default = FILE:/var/log/heimdal/heimdal.log + kdc = FILE:/var/log/heimdal/kdc.log + admin_server = FILE:/var/log/heimdal/kadmind.log + +[libdefaults] + default_realm = EXAMPLE.COM + dns_lookup_realm = true + dns_lookup_kdc = true + ticket_lifetime = 24h + forwardable = yes + +[realms] + EXAMPLE.COM = { + kdc = kerberos.example.com:88 + admin_server = kerberos.example.com:749 + default_domain = example.com + } + +[domain_realm] + .example.com = EXAMPLE.COM + example.com = EXAMPLE.COM + +[appdefaults] + forwardable = true + proxiable = true + encrypt = true + forward = true + pam = { + debug = false + ticket_lifetime = 36000 + renew_lifetime = 36000 + forwardable = true + krb4_convert = false + } + +[kdc] + enable-https = true + check-ticket-addresses = true + +[kadmin] + require-preauth = true diff --git a/SPECS/ipv6calc/ipv6calc-2.2.0-patch-8c7eea58.diff b/SPECS/ipv6calc/ipv6calc-2.2.0-patch-8c7eea58.diff new file mode 100644 index 00000000000..2eeb2d37d4a --- /dev/null +++ b/SPECS/ipv6calc/ipv6calc-2.2.0-patch-8c7eea58.diff @@ -0,0 +1,27 @@ +diff --git a/ipv6logconv/ipv6logconv.c b/ipv6logconv/ipv6logconv.c +index f31f5be..4483757 100644 +--- a/ipv6logconv/ipv6logconv.c ++++ b/ipv6logconv/ipv6logconv.c +@@ -58,7 +58,7 @@ static void lineparser(const long int outputtype); + /* LRU cache */ + + #define CACHE_LRU_SIZE 200 +- ++int cache_lru_limit; + static int cache_lru_max = 0; + static int cache_lru_last = 0; + static char cache_lru_key_token[CACHE_LRU_SIZE][NI_MAXHOST]; +diff --git a/ipv6logconv/ipv6logconv.h b/ipv6logconv/ipv6logconv.h +index 946b042..9699e2c 100644 +--- a/ipv6logconv/ipv6logconv.h ++++ b/ipv6logconv/ipv6logconv.h +@@ -20,8 +20,7 @@ + #define DEBUG_ipv6logconv_general 0x00000001l + #define DEBUG_ipv6logconv_processing 0x00000002l + +-/* prototyping */ +-int cache_lru_limit; ++extern int cache_lru_limit; + + extern int feature_reg; + extern int feature_ieee; diff --git a/SPECS/ipv6calc/ipv6calc.signatures.json b/SPECS/ipv6calc/ipv6calc.signatures.json new file mode 100644 index 00000000000..6c496c239bd --- /dev/null +++ b/SPECS/ipv6calc/ipv6calc.signatures.json @@ -0,0 +1,5 @@ +{ + "Signatures": { + "ipv6calc-2.2.0.tar.gz": "1935352f6171b07f18ce0487ee95ffcc006ea3f653f7cba564d2d8e135f04ca1" + } +} \ No newline at end of file diff --git a/SPECS/ipv6calc/ipv6calc.spec b/SPECS/ipv6calc/ipv6calc.spec new file mode 100644 index 00000000000..eded9812395 --- /dev/null +++ b/SPECS/ipv6calc/ipv6calc.spec @@ -0,0 +1,634 @@ +# mod_ipv6calc related +%{!?_httpd_apxs: %{expand: %%global _httpd_apxs %%{_sbindir}/apxs}} +%{!?_httpd_moddir: %{expand: %%global _httpd_moddir %%{_libdir}/httpd/modules}} +%{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}} +# database support (deselectable) +%if "%{?_without_ip2location:0}%{?!_without_ip2location:1}" == "1" +%define enable_ip2location 1 +%endif +%if "%{?_without_geoip:0}%{?!_without_geoip:1}" == "1" +%define enable_geoip 1 +%endif +%if "%{?_without_dbip:0}%{?!_without_dbip:1}" == "1" +%define enable_dbip 1 +%endif +%if "%{?_without_external:0}%{?!_without_external:1}" == "1" +%define enable_external 1 +%endif +# database locations +%define ip2location_db %{_datadir}/IP2Location +%define geoip_db %{_datadir}/GeoIP +%define dbip_db %{_datadir}/DBIP +%define external_db %{_datadir}/%{name}/db +# Berkeley DB selector +%define require_db4 %(echo "%{dist}" | grep -E -q '^\.el(5|6)$' && echo 1 || echo 0) +# shared library support (deselectable) +%if "%{?_without_shared:0}%{?!_without_shared:1}" == "1" +%define enable_shared 1 +%endif +Summary: IPv6 address format change and calculation utility +Name: ipv6calc +Version: 2.2.0 +Release: 41%{?dist} +License: GPLv2 +Vendor: Microsoft Corporation +Distribution: Mariner +URL: http://www.deepspace6.net/projects/%{name}.html +Source0: ftp://ftp.bieringer.de/pub/linux/IPv6/ipv6calc/%{name}-%{version}.tar.gz +Patch0: ipv6calc-2.2.0-patch-8c7eea58.diff +BuildRequires: gcc +BuildRequires: openssl-devel +BuildRequires: perl +BuildRequires: procps-ng +BuildRequires: perl(Digest::MD5) +BuildRequires: perl(strict) +BuildRequires: perl(warnings) +#Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +%if %{enable_shared} +Provides: ipv6calc-libs = %{version}-%{release} +%else +Conflicts: ipv6calc-libs +%endif + +%if %{require_db4} +BuildRequires: db4-devel +%else +BuildRequires: libdb-devel +%endif + +%description +ipv6calc is a small utility which formats and calculates IPv4/IPv6 addresses +in different ways. + +Install this package, if you want to retrieve information about a particular +IPv4/IPv6/MAC address (-i ADDRESS) or make life easier in adding entries to +reverse IPv6 DNS zones (e.g. -a 2001:db8:1234::1/48). + +In addition many format and type conversions are supported, see online help +and/or given URL for more. + +Also this package contains additional programs + - ipv6loganon: anonymize Apache web server logs + - ipv6logconv: special Apache web server log converter + (examples included for use with analog) + - ipv6logstats: create statistics from list of IPv4/IPv6 addresses + (examples included for use with gnu-plot) + - mod_ipv6calc: Apache module for anonymization/information logging on-the-fly + +Support for following databases + - IP2Location %{?enable_ip2location:ENABLED}%{?!enable_ip2location:DISABLED} + default directory for downloaded db files: %{ip2location_db} + (requires also external library on system) + + - GeoIP %{?enable_geoip:ENABLED}%{?!enable_geoip:DISABLED} + default directory for downloaded db files: %{geoip_db} + (requires also external library on system) + + - GeoIP v2 %{?enable_mmdb:ENABLED}%{?!enable_mmdb:DISABLED} + default directory for downloaded db files: %{geoip_db} + (requires also external library on system) + + - db-ip.com %{?enable_dbip:ENABLED}%{?!enable_dbip:DISABLED} + (once generated database files are found on system) + default directory for generated db files: %{dbip_db} + + - db-ip.com v2 %{?enable_mmdb:ENABLED}%{?!enable_mmdb:DISABLED} + (once generated database files are found on system) + default directory for generated db files: %{dbip_db} + + - External %{?enable_external:ENABLED}%{?!enable_external:DISABLED} + default directory for generated db files: %{external_db} + +Built %{?enable_shared:WITH}%{?!enable_shared:WITHOUT} shared-library + +Available rpmbuild rebuild options: + --without ip2location + --without geoip + --without dbip + --without mmdb (which disables GeoIP v2 and db-ip.com v2) + --without external + --without shared + --without mod_ipv6calc + +%package ipv6calcweb +Summary: IP address information web utility +BuildRequires: perl(Digest::MD5) +Requires: httpd +Requires: ipv6calc +Requires: perl(Digest::MD5) + +%description ipv6calcweb +ipv6calcweb contains a CGI program and a configuration file for +displaying information of IP addresses on a web page using ipv6calc. + +Check/adjust %{_sysconfdir}/httpd/conf.d/ipv6calcweb.conf +Default restricts access to localhost + +%prep +%setup -q + +%patch0 -p1 + +%configure \ + %{?enable_ip2location:--enable-ip2location} \ + %{?enable_ip2location:--with-ip2location-dynamic --with-ip2location-headers-fallback} \ + --with-ip2location-db=%{ip2location_db} \ + %{?enable_geoip:--enable-geoip} \ + %{?enable_geoip:--with-geoip-dynamic --with-geoip-headers-fallback} \ + --with-geoip-db=%{geoip_db} \ + %{?enable_dbip:--enable-dbip} \ + --with-dbip-db=%{dbip_db} \ + %{?enable_mmdb:--enable-mmdb --with-mmdb-dynamic} \ + %{?enable_external:--enable-external} \ + --with-external-db=%{external_db} \ + %{?enable_shared:--enable-shared} \ + %{?enable_mod_ipv6calc:--enable-mod_ipv6calc} + + +%build +make clean +make %{?_smp_mflags} COPTS="%{optflags}" + + +%install +make install DESTDIR=%{buildroot} + +## Install examples and helper files +install -d -p %{buildroot}%{_docdir}/%{name}-%{version}/ + +## examples +install -d %{buildroot}%{_datadir}/%{name}/examples/ + +# ipv6logconv +install -d %{buildroot}%{_datadir}/%{name}/examples/ipv6logconv +for file in examples/analog/*.{cfg,txt,tab,sh}; do + install $file %{buildroot}%{_datadir}/%{name}/examples/ipv6logconv/ +done + +# ipv6loganon +install -d %{buildroot}%{_datadir}/%{name}/examples/ipv6loganon +for file in ipv6loganon/README; do + install $file %{buildroot}%{_datadir}/%{name}/examples/ipv6loganon/ +done + +# ipv6logstats +install -d %{buildroot}%{_datadir}/%{name}/examples/ipv6logstats +for file in ipv6logstats/README ipv6logstats/example_* ipv6logstats/collect_ipv6logstats.pl; do + install $file %{buildroot}%{_datadir}/%{name}/examples/ipv6logstats/ +done + + +# db directory +install -d %{buildroot}%{external_db} + +# selinux +install -d %{buildroot}%{_datadir}/%{name}/selinux + + +# ipv6calcweb +install -d %{buildroot}%{_sysconfdir}/httpd/conf.d +install -d %{buildroot}%{_localstatedir}/www/cgi-bin + +install ipv6calcweb/ipv6calcweb.conf %{buildroot}%{_sysconfdir}/httpd/conf.d/ +install -m 755 ipv6calcweb/ipv6calcweb.cgi %{buildroot}%{_localstatedir}/www/cgi-bin/ +install -m 644 ipv6calcweb/ipv6calcweb-databases-in-var.te %{buildroot}%{_datadir}/%{name}/selinux/ + +%clean +rm -rf %{buildroot} + +%check +%ifnarch ppc64 + make test +%endif + + +%files +%license COPYING LICENSE +%doc ChangeLog README README.* CREDITS TODO USAGE doc/ipv6calc.lyx doc/ipv6calc.sgml doc/ipv6calc.html doc/ipv6calc.xml + +%defattr(644,root,root,755) + +# binaries +%attr(755,-,-) %{_bindir}/* + +# man pages +%{_mandir}/man8/* + +# tools +%attr(755,-,-) %{_datadir}/%{name}/tools/* + +# selinux +%attr(644,-,-) %{_datadir}/%{name}/selinux/* + +# shared library +%{?enable_shared:%attr(755,-,-) %{_libdir}/libipv6calc*} + +# database directory +%{external_db} + +# examples +%attr(755,-,-) %{_datadir}/%{name}/examples/*/*.pl +%attr(755,-,-) %{_datadir}/%{name}/examples/*/*.sh +%{_datadir}/%{name}/examples/ipv6loganon/ +%{_datadir}/%{name}/examples/ipv6logconv/ +%{_datadir}/%{name}/examples/ipv6logstats/ + +%files ipv6calcweb +%license COPYING LICENSE +%doc ipv6calcweb/README ipv6calcweb/USAGE + +%defattr(644,root,root,755) + +%attr(755,-,-) %{_localstatedir}/www/cgi-bin/ipv6calcweb.cgi +%config(noreplace) %{_sysconfdir}/httpd/conf.d/ipv6calcweb.conf + +%post +%{_sbindir}/ldconfig + +%postun +%{_sbindir}/ldconfig + +%changelog +* Wed Oct 21 2020 Henry Beberman - 2.2.0-41 +- Initial CBL-Mariner import from Fedora 32 (license: MIT). +- License verified. + +* Wed Jan 29 2020 Fedora Release Engineering - 2.2.0-40 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Jan 24 2020 Peter Bieringer - 2.2.0-39 +- add patch for BZ#1793903 + +* Sat Oct 12 2019 Peter Bieringer - 2.2.0-38 +- new release 2.2.0 + +* Sat Sep 07 2019 Peter Bieringer - 2.1.1-36 +- new release 2.1.1 + +* Thu Jul 25 2019 Fedora Release Engineering - 2.1.0-35 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri May 31 2019 Jitka Plesnikova - 2.1.0-34 +- Perl 5.30 rebuild + +* Fri Apr 05 2019 Peter Bieringer - 2.1.0-33 +- new release 2.1.0 + +* Tue Feb 05 2019 Peter Bieringer - 2.0.0-32 +- new release 2.0.0 +- subpackage ipv6calcweb: remove dependency Perl(Proc::ProcessTable) +- add dependency libmaxminddb-devel + +* Fri Feb 01 2019 Fedora Release Engineering - 1.1.0-30 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Sat Jan 26 2019 Peter Bieringer - 1.1.0-29 +- new release 1.1.0 +- subpackage ipv6calcweb: add dependency Perl(Proc::ProcessTable) +- fix bug in lib/libipv6addr.c + +* Fri Jul 13 2018 Fedora Release Engineering - 1.0.0-27 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu Jun 28 2018 Jitka Plesnikova - 1.0.0-26 +- Perl 5.28 rebuild + +* Wed Feb 07 2018 Fedora Release Engineering - 1.0.0-25 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Feb 03 2018 Peter Bieringer - 1.0.0-24 +- fix compiler warnings introduced with gcc8 and also code (BZ#1541367) + +* Mon Sep 18 2017 Peter Bieringer - 1.0.0-23 +- mod_ipv6calc: fix missing link flags + +* Wed Aug 02 2017 Fedora Release Engineering - 1.0.0-22 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.0.0-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Jun 23 2017 Peter Bieringer - 1.0.0-20 +- new release 1.0.0 + +* Sun Jun 04 2017 Jitka Plesnikova - 0.99.2-19 +- Perl 5.26 rebuild + +* Sun Apr 16 2017 Peter Bieringer +- add missing build requirement procps-ng + +* Sun Feb 12 2017 Peter Bieringer +- add ipv6calc-0.99.2-2017-02-12.patch to fix broken build + +* Fri Feb 10 2017 Fedora Release Engineering - 0.99.2-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Dec 28 2016 Peter Bieringer - 0.99.2-17 +- new release 0.99.2 +- add support for git commit hash + +* Sun May 15 2016 Jitka Plesnikova - 0.99.1-16 +- Perl 5.24 rebuild + +* Thu Feb 04 2016 Peter Bieringer - 0.99.1-15 +- minor fixes to make fedpkg lint happy + +* Wed Feb 03 2016 Peter Bieringer - 0.99.1-14 +- conditionally set compiler option -Wno-unused-const-variable + +* Sat Sep 05 2015 Peter Bieringer - 0.99.1-13 +- new release 0.99.1 (introduces new subpackage mod_ipv6calc) + +* Sat Jul 25 2015 Peter Bieringer +- Replace ipv6calc.{lyx,sgml,html,xml} by dedicated file.suffix + +* Wed Jun 17 2015 Fedora Release Engineering - 0.99.0-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Jun 06 2015 Jitka Plesnikova - 0.99.0-11 +- Perl 5.22 rebuild + +* Sat May 02 2015 Peter Bieringer - 0.99.0-10 +- new release 0.99.0 + +* Mon Mar 02 2015 Peter Bieringer - 0.98.0-10 +- new (fixed) upstream 0.98.0 tar.gz + +* Sun Mar 01 2015 Peter Bieringer - 0.98.0-9 +- remove not necessary x-bits for some files by proper definition in files section + +* Fri Feb 20 2015 Peter Bieringer - 0.98.0-8 +- new release 0.98.0 + +* Wed Feb 18 2015 Peter Bieringer +- add support for conditional builds + +* Sat Oct 25 2014 Peter Bieringer +- add /usr/share/ipv6calc/db directory + +* Sat Oct 11 2014 Peter Bieringer +- add additional requirements for ipv6calc-ipv6calcweb +- enable db-ip.com & external database support + +* Thu Aug 28 2014 Jitka Plesnikova - 0.97.4-7 +- Perl 5.20 rebuild + +* Tue Aug 19 2014 Peter Bieringer - 0.97.4-7 +- new package for EPEL6/EPEL7 + +* Sun Aug 17 2014 Peter Bieringer +- add missing requirement for ipv6calc-ipv6calcweb + +* Sat Aug 16 2014 Fedora Release Engineering - 0.97.4-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Aug 02 2014 Peter Bieringer - 0.97.4-5 +- new release 0.97.4 + +* Thu Jul 31 2014 Peter Bieringer +- include also tools into main package +- remove UTF-8 conversion, fixed in upstream now + +* Tue Jul 29 2014 Peter Bieringer +- introduce subpackage ipv6calcweb (align with upstream) +- enable fallback option for IP2Location +- build with dynamic load of GeoIP and IP2Location support + +* Thu Jul 17 2014 Peter Bieringer +- replace DESTDIR=$RPM_BUILD_ROOT with macro, define BuildRoot + +* Wed Jul 16 2014 Peter Bieringer +- change requirements from krb5-libs/devel to openssl(-libs)/-devel + +* Tue Jul 15 2014 Peter Bieringer - 0.97.3-3 +- align package description with upstream + +* Mon Jul 14 2014 Peter Bieringer - 0.97.3-2 +- new release 0.97.3 + +* Sat Jun 07 2014 Fedora Release Engineering - 0.97.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Mon May 26 2014 Marcela Mašláňová - 0.97.2-2 +- new release 0.97.2 + +* Wed May 21 2014 Marcela Mašláňová - 0.97.1-1 +- new release 0.97.1 + +* Mon May 19 2014 Marcela Mašláňová - 0.97.0-1 +- new release 0.97 + +* Fri Feb 14 2014 Marcela Mašláňová - 0.96.0-1 +- new release 0.96 + +* Mon Dec 2 2013 Marcela Mašláňová - 0.95.0-1 +- new release #1033041 + +* Sat Aug 03 2013 Fedora Release Engineering - 0.94.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Sun Jul 21 2013 Petr Pisar - 0.94.1-2 +- Perl 5.18 rebuild + +* Tue May 14 2013 Marcela Mašláňová - 0.94.1-1 +- update to 0.94.1 + +* Mon Feb 18 2013 Marcela Mašláňová - 0.93.1-6 +- fix days in changelog + +* Thu Feb 14 2013 Fedora Release Engineering - 0.93.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Aug 2 2012 Marcela Mašláňová - 0.93.1-4 +- 804317 on ppc64 tests never fully worked, conditionalized + +* Thu Jul 19 2012 Fedora Release Engineering - 0.93.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 11 2012 Petr Pisar - 0.93.1-2 +- Perl 5.16 rebuild + +* Mon Feb 6 2012 Marcela Mašláňová - 0.93.1-1 +- minor update + +* Sun Jan 22 2012 Marcela Mašláňová - 0.93.0-1 +- update to 0.93 release +- add Perl requirements for cgi + +* Fri Jan 13 2012 Fedora Release Engineering - 0.92.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon Oct 10 2011 Marcela Mašláňová - 0.92.0-1 +- update to 0.92 release + +* Fri May 27 2011 Marcela Mašláňová - 0.90.0-1 +- update to 0.90 release + +* Fri May 6 2011 Marcela Mašláňová - 0.82.1-1 +- update to 0.82.1 release + +* Wed Mar 30 2011 Marcela Mašláňová - 0.82.0-1 +- update to 0.82.0 release + +* Mon Feb 28 2011 Marcela Mašláňová - 0.81.0-1 +- update to the new upstream version + +* Wed Feb 09 2011 Fedora Release Engineering - 0.80.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Jan 4 2011 Marcela Mašláňová - 0.80.0-1 +- update to the latest version + +* Mon Mar 01 2010 Marcela Mašláňová - 0.73.0-1 +- update to the latest version + +* Fri Jul 24 2009 Fedora Release Engineering - 0.72.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon Jun 01 2009 Marcela Mašláňová - 0.72.1-1 +- update to the latest version +- change installonly to standart DESTDIR + +* Wed Feb 25 2009 Fedora Release Engineering - 0.71.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Thu Jul 31 2008 Tom "spot" Callaway - 0.71.0-3 +- fix license tag + +* Tue Feb 19 2008 Fedora Release Engineering - 0.71.0-2 +- Autorebuild for GCC 4.3 + +* Mon Aug 20 2007 Marcela Maslanova - 0.71.0-1 +- new version from upstream + +* Tue Feb 27 2007 Marcela Maslanova - 0.61-2 +- package merge review +- rhbz#225910 + +* Fri Sep 01 2006 Marcela Maslanova - 0.61-1 +- upgrade to 0.61-1 - from upstream + +* Wed Jul 12 2006 Jesse Keating - 0.60.1-1.1 +- rebuild + +* Tue Jul 11 2006 Radek Vokál 0.60.1-1 +- upgrade to 0.60.1 - fix for big endian archs + +* Sun Jun 25 2006 Radek Vokál 0.60.0-1 +- upgrade to 0.60.0 + +* Wed Feb 22 2006 Radek Vokál 0.51-1 +- upgrade to 0.51 + +* Fri Feb 10 2006 Jesse Keating - 0.50-1.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 0.50-1.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Fri Sep 16 2005 Radek Vokal 0.50-1 +- due to several other off-by-one bugs upgrade to 0.50 + +* Thu Sep 15 2005 Radek Vokal 0.49-2 +- smash stack fix in ipv6calc_copy +- increase len of tmpstr + +* Thu Sep 15 2005 Radek Vokal 0.49-1 +- upgrade to 0.49 + +* Tue Apr 19 2005 Radek Vokal 0.48-5 +- using CVS tarball, patch clean-up + +* Sun Apr 17 2005 Robert Scheck +- lots of spec file cleanups (#155164) + +* Wed Apr 13 2005 Florian La Roche +- remove empty scripts + +* Fri Mar 04 2005 Radek Vokal 0.48-3 +- gcc4 rebuilt + +* Mon Nov 1 2004 Radek Vokal 0.48-2 +- spec file cleanup +- md5 patch for makefile + +* Sat Oct 30 2004 Peter Bieringer +- remove openssl(-devel) from requirements, no longer needed + +* Tue Oct 26 2004 Radek Vokal 0.47-4 +- spec file cleanup, typo patch + +* Mon Oct 18 2004 Radek Vokal 0.47-3 +- initial build for Fedora Core + +* Sat Nov 22 2003 Peter Bieringer +- adjustments + +* Fri Nov 21 2003 Peter Bieringer +- add ipv6logstats +- add man pages +- add configure options + +* Mon Nov 11 2002 Peter Bieringer +- change IPv6 address in description + +* Sat Apr 20 2002 Peter Bieringer +- Change URL + +* Sun Apr 07 2002 Peter Bieringer +- add more analog example files + +* Fri Apr 05 2002 Peter Bieringer +- remove BuildRequires extension, not needed for normal build + +* Sun Mar 24 2002 Peter Bieringer +- extend BuildRequires for perl /usr/bin/aggregate wget + +* Mon Mar 18 2002 Peter Bieringer +- add ipv6calcweb.cgi + +* Sat Mar 16 2002 Peter Bieringer +- add ipv6logconv, analog examples + +* Mon Mar 11 2002 Peter Bieringer +- Add perl to buildrequire and openssl to require + +* Mon Jan 21 2002 Peter Bieringer +- Add LICENSE + COPYING file + +* Thu Dec 27 2001 Peter Bieringer +- Add comment header +- Add call to configure on build + +* Tue Dec 18 2001 Peter Bieringer +- Replace hardwired version number with autoconf/configure variable + +* Wed Apr 25 2001 Peter Bieringer +- Fix permissions of doc files + +* Thu Mar 15 2001 Peter Bieringer +- Add doc directory also to files to make sure the directory will be removed on update or deinstall +- change install permissions for entries in doc directory +- change "make install" to "make installonly" (make test should be only executed once) + +* Wed Mar 14 2001 Peter Bieringer +- Add "make clean" and "make test" on build + +* Tue Mar 13 2001 Peter Bieringer +- add CREDITS and TODO for install + +* Sat Mar 10 2001 Peter Bieringer +- enable "URL" + +* Sun Mar 04 2001 Peter Bieringer +- change install location to /bin + +* Tue Feb 27 2001 Peter Bieringer +- review for new release, now named "ipv6calc" +- review install section for RedHat 7.0.91 + +* Sun Feb 25 2001 Peter Bieringer +- initial build diff --git a/SPECS/perl-JSON/perl-JSON.signatures.json b/SPECS/perl-JSON/perl-JSON.signatures.json new file mode 100644 index 00000000000..ef8fa0c6a2a --- /dev/null +++ b/SPECS/perl-JSON/perl-JSON.signatures.json @@ -0,0 +1,5 @@ +{ + "Signatures": { + "perl-JSON-4.02.tar.gz": "444a88755a89ffa2a5424ab4ed1d11dca61808ebef57e81243424619a9e8627c" + } +} \ No newline at end of file diff --git a/SPECS/perl-JSON/perl-JSON.spec b/SPECS/perl-JSON/perl-JSON.spec new file mode 100644 index 00000000000..6a74e15d06c --- /dev/null +++ b/SPECS/perl-JSON/perl-JSON.spec @@ -0,0 +1,305 @@ +%global __provides_exclude %{?__provides_exclude:%__provides_exclude|}perl\\(JSON::(Backend::PP|backportPP::Boolean|Boolean|PP|PP::IncrParser)\\) +%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}perl\\(JSON::(backportPP|backportPP::Boolean)\\) +Summary: Parse and convert to JSON (JavaScript Object Notation) +Name: perl-JSON +Version: 4.02 +Release: 5%{?dist} +License: GPL+ OR Artistic +Vendor: Microsoft Corporation +Distribution: Mariner +URL: https://metacpan.org/release/JSON +#Source0: https://cpan.metacpan.org/modules/by-module/JSON/JSON-%{version}.tar.gz +Source0: %{name}-%{version}.tar.gz +BuildRequires: coreutils +BuildRequires: findutils +BuildRequires: make +BuildRequires: perl +BuildRequires: perl(Carp) +BuildRequires: perl(Data::Dumper) +BuildRequires: perl(Encode) +BuildRequires: perl(Exporter) +BuildRequires: perl(ExtUtils::MakeMaker) +BuildRequires: perl(File::Spec) +BuildRequires: perl(Math::BigFloat) +BuildRequires: perl(Math::BigInt) +BuildRequires: perl(Scalar::Util) +BuildRequires: perl(Test) +BuildRequires: perl(Test::More) +BuildRequires: perl(base) +BuildRequires: perl(constant) +BuildRequires: perl(lib) +Requires: perl +Provides: perl(JSON) +BuildArch: noarch +%{?perl_default_filter} +%{?perl_default_subpackage_tests} + +%description +This module converts between JSON (JavaScript Object Notation) and Perl +data structure into each other. For JSON, see http://www.crockford.com/JSON/. + +%prep +%setup -q -n JSON-%{version} + +# make rpmlint happy... +find . -type f -exec chmod -c -x {} + +find t/ -type f -exec perl -pi -e 's|^#! perl|#!perl|' {} + +sed -i 's/\r//' README t/* + +%build +perl Makefile.PL INSTALLDIRS=vendor +make %{?_smp_mflags} + +%install +make pure_install DESTDIR=%{buildroot} +find %{buildroot} -type f -name .packlist -delete +%{_fixperms} -c %{buildroot} + +%check +make test + +%files +%license README +%doc Changes +%{perl_vendorlib}/* +%{_mandir}/man3/* + +%changelog +* Wed Oct 21 2020 Henry Beberman - 4.02-5 +- Initial CBL-Mariner import from Fedora 32 (license: MIT). +- License verified. + +* Thu Jan 30 2020 Fedora Release Engineering - 4.02-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Jul 26 2019 Fedora Release Engineering - 4.02-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri May 31 2019 Jitka Plesnikova - 4.02-2 +- Perl 5.30 rebuild + +* Sat Feb 23 2019 Paul Howarth - 4.02-1 +- Update to 4.02 + - Fix a test that broke if perl was compiled with -Dquadmath (CPAN RT#128589) + +* Fri Feb 01 2019 Fedora Release Engineering - 4.01-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Sun Jan 20 2019 Emmanuel Seyman - 4.01-1 +- Update to 4.01 + +* Fri Dec 7 2018 Paul Howarth - 4.00-1 +- Update to 4.00 + - BACKWARD INCOMPATIBILITY: As JSON::XS 4.0 changed its policy and enabled + allow_nonref by default, JSON::PP, and thus JSON, also enabled allow_nonref + by default + - Updated backportPP with JSON::PP 4.00 + - Allow PERL_JSON_PP_USE_B environmental variable to restore old number + detection behavior for compatibility +- RPM version resynced with upstream + +* Fri Jul 13 2018 Fedora Release Engineering - 2.97.001-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu Jun 28 2018 Jitka Plesnikova - 2.97.001-3 +- Perl 5.28 rebuild + +* Thu Feb 08 2018 Fedora Release Engineering - 2.97.001-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Dec 22 2017 Paul Howarth - 2.97.001-1 +- Update to 2.97001 + - Updated backportPP with JSON::PP 2.97001 + +* Tue Nov 21 2017 Paul Howarth - 2.97-1 +- Update to 2.97 (upstream 2.97000 but stick to two-digit minor version + downstream in case upstream changes back before version 3.x) + +* Mon Nov 20 2017 Paul Howarth - 2.96-1 +- Update to 2.96 + +* Thu Jul 27 2017 Fedora Release Engineering - 2.94-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Jun 10 2017 Emmanuel Seyman - 2.94-1 +- Update to 2.94 + +* Sun Jun 04 2017 Jitka Plesnikova - 2.93-3 +- Perl 5.26 rebuild + +* Tue May 23 2017 Petr Pisar - 2.93-2 +- Filter private JSON::backportPP::Boolean + +* Mon May 22 2017 Emmanuel Seyman - 2.93-1 +- Update to 2.93 + +* Sat Feb 11 2017 Fedora Release Engineering - 2.90-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Sun May 15 2016 Jitka Plesnikova - 2.90-7 +- Perl 5.24 rebuild + +* Thu Feb 04 2016 Fedora Release Engineering - 2.90-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Jun 18 2015 Fedora Release Engineering - 2.90-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Jun 06 2015 Jitka Plesnikova - 2.90-4 +- Perl 5.22 rebuild + +* Wed Aug 27 2014 Jitka Plesnikova - 2.90-3 +- Perl 5.20 rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 2.90-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sun Nov 03 2013 Emmanuel Seyman - 2.90-1 +- Update to 2.90 + +* Sun Oct 20 2013 Emmanuel Seyman - 2.61-1 +- Update to 2.61 + +* Sat Aug 03 2013 Fedora Release Engineering - 2.59-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Jul 18 2013 Petr Pisar - 2.59-2 +- Perl 5.18 rebuild + +* Sun Jun 09 2013 Emmanuel Seyman - 2.59-1 +- Update to 2.59 + +* Sun May 26 2013 Emmanuel Seyman - 2.58-1 +- Update to 2.58 + +* Sun Apr 07 2013 Emmanuel Seyman - 2.57-1 +- Update to 2.57 +- Remove no-longer-used macros + +* Thu Feb 14 2013 Fedora Release Engineering - 2.53-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Nov 19 2012 Petr Šabata - 2.53-7 +- Add some missing and remove some obsolete deps + +* Fri Jul 20 2012 Fedora Release Engineering - 2.53-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jun 15 2012 Petr Pisar - 2.53-5 +- Perl 5.16 rebuild +- Specify all dependencies + +* Fri Jan 13 2012 Fedora Release Engineering - 2.53-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Jul 20 2011 Iain Arnell 2.53-3 +- update filtering macros for rpm 4.9 + +* Wed Jul 20 2011 Petr Sabata - 2.53-2 +- Perl mass rebuild + +* Sun May 22 2011 Paul Howarth 2.53-1 +- update to 2.53 + - fixed to_json (CPAN RT#68359) + - backport JSON::PP 2.27200 (fixed incr_parse decoding string more correctly + - CPAN RT#68032) + - made Makefile.PL skip an installing XS question when set $ENV{PERL_ONLY} or + $ENV{NO_XS} (CPAN RT#66820) + +* Tue Mar 8 2011 Paul Howarth 2.51-1 +- update to 2.51 (#683052) + - import JSON::PP 2.27105 as BackportPP + - fix documentation (CPAN RT#64738) + +* Tue Feb 08 2011 Fedora Release Engineering - 2.50-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Thu Jan 27 2011 Paul Howarth 2.50-1 +- update to 2.50 (#665621) + - JSON::PP split off into separate distribution and replaced with + JSON::backportPP instead for internal use +- BR: perl(Test::Pod) +- drop t/ from %%doc as the tests are in the -tests subpackage +- filter private module perl(JSON::backportPP) from requires +- filter private module perl(JSON::backportPP::Boolean) from provides +- filter private module perl(JSON::Backend::PP) from provides +- filter private module perl(JSON::Boolean) from provides +- filter private module perl(JSON::PP) from provides (really JSON::backportPP) +- filter private module perl(JSON::PP::IncrParser) from provides + +* Sun Nov 21 2010 Iain Arnell 2.27-1 +- update to latest upstream version +- clean up spec for modern rpmbuild + +* Sun May 02 2010 Marcela Maslanova - 2.17-2 +- Mass rebuild with perl-5.12.0 + +* Sun Feb 28 2010 Chris Weyl 2.17-1 +- update by Fedora::App::MaintainerTools 0.004 +- PERL_INSTALL_ROOT => DESTDIR +- dropped old BR on perl(HTTP::Request) +- dropped old BR on perl(HTTP::Response) +- dropped old requires on perl(HTTP::Daemon) +- dropped old requires on perl(LWP::UserAgent) +- dropped old requires on perl(Scalar::Util) + +* Wed Sep 02 2009 Chris Weyl 2.15-5 +- adjust filtering so we don't drop the versioned perl(JSON:PP) prov + +* Tue Sep 01 2009 Chris Weyl 2.15-4 +- bump + +* Mon Aug 31 2009 Chris Weyl 2.15-3 +- update filtering + +* Sun Jul 26 2009 Fedora Release Engineering - 2.15-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon Jun 22 2009 Chris Weyl 2.15-1 +- auto-update to 2.15 (by cpan-spec-update 0.01) + +* Sun Mar 01 2009 Chris Weyl 2.14-1 +- update to 2.14 + +* Thu Feb 26 2009 Fedora Release Engineering - 2.12-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Thu Feb 26 2009 Fedora Release Engineering - 2.12-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Sun Oct 12 2008 Chris Weyl 2.12-1 +- update to 2.12 + +* Wed Jun 25 2008 Chris Weyl 2.11-1 +- update to 2.11 + +* Wed May 28 2008 Chris Weyl 2.09-1 +- update to 2.09 + +* Sun Mar 09 2008 Chris Weyl 2.07-1 +- update to 2.x series before F9 + +* Wed Mar 5 2008 Tom "spot" Callaway 1.15-2 +- rebuild for new perl + +* Mon Nov 26 2007 Chris Weyl 1.15-1 +- update to 1.15 + +* Sun May 13 2007 Chris Weyl 1.14-1 +- update to 1.14 + +* Wed May 09 2007 Chris Weyl 1.13-1 +- update to 1.13 + +* Fri May 04 2007 Chris Weyl 1.12-1 +- update to 1.12 +- add t/ to %%doc + +* Wed Apr 25 2007 Chris Weyl 1.11-2 +- bump + +* Tue Apr 24 2007 Chris Weyl 1.11-1 +- update to 1.11 + +* Wed Apr 18 2007 Chris Weyl 1.10-1 +- Specfile autogenerated by cpanspec 1.69.1. diff --git a/cgmanifest.json b/cgmanifest.json index 2c0cac52f67..21491e6202d 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -1551,6 +1551,16 @@ } } }, + { + "component": { + "type": "other", + "other": { + "name": "heimdal", + "version": "7.7.0", + "downloadUrl": "https://github.com/heimdal/heimdal/releases/download/heimdal-7.7.0/heimdal-7.7.0.tar.gz" + } + } + }, { "component": { "type": "other", @@ -1711,6 +1721,16 @@ } } }, + { + "component": { + "type": "other", + "other": { + "name": "ipv6calc", + "version": "2.2.0", + "downloadUrl": "ftp://ftp.bieringer.de/pub/linux/IPv6/ipv6calc/ipv6calc-2.2.0.tar.gz" + } + } + }, { "component": { "type": "other", @@ -3771,6 +3791,16 @@ } } }, + { + "component": { + "type": "other", + "other": { + "name": "perl-JSON", + "version": "4.02", + "downloadUrl": "https://cpan.metacpan.org/modules/by-module/JSON/JSON-4.02.tar.gz" + } + } + }, { "component": { "type": "other", From 948c2dcd281ce92d0b458ff537c6d3b333fa0ec5 Mon Sep 17 00:00:00 2001 From: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com> Date: Wed, 4 Nov 2020 15:12:29 -0800 Subject: [PATCH 088/145] Fix pcre CVE-2020-14155 (#305) --- SPECS/pcre/pcre.signatures.json | 2 +- SPECS/pcre/pcre.spec | 48 ++++++++++++++----- cgmanifest.json | 4 +- .../manifests/package/pkggen_core_aarch64.txt | 2 +- .../manifests/package/pkggen_core_x86_64.txt | 2 +- .../manifests/package/toolchain_aarch64.txt | 8 ++-- .../manifests/package/toolchain_x86_64.txt | 8 ++-- 7 files changed, 48 insertions(+), 26 deletions(-) diff --git a/SPECS/pcre/pcre.signatures.json b/SPECS/pcre/pcre.signatures.json index d91c266eaee..71ad8c43cda 100644 --- a/SPECS/pcre/pcre.signatures.json +++ b/SPECS/pcre/pcre.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "pcre-8.42.tar.bz2": "2cd04b7c887808be030254e8d77de11d3fe9d4505c39d4b15d2664ffe8bf9301" + "pcre-8.44.tar.bz2": "19108658b23b3ec5058edc9f66ac545ea19f9537234be1ec62b714c84399366d" } } \ No newline at end of file diff --git a/SPECS/pcre/pcre.spec b/SPECS/pcre/pcre.spec index 2b099a49cd4..078e850aba3 100644 --- a/SPECS/pcre/pcre.spec +++ b/SPECS/pcre/pcre.spec @@ -1,42 +1,46 @@ Summary: Grep for perl compatible regular expressions Name: pcre -Version: 8.42 -Release: 4%{?dist} +Version: 8.44 +Release: 1%{?dist} License: BSD -URL: https://www.pcre.org -Group: Applications/System Vendor: Microsoft Corporation Distribution: Mariner +Group: Applications/System +URL: https://www.pcre.org Source0: https://ftp.pcre.org/pub/pcre/%{name}-%{version}.tar.bz2 BuildRequires: bzip2-devel BuildRequires: readline-devel Requires: libgcc -Requires: readline Requires: libstdc++ Requires: pcre-libs = %{version}-%{release} +Requires: readline + %description The PCRE package contains Perl Compatible Regular Expression libraries. These are useful for implementing regular expression pattern matching using the same syntax and semantics as Perl 5. %package devel -Group: Development/Libraries Summary: Headers and static lib for pcre development +Group: Development/Libraries Requires: %{name} = %{version}-%{release} Provides: pkgconfig(libpcre) + %description devel Install this package if you want do compile applications using the pcre library. %package libs -Summary: Libraries for pcre -Group: System Environment/Libraries +Summary: Libraries for pcre +Group: System Environment/Libraries + %description libs This package contains minimal set of shared pcre libraries. %prep %setup -q + %build -./configure --prefix=/usr \ - --docdir=/usr/share/doc/pcre-%{version} \ +./configure --prefix=%{_prefix} \ + --docdir=%{_docdir}/pcre-%{version} \ --enable-unicode-properties \ --enable-pcre16 \ --enable-pcre32 \ @@ -50,14 +54,15 @@ make %{?_smp_mflags} %install make DESTDIR=%{buildroot} install mv -v %{buildroot}/usr/lib/libpcre.so.* %{buildroot}/lib && -ln -sfv ../../lib/$(readlink %{buildroot}/usr/lib/libpcre.so) %{buildroot}/usr/lib/libpcre.so -ln -sfv $(readlink %{buildroot}/usr/lib/libpcre.so) %{buildroot}/usr/lib/libpcre.so.0 +ln -sfv ../../lib/$(readlink %{buildroot}/usr/lib/libpcre.so) %{buildroot}%{_lib}/libpcre.so +ln -sfv $(readlink %{buildroot}/usr/lib/libpcre.so) %{buildroot}%{_lib}/libpcre.so.0 %check make %{?_smp_mflags} check %post -p /sbin/ldconfig %postun -p /sbin/ldconfig + %files %defattr(-,root,root) %license COPYING @@ -85,7 +90,10 @@ make %{?_smp_mflags} check %{_libdir}/libpcre.so.* %changelog -* Sat May 09 00:21:28 PST 2020 Nick Samson - 8.42-4 +* Thu Oct 29 2020 Joe Schmitt - 8.44-1 +- Update to version 8.44 to fix CVE-2020-14155. + +* Sat May 09 2020 Nick Samson 8.42-4 - Added %%license line automatically * Tue Apr 07 2020 Joe Schmitt 8.42-3 @@ -93,31 +101,45 @@ make %{?_smp_mflags} check - Update Source0 with valid URL. - Remove sha1 macro. - License verified. + * Tue Sep 03 2019 Mateusz Malisz 8.42-2 - Initial CBL-Mariner import from Photon (license: Apache2). + * Tue Sep 11 2018 Him Kalyan Bordoloi 8.42-1 - Update to version 8.42 + * Wed Dec 20 2017 Xiaolin Li 8.41-1 - Update to version 8.41 + * Wed Jul 19 2017 Harish Udaiya Kumar 8.40-4 - Added fix for CVE-2017-11164 by adding stack recursion limit + * Wed May 24 2017 Divya Thaluru 8.40-3 - Added fixes for CVE-2017-7244, CVE-2017-7245, CVE-2017-7246, CVE-2017-7186 + * Fri Apr 14 2017 Alexey Makhalov 8.40-2 - Added -libs subpackage + * Mon Apr 03 2017 Robert Qi 8.40-1 - Update to 8.40 + * Wed Oct 05 2016 ChangLee 8.39-2 - Modified %check + * Fri Sep 9 2016 Xiaolin Li 8.39-1 - Update to version 8.39 + * Tue May 24 2016 Priyesh Padmavilasom 8.38-3 - GA - Bump release of all rpms + * Fri Mar 18 2016 Anish Swaminathan 8.38-2 - Add upstream fixes patch + * Thu Jan 21 2016 Xiaolin Li 8.38-1 - Updated to version 8.38 + * Mon Nov 30 2015 Sharath George 8.36-2 Add symlink for libpcre.so.1 + * Thu Nov 06 2014 Sharath George 8.36-1 Initial version diff --git a/cgmanifest.json b/cgmanifest.json index 21491e6202d..0eb4ca000cb 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -3676,8 +3676,8 @@ "type": "other", "other": { "name": "pcre", - "version": "8.42", - "downloadUrl": "https://ftp.pcre.org/pub/pcre/pcre-8.42.tar.bz2" + "version": "8.44", + "downloadUrl": "https://ftp.pcre.org/pub/pcre/pcre-8.44.tar.bz2" } } }, diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 2e1ad1aa7e4..a1713d690e8 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -142,7 +142,7 @@ libxml2-devel-2.9.10-3.cm1.aarch64.rpm glib-2.58.0-6.cm1.aarch64.rpm libltdl-2.4.6-5.cm1.aarch64.rpm libltdl-devel-2.4.6-5.cm1.aarch64.rpm -pcre-libs-8.42-4.cm1.aarch64.rpm +pcre-libs-8.44-1.cm1.aarch64.rpm krb5-1.17-4.cm1.aarch64.rpm lua-5.3.5-8.cm1.aarch64.rpm mariner-rpm-macros-1.0-3.cm1.noarch.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 920e7944228..229720abb19 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -142,7 +142,7 @@ libxml2-devel-2.9.10-3.cm1.x86_64.rpm glib-2.58.0-6.cm1.x86_64.rpm libltdl-2.4.6-5.cm1.x86_64.rpm libltdl-devel-2.4.6-5.cm1.x86_64.rpm -pcre-libs-8.42-4.cm1.x86_64.rpm +pcre-libs-8.44-1.cm1.x86_64.rpm krb5-1.17-4.cm1.x86_64.rpm lua-5.3.5-8.cm1.x86_64.rpm mariner-rpm-macros-1.0-3.cm1.noarch.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 066d54c0bb5..a7c58205860 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -286,10 +286,10 @@ pam-devel-1.3.1-4.cm1.aarch64.rpm pam-lang-1.3.1-4.cm1.aarch64.rpm patch-2.7.6-7.cm1.aarch64.rpm patch-debuginfo-2.7.6-7.cm1.aarch64.rpm -pcre-8.42-4.cm1.aarch64.rpm -pcre-debuginfo-8.42-4.cm1.aarch64.rpm -pcre-devel-8.42-4.cm1.aarch64.rpm -pcre-libs-8.42-4.cm1.aarch64.rpm +pcre-8.44-1.cm1.aarch64.rpm +pcre-debuginfo-8.44-1.cm1.aarch64.rpm +pcre-devel-8.44-1.cm1.aarch64.rpm +pcre-libs-8.44-1.cm1.aarch64.rpm perl-5.30.3-1.cm1.aarch64.rpm perl-DBD-SQLite-1.62-3.cm1.aarch64.rpm perl-DBD-SQLite-debuginfo-1.62-3.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 66afee6b525..b04e31809ce 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -286,10 +286,10 @@ pam-devel-1.3.1-4.cm1.x86_64.rpm pam-lang-1.3.1-4.cm1.x86_64.rpm patch-2.7.6-7.cm1.x86_64.rpm patch-debuginfo-2.7.6-7.cm1.x86_64.rpm -pcre-8.42-4.cm1.x86_64.rpm -pcre-debuginfo-8.42-4.cm1.x86_64.rpm -pcre-devel-8.42-4.cm1.x86_64.rpm -pcre-libs-8.42-4.cm1.x86_64.rpm +pcre-8.44-1.cm1.x86_64.rpm +pcre-debuginfo-8.44-1.cm1.x86_64.rpm +pcre-devel-8.44-1.cm1.x86_64.rpm +pcre-libs-8.44-1.cm1.x86_64.rpm perl-5.30.3-1.cm1.x86_64.rpm perl-DBD-SQLite-1.62-3.cm1.x86_64.rpm perl-DBD-SQLite-debuginfo-1.62-3.cm1.x86_64.rpm From a5ab9b2a23ce780ecb4182a56ac126a1b8f3ff6e Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Wed, 4 Nov 2020 19:45:54 -0800 Subject: [PATCH 089/145] Fixup for patch --- SPECS/golang/CVE-2020-24553.patch | 230 ------------------------------ 1 file changed, 230 deletions(-) diff --git a/SPECS/golang/CVE-2020-24553.patch b/SPECS/golang/CVE-2020-24553.patch index 983bbe73d71..146cf2b2e8d 100644 --- a/SPECS/golang/CVE-2020-24553.patch +++ b/SPECS/golang/CVE-2020-24553.patch @@ -25,11 +25,7 @@ TryBot-Result: Go Bot Reviewed-by: Katie Hockman --- src/net/http/cgi/child.go | 36 +++++++++++------ - src/net/http/cgi/child_test.go | 58 ++++++++++++++++++++++++++++ - src/net/http/cgi/integration_test.go | 53 ++++++++++++++++++++++++- src/net/http/fcgi/child.go | 39 ++++++++++++++----- - src/net/http/fcgi/fcgi_test.go | 52 +++++++++++++++++++++++++ - 5 files changed, 216 insertions(+), 22 deletions(-) diff --git a/src/net/http/cgi/child.go b/src/net/http/cgi/child.go index d7d813e68a83..690986335c07 100644 @@ -98,165 +94,6 @@ index d7d813e68a83..690986335c07 100644 r.header.Write(r.bufw) r.bufw.WriteString("\r\n") r.bufw.Flush() -diff --git a/src/net/http/cgi/child_test.go b/src/net/http/cgi/child_test.go -index 14e0af475f5a..18cf789bd59d 100644 ---- a/src/net/http/cgi/child_test.go -+++ b/src/net/http/cgi/child_test.go -@@ -7,6 +7,11 @@ - package cgi - - import ( -+ "bufio" -+ "bytes" -+ "net/http" -+ "net/http/httptest" -+ "strings" - "testing" - ) - -@@ -148,3 +153,56 @@ func TestRequestWithoutRemotePort(t *testing.T) { - t.Errorf("RemoteAddr: got %q; want %q", g, e) - } - } -+ -+func TestResponse(t *testing.T) { -+ var tests = []struct { -+ name string -+ body string -+ wantCT string -+ }{ -+ { -+ name: "no body", -+ wantCT: "text/plain; charset=utf-8", -+ }, -+ { -+ name: "html", -+ body: "test pageThis is a body", -+ wantCT: "text/html; charset=utf-8", -+ }, -+ { -+ name: "text", -+ body: strings.Repeat("gopher", 86), -+ wantCT: "text/plain; charset=utf-8", -+ }, -+ { -+ name: "jpg", -+ body: "\xFF\xD8\xFF" + strings.Repeat("B", 1024), -+ wantCT: "image/jpeg", -+ }, -+ } -+ for _, tt := range tests { -+ t.Run(tt.name, func(t *testing.T) { -+ var buf bytes.Buffer -+ resp := response{ -+ req: httptest.NewRequest("GET", "/", nil), -+ header: http.Header{}, -+ bufw: bufio.NewWriter(&buf), -+ } -+ n, err := resp.Write([]byte(tt.body)) -+ if err != nil { -+ t.Errorf("Write: unexpected %v", err) -+ } -+ if want := len(tt.body); n != want { -+ t.Errorf("reported short Write: got %v want %v", n, want) -+ } -+ resp.writeCGIHeader(nil) -+ resp.Flush() -+ if got := resp.Header().Get("Content-Type"); got != tt.wantCT { -+ t.Errorf("wrong content-type: got %q, want %q", got, tt.wantCT) -+ } -+ if !bytes.HasSuffix(buf.Bytes(), []byte(tt.body)) { -+ t.Errorf("body was not correctly written") -+ } -+ }) -+ } -+} -diff --git a/src/net/http/cgi/integration_test.go b/src/net/http/cgi/integration_test.go -index eaa090f6fe4f..76cbca8e6036 100644 ---- a/src/net/http/cgi/integration_test.go -+++ b/src/net/http/cgi/integration_test.go -@@ -16,7 +16,9 @@ import ( - "io" - "net/http" - "net/http/httptest" -+ "net/url" - "os" -+ "strings" - "testing" - "time" - ) -@@ -52,7 +54,7 @@ func TestHostingOurselves(t *testing.T) { - } - replay := runCgiTest(t, h, "GET /test.go?foo=bar&a=b HTTP/1.0\nHost: example.com\n\n", expectedMap) - -- if expected, got := "text/html; charset=utf-8", replay.Header().Get("Content-Type"); got != expected { -+ if expected, got := "text/plain; charset=utf-8", replay.Header().Get("Content-Type"); got != expected { - t.Errorf("got a Content-Type of %q; expected %q", got, expected) - } - if expected, got := "X-Test-Value", replay.Header().Get("X-Test-Header"); got != expected { -@@ -169,6 +171,51 @@ func TestNilRequestBody(t *testing.T) { - _ = runCgiTest(t, h, "POST /test.go?nil-request-body=1 HTTP/1.0\nHost: example.com\nContent-Length: 0\n\n", expectedMap) - } - -+func TestChildContentType(t *testing.T) { -+ testenv.MustHaveExec(t) -+ -+ h := &Handler{ -+ Path: os.Args[0], -+ Root: "/test.go", -+ Args: []string{"-test.run=TestBeChildCGIProcess"}, -+ } -+ var tests = []struct { -+ name string -+ body string -+ wantCT string -+ }{ -+ { -+ name: "no body", -+ wantCT: "text/plain; charset=utf-8", -+ }, -+ { -+ name: "html", -+ body: "test pageThis is a body", -+ wantCT: "text/html; charset=utf-8", -+ }, -+ { -+ name: "text", -+ body: strings.Repeat("gopher", 86), -+ wantCT: "text/plain; charset=utf-8", -+ }, -+ { -+ name: "jpg", -+ body: "\xFF\xD8\xFF" + strings.Repeat("B", 1024), -+ wantCT: "image/jpeg", -+ }, -+ } -+ for _, tt := range tests { -+ t.Run(tt.name, func(t *testing.T) { -+ expectedMap := map[string]string{"_body": tt.body} -+ req := fmt.Sprintf("GET /test.go?exact-body=%s HTTP/1.0\nHost: example.com\n\n", url.QueryEscape(tt.body)) -+ replay := runCgiTest(t, h, req, expectedMap) -+ if got := replay.Header().Get("Content-Type"); got != tt.wantCT { -+ t.Errorf("got a Content-Type of %q; expected it to start with %q", got, tt.wantCT) -+ } -+ }) -+ } -+} -+ - // golang.org/issue/7198 - func Test500WithNoHeaders(t *testing.T) { want500Test(t, "/immediate-disconnect") } - func Test500WithNoContentType(t *testing.T) { want500Test(t, "/no-content-type") } -@@ -224,6 +271,10 @@ func TestBeChildCGIProcess(t *testing.T) { - if req.FormValue("no-body") == "1" { - return - } -+ if eb, ok := req.Form["exact-body"]; ok { -+ io.WriteString(rw, eb[0]) -+ return -+ } - if req.FormValue("write-forever") == "1" { - io.Copy(rw, neverEnding('a')) - for { diff --git a/src/net/http/fcgi/child.go b/src/net/http/fcgi/child.go index 0e91042543b5..34761f32ee18 100644 --- a/src/net/http/fcgi/child.go @@ -343,70 +180,3 @@ index 0e91042543b5..34761f32ee18 100644 r.Close() c.mu.Lock() delete(c.requests, req.reqId) -diff --git a/src/net/http/fcgi/fcgi_test.go b/src/net/http/fcgi/fcgi_test.go -index e9d2b34023c8..4a27a12c35a9 100644 ---- a/src/net/http/fcgi/fcgi_test.go -+++ b/src/net/http/fcgi/fcgi_test.go -@@ -10,6 +10,7 @@ import ( - "io" - "io/ioutil" - "net/http" -+ "strings" - "testing" - ) - -@@ -344,3 +345,54 @@ func TestChildServeReadsEnvVars(t *testing.T) { - <-done - } - } -+ -+func TestResponseWriterSniffsContentType(t *testing.T) { -+ var tests = []struct { -+ name string -+ body string -+ wantCT string -+ }{ -+ { -+ name: "no body", -+ wantCT: "text/plain; charset=utf-8", -+ }, -+ { -+ name: "html", -+ body: "test pageThis is a body", -+ wantCT: "text/html; charset=utf-8", -+ }, -+ { -+ name: "text", -+ body: strings.Repeat("gopher", 86), -+ wantCT: "text/plain; charset=utf-8", -+ }, -+ { -+ name: "jpg", -+ body: "\xFF\xD8\xFF" + strings.Repeat("B", 1024), -+ wantCT: "image/jpeg", -+ }, -+ } -+ for _, tt := range tests { -+ t.Run(tt.name, func(t *testing.T) { -+ input := make([]byte, len(streamFullRequestStdin)) -+ copy(input, streamFullRequestStdin) -+ rc := nopWriteCloser{bytes.NewBuffer(input)} -+ done := make(chan bool) -+ var resp *response -+ c := newChild(rc, http.HandlerFunc(func( -+ w http.ResponseWriter, -+ r *http.Request, -+ ) { -+ io.WriteString(w, tt.body) -+ resp = w.(*response) -+ done <- true -+ })) -+ defer c.cleanUp() -+ go c.serve() -+ <-done -+ if got := resp.Header().Get("Content-Type"); got != tt.wantCT { -+ t.Errorf("got a Content-Type of %q; expected it to start with %q", got, tt.wantCT) -+ } -+ }) -+ } -+} From 28da59c6a15deb00f5735ec1d493f0229d38051b Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com> Date: Thu, 5 Nov 2020 08:00:22 -0800 Subject: [PATCH 090/145] OpenSSH: No patch CVE-2007-2768 (#315) * No patch CVE-2007-2768 * Address linting * Remove extra space * Address PR comments --- SPECS/openssh/CVE-2007-2768.nopatch | 0 SPECS/openssh/openssh.spec | 125 ++++++++++++++++++++-------- 2 files changed, 89 insertions(+), 36 deletions(-) create mode 100644 SPECS/openssh/CVE-2007-2768.nopatch diff --git a/SPECS/openssh/CVE-2007-2768.nopatch b/SPECS/openssh/CVE-2007-2768.nopatch new file mode 100644 index 00000000000..e69de29bb2d diff --git a/SPECS/openssh/openssh.spec b/SPECS/openssh/openssh.spec index f6f65fefe3a..0c366e1e1eb 100644 --- a/SPECS/openssh/openssh.spec +++ b/SPECS/openssh/openssh.spec @@ -1,25 +1,27 @@ +%define systemd_units_rel 20191026 Summary: Free version of the SSH connectivity tools Name: openssh Version: 8.0p1 -Release: 9%{?dist} +Release: 10%{?dist} License: BSD -URL: https://www.openssh.com/ -Group: System Environment/Security Vendor: Microsoft Corporation Distribution: Mariner +Group: System Environment/Security +URL: https://www.openssh.com/ Source0: https://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz -%define systemd_units_rel 20191026 Source1: http://www.linuxfromscratch.org/blfs/downloads/stable-systemd/blfs-systemd-units-%{systemd_units_rel}.tar.xz Source2: sshd.service Source3: sshd-keygen.service Patch0: blfs_systemd_fixes.patch Patch1: CVE-2019-16905.patch +# Community agreed to not patch this +Patch2: CVE-2007-2768.nopatch +BuildRequires: e2fsprogs-devel +BuildRequires: groff +BuildRequires: krb5-devel BuildRequires: openssl-devel BuildRequires: pam-devel -BuildRequires: krb5-devel -BuildRequires: e2fsprogs-devel BuildRequires: systemd -BuildRequires: groff Requires: openssh-clients = %{version}-%{release} Requires: openssh-server = %{version}-%{release} @@ -30,50 +32,56 @@ network. The ssh and scp commands are secure implementions of telnet and rcp respectively. %package clients -Summary: openssh client applications. -Requires: openssl +Summary: openssh client applications. +Requires: openssl + %description clients This provides the ssh client utilities. %package server -Summary: openssh server applications -Requires: pam -Requires: shadow-utils -Requires: ncurses-term -Requires: openssh-clients = %{version}-%{release} +Summary: openssh server applications +Requires: ncurses-term +Requires: openssh-clients = %{version}-%{release} +Requires: pam +Requires: shadow-utils Requires(post): /bin/chown -Requires(pre): /usr/sbin/useradd /usr/sbin/groupadd +Requires(pre): %{_sbindir}/groupadd +Requires(pre): %{_sbindir}/useradd + %description server This provides the ssh server daemons, utilities, configuration and service files. %prep %setup -q tar xf %{SOURCE1} --no-same-owner -%patch0 -p0 -%patch1 -p0 +%patch0 +%patch1 + %build %configure \ - --sysconfdir=/etc/ssh \ - --datadir=/usr/share/sshd \ + --sysconfdir=%{_sysconfdir}/ssh \ + --datadir=%{_datadir}/sshd \ --with-md5-passwords \ - --with-privsep-path=/var/lib/sshd \ + --with-privsep-path=%{_sharedstatedir}/sshd \ --with-pam \ --with-maintype=man \ --enable-strip=no \ - --with-kerberos5=/usr + --with-kerberos5=%{_prefix} + make + %install [ %{buildroot} != "/"] && rm -rf %{buildroot}/* make DESTDIR=%{buildroot} install -install -vdm755 %{buildroot}/var/lib/sshd -echo "AllowTcpForwarding no" >> %{buildroot}/etc/ssh/sshd_config -echo "ClientAliveCountMax 2" >> %{buildroot}/etc/ssh/sshd_config -echo "Compression no" >> %{buildroot}/etc/ssh/sshd_config +install -vdm755 %{buildroot}%{_sharedstatedir}/sshd +echo "AllowTcpForwarding no" >> %{buildroot}%{_sysconfdir}/ssh/sshd_config +echo "ClientAliveCountMax 2" >> %{buildroot}%{_sysconfdir}/ssh/sshd_config +echo "Compression no" >> %{buildroot}%{_sysconfdir}/ssh/sshd_config #echo "MaxSessions 2" >> %{buildroot}/etc/ssh/sshd_config -echo "TCPKeepAlive no" >> %{buildroot}/etc/ssh/sshd_config -echo "AllowAgentForwarding no" >> %{buildroot}/etc/ssh/sshd_config -echo "PermitRootLogin no" >> %{buildroot}/etc/ssh/sshd_config -echo "UsePAM yes" >> %{buildroot}/etc/ssh/sshd_config +echo "TCPKeepAlive no" >> %{buildroot}%{_sysconfdir}/ssh/sshd_config +echo "AllowAgentForwarding no" >> %{buildroot}%{_sysconfdir}/ssh/sshd_config +echo "PermitRootLogin no" >> %{buildroot}%{_sysconfdir}/ssh/sshd_config +echo "UsePAM yes" >> %{buildroot}%{_sysconfdir}/ssh/sshd_config # Install daemon script pushd blfs-systemd-units-%{systemd_units_rel} make DESTDIR=%{buildroot} install-sshd @@ -90,18 +98,18 @@ install -m644 contrib/ssh-copy-id.1 %{buildroot}/%{_mandir}/man1/ if ! getent passwd sshd >/dev/null; then useradd sshd fi -if [ ! -d /var/lib/sshd ]; then - mkdir /var/lib/sshd - chmod 0755 /var/lib/sshd +if [ ! -d %{_sharedstatedir}/sshd ]; then + mkdir %{_sharedstatedir}/sshd + chmod 0755 %{_sharedstatedir}/sshd fi -cp %{buildroot}/usr/bin/scp /usr/bin +cp %{buildroot}%{_bindir}/scp %{_bindir} chmod g+w . -R useradd test -G root -m sudo -u test -s /bin/bash -c "PATH=$PATH make tests" %pre server getent group sshd >/dev/null || groupadd -g 50 sshd -getent passwd sshd >/dev/null || useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 50 sshd +getent passwd sshd >/dev/null || useradd -c 'sshd PrivSep' -d %{_sharedstatedir}/sshd -g sshd -s /bin/false -u 50 sshd %preun server %systemd_preun sshd.service sshd-keygen.service @@ -109,7 +117,7 @@ getent passwd sshd >/dev/null || useradd -c 'sshd PrivSep' -d /var/lib/sshd -g s %post server /sbin/ldconfig if [ $1 -eq 1 ] ; then - chown -v root:sys /var/lib/sshd + chown -v root:sys %{_sharedstatedir}/sshd fi %systemd_post sshd.service sshd-keygen.service @@ -134,7 +142,7 @@ rm -rf %{buildroot}/* %files server %defattr(-,root,root) %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config -%attr(700,root,sys)/var/lib/sshd +%attr(700,root,sys)%{_sharedstatedir}/sshd /lib/systemd/system/sshd-keygen.service /lib/systemd/system/sshd.service /lib/systemd/system/sshd.socket @@ -173,92 +181,137 @@ rm -rf %{buildroot}/* %{_mandir}/man8/ssh-pkcs11-helper.8.gz %changelog +* Fri Oct 30 2020 Nicolas Ontiveros - 8.0p1-10 +- Add no patch for CVE-2007-2768 + * Mon Oct 19 2020 Andrew Phelps 8.0p1-9 - Add patch for CVE-2019-16905 + * Wed Sep 02 2020 Jim Perrin 8.0p1-8 - Add wants=sshd-keygen.service to sshd.service for easier service starting + * Thu Jun 04 2020 Chris Co 8.0p1-7 - Use default MaxAuthTries value of 6 + * Tue May 26 2020 Pawel Winogrodzki 8.0p1-6 - Adding the "%%license" macro. + * Tue Apr 28 2020 Emre Girgin 8.0p1-5 - Renaming Linux-PAM to pam + * Mon Apr 27 2020 Emre Girgin 8.0p1-4 - Rename shadow to shadow-utils. + * Mon Apr 27 2020 Emre Girgin 8.0p1-3 - Rename ncurses-terminfo to ncurses-term. + * Fri Apr 24 2020 Nick Samson 8.0p1-2 - Updated Source0, Source1. blfs-systemd-units updated to latest recommended version (20191026). + * Thu Mar 12 2020 Paul Monson 8.0p1-1 - Update to version 8.0p1. License verified. + * Tue Sep 03 2019 Mateusz Malisz 7.8p1-4 - Initial CBL-Mariner import from Photon (license: Apache2). + * Thu Feb 14 2019 Ankit Jain 7.8p1-3 - Fix CVE-2018-20685. + * Tue Jan 08 2019 Alexey Makhalov 7.8p1-2 - Added BuildRequires groff - Use %configure + * Tue Sep 11 2018 Him Kalyan Bordoloi 7.8p1-1 - Update version + * Tue Nov 28 2017 Xiaolin Li 7.5p1-11 - Fix CVE-2017-15906. + * Tue Nov 14 2017 Alexey Makhalov 7.5p1-10 - Fix: openssh-server requires(pre) shadow tools + * Tue Nov 14 2017 Anish Swaminathan 7.5p1-9 - Add ciphers aes128-gcm, aes256-gcm and kex dh14/16/18 in fips mode + * Tue Oct 10 2017 Alexey Makhalov 7.5p1-8 - No direct toybox dependency, shadow depends on toybox + * Mon Sep 18 2017 Alexey Makhalov 7.5p1-7 - Requires shadow or toybox + * Thu Sep 14 2017 Alexey Makhalov 7.5p1-6 - sshd config: revert MaxSessions to original value + * Thu Aug 31 2017 Alexey Makhalov 7.5p1-5 - sshd config hardening based on lynis recommendations + * Thu Aug 10 2017 Chang Lee 7.5p1-4 - Fixed %check + * Mon Jul 24 2017 Dheeraj Shetty 7.5p1-3 - Seperate the service file from the spec file + * Wed May 3 2017 Bo Gan 7.5p1-2 - Fixed openssh-server dependency on coreutils + * Tue Mar 28 2017 Priyesh Padmavilasom 7.5p1-1 - Update version + * Thu Feb 09 2017 Anish Swaminathan 7.4p1-3 - Add patch to configure openssh FIPS mode + * Thu Feb 02 2017 Anish Swaminathan 7.4p1-2 - Add patch to support FIPS mode + * Fri Jan 06 2017 Xiaolin Li 7.4p1-1 - Updated to version 7.4p1. + * Wed Dec 14 2016 Xiaolin Li 7.1p2-10 - BuildRequires Linux-PAM-devel + * Mon Dec 12 2016 Anish Swaminathan 7.1p2-9 - Add patch to fix CVE-2016-8858 + * Thu Nov 24 2016 Alexey Makhalov 7.1p2-8 - openssh-devel requires ncurses-terminfo to provide extra terms for the clients + * Thu Nov 24 2016 Alexey Makhalov 7.1p2-7 - Required krb5-devel. + * Thu Nov 03 2016 Sharath George 7.1p2-6 - Split openssh into client and server rpms. + * Wed Oct 05 2016 ChangLee 7.1p2-5 - Modified %check + * Thu Sep 15 2016 Anish Swaminathan 7.1p2-4 - Add patch to fix CVE-2016-6515 + * Tue May 24 2016 Priyesh Padmavilasom 7.1p2-3 - GA - Bump release of all rpms + * Wed May 04 2016 Anish Swaminathan 7.1p2-2 - Edit scriptlets. + * Thu Mar 17 2016 Xiaolin Li 7.1p2-1 - Updated to version 7.1p2 + * Fri Feb 05 2016 Anish Swaminathan 6.6p1-6 - Add pre install scripts in the rpm + * Tue Jan 12 2016 Anish Swaminathan 6.6p1-5 - Change config file attributes. + * Thu Dec 10 2015 Xiaolin Li 6.6p1-4 - Add systemd to Requires and BuildRequires. - Use systemctl to enable/disable service. + * Fri Jul 17 2015 Divya Thaluru 6.6p1-3 - Enabling ssh-keygen service by default and fixed service file to execute only once. + * Tue May 19 2015 Sharath George 6.6p1-2 - Bulding ssh server with kerberos 5. + * Wed Nov 5 2014 Divya Thaluru 6.6p1-1 - Initial build. First version From 54dc069f66512caa236dd6929aa02978aff0e427 Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Thu, 5 Nov 2020 08:07:37 -0800 Subject: [PATCH 091/145] Nopatch CVE-2019-1010180 in gdb (#269) --- SPECS/gdb/CVE-2019-1010180.nopatch | 0 SPECS/gdb/gdb.spec | 104 +++++++++++++++++------------ 2 files changed, 61 insertions(+), 43 deletions(-) create mode 100644 SPECS/gdb/CVE-2019-1010180.nopatch diff --git a/SPECS/gdb/CVE-2019-1010180.nopatch b/SPECS/gdb/CVE-2019-1010180.nopatch new file mode 100644 index 00000000000..e69de29bb2d diff --git a/SPECS/gdb/gdb.spec b/SPECS/gdb/gdb.spec index 2d68d1f0620..80e28e7ffb6 100644 --- a/SPECS/gdb/gdb.spec +++ b/SPECS/gdb/gdb.spec @@ -1,23 +1,26 @@ Summary: C debugger Name: gdb Version: 8.3 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ -URL: https://www.gnu.org/software/gdb -Source0: https://ftp.gnu.org/gnu/gdb/%{name}-%{version}.tar.xz -Group: Development/Tools Vendor: Microsoft Corporation Distribution: Mariner +Group: Development/Tools +URL: https://www.gnu.org/software/gdb +Source0: https://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz Patch0: gdb-7.12-pstack.patch -Requires: expat -Requires: ncurses -Requires: python3 -Requires: xz-libs +# 8.3 contains a partial fix in the form of a warning when this bug is triggered +# The complete fix is not easily backported from 9.1 +Patch1: CVE-2019-1010180.nopatch BuildRequires: expat-devel BuildRequires: ncurses-devel BuildRequires: python3-devel BuildRequires: python3-libs BuildRequires: xz-devel +Requires: expat +Requires: ncurses +Requires: python3 +Requires: xz-libs %if %{with_check} BuildRequires: dejagnu BuildRequires: systemtap-sdt-devel @@ -27,18 +30,17 @@ BuildRequires: systemtap-sdt-devel GDB, the GNU Project debugger, allows you to see what is going on `inside' another program while it executes -- or what another program was doing at the moment it crashed. + %prep -%setup -q -%patch0 -p1 +%autosetup -p1 %build -./configure \ - --prefix=%{_prefix} \ - --with-python=/usr/bin/python3 +%configure --with-python=%{_bindir}/python3 make %{?_smp_mflags} + %install make DESTDIR=%{buildroot} install -find %{buildroot} -name '*.la' -delete +find %{buildroot} -type f -name "*.la" -delete -print rm %{buildroot}%{_infodir}/dir # following files conflicts with binutils-2.24-1.x86_64 @@ -80,34 +82,50 @@ make %{?_smp_mflags} check || tail gdb/testsuite/gdb.sum | grep "# of unexpecte %{_mandir}/*/* %changelog -* Sat May 09 00:20:48 PST 2020 Nick Samson +* Thu Oct 22 2020 Thomas Crain - 8.3-3 +- Patch CVE-2019-1010180 + +* Sat May 09 2020 Nick Samson - 8.3-2 - Added %%license line automatically -* Mon Mar 16 2020 Henry Beberman 8.3-1 -- Update to 8.3. URL fixed. License verified. -* Tue Sep 03 2019 Mateusz Malisz 8.2-2 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Fri Sep 14 2018 Keerthana K 8.2-1 -- Update to version 8.2 -* Thu Dec 07 2017 Alexey Makhalov 7.12.1-8 -- Enable LZMA support -* Tue Nov 14 2017 Alexey Makhalov 7.12.1-7 -- Aarch64 support -* Mon Sep 11 2017 Rui Gu 7.12.1-6 -- Enable make check in docker with part of checks disabled -* Thu Aug 10 2017 Alexey Makhalov 7.12.1-5 -- Make check improvements -* Fri Jul 21 2017 Rui Gu 7.12.1-4 -- Add pstack wrapper which will invoke gdb. -* Wed Jul 12 2017 Alexey Makhalov 7.12.1-3 -- Get tcl, expect and dejagnu from packages -* Thu May 18 2017 Xiaolin Li 7.12.1-2 -- Build gdb with python3. -* Wed Mar 22 2017 Alexey Makhalov 7.12.1-1 -- Version update -* Tue May 24 2016 Priyesh Padmavilasom 7.8.2-3 -- GA - Bump release of all rpms -* Tue Nov 10 2015 Xiaolin Li 7.8.2-2 -- Handled locale files with macro find_lang -* Wed Apr 08 2015 Priyesh Padmavilasom 7.8.2-1 -- Initial build. First version +* Mon Mar 16 2020 Henry Beberman - 8.3-1 +- Update to 8.3. URL fixed. License verified. + +* Tue Sep 03 2019 Mateusz Malisz - 8.2-2 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Fri Sep 14 2018 Keerthana K - 8.2-1 +- Update to version 8.2 + +* Thu Dec 07 2017 Alexey Makhalov - 7.12.1-8 +- Enable LZMA support + +* Tue Nov 14 2017 Alexey Makhalov - 7.12.1-7 +- Aarch64 support + +* Mon Sep 11 2017 Rui Gu - 7.12.1-6 +- Enable make check in docker with part of checks disabled + +* Thu Aug 10 2017 Alexey Makhalov - 7.12.1-5 +- Make check improvements + +* Fri Jul 21 2017 Rui Gu - 7.12.1-4 +- Add pstack wrapper which will invoke gdb. + +* Wed Jul 12 2017 Alexey Makhalov - 7.12.1-3 +- Get tcl, expect and dejagnu from packages + +* Thu May 18 2017 Xiaolin Li - 7.12.1-2 +- Build gdb with python3. + +* Wed Mar 22 2017 Alexey Makhalov - 7.12.1-1 +- Version update + +* Tue May 24 2016 Priyesh Padmavilasom - 7.8.2-3 +- GA - Bump release of all rpms + +* Tue Nov 10 2015 Xiaolin Li - 7.8.2-2 +- Handled locale files with macro find_lang + +* Wed Apr 08 2015 Priyesh Padmavilasom - 7.8.2-1 +- Initial build. First version From ee24ec7942c047b530dd17ee37016ce1abf8e104 Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Thu, 5 Nov 2020 08:11:38 -0800 Subject: [PATCH 092/145] Nopatch for trousers CVE-2020-24332 (#287) --- SPECS/trousers/CVE-2020-24331.nopatch | 1 - SPECS/trousers/CVE-2020-24332.nopatch | 0 SPECS/trousers/trousers.spec | 86 +++++++++++++++------------ 3 files changed, 47 insertions(+), 40 deletions(-) create mode 100644 SPECS/trousers/CVE-2020-24332.nopatch diff --git a/SPECS/trousers/CVE-2020-24331.nopatch b/SPECS/trousers/CVE-2020-24331.nopatch index 2483a2ee406..e69de29bb2d 100644 --- a/SPECS/trousers/CVE-2020-24331.nopatch +++ b/SPECS/trousers/CVE-2020-24331.nopatch @@ -1 +0,0 @@ -CVE-2020-24330.patch fixes this CVE as well. \ No newline at end of file diff --git a/SPECS/trousers/CVE-2020-24332.nopatch b/SPECS/trousers/CVE-2020-24332.nopatch new file mode 100644 index 00000000000..e69de29bb2d diff --git a/SPECS/trousers/trousers.spec b/SPECS/trousers/trousers.spec index db54b62fdfa..ca4560ef37f 100644 --- a/SPECS/trousers/trousers.spec +++ b/SPECS/trousers/trousers.spec @@ -1,19 +1,18 @@ -Summary: TCG Software Stack (TSS) -Name: trousers -Version: 0.3.14 -Release: 6%{?dist} -License: BSD-3-Clause -URL: https://sourceforge.net/projects/trousers/ -Group: System Environment/Security -Vendor: Microsoft Corporation -Distribution: Mariner -Source0: https://sourceforge.net/projects/%{name}/files/%{name}/%{version}/%{name}-%{version}.tar.gz - -# CVE-2020-24330.patch fixes both CVE-2020-24330 and CVE-2020-24331. -Patch0: CVE-2020-24330.patch -Patch1: CVE-2020-24331.nopatch - -Requires: libtspi = %{version}-%{release} +Summary: TCG Software Stack (TSS) +Name: trousers +Version: 0.3.14 +Release: 7%{?dist} +License: BSD +Vendor: Microsoft Corporation +Distribution: Mariner +Group: System Environment/Security +URL: https://sourceforge.net/projects/trousers +Source0: %{url}/files/%{name}/%{version}/%{name}-%{version}.tar.gz +# CVE-2020-24330.patch also fixes CVE-2020-24331 and CVE-2020-24332. +Patch0: CVE-2020-24330.patch +Patch1: CVE-2020-24331.nopatch +Patch2: CVE-2020-24332.nopatch +Requires: libtspi = %{version}-%{release} %description Trousers is an open-source TCG Software Stack (TSS), released under @@ -21,19 +20,20 @@ the BSD License. Trousers aims to be compliant with the 1.1b and 1.2 TSS specifications available from the Trusted Computing %package devel -Summary: The libraries and header files needed for TSS development. -Requires: libtspi = %{version}-%{release} +Summary: The libraries and header files needed for TSS development. +Requires: libtspi = %{version}-%{release} + %description devel The libraries and header files needed for TSS development. %package -n libtspi -Summary: TSPI library +Summary: TSPI library + %description -n libtspi TSPI library %prep -%setup -q -c %{name}-%{version} -%patch0 -p1 +%autosetup -c %{name}-%{version} -p1 %build %configure \ @@ -45,14 +45,14 @@ make %{?_smp_mflags} make DESTDIR=%{buildroot} install %post -mkdir -p /var/lib/tpm +mkdir -p %{_sharedstatedir}/tpm if [ $1 -eq 1 ]; then # this is initial installation if ! getent group tss >/dev/null; then groupadd tss fi if ! getent passwd tss >/dev/null; then - useradd -c "TCG Software Stack" -d /var/lib/tpm -g tss \ + useradd -c "TCG Software Stack" -d %{_sharedstatedir}/tpm -g tss \ -s /bin/false tss fi fi @@ -78,7 +78,7 @@ fi %{_sbindir}/* %{_mandir}/man5 %{_mandir}/man8 -%exclude /var +%exclude %{_var} %files devel %defattr(-,root,root) @@ -95,18 +95,26 @@ fi %exclude %{_libdir}/libtddl.a %changelog -* Thu Aug 20 2020 Pawel Winogrodzki 0.3.14-6 -- Applying a patch for CVE-2020-24330 and CVE-2020-24331. -* Sat May 09 2020 Nick Samson 0.3.14-5 -- Added %%license line automatically -* Thu Apr 09 2020 Joe Schmitt 0.3.14-4 -- Update Source0 with valid URL. -- Update License. -- Remove sha1 macro. -- License verified. -* Tue Sep 03 2019 Mateusz Malisz 0.3.14-3 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Fri Oct 13 2017 Alexey Makhalov 0.3.14-2 -- Use standard configure macros -* Thu Mar 2 2017 Alexey Makhalov 0.3.14-1 -- Initial build. First version +* Tue Oct 27 2020 Thomas Crain - 0.3.14-7 +- Added nopatch file for CVE-2020-24332. + +* Thu Aug 20 2020 Pawel Winogrodzki - 0.3.14-6 +- Applying a patch for CVE-2020-24330 and CVE-2020-24331. + +* Sat May 09 2020 Nick Samson - 0.3.14-5 +- Added %%license line automatically + +* Thu Apr 09 2020 Joe Schmitt - 0.3.14-4 +- Update Source0 with valid URL. +- Update License. +- Remove sha1 macro. +- License verified. + +* Tue Sep 03 2019 Mateusz Malisz - 0.3.14-3 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Fri Oct 13 2017 Alexey Makhalov - 0.3.14-2 +- Use standard configure macros + +* Thu Mar 2 2017 Alexey Makhalov - 0.3.14-1 +- Initial build. First version From 90940092d48d1a0b8bb69120e0876582398bbdc1 Mon Sep 17 00:00:00 2001 From: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com> Date: Thu, 5 Nov 2020 10:19:47 -0800 Subject: [PATCH 093/145] Include all sources in bond regardless of arch (#280) --- SPECS/bond/bond.signatures.json | 12 ++++++------ SPECS/bond/bond.spec | 23 ++++++++++++++++------- 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/SPECS/bond/bond.signatures.json b/SPECS/bond/bond.signatures.json index 36c81bf0dcf..0817679b97f 100644 --- a/SPECS/bond/bond.signatures.json +++ b/SPECS/bond/bond.signatures.json @@ -1,7 +1,7 @@ { - "Signatures": { - "bond-8.0.1.tar.gz" : "d22428a40ab158813c6b0d6548a9a4c1304c1873bd4f2f62a0f36c0ba2855a8b", - "gbc-0.11.0.3-aarch64" : "2fa232b3ceb79ff2e002ad06f8da93bd59f81599102f95258b4dadb84d6b847d", - "gbc-0.11.0.3-x86_64" : "c64f9db841b8cccad4c8ec0bd724e52d28b51a15af145fe40223cd92d7356d71" - } -} + "Signatures": { + "bond-8.0.1.tar.gz": "d22428a40ab158813c6b0d6548a9a4c1304c1873bd4f2f62a0f36c0ba2855a8b", + "gbc-0.11.0.3-aarch64": "2fa232b3ceb79ff2e002ad06f8da93bd59f81599102f95258b4dadb84d6b847d", + "gbc-0.11.0.3-x86_64": "c64f9db841b8cccad4c8ec0bd724e52d28b51a15af145fe40223cd92d7356d71" + } +} \ No newline at end of file diff --git a/SPECS/bond/bond.spec b/SPECS/bond/bond.spec index c460848e38d..c925adb84fd 100644 --- a/SPECS/bond/bond.spec +++ b/SPECS/bond/bond.spec @@ -1,22 +1,22 @@ -Name: bond Summary: Microsoft Bond Library +Name: bond Version: 8.0.1 -Release: 3%{?dist} +Release: 4%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner URL: https://github.com/microsoft/bond #Source0: %{url}/archive/%{version}.tar.gz Source0: %{name}-%{version}.tar.gz -Source1: gbc-0.11.0.3-%{_arch} - +Source1: gbc-0.11.0.3-aarch64 +Source2: gbc-0.11.0.3-x86_64 +BuildRequires: boost-devel BuildRequires: clang BuildRequires: cmake -BuildRequires: zlib-devel -BuildRequires: boost-devel +BuildRequires: gmp-devel BuildRequires: ncurses-devel BuildRequires: rapidjson-devel -BuildRequires: gmp-devel +BuildRequires: zlib-devel %description Bond is an open-source, cross-platform framework for working with schematized data. @@ -39,7 +39,11 @@ CMAKE_OPTS="\ -DBOND_FIND_RAPIDJSON=TRUE \ -DBOND_SKIP_CORE_TESTS=TRUE \ -DBOND_SKIP_GBC_TESTS=TRUE \ +%ifarch aarch64 -DBOND_GBC_PATH=%{SOURCE1} \ +%else + -DBOND_GBC_PATH=%{SOURCE2} \ +%endif -DCMAKE_INSTALL_PREFIX=%{_prefix} \ " @@ -63,11 +67,16 @@ chmod 0755 %{buildroot}%{_bindir}/gbc %{_libdir}/%{name}/* %changelog +* Tue Oct 27 2020 Joe Schmitt - 8.0.1-4 +- Include all sources regardless of architecture. + * Mon Oct 19 2020 Pawel Winogrodzki 8.0.1-3 - License verified. - Added source URL. - Added 'Vendor' and 'Distribution' tags. + * Tue May 19 2020 Jonathan Chiu 8.0.1-2 - Add aarch64 support + * Mon Apr 06 2020 Jonathan Chiu 8.0.1-1 - Original version for CBL-Mariner. From 21b2c234ab04afbc0a4095c23e2109fe8a42304f Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Thu, 5 Nov 2020 10:21:03 -0800 Subject: [PATCH 094/145] Patch CVE-2020-8927 in brotli (#323) --- SPECS/brotli/CVE-2020-8927.patch | 1205 ++++++++++++++++++++++++++++++ SPECS/brotli/brotli.spec | 30 +- 2 files changed, 1220 insertions(+), 15 deletions(-) create mode 100644 SPECS/brotli/CVE-2020-8927.patch diff --git a/SPECS/brotli/CVE-2020-8927.patch b/SPECS/brotli/CVE-2020-8927.patch new file mode 100644 index 00000000000..f675a5c68b7 --- /dev/null +++ b/SPECS/brotli/CVE-2020-8927.patch @@ -0,0 +1,1205 @@ +Backported of: + +From 223d80cfbec8fd346e32906c732c8ede21f0cea6 Mon Sep 17 00:00:00 2001 +From: Eugene Kliuchnikov +Date: Wed, 26 Aug 2020 12:32:27 +0200 +Subject: [PATCH] Update (#826) + + * IMPORTANT: decoder: fix potential overflow when input chunk is >2GiB + * simplify max Huffman table size calculation + * eliminate symbol duplicates (static arrays in .h files) + * minor combing in research/ code + +--- + c/common/constants.c | 15 ++++ + c/common/constants.h | 18 +++++ + c/common/context.c | 156 +++++++++++++++++++++++++++++++++++++ + c/common/context.h | 156 +------------------------------------ + c/common/platform.c | 22 ++++++ + c/common/platform.h | 11 +-- + c/dec/bit_reader.c | 11 +++ + c/dec/bit_reader.h | 19 ++--- + c/dec/decode.c | 9 ++- + c/dec/huffman.h | 8 +- + c/dec/prefix.h | 18 ----- + c/dec/state.c | 7 +- + c/enc/brotli_bit_stream.c | 21 +---- + c/enc/command.c | 28 +++++++ + c/enc/command.h | 24 +++--- + c/enc/entropy_encode.c | 2 + + c/enc/entropy_encode.h | 4 +- + c/enc/fast_log.c | 105 +++++++++++++++++++++++++ + c/enc/fast_log.h | 99 ++--------------------- + research/brotli_decoder.c | 1 + + research/draw_histogram.cc | 25 +++--- + scripts/.bintray.json | 2 +- + scripts/sources.lst | 5 ++ + setup.py | 5 ++ + 24 files changed, 430 insertions(+), 341 deletions(-) + create mode 100644 c/common/constants.c + create mode 100644 c/common/context.c + create mode 100644 c/common/platform.c + create mode 100644 c/enc/command.c + create mode 100644 c/enc/fast_log.c + +diff --git a/c/common/constants.c b/c/common/constants.c +new file mode 100644 +index 0000000..6bad9f6 +--- /dev/null ++++ b/c/common/constants.c +@@ -0,0 +1,15 @@ ++/* Copyright 2013 Google Inc. All Rights Reserved. ++ ++ Distributed under MIT license. ++ See file LICENSE for detail or copy at https://opensource.org/licenses/MIT ++*/ ++ ++#include "./constants.h" ++ ++const BrotliPrefixCodeRange ++ _kBrotliPrefixCodeRanges[BROTLI_NUM_BLOCK_LEN_SYMBOLS] = { ++ {1, 2}, {5, 2}, {9, 2}, {13, 2}, {17, 3}, {25, 3}, ++ {33, 3}, {41, 3}, {49, 4}, {65, 4}, {81, 4}, {97, 4}, ++ {113, 5}, {145, 5}, {177, 5}, {209, 5}, {241, 6}, {305, 6}, ++ {369, 7}, {497, 8}, {753, 9}, {1265, 10}, {2289, 11}, {4337, 12}, ++ {8433, 13}, {16625, 24}}; +diff --git a/c/common/constants.h b/c/common/constants.h +index d1b88d1..c1c38d5 100644 +--- a/c/common/constants.h ++++ b/c/common/constants.h +@@ -7,6 +7,9 @@ + #ifndef BROTLI_COMMON_CONSTANTS_H_ + #define BROTLI_COMMON_CONSTANTS_H_ + ++#include ++#include ++ + /* Specification: 7.3. Encoding of the context map */ + #define BROTLI_CONTEXT_MAP_MAX_RLE 16 + +@@ -48,6 +51,10 @@ + #define BROTLI_MAX_DISTANCE 0x3FFFFFC + #define BROTLI_MAX_ALLOWED_DISTANCE 0x7FFFFFFC + ++ ++/* Specification: 4. Encoding of Literal Insertion Lengths and Copy Lengths */ ++#define BROTLI_NUM_INS_COPY_CODES 24 ++ + /* 7.1. Context modes and context ID lookup for literals */ + /* "context IDs for literals are in the range of 0..63" */ + #define BROTLI_LITERAL_CONTEXT_BITS 6 +@@ -61,4 +68,15 @@ + #define BROTLI_WINDOW_GAP 16 + #define BROTLI_MAX_BACKWARD_LIMIT(W) (((size_t)1 << (W)) - BROTLI_WINDOW_GAP) + ++/* Represents the range of values belonging to a prefix code: ++ [offset, offset + 2^nbits) */ ++typedef struct { ++ uint16_t offset; ++ uint8_t nbits; ++} BrotliPrefixCodeRange; ++ ++/* "Soft-private", it is exported, but not "advertised" as API. */ ++BROTLI_COMMON_API extern const BrotliPrefixCodeRange ++ _kBrotliPrefixCodeRanges[BROTLI_NUM_BLOCK_LEN_SYMBOLS]; ++ + #endif /* BROTLI_COMMON_CONSTANTS_H_ */ +diff --git a/c/common/context.c b/c/common/context.c +new file mode 100644 +index 0000000..2c2dceb +--- /dev/null ++++ b/c/common/context.c +@@ -0,0 +1,156 @@ ++#include "./context.h" ++ ++#include ++ ++/* Common context lookup table for all context modes. */ ++const uint8_t _kBrotliContextLookupTable[2048] = { ++ /* CONTEXT_LSB6, last byte. */ ++ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, ++ 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, ++ 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, ++ 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, ++ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, ++ 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, ++ 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, ++ 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, ++ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, ++ 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, ++ 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, ++ 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, ++ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, ++ 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, ++ 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, ++ 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, ++ ++ /* CONTEXT_LSB6, second last byte, */ ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ ++ /* CONTEXT_MSB6, last byte. */ ++ 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, ++ 4, 4, 4, 4, 5, 5, 5, 5, 6, 6, 6, 6, 7, 7, 7, 7, ++ 8, 8, 8, 8, 9, 9, 9, 9, 10, 10, 10, 10, 11, 11, 11, 11, ++ 12, 12, 12, 12, 13, 13, 13, 13, 14, 14, 14, 14, 15, 15, 15, 15, ++ 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18, 19, 19, 19, 19, ++ 20, 20, 20, 20, 21, 21, 21, 21, 22, 22, 22, 22, 23, 23, 23, 23, ++ 24, 24, 24, 24, 25, 25, 25, 25, 26, 26, 26, 26, 27, 27, 27, 27, ++ 28, 28, 28, 28, 29, 29, 29, 29, 30, 30, 30, 30, 31, 31, 31, 31, ++ 32, 32, 32, 32, 33, 33, 33, 33, 34, 34, 34, 34, 35, 35, 35, 35, ++ 36, 36, 36, 36, 37, 37, 37, 37, 38, 38, 38, 38, 39, 39, 39, 39, ++ 40, 40, 40, 40, 41, 41, 41, 41, 42, 42, 42, 42, 43, 43, 43, 43, ++ 44, 44, 44, 44, 45, 45, 45, 45, 46, 46, 46, 46, 47, 47, 47, 47, ++ 48, 48, 48, 48, 49, 49, 49, 49, 50, 50, 50, 50, 51, 51, 51, 51, ++ 52, 52, 52, 52, 53, 53, 53, 53, 54, 54, 54, 54, 55, 55, 55, 55, ++ 56, 56, 56, 56, 57, 57, 57, 57, 58, 58, 58, 58, 59, 59, 59, 59, ++ 60, 60, 60, 60, 61, 61, 61, 61, 62, 62, 62, 62, 63, 63, 63, 63, ++ ++ /* CONTEXT_MSB6, second last byte, */ ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ ++ /* CONTEXT_UTF8, last byte. */ ++ /* ASCII range. */ ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 4, 0, 0, 4, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 8, 12, 16, 12, 12, 20, 12, 16, 24, 28, 12, 12, 32, 12, 36, 12, ++ 44, 44, 44, 44, 44, 44, 44, 44, 44, 44, 32, 32, 24, 40, 28, 12, ++ 12, 48, 52, 52, 52, 48, 52, 52, 52, 48, 52, 52, 52, 52, 52, 48, ++ 52, 52, 52, 52, 52, 48, 52, 52, 52, 52, 52, 24, 12, 28, 12, 12, ++ 12, 56, 60, 60, 60, 56, 60, 60, 60, 56, 60, 60, 60, 60, 60, 56, ++ 60, 60, 60, 60, 60, 56, 60, 60, 60, 60, 60, 24, 12, 28, 12, 0, ++ /* UTF8 continuation byte range. */ ++ 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, ++ 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, ++ 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, ++ 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, ++ /* UTF8 lead byte range. */ ++ 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, ++ 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, ++ 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, ++ 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, ++ ++ /* CONTEXT_UTF8 second last byte. */ ++ /* ASCII range. */ ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, ++ 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, ++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, ++ 1, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, ++ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 1, 1, 1, 1, 0, ++ /* UTF8 continuation byte range. */ ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ /* UTF8 lead byte range. */ ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, ++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, ++ ++ /* CONTEXT_SIGNED, last byte, same as the above values shifted by 3 bits. */ ++ 0, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, ++ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, ++ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, ++ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, ++ 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, ++ 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, ++ 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, ++ 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, ++ 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, ++ 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, ++ 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, ++ 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, ++ 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, ++ 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, ++ 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, ++ 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 56, ++ ++ /* CONTEXT_SIGNED, second last byte. */ ++ 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, ++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, ++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, ++ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, ++ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, ++ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, ++ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, ++ 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, ++ 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, ++ 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 7, ++}; +diff --git a/c/common/context.h b/c/common/context.h +index 24b3eb4..685a279 100755 +--- a/c/common/context.h ++++ b/c/common/context.h +@@ -88,6 +88,7 @@ + #ifndef BROTLI_COMMON_CONTEXT_H_ + #define BROTLI_COMMON_CONTEXT_H_ + ++#include + #include + + typedef enum ContextType { +@@ -97,163 +98,14 @@ typedef enum ContextType { + CONTEXT_SIGNED = 3 + } ContextType; + ++/* "Soft-private", it is exported, but not "advertised" as API. */ + /* Common context lookup table for all context modes. */ +-static const uint8_t kContextLookup[2048] = { +- /* CONTEXT_LSB6, last byte. */ +- 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, +- 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, +- 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, +- 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, +- 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, +- 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, +- 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, +- 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, +- 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, +- 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, +- 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, +- 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, +- 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, +- 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, +- 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, +- 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, +- +- /* CONTEXT_LSB6, second last byte, */ +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- +- /* CONTEXT_MSB6, last byte. */ +- 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, +- 4, 4, 4, 4, 5, 5, 5, 5, 6, 6, 6, 6, 7, 7, 7, 7, +- 8, 8, 8, 8, 9, 9, 9, 9, 10, 10, 10, 10, 11, 11, 11, 11, +- 12, 12, 12, 12, 13, 13, 13, 13, 14, 14, 14, 14, 15, 15, 15, 15, +- 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18, 19, 19, 19, 19, +- 20, 20, 20, 20, 21, 21, 21, 21, 22, 22, 22, 22, 23, 23, 23, 23, +- 24, 24, 24, 24, 25, 25, 25, 25, 26, 26, 26, 26, 27, 27, 27, 27, +- 28, 28, 28, 28, 29, 29, 29, 29, 30, 30, 30, 30, 31, 31, 31, 31, +- 32, 32, 32, 32, 33, 33, 33, 33, 34, 34, 34, 34, 35, 35, 35, 35, +- 36, 36, 36, 36, 37, 37, 37, 37, 38, 38, 38, 38, 39, 39, 39, 39, +- 40, 40, 40, 40, 41, 41, 41, 41, 42, 42, 42, 42, 43, 43, 43, 43, +- 44, 44, 44, 44, 45, 45, 45, 45, 46, 46, 46, 46, 47, 47, 47, 47, +- 48, 48, 48, 48, 49, 49, 49, 49, 50, 50, 50, 50, 51, 51, 51, 51, +- 52, 52, 52, 52, 53, 53, 53, 53, 54, 54, 54, 54, 55, 55, 55, 55, +- 56, 56, 56, 56, 57, 57, 57, 57, 58, 58, 58, 58, 59, 59, 59, 59, +- 60, 60, 60, 60, 61, 61, 61, 61, 62, 62, 62, 62, 63, 63, 63, 63, +- +- /* CONTEXT_MSB6, second last byte, */ +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- +- /* CONTEXT_UTF8, last byte. */ +- /* ASCII range. */ +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 4, 0, 0, 4, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 8, 12, 16, 12, 12, 20, 12, 16, 24, 28, 12, 12, 32, 12, 36, 12, +- 44, 44, 44, 44, 44, 44, 44, 44, 44, 44, 32, 32, 24, 40, 28, 12, +- 12, 48, 52, 52, 52, 48, 52, 52, 52, 48, 52, 52, 52, 52, 52, 48, +- 52, 52, 52, 52, 52, 48, 52, 52, 52, 52, 52, 24, 12, 28, 12, 12, +- 12, 56, 60, 60, 60, 56, 60, 60, 60, 56, 60, 60, 60, 60, 60, 56, +- 60, 60, 60, 60, 60, 56, 60, 60, 60, 60, 60, 24, 12, 28, 12, 0, +- /* UTF8 continuation byte range. */ +- 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, +- 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, +- 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, +- 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, +- /* UTF8 lead byte range. */ +- 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, +- 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, +- 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, +- 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, +- +- /* CONTEXT_UTF8 second last byte. */ +- /* ASCII range. */ +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, +- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, +- 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, +- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, +- 1, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, +- 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 1, 1, 1, 1, 0, +- /* UTF8 continuation byte range. */ +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- /* UTF8 lead byte range. */ +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, +- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, +- +- /* CONTEXT_SIGNED, last byte, same as the above values shifted by 3 bits. */ +- 0, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, +- 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, +- 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, +- 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, +- 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, +- 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, +- 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, +- 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, +- 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, +- 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, +- 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, +- 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, +- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, +- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, +- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, +- 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 56, +- +- /* CONTEXT_SIGNED, second last byte. */ +- 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, +- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, +- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, +- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, +- 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, +- 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, +- 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, +- 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, +- 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, +- 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, +- 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, +- 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, +- 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, +- 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, +- 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, +- 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 7, +-}; ++BROTLI_COMMON_API extern const uint8_t _kBrotliContextLookupTable[2048]; + + typedef const uint8_t* ContextLut; + + /* typeof(MODE) == ContextType; returns ContextLut */ +-#define BROTLI_CONTEXT_LUT(MODE) (&kContextLookup[(MODE) << 9]) ++#define BROTLI_CONTEXT_LUT(MODE) (&_kBrotliContextLookupTable[(MODE) << 9]) + + /* typeof(LUT) == ContextLut */ + #define BROTLI_CONTEXT(P1, P2, LUT) ((LUT)[P1] | ((LUT) + 256)[P2]) +diff --git a/c/common/platform.c b/c/common/platform.c +new file mode 100644 +index 0000000..aef39e9 +--- /dev/null ++++ b/c/common/platform.c +@@ -0,0 +1,22 @@ ++/* Copyright 2016 Google Inc. All Rights Reserved. ++ ++ Distributed under MIT license. ++ See file LICENSE for detail or copy at https://opensource.org/licenses/MIT ++*/ ++ ++#include ++ ++#include "./platform.h" ++#include ++ ++/* Default brotli_alloc_func */ ++void* BrotliDefaultAllocFunc(void* opaque, size_t size) { ++ BROTLI_UNUSED(opaque); ++ return malloc(size); ++} ++ ++/* Default brotli_free_func */ ++void BrotliDefaultFreeFunc(void* opaque, void* address) { ++ BROTLI_UNUSED(opaque); ++ free(address); ++} +diff --git a/c/common/platform.h b/c/common/platform.h +index 84c448c..43c9b89 100755 +--- a/c/common/platform.h ++++ b/c/common/platform.h +@@ -24,7 +24,6 @@ + #define BROTLI_COMMON_PLATFORM_H_ + + #include /* memcpy */ +-#include /* malloc, free */ + + #include + #include +@@ -524,16 +523,10 @@ BROTLI_MIN_MAX(size_t) BROTLI_MIN_MAX(uint32_t) BROTLI_MIN_MAX(uint8_t) + } + + /* Default brotli_alloc_func */ +-static void* BrotliDefaultAllocFunc(void* opaque, size_t size) { +- BROTLI_UNUSED(opaque); +- return malloc(size); +-} ++BROTLI_COMMON_API void* BrotliDefaultAllocFunc(void* opaque, size_t size); + + /* Default brotli_free_func */ +-static void BrotliDefaultFreeFunc(void* opaque, void* address) { +- BROTLI_UNUSED(opaque); +- free(address); +-} ++BROTLI_COMMON_API void BrotliDefaultFreeFunc(void* opaque, void* address); + + BROTLI_UNUSED_FUNCTION void BrotliSuppressUnusedFunctions(void) { + BROTLI_UNUSED(&BrotliSuppressUnusedFunctions); +diff --git a/c/dec/bit_reader.c b/c/dec/bit_reader.c +index 722fd90..67d4e25 100644 +--- a/c/dec/bit_reader.c ++++ b/c/dec/bit_reader.c +@@ -15,6 +15,17 @@ + extern "C" { + #endif + ++const uint32_t kBrotliBitMask[33] = { 0x00000000, ++ 0x00000001, 0x00000003, 0x00000007, 0x0000000F, ++ 0x0000001F, 0x0000003F, 0x0000007F, 0x000000FF, ++ 0x000001FF, 0x000003FF, 0x000007FF, 0x00000FFF, ++ 0x00001FFF, 0x00003FFF, 0x00007FFF, 0x0000FFFF, ++ 0x0001FFFF, 0x0003FFFF, 0x0007FFFF, 0x000FFFFF, ++ 0x001FFFFF, 0x003FFFFF, 0x007FFFFF, 0x00FFFFFF, ++ 0x01FFFFFF, 0x03FFFFFF, 0x07FFFFFF, 0x0FFFFFFF, ++ 0x1FFFFFFF, 0x3FFFFFFF, 0x7FFFFFFF, 0xFFFFFFFF ++}; ++ + void BrotliInitBitReader(BrotliBitReader* const br) { + br->val_ = 0; + br->bit_pos_ = sizeof(br->val_) << 3; +diff --git a/c/dec/bit_reader.h b/c/dec/bit_reader.h +index c06e914..b1c6f24 100644 +--- a/c/dec/bit_reader.h ++++ b/c/dec/bit_reader.h +@@ -11,6 +11,7 @@ + + #include /* memcpy */ + ++#include "../common/constants.h" + #include "../common/platform.h" + #include + +@@ -20,16 +21,7 @@ extern "C" { + + #define BROTLI_SHORT_FILL_BIT_WINDOW_READ (sizeof(brotli_reg_t) >> 1) + +-static const uint32_t kBitMask[33] = { 0x00000000, +- 0x00000001, 0x00000003, 0x00000007, 0x0000000F, +- 0x0000001F, 0x0000003F, 0x0000007F, 0x000000FF, +- 0x000001FF, 0x000003FF, 0x000007FF, 0x00000FFF, +- 0x00001FFF, 0x00003FFF, 0x00007FFF, 0x0000FFFF, +- 0x0001FFFF, 0x0003FFFF, 0x0007FFFF, 0x000FFFFF, +- 0x001FFFFF, 0x003FFFFF, 0x007FFFFF, 0x00FFFFFF, +- 0x01FFFFFF, 0x03FFFFFF, 0x07FFFFFF, 0x0FFFFFFF, +- 0x1FFFFFFF, 0x3FFFFFFF, 0x7FFFFFFF, 0xFFFFFFFF +-}; ++BROTLI_INTERNAL extern const uint32_t kBrotliBitMask[33]; + + static BROTLI_INLINE uint32_t BitMask(uint32_t n) { + if (BROTLI_IS_CONSTANT(n) || BROTLI_HAS_UBFX) { +@@ -37,7 +29,7 @@ static BROTLI_INLINE uint32_t BitMask(uint32_t n) { + "Unsigned Bit Field Extract" UBFX instruction on ARM. */ + return ~((0xFFFFFFFFu) << n); + } else { +- return kBitMask[n]; ++ return kBrotliBitMask[n]; + } + } + +@@ -87,8 +79,11 @@ static BROTLI_INLINE uint32_t BrotliGetAvailableBits( + } + + /* Returns amount of unread bytes the bit reader still has buffered from the +- BrotliInput, including whole bytes in br->val_. */ ++ BrotliInput, including whole bytes in br->val_. Result is capped with ++ maximal ring-buffer size (larger number won't be utilized anyway). */ + static BROTLI_INLINE size_t BrotliGetRemainingBytes(BrotliBitReader* br) { ++ static const size_t kCap = (size_t)1 << BROTLI_LARGE_MAX_WBITS; ++ if (br->avail_in > kCap) return kCap; + return br->avail_in + (BrotliGetAvailableBits(br) >> 3); + } + +diff --git a/c/dec/decode.c b/c/dec/decode.c +index 08bd76c..36111e7 100644 +--- a/c/dec/decode.c ++++ b/c/dec/decode.c +@@ -867,8 +867,8 @@ static BROTLI_INLINE uint32_t ReadBlockLength(const HuffmanCode* table, + uint32_t code; + uint32_t nbits; + code = ReadSymbol(table, br); +- nbits = kBlockLengthPrefixCode[code].nbits; /* nbits == 2..24 */ +- return kBlockLengthPrefixCode[code].offset + BrotliReadBits(br, nbits); ++ nbits = _kBrotliPrefixCodeRanges[code].nbits; /* nbits == 2..24 */ ++ return _kBrotliPrefixCodeRanges[code].offset + BrotliReadBits(br, nbits); + } + + /* WARNING: if state is not BROTLI_STATE_READ_BLOCK_LENGTH_NONE, then +@@ -886,13 +886,14 @@ static BROTLI_INLINE BROTLI_BOOL SafeReadBlockLength( + } + { + uint32_t bits; +- uint32_t nbits = kBlockLengthPrefixCode[index].nbits; /* nbits == 2..24 */ ++ uint32_t nbits = _kBrotliPrefixCodeRanges[index].nbits; ++ uint32_t offset = _kBrotliPrefixCodeRanges[index].offset; + if (!BrotliSafeReadBits(br, nbits, &bits)) { + s->block_length_index = index; + s->substate_read_block_length = BROTLI_STATE_READ_BLOCK_LENGTH_SUFFIX; + return BROTLI_FALSE; + } +- *result = kBlockLengthPrefixCode[index].offset + bits; ++ *result = offset + bits; + s->substate_read_block_length = BROTLI_STATE_READ_BLOCK_LENGTH_NONE; + return BROTLI_TRUE; + } +diff --git a/c/dec/huffman.h b/c/dec/huffman.h +index b9f0716..5a70279 100644 +--- a/c/dec/huffman.h ++++ b/c/dec/huffman.h +@@ -18,12 +18,6 @@ extern "C" { + + #define BROTLI_HUFFMAN_MAX_CODE_LENGTH 15 + +-/* Maximum possible Huffman table size for an alphabet size of (index * 32), +- max code length 15 and root table bits 8. */ +-static const uint16_t kMaxHuffmanTableSize[] = { +- 256, 402, 436, 468, 500, 534, 566, 598, 630, 662, 694, 726, 758, 790, 822, +- 854, 886, 920, 952, 984, 1016, 1048, 1080, 1112, 1144, 1176, 1208, 1240, 1272, +- 1304, 1336, 1368, 1400, 1432, 1464, 1496, 1528}; + /* BROTLI_NUM_BLOCK_LEN_SYMBOLS == 26 */ + #define BROTLI_HUFFMAN_MAX_SIZE_26 396 + /* BROTLI_MAX_BLOCK_TYPE_SYMBOLS == 258 */ +@@ -100,7 +94,7 @@ BROTLI_INTERNAL void BrotliBuildCodeLengthsHuffmanTable(HuffmanCode* root_table, + /* Builds Huffman lookup table assuming code lengths are in symbol order. + Returns size of resulting table. */ + BROTLI_INTERNAL uint32_t BrotliBuildHuffmanTable(HuffmanCode* root_table, +- int root_bits, const uint16_t* const symbol_lists, uint16_t* count_arg); ++ int root_bits, const uint16_t* const symbol_lists, uint16_t* count); + + /* Builds a simple Huffman table. The |num_symbols| parameter is to be + interpreted as follows: 0 means 1 symbol, 1 means 2 symbols, +diff --git a/c/dec/prefix.h b/c/dec/prefix.h +index 3ea062d..481a2c7 100644 +--- a/c/dec/prefix.h ++++ b/c/dec/prefix.h +@@ -13,24 +13,6 @@ + #include "../common/constants.h" + #include + +-/* Represents the range of values belonging to a prefix code: +- [offset, offset + 2^nbits) */ +-struct PrefixCodeRange { +- uint16_t offset; +- uint8_t nbits; +-}; +- +-static const struct PrefixCodeRange +- kBlockLengthPrefixCode[BROTLI_NUM_BLOCK_LEN_SYMBOLS] = { +- { 1, 2}, { 5, 2}, { 9, 2}, { 13, 2}, +- { 17, 3}, { 25, 3}, { 33, 3}, { 41, 3}, +- { 49, 4}, { 65, 4}, { 81, 4}, { 97, 4}, +- { 113, 5}, { 145, 5}, { 177, 5}, { 209, 5}, +- { 241, 6}, { 305, 6}, { 369, 7}, { 497, 8}, +- { 753, 9}, { 1265, 10}, {2289, 11}, {4337, 12}, +- {8433, 13}, {16625, 24} +-}; +- + typedef struct CmdLutElement { + uint8_t insert_len_extra_bits; + uint8_t copy_len_extra_bits; +diff --git a/c/dec/state.c b/c/dec/state.c +index e0b37c2..9ac8161 100644 +--- a/c/dec/state.c ++++ b/c/dec/state.c +@@ -144,8 +144,11 @@ void BrotliDecoderStateCleanup(BrotliDecoderState* s) { + BROTLI_BOOL BrotliDecoderHuffmanTreeGroupInit(BrotliDecoderState* s, + HuffmanTreeGroup* group, uint32_t alphabet_size, uint32_t max_symbol, + uint32_t ntrees) { +- /* Pack two allocations into one */ +- const size_t max_table_size = kMaxHuffmanTableSize[(alphabet_size + 31) >> 5]; ++ /* 376 = 256 (1-st level table) + 4 + 7 + 15 + 31 + 63 (2-nd level mix-tables) ++ This number is discovered "unlimited" "enough" calculator; it is actually ++ a wee bigger than required in several cases (especially for alphabets with ++ less than 16 symbols). */ ++ const size_t max_table_size = alphabet_size + 376; + const size_t code_size = sizeof(HuffmanCode) * ntrees * max_table_size; + const size_t htree_size = sizeof(HuffmanCode*) * ntrees; + /* Pointer alignment is, hopefully, wider than sizeof(HuffmanCode). */ +diff --git a/c/enc/brotli_bit_stream.c b/c/enc/brotli_bit_stream.c +index aaf2dad..8e68059 100644 +--- a/c/enc/brotli_bit_stream.c ++++ b/c/enc/brotli_bit_stream.c +@@ -34,33 +34,18 @@ extern "C" { + BROTLI_DISTANCE_ALPHABET_SIZE(0, 0, BROTLI_LARGE_MAX_DISTANCE_BITS) + /* MAX_SIMPLE_DISTANCE_ALPHABET_SIZE == 140 */ + +-/* Represents the range of values belonging to a prefix code: +- [offset, offset + 2^nbits) */ +-typedef struct PrefixCodeRange { +- uint32_t offset; +- uint32_t nbits; +-} PrefixCodeRange; +- +-static const PrefixCodeRange +- kBlockLengthPrefixCode[BROTLI_NUM_BLOCK_LEN_SYMBOLS] = { +- { 1, 2}, { 5, 2}, { 9, 2}, {13, 2}, {17, 3}, { 25, 3}, { 33, 3}, +- {41, 3}, {49, 4}, {65, 4}, {81, 4}, {97, 4}, {113, 5}, {145, 5}, +- {177, 5}, { 209, 5}, { 241, 6}, { 305, 6}, { 369, 7}, { 497, 8}, +- {753, 9}, {1265, 10}, {2289, 11}, {4337, 12}, {8433, 13}, {16625, 24} +-}; +- + static BROTLI_INLINE uint32_t BlockLengthPrefixCode(uint32_t len) { + uint32_t code = (len >= 177) ? (len >= 753 ? 20 : 14) : (len >= 41 ? 7 : 0); + while (code < (BROTLI_NUM_BLOCK_LEN_SYMBOLS - 1) && +- len >= kBlockLengthPrefixCode[code + 1].offset) ++code; ++ len >= _kBrotliPrefixCodeRanges[code + 1].offset) ++code; + return code; + } + + static BROTLI_INLINE void GetBlockLengthPrefixCode(uint32_t len, size_t* code, + uint32_t* n_extra, uint32_t* extra) { + *code = BlockLengthPrefixCode(len); +- *n_extra = kBlockLengthPrefixCode[*code].nbits; +- *extra = len - kBlockLengthPrefixCode[*code].offset; ++ *n_extra = _kBrotliPrefixCodeRanges[*code].nbits; ++ *extra = len - _kBrotliPrefixCodeRanges[*code].offset; + } + + typedef struct BlockTypeCodeCalculator { +diff --git a/c/enc/command.c b/c/enc/command.c +new file mode 100644 +index 0000000..5e6c249 +--- /dev/null ++++ b/c/enc/command.c +@@ -0,0 +1,28 @@ ++/* Copyright 2013 Google Inc. All Rights Reserved. ++ ++ Distributed under MIT license. ++ See file LICENSE for detail or copy at https://opensource.org/licenses/MIT ++*/ ++ ++#include "./command.h" ++ ++#include ++ ++#if defined(__cplusplus) || defined(c_plusplus) ++extern "C" { ++#endif ++ ++const uint32_t kBrotliInsBase[BROTLI_NUM_INS_COPY_CODES] = { ++ 0, 1, 2, 3, 4, 5, 6, 8, 10, 14, 18, 26, ++ 34, 50, 66, 98, 130, 194, 322, 578, 1090, 2114, 6210, 22594}; ++const uint32_t kBrotliInsExtra[BROTLI_NUM_INS_COPY_CODES] = { ++ 0, 0, 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 7, 8, 9, 10, 12, 14, 24}; ++const uint32_t kBrotliCopyBase[BROTLI_NUM_INS_COPY_CODES] = { ++ 2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 14, 18, ++ 22, 30, 38, 54, 70, 102, 134, 198, 326, 582, 1094, 2118}; ++const uint32_t kBrotliCopyExtra[BROTLI_NUM_INS_COPY_CODES] = { ++ 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 7, 8, 9, 10, 24}; ++ ++#if defined(__cplusplus) || defined(c_plusplus) ++} /* extern "C" */ ++#endif +diff --git a/c/enc/command.h b/c/enc/command.h +index 1aac856..d84e373 100644 +--- a/c/enc/command.h ++++ b/c/enc/command.h +@@ -20,14 +20,14 @@ + extern "C" { + #endif + +-static uint32_t kInsBase[] = { 0, 1, 2, 3, 4, 5, 6, 8, 10, 14, 18, 26, 34, 50, +- 66, 98, 130, 194, 322, 578, 1090, 2114, 6210, 22594 }; +-static uint32_t kInsExtra[] = { 0, 0, 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, +- 5, 5, 6, 7, 8, 9, 10, 12, 14, 24 }; +-static uint32_t kCopyBase[] = { 2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 14, 18, 22, 30, +- 38, 54, 70, 102, 134, 198, 326, 582, 1094, 2118 }; +-static uint32_t kCopyExtra[] = { 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, +- 4, 4, 5, 5, 6, 7, 8, 9, 10, 24 }; ++BROTLI_INTERNAL extern const uint32_t ++ kBrotliInsBase[BROTLI_NUM_INS_COPY_CODES]; ++BROTLI_INTERNAL extern const uint32_t ++ kBrotliInsExtra[BROTLI_NUM_INS_COPY_CODES]; ++BROTLI_INTERNAL extern const uint32_t ++ kBrotliCopyBase[BROTLI_NUM_INS_COPY_CODES]; ++BROTLI_INTERNAL extern const uint32_t ++ kBrotliCopyExtra[BROTLI_NUM_INS_COPY_CODES]; + + static BROTLI_INLINE uint16_t GetInsertLengthCode(size_t insertlen) { + if (insertlen < 6) { +@@ -89,19 +89,19 @@ static BROTLI_INLINE void GetLengthCode(size_t insertlen, size_t copylen, + } + + static BROTLI_INLINE uint32_t GetInsertBase(uint16_t inscode) { +- return kInsBase[inscode]; ++ return kBrotliInsBase[inscode]; + } + + static BROTLI_INLINE uint32_t GetInsertExtra(uint16_t inscode) { +- return kInsExtra[inscode]; ++ return kBrotliInsExtra[inscode]; + } + + static BROTLI_INLINE uint32_t GetCopyBase(uint16_t copycode) { +- return kCopyBase[copycode]; ++ return kBrotliCopyBase[copycode]; + } + + static BROTLI_INLINE uint32_t GetCopyExtra(uint16_t copycode) { +- return kCopyExtra[copycode]; ++ return kBrotliCopyExtra[copycode]; + } + + typedef struct Command { +diff --git a/c/enc/entropy_encode.c b/c/enc/entropy_encode.c +index 97f9dfb..b50ccb5 100644 +--- a/c/enc/entropy_encode.c ++++ b/c/enc/entropy_encode.c +@@ -18,6 +18,8 @@ + extern "C" { + #endif + ++const size_t kBrotliShellGaps[] = {132, 57, 23, 10, 4, 1}; ++ + BROTLI_BOOL BrotliSetDepth( + int p0, HuffmanTree* pool, uint8_t* depth, int max_depth) { + int stack[16]; +diff --git a/c/enc/entropy_encode.h b/c/enc/entropy_encode.h +index f23d9c3..9618e1d 100644 +--- a/c/enc/entropy_encode.h ++++ b/c/enc/entropy_encode.h +@@ -76,12 +76,12 @@ BROTLI_INTERNAL void BrotliConvertBitDepthsToSymbols(const uint8_t* depth, + size_t len, + uint16_t* bits); + ++BROTLI_INTERNAL extern const size_t kBrotliShellGaps[6]; + /* Input size optimized Shell sort. */ + typedef BROTLI_BOOL (*HuffmanTreeComparator)( + const HuffmanTree*, const HuffmanTree*); + static BROTLI_INLINE void SortHuffmanTreeItems(HuffmanTree* items, + const size_t n, HuffmanTreeComparator comparator) { +- static const size_t gaps[] = {132, 57, 23, 10, 4, 1}; + if (n < 13) { + /* Insertion sort. */ + size_t i; +@@ -101,7 +101,7 @@ static BROTLI_INLINE void SortHuffmanTreeItems(HuffmanTree* items, + /* Shell sort. */ + int g = n < 57 ? 2 : 0; + for (; g < 6; ++g) { +- size_t gap = gaps[g]; ++ size_t gap = kBrotliShellGaps[g]; + size_t i; + for (i = gap; i < n; ++i) { + size_t j = i; +diff --git a/c/enc/fast_log.c b/c/enc/fast_log.c +new file mode 100644 +index 0000000..2319bae +--- /dev/null ++++ b/c/enc/fast_log.c +@@ -0,0 +1,105 @@ ++/* Copyright 2013 Google Inc. All Rights Reserved. ++ ++ Distributed under MIT license. ++ See file LICENSE for detail or copy at https://opensource.org/licenses/MIT ++*/ ++ ++#include "./fast_log.h" ++ ++#if defined(__cplusplus) || defined(c_plusplus) ++extern "C" { ++#endif ++ ++/* ", ".join(["%.16ff" % x for x in [0.0]+[log2(x) for x in range(1, 256)]]) */ ++const double kBrotliLog2Table[BROTLI_LOG2_TABLE_SIZE] = { ++ 0.0000000000000000f, 0.0000000000000000f, 1.0000000000000000f, ++ 1.5849625007211563f, 2.0000000000000000f, 2.3219280948873622f, ++ 2.5849625007211561f, 2.8073549220576042f, 3.0000000000000000f, ++ 3.1699250014423126f, 3.3219280948873626f, 3.4594316186372978f, ++ 3.5849625007211565f, 3.7004397181410922f, 3.8073549220576037f, ++ 3.9068905956085187f, 4.0000000000000000f, 4.0874628412503400f, ++ 4.1699250014423122f, 4.2479275134435852f, 4.3219280948873626f, ++ 4.3923174227787607f, 4.4594316186372973f, 4.5235619560570131f, ++ 4.5849625007211570f, 4.6438561897747244f, 4.7004397181410926f, ++ 4.7548875021634691f, 4.8073549220576037f, 4.8579809951275728f, ++ 4.9068905956085187f, 4.9541963103868758f, 5.0000000000000000f, ++ 5.0443941193584534f, 5.0874628412503400f, 5.1292830169449664f, ++ 5.1699250014423122f, 5.2094533656289501f, 5.2479275134435852f, ++ 5.2854022188622487f, 5.3219280948873626f, 5.3575520046180838f, ++ 5.3923174227787607f, 5.4262647547020979f, 5.4594316186372973f, ++ 5.4918530963296748f, 5.5235619560570131f, 5.5545888516776376f, ++ 5.5849625007211570f, 5.6147098441152083f, 5.6438561897747244f, ++ 5.6724253419714961f, 5.7004397181410926f, 5.7279204545631996f, ++ 5.7548875021634691f, 5.7813597135246599f, 5.8073549220576046f, ++ 5.8328900141647422f, 5.8579809951275719f, 5.8826430493618416f, ++ 5.9068905956085187f, 5.9307373375628867f, 5.9541963103868758f, ++ 5.9772799234999168f, 6.0000000000000000f, 6.0223678130284544f, ++ 6.0443941193584534f, 6.0660891904577721f, 6.0874628412503400f, ++ 6.1085244567781700f, 6.1292830169449672f, 6.1497471195046822f, ++ 6.1699250014423122f, 6.1898245588800176f, 6.2094533656289510f, ++ 6.2288186904958804f, 6.2479275134435861f, 6.2667865406949019f, ++ 6.2854022188622487f, 6.3037807481771031f, 6.3219280948873617f, ++ 6.3398500028846252f, 6.3575520046180847f, 6.3750394313469254f, ++ 6.3923174227787598f, 6.4093909361377026f, 6.4262647547020979f, ++ 6.4429434958487288f, 6.4594316186372982f, 6.4757334309663976f, ++ 6.4918530963296748f, 6.5077946401986964f, 6.5235619560570131f, ++ 6.5391588111080319f, 6.5545888516776376f, 6.5698556083309478f, ++ 6.5849625007211561f, 6.5999128421871278f, 6.6147098441152092f, ++ 6.6293566200796095f, 6.6438561897747253f, 6.6582114827517955f, ++ 6.6724253419714952f, 6.6865005271832185f, 6.7004397181410917f, ++ 6.7142455176661224f, 6.7279204545631988f, 6.7414669864011465f, ++ 6.7548875021634691f, 6.7681843247769260f, 6.7813597135246599f, ++ 6.7944158663501062f, 6.8073549220576037f, 6.8201789624151887f, ++ 6.8328900141647422f, 6.8454900509443757f, 6.8579809951275719f, ++ 6.8703647195834048f, 6.8826430493618416f, 6.8948177633079437f, ++ 6.9068905956085187f, 6.9188632372745955f, 6.9307373375628867f, ++ 6.9425145053392399f, 6.9541963103868758f, 6.9657842846620879f, ++ 6.9772799234999168f, 6.9886846867721664f, 7.0000000000000000f, ++ 7.0112272554232540f, 7.0223678130284544f, 7.0334230015374501f, ++ 7.0443941193584534f, 7.0552824355011898f, 7.0660891904577721f, ++ 7.0768155970508317f, 7.0874628412503400f, 7.0980320829605272f, ++ 7.1085244567781700f, 7.1189410727235076f, 7.1292830169449664f, ++ 7.1395513523987937f, 7.1497471195046822f, 7.1598713367783891f, ++ 7.1699250014423130f, 7.1799090900149345f, 7.1898245588800176f, ++ 7.1996723448363644f, 7.2094533656289492f, 7.2191685204621621f, ++ 7.2288186904958804f, 7.2384047393250794f, 7.2479275134435861f, ++ 7.2573878426926521f, 7.2667865406949019f, 7.2761244052742384f, ++ 7.2854022188622487f, 7.2946207488916270f, 7.3037807481771031f, ++ 7.3128829552843557f, 7.3219280948873617f, 7.3309168781146177f, ++ 7.3398500028846243f, 7.3487281542310781f, 7.3575520046180847f, ++ 7.3663222142458151f, 7.3750394313469254f, 7.3837042924740528f, ++ 7.3923174227787607f, 7.4008794362821844f, 7.4093909361377026f, ++ 7.4178525148858991f, 7.4262647547020979f, 7.4346282276367255f, ++ 7.4429434958487288f, 7.4512111118323299f, 7.4594316186372973f, ++ 7.4676055500829976f, 7.4757334309663976f, 7.4838157772642564f, ++ 7.4918530963296748f, 7.4998458870832057f, 7.5077946401986964f, ++ 7.5156998382840436f, 7.5235619560570131f, 7.5313814605163119f, ++ 7.5391588111080319f, 7.5468944598876373f, 7.5545888516776376f, ++ 7.5622424242210728f, 7.5698556083309478f, 7.5774288280357487f, ++ 7.5849625007211561f, 7.5924570372680806f, 7.5999128421871278f, ++ 7.6073303137496113f, 7.6147098441152075f, 7.6220518194563764f, ++ 7.6293566200796095f, 7.6366246205436488f, 7.6438561897747244f, ++ 7.6510516911789290f, 7.6582114827517955f, 7.6653359171851765f, ++ 7.6724253419714952f, 7.6794800995054464f, 7.6865005271832185f, ++ 7.6934869574993252f, 7.7004397181410926f, 7.7073591320808825f, ++ 7.7142455176661224f, 7.7210991887071856f, 7.7279204545631996f, ++ 7.7347096202258392f, 7.7414669864011465f, 7.7481928495894596f, ++ 7.7548875021634691f, 7.7615512324444795f, 7.7681843247769260f, ++ 7.7747870596011737f, 7.7813597135246608f, 7.7879025593914317f, ++ 7.7944158663501062f, 7.8008998999203047f, 7.8073549220576037f, ++ 7.8137811912170374f, 7.8201789624151887f, 7.8265484872909159f, ++ 7.8328900141647422f, 7.8392037880969445f, 7.8454900509443757f, ++ 7.8517490414160571f, 7.8579809951275719f, 7.8641861446542798f, ++ 7.8703647195834048f, 7.8765169465650002f, 7.8826430493618425f, ++ 7.8887432488982601f, 7.8948177633079446f, 7.9008668079807496f, ++ 7.9068905956085187f, 7.9128893362299619f, 7.9188632372745955f, ++ 7.9248125036057813f, 7.9307373375628867f, 7.9366379390025719f, ++ 7.9425145053392399f, 7.9483672315846778f, 7.9541963103868758f, ++ 7.9600019320680806f, 7.9657842846620870f, 7.9715435539507720f, ++ 7.9772799234999168f, 7.9829935746943104f, 7.9886846867721664f, ++ 7.9943534368588578f ++}; ++ ++#if defined(__cplusplus) || defined(c_plusplus) ++} /* extern "C" */ ++#endif +diff --git a/c/enc/fast_log.h b/c/enc/fast_log.h +index cade123..34e268e 100644 +--- a/c/enc/fast_log.h ++++ b/c/enc/fast_log.h +@@ -30,105 +30,18 @@ static BROTLI_INLINE uint32_t Log2FloorNonZero(size_t n) { + #endif + } + +-/* A lookup table for small values of log2(int) to be used in entropy +- computation. ++#define BROTLI_LOG2_TABLE_SIZE 256 + +- ", ".join(["%.16ff" % x for x in [0.0]+[log2(x) for x in range(1, 256)]]) */ +-static const float kLog2Table[] = { +- 0.0000000000000000f, 0.0000000000000000f, 1.0000000000000000f, +- 1.5849625007211563f, 2.0000000000000000f, 2.3219280948873622f, +- 2.5849625007211561f, 2.8073549220576042f, 3.0000000000000000f, +- 3.1699250014423126f, 3.3219280948873626f, 3.4594316186372978f, +- 3.5849625007211565f, 3.7004397181410922f, 3.8073549220576037f, +- 3.9068905956085187f, 4.0000000000000000f, 4.0874628412503400f, +- 4.1699250014423122f, 4.2479275134435852f, 4.3219280948873626f, +- 4.3923174227787607f, 4.4594316186372973f, 4.5235619560570131f, +- 4.5849625007211570f, 4.6438561897747244f, 4.7004397181410926f, +- 4.7548875021634691f, 4.8073549220576037f, 4.8579809951275728f, +- 4.9068905956085187f, 4.9541963103868758f, 5.0000000000000000f, +- 5.0443941193584534f, 5.0874628412503400f, 5.1292830169449664f, +- 5.1699250014423122f, 5.2094533656289501f, 5.2479275134435852f, +- 5.2854022188622487f, 5.3219280948873626f, 5.3575520046180838f, +- 5.3923174227787607f, 5.4262647547020979f, 5.4594316186372973f, +- 5.4918530963296748f, 5.5235619560570131f, 5.5545888516776376f, +- 5.5849625007211570f, 5.6147098441152083f, 5.6438561897747244f, +- 5.6724253419714961f, 5.7004397181410926f, 5.7279204545631996f, +- 5.7548875021634691f, 5.7813597135246599f, 5.8073549220576046f, +- 5.8328900141647422f, 5.8579809951275719f, 5.8826430493618416f, +- 5.9068905956085187f, 5.9307373375628867f, 5.9541963103868758f, +- 5.9772799234999168f, 6.0000000000000000f, 6.0223678130284544f, +- 6.0443941193584534f, 6.0660891904577721f, 6.0874628412503400f, +- 6.1085244567781700f, 6.1292830169449672f, 6.1497471195046822f, +- 6.1699250014423122f, 6.1898245588800176f, 6.2094533656289510f, +- 6.2288186904958804f, 6.2479275134435861f, 6.2667865406949019f, +- 6.2854022188622487f, 6.3037807481771031f, 6.3219280948873617f, +- 6.3398500028846252f, 6.3575520046180847f, 6.3750394313469254f, +- 6.3923174227787598f, 6.4093909361377026f, 6.4262647547020979f, +- 6.4429434958487288f, 6.4594316186372982f, 6.4757334309663976f, +- 6.4918530963296748f, 6.5077946401986964f, 6.5235619560570131f, +- 6.5391588111080319f, 6.5545888516776376f, 6.5698556083309478f, +- 6.5849625007211561f, 6.5999128421871278f, 6.6147098441152092f, +- 6.6293566200796095f, 6.6438561897747253f, 6.6582114827517955f, +- 6.6724253419714952f, 6.6865005271832185f, 6.7004397181410917f, +- 6.7142455176661224f, 6.7279204545631988f, 6.7414669864011465f, +- 6.7548875021634691f, 6.7681843247769260f, 6.7813597135246599f, +- 6.7944158663501062f, 6.8073549220576037f, 6.8201789624151887f, +- 6.8328900141647422f, 6.8454900509443757f, 6.8579809951275719f, +- 6.8703647195834048f, 6.8826430493618416f, 6.8948177633079437f, +- 6.9068905956085187f, 6.9188632372745955f, 6.9307373375628867f, +- 6.9425145053392399f, 6.9541963103868758f, 6.9657842846620879f, +- 6.9772799234999168f, 6.9886846867721664f, 7.0000000000000000f, +- 7.0112272554232540f, 7.0223678130284544f, 7.0334230015374501f, +- 7.0443941193584534f, 7.0552824355011898f, 7.0660891904577721f, +- 7.0768155970508317f, 7.0874628412503400f, 7.0980320829605272f, +- 7.1085244567781700f, 7.1189410727235076f, 7.1292830169449664f, +- 7.1395513523987937f, 7.1497471195046822f, 7.1598713367783891f, +- 7.1699250014423130f, 7.1799090900149345f, 7.1898245588800176f, +- 7.1996723448363644f, 7.2094533656289492f, 7.2191685204621621f, +- 7.2288186904958804f, 7.2384047393250794f, 7.2479275134435861f, +- 7.2573878426926521f, 7.2667865406949019f, 7.2761244052742384f, +- 7.2854022188622487f, 7.2946207488916270f, 7.3037807481771031f, +- 7.3128829552843557f, 7.3219280948873617f, 7.3309168781146177f, +- 7.3398500028846243f, 7.3487281542310781f, 7.3575520046180847f, +- 7.3663222142458151f, 7.3750394313469254f, 7.3837042924740528f, +- 7.3923174227787607f, 7.4008794362821844f, 7.4093909361377026f, +- 7.4178525148858991f, 7.4262647547020979f, 7.4346282276367255f, +- 7.4429434958487288f, 7.4512111118323299f, 7.4594316186372973f, +- 7.4676055500829976f, 7.4757334309663976f, 7.4838157772642564f, +- 7.4918530963296748f, 7.4998458870832057f, 7.5077946401986964f, +- 7.5156998382840436f, 7.5235619560570131f, 7.5313814605163119f, +- 7.5391588111080319f, 7.5468944598876373f, 7.5545888516776376f, +- 7.5622424242210728f, 7.5698556083309478f, 7.5774288280357487f, +- 7.5849625007211561f, 7.5924570372680806f, 7.5999128421871278f, +- 7.6073303137496113f, 7.6147098441152075f, 7.6220518194563764f, +- 7.6293566200796095f, 7.6366246205436488f, 7.6438561897747244f, +- 7.6510516911789290f, 7.6582114827517955f, 7.6653359171851765f, +- 7.6724253419714952f, 7.6794800995054464f, 7.6865005271832185f, +- 7.6934869574993252f, 7.7004397181410926f, 7.7073591320808825f, +- 7.7142455176661224f, 7.7210991887071856f, 7.7279204545631996f, +- 7.7347096202258392f, 7.7414669864011465f, 7.7481928495894596f, +- 7.7548875021634691f, 7.7615512324444795f, 7.7681843247769260f, +- 7.7747870596011737f, 7.7813597135246608f, 7.7879025593914317f, +- 7.7944158663501062f, 7.8008998999203047f, 7.8073549220576037f, +- 7.8137811912170374f, 7.8201789624151887f, 7.8265484872909159f, +- 7.8328900141647422f, 7.8392037880969445f, 7.8454900509443757f, +- 7.8517490414160571f, 7.8579809951275719f, 7.8641861446542798f, +- 7.8703647195834048f, 7.8765169465650002f, 7.8826430493618425f, +- 7.8887432488982601f, 7.8948177633079446f, 7.9008668079807496f, +- 7.9068905956085187f, 7.9128893362299619f, 7.9188632372745955f, +- 7.9248125036057813f, 7.9307373375628867f, 7.9366379390025719f, +- 7.9425145053392399f, 7.9483672315846778f, 7.9541963103868758f, +- 7.9600019320680806f, 7.9657842846620870f, 7.9715435539507720f, +- 7.9772799234999168f, 7.9829935746943104f, 7.9886846867721664f, +- 7.9943534368588578f +-}; ++/* A lookup table for small values of log2(int) to be used in entropy ++ computation. */ ++BROTLI_INTERNAL extern const double kBrotliLog2Table[BROTLI_LOG2_TABLE_SIZE]; + + #define LOG_2_INV 1.4426950408889634 + + /* Faster logarithm for small integers, with the property of log2(0) == 0. */ + static BROTLI_INLINE double FastLog2(size_t v) { +- if (v < sizeof(kLog2Table) / sizeof(kLog2Table[0])) { +- return kLog2Table[v]; ++ if (v < BROTLI_LOG2_TABLE_SIZE) { ++ return kBrotliLog2Table[v]; + } + #if (defined(_MSC_VER) && _MSC_VER <= 1700) || \ + (defined(__ANDROID_API__) && __ANDROID_API__ < 18) +diff --git a/research/brotli_decoder.c b/research/brotli_decoder.c +index b1d556d..4b0bc4a 100644 +--- a/research/brotli_decoder.c ++++ b/research/brotli_decoder.c +@@ -38,6 +38,7 @@ void cleanup(Context* ctx) { + + void fail(Context* ctx, const char* message) { + fprintf(stderr, "%s\n", message); ++ cleanup(ctx); + exit(1); + } + +diff --git a/research/draw_histogram.cc b/research/draw_histogram.cc +index b0192a2..6ea4069 100644 +--- a/research/draw_histogram.cc ++++ b/research/draw_histogram.cc +@@ -178,20 +178,23 @@ int main(int argc, char* argv[]) { + FILE* fin = fopen(argv[1], "r"); + FILE* fout = fopen(argv[2], "wb"); + +- uint8_t** pixel = new uint8_t*[height]; +- int** histo = new int*[height]; +- for (int i = 0; i < height; i++) { +- pixel[i] = new uint8_t[width]; +- histo[i] = new int[width]; +- } ++ if (fin != nullptr && fout != nullptr) { ++ uint8_t** pixel = new uint8_t*[height]; ++ int** histo = new int*[height]; ++ for (int i = 0; i < height; i++) { ++ pixel[i] = new uint8_t[width]; ++ histo[i] = new int[width]; ++ } + +- BuildHistogram(fin, histo); +- fclose(fin); ++ BuildHistogram(fin, histo); + +- ConvertToPixels(histo, pixel); ++ ConvertToPixels(histo, pixel); ++ ++ DrawPixels(pixel, fout); ++ } + +- DrawPixels(pixel, fout); +- fclose(fout); ++ if (fin) fclose(fin); ++ if (fout) fclose(fout); + + return 0; + } +diff --git a/scripts/.bintray.json b/scripts/.bintray.json +index ef2ea9d..17f99ed 100644 +--- a/scripts/.bintray.json ++++ b/scripts/.bintray.json +@@ -5,7 +5,7 @@ + "subject": "eustas" + }, + +- "version": {"name": "snapshot"}, ++ "version": {"name": "latest"}, + + "files": [ + { +diff --git a/scripts/sources.lst b/scripts/sources.lst +index 5e8e817..19a6d00 100644 +--- a/scripts/sources.lst ++++ b/scripts/sources.lst +@@ -5,7 +5,10 @@ BROTLI_CLI_C = \ + c/tools/brotli.c + + BROTLI_COMMON_C = \ ++ c/common/constants.c \ ++ c/common/context.c \ + c/common/dictionary.c \ ++ c/common/platform.c \ + c/common/transform.c + + BROTLI_COMMON_H = \ +@@ -35,12 +38,14 @@ BROTLI_ENC_C = \ + c/enc/block_splitter.c \ + c/enc/brotli_bit_stream.c \ + c/enc/cluster.c \ ++ c/enc/command.c \ + c/enc/compress_fragment.c \ + c/enc/compress_fragment_two_pass.c \ + c/enc/dictionary_hash.c \ + c/enc/encode.c \ + c/enc/encoder_dict.c \ + c/enc/entropy_encode.c \ ++ c/enc/fast_log.c \ + c/enc/histogram.c \ + c/enc/literal_cost.c \ + c/enc/memory.c \ +diff --git a/setup.py b/setup.py +index 1491db3..62b1b9c 100644 +--- a/setup.py ++++ b/setup.py +@@ -181,7 +181,10 @@ EXT_MODULES = [ + '_brotli', + sources=[ + 'python/_brotli.cc', ++ 'c/common/constants.c', ++ 'c/common/context.c', + 'c/common/dictionary.c', ++ 'c/common/platform.c', + 'c/common/transform.c', + 'c/dec/bit_reader.c', + 'c/dec/decode.c', +@@ -193,12 +196,14 @@ EXT_MODULES = [ + 'c/enc/block_splitter.c', + 'c/enc/brotli_bit_stream.c', + 'c/enc/cluster.c', ++ 'c/enc/command.c', + 'c/enc/compress_fragment.c', + 'c/enc/compress_fragment_two_pass.c', + 'c/enc/dictionary_hash.c', + 'c/enc/encode.c', + 'c/enc/encoder_dict.c', + 'c/enc/entropy_encode.c', ++ 'c/enc/fast_log.c', + 'c/enc/histogram.c', + 'c/enc/literal_cost.c', + 'c/enc/memory.c', +-- +2.25.1 + diff --git a/SPECS/brotli/brotli.spec b/SPECS/brotli/brotli.spec index c0bfc04209b..da7e8f1c6d6 100644 --- a/SPECS/brotli/brotli.spec +++ b/SPECS/brotli/brotli.spec @@ -1,20 +1,17 @@ %define python3_sitearch %(python3 -c "from distutils.sysconfig import get_python_lib; import sys; sys.stdout.write(get_python_lib(1))") %define python3_version 3.7 %define python3_version_nodots 37 - +Summary: Lossless compression algorithm Name: brotli Version: 1.0.7 -Release: 8%{?dist} -Summary: Lossless compression algorithm -Group: Applications/File - +Release: 9%{?dist} License: MIT -URL: https://github.com/google/brotli -Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz -%define sha1 %{name}-%{version}=ee64a380152aa20fbc1098fe3799104884c570c1 - Vendor: Microsoft Corporation Distribution: Mariner +Group: Applications/File +URL: https://github.com/google/brotli +Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz +Patch0: CVE-2020-8927.patch BuildRequires: cmake BuildRequires: python3-devel BuildRequires: python3-setuptools @@ -30,8 +27,8 @@ to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression. %package -n python3-%{name} -Summary: Lossless compression algorithm (python 3) %{?python_provide:%python_provide python3-%{name}} +Summary: Lossless compression algorithm (python 3) %description -n python3-%{name} Brotli is a generic-purpose lossless compression algorithm that compresses @@ -41,10 +38,9 @@ to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression. This package installs a Python 3 module. - %package devel Summary: Lossless compression algorithm (development files) -Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}%{?_isa} = %{version}-%{release} %description devel Brotli is a generic-purpose lossless compression algorithm that compresses @@ -55,7 +51,8 @@ It is similar in speed with deflate but offers more dense compression. This package installs the development files %prep -%setup +%autosetup -p1 + # fix permissions for -debuginfo # rpmlint will complain if I create an extra %%files section for # -debuginfo for this so we'll put it here instead @@ -96,7 +93,6 @@ done %post -p /sbin/ldconfig %postun -p /sbin/ldconfig - %check cd build ctest -V @@ -131,8 +127,12 @@ python3 setup.py test %{_mandir}/man3/encode.h.3brotli* %{_mandir}/man3/types.h.3brotli* - %changelog +* Fri Oct 30 2020 Thomas Crain - 1.0.7-9 +- Patch CVE-2020-8927 +- Remove sha1 hash +- Lint to Mariner style + * Tue Oct 20 2020 Andrew Phelps 1.0.7-8 - Fix check test From f8b35f6083135a6ec0c517d6651c46d080aa27e6 Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Thu, 5 Nov 2020 10:58:59 -0800 Subject: [PATCH 095/145] Patch CVE-2018-19665 in qemu (#324) --- SPECS/qemu-kvm/CVE-2015-7504.nopatch | 1 - SPECS/qemu-kvm/CVE-2016-7161.nopatch | 1 - SPECS/qemu-kvm/CVE-2017-14167.nopatch | 1 - SPECS/qemu-kvm/CVE-2017-5931.nopatch | 1 - SPECS/qemu-kvm/CVE-2018-19665.patch | 844 ++++++++++++++++++++++++++ SPECS/qemu-kvm/qemu-kvm.spec | 40 +- 6 files changed, 863 insertions(+), 25 deletions(-) delete mode 100644 SPECS/qemu-kvm/CVE-2015-7504.nopatch delete mode 100644 SPECS/qemu-kvm/CVE-2016-7161.nopatch delete mode 100644 SPECS/qemu-kvm/CVE-2017-14167.nopatch delete mode 100644 SPECS/qemu-kvm/CVE-2017-5931.nopatch create mode 100644 SPECS/qemu-kvm/CVE-2018-19665.patch diff --git a/SPECS/qemu-kvm/CVE-2015-7504.nopatch b/SPECS/qemu-kvm/CVE-2015-7504.nopatch deleted file mode 100644 index a4242bf6b56..00000000000 --- a/SPECS/qemu-kvm/CVE-2015-7504.nopatch +++ /dev/null @@ -1 +0,0 @@ -# CVE-2015-7504 was fixed in 2.5.0, but the CVE database was not updated. (837f21aacf5a714c23ddaadbbc5212f9b661e3f7) \ No newline at end of file diff --git a/SPECS/qemu-kvm/CVE-2016-7161.nopatch b/SPECS/qemu-kvm/CVE-2016-7161.nopatch deleted file mode 100644 index b9e0ecbbc28..00000000000 --- a/SPECS/qemu-kvm/CVE-2016-7161.nopatch +++ /dev/null @@ -1 +0,0 @@ -# CVE-2016-7161 was fixed in 2.7.0, but the CVE database was not updated. (a0d1cbdacff5df4ded16b753b38fdd9da6092968) \ No newline at end of file diff --git a/SPECS/qemu-kvm/CVE-2017-14167.nopatch b/SPECS/qemu-kvm/CVE-2017-14167.nopatch deleted file mode 100644 index 68d9f5ae58f..00000000000 --- a/SPECS/qemu-kvm/CVE-2017-14167.nopatch +++ /dev/null @@ -1 +0,0 @@ -# CVE-2017-14167 was fixed in 2.11.0, but the CVE database was not updated. (ed4f86e8b6eff8e600c69adee68c7cd34dd2cccb) \ No newline at end of file diff --git a/SPECS/qemu-kvm/CVE-2017-5931.nopatch b/SPECS/qemu-kvm/CVE-2017-5931.nopatch deleted file mode 100644 index f705f04ae37..00000000000 --- a/SPECS/qemu-kvm/CVE-2017-5931.nopatch +++ /dev/null @@ -1 +0,0 @@ -# CVE-2017-5931 was fixed in 2.9.0, but the CVE database was not updated. (a08aaff811fb194950f79711d2afe5a892ae03a4) \ No newline at end of file diff --git a/SPECS/qemu-kvm/CVE-2018-19665.patch b/SPECS/qemu-kvm/CVE-2018-19665.patch new file mode 100644 index 00000000000..23e1b8928c7 --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2018-19665.patch @@ -0,0 +1,844 @@ +From: Prasad J Pandit + +The length parameter values are not negative, thus use an unsigned +type 'size_t' for them. Many routines pass 'len' values to memcpy(3) +calls. If it was negative, it could lead to memory corruption issues. +Add check to avoid it. + +Reported-by: Arash TC +Signed-off-by: Prasad J Pandit +--- + bt-host.c | 8 +++--- + bt-vhci.c | 7 +++--- + hw/bt/core.c | 2 +- + hw/bt/hci-csr.c | 32 ++++++++++++------------ + hw/bt/hci.c | 38 ++++++++++++++-------------- + hw/bt/hid.c | 10 ++++---- + hw/bt/l2cap.c | 56 ++++++++++++++++++++++-------------------- + hw/bt/sdp.c | 6 ++--- + hw/usb/dev-bluetooth.c | 12 ++++----- + include/hw/bt.h | 8 +++--- + include/sysemu/bt.h | 10 ++++---- + 11 files changed, 96 insertions(+), 93 deletions(-) + +Update v2: modify assert calls + -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg01036.html + +diff --git a/bt-host.c b/bt-host.c +index 2f8f631c25..b73a44d07d 100644 +--- a/bt-host.c ++++ b/bt-host.c +@@ -43,7 +43,7 @@ struct bt_host_hci_s { + }; + + static void bt_host_send(struct HCIInfo *hci, +- int type, const uint8_t *data, int len) ++ int type, const uint8_t *data, size_t len) + { + struct bt_host_hci_s *s = (struct bt_host_hci_s *) hci; + uint8_t pkt = type; +@@ -63,17 +63,17 @@ static void bt_host_send(struct HCIInfo *hci, + } + } + +-static void bt_host_cmd(struct HCIInfo *hci, const uint8_t *data, int len) ++static void bt_host_cmd(struct HCIInfo *hci, const uint8_t *data, size_t len) + { + bt_host_send(hci, HCI_COMMAND_PKT, data, len); + } + +-static void bt_host_acl(struct HCIInfo *hci, const uint8_t *data, int len) ++static void bt_host_acl(struct HCIInfo *hci, const uint8_t *data, size_t len) + { + bt_host_send(hci, HCI_ACLDATA_PKT, data, len); + } + +-static void bt_host_sco(struct HCIInfo *hci, const uint8_t *data, int len) ++static void bt_host_sco(struct HCIInfo *hci, const uint8_t *data, size_t len) + { + bt_host_send(hci, HCI_SCODATA_PKT, data, len); + } +diff --git a/bt-vhci.c b/bt-vhci.c +index 9d277c32bf..765773188d 100644 +--- a/bt-vhci.c ++++ b/bt-vhci.c +@@ -90,7 +90,7 @@ static void vhci_read(void *opaque) + } + + static void vhci_host_send(void *opaque, +- int type, const uint8_t *data, int len) ++ int type, const uint8_t *data, size_t len) + { + struct bt_vhci_s *s = (struct bt_vhci_s *) opaque; + #if 0 +@@ -113,6 +113,7 @@ static void vhci_host_send(void *opaque, + static uint8_t buf[4096]; + + buf[0] = type; ++ assert(len < sizeof(buf)); + memcpy(buf + 1, data, len); + + while (write(s->fd, buf, len + 1) < 0) +@@ -125,13 +126,13 @@ static void vhci_host_send(void *opaque, + } + + static void vhci_out_hci_packet_event(void *opaque, +- const uint8_t *data, int len) ++ const uint8_t *data, size_t len) + { + vhci_host_send(opaque, HCI_EVENT_PKT, data, len); + } + + static void vhci_out_hci_packet_acl(void *opaque, +- const uint8_t *data, int len) ++ const uint8_t *data, size_t len) + { + vhci_host_send(opaque, HCI_ACLDATA_PKT, data, len); + } +diff --git a/hw/bt/core.c b/hw/bt/core.c +index 78370e64f5..62720d1663 100644 +--- a/hw/bt/core.c ++++ b/hw/bt/core.c +@@ -45,7 +45,7 @@ static void bt_dummy_lmp_disconnect_master(struct bt_link_s +*link) + } + + static void bt_dummy_lmp_acl_resp(struct bt_link_s *link, +- const uint8_t *data, int start, int len) ++ const uint8_t *data, int start, size_t len) + { + error_report("%s: stray ACL response PDU, fixme", __func__); + exit(-1); +diff --git a/hw/bt/hci-csr.c b/hw/bt/hci-csr.c +index 0341ded50c..26bd516d31 100644 +--- a/hw/bt/hci-csr.c ++++ b/hw/bt/hci-csr.c +@@ -103,7 +103,7 @@ static inline void csrhci_fifo_wake(struct csrhci_s *s) + } + + #define csrhci_out_packetz(s, len) memset(csrhci_out_packet(s, len), 0, len) +-static uint8_t *csrhci_out_packet(struct csrhci_s *s, int len) ++static uint8_t *csrhci_out_packet(struct csrhci_s *s, size_t len) + { + int off = s->out_start + s->out_len; + +@@ -112,14 +112,14 @@ static uint8_t *csrhci_out_packet(struct csrhci_s *s, int +len) + + if (off < FIFO_LEN) { + if (off + len > FIFO_LEN && (s->out_size = off + len) > FIFO_LEN * 2) { +- error_report("%s: can't alloc %i bytes", __func__, len); ++ error_report("%s: can't alloc %zu bytes", __func__, len); + exit(-1); + } + return s->outfifo + off; + } + + if (s->out_len > s->out_size) { +- error_report("%s: can't alloc %i bytes", __func__, len); ++ error_report("%s: can't alloc %zu bytes", __func__, len); + exit(-1); + } + +@@ -127,7 +127,7 @@ static uint8_t *csrhci_out_packet(struct csrhci_s *s, int +len) + } + + static inline uint8_t *csrhci_out_packet_csr(struct csrhci_s *s, +- int type, int len) ++ int type, size_t len) + { + uint8_t *ret = csrhci_out_packetz(s, len + 2); + +@@ -138,7 +138,7 @@ static inline uint8_t *csrhci_out_packet_csr(struct +csrhci_s *s, + } + + static inline uint8_t *csrhci_out_packet_event(struct csrhci_s *s, +- int evt, int len) ++ int evt, size_t len) + { + uint8_t *ret = csrhci_out_packetz(s, + len + 1 + sizeof(struct hci_event_hdr)); +@@ -151,7 +151,7 @@ static inline uint8_t *csrhci_out_packet_event(struct +csrhci_s *s, + } + + static void csrhci_in_packet_vendor(struct csrhci_s *s, int ocf, +- uint8_t *data, int len) ++ uint8_t *data, size_t len) + { + int offset; + uint8_t *rpkt; +@@ -320,18 +320,18 @@ static int csrhci_write(struct Chardev *chr, + struct csrhci_s *s = (struct csrhci_s *)chr; + int total = 0; + +- if (!s->enable) ++ if (!s->enable || len <= 0) + return 0; + + for (;;) { + int cnt = MIN(len, s->in_needed - s->in_len); +- if (cnt) { +- memcpy(s->inpkt + s->in_len, buf, cnt); +- s->in_len += cnt; +- buf += cnt; +- len -= cnt; +- total += cnt; +- } ++ assert(cnt > 0); ++ ++ memcpy(s->inpkt + s->in_len, buf, cnt); ++ s->in_len += cnt; ++ buf += cnt; ++ len -= cnt; ++ total += cnt; + + if (s->in_len < s->in_needed) { + break; +@@ -363,7 +363,7 @@ static int csrhci_write(struct Chardev *chr, + } + + static void csrhci_out_hci_packet_event(void *opaque, +- const uint8_t *data, int len) ++ const uint8_t *data, size_t len) + { + struct csrhci_s *s = (struct csrhci_s *) opaque; + uint8_t *pkt = csrhci_out_packet(s, (len + 2) & ~1); /* Align */ +@@ -375,7 +375,7 @@ static void csrhci_out_hci_packet_event(void *opaque, + } + + static void csrhci_out_hci_packet_acl(void *opaque, +- const uint8_t *data, int len) ++ const uint8_t *data, size_t len) + { + struct csrhci_s *s = (struct csrhci_s *) opaque; + uint8_t *pkt = csrhci_out_packet(s, (len + 2) & ~1); /* Align */ +diff --git a/hw/bt/hci.c b/hw/bt/hci.c +index c6b2cc1d48..c59ccc55b9 100644 +--- a/hw/bt/hci.c ++++ b/hw/bt/hci.c +@@ -32,7 +32,7 @@ + + struct bt_hci_s { + uint8_t *(*evt_packet)(void *opaque); +- void (*evt_submit)(void *opaque, int len); ++ void (*evt_submit)(void *opaque, size_t len); + void *opaque; + uint8_t evt_buf[256]; + +@@ -62,7 +62,7 @@ struct bt_hci_s { + struct bt_hci_master_link_s { + struct bt_link_s *link; + void (*lmp_acl_data)(struct bt_link_s *link, +- const uint8_t *data, int start, int len); ++ const uint8_t *data, int start, size_t len); + QEMUTimer *acl_mode_timer; + } handle[HCI_HANDLES_MAX]; + uint32_t role_bmp; +@@ -434,7 +434,7 @@ static const uint8_t bt_event_reserved_mask[8] = { + }; + + +-static void null_hci_send(struct HCIInfo *hci, const uint8_t *data, int len) ++static void null_hci_send(struct HCIInfo *hci, const uint8_t *data, size_t len) + { + } + +@@ -452,13 +452,13 @@ struct HCIInfo null_hci = { + + + static inline uint8_t *bt_hci_event_start(struct bt_hci_s *hci, +- int evt, int len) ++ int evt, size_t len) + { + uint8_t *packet, mask; + int mask_byte; + + if (len > 255) { +- error_report("%s: HCI event params too long (%ib)", __func__, len); ++ error_report("%s: HCI event params too long (%zub)", __func__, len); + exit(-1); + } + +@@ -475,7 +475,7 @@ static inline uint8_t *bt_hci_event_start(struct bt_hci_s +*hci, + } + + static inline void bt_hci_event(struct bt_hci_s *hci, int evt, +- void *params, int len) ++ void *params, size_t len) + { + uint8_t *packet = bt_hci_event_start(hci, evt, len); + +@@ -500,7 +500,7 @@ static inline void bt_hci_event_status(struct bt_hci_s +*hci, int status) + } + + static inline void bt_hci_event_complete(struct bt_hci_s *hci, +- void *ret, int len) ++ void *ret, size_t len) + { + uint8_t *packet = bt_hci_event_start(hci, EVT_CMD_COMPLETE, + len + EVT_CMD_COMPLETE_SIZE); +@@ -1477,7 +1477,7 @@ static inline void bt_hci_event_num_comp_pkts(struct +bt_hci_s *hci, + } + + static void bt_submit_hci(struct HCIInfo *info, +- const uint8_t *data, int length) ++ const uint8_t *data, size_t length) + { + struct bt_hci_s *hci = hci_from_info(info); + uint16_t cmd; +@@ -1971,7 +1971,7 @@ static void bt_submit_hci(struct HCIInfo *info, + break; + + short_hci: +- error_report("%s: HCI packet too short (%iB)", __func__, length); ++ error_report("%s: HCI packet too short (%zuB)", __func__, length); + bt_hci_event_status(hci, HCI_INVALID_PARAMETERS); + break; + } +@@ -1982,7 +1982,7 @@ static void bt_submit_hci(struct HCIInfo *info, + * know that a packet contained the last fragment of the SDU when the next + * SDU starts. */ + static inline void bt_hci_lmp_acl_data(struct bt_hci_s *hci, uint16_t handle, +- const uint8_t *data, int start, int len) ++ const uint8_t *data, int start, size_t len) + { + struct hci_acl_hdr *pkt = (void *) hci->acl_buf; + +@@ -1990,7 +1990,7 @@ static inline void bt_hci_lmp_acl_data(struct bt_hci_s +*hci, uint16_t handle, + /* TODO: avoid memcpy'ing */ + + if (len + HCI_ACL_HDR_SIZE > sizeof(hci->acl_buf)) { +- error_report("%s: can't take ACL packets %i bytes long", ++ error_report("%s: can't take ACL packets %zu bytes long", + __func__, len); + return; + } +@@ -2004,7 +2004,7 @@ static inline void bt_hci_lmp_acl_data(struct bt_hci_s +*hci, uint16_t handle, + } + + static void bt_hci_lmp_acl_data_slave(struct bt_link_s *btlink, +- const uint8_t *data, int start, int len) ++ const uint8_t *data, int start, size_t len) + { + struct bt_hci_link_s *link = (struct bt_hci_link_s *) btlink; + +@@ -2013,14 +2013,14 @@ static void bt_hci_lmp_acl_data_slave(struct bt_link_s +*btlink, + } + + static void bt_hci_lmp_acl_data_host(struct bt_link_s *link, +- const uint8_t *data, int start, int len) ++ const uint8_t *data, int start, size_t len) + { + bt_hci_lmp_acl_data(hci_from_device(link->host), + link->handle, data, start, len); + } + + static void bt_submit_acl(struct HCIInfo *info, +- const uint8_t *data, int length) ++ const uint8_t *data, size_t length) + { + struct bt_hci_s *hci = hci_from_info(info); + uint16_t handle; +@@ -2028,7 +2028,7 @@ static void bt_submit_acl(struct HCIInfo *info, + struct bt_link_s *link; + + if (length < HCI_ACL_HDR_SIZE) { +- error_report("%s: ACL packet too short (%iB)", __func__, length); ++ error_report("%s: ACL packet too short (%zuB)", __func__, length); + return; + } + +@@ -2046,7 +2046,7 @@ static void bt_submit_acl(struct HCIInfo *info, + handle &= ~HCI_HANDLE_OFFSET; + + if (datalen > length) { +- error_report("%s: ACL packet too short (%iB < %iB)", ++ error_report("%s: ACL packet too short (%zuB < %iB)", + __func__, length, datalen); + return; + } +@@ -2088,7 +2088,7 @@ static void bt_submit_acl(struct HCIInfo *info, + } + + static void bt_submit_sco(struct HCIInfo *info, +- const uint8_t *data, int length) ++ const uint8_t *data, size_t length) + { + struct bt_hci_s *hci = hci_from_info(info); + uint16_t handle; +@@ -2107,7 +2107,7 @@ static void bt_submit_sco(struct HCIInfo *info, + } + + if (datalen > length) { +- error_report("%s: SCO packet too short (%iB < %iB)", ++ error_report("%s: SCO packet too short (%zuB < %iB)", + __func__, length, datalen); + return; + } +@@ -2128,7 +2128,7 @@ static uint8_t *bt_hci_evt_packet(void *opaque) + return s->evt_buf; + } + +-static void bt_hci_evt_submit(void *opaque, int len) ++static void bt_hci_evt_submit(void *opaque, size_t len) + { + /* TODO: notify upper layer */ + struct bt_hci_s *s = opaque; +diff --git a/hw/bt/hid.c b/hw/bt/hid.c +index 056291f9b5..c5ecc8bdcd 100644 +--- a/hw/bt/hid.c ++++ b/hw/bt/hid.c +@@ -96,7 +96,7 @@ struct bt_hid_device_s { + int data_type; + int intr_state; + struct { +- int len; ++ size_t len; + uint8_t buffer[1024]; + } dataother, datain, dataout, feature, intrdataout; + enum { +@@ -169,7 +169,7 @@ static void bt_hid_disconnect(struct bt_hid_device_s *s) + } + + static void bt_hid_send_data(struct bt_l2cap_conn_params_s *ch, int type, +- const uint8_t *data, int len) ++ const uint8_t *data, size_t len) + { + uint8_t *pkt, hdr = (BT_DATA << 4) | type; + int plen; +@@ -190,7 +190,7 @@ static void bt_hid_send_data(struct bt_l2cap_conn_params_s +*ch, int type, + } + + static void bt_hid_control_transaction(struct bt_hid_device_s *s, +- const uint8_t *data, int len) ++ const uint8_t *data, size_t len) + { + uint8_t type, parameter; + int rlen, ret = -1; +@@ -362,7 +362,7 @@ static void bt_hid_control_transaction(struct +bt_hid_device_s *s, + bt_hid_send_handshake(s, ret); + } + +-static void bt_hid_control_sdu(void *opaque, const uint8_t *data, int len) ++static void bt_hid_control_sdu(void *opaque, const uint8_t *data, size_t len) + { + struct bt_hid_device_s *hid = opaque; + +@@ -388,7 +388,7 @@ static void bt_hid_datain(HIDState *hs) + hid->datain.buffer, hid->datain.len); + } + +-static void bt_hid_interrupt_sdu(void *opaque, const uint8_t *data, int len) ++static void bt_hid_interrupt_sdu(void *opaque, const uint8_t *data, size_t len) + { + struct bt_hid_device_s *hid = opaque; + +diff --git a/hw/bt/l2cap.c b/hw/bt/l2cap.c +index 9cf27f0df6..efd9a4b66a 100644 +--- a/hw/bt/l2cap.c ++++ b/hw/bt/l2cap.c +@@ -32,10 +32,10 @@ struct l2cap_instance_s { + int role; + + uint8_t frame_in[65535 + L2CAP_HDR_SIZE] __attribute__ ((aligned (4))); +- int frame_in_len; ++ uint32_t frame_in_len; + + uint8_t frame_out[65535 + L2CAP_HDR_SIZE] __attribute__ ((aligned (4))); +- int frame_out_len; ++ uint32_t frame_out_len; + + /* Signalling channel timers. They exist per-request but we can make + * sure we have no more than one outstanding request at any time. */ +@@ -49,7 +49,7 @@ struct l2cap_instance_s { + struct bt_l2cap_conn_params_s params; + + void (*frame_in)(struct l2cap_chan_s *chan, uint16_t cid, +- const l2cap_hdr *hdr, int len); ++ const l2cap_hdr *hdr, size_t len); + int mps; + int min_mtu; + +@@ -68,7 +68,7 @@ struct l2cap_instance_s { + + /* Only flow-controlled, connection-oriented channels */ + uint8_t sdu[65536]; /* TODO: dynamically allocate */ +- int len_cur, len_total; ++ uint32_t len_cur, len_total; + int rexmit; + int monitor_timeout; + QEMUTimer *monitor_timer; +@@ -140,7 +140,7 @@ static const uint16_t l2cap_fcs16_table[256] = { + 0x8201, 0x42c0, 0x4380, 0x8341, 0x4100, 0x81c1, 0x8081, 0x4040, + }; + +-static uint16_t l2cap_fcs16(const uint8_t *message, int len) ++static uint16_t l2cap_fcs16(const uint8_t *message, size_t len) + { + uint16_t fcs = 0x0000; + +@@ -186,7 +186,7 @@ static void l2cap_monitor_timer_update(struct l2cap_chan_s +*ch) + } + + static void l2cap_command_reject(struct l2cap_instance_s *l2cap, int id, +- uint16_t reason, const void *data, int plen) ++ uint16_t reason, const void *data, size_t plen) + { + uint8_t *pkt; + l2cap_cmd_hdr *hdr; +@@ -247,7 +247,7 @@ static void l2cap_connection_response(struct +l2cap_instance_s *l2cap, + } + + static void l2cap_configuration_request(struct l2cap_instance_s *l2cap, +- int dcid, int flag, const uint8_t *data, int len) ++ int dcid, int flag, const uint8_t *data, size_t len) + { + uint8_t *pkt; + l2cap_cmd_hdr *hdr; +@@ -275,7 +275,7 @@ static void l2cap_configuration_request(struct +l2cap_instance_s *l2cap, + } + + static void l2cap_configuration_response(struct l2cap_instance_s *l2cap, +- int scid, int flag, int result, const uint8_t *data, int len) ++ int scid, int flag, int result, const uint8_t *data, size_t +len) + { + uint8_t *pkt; + l2cap_cmd_hdr *hdr; +@@ -322,7 +322,7 @@ static void l2cap_disconnection_response(struct +l2cap_instance_s *l2cap, + } + + static void l2cap_echo_response(struct l2cap_instance_s *l2cap, +- const uint8_t *data, int len) ++ const uint8_t *data, size_t len) + { + uint8_t *pkt; + l2cap_cmd_hdr *hdr; +@@ -343,7 +343,7 @@ static void l2cap_echo_response(struct l2cap_instance_s +*l2cap, + } + + static void l2cap_info_response(struct l2cap_instance_s *l2cap, int type, +- int result, const uint8_t *data, int len) ++ int result, const uint8_t *data, size_t len) + { + uint8_t *pkt; + l2cap_cmd_hdr *hdr; +@@ -366,16 +366,18 @@ static void l2cap_info_response(struct l2cap_instance_s +*l2cap, int type, + l2cap->signalling_ch.params.sdu_submit(&l2cap->signalling_ch.params); + } + +-static uint8_t *l2cap_bframe_out(struct bt_l2cap_conn_params_s *parm, int len); ++static uint8_t *l2cap_bframe_out(struct bt_l2cap_conn_params_s *parm, ++ size_t len); + static void l2cap_bframe_submit(struct bt_l2cap_conn_params_s *parms); + #if 0 +-static uint8_t *l2cap_iframe_out(struct bt_l2cap_conn_params_s *parm, int len); ++static uint8_t *l2cap_iframe_out(struct bt_l2cap_conn_params_s *parm, ++ size_t len); + static void l2cap_iframe_submit(struct bt_l2cap_conn_params_s *parm); + #endif + static void l2cap_bframe_in(struct l2cap_chan_s *ch, uint16_t cid, +- const l2cap_hdr *hdr, int len); ++ const l2cap_hdr *hdr, size_t len); + static void l2cap_iframe_in(struct l2cap_chan_s *ch, uint16_t cid, +- const l2cap_hdr *hdr, int len); ++ const l2cap_hdr *hdr, size_t len); + + static int l2cap_cid_new(struct l2cap_instance_s *l2cap) + { +@@ -499,7 +501,7 @@ static void l2cap_channel_config_req_event(struct +l2cap_instance_s *l2cap, + + static int l2cap_channel_config(struct l2cap_instance_s *l2cap, + struct l2cap_chan_s *ch, int flag, +- const uint8_t *data, int len) ++ const uint8_t *data, size_t len) + { + l2cap_conf_opt *opt; + l2cap_conf_opt_qos *qos; +@@ -684,7 +686,7 @@ static int l2cap_channel_config(struct l2cap_instance_s +*l2cap, + } + + static void l2cap_channel_config_req_msg(struct l2cap_instance_s *l2cap, +- int flag, int cid, const uint8_t *data, int len) ++ int flag, int cid, const uint8_t *data, size_t len) + { + struct l2cap_chan_s *ch; + +@@ -716,7 +718,7 @@ static void l2cap_channel_config_req_msg(struct +l2cap_instance_s *l2cap, + } + + static int l2cap_channel_config_rsp_msg(struct l2cap_instance_s *l2cap, +- int result, int flag, int cid, const uint8_t *data, int len) ++ int result, int flag, int cid, const uint8_t *data, size_t len) + { + struct l2cap_chan_s *ch; + +@@ -784,7 +786,7 @@ static void l2cap_info(struct l2cap_instance_s *l2cap, int +type) + } + + static void l2cap_command(struct l2cap_instance_s *l2cap, int code, int id, +- const uint8_t *params, int len) ++ const uint8_t *params, size_t len) + { + int err; + +@@ -939,7 +941,7 @@ static void l2cap_rexmit_enable(struct l2cap_chan_s *ch, +int enable) + } + + /* Command frame SDU */ +-static void l2cap_cframe_in(void *opaque, const uint8_t *data, int len) ++static void l2cap_cframe_in(void *opaque, const uint8_t *data, size_t len) + { + struct l2cap_instance_s *l2cap = opaque; + const l2cap_cmd_hdr *hdr; +@@ -967,7 +969,7 @@ static void l2cap_cframe_in(void *opaque, const uint8_t +*data, int len) + } + + /* Group frame SDU */ +-static void l2cap_gframe_in(void *opaque, const uint8_t *data, int len) ++static void l2cap_gframe_in(void *opaque, const uint8_t *data, size_t len) + { + } + +@@ -978,7 +980,7 @@ static void l2cap_sframe_in(struct l2cap_chan_s *ch, +uint16_t ctrl) + + /* Basic L2CAP mode Information frame */ + static void l2cap_bframe_in(struct l2cap_chan_s *ch, uint16_t cid, +- const l2cap_hdr *hdr, int len) ++ const l2cap_hdr *hdr, size_t len) + { + /* We have a full SDU, no further processing */ + ch->params.sdu_in(ch->params.opaque, hdr->data, len); +@@ -986,7 +988,7 @@ static void l2cap_bframe_in(struct l2cap_chan_s *ch, +uint16_t cid, + + /* Flow Control and Retransmission mode frame */ + static void l2cap_iframe_in(struct l2cap_chan_s *ch, uint16_t cid, +- const l2cap_hdr *hdr, int len) ++ const l2cap_hdr *hdr, size_t len) + { + uint16_t fcs = lduw_le_p(hdr->data + len - 2); + +@@ -1077,7 +1079,7 @@ static void l2cap_frame_in(struct l2cap_instance_s *l2cap, + + /* "Recombination" */ + static void l2cap_pdu_in(struct l2cap_instance_s *l2cap, +- const uint8_t *data, int len) ++ const uint8_t *data, size_t len) + { + const l2cap_hdr *hdr = (void *) l2cap->frame_in; + +@@ -1124,7 +1126,7 @@ static inline void l2cap_pdu_submit(struct +l2cap_instance_s *l2cap) + (l2cap->link, l2cap->frame_out, 1, l2cap->frame_out_len); + } + +-static uint8_t *l2cap_bframe_out(struct bt_l2cap_conn_params_s *parm, int len) ++static uint8_t *l2cap_bframe_out(struct bt_l2cap_conn_params_s *parm, size_t +len) + { + struct l2cap_chan_s *chan = (struct l2cap_chan_s *) parm; + +@@ -1147,7 +1149,7 @@ static void l2cap_bframe_submit(struct +bt_l2cap_conn_params_s *parms) + + #if 0 + /* Stub: Only used if an emulated device requests outgoing flow control */ +-static uint8_t *l2cap_iframe_out(struct bt_l2cap_conn_params_s *parm, int len) ++static uint8_t *l2cap_iframe_out(struct bt_l2cap_conn_params_s *parm, size_t +len) + { + struct l2cap_chan_s *chan = (struct l2cap_chan_s *) parm; + +@@ -1292,7 +1294,7 @@ static void l2cap_lmp_disconnect_slave(struct bt_link_s +*link) + } + + static void l2cap_lmp_acl_data_slave(struct bt_link_s *link, +- const uint8_t *data, int start, int len) ++ const uint8_t *data, int start, size_t len) + { + struct slave_l2cap_instance_s *l2cap = + (struct slave_l2cap_instance_s *) link; +@@ -1305,7 +1307,7 @@ static void l2cap_lmp_acl_data_slave(struct bt_link_s +*link, + + /* Stub */ + static void l2cap_lmp_acl_data_host(struct bt_link_s *link, +- const uint8_t *data, int start, int len) ++ const uint8_t *data, int start, size_t len) + { + struct bt_l2cap_device_s *dev = (struct bt_l2cap_device_s *) link->host; + struct l2cap_instance_s *l2cap = +diff --git a/hw/bt/sdp.c b/hw/bt/sdp.c +index f4aba9d74f..163d315874 100644 +--- a/hw/bt/sdp.c ++++ b/hw/bt/sdp.c +@@ -497,7 +497,7 @@ static ssize_t sdp_svc_search_attr_get(struct +bt_l2cap_sdp_state_s *sdp, + return end + 2; + } + +-static void bt_l2cap_sdp_sdu_in(void *opaque, const uint8_t *data, int len) ++static void bt_l2cap_sdp_sdu_in(void *opaque, const uint8_t *data, size_t len) + { + struct bt_l2cap_sdp_state_s *sdp = opaque; + enum bt_sdp_cmd pdu_id; +@@ -507,7 +507,7 @@ static void bt_l2cap_sdp_sdu_in(void *opaque, const uint8_t +*data, int len) + int rsp_len = 0; + + if (len < 5) { +- error_report("%s: short SDP PDU (%iB).", __func__, len); ++ error_report("%s: short SDP PDU (%zuB).", __func__, len); + return; + } + +@@ -518,7 +518,7 @@ static void bt_l2cap_sdp_sdu_in(void *opaque, const uint8_t +*data, int len) + len -= 5; + + if (len != plen) { +- error_report("%s: wrong SDP PDU length (%iB != %iB).", ++ error_report("%s: wrong SDP PDU length (%iB != %zuB).", + __func__, plen, len); + err = SDP_INVALID_PDU_SIZE; + goto respond; +diff --git a/hw/usb/dev-bluetooth.c b/hw/usb/dev-bluetooth.c +index eac7365b0a..cf46ba06c6 100644 +--- a/hw/usb/dev-bluetooth.c ++++ b/hw/usb/dev-bluetooth.c +@@ -265,7 +265,7 @@ static void usb_bt_fifo_reset(struct usb_hci_in_fifo_s +*fifo) + } + + static void usb_bt_fifo_enqueue(struct usb_hci_in_fifo_s *fifo, +- const uint8_t *data, int len) ++ const uint8_t *data, size_t len) + { + int off = fifo->dstart + fifo->dlen; + uint8_t *buf; +@@ -274,13 +274,13 @@ static void usb_bt_fifo_enqueue(struct usb_hci_in_fifo_s +*fifo, + if (off <= DFIFO_LEN_MASK) { + if (off + len > DFIFO_LEN_MASK + 1 && + (fifo->dsize = off + len) > (DFIFO_LEN_MASK + 1) * 2) { +- fprintf(stderr, "%s: can't alloc %i bytes\n", __func__, len); ++ fprintf(stderr, "%s: can't alloc %zu bytes\n", __func__, len); + exit(-1); + } + buf = fifo->data + off; + } else { + if (fifo->dlen > fifo->dsize) { +- fprintf(stderr, "%s: can't alloc %i bytes\n", __func__, len); ++ fprintf(stderr, "%s: can't alloc %zu bytes\n", __func__, len); + exit(-1); + } + buf = fifo->data + off - fifo->dsize; +@@ -319,7 +319,7 @@ static inline void usb_bt_fifo_dequeue(struct +usb_hci_in_fifo_s *fifo, + + static inline void usb_bt_fifo_out_enqueue(struct USBBtState *s, + struct usb_hci_out_fifo_s *fifo, +- void (*send)(struct HCIInfo *, const uint8_t *, int), ++ void (*send)(struct HCIInfo *, const uint8_t *, size_t), + int (*complete)(const uint8_t *, int), + USBPacket *p) + { +@@ -478,7 +478,7 @@ static void usb_bt_handle_data(USBDevice *dev, USBPacket *p) + } + + static void usb_bt_out_hci_packet_event(void *opaque, +- const uint8_t *data, int len) ++ const uint8_t *data, size_t len) + { + struct USBBtState *s = (struct USBBtState *) opaque; + +@@ -489,7 +489,7 @@ static void usb_bt_out_hci_packet_event(void *opaque, + } + + static void usb_bt_out_hci_packet_acl(void *opaque, +- const uint8_t *data, int len) ++ const uint8_t *data, size_t len) + { + struct USBBtState *s = (struct USBBtState *) opaque; + +diff --git a/include/hw/bt.h b/include/hw/bt.h +index b5e11d4d43..bc362aa662 100644 +--- a/include/hw/bt.h ++++ b/include/hw/bt.h +@@ -94,9 +94,9 @@ struct bt_device_s { + void (*lmp_disconnect_master)(struct bt_link_s *link); + void (*lmp_disconnect_slave)(struct bt_link_s *link); + void (*lmp_acl_data)(struct bt_link_s *link, const uint8_t *data, +- int start, int len); ++ int start, size_t len); + void (*lmp_acl_resp)(struct bt_link_s *link, const uint8_t *data, +- int start, int len); ++ int start, size_t len); + void (*lmp_mode_change)(struct bt_link_s *link); + + void (*handle_destroy)(struct bt_device_s *device); +@@ -148,12 +148,12 @@ struct bt_l2cap_device_s { + + struct bt_l2cap_conn_params_s { + /* Input */ +- uint8_t *(*sdu_out)(struct bt_l2cap_conn_params_s *chan, int len); ++ uint8_t *(*sdu_out)(struct bt_l2cap_conn_params_s *chan, size_t len); + void (*sdu_submit)(struct bt_l2cap_conn_params_s *chan); + int remote_mtu; + /* Output */ + void *opaque; +- void (*sdu_in)(void *opaque, const uint8_t *data, int len); ++ void (*sdu_in)(void *opaque, const uint8_t *data, size_t len); + void (*close)(void *opaque); + }; + +diff --git a/include/sysemu/bt.h b/include/sysemu/bt.h +index ddb05cd109..db935c695d 100644 +--- a/include/sysemu/bt.h ++++ b/include/sysemu/bt.h +@@ -5,12 +5,12 @@ + + typedef struct HCIInfo { + int (*bdaddr_set)(struct HCIInfo *hci, const uint8_t *bd_addr); +- void (*cmd_send)(struct HCIInfo *hci, const uint8_t *data, int len); +- void (*sco_send)(struct HCIInfo *hci, const uint8_t *data, int len); +- void (*acl_send)(struct HCIInfo *hci, const uint8_t *data, int len); ++ void (*cmd_send)(struct HCIInfo *hci, const uint8_t *data, size_t len); ++ void (*sco_send)(struct HCIInfo *hci, const uint8_t *data, size_t len); ++ void (*acl_send)(struct HCIInfo *hci, const uint8_t *data, size_t len); + void *opaque; +- void (*evt_recv)(void *opaque, const uint8_t *data, int len); +- void (*acl_recv)(void *opaque, const uint8_t *data, int len); ++ void (*evt_recv)(void *opaque, const uint8_t *data, size_t len); ++ void (*acl_recv)(void *opaque, const uint8_t *data, size_t len); + } HCIInfo; + + /* bt-host.c */ +-- +2.17.2 diff --git a/SPECS/qemu-kvm/qemu-kvm.spec b/SPECS/qemu-kvm/qemu-kvm.spec index df82244bf23..fec4c65ef8e 100644 --- a/SPECS/qemu-kvm/qemu-kvm.spec +++ b/SPECS/qemu-kvm/qemu-kvm.spec @@ -1,7 +1,7 @@ Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 4.2.0 -Release: 17%{?dist} +Release: 18%{?dist} License: GPLv2 AND GPLv2+ AND CC-BY AND BSD Vendor: Microsoft Corporation Distribution: Mariner @@ -20,29 +20,21 @@ Patch4: CVE-2019-20175.patch Patch5: CVE-2020-13659.patch Patch6: CVE-2020-16092.patch Patch7: CVE-2020-15863.patch -# CVE-2016-7161 was fixed in 2.7.0, but the CVE database was not updated. (a0d1cbdacff5df4ded16b753b38fdd9da6092968) -Patch8: CVE-2016-7161.nopatch -# CVE-2015-7504 was fixed in 2.5.0, but the CVE database was not updated. (837f21aacf5a714c23ddaadbbc5212f9b661e3f7) -Patch9: CVE-2015-7504.nopatch -# CVE-2017-5931 was fixed in 2.9.0, but the CVE database was not updated. (a08aaff811fb194950f79711d2afe5a892ae03a4) -Patch10: CVE-2017-5931.nopatch -# CVE-2017-14167 was fixed in 2.11.0, but the CVE database was not updated. (ed4f86e8b6eff8e600c69adee68c7cd34dd2cccb) -Patch11: CVE-2017-14167.nopatch -Patch12: CVE-2020-10702.patch -Patch13: CVE-2020-10761.patch +Patch8: CVE-2020-10702.patch +Patch9: CVE-2020-10761.patch # CVE-2020-13253 backported to 4.2.0. Original version: https://github.com/qemu/qemu/commit/790762e5487114341cccc5bffcec4cb3c022c3cd -Patch14: CVE-2020-13253.patch -Patch15: CVE-2020-13754.patch -Patch16: CVE-2020-13800.patch -Patch17: CVE-2020-14364.patch -Patch18: CVE-2020-13791.patch - +Patch10: CVE-2020-13253.patch +Patch11: CVE-2020-13754.patch +Patch12: CVE-2020-13800.patch +Patch13: CVE-2020-14364.patch +Patch14: CVE-2020-13791.patch +# CVE-2018-19665 patch never merged upstream, link: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html +Patch15: CVE-2018-19665.patch BuildRequires: alsa-lib-devel BuildRequires: glib-devel BuildRequires: pixman-devel BuildRequires: python3-devel BuildRequires: zlib-devel - Requires: alsa-lib Requires: cyrus-sasl Requires: pixman @@ -71,13 +63,14 @@ This package provides a command line tool for manipulating disk images. %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 %patch12 -p1 %patch13 -p1 %patch14 -p1 %patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 %build @@ -138,6 +131,11 @@ chmod 755 %{buildroot}%{_bindir}/qemu %{_bindir}/qemu-nbd %changelog +* Fri Oct 30 2020 Thomas Crain - 4.2.0-18 +- Patch CVE-2018-19665 +- Remove nopatch files for CVE-2016-7161, CVE-2015-7504, CVE-2017-5931, + CVE-2017-14167, as NIST data for those has been corrected + * Thu Oct 29 2020 Ruying Chen - 4.2.0-17 - Patch CVE-2020-13791. From 5ae04be88509fa90dfe5c4b6970ca5389b4db77e Mon Sep 17 00:00:00 2001 From: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com> Date: Thu, 5 Nov 2020 11:09:52 -0800 Subject: [PATCH 096/145] Use archive for man-pages (#347) (#349) --- toolkit/scripts/toolchain/container/toolchain-remote-wget-list | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolkit/scripts/toolchain/container/toolchain-remote-wget-list b/toolkit/scripts/toolchain/container/toolchain-remote-wget-list index 3b271b91035..69c7032b5d0 100644 --- a/toolkit/scripts/toolchain/container/toolchain-remote-wget-list +++ b/toolkit/scripts/toolchain/container/toolchain-remote-wget-list @@ -14,7 +14,7 @@ https://gcc.gnu.org/pub/libffi/libffi-3.2.1.tar.gz http://ftp.gnu.org/gnu/libtool/libtool-2.4.6.tar.xz http://ftp.gnu.org/gnu/m4/m4-1.4.18.tar.xz http://ftp.gnu.org/gnu/make/make-4.2.1.tar.gz -https://www.kernel.org/pub/linux/docs/man-pages/man-pages-5.02.tar.xz +https://www.kernel.org/pub/linux/docs/man-pages/Archive/man-pages-5.02.tar.xz https://ftp.gnu.org/gnu/mpc/mpc-1.1.0.tar.gz http://www.mpfr.org/mpfr-4.0.1/mpfr-4.0.1.tar.xz ftp://ftp.invisible-island.net/ncurses/ncurses-6.2.tar.gz From 50066f4168c334b3c31e28318776e32029b7fc3c Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Thu, 5 Nov 2020 11:27:46 -0800 Subject: [PATCH 097/145] Nopatch CVE-2019-18276 in bash (#266) --- SPECS/bash/CVE-2019-18276.nopatch | 0 SPECS/bash/bash.spec | 296 ++++++++++-------- .../manifests/package/pkggen_core_aarch64.txt | 6 +- .../manifests/package/pkggen_core_x86_64.txt | 6 +- .../manifests/package/toolchain_aarch64.txt | 8 +- .../manifests/package/toolchain_x86_64.txt | 8 +- 6 files changed, 179 insertions(+), 145 deletions(-) create mode 100644 SPECS/bash/CVE-2019-18276.nopatch diff --git a/SPECS/bash/CVE-2019-18276.nopatch b/SPECS/bash/CVE-2019-18276.nopatch new file mode 100644 index 00000000000..e69de29bb2d diff --git a/SPECS/bash/bash.spec b/SPECS/bash/bash.spec index c6d15f24192..65306156ce1 100755 --- a/SPECS/bash/bash.spec +++ b/SPECS/bash/bash.spec @@ -1,45 +1,51 @@ Summary: Bourne-Again SHell Name: bash Version: 4.4.18 -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv3 -URL: http://www.gnu.org/software/bash/ -Group: System Environment/Base Vendor: Microsoft Corporation Distribution: Mariner -Source0: http://ftp.gnu.org/gnu/bash/%{name}-%{version}.tar.gz -%define sha1 bash=6cf9b3c23930ba8a721fee177d1558e5b7cb6104 +Group: System Environment/Base +URL: https://www.gnu.org/software/bash/ +Source0: https://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.gz Source1: bash_completion Patch0: bash-4.4.patch -Provides: /bin/sh -Provides: /bin/bash -Provides: /usr/bin/sh -Provides: /usr/bin/bash +# CVE-2019-18276 has a negligible security impact, +# since we don't ship bash with suid. +# Backporting the patch is non-trivial, as well. +Patch1: CVE-2019-18276.nopatch BuildRequires: readline Requires: readline -Requires(post): /bin/grep -Requires(post): /bin/cp -Requires(postun): /bin/grep -Requires(postun): /bin/mv +Requires(post): /bin/cp +Requires(post): /bin/grep +Requires(postun): /bin/grep +Requires(postun): /bin/mv +Provides: /bin/sh +Provides: /bin/bash +Provides: %{_bindir}/sh +Provides: %{_bindir}/bash + %description The package contains the Bourne-Again SHell -%package devel -Summary: Header and development files for bash -Requires: %{name} = %{version} +%package devel +Summary: Header and development files for bash +Requires: %{name} = %{version} + %description devel It contains the libraries and header files to create applications %package lang -Summary: Additional language files for bash -Group: System Environment/Base -Requires: bash >= 4.4 +Summary: Additional language files for bash +Group: System Environment/Base +Requires: bash >= 4.4 + %description lang These are the additional language files of bash. %prep -%setup -q -n bash-4.4.18 -%patch0 -p1 +%autosetup -p 1 + %build %configure \ "CFLAGS=-fPIC %{build_cflags}" \ @@ -48,21 +54,22 @@ These are the additional language files of bash. --without-bash-malloc \ --with-installed-readline make %{?_smp_mflags} + %install make DESTDIR=%{buildroot} install ln -s bash %{buildroot}/bin/sh -install -vdm 755 %{buildroot}/etc -install -vdm 755 %{buildroot}/etc/profile.d -install -vdm 755 %{buildroot}/etc/skel -install -vdm 755 %{buildroot}/usr/share/bash-completion -install -m 0644 %{SOURCE1} %{buildroot}/usr/share/bash-completion -rm %{buildroot}/usr/lib/bash/Makefile.inc +install -vdm 755 %{buildroot}%{_sysconfdir} +install -vdm 755 %{buildroot}%{_sysconfdir}/profile.d +install -vdm 755 %{buildroot}%{_sysconfdir}/skel +install -vdm 755 %{buildroot}%{_datadir}/bash-completion +install -m 0644 %{SOURCE1} %{buildroot}%{_datadir}/bash-completion +rm %{buildroot}%{_lib}/bash/Makefile.inc # Create dircolors -cat > %{buildroot}/etc/profile.d/dircolors.sh << "EOF" +cat > %{buildroot}%{_sysconfdir}/profile.d/dircolors.sh << "EOF" # Setup for /bin/ls and /bin/grep to support color, the alias is in /etc/bashrc. -if [ -f "/etc/dircolors" ] ; then - eval $(dircolors -b /etc/dircolors) +if [ -f "%{_sysconfdir}/dircolors" ] ; then + eval $(dircolors -b %{_sysconfdir}/dircolors) if [ -f "$HOME/.dircolors" ] ; then eval $(dircolors -b $HOME/.dircolors) @@ -75,27 +82,27 @@ if [ $? -eq 0 ]; then fi EOF -cat > %{buildroot}/etc/profile.d/extrapaths.sh << "EOF" -if [ -d /usr/local/lib/pkgconfig ] ; then - pathappend /usr/local/lib/pkgconfig PKG_CONFIG_PATH +cat > %{buildroot}%{_sysconfdir}/profile.d/extrapaths.sh << "EOF" +if [ -d %{_prefix}/local/lib/pkgconfig ] ; then + pathappend %{_prefix}/local/lib/pkgconfig PKG_CONFIG_PATH fi -if [ -d /usr/local/bin ]; then - pathprepend /usr/local/bin +if [ -d %{_prefix}/local/bin ]; then + pathprepend %{_prefix}/local/bin fi -if [ -d /usr/local/sbin -a $EUID -eq 0 ]; then - pathprepend /usr/local/sbin +if [ -d %{_prefix}/local/sbin -a $EUID -eq 0 ]; then + pathprepend %{_prefix}/local/sbin fi EOF -cat > %{buildroot}/etc/profile.d/readline.sh << "EOF" +cat > %{buildroot}%{_sysconfdir}/profile.d/readline.sh << "EOF" # Setup the INPUTRC environment variable. if [ -z "$INPUTRC" -a ! -f "$HOME/.inputrc" ] ; then - INPUTRC=/etc/inputrc + INPUTRC=%{_sysconfdir}/inputrc fi export INPUTRC EOF -cat > %{buildroot}/etc/profile.d/umask.sh << "EOF" +cat > %{buildroot}%{_sysconfdir}/profile.d/umask.sh << "EOF" # By default, the umask should be set. if [ "$(id -gn)" = "$(id -un)" -a $EUID -gt 99 ] ; then umask 002 @@ -104,7 +111,7 @@ else fi EOF -cat > %{buildroot}/etc/profile.d/i18n.sh << "EOF" +cat > %{buildroot}%{_sysconfdir}/profile.d/i18n.sh << "EOF" # Begin /etc/profile.d/i18n.sh unset LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES \ @@ -112,8 +119,8 @@ unset LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES \ if [ -n "$XDG_CONFIG_HOME" ] && [ -r "$XDG_CONFIG_HOME/locale.conf" ]; then . "$XDG_CONFIG_HOME/locale.conf" -elif [ -r /etc/locale.conf ]; then - . /etc/locale.conf +elif [ -r %{_sysconfdir}/locale.conf ]; then + . %{_sysconfdir}/locale.conf fi export LANG="${LANG:-C}" @@ -134,21 +141,21 @@ export LANG="${LANG:-C}" EOF # bash completion -cat > %{buildroot}/etc/profile.d/bash_completion.sh << "EOF" +cat > %{buildroot}%{_sysconfdir}/profile.d/bash_completion.sh << "EOF" # check for interactive bash and only bash if [ -n "$BASH_VERSION" -a -n "$PS1" ]; then # enable bash completion in interactive shells if ! shopt -oq posix; then - if [ -f /usr/share/bash-completion/bash_completion ]; then - . /usr/share/bash-completion/bash_completion + if [ -f %{_datadir}/bash-completion/bash_completion ]; then + . %{_datadir}/bash-completion/bash_completion fi fi fi EOF -cat > %{buildroot}/etc/bash.bashrc << "EOF" +cat > %{buildroot}%{_sysconfdir}/bash.bashrc << "EOF" # Begin /etc/bash.bashrc # Written for Beyond Linux From Scratch # by James Robertson @@ -187,13 +194,13 @@ fi unset RED GREEN NORMAL if test -n "$SSH_CONNECTION" -a -z "$PROFILEREAD"; then - . /etc/profile > /dev/null 2>&1 + . %{_sysconfdir}/profile > /dev/null 2>&1 fi # End /etc/bash.bashrc EOF -cat > %{buildroot}/etc/skel/.bash_profile << "EOF" +cat > %{buildroot}%{_sysconfdir}/skel/.bash_profile << "EOF" # Begin ~/.bash_profile # Written for Beyond Linux From Scratch # by James Robertson @@ -221,7 +228,7 @@ fi # End ~/.bash_profile EOF -cat > %{buildroot}/etc/skel/.bashrc << "EOF" +cat > %{buildroot}%{_sysconfdir}/skel/.bashrc << "EOF" # Begin ~/.bashrc # Written for Beyond Linux From Scratch # by James Robertson @@ -233,14 +240,14 @@ cat > %{buildroot}/etc/skel/.bashrc << "EOF" # programs are in /etc/profile. System wide aliases and functions are # in /etc/bashrc. -if [ -f "/etc/bash.bashrc" ] ; then - source /etc/bash.bashrc +if [ -f "%{_sysconfdir}/bash.bashrc" ] ; then + source %{_sysconfdir}/bash.bashrc fi # End ~/.bashrc EOF -cat > %{buildroot}/etc/skel/.bash_logout << "EOF" +cat > %{buildroot}%{_sysconfdir}/skel/.bash_logout << "EOF" # Begin ~/.bash_logout # Written for Beyond Linux From Scratch # by James Robertson @@ -250,7 +257,7 @@ cat > %{buildroot}/etc/skel/.bash_logout << "EOF" # End ~/.bash_logout EOF -dircolors -p > %{buildroot}/etc/dircolors +dircolors -p > %{buildroot}%{_sysconfdir}/dircolors %find_lang %{name} rm -rf %{buildroot}/%{_infodir} @@ -260,22 +267,22 @@ make NON_ROOT_USERNAME=nobody %{?_smp_mflags} check %post if [ $1 -eq 1 ] ; then if [ ! -f "/root/.bash_logout" ] ; then - cp /etc/skel/.bash_logout /root/.bash_logout + cp %{_sysconfdir}/skel/.bash_logout /root/.bash_logout fi - if [ ! -f /etc/shells ]; then - echo "/bin/sh" >> /etc/shells - echo "/bin/bash" >> /etc/shells - echo "%{_bindir}/sh" >> /etc/shells - echo "%{_bindir}/bash" >> /etc/shells + if [ ! -f %{_sysconfdir}/shells ]; then + echo "/bin/sh" >> %{_sysconfdir}/shells + echo "/bin/bash" >> %{_sysconfdir}/shells + echo "%{_bindir}/sh" >> %{_sysconfdir}/shells + echo "%{_bindir}/bash" >> %{_sysconfdir}/shells else - grep -q '^/bin/sh$' /etc/shells || \ - echo "/bin/sh" >> /etc/shells - grep -q '^/bin/bash$' /etc/shells || \ - echo "/bin/bash" >> /etc/shells - grep -q '^%{_bindir}/sh$' /etc/shells || \ - echo "%{_bindir}/sh" >> /etc/shells - grep -q '^%{_bindir}/bash$' /etc/shells || \ - echo "%{_bindir}/bash" >> /etc/shells + grep -q '^/bin/sh$' %{_sysconfdir}/shells || \ + echo "/bin/sh" >> %{_sysconfdir}/shells + grep -q '^/bin/bash$' %{_sysconfdir}/shells || \ + echo "/bin/bash" >> %{_sysconfdir}/shells + grep -q '^%{_bindir}/sh$' %{_sysconfdir}/shells || \ + echo "%{_bindir}/sh" >> %{_sysconfdir}/shells + grep -q '^%{_bindir}/bash$' %{_sysconfdir}/shells || \ + echo "%{_bindir}/bash" >> %{_sysconfdir}/shells fi fi @@ -285,24 +292,24 @@ if [ $1 -eq 0 ] ; then rm -f /root/.bash_logout fi if [ ! -x /bin/sh ]; then - grep -v '^/bin/sh$' /etc/shells | \ - grep -v '^/bin/sh$' > /etc/shells.rpm && \ - mv /etc/shells.rpm /etc/shells + grep -v '^/bin/sh$' %{_sysconfdir}/shells | \ + grep -v '^/bin/sh$' > %{_sysconfdir}/shells.rpm && \ + mv %{_sysconfdir}/shells.rpm %{_sysconfdir}/shells fi if [ ! -x /bin/bash ]; then - grep -v '^/bin/bash$' /etc/shells | \ - grep -v '^/bin/bash$' > /etc/shells.rpm && \ - mv /etc/shells.rpm /etc/shells + grep -v '^/bin/bash$' %{_sysconfdir}/shells | \ + grep -v '^/bin/bash$' > %{_sysconfdir}/shells.rpm && \ + mv %{_sysconfdir}/shells.rpm %{_sysconfdir}/shells fi if [ ! -x %{_bindir}/sh ]; then - grep -v '^%{_bindir}/sh$' /etc/shells | \ - grep -v '^%{_bindir}/sh$' > /etc/shells.rpm && \ - mv /etc/shells.rpm /etc/shells + grep -v '^%{_bindir}/sh$' %{_sysconfdir}/shells | \ + grep -v '^%{_bindir}/sh$' > %{_sysconfdir}/shells.rpm && \ + mv %{_sysconfdir}/shells.rpm %{_sysconfdir}/shells fi if [ ! -x %{_bindir}/bash ]; then - grep -v '^%{_bindir}/bash$' /etc/shells | \ - grep -v '^%{_bindir}/bash$' > /etc/shells.rpm && \ - mv /etc/shells.rpm /etc/shells + grep -v '^%{_bindir}/bash$' %{_sysconfdir}/shells | \ + grep -v '^%{_bindir}/bash$' > %{_sysconfdir}/shells.rpm && \ + mv %{_sysconfdir}/shells.rpm %{_sysconfdir}/shells fi fi @@ -315,7 +322,7 @@ fi %{_defaultdocdir}/%{name}-%{version}/* %{_defaultdocdir}/%{name}/* %{_mandir}/*/* -/usr/share/bash-completion/ +%{_datadir}/bash-completion/ %files devel %{_includedir}/%{name}/* @@ -325,54 +332,81 @@ fi %defattr(-,root,root) %changelog -* Fri Jul 31 2020 Leandro Pereira 4.4.18-5 -- Don't stomp on CFLAGS. -* Sat May 09 2020 Nick Samson - 4.4.18-4 -- Added %%license line automatically -* Thu Feb 27 2020 Henry Beberman 4.4.18-3 -- Explicitly provide /usr/bin/sh and /usr/bin/bash -* Tue Sep 03 2019 Mateusz Malisz 4.4.18-2 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Mon Sep 24 2018 Sujay G 4.4.18-1 -- Bump bash version to 4.4.18 -* Fri Jan 26 2018 Alexey Makhalov 4.4.12-3 -- Run bash_completion only for bash interactive shell -* Mon Dec 11 2017 Priyesh Padmavilasom 4.4.12-2 -- conditionally apply grep color alias -* Mon Nov 13 2017 Xiaolin Li 4.4.12-1 -- Upstream patch level 12 applied -* Mon Oct 02 2017 Kumar Kaushik 4.4-6 -- Adding security fix for CVE-2017-5932. -* Thu Jun 8 2017 Bo Gan 4.4-5 -- Fix dependency again -* Wed Jun 7 2017 Divya Thaluru 4.4-4 -- Added /usr/bin/sh and /bin/sh entries in /etc/shells -* Sun Jun 4 2017 Bo Gan 4.4-3 -- Fix dependency -* Thu Feb 2 2017 Divya Thaluru 4.4-2 -- Modified bash entry in /etc/shells -* Fri Jan 13 2017 Dheeraj Shetty 4.4-1 -- Upgraded version to 4.4 -* Tue Jan 10 2017 Divya Thaluru 4.3.30-7 -- Added bash entry to /etc/shells -* Wed Nov 16 2016 Alexey Makhalov 4.3.30-6 -- Add readline requirements -* Fri Aug 19 2016 Alexey Makhalov 4.3.30-5 -- Enable bash completion support -* Tue May 24 2016 Priyesh Padmavilasom 4.3.30-4 -- GA - Bump release of all rpms -* Tue May 3 2016 Divya Thaluru 4.3.30-3 -- Fixing spec file to handle rpm upgrade scenario correctly -* Thu Mar 10 2016 Divya Thaluru 4.3.30-2 -- Adding compile options to load bash.bashrc file and +* Thu Oct 22 2020 Thomas Crain - 4.4.18-6 +- Nopatch CVE-2019-18276 + +* Fri Jul 31 2020 Leandro Pereira - 4.4.18-5 +- Don't stomp on CFLAGS. + +* Sat May 09 2020 Nick Samson - 4.4.18-4 +- Added %%license line automatically + +* Thu Feb 27 2020 Henry Beberman - 4.4.18-3 +- Explicitly provide /usr/bin/sh and /usr/bin/bash + +* Tue Sep 03 2019 Mateusz Malisz - 4.4.18-2 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Mon Sep 24 2018 Sujay G - 4.4.18-1 +- Bump bash version to 4.4.18 + +* Fri Jan 26 2018 Alexey Makhalov - 4.4.12-3 +- Run bash_completion only for bash interactive shell + +* Mon Dec 11 2017 Priyesh Padmavilasom - 4.4.12-2 +- conditionally apply grep color alias + +* Mon Nov 13 2017 Xiaolin Li - 4.4.12-1 +- Upstream patch level 12 applied + +* Mon Oct 02 2017 Kumar Kaushik - 4.4-6 +- Adding security fix for CVE-2017-5932. + +* Thu Jun 8 2017 Bo Gan - 4.4-5 +- Fix dependency again + +* Wed Jun 7 2017 Divya Thaluru 4.4-4 +- Added /usr/bin/sh and /bin/sh entries in /etc/shells + +* Sun Jun 4 2017 Bo Gan - 4.4-3 +- Fix dependency + +* Thu Feb 2 2017 Divya Thaluru - 4.4-2 +- Modified bash entry in /etc/shells + +* Fri Jan 13 2017 Dheeraj Shetty - 4.4-1 +- Upgraded version to 4.4 + +* Tue Jan 10 2017 Divya Thaluru - 4.3.30-7 +- Added bash entry to /etc/shells + +* Wed Nov 16 2016 Alexey Makhalov - 4.3.30-6 +- Add readline requirements + +* Fri Aug 19 2016 Alexey Makhalov - 4.3.30-5 +- Enable bash completion support + +* Tue May 24 2016 Priyesh Padmavilasom - 4.3.30-4 +- GA - Bump release of all rpms + +* Tue May 3 2016 Divya Thaluru 4.3.30-3 +- Fixing spec file to handle rpm upgrade scenario correctly + +* Thu Mar 10 2016 Divya Thaluru - 4.3.30-2 +- Adding compile options to load bash.bashrc file and loading source file during non-inetractive non-login shell -* Tue Jan 12 2016 Xiaolin Li 4.3.30-1 -- Updated to version 4.3.30 -* Wed Aug 05 2015 Kumar Kaushik 4.3-4 -- Adding post unstall section. -* Wed Jul 22 2015 Alexey Makhalov 4.3-3 -- Fix segfault in save_bash_input. -* Tue Jun 30 2015 Alexey Makhalov 4.3-2 -- /etc/profile.d permission fix. Pack /etc files into rpm -* Wed Oct 22 2014 Divya Thaluru 4.3-1 -- Initial version + +* Tue Jan 12 2016 Xiaolin Li - 4.3.30-1 +- Updated to version 4.3.30 + +* Wed Aug 05 2015 Kumar Kaushik - 4.3-4 +- Adding post unstall section. + +* Wed Jul 22 2015 Alexey Makhalov - 4.3-3 +- Fix segfault in save_bash_input. + +* Tue Jun 30 2015 Alexey Makhalov - 4.3-2 +- /etc/profile.d permission fix. Pack /etc files into rpm + +* Wed Oct 22 2014 Divya Thaluru - 4.3-1 +- Initial version diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index a1713d690e8..866aca9d1ed 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -37,9 +37,9 @@ readline-7.0-4.cm1.aarch64.rpm readline-devel-7.0-4.cm1.aarch64.rpm coreutils-8.30-6.cm1.aarch64.rpm coreutils-lang-8.30-6.cm1.aarch64.rpm -bash-4.4.18-5.cm1.aarch64.rpm -bash-devel-4.4.18-5.cm1.aarch64.rpm -bash-lang-4.4.18-5.cm1.aarch64.rpm +bash-4.4.18-6.cm1.aarch64.rpm +bash-devel-4.4.18-6.cm1.aarch64.rpm +bash-lang-4.4.18-6.cm1.aarch64.rpm bzip2-1.0.6-15.cm1.aarch64.rpm bzip2-devel-1.0.6-15.cm1.aarch64.rpm bzip2-libs-1.0.6-15.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 229720abb19..1a2ccf02917 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -37,9 +37,9 @@ readline-7.0-4.cm1.x86_64.rpm readline-devel-7.0-4.cm1.x86_64.rpm coreutils-8.30-6.cm1.x86_64.rpm coreutils-lang-8.30-6.cm1.x86_64.rpm -bash-4.4.18-5.cm1.x86_64.rpm -bash-devel-4.4.18-5.cm1.x86_64.rpm -bash-lang-4.4.18-5.cm1.x86_64.rpm +bash-4.4.18-6.cm1.x86_64.rpm +bash-devel-4.4.18-6.cm1.x86_64.rpm +bash-lang-4.4.18-6.cm1.x86_64.rpm bzip2-1.0.6-15.cm1.x86_64.rpm bzip2-devel-1.0.6-15.cm1.x86_64.rpm bzip2-libs-1.0.6-15.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index a7c58205860..e632c96793e 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -4,10 +4,10 @@ alsa-lib-devel-1.2.2-1.cm1.aarch64.rpm asciidoc-8.6.10-4.cm1.noarch.rpm autoconf-2.69-9.cm1.noarch.rpm automake-1.16.1-3.cm1.noarch.rpm -bash-4.4.18-5.cm1.aarch64.rpm -bash-debuginfo-4.4.18-5.cm1.aarch64.rpm -bash-devel-4.4.18-5.cm1.aarch64.rpm -bash-lang-4.4.18-5.cm1.aarch64.rpm +bash-4.4.18-6.cm1.aarch64.rpm +bash-debuginfo-4.4.18-6.cm1.aarch64.rpm +bash-devel-4.4.18-6.cm1.aarch64.rpm +bash-lang-4.4.18-6.cm1.aarch64.rpm binutils-2.32-4.cm1.aarch64.rpm binutils-debuginfo-2.32-4.cm1.aarch64.rpm binutils-devel-2.32-4.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index b04e31809ce..600e6008cc1 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -4,10 +4,10 @@ alsa-lib-devel-1.2.2-1.cm1.x86_64.rpm asciidoc-8.6.10-4.cm1.noarch.rpm autoconf-2.69-9.cm1.noarch.rpm automake-1.16.1-3.cm1.noarch.rpm -bash-4.4.18-5.cm1.x86_64.rpm -bash-debuginfo-4.4.18-5.cm1.x86_64.rpm -bash-devel-4.4.18-5.cm1.x86_64.rpm -bash-lang-4.4.18-5.cm1.x86_64.rpm +bash-4.4.18-6.cm1.x86_64.rpm +bash-debuginfo-4.4.18-6.cm1.x86_64.rpm +bash-devel-4.4.18-6.cm1.x86_64.rpm +bash-lang-4.4.18-6.cm1.x86_64.rpm binutils-2.32-4.cm1.x86_64.rpm binutils-debuginfo-2.32-4.cm1.x86_64.rpm binutils-devel-2.32-4.cm1.x86_64.rpm From aeb87c4fe7e4a84ffd207b063c15598fff6d9530 Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Thu, 5 Nov 2020 11:28:22 -0800 Subject: [PATCH 098/145] Remove RPM path macros from local package build contexts in go (#350) --- SPECS/golang/golang-1.13.spec | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/SPECS/golang/golang-1.13.spec b/SPECS/golang/golang-1.13.spec index 33df860cbeb..5e4b1402fd2 100644 --- a/SPECS/golang/golang-1.13.spec +++ b/SPECS/golang/golang-1.13.spec @@ -1,4 +1,4 @@ -%global goroot %{_lib}/golang +%global goroot /usr/lib/golang %global gopath %{_datadir}/gocode %ifarch aarch64 %global gohostarch arm64 @@ -33,7 +33,7 @@ Go is an open source programming language that makes it easy to build simple, re # Setup go 1.4 bootstrap source tar xf %{SOURCE1} --no-same-owner %ifarch aarch64 -patch -Np1 --ignore-whitespace < %{_prefix}/src/mariner/SOURCES/go14_bootstrap_aarch64.patch +patch -Np1 --ignore-whitespace < /usr/src/mariner/SOURCES/go14_bootstrap_aarch64.patch %endif mv -v go go-bootstrap @@ -42,11 +42,11 @@ mv -v go go-bootstrap %build # Build go 1.4 bootstrap -pushd %{_prefix}/src/mariner/BUILD/go-bootstrap/src +pushd /usr/src/mariner/BUILD/go-bootstrap/src CGO_ENABLED=0 ./make.bash popd -mv -v %{_prefix}/src/mariner/BUILD/go-bootstrap %{_lib}/golang -export GOROOT=%{_lib}/golang +mv -v /usr/src/mariner/BUILD/go-bootstrap /usr/lib/golang +export GOROOT=/usr/lib/golang # Build current go version export GOHOSTOS=linux From d661370179c370b81f09c2a23e58700c34a2922d Mon Sep 17 00:00:00 2001 From: rlmenge Date: Thu, 5 Nov 2020 16:43:50 -0500 Subject: [PATCH 099/145] CVEs for mySQL (#341) * CVEs for mySQL Upgraded MySQL to version 8.0.22 to fix 40 CVEs. --- SPECS/mysql/mysql.signatures.json | 2 +- SPECS/mysql/mysql.spec | 51 +++++++++++++++++++++---------- cgmanifest.json | 4 +-- 3 files changed, 38 insertions(+), 19 deletions(-) diff --git a/SPECS/mysql/mysql.signatures.json b/SPECS/mysql/mysql.signatures.json index e7e05b35ab0..07f98a37baf 100644 --- a/SPECS/mysql/mysql.signatures.json +++ b/SPECS/mysql/mysql.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "mysql-boost-8.0.21.tar.gz": "37231a123372a95f409857364dc1deb196b6f2c0b1fe60cc8382c7686b487f11" + "mysql-boost-8.0.22.tar.gz": "ba765f74367c638d7cd1c546c05c14382fd997669bcd9680278e907f8d7eb484" } } \ No newline at end of file diff --git a/SPECS/mysql/mysql.spec b/SPECS/mysql/mysql.spec index 0b53e0cf623..71c35d463e0 100644 --- a/SPECS/mysql/mysql.spec +++ b/SPECS/mysql/mysql.spec @@ -1,19 +1,18 @@ Summary: MySQL. Name: mysql -Version: 8.0.21 +Version: 8.0.22 Release: 1%{?dist} -License: GPLv2 with exceptions and LGPLv2 and BSD -Group: Applications/Databases +License: GPLv2 with exceptions AND LGPLv2 AND BSD Vendor: Microsoft Corporation Distribution: Mariner -Url: https://www.mysql.com +Group: Applications/Databases +URL: https://www.mysql.com Source0: https://cdn.mysql.com/Downloads/MySQL-8.0/%{name}-boost-%{version}.tar.gz - BuildRequires: cmake -BuildRequires: openssl-devel -BuildRequires: zlib-devel BuildRequires: libtirpc-devel +BuildRequires: openssl-devel BuildRequires: rpcsvc-proto-devel +BuildRequires: zlib-devel %description MySQL is a free, widely used SQL engine. It can be used as a fast database as well as a rock-solid DBMS using a modular engine architecture. @@ -25,14 +24,13 @@ Requires: %{name} = %{version}-%{release} %description devel Development headers for developing applications linking to maridb - %prep %setup -q %{name}-boost-%{version} %build cmake . \ - -DCMAKE_INSTALL_PREFIX=/usr \ - -DWITH_BOOST=boost/boost_1_72_0 \ + -DCMAKE_INSTALL_PREFIX=%{_prefix} \ + -DWITH_BOOST=boost/boost_1_73_0 \ -DINSTALL_MANDIR=share/man \ -DINSTALL_DOCDIR=share/doc \ -DINSTALL_DOCREADMEDIR=share/doc \ @@ -53,8 +51,8 @@ make test %files %defattr(-,root,root) -%license LICENSE -%doc LICENSE README router/LICENSE.router router/README.router +%license LICENSE router/LICENSE.router +%doc README router/README.router %{_libdir}/plugin/* %{_libdir}/*.so.* %{_libdir}/mysqlrouter/*.so* @@ -64,10 +62,11 @@ make test %{_mandir}/man1/* %{_mandir}/man8/* %{_datadir}/support-files/* -%exclude /usr/mysql-test -%exclude /usr/docs -%exclude /usr/share -%exclude /usr/*.router +%{_prefix}/mysqlrouter-log-rotate +%exclude %{_prefix}/mysql-test +%exclude %{_prefix}/docs +%exclude %{_datadir} +%exclude %{_prefix}/*.router %files devel %{_libdir}/*.so @@ -76,40 +75,60 @@ make test %{_libdir}/pkgconfig/mysqlclient.pc %changelog +* Tue Nov 03 2020 Rachel Menge - 8.0.22-1 +- Upgrade to 8.0.22. Fixes 40 CVES. +- Lint spec + * Tue Aug 18 2020 Henry Beberman - 8.0.21-1 - Upgrade to 8.0.21. Fixes 32 CVEs. + * Sat May 09 2020 Nick Samson - 8.0.20-2 - Added %%license line automatically + * Mon Apr 27 2020 Emre Girgin 8.0.20-1 - Upgrade to 8.0.20. Fixes 70 CVEs. - Update URL. - Fix CVE-2020-2804. + * Fri Mar 13 2020 Paul Monson 8.0.17-1 - Update to version 8.0.17. License verified. + * Tue Sep 03 2019 Mateusz Malisz 8.0.14-2 - Initial CBL-Mariner import from Photon (license: Apache2). + * Tue Jan 22 2019 Siju Maliakkal 8.0.14-1 - Upgrade to 8.0.14 + * Wed Jan 02 2019 Him Kalyan Bordoloi 8.0.13-1 - Upgrade to version 8.0.13 - Workaround for broken DCMAKE_BUILD_TYPE=RELEASE(Mysql Bug#92945). Revert in next version + * Mon Nov 19 2018 Ajay Kaher 8.0.12-4 - Enabling for aarch64 + * Mon Oct 22 2018 Ajay Kaher 8.0.12-3 - Adding BuildArch + * Fri Sep 21 2018 Alexey Makhalov 8.0.12-2 - Use libtirpc instead obsoleted rpc from glibc. + * Mon Sep 10 2018 Srivatsa S. Bhat 8.0.12-1 - Update to version 8.0.12 + * Wed Aug 08 2018 Srivatsa S. Bhat 5.7.23-1 - Update to version 5.7.23 to get it to build with gcc 7.3 + * Thu Jan 25 2018 Divya Thaluru 5.7.20-2 - Added patch for CVE-2018-2696 + * Wed Oct 25 2017 Xiaolin Li 5.7.20-1 - Update to version 5.7.20 + * Fri Oct 13 2017 Alexey Makhalov 5.7.18-3 - Fix typo in description + * Fri Jul 14 2017 Xiaolin Li 5.7.18-2 - Run make test in the %check section + * Tue Jun 13 2017 Xiaolin Li 5.7.18-1 - Initial packaging for Photon diff --git a/cgmanifest.json b/cgmanifest.json index 0eb4ca000cb..b47446144a5 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -3246,8 +3246,8 @@ "type": "other", "other": { "name": "mysql", - "version": "8.0.20", - "downloadUrl": "https://cdn.mysql.com/Downloads/MySQL-8.0/mysql-boost-8.0.20.tar.gz" + "version": "8.0.22", + "downloadUrl": "https://cdn.mysql.com/Downloads/MySQL-8.0/mysql-boost-8.0.22.tar.gz" } } }, From 61c1b96e041635b7d5d70ae6c6e1cf4e21ef44fd Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Thu, 5 Nov 2020 14:48:24 -0800 Subject: [PATCH 100/145] Nopatching CVE-2020-14145. (#337) * Nopatching CVE-2020-14145 * Addressing linter's suggestions. --- SPECS/openssh/CVE-2020-14145.nopatch | 1 + SPECS/openssh/openssh.spec | 214 ++++++++++++++------------- 2 files changed, 115 insertions(+), 100 deletions(-) create mode 100644 SPECS/openssh/CVE-2020-14145.nopatch diff --git a/SPECS/openssh/CVE-2020-14145.nopatch b/SPECS/openssh/CVE-2020-14145.nopatch new file mode 100644 index 00000000000..3811041da13 --- /dev/null +++ b/SPECS/openssh/CVE-2020-14145.nopatch @@ -0,0 +1 @@ +The CVE is a won't fix for OpenSSH (confirmed on their mailing list). See here: https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf. \ No newline at end of file diff --git a/SPECS/openssh/openssh.spec b/SPECS/openssh/openssh.spec index 0c366e1e1eb..be15b50fc8f 100644 --- a/SPECS/openssh/openssh.spec +++ b/SPECS/openssh/openssh.spec @@ -2,7 +2,7 @@ Summary: Free version of the SSH connectivity tools Name: openssh Version: 8.0p1 -Release: 10%{?dist} +Release: 11%{?dist} License: BSD Vendor: Microsoft Corporation Distribution: Mariner @@ -12,16 +12,23 @@ Source0: https://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name} Source1: http://www.linuxfromscratch.org/blfs/downloads/stable-systemd/blfs-systemd-units-%{systemd_units_rel}.tar.xz Source2: sshd.service Source3: sshd-keygen.service + Patch0: blfs_systemd_fixes.patch Patch1: CVE-2019-16905.patch + +# Nopatches section + # Community agreed to not patch this -Patch2: CVE-2007-2768.nopatch +Patch100: CVE-2007-2768.nopatch +Patch101: CVE-2020-14145.nopatch + BuildRequires: e2fsprogs-devel BuildRequires: groff BuildRequires: krb5-devel BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: systemd + Requires: openssh-clients = %{version}-%{release} Requires: openssh-server = %{version}-%{release} @@ -67,21 +74,24 @@ tar xf %{SOURCE1} --no-same-owner --with-maintype=man \ --enable-strip=no \ --with-kerberos5=%{_prefix} - make %install [ %{buildroot} != "/"] && rm -rf %{buildroot}/* make DESTDIR=%{buildroot} install install -vdm755 %{buildroot}%{_sharedstatedir}/sshd -echo "AllowTcpForwarding no" >> %{buildroot}%{_sysconfdir}/ssh/sshd_config -echo "ClientAliveCountMax 2" >> %{buildroot}%{_sysconfdir}/ssh/sshd_config -echo "Compression no" >> %{buildroot}%{_sysconfdir}/ssh/sshd_config -#echo "MaxSessions 2" >> %{buildroot}/etc/ssh/sshd_config -echo "TCPKeepAlive no" >> %{buildroot}%{_sysconfdir}/ssh/sshd_config -echo "AllowAgentForwarding no" >> %{buildroot}%{_sysconfdir}/ssh/sshd_config -echo "PermitRootLogin no" >> %{buildroot}%{_sysconfdir}/ssh/sshd_config -echo "UsePAM yes" >> %{buildroot}%{_sysconfdir}/ssh/sshd_config + +cat <>%{buildroot}%{_sysconfdir}/ssh/sshd_config +AllowTcpForwarding no +ClientAliveCountMax 2 +Compression no +#MaxSessions 2 +TCPKeepAlive no +AllowAgentForwarding no +PermitRootLogin no +UsePAM yes +EOF + # Install daemon script pushd blfs-systemd-units-%{systemd_units_rel} make DESTDIR=%{buildroot} install-sshd @@ -136,13 +146,14 @@ fi %clean rm -rf %{buildroot}/* + %files %license LICENCE %files server %defattr(-,root,root) %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config -%attr(700,root,sys)%{_sharedstatedir}/sshd +%attr(700,root,sys) %{_sharedstatedir}/sshd /lib/systemd/system/sshd-keygen.service /lib/systemd/system/sshd.service /lib/systemd/system/sshd.socket @@ -181,137 +192,140 @@ rm -rf %{buildroot}/* %{_mandir}/man8/ssh-pkcs11-helper.8.gz %changelog +* Tue Nov 03 2020 Pawel Winogrodzki - 8.0p1-11 +- Nopatching CVE-2020-14145. + * Fri Oct 30 2020 Nicolas Ontiveros - 8.0p1-10 - Add no patch for CVE-2007-2768 -* Mon Oct 19 2020 Andrew Phelps 8.0p1-9 -- Add patch for CVE-2019-16905 +* Mon Oct 19 2020 Andrew Phelps - 8.0p1-9 +- Add patch for CVE-2019-16905 -* Wed Sep 02 2020 Jim Perrin 8.0p1-8 -- Add wants=sshd-keygen.service to sshd.service for easier service starting +* Wed Sep 02 2020 Jim Perrin - 8.0p1-8 +- Add wants=sshd-keygen.service to sshd.service for easier service starting -* Thu Jun 04 2020 Chris Co 8.0p1-7 -- Use default MaxAuthTries value of 6 +* Thu Jun 04 2020 Chris Co - 8.0p1-7 +- Use default MaxAuthTries value of 6 -* Tue May 26 2020 Pawel Winogrodzki 8.0p1-6 -- Adding the "%%license" macro. +* Tue May 26 2020 Pawel Winogrodzki - 8.0p1-6 +- Adding the "%%license" macro. -* Tue Apr 28 2020 Emre Girgin 8.0p1-5 -- Renaming Linux-PAM to pam +* Tue Apr 28 2020 Emre Girgin - 8.0p1-5 +- Renaming Linux-PAM to pam -* Mon Apr 27 2020 Emre Girgin 8.0p1-4 -- Rename shadow to shadow-utils. +* Mon Apr 27 2020 Emre Girgin - 8.0p1-4 +- Rename shadow to shadow-utils. -* Mon Apr 27 2020 Emre Girgin 8.0p1-3 -- Rename ncurses-terminfo to ncurses-term. +* Mon Apr 27 2020 Emre Girgin - 8.0p1-3 +- Rename ncurses-terminfo to ncurses-term. -* Fri Apr 24 2020 Nick Samson 8.0p1-2 -- Updated Source0, Source1. blfs-systemd-units updated to latest recommended version (20191026). +* Fri Apr 24 2020 Nick Samson - 8.0p1-2 +- Updated Source0, Source1. blfs-systemd-units updated to latest recommended version (20191026). -* Thu Mar 12 2020 Paul Monson 8.0p1-1 -- Update to version 8.0p1. License verified. +* Thu Mar 12 2020 Paul Monson - 8.0p1-1 +- Update to version 8.0p1. License verified. -* Tue Sep 03 2019 Mateusz Malisz 7.8p1-4 -- Initial CBL-Mariner import from Photon (license: Apache2). +* Tue Sep 03 2019 Mateusz Malisz - 7.8p1-4 +- Initial CBL-Mariner import from Photon (license: Apache2). -* Thu Feb 14 2019 Ankit Jain 7.8p1-3 -- Fix CVE-2018-20685. +* Thu Feb 14 2019 Ankit Jain - 7.8p1-3 +- Fix CVE-2018-20685. -* Tue Jan 08 2019 Alexey Makhalov 7.8p1-2 -- Added BuildRequires groff -- Use %configure +* Tue Jan 08 2019 Alexey Makhalov - 7.8p1-2 +- Added BuildRequires groff +- Use %configure -* Tue Sep 11 2018 Him Kalyan Bordoloi 7.8p1-1 -- Update version +* Tue Sep 11 2018 Him Kalyan Bordoloi - 7.8p1-1 +- Update version -* Tue Nov 28 2017 Xiaolin Li 7.5p1-11 -- Fix CVE-2017-15906. +* Tue Nov 28 2017 Xiaolin Li - 7.5p1-11 +- Fix CVE-2017-15906. -* Tue Nov 14 2017 Alexey Makhalov 7.5p1-10 -- Fix: openssh-server requires(pre) shadow tools +* Tue Nov 14 2017 Alexey Makhalov - 7.5p1-10 +- Fix: openssh-server requires(pre) shadow tools -* Tue Nov 14 2017 Anish Swaminathan 7.5p1-9 -- Add ciphers aes128-gcm, aes256-gcm and kex dh14/16/18 in fips mode +* Tue Nov 14 2017 Anish Swaminathan - 7.5p1-9 +- Add ciphers aes128-gcm, aes256-gcm and kex dh14/16/18 in fips mode -* Tue Oct 10 2017 Alexey Makhalov 7.5p1-8 -- No direct toybox dependency, shadow depends on toybox +* Tue Oct 10 2017 Alexey Makhalov - 7.5p1-8 +- No direct toybox dependency, shadow depends on toybox -* Mon Sep 18 2017 Alexey Makhalov 7.5p1-7 -- Requires shadow or toybox +* Mon Sep 18 2017 Alexey Makhalov - 7.5p1-7 +- Requires shadow or toybox -* Thu Sep 14 2017 Alexey Makhalov 7.5p1-6 -- sshd config: revert MaxSessions to original value +* Thu Sep 14 2017 Alexey Makhalov - 7.5p1-6 +- sshd config: revert MaxSessions to original value -* Thu Aug 31 2017 Alexey Makhalov 7.5p1-5 -- sshd config hardening based on lynis recommendations +* Thu Aug 31 2017 Alexey Makhalov - 7.5p1-5 +- sshd config hardening based on lynis recommendations -* Thu Aug 10 2017 Chang Lee 7.5p1-4 -- Fixed %check +* Thu Aug 10 2017 Chang Lee - 7.5p1-4 +- Fixed %check -* Mon Jul 24 2017 Dheeraj Shetty 7.5p1-3 -- Seperate the service file from the spec file +* Mon Jul 24 2017 Dheeraj Shetty - 7.5p1-3 +- Seperate the service file from the spec file -* Wed May 3 2017 Bo Gan 7.5p1-2 -- Fixed openssh-server dependency on coreutils +* Wed May 3 2017 Bo Gan - 7.5p1-2 +- Fixed openssh-server dependency on coreutils -* Tue Mar 28 2017 Priyesh Padmavilasom 7.5p1-1 -- Update version +* Tue Mar 28 2017 Priyesh Padmavilasom - 7.5p1-1 +- Update version -* Thu Feb 09 2017 Anish Swaminathan 7.4p1-3 -- Add patch to configure openssh FIPS mode +* Thu Feb 09 2017 Anish Swaminathan - 7.4p1-3 +- Add patch to configure openssh FIPS mode -* Thu Feb 02 2017 Anish Swaminathan 7.4p1-2 -- Add patch to support FIPS mode +* Thu Feb 02 2017 Anish Swaminathan - 7.4p1-2 +- Add patch to support FIPS mode -* Fri Jan 06 2017 Xiaolin Li 7.4p1-1 -- Updated to version 7.4p1. +* Fri Jan 06 2017 Xiaolin Li - 7.4p1-1 +- Updated to version 7.4p1. -* Wed Dec 14 2016 Xiaolin Li 7.1p2-10 -- BuildRequires Linux-PAM-devel +* Wed Dec 14 2016 Xiaolin Li - 7.1p2-10 +- BuildRequires Linux-PAM-devel -* Mon Dec 12 2016 Anish Swaminathan 7.1p2-9 -- Add patch to fix CVE-2016-8858 +* Mon Dec 12 2016 Anish Swaminathan - 7.1p2-9 +- Add patch to fix CVE-2016-8858 -* Thu Nov 24 2016 Alexey Makhalov 7.1p2-8 -- openssh-devel requires ncurses-terminfo to provide extra terms +* Thu Nov 24 2016 Alexey Makhalov - 7.1p2-8 +- openssh-devel requires ncurses-terminfo to provide extra terms for the clients -* Thu Nov 24 2016 Alexey Makhalov 7.1p2-7 -- Required krb5-devel. +* Thu Nov 24 2016 Alexey Makhalov - 7.1p2-7 +- Required krb5-devel. -* Thu Nov 03 2016 Sharath George 7.1p2-6 -- Split openssh into client and server rpms. +* Thu Nov 03 2016 Sharath George - 7.1p2-6 +- Split openssh into client and server rpms. -* Wed Oct 05 2016 ChangLee 7.1p2-5 -- Modified %check +* Wed Oct 05 2016 ChangLee - 7.1p2-5 +- Modified %check -* Thu Sep 15 2016 Anish Swaminathan 7.1p2-4 -- Add patch to fix CVE-2016-6515 +* Thu Sep 15 2016 Anish Swaminathan - 7.1p2-4 +- Add patch to fix CVE-2016-6515 -* Tue May 24 2016 Priyesh Padmavilasom 7.1p2-3 -- GA - Bump release of all rpms +* Tue May 24 2016 Priyesh Padmavilasom - 7.1p2-3 +- GA - Bump release of all rpms -* Wed May 04 2016 Anish Swaminathan 7.1p2-2 -- Edit scriptlets. +* Wed May 04 2016 Anish Swaminathan - 7.1p2-2 +- Edit scriptlets. -* Thu Mar 17 2016 Xiaolin Li 7.1p2-1 -- Updated to version 7.1p2 +* Thu Mar 17 2016 Xiaolin Li - 7.1p2-1 +- Updated to version 7.1p2 -* Fri Feb 05 2016 Anish Swaminathan 6.6p1-6 -- Add pre install scripts in the rpm +* Fri Feb 05 2016 Anish Swaminathan - 6.6p1-6 +- Add pre install scripts in the rpm -* Tue Jan 12 2016 Anish Swaminathan 6.6p1-5 -- Change config file attributes. +* Tue Jan 12 2016 Anish Swaminathan - 6.6p1-5 +- Change config file attributes. -* Thu Dec 10 2015 Xiaolin Li 6.6p1-4 -- Add systemd to Requires and BuildRequires. -- Use systemctl to enable/disable service. +* Thu Dec 10 2015 Xiaolin Li - 6.6p1-4 +- Add systemd to Requires and BuildRequires. +- Use systemctl to enable/disable service. -* Fri Jul 17 2015 Divya Thaluru 6.6p1-3 -- Enabling ssh-keygen service by default and fixed service file to execute only once. +* Fri Jul 17 2015 Divya Thaluru - 6.6p1-3 +- Enabling ssh-keygen service by default and fixed service file to execute only once. -* Tue May 19 2015 Sharath George 6.6p1-2 -- Bulding ssh server with kerberos 5. +* Tue May 19 2015 Sharath George - 6.6p1-2 +- Bulding ssh server with kerberos 5. -* Wed Nov 5 2014 Divya Thaluru 6.6p1-1 -- Initial build. First version +* Wed Nov 5 2014 Divya Thaluru - 6.6p1-1 +- Initial build. First version From bbde6ef1c7ed1a8b92f20243d73ff170af79b5b4 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Thu, 5 Nov 2020 16:55:37 -0800 Subject: [PATCH 101/145] Replacing deprecated flags with `imagepkgfetcher_extra_flags`. (#351) --- toolkit/scripts/imggen.mk | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/toolkit/scripts/imggen.mk b/toolkit/scripts/imggen.mk index 5fbd8f75b7b..3a6b42efd7e 100644 --- a/toolkit/scripts/imggen.mk +++ b/toolkit/scripts/imggen.mk @@ -152,8 +152,7 @@ $(image_external_package_cache_summary): $(cached_file) $(go-imagepkgfetcher) $( --tls-cert=$(TLS_CERT) \ --tls-key=$(TLS_KEY) \ $(foreach repo, $(imagefetcher_local_repo) $(imagefetcher_cloned_repo) $(REPO_LIST),--repo-file="$(repo)" ) \ - $(imagepkgfetcher_update_repo_flag) \ - $(imagepkgfetcher_disable_upstream_repos_flag) \ + $(imagepkgfetcher_extra_flags) \ --input-summary-file=$(IMAGE_CACHE_SUMMARY) \ --output-summary-file=$@ \ --output-dir=$(external_rpm_cache) From c041887a7451db9ce86dd4f4b0f908b9f3a47a8b Mon Sep 17 00:00:00 2001 From: Henry Beberman Date: Fri, 6 Nov 2020 09:41:36 -0800 Subject: [PATCH 102/145] Add libxcrypt spec (#343) libxcrypt is a replacement for the libcrypt functionality in glibc To enable a select few package installs we need to enable libxcrypt to install on top of an existing glibc libcrypt installation. This installation on top of glibc is a temporary measure, in future releases the plan is to move to libxcrypt completely. --- SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md | 2 +- .../libxcrypt-4.4.17-enable_LTO_build.patch | 70 ++ SPECS/libxcrypt/libxcrypt.signatures.json | 5 + SPECS/libxcrypt/libxcrypt.spec | 632 ++++++++++++++++++ cgmanifest.json | 10 + 5 files changed, 718 insertions(+), 1 deletion(-) create mode 100644 SPECS/libxcrypt/libxcrypt-4.4.17-enable_LTO_build.patch create mode 100644 SPECS/libxcrypt/libxcrypt.signatures.json create mode 100644 SPECS/libxcrypt/libxcrypt.spec diff --git a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md index 8f08346bf20..280e882a90b 100644 --- a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md +++ b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md @@ -2,7 +2,7 @@ The CBL-Mariner SPEC files originated from a variety of sources with varying lic | Origin | License | SPECS | |-----------|-----------------------------------|------------| -| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | attr
autoconf213
babeltrace2
brotli
calamares
catch
cpprest
cryptsetup
dnf
dos2unix
ebtables
extra-cmake-modules
gnu-efi
hardening-check
heimdal
ipmitool
ipv6calc
kde-settings
kexec-tools
kf5
kf5-kconfig
kf5-kcoreaddons
kf5-ki18n
kf5-kwidgetsaddons
kpmcore-3.3.0
libatasmart
libburn
libcgroup
libcomps
libdnf
libisoburn
libisofs
libpwquality
mokutil
mozjs60
open-vm-tools
openssl
p11-kit
perl-JSON
qt5-qtbase
qt5-qtdeclarative
qt5-qtsvg
qt5-qttools
qt5-rpm-macros
squashfs-tools
websocketpp
words
yaml-cpp
zipper
| +| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | attr
autoconf213
babeltrace2
brotli
calamares
catch
cpprest
cryptsetup
dnf
dos2unix
ebtables
extra-cmake-modules
gnu-efi
hardening-check
heimdal
ipmitool
ipv6calc
kde-settings
kexec-tools
kf5
kf5-kconfig
kf5-kcoreaddons
kf5-ki18n
kf5-kwidgetsaddons
kpmcore-3.3.0
libatasmart
libburn
libcgroup
libcomps
libdnf
libisoburn
libisofs
libpwquality
libxcrypt
mokutil
mozjs60
open-vm-tools
openssl
p11-kit
perl-JSON
qt5-qtbase
qt5-qtdeclarative
qt5-qtsvg
qt5-qttools
qt5-rpm-macros
squashfs-tools
websocketpp
words
yaml-cpp
zipper
| | Microsoft | [Microsoft MIT License](/LICENSES-AND-NOTICES/LICENSE.md) | auoms
azure-iot-sdk-c
azure-iotedge
azure-storage-cpp
bond
ccache
clamav
cloud-hypervisor
dtc
fluent-bit
freefont
gflags
go-md2man
GSL
ivykis
jsonbuilder
libiothsm-std
libuv
libxml++
lttng-consume
mariner-release
mariner-repos
mariner-rpm-macros
mm-common
msgpack
nlohmann-json
omi
pcre2
perl-Test-Warnings
rocksdb
shim-unsigned-x64
span-lite
swupdate
tinyxml2
toml11
tracelogging
vala
zstd | | Photon | [Photon License](LICENSE-PHOTON.md) and [Photon Notice](NOTICE.APACHE2).
Also see [LICENSE-EXCEPTIONS.PHOTON](LICENSE-EXCEPTIONS.PHOTON). | acl
alsa-lib
alsa-utils
ansible
ant
ant-contrib
apparmor
apr
apr-util
asciidoc
atftp
audit
autoconf
autoconf-archive
autofs
autogen
automake
babel
bash
bc
bcc
bind
binutils
bison
blktrace
boost
bridge-utils
btrfs-progs
bubblewrap
build-essential
bzip2
c-ares
ca-certificates
cairo
cdrkit
check
chkconfig
chrpath
cifs-utils
clang
cloud-init
cloud-utils-growpart
cmake
cni
core-packages
coreutils
cpio
cppunit
cracklib
crash
crash-gcore-command
createrepo_c
cri-tools
cronie
ctags
curl
cyrus-sasl
cython
dbus
dbus-glib
dejagnu
device-mapper-multipath
dhcp
dialog
diffutils
dkms
dmidecode
dnsmasq
docbook-dtd-xml
docbook-style-xsl
dosfstools
dotnet-runtime-3.1
dotnet-sdk-3.1
dracut
dstat
e2fsprogs
ed
efibootmgr
efivar
elfutils
erlang
etcd
ethtool
expat
expect
fcgi
file
filesystem
findutils
finger
flex
fontconfig
fping
freetype
fuse
gawk
gc
gcc
gdb
gdbm
gettext
git
glib
glib-networking
glibc
glibmm24
gmp
gnome-common
gnupg2
gnuplot
gnutls
gobject-introspection
golang
golang
gperf
gperftools
gpgme
gptfdisk
grep
groff
grub2
grub2-efi-binary-signed-aarch64
grub2-efi-binary-signed-x64
gtest
gtk-doc
guile
gzip
haproxy
harfbuzz
haveged
hdparm
http-parser
httpd
i2c-tools
iana-etc
icu
initramfs
initscripts
inotify-tools
intltool
iotop
iperf3
ipmitool
iproute
ipset
iptables
iputils
ipvsadm
ipxe
irqbalance
itstool
jansson
jna
jq
json-c
json-glib
kbd
keepalived
kernel
kernel-headers
kernel-hyperv
kernel-signed-aarch64
kernel-signed-x64
kexec-tools
keyutils
kmod
krb5
kubernetes
lapack
less
libaio
libarchive
libassuan
libatomic_ops
libcap
libcap-ng
libconfig
libdb
libdnet
libedit
libestr
libev
libevent
libfastjson
libffi
libgcrypt
libgpg-error
libgssglue
libgsystem
libgudev
libjpeg-turbo
libksba
liblogging
libmbim
libmnl
libmodulemd
libmpc
libmspack
libndp
libnetfilter_conntrack
libnetfilter_cthelper
libnetfilter_cttimeout
libnetfilter_queue
libnfnetlink
libnftnl
libnl3
libnsl2
libpcap
libpipeline
libpng
libpsl
libqmi
librelp
librepo
librsync
libseccomp
libselinux
libsepol
libserf
libsigc++20
libsolv
libsoup
libssh2
libtalloc
libtar
libtasn1
libtiff
libtirpc
libtool
libunistring
libunwind
libusb
libvirt
libwebp
libxml2
libxslt
libyaml
linux-firmware
lldb
lldpad
llvm
lm-sensors
lmdb
log4cpp
logrotate
lshw
lsof
lsscsi
ltrace
lttng-tools
lttng-ust
lua
lvm2
lz4
lzo
m2crypto
m4
make
man-db
man-pages
mariadb
maven
mc
mercurial
meson
mlocate
ModemManager
mpfr
msr-tools
mysql
nano
nasm
ncurses
ndctl
net-snmp
net-tools
nettle
newt
nfs-utils
nghttp2
nginx
ninja-build
nodejs
nodejs
npth
nspr
nss
nss-altfiles
ntp
numactl
numpy
nvme-cli
oniguruma
openipmi
openjdk8
openjdk8
openldap
openscap
openssh
openvswitch
ostree
pam
pango
parted
patch
pciutils
pcre
perl
perl-Canary-Stability
perl-CGI
perl-common-sense
perl-Crypt-SSLeay
perl-DBD-SQLite
perl-DBI
perl-DBIx-Simple
perl-Exporter-Tiny
perl-File-HomeDir
perl-File-Which
perl-IO-Socket-SSL
perl-JSON-Any
perl-JSON-XS
perl-libintl-perl
perl-List-MoreUtils
perl-Module-Build
perl-Module-Install
perl-Module-ScanDeps
perl-Net-SSLeay
perl-NetAddr-IP
perl-Object-Accessor
perl-Path-Class
perl-Try-Tiny
perl-Types-Serialiser
perl-WWW-Curl
perl-XML-Parser
perl-YAML
perl-YAML-Tiny
pgbouncer
pinentry
pixman
pkg-config
polkit
popt
postgresql
powershell
procps-ng
protobuf
protobuf-c
psmisc
pth
pyasn1-modules
pygobject3
pyOpenSSL
PyPAM
pyparsing
pytest
python-appdirs
python-asn1crypto
python-atomicwrites
python-attrs
python-backports-ssl_match_hostname
python-bcrypt
python-boto3
python-botocore
python-certifi
python-cffi
python-chardet
python-configobj
python-constantly
python-coverage
python-cryptography
python-daemon
python-dateutil
python-defusedxml
python-distro
python-docopt
python-docutils
python-ecdsa
python-enum34
python-futures
python-gevent
python-greenlet
python-hyperlink
python-hypothesis
python-idna
python-imagesize
python-incremental
python-iniparse
python-ipaddr
python-ipaddress
python-jinja2
python-jmespath
python-jsonpatch
python-jsonpointer
python-jsonschema
python-lockfile
python-lxml
python-m2r
python-mako
python-markupsafe
python-mistune
python-msgpack
python-netaddr
python-netifaces
python-ntplib
python-oauthlib
python-packaging
python-pam
python-pbr
python-pip
python-ply
python-prettytable
python-psutil
python-psycopg2
python-py
python-pyasn1
python-pycodestyle
python-pycparser
python-pycurl
python-Pygments
python-PyNaCl
python-pyvmomi
python-requests
python-setuptools
python-setuptools_scm
python-simplejson
python-six
python-snowballstemmer
python-sphinx
python-sphinx-theme-alabaster
python-sqlalchemy
python-Twisted
python-typing
python-urllib3
python-vcversioner
python-virtualenv
python-wcwidth
python-webob
python-websocket-client
python-werkzeug
python-zope-interface
python2
python3
pytz
PyYAML
rapidjson
readline
redis
rng-tools
rpcbind
rpcsvc-proto
rpm
rpm-ostree
rrdtool
rsync
rsyslog
ruby
rubygem-bundler
runc
rust
scons
sed
sg3_utils
shadow-utils
slang
snappy
socat
sqlite
sshpass
strace
strongswan
subversion
sudo
swig
syslinux
syslog-ng
sysstat
systemd
systemtap
tar
tboot
tcl
tcpdump
tcp_wrappers
tcsh
tdnf
telegraf
texinfo
tmux
tpm2-abrmd
tpm2-tools
tpm2-tss
traceroute
tree
trousers
tzdata
unbound
unixODBC
unzip
usbutils
userspace-rcu
utf8proc
util-linux
valgrind
vim
vsftpd
WALinuxAgent
wget
which
wpa_supplicant
xerces-c
xfsprogs
xinetd
xmlsec1
xmlto
xz
zchunk
zeromq
zip
zlib
zsh
| | OpenMamba | [Openmamba](https://openmamba.org/en/) | bash-completion
| \ No newline at end of file diff --git a/SPECS/libxcrypt/libxcrypt-4.4.17-enable_LTO_build.patch b/SPECS/libxcrypt/libxcrypt-4.4.17-enable_LTO_build.patch new file mode 100644 index 00000000000..78a2bd866cf --- /dev/null +++ b/SPECS/libxcrypt/libxcrypt-4.4.17-enable_LTO_build.patch @@ -0,0 +1,70 @@ +From a1bff4255fb9cad501a8a5d4bffb8f95df0f615f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= +Date: Thu, 13 Aug 2020 18:51:50 +0200 +Subject: [PATCH] crypt-port: Add the bits for compiling with link-time + optimization. + +GCC 10.2 and LLVM/Clang 10 offer initial support for building +libraries, that are using symbol versioning features, with LTO. + +To make use of this with GCC 10.2, the exported versioned symbols +need to be declared explicitly with __attribute__((symver (...))). + +LLVM/Clang 10 supports symbol versioning with LTO out of the box +without any changes needed. + +Fixes #24. +--- + lib/crypt-port.h | 25 ++++++++++++++++++++++++- + 1 file changed, 24 insertions(+), 1 deletion(-) + +diff --git a/lib/crypt-port.h b/lib/crypt-port.h +index bec36ac..ca86261 100644 +--- a/lib/crypt-port.h ++++ b/lib/crypt-port.h +@@ -179,11 +179,29 @@ _crypt_strcpy_or_abort (void *, const size_t, const void *); + # define _strong_alias(name, aliasname) \ + extern __typeof (name) aliasname __THROW __attribute__ ((alias (#name))) + ++/* Starting with GCC 10.2, we can use the symver attribute, which also works ++ with link-time optimization enabled. */ ++# if __GNUC__ > 10 || (__GNUC__ == 10 && __GNUC_MINOR__ >= 2) ++ ++/* Referencing specific _compatibility_ symbols still needs inline asm. */ ++# define _symver_ref(extstr, intname, version) \ ++ __asm__ (".symver " #intname "," extstr "@" #version) ++ ++/* Set the symbol version for EXTNAME, which uses INTNAME as its ++ implementation. */ ++# define symver_set(extstr, intname, version, mode) \ ++ extern __typeof (intname) intname __THROW \ ++ __attribute__((symver (extstr mode #version))) ++ ++# else ++ + /* Set the symbol version for EXTNAME, which uses INTNAME as its + implementation. */ + # define symver_set(extstr, intname, version, mode) \ + __asm__ (".symver " #intname "," extstr mode #version) + ++# endif ++ + #else + # error "Don't know how to do symbol versioning with this compiler" + #endif +@@ -239,9 +257,14 @@ _crypt_strcpy_or_abort (void *, const size_t, const void *); + + /* Tests may need to _refer_ to compatibility symbols, but should never need + to _define_ them. */ +- + #define symver_ref(extstr, intname, version) \ ++ _symver_ref(extstr, intname, version) ++ ++/* Generic way for referencing specific _compatibility_ symbols. */ ++#ifndef _symver_ref ++#define _symver_ref(extstr, intname, version) \ + symver_set(extstr, intname, version, "@") ++#endif + + /* Define configuration macros used during compile-time by the + GOST R 34.11-2012 "Streebog" hash function. */ diff --git a/SPECS/libxcrypt/libxcrypt.signatures.json b/SPECS/libxcrypt/libxcrypt.signatures.json new file mode 100644 index 00000000000..1aafb32b57f --- /dev/null +++ b/SPECS/libxcrypt/libxcrypt.signatures.json @@ -0,0 +1,5 @@ +{ + "Signatures": { + "libxcrypt-4.4.17.tar.gz": "7665168d0409574a03f7b484682e68334764c29c21ca5df438955a381384ca07" + } +} \ No newline at end of file diff --git a/SPECS/libxcrypt/libxcrypt.spec b/SPECS/libxcrypt/libxcrypt.spec new file mode 100644 index 00000000000..37f0a88d2cb --- /dev/null +++ b/SPECS/libxcrypt/libxcrypt.spec @@ -0,0 +1,632 @@ +# This macro was added in Fedora 20. Use the old version if it's undefined +# on older Fedoras and RHELs prior to RHEL 8. +# https://fedoraproject.org/wiki/Changes/UnversionedDocdirs +%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} +# Build with new api? +%if 0%{?fedora} >= 30 || 0%{?rhel} >= 9 +%bcond_without new_api +%else +%bcond_with new_api +%endif +# First version of glibc built without libcrypt. +%global glibc_minver 2.27-12 +# The libxcrypt-devel package conflicts with out-dated manuals +# shipped with the man-pages packages *before* this EVR. +%global man_pages_minver 4.15-3 +# Hash methods and API supported by libcrypt. +# NEVER EVER touch this, if you do NOT know what you are doing! +%global hash_methods all +# Needed for the distribution README file. +%if 0%{?fedora} +%global distname .fedora +%else +%if 0%{?rhel} +%global distname .rhel +%else +%global distname .distribution +%endif +%endif +# Needed for out-of-tree builds. +%global _configure "$(realpath ../configure)" +# Common configure options. +%global common_configure_options \\\ + --disable-failure-tokens \\\ + --disable-silent-rules \\\ + --enable-shared \\\ +%if %{with staticlib} \ + --enable-static \\\ +%else \ + --disable-static \\\ +%endif \ + --disable-valgrind \\\ + --srcdir=$(realpath ..) \\\ + --with-pkgconfigdir=%{_libdir}/pkgconfig +# Macros for shorthand. +%global _fipsdir %{_libdir}/fipscheck +# Fail linking if there are undefined symbols. +# Required for proper ELF symbol versioning support. +%global _ld_strict_symbol_defs 1 +# override_glibc and glibcversion are temporary to make libxcrypt install on top of glibc +%define glibcversion 2.28 +%bcond_without override_glibc +# Build the static library? +%bcond_with new_api +%bcond_with compat_pkg +%bcond_with staticlib +%bcond_with enosys_stubs +# Build the compat package? +%if !(0%{?fedora} >= 999 || 0%{?rhel} >= 99) && %{with new_api} +%bcond_without compat_pkg +%else +%bcond_with compat_pkg +%endif +# Replace obsolete functions with a stub? +%if (0%{?fedora} >= 30 || 0%{?rhel} >= 9) && %{with compat_pkg} +%bcond_without enosys_stubs +%else +%bcond_with enosys_stubs +%endif +# Shared object version of libcrypt. +%if %{with new_api} +%global soc 2 +%global sol 0 +%global sof 0 +%global sov %{soc}.%{sol}.%{sof} +%else +%global soc 1 +%global sol 1 +%global sof 0 +%global sov %{soc}.%{sol}.%{sof} +%endif +%if %{with compat_pkg} +%global csoc 1 +%global csol 1 +%global csof 0 +%global csov %{csoc}.%{csol}.%{csof} +%endif +%if %{with new_api} +%global obsolete_api no +%else +%global obsolete_api glibc +%endif +%if %{with compat_pkg} +%global compat_methods all +%global compat_api glibc +%endif +# Do we replace the obsolete API functions with stubs? +%if %{with enosys_stubs} +%global enosys_stubs yes +%else +%global enosys_stubs no +%endif +Summary: Extended crypt library for descrypt, md5crypt, bcrypt, and others +Name: libxcrypt +Version: 4.4.17 +Release: 2%{?dist} +# For explicit license breakdown, see the +# LICENSING file in the source tarball. +License: LGPLv2+ AND BSD AND Public Domain +Vendor: Microsoft Corporation +Distribution: Mariner +URL: https://github.com/besser82/%{name} +Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz +# Patch 0000 - 2999: Backported patches from upstream. +# Patch 3000 - 5999: Backported patches from pull requests. +Patch3000: libxcrypt-4.4.17-enable_LTO_build.patch +# Patch 6000 - 9999: Downstream patches. +BuildRequires: autoconf +BuildRequires: automake +#BuildRequires: fipscheck +BuildRequires: gcc +BuildRequires: glibc-devel +BuildRequires: libtool +# We do not need to keep this forever. +%if !(0%{?fedora} > 31 || 0%{?rhel} > 10) +# Inherited from former libcrypt package. +Obsoletes: libcrypt-nss < %{glibc_minver} +Provides: libcrypt-nss = %{glibc_minver} +Provides: libcrypt-nss%{?_isa} = %{glibc_minver} +# Obsolete former libcrypt properly and provide a virtual libcrypt +# package as it has been done by the former packages, which were +# built by glibc before. +Obsoletes: libcrypt < %{glibc_minver} +Provides: libcrypt = %{glibc_minver} +Provides: libcrypt%{?_isa} = %{glibc_minver} +# Obsolete former libxcrypt-common properly. +Obsoletes: %{name}-common < 4.3.3-4 +Provides: %{name}-common = %{version}-%{release} +%endif +%if %{with new_api} && %{without compat_pkg} +Obsoletes: %{name}-compat < %{version}-%{release} +%endif +# We need a version of glibc, that doesn't build libcrypt anymore. +#Requires: glibc%{?_isa} >= %{glibc_minver} +%if %{with override_glibc} +# Require a specific glibc version so the post macro is compatible. +BuildRequires: glibc-devel = %{glibcversion} +Requires: glibc = %{glibcversion} +%endif +%if 0%{?fedora} >= 30 +Recommends: mkpasswd +%endif + +%description +libxcrypt is a modern library for one-way hashing of passwords. It +supports a wide variety of both modern and historical hashing methods: +yescrypt, gost-yescrypt, scrypt, bcrypt, sha512crypt, sha256crypt, +md5crypt, SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt, and descrypt. +It provides the traditional Unix crypt and crypt_r interfaces, as well +as a set of extended interfaces pioneered by Openwall Linux, crypt_rn, +crypt_ra, crypt_gensalt, crypt_gensalt_rn, and crypt_gensalt_ra. + +libxcrypt is intended to be used by login(1), passwd(1), and other +similar programs; that is, to hash a small number of passwords during +an interactive authentication dialogue with a human. It is not suitable +for use in bulk password-cracking applications, or in any other situation +where speed is more important than careful handling of sensitive data. +However, it is intended to be fast and lightweight enough for use in +servers that must field thousands of login attempts per minute. +%if %{with new_api} +This version of the library does not provide the legacy API functions +that have been provided by glibc's libcrypt.so.1. +%endif + +%if %{with compat_pkg} +%package compat +Summary: Compatibility library providing legacy API functions +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: glibc%{?_isa} >= %{glibc_minver} + +%description compat +This package contains the library providing the compatibility API +for applications that are linked against glibc's libxcrypt, or that +are still using the unsafe and deprecated, encrypt, encrypt_r, +setkey, setkey_r, and fcrypt functions, which are still required by +recent versions of POSIX, the Single UNIX Specification, and various +other standards. + +All existing binary executables linked against glibc's libcrypt should +work unmodified with the library supplied by this package. +%endif + + +%package devel +Summary: Development files for %{name} +#Conflicts: man-pages < %{man_pages_minver} +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: glibc-devel%{?_isa} >= %{glibc_minver} + +%description devel +The %{name}-devel package contains libraries and header files for +developing applications that use %{name}. + +%if %{with staticlib} +%package static +Summary: Static library for -static linking with %{name} +Requires: %{name}-devel%{?_isa} = %{version}-%{release} +Requires: glibc-devel%{?_isa} >= %{glibc_minver} + +%description static +This package contains the libxcrypt static library for -static +linking. + +You don't need this, unless you link statically, which is highly +discouraged. +%endif + + +%prep +%autosetup -p 1 + +$(realpath ./autogen.sh) + +%if %{with new_api} +cat << EOF >> README%{distname} +This version of the %{name} package ships the libcrypt.so.2 +library and does not provide the legacy API functions that have +been provided by glibc's libcrypt.so.1. The removed functions +by name are encrypt, encrypt_r, setkey, setkey_r, and fcrypt. +%if %{with compat_pkg} + +If you are using a third-party application that links against +those functions, or that is linked against glibc's libcrypt, +you may need to install the %{name}-compat package manually. + +All existing binary executables linked against glibc's libcrypt +should work unmodified with the libcrypt.so.1 library supplied +by the %{name}-compat package. +%endif +EOF +%endif + +%if %{with enosys_stubs} +cat << EOF >> README.posix +This version of the libcrypt.so.1 library has entirely removed +the functionality of the encrypt, encrypt_r, setkey, setkey_r, +and fcrypt functions, while keeping fully binary compatibility +with existing (third-party) applications possibly still using +those funtions. If such an application attemps to call one of +these functions, the corresponding function will indicate that +it is not supported by the system in a POSIX-compliant way. + +For security reasons, the encrypt and encrypt_r functions will +also overwrite their data-block argument with random bits. + +All existing binary executables linked against glibc's libcrypt +should work unmodified with the provided version of the +libcrypt.so.1 library in place. +EOF +%endif + +%if %{with staticlib} +cat << EOF >> README.static +Applications that use certain legacy APIs supplied by glibc’s +libcrypt (encrypt, encrypt_r, setkey, setkey_r, and fcrypt) +cannot be compiled nor linked against the supplied build of +the object files provided in the static library libcrypt.a. +EOF +%endif + + +%build +mkdir -p %{_vpath_builddir} + +# Build the default system library. +pushd %{_vpath_builddir} +%configure \ + %{common_configure_options} \ + --enable-hashes=%{hash_methods} \ + --enable-obsolete-api=%{obsolete_api} \ +%if %{with new_api} + --enable-obsolete-api-enosys=%{obsolete_api} +%else + --enable-obsolete-api-enosys=%{enosys_stubs} +%endif +%make_build +popd + +%if %{with compat_pkg} +mkdir -p %{_vpath_builddir}-compat + +# Build the compatibility library. +pushd %{_vpath_builddir}-compat +%configure \ + %{common_configure_options} \ + --enable-hashes=%{compat_methods} \ + --enable-obsolete-api=%{compat_api} \ + --enable-obsolete-api-enosys=%{enosys_stubs} +%make_build +popd +%endif + + +%install +%if %{with compat_pkg} +# Install the compatibility library. +%make_install -C %{_vpath_builddir}-compat + +# Cleanup everything we do not need from the compatibility library. +find %{buildroot} -xtype f -not -name 'libcrypt.so.%{csoc}*' -delete -print +find %{buildroot} -type l -not -name 'libcrypt.so.%{csoc}*' -delete -print +%endif + +# Install the default system library. +%make_install -C %{_vpath_builddir} + +# Get rid of libtool crap. +find %{buildroot} -type f -name "*.la" -delete -print + +# Install documentation to shared %%_pkgdocdir. +install -Dpm 0644 -t %{buildroot}%{_pkgdocdir} \ + ChangeLog NEWS README* THANKS TODO + +# Drop README.md as it is identical to README. +rm -f %{buildroot}%{_pkgdocdir}/README.md + +%if %{with override_glibc} +mv %{buildroot}/%{_libdir}/libcrypt.so.%{sov} %{buildroot}/%{_libdir}/libxcrypt.so.%{sov} +%endif + + +%check +build_dirs="%{_vpath_builddir}" +%if %{with compat_pkg} +build_dirs="${build_dirs} %{_vpath_builddir}-compat" +%endif +for dir in ${build_dirs}; do + %make_build -C ${dir} check || \ + { + rc=$?; + echo "-----BEGIN TESTLOG: ${dir}-----"; + cat ${dir}/test-suite.log; + echo "-----END TESTLOG: ${dir}-----"; + exit $rc; + } +done + + +%ldconfig_scriptlets +%if %{with compat_pkg} +%ldconfig_scriptlets compat +%endif + + +%files +%license AUTHORS COPYING.LIB LICENSING +#%dir %{_fipsdir} +%doc %dir %{_pkgdocdir} +%doc %{_pkgdocdir}/NEWS +%doc %{_pkgdocdir}/README +%if %{with new_api} +%doc %{_pkgdocdir}/README%{distname} +%endif +%if %{with enosys_stubs} && %{without compat_pkg} +%doc %{_pkgdocdir}/README.posix +%endif +%doc %{_pkgdocdir}/THANKS +#%{_fipsdir}/libcrypt.so.%{soc}.hmac +#%{_fipsdir}/libcrypt.so.%{sov}.hmac + +%if %{with override_glibc} +%exclude %{_libdir}/libcrypt.so.%{soc} +%{_libdir}/libxcrypt.so.%{sov} +%else +%{_libdir}/libcrypt.so.%{soc} +%{_libdir}/libcrypt.so.%{sov} +%endif + +%{_mandir}/man5/crypt.5* + +%if %{with override_glibc} +# These posttrans and postun sections are stopgaps to allow installing +# libxcrypt on a system that already has libcrypt from glibc. +# In a future release these will be removed and libxcrypt will be default. +%posttrans +rm %{_libdir}/libcrypt.so.1 +ln -s %{_libdir}/libxcrypt.so.%{sov} %{_libdir}/libcrypt.so.1 + +%postun +rm %{_libdir}/libcrypt.so.1 +ln -s %{_libdir}/libcrypt-%{glibcversion}.so %{_libdir}/libcrypt.so.1 +%endif + +%if %{with compat_pkg} +%files compat +#%dir %{_fipsdir} +%if %{with enosys_stubs} +%doc %{_pkgdocdir}/README.posix +%endif +#%{_fipsdir}/libcrypt.so.%{csoc}.hmac +#%{_fipsdir}/libcrypt.so.%{csov}.hmac +%{_libdir}/libcrypt.so.%{csoc} +%{_libdir}/libcrypt.so.%{csov} +%endif + + +%files devel +%doc %{_pkgdocdir}/ChangeLog +%doc %{_pkgdocdir}/TODO +%if %{with override_glibc} +%exclude %{_libdir}/libcrypt.so +%exclude %{_includedir}/crypt.h +%else +%{_libdir}/libcrypt.so +%{_includedir}/crypt.h +%endif +%if %{without new_api} +%{_libdir}/libxcrypt.so +%endif +%if %{without new_api} +%{_includedir}/xcrypt.h +%endif +%{_libdir}/pkgconfig/libcrypt.pc +%{_libdir}/pkgconfig/%{name}.pc +%{_mandir}/man3/crypt.3* +%{_mandir}/man3/crypt_r.3* +%{_mandir}/man3/crypt_ra.3* +%{_mandir}/man3/crypt_rn.3* +%{_mandir}/man3/crypt_checksalt.3* +%{_mandir}/man3/crypt_gensalt.3* +%{_mandir}/man3/crypt_gensalt_ra.3* +%{_mandir}/man3/crypt_gensalt_rn.3* +%{_mandir}/man3/crypt_preferred_method.3* + +%if %{with staticlib} +%files static +#%dir %{_fipsdir} +%doc %{_pkgdocdir}/README.static +#%{_fipsdir}/libcrypt.a.hmac +%if %{without new_api} +#%{_fipsdir}/libxcrypt.a.hmac +%endif +%{_libdir}/libcrypt.a +%if %{without new_api} +%{_libdir}/libxcrypt.a +%endif +%endif + + +%changelog +* Wed Oct 21 2020 Henry Beberman - 4.4.17-2 +- Initial CBL-Mariner import from Fedora 31 (license: MIT). +- Remove dependency on fipscheck +- Add override_glibc to allow installs over libcrypt from glibc +- License verified. + +* Sun Aug 23 2020 Björn Esser - 4.4.17-1 +- New upstream release + +* Sat Aug 15 2020 Björn Esser - 4.4.16-7 +- Add a patch to add support for LTO builds +- Enable LTO +- Add a patch to fix Wformat-overflow + +* Tue Jul 28 2020 Fedora Release Engineering - 4.4.16-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jun 30 2020 Jeff Law - 4.4.16-5 +- Disable LTO + +* Fri Jun 19 2020 Björn Esser - 4.4.16-4 +- Trim %%changelog starting with v4.4.0 +- Remove memcheck conditional + +* Sat Apr 25 2020 Björn Esser - 4.4.16-3 +- Explicitly force linking with '-Wl,-z,defs' + +* Fri Apr 24 2020 Björn Esser - 4.4.16-2 +- Move fipscheck hmac checksums to %%{_libdir}/fipscheck + +* Sat Apr 04 2020 Björn Esser - 4.4.16-1 +- New upstream release + +* Thu Apr 02 2020 Björn Esser - 4.4.15-2 +- Move library from %%_lib to %%_libdir + +* Wed Feb 26 2020 Björn Esser - 4.4.15-1 +- New upstream release + +* Mon Feb 17 2020 Björn Esser - 4.4.14-1 +- New upstream release + +* Sun Feb 16 2020 Björn Esser - 4.4.13-1 +- New upstream release + +* Tue Feb 11 2020 Björn Esser - 4.4.12-3 +- Add an upstream patch to fix a typo in the documentation + +* Wed Feb 05 2020 Björn Esser - 4.4.12-2 +- Add two upstream patches to resolve minor bugs + +* Thu Jan 30 2020 Björn Esser - 4.4.12-1 +- New upstream release + +* Wed Jan 29 2020 Fedora Release Engineering - 4.4.11-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sat Jan 18 2020 Björn Esser - 4.4.11-1 +- New upstream release + +* Sun Dec 15 2019 Björn Esser - 4.4.10-2 +- Add two upstream patches to fix build with upcoming GCC-10 + +* Wed Sep 18 2019 Björn Esser - 4.4.10-1 +- New upstream release + +* Sat Sep 07 2019 Björn Esser - 4.4.9-1 +- New upstream release (#1750010) + +* Sun Sep 01 2019 Björn Esser - 4.4.8-1 +- New upstream release + +* Sat Aug 24 2019 Björn Esser - 4.4.7-1 +- New upstream release + +* Thu Jul 25 2019 Fedora Release Engineering - 4.4.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Jun 24 2019 Björn Esser - 4.4.6-2 +- Build all hash methods for the compat package +- Add a patch to fix Wformat in crypt-kat.c + +* Sun May 05 2019 Björn Esser - 4.4.6-1 +- New upstream release + +* Sat May 04 2019 Björn Esser - 4.4.5-1 +- New upstream release (#1706419) +- Add patch to remove an unneeded union keyword +- Add patch to make unalignment test really unaligned + +* Fri Mar 15 2019 Björn Esser - 4.4.4-2 +- Change Recommends: whois-mkpasswd to Fedora 30 and later (#1687870) + +* Mon Mar 04 2019 Björn Esser - 4.4.4-1 +- New upstream release + +* Tue Feb 19 2019 Björn Esser - 4.4.3-10 +- Fix versioned requirements on glibc + +* Tue Feb 19 2019 Björn Esser - 4.4.3-9 +- Fix conditional in __spec_install_post + +* Tue Feb 19 2019 Björn Esser - 4.4.3-8 +- Update Obsoletes, Provides, and Requires to glibc 2.27 +- Add Recommends: whois-mkpasswd for Fedora +- Optimize installation of the documentation files +- Fix %%description +- Use an absolute path for the configure script and srcdir + +* Tue Feb 19 2019 Björn Esser - 4.4.3-7 +- Add patch to fix the output formatting of a test + +* Wed Feb 06 2019 Björn Esser - 4.4.3-6 +- Always build all supported hash methods +- Drop distcheck at the end of %%check stage + +* Fri Feb 01 2019 Fedora Release Engineering - 4.4.3-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Wed Jan 30 2019 Björn Esser - 4.4.3-4 +- Add a README.posix file with information about the stub functions +- Add a README.static file with information about the static library + +* Wed Jan 30 2019 Björn Esser - 4.4.3-3 +- Replace unsafe functions in libxcrypt-compat with stubs (#1670735) + +* Thu Jan 24 2019 Björn Esser - 4.4.3-2 +- Fix and simplify the conditionals for the compat package +- Add an option to replace unsafe functions in the compat lib with a stub +- Add patch to fix another possible format-overflow + +* Thu Jan 24 2019 Björn Esser - 4.4.3-1 +- New upstream release + +* Thu Jan 24 2019 Björn Esser - 4.4.2-8 +- Optimize file removal for compatibility library + +* Mon Jan 21 2019 Björn Esser - 4.4.2-7 +- Add two upstream patches to fix build with GCC 9 + +* Mon Jan 21 2019 Björn Esser - 4.4.2-6 +- Add upstream patch to add proper C++-guards in + +* Mon Jan 14 2019 Björn Esser - 4.4.2-5 +- Build the compat package with glibc hashing methods only +- Add an option to disable the compat-package for future use + +* Mon Jan 14 2019 Björn Esser - 4.4.2-4 +- Bump SO-name for Fedora >= 30 and enable compat package (#1666033) +- Add distribution README file +- Update description of the compat package +- Conditionally remove non-built hashing methods from description + +* Sun Dec 23 2018 Björn Esser - 4.4.2-3 +- Remove architecture bits from Recommends + +* Sun Dec 23 2018 Björn Esser - 4.4.2-2 +- Update summary + +* Sat Dec 22 2018 Björn Esser - 4.4.2-1 +- New upstream release + +* Thu Dec 06 2018 Björn Esser - 4.4.1-1 +- New upstream release + +* Tue Dec 04 2018 Björn Esser - 4.4.0-5 +- Sync -fno-plt patch with upstream commit + +* Tue Dec 04 2018 Björn Esser - 4.4.0-4 +- Backport upstream commit to fix a memory leak from a static pointer + +* Tue Dec 04 2018 Björn Esser - 4.4.0-3 +- Backport upstream PR to build with -fno-plt optimization + +* Mon Nov 26 2018 Björn Esser - 4.4.0-2 +- Backport upstream commit to use a safer strcpy for the NT method +- Backport upstream generating base64 encoded output for NT gensalt +- Backport upstream commit to require less rbytes for NT gensalt +- Backport upstream commit to test incremental hmac-sha256 computation +- Add Recommends: mkpasswd for Fedora >= 30 + +* Tue Nov 20 2018 Björn Esser - 4.4.0-1 +- New upstream release diff --git a/cgmanifest.json b/cgmanifest.json index b47446144a5..c7474712054 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -2771,6 +2771,16 @@ } } }, + { + "component": { + "type": "other", + "other": { + "name": "libxcrypt", + "version": "4.4.17", + "downloadUrl": "https://github.com/besser82/libxcrypt/archive/v4.4.17/libxcrypt-4.4.17.tar.gz" + } + } + }, { "component": { "type": "other", From 9508d1783155d56950025b6a521e566eabd82035 Mon Sep 17 00:00:00 2001 From: rlmenge Date: Fri, 6 Nov 2020 18:36:14 -0500 Subject: [PATCH 103/145] No patch for mySQL and CVE-2012-5627 (#353) * no patch for CVE-2012-5627 --- SPECS/mysql/CVE-2012-5627.nopatch | 0 SPECS/mysql/mysql.spec | 14 +++++++++----- 2 files changed, 9 insertions(+), 5 deletions(-) create mode 100644 SPECS/mysql/CVE-2012-5627.nopatch diff --git a/SPECS/mysql/CVE-2012-5627.nopatch b/SPECS/mysql/CVE-2012-5627.nopatch new file mode 100644 index 00000000000..e69de29bb2d diff --git a/SPECS/mysql/mysql.spec b/SPECS/mysql/mysql.spec index 71c35d463e0..9c35a6c93ad 100644 --- a/SPECS/mysql/mysql.spec +++ b/SPECS/mysql/mysql.spec @@ -1,13 +1,14 @@ Summary: MySQL. Name: mysql Version: 8.0.22 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 with exceptions AND LGPLv2 AND BSD Vendor: Microsoft Corporation Distribution: Mariner Group: Applications/Databases URL: https://www.mysql.com Source0: https://cdn.mysql.com/Downloads/MySQL-8.0/%{name}-boost-%{version}.tar.gz +Patch0: CVE-2012-5627.nopatch BuildRequires: cmake BuildRequires: libtirpc-devel BuildRequires: openssl-devel @@ -25,7 +26,7 @@ Requires: %{name} = %{version}-%{release} Development headers for developing applications linking to maridb %prep -%setup -q %{name}-boost-%{version} +%autosetup -p1 %build cmake . \ @@ -75,9 +76,12 @@ make test %{_libdir}/pkgconfig/mysqlclient.pc %changelog -* Tue Nov 03 2020 Rachel Menge - 8.0.22-1 -- Upgrade to 8.0.22. Fixes 40 CVES. -- Lint spec +* Thu Nov 05 2020 Rachel Menge - 8.0.22-2 +- Added no patch for CVE-2012-5627 + +* Tue Nov 03 2020 Rachel Menge - 8.0.22-1 +- Upgrade to 8.0.22. Fixes 40 CVES. +- Lint spec * Tue Aug 18 2020 Henry Beberman - 8.0.21-1 - Upgrade to 8.0.21. Fixes 32 CVEs. From 05687921cdbb3ea6acbd63c48f1dba2cd37285fe Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Mon, 9 Nov 2020 09:57:46 -0800 Subject: [PATCH 104/145] Fix word wrapping in qemu-kvm CVE-2018-19665 patch (#356) --- SPECS/qemu-kvm/CVE-2018-19665.patch | 120 ++++++++++------------------ 1 file changed, 40 insertions(+), 80 deletions(-) diff --git a/SPECS/qemu-kvm/CVE-2018-19665.patch b/SPECS/qemu-kvm/CVE-2018-19665.patch index 23e1b8928c7..491061cbfdb 100644 --- a/SPECS/qemu-kvm/CVE-2018-19665.patch +++ b/SPECS/qemu-kvm/CVE-2018-19665.patch @@ -99,8 +99,7 @@ diff --git a/hw/bt/core.c b/hw/bt/core.c index 78370e64f5..62720d1663 100644 --- a/hw/bt/core.c +++ b/hw/bt/core.c -@@ -45,7 +45,7 @@ static void bt_dummy_lmp_disconnect_master(struct bt_link_s -*link) +@@ -45,7 +45,7 @@ static void bt_dummy_lmp_disconnect_master(struct bt_link_s *link) } static void bt_dummy_lmp_acl_resp(struct bt_link_s *link, @@ -122,8 +121,7 @@ index 0341ded50c..26bd516d31 100644 { int off = s->out_start + s->out_len; -@@ -112,14 +112,14 @@ static uint8_t *csrhci_out_packet(struct csrhci_s *s, int -len) +@@ -112,14 +112,14 @@ static uint8_t *csrhci_out_packet(struct csrhci_s *s, int len) if (off < FIFO_LEN) { if (off + len > FIFO_LEN && (s->out_size = off + len) > FIFO_LEN * 2) { @@ -140,8 +138,7 @@ len) exit(-1); } -@@ -127,7 +127,7 @@ static uint8_t *csrhci_out_packet(struct csrhci_s *s, int -len) +@@ -127,7 +127,7 @@ static uint8_t *csrhci_out_packet(struct csrhci_s *s, int len) } static inline uint8_t *csrhci_out_packet_csr(struct csrhci_s *s, @@ -150,8 +147,7 @@ len) { uint8_t *ret = csrhci_out_packetz(s, len + 2); -@@ -138,7 +138,7 @@ static inline uint8_t *csrhci_out_packet_csr(struct -csrhci_s *s, +@@ -138,7 +138,7 @@ static inline uint8_t *csrhci_out_packet_csr(struct csrhci_s *s, } static inline uint8_t *csrhci_out_packet_event(struct csrhci_s *s, @@ -160,8 +156,7 @@ csrhci_s *s, { uint8_t *ret = csrhci_out_packetz(s, len + 1 + sizeof(struct hci_event_hdr)); -@@ -151,7 +151,7 @@ static inline uint8_t *csrhci_out_packet_event(struct -csrhci_s *s, +@@ -151,7 +151,7 @@ static inline uint8_t *csrhci_out_packet_event(struct csrhci_s *s, } static void csrhci_in_packet_vendor(struct csrhci_s *s, int ocf, @@ -262,8 +257,7 @@ index c6b2cc1d48..c59ccc55b9 100644 exit(-1); } -@@ -475,7 +475,7 @@ static inline uint8_t *bt_hci_event_start(struct bt_hci_s -*hci, +@@ -475,7 +475,7 @@ static inline uint8_t *bt_hci_event_start(struct bt_hci_s *hci, } static inline void bt_hci_event(struct bt_hci_s *hci, int evt, @@ -272,8 +266,7 @@ index c6b2cc1d48..c59ccc55b9 100644 { uint8_t *packet = bt_hci_event_start(hci, evt, len); -@@ -500,7 +500,7 @@ static inline void bt_hci_event_status(struct bt_hci_s -*hci, int status) +@@ -500,7 +500,7 @@ static inline void bt_hci_event_status(struct bt_hci_s *hci, int status) } static inline void bt_hci_event_complete(struct bt_hci_s *hci, @@ -282,8 +275,7 @@ index c6b2cc1d48..c59ccc55b9 100644 { uint8_t *packet = bt_hci_event_start(hci, EVT_CMD_COMPLETE, len + EVT_CMD_COMPLETE_SIZE); -@@ -1477,7 +1477,7 @@ static inline void bt_hci_event_num_comp_pkts(struct -bt_hci_s *hci, +@@ -1477,7 +1477,7 @@ static inline void bt_hci_event_num_comp_pkts(struct bt_hci_s *hci, } static void bt_submit_hci(struct HCIInfo *info, @@ -310,8 +302,7 @@ bt_hci_s *hci, { struct hci_acl_hdr *pkt = (void *) hci->acl_buf; -@@ -1990,7 +1990,7 @@ static inline void bt_hci_lmp_acl_data(struct bt_hci_s -*hci, uint16_t handle, +@@ -1990,7 +1990,7 @@ static inline void bt_hci_lmp_acl_data(struct bt_hci_s *hci, uint16_t handle, /* TODO: avoid memcpy'ing */ if (len + HCI_ACL_HDR_SIZE > sizeof(hci->acl_buf)) { @@ -320,8 +311,7 @@ bt_hci_s *hci, __func__, len); return; } -@@ -2004,7 +2004,7 @@ static inline void bt_hci_lmp_acl_data(struct bt_hci_s -*hci, uint16_t handle, +@@ -2004,7 +2004,7 @@ static inline void bt_hci_lmp_acl_data(struct bt_hci_s *hci, uint16_t handle, } static void bt_hci_lmp_acl_data_slave(struct bt_link_s *btlink, @@ -330,8 +320,7 @@ bt_hci_s *hci, { struct bt_hci_link_s *link = (struct bt_hci_link_s *) btlink; -@@ -2013,14 +2013,14 @@ static void bt_hci_lmp_acl_data_slave(struct bt_link_s -*btlink, +@@ -2013,14 +2013,14 @@ static void bt_hci_lmp_acl_data_slave(struct bt_link_s *btlink, } static void bt_hci_lmp_acl_data_host(struct bt_link_s *link, @@ -415,8 +404,7 @@ index 056291f9b5..c5ecc8bdcd 100644 { uint8_t *pkt, hdr = (BT_DATA << 4) | type; int plen; -@@ -190,7 +190,7 @@ static void bt_hid_send_data(struct bt_l2cap_conn_params_s -*ch, int type, +@@ -190,7 +190,7 @@ static void bt_hid_send_data(struct bt_l2cap_conn_params_s *ch, int type, } static void bt_hid_control_transaction(struct bt_hid_device_s *s, @@ -425,8 +413,7 @@ index 056291f9b5..c5ecc8bdcd 100644 { uint8_t type, parameter; int rlen, ret = -1; -@@ -362,7 +362,7 @@ static void bt_hid_control_transaction(struct -bt_hid_device_s *s, +@@ -362,7 +362,7 @@ static void bt_hid_control_transaction(struct bt_hid_device_s *s, bt_hid_send_handshake(s, ret); } @@ -488,8 +475,7 @@ index 9cf27f0df6..efd9a4b66a 100644 { uint16_t fcs = 0x0000; -@@ -186,7 +186,7 @@ static void l2cap_monitor_timer_update(struct l2cap_chan_s -*ch) +@@ -186,7 +186,7 @@ static void l2cap_monitor_timer_update(struct l2cap_chan_s *ch) } static void l2cap_command_reject(struct l2cap_instance_s *l2cap, int id, @@ -498,8 +484,7 @@ index 9cf27f0df6..efd9a4b66a 100644 { uint8_t *pkt; l2cap_cmd_hdr *hdr; -@@ -247,7 +247,7 @@ static void l2cap_connection_response(struct -l2cap_instance_s *l2cap, +@@ -247,7 +247,7 @@ static void l2cap_connection_response(struct l2cap_instance_s *l2cap, } static void l2cap_configuration_request(struct l2cap_instance_s *l2cap, @@ -508,19 +493,16 @@ l2cap_instance_s *l2cap, { uint8_t *pkt; l2cap_cmd_hdr *hdr; -@@ -275,7 +275,7 @@ static void l2cap_configuration_request(struct -l2cap_instance_s *l2cap, +@@ -275,7 +275,7 @@ static void l2cap_configuration_request(struct l2cap_instance_s *l2cap, } static void l2cap_configuration_response(struct l2cap_instance_s *l2cap, - int scid, int flag, int result, const uint8_t *data, int len) -+ int scid, int flag, int result, const uint8_t *data, size_t -len) ++ int scid, int flag, int result, const uint8_t *data, size_t len) { uint8_t *pkt; l2cap_cmd_hdr *hdr; -@@ -322,7 +322,7 @@ static void l2cap_disconnection_response(struct -l2cap_instance_s *l2cap, +@@ -322,7 +322,7 @@ static void l2cap_disconnection_response(struct l2cap_instance_s *l2cap, } static void l2cap_echo_response(struct l2cap_instance_s *l2cap, @@ -529,8 +511,7 @@ l2cap_instance_s *l2cap, { uint8_t *pkt; l2cap_cmd_hdr *hdr; -@@ -343,7 +343,7 @@ static void l2cap_echo_response(struct l2cap_instance_s -*l2cap, +@@ -343,7 +343,7 @@ static void l2cap_echo_response(struct l2cap_instance_s *l2cap, } static void l2cap_info_response(struct l2cap_instance_s *l2cap, int type, @@ -539,8 +520,7 @@ l2cap_instance_s *l2cap, { uint8_t *pkt; l2cap_cmd_hdr *hdr; -@@ -366,16 +366,18 @@ static void l2cap_info_response(struct l2cap_instance_s -*l2cap, int type, +@@ -366,16 +366,18 @@ static void l2cap_info_response(struct l2cap_instance_s *l2cap, int type, l2cap->signalling_ch.params.sdu_submit(&l2cap->signalling_ch.params); } @@ -563,8 +543,7 @@ l2cap_instance_s *l2cap, static int l2cap_cid_new(struct l2cap_instance_s *l2cap) { -@@ -499,7 +501,7 @@ static void l2cap_channel_config_req_event(struct -l2cap_instance_s *l2cap, +@@ -499,7 +501,7 @@ static void l2cap_channel_config_req_event(struct l2cap_instance_s *l2cap, static int l2cap_channel_config(struct l2cap_instance_s *l2cap, struct l2cap_chan_s *ch, int flag, @@ -573,8 +552,7 @@ l2cap_instance_s *l2cap, { l2cap_conf_opt *opt; l2cap_conf_opt_qos *qos; -@@ -684,7 +686,7 @@ static int l2cap_channel_config(struct l2cap_instance_s -*l2cap, +@@ -684,7 +686,7 @@ static int l2cap_channel_config(struct l2cap_instance_s *l2cap, } static void l2cap_channel_config_req_msg(struct l2cap_instance_s *l2cap, @@ -583,8 +561,7 @@ l2cap_instance_s *l2cap, { struct l2cap_chan_s *ch; -@@ -716,7 +718,7 @@ static void l2cap_channel_config_req_msg(struct -l2cap_instance_s *l2cap, +@@ -716,7 +718,7 @@ static void l2cap_channel_config_req_msg(struct l2cap_instance_s *l2cap, } static int l2cap_channel_config_rsp_msg(struct l2cap_instance_s *l2cap, @@ -593,8 +570,7 @@ l2cap_instance_s *l2cap, { struct l2cap_chan_s *ch; -@@ -784,7 +786,7 @@ static void l2cap_info(struct l2cap_instance_s *l2cap, int -type) +@@ -784,7 +786,7 @@ static void l2cap_info(struct l2cap_instance_s *l2cap, int type) } static void l2cap_command(struct l2cap_instance_s *l2cap, int code, int id, @@ -603,8 +579,7 @@ type) { int err; -@@ -939,7 +941,7 @@ static void l2cap_rexmit_enable(struct l2cap_chan_s *ch, -int enable) +@@ -939,7 +941,7 @@ static void l2cap_rexmit_enable(struct l2cap_chan_s *ch, int enable) } /* Command frame SDU */ @@ -613,8 +588,7 @@ int enable) { struct l2cap_instance_s *l2cap = opaque; const l2cap_cmd_hdr *hdr; -@@ -967,7 +969,7 @@ static void l2cap_cframe_in(void *opaque, const uint8_t -*data, int len) +@@ -967,7 +969,7 @@ static void l2cap_cframe_in(void *opaque, const uint8_t *data, int len) } /* Group frame SDU */ @@ -623,8 +597,7 @@ int enable) { } -@@ -978,7 +980,7 @@ static void l2cap_sframe_in(struct l2cap_chan_s *ch, -uint16_t ctrl) +@@ -978,7 +980,7 @@ static void l2cap_sframe_in(struct l2cap_chan_s *ch, uint16_t ctrl) /* Basic L2CAP mode Information frame */ static void l2cap_bframe_in(struct l2cap_chan_s *ch, uint16_t cid, @@ -633,8 +606,7 @@ uint16_t ctrl) { /* We have a full SDU, no further processing */ ch->params.sdu_in(ch->params.opaque, hdr->data, len); -@@ -986,7 +988,7 @@ static void l2cap_bframe_in(struct l2cap_chan_s *ch, -uint16_t cid, +@@ -986,7 +988,7 @@ static void l2cap_bframe_in(struct l2cap_chan_s *ch, uint16_t cid, /* Flow Control and Retransmission mode frame */ static void l2cap_iframe_in(struct l2cap_chan_s *ch, uint16_t cid, @@ -652,30 +624,25 @@ uint16_t cid, { const l2cap_hdr *hdr = (void *) l2cap->frame_in; -@@ -1124,7 +1126,7 @@ static inline void l2cap_pdu_submit(struct -l2cap_instance_s *l2cap) +@@ -1124,7 +1126,7 @@ static inline void l2cap_pdu_submit(struct l2cap_instance_s *l2cap) (l2cap->link, l2cap->frame_out, 1, l2cap->frame_out_len); } -static uint8_t *l2cap_bframe_out(struct bt_l2cap_conn_params_s *parm, int len) -+static uint8_t *l2cap_bframe_out(struct bt_l2cap_conn_params_s *parm, size_t -len) ++static uint8_t *l2cap_bframe_out(struct bt_l2cap_conn_params_s *parm, size_t len) { struct l2cap_chan_s *chan = (struct l2cap_chan_s *) parm; -@@ -1147,7 +1149,7 @@ static void l2cap_bframe_submit(struct -bt_l2cap_conn_params_s *parms) +@@ -1147,7 +1149,7 @@ static void l2cap_bframe_submit(struct bt_l2cap_conn_params_s *parms) #if 0 /* Stub: Only used if an emulated device requests outgoing flow control */ -static uint8_t *l2cap_iframe_out(struct bt_l2cap_conn_params_s *parm, int len) -+static uint8_t *l2cap_iframe_out(struct bt_l2cap_conn_params_s *parm, size_t -len) ++static uint8_t *l2cap_iframe_out(struct bt_l2cap_conn_params_s *parm, size_t len) { struct l2cap_chan_s *chan = (struct l2cap_chan_s *) parm; -@@ -1292,7 +1294,7 @@ static void l2cap_lmp_disconnect_slave(struct bt_link_s -*link) +@@ -1292,7 +1294,7 @@ static void l2cap_lmp_disconnect_slave(struct bt_link_s *link) } static void l2cap_lmp_acl_data_slave(struct bt_link_s *link, @@ -684,8 +651,7 @@ len) { struct slave_l2cap_instance_s *l2cap = (struct slave_l2cap_instance_s *) link; -@@ -1305,7 +1307,7 @@ static void l2cap_lmp_acl_data_slave(struct bt_link_s -*link, +@@ -1305,7 +1307,7 @@ static void l2cap_lmp_acl_data_slave(struct bt_link_s *link, /* Stub */ static void l2cap_lmp_acl_data_host(struct bt_link_s *link, @@ -698,8 +664,7 @@ diff --git a/hw/bt/sdp.c b/hw/bt/sdp.c index f4aba9d74f..163d315874 100644 --- a/hw/bt/sdp.c +++ b/hw/bt/sdp.c -@@ -497,7 +497,7 @@ static ssize_t sdp_svc_search_attr_get(struct -bt_l2cap_sdp_state_s *sdp, +@@ -497,7 +497,7 @@ static ssize_t sdp_svc_search_attr_get(struct bt_l2cap_sdp_state_s *sdp, return end + 2; } @@ -708,8 +673,7 @@ bt_l2cap_sdp_state_s *sdp, { struct bt_l2cap_sdp_state_s *sdp = opaque; enum bt_sdp_cmd pdu_id; -@@ -507,7 +507,7 @@ static void bt_l2cap_sdp_sdu_in(void *opaque, const uint8_t -*data, int len) +@@ -507,7 +507,7 @@ static void bt_l2cap_sdp_sdu_in(void *opaque, const uint8_t *data, int len) int rsp_len = 0; if (len < 5) { @@ -718,8 +682,7 @@ bt_l2cap_sdp_state_s *sdp, return; } -@@ -518,7 +518,7 @@ static void bt_l2cap_sdp_sdu_in(void *opaque, const uint8_t -*data, int len) +@@ -518,7 +518,7 @@ static void bt_l2cap_sdp_sdu_in(void *opaque, const uint8_t *data, int len) len -= 5; if (len != plen) { @@ -732,8 +695,7 @@ diff --git a/hw/usb/dev-bluetooth.c b/hw/usb/dev-bluetooth.c index eac7365b0a..cf46ba06c6 100644 --- a/hw/usb/dev-bluetooth.c +++ b/hw/usb/dev-bluetooth.c -@@ -265,7 +265,7 @@ static void usb_bt_fifo_reset(struct usb_hci_in_fifo_s -*fifo) +@@ -265,7 +265,7 @@ static void usb_bt_fifo_reset(struct usb_hci_in_fifo_s *fifo) } static void usb_bt_fifo_enqueue(struct usb_hci_in_fifo_s *fifo, @@ -742,8 +704,7 @@ index eac7365b0a..cf46ba06c6 100644 { int off = fifo->dstart + fifo->dlen; uint8_t *buf; -@@ -274,13 +274,13 @@ static void usb_bt_fifo_enqueue(struct usb_hci_in_fifo_s -*fifo, +@@ -274,13 +274,13 @@ static void usb_bt_fifo_enqueue(struct usb_hci_in_fifo_s *fifo, if (off <= DFIFO_LEN_MASK) { if (off + len > DFIFO_LEN_MASK + 1 && (fifo->dsize = off + len) > (DFIFO_LEN_MASK + 1) * 2) { @@ -759,8 +720,7 @@ index eac7365b0a..cf46ba06c6 100644 exit(-1); } buf = fifo->data + off - fifo->dsize; -@@ -319,7 +319,7 @@ static inline void usb_bt_fifo_dequeue(struct -usb_hci_in_fifo_s *fifo, +@@ -319,7 +319,7 @@ static inline void usb_bt_fifo_dequeue(struct usb_hci_in_fifo_s *fifo, static inline void usb_bt_fifo_out_enqueue(struct USBBtState *s, struct usb_hci_out_fifo_s *fifo, From 93fe450a4f9d6976f4a63b1f4690a29805e1941c Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Tue, 10 Nov 2020 13:16:00 -0800 Subject: [PATCH 105/145] Python 3: Upgrade to fix CVE-2019-20907, CVE-2020-26116, CVE-2019-18348, CVE-2020-14422, Patch CVE-2020-27619 (#358) --- SPECS/python3/CVE-2020-27619.patch | 64 ++++++ SPECS/python3/python3.signatures.json | 2 +- SPECS/python3/python3.spec | 284 +++++++++++++++----------- cgmanifest.json | 4 +- 4 files changed, 232 insertions(+), 122 deletions(-) create mode 100644 SPECS/python3/CVE-2020-27619.patch diff --git a/SPECS/python3/CVE-2020-27619.patch b/SPECS/python3/CVE-2020-27619.patch new file mode 100644 index 00000000000..1eeaf5d6884 --- /dev/null +++ b/SPECS/python3/CVE-2020-27619.patch @@ -0,0 +1,64 @@ +From 43e523103886af66d6c27cd72431b5d9d14cd2a9 Mon Sep 17 00:00:00 2001 +From: "Miss Skeleton (bot)" <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 19 Oct 2020 19:38:40 -0700 +Subject: [PATCH] bpo-41944: No longer call eval() on content received via HTTP + in the CJK codec tests (GH-22566) (GH-22578) + +(cherry picked from commit 2ef5caa58febc8968e670e39e3d37cf8eef3cab8) + +Co-authored-by: Serhiy Storchaka +--- + Lib/test/multibytecodec_support.py | 22 +++++++------------ + .../2020-10-05-17-43-46.bpo-41944.rf1dYb.rst | 1 + + 2 files changed, 9 insertions(+), 14 deletions(-) + create mode 100644 Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst + +diff --git a/Lib/test/multibytecodec_support.py b/Lib/test/multibytecodec_support.py +index cca8af67d6d1d..f76c0153f5ecf 100644 +--- a/Lib/test/multibytecodec_support.py ++++ b/Lib/test/multibytecodec_support.py +@@ -305,29 +305,23 @@ def test_mapping_file(self): + self._test_mapping_file_plain() + + def _test_mapping_file_plain(self): +- unichrs = lambda s: ''.join(map(chr, map(eval, s.split('+')))) ++ def unichrs(s): ++ return ''.join(chr(int(x, 16)) for x in s.split('+')) ++ + urt_wa = {} + + with self.open_mapping_file() as f: + for line in f: + if not line: + break +- data = line.split('#')[0].strip().split() ++ data = line.split('#')[0].split() + if len(data) != 2: + continue + +- csetval = eval(data[0]) +- if csetval <= 0x7F: +- csetch = bytes([csetval & 0xff]) +- elif csetval >= 0x1000000: +- csetch = bytes([(csetval >> 24), ((csetval >> 16) & 0xff), +- ((csetval >> 8) & 0xff), (csetval & 0xff)]) +- elif csetval >= 0x10000: +- csetch = bytes([(csetval >> 16), ((csetval >> 8) & 0xff), +- (csetval & 0xff)]) +- elif csetval >= 0x100: +- csetch = bytes([(csetval >> 8), (csetval & 0xff)]) +- else: ++ if data[0][:2] != '0x': ++ self.fail(f"Invalid line: {line!r}") ++ csetch = bytes.fromhex(data[0][2:]) ++ if len(csetch) == 1 and 0x80 <= csetch[0]: + continue + + unich = unichrs(data[1]) +diff --git a/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst +new file mode 100644 +index 0000000000000..4f9782f1c85af +--- /dev/null ++++ b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst +@@ -0,0 +1 @@ ++Tests for CJK codecs no longer call ``eval()`` on content received via HTTP. diff --git a/SPECS/python3/python3.signatures.json b/SPECS/python3/python3.signatures.json index 6b9b1469ca9..8a1f634e35d 100644 --- a/SPECS/python3/python3.signatures.json +++ b/SPECS/python3/python3.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "Python-3.7.7.tar.xz": "06a0a9f1bf0d8cd1e4121194d666c4e28ddae4dd54346de6c343206599f02136" + "Python-3.7.9.tar.xz": "91923007b05005b5f9bd46f3b9172248aea5abc1543e8a636d59e629c3331b01" } } \ No newline at end of file diff --git a/SPECS/python3/python3.spec b/SPECS/python3/python3.spec index 865d715f1e6..5c1533fe822 100644 --- a/SPECS/python3/python3.spec +++ b/SPECS/python3/python3.spec @@ -1,27 +1,28 @@ %global openssl_flags -DOPENSSL_NO_SSL3 -DOPENSSL_NO_SSL2 - Summary: A high-level scripting language Name: python3 -Version: 3.7.7 +Version: 3.7.9 Release: 2%{?dist} License: PSF -URL: http://www.python.org/ -Group: System Environment/Programming Vendor: Microsoft Corporation Distribution: Mariner +Group: System Environment/Programming +URL: https://www.python.org/ Source0: https://www.python.org/ftp/python/%{version}/Python-%{version}.tar.xz Patch0: cgi3.patch Patch1: python3-support-mariner-platform.patch Patch2: Replace-unsupported-TLS-methods.patch -BuildRequires: pkg-config >= 0.28 +# CVE-2020-27619 patch is pulled from upstream commit +Patch3: CVE-2020-27619.patch BuildRequires: bzip2-devel +BuildRequires: expat-devel >= 2.1.0 +BuildRequires: libffi-devel >= 3.0.13 BuildRequires: ncurses-devel BuildRequires: openssl-devel +BuildRequires: pkg-config >= 0.28 BuildRequires: readline-devel -BuildRequires: xz-devel -BuildRequires: expat-devel >= 2.1.0 -BuildRequires: libffi-devel >= 3.0.13 BuildRequires: sqlite-devel +BuildRequires: xz-devel Requires: ncurses Requires: openssl Requires: python3-libs = %{version}-%{release} @@ -29,10 +30,9 @@ Requires: readline Requires: xz Provides: python-sqlite Provides: python(abi) -Provides: /usr/bin/python +Provides: %{_bindir}/python Provides: /bin/python Provides: /bin/python3 - %if %{with_check} BuildRequires: iana-etc BuildRequires: tzdata @@ -45,15 +45,14 @@ strings support, easier and more intuitive syntax, and removes the deprecated code. It is incompatible with Python 2.x releases. %package libs -Summary: The libraries for python runtime -Group: Applications/System +Summary: The libraries for python runtime +Group: Applications/System +Requires: bzip2-libs Requires: coreutils Requires: expat >= 2.1.0 Requires: libffi >= 3.0.13 Requires: ncurses Requires: sqlite-libs -Requires: bzip2-libs - %description libs The python interpreter can be embedded into applications wanting to @@ -63,8 +62,8 @@ provides the libraries needed for python 3 applications. %package xml Summary: XML libraries for python3 runtime Group: Applications/System -Requires: python3-libs = %{version}-%{release} Requires: python3 = %{version}-%{release} +Requires: python3-libs = %{version}-%{release} %description xml The python3-xml package provides the libraries needed for XML manipulation. @@ -72,20 +71,20 @@ The python3-xml package provides the libraries needed for XML manipulation. %package curses Summary: Python module interface for NCurses Library Group: Applications/System -Requires: python3-libs = %{version}-%{release} Requires: ncurses +Requires: python3-libs = %{version}-%{release} %description curses The python3-curses package provides interface for ncurses library. %package devel -Summary: The libraries and header files needed for Python development. +Summary: The libraries and header files needed for Python development. Group: Development/Libraries -Requires: python3 = %{version}-%{release} Requires: expat-devel >= 2.1.0 +Requires: python3 = %{version}-%{release} # Needed here because of the migration of Makefile from -devel to the main # package -Conflicts: python3 < %{version}-%{release} +Conflicts: python3 < %{version}-%{release} %description devel The Python programming language's interpreter can be extended with @@ -110,9 +109,9 @@ to build python programs. %package pip Summary: The PyPA recommended tool for installing Python packages. Group: Development/Tools -BuildArch: noarch Requires: python3 = %{version}-%{release} Requires: python3-xml = %{version}-%{release} +BuildArch: noarch %description pip The PyPA recommended tool for installing Python packages. @@ -120,16 +119,16 @@ The PyPA recommended tool for installing Python packages. %package setuptools Summary: Download, build, install, upgrade, and uninstall Python packages. Group: Development/Tools -BuildArch: noarch Requires: python3 = %{version}-%{release} +BuildArch: noarch %description setuptools setuptools is a collection of enhancements to the Python distutils that allow you to more easily build and distribute Python packages, especially ones that have dependencies on other packages. %package test -Summary: Regression tests package for Python. -Group: Development/Tools -Requires: python3 = %{version}-%{release} +Summary: Regression tests package for Python. +Group: Development/Tools +Requires: python3 = %{version}-%{release} %description test The test package contains all regression tests for Python as well as the modules test.support and test.regrtest. test.support is used to enhance your tests while test.regrtest drives the testing suite. @@ -139,6 +138,7 @@ The test package contains all regression tests for Python as well as the modules %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build export OPT="%{optflags} %{openssl_flags}" @@ -173,10 +173,10 @@ make %{?_smp_mflags} test %clean rm -rf %{buildroot}/* + %files %defattr(-, root, root) %license LICENSE -%doc LICENSE README.rst %{_bindir}/pydoc* %{_bindir}/pyvenv* %{_bindir}/python3 @@ -191,7 +191,6 @@ rm -rf %{buildroot}/* %{_libdir}/libpython3.7.so %{_libdir}/libpython3.7m.so.1.0 - %exclude %{_libdir}/python3.7/ctypes/test %exclude %{_libdir}/python3.7/distutils/tests %exclude %{_libdir}/python3.7/sqlite3/test @@ -201,7 +200,6 @@ rm -rf %{buildroot}/* %files libs %defattr(-,root,root) -%doc LICENSE README.rst %{_libdir}/python3.7 %{_libdir}/python3.7/site-packages/easy_install.py %{_libdir}/python3.7/site-packages/README.txt @@ -218,11 +216,11 @@ rm -rf %{buildroot}/* %exclude %{_libdir}/python3.7/lib-dynload/_curses*.so %exclude %{_libdir}/python3.7/distutils/command/wininst-*.exe -%files xml +%files xml %{_libdir}/python3.7/xml/* %{_libdir}/python3.7/lib-dynload/pyexpat*.so -%files curses +%files curses %{_libdir}/python3.7/curses/* %{_libdir}/python3.7/lib-dynload/_curses*.so @@ -251,105 +249,153 @@ rm -rf %{buildroot}/* %files pip %defattr(-,root,root,755) %{_libdir}/python3.7/site-packages/pip/* -%{_libdir}/python3.7/site-packages/pip-19.2.3.dist-info/* +%{_libdir}/python3.7/site-packages/pip-20.1.1.dist-info/* %{_bindir}/pip* %files setuptools %defattr(-,root,root,755) %{_libdir}/python3.7/site-packages/pkg_resources/* %{_libdir}/python3.7/site-packages/setuptools/* -%{_libdir}/python3.7/site-packages/setuptools-41.2.0.dist-info/* +%{_libdir}/python3.7/site-packages/setuptools-47.1.0.dist-info/* %{_bindir}/easy_install-3.7 %files test %{_libdir}/python3.7/test/* %changelog -* Mon Jul 06 2020 Henry Beberman 3.7.7-2 -- Add BuildRequires for iana-etc and tzdata for check section. -* Wed Jun 10 2020 Paul Monson 3.7.7-1 -- Update to Python 3.7.7 to fix CVEs -* Thu May 21 2020 Suresh Babu Chalamalasetty 3.7.3-10 -- Fix CVE-2019-16056. -* Wed May 20 2020 Nicolas Ontiveros 3.7.3-9 -- Fix CVE-2020-8492. -* Wed May 20 2020 Paul Monson 3.7.3-8 -- Fix variable use. -* Sat May 09 00:20:54 PST 2020 Nick Samson - 3.7.3-7 -- Added %%license line automatically -* Wed May 06 2020 Paul Monson 3.7.3-6 -- Replace unsupported TLS methods with a patch. -* Thu Apr 09 2020 Nicolas Ontiveros 3.7.3-5 -- Remove toybox and only use coreutils for requires. -* Mon Nov 25 2019 Andrew Phelps 3.7.3-4 -- Remove duplicate libpython3.so from devel package -* Tue Sep 03 2019 Mateusz Malisz 3.7.3-3 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Mon Jun 17 2019 Tapas Kundu 3.7.3-2 -- Fix for CVE-2019-10160 -* Mon Jun 10 2019 Tapas Kundu 3.7.3-1 -- Update to Python 3.7.3 release -* Thu May 23 2019 Tapas Kundu 3.7.0-6 -- Fix for CVE-2019-5010 -- Fix for CVE-2019-9740 -* Tue Mar 12 2019 Tapas Kundu 3.7.0-5 -- Fix for CVE-2019-9636 -* Mon Feb 11 2019 Taps Kundu 3.7.0-4 -- Fix for CVE-2018-20406 -* Fri Dec 21 2018 Tapas Kundu 3.7.0-3 -- Fix for CVE-2018-14647 -* Tue Dec 04 2018 Tapas Kundu 3.7.0-2 -- Excluded windows installer from python3 libs packaging. -* Wed Sep 26 2018 Tapas Kundu 3.7.0-1 -- Updated to version 3.7.0 -* Mon Sep 18 2017 Alexey Makhalov 3.6.1-9 -- Requires coreutils or toybox -- Requires bzip2-libs -* Fri Sep 15 2017 Bo Gan 3.6.1-8 -- Remove devpts mount in check -* Mon Aug 28 2017 Dheeraj Shetty 3.6.1-7 -- Add pty for tests to pass -* Wed Jul 12 2017 Xiaolin Li 3.6.1-6 -- Add python3-test package. -* Fri Jun 30 2017 Dheeraj Shetty 3.6.1-5 -- Remove the imaplib tests. -* Mon Jun 05 2017 Xiaolin Li 3.6.1-4 -- Added pip, setuptools, xml, and curses sub packages. -* Sun Jun 04 2017 Bo Gan 3.6.1-3 -- Fix symlink and script -* Wed May 10 2017 Harish Udaiya Kumar 3.6.1-2 -- Exclude idle3. -* Wed Apr 26 2017 Siju Maliakkal 3.6.1-1 -- Updating to latest -* Fri Apr 14 2017 Alexey Makhalov 3.5.3-3 -- Python3-devel requires expat-devel. -* Thu Mar 23 2017 Xiaolin Li 3.5.3-2 -- Provides /bin/python3. -* Tue Feb 28 2017 Xiaolin Li 3.5.3-1 -- Updated to version 3.5.3. -* Fri Jan 20 2017 Dheeraj Shetty 3.5.1-10 -- Added patch to support Photon OS -* Tue Dec 20 2016 Xiaolin Li 3.5.1-9 -- Move easy_install-3.5 to devel subpackage. -* Wed Nov 16 2016 Alexey Makhalov 3.5.1-8 -- Use sqlite-{devel,libs} -* Thu Oct 27 2016 Anish Swaminathan 3.5.1-7 -- Patch for CVE-2016-5636 -* Mon Oct 10 2016 ChangLee 3.5.1-6 -- Modified %check -* Tue May 24 2016 Priyesh Padmavilasom 3.5.1-5 -- GA - Bump release of all rpms -* Wed May 04 2016 Anish Swaminathan 3.5.1-4 -- Edit scriptlets. -* Wed Apr 13 2016 Priyesh Padmavilasom 3.5.1-3 -- update python to require python-libs -* Thu Apr 07 2016 Mahmoud Bassiouny 3.5.1-2 -- Providing python3 binaries instead of the minor versions. -* Tue Feb 23 2016 Harish Udaiya Kumar 3.5.1-1 -- Updated to version 3.5.1 -* Wed Dec 09 2015 Anish Swaminathan 3.4.3-3 -- Edit post script. -* Mon Aug 17 2015 Vinay Kulkarni 3.4.3-2 -- Remove python.o file, and minor cleanups. -* Wed Jul 1 2015 Vinay Kulkarni 3.4.3 -- Add Python3 package to Photon. +* Fri Nov 06 2020 Thomas Crain - 3.7.9-2 +- Patch CVE-2020-27619 + +* Fri Nov 06 2020 Thomas Crain - 3.7.9-1 +- Update to 3.7.9, the latest security release for 3.7 + +* Mon Jul 06 2020 Henry Beberman - 3.7.7-2 +- Add BuildRequires for iana-etc and tzdata for check section. + +* Wed Jun 10 2020 Paul Monson - 3.7.7-1 +- Update to Python 3.7.7 to fix CVEs + +* Thu May 21 2020 Suresh Babu Chalamalasetty - 3.7.3-10 +- Fix CVE-2019-16056. + +* Wed May 20 2020 Nicolas Ontiveros - 3.7.3-9 +- Fix CVE-2020-8492. + +* Wed May 20 2020 Paul Monson - 3.7.3-8 +- Fix variable use. + +* Sat May 09 00:20:54 PST 2020 Nick Samson - 3.7.3-7 +- Added %%license line automatically + +* Wed May 06 2020 Paul Monson - 3.7.3-6 +- Replace unsupported TLS methods with a patch. + +* Thu Apr 09 2020 Nicolas Ontiveros - 3.7.3-5 +- Remove toybox and only use coreutils for requires. + +* Mon Nov 25 2019 Andrew Phelps - 3.7.3-4 +- Remove duplicate libpython3.so from devel package + +* Tue Sep 03 2019 Mateusz Malisz - 3.7.3-3 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Mon Jun 17 2019 Tapas Kundu - 3.7.3-2 +- Fix for CVE-2019-10160 + +* Mon Jun 10 2019 Tapas Kundu - 3.7.3-1 +- Update to Python 3.7.3 release + +* Thu May 23 2019 Tapas Kundu - 3.7.0-6 +- Fix for CVE-2019-5010 +- Fix for CVE-2019-9740 + +* Tue Mar 12 2019 Tapas Kundu - 3.7.0-5 +- Fix for CVE-2019-9636 + +* Mon Feb 11 2019 Taps Kundu - 3.7.0-4 +- Fix for CVE-2018-20406 + +* Fri Dec 21 2018 Tapas Kundu - 3.7.0-3 +- Fix for CVE-2018-14647 + +* Tue Dec 04 2018 Tapas Kundu - 3.7.0-2 +- Excluded windows installer from python3 libs packaging. + +* Wed Sep 26 2018 Tapas Kundu - 3.7.0-1 +- Updated to version 3.7.0 + +* Mon Sep 18 2017 Alexey Makhalov - 3.6.1-9 +- Requires coreutils or toybox +- Requires bzip2-libs + +* Fri Sep 15 2017 Bo Gan - 3.6.1-8 +- Remove devpts mount in check + +* Mon Aug 28 2017 Dheeraj Shetty - 3.6.1-7 +- Add pty for tests to pass + +* Wed Jul 12 2017 Xiaolin Li - 3.6.1-6 +- Add python3-test package. + +* Fri Jun 30 2017 Dheeraj Shetty - 3.6.1-5 +- Remove the imaplib tests. + +* Mon Jun 05 2017 Xiaolin Li - 3.6.1-4 +- Added pip, setuptools, xml, and curses sub packages. + +* Sun Jun 04 2017 Bo Gan - 3.6.1-3 +- Fix symlink and script + +* Wed May 10 2017 Harish Udaiya Kumar - 3.6.1-2 +- Exclude idle3. + +* Wed Apr 26 2017 Siju Maliakkal - 3.6.1-1 +- Updating to latest + +* Fri Apr 14 2017 Alexey Makhalov - 3.5.3-3 +- Python3-devel requires expat-devel. + +* Thu Mar 23 2017 Xiaolin Li - 3.5.3-2 +- Provides /bin/python3. + +* Tue Feb 28 2017 Xiaolin Li - 3.5.3-1 +- Updated to version 3.5.3. + +* Fri Jan 20 2017 Dheeraj Shetty - 3.5.1-10 +- Added patch to support Photon OS + +* Tue Dec 20 2016 Xiaolin Li - 3.5.1-9 +- Move easy_install-3.5 to devel subpackage. + +* Wed Nov 16 2016 Alexey Makhalov - 3.5.1-8 +- Use sqlite-{devel,libs} + +* Thu Oct 27 2016 Anish Swaminathan - 3.5.1-7 +- Patch for CVE-2016-5636 + +* Mon Oct 10 2016 ChangLee - 3.5.1-6 +- Modified %check + +* Tue May 24 2016 Priyesh Padmavilasom - 3.5.1-5 +- GA - Bump release of all rpms + +* Wed May 04 2016 Anish Swaminathan - 3.5.1-4 +- Edit scriptlets. + +* Wed Apr 13 2016 Priyesh Padmavilasom - 3.5.1-3 +- update python to require python-libs + +* Thu Apr 07 2016 Mahmoud Bassiouny - 3.5.1-2 +- Providing python3 binaries instead of the minor versions. + +* Tue Feb 23 2016 Harish Udaiya Kumar - 3.5.1-1 +- Updated to version 3.5.1 + +* Wed Dec 09 2015 Anish Swaminathan - 3.4.3-3 +- Edit post script. + +* Mon Aug 17 2015 Vinay Kulkarni - 3.4.3-2 +- Remove python.o file, and minor cleanups. + +* Wed Jul 1 2015 Vinay Kulkarni - 3.4.3 +- Add Python3 package to Photon. diff --git a/cgmanifest.json b/cgmanifest.json index c7474712054..a71ff3a1878 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -4226,8 +4226,8 @@ "type": "other", "other": { "name": "python3", - "version": "3.7.7", - "downloadUrl": "https://www.python.org/ftp/python/3.7.7/Python-3.7.7.tar.xz" + "version": "3.7.9", + "downloadUrl": "https://www.python.org/ftp/python/3.7.9/Python-3.7.9.tar.xz" } } }, From 6874eeb1af0935084c16b6479928499154c75ef2 Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Tue, 10 Nov 2020 13:28:55 -0800 Subject: [PATCH 106/145] Nopatch CVE-2013-0222, CVE-2013-0223 in coreutils (#359) --- SPECS/coreutils/CVE-2013-0222.nopatch | 0 SPECS/coreutils/CVE-2013-0223.nopatch | 0 SPECS/coreutils/coreutils.spec | 20 ++++++++++++++----- .../manifests/package/pkggen_core_aarch64.txt | 4 ++-- .../manifests/package/pkggen_core_x86_64.txt | 4 ++-- .../manifests/package/toolchain_aarch64.txt | 6 +++--- .../manifests/package/toolchain_x86_64.txt | 6 +++--- 7 files changed, 25 insertions(+), 15 deletions(-) create mode 100644 SPECS/coreutils/CVE-2013-0222.nopatch create mode 100644 SPECS/coreutils/CVE-2013-0223.nopatch diff --git a/SPECS/coreutils/CVE-2013-0222.nopatch b/SPECS/coreutils/CVE-2013-0222.nopatch new file mode 100644 index 00000000000..e69de29bb2d diff --git a/SPECS/coreutils/CVE-2013-0223.nopatch b/SPECS/coreutils/CVE-2013-0223.nopatch new file mode 100644 index 00000000000..e69de29bb2d diff --git a/SPECS/coreutils/coreutils.spec b/SPECS/coreutils/coreutils.spec index 17a9aa2e16b..62a35aba246 100644 --- a/SPECS/coreutils/coreutils.spec +++ b/SPECS/coreutils/coreutils.spec @@ -1,21 +1,26 @@ Summary: Basic system utilities Name: coreutils Version: 8.30 -Release: 6%{?dist} +Release: 7%{?dist} License: GPLv3 Vendor: Microsoft Corporation Distribution: Mariner Group: System Environment/Base URL: https://www.gnu.org/software/coreutils -Source0: http://ftp.gnu.org/gnu/coreutils/%{name}-%{version}.tar.xz +Source0: https://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz # make this package to own serial console profile since it utilizes stty tool Source1: serial-console.sh -Patch0: http://www.linuxfromscratch.org/patches/downloads/coreutils/coreutils-8.30-i18n-1.patch -Patch1: http://www.linuxfromscratch.org/patches/downloads/coreutils/coreutils-8.10-uname-1.patch +# The following two patches are sourced from RedHat via Photon +Patch0: coreutils-8.30-i18n-1.patch +Patch1: coreutils-8.10-uname-1.patch # Upstream community agreed to not fix this Patch2: CVE-2016-2781.nopatch -# Fixed in coreutils-8.30-i18n-1.patch +# CVE-2013-0221 is fixed in coreutils-8.30-i18n-1.patch Patch3: CVE-2013-0221.nopatch +# CVE-2013-0222 is fixed in coreutils-8.30-i18n-1.patch +Patch4: CVE-2013-0222.nopatch +# CVE-2013-0223 is fixed in coreutils-8.30-i18n-1.patch +Patch5: CVE-2013-0223.nopatch Requires: gmp Conflicts: toybox Provides: sh-utils @@ -88,6 +93,11 @@ sudo -u nobody -s /bin/bash -c "PATH=$PATH make -k check" %defattr(-,root,root) %changelog +* Tue Nov 10 2020 Thomas Crain - 8.30-7 +- Nopatch CVE-2013-0222, CVE-2013-0223 +- Remove references to Linux From Scratch +- Change Source0 to HTTPS url + * Thu Oct 29 2020 Nicolas Ontiveros - 8.30-6 - No patch CVE-2016-2781 - No patch CVE-2013-0221 diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 866aca9d1ed..ae652f6ebf4 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -35,8 +35,8 @@ ncurses-libs-6.2-4.cm1.aarch64.rpm ncurses-term-6.2-4.cm1.aarch64.rpm readline-7.0-4.cm1.aarch64.rpm readline-devel-7.0-4.cm1.aarch64.rpm -coreutils-8.30-6.cm1.aarch64.rpm -coreutils-lang-8.30-6.cm1.aarch64.rpm +coreutils-8.30-7.cm1.aarch64.rpm +coreutils-lang-8.30-7.cm1.aarch64.rpm bash-4.4.18-6.cm1.aarch64.rpm bash-devel-4.4.18-6.cm1.aarch64.rpm bash-lang-4.4.18-6.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 1a2ccf02917..6037befc152 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -35,8 +35,8 @@ ncurses-libs-6.2-4.cm1.x86_64.rpm ncurses-term-6.2-4.cm1.x86_64.rpm readline-7.0-4.cm1.x86_64.rpm readline-devel-7.0-4.cm1.x86_64.rpm -coreutils-8.30-6.cm1.x86_64.rpm -coreutils-lang-8.30-6.cm1.x86_64.rpm +coreutils-8.30-7.cm1.x86_64.rpm +coreutils-lang-8.30-7.cm1.x86_64.rpm bash-4.4.18-6.cm1.x86_64.rpm bash-devel-4.4.18-6.cm1.x86_64.rpm bash-lang-4.4.18-6.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index e632c96793e..c44b10efa0d 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -27,9 +27,9 @@ check-0.12.0-4.cm1.aarch64.rpm check-debuginfo-0.12.0-4.cm1.aarch64.rpm cmake-3.17.3-2.cm1.aarch64.rpm cmake-debuginfo-3.17.3-2.cm1.aarch64.rpm -coreutils-8.30-6.cm1.aarch64.rpm -coreutils-debuginfo-8.30-6.cm1.aarch64.rpm -coreutils-lang-8.30-6.cm1.aarch64.rpm +coreutils-8.30-7.cm1.aarch64.rpm +coreutils-debuginfo-8.30-7.cm1.aarch64.rpm +coreutils-lang-8.30-7.cm1.aarch64.rpm cpio-2.13-2.cm1.aarch64.rpm cpio-debuginfo-2.13-2.cm1.aarch64.rpm cpio-lang-2.13-2.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 600e6008cc1..25be6f4c97f 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -27,9 +27,9 @@ check-0.12.0-4.cm1.x86_64.rpm check-debuginfo-0.12.0-4.cm1.x86_64.rpm cmake-3.17.3-2.cm1.x86_64.rpm cmake-debuginfo-3.17.3-2.cm1.x86_64.rpm -coreutils-8.30-6.cm1.x86_64.rpm -coreutils-debuginfo-8.30-6.cm1.x86_64.rpm -coreutils-lang-8.30-6.cm1.x86_64.rpm +coreutils-8.30-7.cm1.x86_64.rpm +coreutils-debuginfo-8.30-7.cm1.x86_64.rpm +coreutils-lang-8.30-7.cm1.x86_64.rpm cpio-2.13-2.cm1.x86_64.rpm cpio-debuginfo-2.13-2.cm1.x86_64.rpm cpio-lang-2.13-2.cm1.x86_64.rpm From 8eed1092c1bfb0b000346dcaa99aa82d221ec80b Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Tue, 10 Nov 2020 17:30:34 -0800 Subject: [PATCH 107/145] Creating packages summary for correct repo for Docker builds. (#362) --- .../repocloner/rpmrepocloner/rpmrepocloner.go | 20 ++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go b/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go index 964e045048e..20771acc358 100644 --- a/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go +++ b/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go @@ -21,6 +21,7 @@ import ( ) const ( + cacheRepoID = "upstream-cache-repo" squashChrootRunErrors = false chrootDownloadDir = "/outputrpms" leaveChrootFilesOnDisk = false @@ -247,9 +248,8 @@ func (r *RpmRepoCloner) Clone(cloneDeps bool, packagesToClone ...*pkgjson.Packag lessThanOrEqualComparisonOperator = "<=" versionSuffixFormat = "-%s" - builtRepoID = "local-repo" - cachedRepoID = "upstream-cache-repo" - allRepoIDs = "*" + builtRepoID = "local-repo" + allRepoIDs = "*" ) for _, pkg := range packagesToClone { @@ -278,7 +278,7 @@ func (r *RpmRepoCloner) Clone(cloneDeps bool, packagesToClone ...*pkgjson.Packag err = r.chroot.Run(func() (err error) { // Consider the built RPMs first, then the already cached (e.g. tooolchain), and finally all remote packages. - repoOrderList := []string{builtRepoID, cachedRepoID, allRepoIDs} + repoOrderList := []string{builtRepoID, cacheRepoID, allRepoIDs} return r.clonePackage(args, repoOrderList...) }) @@ -350,7 +350,7 @@ func (r *RpmRepoCloner) ConvertDownloadedPackagesIntoRepo() (err error) { repoDir := srcDir if !buildpipeline.IsRegularBuild() { - // Docker based build don't use overlay so repo folder + // Docker based build doesn't use overlay so repo folder // must be explicitely set to the RPMs cache folder repoDir = filepath.Join(r.chroot.RootDir(), cacheRepoDir) } @@ -366,7 +366,7 @@ func (r *RpmRepoCloner) ConvertDownloadedPackagesIntoRepo() (err error) { } if !buildpipeline.IsRegularBuild() { - // Docker based build don't use overlay so cache repo + // Docker based build doesn't use overlay so cache repo // must be explicitely initialized err = r.initializeMountedChrootRepo(cacheRepoDir) } @@ -398,13 +398,19 @@ func (r *RpmRepoCloner) ClonedRepoContents() (repoContents *repocloner.RepoConte repoContents.Repo = append(repoContents.Repo, pkg) } + checkedRepoID := fetcherRepoID + // Docker based build doesn't use overlay so cache repo was explicitely initialized + if !buildpipeline.IsRegularBuild() { + checkedRepoID = cacheRepoID + } + err = r.chroot.Run(func() (err error) { // Disable all repositories except the fetcher repository (the repository with the cloned packages) tdnfArgs := []string{ "list", "ALL", "--disablerepo=*", - fmt.Sprintf("--enablerepo=%s", fetcherRepoID), + fmt.Sprintf("--enablerepo=%s", checkedRepoID), } return shell.ExecuteLiveWithCallback(onStdout, logger.Log.Warn, "tdnf", tdnfArgs...) }) From 0b07e5e5ff1d3ae1a94b564da5d2e3d6c164817e Mon Sep 17 00:00:00 2001 From: Andrew Phelps Date: Wed, 11 Nov 2020 10:51:22 -0800 Subject: [PATCH 108/145] Fix check tests for autoconf, gpgme, net-snmp (#364) * fix check tests for autoconf, gpgme, net-snmp * fix manifests --- SPECS/autoconf/autoconf.spec | 43 +++++++++++-------- SPECS/gpgme/gpgme.spec | 7 ++- SPECS/net-snmp/net-snmp.spec | 9 +++- .../manifests/package/pkggen_core_aarch64.txt | 4 +- .../manifests/package/pkggen_core_x86_64.txt | 4 +- .../manifests/package/toolchain_aarch64.txt | 12 +++--- .../manifests/package/toolchain_x86_64.txt | 12 +++--- 7 files changed, 53 insertions(+), 38 deletions(-) diff --git a/SPECS/autoconf/autoconf.spec b/SPECS/autoconf/autoconf.spec index 2f50c97d53b..45abc333cde 100644 --- a/SPECS/autoconf/autoconf.spec +++ b/SPECS/autoconf/autoconf.spec @@ -1,37 +1,40 @@ -Summary: The package automatically configure source code -Name: autoconf -Version: 2.69 -Release: 9%{?dist} -License: GPLv2 -URL: http://www.gnu.org/software/autoconf -Group: System Environment/Base +Summary: The package automatically configure source code +Name: autoconf +Version: 2.69 +Release: 10%{?dist} +License: GPLv2 +URL: http://www.gnu.org/software/autoconf +Group: System Environment/Base Vendor: Microsoft Corporation Distribution: Mariner -Source0: http://ftp.gnu.org/gnu/autoconf/%{name}-%{version}.tar.xz -%define sha1 autoconf=e891c3193029775e83e0534ac0ee0c4c711f6d23 -Patch0: autoconf-make-check.patch +Source0: http://ftp.gnu.org/gnu/autoconf/%{name}-%{version}.tar.xz +Patch0: autoconf-make-check.patch -Requires: perl -BuildRequires: m4 -Requires: m4 +Requires: perl +BuildRequires: m4 +Requires: m4 BuildArch: noarch %description The package contains programs for producing shell scripts that can automatically configure source code. + %prep %setup -q %patch0 -p1 + %build %configure \ - --disable-silent-rules + --disable-silent-rules make %{?_smp_mflags} + %install make DESTDIR=%{buildroot} install rm -rf %{buildroot}%{_infodir} %check -make -k check %{?_smp_mflags} TESTSUITEFLAGS="1-500" +# Skip test 38 due to expected regex issue using perl 5.30 and autoconf +make -k check %{?_smp_mflags} TESTSUITEFLAGS="1-37 39-500" %files %defattr(-,root,root) @@ -39,10 +42,12 @@ make -k check %{?_smp_mflags} TESTSUITEFLAGS="1-500" %{_bindir}/* %{_mandir}/*/* %{_datarootdir}/autoconf/* -%changelog -* Sat May 09 00:21:00 PST 2020 Nick Samson - 2.69-9 -- Added %%license line automatically +%changelog +* Tue Nov 10 2020 Andrew Phelps 2.69-10 +- Fix check tests +* Sat May 09 2020 Nick Samson 2.69-9 +- Added %%license line automatically * Tue Sep 03 2019 Mateusz Malisz 2.69-8 - Initial CBL-Mariner import from Photon (license: Apache2). * Wed Oct 17 2018 Dweep Advani 2.69-7 @@ -58,4 +63,4 @@ make -k check %{?_smp_mflags} TESTSUITEFLAGS="1-500" * Wed Jun 3 2015 Divya Thaluru 2.69-2 - Adding perl packages to required packages * Wed Nov 5 2014 Divya Thaluru 2.69-1 -- Initial build. First version +- Initial build. First version diff --git a/SPECS/gpgme/gpgme.spec b/SPECS/gpgme/gpgme.spec index 1778480ec26..f247553b9f9 100644 --- a/SPECS/gpgme/gpgme.spec +++ b/SPECS/gpgme/gpgme.spec @@ -3,7 +3,7 @@ Summary: High-Level Crypto API Name: gpgme Version: 1.13.1 -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv2+ or LGPLv2+ URL: https://www.gnupg.org/(it)/related_software/gpgme/index.html Group: System Environment/Security @@ -70,7 +70,8 @@ rm -rf %{buildroot}/%{_infodir} %postun -p /sbin/ldconfig %check -make check +cd tests +make check-TESTS %files %defattr(-,root,root) @@ -99,6 +100,8 @@ make check %{python_sitearch}/gpg/ %changelog +* Tue Nov 10 2020 Andrew Phelps 1.13.1-6 +- Fix check test. * Thu Aug 20 2020 Mateusz Malisz 1.13.1-5 - Resolve file conflicts for shared objects. * Wed May 13 2020 Emre Girgin 1.13.1-4 diff --git a/SPECS/net-snmp/net-snmp.spec b/SPECS/net-snmp/net-snmp.spec index 73068f3fa9a..7d714836dd5 100644 --- a/SPECS/net-snmp/net-snmp.spec +++ b/SPECS/net-snmp/net-snmp.spec @@ -2,7 +2,7 @@ Summary: Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and IPv6. Name: net-snmp Version: 5.9 -Release: 1%{?dist} +Release: 2%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -16,6 +16,10 @@ BuildRequires: openssl-devel BuildRequires: perl BuildRequires: systemd +%if %{with_check} +BuildRequires: net-tools +%endif + Requires: perl Requires: systemd @@ -99,6 +103,9 @@ rm -rf %{buildroot}/* %exclude %{_lib}/perl5/*/*/perllocal.pod %changelog +* Tue Nov 10 2020 Andrew Phelps - 5.9-2 +- Fix check test by adding net-tools build requirement. + * Fri Oct 30 2020 Pawel Winogrodzki - 5.9-1 - Updating to 5.9 to fix CVE-2019-20892. A patch couldn't be applied without backporting. - Switching to %%autosetup. diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index ae652f6ebf4..116f8ba8b25 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -103,7 +103,7 @@ gdbm-devel-1.18-3.cm1.aarch64.rpm gdbm-lang-1.18-3.cm1.aarch64.rpm perl-5.30.3-1.cm1.aarch64.rpm texinfo-6.5-7.cm1.aarch64.rpm -autoconf-2.69-9.cm1.noarch.rpm +autoconf-2.69-10.cm1.noarch.rpm automake-1.16.1-3.cm1.noarch.rpm openssl-1.1.1g-6.cm1.aarch64.rpm openssl-devel-1.1.1g-6.cm1.aarch64.rpm @@ -154,7 +154,7 @@ libksba-1.3.5-3.cm1.aarch64.rpm npth-1.6-3.cm1.aarch64.rpm pinentry-1.1.0-3.cm1.aarch64.rpm gnupg2-2.2.20-3.cm1.aarch64.rpm -gpgme-1.13.1-5.cm1.aarch64.rpm +gpgme-1.13.1-6.cm1.aarch64.rpm mariner-repos-1.0-11.cm1.noarch.rpm mariner-repos-preview-1.0-11.cm1.noarch.rpm libffi-3.2.1-12.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 6037befc152..0b244513fa5 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -103,7 +103,7 @@ gdbm-devel-1.18-3.cm1.x86_64.rpm gdbm-lang-1.18-3.cm1.x86_64.rpm perl-5.30.3-1.cm1.x86_64.rpm texinfo-6.5-7.cm1.x86_64.rpm -autoconf-2.69-9.cm1.noarch.rpm +autoconf-2.69-10.cm1.noarch.rpm automake-1.16.1-3.cm1.noarch.rpm openssl-1.1.1g-6.cm1.x86_64.rpm openssl-devel-1.1.1g-6.cm1.x86_64.rpm @@ -154,7 +154,7 @@ libksba-1.3.5-3.cm1.x86_64.rpm npth-1.6-3.cm1.x86_64.rpm pinentry-1.1.0-3.cm1.x86_64.rpm gnupg2-2.2.20-3.cm1.x86_64.rpm -gpgme-1.13.1-5.cm1.x86_64.rpm +gpgme-1.13.1-6.cm1.x86_64.rpm mariner-repos-1.0-11.cm1.noarch.rpm mariner-repos-preview-1.0-11.cm1.noarch.rpm libffi-3.2.1-12.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index c44b10efa0d..01630a02bec 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -2,7 +2,7 @@ alsa-lib-1.2.2-1.cm1.aarch64.rpm alsa-lib-debuginfo-1.2.2-1.cm1.aarch64.rpm alsa-lib-devel-1.2.2-1.cm1.aarch64.rpm asciidoc-8.6.10-4.cm1.noarch.rpm -autoconf-2.69-9.cm1.noarch.rpm +autoconf-2.69-10.cm1.noarch.rpm automake-1.16.1-3.cm1.noarch.rpm bash-4.4.18-6.cm1.aarch64.rpm bash-debuginfo-4.4.18-6.cm1.aarch64.rpm @@ -124,9 +124,9 @@ gnupg2-2.2.20-3.cm1.aarch64.rpm gnupg2-debuginfo-2.2.20-3.cm1.aarch64.rpm gperf-3.1-3.cm1.aarch64.rpm gperf-debuginfo-3.1-3.cm1.aarch64.rpm -gpgme-1.13.1-5.cm1.aarch64.rpm -gpgme-debuginfo-1.13.1-5.cm1.aarch64.rpm -gpgme-devel-1.13.1-5.cm1.aarch64.rpm +gpgme-1.13.1-6.cm1.aarch64.rpm +gpgme-debuginfo-1.13.1-6.cm1.aarch64.rpm +gpgme-devel-1.13.1-6.cm1.aarch64.rpm grep-3.1-3.cm1.aarch64.rpm grep-debuginfo-3.1-3.cm1.aarch64.rpm grep-lang-3.1-3.cm1.aarch64.rpm @@ -323,12 +323,12 @@ python2-libs-2.7.18-5.cm1.aarch64.rpm python2-test-2.7.18-5.cm1.aarch64.rpm python2-tools-2.7.18-5.cm1.aarch64.rpm python3-cracklib-2.9.7-2.cm1.aarch64.rpm -python3-gpg-1.13.1-5.cm1.aarch64.rpm +python3-gpg-1.13.1-6.cm1.aarch64.rpm python3-libxml2-2.9.10-3.cm1.aarch64.rpm python3-pwquality-1.4.2-4.cm1.aarch64.rpm python3-rpm-4.14.2-10.cm1.aarch64.rpm python-curses-2.7.18-5.cm1.aarch64.rpm -python-gpg-1.13.1-5.cm1.aarch64.rpm +python-gpg-1.13.1-6.cm1.aarch64.rpm python-rpm-4.14.2-10.cm1.aarch64.rpm python-setuptools-40.2.0-5.cm1.noarch.rpm python-xml-2.7.18-5.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 25be6f4c97f..8b6c762309a 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -2,7 +2,7 @@ alsa-lib-1.2.2-1.cm1.x86_64.rpm alsa-lib-debuginfo-1.2.2-1.cm1.x86_64.rpm alsa-lib-devel-1.2.2-1.cm1.x86_64.rpm asciidoc-8.6.10-4.cm1.noarch.rpm -autoconf-2.69-9.cm1.noarch.rpm +autoconf-2.69-10.cm1.noarch.rpm automake-1.16.1-3.cm1.noarch.rpm bash-4.4.18-6.cm1.x86_64.rpm bash-debuginfo-4.4.18-6.cm1.x86_64.rpm @@ -124,9 +124,9 @@ gnupg2-2.2.20-3.cm1.x86_64.rpm gnupg2-debuginfo-2.2.20-3.cm1.x86_64.rpm gperf-3.1-3.cm1.x86_64.rpm gperf-debuginfo-3.1-3.cm1.x86_64.rpm -gpgme-1.13.1-5.cm1.x86_64.rpm -gpgme-debuginfo-1.13.1-5.cm1.x86_64.rpm -gpgme-devel-1.13.1-5.cm1.x86_64.rpm +gpgme-1.13.1-6.cm1.x86_64.rpm +gpgme-debuginfo-1.13.1-6.cm1.x86_64.rpm +gpgme-devel-1.13.1-6.cm1.x86_64.rpm grep-3.1-3.cm1.x86_64.rpm grep-debuginfo-3.1-3.cm1.x86_64.rpm grep-lang-3.1-3.cm1.x86_64.rpm @@ -323,12 +323,12 @@ python2-libs-2.7.18-5.cm1.x86_64.rpm python2-test-2.7.18-5.cm1.x86_64.rpm python2-tools-2.7.18-5.cm1.x86_64.rpm python3-cracklib-2.9.7-2.cm1.x86_64.rpm -python3-gpg-1.13.1-5.cm1.x86_64.rpm +python3-gpg-1.13.1-6.cm1.x86_64.rpm python3-libxml2-2.9.10-3.cm1.x86_64.rpm python3-pwquality-1.4.2-4.cm1.x86_64.rpm python3-rpm-4.14.2-10.cm1.x86_64.rpm python-curses-2.7.18-5.cm1.x86_64.rpm -python-gpg-1.13.1-5.cm1.x86_64.rpm +python-gpg-1.13.1-6.cm1.x86_64.rpm python-rpm-4.14.2-10.cm1.x86_64.rpm python-setuptools-40.2.0-5.cm1.noarch.rpm python-xml-2.7.18-5.cm1.x86_64.rpm From 6855f30d8376bf8ddd8accbdbd708227c0d5adc2 Mon Sep 17 00:00:00 2001 From: Johnson George Date: Wed, 11 Nov 2020 00:38:16 +0000 Subject: [PATCH 109/145] Enable package test for openssl package --- SPECS/openssl/openssl.spec | 6 ++++-- .../manifests/package/pkggen_core_aarch64.txt | 12 ++++++------ .../manifests/package/pkggen_core_x86_64.txt | 12 ++++++------ .../manifests/package/toolchain_aarch64.txt | 12 ++++++------ .../resources/manifests/package/toolchain_x86_64.txt | 12 ++++++------ 5 files changed, 28 insertions(+), 26 deletions(-) diff --git a/SPECS/openssl/openssl.spec b/SPECS/openssl/openssl.spec index e69f3bb2ab4..bc2f203c4aa 100644 --- a/SPECS/openssl/openssl.spec +++ b/SPECS/openssl/openssl.spec @@ -1,7 +1,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.1.1g -Release: 6%{?dist} +Release: 7%{?dist} License: OpenSSL URL: http://www.openssl.org/ Group: System Environment/Security @@ -137,7 +137,6 @@ export HASHBANGPERL=/usr/bin/perl no-sm4 \ no-ssl \ no-ssl3 \ - no-tests \ no-tls1 \ no-tls1_1 \ no-weak-ssl-ciphers \ @@ -257,6 +256,9 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist rm -rf $RPM_BUILD_ROOT %changelog +* Tue Nov 10 2020 Johnson George 1.1.1g-7 +- Updated the config option to enable package test + * Tue Jul 28 2020 Pawel Winogrodzki 1.1.1g-6 - Replacing removal of functions through the 'no--method' option with returning a method negotiating the highest supported protocol diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index ae652f6ebf4..134c011856e 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -105,12 +105,12 @@ perl-5.30.3-1.cm1.aarch64.rpm texinfo-6.5-7.cm1.aarch64.rpm autoconf-2.69-9.cm1.noarch.rpm automake-1.16.1-3.cm1.noarch.rpm -openssl-1.1.1g-6.cm1.aarch64.rpm -openssl-devel-1.1.1g-6.cm1.aarch64.rpm -openssl-libs-1.1.1g-6.cm1.aarch64.rpm -openssl-perl-1.1.1g-6.cm1.aarch64.rpm -openssl-static-1.1.1g-6.cm1.aarch64.rpm -openssl-debuginfo-1.1.1g-6.cm1.aarch64.rpm +openssl-1.1.1g-7.cm1.aarch64.rpm +openssl-devel-1.1.1g-7.cm1.aarch64.rpm +openssl-libs-1.1.1g-7.cm1.aarch64.rpm +openssl-perl-1.1.1g-7.cm1.aarch64.rpm +openssl-static-1.1.1g-7.cm1.aarch64.rpm +openssl-debuginfo-1.1.1g-7.cm1.aarch64.rpm libcap-2.26-2.cm1.aarch64.rpm libcap-devel-2.26-2.cm1.aarch64.rpm libdb-5.3.28-4.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 6037befc152..2ed959cd99c 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -105,12 +105,12 @@ perl-5.30.3-1.cm1.x86_64.rpm texinfo-6.5-7.cm1.x86_64.rpm autoconf-2.69-9.cm1.noarch.rpm automake-1.16.1-3.cm1.noarch.rpm -openssl-1.1.1g-6.cm1.x86_64.rpm -openssl-devel-1.1.1g-6.cm1.x86_64.rpm -openssl-libs-1.1.1g-6.cm1.x86_64.rpm -openssl-perl-1.1.1g-6.cm1.x86_64.rpm -openssl-static-1.1.1g-6.cm1.x86_64.rpm -openssl-debuginfo-1.1.1g-6.cm1.x86_64.rpm +openssl-1.1.1g-7.cm1.x86_64.rpm +openssl-devel-1.1.1g-7.cm1.x86_64.rpm +openssl-libs-1.1.1g-7.cm1.x86_64.rpm +openssl-perl-1.1.1g-7.cm1.x86_64.rpm +openssl-static-1.1.1g-7.cm1.x86_64.rpm +openssl-debuginfo-1.1.1g-7.cm1.x86_64.rpm libcap-2.26-2.cm1.x86_64.rpm libcap-devel-2.26-2.cm1.x86_64.rpm libdb-5.3.28-4.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index c44b10efa0d..27f0a95ec4e 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -269,12 +269,12 @@ openjdk8-doc-1.8.0.181-8.cm1.aarch64.rpm openjdk8-sample-1.8.0.181-8.cm1.aarch64.rpm openjdk8-src-1.8.0.181-8.cm1.aarch64.rpm openjre8-1.8.0.181-8.cm1.aarch64.rpm -openssl-1.1.1g-6.cm1.aarch64.rpm -openssl-debuginfo-1.1.1g-6.cm1.aarch64.rpm -openssl-devel-1.1.1g-6.cm1.aarch64.rpm -openssl-libs-1.1.1g-6.cm1.aarch64.rpm -openssl-perl-1.1.1g-6.cm1.aarch64.rpm -openssl-static-1.1.1g-6.cm1.aarch64.rpm +openssl-1.1.1g-7.cm1.aarch64.rpm +openssl-debuginfo-1.1.1g-7.cm1.aarch64.rpm +openssl-devel-1.1.1g-7.cm1.aarch64.rpm +openssl-libs-1.1.1g-7.cm1.aarch64.rpm +openssl-perl-1.1.1g-7.cm1.aarch64.rpm +openssl-static-1.1.1g-7.cm1.aarch64.rpm p11-kit-0.23.16.1-2.cm1.aarch64.rpm p11-kit-debuginfo-0.23.16.1-2.cm1.aarch64.rpm p11-kit-devel-0.23.16.1-2.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 25be6f4c97f..81259caaad3 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -269,12 +269,12 @@ openjdk8-doc-1.8.0.212-10.cm1.x86_64.rpm openjdk8-sample-1.8.0.212-10.cm1.x86_64.rpm openjdk8-src-1.8.0.212-10.cm1.x86_64.rpm openjre8-1.8.0.212-10.cm1.x86_64.rpm -openssl-1.1.1g-6.cm1.x86_64.rpm -openssl-debuginfo-1.1.1g-6.cm1.x86_64.rpm -openssl-devel-1.1.1g-6.cm1.x86_64.rpm -openssl-libs-1.1.1g-6.cm1.x86_64.rpm -openssl-perl-1.1.1g-6.cm1.x86_64.rpm -openssl-static-1.1.1g-6.cm1.x86_64.rpm +openssl-1.1.1g-7.cm1.x86_64.rpm +openssl-debuginfo-1.1.1g-7.cm1.x86_64.rpm +openssl-devel-1.1.1g-7.cm1.x86_64.rpm +openssl-libs-1.1.1g-7.cm1.x86_64.rpm +openssl-perl-1.1.1g-7.cm1.x86_64.rpm +openssl-static-1.1.1g-7.cm1.x86_64.rpm p11-kit-0.23.16.1-2.cm1.x86_64.rpm p11-kit-debuginfo-0.23.16.1-2.cm1.x86_64.rpm p11-kit-devel-0.23.16.1-2.cm1.x86_64.rpm From 3e1ac3f5cfb444965d452c2e63d83ea0fa346556 Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Wed, 11 Nov 2020 12:57:44 -0800 Subject: [PATCH 110/145] ExecuteLiveWithCallback can dump output on error. (#340) * ExecuteLiveWithCallback can dump output on error. --- .../imagegen/installutils/installutils.go | 4 +-- toolkit/tools/internal/logger/log.go | 17 ++++++++-- .../repocloner/rpmrepocloner/rpmrepocloner.go | 2 +- toolkit/tools/internal/shell/shell.go | 32 +++++++++++++++---- toolkit/tools/liveinstaller/liveinstaller.go | 2 +- toolkit/tools/roast/formats/ova.go | 8 ++--- 6 files changed, 49 insertions(+), 16 deletions(-) diff --git a/toolkit/tools/imagegen/installutils/installutils.go b/toolkit/tools/imagegen/installutils/installutils.go index de50102a6d5..ed1b32ac4b5 100644 --- a/toolkit/tools/imagegen/installutils/installutils.go +++ b/toolkit/tools/imagegen/installutils/installutils.go @@ -1079,7 +1079,7 @@ func tdnfInstall(packageName, installRoot string, currentPackagesInstalled, tota ReportPercentComplete(progress) } - err = shell.ExecuteLiveWithCallback(onStdout, logger.Log.Warn, "tdnf", "install", packageName, "--installroot", installRoot, "--nogpgcheck", "--assumeyes") + err = shell.ExecuteLiveWithCallback(onStdout, logger.Log.Warn, true, "tdnf", "install", packageName, "--installroot", installRoot, "--nogpgcheck", "--assumeyes") if err != nil { logger.Log.Warnf("Failed to tdnf install: %v. Package name: %v", err, packageName) } @@ -1562,7 +1562,7 @@ func KernelPackages(config configuration.Config) []*pkgjson.PackageVer { // To be able to cleanly exit the setup chroot, we must stop it. func stopGPGAgent(installChroot *safechroot.Chroot) { installChroot.UnsafeRun(func() error { - err := shell.ExecuteLiveWithCallback(logger.Log.Debug, logger.Log.Warn, "gpgconf", "--kill", "gpg-agent") + err := shell.ExecuteLiveWithCallback(logger.Log.Debug, logger.Log.Warn, false, "gpgconf", "--kill", "gpg-agent") if err != nil { // This is non-fatal, as there is no guarentee the image has gpg agent started. logger.Log.Warnf("Failed to stop gpg-agent. This is expected if it is not installed: %s", err) diff --git a/toolkit/tools/internal/logger/log.go b/toolkit/tools/internal/logger/log.go index 2b376906fca..91eac6c8a3b 100644 --- a/toolkit/tools/internal/logger/log.go +++ b/toolkit/tools/internal/logger/log.go @@ -133,9 +133,22 @@ func WarningOnError(err interface{}, args ...interface{}) { } // StreamOutput calls the provided logFunction on every line from the provided pipe -func StreamOutput(pipe io.Reader, logFunction func(...interface{}), wg *sync.WaitGroup) { +func StreamOutput(pipe io.Reader, logFunction func(...interface{}), wg *sync.WaitGroup, outputChan chan string) { for scanner := bufio.NewScanner(pipe); scanner.Scan(); { - logFunction(scanner.Text()) + line := scanner.Text() + logFunction(line) + + Log.Tracef("StreamOutput:\t'%s'", line) + + // Optionally buffer the output to print in the event of an error + if outputChan != nil { + select { + case outputChan <- line: + default: + // In the event the buffer is full, just print to console + Log.Warnf("Output buffer full: dropping: \"%s\"", line) + } + } } wg.Done() diff --git a/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go b/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go index 20771acc358..d0e313a1d57 100644 --- a/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go +++ b/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go @@ -412,7 +412,7 @@ func (r *RpmRepoCloner) ClonedRepoContents() (repoContents *repocloner.RepoConte "--disablerepo=*", fmt.Sprintf("--enablerepo=%s", checkedRepoID), } - return shell.ExecuteLiveWithCallback(onStdout, logger.Log.Warn, "tdnf", tdnfArgs...) + return shell.ExecuteLiveWithCallback(onStdout, logger.Log.Warn, true, "tdnf", tdnfArgs...) }) return diff --git a/toolkit/tools/internal/shell/shell.go b/toolkit/tools/internal/shell/shell.go index 31de21eac72..9142ffd2596 100644 --- a/toolkit/tools/internal/shell/shell.go +++ b/toolkit/tools/internal/shell/shell.go @@ -130,11 +130,16 @@ func ExecuteLive(squashErrors bool, program string, args ...string) (err error) onStderr = logger.Log.Warn } - return ExecuteLiveWithCallback(onStdout, onStderr, program, args...) + return ExecuteLiveWithCallback(onStdout, onStderr, false, program, args...) } -// ExecuteLiveWithCallback runs a command in the shell and invokes the provided callbacks it in real-time on stdout and stderr. -func ExecuteLiveWithCallback(onStdout, onStderr func(...interface{}), program string, args ...string) (err error) { +// ExecuteLiveWithCallback runs a command in the shell and invokes the provided callbacks in real-time on each line of stdout and stderr. +// If printOutputOnError is true, the full output of the command will be printed after completion if the command returns an error. In the event +// the buffer becomes full the oldest buffered output is discarded. +func ExecuteLiveWithCallback(onStdout, onStderr func(...interface{}), printOutputOnError bool, program string, args ...string) (err error) { + var outputChan chan string + const outputChanBufferSize = 1500 + cmd := exec.Command(program, args...) stdoutPipe, err := cmd.StdoutPipe() @@ -161,12 +166,27 @@ func ExecuteLiveWithCallback(onStdout, onStderr func(...interface{}), program st wg := new(sync.WaitGroup) wg.Add(2) - go logger.StreamOutput(stdoutPipe, onStdout, wg) - go logger.StreamOutput(stderrPipe, onStderr, wg) + if printOutputOnError { + outputChan = make(chan string, outputChanBufferSize) + } + go logger.StreamOutput(stdoutPipe, onStdout, wg, outputChan) + go logger.StreamOutput(stderrPipe, onStderr, wg, outputChan) wg.Wait() + err = cmd.Wait() + + // Optionally dump the output in the event of an error + if outputChan != nil { + close(outputChan) + } + if err != nil && printOutputOnError { + logger.Log.Errorf("Call to %s returned error, last %d lines of output:", cmd.Args, outputChanBufferSize) + for line := range outputChan { + logger.Log.Warn(line) + } + } - return cmd.Wait() + return } // MustExecuteLive executes the shell command. diff --git a/toolkit/tools/liveinstaller/liveinstaller.go b/toolkit/tools/liveinstaller/liveinstaller.go index 6531519c37b..d24e757606a 100644 --- a/toolkit/tools/liveinstaller/liveinstaller.go +++ b/toolkit/tools/liveinstaller/liveinstaller.go @@ -359,7 +359,7 @@ func terminalAttendedInstall(cfg configuration.Config, progress chan int, status args.emitProgress = true program, commandArgs := formatImagerCommand(args) - err = shell.ExecuteLiveWithCallback(onStdout, logger.Log.Warn, program, commandArgs...) + err = shell.ExecuteLiveWithCallback(onStdout, logger.Log.Warn, false, program, commandArgs...) return } diff --git a/toolkit/tools/roast/formats/ova.go b/toolkit/tools/roast/formats/ova.go index cc5739cb0a9..4e1aa62c331 100644 --- a/toolkit/tools/roast/formats/ova.go +++ b/toolkit/tools/roast/formats/ova.go @@ -110,14 +110,14 @@ func (o *Ova) Convert(input, output string, isInputFile bool) (err error) { logger.Log.Infof(`Converting "%s" to "%s"`, input, vmdkFilePath) - err = shell.ExecuteLiveWithCallback(logger.Log.Info, logger.Log.Warn, "qemu-img", "convert", "-f", "raw", input, "-O", "vmdk", vmdkFilePath) + err = shell.ExecuteLiveWithCallback(logger.Log.Info, logger.Log.Warn, false, "qemu-img", "convert", "-f", "raw", input, "-O", "vmdk", vmdkFilePath) if err != nil { return err } // This step produces the disk1 vmdk and .mf files generated by ovftool from vmx template logger.Log.Debugf(`Expanding template "%s" to "%s"`, vmxFilePath, ovfFilePath) - err = shell.ExecuteLiveWithCallback(logger.Log.Info, logger.Log.Warn, "ovftool", vmxFilePath, ovfFilePath) + err = shell.ExecuteLiveWithCallback(logger.Log.Info, logger.Log.Warn, false, "ovftool", vmxFilePath, ovfFilePath) if err != nil { return } @@ -157,7 +157,7 @@ func (o *Ova) Convert(input, output string, isInputFile bool) (err error) { vmdkDisk1FileName := strings.TrimSuffix(vmdkBase, filepath.Ext(vmdkBase)) + "-disk1.vmdk" vmdkDisk1FilePath := filepath.Join(filepath.Dir(vmdkFilePath), vmdkDisk1FileName) - err = shell.ExecuteLiveWithCallback(logger.Log.Info, logger.Log.Warn, "openssl", "sha1", "-out", mfFilePath, vmdkDisk1FilePath, ovfFilePath) + err = shell.ExecuteLiveWithCallback(logger.Log.Info, logger.Log.Warn, false, "openssl", "sha1", "-out", mfFilePath, vmdkDisk1FilePath, ovfFilePath) if err != nil { return } @@ -178,7 +178,7 @@ func (o *Ova) Convert(input, output string, isInputFile bool) (err error) { os.Chdir(artifactsFolder) // OVA is just a tar archive with .ovf, .mf and other artifacts (disk) - err = shell.ExecuteLiveWithCallback(logger.Log.Info, logger.Log.Warn, "tar", "-cf", output, "--format=ustar", ovfFileBase, mfFileBase, vmdkDisk1FileBase) + err = shell.ExecuteLiveWithCallback(logger.Log.Info, logger.Log.Warn, false, "tar", "-cf", output, "--format=ustar", ovfFileBase, mfFileBase, vmdkDisk1FileBase) logger.Log.Debugf("Changing directory back to %s after running tar for OVA generation.", currentPwd) os.Chdir(currentPwd) From 541801186bc57ae163cce335a96c0642109d2eff Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Wed, 11 Nov 2020 16:23:50 -0800 Subject: [PATCH 111/145] Upgrade python-markupsafe and python-zope-interface for setuptools compatibility (#367) --- .github/workflows/validate-cg-manifest.sh | 2 + .../python-markupsafe.signatures.json | 2 +- .../python-markupsafe/python-markupsafe.spec | 52 ++++++++------ .../python-zope-interface.signatures.json | 2 +- .../python-zope-interface.spec | 72 +++++++++++-------- cgmanifest.json | 8 +-- 6 files changed, 81 insertions(+), 57 deletions(-) diff --git a/.github/workflows/validate-cg-manifest.sh b/.github/workflows/validate-cg-manifest.sh index 95cf547560a..def589f7529 100755 --- a/.github/workflows/validate-cg-manifest.sh +++ b/.github/workflows/validate-cg-manifest.sh @@ -19,6 +19,8 @@ ignore_list=" \ mariner-rpm-macros \ moby-buildx \ moby-containerd \ + python-markupsafe \ + python-zope-interface \ qt5-rpm-macros \ runc \ grub2-efi-binary-signed-aarch64 \ diff --git a/SPECS/python-markupsafe/python-markupsafe.signatures.json b/SPECS/python-markupsafe/python-markupsafe.signatures.json index 0d6d60310f8..374329ecaab 100644 --- a/SPECS/python-markupsafe/python-markupsafe.signatures.json +++ b/SPECS/python-markupsafe/python-markupsafe.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "MarkupSafe-1.0.tar.gz": "a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665" + "MarkupSafe-1.1.1.tar.gz": "29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b" } } \ No newline at end of file diff --git a/SPECS/python-markupsafe/python-markupsafe.spec b/SPECS/python-markupsafe/python-markupsafe.spec index b1fcb796246..aa6bb4e8351 100644 --- a/SPECS/python-markupsafe/python-markupsafe.spec +++ b/SPECS/python-markupsafe/python-markupsafe.spec @@ -1,22 +1,19 @@ %{!?python2_sitelib: %define python2_sitelib %(python2 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")} %{!?python3_sitelib: %define python3_sitelib %(python3 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")} - +%define pypi_name MarkupSafe Summary: A XML/HTML/XHTML Markup safe string for Python. Name: python-markupsafe -Version: 1.0 -Release: 5%{?dist} +Version: 1.1.1 +Release: 1%{?dist} License: BSD -Group: Development/Languages/Python Vendor: Microsoft Corporation Distribution: Mariner -Url: https://pypi.python.org/pypi/MarkupSafe -Source0: https://pypi.python.org/packages/4d/de/32d741db316d8fdb7680822dd37001ef7a448255de9699ab4bfcbdf4172b/MarkupSafe-%{version}.tar.gz -%define sha1 MarkupSafe=9072e80a7faa0f49805737a48f3d871eb1c48728 - +Group: Development/Languages/Python +URL: https://pypi.python.org/pypi/MarkupSafe +Source0: https://pypi.python.org/packages/source/M/%{pypi_name}/%{pypi_name}-%{version}.tar.gz +BuildRequires: python-setuptools BuildRequires: python2 BuildRequires: python2-libs -BuildRequires: python-setuptools - Requires: python2 Requires: python2-libs @@ -37,7 +34,7 @@ Requires: python3-libs Python 3 version. %prep -%setup -q -n MarkupSafe-%{version} +%setup -q -n %{pypi_name}-%{version} %build python2 setup.py build @@ -54,7 +51,7 @@ python3 setup.py test %files %defattr(-,root,root,-) -%license LICENSE +%license LICENSE.rst %{python2_sitelib}/* %files -n python3-markupsafe @@ -62,16 +59,27 @@ python3 setup.py test %{python3_sitelib}/* %changelog +* Wed Nov 11 2020 Thomas Crain - 1.1.1-1 +- Upgrade to 1.1.1 to fix setuptools compatibility issues +- Change Source0 +- Correct license location +- Remove inline sha1 +- Lint to Mariner style + * Sat May 09 00:21:01 PST 2020 Nick Samson - 1.0-5 - Added %%license line automatically -* Tue Sep 03 2019 Mateusz Malisz 1.0-4 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Wed Jun 07 2017 Xiaolin Li 1.0-3 -- Add python3-setuptools and python3-xml to python3 sub package Buildrequires. -* Thu Jun 01 2017 Dheeraj Shetty 1.0-2 -- Removed erroneous version line -* Thu Mar 30 2017 Sarah Choi 1.0-1 -- Upgrade version to 1.0 -* Thu Mar 02 2017 Xiaolin Li 0.23-1 -- Initial packaging for Photon +* Tue Sep 03 2019 Mateusz Malisz - 1.0-4 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Wed Jun 07 2017 Xiaolin Li - 1.0-3 +- Add python3-setuptools and python3-xml to python3 sub package Buildrequires. + +* Thu Jun 01 2017 Dheeraj Shetty - 1.0-2 +- Removed erroneous version line + +* Thu Mar 30 2017 Sarah Choi - 1.0-1 +- Upgrade version to 1.0 + +* Thu Mar 02 2017 Xiaolin Li - 0.23-1 +- Initial packaging for Photon diff --git a/SPECS/python-zope-interface/python-zope-interface.signatures.json b/SPECS/python-zope-interface/python-zope-interface.signatures.json index d25d7442d2e..34686b927cf 100644 --- a/SPECS/python-zope-interface/python-zope-interface.signatures.json +++ b/SPECS/python-zope-interface/python-zope-interface.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "zope.interface-4.6.0.tar.gz": "1b3d0dcabc7c90b470e59e38a9acaa361be43b3a6ea644c0063951964717f0e5" + "zope.interface-4.7.2.tar.gz": "fd1101bd3fcb4f4cf3485bb20d6cb0b56909b94d3bd2a53a6cb9d381c3da3365" } } \ No newline at end of file diff --git a/SPECS/python-zope-interface/python-zope-interface.spec b/SPECS/python-zope-interface/python-zope-interface.spec index d50d8d893cc..18a22ef3ca5 100644 --- a/SPECS/python-zope-interface/python-zope-interface.spec +++ b/SPECS/python-zope-interface/python-zope-interface.spec @@ -1,19 +1,19 @@ %{!?python2_sitelib: %define python2_sitelib %(python2 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")} %{!?python3_sitelib: %define python3_sitelib %(python3 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")} - -Name: python-zope-interface -Version: 4.6.0 -Release: 3%{?dist} -Url: https://github.com/zopefoundation/zope.interface +%define pypi_name zope.interface Summary: Interfaces for Python +Name: python-zope-interface +Version: 4.7.2 +Release: 1%{?dist} License: ZPLv2.1 +Vendor: Microsoft Corporation +Distribution: Mariner Group: Development/Languages/Python -Source0: https://files.pythonhosted.org/packages/4e/d0/c9d16bd5b38de44a20c6dc5d5ed80a49626fafcb3db9f9efdc2a19026db6/zope.interface-%{version}.tar.gz - +URL: https://github.com/zopefoundation/zope.interface +Source0: https://pypi.python.org/packages/source/z/%{pypi_name}/%{pypi_name}-%{version}.tar.gz +BuildRequires: python-setuptools BuildRequires: python2-devel BuildRequires: python2-libs -BuildRequires: python-setuptools - Requires: python2 Requires: python2-libs @@ -37,8 +37,9 @@ Requires: python3-libs %description -n python3-zope-interface Python 3 version. + %prep -%setup -q -n zope.interface-%{version} +%setup -q -n %{pypi_name}-%{version} rm -rf ../p3dir cp -a . ../p3dir @@ -71,22 +72,35 @@ popd %{python3_sitelib}/* %changelog -* Sat May 09 2020 Nick Samson 4.6.0-3 -- Added %%license line automatically -* Wed Apr 29 2020 Emre Girgin 4.6.0-2 -- Renaming python-zope.interface to python-zope-interface -* Wed Mar 18 2020 Henry Beberman 4.6.0-1 -- Initial CBL-Mariner import from Photon (license: Apache2). -- Update to 4.6.0. Source0 URL fixed. License verified. -* Fri Sep 14 2018 Tapas Kundu 4.5.0-1 -- Updated to release 4.5.0 -* Wed Jun 07 2017 Xiaolin Li 4.3.3-2 -- Add python3-setuptools and python3-xml to python3 sub package Buildrequires. -* Mon Mar 13 2017 Xiaolin Li 4.3.3-1 -- Updated to version 4.3.3. -* Mon Oct 04 2016 ChangLee 4.1.3-3 -- Modified %check -* Tue May 24 2016 Priyesh Padmavilasom 4.1.3-2 -- GA - Bump release of all rpms -* Tue Oct 27 2015 Mahmoud Bassiouny -- Initial packaging for Photon +* Wed Nov 11 2020 Thomas Crain - 4.7.2-1 +- Update to 4.7.2 to fix setuptools compatibility issues +- Update Source0 +- Lint to Mariner style + +* Sat May 09 2020 Nick Samson - 4.6.0-3 +- Added %%license line automatically + +* Wed Apr 29 2020 Emre Girgin - 4.6.0-2 +- Renaming python-zope.interface to python-zope-interface + +* Wed Mar 18 2020 Henry Beberman - 4.6.0-1 +- Initial CBL-Mariner import from Photon (license: Apache2). +- Update to 4.6.0. Source0 URL fixed. License verified. + +* Fri Sep 14 2018 Tapas Kundu - 4.5.0-1 +- Updated to release 4.5.0 + +* Wed Jun 07 2017 Xiaolin Li - 4.3.3-2 +- Add python3-setuptools and python3-xml to python3 sub package Buildrequires. + +* Mon Mar 13 2017 Xiaolin Li - 4.3.3-1 +- Updated to version 4.3.3. + +* Mon Oct 04 2016 ChangLee - 4.1.3-3 +- Modified %check + +* Tue May 24 2016 Priyesh Padmavilasom - 4.1.3-2 +- GA - Bump release of all rpms + +* Tue Oct 27 2015 Mahmoud Bassiouny - 4.1.3-1 +- Initial packaging for Photon diff --git a/cgmanifest.json b/cgmanifest.json index a71ff3a1878..1c21e2330e7 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -4666,8 +4666,8 @@ "type": "other", "other": { "name": "python-markupsafe", - "version": "1.0", - "downloadUrl": "https://pypi.python.org/packages/4d/de/32d741db316d8fdb7680822dd37001ef7a448255de9699ab4bfcbdf4172b/MarkupSafe-1.0.tar.gz" + "version": "1.1.1", + "downloadUrl": "https://pypi.python.org/packages/source/M/MarkupSafe/MarkupSafe-1.1.1.tar.gz" } } }, @@ -5076,8 +5076,8 @@ "type": "other", "other": { "name": "python-zope-interface", - "version": "4.6.0", - "downloadUrl": "https://files.pythonhosted.org/packages/4e/d0/c9d16bd5b38de44a20c6dc5d5ed80a49626fafcb3db9f9efdc2a19026db6/zope.interface-4.6.0.tar.gz" + "version": "4.7.2", + "downloadUrl": "https://pypi.python.org/packages/source/z/zope.interface/zope.interface-4.7.2.tar.gz" } } }, From fde43f880719070ef03ac6a7e6e91ec555fed432 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Wed, 11 Nov 2020 17:06:27 -0800 Subject: [PATCH 112/145] Skipping one `zsh` ptest testcase if ran as superuser. (#363) * Skipping test if ran as superuser. * Adding linter's suggestion. --- ...01-Skipping-test-if-ran-as-superuser.patch | 37 +++++ SPECS/zsh/zsh.spec | 153 +++++++++--------- 2 files changed, 117 insertions(+), 73 deletions(-) create mode 100644 SPECS/zsh/0001-Skipping-test-if-ran-as-superuser.patch diff --git a/SPECS/zsh/0001-Skipping-test-if-ran-as-superuser.patch b/SPECS/zsh/0001-Skipping-test-if-ran-as-superuser.patch new file mode 100644 index 00000000000..5d0685b9f04 --- /dev/null +++ b/SPECS/zsh/0001-Skipping-test-if-ran-as-superuser.patch @@ -0,0 +1,37 @@ +From 0fbbbea15b38364830d7b341c86682f05575ae0b Mon Sep 17 00:00:00 2001 +From: Pawel +Date: Tue, 10 Nov 2020 18:37:47 -0800 +Subject: [PATCH] Skipping test if ran as superuser. + +--- + Test/D02glob.ztst | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/Test/D02glob.ztst b/Test/D02glob.ztst +index b0650c8..39d97c1 100644 +--- a/Test/D02glob.ztst ++++ b/Test/D02glob.ztst +@@ -729,11 +729,15 @@ + >not/exist + >exist + +- mkdir -m 000 glob.tmp/secret-d000 +- mkdir -m 111 glob.tmp/secret-d111 +- mkdir -m 444 glob.tmp/secret-d444 +- for 1 in 000 111 444 ; do ln -s secret-d$1 glob.tmp/secret-s$1; done +- print -rC 2 -- glob.tmp/secret-*/ glob.tmp/secret-*(-/) ++ if (( UID )); then ++ mkdir -m 000 glob.tmp/secret-d000 ++ mkdir -m 111 glob.tmp/secret-d111 ++ mkdir -m 444 glob.tmp/secret-d444 ++ for 1 in 000 111 444 ; do ln -s secret-d$1 glob.tmp/secret-s$1; done ++ print -rC 2 -- glob.tmp/secret-*/ glob.tmp/secret-*(-/) ++ else ++ ZTST_skip="cannot test unreadable directories globbing when tests run as superuser" ++ fi + -f:unreadable directories can be globbed (users/24619, users/24626) + >glob.tmp/secret-d000/ glob.tmp/secret-d000 + >glob.tmp/secret-d111/ glob.tmp/secret-d111 +-- +2.17.1 + diff --git a/SPECS/zsh/zsh.spec b/SPECS/zsh/zsh.spec index b05538b3396..1b20d91adb2 100644 --- a/SPECS/zsh/zsh.spec +++ b/SPECS/zsh/zsh.spec @@ -3,33 +3,37 @@ Summary: Z shell Name: zsh Version: 5.8 -Release: 3%{?dist} -License: MIT and GPLv2.0 and GPLv3.0 and GPLv2+ -URL: http://zsh.sourceforge.net/ -Group: System Environment/Shells +Release: 4%{?dist} +License: MIT AND GPLv2.0 AND GPLv3.0 AND GPLv2+ Vendor: Microsoft Corporation Distribution: Mariner +Group: System Environment/Shells +URL: http://zsh.sourceforge.net/ Source0: https://sourceforge.net/projects/%{name}/files/%{name}/%{version}/%{name}-%{version}.tar.xz Source1: zprofile.rhs Source2: zshrc -BuildRequires: coreutils -BuildRequires: tar -BuildRequires: diffutils -BuildRequires: make -BuildRequires: gcc -BuildRequires: binutils -BuildRequires: kernel-headers -BuildRequires: sed -BuildRequires: ncurses-devel -BuildRequires: libcap-devel -BuildRequires: texinfo -BuildRequires: gawk -BuildRequires: elfutils +Patch0: 0001-Skipping-test-if-ran-as-superuser.patch + +BuildRequires: binutils +BuildRequires: coreutils +BuildRequires: diffutils +BuildRequires: elfutils +BuildRequires: gawk +BuildRequires: gcc +BuildRequires: kernel-headers +BuildRequires: libcap-devel +BuildRequires: make +BuildRequires: ncurses-devel +BuildRequires: sed +BuildRequires: tar +BuildRequires: texinfo + Requires(post): /bin/grep -Requires(postun): coreutils /bin/grep +Requires(postun): /bin/grep +Requires(postun): coreutils -Provides: /bin/zsh +Provides: /bin/zsh %description The zsh shell is a command interpreter usable as an interactive login @@ -40,8 +44,8 @@ command completion, shell functions (with autoloading), a history mechanism, and more. %package html -Summary: Zsh shell manual in html format -Group: System Environment/Shells +Summary: Zsh shell manual in html format +Group: System Environment/Shells %description html The zsh shell is a command interpreter usable as an interactive login @@ -55,7 +59,7 @@ This package contains the Zsh manual in html format. %prep -%setup -q +%autosetup -p1 %build # make loading of module's dependencies work again (#1277996) @@ -68,42 +72,33 @@ make all html %check rm -f Test/C02cond.ztst make check + %install -rm -rf $RPM_BUILD_ROOT %makeinstall install.info \ - fndir=$RPM_BUILD_ROOT%{_datadir}/%{name}/%{version}/functions \ - sitefndir=$RPM_BUILD_ROOT%{_datadir}/%{name}/site-functions \ - scriptdir=$RPM_BUILD_ROOT%{_datadir}/%{name}/%{version}/scripts \ - sitescriptdir=$RPM_BUILD_ROOT%{_datadir}/%{name}/scripts \ - runhelpdir=$RPM_BUILD_ROOT%{_datadir}/%{name}/%{version}/help + fndir=%{buildroot}%{_datadir}/%{name}/%{version}/functions \ + sitefndir=%{buildroot}%{_datadir}/%{name}/site-functions \ + scriptdir=%{buildroot}%{_datadir}/%{name}/%{version}/scripts \ + sitescriptdir=%{buildroot}%{_datadir}/%{name}/scripts \ + runhelpdir=%{buildroot}%{_datadir}/%{name}/%{version}/help -rm -f ${RPM_BUILD_ROOT}%{_bindir}/zsh-%{version} -rm -f $RPM_BUILD_ROOT%{_infodir}/dir +rm -f %{buildroot}%{_bindir}/zsh-%{version} +rm -f %{buildroot}%{_infodir}/dir -mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir} +mkdir -p %{buildroot}%{_sysconfdir} for i in %{SOURCE1}; do - install -m 644 $i $RPM_BUILD_ROOT%{_sysconfdir}/"$(basename $i .rhs)" + install -m 644 $i %{buildroot}%{_sysconfdir}/"$(basename $i .rhs)" done -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/skel -install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/skel/.zshrc - -# This is just here to shut up rpmlint, and is very annoying. -# Note that we can't chmod everything as then rpmlint will complain about -# those without a she-bang line. -for i in checkmail harden run-help zcalc zkbd; do - sed -i -e 's!/usr/local/bin/zsh!%{_bindir}/zsh!' \ - $RPM_BUILD_ROOT%{_datadir}/zsh/%{version}/functions/$i - chmod +x $RPM_BUILD_ROOT%{_datadir}/zsh/%{version}/functions/$i -done +mkdir -p %{buildroot}%{_sysconfdir}/skel +install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/skel/.zshrc -sed -i "s!$RPM_BUILD_ROOT%{_datadir}/%{name}/%{version}/help!%{_datadir}/%{name}/%{version}/help!" \ - $RPM_BUILD_ROOT%{_datadir}/zsh/%{version}/functions/{run-help,_run-help} +sed -i "s!%{buildroot}%{_datadir}/%{name}/%{version}/help!%{_datadir}/%{name}/%{version}/help!" \ + %{buildroot}%{_datadir}/zsh/%{version}/functions/{run-help,_run-help} %clean -rm -rf $RPM_BUILD_ROOT +rm -rf %{buildroot} %post if [ "$1" = 1 ]; then @@ -117,18 +112,16 @@ if [ "$1" = 1 ]; then fi %preun - %postun if [ "$1" = 0 ] && [ -f %{_sysconfdir}/shells ] ; then sed -i '\!^%{_bindir}/%{name}$!d' %{_sysconfdir}/shells sed -i '\!^/bin/%{name}$!d' %{_sysconfdir}/shells fi - %files %defattr(-,root,root) %license LICENCE -%doc README LICENCE Etc/BUGS Etc/CONTRIBUTORS Etc/FAQ FEATURES MACHINES +%doc README Etc/BUGS Etc/CONTRIBUTORS Etc/FAQ FEATURES MACHINES %doc NEWS Etc/zsh-development-guide Etc/completion-style-guide %attr(755,root,root) %{_bindir}/zsh %{_mandir}/*/* @@ -143,30 +136,44 @@ fi %doc Doc/*.html %changelog +* Tue Nov 10 2020 Pawel Winogrodzki - 5.8-4 +- Adding a patch to skip globbing test if ran as root. +- Removing redundant 'sed' and 'chmod' commands in %%install. + * Sat May 09 00:20:44 PST 2020 Nick Samson - 5.8-3 - Added %%license line automatically -* Thu Apr 30 2020 Emre Girgin 5.8-2 -- Renaming linux-api-headers to kernel-headers -* Fri Apr 10 2020 Jon Slobodzian 5.8-1 -- Updated to latest version to fix CVE CVE-2019-20044. -- Fixed Source0 download link -- Verified license. -* Thu Apr 09 2020 Nicolas Ontiveros 5.6.1-3 -- Remove coreutils and only use toybox in requires. -* Tue Sep 03 2019 Mateusz Malisz 5.6.1-2 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Thu Sep 13 2018 Siju Maliakkal 5.6.1-1 -- Upgrading to latest -* Mon Mar 19 2018 Xiaolin Li 5.3.1-5 -- Fix CVE-2018-7548 -* Mon Sep 18 2017 Alexey Makhalov 5.3.1-4 -- Requires coreutils or toybox and /bin/grep -* Fri Sep 15 2017 Bo Gan 5.3.1-3 -- Clean up check -* Wed Aug 02 2017 Chang Lee 5.3.1-2 -- Skip a test case that is not supported from photon OS chroot -* Wed Apr 05 2017 Xiaolin Li 5.3.1-1 -- Updated to version 5.3.1. -* Sun Jul 24 2016 Ivan Porto Carrero - 5.2-1 -- Initial zsh for photon os +* Thu Apr 30 2020 Emre Girgin - 5.8-2 +- Renaming linux-api-headers to kernel-headers + +* Fri Apr 10 2020 Jon Slobodzian - 5.8-1 +- Updated to latest version to fix CVE CVE-2019-20044. +- Fixed Source0 download link +- Verified license. + +* Thu Apr 09 2020 Nicolas Ontiveros - 5.6.1-3 +- Remove coreutils and only use toybox in requires. + +* Tue Sep 03 2019 Mateusz Malisz - 5.6.1-2 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Thu Sep 13 2018 Siju Maliakkal - 5.6.1-1 +- Upgrading to latest + +* Mon Mar 19 2018 Xiaolin Li - 5.3.1-5 +- Fix CVE-2018-7548 + +* Mon Sep 18 2017 Alexey Makhalov - 5.3.1-4 +- Requires coreutils or toybox and /bin/grep + +* Fri Sep 15 2017 Bo Gan - 5.3.1-3 +- Clean up check + +* Wed Aug 02 2017 Chang Lee - 5.3.1-2 +- Skip a test case that is not supported from photon OS chroot + +* Wed Apr 05 2017 Xiaolin Li - 5.3.1-1 +- Updated to version 5.3.1. + +* Sun Jul 24 2016 Ivan Porto Carrero - 5.2-1 +- Initial zsh for photon os From d42ad2134f8df440a484afe79f8195547123f2f5 Mon Sep 17 00:00:00 2001 From: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com> Date: Thu, 12 Nov 2020 00:00:27 -0800 Subject: [PATCH 113/145] Enable arm64 hyperv and SoCs support for CBL-Mariner (#366) * Enable arm64 hyperv and SoCs support for CBL-Mariner * Update kernel config for Arm64 arch * Update kernel configs for arm64 arch * Enable arm64 hyperv and SoCs support for CBL-Mariner Co-authored-by: schalam --- .../kernel-signed-aarch64.spec | 5 +- .../kernel-signed-x64/kernel-signed-x64.spec | 5 +- SPECS/kernel/config_aarch64 | 4298 ++++++++++++----- SPECS/kernel/kernel.signatures.json | 2 +- SPECS/kernel/kernel.spec | 11 +- .../ver5_4_72_arm64_hyperv_support.patch | 36 + 6 files changed, 3014 insertions(+), 1343 deletions(-) create mode 100644 SPECS/kernel/ver5_4_72_arm64_hyperv_support.patch diff --git a/SPECS-SIGNED/kernel-signed-aarch64/kernel-signed-aarch64.spec b/SPECS-SIGNED/kernel-signed-aarch64/kernel-signed-aarch64.spec index 4d9215d9fe3..985693c7e7d 100644 --- a/SPECS-SIGNED/kernel-signed-aarch64/kernel-signed-aarch64.spec +++ b/SPECS-SIGNED/kernel-signed-aarch64/kernel-signed-aarch64.spec @@ -3,7 +3,7 @@ Summary: Signed Linux Kernel for aarch64 systems Name: kernel-signed-aarch64 Version: 5.4.72 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -80,6 +80,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %config %{_localstatedir}/lib/initramfs/kernel/%{uname_r} %changelog +* Tue Nov 10 2020 Suresh Babu Chalamalasetty - 5.4.72-2 +- Update release number + * Mon Oct 26 2020 Chris Co - 5.4.72-1 - Update source to 5.4.72 - Lint spec diff --git a/SPECS-SIGNED/kernel-signed-x64/kernel-signed-x64.spec b/SPECS-SIGNED/kernel-signed-x64/kernel-signed-x64.spec index 99686c97b14..3e35da25c00 100644 --- a/SPECS-SIGNED/kernel-signed-x64/kernel-signed-x64.spec +++ b/SPECS-SIGNED/kernel-signed-x64/kernel-signed-x64.spec @@ -3,7 +3,7 @@ Summary: Signed Linux Kernel for x86_64 systems Name: kernel-signed-x64 Version: 5.4.72 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -80,6 +80,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %config %{_localstatedir}/lib/initramfs/kernel/%{uname_r} %changelog +* Tue Nov 10 2020 Suresh Babu Chalamalasetty - 5.4.72-2 +- Update release number + * Mon Oct 26 2020 Chris Co - 5.4.72-1 - Update source to 5.4.72 - Lint spec diff --git a/SPECS/kernel/config_aarch64 b/SPECS/kernel/config_aarch64 index 92c24607c4b..39aa5f55555 100644 --- a/SPECS/kernel/config_aarch64 +++ b/SPECS/kernel/config_aarch64 @@ -48,6 +48,7 @@ CONFIG_HARDIRQS_SW_RESEND=y CONFIG_GENERIC_IRQ_CHIP=y CONFIG_IRQ_DOMAIN=y CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_IRQ_FASTEOI_HIERARCHY_HANDLERS=y CONFIG_GENERIC_MSI_IRQ=y CONFIG_GENERIC_MSI_IRQ_DOMAIN=y CONFIG_IRQ_MSI_IOMMU=y @@ -92,7 +93,8 @@ CONFIG_TASKSTATS=y CONFIG_TASK_DELAY_ACCT=y CONFIG_TASK_XACCT=y CONFIG_TASK_IO_ACCOUNTING=y -# CONFIG_PSI is not set +CONFIG_PSI=y +# CONFIG_PSI_DEFAULT_DISABLED is not set # end of CPU/Task time and stats accounting CONFIG_CPU_ISOLATION=y @@ -109,8 +111,8 @@ CONFIG_RCU_NEED_SEGCBLIST=y # end of RCU Subsystem CONFIG_IKCONFIG=y -CONFIG_IKCONFIG_PROC=y -# CONFIG_IKHEADERS is not set +# CONFIG_IKCONFIG_PROC is not set +CONFIG_IKHEADERS=m CONFIG_LOG_BUF_SHIFT=18 CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 @@ -119,11 +121,14 @@ CONFIG_GENERIC_SCHED_CLOCK=y # # Scheduler features # +CONFIG_UCLAMP_TASK=y +CONFIG_UCLAMP_BUCKETS_COUNT=5 # end of Scheduler features CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y CONFIG_ARCH_SUPPORTS_INT128=y -# CONFIG_NUMA_BALANCING is not set +CONFIG_NUMA_BALANCING=y +CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y CONFIG_CGROUPS=y CONFIG_PAGE_COUNTER=y CONFIG_MEMCG=y @@ -136,8 +141,9 @@ CONFIG_CGROUP_SCHED=y CONFIG_FAIR_GROUP_SCHED=y CONFIG_CFS_BANDWIDTH=y # CONFIG_RT_GROUP_SCHED is not set +# CONFIG_UCLAMP_TASK_GROUP is not set CONFIG_CGROUP_PIDS=y -# CONFIG_CGROUP_RDMA is not set +CONFIG_CGROUP_RDMA=y CONFIG_CGROUP_FREEZER=y CONFIG_CGROUP_HUGETLB=y CONFIG_CPUSETS=y @@ -145,6 +151,7 @@ CONFIG_PROC_PID_CPUSET=y CONFIG_CGROUP_DEVICE=y CONFIG_CGROUP_CPUACCT=y CONFIG_CGROUP_PERF=y +CONFIG_CGROUP_BPF=y # CONFIG_CGROUP_DEBUG is not set CONFIG_SOCK_CGROUP_DATA=y CONFIG_NAMESPACES=y @@ -153,8 +160,8 @@ CONFIG_IPC_NS=y CONFIG_USER_NS=y CONFIG_PID_NS=y CONFIG_NET_NS=y -# CONFIG_CHECKPOINT_RESTORE is not set -# CONFIG_SCHED_AUTOGROUP is not set +CONFIG_CHECKPOINT_RESTORE=y +CONFIG_SCHED_AUTOGROUP=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_RELAY=y CONFIG_BLK_DEV_INITRD=y @@ -168,9 +175,11 @@ CONFIG_RD_LZ4=y CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y # CONFIG_CC_OPTIMIZE_FOR_SIZE is not set CONFIG_SYSCTL=y +CONFIG_HAVE_UID16=y CONFIG_SYSCTL_EXCEPTION_TRACE=y CONFIG_BPF=y CONFIG_EXPERT=y +CONFIG_UID16=y CONFIG_MULTIUSER=y CONFIG_SGETMASK_SYSCALL=y CONFIG_SYSFS_SYSCALL=y @@ -196,13 +205,15 @@ CONFIG_MEMBARRIER=y CONFIG_KALLSYMS=y CONFIG_KALLSYMS_ALL=y CONFIG_KALLSYMS_BASE_RELATIVE=y -# CONFIG_BPF_SYSCALL is not set -# CONFIG_USERFAULTFD is not set +CONFIG_BPF_SYSCALL=y +CONFIG_BPF_JIT_ALWAYS_ON=y +CONFIG_USERFAULTFD=y CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y -# CONFIG_RSEQ is not set +CONFIG_RSEQ=y +# CONFIG_DEBUG_RSEQ is not set # CONFIG_EMBEDDED is not set CONFIG_HAVE_PERF_EVENTS=y -# CONFIG_PC104 is not set +CONFIG_PC104=y # # Kernel Performance Events And Counters @@ -213,7 +224,7 @@ CONFIG_PERF_EVENTS=y CONFIG_VM_EVENT_COUNTERS=y CONFIG_SLUB_DEBUG=y -# CONFIG_SLUB_MEMCG_SYSFS_ON is not set +CONFIG_SLUB_MEMCG_SYSFS_ON=y # CONFIG_COMPAT_BRK is not set # CONFIG_SLAB is not set CONFIG_SLUB=y @@ -258,35 +269,35 @@ CONFIG_ARCH_PROC_KCORE_TEXT=y # # Platform selection # -# CONFIG_ARCH_ACTIONS is not set -# CONFIG_ARCH_AGILEX is not set +CONFIG_ARCH_ACTIONS=y +CONFIG_ARCH_AGILEX=y CONFIG_ARCH_SUNXI=y # CONFIG_ARCH_ALPINE is not set CONFIG_ARCH_BCM2835=y CONFIG_ARCH_BCM_IPROC=y CONFIG_ARCH_BERLIN=y -# CONFIG_ARCH_BITMAIN is not set +CONFIG_ARCH_BITMAIN=y CONFIG_ARCH_BRCMSTB=y -CONFIG_ARCH_EXYNOS=y -# CONFIG_ARCH_K3 is not set +# CONFIG_ARCH_EXYNOS is not set +CONFIG_ARCH_K3=y CONFIG_ARCH_LAYERSCAPE=y CONFIG_ARCH_LG1K=y CONFIG_ARCH_HISI=y CONFIG_ARCH_MEDIATEK=y CONFIG_ARCH_MESON=y CONFIG_ARCH_MVEBU=y -# CONFIG_ARCH_MXC is not set +CONFIG_ARCH_MXC=y CONFIG_ARCH_QCOM=y -# CONFIG_ARCH_REALTEK is not set -# CONFIG_ARCH_RENESAS is not set +CONFIG_ARCH_REALTEK=y +CONFIG_ARCH_RENESAS=y CONFIG_ARCH_ROCKCHIP=y CONFIG_ARCH_SEATTLE=y CONFIG_ARCH_STRATIX10=y -# CONFIG_ARCH_SYNQUACER is not set +CONFIG_ARCH_SYNQUACER=y CONFIG_ARCH_TEGRA=y CONFIG_ARCH_SPRD=y CONFIG_ARCH_THUNDER=y -# CONFIG_ARCH_THUNDER2 is not set +CONFIG_ARCH_THUNDER2=y # CONFIG_ARCH_UNIPHIER is not set CONFIG_ARCH_VEXPRESS=y CONFIG_ARCH_XGENE=y @@ -307,8 +318,11 @@ CONFIG_ARM64_ERRATUM_827319=y CONFIG_ARM64_ERRATUM_824069=y CONFIG_ARM64_ERRATUM_819472=y CONFIG_ARM64_ERRATUM_832075=y +CONFIG_ARM64_ERRATUM_834220=y +CONFIG_ARM64_ERRATUM_845719=y CONFIG_ARM64_ERRATUM_843419=y CONFIG_ARM64_ERRATUM_1024718=y +CONFIG_ARM64_ERRATUM_1418040=y CONFIG_ARM64_ERRATUM_1165522=y CONFIG_ARM64_ERRATUM_1286807=y CONFIG_ARM64_ERRATUM_1463225=y @@ -340,10 +354,10 @@ CONFIG_ARM64_PA_BITS=48 # CONFIG_CPU_BIG_ENDIAN is not set CONFIG_SCHED_MC=y CONFIG_SCHED_SMT=y -CONFIG_NR_CPUS=128 +CONFIG_NR_CPUS=256 CONFIG_HOTPLUG_CPU=y CONFIG_NUMA=y -CONFIG_NODES_SHIFT=10 +CONFIG_NODES_SHIFT=6 CONFIG_USE_PERCPU_NUMA_NODE_ID=y CONFIG_HAVE_SETUP_PER_CPU_AREA=y CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y @@ -369,7 +383,11 @@ CONFIG_PARAVIRT=y # CONFIG_PARAVIRT_TIME_ACCOUNTING is not set CONFIG_KEXEC=y CONFIG_KEXEC_FILE=y -# CONFIG_KEXEC_SIG is not set +CONFIG_KEXEC_SIG=y + +# +# Support for PE file signature verification disabled +# CONFIG_CRASH_DUMP=y CONFIG_TRANS_TABLE=y CONFIG_XEN_DOM0=y @@ -382,7 +400,12 @@ CONFIG_ARM64_SSBD=y CONFIG_RODATA_FULL_DEFAULT_ENABLED=y CONFIG_ARM64_SW_TTBR0_PAN=y CONFIG_ARM64_TAGGED_ADDR_ABI=y -# CONFIG_COMPAT is not set +CONFIG_COMPAT=y +CONFIG_KUSER_HELPERS=y +CONFIG_ARMV8_DEPRECATED=y +CONFIG_SWP_EMULATION=y +CONFIG_CP15_BARRIER_EMULATION=y +CONFIG_SETEND_EMULATION=y # # ARMv8.1 architectural features @@ -397,8 +420,8 @@ CONFIG_ARM64_VHE=y # ARMv8.2 architectural features # CONFIG_ARM64_UAO=y -# CONFIG_ARM64_PMEM is not set -# CONFIG_ARM64_RAS_EXTN is not set +CONFIG_ARM64_PMEM=y +CONFIG_ARM64_RAS_EXTN=y CONFIG_ARM64_CNP=y # end of ARMv8.2 architectural features @@ -408,9 +431,10 @@ CONFIG_ARM64_CNP=y CONFIG_ARM64_PTR_AUTH=y # end of ARMv8.3 architectural features -# CONFIG_ARM64_SVE is not set +CONFIG_ARM64_SVE=y CONFIG_ARM64_MODULE_PLTS=y -# CONFIG_ARM64_PSEUDO_NMI is not set +CONFIG_ARM64_PSEUDO_NMI=y +# CONFIG_ARM64_DEBUG_PRIORITY_MASKING is not set CONFIG_RELOCATABLE=y CONFIG_RANDOMIZE_BASE=y CONFIG_RANDOMIZE_MODULE_REGION_FULL=y @@ -421,7 +445,7 @@ CONFIG_STACKPROTECTOR_PER_TASK=y # # Boot options # -# CONFIG_ARM64_ACPI_PARKING_PROTOCOL is not set +CONFIG_ARM64_ACPI_PARKING_PROTOCOL=y CONFIG_CMDLINE="" # CONFIG_CMDLINE_FORCE is not set CONFIG_EFI_STUB=y @@ -429,6 +453,7 @@ CONFIG_EFI=y CONFIG_DMI=y # end of Boot options +CONFIG_SYSVIPC_COMPAT=y CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y # @@ -441,12 +466,18 @@ CONFIG_SUSPEND_FREEZER=y CONFIG_PM_SLEEP=y CONFIG_PM_SLEEP_SMP=y # CONFIG_PM_AUTOSLEEP is not set -# CONFIG_PM_WAKELOCKS is not set +CONFIG_PM_WAKELOCKS=y +CONFIG_PM_WAKELOCKS_LIMIT=100 +CONFIG_PM_WAKELOCKS_GC=y CONFIG_PM=y -# CONFIG_PM_DEBUG is not set +CONFIG_PM_DEBUG=y +CONFIG_PM_ADVANCED_DEBUG=y +# CONFIG_PM_TEST_SUSPEND is not set +CONFIG_PM_SLEEP_DEBUG=y +# CONFIG_DPM_WATCHDOG is not set CONFIG_PM_CLK=y CONFIG_PM_GENERIC_DOMAINS=y -# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set +CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y CONFIG_PM_GENERIC_DOMAINS_SLEEP=y CONFIG_PM_GENERIC_DOMAINS_OF=y CONFIG_CPU_PM=y @@ -491,11 +522,11 @@ CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y # CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE is not set # CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL is not set CONFIG_CPU_FREQ_GOV_PERFORMANCE=y -CONFIG_CPU_FREQ_GOV_POWERSAVE=m -CONFIG_CPU_FREQ_GOV_USERSPACE=m -CONFIG_CPU_FREQ_GOV_ONDEMAND=m -CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m -# CONFIG_CPU_FREQ_GOV_SCHEDUTIL is not set +CONFIG_CPU_FREQ_GOV_POWERSAVE=y +CONFIG_CPU_FREQ_GOV_USERSPACE=y +CONFIG_CPU_FREQ_GOV_ONDEMAND=y +CONFIG_CPU_FREQ_GOV_CONSERVATIVE=y +CONFIG_CPU_FREQ_GOV_SCHEDUTIL=y # # CPU frequency scaling drivers @@ -503,11 +534,15 @@ CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m CONFIG_CPUFREQ_DT=y CONFIG_CPUFREQ_DT_PLATDEV=y CONFIG_ACPI_CPPC_CPUFREQ=m -# CONFIG_ARM_ARMADA_37XX_CPUFREQ is not set -# CONFIG_ARM_ARMADA_8K_CPUFREQ is not set -CONFIG_ARM_BRCMSTB_AVS_CPUFREQ=y -# CONFIG_ARM_MEDIATEK_CPUFREQ is not set -# CONFIG_ARM_QCOM_CPUFREQ_HW is not set +CONFIG_ARM_ARMADA_37XX_CPUFREQ=m +CONFIG_ARM_ARMADA_8K_CPUFREQ=m +CONFIG_ARM_SCPI_CPUFREQ=m +CONFIG_ARM_BRCMSTB_AVS_CPUFREQ=m +CONFIG_ARM_IMX_CPUFREQ_DT=m +CONFIG_ARM_MEDIATEK_CPUFREQ=m +CONFIG_ARM_QCOM_CPUFREQ_HW=m +CONFIG_ARM_RASPBERRYPI_CPUFREQ=m +CONFIG_ARM_SCMI_CPUFREQ=m CONFIG_ARM_TEGRA20_CPUFREQ=y CONFIG_ARM_TEGRA124_CPUFREQ=y CONFIG_QORIQ_CPUFREQ=m @@ -517,20 +552,24 @@ CONFIG_QORIQ_CPUFREQ=m # # Firmware Drivers # -# CONFIG_ARM_SCMI_PROTOCOL is not set -CONFIG_ARM_SCPI_PROTOCOL=y -CONFIG_ARM_SCPI_POWER_DOMAIN=y -# CONFIG_ARM_SDE_INTERFACE is not set +CONFIG_ARM_SCMI_PROTOCOL=y +CONFIG_ARM_SCMI_POWER_DOMAIN=m +CONFIG_ARM_SCPI_PROTOCOL=m +CONFIG_ARM_SCPI_POWER_DOMAIN=m +CONFIG_ARM_SDE_INTERFACE=y CONFIG_FIRMWARE_MEMMAP=y CONFIG_DMIID=y -# CONFIG_DMI_SYSFS is not set -# CONFIG_ISCSI_IBFT is not set +CONFIG_DMI_SYSFS=m +CONFIG_ISCSI_IBFT=m CONFIG_RASPBERRYPI_FIRMWARE=y -# CONFIG_FW_CFG_SYSFS is not set -# CONFIG_INTEL_STRATIX10_SERVICE is not set +CONFIG_FW_CFG_SYSFS=m +# CONFIG_FW_CFG_SYSFS_CMDLINE is not set +CONFIG_INTEL_STRATIX10_SERVICE=m +# CONFIG_INTEL_STRATIX10_RSU is not set CONFIG_QCOM_SCM=y CONFIG_QCOM_SCM_64=y # CONFIG_QCOM_SCM_DOWNLOAD_MODE_DEFAULT is not set +CONFIG_TI_SCI_PROTOCOL=y # CONFIG_TURRIS_MOX_RWTM is not set CONFIG_HAVE_ARM_SMCCC=y CONFIG_ARM_PSCI_FW=y @@ -540,18 +579,25 @@ CONFIG_ARM_PSCI_FW=y # # EFI (Extensible Firmware Interface) Support # -# CONFIG_EFI_VARS is not set +CONFIG_EFI_VARS=y CONFIG_EFI_ESRT=y +CONFIG_EFI_VARS_PSTORE=m +# CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE is not set +CONFIG_EFI_SOFT_RESERVE=y CONFIG_EFI_PARAMS_FROM_FDT=y CONFIG_EFI_RUNTIME_WRAPPERS=y CONFIG_EFI_ARMSTUB=y CONFIG_EFI_ARMSTUB_DTB_LOADER=y +# CONFIG_EFI_BOOTLOADER_CONTROL is not set # CONFIG_EFI_CAPSULE_LOADER is not set # CONFIG_EFI_TEST is not set CONFIG_RESET_ATTACK_MITIGATION=y # end of EFI (Extensible Firmware Interface) Support +CONFIG_UEFI_CPER=y +CONFIG_UEFI_CPER_ARM=y CONFIG_EFI_EARLYCON=y +CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y CONFIG_MESON_SM=y # @@ -577,10 +623,10 @@ CONFIG_ACPI_SPCR_TABLE=y CONFIG_ACPI_EC_DEBUGFS=m CONFIG_ACPI_AC=y CONFIG_ACPI_BATTERY=y -CONFIG_ACPI_BUTTON=m -CONFIG_ACPI_FAN=m -# CONFIG_ACPI_TAD is not set -# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_BUTTON=y +CONFIG_ACPI_FAN=y +CONFIG_ACPI_TAD=m +CONFIG_ACPI_DOCK=y CONFIG_ACPI_PROCESSOR_IDLE=y CONFIG_ACPI_MCFG=y CONFIG_ACPI_CPPC_LIB=y @@ -589,31 +635,74 @@ CONFIG_ACPI_IPMI=m CONFIG_ACPI_HOTPLUG_CPU=y CONFIG_ACPI_THERMAL=y CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y -# CONFIG_ACPI_TABLE_UPGRADE is not set +CONFIG_ACPI_TABLE_UPGRADE=y # CONFIG_ACPI_DEBUG is not set CONFIG_ACPI_PCI_SLOT=y CONFIG_ACPI_CONTAINER=y +CONFIG_ACPI_HOTPLUG_MEMORY=y CONFIG_ACPI_HED=y # CONFIG_ACPI_CUSTOM_METHOD is not set -# CONFIG_ACPI_BGRT is not set +CONFIG_ACPI_BGRT=y CONFIG_ACPI_REDUCED_HARDWARE_ONLY=y +CONFIG_ACPI_NFIT=m +# CONFIG_NFIT_SECURITY_DEBUG is not set CONFIG_ACPI_NUMA=y -# CONFIG_ACPI_HMAT is not set +CONFIG_ACPI_HMAT=y CONFIG_HAVE_ACPI_APEI=y -# CONFIG_ACPI_APEI is not set -CONFIG_PMIC_OPREGION=y -# CONFIG_ACPI_CONFIGFS is not set +CONFIG_ACPI_APEI=y +CONFIG_ACPI_APEI_GHES=y +CONFIG_ACPI_APEI_PCIEAER=y +CONFIG_ACPI_APEI_SEA=y +CONFIG_ACPI_APEI_MEMORY_FAILURE=y +CONFIG_ACPI_APEI_EINJ=m +# CONFIG_ACPI_APEI_ERST_DEBUG is not set +# CONFIG_PMIC_OPREGION is not set +CONFIG_ACPI_CONFIGFS=m CONFIG_ACPI_IORT=y CONFIG_ACPI_GTDT=y CONFIG_ACPI_PPTT=y -CONFIG_IRQ_BYPASS_MANAGER=m +CONFIG_HAVE_KVM_IRQCHIP=y +CONFIG_HAVE_KVM_IRQFD=y +CONFIG_HAVE_KVM_IRQ_ROUTING=y +CONFIG_HAVE_KVM_EVENTFD=y +CONFIG_KVM_MMIO=y +CONFIG_HAVE_KVM_MSI=y +CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y +CONFIG_KVM_VFIO=y +CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL=y +CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT=y +CONFIG_HAVE_KVM_IRQ_BYPASS=y +CONFIG_HAVE_KVM_VCPU_RUN_PID_CHANGE=y +CONFIG_IRQ_BYPASS_MANAGER=y CONFIG_VIRTUALIZATION=y -# CONFIG_KVM is not set +CONFIG_KVM=y +CONFIG_KVM_ARM_HOST=y +CONFIG_KVM_ARM_PMU=y +CONFIG_KVM_INDIRECT_VECTORS=y CONFIG_VHOST_NET=m CONFIG_VHOST_VSOCK=m CONFIG_VHOST=m # CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set -# CONFIG_ARM64_CRYPTO is not set +CONFIG_ARM64_CRYPTO=y +CONFIG_CRYPTO_SHA256_ARM64=m +CONFIG_CRYPTO_SHA512_ARM64=m +CONFIG_CRYPTO_SHA1_ARM64_CE=m +CONFIG_CRYPTO_SHA2_ARM64_CE=m +CONFIG_CRYPTO_SHA512_ARM64_CE=m +CONFIG_CRYPTO_SHA3_ARM64=m +CONFIG_CRYPTO_SM3_ARM64_CE=m +CONFIG_CRYPTO_SM4_ARM64_CE=m +CONFIG_CRYPTO_GHASH_ARM64_CE=m +CONFIG_CRYPTO_CRCT10DIF_ARM64_CE=m +CONFIG_CRYPTO_AES_ARM64=m +CONFIG_CRYPTO_AES_ARM64_CE=m +CONFIG_CRYPTO_AES_ARM64_CE_CCM=m +CONFIG_CRYPTO_AES_ARM64_CE_BLK=m +CONFIG_CRYPTO_AES_ARM64_NEON_BLK=m +CONFIG_CRYPTO_CHACHA20_NEON=m +# CONFIG_CRYPTO_POLY1305_NEON is not set +CONFIG_CRYPTO_NHPOLY1305_NEON=m +CONFIG_CRYPTO_AES_ARM64_BS=m # # General architecture-dependent options @@ -655,6 +744,7 @@ CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y CONFIG_HAVE_CMPXCHG_LOCAL=y CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y CONFIG_HAVE_ARCH_SECCOMP_FILTER=y CONFIG_SECCOMP_FILTER=y CONFIG_HAVE_ARCH_STACKLEAK=y @@ -672,10 +762,15 @@ CONFIG_MODULES_USE_ELF_RELA=y CONFIG_ARCH_HAS_ELF_RANDOMIZE=y CONFIG_HAVE_ARCH_MMAP_RND_BITS=y CONFIG_ARCH_MMAP_RND_BITS=32 +CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS=y +CONFIG_ARCH_MMAP_RND_COMPAT_BITS=11 CONFIG_ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT=y CONFIG_HAVE_COPY_THREAD_TLS=y CONFIG_CLONE_BACKWARDS=y +CONFIG_OLD_SIGSUSPEND3=y +CONFIG_COMPAT_OLD_SIGACTION=y CONFIG_64BIT_TIME=y +CONFIG_COMPAT_32BIT_TIME=y CONFIG_HAVE_ARCH_VMAP_STACK=y CONFIG_VMAP_STACK=y CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y @@ -732,53 +827,61 @@ CONFIG_BLK_SCSI_REQUEST=y CONFIG_BLK_DEV_BSG=y CONFIG_BLK_DEV_BSGLIB=y CONFIG_BLK_DEV_INTEGRITY=y -# CONFIG_BLK_DEV_ZONED is not set +CONFIG_BLK_DEV_ZONED=y CONFIG_BLK_DEV_THROTTLING=y # CONFIG_BLK_DEV_THROTTLING_LOW is not set -# CONFIG_BLK_CMDLINE_PARSER is not set -# CONFIG_BLK_WBT is not set +CONFIG_BLK_CMDLINE_PARSER=y +CONFIG_BLK_WBT=y # CONFIG_BLK_CGROUP_IOLATENCY is not set # CONFIG_BLK_CGROUP_IOCOST is not set +CONFIG_BLK_WBT_MQ=y CONFIG_BLK_DEBUG_FS=y -# CONFIG_BLK_SED_OPAL is not set +CONFIG_BLK_DEBUG_FS_ZONED=y +CONFIG_BLK_SED_OPAL=y # # Partition Types # CONFIG_PARTITION_ADVANCED=y # CONFIG_ACORN_PARTITION is not set -# CONFIG_AIX_PARTITION is not set -# CONFIG_OSF_PARTITION is not set -# CONFIG_AMIGA_PARTITION is not set -# CONFIG_ATARI_PARTITION is not set -# CONFIG_MAC_PARTITION is not set +CONFIG_AIX_PARTITION=y +CONFIG_OSF_PARTITION=y +CONFIG_AMIGA_PARTITION=y +CONFIG_ATARI_PARTITION=y +CONFIG_MAC_PARTITION=y CONFIG_MSDOS_PARTITION=y CONFIG_BSD_DISKLABEL=y CONFIG_MINIX_SUBPARTITION=y CONFIG_SOLARIS_X86_PARTITION=y CONFIG_UNIXWARE_DISKLABEL=y -# CONFIG_LDM_PARTITION is not set -# CONFIG_SGI_PARTITION is not set -# CONFIG_ULTRIX_PARTITION is not set -# CONFIG_SUN_PARTITION is not set -# CONFIG_KARMA_PARTITION is not set +CONFIG_LDM_PARTITION=y +# CONFIG_LDM_DEBUG is not set +CONFIG_SGI_PARTITION=y +CONFIG_ULTRIX_PARTITION=y +CONFIG_SUN_PARTITION=y +CONFIG_KARMA_PARTITION=y CONFIG_EFI_PARTITION=y -# CONFIG_SYSV68_PARTITION is not set -# CONFIG_CMDLINE_PARTITION is not set +CONFIG_SYSV68_PARTITION=y +CONFIG_CMDLINE_PARTITION=y # end of Partition Types +CONFIG_BLOCK_COMPAT=y CONFIG_BLK_MQ_PCI=y CONFIG_BLK_MQ_VIRTIO=y +CONFIG_BLK_MQ_RDMA=y CONFIG_BLK_PM=y # # IO Schedulers # CONFIG_MQ_IOSCHED_DEADLINE=y -CONFIG_MQ_IOSCHED_KYBER=y -# CONFIG_IOSCHED_BFQ is not set +CONFIG_MQ_IOSCHED_KYBER=m +CONFIG_IOSCHED_BFQ=m +CONFIG_BFQ_GROUP_IOSCHED=y +# CONFIG_BFQ_CGROUP_DEBUG is not set # end of IO Schedulers +CONFIG_PREEMPT_NOTIFIERS=y CONFIG_ASN1=y CONFIG_ARCH_INLINE_SPIN_TRYLOCK=y CONFIG_ARCH_INLINE_SPIN_TRYLOCK_BH=y @@ -846,6 +949,7 @@ CONFIG_FREEZER=y # Executable file formats # CONFIG_BINFMT_ELF=y +CONFIG_COMPAT_BINFMT_ELF=y CONFIG_ELFCORE=y CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y CONFIG_BINFMT_SCRIPT=y @@ -868,7 +972,9 @@ CONFIG_HAVE_MEMBLOCK_NODE_MAP=y CONFIG_HAVE_FAST_GUP=y CONFIG_ARCH_KEEP_MEMBLOCK=y CONFIG_MEMORY_ISOLATION=y -# CONFIG_MEMORY_HOTPLUG is not set +CONFIG_MEMORY_HOTPLUG=y +CONFIG_MEMORY_HOTPLUG_SPARSE=y +CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE=y CONFIG_SPLIT_PTLOCK_CPUS=4 CONFIG_MEMORY_BALLOON=y CONFIG_BALLOON_COMPACTION=y @@ -881,7 +987,8 @@ CONFIG_MMU_NOTIFIER=y CONFIG_KSM=y CONFIG_DEFAULT_MMAP_MIN_ADDR=32768 CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y -# CONFIG_MEMORY_FAILURE is not set +CONFIG_MEMORY_FAILURE=y +CONFIG_HWPOISON_INJECT=m CONFIG_TRANSPARENT_HUGEPAGE=y CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=y # CONFIG_TRANSPARENT_HUGEPAGE_MADVISE is not set @@ -895,7 +1002,7 @@ CONFIG_CMA_AREAS=7 CONFIG_ZSWAP=y CONFIG_ZPOOL=y CONFIG_ZBUD=y -CONFIG_Z3FOLD=y +CONFIG_Z3FOLD=m CONFIG_ZSMALLOC=y CONFIG_PGTABLE_MAPPING=y # CONFIG_ZSMALLOC_STAT is not set @@ -911,6 +1018,7 @@ CONFIG_ARCH_HAS_PTE_SPECIAL=y # end of Memory Management options CONFIG_NET=y +CONFIG_COMPAT_NETLINK_MESSAGES=y CONFIG_NET_INGRESS=y CONFIG_NET_EGRESS=y CONFIG_SKB_EXTENSIONS=y @@ -923,17 +1031,23 @@ CONFIG_PACKET_DIAG=m CONFIG_UNIX=y CONFIG_UNIX_SCM=y CONFIG_UNIX_DIAG=m -# CONFIG_TLS is not set +CONFIG_TLS=m +CONFIG_TLS_DEVICE=y CONFIG_XFRM=y +CONFIG_XFRM_OFFLOAD=y CONFIG_XFRM_ALGO=m CONFIG_XFRM_USER=m -# CONFIG_XFRM_INTERFACE is not set -CONFIG_XFRM_SUB_POLICY=y -CONFIG_XFRM_MIGRATE=y +CONFIG_XFRM_INTERFACE=m +# CONFIG_XFRM_SUB_POLICY is not set +# CONFIG_XFRM_MIGRATE is not set CONFIG_XFRM_STATISTICS=y CONFIG_XFRM_IPCOMP=m CONFIG_NET_KEY=m # CONFIG_NET_KEY_MIGRATE is not set +CONFIG_SMC=m +CONFIG_SMC_DIAG=m +CONFIG_XDP_SOCKETS=y +CONFIG_XDP_SOCKETS_DIAG=m CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y @@ -956,32 +1070,32 @@ CONFIG_IP_PIMSM_V2=y CONFIG_SYN_COOKIES=y CONFIG_NET_IPVTI=m CONFIG_NET_UDP_TUNNEL=m -# CONFIG_NET_FOU is not set -# CONFIG_NET_FOU_IP_TUNNELS is not set +CONFIG_NET_FOU=m +CONFIG_NET_FOU_IP_TUNNELS=y CONFIG_INET_AH=m CONFIG_INET_ESP=m -# CONFIG_INET_ESP_OFFLOAD is not set +CONFIG_INET_ESP_OFFLOAD=m CONFIG_INET_IPCOMP=m CONFIG_INET_XFRM_TUNNEL=m CONFIG_INET_TUNNEL=m # CONFIG_INET_DIAG is not set CONFIG_TCP_CONG_ADVANCED=y -# CONFIG_TCP_CONG_BIC is not set +CONFIG_TCP_CONG_BIC=m CONFIG_TCP_CONG_CUBIC=y -# CONFIG_TCP_CONG_WESTWOOD is not set -# CONFIG_TCP_CONG_HTCP is not set -# CONFIG_TCP_CONG_HSTCP is not set -# CONFIG_TCP_CONG_HYBLA is not set -# CONFIG_TCP_CONG_VEGAS is not set -# CONFIG_TCP_CONG_NV is not set -# CONFIG_TCP_CONG_SCALABLE is not set -# CONFIG_TCP_CONG_LP is not set -# CONFIG_TCP_CONG_VENO is not set -# CONFIG_TCP_CONG_YEAH is not set -# CONFIG_TCP_CONG_ILLINOIS is not set -# CONFIG_TCP_CONG_DCTCP is not set -# CONFIG_TCP_CONG_CDG is not set -# CONFIG_TCP_CONG_BBR is not set +CONFIG_TCP_CONG_WESTWOOD=m +CONFIG_TCP_CONG_HTCP=m +CONFIG_TCP_CONG_HSTCP=m +CONFIG_TCP_CONG_HYBLA=m +CONFIG_TCP_CONG_VEGAS=m +CONFIG_TCP_CONG_NV=m +CONFIG_TCP_CONG_SCALABLE=m +CONFIG_TCP_CONG_LP=m +CONFIG_TCP_CONG_VENO=m +CONFIG_TCP_CONG_YEAH=m +CONFIG_TCP_CONG_ILLINOIS=m +CONFIG_TCP_CONG_DCTCP=m +CONFIG_TCP_CONG_CDG=m +CONFIG_TCP_CONG_BBR=m CONFIG_DEFAULT_CUBIC=y # CONFIG_DEFAULT_RENO is not set CONFIG_DEFAULT_TCP_CONG="cubic" @@ -992,10 +1106,10 @@ CONFIG_IPV6_ROUTE_INFO=y CONFIG_IPV6_OPTIMISTIC_DAD=y CONFIG_INET6_AH=m CONFIG_INET6_ESP=m -# CONFIG_INET6_ESP_OFFLOAD is not set +CONFIG_INET6_ESP_OFFLOAD=m CONFIG_INET6_IPCOMP=m CONFIG_IPV6_MIP6=m -# CONFIG_IPV6_ILA is not set +CONFIG_IPV6_ILA=m CONFIG_INET6_XFRM_TUNNEL=m CONFIG_INET6_TUNNEL=m CONFIG_IPV6_VTI=m @@ -1004,13 +1118,16 @@ CONFIG_IPV6_SIT_6RD=y CONFIG_IPV6_NDISC_NODETYPE=y CONFIG_IPV6_TUNNEL=m CONFIG_IPV6_GRE=m +CONFIG_IPV6_FOU=m +CONFIG_IPV6_FOU_TUNNEL=m CONFIG_IPV6_MULTIPLE_TABLES=y CONFIG_IPV6_SUBTREES=y CONFIG_IPV6_MROUTE=y CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y CONFIG_IPV6_PIMSM_V2=y -# CONFIG_IPV6_SEG6_LWTUNNEL is not set -# CONFIG_IPV6_SEG6_HMAC is not set +CONFIG_IPV6_SEG6_LWTUNNEL=y +CONFIG_IPV6_SEG6_HMAC=y +CONFIG_IPV6_SEG6_BPF=y CONFIG_NETLABEL=y CONFIG_NETWORK_SECMARK=y CONFIG_NET_PTP_CLASSIFY=y @@ -1032,7 +1149,7 @@ CONFIG_NETFILTER_NETLINK_LOG=m CONFIG_NETFILTER_NETLINK_OSF=m CONFIG_NF_CONNTRACK=m CONFIG_NF_LOG_COMMON=m -# CONFIG_NF_LOG_NETDEV is not set +CONFIG_NF_LOG_NETDEV=m CONFIG_NETFILTER_CONNCOUNT=m CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_SECMARK=y @@ -1059,7 +1176,8 @@ CONFIG_NF_CONNTRACK_SIP=m CONFIG_NF_CONNTRACK_TFTP=m CONFIG_NF_CT_NETLINK=m CONFIG_NF_CT_NETLINK_TIMEOUT=m -# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set +CONFIG_NF_CT_NETLINK_HELPER=m +CONFIG_NETFILTER_NETLINK_GLUE_CT=y CONFIG_NF_NAT=m CONFIG_NF_NAT_AMANDA=m CONFIG_NF_NAT_FTP=m @@ -1070,31 +1188,41 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m -# CONFIG_NF_TABLES_SET is not set -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_SET=m +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m +CONFIG_NFT_FLOW_OFFLOAD=m CONFIG_NFT_COUNTER=m -# CONFIG_NFT_CONNLIMIT is not set +CONFIG_NFT_CONNLIMIT=m CONFIG_NFT_LOG=m CONFIG_NFT_LIMIT=m CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m -# CONFIG_NFT_OBJREF is not set +CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m -# CONFIG_NFT_XFRM is not set -# CONFIG_NFT_SOCKET is not set -# CONFIG_NFT_OSF is not set -# CONFIG_NFT_TPROXY is not set -# CONFIG_NFT_SYNPROXY is not set -# CONFIG_NF_FLOW_TABLE is not set -CONFIG_NETFILTER_XTABLES=y +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m +CONFIG_NFT_XFRM=m +CONFIG_NFT_SOCKET=m +CONFIG_NFT_OSF=m +CONFIG_NFT_TPROXY=m +CONFIG_NFT_SYNPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m +CONFIG_NF_FLOW_TABLE_INET=m +CONFIG_NF_FLOW_TABLE=m +CONFIG_NETFILTER_XTABLES=m # # Xtables combined modules @@ -1106,7 +1234,7 @@ CONFIG_NETFILTER_XT_SET=m # # Xtables targets # -# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set +CONFIG_NETFILTER_XT_TARGET_AUDIT=m CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m CONFIG_NETFILTER_XT_TARGET_CONNMARK=m @@ -1116,7 +1244,7 @@ CONFIG_NETFILTER_XT_TARGET_DSCP=m CONFIG_NETFILTER_XT_TARGET_HL=m CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m -# CONFIG_NETFILTER_XT_TARGET_LED is not set +CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m @@ -1129,7 +1257,7 @@ CONFIG_NETFILTER_XT_TARGET_REDIRECT=m CONFIG_NETFILTER_XT_TARGET_MASQUERADE=m CONFIG_NETFILTER_XT_TARGET_TEE=m CONFIG_NETFILTER_XT_TARGET_TPROXY=m -# CONFIG_NETFILTER_XT_TARGET_TRACE is not set +CONFIG_NETFILTER_XT_TARGET_TRACE=m CONFIG_NETFILTER_XT_TARGET_SECMARK=m CONFIG_NETFILTER_XT_TARGET_TCPMSS=m CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m @@ -1156,10 +1284,10 @@ CONFIG_NETFILTER_XT_MATCH_ESP=m CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m CONFIG_NETFILTER_XT_MATCH_HELPER=m CONFIG_NETFILTER_XT_MATCH_HL=m -# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set +CONFIG_NETFILTER_XT_MATCH_IPCOMP=m CONFIG_NETFILTER_XT_MATCH_IPRANGE=m CONFIG_NETFILTER_XT_MATCH_IPVS=m -# CONFIG_NETFILTER_XT_MATCH_L2TP is not set +CONFIG_NETFILTER_XT_MATCH_L2TP=m CONFIG_NETFILTER_XT_MATCH_LENGTH=m CONFIG_NETFILTER_XT_MATCH_LIMIT=m CONFIG_NETFILTER_XT_MATCH_MAC=m @@ -1195,7 +1323,7 @@ CONFIG_IP_SET_HASH_IPMARK=m CONFIG_IP_SET_HASH_IPPORT=m CONFIG_IP_SET_HASH_IPPORTIP=m CONFIG_IP_SET_HASH_IPPORTNET=m -# CONFIG_IP_SET_HASH_IPMAC is not set +CONFIG_IP_SET_HASH_IPMAC=m CONFIG_IP_SET_HASH_MAC=m CONFIG_IP_SET_HASH_NETPORTNET=m CONFIG_IP_SET_HASH_NET=m @@ -1225,13 +1353,13 @@ CONFIG_IP_VS_RR=m CONFIG_IP_VS_WRR=m CONFIG_IP_VS_LC=m CONFIG_IP_VS_WLC=m -# CONFIG_IP_VS_FO is not set -# CONFIG_IP_VS_OVF is not set +CONFIG_IP_VS_FO=m +CONFIG_IP_VS_OVF=m CONFIG_IP_VS_LBLC=m CONFIG_IP_VS_LBLCR=m CONFIG_IP_VS_DH=m CONFIG_IP_VS_SH=m -# CONFIG_IP_VS_MH is not set +CONFIG_IP_VS_MH=m CONFIG_IP_VS_SED=m CONFIG_IP_VS_NQ=m @@ -1258,10 +1386,14 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y +CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m -# CONFIG_NF_LOG_ARP is not set +CONFIG_NF_LOG_ARP=m CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m @@ -1295,7 +1427,11 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m +CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m @@ -1309,7 +1445,7 @@ CONFIG_IP6_NF_MATCH_IPV6HEADER=m CONFIG_IP6_NF_MATCH_MH=m CONFIG_IP6_NF_MATCH_RPFILTER=m CONFIG_IP6_NF_MATCH_RT=m -# CONFIG_IP6_NF_MATCH_SRH is not set +CONFIG_IP6_NF_MATCH_SRH=m CONFIG_IP6_NF_TARGET_HL=m CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_TARGET_REJECT=m @@ -1323,8 +1459,18 @@ CONFIG_IP6_NF_TARGET_NPT=m # end of IPv6: Netfilter Configuration CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set -# CONFIG_NF_CONNTRACK_BRIDGE is not set + +# +# DECnet: Netfilter Configuration +# +CONFIG_DECNET_NF_GRABULATOR=m +# end of DECnet: Netfilter Configuration + +CONFIG_NF_TABLES_BRIDGE=m +CONFIG_NFT_BRIDGE_META=m +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m +CONFIG_NF_CONNTRACK_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m @@ -1350,15 +1496,31 @@ CONFIG_BRIDGE_EBT_NFLOG=m # CONFIG_IP_DCCP is not set CONFIG_IP_SCTP=m # CONFIG_SCTP_DBG_OBJCNT is not set -CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y -# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_SHA1 is not set +# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5 is not set +CONFIG_SCTP_DEFAULT_COOKIE_HMAC_SHA1=y # CONFIG_SCTP_DEFAULT_COOKIE_HMAC_NONE is not set CONFIG_SCTP_COOKIE_HMAC_MD5=y CONFIG_SCTP_COOKIE_HMAC_SHA1=y -# CONFIG_RDS is not set -# CONFIG_TIPC is not set -# CONFIG_ATM is not set -# CONFIG_L2TP is not set +CONFIG_RDS=m +CONFIG_RDS_RDMA=m +CONFIG_RDS_TCP=m +# CONFIG_RDS_DEBUG is not set +CONFIG_TIPC=m +CONFIG_TIPC_MEDIA_IB=y +CONFIG_TIPC_MEDIA_UDP=y +CONFIG_TIPC_DIAG=m +CONFIG_ATM=m +CONFIG_ATM_CLIP=m +# CONFIG_ATM_CLIP_NO_ICMP is not set +CONFIG_ATM_LANE=m +CONFIG_ATM_MPOA=m +CONFIG_ATM_BR2684=m +# CONFIG_ATM_BR2684_IPFILTER is not set +CONFIG_L2TP=m +CONFIG_L2TP_DEBUGFS=m +CONFIG_L2TP_V3=y +CONFIG_L2TP_IP=m +CONFIG_L2TP_ETH=m CONFIG_STP=m CONFIG_GARP=m CONFIG_MRP=m @@ -1366,19 +1528,54 @@ CONFIG_BRIDGE=m CONFIG_BRIDGE_IGMP_SNOOPING=y CONFIG_BRIDGE_VLAN_FILTERING=y CONFIG_HAVE_NET_DSA=y -# CONFIG_NET_DSA is not set +CONFIG_NET_DSA=m +CONFIG_NET_DSA_TAG_8021Q=m +CONFIG_NET_DSA_TAG_BRCM_COMMON=m +CONFIG_NET_DSA_TAG_BRCM=m +CONFIG_NET_DSA_TAG_BRCM_PREPEND=m +CONFIG_NET_DSA_TAG_GSWIP=m +CONFIG_NET_DSA_TAG_DSA=m +CONFIG_NET_DSA_TAG_EDSA=m +CONFIG_NET_DSA_TAG_MTK=m +CONFIG_NET_DSA_TAG_KSZ=m +CONFIG_NET_DSA_TAG_QCA=m +CONFIG_NET_DSA_TAG_LAN9303=m +CONFIG_NET_DSA_TAG_SJA1105=m +CONFIG_NET_DSA_TAG_TRAILER=m CONFIG_VLAN_8021Q=m CONFIG_VLAN_8021Q_GVRP=y CONFIG_VLAN_8021Q_MVRP=y -# CONFIG_DECNET is not set +CONFIG_DECNET=m +# CONFIG_DECNET_ROUTER is not set CONFIG_LLC=m -# CONFIG_LLC2 is not set -# CONFIG_ATALK is not set -# CONFIG_X25 is not set -# CONFIG_LAPB is not set -# CONFIG_PHONET is not set -# CONFIG_6LOWPAN is not set -# CONFIG_IEEE802154 is not set +CONFIG_LLC2=m +CONFIG_ATALK=m +CONFIG_DEV_APPLETALK=m +# CONFIG_IPDDP is not set +CONFIG_X25=m +CONFIG_LAPB=m +CONFIG_PHONET=m +CONFIG_6LOWPAN=m +# CONFIG_6LOWPAN_DEBUGFS is not set +CONFIG_6LOWPAN_NHC=m +CONFIG_6LOWPAN_NHC_DEST=m +CONFIG_6LOWPAN_NHC_FRAGMENT=m +CONFIG_6LOWPAN_NHC_HOP=m +CONFIG_6LOWPAN_NHC_IPV6=m +CONFIG_6LOWPAN_NHC_MOBILITY=m +CONFIG_6LOWPAN_NHC_ROUTING=m +CONFIG_6LOWPAN_NHC_UDP=m +# CONFIG_6LOWPAN_GHC_EXT_HDR_HOP is not set +# CONFIG_6LOWPAN_GHC_UDP is not set +# CONFIG_6LOWPAN_GHC_ICMPV6 is not set +# CONFIG_6LOWPAN_GHC_EXT_HDR_DEST is not set +# CONFIG_6LOWPAN_GHC_EXT_HDR_FRAG is not set +# CONFIG_6LOWPAN_GHC_EXT_HDR_ROUTE is not set +CONFIG_IEEE802154=m +# CONFIG_IEEE802154_NL802154_EXPERIMENTAL is not set +CONFIG_IEEE802154_SOCKET=m +CONFIG_IEEE802154_6LOWPAN=m +CONFIG_MAC802154=m CONFIG_NET_SCHED=y # @@ -1387,6 +1584,7 @@ CONFIG_NET_SCHED=y CONFIG_NET_SCH_CBQ=m CONFIG_NET_SCH_HTB=m CONFIG_NET_SCH_HFSC=m +CONFIG_NET_SCH_ATM=m CONFIG_NET_SCH_PRIO=m CONFIG_NET_SCH_MULTIQ=m CONFIG_NET_SCH_RED=m @@ -1394,23 +1592,23 @@ CONFIG_NET_SCH_SFB=m CONFIG_NET_SCH_SFQ=m CONFIG_NET_SCH_TEQL=m CONFIG_NET_SCH_TBF=m -# CONFIG_NET_SCH_CBS is not set +CONFIG_NET_SCH_CBS=m CONFIG_NET_SCH_ETF=m -# CONFIG_NET_SCH_TAPRIO is not set +CONFIG_NET_SCH_TAPRIO=m CONFIG_NET_SCH_GRED=m CONFIG_NET_SCH_DSMARK=m CONFIG_NET_SCH_NETEM=m CONFIG_NET_SCH_DRR=m CONFIG_NET_SCH_MQPRIO=m -# CONFIG_NET_SCH_SKBPRIO is not set +CONFIG_NET_SCH_SKBPRIO=m CONFIG_NET_SCH_CHOKE=m CONFIG_NET_SCH_QFQ=m CONFIG_NET_SCH_CODEL=m CONFIG_NET_SCH_FQ_CODEL=m -# CONFIG_NET_SCH_CAKE is not set +CONFIG_NET_SCH_CAKE=m CONFIG_NET_SCH_FQ=m -# CONFIG_NET_SCH_HHF is not set -# CONFIG_NET_SCH_PIE is not set +CONFIG_NET_SCH_HHF=m +CONFIG_NET_SCH_PIE=m CONFIG_NET_SCH_INGRESS=m CONFIG_NET_SCH_PLUG=m # CONFIG_NET_SCH_DEFAULT is not set @@ -1431,7 +1629,7 @@ CONFIG_NET_CLS_RSVP6=m CONFIG_NET_CLS_FLOW=m CONFIG_NET_CLS_CGROUP=m CONFIG_NET_CLS_BPF=m -# CONFIG_NET_CLS_FLOWER is not set +CONFIG_NET_CLS_FLOWER=m CONFIG_NET_CLS_MATCHALL=m CONFIG_NET_EMATCH=y CONFIG_NET_EMATCH_STACK=32 @@ -1440,34 +1638,44 @@ CONFIG_NET_EMATCH_NBYTE=m CONFIG_NET_EMATCH_U32=m CONFIG_NET_EMATCH_META=m CONFIG_NET_EMATCH_TEXT=m +CONFIG_NET_EMATCH_CANID=m CONFIG_NET_EMATCH_IPSET=m -# CONFIG_NET_EMATCH_IPT is not set +CONFIG_NET_EMATCH_IPT=m CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=m CONFIG_NET_ACT_GACT=m CONFIG_GACT_PROB=y CONFIG_NET_ACT_MIRRED=m -# CONFIG_NET_ACT_SAMPLE is not set +CONFIG_NET_ACT_SAMPLE=m CONFIG_NET_ACT_IPT=m CONFIG_NET_ACT_NAT=m CONFIG_NET_ACT_PEDIT=m -# CONFIG_NET_ACT_SIMP is not set +CONFIG_NET_ACT_SIMP=m CONFIG_NET_ACT_SKBEDIT=m CONFIG_NET_ACT_CSUM=m -# CONFIG_NET_ACT_MPLS is not set -# CONFIG_NET_ACT_VLAN is not set -# CONFIG_NET_ACT_BPF is not set -# CONFIG_NET_ACT_CONNMARK is not set -# CONFIG_NET_ACT_CTINFO is not set -# CONFIG_NET_ACT_SKBMOD is not set +CONFIG_NET_ACT_MPLS=m +CONFIG_NET_ACT_VLAN=m +CONFIG_NET_ACT_BPF=m +CONFIG_NET_ACT_CONNMARK=m +CONFIG_NET_ACT_CTINFO=m +CONFIG_NET_ACT_SKBMOD=m # CONFIG_NET_ACT_IFE is not set CONFIG_NET_ACT_TUNNEL_KEY=m -# CONFIG_NET_ACT_CT is not set +CONFIG_NET_ACT_CT=m # CONFIG_NET_TC_SKB_EXT is not set CONFIG_NET_SCH_FIFO=y CONFIG_DCB=y -CONFIG_DNS_RESOLVER=m -# CONFIG_BATMAN_ADV is not set +CONFIG_DNS_RESOLVER=y +CONFIG_BATMAN_ADV=m +# CONFIG_BATMAN_ADV_BATMAN_V is not set +CONFIG_BATMAN_ADV_BLA=y +CONFIG_BATMAN_ADV_DAT=y +CONFIG_BATMAN_ADV_NC=y +CONFIG_BATMAN_ADV_MCAST=y +# CONFIG_BATMAN_ADV_DEBUGFS is not set +# CONFIG_BATMAN_ADV_DEBUG is not set +CONFIG_BATMAN_ADV_SYSFS=y +# CONFIG_BATMAN_ADV_TRACING is not set CONFIG_OPENVSWITCH=m CONFIG_OPENVSWITCH_GRE=m CONFIG_OPENVSWITCH_VXLAN=m @@ -1476,16 +1684,20 @@ CONFIG_VSOCKETS=m CONFIG_VSOCKETS_DIAG=m CONFIG_VIRTIO_VSOCKETS=m CONFIG_VIRTIO_VSOCKETS_COMMON=m +CONFIG_HYPERV_VSOCKETS=m CONFIG_NETLINK_DIAG=m CONFIG_MPLS=y CONFIG_NET_MPLS_GSO=m -# CONFIG_MPLS_ROUTING is not set +CONFIG_MPLS_ROUTING=m +CONFIG_MPLS_IPTUNNEL=m CONFIG_NET_NSH=m -# CONFIG_HSR is not set +CONFIG_HSR=m CONFIG_NET_SWITCHDEV=y CONFIG_NET_L3_MASTER_DEV=y -# CONFIG_QRTR is not set -# CONFIG_NET_NCSI is not set +CONFIG_QRTR=m +CONFIG_QRTR_TUN=m +CONFIG_NET_NCSI=y +CONFIG_NCSI_OEM_CMD_GET_MAC=y CONFIG_RPS=y CONFIG_RFS_ACCEL=y CONFIG_XPS=y @@ -1494,25 +1706,172 @@ CONFIG_CGROUP_NET_CLASSID=y CONFIG_NET_RX_BUSY_POLL=y CONFIG_BQL=y CONFIG_BPF_JIT=y +CONFIG_BPF_STREAM_PARSER=y CONFIG_NET_FLOW_LIMIT=y # # Network testing # -# CONFIG_NET_PKTGEN is not set +CONFIG_NET_PKTGEN=m CONFIG_NET_DROP_MONITOR=y # end of Network testing # end of Networking options -# CONFIG_HAMRADIO is not set -# CONFIG_CAN is not set -# CONFIG_BT is not set -# CONFIG_AF_RXRPC is not set -# CONFIG_AF_KCM is not set +CONFIG_HAMRADIO=y + +# +# Packet Radio protocols +# +CONFIG_AX25=m +CONFIG_AX25_DAMA_SLAVE=y +CONFIG_NETROM=m +CONFIG_ROSE=m + +# +# AX.25 network device drivers +# +CONFIG_MKISS=m +CONFIG_6PACK=m +CONFIG_BPQETHER=m +CONFIG_BAYCOM_SER_FDX=m +CONFIG_BAYCOM_SER_HDX=m +CONFIG_YAM=m +# end of AX.25 network device drivers + +CONFIG_CAN=m +CONFIG_CAN_RAW=m +CONFIG_CAN_BCM=m +CONFIG_CAN_GW=m +# CONFIG_CAN_J1939 is not set + +# +# CAN Device Drivers +# +CONFIG_CAN_VCAN=m +CONFIG_CAN_VXCAN=m +CONFIG_CAN_SLCAN=m +CONFIG_CAN_DEV=m +CONFIG_CAN_CALC_BITTIMING=y +CONFIG_CAN_FLEXCAN=m +CONFIG_CAN_GRCAN=m +# CONFIG_CAN_KVASER_PCIEFD is not set +CONFIG_CAN_XILINXCAN=m +CONFIG_CAN_C_CAN=m +CONFIG_CAN_C_CAN_PLATFORM=m +CONFIG_CAN_C_CAN_PCI=m +CONFIG_CAN_CC770=m +CONFIG_CAN_CC770_ISA=m +CONFIG_CAN_CC770_PLATFORM=m +CONFIG_CAN_IFI_CANFD=m +CONFIG_CAN_M_CAN=m +# CONFIG_CAN_M_CAN_PLATFORM is not set +# CONFIG_CAN_M_CAN_TCAN4X5X is not set +CONFIG_CAN_PEAK_PCIEFD=m +CONFIG_CAN_RCAR=m +CONFIG_CAN_RCAR_CANFD=m +CONFIG_CAN_SJA1000=m +CONFIG_CAN_EMS_PCI=m +# CONFIG_CAN_F81601 is not set +CONFIG_CAN_KVASER_PCI=m +CONFIG_CAN_PEAK_PCI=m +CONFIG_CAN_PEAK_PCIEC=y +CONFIG_CAN_PLX_PCI=m +CONFIG_CAN_SJA1000_ISA=m +CONFIG_CAN_SJA1000_PLATFORM=m +CONFIG_CAN_SOFTING=m + +# +# CAN SPI interfaces +# +CONFIG_CAN_HI311X=m +CONFIG_CAN_MCP251X=m +# end of CAN SPI interfaces + +# +# CAN USB interfaces +# +CONFIG_CAN_8DEV_USB=m +CONFIG_CAN_EMS_USB=m +CONFIG_CAN_ESD_USB2=m +CONFIG_CAN_GS_USB=m +CONFIG_CAN_KVASER_USB=m +CONFIG_CAN_MCBA_USB=m +CONFIG_CAN_PEAK_USB=m +CONFIG_CAN_UCAN=m +# end of CAN USB interfaces + +# CONFIG_CAN_DEBUG_DEVICES is not set +# end of CAN Device Drivers + +CONFIG_BT=m +CONFIG_BT_BREDR=y +CONFIG_BT_RFCOMM=m +CONFIG_BT_RFCOMM_TTY=y +CONFIG_BT_BNEP=m +CONFIG_BT_BNEP_MC_FILTER=y +CONFIG_BT_BNEP_PROTO_FILTER=y +CONFIG_BT_CMTP=m +CONFIG_BT_HIDP=m +CONFIG_BT_HS=y +CONFIG_BT_LE=y +CONFIG_BT_6LOWPAN=m +CONFIG_BT_LEDS=y +# CONFIG_BT_SELFTEST is not set +CONFIG_BT_DEBUGFS=y + +# +# Bluetooth device drivers +# +CONFIG_BT_INTEL=m +CONFIG_BT_BCM=m +CONFIG_BT_RTL=m +CONFIG_BT_QCA=m +CONFIG_BT_HCIBTUSB=m +CONFIG_BT_HCIBTUSB_AUTOSUSPEND=y +CONFIG_BT_HCIBTUSB_BCM=y +CONFIG_BT_HCIBTUSB_MTK=y +CONFIG_BT_HCIBTUSB_RTL=y +CONFIG_BT_HCIBTSDIO=m +CONFIG_BT_HCIUART=m +CONFIG_BT_HCIUART_SERDEV=y +CONFIG_BT_HCIUART_H4=y +CONFIG_BT_HCIUART_NOKIA=m +CONFIG_BT_HCIUART_BCSP=y +CONFIG_BT_HCIUART_ATH3K=y +CONFIG_BT_HCIUART_LL=y +CONFIG_BT_HCIUART_3WIRE=y +CONFIG_BT_HCIUART_INTEL=y +CONFIG_BT_HCIUART_BCM=y +CONFIG_BT_HCIUART_RTL=y +CONFIG_BT_HCIUART_QCA=y +CONFIG_BT_HCIUART_AG6XX=y +CONFIG_BT_HCIUART_MRVL=y +CONFIG_BT_HCIBCM203X=m +CONFIG_BT_HCIBPA10X=m +CONFIG_BT_HCIBFUSB=m +CONFIG_BT_HCIVHCI=m +CONFIG_BT_MRVL=m +CONFIG_BT_MRVL_SDIO=m +CONFIG_BT_ATH3K=m +CONFIG_BT_MTKSDIO=m +CONFIG_BT_MTKUART=m +CONFIG_BT_HCIRSI=m +# end of Bluetooth device drivers + +CONFIG_AF_RXRPC=m +CONFIG_AF_RXRPC_IPV6=y +# CONFIG_AF_RXRPC_INJECT_LOSS is not set +# CONFIG_AF_RXRPC_DEBUG is not set +CONFIG_RXKAD=y +CONFIG_AF_KCM=m +CONFIG_STREAM_PARSER=y CONFIG_FIB_RULES=y CONFIG_WIRELESS=y +CONFIG_WIRELESS_EXT=y CONFIG_WEXT_CORE=y CONFIG_WEXT_PROC=y +CONFIG_WEXT_SPY=y +CONFIG_WEXT_PRIV=y CONFIG_CFG80211=m # CONFIG_NL80211_TESTMODE is not set # CONFIG_CFG80211_DEVELOPER_WARNINGS is not set @@ -1520,37 +1879,55 @@ CONFIG_CFG80211=m CONFIG_CFG80211_REQUIRE_SIGNED_REGDB=y CONFIG_CFG80211_USE_KERNEL_REGDB_KEYS=y CONFIG_CFG80211_DEFAULT_PS=y -# CONFIG_CFG80211_DEBUGFS is not set +CONFIG_CFG80211_DEBUGFS=y CONFIG_CFG80211_CRDA_SUPPORT=y CONFIG_CFG80211_WEXT=y +CONFIG_CFG80211_WEXT_EXPORT=y +CONFIG_LIB80211=m +CONFIG_LIB80211_CRYPT_WEP=m +CONFIG_LIB80211_CRYPT_CCMP=m +CONFIG_LIB80211_CRYPT_TKIP=m +# CONFIG_LIB80211_DEBUG is not set CONFIG_MAC80211=m CONFIG_MAC80211_HAS_RC=y CONFIG_MAC80211_RC_MINSTREL=y CONFIG_MAC80211_RC_DEFAULT_MINSTREL=y CONFIG_MAC80211_RC_DEFAULT="minstrel_ht" -# CONFIG_MAC80211_MESH is not set +CONFIG_MAC80211_MESH=y CONFIG_MAC80211_LEDS=y -# CONFIG_MAC80211_DEBUGFS is not set -# CONFIG_MAC80211_MESSAGE_TRACING is not set +CONFIG_MAC80211_DEBUGFS=y +CONFIG_MAC80211_MESSAGE_TRACING=y # CONFIG_MAC80211_DEBUG_MENU is not set CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 -# CONFIG_WIMAX is not set -# CONFIG_RFKILL is not set +CONFIG_WIMAX=m +CONFIG_WIMAX_DEBUG_LEVEL=8 +CONFIG_RFKILL=y +CONFIG_RFKILL_LEDS=y +CONFIG_RFKILL_INPUT=y +CONFIG_RFKILL_GPIO=m CONFIG_NET_9P=m CONFIG_NET_9P_VIRTIO=m -# CONFIG_NET_9P_XEN is not set +CONFIG_NET_9P_XEN=m +CONFIG_NET_9P_RDMA=m # CONFIG_NET_9P_DEBUG is not set -# CONFIG_CAIF is not set +CONFIG_CAIF=m +# CONFIG_CAIF_DEBUG is not set +CONFIG_CAIF_NETDEV=m +CONFIG_CAIF_USB=m CONFIG_CEPH_LIB=m # CONFIG_CEPH_LIB_PRETTYDEBUG is not set -# CONFIG_CEPH_LIB_USE_DNS_RESOLVER is not set +CONFIG_CEPH_LIB_USE_DNS_RESOLVER=y # CONFIG_NFC is not set -# CONFIG_PSAMPLE is not set -# CONFIG_NET_IFE is not set -# CONFIG_LWTUNNEL is not set +CONFIG_PSAMPLE=m +CONFIG_NET_IFE=m +CONFIG_LWTUNNEL=y +CONFIG_LWTUNNEL_BPF=y CONFIG_DST_CACHE=y CONFIG_GRO_CELLS=y +CONFIG_SOCK_VALIDATE_XMIT=y +CONFIG_NET_SOCK_MSG=y CONFIG_NET_DEVLINK=y +CONFIG_PAGE_POOL=y CONFIG_FAILOVER=y CONFIG_HAVE_EBPF_JIT=y @@ -1576,18 +1953,19 @@ CONFIG_PCIEASPM_DEFAULT=y # CONFIG_PCIEASPM_POWER_SUPERSAVE is not set # CONFIG_PCIEASPM_PERFORMANCE is not set CONFIG_PCIE_PME=y -# CONFIG_PCIE_DPC is not set -# CONFIG_PCIE_PTM is not set +CONFIG_PCIE_DPC=y +CONFIG_PCIE_PTM=y # CONFIG_PCIE_BW is not set CONFIG_PCI_MSI=y CONFIG_PCI_MSI_IRQ_DOMAIN=y CONFIG_PCI_QUIRKS=y # CONFIG_PCI_DEBUG is not set -# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set -# CONFIG_PCI_STUB is not set -# CONFIG_PCI_PF_STUB is not set +CONFIG_PCI_REALLOC_ENABLE_AUTO=y +CONFIG_PCI_STUB=m +CONFIG_PCI_PF_STUB=m CONFIG_PCI_ATS=y CONFIG_PCI_ECAM=y +CONFIG_PCI_BRIDGE_EMUL=y CONFIG_PCI_IOV=y CONFIG_PCI_PRI=y CONFIG_PCI_PASID=y @@ -1595,51 +1973,65 @@ CONFIG_PCI_LABEL=y CONFIG_HOTPLUG_PCI=y CONFIG_HOTPLUG_PCI_ACPI=y CONFIG_HOTPLUG_PCI_ACPI_IBM=m -# CONFIG_HOTPLUG_PCI_CPCI is not set -# CONFIG_HOTPLUG_PCI_SHPC is not set +CONFIG_HOTPLUG_PCI_CPCI=y +CONFIG_HOTPLUG_PCI_SHPC=y # # PCI controller drivers # -# CONFIG_PCI_AARDVARK is not set +CONFIG_PCI_AARDVARK=y # # Cadence PCIe controllers support # -# CONFIG_PCIE_CADENCE_HOST is not set +CONFIG_PCIE_CADENCE=y +CONFIG_PCIE_CADENCE_HOST=y +CONFIG_PCIE_CADENCE_EP=y # end of Cadence PCIe controllers support -# CONFIG_PCIE_XILINX_NWL is not set -# CONFIG_PCI_FTPCI100 is not set +CONFIG_PCIE_XILINX_NWL=y +CONFIG_PCI_FTPCI100=y # CONFIG_PCI_TEGRA is not set +CONFIG_PCIE_RCAR=y CONFIG_PCI_HOST_COMMON=y CONFIG_PCI_HOST_GENERIC=y -# CONFIG_PCIE_XILINX is not set +CONFIG_PCIE_XILINX=y CONFIG_PCI_XGENE=y CONFIG_PCI_XGENE_MSI=y CONFIG_PCIE_IPROC=y CONFIG_PCIE_IPROC_PLATFORM=y CONFIG_PCIE_IPROC_MSI=y -# CONFIG_PCIE_ALTERA is not set +CONFIG_PCIE_ALTERA=y +CONFIG_PCIE_ALTERA_MSI=y CONFIG_PCI_HOST_THUNDER_PEM=y CONFIG_PCI_HOST_THUNDER_ECAM=y -# CONFIG_PCIE_ROCKCHIP_HOST is not set -# CONFIG_PCIE_MEDIATEK is not set -# CONFIG_PCIE_MOBIVEIL is not set +CONFIG_PCIE_ROCKCHIP=y +CONFIG_PCIE_ROCKCHIP_HOST=m +CONFIG_PCIE_ROCKCHIP_EP=y +CONFIG_PCIE_MEDIATEK=y +CONFIG_PCIE_MOBIVEIL=y # # DesignWare PCI Core Support # CONFIG_PCIE_DW=y CONFIG_PCIE_DW_HOST=y -# CONFIG_PCIE_DW_PLAT_HOST is not set +CONFIG_PCIE_DW_EP=y +CONFIG_PCIE_DW_PLAT=y +CONFIG_PCIE_DW_PLAT_HOST=y +CONFIG_PCIE_DW_PLAT_EP=y +CONFIG_PCI_IMX6=y +CONFIG_PCI_KEYSTONE=y +CONFIG_PCI_KEYSTONE_HOST=y +CONFIG_PCI_KEYSTONE_EP=y CONFIG_PCI_LAYERSCAPE=y +# CONFIG_PCI_LAYERSCAPE_EP is not set CONFIG_PCI_HISI=y CONFIG_PCIE_QCOM=y CONFIG_PCIE_ARMADA_8K=y -# CONFIG_PCIE_KIRIN is not set -# CONFIG_PCIE_HISI_STB is not set -# CONFIG_PCI_MESON is not set +CONFIG_PCIE_KIRIN=y +CONFIG_PCIE_HISI_STB=y +CONFIG_PCI_MESON=y # CONFIG_PCIE_AL is not set # end of DesignWare PCI Core Support # end of PCI controller drivers @@ -1647,17 +2039,49 @@ CONFIG_PCIE_ARMADA_8K=y # # PCI Endpoint # -# CONFIG_PCI_ENDPOINT is not set +CONFIG_PCI_ENDPOINT=y +CONFIG_PCI_ENDPOINT_CONFIGFS=y +# CONFIG_PCI_EPF_TEST is not set # end of PCI Endpoint # # PCI switch controller drivers # -# CONFIG_PCI_SW_SWITCHTEC is not set +CONFIG_PCI_SW_SWITCHTEC=m # end of PCI switch controller drivers -# CONFIG_PCCARD is not set -# CONFIG_RAPIDIO is not set +CONFIG_PCCARD=m +# CONFIG_PCMCIA is not set +CONFIG_CARDBUS=y + +# +# PC-card bridges +# +CONFIG_YENTA=m +CONFIG_YENTA_O2=y +CONFIG_YENTA_RICOH=y +CONFIG_YENTA_TI=y +CONFIG_YENTA_ENE_TUNE=y +CONFIG_YENTA_TOSHIBA=y +CONFIG_RAPIDIO=y +CONFIG_RAPIDIO_TSI721=m +CONFIG_RAPIDIO_DISC_TIMEOUT=30 +# CONFIG_RAPIDIO_ENABLE_RX_TX_PORTS is not set +CONFIG_RAPIDIO_DMA_ENGINE=y +# CONFIG_RAPIDIO_DEBUG is not set +CONFIG_RAPIDIO_ENUM_BASIC=m +CONFIG_RAPIDIO_CHMAN=m +CONFIG_RAPIDIO_MPORT_CDEV=m + +# +# RapidIO Switch drivers +# +CONFIG_RAPIDIO_TSI57X=m +CONFIG_RAPIDIO_CPS_XX=m +CONFIG_RAPIDIO_TSI568=m +CONFIG_RAPIDIO_CPS_GEN2=m +CONFIG_RAPIDIO_RXS_GEN3=m +# end of RapidIO Switch drivers # # Generic Driver Options @@ -1673,9 +2097,11 @@ CONFIG_PREVENT_FIRMWARE_BUILD=y # Firmware loader # CONFIG_FW_LOADER=y +CONFIG_FW_LOADER_PAGED_BUF=y CONFIG_EXTRA_FIRMWARE="" -# CONFIG_FW_LOADER_USER_HELPER is not set -# CONFIG_FW_LOADER_COMPRESS is not set +CONFIG_FW_LOADER_USER_HELPER=y +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set +CONFIG_FW_LOADER_COMPRESS=y # end of Firmware loader CONFIG_WANT_DEV_COREDUMP=y @@ -1684,6 +2110,7 @@ CONFIG_DEV_COREDUMP=y # CONFIG_DEBUG_DRIVER is not set # CONFIG_DEBUG_DEVRES is not set # CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set +CONFIG_HMEM_REPORTING=y # CONFIG_TEST_ASYNC_DRIVER_PROBE is not set CONFIG_SYS_HYPERVISOR=y CONFIG_GENERIC_CPU_AUTOPROBE=y @@ -1691,7 +2118,9 @@ CONFIG_GENERIC_CPU_VULNERABILITIES=y CONFIG_SOC_BUS=y CONFIG_REGMAP=y CONFIG_REGMAP_I2C=m -CONFIG_REGMAP_SPI=m +CONFIG_REGMAP_SPI=y +CONFIG_REGMAP_SPMI=m +CONFIG_REGMAP_W1=m CONFIG_REGMAP_MMIO=y CONFIG_DMA_SHARED_BUFFER=y # CONFIG_DMA_FENCE_TRACE is not set @@ -1705,10 +2134,11 @@ CONFIG_ARM_CCI=y CONFIG_ARM_CCI400_COMMON=y CONFIG_BRCMSTB_GISB_ARB=y # CONFIG_MOXTET is not set -# CONFIG_HISILICON_LPC is not set +CONFIG_HISILICON_LPC=y +CONFIG_IMX_WEIM=y CONFIG_QCOM_EBI2=y -# CONFIG_SIMPLE_PM_BUS is not set -# CONFIG_SUN50I_DE2_BUS is not set +CONFIG_SIMPLE_PM_BUS=y +CONFIG_SUN50I_DE2_BUS=y CONFIG_SUNXI_RSB=m # CONFIG_TEGRA_ACONNECT is not set # CONFIG_TEGRA_GMI is not set @@ -1716,9 +2146,171 @@ CONFIG_VEXPRESS_CONFIG=y CONFIG_FSL_MC_BUS=y # end of Bus devices -CONFIG_CONNECTOR=m -# CONFIG_GNSS is not set -# CONFIG_MTD is not set +CONFIG_CONNECTOR=y +CONFIG_PROC_EVENTS=y +CONFIG_GNSS=m +CONFIG_GNSS_SERIAL=m +CONFIG_GNSS_MTK_SERIAL=m +CONFIG_GNSS_SIRF_SERIAL=m +CONFIG_GNSS_UBX_SERIAL=m +CONFIG_MTD=m +# CONFIG_MTD_TESTS is not set + +# +# Partition parsers +# +CONFIG_MTD_AR7_PARTS=m +CONFIG_MTD_CMDLINE_PARTS=m +CONFIG_MTD_OF_PARTS=m +CONFIG_MTD_AFS_PARTS=m +CONFIG_MTD_REDBOOT_PARTS=m +CONFIG_MTD_REDBOOT_DIRECTORY_BLOCK=-1 +# CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED is not set +# CONFIG_MTD_REDBOOT_PARTS_READONLY is not set +# end of Partition parsers + +# +# User Modules And Translation Layers +# +CONFIG_MTD_BLKDEVS=m +CONFIG_MTD_BLOCK=m +CONFIG_MTD_BLOCK_RO=m +CONFIG_FTL=m +CONFIG_NFTL=m +CONFIG_NFTL_RW=y +CONFIG_INFTL=m +CONFIG_RFD_FTL=m +CONFIG_SSFDC=m +CONFIG_SM_FTL=m +CONFIG_MTD_OOPS=m +CONFIG_MTD_SWAP=m +# CONFIG_MTD_PARTITIONED_MASTER is not set + +# +# RAM/ROM/Flash chip drivers +# +CONFIG_MTD_CFI=m +CONFIG_MTD_JEDECPROBE=m +CONFIG_MTD_GEN_PROBE=m +# CONFIG_MTD_CFI_ADV_OPTIONS is not set +CONFIG_MTD_MAP_BANK_WIDTH_1=y +CONFIG_MTD_MAP_BANK_WIDTH_2=y +CONFIG_MTD_MAP_BANK_WIDTH_4=y +CONFIG_MTD_CFI_I1=y +CONFIG_MTD_CFI_I2=y +CONFIG_MTD_CFI_INTELEXT=m +CONFIG_MTD_CFI_AMDSTD=m +CONFIG_MTD_CFI_STAA=m +CONFIG_MTD_CFI_UTIL=m +CONFIG_MTD_RAM=m +CONFIG_MTD_ROM=m +CONFIG_MTD_ABSENT=m +# end of RAM/ROM/Flash chip drivers + +# +# Mapping drivers for chip access +# +CONFIG_MTD_COMPLEX_MAPPINGS=y +CONFIG_MTD_PHYSMAP=m +# CONFIG_MTD_PHYSMAP_COMPAT is not set +CONFIG_MTD_PHYSMAP_OF=y +CONFIG_MTD_PHYSMAP_VERSATILE=y +CONFIG_MTD_PHYSMAP_GEMINI=y +CONFIG_MTD_PHYSMAP_GPIO_ADDR=y +CONFIG_MTD_PCI=m +CONFIG_MTD_INTEL_VR_NOR=m +CONFIG_MTD_PLATRAM=m +# end of Mapping drivers for chip access + +# +# Self-contained MTD device drivers +# +CONFIG_MTD_PMC551=m +# CONFIG_MTD_PMC551_BUGFIX is not set +# CONFIG_MTD_PMC551_DEBUG is not set +CONFIG_MTD_DATAFLASH=m +# CONFIG_MTD_DATAFLASH_WRITE_VERIFY is not set +CONFIG_MTD_DATAFLASH_OTP=y +CONFIG_MTD_MCHP23K256=m +CONFIG_MTD_SST25L=m +CONFIG_MTD_SLRAM=m +CONFIG_MTD_PHRAM=m +CONFIG_MTD_MTDRAM=m +CONFIG_MTDRAM_TOTAL_SIZE=4096 +CONFIG_MTDRAM_ERASE_SIZE=128 +CONFIG_MTD_BLOCK2MTD=m + +# +# Disk-On-Chip Device Drivers +# +# CONFIG_MTD_DOCG3 is not set +# end of Self-contained MTD device drivers + +CONFIG_MTD_NAND_CORE=m +CONFIG_MTD_ONENAND=m +CONFIG_MTD_ONENAND_VERIFY_WRITE=y +CONFIG_MTD_ONENAND_GENERIC=m +# CONFIG_MTD_ONENAND_OTP is not set +CONFIG_MTD_ONENAND_2X_PROGRAM=y +CONFIG_MTD_NAND_ECC_SW_HAMMING=m +# CONFIG_MTD_NAND_ECC_SW_HAMMING_SMC is not set +CONFIG_MTD_RAW_NAND=m +CONFIG_MTD_NAND_ECC_SW_BCH=y + +# +# Raw/parallel NAND flash controllers +# +CONFIG_MTD_NAND_DENALI=m +CONFIG_MTD_NAND_DENALI_PCI=m +CONFIG_MTD_NAND_DENALI_DT=m +CONFIG_MTD_NAND_CAFE=m +CONFIG_MTD_NAND_MARVELL=m +CONFIG_MTD_NAND_BRCMNAND=m +CONFIG_MTD_NAND_GPMI_NAND=m +CONFIG_MTD_NAND_FSL_IFC=m +CONFIG_MTD_NAND_MXC=m +# CONFIG_MTD_NAND_SUNXI is not set +CONFIG_MTD_NAND_HISI504=m +CONFIG_MTD_NAND_QCOM=m +CONFIG_MTD_NAND_MTK=m +# CONFIG_MTD_NAND_MXIC is not set +# CONFIG_MTD_NAND_TEGRA is not set +CONFIG_MTD_NAND_MESON=m +CONFIG_MTD_NAND_GPIO=m +CONFIG_MTD_NAND_PLATFORM=m + +# +# Misc +# +CONFIG_MTD_SM_COMMON=m +CONFIG_MTD_NAND_NANDSIM=m +CONFIG_MTD_NAND_RICOH=m +CONFIG_MTD_NAND_DISKONCHIP=m +# CONFIG_MTD_NAND_DISKONCHIP_PROBE_ADVANCED is not set +CONFIG_MTD_NAND_DISKONCHIP_PROBE_ADDRESS=0 +# CONFIG_MTD_NAND_DISKONCHIP_BBTWRITE is not set +CONFIG_MTD_SPI_NAND=m + +# +# LPDDR & LPDDR2 PCM memory drivers +# +CONFIG_MTD_LPDDR=m +CONFIG_MTD_QINFO_PROBE=m +# end of LPDDR & LPDDR2 PCM memory drivers + +CONFIG_MTD_SPI_NOR=m +CONFIG_MTD_SPI_NOR_USE_4K_SECTORS=y +CONFIG_SPI_CADENCE_QUADSPI=m +CONFIG_SPI_HISI_SFC=m +CONFIG_SPI_MTK_QUADSPI=m +CONFIG_MTD_UBI=m +CONFIG_MTD_UBI_WL_THRESHOLD=4096 +CONFIG_MTD_UBI_BEB_LIMIT=20 +CONFIG_MTD_UBI_FASTMAP=y +CONFIG_MTD_UBI_GLUEBI=m +CONFIG_MTD_UBI_BLOCK=y +CONFIG_MTD_HYPERBUS=m +CONFIG_HBMC_AM654=m CONFIG_DTC=y CONFIG_OF=y # CONFIG_OF_UNITTEST is not set @@ -1744,24 +2336,29 @@ CONFIG_PNP=y # CONFIG_PNPACPI=y CONFIG_BLK_DEV=y -# CONFIG_BLK_DEV_NULL_BLK is not set +CONFIG_BLK_DEV_NULL_BLK=m CONFIG_CDROM=y -# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set -# CONFIG_ZRAM is not set -# CONFIG_BLK_DEV_UMEM is not set +CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m +CONFIG_ZRAM=m +CONFIG_ZRAM_WRITEBACK=y +CONFIG_ZRAM_MEMORY_TRACKING=y +CONFIG_BLK_DEV_UMEM=m CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 -# CONFIG_BLK_DEV_CRYPTOLOOP is not set -# CONFIG_BLK_DEV_DRBD is not set -# CONFIG_BLK_DEV_NBD is not set -# CONFIG_BLK_DEV_SKD is not set -# CONFIG_BLK_DEV_SX8 is not set -CONFIG_BLK_DEV_RAM=y +CONFIG_BLK_DEV_CRYPTOLOOP=m +CONFIG_BLK_DEV_DRBD=m +# CONFIG_DRBD_FAULT_INJECTION is not set +CONFIG_BLK_DEV_NBD=m +CONFIG_BLK_DEV_SKD=m +CONFIG_BLK_DEV_SX8=m +CONFIG_BLK_DEV_RAM=m CONFIG_BLK_DEV_RAM_COUNT=16 CONFIG_BLK_DEV_RAM_SIZE=4096 -# CONFIG_CDROM_PKTCDVD is not set -# CONFIG_ATA_OVER_ETH is not set -CONFIG_XEN_BLKDEV_FRONTEND=m +CONFIG_CDROM_PKTCDVD=m +CONFIG_CDROM_PKTCDVD_BUFFERS=8 +# CONFIG_CDROM_PKTCDVD_WCACHE is not set +CONFIG_ATA_OVER_ETH=m +CONFIG_XEN_BLKDEV_FRONTEND=y CONFIG_XEN_BLKDEV_BACKEND=m CONFIG_VIRTIO_BLK=m # CONFIG_VIRTIO_BLK_SCSI is not set @@ -1775,10 +2372,12 @@ CONFIG_NVME_CORE=y CONFIG_BLK_DEV_NVME=y # CONFIG_NVME_MULTIPATH is not set CONFIG_NVME_FABRICS=m +# CONFIG_NVME_RDMA is not set # CONFIG_NVME_FC is not set # CONFIG_NVME_TCP is not set CONFIG_NVME_TARGET=m CONFIG_NVME_TARGET_LOOP=m +# CONFIG_NVME_TARGET_RDMA is not set # CONFIG_NVME_TARGET_FC is not set # CONFIG_NVME_TARGET_TCP is not set # end of NVME Support @@ -1789,7 +2388,8 @@ CONFIG_NVME_TARGET_LOOP=m # CONFIG_AD525X_DPOT is not set # CONFIG_DUMMY_IRQ is not set # CONFIG_PHANTOM is not set -# CONFIG_TIFM_CORE is not set +CONFIG_TIFM_CORE=m +CONFIG_TIFM_7XX1=m # CONFIG_ICS932S401 is not set # CONFIG_ENCLOSURE_SERVICES is not set # CONFIG_HP_ILO is not set @@ -1822,7 +2422,9 @@ CONFIG_EEPROM_93CX6=m # CONFIG_EEPROM_EE1004 is not set # end of EEPROM support -# CONFIG_CB710_CORE is not set +CONFIG_CB710_CORE=m +# CONFIG_CB710_DEBUG is not set +CONFIG_CB710_DEBUG_ASSUMPTIONS=y # # Texas Instruments shared transport line discipline @@ -1869,6 +2471,7 @@ CONFIG_EEPROM_93CX6=m # # VOP Driver # +CONFIG_VHOST_RING=m # end of Intel MIC & related support # CONFIG_GENWQE is not set @@ -1905,7 +2508,7 @@ CONFIG_SCSI_SCAN_ASYNC=y # SCSI Transports # CONFIG_SCSI_SPI_ATTRS=y -CONFIG_SCSI_FC_ATTRS=m +CONFIG_SCSI_FC_ATTRS=y CONFIG_SCSI_ISCSI_ATTRS=y CONFIG_SCSI_SAS_ATTRS=y CONFIG_SCSI_SAS_LIBSAS=m @@ -1975,6 +2578,7 @@ CONFIG_SCSI_HPTIOP=m # CONFIG_SCSI_MYRB is not set # CONFIG_SCSI_MYRS is not set CONFIG_XEN_SCSI_FRONTEND=m +CONFIG_HYPERV_STORAGE=y CONFIG_LIBFC=m CONFIG_LIBFCOE=m CONFIG_FCOE=m @@ -1997,6 +2601,8 @@ CONFIG_SCSI_IPR_DUMP=y CONFIG_SCSI_QLOGIC_1280=m CONFIG_SCSI_QLA_FC=m CONFIG_SCSI_QLA_ISCSI=m +# CONFIG_QEDI is not set +# CONFIG_QEDF is not set CONFIG_SCSI_LPFC=m CONFIG_SCSI_LPFC_DEBUG_FS=y CONFIG_SCSI_DC395x=m @@ -2029,6 +2635,7 @@ CONFIG_SATA_AHCI=y CONFIG_SATA_MOBILE_LPM_POLICY=0 CONFIG_SATA_AHCI_PLATFORM=m CONFIG_AHCI_BRCM=m +# CONFIG_AHCI_IMX is not set # CONFIG_AHCI_CEVA is not set # CONFIG_AHCI_MTK is not set CONFIG_AHCI_MVEBU=m @@ -2057,6 +2664,7 @@ CONFIG_ATA_PIIX=y CONFIG_SATA_MV=y CONFIG_SATA_NV=y CONFIG_SATA_PROMISE=y +# CONFIG_SATA_RCAR is not set CONFIG_SATA_SIL=y CONFIG_SATA_SIS=y CONFIG_SATA_SVW=y @@ -2080,6 +2688,7 @@ CONFIG_PATA_HPT37X=y CONFIG_PATA_HPT3X2N=y CONFIG_PATA_HPT3X3=y CONFIG_PATA_HPT3X3_DMA=y +# CONFIG_PATA_IMX is not set CONFIG_PATA_IT8213=y CONFIG_PATA_IT821X=y CONFIG_PATA_JMICRON=y @@ -2161,6 +2770,7 @@ CONFIG_DM_VERITY=m # CONFIG_DM_SWITCH is not set # CONFIG_DM_LOG_WRITES is not set # CONFIG_DM_INTEGRITY is not set +# CONFIG_DM_ZONED is not set # CONFIG_TARGET_CORE is not set CONFIG_FUSION=y CONFIG_FUSION_SPI=y @@ -2178,7 +2788,7 @@ CONFIG_FUSION_LOGGING=y # end of IEEE 1394 (FireWire) support CONFIG_NETDEVICES=y -CONFIG_MII=m +CONFIG_MII=y CONFIG_NET_CORE=y CONFIG_BONDING=m CONFIG_DUMMY=m @@ -2200,6 +2810,7 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y +# CONFIG_RIONET is not set CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set @@ -2208,52 +2819,109 @@ CONFIG_VIRTIO_NET=y # CONFIG_NLMON is not set # CONFIG_NET_VRF is not set # CONFIG_VSOCKMON is not set +CONFIG_SUNGEM_PHY=m # CONFIG_ARCNET is not set +CONFIG_ATM_DRIVERS=y +# CONFIG_ATM_DUMMY is not set +# CONFIG_ATM_TCP is not set +# CONFIG_ATM_LANAI is not set +# CONFIG_ATM_ENI is not set +# CONFIG_ATM_NICSTAR is not set +# CONFIG_ATM_IDT77252 is not set +# CONFIG_ATM_IA is not set +# CONFIG_ATM_FORE200E is not set +# CONFIG_ATM_HE is not set +# CONFIG_ATM_SOLOS is not set # # CAIF transport drivers # +CONFIG_CAIF_TTY=m +CONFIG_CAIF_SPI_SLAVE=m +# CONFIG_CAIF_SPI_SYNC is not set +CONFIG_CAIF_HSI=m +CONFIG_CAIF_VIRTIO=m # # Distributed Switch Architecture drivers # +CONFIG_B53=m +CONFIG_B53_SPI_DRIVER=m +CONFIG_B53_MDIO_DRIVER=m +CONFIG_B53_MMAP_DRIVER=m +CONFIG_B53_SRAB_DRIVER=m +CONFIG_B53_SERDES=m +CONFIG_NET_DSA_BCM_SF2=m +# CONFIG_NET_DSA_LOOP is not set +CONFIG_NET_DSA_LANTIQ_GSWIP=m +CONFIG_NET_DSA_MT7530=m +CONFIG_NET_DSA_MV88E6060=m +CONFIG_NET_DSA_MICROCHIP_KSZ_COMMON=m +CONFIG_NET_DSA_MICROCHIP_KSZ9477=m +# CONFIG_NET_DSA_MICROCHIP_KSZ9477_I2C is not set +CONFIG_NET_DSA_MICROCHIP_KSZ9477_SPI=m +# CONFIG_NET_DSA_MICROCHIP_KSZ8795 is not set +CONFIG_NET_DSA_MV88E6XXX=m +CONFIG_NET_DSA_MV88E6XXX_GLOBAL2=y +CONFIG_NET_DSA_MV88E6XXX_PTP=y +CONFIG_NET_DSA_SJA1105=m +CONFIG_NET_DSA_SJA1105_PTP=y +# CONFIG_NET_DSA_SJA1105_TAS is not set +CONFIG_NET_DSA_QCA8K=m +CONFIG_NET_DSA_REALTEK_SMI=m +CONFIG_NET_DSA_SMSC_LAN9303=m +CONFIG_NET_DSA_SMSC_LAN9303_I2C=m +CONFIG_NET_DSA_SMSC_LAN9303_MDIO=m +CONFIG_NET_DSA_VITESSE_VSC73XX=m +CONFIG_NET_DSA_VITESSE_VSC73XX_SPI=m +CONFIG_NET_DSA_VITESSE_VSC73XX_PLATFORM=m # end of Distributed Switch Architecture drivers CONFIG_ETHERNET=y CONFIG_MDIO=m -# CONFIG_NET_VENDOR_3COM is not set -# CONFIG_NET_VENDOR_ADAPTEC is not set +CONFIG_NET_VENDOR_3COM=y +CONFIG_VORTEX=m +CONFIG_TYPHOON=m +CONFIG_NET_VENDOR_ADAPTEC=y +CONFIG_ADAPTEC_STARFIRE=m CONFIG_NET_VENDOR_AGERE=y -# CONFIG_ET131X is not set -# CONFIG_NET_VENDOR_ALACRITECH is not set +CONFIG_ET131X=m +CONFIG_NET_VENDOR_ALACRITECH=y +CONFIG_SLICOSS=m CONFIG_NET_VENDOR_ALLWINNER=y # CONFIG_SUN4I_EMAC is not set CONFIG_NET_VENDOR_ALTEON=y CONFIG_ACENIC=m # CONFIG_ACENIC_OMIT_TIGON_I is not set -# CONFIG_ALTERA_TSE is not set -# CONFIG_NET_VENDOR_AMAZON is not set +CONFIG_ALTERA_TSE=m +CONFIG_NET_VENDOR_AMAZON=y +CONFIG_ENA_ETHERNET=m CONFIG_NET_VENDOR_AMD=y CONFIG_AMD8111_ETH=m CONFIG_PCNET32=m -# CONFIG_AMD_XGBE is not set -# CONFIG_NET_XGENE is not set -# CONFIG_NET_XGENE_V2 is not set -# CONFIG_NET_VENDOR_AQUANTIA is not set -# CONFIG_NET_VENDOR_ARC is not set +CONFIG_AMD_XGBE=m +CONFIG_AMD_XGBE_DCB=y +CONFIG_NET_XGENE=m +CONFIG_NET_XGENE_V2=m +CONFIG_NET_VENDOR_AQUANTIA=y +CONFIG_AQTION=m +CONFIG_NET_VENDOR_ARC=y +CONFIG_ARC_EMAC_CORE=m +CONFIG_EMAC_ROCKCHIP=m CONFIG_NET_VENDOR_ATHEROS=y CONFIG_ATL2=m CONFIG_ATL1=m CONFIG_ATL1E=m CONFIG_ATL1C=m CONFIG_ALX=m -# CONFIG_NET_VENDOR_AURORA is not set +CONFIG_NET_VENDOR_AURORA=y +CONFIG_AURORA_NB8800=m CONFIG_NET_VENDOR_BROADCOM=y CONFIG_B44=m CONFIG_B44_PCI_AUTOSELECT=y CONFIG_B44_PCICORE_AUTOSELECT=y CONFIG_B44_PCI=y -# CONFIG_BCMGENET is not set +CONFIG_BCMGENET=m CONFIG_BNX2=m CONFIG_CNIC=m CONFIG_TIGON3=m @@ -2262,36 +2930,44 @@ CONFIG_BNX2X=m CONFIG_BNX2X_SRIOV=y CONFIG_BGMAC=y CONFIG_BGMAC_PLATFORM=y -# CONFIG_SYSTEMPORT is not set -# CONFIG_BNXT is not set +CONFIG_SYSTEMPORT=m +CONFIG_BNXT=m +CONFIG_BNXT_SRIOV=y +CONFIG_BNXT_FLOWER_OFFLOAD=y +CONFIG_BNXT_DCB=y +CONFIG_BNXT_HWMON=y CONFIG_NET_VENDOR_BROCADE=y CONFIG_BNA=m CONFIG_NET_VENDOR_CADENCE=y -# CONFIG_MACB is not set +CONFIG_MACB=m +CONFIG_MACB_USE_HWSTAMP=y +CONFIG_MACB_PCI=m CONFIG_NET_VENDOR_CAVIUM=y -# CONFIG_THUNDER_NIC_PF is not set -# CONFIG_THUNDER_NIC_VF is not set -# CONFIG_THUNDER_NIC_BGX is not set -# CONFIG_THUNDER_NIC_RGX is not set -CONFIG_CAVIUM_PTP=y -# CONFIG_LIQUIDIO is not set -# CONFIG_LIQUIDIO_VF is not set +CONFIG_THUNDER_NIC_PF=m +CONFIG_THUNDER_NIC_VF=m +CONFIG_THUNDER_NIC_BGX=m +CONFIG_THUNDER_NIC_RGX=m +CONFIG_CAVIUM_PTP=m +CONFIG_LIQUIDIO=m +CONFIG_LIQUIDIO_VF=m CONFIG_NET_VENDOR_CHELSIO=y CONFIG_CHELSIO_T1=m CONFIG_CHELSIO_T1_1G=y CONFIG_CHELSIO_T3=m CONFIG_CHELSIO_T4=m -# CONFIG_CHELSIO_T4_DCB is not set +CONFIG_CHELSIO_T4_DCB=y +CONFIG_CHELSIO_T4_FCOE=y CONFIG_CHELSIO_T4VF=m CONFIG_CHELSIO_LIB=m CONFIG_NET_VENDOR_CISCO=y CONFIG_ENIC=m CONFIG_NET_VENDOR_CORTINA=y -# CONFIG_GEMINI_ETHERNET is not set -# CONFIG_DNET is not set +CONFIG_GEMINI_ETHERNET=m +CONFIG_DNET=m CONFIG_NET_VENDOR_DEC=y CONFIG_NET_TULIP=y -# CONFIG_DE2104X is not set +CONFIG_DE2104X=m +CONFIG_DE2104X_DSL=0 CONFIG_TULIP=m # CONFIG_TULIP_MWI is not set CONFIG_TULIP_MMIO=y @@ -2300,6 +2976,7 @@ CONFIG_TULIP_NAPI=y # CONFIG_WINBOND_840 is not set # CONFIG_DM9102 is not set # CONFIG_ULI526X is not set +# CONFIG_PCMCIA_XIRCOM is not set CONFIG_NET_VENDOR_DLINK=y CONFIG_DL2K=m CONFIG_SUNDANCE=m @@ -2307,17 +2984,14 @@ CONFIG_SUNDANCE=m CONFIG_NET_VENDOR_EMULEX=y CONFIG_BE2NET=m CONFIG_BE2NET_HWMON=y -# CONFIG_BE2NET_BE2 is not set -# CONFIG_BE2NET_BE3 is not set -# CONFIG_BE2NET_LANCER is not set -# CONFIG_BE2NET_SKYHAWK is not set - -# -# WARNING: be2net is useless without any enabled chip -# +CONFIG_BE2NET_BE2=y +CONFIG_BE2NET_BE3=y +CONFIG_BE2NET_LANCER=y +CONFIG_BE2NET_SKYHAWK=y CONFIG_NET_VENDOR_EZCHIP=y -# CONFIG_EZCHIP_NPS_MANAGEMENT_ENET is not set +CONFIG_EZCHIP_NPS_MANAGEMENT_ENET=m CONFIG_NET_VENDOR_FREESCALE=y +# CONFIG_FEC is not set CONFIG_FSL_FMAN=m CONFIG_DPAA_ERRATUM_A050385=y # CONFIG_FSL_PQ_MDIO is not set @@ -2352,7 +3026,9 @@ CONFIG_IXGB=m CONFIG_IXGBE=m CONFIG_IXGBE_HWMON=y CONFIG_IXGBE_DCB=y +CONFIG_IXGBE_IPSEC=y CONFIG_IXGBEVF=m +CONFIG_IXGBEVF_IPSEC=y CONFIG_I40E=m CONFIG_I40E_DCB=y CONFIG_IAVF=m @@ -2379,40 +3055,95 @@ CONFIG_MLX4_EN_DCB=y CONFIG_MLX4_CORE=m CONFIG_MLX4_DEBUG=y CONFIG_MLX4_CORE_GEN2=y -# CONFIG_MLX5_CORE is not set -# CONFIG_MLXSW_CORE is not set -# CONFIG_MLXFW is not set -# CONFIG_NET_VENDOR_MICREL is not set +CONFIG_MLX5_CORE=m +CONFIG_MLX5_ACCEL=y +CONFIG_MLX5_FPGA=y +CONFIG_MLX5_CORE_EN=y +CONFIG_MLX5_EN_ARFS=y +CONFIG_MLX5_EN_RXNFC=y +CONFIG_MLX5_MPFS=y +CONFIG_MLX5_ESWITCH=y +CONFIG_MLX5_CORE_EN_DCB=y +CONFIG_MLX5_CORE_IPOIB=y +CONFIG_MLX5_FPGA_IPSEC=y +CONFIG_MLX5_EN_IPSEC=y +CONFIG_MLX5_FPGA_TLS=y +CONFIG_MLX5_TLS=y +CONFIG_MLX5_EN_TLS=y +CONFIG_MLX5_SW_STEERING=y +CONFIG_MLXSW_CORE=m +CONFIG_MLXSW_CORE_HWMON=y +CONFIG_MLXSW_CORE_THERMAL=y +CONFIG_MLXSW_PCI=m +CONFIG_MLXSW_I2C=m +CONFIG_MLXSW_SWITCHIB=m +CONFIG_MLXSW_SWITCHX2=m +CONFIG_MLXSW_SPECTRUM=m +CONFIG_MLXSW_SPECTRUM_DCB=y +CONFIG_MLXSW_MINIMAL=m +CONFIG_MLXFW=m +CONFIG_NET_VENDOR_MICREL=y +CONFIG_KS8842=m +CONFIG_KS8851=m +CONFIG_KS8851_MLL=m +CONFIG_KSZ884X_PCI=m CONFIG_NET_VENDOR_MICROCHIP=y -# CONFIG_ENC28J60 is not set -# CONFIG_ENCX24J600 is not set +CONFIG_ENC28J60=m +# CONFIG_ENC28J60_WRITEVERIFY is not set +CONFIG_ENCX24J600=m CONFIG_LAN743X=m CONFIG_NET_VENDOR_MICROSEMI=y -# CONFIG_MSCC_OCELOT_SWITCH is not set +CONFIG_MSCC_OCELOT_SWITCH=m +CONFIG_MSCC_OCELOT_SWITCH_OCELOT=m CONFIG_NET_VENDOR_MYRI=y CONFIG_MYRI10GE=m -# CONFIG_FEALNX is not set -# CONFIG_NET_VENDOR_NATSEMI is not set -# CONFIG_NET_VENDOR_NETERION is not set -# CONFIG_NET_VENDOR_NETRONOME is not set -# CONFIG_NET_VENDOR_NI is not set +CONFIG_FEALNX=m +CONFIG_NET_VENDOR_NATSEMI=y +CONFIG_NATSEMI=m +CONFIG_NS83820=m +CONFIG_NET_VENDOR_NETERION=y +CONFIG_S2IO=m +CONFIG_VXGE=m +# CONFIG_VXGE_DEBUG_TRACE_ALL is not set +CONFIG_NET_VENDOR_NETRONOME=y +CONFIG_NFP=m +CONFIG_NFP_APP_FLOWER=y +CONFIG_NFP_APP_ABM_NIC=y +# CONFIG_NFP_DEBUG is not set +CONFIG_NET_VENDOR_NI=y +CONFIG_NI_XGE_MANAGEMENT_ENET=m +CONFIG_NET_VENDOR_8390=y +CONFIG_NE2K_PCI=m CONFIG_NET_VENDOR_NVIDIA=y CONFIG_FORCEDETH=m -# CONFIG_NET_VENDOR_OKI is not set -# CONFIG_ETHOC is not set -# CONFIG_NET_VENDOR_PACKET_ENGINES is not set +CONFIG_NET_VENDOR_OKI=y +CONFIG_ETHOC=m +CONFIG_NET_VENDOR_PACKET_ENGINES=y +CONFIG_HAMACHI=m +CONFIG_YELLOWFIN=m CONFIG_NET_VENDOR_PENSANDO=y # CONFIG_IONIC is not set CONFIG_NET_VENDOR_QLOGIC=y -# CONFIG_QLA3XXX is not set -# CONFIG_QLCNIC is not set +CONFIG_QLA3XXX=m +CONFIG_QLCNIC=m +CONFIG_QLCNIC_SRIOV=y +CONFIG_QLCNIC_DCB=y +CONFIG_QLCNIC_HWMON=y CONFIG_NETXEN_NIC=m -# CONFIG_QED is not set +CONFIG_QED=m +CONFIG_QED_LL2=y +CONFIG_QED_SRIOV=y +CONFIG_QEDE=m +CONFIG_QED_RDMA=y +CONFIG_QED_OOO=y CONFIG_NET_VENDOR_QUALCOMM=y -# CONFIG_QCA7000_SPI is not set -# CONFIG_QCOM_EMAC is not set -# CONFIG_RMNET is not set -# CONFIG_NET_VENDOR_RDC is not set +CONFIG_QCA7000=m +CONFIG_QCA7000_SPI=m +CONFIG_QCA7000_UART=m +CONFIG_QCOM_EMAC=m +CONFIG_RMNET=m +CONFIG_NET_VENDOR_RDC=y +CONFIG_R6040=m CONFIG_NET_VENDOR_REALTEK=y CONFIG_8139CP=m CONFIG_8139TOO=m @@ -2422,169 +3153,271 @@ CONFIG_8139TOO_8129=y # CONFIG_8139_OLD_RX_RESET is not set CONFIG_R8169=m CONFIG_NET_VENDOR_RENESAS=y +CONFIG_SH_ETH=m +CONFIG_RAVB=m CONFIG_NET_VENDOR_ROCKER=y -# CONFIG_ROCKER is not set +CONFIG_ROCKER=m CONFIG_NET_VENDOR_SAMSUNG=y -# CONFIG_SXGBE_ETH is not set -# CONFIG_NET_VENDOR_SEEQ is not set -# CONFIG_NET_VENDOR_SOLARFLARE is not set -# CONFIG_NET_VENDOR_SILAN is not set -# CONFIG_NET_VENDOR_SIS is not set -# CONFIG_NET_VENDOR_SMSC is not set -# CONFIG_NET_VENDOR_SOCIONEXT is not set -# CONFIG_NET_VENDOR_STMICRO is not set -# CONFIG_NET_VENDOR_SUN is not set -# CONFIG_NET_VENDOR_SYNOPSYS is not set -# CONFIG_NET_VENDOR_TEHUTI is not set -# CONFIG_NET_VENDOR_TI is not set -# CONFIG_NET_VENDOR_VIA is not set -# CONFIG_NET_VENDOR_WIZNET is not set -# CONFIG_FDDI is not set +CONFIG_SXGBE_ETH=m +CONFIG_NET_VENDOR_SEEQ=y +CONFIG_NET_VENDOR_SOLARFLARE=y +CONFIG_SFC=m +CONFIG_SFC_MTD=y +CONFIG_SFC_MCDI_MON=y +CONFIG_SFC_SRIOV=y +CONFIG_SFC_MCDI_LOGGING=y +CONFIG_SFC_FALCON=m +CONFIG_SFC_FALCON_MTD=y +CONFIG_NET_VENDOR_SILAN=y +CONFIG_SC92031=m +CONFIG_NET_VENDOR_SIS=y +CONFIG_SIS900=m +CONFIG_SIS190=m +CONFIG_NET_VENDOR_SMSC=y +CONFIG_SMC91X=y +CONFIG_EPIC100=m +CONFIG_SMSC911X=m +CONFIG_SMSC9420=m +CONFIG_NET_VENDOR_SOCIONEXT=y +CONFIG_SNI_NETSEC=m +CONFIG_NET_VENDOR_STMICRO=y +CONFIG_STMMAC_ETH=m +# CONFIG_STMMAC_SELFTESTS is not set +CONFIG_STMMAC_PLATFORM=m +CONFIG_DWMAC_DWC_QOS_ETH=m +CONFIG_DWMAC_GENERIC=m +CONFIG_DWMAC_IPQ806X=m +CONFIG_DWMAC_MEDIATEK=m +CONFIG_DWMAC_MESON=m +CONFIG_DWMAC_QCOM_ETHQOS=m +CONFIG_DWMAC_ROCKCHIP=m +CONFIG_DWMAC_SOCFPGA=m +# CONFIG_DWMAC_SUNXI is not set +CONFIG_DWMAC_SUN8I=m +# CONFIG_STMMAC_PCI is not set +CONFIG_NET_VENDOR_SUN=y +CONFIG_HAPPYMEAL=m +CONFIG_SUNGEM=m +CONFIG_CASSINI=m +CONFIG_NIU=m +CONFIG_NET_VENDOR_SYNOPSYS=y +CONFIG_DWC_XLGMAC=m +CONFIG_DWC_XLGMAC_PCI=m +CONFIG_NET_VENDOR_TEHUTI=y +CONFIG_TEHUTI=m +CONFIG_NET_VENDOR_TI=y +# CONFIG_TI_CPSW_PHY_SEL is not set +CONFIG_TLAN=m +CONFIG_NET_VENDOR_VIA=y +CONFIG_VIA_RHINE=m +CONFIG_VIA_RHINE_MMIO=y +CONFIG_VIA_VELOCITY=m +CONFIG_NET_VENDOR_WIZNET=y +CONFIG_WIZNET_W5100=m +CONFIG_WIZNET_W5300=m +# CONFIG_WIZNET_BUS_DIRECT is not set +# CONFIG_WIZNET_BUS_INDIRECT is not set +CONFIG_WIZNET_BUS_ANY=y +CONFIG_WIZNET_W5100_SPI=m +CONFIG_FDDI=y +CONFIG_DEFXX=m +# CONFIG_DEFXX_MMIO is not set +CONFIG_SKFP=m # CONFIG_HIPPI is not set -# CONFIG_NET_SB1000 is not set +CONFIG_NET_SB1000=m CONFIG_MDIO_DEVICE=y CONFIG_MDIO_BUS=y # CONFIG_MDIO_BCM_IPROC is not set -# CONFIG_MDIO_BCM_UNIMAC is not set -# CONFIG_MDIO_BITBANG is not set +CONFIG_MDIO_BCM_UNIMAC=m +CONFIG_MDIO_BITBANG=m CONFIG_MDIO_BUS_MUX=y CONFIG_MDIO_BUS_MUX_BCM_IPROC=y -# CONFIG_MDIO_BUS_MUX_GPIO is not set +CONFIG_MDIO_BUS_MUX_GPIO=m CONFIG_MDIO_BUS_MUX_MESON_G12A=m -# CONFIG_MDIO_BUS_MUX_MMIOREG is not set -# CONFIG_MDIO_BUS_MUX_MULTIPLEXER is not set -# CONFIG_MDIO_HISI_FEMAC is not set -# CONFIG_MDIO_MSCC_MIIM is not set -# CONFIG_MDIO_OCTEON is not set +CONFIG_MDIO_BUS_MUX_MMIOREG=m +CONFIG_MDIO_BUS_MUX_MULTIPLEXER=m +CONFIG_MDIO_CAVIUM=m +CONFIG_MDIO_GPIO=m +CONFIG_MDIO_HISI_FEMAC=m +CONFIG_MDIO_I2C=m +CONFIG_MDIO_MSCC_MIIM=m +CONFIG_MDIO_OCTEON=m # CONFIG_MDIO_SUN4I is not set -# CONFIG_MDIO_THUNDER is not set -# CONFIG_MDIO_XGENE is not set +CONFIG_MDIO_THUNDER=m +CONFIG_MDIO_XGENE=m +CONFIG_PHYLINK=m CONFIG_PHYLIB=y CONFIG_SWPHY=y -# CONFIG_LED_TRIGGER_PHY is not set +CONFIG_LED_TRIGGER_PHY=y # # MII PHY device drivers # +CONFIG_SFP=m # CONFIG_ADIN_PHY is not set CONFIG_AMD_PHY=m -# CONFIG_AQUANTIA_PHY is not set -# CONFIG_AX88796B_PHY is not set +CONFIG_AQUANTIA_PHY=m +CONFIG_AX88796B_PHY=m CONFIG_AT803X_PHY=m CONFIG_BCM7XXX_PHY=m CONFIG_BCM87XX_PHY=m CONFIG_BCM_NET_PHYLIB=m CONFIG_BROADCOM_PHY=m -# CONFIG_CICADA_PHY is not set -# CONFIG_CORTINA_PHY is not set -# CONFIG_DAVICOM_PHY is not set -# CONFIG_DP83822_PHY is not set -# CONFIG_DP83TC811_PHY is not set -# CONFIG_DP83848_PHY is not set -# CONFIG_DP83867_PHY is not set +CONFIG_CICADA_PHY=m +CONFIG_CORTINA_PHY=m +CONFIG_DAVICOM_PHY=m +CONFIG_DP83822_PHY=m +CONFIG_DP83TC811_PHY=m +CONFIG_DP83848_PHY=m +CONFIG_DP83867_PHY=m CONFIG_FIXED_PHY=y -# CONFIG_ICPLUS_PHY is not set -# CONFIG_INTEL_XWAY_PHY is not set +CONFIG_ICPLUS_PHY=m +CONFIG_INTEL_XWAY_PHY=m CONFIG_LSI_ET1011C_PHY=m CONFIG_LXT_PHY=m CONFIG_MARVELL_PHY=m -# CONFIG_MARVELL_10G_PHY is not set -# CONFIG_MESON_GXL_PHY is not set +CONFIG_MARVELL_10G_PHY=m +CONFIG_MESON_GXL_PHY=m CONFIG_MICREL_PHY=m CONFIG_MICROCHIP_PHY=m CONFIG_MICROCHIP_T1_PHY=m -# CONFIG_MICROSEMI_PHY is not set +CONFIG_MICROSEMI_PHY=m CONFIG_NATIONAL_PHY=m -# CONFIG_NXP_TJA11XX_PHY is not set -# CONFIG_QSEMI_PHY is not set +CONFIG_NXP_TJA11XX_PHY=m +CONFIG_QSEMI_PHY=m CONFIG_REALTEK_PHY=m -# CONFIG_RENESAS_PHY is not set -# CONFIG_ROCKCHIP_PHY is not set -# CONFIG_SMSC_PHY is not set +CONFIG_RENESAS_PHY=m +CONFIG_ROCKCHIP_PHY=m +CONFIG_SMSC_PHY=m CONFIG_STE10XP=m -# CONFIG_TERANETICS_PHY is not set -# CONFIG_VITESSE_PHY is not set -# CONFIG_XILINX_GMII2RGMII is not set -# CONFIG_MICREL_KS8995MA is not set -# CONFIG_PPP is not set -# CONFIG_SLIP is not set - -# -# Host-side USB support is needed for USB Network Adapter support -# +CONFIG_TERANETICS_PHY=m +CONFIG_VITESSE_PHY=m +CONFIG_XILINX_GMII2RGMII=m +CONFIG_MICREL_KS8995MA=m +CONFIG_PPP=y +CONFIG_PPP_BSDCOMP=m +CONFIG_PPP_DEFLATE=m +CONFIG_PPP_FILTER=y +CONFIG_PPP_MPPE=m +CONFIG_PPP_MULTILINK=y +CONFIG_PPPOATM=m +CONFIG_PPPOE=m +CONFIG_PPTP=m +CONFIG_PPPOL2TP=m +CONFIG_PPP_ASYNC=m +CONFIG_PPP_SYNC_TTY=m +CONFIG_SLIP=m +CONFIG_SLHC=y +CONFIG_SLIP_COMPRESSED=y +CONFIG_SLIP_SMART=y +CONFIG_SLIP_MODE_SLIP6=y CONFIG_USB_NET_DRIVERS=m -# CONFIG_USB_CATC is not set -# CONFIG_USB_KAWETH is not set -# CONFIG_USB_PEGASUS is not set -# CONFIG_USB_RTL8150 is not set -# CONFIG_USB_RTL8152 is not set +CONFIG_USB_CATC=m +CONFIG_USB_KAWETH=m +CONFIG_USB_PEGASUS=m +CONFIG_USB_RTL8150=m +CONFIG_USB_RTL8152=m CONFIG_USB_LAN78XX=m CONFIG_USB_USBNET=m CONFIG_USB_NET_AX8817X=m CONFIG_USB_NET_AX88179_178A=m -# CONFIG_USB_NET_CDCETHER is not set -# CONFIG_USB_NET_CDC_EEM is not set +CONFIG_USB_NET_CDCETHER=m +CONFIG_USB_NET_CDC_EEM=m CONFIG_USB_NET_CDC_NCM=m CONFIG_USB_NET_HUAWEI_CDC_NCM=m CONFIG_USB_NET_CDC_MBIM=m -# CONFIG_USB_NET_DM9601 is not set -# CONFIG_USB_NET_SR9700 is not set -# CONFIG_USB_NET_SR9800 is not set -# CONFIG_USB_NET_SMSC75XX is not set +CONFIG_USB_NET_DM9601=m +CONFIG_USB_NET_SR9700=m +CONFIG_USB_NET_SR9800=m +CONFIG_USB_NET_SMSC75XX=m CONFIG_USB_NET_SMSC95XX=m -# CONFIG_USB_NET_GL620A is not set -# CONFIG_USB_NET_NET1080 is not set -# CONFIG_USB_NET_PLUSB is not set -# CONFIG_USB_NET_MCS7830 is not set -# CONFIG_USB_NET_RNDIS_HOST is not set -# CONFIG_USB_NET_CDC_SUBSET is not set -# CONFIG_USB_NET_ZAURUS is not set -# CONFIG_USB_NET_CX82310_ETH is not set -# CONFIG_USB_NET_KALMIA is not set +CONFIG_USB_NET_GL620A=m +CONFIG_USB_NET_NET1080=m +CONFIG_USB_NET_PLUSB=m +CONFIG_USB_NET_MCS7830=m +CONFIG_USB_NET_RNDIS_HOST=m +CONFIG_USB_NET_CDC_SUBSET_ENABLE=m +CONFIG_USB_NET_CDC_SUBSET=m +CONFIG_USB_ALI_M5632=y +CONFIG_USB_AN2720=y +CONFIG_USB_BELKIN=y +CONFIG_USB_ARMLINUX=y +CONFIG_USB_EPSON2888=y +CONFIG_USB_KC2190=y +CONFIG_USB_NET_ZAURUS=m +CONFIG_USB_NET_CX82310_ETH=m +CONFIG_USB_NET_KALMIA=m CONFIG_USB_NET_QMI_WWAN=m -# CONFIG_USB_NET_INT51X1 is not set -# CONFIG_USB_IPHETH is not set -# CONFIG_USB_SIERRA_NET is not set -# CONFIG_USB_NET_CH9200 is not set -# CONFIG_USB_NET_AQC111 is not set +CONFIG_USB_HSO=m +CONFIG_USB_NET_INT51X1=m +CONFIG_USB_CDC_PHONET=m +CONFIG_USB_IPHETH=m +CONFIG_USB_SIERRA_NET=m +CONFIG_USB_VL600=m +CONFIG_USB_NET_CH9200=m +CONFIG_USB_NET_AQC111=m CONFIG_WLAN=y # CONFIG_WIRELESS_WDS is not set -# CONFIG_WLAN_VENDOR_ADMTEK is not set +CONFIG_WLAN_VENDOR_ADMTEK=y +CONFIG_ADM8211=m CONFIG_ATH_COMMON=m CONFIG_WLAN_VENDOR_ATH=y # CONFIG_ATH_DEBUG is not set -# CONFIG_ATH5K is not set -# CONFIG_ATH5K_PCI is not set +CONFIG_ATH5K=m +# CONFIG_ATH5K_DEBUG is not set +# CONFIG_ATH5K_TRACER is not set +CONFIG_ATH5K_PCI=y CONFIG_ATH9K_HW=m CONFIG_ATH9K_COMMON=m +CONFIG_ATH9K_COMMON_DEBUG=y CONFIG_ATH9K_BTCOEX_SUPPORT=y CONFIG_ATH9K=m CONFIG_ATH9K_PCI=y -# CONFIG_ATH9K_AHB is not set -# CONFIG_ATH9K_DEBUGFS is not set +CONFIG_ATH9K_AHB=y +CONFIG_ATH9K_DEBUGFS=y +CONFIG_ATH9K_STATION_STATISTICS=y # CONFIG_ATH9K_DYNACK is not set -# CONFIG_ATH9K_WOW is not set -# CONFIG_ATH9K_CHANNEL_CONTEXT is not set +CONFIG_ATH9K_WOW=y +CONFIG_ATH9K_RFKILL=y +CONFIG_ATH9K_CHANNEL_CONTEXT=y CONFIG_ATH9K_PCOEM=y # CONFIG_ATH9K_PCI_NO_EEPROM is not set -# CONFIG_ATH9K_HTC is not set -# CONFIG_ATH9K_HWRNG is not set -# CONFIG_CARL9170 is not set -# CONFIG_ATH6KL is not set -# CONFIG_AR5523 is not set -# CONFIG_WIL6210 is not set +CONFIG_ATH9K_HTC=m +CONFIG_ATH9K_HTC_DEBUGFS=y +CONFIG_ATH9K_HWRNG=y +CONFIG_ATH9K_COMMON_SPECTRAL=y +CONFIG_CARL9170=m +CONFIG_CARL9170_LEDS=y +# CONFIG_CARL9170_DEBUGFS is not set +CONFIG_CARL9170_WPC=y +CONFIG_CARL9170_HWRNG=y +CONFIG_ATH6KL=m +CONFIG_ATH6KL_SDIO=m +CONFIG_ATH6KL_USB=m +# CONFIG_ATH6KL_DEBUG is not set +# CONFIG_ATH6KL_TRACING is not set +CONFIG_AR5523=m +CONFIG_WIL6210=m +CONFIG_WIL6210_ISR_COR=y +CONFIG_WIL6210_TRACING=y +CONFIG_WIL6210_DEBUGFS=y CONFIG_ATH10K=m CONFIG_ATH10K_CE=y CONFIG_ATH10K_PCI=m -# CONFIG_ATH10K_AHB is not set -# CONFIG_ATH10K_SDIO is not set -# CONFIG_ATH10K_USB is not set -# CONFIG_ATH10K_SNOC is not set +CONFIG_ATH10K_AHB=y +CONFIG_ATH10K_SDIO=m +CONFIG_ATH10K_USB=m +CONFIG_ATH10K_SNOC=m # CONFIG_ATH10K_DEBUG is not set -# CONFIG_ATH10K_DEBUGFS is not set -# CONFIG_ATH10K_TRACING is not set -# CONFIG_WCN36XX is not set -# CONFIG_WLAN_VENDOR_ATMEL is not set +CONFIG_ATH10K_DEBUGFS=y +CONFIG_ATH10K_SPECTRAL=y +CONFIG_ATH10K_TRACING=y +CONFIG_WCN36XX=m +# CONFIG_WCN36XX_DEBUGFS is not set +CONFIG_WLAN_VENDOR_ATMEL=y +CONFIG_ATMEL=m +CONFIG_PCI_ATMEL=m +CONFIG_AT76C50X_USB=m CONFIG_WLAN_VENDOR_BROADCOM=y CONFIG_B43=m CONFIG_B43_BCMA=y @@ -2604,44 +3437,277 @@ CONFIG_B43_PHY_HT=y CONFIG_B43_LEDS=y CONFIG_B43_HWRNG=y # CONFIG_B43_DEBUG is not set -# CONFIG_B43LEGACY is not set +CONFIG_B43LEGACY=m +CONFIG_B43LEGACY_PCI_AUTOSELECT=y +CONFIG_B43LEGACY_PCICORE_AUTOSELECT=y +CONFIG_B43LEGACY_LEDS=y +CONFIG_B43LEGACY_HWRNG=y +# CONFIG_B43LEGACY_DEBUG is not set +CONFIG_B43LEGACY_DMA=y +CONFIG_B43LEGACY_PIO=y +CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y +# CONFIG_B43LEGACY_DMA_MODE is not set +# CONFIG_B43LEGACY_PIO_MODE is not set CONFIG_BRCMUTIL=m -# CONFIG_BRCMSMAC is not set +CONFIG_BRCMSMAC=m CONFIG_BRCMFMAC=m CONFIG_BRCMFMAC_PROTO_BCDC=y +CONFIG_BRCMFMAC_PROTO_MSGBUF=y CONFIG_BRCMFMAC_SDIO=y CONFIG_BRCMFMAC_USB=y -# CONFIG_BRCMFMAC_PCIE is not set -# CONFIG_BRCM_TRACING is not set +CONFIG_BRCMFMAC_PCIE=y +CONFIG_BRCM_TRACING=y # CONFIG_BRCMDBG is not set -# CONFIG_WLAN_VENDOR_CISCO is not set -# CONFIG_WLAN_VENDOR_INTEL is not set -# CONFIG_WLAN_VENDOR_INTERSIL is not set -# CONFIG_WLAN_VENDOR_MARVELL is not set -# CONFIG_WLAN_VENDOR_MEDIATEK is not set -# CONFIG_WLAN_VENDOR_RALINK is not set -# CONFIG_WLAN_VENDOR_REALTEK is not set -# CONFIG_WLAN_VENDOR_RSI is not set -# CONFIG_WLAN_VENDOR_ST is not set -# CONFIG_WLAN_VENDOR_TI is not set -# CONFIG_WLAN_VENDOR_ZYDAS is not set -# CONFIG_WLAN_VENDOR_QUANTENNA is not set -# CONFIG_MAC80211_HWSIM is not set -# CONFIG_USB_NET_RNDIS_WLAN is not set -# CONFIG_VIRT_WIFI is not set - -# -# Enable WiMAX (Networking options) to see the WiMAX drivers -# -# CONFIG_WAN is not set -CONFIG_XEN_NETDEV_FRONTEND=m -# CONFIG_XEN_NETDEV_BACKEND is not set -CONFIG_VMXNET3=y -# CONFIG_FUJITSU_ES is not set -# CONFIG_NETDEVSIM is not set +CONFIG_WLAN_VENDOR_CISCO=y +CONFIG_WLAN_VENDOR_INTEL=y +CONFIG_IPW2100=m +CONFIG_IPW2100_MONITOR=y +# CONFIG_IPW2100_DEBUG is not set +CONFIG_IPW2200=m +CONFIG_IPW2200_MONITOR=y +CONFIG_IPW2200_RADIOTAP=y +CONFIG_IPW2200_PROMISCUOUS=y +CONFIG_IPW2200_QOS=y +# CONFIG_IPW2200_DEBUG is not set +CONFIG_LIBIPW=m +# CONFIG_LIBIPW_DEBUG is not set +CONFIG_IWLEGACY=m +CONFIG_IWL4965=m +CONFIG_IWL3945=m + +# +# iwl3945 / iwl4965 Debugging Options +# +# CONFIG_IWLEGACY_DEBUG is not set +CONFIG_IWLEGACY_DEBUGFS=y +# end of iwl3945 / iwl4965 Debugging Options + +CONFIG_IWLWIFI=m +CONFIG_IWLWIFI_LEDS=y +CONFIG_IWLDVM=m +CONFIG_IWLMVM=m +CONFIG_IWLWIFI_OPMODE_MODULAR=y +# CONFIG_IWLWIFI_BCAST_FILTERING is not set + +# +# Debugging Options +# +# CONFIG_IWLWIFI_DEBUG is not set +CONFIG_IWLWIFI_DEBUGFS=y +CONFIG_IWLWIFI_DEVICE_TRACING=y +# end of Debugging Options + +CONFIG_WLAN_VENDOR_INTERSIL=y +CONFIG_HOSTAP=m +CONFIG_HOSTAP_FIRMWARE=y +CONFIG_HOSTAP_FIRMWARE_NVRAM=y +CONFIG_HOSTAP_PLX=m +CONFIG_HOSTAP_PCI=m +CONFIG_HERMES=m +# CONFIG_HERMES_PRISM is not set +CONFIG_HERMES_CACHE_FW_ON_INIT=y +CONFIG_PLX_HERMES=m +CONFIG_TMD_HERMES=m +CONFIG_NORTEL_HERMES=m +CONFIG_ORINOCO_USB=m +CONFIG_P54_COMMON=m +CONFIG_P54_USB=m +CONFIG_P54_PCI=m +CONFIG_P54_SPI=m +# CONFIG_P54_SPI_DEFAULT_EEPROM is not set +CONFIG_P54_LEDS=y +# CONFIG_PRISM54 is not set +CONFIG_WLAN_VENDOR_MARVELL=y +CONFIG_LIBERTAS=m +CONFIG_LIBERTAS_USB=m +CONFIG_LIBERTAS_SDIO=m +CONFIG_LIBERTAS_SPI=m +# CONFIG_LIBERTAS_DEBUG is not set +CONFIG_LIBERTAS_MESH=y +CONFIG_LIBERTAS_THINFIRM=m +# CONFIG_LIBERTAS_THINFIRM_DEBUG is not set +CONFIG_LIBERTAS_THINFIRM_USB=m +CONFIG_MWIFIEX=m +CONFIG_MWIFIEX_SDIO=m +CONFIG_MWIFIEX_PCIE=m +CONFIG_MWIFIEX_USB=m +CONFIG_MWL8K=m +CONFIG_WLAN_VENDOR_MEDIATEK=y +CONFIG_MT7601U=m +CONFIG_MT76_CORE=m +CONFIG_MT76_LEDS=y +CONFIG_MT76_USB=m +CONFIG_MT76x02_LIB=m +CONFIG_MT76x02_USB=m +CONFIG_MT76x0_COMMON=m +CONFIG_MT76x0U=m +CONFIG_MT76x0E=m +CONFIG_MT76x2_COMMON=m +CONFIG_MT76x2E=m +CONFIG_MT76x2U=m +CONFIG_MT7603E=m +CONFIG_MT7615E=m +CONFIG_WLAN_VENDOR_RALINK=y +CONFIG_RT2X00=m +CONFIG_RT2400PCI=m +CONFIG_RT2500PCI=m +CONFIG_RT61PCI=m +CONFIG_RT2800PCI=m +CONFIG_RT2800PCI_RT33XX=y +CONFIG_RT2800PCI_RT35XX=y +CONFIG_RT2800PCI_RT53XX=y +CONFIG_RT2800PCI_RT3290=y +CONFIG_RT2500USB=m +CONFIG_RT73USB=m +CONFIG_RT2800USB=m +CONFIG_RT2800USB_RT33XX=y +CONFIG_RT2800USB_RT35XX=y +CONFIG_RT2800USB_RT3573=y +CONFIG_RT2800USB_RT53XX=y +CONFIG_RT2800USB_RT55XX=y +CONFIG_RT2800USB_UNKNOWN=y +CONFIG_RT2800_LIB=m +CONFIG_RT2800_LIB_MMIO=m +CONFIG_RT2X00_LIB_MMIO=m +CONFIG_RT2X00_LIB_PCI=m +CONFIG_RT2X00_LIB_USB=m +CONFIG_RT2X00_LIB=m +CONFIG_RT2X00_LIB_FIRMWARE=y +CONFIG_RT2X00_LIB_CRYPTO=y +CONFIG_RT2X00_LIB_LEDS=y +# CONFIG_RT2X00_LIB_DEBUGFS is not set +# CONFIG_RT2X00_DEBUG is not set +CONFIG_WLAN_VENDOR_REALTEK=y +CONFIG_RTL8180=m +CONFIG_RTL8187=m +CONFIG_RTL8187_LEDS=y +CONFIG_RTL_CARDS=m +CONFIG_RTL8192CE=m +CONFIG_RTL8192SE=m +CONFIG_RTL8192DE=m +CONFIG_RTL8723AE=m +CONFIG_RTL8723BE=m +CONFIG_RTL8188EE=m +CONFIG_RTL8192EE=m +CONFIG_RTL8821AE=m +CONFIG_RTL8192CU=m +CONFIG_RTLWIFI=m +CONFIG_RTLWIFI_PCI=m +CONFIG_RTLWIFI_USB=m +# CONFIG_RTLWIFI_DEBUG is not set +CONFIG_RTL8192C_COMMON=m +CONFIG_RTL8723_COMMON=m +CONFIG_RTLBTCOEXIST=m +CONFIG_RTL8XXXU=m +CONFIG_RTL8XXXU_UNTESTED=y +CONFIG_RTW88=m +CONFIG_RTW88_CORE=m +CONFIG_RTW88_PCI=m +CONFIG_RTW88_8822BE=y +CONFIG_RTW88_8822CE=y +CONFIG_RTW88_DEBUG=y +CONFIG_RTW88_DEBUGFS=y +CONFIG_WLAN_VENDOR_RSI=y +CONFIG_RSI_91X=m +# CONFIG_RSI_DEBUGFS is not set +CONFIG_RSI_SDIO=m +CONFIG_RSI_USB=m +CONFIG_RSI_COEX=y +CONFIG_WLAN_VENDOR_ST=y +CONFIG_CW1200=m +CONFIG_CW1200_WLAN_SDIO=m +CONFIG_CW1200_WLAN_SPI=m +CONFIG_WLAN_VENDOR_TI=y +CONFIG_WL1251=m +CONFIG_WL1251_SPI=m +CONFIG_WL1251_SDIO=m +CONFIG_WL12XX=m +CONFIG_WL18XX=m +CONFIG_WLCORE=m +CONFIG_WLCORE_SPI=m +CONFIG_WLCORE_SDIO=m +CONFIG_WILINK_PLATFORM_DATA=y +CONFIG_WLAN_VENDOR_ZYDAS=y +CONFIG_USB_ZD1201=m +CONFIG_ZD1211RW=m +# CONFIG_ZD1211RW_DEBUG is not set +CONFIG_WLAN_VENDOR_QUANTENNA=y +CONFIG_QTNFMAC=m +CONFIG_QTNFMAC_PCIE=m +CONFIG_MAC80211_HWSIM=m +CONFIG_USB_NET_RNDIS_WLAN=m +CONFIG_VIRT_WIFI=m + +# +# WiMAX Wireless Broadband devices +# +CONFIG_WIMAX_I2400M=m +CONFIG_WIMAX_I2400M_USB=m +CONFIG_WIMAX_I2400M_DEBUG_LEVEL=8 +# end of WiMAX Wireless Broadband devices + +CONFIG_WAN=y +CONFIG_HDLC=m +CONFIG_HDLC_RAW=m +CONFIG_HDLC_RAW_ETH=m +CONFIG_HDLC_CISCO=m +CONFIG_HDLC_FR=m +CONFIG_HDLC_PPP=m +CONFIG_HDLC_X25=m +CONFIG_PCI200SYN=m +CONFIG_WANXL=m +CONFIG_PC300TOO=m +CONFIG_FARSYNC=m +CONFIG_SLIC_DS26522=m +CONFIG_DLCI=m +CONFIG_DLCI_MAX=8 +CONFIG_LAPBETHER=m +CONFIG_X25_ASY=m +CONFIG_IEEE802154_DRIVERS=m +CONFIG_IEEE802154_FAKELB=m +CONFIG_IEEE802154_AT86RF230=m +CONFIG_IEEE802154_AT86RF230_DEBUGFS=y +CONFIG_IEEE802154_MRF24J40=m +CONFIG_IEEE802154_CC2520=m +CONFIG_IEEE802154_ATUSB=m +CONFIG_IEEE802154_ADF7242=m +CONFIG_IEEE802154_CA8210=m +CONFIG_IEEE802154_CA8210_DEBUGFS=y +CONFIG_IEEE802154_MCR20A=m +CONFIG_IEEE802154_HWSIM=m +CONFIG_XEN_NETDEV_FRONTEND=y +CONFIG_XEN_NETDEV_BACKEND=m +CONFIG_VMXNET3=m +CONFIG_FUJITSU_ES=m +CONFIG_HYPERV_NET=y +CONFIG_NETDEVSIM=m CONFIG_NET_FAILOVER=y -# CONFIG_ISDN is not set -# CONFIG_NVM is not set +CONFIG_ISDN=y +CONFIG_ISDN_CAPI=m +CONFIG_CAPI_TRACE=y +CONFIG_ISDN_CAPI_CAPI20=m +CONFIG_ISDN_CAPI_MIDDLEWARE=y +CONFIG_MISDN=m +CONFIG_MISDN_DSP=m +CONFIG_MISDN_L1OIP=m + +# +# mISDN hardware drivers +# +CONFIG_MISDN_HFCPCI=m +CONFIG_MISDN_HFCMULTI=m +CONFIG_MISDN_HFCUSB=m +CONFIG_MISDN_AVMFRITZ=m +CONFIG_MISDN_SPEEDFAX=m +CONFIG_MISDN_INFINEON=m +CONFIG_MISDN_W6692=m +CONFIG_MISDN_NETJET=m +CONFIG_MISDN_HDLC=m +CONFIG_MISDN_IPAC=m +CONFIG_MISDN_ISAR=m +CONFIG_NVM=y +CONFIG_NVM_PBLK=m +# CONFIG_NVM_PBLK_DEBUG is not set # # Input device support @@ -2649,68 +3715,72 @@ CONFIG_NET_FAILOVER=y CONFIG_INPUT=y CONFIG_INPUT_LEDS=m CONFIG_INPUT_FF_MEMLESS=m -# CONFIG_INPUT_POLLDEV is not set -# CONFIG_INPUT_SPARSEKMAP is not set -# CONFIG_INPUT_MATRIXKMAP is not set +CONFIG_INPUT_POLLDEV=m +CONFIG_INPUT_SPARSEKMAP=m +CONFIG_INPUT_MATRIXKMAP=m # # Userland interfaces # -CONFIG_INPUT_MOUSEDEV=m -# CONFIG_INPUT_MOUSEDEV_PSAUX is not set +CONFIG_INPUT_MOUSEDEV=y +CONFIG_INPUT_MOUSEDEV_PSAUX=y CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 # CONFIG_INPUT_JOYDEV is not set -CONFIG_INPUT_EVDEV=m +# CONFIG_INPUT_EVDEV is not set # CONFIG_INPUT_EVBUG is not set # # Input Device Drivers # CONFIG_INPUT_KEYBOARD=y -# CONFIG_KEYBOARD_ADP5588 is not set -# CONFIG_KEYBOARD_ADP5589 is not set +CONFIG_KEYBOARD_ADP5588=m +CONFIG_KEYBOARD_ADP5589=m CONFIG_KEYBOARD_ATKBD=y -# CONFIG_KEYBOARD_QT1050 is not set -# CONFIG_KEYBOARD_QT1070 is not set -# CONFIG_KEYBOARD_QT2160 is not set -# CONFIG_KEYBOARD_DLINK_DIR685 is not set -# CONFIG_KEYBOARD_LKKBD is not set -# CONFIG_KEYBOARD_GPIO is not set -# CONFIG_KEYBOARD_GPIO_POLLED is not set -# CONFIG_KEYBOARD_TCA6416 is not set -# CONFIG_KEYBOARD_TCA8418 is not set -# CONFIG_KEYBOARD_MATRIX is not set -# CONFIG_KEYBOARD_LM8323 is not set -# CONFIG_KEYBOARD_LM8333 is not set -# CONFIG_KEYBOARD_MAX7359 is not set -# CONFIG_KEYBOARD_MCS is not set -# CONFIG_KEYBOARD_MPR121 is not set -# CONFIG_KEYBOARD_NEWTON is not set +CONFIG_KEYBOARD_QT1050=m +CONFIG_KEYBOARD_QT1070=m +CONFIG_KEYBOARD_QT2160=m +CONFIG_KEYBOARD_DLINK_DIR685=m +CONFIG_KEYBOARD_LKKBD=m +CONFIG_KEYBOARD_GPIO=m +CONFIG_KEYBOARD_GPIO_POLLED=m +CONFIG_KEYBOARD_TCA6416=m +CONFIG_KEYBOARD_TCA8418=m +CONFIG_KEYBOARD_MATRIX=m +CONFIG_KEYBOARD_LM8323=m +CONFIG_KEYBOARD_LM8333=m +CONFIG_KEYBOARD_MAX7359=m +CONFIG_KEYBOARD_MCS=m +CONFIG_KEYBOARD_MPR121=m +CONFIG_KEYBOARD_SNVS_PWRKEY=m +CONFIG_KEYBOARD_IMX=m +CONFIG_KEYBOARD_NEWTON=m # CONFIG_KEYBOARD_TEGRA is not set -# CONFIG_KEYBOARD_OPENCORES is not set -# CONFIG_KEYBOARD_SAMSUNG is not set -# CONFIG_KEYBOARD_STOWAWAY is not set -# CONFIG_KEYBOARD_SUNKBD is not set +CONFIG_KEYBOARD_OPENCORES=m +CONFIG_KEYBOARD_SAMSUNG=m +CONFIG_KEYBOARD_STOWAWAY=m +CONFIG_KEYBOARD_SUNKBD=m # CONFIG_KEYBOARD_SUN4I_LRADC is not set -# CONFIG_KEYBOARD_OMAP4 is not set -# CONFIG_KEYBOARD_TM2_TOUCHKEY is not set -# CONFIG_KEYBOARD_XTKBD is not set -# CONFIG_KEYBOARD_CAP11XX is not set -# CONFIG_KEYBOARD_BCM is not set +CONFIG_KEYBOARD_OMAP4=m +CONFIG_KEYBOARD_TM2_TOUCHKEY=m +CONFIG_KEYBOARD_XTKBD=m +CONFIG_KEYBOARD_CAP11XX=m +CONFIG_KEYBOARD_BCM=m CONFIG_INPUT_MOUSE=y CONFIG_MOUSE_PS2=m CONFIG_MOUSE_PS2_ALPS=y -# CONFIG_MOUSE_PS2_BYD is not set +CONFIG_MOUSE_PS2_BYD=y CONFIG_MOUSE_PS2_LOGIPS2PP=y CONFIG_MOUSE_PS2_SYNAPTICS=y -# CONFIG_MOUSE_PS2_SYNAPTICS_SMBUS is not set +CONFIG_MOUSE_PS2_SYNAPTICS_SMBUS=y CONFIG_MOUSE_PS2_CYPRESS=y CONFIG_MOUSE_PS2_TRACKPOINT=y -# CONFIG_MOUSE_PS2_ELANTECH is not set -# CONFIG_MOUSE_PS2_SENTELIC is not set -# CONFIG_MOUSE_PS2_TOUCHKIT is not set +CONFIG_MOUSE_PS2_ELANTECH=y +CONFIG_MOUSE_PS2_ELANTECH_SMBUS=y +CONFIG_MOUSE_PS2_SENTELIC=y +CONFIG_MOUSE_PS2_TOUCHKIT=y CONFIG_MOUSE_PS2_FOCALTECH=y +CONFIG_MOUSE_PS2_SMBUS=y # CONFIG_MOUSE_SERIAL is not set # CONFIG_MOUSE_APPLETOUCH is not set # CONFIG_MOUSE_BCM5974 is not set @@ -2724,55 +3794,79 @@ CONFIG_MOUSE_PS2_FOCALTECH=y # CONFIG_INPUT_TABLET is not set # CONFIG_INPUT_TOUCHSCREEN is not set CONFIG_INPUT_MISC=y -# CONFIG_INPUT_AD714X is not set -# CONFIG_INPUT_ATMEL_CAPTOUCH is not set -# CONFIG_INPUT_BMA150 is not set -# CONFIG_INPUT_E3X0_BUTTON is not set -# CONFIG_INPUT_MSM_VIBRATOR is not set -# CONFIG_INPUT_MMA8450 is not set -# CONFIG_INPUT_GP2A is not set -# CONFIG_INPUT_GPIO_BEEPER is not set -# CONFIG_INPUT_GPIO_DECODER is not set -# CONFIG_INPUT_GPIO_VIBRA is not set -# CONFIG_INPUT_ATI_REMOTE2 is not set -# CONFIG_INPUT_KEYSPAN_REMOTE is not set -# CONFIG_INPUT_KXTJ9 is not set -# CONFIG_INPUT_POWERMATE is not set -# CONFIG_INPUT_YEALINK is not set -# CONFIG_INPUT_CM109 is not set -# CONFIG_INPUT_REGULATOR_HAPTIC is not set -# CONFIG_INPUT_UINPUT is not set -# CONFIG_INPUT_PCF8574 is not set -# CONFIG_INPUT_PWM_BEEPER is not set -# CONFIG_INPUT_PWM_VIBRA is not set -# CONFIG_INPUT_GPIO_ROTARY_ENCODER is not set -# CONFIG_INPUT_ADXL34X is not set -# CONFIG_INPUT_IMS_PCU is not set -# CONFIG_INPUT_CMA3000 is not set -CONFIG_INPUT_XEN_KBDDEV_FRONTEND=y -# CONFIG_INPUT_DRV260X_HAPTICS is not set -# CONFIG_INPUT_DRV2665_HAPTICS is not set -# CONFIG_INPUT_DRV2667_HAPTICS is not set -# CONFIG_INPUT_HISI_POWERKEY is not set -# CONFIG_RMI4_CORE is not set +CONFIG_INPUT_AD714X=m +CONFIG_INPUT_AD714X_I2C=m +CONFIG_INPUT_AD714X_SPI=m +CONFIG_INPUT_ATMEL_CAPTOUCH=m +CONFIG_INPUT_BMA150=m +CONFIG_INPUT_E3X0_BUTTON=m +CONFIG_INPUT_MSM_VIBRATOR=m +CONFIG_INPUT_MMA8450=m +CONFIG_INPUT_GP2A=m +CONFIG_INPUT_GPIO_BEEPER=m +CONFIG_INPUT_GPIO_DECODER=m +CONFIG_INPUT_GPIO_VIBRA=m +CONFIG_INPUT_ATI_REMOTE2=m +CONFIG_INPUT_KEYSPAN_REMOTE=m +CONFIG_INPUT_KXTJ9=m +# CONFIG_INPUT_KXTJ9_POLLED_MODE is not set +CONFIG_INPUT_POWERMATE=m +CONFIG_INPUT_YEALINK=m +CONFIG_INPUT_CM109=m +CONFIG_INPUT_REGULATOR_HAPTIC=m +CONFIG_INPUT_UINPUT=y +CONFIG_INPUT_PCF8574=m +CONFIG_INPUT_PWM_BEEPER=m +CONFIG_INPUT_PWM_VIBRA=m +CONFIG_INPUT_GPIO_ROTARY_ENCODER=m +CONFIG_INPUT_ADXL34X=m +CONFIG_INPUT_ADXL34X_I2C=m +CONFIG_INPUT_ADXL34X_SPI=m +CONFIG_INPUT_IMS_PCU=m +CONFIG_INPUT_CMA3000=m +CONFIG_INPUT_CMA3000_I2C=m +CONFIG_INPUT_XEN_KBDDEV_FRONTEND=m +CONFIG_INPUT_SOC_BUTTON_ARRAY=m +CONFIG_INPUT_DRV260X_HAPTICS=m +CONFIG_INPUT_DRV2665_HAPTICS=m +CONFIG_INPUT_DRV2667_HAPTICS=m +CONFIG_INPUT_HISI_POWERKEY=m +CONFIG_RMI4_CORE=m +CONFIG_RMI4_I2C=m +CONFIG_RMI4_SPI=m +CONFIG_RMI4_SMB=m +CONFIG_RMI4_F03=y +CONFIG_RMI4_F03_SERIO=m +CONFIG_RMI4_2D_SENSOR=y +CONFIG_RMI4_F11=y +CONFIG_RMI4_F12=y +CONFIG_RMI4_F30=y +CONFIG_RMI4_F34=y +CONFIG_RMI4_F54=y +CONFIG_RMI4_F55=y # # Hardware I/O ports # CONFIG_SERIO=y -# CONFIG_SERIO_SERPORT is not set -# CONFIG_SERIO_AMBAKMI is not set -# CONFIG_SERIO_PCIPS2 is not set +CONFIG_SERIO_SERPORT=m +CONFIG_SERIO_AMBAKMI=m +CONFIG_SERIO_PCIPS2=m CONFIG_SERIO_LIBPS2=y -# CONFIG_SERIO_RAW is not set -# CONFIG_SERIO_ALTERA_PS2 is not set -# CONFIG_SERIO_PS2MULT is not set -# CONFIG_SERIO_ARC_PS2 is not set -# CONFIG_SERIO_APBPS2 is not set +CONFIG_SERIO_RAW=m +CONFIG_SERIO_ALTERA_PS2=m +CONFIG_SERIO_PS2MULT=m +CONFIG_SERIO_ARC_PS2=m +CONFIG_SERIO_APBPS2=m +CONFIG_HYPERV_KEYBOARD=y # CONFIG_SERIO_SUN4I_PS2 is not set -# CONFIG_SERIO_GPIO_PS2 is not set -# CONFIG_USERIO is not set -# CONFIG_GAMEPORT is not set +CONFIG_SERIO_GPIO_PS2=m +CONFIG_USERIO=m +CONFIG_GAMEPORT=m +CONFIG_GAMEPORT_NS558=m +CONFIG_GAMEPORT_L4=m +CONFIG_GAMEPORT_EMU10K1=m +CONFIG_GAMEPORT_FM801=m # end of Hardware I/O ports # end of Input device support @@ -2788,9 +3882,18 @@ CONFIG_HW_CONSOLE=y CONFIG_VT_HW_CONSOLE_BINDING=y CONFIG_UNIX98_PTYS=y # CONFIG_LEGACY_PTYS is not set -# CONFIG_SERIAL_NONSTANDARD is not set -# CONFIG_NOZOMI is not set -# CONFIG_N_GSM is not set +CONFIG_SERIAL_NONSTANDARD=y +CONFIG_ROCKETPORT=m +CONFIG_CYCLADES=m +# CONFIG_CYZ_INTR is not set +CONFIG_MOXA_INTELLIO=m +CONFIG_MOXA_SMARTIO=m +CONFIG_SYNCLINKMP=m +CONFIG_SYNCLINK_GT=m +CONFIG_NOZOMI=m +CONFIG_ISI=m +CONFIG_N_HDLC=m +CONFIG_N_GSM=m # CONFIG_TRACE_SINK is not set # CONFIG_NULL_TTY is not set # CONFIG_LDISC_AUTOLOAD is not set @@ -2803,16 +3906,16 @@ CONFIG_SERIAL_EARLYCON=y CONFIG_SERIAL_8250=y CONFIG_SERIAL_8250_DEPRECATED_OPTIONS=y CONFIG_SERIAL_8250_PNP=y -# CONFIG_SERIAL_8250_FINTEK is not set +CONFIG_SERIAL_8250_FINTEK=y CONFIG_SERIAL_8250_CONSOLE=y CONFIG_SERIAL_8250_DMA=y CONFIG_SERIAL_8250_PCI=y -# CONFIG_SERIAL_8250_EXAR is not set -CONFIG_SERIAL_8250_NR_UARTS=32 -CONFIG_SERIAL_8250_RUNTIME_UARTS=4 +CONFIG_SERIAL_8250_EXAR=m +CONFIG_SERIAL_8250_NR_UARTS=48 +CONFIG_SERIAL_8250_RUNTIME_UARTS=32 CONFIG_SERIAL_8250_EXTENDED=y CONFIG_SERIAL_8250_MANY_PORTS=y -# CONFIG_SERIAL_8250_ASPEED_VUART is not set +CONFIG_SERIAL_8250_ASPEED_VUART=m CONFIG_SERIAL_8250_SHARE_IRQ=y # CONFIG_SERIAL_8250_DETECT_IRQ is not set CONFIG_SERIAL_8250_RSA=y @@ -2820,48 +3923,66 @@ CONFIG_SERIAL_8250_DWLIB=y CONFIG_SERIAL_8250_BCM2835AUX=y CONFIG_SERIAL_8250_FSL=y CONFIG_SERIAL_8250_DW=y -# CONFIG_SERIAL_8250_RT288X is not set -# CONFIG_SERIAL_8250_MT6577 is not set +CONFIG_SERIAL_8250_RT288X=y +CONFIG_SERIAL_8250_OMAP=m +CONFIG_SERIAL_8250_MT6577=y CONFIG_SERIAL_OF_PLATFORM=y # # Non-8250 serial port support # -# CONFIG_SERIAL_AMBA_PL010 is not set +CONFIG_SERIAL_AMBA_PL010=m CONFIG_SERIAL_AMBA_PL011=y CONFIG_SERIAL_AMBA_PL011_CONSOLE=y -# CONFIG_SERIAL_EARLYCON_ARM_SEMIHOST is not set -# CONFIG_SERIAL_MESON is not set -# CONFIG_SERIAL_SAMSUNG is not set -# CONFIG_SERIAL_MAX3100 is not set -# CONFIG_SERIAL_MAX310X is not set -# CONFIG_SERIAL_UARTLITE is not set +CONFIG_SERIAL_EARLYCON_ARM_SEMIHOST=y +CONFIG_SERIAL_MESON=y +CONFIG_SERIAL_MESON_CONSOLE=y +CONFIG_SERIAL_MAX3100=m +CONFIG_SERIAL_MAX310X=y +CONFIG_SERIAL_IMX=y +CONFIG_SERIAL_IMX_CONSOLE=y +CONFIG_SERIAL_UARTLITE=m +CONFIG_SERIAL_UARTLITE_NR_UARTS=1 +CONFIG_SERIAL_SH_SCI=m +CONFIG_SERIAL_SH_SCI_NR_UARTS=2 +CONFIG_SERIAL_SH_SCI_DMA=y CONFIG_SERIAL_CORE=y CONFIG_SERIAL_CORE_CONSOLE=y -# CONFIG_SERIAL_JSM is not set -# CONFIG_SERIAL_MSM is not set -# CONFIG_SERIAL_SIFIVE is not set -# CONFIG_SERIAL_SCCNXP is not set +CONFIG_SERIAL_JSM=m +CONFIG_SERIAL_MSM=y +CONFIG_SERIAL_MSM_CONSOLE=y +CONFIG_SERIAL_SIFIVE=m +CONFIG_SERIAL_SCCNXP=y +CONFIG_SERIAL_SCCNXP_CONSOLE=y CONFIG_SERIAL_SC16IS7XX_CORE=m CONFIG_SERIAL_SC16IS7XX=m CONFIG_SERIAL_SC16IS7XX_I2C=y CONFIG_SERIAL_SC16IS7XX_SPI=y -# CONFIG_SERIAL_ALTERA_JTAGUART is not set -# CONFIG_SERIAL_ALTERA_UART is not set +CONFIG_SERIAL_ALTERA_JTAGUART=m +CONFIG_SERIAL_ALTERA_UART=m +CONFIG_SERIAL_ALTERA_UART_MAXPORTS=4 +CONFIG_SERIAL_ALTERA_UART_BAUDRATE=115200 # CONFIG_SERIAL_IFX6X60 is not set -# CONFIG_SERIAL_XILINX_PS_UART is not set -# CONFIG_SERIAL_ARC is not set -# CONFIG_SERIAL_RP2 is not set -# CONFIG_SERIAL_FSL_LPUART is not set +CONFIG_SERIAL_XILINX_PS_UART=m +CONFIG_SERIAL_ARC=m +CONFIG_SERIAL_ARC_NR_PORTS=1 +CONFIG_SERIAL_RP2=m +CONFIG_SERIAL_RP2_NR_UARTS=32 +CONFIG_SERIAL_FSL_LPUART=m # CONFIG_SERIAL_FSL_LINFLEXUART is not set -# CONFIG_SERIAL_CONEXANT_DIGICOLOR is not set -# CONFIG_SERIAL_SPRD is not set -# CONFIG_SERIAL_MVEBU_UART is not set +CONFIG_SERIAL_CONEXANT_DIGICOLOR=m +CONFIG_SERIAL_SPRD=m +CONFIG_SERIAL_MVEBU_UART=y +CONFIG_SERIAL_MVEBU_CONSOLE=y +CONFIG_SERIAL_OWL=y +CONFIG_SERIAL_OWL_CONSOLE=y # end of Serial drivers CONFIG_SERIAL_MCTRL_GPIO=y -# CONFIG_SERIAL_DEV_BUS is not set -# CONFIG_TTY_PRINTK is not set +CONFIG_SERIAL_DEV_BUS=y +CONFIG_SERIAL_DEV_CTRL_TTYPORT=y +CONFIG_TTY_PRINTK=y +CONFIG_TTY_PRINTK_LEVEL=6 CONFIG_HVC_DRIVER=y CONFIG_HVC_IRQ=y CONFIG_HVC_XEN=y @@ -2875,23 +3996,23 @@ CONFIG_IPMI_PANIC_EVENT=y CONFIG_IPMI_PANIC_STRING=y CONFIG_IPMI_DEVICE_INTERFACE=m CONFIG_IPMI_SI=m -# CONFIG_IPMI_SSIF is not set +CONFIG_IPMI_SSIF=m CONFIG_IPMI_WATCHDOG=m CONFIG_IPMI_POWEROFF=m -# CONFIG_IPMB_DEVICE_INTERFACE is not set +CONFIG_IPMB_DEVICE_INTERFACE=m CONFIG_HW_RANDOM=y CONFIG_HW_RANDOM_TIMERIOMEM=m CONFIG_HW_RANDOM_BCM2835=m CONFIG_HW_RANDOM_IPROC_RNG200=m -# CONFIG_HW_RANDOM_OMAP is not set +CONFIG_HW_RANDOM_OMAP=m CONFIG_HW_RANDOM_VIRTIO=m +CONFIG_HW_RANDOM_IMX_RNGC=m CONFIG_HW_RANDOM_HISI=m CONFIG_HW_RANDOM_XGENE=m CONFIG_HW_RANDOM_MESON=m CONFIG_HW_RANDOM_CAVIUM=m -# CONFIG_HW_RANDOM_MTK is not set -# CONFIG_HW_RANDOM_EXYNOS is not set -# CONFIG_APPLICOM is not set +CONFIG_HW_RANDOM_MTK=m +CONFIG_APPLICOM=m CONFIG_RAW_DRIVER=m CONFIG_MAX_RAW_DEVS=8192 CONFIG_TCG_TPM=y @@ -2906,11 +4027,14 @@ CONFIG_TCG_ATMEL=m CONFIG_TCG_INFINEON=m CONFIG_TCG_XEN=m CONFIG_TCG_CRB=y -# CONFIG_TCG_VTPM_PROXY is not set -# CONFIG_TCG_TIS_ST33ZP24_I2C is not set -# CONFIG_TCG_TIS_ST33ZP24_SPI is not set +CONFIG_TCG_VTPM_PROXY=m +CONFIG_TCG_TIS_ST33ZP24=m +CONFIG_TCG_TIS_ST33ZP24_I2C=m +CONFIG_TCG_TIS_ST33ZP24_SPI=m # CONFIG_DEVPORT is not set -# CONFIG_XILLYBUS is not set +CONFIG_XILLYBUS=m +CONFIG_XILLYBUS_PCIE=m +CONFIG_XILLYBUS_OF=m # end of Character devices # CONFIG_RANDOM_TRUST_BOOTLOADER is not set @@ -2922,27 +4046,28 @@ CONFIG_I2C=y CONFIG_ACPI_I2C_OPREGION=y CONFIG_I2C_BOARDINFO=y CONFIG_I2C_COMPAT=y -CONFIG_I2C_CHARDEV=m +CONFIG_I2C_CHARDEV=y CONFIG_I2C_MUX=m # # Multiplexer I2C Chip support # -# CONFIG_I2C_ARB_GPIO_CHALLENGE is not set -# CONFIG_I2C_MUX_GPIO is not set -# CONFIG_I2C_MUX_GPMUX is not set -# CONFIG_I2C_MUX_LTC4306 is not set -# CONFIG_I2C_MUX_PCA9541 is not set +CONFIG_I2C_ARB_GPIO_CHALLENGE=m +CONFIG_I2C_MUX_GPIO=m +CONFIG_I2C_MUX_GPMUX=m +CONFIG_I2C_MUX_LTC4306=m +CONFIG_I2C_MUX_PCA9541=m CONFIG_I2C_MUX_PCA954x=m -# CONFIG_I2C_MUX_PINCTRL is not set -# CONFIG_I2C_MUX_REG is not set -# CONFIG_I2C_DEMUX_PINCTRL is not set -# CONFIG_I2C_MUX_MLXCPLD is not set +CONFIG_I2C_MUX_PINCTRL=m +CONFIG_I2C_MUX_REG=m +CONFIG_I2C_DEMUX_PINCTRL=m +CONFIG_I2C_MUX_MLXCPLD=m # end of Multiplexer I2C Chip support CONFIG_I2C_HELPER_AUTO=y CONFIG_I2C_SMBUS=m CONFIG_I2C_ALGOBIT=y +CONFIG_I2C_ALGOPCA=m # # I2C Hardware Bus support @@ -2951,15 +4076,15 @@ CONFIG_I2C_ALGOBIT=y # # PC SMBus host controller drivers # -# CONFIG_I2C_ALI1535 is not set -# CONFIG_I2C_ALI1563 is not set -# CONFIG_I2C_ALI15X3 is not set +CONFIG_I2C_ALI1535=m +CONFIG_I2C_ALI1563=m +CONFIG_I2C_ALI15X3=m CONFIG_I2C_AMD756=m CONFIG_I2C_AMD8111=m # CONFIG_I2C_AMD_MP2 is not set -# CONFIG_I2C_HIX5HD2 is not set +CONFIG_I2C_HIX5HD2=m CONFIG_I2C_I801=m -# CONFIG_I2C_ISCH is not set +CONFIG_I2C_ISCH=m CONFIG_I2C_PIIX4=m # CONFIG_I2C_NFORCE2 is not set # CONFIG_I2C_NVIDIA_GPU is not set @@ -2981,38 +4106,48 @@ CONFIG_I2C_BCM2835=m CONFIG_I2C_BCM_IPROC=y CONFIG_I2C_BRCMSTB=y # CONFIG_I2C_CADENCE is not set -# CONFIG_I2C_CBUS_GPIO is not set -# CONFIG_I2C_DESIGNWARE_PLATFORM is not set -# CONFIG_I2C_DESIGNWARE_PCI is not set +CONFIG_I2C_CBUS_GPIO=m +CONFIG_I2C_DESIGNWARE_CORE=y +CONFIG_I2C_DESIGNWARE_PLATFORM=y +# CONFIG_I2C_DESIGNWARE_SLAVE is not set +CONFIG_I2C_DESIGNWARE_PCI=m # CONFIG_I2C_EMEV2 is not set -CONFIG_I2C_EXYNOS5=y CONFIG_I2C_GPIO=m # CONFIG_I2C_GPIO_FAULT_INJECTOR is not set CONFIG_I2C_IMX=m -# CONFIG_I2C_MESON is not set -# CONFIG_I2C_MT65XX is not set +CONFIG_I2C_IMX_LPI2C=m +CONFIG_I2C_MESON=m +CONFIG_I2C_MT65XX=m CONFIG_I2C_MV64XXX=m -# CONFIG_I2C_NOMADIK is not set -# CONFIG_I2C_OCORES is not set -# CONFIG_I2C_PCA_PLATFORM is not set -# CONFIG_I2C_PXA is not set +CONFIG_I2C_NOMADIK=m +CONFIG_I2C_OCORES=m +CONFIG_I2C_OMAP=y +CONFIG_I2C_OWL=m +CONFIG_I2C_PCA_PLATFORM=m +CONFIG_I2C_PXA=m +CONFIG_I2C_PXA_SLAVE=y CONFIG_I2C_QUP=m +CONFIG_I2C_RIIC=m CONFIG_I2C_RK3X=m -# CONFIG_I2C_SIMTEC is not set -# CONFIG_I2C_SPRD is not set -CONFIG_I2C_TEGRA=m -# CONFIG_I2C_VERSATILE is not set +CONFIG_I2C_SH_MOBILE=m +CONFIG_I2C_SIMTEC=m +CONFIG_I2C_SPRD=y +CONFIG_I2C_SYNQUACER=m +# CONFIG_I2C_TEGRA is not set +CONFIG_I2C_VERSATILE=m CONFIG_I2C_THUNDERX=m -# CONFIG_I2C_XILINX is not set +CONFIG_I2C_XILINX=m +CONFIG_I2C_XLP9XX=m +CONFIG_I2C_RCAR=m # # External I2C/SMBus adapter drivers # -# CONFIG_I2C_DIOLAN_U2C is not set -# CONFIG_I2C_PARPORT_LIGHT is not set -# CONFIG_I2C_ROBOTFUZZ_OSIF is not set -# CONFIG_I2C_TAOS_EVM is not set -# CONFIG_I2C_TINY_USB is not set +CONFIG_I2C_DIOLAN_U2C=m +CONFIG_I2C_PARPORT_LIGHT=m +CONFIG_I2C_ROBOTFUZZ_OSIF=m +CONFIG_I2C_TAOS_EVM=m +CONFIG_I2C_TINY_USB=m # # Other I2C/SMBus bus drivers @@ -3020,15 +4155,17 @@ CONFIG_I2C_THUNDERX=m CONFIG_I2C_XGENE_SLIMPRO=m # end of I2C Hardware Bus support -# CONFIG_I2C_STUB is not set +CONFIG_I2C_STUB=m CONFIG_I2C_SLAVE=y -# CONFIG_I2C_SLAVE_EEPROM is not set +CONFIG_I2C_SLAVE_EEPROM=m # CONFIG_I2C_DEBUG_CORE is not set # CONFIG_I2C_DEBUG_ALGO is not set # CONFIG_I2C_DEBUG_BUS is not set # end of I2C support -# CONFIG_I3C is not set +CONFIG_I3C=m +CONFIG_CDNS_I3C_MASTER=m +CONFIG_DW_I3C_MASTER=m CONFIG_SPI=y # CONFIG_SPI_DEBUG is not set CONFIG_SPI_MASTER=y @@ -3037,54 +4174,79 @@ CONFIG_SPI_MEM=y # # SPI Master Controller Drivers # -# CONFIG_SPI_ALTERA is not set -# CONFIG_SPI_ARMADA_3700 is not set -# CONFIG_SPI_AXI_SPI_ENGINE is not set +CONFIG_SPI_ALTERA=m +CONFIG_SPI_ARMADA_3700=m +CONFIG_SPI_AXI_SPI_ENGINE=m CONFIG_SPI_BCM2835=m CONFIG_SPI_BCM2835AUX=m -CONFIG_SPI_BCM_QSPI=y +CONFIG_SPI_BCM_QSPI=m CONFIG_SPI_BITBANG=m CONFIG_SPI_CADENCE=m -# CONFIG_SPI_DESIGNWARE is not set -# CONFIG_SPI_FSL_QUADSPI is not set -# CONFIG_SPI_NXP_FLEXSPI is not set -# CONFIG_SPI_GPIO is not set -CONFIG_SPI_FSL_LIB=m -CONFIG_SPI_FSL_SPI=m +CONFIG_SPI_DESIGNWARE=m +CONFIG_SPI_DW_PCI=m +CONFIG_SPI_DW_MID_DMA=y +CONFIG_SPI_DW_MMIO=m +CONFIG_SPI_FSL_LPSPI=m +CONFIG_SPI_FSL_QUADSPI=m +CONFIG_SPI_NXP_FLEXSPI=m +CONFIG_SPI_GPIO=m +CONFIG_SPI_IMX=m +CONFIG_SPI_FSL_LIB=y +CONFIG_SPI_FSL_SPI=y CONFIG_SPI_FSL_DSPI=m -# CONFIG_SPI_MESON_SPICC is not set -# CONFIG_SPI_MESON_SPIFC is not set -# CONFIG_SPI_MT65XX is not set -# CONFIG_SPI_OC_TINY is not set -# CONFIG_SPI_ORION is not set -# CONFIG_SPI_PL022 is not set -# CONFIG_SPI_PXA2XX is not set +CONFIG_SPI_MESON_SPICC=m +CONFIG_SPI_MESON_SPIFC=m +CONFIG_SPI_MT65XX=m +CONFIG_SPI_OC_TINY=m +CONFIG_SPI_OMAP24XX=y +CONFIG_SPI_ORION=m +CONFIG_SPI_PL022=m +CONFIG_SPI_PXA2XX=m +CONFIG_SPI_PXA2XX_PCI=m CONFIG_SPI_ROCKCHIP=m -# CONFIG_SPI_QCOM_QSPI is not set +CONFIG_SPI_RSPI=m +CONFIG_SPI_QCOM_QSPI=m CONFIG_SPI_QUP=m -# CONFIG_SPI_S3C64XX is not set -# CONFIG_SPI_SC18IS602 is not set -# CONFIG_SPI_SIFIVE is not set -# CONFIG_SPI_SPRD is not set +CONFIG_SPI_SC18IS602=m +CONFIG_SPI_SH_MSIOF=m +CONFIG_SPI_SH_HSPI=m +CONFIG_SPI_SIFIVE=m +CONFIG_SPI_SLAVE_MT27XX=m +CONFIG_SPI_SPRD=m # CONFIG_SPI_SUN4I is not set -# CONFIG_SPI_SUN6I is not set -# CONFIG_SPI_MXIC is not set +CONFIG_SPI_SUN6I=m +CONFIG_SPI_SYNQUACER=m +CONFIG_SPI_MXIC=m # CONFIG_SPI_TEGRA20_SFLASH is not set CONFIG_SPI_THUNDERX=m -# CONFIG_SPI_XCOMM is not set +CONFIG_SPI_XCOMM=m # CONFIG_SPI_XILINX is not set -# CONFIG_SPI_ZYNQMP_GQSPI is not set +CONFIG_SPI_XLP=m +CONFIG_SPI_ZYNQMP_GQSPI=m # # SPI Protocol Masters # CONFIG_SPI_SPIDEV=m -# CONFIG_SPI_LOOPBACK_TEST is not set -# CONFIG_SPI_TLE62X0 is not set -# CONFIG_SPI_SLAVE is not set +CONFIG_SPI_LOOPBACK_TEST=m +CONFIG_SPI_TLE62X0=m +CONFIG_SPI_SLAVE=y +CONFIG_SPI_SLAVE_TIME=m +CONFIG_SPI_SLAVE_SYSTEM_CONTROL=m CONFIG_SPI_DYNAMIC=y -# CONFIG_SPMI is not set -# CONFIG_HSI is not set +CONFIG_SPMI=m +CONFIG_SPMI_MSM_PMIC_ARB=m +CONFIG_HSI=m +CONFIG_HSI_BOARDINFO=y + +# +# HSI controllers +# + +# +# HSI clients +# +CONFIG_HSI_CHAR=m CONFIG_PPS=y # CONFIG_PPS_DEBUG is not set @@ -3092,8 +4254,8 @@ CONFIG_PPS=y # PPS clients support # # CONFIG_PPS_CLIENT_KTIMER is not set -# CONFIG_PPS_CLIENT_LDISC is not set -# CONFIG_PPS_CLIENT_GPIO is not set +CONFIG_PPS_CLIENT_LDISC=m +CONFIG_PPS_CLIENT_GPIO=m # # PPS generators support @@ -3105,69 +4267,81 @@ CONFIG_PPS=y CONFIG_PTP_1588_CLOCK=y CONFIG_PTP_1588_CLOCK_DTE=y CONFIG_PTP_1588_CLOCK_QORIQ=m -# CONFIG_DP83640_PHY is not set +CONFIG_DP83640_PHY=m # end of PTP clock support CONFIG_PINCTRL=y +CONFIG_GENERIC_PINCTRL_GROUPS=y CONFIG_PINMUX=y +CONFIG_GENERIC_PINMUX_FUNCTIONS=y CONFIG_PINCONF=y CONFIG_GENERIC_PINCONF=y # CONFIG_DEBUG_PINCTRL is not set -# CONFIG_PINCTRL_AMD is not set -# CONFIG_PINCTRL_MCP23S08 is not set +CONFIG_PINCTRL_AMD=y +CONFIG_PINCTRL_BM1880=y +CONFIG_PINCTRL_MCP23S08=m CONFIG_PINCTRL_ROCKCHIP=y -# CONFIG_PINCTRL_SINGLE is not set -# CONFIG_PINCTRL_SX150X is not set -# CONFIG_PINCTRL_STMFX is not set -# CONFIG_PINCTRL_OCELOT is not set +CONFIG_PINCTRL_SINGLE=y +CONFIG_PINCTRL_SX150X=y +CONFIG_PINCTRL_STMFX=m +CONFIG_PINCTRL_OCELOT=y +CONFIG_PINCTRL_OWL=y +CONFIG_PINCTRL_S700=y +CONFIG_PINCTRL_S900=y CONFIG_PINCTRL_BCM2835=y CONFIG_PINCTRL_IPROC_GPIO=y CONFIG_PINCTRL_NS2_MUX=y -# CONFIG_PINCTRL_AS370 is not set -# CONFIG_PINCTRL_BERLIN_BG4CT is not set +CONFIG_PINCTRL_BERLIN=y +CONFIG_PINCTRL_AS370=y +CONFIG_PINCTRL_BERLIN_BG4CT=y +CONFIG_PINCTRL_IMX=y +CONFIG_PINCTRL_IMX8MM=y +CONFIG_PINCTRL_IMX8MN=y +CONFIG_PINCTRL_IMX8MQ=y CONFIG_PINCTRL_MVEBU=y CONFIG_PINCTRL_ARMADA_AP806=y CONFIG_PINCTRL_ARMADA_CP110=y CONFIG_PINCTRL_ARMADA_37XX=y -# CONFIG_PINCTRL_APQ8064 is not set -# CONFIG_PINCTRL_APQ8084 is not set -# CONFIG_PINCTRL_IPQ4019 is not set -# CONFIG_PINCTRL_IPQ8064 is not set -# CONFIG_PINCTRL_IPQ8074 is not set -# CONFIG_PINCTRL_MSM8660 is not set -# CONFIG_PINCTRL_MSM8960 is not set -# CONFIG_PINCTRL_MDM9615 is not set -# CONFIG_PINCTRL_MSM8X74 is not set -# CONFIG_PINCTRL_MSM8916 is not set -# CONFIG_PINCTRL_MSM8994 is not set -# CONFIG_PINCTRL_MSM8996 is not set -# CONFIG_PINCTRL_MSM8998 is not set -# CONFIG_PINCTRL_QCS404 is not set -# CONFIG_PINCTRL_QDF2XXX is not set -# CONFIG_PINCTRL_QCOM_SSBI_PMIC is not set +CONFIG_PINCTRL_MSM=y +CONFIG_PINCTRL_APQ8064=m +CONFIG_PINCTRL_APQ8084=m +CONFIG_PINCTRL_IPQ4019=m +CONFIG_PINCTRL_IPQ8064=m +CONFIG_PINCTRL_IPQ8074=m +CONFIG_PINCTRL_MSM8660=m +CONFIG_PINCTRL_MSM8960=m +CONFIG_PINCTRL_MDM9615=m +CONFIG_PINCTRL_MSM8X74=m +CONFIG_PINCTRL_MSM8916=m +CONFIG_PINCTRL_MSM8994=m +CONFIG_PINCTRL_MSM8996=m +CONFIG_PINCTRL_MSM8998=m +CONFIG_PINCTRL_QCS404=m +CONFIG_PINCTRL_QDF2XXX=m +CONFIG_PINCTRL_QCOM_SPMI_PMIC=m +CONFIG_PINCTRL_QCOM_SSBI_PMIC=m # CONFIG_PINCTRL_SC7180 is not set -# CONFIG_PINCTRL_SDM660 is not set -# CONFIG_PINCTRL_SDM845 is not set -# CONFIG_PINCTRL_SM8150 is not set -CONFIG_PINCTRL_SAMSUNG=y -CONFIG_PINCTRL_EXYNOS=y -CONFIG_PINCTRL_EXYNOS_ARM64=y -# CONFIG_PINCTRL_SPRD is not set +CONFIG_PINCTRL_SDM660=m +CONFIG_PINCTRL_SDM845=m +CONFIG_PINCTRL_SM8150=m +CONFIG_PINCTRL_SH_PFC=y +CONFIG_PINCTRL_SPRD=y +CONFIG_PINCTRL_SPRD_SC9860=y CONFIG_PINCTRL_SUNXI=y -# CONFIG_PINCTRL_SUN4I_A10 is not set -# CONFIG_PINCTRL_SUN5I is not set -# CONFIG_PINCTRL_SUN6I_A31 is not set -# CONFIG_PINCTRL_SUN6I_A31_R is not set -# CONFIG_PINCTRL_SUN8I_A23 is not set -# CONFIG_PINCTRL_SUN8I_A33 is not set -# CONFIG_PINCTRL_SUN8I_A83T is not set -# CONFIG_PINCTRL_SUN8I_A83T_R is not set -# CONFIG_PINCTRL_SUN8I_A23_R is not set -# CONFIG_PINCTRL_SUN8I_H3 is not set +CONFIG_PINCTRL_SUN4I_A10=y +CONFIG_PINCTRL_SUN5I=y +CONFIG_PINCTRL_SUN6I_A31=y +CONFIG_PINCTRL_SUN6I_A31_R=y +CONFIG_PINCTRL_SUN8I_A23=y +CONFIG_PINCTRL_SUN8I_A33=y +CONFIG_PINCTRL_SUN8I_A83T=y +CONFIG_PINCTRL_SUN8I_A83T_R=y +CONFIG_PINCTRL_SUN8I_A23_R=y +CONFIG_PINCTRL_SUN8I_H3=y CONFIG_PINCTRL_SUN8I_H3_R=y -# CONFIG_PINCTRL_SUN8I_V3S is not set -# CONFIG_PINCTRL_SUN9I_A80 is not set -# CONFIG_PINCTRL_SUN9I_A80_R is not set +CONFIG_PINCTRL_SUN8I_V3S=y +CONFIG_PINCTRL_SUN9I_A80=y +CONFIG_PINCTRL_SUN9I_A80_R=y CONFIG_PINCTRL_SUN50I_A64=y CONFIG_PINCTRL_SUN50I_A64_R=y CONFIG_PINCTRL_SUN50I_H5=y @@ -3183,20 +4357,22 @@ CONFIG_PINCTRL_TEGRA_XUSB=y # CONFIG_EINT_MTK=y CONFIG_PINCTRL_MTK=y +CONFIG_PINCTRL_MTK_MOORE=y CONFIG_PINCTRL_MTK_PARIS=y -# CONFIG_PINCTRL_MT2712 is not set +CONFIG_PINCTRL_MT2712=y CONFIG_PINCTRL_MT6765=y CONFIG_PINCTRL_MT6797=y -# CONFIG_PINCTRL_MT7622 is not set +CONFIG_PINCTRL_MT7622=y CONFIG_PINCTRL_MT8173=y CONFIG_PINCTRL_MT8183=y CONFIG_PINCTRL_MT8516=y # end of MediaTek pinctrl drivers CONFIG_PINCTRL_MESON=y -# CONFIG_PINCTRL_MESON_GXBB is not set -# CONFIG_PINCTRL_MESON_GXL is not set -# CONFIG_PINCTRL_MESON_AXG is not set +CONFIG_PINCTRL_MESON_GXBB=y +CONFIG_PINCTRL_MESON_GXL=y +CONFIG_PINCTRL_MESON8_PMX=y +CONFIG_PINCTRL_MESON_AXG=y CONFIG_PINCTRL_MESON_AXG_PMX=y CONFIG_PINCTRL_MESON_G12A=y CONFIG_GPIOLIB=y @@ -3207,49 +4383,55 @@ CONFIG_GPIOLIB_IRQCHIP=y # CONFIG_DEBUG_GPIO is not set CONFIG_GPIO_SYSFS=y CONFIG_GPIO_GENERIC=y +CONFIG_GPIO_MAX730X=m # # Memory mapped GPIO drivers # -# CONFIG_GPIO_74XX_MMIO is not set -# CONFIG_GPIO_ALTERA is not set -# CONFIG_GPIO_AMDPT is not set -CONFIG_GPIO_RASPBERRYPI_EXP=y -CONFIG_GPIO_BRCMSTB=y -# CONFIG_GPIO_CADENCE is not set -# CONFIG_GPIO_DWAPB is not set -# CONFIG_GPIO_EIC_SPRD is not set -# CONFIG_GPIO_FTGPIO010 is not set +CONFIG_GPIO_74XX_MMIO=m +CONFIG_GPIO_ALTERA=m +CONFIG_GPIO_AMDPT=m +CONFIG_GPIO_RASPBERRYPI_EXP=m +CONFIG_GPIO_BRCMSTB=m +CONFIG_GPIO_CADENCE=m +CONFIG_GPIO_DAVINCI=y +CONFIG_GPIO_DWAPB=m +CONFIG_GPIO_EIC_SPRD=m +CONFIG_GPIO_EXAR=m +CONFIG_GPIO_FTGPIO010=y CONFIG_GPIO_GENERIC_PLATFORM=y -# CONFIG_GPIO_GRGPIO is not set -# CONFIG_GPIO_HLWD is not set -# CONFIG_GPIO_MB86S7X is not set +CONFIG_GPIO_GRGPIO=m +CONFIG_GPIO_HLWD=m +CONFIG_GPIO_MB86S7X=m CONFIG_GPIO_MPC8XXX=y CONFIG_GPIO_MVEBU=y -# CONFIG_GPIO_PL061 is not set -# CONFIG_GPIO_SAMA5D2_PIOBU is not set -# CONFIG_GPIO_SPRD is not set -# CONFIG_GPIO_SYSCON is not set +CONFIG_GPIO_MXC=y +CONFIG_GPIO_PL061=y +CONFIG_GPIO_RCAR=m +CONFIG_GPIO_SAMA5D2_PIOBU=m +CONFIG_GPIO_SPRD=m +CONFIG_GPIO_SYSCON=m CONFIG_GPIO_TEGRA=y -# CONFIG_GPIO_THUNDERX is not set -# CONFIG_GPIO_XGENE is not set -# CONFIG_GPIO_XGENE_SB is not set -# CONFIG_GPIO_XILINX is not set -# CONFIG_GPIO_ZYNQ is not set -# CONFIG_GPIO_AMD_FCH is not set +CONFIG_GPIO_THUNDERX=m +CONFIG_GPIO_XGENE=y +CONFIG_GPIO_XGENE_SB=m +CONFIG_GPIO_XILINX=y +CONFIG_GPIO_XLP=m +CONFIG_GPIO_ZYNQ=m +CONFIG_GPIO_AMD_FCH=m # end of Memory mapped GPIO drivers # # I2C GPIO expanders # -# CONFIG_GPIO_ADP5588 is not set -# CONFIG_GPIO_ADNP is not set -# CONFIG_GPIO_GW_PLD is not set -# CONFIG_GPIO_MAX7300 is not set -# CONFIG_GPIO_MAX732X is not set -# CONFIG_GPIO_PCA953X is not set -# CONFIG_GPIO_PCF857X is not set -# CONFIG_GPIO_TPIC2810 is not set +CONFIG_GPIO_ADP5588=m +CONFIG_GPIO_ADNP=m +CONFIG_GPIO_GW_PLD=m +CONFIG_GPIO_MAX7300=m +CONFIG_GPIO_MAX732X=m +CONFIG_GPIO_PCA953X=m +CONFIG_GPIO_PCF857X=m +CONFIG_GPIO_TPIC2810=m # end of I2C GPIO expanders # @@ -3261,20 +4443,20 @@ CONFIG_GPIO_TEGRA=y # PCI GPIO expanders # # CONFIG_GPIO_BT8XX is not set -# CONFIG_GPIO_PCI_IDIO_16 is not set -# CONFIG_GPIO_PCIE_IDIO_24 is not set -# CONFIG_GPIO_RDC321X is not set +CONFIG_GPIO_PCI_IDIO_16=m +CONFIG_GPIO_PCIE_IDIO_24=m +CONFIG_GPIO_RDC321X=m # end of PCI GPIO expanders # # SPI GPIO expanders # -# CONFIG_GPIO_74X164 is not set -# CONFIG_GPIO_MAX3191X is not set -# CONFIG_GPIO_MAX7301 is not set -# CONFIG_GPIO_MC33880 is not set -# CONFIG_GPIO_PISOSR is not set -# CONFIG_GPIO_XRA1403 is not set +CONFIG_GPIO_74X164=m +CONFIG_GPIO_MAX3191X=m +CONFIG_GPIO_MAX7301=m +CONFIG_GPIO_MC33880=m +CONFIG_GPIO_PISOSR=m +CONFIG_GPIO_XRA1403=m # end of SPI GPIO expanders # @@ -3283,146 +4465,218 @@ CONFIG_GPIO_TEGRA=y # end of USB GPIO expanders # CONFIG_GPIO_MOCKUP is not set -# CONFIG_W1 is not set -# CONFIG_POWER_AVS is not set +CONFIG_W1=m +CONFIG_W1_CON=y + +# +# 1-wire Bus Masters +# +CONFIG_W1_MASTER_MATROX=m +CONFIG_W1_MASTER_DS2490=m +CONFIG_W1_MASTER_DS2482=m +CONFIG_W1_MASTER_MXC=m +CONFIG_W1_MASTER_DS1WM=m +CONFIG_W1_MASTER_GPIO=m +# CONFIG_W1_MASTER_SGI is not set +# end of 1-wire Bus Masters + +# +# 1-wire Slaves +# +CONFIG_W1_SLAVE_THERM=m +CONFIG_W1_SLAVE_SMEM=m +CONFIG_W1_SLAVE_DS2405=m +CONFIG_W1_SLAVE_DS2408=m +CONFIG_W1_SLAVE_DS2408_READBACK=y +CONFIG_W1_SLAVE_DS2413=m +CONFIG_W1_SLAVE_DS2406=m +CONFIG_W1_SLAVE_DS2423=m +CONFIG_W1_SLAVE_DS2805=m +CONFIG_W1_SLAVE_DS2431=m +CONFIG_W1_SLAVE_DS2433=m +# CONFIG_W1_SLAVE_DS2433_CRC is not set +CONFIG_W1_SLAVE_DS2438=m +# CONFIG_W1_SLAVE_DS250X is not set +CONFIG_W1_SLAVE_DS2780=m +CONFIG_W1_SLAVE_DS2781=m +CONFIG_W1_SLAVE_DS28E04=m +CONFIG_W1_SLAVE_DS28E17=m +# end of 1-wire Slaves + +CONFIG_POWER_AVS=y +CONFIG_ROCKCHIP_IODOMAIN=m CONFIG_POWER_RESET=y -CONFIG_POWER_RESET_BRCMSTB=y -# CONFIG_POWER_RESET_GPIO is not set -# CONFIG_POWER_RESET_GPIO_RESTART is not set -# CONFIG_POWER_RESET_HISI is not set -# CONFIG_POWER_RESET_MSM is not set -# CONFIG_POWER_RESET_LTC2952 is not set -# CONFIG_POWER_RESET_RESTART is not set +# CONFIG_POWER_RESET_BRCMSTB is not set +CONFIG_POWER_RESET_GPIO=y +CONFIG_POWER_RESET_GPIO_RESTART=y +CONFIG_POWER_RESET_HISI=y +CONFIG_POWER_RESET_MSM=y +CONFIG_POWER_RESET_LTC2952=y +CONFIG_POWER_RESET_RESTART=y CONFIG_POWER_RESET_VEXPRESS=y # CONFIG_POWER_RESET_XGENE is not set -# CONFIG_POWER_RESET_SYSCON is not set -# CONFIG_POWER_RESET_SYSCON_POWEROFF is not set -# CONFIG_SYSCON_REBOOT_MODE is not set -# CONFIG_NVMEM_REBOOT_MODE is not set +CONFIG_POWER_RESET_SYSCON=y +CONFIG_POWER_RESET_SYSCON_POWEROFF=y +CONFIG_REBOOT_MODE=m +CONFIG_SYSCON_REBOOT_MODE=m +CONFIG_NVMEM_REBOOT_MODE=m CONFIG_POWER_SUPPLY=y # CONFIG_POWER_SUPPLY_DEBUG is not set -# CONFIG_PDA_POWER is not set -# CONFIG_TEST_POWER is not set -# CONFIG_CHARGER_ADP5061 is not set -# CONFIG_BATTERY_DS2780 is not set -# CONFIG_BATTERY_DS2781 is not set -# CONFIG_BATTERY_DS2782 is not set -# CONFIG_BATTERY_SBS is not set -# CONFIG_CHARGER_SBS is not set -# CONFIG_MANAGER_SBS is not set -# CONFIG_BATTERY_BQ27XXX is not set -# CONFIG_BATTERY_MAX17040 is not set -# CONFIG_BATTERY_MAX17042 is not set -# CONFIG_CHARGER_MAX8903 is not set -# CONFIG_CHARGER_LP8727 is not set -# CONFIG_CHARGER_GPIO is not set -# CONFIG_CHARGER_MANAGER is not set -# CONFIG_CHARGER_LT3651 is not set -# CONFIG_CHARGER_DETECTOR_MAX14656 is not set -# CONFIG_CHARGER_BQ2415X is not set -# CONFIG_CHARGER_BQ24257 is not set -# CONFIG_CHARGER_BQ24735 is not set -# CONFIG_CHARGER_BQ25890 is not set -# CONFIG_CHARGER_SMB347 is not set -# CONFIG_BATTERY_GAUGE_LTC2941 is not set -# CONFIG_CHARGER_RT9455 is not set -# CONFIG_CHARGER_UCS1002 is not set -CONFIG_HWMON=m +CONFIG_POWER_SUPPLY_HWMON=y +CONFIG_PDA_POWER=m +CONFIG_TEST_POWER=m +CONFIG_CHARGER_ADP5061=m +CONFIG_BATTERY_DS2760=m +CONFIG_BATTERY_DS2780=m +CONFIG_BATTERY_DS2781=m +CONFIG_BATTERY_DS2782=m +CONFIG_BATTERY_SBS=m +CONFIG_CHARGER_SBS=m +CONFIG_MANAGER_SBS=m +CONFIG_BATTERY_BQ27XXX=m +CONFIG_BATTERY_BQ27XXX_I2C=m +CONFIG_BATTERY_BQ27XXX_HDQ=m +# CONFIG_BATTERY_BQ27XXX_DT_UPDATES_NVM is not set +CONFIG_BATTERY_MAX17040=m +CONFIG_BATTERY_MAX17042=m +CONFIG_BATTERY_MAX1721X=m +CONFIG_CHARGER_MAX8903=m +CONFIG_CHARGER_LP8727=m +CONFIG_CHARGER_GPIO=m +CONFIG_CHARGER_MANAGER=y +CONFIG_CHARGER_LT3651=m +CONFIG_CHARGER_DETECTOR_MAX14656=m +CONFIG_CHARGER_BQ2415X=m +CONFIG_CHARGER_BQ24190=m +CONFIG_CHARGER_BQ24257=m +CONFIG_CHARGER_BQ24735=m +CONFIG_CHARGER_BQ25890=m +CONFIG_CHARGER_SMB347=m +CONFIG_BATTERY_GAUGE_LTC2941=m +CONFIG_CHARGER_RT9455=m +CONFIG_CHARGER_UCS1002=m +CONFIG_HWMON=y +CONFIG_HWMON_VID=m # CONFIG_HWMON_DEBUG_CHIP is not set # # Native drivers # -# CONFIG_SENSORS_AD7314 is not set -# CONFIG_SENSORS_AD7414 is not set -# CONFIG_SENSORS_AD7418 is not set -# CONFIG_SENSORS_ADM1021 is not set -# CONFIG_SENSORS_ADM1025 is not set -# CONFIG_SENSORS_ADM1026 is not set -# CONFIG_SENSORS_ADM1029 is not set -# CONFIG_SENSORS_ADM1031 is not set -# CONFIG_SENSORS_ADM9240 is not set -# CONFIG_SENSORS_ADT7310 is not set -# CONFIG_SENSORS_ADT7410 is not set -# CONFIG_SENSORS_ADT7411 is not set -# CONFIG_SENSORS_ADT7462 is not set -# CONFIG_SENSORS_ADT7470 is not set -# CONFIG_SENSORS_ADT7475 is not set +CONFIG_SENSORS_AD7314=m +CONFIG_SENSORS_AD7414=m +CONFIG_SENSORS_AD7418=m +CONFIG_SENSORS_ADM1021=m +CONFIG_SENSORS_ADM1025=m +CONFIG_SENSORS_ADM1026=m +CONFIG_SENSORS_ADM1029=m +CONFIG_SENSORS_ADM1031=m +CONFIG_SENSORS_ADM9240=m +CONFIG_SENSORS_ADT7X10=m +CONFIG_SENSORS_ADT7310=m +CONFIG_SENSORS_ADT7410=m +CONFIG_SENSORS_ADT7411=m +CONFIG_SENSORS_ADT7462=m +CONFIG_SENSORS_ADT7470=m +CONFIG_SENSORS_ADT7475=m # CONFIG_SENSORS_AS370 is not set -# CONFIG_SENSORS_ASC7621 is not set -# CONFIG_SENSORS_ARM_SCPI is not set -# CONFIG_SENSORS_ASPEED is not set -# CONFIG_SENSORS_ATXP1 is not set -# CONFIG_SENSORS_DS620 is not set -# CONFIG_SENSORS_DS1621 is not set -# CONFIG_SENSORS_I5K_AMB is not set -# CONFIG_SENSORS_F71805F is not set -# CONFIG_SENSORS_F71882FG is not set -# CONFIG_SENSORS_F75375S is not set -# CONFIG_SENSORS_FTSTEUTATES is not set -# CONFIG_SENSORS_GL518SM is not set -# CONFIG_SENSORS_GL520SM is not set -# CONFIG_SENSORS_G760A is not set -# CONFIG_SENSORS_G762 is not set -# CONFIG_SENSORS_GPIO_FAN is not set -# CONFIG_SENSORS_HIH6130 is not set -# CONFIG_SENSORS_IBMAEM is not set -# CONFIG_SENSORS_IBMPEX is not set -# CONFIG_SENSORS_IT87 is not set -# CONFIG_SENSORS_JC42 is not set -# CONFIG_SENSORS_POWR1220 is not set -# CONFIG_SENSORS_LINEAGE is not set -# CONFIG_SENSORS_LTC2945 is not set -# CONFIG_SENSORS_LTC2990 is not set -# CONFIG_SENSORS_LTC4151 is not set -# CONFIG_SENSORS_LTC4215 is not set -# CONFIG_SENSORS_LTC4222 is not set -# CONFIG_SENSORS_LTC4245 is not set -# CONFIG_SENSORS_LTC4260 is not set -# CONFIG_SENSORS_LTC4261 is not set -# CONFIG_SENSORS_MAX1111 is not set -# CONFIG_SENSORS_MAX16065 is not set -# CONFIG_SENSORS_MAX1619 is not set -# CONFIG_SENSORS_MAX1668 is not set -# CONFIG_SENSORS_MAX197 is not set -# CONFIG_SENSORS_MAX31722 is not set -# CONFIG_SENSORS_MAX6621 is not set -# CONFIG_SENSORS_MAX6639 is not set -# CONFIG_SENSORS_MAX6642 is not set -# CONFIG_SENSORS_MAX6650 is not set -# CONFIG_SENSORS_MAX6697 is not set -# CONFIG_SENSORS_MAX31790 is not set -# CONFIG_SENSORS_MCP3021 is not set -# CONFIG_SENSORS_TC654 is not set -# CONFIG_SENSORS_ADCXX is not set -# CONFIG_SENSORS_LM63 is not set -# CONFIG_SENSORS_LM70 is not set -# CONFIG_SENSORS_LM73 is not set -# CONFIG_SENSORS_LM75 is not set -# CONFIG_SENSORS_LM77 is not set -# CONFIG_SENSORS_LM78 is not set -# CONFIG_SENSORS_LM80 is not set -# CONFIG_SENSORS_LM83 is not set -# CONFIG_SENSORS_LM85 is not set -# CONFIG_SENSORS_LM87 is not set +CONFIG_SENSORS_ASC7621=m +CONFIG_SENSORS_ARM_SCMI=m +CONFIG_SENSORS_ARM_SCPI=m +CONFIG_SENSORS_ASPEED=m +CONFIG_SENSORS_ATXP1=m +CONFIG_SENSORS_DS620=m +CONFIG_SENSORS_DS1621=m +CONFIG_SENSORS_I5K_AMB=m +CONFIG_SENSORS_F71805F=m +CONFIG_SENSORS_F71882FG=m +CONFIG_SENSORS_F75375S=m +CONFIG_SENSORS_FTSTEUTATES=m +CONFIG_SENSORS_GL518SM=m +CONFIG_SENSORS_GL520SM=m +CONFIG_SENSORS_G760A=m +CONFIG_SENSORS_G762=m +CONFIG_SENSORS_GPIO_FAN=m +CONFIG_SENSORS_HIH6130=m +CONFIG_SENSORS_IBMAEM=m +CONFIG_SENSORS_IBMPEX=m +CONFIG_SENSORS_IT87=m +CONFIG_SENSORS_JC42=m +CONFIG_SENSORS_POWR1220=m +CONFIG_SENSORS_LINEAGE=m +CONFIG_SENSORS_LTC2945=m +CONFIG_SENSORS_LTC2990=m +CONFIG_SENSORS_LTC4151=m +CONFIG_SENSORS_LTC4215=m +CONFIG_SENSORS_LTC4222=m +CONFIG_SENSORS_LTC4245=m +CONFIG_SENSORS_LTC4260=m +CONFIG_SENSORS_LTC4261=m +CONFIG_SENSORS_MAX1111=m +CONFIG_SENSORS_MAX16065=m +CONFIG_SENSORS_MAX1619=m +CONFIG_SENSORS_MAX1668=m +CONFIG_SENSORS_MAX197=m +CONFIG_SENSORS_MAX31722=m +CONFIG_SENSORS_MAX6621=m +CONFIG_SENSORS_MAX6639=m +CONFIG_SENSORS_MAX6642=m +CONFIG_SENSORS_MAX6650=m +CONFIG_SENSORS_MAX6697=m +CONFIG_SENSORS_MAX31790=m +CONFIG_SENSORS_MCP3021=m +CONFIG_SENSORS_TC654=m +CONFIG_SENSORS_ADCXX=m +CONFIG_SENSORS_LM63=m +CONFIG_SENSORS_LM70=m +CONFIG_SENSORS_LM73=m +CONFIG_SENSORS_LM75=m +CONFIG_SENSORS_LM77=m +CONFIG_SENSORS_LM78=m +CONFIG_SENSORS_LM80=m +CONFIG_SENSORS_LM83=m +CONFIG_SENSORS_LM85=m +CONFIG_SENSORS_LM87=m CONFIG_SENSORS_LM90=m -# CONFIG_SENSORS_LM92 is not set -# CONFIG_SENSORS_LM93 is not set -# CONFIG_SENSORS_LM95234 is not set -# CONFIG_SENSORS_LM95241 is not set -# CONFIG_SENSORS_LM95245 is not set -# CONFIG_SENSORS_PC87360 is not set -# CONFIG_SENSORS_PC87427 is not set -# CONFIG_SENSORS_NTC_THERMISTOR is not set -# CONFIG_SENSORS_NCT6683 is not set -# CONFIG_SENSORS_NCT6775 is not set -# CONFIG_SENSORS_NCT7802 is not set -# CONFIG_SENSORS_NCT7904 is not set -# CONFIG_SENSORS_NPCM7XX is not set +CONFIG_SENSORS_LM92=m +CONFIG_SENSORS_LM93=m +CONFIG_SENSORS_LM95234=m +CONFIG_SENSORS_LM95241=m +CONFIG_SENSORS_LM95245=m +CONFIG_SENSORS_PC87360=m +CONFIG_SENSORS_PC87427=m +CONFIG_SENSORS_NTC_THERMISTOR=m +CONFIG_SENSORS_NCT6683=m +CONFIG_SENSORS_NCT6775=m +CONFIG_SENSORS_NCT7802=m +CONFIG_SENSORS_NCT7904=m +CONFIG_SENSORS_NPCM7XX=m # CONFIG_SENSORS_OCC_P8_I2C is not set -# CONFIG_SENSORS_PCF8591 is not set -# CONFIG_PMBUS is not set -# CONFIG_SENSORS_PWM_FAN is not set +CONFIG_SENSORS_PCF8591=m +CONFIG_PMBUS=m +CONFIG_SENSORS_PMBUS=m +CONFIG_SENSORS_ADM1275=m +CONFIG_SENSORS_IBM_CFFPS=m +# CONFIG_SENSORS_INSPUR_IPSPS is not set +CONFIG_SENSORS_IR35221=m +CONFIG_SENSORS_IR38064=m +CONFIG_SENSORS_IRPS5401=m +CONFIG_SENSORS_ISL68137=m +CONFIG_SENSORS_LM25066=m +CONFIG_SENSORS_LTC2978=m +CONFIG_SENSORS_LTC2978_REGULATOR=y +CONFIG_SENSORS_LTC3815=m +CONFIG_SENSORS_MAX16064=m +CONFIG_SENSORS_MAX20751=m +CONFIG_SENSORS_MAX31785=m +CONFIG_SENSORS_MAX34440=m +CONFIG_SENSORS_MAX8688=m +CONFIG_SENSORS_PXE1610=m +CONFIG_SENSORS_TPS40422=m +CONFIG_SENSORS_TPS53679=m +CONFIG_SENSORS_UCD9000=m +CONFIG_SENSORS_UCD9200=m +CONFIG_SENSORS_ZL6100=m +CONFIG_SENSORS_PWM_FAN=m CONFIG_SENSORS_RASPBERRYPI_HWMON=m # CONFIG_SENSORS_SHT15 is not set CONFIG_SENSORS_SHT21=m @@ -3477,6 +4731,7 @@ CONFIG_SENSORS_INA2XX=m CONFIG_THERMAL=y # CONFIG_THERMAL_STATISTICS is not set CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0 +CONFIG_THERMAL_HWMON=y CONFIG_THERMAL_OF=y CONFIG_THERMAL_WRITABLE_TRIPS=y CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y @@ -3494,8 +4749,11 @@ CONFIG_THERMAL_GOV_USER_SPACE=y # CONFIG_THERMAL_EMULATION is not set # CONFIG_THERMAL_MMIO is not set # CONFIG_HISI_THERMAL is not set +# CONFIG_IMX_THERMAL is not set CONFIG_QORIQ_THERMAL=m CONFIG_ROCKCHIP_THERMAL=m +# CONFIG_RCAR_THERMAL is not set +# CONFIG_RCAR_GEN3_THERMAL is not set # CONFIG_ARMADA_THERMAL is not set CONFIG_MTK_THERMAL=y @@ -3508,12 +4766,6 @@ CONFIG_MTK_THERMAL=y CONFIG_BCM_SR_THERMAL=y # end of Broadcom thermal drivers -# -# Samsung thermal drivers -# -# CONFIG_EXYNOS_THERMAL is not set -# end of Samsung thermal drivers - # # NVIDIA Tegra thermal drivers # @@ -3549,17 +4801,19 @@ CONFIG_SOFT_WATCHDOG=m # CONFIG_ARM_SBSA_WATCHDOG is not set # CONFIG_ARMADA_37XX_WATCHDOG is not set # CONFIG_CADENCE_WATCHDOG is not set -CONFIG_HAVE_S3C2410_WATCHDOG=y -# CONFIG_S3C2410_WATCHDOG is not set # CONFIG_DW_WATCHDOG is not set # CONFIG_SUNXI_WATCHDOG is not set # CONFIG_MAX63XX_WATCHDOG is not set # CONFIG_IMX2_WDT is not set +# CONFIG_IMX7ULP_WDT is not set # CONFIG_TEGRA_WATCHDOG is not set # CONFIG_QCOM_WDT is not set # CONFIG_MESON_GXBB_WATCHDOG is not set # CONFIG_MESON_WATCHDOG is not set # CONFIG_MEDIATEK_WATCHDOG is not set +# CONFIG_RENESAS_WDT is not set +# CONFIG_RENESAS_RZAWDT is not set +CONFIG_RTD119X_WATCHDOG=y # CONFIG_SPRD_WATCHDOG is not set # CONFIG_ALIM7101_WDT is not set # CONFIG_I6300ESB_WDT is not set @@ -3629,7 +4883,6 @@ CONFIG_MFD_CORE=y # CONFIG_MFD_DA9063 is not set # CONFIG_MFD_DA9150 is not set # CONFIG_MFD_DLN2 is not set -# CONFIG_MFD_EXYNOS_LPASS is not set # CONFIG_MFD_MC13XXX_SPI is not set # CONFIG_MFD_MC13XXX_I2C is not set # CONFIG_MFD_HI6421_PMIC is not set @@ -3637,7 +4890,7 @@ CONFIG_MFD_CORE=y # CONFIG_HTC_PASIC3 is not set # CONFIG_HTC_I2CPLD is not set CONFIG_LPC_ICH=m -# CONFIG_LPC_SCH is not set +CONFIG_LPC_SCH=m # CONFIG_MFD_JANZ_CMODIO is not set # CONFIG_MFD_KEMPLD is not set # CONFIG_MFD_88PM800 is not set @@ -3662,7 +4915,8 @@ CONFIG_LPC_ICH=m # CONFIG_MFD_PCF50633 is not set # CONFIG_UCB1400_CORE is not set # CONFIG_MFD_QCOM_RPM is not set -# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_SPMI_PMIC is not set +CONFIG_MFD_RDC321X=m # CONFIG_MFD_RT5033 is not set # CONFIG_MFD_RC5T583 is not set # CONFIG_MFD_RK808 is not set @@ -3688,6 +4942,7 @@ CONFIG_MFD_SYSCON=y # CONFIG_MFD_TPS65086 is not set # CONFIG_MFD_TPS65090 is not set # CONFIG_MFD_TPS65217 is not set +# CONFIG_MFD_TPS68470 is not set # CONFIG_MFD_TI_LP873X is not set # CONFIG_MFD_TI_LP87565 is not set # CONFIG_MFD_TPS65218 is not set @@ -3714,8 +4969,9 @@ CONFIG_MFD_SYSCON=y # CONFIG_MFD_ROHM_BD718XX is not set # CONFIG_MFD_ROHM_BD70528 is not set # CONFIG_MFD_STPMIC1 is not set -# CONFIG_MFD_STMFX is not set +CONFIG_MFD_STMFX=m CONFIG_MFD_VEXPRESS_SYSREG=y +# CONFIG_RAVE_SP_CORE is not set # end of Multifunction device drivers CONFIG_REGULATOR=y @@ -3751,6 +5007,7 @@ CONFIG_REGULATOR_FIXED_VOLTAGE=m # CONFIG_REGULATOR_PV88080 is not set # CONFIG_REGULATOR_PV88090 is not set # CONFIG_REGULATOR_PWM is not set +# CONFIG_REGULATOR_QCOM_SPMI is not set # CONFIG_REGULATOR_SLG51000 is not set # CONFIG_REGULATOR_SY8106A is not set # CONFIG_REGULATOR_SY8824X is not set @@ -3762,8 +5019,14 @@ CONFIG_REGULATOR_FIXED_VOLTAGE=m # CONFIG_REGULATOR_TPS6524X is not set # CONFIG_REGULATOR_VCTRL is not set # CONFIG_REGULATOR_VEXPRESS is not set -CONFIG_CEC_CORE=m -# CONFIG_RC_CORE is not set +CONFIG_CEC_CORE=y +CONFIG_CEC_NOTIFIER=y +CONFIG_CEC_PIN=y +CONFIG_RC_CORE=m +CONFIG_RC_MAP=m +# CONFIG_LIRC is not set +# CONFIG_RC_DECODERS is not set +# CONFIG_RC_DEVICES is not set CONFIG_MEDIA_SUPPORT=m # @@ -3775,6 +5038,7 @@ CONFIG_MEDIA_CAMERA_SUPPORT=y # CONFIG_MEDIA_RADIO_SUPPORT is not set # CONFIG_MEDIA_SDR_SUPPORT is not set # CONFIG_MEDIA_CEC_SUPPORT is not set +# CONFIG_CEC_PIN_ERROR_INJ is not set # CONFIG_MEDIA_CONTROLLER is not set CONFIG_VIDEO_DEV=m CONFIG_VIDEO_V4L2=m @@ -3861,7 +5125,7 @@ CONFIG_USB_GSPCA=m # # Supported MMC/SDIO adapters # -# CONFIG_CYPRESS_FIRMWARE is not set +CONFIG_CYPRESS_FIRMWARE=m CONFIG_VIDEOBUF2_CORE=m CONFIG_VIDEOBUF2_V4L2=m CONFIG_VIDEOBUF2_MEMOPS=m @@ -3871,6 +5135,7 @@ CONFIG_VIDEOBUF2_VMALLOC=m # Media ancillary drivers (tuners, sensors, i2c, spi, frontends) # # CONFIG_MEDIA_SUBDRV_AUTOSELECT is not set +CONFIG_VIDEO_IR_I2C=m # # I2C Encoders, decoders, sensors and other helper chips @@ -4015,6 +5280,7 @@ CONFIG_VGA_ARB=y CONFIG_VGA_ARB_MAX_GPUS=16 # CONFIG_TEGRA_HOST1X is not set CONFIG_DRM=y +CONFIG_DRM_MIPI_DBI=m CONFIG_DRM_MIPI_DSI=y # CONFIG_DRM_DP_AUX_CHARDEV is not set # CONFIG_DRM_DEBUG_MM is not set @@ -4024,53 +5290,84 @@ CONFIG_DRM_KMS_FB_HELPER=y CONFIG_DRM_FBDEV_EMULATION=y CONFIG_DRM_FBDEV_OVERALLOC=100 # CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM is not set -# CONFIG_DRM_LOAD_EDID_FIRMWARE is not set -# CONFIG_DRM_DP_CEC is not set +CONFIG_DRM_LOAD_EDID_FIRMWARE=y +CONFIG_DRM_DP_CEC=y +CONFIG_DRM_TTM=m +CONFIG_DRM_VRAM_HELPER=m CONFIG_DRM_GEM_CMA_HELPER=y CONFIG_DRM_KMS_CMA_HELPER=y CONFIG_DRM_GEM_SHMEM_HELPER=y +CONFIG_DRM_SCHED=m # # I2C encoder or helper chips # -# CONFIG_DRM_I2C_CH7006 is not set -# CONFIG_DRM_I2C_SIL164 is not set -# CONFIG_DRM_I2C_NXP_TDA998X is not set -# CONFIG_DRM_I2C_NXP_TDA9950 is not set +CONFIG_DRM_I2C_CH7006=m +CONFIG_DRM_I2C_SIL164=m +CONFIG_DRM_I2C_NXP_TDA998X=m +CONFIG_DRM_I2C_NXP_TDA9950=m # end of I2C encoder or helper chips # # ARM devices # -# CONFIG_DRM_HDLCD is not set -# CONFIG_DRM_MALI_DISPLAY is not set -# CONFIG_DRM_KOMEDA is not set +CONFIG_DRM_HDLCD=m +# CONFIG_DRM_HDLCD_SHOW_UNDERRUN is not set +CONFIG_DRM_MALI_DISPLAY=m +CONFIG_DRM_KOMEDA=m # end of ARM devices -# CONFIG_DRM_RADEON is not set -# CONFIG_DRM_AMDGPU is not set +CONFIG_DRM_RADEON=m +# CONFIG_DRM_RADEON_USERPTR is not set +CONFIG_DRM_AMDGPU=m +CONFIG_DRM_AMDGPU_SI=y +CONFIG_DRM_AMDGPU_CIK=y +# CONFIG_DRM_AMDGPU_USERPTR is not set +# CONFIG_DRM_AMDGPU_GART_DEBUGFS is not set # # ACP (Audio CoProcessor) Configuration # +# CONFIG_DRM_AMD_ACP is not set # end of ACP (Audio CoProcessor) Configuration -# CONFIG_DRM_NOUVEAU is not set -# CONFIG_DRM_VGEM is not set -# CONFIG_DRM_VKMS is not set -# CONFIG_DRM_EXYNOS is not set -# CONFIG_DRM_UDL is not set -# CONFIG_DRM_AST is not set -# CONFIG_DRM_MGAG200 is not set +# +# Display Engine Configuration +# +CONFIG_DRM_AMD_DC=y +# CONFIG_DEBUG_KERNEL_DC is not set +# end of Display Engine Configuration + +CONFIG_HSA_AMD=y +CONFIG_DRM_NOUVEAU=m +# CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT is not set +CONFIG_NOUVEAU_PLATFORM_DRIVER=y +CONFIG_NOUVEAU_DEBUG=5 +CONFIG_NOUVEAU_DEBUG_DEFAULT=3 +# CONFIG_NOUVEAU_DEBUG_MMU is not set +CONFIG_DRM_NOUVEAU_BACKLIGHT=y +CONFIG_DRM_VGEM=m +CONFIG_DRM_VKMS=m +CONFIG_DRM_UDL=m +CONFIG_DRM_AST=m +CONFIG_DRM_MGAG200=m CONFIG_DRM_CIRRUS_QEMU=m -# CONFIG_DRM_RCAR_DW_HDMI is not set -# CONFIG_DRM_RCAR_LVDS is not set +CONFIG_DRM_RCAR_DU=m +CONFIG_DRM_RCAR_DW_HDMI=m +CONFIG_DRM_RCAR_LVDS=m CONFIG_DRM_RCAR_WRITEBACK=y -# CONFIG_DRM_SUN4I is not set -# CONFIG_DRM_QXL is not set -# CONFIG_DRM_BOCHS is not set -# CONFIG_DRM_VIRTIO_GPU is not set -CONFIG_DRM_MSM=y +CONFIG_DRM_SUN4I=m +CONFIG_DRM_SUN4I_HDMI=m +CONFIG_DRM_SUN4I_HDMI_CEC=y +CONFIG_DRM_SUN4I_BACKEND=m +CONFIG_DRM_SUN6I_DSI=m +CONFIG_DRM_SUN8I_DW_HDMI=m +CONFIG_DRM_SUN8I_MIXER=m +CONFIG_DRM_SUN8I_TCON_TOP=m +CONFIG_DRM_QXL=m +CONFIG_DRM_BOCHS=m +CONFIG_DRM_VIRTIO_GPU=m +CONFIG_DRM_MSM=m CONFIG_DRM_MSM_GPU_STATE=y # CONFIG_DRM_MSM_REGISTER_LOGGING is not set # CONFIG_DRM_MSM_GPU_SUDO is not set @@ -4080,7 +5377,7 @@ CONFIG_DRM_MSM_DSI_PLL=y CONFIG_DRM_MSM_DSI_28NM_PHY=y CONFIG_DRM_MSM_DSI_20NM_PHY=y CONFIG_DRM_MSM_DSI_28NM_8960_PHY=y -# CONFIG_DRM_MSM_DSI_14NM_PHY is not set +CONFIG_DRM_MSM_DSI_14NM_PHY=y CONFIG_DRM_MSM_DSI_10NM_PHY=y # CONFIG_DRM_TEGRA is not set CONFIG_DRM_PANEL=y @@ -4088,45 +5385,45 @@ CONFIG_DRM_PANEL=y # # Display Panels # -# CONFIG_DRM_PANEL_ARM_VERSATILE is not set -# CONFIG_DRM_PANEL_LVDS is not set -# CONFIG_DRM_PANEL_SIMPLE is not set -# CONFIG_DRM_PANEL_FEIYANG_FY07024DI26A30D is not set -# CONFIG_DRM_PANEL_ILITEK_IL9322 is not set -# CONFIG_DRM_PANEL_ILITEK_ILI9881C is not set -# CONFIG_DRM_PANEL_INNOLUX_P079ZCA is not set -# CONFIG_DRM_PANEL_JDI_LT070ME05000 is not set -# CONFIG_DRM_PANEL_KINGDISPLAY_KD097D04 is not set -# CONFIG_DRM_PANEL_SAMSUNG_LD9040 is not set +CONFIG_DRM_PANEL_ARM_VERSATILE=m +CONFIG_DRM_PANEL_LVDS=m +CONFIG_DRM_PANEL_SIMPLE=m +CONFIG_DRM_PANEL_FEIYANG_FY07024DI26A30D=m +CONFIG_DRM_PANEL_ILITEK_IL9322=m +CONFIG_DRM_PANEL_ILITEK_ILI9881C=m +CONFIG_DRM_PANEL_INNOLUX_P079ZCA=m +CONFIG_DRM_PANEL_JDI_LT070ME05000=m +CONFIG_DRM_PANEL_KINGDISPLAY_KD097D04=m +CONFIG_DRM_PANEL_SAMSUNG_LD9040=m # CONFIG_DRM_PANEL_LG_LB035Q02 is not set -# CONFIG_DRM_PANEL_LG_LG4573 is not set +CONFIG_DRM_PANEL_LG_LG4573=m # CONFIG_DRM_PANEL_NEC_NL8048HL11 is not set # CONFIG_DRM_PANEL_NOVATEK_NT39016 is not set -# CONFIG_DRM_PANEL_OLIMEX_LCD_OLINUXINO is not set -# CONFIG_DRM_PANEL_ORISETECH_OTM8009A is not set -# CONFIG_DRM_PANEL_OSD_OSD101T2587_53TS is not set -# CONFIG_DRM_PANEL_PANASONIC_VVX10F034N00 is not set +CONFIG_DRM_PANEL_OLIMEX_LCD_OLINUXINO=m +CONFIG_DRM_PANEL_ORISETECH_OTM8009A=m +CONFIG_DRM_PANEL_OSD_OSD101T2587_53TS=m +CONFIG_DRM_PANEL_PANASONIC_VVX10F034N00=m CONFIG_DRM_PANEL_RASPBERRYPI_TOUCHSCREEN=m # CONFIG_DRM_PANEL_RAYDIUM_RM67191 is not set -# CONFIG_DRM_PANEL_RAYDIUM_RM68200 is not set -# CONFIG_DRM_PANEL_ROCKTECH_JH057N00900 is not set -# CONFIG_DRM_PANEL_RONBO_RB070D30 is not set -# CONFIG_DRM_PANEL_SAMSUNG_S6D16D0 is not set -# CONFIG_DRM_PANEL_SAMSUNG_S6E3HA2 is not set -# CONFIG_DRM_PANEL_SAMSUNG_S6E63J0X03 is not set -# CONFIG_DRM_PANEL_SAMSUNG_S6E63M0 is not set -# CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0 is not set -# CONFIG_DRM_PANEL_SEIKO_43WVF1G is not set -# CONFIG_DRM_PANEL_SHARP_LQ101R1SX01 is not set +CONFIG_DRM_PANEL_RAYDIUM_RM68200=m +CONFIG_DRM_PANEL_ROCKTECH_JH057N00900=m +CONFIG_DRM_PANEL_RONBO_RB070D30=m +CONFIG_DRM_PANEL_SAMSUNG_S6D16D0=m +CONFIG_DRM_PANEL_SAMSUNG_S6E3HA2=m +CONFIG_DRM_PANEL_SAMSUNG_S6E63J0X03=m +CONFIG_DRM_PANEL_SAMSUNG_S6E63M0=m +CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0=m +CONFIG_DRM_PANEL_SEIKO_43WVF1G=m +CONFIG_DRM_PANEL_SHARP_LQ101R1SX01=m # CONFIG_DRM_PANEL_SHARP_LS037V7DW01 is not set -# CONFIG_DRM_PANEL_SHARP_LS043T1LE01 is not set -# CONFIG_DRM_PANEL_SITRONIX_ST7701 is not set -# CONFIG_DRM_PANEL_SITRONIX_ST7789V is not set +CONFIG_DRM_PANEL_SHARP_LS043T1LE01=m +CONFIG_DRM_PANEL_SITRONIX_ST7701=m +CONFIG_DRM_PANEL_SITRONIX_ST7789V=m # CONFIG_DRM_PANEL_SONY_ACX565AKM is not set # CONFIG_DRM_PANEL_TPO_TD028TTEC1 is not set # CONFIG_DRM_PANEL_TPO_TD043MTEA1 is not set -# CONFIG_DRM_PANEL_TPO_TPG110 is not set -# CONFIG_DRM_PANEL_TRULY_NT35597_WQXGA is not set +CONFIG_DRM_PANEL_TPO_TPG110=m +CONFIG_DRM_PANEL_TRULY_NT35597_WQXGA=m # end of Display Panels CONFIG_DRM_BRIDGE=y @@ -4135,45 +5432,57 @@ CONFIG_DRM_PANEL_BRIDGE=y # # Display Interface Bridges # -# CONFIG_DRM_ANALOGIX_ANX78XX is not set -# CONFIG_DRM_CDNS_DSI is not set -# CONFIG_DRM_DUMB_VGA_DAC is not set -# CONFIG_DRM_LVDS_ENCODER is not set -# CONFIG_DRM_MEGACHIPS_STDPXXXX_GE_B850V3_FW is not set -# CONFIG_DRM_NXP_PTN3460 is not set -# CONFIG_DRM_PARADE_PS8622 is not set -# CONFIG_DRM_SIL_SII8620 is not set -# CONFIG_DRM_SII902X is not set -# CONFIG_DRM_SII9234 is not set -# CONFIG_DRM_THINE_THC63LVD1024 is not set -# CONFIG_DRM_TOSHIBA_TC358764 is not set -# CONFIG_DRM_TOSHIBA_TC358767 is not set -# CONFIG_DRM_TI_TFP410 is not set -# CONFIG_DRM_TI_SN65DSI86 is not set -# CONFIG_DRM_I2C_ADV7511 is not set +CONFIG_DRM_ANALOGIX_ANX78XX=m +CONFIG_DRM_CDNS_DSI=m +CONFIG_DRM_DUMB_VGA_DAC=m +CONFIG_DRM_LVDS_ENCODER=m +CONFIG_DRM_MEGACHIPS_STDPXXXX_GE_B850V3_FW=m +CONFIG_DRM_NXP_PTN3460=m +CONFIG_DRM_PARADE_PS8622=m +CONFIG_DRM_SIL_SII8620=m +CONFIG_DRM_SII902X=m +CONFIG_DRM_SII9234=m +CONFIG_DRM_THINE_THC63LVD1024=m +CONFIG_DRM_TOSHIBA_TC358764=m +CONFIG_DRM_TOSHIBA_TC358767=m +CONFIG_DRM_TI_TFP410=m +CONFIG_DRM_TI_SN65DSI86=m +CONFIG_DRM_I2C_ADV7511=m +CONFIG_DRM_I2C_ADV7511_AUDIO=y +CONFIG_DRM_I2C_ADV7533=y +CONFIG_DRM_I2C_ADV7511_CEC=y +CONFIG_DRM_DW_HDMI=m +CONFIG_DRM_DW_HDMI_AHB_AUDIO=m +CONFIG_DRM_DW_HDMI_I2S_AUDIO=m +CONFIG_DRM_DW_HDMI_CEC=m # end of Display Interface Bridges CONFIG_DRM_VC4=m CONFIG_DRM_VC4_HDMI_CEC=y -# CONFIG_DRM_ETNAVIV is not set -# CONFIG_DRM_ARCPGU is not set -# CONFIG_DRM_HISI_HIBMC is not set -# CONFIG_DRM_HISI_KIRIN is not set -# CONFIG_DRM_MEDIATEK is not set -# CONFIG_DRM_MXSFB is not set -# CONFIG_DRM_MESON is not set +CONFIG_DRM_ETNAVIV=m +CONFIG_DRM_ETNAVIV_THERMAL=y +CONFIG_DRM_ARCPGU=m +CONFIG_DRM_HISI_HIBMC=m +CONFIG_DRM_HISI_KIRIN=m +CONFIG_DRM_MEDIATEK=m +CONFIG_DRM_MEDIATEK_HDMI=m +CONFIG_DRM_MXS=y +CONFIG_DRM_MXSFB=m +CONFIG_DRM_MESON=m +CONFIG_DRM_MESON_DW_HDMI=m # CONFIG_DRM_GM12U320 is not set -# CONFIG_TINYDRM_HX8357D is not set -# CONFIG_TINYDRM_ILI9225 is not set -# CONFIG_TINYDRM_ILI9341 is not set -# CONFIG_TINYDRM_MI0283QT is not set -# CONFIG_TINYDRM_REPAPER is not set -# CONFIG_TINYDRM_ST7586 is not set -# CONFIG_TINYDRM_ST7735R is not set -# CONFIG_DRM_PL111 is not set -# CONFIG_DRM_XEN is not set -# CONFIG_DRM_LIMA is not set -# CONFIG_DRM_PANFROST is not set +CONFIG_TINYDRM_HX8357D=m +CONFIG_TINYDRM_ILI9225=m +CONFIG_TINYDRM_ILI9341=m +CONFIG_TINYDRM_MI0283QT=m +CONFIG_TINYDRM_REPAPER=m +CONFIG_TINYDRM_ST7586=m +CONFIG_TINYDRM_ST7735R=m +CONFIG_DRM_PL111=m +CONFIG_DRM_XEN=y +CONFIG_DRM_XEN_FRONTEND=m +CONFIG_DRM_LIMA=m +CONFIG_DRM_PANFROST=m # CONFIG_DRM_LEGACY is not set CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=y @@ -4183,7 +5492,7 @@ CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=y CONFIG_FB_CMDLINE=y CONFIG_FB_NOTIFY=y CONFIG_FB=y -# CONFIG_FIRMWARE_EDID is not set +CONFIG_FIRMWARE_EDID=y CONFIG_FB_DDC=m CONFIG_FB_CFB_FILLRECT=y CONFIG_FB_CFB_COPYAREA=y @@ -4194,65 +5503,108 @@ CONFIG_FB_SYS_IMAGEBLIT=y # CONFIG_FB_FOREIGN_ENDIAN is not set CONFIG_FB_SYS_FOPS=y CONFIG_FB_DEFERRED_IO=y +CONFIG_FB_SVGALIB=m CONFIG_FB_BACKLIGHT=m CONFIG_FB_MODE_HELPERS=y -# CONFIG_FB_TILEBLITTING is not set +CONFIG_FB_TILEBLITTING=y # # Frame buffer hardware drivers # CONFIG_FB_CIRRUS=m -# CONFIG_FB_PM2 is not set -# CONFIG_FB_ARMCLCD is not set -# CONFIG_FB_CYBER2000 is not set -# CONFIG_FB_ASILIANT is not set -# CONFIG_FB_IMSTT is not set -# CONFIG_FB_UVESA is not set +CONFIG_FB_PM2=m +CONFIG_FB_PM2_FIFO_DISCONNECT=y +CONFIG_FB_ARMCLCD=y +CONFIG_FB_IMX=m +CONFIG_FB_CYBER2000=m +CONFIG_FB_CYBER2000_DDC=y +CONFIG_FB_ASILIANT=y +CONFIG_FB_IMSTT=y +CONFIG_FB_UVESA=m CONFIG_FB_EFI=y -# CONFIG_FB_OPENCORES is not set -# CONFIG_FB_S1D13XXX is not set +CONFIG_FB_OPENCORES=m +CONFIG_FB_S1D13XXX=m CONFIG_FB_NVIDIA=m -# CONFIG_FB_NVIDIA_I2C is not set +CONFIG_FB_NVIDIA_I2C=y # CONFIG_FB_NVIDIA_DEBUG is not set CONFIG_FB_NVIDIA_BACKLIGHT=y -# CONFIG_FB_RIVA is not set +CONFIG_FB_RIVA=m +CONFIG_FB_RIVA_I2C=y +# CONFIG_FB_RIVA_DEBUG is not set +CONFIG_FB_RIVA_BACKLIGHT=y CONFIG_FB_I740=m -# CONFIG_FB_MATROX is not set +CONFIG_FB_MATROX=m +CONFIG_FB_MATROX_MILLENIUM=y +CONFIG_FB_MATROX_MYSTIQUE=y +CONFIG_FB_MATROX_G=y +CONFIG_FB_MATROX_I2C=m +CONFIG_FB_MATROX_MAVEN=m CONFIG_FB_RADEON=m CONFIG_FB_RADEON_I2C=y CONFIG_FB_RADEON_BACKLIGHT=y # CONFIG_FB_RADEON_DEBUG is not set -# CONFIG_FB_ATY128 is not set -# CONFIG_FB_ATY is not set -# CONFIG_FB_S3 is not set -# CONFIG_FB_SAVAGE is not set -# CONFIG_FB_SIS is not set -# CONFIG_FB_NEOMAGIC is not set -# CONFIG_FB_KYRO is not set -# CONFIG_FB_3DFX is not set -# CONFIG_FB_VOODOO1 is not set -# CONFIG_FB_VT8623 is not set -# CONFIG_FB_TRIDENT is not set -# CONFIG_FB_ARK is not set -# CONFIG_FB_PM3 is not set -# CONFIG_FB_CARMINE is not set -# CONFIG_FB_SMSCUFX is not set -# CONFIG_FB_UDL is not set +CONFIG_FB_ATY128=m +CONFIG_FB_ATY128_BACKLIGHT=y +CONFIG_FB_ATY=m +CONFIG_FB_ATY_CT=y +# CONFIG_FB_ATY_GENERIC_LCD is not set +CONFIG_FB_ATY_GX=y +CONFIG_FB_ATY_BACKLIGHT=y +CONFIG_FB_S3=m +CONFIG_FB_S3_DDC=y +CONFIG_FB_SAVAGE=m +CONFIG_FB_SAVAGE_I2C=y +# CONFIG_FB_SAVAGE_ACCEL is not set +CONFIG_FB_SIS=m +CONFIG_FB_SIS_300=y +CONFIG_FB_SIS_315=y +CONFIG_FB_NEOMAGIC=m +CONFIG_FB_KYRO=m +CONFIG_FB_3DFX=m +# CONFIG_FB_3DFX_ACCEL is not set +# CONFIG_FB_3DFX_I2C is not set +CONFIG_FB_VOODOO1=m +CONFIG_FB_VT8623=m +CONFIG_FB_TRIDENT=m +CONFIG_FB_ARK=m +CONFIG_FB_PM3=m +CONFIG_FB_CARMINE=m +CONFIG_FB_CARMINE_DRAM_EVAL=y +# CONFIG_CARMINE_DRAM_CUSTOM is not set +CONFIG_FB_SH_MOBILE_LCDC=m +CONFIG_FB_SMSCUFX=m +CONFIG_FB_UDL=m # CONFIG_FB_IBM_GXT4500 is not set -# CONFIG_FB_XILINX is not set +CONFIG_FB_XILINX=m # CONFIG_FB_VIRTUAL is not set CONFIG_XEN_FBDEV_FRONTEND=m -# CONFIG_FB_METRONOME is not set -# CONFIG_FB_MB862XX is not set -# CONFIG_FB_SIMPLE is not set -# CONFIG_FB_SSD1307 is not set -# CONFIG_FB_SM712 is not set +CONFIG_FB_METRONOME=m +CONFIG_FB_MB862XX=m +CONFIG_FB_MB862XX_PCI_GDC=y +CONFIG_FB_MB862XX_I2C=y +CONFIG_FB_MX3=y +CONFIG_FB_HYPERV=m +CONFIG_FB_SIMPLE=y +CONFIG_FB_SSD1307=m +CONFIG_FB_SM712=m # end of Frame buffer Devices # # Backlight & LCD device support # -# CONFIG_LCD_CLASS_DEVICE is not set +CONFIG_LCD_CLASS_DEVICE=m +# CONFIG_LCD_L4F00242T03 is not set +# CONFIG_LCD_LMS283GF05 is not set +# CONFIG_LCD_LTV350QV is not set +# CONFIG_LCD_ILI922X is not set +# CONFIG_LCD_ILI9320 is not set +# CONFIG_LCD_TDO24M is not set +# CONFIG_LCD_VGG2432A4 is not set +# CONFIG_LCD_PLATFORM is not set +# CONFIG_LCD_AMS369FG06 is not set +# CONFIG_LCD_LMS501KF03 is not set +# CONFIG_LCD_HX8357 is not set +# CONFIG_LCD_OTM3225A is not set CONFIG_BACKLIGHT_CLASS_DEVICE=y CONFIG_BACKLIGHT_GENERIC=y # CONFIG_BACKLIGHT_PWM is not set @@ -4269,6 +5621,7 @@ CONFIG_BACKLIGHT_GENERIC=y # end of Backlight & LCD device support CONFIG_VGASTATE=m +CONFIG_VIDEOMODE_HELPERS=y CONFIG_HDMI=y # @@ -4397,6 +5750,7 @@ CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 # end of HD-Audio CONFIG_SND_HDA_CORE=m +CONFIG_SND_HDA_COMPONENT=y CONFIG_SND_HDA_PREALLOC_SIZE=64 CONFIG_SND_INTEL_NHLT=m CONFIG_SND_SPI=y @@ -4433,6 +5787,7 @@ CONFIG_SND_SOC_FSL_SAI=m # CONFIG_SND_SOC_FSL_ESAI is not set # CONFIG_SND_SOC_FSL_MICFIL is not set # CONFIG_SND_SOC_IMX_AUDMUX is not set +# CONFIG_SND_IMX_SOC is not set # end of SoC Audio for Freescale CPUs # CONFIG_SND_I2S_HI6210_I2S is not set @@ -4460,7 +5815,14 @@ CONFIG_SND_SOC_FSL_SAI=m # CONFIG_SND_SOC_QCOM is not set # CONFIG_SND_SOC_ROCKCHIP is not set -# CONFIG_SND_SOC_SAMSUNG is not set + +# +# SoC Audio support for Renesas SoCs +# +# CONFIG_SND_SOC_SH4_FSI is not set +# CONFIG_SND_SOC_RCAR is not set +# end of SoC Audio support for Renesas SoCs + # CONFIG_SND_SOC_SOF_TOPLEVEL is not set # CONFIG_SND_SOC_SPRD is not set @@ -4542,6 +5904,7 @@ CONFIG_SND_SOC_HDMI_CODEC=m # CONFIG_SND_SOC_MAX98927 is not set # CONFIG_SND_SOC_MAX98373 is not set # CONFIG_SND_SOC_MAX9860 is not set +# CONFIG_SND_SOC_MSM8916_WCD_ANALOG is not set # CONFIG_SND_SOC_MSM8916_WCD_DIGITAL is not set # CONFIG_SND_SOC_PCM1681 is not set # CONFIG_SND_SOC_PCM1789_I2C is not set @@ -4630,136 +5993,154 @@ CONFIG_AC97_BUS=m # HID support # CONFIG_HID=m -# CONFIG_HID_BATTERY_STRENGTH is not set -# CONFIG_HIDRAW is not set -# CONFIG_UHID is not set +CONFIG_HID_BATTERY_STRENGTH=y +CONFIG_HIDRAW=y +CONFIG_UHID=m CONFIG_HID_GENERIC=m # # Special HID drivers # CONFIG_HID_A4TECH=m -# CONFIG_HID_ACCUTOUCH is not set -# CONFIG_HID_ACRUX is not set +CONFIG_HID_ACCUTOUCH=m +CONFIG_HID_ACRUX=m +CONFIG_HID_ACRUX_FF=y CONFIG_HID_APPLE=m -# CONFIG_HID_APPLEIR is not set -# CONFIG_HID_ASUS is not set -# CONFIG_HID_AUREAL is not set +CONFIG_HID_APPLEIR=m +CONFIG_HID_ASUS=m +CONFIG_HID_AUREAL=m CONFIG_HID_BELKIN=m -# CONFIG_HID_BETOP_FF is not set -# CONFIG_HID_BIGBEN_FF is not set +CONFIG_HID_BETOP_FF=m +CONFIG_HID_BIGBEN_FF=m CONFIG_HID_CHERRY=m -# CONFIG_HID_CHICONY is not set -# CONFIG_HID_CORSAIR is not set -# CONFIG_HID_COUGAR is not set -# CONFIG_HID_MACALLY is not set -# CONFIG_HID_PRODIKEYS is not set -# CONFIG_HID_CMEDIA is not set +CONFIG_HID_CHICONY=m +CONFIG_HID_CORSAIR=m +CONFIG_HID_COUGAR=m +CONFIG_HID_MACALLY=m +CONFIG_HID_PRODIKEYS=m +CONFIG_HID_CMEDIA=m +CONFIG_HID_CP2112=m # CONFIG_HID_CREATIVE_SB0540 is not set -# CONFIG_HID_CYPRESS is not set -# CONFIG_HID_DRAGONRISE is not set -# CONFIG_HID_EMS_FF is not set -# CONFIG_HID_ELAN is not set -# CONFIG_HID_ELECOM is not set -# CONFIG_HID_ELO is not set +CONFIG_HID_CYPRESS=m +CONFIG_HID_DRAGONRISE=m +CONFIG_DRAGONRISE_FF=y +CONFIG_HID_EMS_FF=m +CONFIG_HID_ELAN=m +CONFIG_HID_ELECOM=m +CONFIG_HID_ELO=m CONFIG_HID_EZKEY=m -# CONFIG_HID_GEMBIRD is not set -# CONFIG_HID_GFRM is not set -# CONFIG_HID_HOLTEK is not set -# CONFIG_HID_GT683R is not set -# CONFIG_HID_KEYTOUCH is not set -# CONFIG_HID_KYE is not set -# CONFIG_HID_UCLOGIC is not set -# CONFIG_HID_WALTOP is not set -# CONFIG_HID_VIEWSONIC is not set -# CONFIG_HID_GYRATION is not set -# CONFIG_HID_ICADE is not set -# CONFIG_HID_ITE is not set -# CONFIG_HID_JABRA is not set -# CONFIG_HID_TWINHAN is not set -# CONFIG_HID_KENSINGTON is not set -# CONFIG_HID_LCPOWER is not set -# CONFIG_HID_LED is not set -# CONFIG_HID_LENOVO is not set +CONFIG_HID_GEMBIRD=m +CONFIG_HID_GFRM=m +CONFIG_HID_HOLTEK=m +CONFIG_HOLTEK_FF=y +CONFIG_HID_GT683R=m +CONFIG_HID_KEYTOUCH=m +CONFIG_HID_KYE=m +CONFIG_HID_UCLOGIC=m +CONFIG_HID_WALTOP=m +CONFIG_HID_VIEWSONIC=m +CONFIG_HID_GYRATION=m +CONFIG_HID_ICADE=m +CONFIG_HID_ITE=m +CONFIG_HID_JABRA=m +CONFIG_HID_TWINHAN=m +CONFIG_HID_KENSINGTON=m +CONFIG_HID_LCPOWER=m +CONFIG_HID_LED=m +CONFIG_HID_LENOVO=m CONFIG_HID_LOGITECH=m -# CONFIG_HID_LOGITECH_HIDPP is not set -# CONFIG_LOGITECH_FF is not set -# CONFIG_LOGIRUMBLEPAD2_FF is not set -# CONFIG_LOGIG940_FF is not set -# CONFIG_LOGIWHEELS_FF is not set -# CONFIG_HID_MAGICMOUSE is not set -# CONFIG_HID_MALTRON is not set -# CONFIG_HID_MAYFLASH is not set -# CONFIG_HID_REDRAGON is not set +CONFIG_HID_LOGITECH_DJ=m +CONFIG_HID_LOGITECH_HIDPP=m +CONFIG_LOGITECH_FF=y +CONFIG_LOGIRUMBLEPAD2_FF=y +CONFIG_LOGIG940_FF=y +CONFIG_LOGIWHEELS_FF=y +CONFIG_HID_MAGICMOUSE=m +CONFIG_HID_MALTRON=m +CONFIG_HID_MAYFLASH=m +CONFIG_HID_REDRAGON=m CONFIG_HID_MICROSOFT=m CONFIG_HID_MONTEREY=m -# CONFIG_HID_MULTITOUCH is not set -# CONFIG_HID_NTI is not set -# CONFIG_HID_NTRIG is not set -# CONFIG_HID_ORTEK is not set -# CONFIG_HID_PANTHERLORD is not set -# CONFIG_HID_PENMOUNT is not set -# CONFIG_HID_PETALYNX is not set -# CONFIG_HID_PICOLCD is not set -# CONFIG_HID_PLANTRONICS is not set -# CONFIG_HID_PRIMAX is not set -# CONFIG_HID_RETRODE is not set -# CONFIG_HID_ROCCAT is not set -# CONFIG_HID_SAITEK is not set -# CONFIG_HID_SAMSUNG is not set -# CONFIG_HID_SONY is not set -# CONFIG_HID_SPEEDLINK is not set -# CONFIG_HID_STEAM is not set -# CONFIG_HID_STEELSERIES is not set -# CONFIG_HID_SUNPLUS is not set -# CONFIG_HID_RMI is not set -# CONFIG_HID_GREENASIA is not set -# CONFIG_HID_SMARTJOYPLUS is not set -# CONFIG_HID_TIVO is not set -# CONFIG_HID_TOPSEED is not set -# CONFIG_HID_THINGM is not set -# CONFIG_HID_THRUSTMASTER is not set -# CONFIG_HID_UDRAW_PS3 is not set -# CONFIG_HID_U2FZERO is not set -# CONFIG_HID_WACOM is not set -# CONFIG_HID_WIIMOTE is not set -# CONFIG_HID_XINMO is not set -# CONFIG_HID_ZEROPLUS is not set -# CONFIG_HID_ZYDACRON is not set -# CONFIG_HID_SENSOR_HUB is not set -# CONFIG_HID_ALPS is not set +CONFIG_HID_MULTITOUCH=m +CONFIG_HID_NTI=m +CONFIG_HID_NTRIG=m +CONFIG_HID_ORTEK=m +CONFIG_HID_PANTHERLORD=m +CONFIG_PANTHERLORD_FF=y +CONFIG_HID_PENMOUNT=m +CONFIG_HID_PETALYNX=m +CONFIG_HID_PICOLCD=m +CONFIG_HID_PICOLCD_FB=y +CONFIG_HID_PICOLCD_BACKLIGHT=y +CONFIG_HID_PICOLCD_LCD=y +CONFIG_HID_PICOLCD_LEDS=y +CONFIG_HID_PICOLCD_CIR=y +CONFIG_HID_PLANTRONICS=m +CONFIG_HID_PRIMAX=m +CONFIG_HID_RETRODE=m +CONFIG_HID_ROCCAT=m +CONFIG_HID_SAITEK=m +CONFIG_HID_SAMSUNG=m +CONFIG_HID_SONY=m +CONFIG_SONY_FF=y +CONFIG_HID_SPEEDLINK=m +CONFIG_HID_STEAM=m +CONFIG_HID_STEELSERIES=m +CONFIG_HID_SUNPLUS=m +CONFIG_HID_RMI=m +CONFIG_HID_GREENASIA=m +CONFIG_GREENASIA_FF=y +# CONFIG_HID_HYPERV_MOUSE is not set +CONFIG_HID_SMARTJOYPLUS=m +CONFIG_SMARTJOYPLUS_FF=y +CONFIG_HID_TIVO=m +CONFIG_HID_TOPSEED=m +CONFIG_HID_THINGM=m +CONFIG_HID_THRUSTMASTER=m +CONFIG_THRUSTMASTER_FF=y +CONFIG_HID_UDRAW_PS3=m +CONFIG_HID_U2FZERO=m +CONFIG_HID_WACOM=m +CONFIG_HID_WIIMOTE=m +CONFIG_HID_XINMO=m +CONFIG_HID_ZEROPLUS=m +CONFIG_ZEROPLUS_FF=y +CONFIG_HID_ZYDACRON=m +CONFIG_HID_SENSOR_HUB=m +CONFIG_HID_SENSOR_CUSTOM_SENSOR=m +CONFIG_HID_ALPS=m # end of Special HID drivers # # USB HID support # CONFIG_USB_HID=m -# CONFIG_HID_PID is not set -# CONFIG_USB_HIDDEV is not set +CONFIG_HID_PID=y +CONFIG_USB_HIDDEV=y # # USB HID Boot Protocol drivers # -# CONFIG_USB_KBD is not set -# CONFIG_USB_MOUSE is not set +CONFIG_USB_KBD=m +CONFIG_USB_MOUSE=m # end of USB HID Boot Protocol drivers # end of USB HID support # # I2C HID support # -# CONFIG_I2C_HID is not set +CONFIG_I2C_HID=m # end of I2C HID support # end of HID support CONFIG_USB_OHCI_LITTLE_ENDIAN=y CONFIG_USB_SUPPORT=y -CONFIG_USB_COMMON=m +CONFIG_USB_COMMON=y # CONFIG_USB_LED_TRIG is not set # CONFIG_USB_ULPI_BUS is not set # CONFIG_USB_CONN_GPIO is not set CONFIG_USB_ARCH_HAS_HCD=y -CONFIG_USB=m +CONFIG_USB=y CONFIG_USB_PCI=y CONFIG_USB_ANNOUNCE_NEW_DEVICES=y @@ -4767,7 +6148,7 @@ CONFIG_USB_ANNOUNCE_NEW_DEVICES=y # Miscellaneous USB options # CONFIG_USB_DEFAULT_PERSIST=y -# CONFIG_USB_DYNAMIC_MINORS is not set +CONFIG_USB_DYNAMIC_MINORS=y # CONFIG_USB_OTG is not set # CONFIG_USB_OTG_WHITELIST is not set # CONFIG_USB_OTG_BLACKLIST_HUB is not set @@ -4778,46 +6159,48 @@ CONFIG_USB_AUTOSUSPEND_DELAY=2 # # USB Host Controller Drivers # -# CONFIG_USB_C67X00_HCD is not set -CONFIG_USB_XHCI_HCD=m -# CONFIG_USB_XHCI_DBGCAP is not set -CONFIG_USB_XHCI_PCI=m +CONFIG_USB_C67X00_HCD=m +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DBGCAP=y +CONFIG_USB_XHCI_PCI=y CONFIG_USB_XHCI_PLATFORM=m -# CONFIG_USB_XHCI_HISTB is not set -# CONFIG_USB_XHCI_MTK is not set -# CONFIG_USB_XHCI_MVEBU is not set -CONFIG_USB_EHCI_HCD=m -# CONFIG_USB_EHCI_ROOT_HUB_TT is not set +CONFIG_USB_XHCI_HISTB=m +CONFIG_USB_XHCI_MTK=m +CONFIG_USB_XHCI_MVEBU=m +CONFIG_USB_XHCI_RCAR=m +CONFIG_USB_EHCI_HCD=y +CONFIG_USB_EHCI_ROOT_HUB_TT=y CONFIG_USB_EHCI_TT_NEWSCHED=y -CONFIG_USB_EHCI_PCI=m -# CONFIG_USB_EHCI_FSL is not set -# CONFIG_USB_EHCI_HCD_ORION is not set +CONFIG_USB_EHCI_PCI=y +CONFIG_USB_EHCI_FSL=m +CONFIG_USB_EHCI_MXC=m +CONFIG_USB_EHCI_HCD_ORION=y # CONFIG_USB_EHCI_TEGRA is not set -# CONFIG_USB_EHCI_EXYNOS is not set CONFIG_USB_EHCI_HCD_PLATFORM=m -# CONFIG_USB_OXU210HP_HCD is not set -# CONFIG_USB_ISP116X_HCD is not set -# CONFIG_USB_FOTG210_HCD is not set -# CONFIG_USB_MAX3421_HCD is not set -CONFIG_USB_OHCI_HCD=m -CONFIG_USB_OHCI_HCD_PCI=m -CONFIG_USB_OHCI_HCD_SSB=y -# CONFIG_USB_OHCI_EXYNOS is not set +CONFIG_USB_OXU210HP_HCD=m +CONFIG_USB_ISP116X_HCD=m +CONFIG_USB_FOTG210_HCD=m +CONFIG_USB_MAX3421_HCD=m +CONFIG_USB_OHCI_HCD=y +CONFIG_USB_OHCI_HCD_PCI=y CONFIG_USB_OHCI_HCD_PLATFORM=m -CONFIG_USB_UHCI_HCD=m -# CONFIG_USB_SL811_HCD is not set -# CONFIG_USB_R8A66597_HCD is not set -# CONFIG_USB_HCD_BCMA is not set +CONFIG_USB_UHCI_HCD=y +CONFIG_USB_SL811_HCD=m +CONFIG_USB_SL811_HCD_ISO=y +CONFIG_USB_R8A66597_HCD=m +CONFIG_USB_RENESAS_USBHS_HCD=m +CONFIG_USB_HCD_BCMA=m CONFIG_USB_HCD_SSB=m # CONFIG_USB_HCD_TEST_MODE is not set +CONFIG_USB_RENESAS_USBHS=m # # USB Device Class drivers # -# CONFIG_USB_ACM is not set -# CONFIG_USB_PRINTER is not set +CONFIG_USB_ACM=m +CONFIG_USB_PRINTER=m CONFIG_USB_WDM=m -# CONFIG_USB_TMC is not set +CONFIG_USB_TMC=m # # NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may @@ -4828,19 +6211,20 @@ CONFIG_USB_WDM=m # CONFIG_USB_STORAGE=m # CONFIG_USB_STORAGE_DEBUG is not set -# CONFIG_USB_STORAGE_REALTEK is not set -# CONFIG_USB_STORAGE_DATAFAB is not set -# CONFIG_USB_STORAGE_FREECOM is not set -# CONFIG_USB_STORAGE_ISD200 is not set -# CONFIG_USB_STORAGE_USBAT is not set -# CONFIG_USB_STORAGE_SDDR09 is not set -# CONFIG_USB_STORAGE_SDDR55 is not set -# CONFIG_USB_STORAGE_JUMPSHOT is not set -# CONFIG_USB_STORAGE_ALAUDA is not set -# CONFIG_USB_STORAGE_ONETOUCH is not set -# CONFIG_USB_STORAGE_KARMA is not set -# CONFIG_USB_STORAGE_CYPRESS_ATACB is not set -# CONFIG_USB_STORAGE_ENE_UB6250 is not set +CONFIG_USB_STORAGE_REALTEK=m +CONFIG_REALTEK_AUTOPM=y +CONFIG_USB_STORAGE_DATAFAB=m +CONFIG_USB_STORAGE_FREECOM=m +CONFIG_USB_STORAGE_ISD200=m +CONFIG_USB_STORAGE_USBAT=m +CONFIG_USB_STORAGE_SDDR09=m +CONFIG_USB_STORAGE_SDDR55=m +CONFIG_USB_STORAGE_JUMPSHOT=m +CONFIG_USB_STORAGE_ALAUDA=m +CONFIG_USB_STORAGE_ONETOUCH=m +CONFIG_USB_STORAGE_KARMA=m +CONFIG_USB_STORAGE_CYPRESS_ATACB=m +CONFIG_USB_STORAGE_ENE_UB6250=m CONFIG_USB_UAS=m # @@ -4855,24 +6239,23 @@ CONFIG_USB_UAS=m CONFIG_USB_DWC3=m CONFIG_USB_DWC3_HOST=y # CONFIG_USB_DWC3_GADGET is not set +# CONFIG_USB_DWC3_DUAL_ROLE is not set # # Platform Glue Driver Support # -CONFIG_USB_DWC3_EXYNOS=m CONFIG_USB_DWC3_PCI=m CONFIG_USB_DWC3_HAPS=m +CONFIG_USB_DWC3_KEYSTONE=m CONFIG_USB_DWC3_MESON_G12A=m CONFIG_USB_DWC3_OF_SIMPLE=m CONFIG_USB_DWC3_QCOM=m -CONFIG_USB_DWC2=m -# CONFIG_USB_DWC2_HOST is not set +CONFIG_USB_DWC2=y +CONFIG_USB_DWC2_HOST=y # # Gadget/Dual-role mode requires USB Gadget support to be enabled # -# CONFIG_USB_DWC2_PERIPHERAL is not set -CONFIG_USB_DWC2_DUAL_ROLE=y # CONFIG_USB_DWC2_PCI is not set # CONFIG_USB_DWC2_DEBUG is not set # CONFIG_USB_DWC2_TRACK_MISSED_SOFS is not set @@ -4965,6 +6348,7 @@ CONFIG_USB_SERIAL_WWAN=m # CONFIG_USB_HSIC_USB4604 is not set # CONFIG_USB_LINK_LAYER_TEST is not set # CONFIG_USB_CHAOSKEY is not set +# CONFIG_USB_ATM is not set # # USB Physical Layer drivers @@ -4972,6 +6356,7 @@ CONFIG_USB_SERIAL_WWAN=m # CONFIG_NOP_USB_XCEIV is not set # CONFIG_USB_GPIO_VBUS is not set # CONFIG_USB_ISP1301 is not set +# CONFIG_USB_MXS_PHY is not set # CONFIG_USB_TEGRA_PHY is not set # CONFIG_USB_ULPI is not set # end of USB Physical Layer drivers @@ -4986,9 +6371,12 @@ CONFIG_USB_GADGET_STORAGE_NUM_BUFFERS=2 # # USB Peripheral Controller # +# CONFIG_USB_FSL_USB2 is not set # CONFIG_USB_FOTG210_UDC is not set # CONFIG_USB_GR_UDC is not set # CONFIG_USB_R8A66597 is not set +# CONFIG_USB_RENESAS_USBHS_UDC is not set +# CONFIG_USB_RENESAS_USB3 is not set # CONFIG_USB_PXA27X is not set # CONFIG_USB_MV_UDC is not set # CONFIG_USB_MV_U3D is not set @@ -5025,6 +6413,7 @@ CONFIG_TYPEC=m CONFIG_USB_ROLE_SWITCH=m CONFIG_MMC=y CONFIG_PWRSEQ_EMMC=m +# CONFIG_PWRSEQ_SD8787 is not set CONFIG_PWRSEQ_SIMPLE=m CONFIG_MMC_BLOCK=y CONFIG_MMC_BLOCK_MINORS=16 @@ -5041,41 +6430,71 @@ CONFIG_MMC_STM32_SDMMC=y CONFIG_MMC_SDHCI=y CONFIG_MMC_SDHCI_IO_ACCESSORS=y CONFIG_MMC_SDHCI_PCI=m -# CONFIG_MMC_RICOH_MMC is not set +CONFIG_MMC_RICOH_MMC=y CONFIG_MMC_SDHCI_ACPI=m -CONFIG_MMC_SDHCI_PLTFM=y -# CONFIG_MMC_SDHCI_OF_ARASAN is not set +CONFIG_MMC_SDHCI_PLTFM=m +CONFIG_MMC_SDHCI_OF_ARASAN=m # CONFIG_MMC_SDHCI_OF_ASPEED is not set -# CONFIG_MMC_SDHCI_OF_AT91 is not set -CONFIG_MMC_SDHCI_OF_ESDHC=y -# CONFIG_MMC_SDHCI_OF_DWCMSHC is not set -# CONFIG_MMC_SDHCI_CADENCE is not set +CONFIG_MMC_SDHCI_OF_AT91=m +CONFIG_MMC_SDHCI_OF_ESDHC=m +CONFIG_MMC_SDHCI_OF_DWCMSHC=m +CONFIG_MMC_SDHCI_CADENCE=m +CONFIG_MMC_SDHCI_ESDHC_IMX=m # CONFIG_MMC_SDHCI_TEGRA is not set -# CONFIG_MMC_SDHCI_PXAV3 is not set -# CONFIG_MMC_SDHCI_F_SDH30 is not set -CONFIG_MMC_SDHCI_IPROC=y -# CONFIG_MMC_MESON_GX is not set -# CONFIG_MMC_MESON_MX_SDIO is not set +CONFIG_MMC_SDHCI_PXAV3=m +CONFIG_MMC_SDHCI_F_SDH30=m +CONFIG_MMC_SDHCI_IPROC=m +CONFIG_MMC_MESON_GX=m +CONFIG_MMC_MESON_MX_SDIO=m CONFIG_MMC_SDHCI_MSM=m -# CONFIG_MMC_TIFM_SD is not set -CONFIG_MMC_SPI=y -# CONFIG_MMC_SDHCI_SPRD is not set -# CONFIG_MMC_CB710 is not set -# CONFIG_MMC_VIA_SDMMC is not set -# CONFIG_MMC_DW is not set -# CONFIG_MMC_VUB300 is not set -# CONFIG_MMC_USHC is not set -# CONFIG_MMC_USDHI6ROL0 is not set -# CONFIG_MMC_SUNXI is not set +CONFIG_MMC_MXC=m +CONFIG_MMC_TIFM_SD=m +CONFIG_MMC_SPI=m +CONFIG_MMC_SDHCI_SPRD=m +CONFIG_MMC_TMIO_CORE=m +CONFIG_MMC_SDHI=m +CONFIG_MMC_SDHI_SYS_DMAC=m +CONFIG_MMC_SDHI_INTERNAL_DMAC=m +CONFIG_MMC_CB710=m +CONFIG_MMC_VIA_SDMMC=m +CONFIG_MMC_CAVIUM_THUNDERX=m +CONFIG_MMC_DW=m +CONFIG_MMC_DW_PLTFM=m +CONFIG_MMC_DW_BLUEFIELD=m +CONFIG_MMC_DW_EXYNOS=m +CONFIG_MMC_DW_HI3798CV200=m +CONFIG_MMC_DW_K3=m +CONFIG_MMC_DW_PCI=m +CONFIG_MMC_DW_ROCKCHIP=m +CONFIG_MMC_SH_MMCIF=m +CONFIG_MMC_VUB300=m +CONFIG_MMC_USHC=m +CONFIG_MMC_USDHI6ROL0=m +CONFIG_MMC_SUNXI=m CONFIG_MMC_CQHCI=m -# CONFIG_MMC_TOSHIBA_PCI is not set -CONFIG_MMC_BCM2835=y -# CONFIG_MMC_MTK is not set +CONFIG_MMC_TOSHIBA_PCI=m +CONFIG_MMC_BCM2835=m +CONFIG_MMC_MTK=m CONFIG_MMC_SDHCI_BRCMSTB=m -# CONFIG_MMC_SDHCI_XENON is not set -# CONFIG_MMC_SDHCI_OMAP is not set -# CONFIG_MMC_SDHCI_AM654 is not set -# CONFIG_MEMSTICK is not set +CONFIG_MMC_SDHCI_XENON=m +CONFIG_MMC_SDHCI_OMAP=m +CONFIG_MMC_SDHCI_AM654=m +CONFIG_MEMSTICK=m +# CONFIG_MEMSTICK_DEBUG is not set + +# +# MemoryStick drivers +# +# CONFIG_MEMSTICK_UNSAFE_RESUME is not set +CONFIG_MSPRO_BLOCK=m +CONFIG_MS_BLOCK=m + +# +# MemoryStick Host Controller Drivers +# +CONFIG_MEMSTICK_TIFM_MS=m +CONFIG_MEMSTICK_JMICRON_38X=m +CONFIG_MEMSTICK_R592=m CONFIG_NEW_LEDS=y CONFIG_LEDS_CLASS=m # CONFIG_LEDS_CLASS_FLASH is not set @@ -5130,6 +6549,7 @@ CONFIG_LEDS_TRIGGERS=y # CONFIG_LEDS_TRIGGER_TIMER is not set # CONFIG_LEDS_TRIGGER_ONESHOT is not set # CONFIG_LEDS_TRIGGER_DISK is not set +# CONFIG_LEDS_TRIGGER_MTD is not set # CONFIG_LEDS_TRIGGER_HEARTBEAT is not set # CONFIG_LEDS_TRIGGER_BACKLIGHT is not set # CONFIG_LEDS_TRIGGER_CPU is not set @@ -5147,16 +6567,49 @@ CONFIG_LEDS_TRIGGERS=y # CONFIG_LEDS_TRIGGER_PATTERN is not set # CONFIG_LEDS_TRIGGER_AUDIO is not set # CONFIG_ACCESSIBILITY is not set -# CONFIG_INFINIBAND is not set +CONFIG_INFINIBAND=m +CONFIG_INFINIBAND_USER_MAD=m +CONFIG_INFINIBAND_USER_ACCESS=m +# CONFIG_INFINIBAND_EXP_LEGACY_VERBS_NEW_UAPI is not set +CONFIG_INFINIBAND_USER_MEM=y +CONFIG_INFINIBAND_ON_DEMAND_PAGING=y +CONFIG_INFINIBAND_ADDR_TRANS=y +CONFIG_INFINIBAND_ADDR_TRANS_CONFIGFS=y +CONFIG_INFINIBAND_MTHCA=m +# CONFIG_INFINIBAND_MTHCA_DEBUG is not set +CONFIG_INFINIBAND_CXGB3=m +CONFIG_INFINIBAND_CXGB4=m +CONFIG_INFINIBAND_EFA=m +CONFIG_INFINIBAND_I40IW=m +CONFIG_MLX4_INFINIBAND=m +CONFIG_MLX5_INFINIBAND=m +CONFIG_INFINIBAND_OCRDMA=m +CONFIG_INFINIBAND_VMWARE_PVRDMA=m +CONFIG_INFINIBAND_BNXT_RE=m +CONFIG_INFINIBAND_QEDR=m +CONFIG_RDMA_RXE=m +CONFIG_RDMA_SIW=m +CONFIG_INFINIBAND_IPOIB=m +CONFIG_INFINIBAND_IPOIB_CM=y +# CONFIG_INFINIBAND_IPOIB_DEBUG is not set +CONFIG_INFINIBAND_SRP=m +CONFIG_INFINIBAND_ISER=m CONFIG_EDAC_SUPPORT=y CONFIG_EDAC=y # CONFIG_EDAC_LEGACY_SYSFS is not set # CONFIG_EDAC_DEBUG is not set +CONFIG_EDAC_GHES=y CONFIG_EDAC_LAYERSCAPE=m -# CONFIG_EDAC_THUNDERX is not set -# CONFIG_EDAC_ALTERA is not set -# CONFIG_EDAC_SYNOPSYS is not set -# CONFIG_EDAC_XGENE is not set +CONFIG_EDAC_THUNDERX=m +CONFIG_EDAC_ALTERA=y +CONFIG_EDAC_ALTERA_SDRAM=y +CONFIG_EDAC_ALTERA_ETHERNET=y +CONFIG_EDAC_ALTERA_NAND=y +CONFIG_EDAC_ALTERA_USB=y +CONFIG_EDAC_ALTERA_QSPI=y +CONFIG_EDAC_ALTERA_SDMMC=y +CONFIG_EDAC_SYNOPSYS=m +CONFIG_EDAC_XGENE=m # CONFIG_EDAC_DMC520 is not set CONFIG_RTC_LIB=y CONFIG_RTC_CLASS=y @@ -5165,7 +6618,7 @@ CONFIG_RTC_HCTOSYS_DEVICE="rtc0" CONFIG_RTC_SYSTOHC=y CONFIG_RTC_SYSTOHC_DEVICE="rtc0" # CONFIG_RTC_DEBUG is not set -# CONFIG_RTC_NVMEM is not set +CONFIG_RTC_NVMEM=y # # RTC interfaces @@ -5179,103 +6632,116 @@ CONFIG_RTC_INTF_DEV=y # # I2C RTC drivers # -# CONFIG_RTC_DRV_ABB5ZES3 is not set -# CONFIG_RTC_DRV_ABEOZ9 is not set -# CONFIG_RTC_DRV_ABX80X is not set -CONFIG_RTC_DRV_BRCMSTB=y -# CONFIG_RTC_DRV_DS1307 is not set -# CONFIG_RTC_DRV_DS1374 is not set -# CONFIG_RTC_DRV_DS1672 is not set -# CONFIG_RTC_DRV_HYM8563 is not set -# CONFIG_RTC_DRV_MAX6900 is not set +CONFIG_RTC_DRV_ABB5ZES3=m +CONFIG_RTC_DRV_ABEOZ9=m +CONFIG_RTC_DRV_ABX80X=m +CONFIG_RTC_DRV_BRCMSTB=m +CONFIG_RTC_DRV_DS1307=m +CONFIG_RTC_DRV_DS1307_CENTURY=y +CONFIG_RTC_DRV_DS1374=m +CONFIG_RTC_DRV_DS1374_WDT=y +CONFIG_RTC_DRV_DS1672=m +CONFIG_RTC_DRV_HYM8563=m +CONFIG_RTC_DRV_MAX6900=m CONFIG_RTC_DRV_MESON_VRTC=m -# CONFIG_RTC_DRV_RS5C372 is not set -# CONFIG_RTC_DRV_ISL1208 is not set -# CONFIG_RTC_DRV_ISL12022 is not set -# CONFIG_RTC_DRV_ISL12026 is not set -# CONFIG_RTC_DRV_X1205 is not set -# CONFIG_RTC_DRV_PCF8523 is not set -# CONFIG_RTC_DRV_PCF85063 is not set -# CONFIG_RTC_DRV_PCF85363 is not set -# CONFIG_RTC_DRV_PCF8563 is not set -# CONFIG_RTC_DRV_PCF8583 is not set -# CONFIG_RTC_DRV_M41T80 is not set -# CONFIG_RTC_DRV_BQ32K is not set -# CONFIG_RTC_DRV_S35390A is not set -# CONFIG_RTC_DRV_FM3130 is not set -# CONFIG_RTC_DRV_RX8010 is not set -# CONFIG_RTC_DRV_RX8581 is not set -# CONFIG_RTC_DRV_RX8025 is not set -# CONFIG_RTC_DRV_EM3027 is not set -# CONFIG_RTC_DRV_RV3028 is not set -# CONFIG_RTC_DRV_RV8803 is not set -# CONFIG_RTC_DRV_SD3078 is not set +CONFIG_RTC_DRV_RS5C372=m +CONFIG_RTC_DRV_ISL1208=m +CONFIG_RTC_DRV_ISL12022=m +CONFIG_RTC_DRV_ISL12026=m +CONFIG_RTC_DRV_X1205=m +CONFIG_RTC_DRV_PCF8523=m +CONFIG_RTC_DRV_PCF85063=m +CONFIG_RTC_DRV_PCF85363=m +CONFIG_RTC_DRV_PCF8563=m +CONFIG_RTC_DRV_PCF8583=m +CONFIG_RTC_DRV_M41T80=m +CONFIG_RTC_DRV_M41T80_WDT=y +CONFIG_RTC_DRV_BQ32K=m +CONFIG_RTC_DRV_S35390A=m +CONFIG_RTC_DRV_FM3130=m +CONFIG_RTC_DRV_RX8010=m +CONFIG_RTC_DRV_RX8581=m +CONFIG_RTC_DRV_RX8025=m +CONFIG_RTC_DRV_EM3027=m +CONFIG_RTC_DRV_RV3028=m +CONFIG_RTC_DRV_RV8803=m +CONFIG_RTC_DRV_SD3078=m # # SPI RTC drivers # -# CONFIG_RTC_DRV_M41T93 is not set -# CONFIG_RTC_DRV_M41T94 is not set -# CONFIG_RTC_DRV_DS1302 is not set -# CONFIG_RTC_DRV_DS1305 is not set -# CONFIG_RTC_DRV_DS1343 is not set -# CONFIG_RTC_DRV_DS1347 is not set -# CONFIG_RTC_DRV_DS1390 is not set -# CONFIG_RTC_DRV_MAX6916 is not set -# CONFIG_RTC_DRV_R9701 is not set -# CONFIG_RTC_DRV_RX4581 is not set -# CONFIG_RTC_DRV_RX6110 is not set -# CONFIG_RTC_DRV_RS5C348 is not set -# CONFIG_RTC_DRV_MAX6902 is not set -# CONFIG_RTC_DRV_PCF2123 is not set -# CONFIG_RTC_DRV_MCP795 is not set +CONFIG_RTC_DRV_M41T93=m +CONFIG_RTC_DRV_M41T94=m +CONFIG_RTC_DRV_DS1302=m +CONFIG_RTC_DRV_DS1305=m +CONFIG_RTC_DRV_DS1343=m +CONFIG_RTC_DRV_DS1347=m +CONFIG_RTC_DRV_DS1390=m +CONFIG_RTC_DRV_MAX6916=m +CONFIG_RTC_DRV_R9701=m +CONFIG_RTC_DRV_RX4581=m +CONFIG_RTC_DRV_RX6110=m +CONFIG_RTC_DRV_RS5C348=m +CONFIG_RTC_DRV_MAX6902=m +CONFIG_RTC_DRV_PCF2123=m +CONFIG_RTC_DRV_MCP795=m CONFIG_RTC_I2C_AND_SPI=y # # SPI and I2C RTC drivers # -# CONFIG_RTC_DRV_DS3232 is not set -# CONFIG_RTC_DRV_PCF2127 is not set -# CONFIG_RTC_DRV_RV3029C2 is not set +CONFIG_RTC_DRV_DS3232=m +CONFIG_RTC_DRV_DS3232_HWMON=y +CONFIG_RTC_DRV_PCF2127=m +CONFIG_RTC_DRV_RV3029C2=m +CONFIG_RTC_DRV_RV3029_HWMON=y # # Platform RTC drivers # -# CONFIG_RTC_DRV_DS1286 is not set -# CONFIG_RTC_DRV_DS1511 is not set -# CONFIG_RTC_DRV_DS1553 is not set -# CONFIG_RTC_DRV_DS1685_FAMILY is not set -# CONFIG_RTC_DRV_DS1742 is not set -# CONFIG_RTC_DRV_DS2404 is not set -# CONFIG_RTC_DRV_EFI is not set -# CONFIG_RTC_DRV_STK17TA8 is not set -# CONFIG_RTC_DRV_M48T86 is not set -# CONFIG_RTC_DRV_M48T35 is not set -# CONFIG_RTC_DRV_M48T59 is not set -# CONFIG_RTC_DRV_MSM6242 is not set -# CONFIG_RTC_DRV_BQ4802 is not set -# CONFIG_RTC_DRV_RP5C01 is not set -# CONFIG_RTC_DRV_V3020 is not set -# CONFIG_RTC_DRV_ZYNQMP is not set +CONFIG_RTC_DRV_DS1286=m +CONFIG_RTC_DRV_DS1511=m +CONFIG_RTC_DRV_DS1553=m +CONFIG_RTC_DRV_DS1685_FAMILY=m +CONFIG_RTC_DRV_DS1685=y +# CONFIG_RTC_DRV_DS1689 is not set +# CONFIG_RTC_DRV_DS17285 is not set +# CONFIG_RTC_DRV_DS17485 is not set +# CONFIG_RTC_DRV_DS17885 is not set +CONFIG_RTC_DRV_DS1742=m +CONFIG_RTC_DRV_DS2404=m +CONFIG_RTC_DRV_EFI=y +CONFIG_RTC_DRV_STK17TA8=m +CONFIG_RTC_DRV_M48T86=m +CONFIG_RTC_DRV_M48T35=m +CONFIG_RTC_DRV_M48T59=m +CONFIG_RTC_DRV_MSM6242=m +CONFIG_RTC_DRV_BQ4802=m +CONFIG_RTC_DRV_RP5C01=m +CONFIG_RTC_DRV_V3020=m +CONFIG_RTC_DRV_ZYNQMP=m # # on-CPU RTC drivers # +CONFIG_RTC_DRV_IMXDI=m CONFIG_RTC_DRV_FSL_FTM_ALARM=y -CONFIG_HAVE_S3C_RTC=y -# CONFIG_RTC_DRV_S3C is not set -# CONFIG_RTC_DRV_PL030 is not set -# CONFIG_RTC_DRV_PL031 is not set -# CONFIG_RTC_DRV_SUN6I is not set -# CONFIG_RTC_DRV_MV is not set -# CONFIG_RTC_DRV_ARMADA38X is not set -# CONFIG_RTC_DRV_CADENCE is not set -# CONFIG_RTC_DRV_FTRTC010 is not set +CONFIG_RTC_DRV_SH=m +CONFIG_RTC_DRV_PL030=m +CONFIG_RTC_DRV_PL031=m +CONFIG_RTC_DRV_SUN6I=y +CONFIG_RTC_DRV_MV=y +CONFIG_RTC_DRV_ARMADA38X=m +CONFIG_RTC_DRV_CADENCE=m +CONFIG_RTC_DRV_FTRTC010=m # CONFIG_RTC_DRV_TEGRA is not set -# CONFIG_RTC_DRV_SNVS is not set +CONFIG_RTC_DRV_MXC=m +CONFIG_RTC_DRV_MXC_V2=m +CONFIG_RTC_DRV_SNVS=m CONFIG_RTC_DRV_MT7622=m -# CONFIG_RTC_DRV_XGENE is not set -# CONFIG_RTC_DRV_R7301 is not set +CONFIG_RTC_DRV_XGENE=y +CONFIG_RTC_DRV_R7301=m +CONFIG_RTC_DRV_RTD119X=y # # HID Sensor RTC drivers @@ -5286,52 +6752,65 @@ CONFIG_DMADEVICES=y # # DMA Devices # +CONFIG_ASYNC_TX_ENABLE_CHANNEL_SWITCH=y CONFIG_DMA_ENGINE=y -CONFIG_DMA_VIRTUAL_CHANNELS=m +CONFIG_DMA_VIRTUAL_CHANNELS=y CONFIG_DMA_ACPI=y CONFIG_DMA_OF=y -# CONFIG_ALTERA_MSGDMA is not set -# CONFIG_AMBA_PL08X is not set -# CONFIG_AXI_DMAC is not set -# CONFIG_BCM_SBA_RAID is not set -CONFIG_DMA_BCM2835=m -# CONFIG_DMA_SUN6I is not set -# CONFIG_DW_AXI_DMAC is not set +CONFIG_ALTERA_MSGDMA=m +CONFIG_AMBA_PL08X=y +CONFIG_AXI_DMAC=m +CONFIG_BCM_SBA_RAID=m +CONFIG_DMA_BCM2835=y +CONFIG_DMA_SUN6I=m +CONFIG_DW_AXI_DMAC=m CONFIG_FSL_EDMA=m -# CONFIG_FSL_QDMA is not set -# CONFIG_INTEL_IDMA64 is not set -# CONFIG_K3_DMA is not set -# CONFIG_MV_XOR is not set -# CONFIG_MV_XOR_V2 is not set -# CONFIG_PL330_DMA is not set -# CONFIG_SPRD_DMA is not set +CONFIG_FSL_QDMA=m +CONFIG_IMX_DMA=m +CONFIG_IMX_SDMA=m +CONFIG_INTEL_IDMA64=m +CONFIG_K3_DMA=m +CONFIG_MV_XOR=y +CONFIG_MV_XOR_V2=y +CONFIG_MXS_DMA=y +CONFIG_MX3_IPU=y +CONFIG_MX3_IPU_IRQS=4 +CONFIG_OWL_DMA=m +CONFIG_PL330_DMA=m +CONFIG_SPRD_DMA=m # CONFIG_TEGRA20_APB_DMA is not set # CONFIG_TEGRA210_ADMA is not set -# CONFIG_XGENE_DMA is not set -# CONFIG_XILINX_DMA is not set -# CONFIG_XILINX_ZYNQMP_DMA is not set -# CONFIG_MTK_HSDMA is not set -# CONFIG_MTK_CQDMA is not set +CONFIG_XGENE_DMA=m +CONFIG_XILINX_DMA=m +CONFIG_XILINX_ZYNQMP_DMA=m +CONFIG_MTK_HSDMA=m +CONFIG_MTK_CQDMA=m +CONFIG_MTK_UART_APDMA=m CONFIG_QCOM_BAM_DMA=m -# CONFIG_QCOM_HIDMA_MGMT is not set -# CONFIG_QCOM_HIDMA is not set -# CONFIG_DW_DMAC is not set -# CONFIG_DW_DMAC_PCI is not set -# CONFIG_DW_EDMA is not set -# CONFIG_DW_EDMA_PCIE is not set +CONFIG_QCOM_HIDMA_MGMT=m +CONFIG_QCOM_HIDMA=m +CONFIG_DW_DMAC_CORE=m +CONFIG_DW_DMAC=m +CONFIG_DW_DMAC_PCI=m +CONFIG_DW_EDMA=m +CONFIG_DW_EDMA_PCIE=m +CONFIG_RENESAS_DMA=y +CONFIG_RCAR_DMAC=m +CONFIG_RENESAS_USB_DMAC=m # # DMA Clients # -# CONFIG_ASYNC_TX_DMA is not set +CONFIG_ASYNC_TX_DMA=y # CONFIG_DMATEST is not set +CONFIG_DMA_ENGINE_RAID=y # # DMABUF options # CONFIG_SYNC_FILE=y -# CONFIG_SW_SYNC is not set -# CONFIG_UDMABUF is not set +CONFIG_SW_SYNC=y +CONFIG_UDMABUF=y # CONFIG_DMABUF_SELFTESTS is not set # end of DMABUF options @@ -5346,6 +6825,7 @@ CONFIG_UIO_PCI_GENERIC=m # CONFIG_UIO_NETX is not set # CONFIG_UIO_PRUSS is not set # CONFIG_UIO_MF624 is not set +# CONFIG_UIO_HV_GENERIC is not set CONFIG_VFIO_IOMMU_TYPE1=m CONFIG_VFIO_VIRQFD=m CONFIG_VFIO=m @@ -5369,13 +6849,18 @@ CONFIG_VIRTIO_MMIO=y # # Microsoft Hyper-V guest support # -# CONFIG_HYPERV is not set +CONFIG_HYPERV=y +CONFIG_HYPERV_TIMER=y +CONFIG_HYPERV_UTILS=m +CONFIG_HYPERV_BALLOON=y +CONFIG_DXGKRNL=y # end of Microsoft Hyper-V guest support # # Xen driver support # CONFIG_XEN_BALLOON=y +# CONFIG_XEN_BALLOON_MEMORY_HOTPLUG is not set CONFIG_XEN_SCRUB_PAGES_DEFAULT=y CONFIG_XEN_DEV_EVTCHN=m CONFIG_XEN_BACKEND=y @@ -5392,6 +6877,7 @@ CONFIG_SWIOTLB_XEN=y CONFIG_XEN_PRIVCMD=m CONFIG_XEN_EFI=y CONFIG_XEN_AUTO_XLATE=y +CONFIG_XEN_FRONT_PGDIR_SHBUF=m # end of Xen driver support # CONFIG_GREYBUS is not set @@ -5407,6 +6893,7 @@ CONFIG_STAGING=y # CONFIG_VT6655 is not set # CONFIG_VT6656 is not set # CONFIG_FB_SM750 is not set +# CONFIG_USB_EMXX is not set # # Speakup console speech @@ -5448,6 +6935,15 @@ CONFIG_VIDEO_BCM2835=m # CONFIG_XIL_AXIS_FIFO is not set # CONFIG_FIELDBUS_DEV is not set # CONFIG_KPC2000 is not set + +# +# ISDN CAPI drivers +# +# CONFIG_CAPI_AVM is not set +# CONFIG_ISDN_DRV_GIGASET is not set +# CONFIG_HYSDN is not set +# end of ISDN CAPI drivers + # CONFIG_USB_WUSB_CBAF is not set # CONFIG_UWB is not set # CONFIG_EXFAT_FS is not set @@ -5466,35 +6962,47 @@ CONFIG_COMMON_CLK=y CONFIG_COMMON_CLK_VERSATILE=y CONFIG_CLK_SP810=y CONFIG_CLK_VEXPRESS_OSC=y -# CONFIG_CLK_HSDK is not set -# CONFIG_COMMON_CLK_MAX9485 is not set -# CONFIG_COMMON_CLK_SCPI is not set -# CONFIG_COMMON_CLK_SI5341 is not set -# CONFIG_COMMON_CLK_SI5351 is not set -# CONFIG_COMMON_CLK_SI514 is not set -# CONFIG_COMMON_CLK_SI544 is not set -# CONFIG_COMMON_CLK_SI570 is not set -# CONFIG_COMMON_CLK_CDCE706 is not set -# CONFIG_COMMON_CLK_CDCE925 is not set -# CONFIG_COMMON_CLK_CS2000_CP is not set +CONFIG_CLK_HSDK=y +CONFIG_COMMON_CLK_MAX9485=m +CONFIG_COMMON_CLK_SCMI=m +CONFIG_COMMON_CLK_SCPI=m +CONFIG_COMMON_CLK_SI5341=m +CONFIG_COMMON_CLK_SI5351=m +CONFIG_COMMON_CLK_SI514=m +CONFIG_COMMON_CLK_SI544=m +CONFIG_COMMON_CLK_SI570=m +CONFIG_COMMON_CLK_CDCE706=m +CONFIG_COMMON_CLK_CDCE925=m +CONFIG_COMMON_CLK_CS2000_CP=m CONFIG_CLK_QORIQ=y CONFIG_COMMON_CLK_XGENE=y -# CONFIG_COMMON_CLK_PWM is not set -# CONFIG_COMMON_CLK_VC5 is not set -# CONFIG_COMMON_CLK_FIXED_MMIO is not set +CONFIG_COMMON_CLK_PWM=m +CONFIG_COMMON_CLK_VC5=m +CONFIG_COMMON_CLK_FIXED_MMIO=y +CONFIG_CLK_ACTIONS=y +CONFIG_CLK_OWL_S500=y +CONFIG_CLK_OWL_S700=y +CONFIG_CLK_OWL_S900=y CONFIG_CLK_BCM2835=y CONFIG_COMMON_CLK_IPROC=y CONFIG_CLK_BCM_NS2=y -# CONFIG_CLK_BCM_SR is not set -# CONFIG_CLK_RASPBERRYPI is not set -# CONFIG_COMMON_CLK_HI3516CV300 is not set -CONFIG_COMMON_CLK_HI3519=y -# CONFIG_COMMON_CLK_HI3660 is not set +CONFIG_CLK_BCM_SR=y +CONFIG_CLK_RASPBERRYPI=m +CONFIG_COMMON_CLK_HI3516CV300=m +CONFIG_COMMON_CLK_HI3519=m +CONFIG_COMMON_CLK_HI3660=y CONFIG_COMMON_CLK_HI3670=y -# CONFIG_COMMON_CLK_HI3798CV200 is not set +CONFIG_COMMON_CLK_HI3798CV200=m CONFIG_COMMON_CLK_HI6220=y CONFIG_RESET_HISI=y -# CONFIG_STUB_CLK_HI6220 is not set +CONFIG_STUB_CLK_HI6220=y +CONFIG_STUB_CLK_HI3660=y +CONFIG_MXC_CLK=y +CONFIG_CLK_IMX8MM=y +# CONFIG_CLK_IMX8MN is not set +CONFIG_CLK_IMX8MQ=y +CONFIG_TI_SCI_CLK=m +# CONFIG_TI_SCI_CLK_PROBE_FROM_FW is not set # # Clock driver for MediaTek SoC @@ -5544,11 +7052,12 @@ CONFIG_COMMON_CLK_G12A=y CONFIG_ARMADA_AP_CP_HELPER=y CONFIG_ARMADA_37XX_CLK=y CONFIG_ARMADA_AP806_SYSCON=y +CONFIG_ARMADA_AP_CPU_CLK=y CONFIG_ARMADA_CP110_SYSCON=y # CONFIG_COMMON_CLK_QCOM is not set -CONFIG_COMMON_CLK_SAMSUNG=y -CONFIG_EXYNOS_ARM64_COMMON_CLK=y -CONFIG_EXYNOS_AUDSS_CLK_CON=y +CONFIG_CLK_RENESAS=y +# CONFIG_CLK_R9A06G032 is not set +# CONFIG_CLK_RCAR_USB2_CLOCK_SEL is not set # CONFIG_SPRD_COMMON_CLK is not set CONFIG_CLK_SUNXI=y CONFIG_CLK_SUNXI_CLOCKS=y @@ -5577,6 +7086,7 @@ CONFIG_TIMER_ACPI=y CONFIG_TIMER_PROBE=y CONFIG_CLKSRC_MMIO=y CONFIG_ROCKCHIP_TIMER=y +CONFIG_OWL_TIMER=y CONFIG_TEGRA_TIMER=y CONFIG_ARM_ARCH_TIMER=y CONFIG_ARM_ARCH_TIMER_EVTSTREAM=y @@ -5589,17 +7099,21 @@ CONFIG_ARM_TIMER_SP804=y CONFIG_MTK_TIMER=y # CONFIG_SPRD_TIMER is not set CONFIG_CLKSRC_VERSATILE=y +CONFIG_TIMER_IMX_SYS_CTR=y # end of Clock Source drivers CONFIG_MAILBOX=y # CONFIG_ARM_MHU is not set +# CONFIG_IMX_MBOX is not set # CONFIG_PLATFORM_MHU is not set # CONFIG_PL320_MBOX is not set # CONFIG_ARMADA_37XX_RWTM_MBOX is not set +# CONFIG_OMAP2PLUS_MBOX is not set CONFIG_ROCKCHIP_MBOX=y CONFIG_PCC=y # CONFIG_ALTERA_MBOX is not set CONFIG_BCM2835_MBOX=y +CONFIG_TI_MESSAGE_MANAGER=y # CONFIG_HI3660_MBOX is not set # CONFIG_HI6220_MBOX is not set # CONFIG_MAILBOX_TEST is not set @@ -5617,7 +7131,9 @@ CONFIG_IOMMU_SUPPORT=y # # Generic IOMMU Pagetable Support # -# CONFIG_IOMMU_IO_PGTABLE_LPAE is not set +CONFIG_IOMMU_IO_PGTABLE=y +CONFIG_IOMMU_IO_PGTABLE_LPAE=y +# CONFIG_IOMMU_IO_PGTABLE_LPAE_SELFTEST is not set # CONFIG_IOMMU_IO_PGTABLE_ARMV7S is not set # end of Generic IOMMU Pagetable Support @@ -5626,7 +7142,8 @@ CONFIG_IOMMU_SUPPORT=y CONFIG_OF_IOMMU=y CONFIG_IOMMU_DMA=y # CONFIG_ROCKCHIP_IOMMU is not set -# CONFIG_EXYNOS_IOMMU is not set +# CONFIG_TEGRA_IOMMU_SMMU is not set +# CONFIG_IPMMU_VMSA is not set # CONFIG_ARM_SMMU is not set # CONFIG_ARM_SMMU_V3 is not set # CONFIG_MTK_IOMMU is not set @@ -5651,11 +7168,12 @@ CONFIG_IOMMU_DMA=y # # SOC (System On Chip) specific Drivers # +# CONFIG_OWL_PM_DOMAINS is not set # # Amlogic SoC drivers # -# CONFIG_MESON_CANVAS is not set +CONFIG_MESON_CANVAS=m CONFIG_MESON_CLK_MEASURE=y # CONFIG_MESON_GX_SOCINFO is not set CONFIG_MESON_GX_PM_DOMAINS=y @@ -5693,6 +7211,7 @@ CONFIG_DPAA2_CONSOLE=y # # i.MX SoC drivers # +CONFIG_IMX_GPCV2_PM_DOMAINS=y # end of i.MX SoC drivers # @@ -5712,17 +7231,24 @@ CONFIG_QCOM_COMMAND_DB=y # CONFIG_QCOM_GENI_SE is not set CONFIG_QCOM_GSBI=y # CONFIG_QCOM_LLCC is not set -CONFIG_QCOM_MDT_LOADER=y +CONFIG_QCOM_MDT_LOADER=m +CONFIG_QCOM_QMI_HELPERS=m # CONFIG_QCOM_RMTFS_MEM is not set # CONFIG_QCOM_RPMH is not set # end of Qualcomm SoC drivers +CONFIG_SOC_RENESAS=y +# CONFIG_ARCH_R8A774A1 is not set +# CONFIG_ARCH_R8A774C0 is not set +# CONFIG_ARCH_R8A7795 is not set +# CONFIG_ARCH_R8A7796 is not set +# CONFIG_ARCH_R8A77965 is not set +# CONFIG_ARCH_R8A77970 is not set +# CONFIG_ARCH_R8A77980 is not set +# CONFIG_ARCH_R8A77990 is not set +# CONFIG_ARCH_R8A77995 is not set CONFIG_ROCKCHIP_GRF=y CONFIG_ROCKCHIP_PM_DOMAINS=y -CONFIG_SOC_SAMSUNG=y -CONFIG_EXYNOS_CHIPID=y -CONFIG_EXYNOS_PMU=y -CONFIG_EXYNOS_PM_DOMAINS=y CONFIG_SUNXI_SRAM=y CONFIG_ARCH_TEGRA_132_SOC=y CONFIG_ARCH_TEGRA_210_SOC=y @@ -5731,12 +7257,16 @@ CONFIG_ARCH_TEGRA_210_SOC=y CONFIG_SOC_TEGRA_FUSE=y CONFIG_SOC_TEGRA_FLOWCTRL=y CONFIG_SOC_TEGRA_PMC=y -# CONFIG_SOC_TI is not set +# CONFIG_ARCH_K3_AM6_SOC is not set +# CONFIG_ARCH_K3_J721E_SOC is not set +CONFIG_SOC_TI=y +# CONFIG_TI_SCI_PM_DOMAINS is not set +CONFIG_TI_SCI_INTA_MSI_DOMAIN=y # # Xilinx SoC drivers # -# CONFIG_XILINX_VCU is not set +CONFIG_XILINX_VCU=m CONFIG_ZYNQMP_POWER=y CONFIG_ZYNQMP_PM_DOMAINS=y # end of Xilinx SoC drivers @@ -5756,12 +7286,27 @@ CONFIG_DEVFREQ_GOV_SIMPLE_ONDEMAND=m # # DEVFREQ Drivers # -# CONFIG_ARM_EXYNOS_BUS_DEVFREQ is not set # CONFIG_ARM_TEGRA_DEVFREQ is not set # CONFIG_ARM_RK3399_DMC_DEVFREQ is not set # CONFIG_PM_DEVFREQ_EVENT is not set -# CONFIG_EXTCON is not set -# CONFIG_MEMORY is not set +CONFIG_EXTCON=y + +# +# Extcon Device Drivers +# +# CONFIG_EXTCON_FSA9480 is not set +# CONFIG_EXTCON_GPIO is not set +# CONFIG_EXTCON_MAX3355 is not set +# CONFIG_EXTCON_PTN5150 is not set +# CONFIG_EXTCON_QCOM_SPMI_MISC is not set +# CONFIG_EXTCON_RT8973A is not set +# CONFIG_EXTCON_SM5502 is not set +# CONFIG_EXTCON_USB_GPIO is not set +CONFIG_MEMORY=y +# CONFIG_ARM_PL172_MPMC is not set +CONFIG_FSL_IFC=y +CONFIG_MTK_SMI=y +CONFIG_TEGRA_MC=y # CONFIG_IIO is not set # CONFIG_NTB is not set # CONFIG_VME_BUS is not set @@ -5773,15 +7318,21 @@ CONFIG_PWM_BCM2835=m # CONFIG_PWM_BRCMSTB is not set # CONFIG_PWM_FSL_FTM is not set # CONFIG_PWM_HIBVT is not set +# CONFIG_PWM_IMX1 is not set +# CONFIG_PWM_IMX27 is not set +# CONFIG_PWM_IMX_TPM is not set # CONFIG_PWM_MESON is not set # CONFIG_PWM_MTK_DISP is not set # CONFIG_PWM_MEDIATEK is not set # CONFIG_PWM_PCA9685 is not set +# CONFIG_PWM_RCAR is not set +# CONFIG_PWM_RENESAS_TPU is not set CONFIG_PWM_ROCKCHIP=m -# CONFIG_PWM_SAMSUNG is not set # CONFIG_PWM_SPRD is not set # CONFIG_PWM_SUN4I is not set # CONFIG_PWM_TEGRA is not set +# CONFIG_PWM_TIECAP is not set +# CONFIG_PWM_TIEHRPWM is not set # # IRQ chip support @@ -5800,6 +7351,7 @@ CONFIG_BCM7038_L1_IRQ=y CONFIG_BRCMSTB_L2_IRQ=y CONFIG_DW_APB_ICTL=y CONFIG_HISILICON_IRQ_MBIGEN=y +CONFIG_IMX_GPCV2=y CONFIG_MVEBU_GICP=y CONFIG_MVEBU_ICU=y CONFIG_MVEBU_ODMI=y @@ -5810,6 +7362,9 @@ CONFIG_PARTITION_PERCPU=y # CONFIG_QCOM_IRQ_COMBINER is not set CONFIG_MESON_IRQ_GPIO=y # CONFIG_QCOM_PDC is not set +CONFIG_IMX_IRQSTEER=y +CONFIG_TI_SCI_INTR_IRQCHIP=y +CONFIG_TI_SCI_INTA_IRQCHIP=y # end of IRQ chip support # CONFIG_IPACK_BUS is not set @@ -5817,12 +7372,15 @@ CONFIG_ARCH_HAS_RESET_CONTROLLER=y CONFIG_RESET_CONTROLLER=y CONFIG_RESET_BERLIN=y CONFIG_RESET_BRCMSTB=y +CONFIG_RESET_IMX7=y CONFIG_RESET_MESON=y # CONFIG_RESET_MESON_AUDIO_ARB is not set # CONFIG_RESET_QCOM_AOSS is not set # CONFIG_RESET_QCOM_PDC is not set +CONFIG_RESET_SCMI=y CONFIG_RESET_SIMPLE=y CONFIG_RESET_SUNXI=y +# CONFIG_RESET_TI_SCI is not set # CONFIG_RESET_TI_SYSCON is not set # CONFIG_COMMON_RESET_HI3660 is not set CONFIG_COMMON_RESET_HI6220=y @@ -5831,8 +7389,10 @@ CONFIG_COMMON_RESET_HI6220=y # PHY Subsystem # CONFIG_GENERIC_PHY=y +CONFIG_GENERIC_PHY_MIPI_DPHY=y # CONFIG_PHY_XGENE is not set -# CONFIG_PHY_SUN6I_MIPI_DPHY is not set +# CONFIG_PHY_SUN4I_USB is not set +CONFIG_PHY_SUN6I_MIPI_DPHY=m # CONFIG_PHY_SUN9I_USB is not set # CONFIG_PHY_MESON8B_USB2 is not set # CONFIG_PHY_MESON_GXL_USB2 is not set @@ -5876,18 +7436,21 @@ CONFIG_PHY_MVEBU_A3700_UTMI=y # CONFIG_PHY_QCOM_QMP is not set # CONFIG_PHY_QCOM_QUSB2 is not set # CONFIG_PHY_QCOM_UFS is not set +# CONFIG_PHY_RCAR_GEN2 is not set +# CONFIG_PHY_RCAR_GEN3_PCIE is not set +# CONFIG_PHY_RCAR_GEN3_USB2 is not set +# CONFIG_PHY_RCAR_GEN3_USB3 is not set # CONFIG_PHY_ROCKCHIP_DP is not set # CONFIG_PHY_ROCKCHIP_EMMC is not set # CONFIG_PHY_ROCKCHIP_INNO_HDMI is not set +# CONFIG_PHY_ROCKCHIP_INNO_USB2 is not set # CONFIG_PHY_ROCKCHIP_PCIE is not set # CONFIG_PHY_ROCKCHIP_TYPEC is not set # CONFIG_PHY_ROCKCHIP_USB is not set -CONFIG_PHY_EXYNOS_DP_VIDEO=y -CONFIG_PHY_EXYNOS_MIPI_VIDEO=y -# CONFIG_PHY_EXYNOS_PCIE is not set CONFIG_PHY_SAMSUNG_USB2=m -CONFIG_PHY_EXYNOS5_USBDRD=m # CONFIG_PHY_TEGRA_XUSB is not set +# CONFIG_PHY_AM654_SERDES is not set +# CONFIG_OMAP_USB2 is not set # end of PHY Subsystem # CONFIG_POWERCAP is not set @@ -5903,11 +7466,13 @@ CONFIG_ARM_CCN=y CONFIG_ARM_PMU=y CONFIG_ARM_PMU_ACPI=y # CONFIG_ARM_DSU_PMU is not set +# CONFIG_FSL_IMX8_DDR_PMU is not set # CONFIG_HISI_PMU is not set # CONFIG_QCOM_L2_PMU is not set # CONFIG_QCOM_L3_PMU is not set -# CONFIG_XGENE_PMU is not set -# CONFIG_ARM_SPE_PMU is not set +CONFIG_THUNDERX2_PMU=m +CONFIG_XGENE_PMU=y +CONFIG_ARM_SPE_PMU=m # end of Performance monitor support CONFIG_RAS=y @@ -5928,8 +7493,12 @@ CONFIG_OF_PMEM=y CONFIG_DAX_DRIVER=y CONFIG_DAX=y CONFIG_DEV_DAX=m +CONFIG_DEV_DAX_HMEM=m +CONFIG_DEV_DAX_KMEM=m CONFIG_NVMEM=y CONFIG_NVMEM_SYSFS=y +# CONFIG_NVMEM_IMX_IIM is not set +# CONFIG_NVMEM_IMX_OCOTP is not set # CONFIG_MTK_EFUSE is not set # CONFIG_QCOM_QFPROM is not set # CONFIG_ROCKCHIP_EFUSE is not set @@ -5937,6 +7506,7 @@ CONFIG_NVMEM_BCM_OCOTP=y # CONFIG_NVMEM_SUNXI_SID is not set # CONFIG_MESON_EFUSE is not set # CONFIG_MESON_MX_EFUSE is not set +# CONFIG_NVMEM_SNVS_LPGPR is not set # CONFIG_NVMEM_ZYNQMP is not set # @@ -5949,6 +7519,17 @@ CONFIG_NVMEM_BCM_OCOTP=y # CONFIG_FPGA is not set # CONFIG_FSI is not set # CONFIG_TEE is not set +CONFIG_MULTIPLEXER=m + +# +# Multiplexer drivers +# +# CONFIG_MUX_ADG792A is not set +# CONFIG_MUX_ADGS1408 is not set +# CONFIG_MUX_GPIO is not set +CONFIG_MUX_MMIO=m +# end of Multiplexer drivers + CONFIG_PM_OPP=y # CONFIG_SIOX is not set # CONFIG_SLIMBUS is not set @@ -6054,7 +7635,9 @@ CONFIG_VFAT_FS=m CONFIG_FAT_DEFAULT_CODEPAGE=437 CONFIG_FAT_DEFAULT_IOCHARSET="ascii" # CONFIG_FAT_DEFAULT_UTF8 is not set -# CONFIG_NTFS_FS is not set +CONFIG_NTFS_FS=m +# CONFIG_NTFS_DEBUG is not set +# CONFIG_NTFS_RW is not set # end of DOS/FAT/NT Filesystems # @@ -6090,20 +7673,23 @@ CONFIG_MISC_FILESYSTEMS=y # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set +# CONFIG_JFFS2_FS is not set +# CONFIG_UBIFS_FS is not set CONFIG_CRAMFS=m CONFIG_CRAMFS_BLOCKDEV=y -CONFIG_SQUASHFS=m -CONFIG_SQUASHFS_FILE_CACHE=y -# CONFIG_SQUASHFS_FILE_DIRECT is not set +CONFIG_CRAMFS_MTD=y +CONFIG_SQUASHFS=y +# CONFIG_SQUASHFS_FILE_CACHE is not set +CONFIG_SQUASHFS_FILE_DIRECT=y CONFIG_SQUASHFS_DECOMP_SINGLE=y # CONFIG_SQUASHFS_DECOMP_MULTI is not set # CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU is not set -# CONFIG_SQUASHFS_XATTR is not set +CONFIG_SQUASHFS_XATTR=y CONFIG_SQUASHFS_ZLIB=y -# CONFIG_SQUASHFS_LZ4 is not set +CONFIG_SQUASHFS_LZ4=y CONFIG_SQUASHFS_LZO=y CONFIG_SQUASHFS_XZ=y -# CONFIG_SQUASHFS_ZSTD is not set +CONFIG_SQUASHFS_ZSTD=y # CONFIG_SQUASHFS_4K_DEVBLK_SIZE is not set # CONFIG_SQUASHFS_EMBEDDED is not set CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3 @@ -6170,6 +7756,7 @@ CONFIG_SUNRPC_BACKCHANNEL=y CONFIG_RPCSEC_GSS_KRB5=m # CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES is not set CONFIG_SUNRPC_DEBUG=y +CONFIG_SUNRPC_XPRT_RDMA=m CONFIG_CEPH_FS=m CONFIG_CEPH_FSCACHE=y CONFIG_CEPH_FS_POSIX_ACL=y @@ -6183,6 +7770,7 @@ CONFIG_CIFS_DEBUG=y # CONFIG_CIFS_DEBUG2 is not set # CONFIG_CIFS_DEBUG_DUMP_KEYS is not set CONFIG_CIFS_DFS_UPCALL=y +# CONFIG_CIFS_SMB_DIRECT is not set # CONFIG_CIFS_FSCACHE is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set @@ -6250,6 +7838,7 @@ CONFIG_DLM=m # Security options # CONFIG_KEYS=y +CONFIG_KEYS_COMPAT=y # CONFIG_KEYS_REQUEST_CACHE is not set # CONFIG_PERSISTENT_KEYRINGS is not set # CONFIG_BIG_KEYS is not set @@ -6260,6 +7849,7 @@ CONFIG_SECURITY_DMESG_RESTRICT=y CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y +# CONFIG_SECURITY_INFINIBAND is not set CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_PATH=y CONFIG_LSM_MMAP_MIN_ADDR=4096 @@ -6306,6 +7896,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_WRITE_POLICY=y CONFIG_IMA_READ_POLICY=y # CONFIG_IMA_APPRAISE is not set +# CONFIG_IMA_ARCH_POLICY is not set CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y # CONFIG_EVM is not set @@ -6344,6 +7935,8 @@ CONFIG_ASYNC_MEMCPY=m CONFIG_ASYNC_XOR=m CONFIG_ASYNC_PQ=m CONFIG_ASYNC_RAID6_RECOV=m +CONFIG_ASYNC_TX_DISABLE_PQ_VAL_DMA=y +CONFIG_ASYNC_TX_DISABLE_XOR_VAL_DMA=y CONFIG_CRYPTO=y # @@ -6364,6 +7957,7 @@ CONFIG_CRYPTO_RNG_DEFAULT=m CONFIG_CRYPTO_AKCIPHER2=y CONFIG_CRYPTO_AKCIPHER=y CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_KPP=m CONFIG_CRYPTO_ACOMP2=y CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y @@ -6377,13 +7971,15 @@ CONFIG_CRYPTO_NULL2=y CONFIG_CRYPTO_CRYPTD=m CONFIG_CRYPTO_AUTHENC=m CONFIG_CRYPTO_TEST=m +CONFIG_CRYPTO_SIMD=m # # Public-key cryptography # CONFIG_CRYPTO_RSA=y # CONFIG_CRYPTO_DH is not set -# CONFIG_CRYPTO_ECDH is not set +CONFIG_CRYPTO_ECC=m +CONFIG_CRYPTO_ECDH=m # CONFIG_CRYPTO_ECRDSA is not set # CONFIG_CRYPTO_CURVE25519 is not set @@ -6407,9 +8003,10 @@ CONFIG_CRYPTO_CTS=m CONFIG_CRYPTO_ECB=y CONFIG_CRYPTO_LRW=m # CONFIG_CRYPTO_OFB is not set -# CONFIG_CRYPTO_PCBC is not set +CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_XTS=y # CONFIG_CRYPTO_KEYWRAP is not set +CONFIG_CRYPTO_NHPOLY1305=m # CONFIG_CRYPTO_ADIANTUM is not set CONFIG_CRYPTO_ESSIV=m @@ -6425,7 +8022,7 @@ CONFIG_CRYPTO_HMAC=y # Digest # CONFIG_CRYPTO_CRC32C=y -# CONFIG_CRYPTO_CRC32 is not set +CONFIG_CRYPTO_CRC32=m # CONFIG_CRYPTO_XXHASH is not set # CONFIG_CRYPTO_BLAKE2S is not set CONFIG_CRYPTO_CRCT10DIF=y @@ -6433,7 +8030,7 @@ CONFIG_CRYPTO_GHASH=m # CONFIG_CRYPTO_POLY1305 is not set CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y -# CONFIG_CRYPTO_MICHAEL_MIC is not set +CONFIG_CRYPTO_MICHAEL_MIC=m # CONFIG_CRYPTO_RMD128 is not set # CONFIG_CRYPTO_RMD160 is not set # CONFIG_CRYPTO_RMD256 is not set @@ -6441,8 +8038,8 @@ CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA512=y -# CONFIG_CRYPTO_SHA3 is not set -# CONFIG_CRYPTO_SM3 is not set +CONFIG_CRYPTO_SHA3=m +CONFIG_CRYPTO_SM3=m # CONFIG_CRYPTO_STREEBOG is not set # CONFIG_CRYPTO_TGR192 is not set # CONFIG_CRYPTO_WP512 is not set @@ -6459,13 +8056,13 @@ CONFIG_CRYPTO_ARC4=m # CONFIG_CRYPTO_CAST5 is not set # CONFIG_CRYPTO_CAST6 is not set CONFIG_CRYPTO_DES=m -# CONFIG_CRYPTO_FCRYPT is not set +CONFIG_CRYPTO_FCRYPT=m # CONFIG_CRYPTO_KHAZAD is not set # CONFIG_CRYPTO_SALSA20 is not set # CONFIG_CRYPTO_CHACHA20 is not set # CONFIG_CRYPTO_SEED is not set # CONFIG_CRYPTO_SERPENT is not set -# CONFIG_CRYPTO_SM4 is not set +CONFIG_CRYPTO_SM4=m # CONFIG_CRYPTO_TEA is not set # CONFIG_CRYPTO_TWOFISH is not set @@ -6502,10 +8099,13 @@ CONFIG_CRYPTO_HASH_INFO=y CONFIG_CRYPTO_LIB_AES=y CONFIG_CRYPTO_LIB_ARC4=m # CONFIG_CRYPTO_LIB_BLAKE2S is not set +CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA=m +CONFIG_CRYPTO_LIB_CHACHA_GENERIC=m # CONFIG_CRYPTO_LIB_CHACHA is not set # CONFIG_CRYPTO_LIB_CURVE25519 is not set CONFIG_CRYPTO_LIB_DES=m CONFIG_CRYPTO_LIB_POLY1305_RSIZE=9 +CONFIG_CRYPTO_LIB_POLY1305_GENERIC=m # CONFIG_CRYPTO_LIB_POLY1305 is not set # CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set CONFIG_CRYPTO_LIB_SHA256=y @@ -6524,18 +8124,20 @@ CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_QI=y CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=y CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API=y CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=y -# CONFIG_CRYPTO_DEV_EXYNOS_RNG is not set -# CONFIG_CRYPTO_DEV_S5P is not set +# CONFIG_CRYPTO_DEV_SAHARA is not set # CONFIG_CRYPTO_DEV_ATMEL_ECC is not set # CONFIG_CRYPTO_DEV_ATMEL_SHA204A is not set # CONFIG_CRYPTO_DEV_CCP is not set -# CONFIG_CAVIUM_CPT is not set +# CONFIG_CRYPTO_DEV_MXS_DCP is not set +CONFIG_CRYPTO_DEV_CPT=m +CONFIG_CAVIUM_CPT=m # CONFIG_CRYPTO_DEV_NITROX_CNN55XX is not set -# CONFIG_CRYPTO_DEV_CAVIUM_ZIP is not set +CONFIG_CRYPTO_DEV_CAVIUM_ZIP=m # CONFIG_CRYPTO_DEV_QCE is not set # CONFIG_CRYPTO_DEV_QCOM_RNG is not set # CONFIG_CRYPTO_DEV_ROCKCHIP is not set # CONFIG_CRYPTO_DEV_CHELSIO is not set +# CONFIG_CRYPTO_DEV_CHELSIO_TLS is not set # CONFIG_CRYPTO_DEV_VIRTIO is not set # CONFIG_CRYPTO_DEV_BCM_SPU is not set # CONFIG_CRYPTO_DEV_SAFEXCEL is not set @@ -6576,7 +8178,7 @@ CONFIG_RAID6_PQ=m # end of RAID 6 CONFIG_RAID6_PQ_BENCHMARK=y -# CONFIG_PACKING is not set +CONFIG_PACKING=y CONFIG_BITREVERSE=y CONFIG_HAVE_ARCH_BITREVERSE=y CONFIG_GENERIC_STRNCPY_FROM_USER=y @@ -6585,9 +8187,10 @@ CONFIG_GENERIC_NET_UTILS=y CONFIG_CORDIC=m CONFIG_RATIONAL=y CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_STMP_DEVICE=y CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y CONFIG_ARCH_HAS_FAST_MULTIPLIER=y -# CONFIG_INDIRECT_PIO is not set +CONFIG_INDIRECT_PIO=y CONFIG_CRC_CCITT=y CONFIG_CRC16=y CONFIG_CRC_T10DIF=y @@ -6602,10 +8205,11 @@ CONFIG_CRC64=m # CONFIG_CRC4 is not set CONFIG_CRC7=y CONFIG_LIBCRC32C=y -# CONFIG_CRC8 is not set +CONFIG_CRC8=m CONFIG_XXHASH=y CONFIG_AUDIT_GENERIC=y CONFIG_AUDIT_ARCH_COMPAT_GENERIC=y +CONFIG_AUDIT_COMPAT_GENERIC=y # CONFIG_RANDOM32_SELFTEST is not set CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y @@ -6613,7 +8217,7 @@ CONFIG_LZO_COMPRESS=y CONFIG_LZO_DECOMPRESS=y CONFIG_LZ4_DECOMPRESS=y CONFIG_ZSTD_COMPRESS=m -CONFIG_ZSTD_DECOMPRESS=m +CONFIG_ZSTD_DECOMPRESS=y CONFIG_XZ_DEC=y CONFIG_XZ_DEC_X86=y CONFIG_XZ_DEC_POWERPC=y @@ -6630,11 +8234,15 @@ CONFIG_DECOMPRESS_XZ=y CONFIG_DECOMPRESS_LZO=y CONFIG_DECOMPRESS_LZ4=y CONFIG_GENERIC_ALLOCATOR=y +CONFIG_REED_SOLOMON=m +CONFIG_REED_SOLOMON_DEC16=y +CONFIG_BCH=m CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=m CONFIG_TEXTSEARCH_BM=m CONFIG_TEXTSEARCH_FSM=m CONFIG_BTREE=y +CONFIG_INTERVAL_TREE=y CONFIG_XARRAY_MULTI=y CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y @@ -6650,6 +8258,7 @@ CONFIG_ARCH_HAS_SYNC_DMA_FOR_DEVICE=y CONFIG_ARCH_HAS_SYNC_DMA_FOR_CPU=y CONFIG_ARCH_HAS_DMA_PREP_COHERENT=y CONFIG_ARCH_HAS_DMA_COHERENT_TO_PFN=y +CONFIG_DMA_VIRT_OPS=y CONFIG_SWIOTLB=y CONFIG_DMA_REMAP=y CONFIG_DMA_DIRECT_REMAP=y @@ -6672,9 +8281,11 @@ CONFIG_DQL=y CONFIG_GLOB=y # CONFIG_GLOB_SELFTEST is not set CONFIG_NLATTR=y +CONFIG_LRU_CACHE=m CONFIG_CLZ_TAB=y CONFIG_IRQ_POLL=y CONFIG_MPILIB=y +CONFIG_DIMLIB=y CONFIG_LIBFDT=y CONFIG_OID_REGISTRY=y CONFIG_UCS2_STRING=y @@ -6684,9 +8295,14 @@ CONFIG_FONT_SUPPORT=y # CONFIG_FONTS is not set CONFIG_FONT_8x8=y CONFIG_FONT_8x16=y +CONFIG_SG_SPLIT=y CONFIG_SG_POOL=y +CONFIG_ARCH_HAS_PMEM_API=y CONFIG_MEMREGION=y +CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y CONFIG_SBITMAP=y +CONFIG_PARMAN=m +CONFIG_OBJAGG=m # CONFIG_STRING_SELFTEST is not set # end of Library routines @@ -6860,8 +8476,10 @@ CONFIG_BRANCH_PROFILE_NONE=y # CONFIG_BLK_DEV_IO_TRACE is not set CONFIG_KPROBE_EVENTS=y CONFIG_UPROBE_EVENTS=y +CONFIG_BPF_EVENTS=y CONFIG_DYNAMIC_EVENTS=y CONFIG_PROBE_EVENTS=y +# CONFIG_BPF_KPROBE_OVERRIDE is not set # CONFIG_HIST_TRIGGERS is not set # CONFIG_TRACEPOINT_BENCHMARK is not set # CONFIG_RING_BUFFER_BENCHMARK is not set @@ -6893,6 +8511,7 @@ CONFIG_RUNTIME_TESTING_MENU=y # CONFIG_TEST_RHASHTABLE is not set # CONFIG_TEST_HASH is not set # CONFIG_TEST_IDA is not set +# CONFIG_TEST_PARMAN is not set # CONFIG_TEST_LKM is not set # CONFIG_TEST_VMALLOC is not set # CONFIG_TEST_USER_COPY is not set @@ -6905,6 +8524,7 @@ CONFIG_RUNTIME_TESTING_MENU=y # CONFIG_TEST_STATIC_KEYS is not set # CONFIG_TEST_KMOD is not set # CONFIG_TEST_MEMCAT_P is not set +# CONFIG_TEST_OBJAGG is not set # CONFIG_TEST_STACKINIT is not set # CONFIG_TEST_MEMINIT is not set CONFIG_MEMTEST=y diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json index 63247935db3..50966affc5b 100644 --- a/SPECS/kernel/kernel.signatures.json +++ b/SPECS/kernel/kernel.signatures.json @@ -1,7 +1,7 @@ { "Signatures": { "config": "681e8ff274fc3fc79eaf38d5152e99702e22346bd2aaff06925715dcf1a00fc3", - "config_aarch64": "e5e5d73cb64189a18c4129d466545f81b8cb8fe8ceeacddeb39b6e73e1822fc1", + "config_aarch64": "90f267acf12957a69d3b1feef8dbd6283b67138a8c0034e4c47d56326e83690d", "linux-msft-5.4.72.tar.gz": "3407ccf8505595ae3e7a7b30c206190a0762f3e202f21f9de88a8d59e182ddef" } } \ No newline at end of file diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec index f06a1f59131..c5fc610e164 100644 --- a/SPECS/kernel/kernel.spec +++ b/SPECS/kernel/kernel.spec @@ -3,7 +3,7 @@ Summary: Linux Kernel Name: kernel Version: 5.4.72 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -12,6 +12,8 @@ URL: https://github.com/microsoft/WSL2-Linux-Kernel Source0: https://github.com/microsoft/WSL2-Linux-Kernel/archive/linux-msft-%{version}.tar.gz Source1: config Source2: config_aarch64 +# Arm64 HyperV support required patch +Patch0: ver5_4_72_arm64_hyperv_support.patch # Kernel CVEs are addressed by moving to a newer version of the stable kernel. # Since kernel CVEs are filed against the upstream kernel version and not the # stable kernel version, our automated tooling will still flag the CVE as not @@ -178,6 +180,10 @@ This package contains the 'perf' performance analysis tools for Linux kernel. %prep %setup -q -n WSL2-Linux-Kernel-linux-msft-%{version} +%ifarch aarch64 +%patch0 -p1 +%endif + %build make mrproper @@ -397,6 +403,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_libdir}/perf/include/bpf/* %changelog +* Tue Nov 10 2020 Suresh Babu Chalamalasetty - 5.4.72-2 +- Enable kernel configs for Arm64 HyperV, Ampere and Cavium SoCs support + * Mon Oct 26 2020 Chris Co - 5.4.72-1 - Update source to 5.4.72 - Remove patch to support CometLake e1000e ethernet. Integrated in 5.4.72. diff --git a/SPECS/kernel/ver5_4_72_arm64_hyperv_support.patch b/SPECS/kernel/ver5_4_72_arm64_hyperv_support.patch new file mode 100644 index 00000000000..57a031a53c0 --- /dev/null +++ b/SPECS/kernel/ver5_4_72_arm64_hyperv_support.patch @@ -0,0 +1,36 @@ +diff --git a/arch/arm64/Kbuild b/arch/arm64/Kbuild +index 24694219f12e..3c01bff26399 100644 +--- a/arch/arm64/Kbuild ++++ b/arch/arm64/Kbuild +@@ -3,5 +3,5 @@ obj-y += kernel/ mm/ + obj-$(CONFIG_NET) += net/ + obj-$(CONFIG_KVM) += kvm/ + obj-$(CONFIG_XEN) += xen/ +-obj-$(CONFIG_HYPERV) += hyperv/ ++obj-$(subst m,y,$(CONFIG_HYPERV)) += hyperv/ + obj-$(CONFIG_CRYPTO) += crypto/ +diff --git a/arch/arm64/kernel/efi.c b/arch/arm64/kernel/efi.c +index d0cf596db82c..8ff557ae5cc6 100644 +--- a/arch/arm64/kernel/efi.c ++++ b/arch/arm64/kernel/efi.c +@@ -55,6 +55,7 @@ static __init pteval_t create_mapping_protection(efi_memory_desc_t *md) + + /* we will fill this structure from the stub, so don't put it in .bss */ + struct screen_info screen_info __section(.data); ++EXPORT_SYMBOL(screen_info); + + int __init efi_create_mapping(struct mm_struct *mm, efi_memory_desc_t *md) + { +diff --git a/drivers/iommu/Kconfig b/drivers/iommu/Kconfig +index fc0160e8ed33..1709e6a923de 100644 +--- a/drivers/iommu/Kconfig ++++ b/drivers/iommu/Kconfig +@@ -467,7 +467,7 @@ config QCOM_IOMMU + + config HYPERV_IOMMU + bool "Hyper-V x2APIC IRQ Handling" +- depends on HYPERV ++ depends on HYPERV && X86 + select IOMMU_API + default HYPERV + help From e7e4b498f673f4d6dd22f208a61a5fbe91988a27 Mon Sep 17 00:00:00 2001 From: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com> Date: Thu, 12 Nov 2020 00:01:05 -0800 Subject: [PATCH 114/145] Enable Hyper-V daemons for Arm64 VHDX image (#370) * Add core efi configuration file to generate Arm64 VHDX image * Enable Hyper-V daemons for Arm64 VHDX image Co-authored-by: schalam --- SPECS/hyperv-daemons/hyperv-daemons.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/SPECS/hyperv-daemons/hyperv-daemons.spec b/SPECS/hyperv-daemons/hyperv-daemons.spec index 6fbea1e32a4..a33965f07be 100644 --- a/SPECS/hyperv-daemons/hyperv-daemons.spec +++ b/SPECS/hyperv-daemons/hyperv-daemons.spec @@ -9,7 +9,7 @@ Summary: Hyper-V daemons suite Name: hyperv-daemons Version: 5.4.72 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ Vendor: Microsoft Corporation Distribution: Mariner @@ -32,7 +32,6 @@ Requires: hypervvssd = %{version}-%{release} # Hyper-V is available only on x86 architectures # The base empty (a.k.a. virtual) package can not be noarch # due to http://www.rpm.org/ticket/78 -ExclusiveArch: x86_64 %description Suite of daemons that are needed when Linux guest @@ -218,6 +217,9 @@ fi %{_sbindir}/lsvmbus %changelog +* Wed Nov 11 2020 Suresh Babu Chalamalasetty - 5.4.72-2 +- Enable Hyper-V daemons package building for Arm64 arch + * Mon Oct 26 2020 Chris Co - 5.4.72-1 - Update source to 5.4.72 - Lint spec From 7902a2f471e58874a670a0853f927641a2185cf4 Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Thu, 12 Nov 2020 10:32:25 -0800 Subject: [PATCH 115/145] Patch CVE-2020-14352 in librepo (#368) --- SPECS/librepo/CVE-2020-14352.patch | 48 +++++++++++++++++++++++++ SPECS/librepo/librepo.spec | 58 ++++++++++++++++-------------- 2 files changed, 80 insertions(+), 26 deletions(-) create mode 100644 SPECS/librepo/CVE-2020-14352.patch diff --git a/SPECS/librepo/CVE-2020-14352.patch b/SPECS/librepo/CVE-2020-14352.patch new file mode 100644 index 00000000000..7690dfc8c17 --- /dev/null +++ b/SPECS/librepo/CVE-2020-14352.patch @@ -0,0 +1,48 @@ +From 7daea2a2429a54dad68b1de9b37a5f65c5cf2600 Mon Sep 17 00:00:00 2001 +From: Jaroslav Rohel +Date: Wed, 12 Aug 2020 08:35:28 +0200 +Subject: [PATCH] Validate path read from repomd.xml (RhBug:1868639) + += changelog = +msg: Validate path read from repomd.xml +type: security +resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1868639 +--- + librepo/yum.c | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/librepo/yum.c b/librepo/yum.c +index 3059188..529257b 100644 +--- a/librepo/yum.c ++++ b/librepo/yum.c +@@ -23,6 +23,7 @@ + #define BITS_IN_BYTE 8 + + #include ++#include + #include + #include + #include +@@ -774,6 +75,22 @@ prepare_repo_download_targets(LrHandle *handle, + continue; + + char *location_href = record->location_href; ++ ++ char *dest_dir = realpath(handle->destdir, NULL); ++ path = lr_pathconcat(handle->destdir, record->location_href, NULL); ++ char *requested_dir = realpath(dirname(path), NULL); ++ lr_free(path); ++ if (!g_str_has_prefix(requested_dir, dest_dir)) { ++ g_debug("%s: Invalid path: %s", __func__, location_href); ++ g_set_error(err, LR_YUM_ERROR, LRE_IO, "Invalid path: %s", location_href); ++ g_slist_free_full(*targets, (GDestroyNotify) lr_downloadtarget_free); ++ free(requested_dir); ++ free(dest_dir); ++ return FALSE; ++ } ++ free(requested_dir); ++ free(dest_dir); ++ + gboolean is_zchunk = FALSE; + #ifdef WITH_ZCHUNK + if (handle->cachedir && record->header_checksum) diff --git a/SPECS/librepo/librepo.spec b/SPECS/librepo/librepo.spec index 4311cc0f354..5f2753c6e16 100644 --- a/SPECS/librepo/librepo.spec +++ b/SPECS/librepo/librepo.spec @@ -1,33 +1,33 @@ %{!?python2_sitelib: %define python2_sitelib %(python2 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")} %{!?python3_sitelib: %define python3_sitelib %(python3 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")} %define _python3_sitearch %(python3 -c "from distutils.sysconfig import get_python_lib; import sys; sys.stdout.write(get_python_lib(1))") - Summary: Repodata downloading library Name: librepo Version: 1.11.0 -Release: 2%{?dist} +Release: 3%{?dist} License: LGPLv2+ -URL: https://github.com/rpm-software-management/librepo -Group: Applications/System Vendor: Microsoft Corporation Distribution: Mariner +Group: Applications/System +URL: https://github.com/rpm-software-management/librepo #Source0: https://github.com/rpm-software-management/librepo/archive/%{version}.tar.gz Source0: %{name}-%{version}.tar.gz - +# CVE-2020-14352 patch taken from upstream commit 7daea2a2429a54dad68b1de9b37a5f65c5cf2600 +Patch0: CVE-2020-14352.patch +BuildRequires: attr-devel +BuildRequires: check BuildRequires: cmake +BuildRequires: curl-devel BuildRequires: gcc -BuildRequires: check BuildRequires: glib-devel BuildRequires: gpgme-devel -BuildRequires: attr-devel -BuildRequires: curl-devel BuildRequires: libxml2-devel BuildRequires: openssl-devel -BuildRequires: zchunk-devel BuildRequires: python-sphinx BuildRequires: python2-devel BuildRequires: python3-devel BuildRequires: python3-sphinx +BuildRequires: zchunk-devel Requires: curl-libs Requires: gpgme Requires: zchunk @@ -38,42 +38,42 @@ metadata. %package devel Summary: Repodata downloading library -Requires: curl-libs -Requires: curl-devel Requires: %{name} = %{version}-%{release} +Requires: curl-devel +Requires: curl-libs %description devel Development files for librepo. %package -n python2-%{name} -Summary: Python bindings for the librepo library %{?python_provide:%python_provide python2-%{name}} +Summary: Python bindings for the librepo library Requires: %{name} = %{version}-%{release} %description -n python2-%{name} Python 2 bindings for the librepo library. %package -n python3-%{name} -Summary: Python 3 bindings for the librepo library %{?python_provide:%python_provide python3-%{name}} +Summary: Python 3 bindings for the librepo library Requires: %{name} = %{version}-%{release} %description -n python3-%{name} Python 3 bindings for the librepo library. %prep -%setup -q +%autosetup -p1 mkdir build-py2 mkdir build-py3 %build pushd build-py2 - %cmake -DPYTHON_DESIRED:FILEPATH=/usr/bin/python -DENABLE_PYTHON_TESTS=%{!?with_pythontests:OFF} .. + %cmake -DPYTHON_DESIRED:FILEPATH=%{_bindir}/python -DENABLE_PYTHON_TESTS=%{!?with_pythontests:OFF} .. make %{?_smp_mflags} popd pushd build-py3 - %cmake -DPYTHON_DESIRED:FILEPATH=/usr/bin/python3 -DENABLE_PYTHON_TESTS=%{!?with_pythontests:OFF} .. + %cmake -DPYTHON_DESIRED:FILEPATH=%{_bindir}/python3 -DENABLE_PYTHON_TESTS=%{!?with_pythontests:OFF} .. make %{?_smp_mflags} popd @@ -94,7 +94,6 @@ popd %files %license COPYING -%doc COPYING %doc README.md %{_libdir}/%{name}.so.* @@ -110,14 +109,21 @@ popd %{_python3_sitearch}/%{name}/ %changelog -* Sat May 09 00:21:34 PST 2020 Nick Samson - 1.11.0-2 +* Tue Nov 10 2020 Thomas Crain - 1.11.0-3 +- Patch CVE-2020-14352 +- Lint to Mariner style + +* Sat May 09 2020 Nick Samson - 1.11.0-2 - Added %%license line automatically -* Tue May 05 2020 Pawel Winogrodzki 1.11.0-1 -- Update version to 1.11.0. -* Fri Mar 13 2020 Paul Monson 1.10.3-1 -- Update to version 1.10.3. License verified. -* Wed Sep 25 2019 Saravanan Somasundaram 1.10.2-2 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Wed May 15 2019 Ankit Jain 1.10.2-1 -- Initial build. First version +* Tue May 05 2020 Pawel Winogrodzki - 1.11.0-1 +- Update version to 1.11.0. + +* Fri Mar 13 2020 Paul Monson - 1.10.3-1 +- Update to version 1.10.3. License verified. + +* Wed Sep 25 2019 Saravanan Somasundaram - 1.10.2-2 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Wed May 15 2019 Ankit Jain - 1.10.2-1 +- Initial build. First version From 409a7c6ca0c335a27a2025000aaaab266654b093 Mon Sep 17 00:00:00 2001 From: Henry Li Date: Thu, 12 Nov 2020 10:54:46 -0800 Subject: [PATCH 116/145] Fix qemu-kvm CVEs --- SPECS/qemu-kvm/CVE-2020-11869.patch | 73 ++++++++ SPECS/qemu-kvm/CVE-2020-13361.patch | 32 ++++ SPECS/qemu-kvm/CVE-2020-13362.patch | 97 +++++++++++ SPECS/qemu-kvm/CVE-2020-14415.patch | 13 ++ SPECS/qemu-kvm/CVE-2020-15469.patch | 253 ++++++++++++++++++++++++++++ SPECS/qemu-kvm/CVE-2020-15859.patch | 88 ++++++++++ SPECS/qemu-kvm/CVE-2020-25742.patch | 14 ++ SPECS/qemu-kvm/CVE-2020-25743.patch | 28 +++ SPECS/qemu-kvm/qemu-kvm.spec | 28 ++- 9 files changed, 625 insertions(+), 1 deletion(-) create mode 100644 SPECS/qemu-kvm/CVE-2020-11869.patch create mode 100644 SPECS/qemu-kvm/CVE-2020-13361.patch create mode 100644 SPECS/qemu-kvm/CVE-2020-13362.patch create mode 100644 SPECS/qemu-kvm/CVE-2020-14415.patch create mode 100644 SPECS/qemu-kvm/CVE-2020-15469.patch create mode 100644 SPECS/qemu-kvm/CVE-2020-15859.patch create mode 100644 SPECS/qemu-kvm/CVE-2020-25742.patch create mode 100644 SPECS/qemu-kvm/CVE-2020-25743.patch diff --git a/SPECS/qemu-kvm/CVE-2020-11869.patch b/SPECS/qemu-kvm/CVE-2020-11869.patch new file mode 100644 index 00000000000..35f44cd4708 --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2020-11869.patch @@ -0,0 +1,73 @@ +diff --git a/hw/display/ati_2d.c b/hw/display/ati_2d.c +index 42e8231..23a8ae0 100644 +--- a/hw/display/ati_2d.c ++++ b/hw/display/ati_2d.c +@@ -53,12 +53,20 @@ void ati_2d_blt(ATIVGAState *s) + s->vga.vbe_start_addr, surface_data(ds), surface_stride(ds), + surface_bits_per_pixel(ds), + (s->regs.dp_mix & GMC_ROP3_MASK) >> 16); +- int dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ? +- s->regs.dst_x : s->regs.dst_x + 1 - s->regs.dst_width); +- int dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? +- s->regs.dst_y : s->regs.dst_y + 1 - s->regs.dst_height); ++ unsigned dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ? ++ s->regs.dst_x : s->regs.dst_x + 1 - s->regs.dst_width); ++ unsigned dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? ++ s->regs.dst_y : s->regs.dst_y + 1 - s->regs.dst_height); + int bpp = ati_bpp_from_datatype(s); ++ if (!bpp) { ++ qemu_log_mask(LOG_GUEST_ERROR, "Invalid bpp\n"); ++ return; ++ } + int dst_stride = DEFAULT_CNTL ? s->regs.dst_pitch : s->regs.default_pitch; ++ if (!dst_stride) { ++ qemu_log_mask(LOG_GUEST_ERROR, "Zero dest pitch\n"); ++ return; ++ } + uint8_t *dst_bits = s->vga.vram_ptr + (DEFAULT_CNTL ? + s->regs.dst_offset : s->regs.default_offset); + +@@ -82,12 +90,16 @@ void ati_2d_blt(ATIVGAState *s) + switch (s->regs.dp_mix & GMC_ROP3_MASK) { + case ROP3_SRCCOPY: + { +- int src_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ? +- s->regs.src_x : s->regs.src_x + 1 - s->regs.dst_width); +- int src_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? +- s->regs.src_y : s->regs.src_y + 1 - s->regs.dst_height); ++ unsigned src_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ? ++ s->regs.src_x : s->regs.src_x + 1 - s->regs.dst_width); ++ unsigned src_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? ++ s->regs.src_y : s->regs.src_y + 1 - s->regs.dst_height); + int src_stride = DEFAULT_CNTL ? + s->regs.src_pitch : s->regs.default_pitch; ++ if (!src_stride) { ++ qemu_log_mask(LOG_GUEST_ERROR, "Zero source pitch\n"); ++ return; ++ } + uint8_t *src_bits = s->vga.vram_ptr + (DEFAULT_CNTL ? + s->regs.src_offset : s->regs.default_offset); + +@@ -137,8 +149,10 @@ void ati_2d_blt(ATIVGAState *s) + dst_y * surface_stride(ds), + s->regs.dst_height * surface_stride(ds)); + } +- s->regs.dst_x += s->regs.dst_width; +- s->regs.dst_y += s->regs.dst_height; ++ s->regs.dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ? ++ dst_x + s->regs.dst_width : dst_x); ++ s->regs.dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? ++ dst_y + s->regs.dst_height : dst_y); + break; + } + case ROP3_PATCOPY: +@@ -179,7 +193,8 @@ void ati_2d_blt(ATIVGAState *s) + dst_y * surface_stride(ds), + s->regs.dst_height * surface_stride(ds)); + } +- s->regs.dst_y += s->regs.dst_height; ++ s->regs.dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? ++ dst_y + s->regs.dst_height : dst_y); + break; + } + default: diff --git a/SPECS/qemu-kvm/CVE-2020-13361.patch b/SPECS/qemu-kvm/CVE-2020-13361.patch new file mode 100644 index 00000000000..17155dd9cf5 --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2020-13361.patch @@ -0,0 +1,32 @@ +diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c +index f9e9f2a..6a28dab 100644 +--- a/hw/audio/es1370.c ++++ b/hw/audio/es1370.c +@@ -643,6 +643,9 @@ static void es1370_transfer_audio (ES1370State *s, struct chan *d, int loop_sel, + int csc_bytes = (csc + 1) << d->shift; + int cnt = d->frame_cnt >> 16; + int size = d->frame_cnt & 0xffff; ++ if (size < cnt) { ++ return; ++ } + int left = ((size - cnt + 1) << 2) + d->leftover; + int transferred = 0; + int temp = MIN (max, MIN (left, csc_bytes)); +@@ -651,7 +654,7 @@ static void es1370_transfer_audio (ES1370State *s, struct chan *d, int loop_sel, + addr += (cnt << 2) + d->leftover; + + if (index == ADC_CHANNEL) { +- while (temp) { ++ while (temp > 0) { + int acquired, to_copy; + + to_copy = MIN ((size_t) temp, sizeof (tmpbuf)); +@@ -669,7 +672,7 @@ static void es1370_transfer_audio (ES1370State *s, struct chan *d, int loop_sel, + else { + SWVoiceOut *voice = s->dac_voice[index]; + +- while (temp) { ++ while (temp > 0) { + int copied, to_copy; + + to_copy = MIN ((size_t) temp, sizeof (tmpbuf)); diff --git a/SPECS/qemu-kvm/CVE-2020-13362.patch b/SPECS/qemu-kvm/CVE-2020-13362.patch new file mode 100644 index 00000000000..19cf5abc2f2 --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2020-13362.patch @@ -0,0 +1,97 @@ +diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c +index de9bd20..616322b 100644 +--- a/hw/scsi/megasas.c ++++ b/hw/scsi/megasas.c +@@ -86,34 +86,34 @@ typedef struct MegasasState { + MemoryRegion queue_io; + uint32_t frame_hi; + +- int fw_state; ++ uint32_t fw_state; + uint32_t fw_sge; + uint32_t fw_cmds; + uint32_t flags; +- int fw_luns; +- int intr_mask; +- int doorbell; +- int busy; +- int diag; +- int adp_reset; ++ int32_t fw_luns; ++ uint32_t intr_mask; ++ uint32_t doorbell; ++ uint32_t busy; ++ uint32_t diag; ++ uint32_t adp_reset; + OnOffAuto msi; + OnOffAuto msix; + + MegasasCmd *event_cmd; +- int event_locale; ++ uint16_t event_locale; + int event_class; +- int event_count; +- int shutdown_event; +- int boot_event; ++ uint32_t event_count; ++ uint32_t shutdown_event; ++ uint32_t boot_event; + + uint64_t sas_addr; + char *hba_serial; + + uint64_t reply_queue_pa; + void *reply_queue; +- int reply_queue_len; +- int reply_queue_head; +- int reply_queue_tail; ++ uint16_t reply_queue_len; ++ uint16_t reply_queue_head; ++ uint16_t reply_queue_tail; + uint64_t consumer_pa; + uint64_t producer_pa; + +@@ -445,7 +445,7 @@ static MegasasCmd *megasas_lookup_frame(MegasasState *s, + + index = s->reply_queue_head; + +- while (num < s->fw_cmds) { ++ while (num < s->fw_cmds && index < MEGASAS_MAX_FRAMES) { + if (s->frames[index].pa && s->frames[index].pa == frame) { + cmd = &s->frames[index]; + break; +@@ -504,7 +504,7 @@ static MegasasCmd *megasas_enqueue_frame(MegasasState *s, + cmd->pa = frame; + /* Map all possible frames */ + cmd->frame = pci_dma_map(pcid, frame, &frame_size_p, 0); +- if (frame_size_p != frame_size) { ++ if (!cmd->frame || frame_size_p != frame_size) { + trace_megasas_qf_map_failed(cmd->index, (unsigned long)frame); + if (cmd->frame) { + megasas_unmap_frame(s, cmd); +@@ -2259,9 +2259,9 @@ static const VMStateDescription vmstate_megasas_gen1 = { + VMSTATE_PCI_DEVICE(parent_obj, MegasasState), + VMSTATE_MSIX(parent_obj, MegasasState), + +- VMSTATE_INT32(fw_state, MegasasState), +- VMSTATE_INT32(intr_mask, MegasasState), +- VMSTATE_INT32(doorbell, MegasasState), ++ VMSTATE_UINT32(fw_state, MegasasState), ++ VMSTATE_UINT32(intr_mask, MegasasState), ++ VMSTATE_UINT32(doorbell, MegasasState), + VMSTATE_UINT64(reply_queue_pa, MegasasState), + VMSTATE_UINT64(consumer_pa, MegasasState), + VMSTATE_UINT64(producer_pa, MegasasState), +@@ -2278,9 +2278,9 @@ static const VMStateDescription vmstate_megasas_gen2 = { + VMSTATE_PCI_DEVICE(parent_obj, MegasasState), + VMSTATE_MSIX(parent_obj, MegasasState), + +- VMSTATE_INT32(fw_state, MegasasState), +- VMSTATE_INT32(intr_mask, MegasasState), +- VMSTATE_INT32(doorbell, MegasasState), ++ VMSTATE_UINT32(fw_state, MegasasState), ++ VMSTATE_UINT32(intr_mask, MegasasState), ++ VMSTATE_UINT32(doorbell, MegasasState), + VMSTATE_UINT64(reply_queue_pa, MegasasState), + VMSTATE_UINT64(consumer_pa, MegasasState), + VMSTATE_UINT64(producer_pa, MegasasState), diff --git a/SPECS/qemu-kvm/CVE-2020-14415.patch b/SPECS/qemu-kvm/CVE-2020-14415.patch new file mode 100644 index 00000000000..2e59fe99222 --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2020-14415.patch @@ -0,0 +1,13 @@ +diff --git a/audio/ossaudio.c b/audio/ossaudio.c +index c43faee..9456491 100644 +--- a/audio/ossaudio.c ++++ b/audio/ossaudio.c +@@ -420,7 +420,7 @@ static size_t oss_write(HWVoiceOut *hw, void *buf, size_t len) + size_t to_copy = MIN(len, hw->size_emul - hw->pos_emul); + memcpy(hw->buf_emul + hw->pos_emul, buf, to_copy); + +- hw->pos_emul = (hw->pos_emul + to_copy) % hw->pos_emul; ++ hw->pos_emul = (hw->pos_emul + to_copy) % hw->size_emul; + buf += to_copy; + len -= to_copy; + } diff --git a/SPECS/qemu-kvm/CVE-2020-15469.patch b/SPECS/qemu-kvm/CVE-2020-15469.patch new file mode 100644 index 00000000000..0ae9639ea4f --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2020-15469.patch @@ -0,0 +1,253 @@ +diff --git a/hw/misc/imx7_ccm.c b/hw/misc/imx7_ccm.c +index 02fc1ae..5ac5ecf 100644 +--- a/hw/misc/imx7_ccm.c ++++ b/hw/misc/imx7_ccm.c +@@ -131,8 +131,15 @@ static const struct MemoryRegionOps imx7_set_clr_tog_ops = { + }, + }; + ++static void imx7_digprog_write(void *opaque, hwaddr addr, ++ uint64_t data, unsigned size) ++{ ++ qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__); ++} ++ + static const struct MemoryRegionOps imx7_digprog_ops = { + .read = imx7_set_clr_tog_read, ++ .write = imx7_digprog_write, + .endianness = DEVICE_NATIVE_ENDIAN, + .impl = { + .min_access_size = 4, +diff --git a/hw/misc/tz-ppc.c b/hw/misc/tz-ppc.c +index 181a5f1..350ada8 100644 +--- a/hw/misc/tz-ppc.c ++++ b/hw/misc/tz-ppc.c +@@ -196,7 +196,21 @@ static bool tz_ppc_dummy_accepts(void *opaque, hwaddr addr, + g_assert_not_reached(); + } + ++static uint64_t tz_ppc_dummy_read(void *opaque, hwaddr addr, unsigned size) ++{ ++ g_assert_not_reached(); ++} ++ ++static void tz_ppc_dummy_write(void *opaque, hwaddr addr, ++ uint64_t data, unsigned size) ++{ ++ g_assert_not_reached(); ++} ++ + static const MemoryRegionOps tz_ppc_dummy_ops = { ++ /* define r/w methods to avoid assert failure in memory_region_init_io */ ++ .read = tz_ppc_dummy_read, ++ .write = tz_ppc_dummy_write, + .valid.accepts = tz_ppc_dummy_accepts, + }; + +diff --git a/hw/nvram/nrf51_nvm.c b/hw/nvram/nrf51_nvm.c +index 4d678f9..3d56566 100644 +--- a/hw/nvram/nrf51_nvm.c ++++ b/hw/nvram/nrf51_nvm.c +@@ -273,6 +273,10 @@ static const MemoryRegionOps io_ops = { + .endianness = DEVICE_LITTLE_ENDIAN, + }; + ++static uint64_t flash_read(void *opaque, hwaddr offset, unsigned size) ++{ ++ g_assert_not_reached(); ++} + + static void flash_write(void *opaque, hwaddr offset, uint64_t value, + unsigned int size) +@@ -300,6 +304,7 @@ static void flash_write(void *opaque, hwaddr offset, uint64_t value, + + + static const MemoryRegionOps flash_ops = { ++ .read = flash_read, + .write = flash_write, + .valid.min_access_size = 4, + .valid.max_access_size = 4, +diff --git a/hw/pci-host/designware.c b/hw/pci-host/designware.c +index 71e9b0d..17ad489 100644 +--- a/hw/pci-host/designware.c ++++ b/hw/pci-host/designware.c +@@ -21,6 +21,7 @@ + #include "qemu/osdep.h" + #include "qapi/error.h" + #include "qemu/module.h" ++#include "qemu/log.h" + #include "hw/pci/msi.h" + #include "hw/pci/pci_bridge.h" + #include "hw/pci/pci_host.h" +@@ -63,6 +64,13 @@ designware_pcie_root_to_host(DesignwarePCIERoot *root) + return DESIGNWARE_PCIE_HOST(bus->parent); + } + ++static uint64_t designware_pcie_root_msi_read(void *opaque, hwaddr addr, ++ unsigned size) ++{ ++ qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__); ++ return 0; ++} ++ + static void designware_pcie_root_msi_write(void *opaque, hwaddr addr, + uint64_t val, unsigned len) + { +@@ -77,6 +85,7 @@ static void designware_pcie_root_msi_write(void *opaque, hwaddr addr, + } + + static const MemoryRegionOps designware_pci_host_msi_ops = { ++ .read = designware_pcie_root_msi_read, + .write = designware_pcie_root_msi_write, + .endianness = DEVICE_LITTLE_ENDIAN, + .valid = { +diff --git a/hw/pci-host/prep.c b/hw/pci-host/prep.c +index 85d7ba9..7f366d9 100644 +--- a/hw/pci-host/prep.c ++++ b/hw/pci-host/prep.c +@@ -26,6 +26,7 @@ + #include "qemu/osdep.h" + #include "qemu-common.h" + #include "qemu/units.h" ++#include "qemu/log.h" + #include "qapi/error.h" + #include "hw/pci/pci.h" + #include "hw/pci/pci_bus.h" +@@ -119,8 +120,15 @@ static uint64_t raven_intack_read(void *opaque, hwaddr addr, + return pic_read_irq(isa_pic); + } + ++static void raven_intack_write(void *opaque, hwaddr addr, ++ uint64_t data, unsigned size) ++{ ++ qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__); ++} ++ + static const MemoryRegionOps raven_intack_ops = { + .read = raven_intack_read, ++ .write = raven_intack_write, + .valid = { + .max_access_size = 1, + }, +diff --git a/hw/ppc/prep_systemio.c b/hw/ppc/prep_systemio.c +index 86e83e2..e712a9a 100644 +--- a/hw/ppc/prep_systemio.c ++++ b/hw/ppc/prep_systemio.c +@@ -23,6 +23,7 @@ + */ + + #include "qemu/osdep.h" ++#include "qemu/log.h" + #include "hw/irq.h" + #include "hw/isa/isa.h" + #include "hw/qdev-properties.h" +@@ -235,8 +236,15 @@ static uint64_t ppc_parity_error_readl(void *opaque, hwaddr addr, + return val; + } + ++static void ppc_parity_error_writel(void *opaque, hwaddr addr, ++ uint64_t data, unsigned size) ++{ ++ qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid write access\n", __func__); ++} ++ + static const MemoryRegionOps ppc_parity_error_ops = { + .read = ppc_parity_error_readl, ++ .write = ppc_parity_error_writel, + .valid = { + .min_access_size = 4, + .max_access_size = 4, +diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c +index f6fbcf9..e886211 100644 +--- a/hw/ppc/spapr_pci.c ++++ b/hw/ppc/spapr_pci.c +@@ -52,6 +52,7 @@ + #include "sysemu/kvm.h" + #include "sysemu/hostmem.h" + #include "sysemu/numa.h" ++#include "qemu/log.h" + + /* Copied from the kernel arch/powerpc/platforms/pseries/msi.c */ + #define RTAS_QUERY_FN 0 +@@ -738,6 +739,12 @@ static PCIINTxRoute spapr_route_intx_pin_to_irq(void *opaque, int pin) + return route; + } + ++static uint64_t spapr_msi_read(void *opaque, hwaddr addr, unsigned size) ++{ ++ qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__); ++ return 0; ++} ++ + /* + * MSI/MSIX memory region implementation. + * The handler handles both MSI and MSIX. +@@ -755,8 +762,10 @@ static void spapr_msi_write(void *opaque, hwaddr addr, + } + + static const MemoryRegionOps spapr_msi_ops = { +- /* There is no .read as the read result is undefined by PCI spec */ +- .read = NULL, ++ /* .read result is undefined by PCI spec ++ * define .read method to avoid assert failure in memory_region_init_io ++ */ ++ .read = spapr_msi_read, + .write = spapr_msi_write, + .endianness = DEVICE_LITTLE_ENDIAN + }; +diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c +index 136f3a9..c3e5cab 100644 +--- a/hw/vfio/pci-quirks.c ++++ b/hw/vfio/pci-quirks.c +@@ -13,6 +13,7 @@ + #include "qemu/osdep.h" + #include "exec/memop.h" + #include "qemu/units.h" ++#include "qemu/log.h" + #include "qemu/error-report.h" + #include "qemu/main-loop.h" + #include "qemu/module.h" +@@ -278,8 +279,15 @@ static uint64_t vfio_ati_3c3_quirk_read(void *opaque, + return data; + } + ++static void vfio_ati_3c3_quirk_write(void *opaque, hwaddr addr, ++ uint64_t data, unsigned size) ++{ ++ qemu_log_mask(LOG_GUEST_ERROR, "%s not implemented\n", __func__); ++} ++ + static const MemoryRegionOps vfio_ati_3c3_quirk = { + .read = vfio_ati_3c3_quirk_read, ++ .write = vfio_ati_3c3_quirk_write, + .endianness = DEVICE_LITTLE_ENDIAN, + }; + +diff --git a/memory.c b/memory.c +index 06484c2..019e7e5 100644 +--- a/memory.c ++++ b/memory.c +@@ -1495,7 +1495,13 @@ void memory_region_init_io(MemoryRegion *mr, + uint64_t size) + { + memory_region_init(mr, owner, name, size); +- mr->ops = ops ? ops : &unassigned_mem_ops; ++ if (ops) { ++ assert(ops->read || ops->read_with_attrs); ++ assert(ops->write || ops->write_with_attrs); ++ mr->ops = ops; ++ } else { ++ mr->ops = &unassigned_mem_ops; ++ } + mr->opaque = opaque; + mr->terminates = true; + } +@@ -1684,6 +1690,8 @@ void memory_region_init_rom_device_nomigrate(MemoryRegion *mr, + { + Error *err = NULL; + assert(ops); ++ assert(ops->read || ops->read_with_attrs); ++ assert(ops->write || ops->write_with_attrs); + memory_region_init(mr, owner, name, size); + mr->ops = ops; + mr->opaque = opaque; diff --git a/SPECS/qemu-kvm/CVE-2020-15859.patch b/SPECS/qemu-kvm/CVE-2020-15859.patch new file mode 100644 index 00000000000..ed3341c7c20 --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2020-15859.patch @@ -0,0 +1,88 @@ +diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c +index 9b76f82..1355a94 100644 +--- a/hw/net/e1000e_core.c ++++ b/hw/net/e1000e_core.c +@@ -2423,32 +2423,27 @@ e1000e_set_dbal(E1000ECore *core, int index, uint32_t val) + static void + e1000e_set_tctl(E1000ECore *core, int index, uint32_t val) + { +- E1000E_TxRing txr; + core->mac[index] = val; + + if (core->mac[TARC0] & E1000_TARC_ENABLE) { +- e1000e_tx_ring_init(core, &txr, 0); +- e1000e_start_xmit(core, &txr); ++ qemu_bh_schedule(core->tx[0].tx_bh); + } + + if (core->mac[TARC1] & E1000_TARC_ENABLE) { +- e1000e_tx_ring_init(core, &txr, 1); +- e1000e_start_xmit(core, &txr); ++ qemu_bh_schedule(core->tx[1].tx_bh); + } + } + + static void + e1000e_set_tdt(E1000ECore *core, int index, uint32_t val) + { +- E1000E_TxRing txr; + int qidx = e1000e_mq_queue_idx(TDT, index); + uint32_t tarc_reg = (qidx == 0) ? TARC0 : TARC1; + + core->mac[index] = val & 0xffff; + + if (core->mac[tarc_reg] & E1000_TARC_ENABLE) { +- e1000e_tx_ring_init(core, &txr, qidx); +- e1000e_start_xmit(core, &txr); ++ qemu_bh_schedule(core->tx[qidx].tx_bh); + } + } + +@@ -3313,6 +3308,16 @@ e1000e_vm_state_change(void *opaque, int running, RunState state) + } + } + ++static void e1000e_core_tx_bh(void *opaque) ++{ ++ struct e1000e_tx *tx = opaque; ++ E1000ECore *core = tx->core; ++ E1000E_TxRing txr; ++ ++ e1000e_tx_ring_init(core, &txr, tx - &core->tx[0]); ++ e1000e_start_xmit(core, &txr); ++} ++ + void + e1000e_core_pci_realize(E1000ECore *core, + const uint16_t *eeprom_templ, +@@ -3331,6 +3336,8 @@ e1000e_core_pci_realize(E1000ECore *core, + for (i = 0; i < E1000E_NUM_QUEUES; i++) { + net_tx_pkt_init(&core->tx[i].tx_pkt, core->owner, + E1000E_MAX_TX_FRAGS, core->has_vnet); ++ core->tx[i].core = core; ++ core->tx[i].tx_bh = qemu_bh_new(e1000e_core_tx_bh, &core->tx[i]); + } + + net_rx_pkt_init(&core->rx_pkt, core->has_vnet); +@@ -3358,6 +3365,8 @@ e1000e_core_pci_uninit(E1000ECore *core) + for (i = 0; i < E1000E_NUM_QUEUES; i++) { + net_tx_pkt_reset(core->tx[i].tx_pkt); + net_tx_pkt_uninit(core->tx[i].tx_pkt); ++ qemu_bh_delete(core->tx[i].tx_bh); ++ core->tx[i].tx_bh = NULL; + } + + net_rx_pkt_uninit(core->rx_pkt); +diff --git a/hw/net/e1000e_core.h b/hw/net/e1000e_core.h +index 49abb13..83c3be3 100644 +--- a/hw/net/e1000e_core.h ++++ b/hw/net/e1000e_core.h +@@ -77,6 +77,8 @@ struct E1000Core { + unsigned char sum_needed; + bool cptse; + struct NetTxPkt *tx_pkt; ++ QEMUBH *tx_bh; ++ E1000ECore *core; + } tx[E1000E_NUM_QUEUES]; + + struct NetRxPkt *rx_pkt; diff --git a/SPECS/qemu-kvm/CVE-2020-25742.patch b/SPECS/qemu-kvm/CVE-2020-25742.patch new file mode 100644 index 00000000000..069b906568c --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2020-25742.patch @@ -0,0 +1,14 @@ +diff --git a/hw/pci/pci.c b/hw/pci/pci.c +index cbc7a32..fa58e7a 100644 +--- a/hw/pci/pci.c ++++ b/hw/pci/pci.c +@@ -255,6 +255,9 @@ static void pci_change_irq_level(PCIDevice *pci_dev, int irq_num, int change) + PCIBus *bus; + for (;;) { + bus = pci_get_bus(pci_dev); ++ if (!bus) { ++ return; ++ } + irq_num = bus->map_irq(pci_dev, irq_num); + if (bus->set_irq) + break; diff --git a/SPECS/qemu-kvm/CVE-2020-25743.patch b/SPECS/qemu-kvm/CVE-2020-25743.patch new file mode 100644 index 00000000000..86cdef73f6b --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2020-25743.patch @@ -0,0 +1,28 @@ +diff --git a/hw/ide/core.c b/hw/ide/core.c +index 754ff4d..39da759 100644 +--- a/hw/ide/core.c ++++ b/hw/ide/core.c +@@ -718,6 +718,7 @@ void ide_cancel_dma_sync(IDEState *s) + * whole DMA operation will be submitted to disk with a single + * aio operation with preadv/pwritev. + */ ++ assert(s->blk); + if (s->bus->dma->aiocb) { + trace_ide_cancel_dma_sync_remaining(); + blk_drain(s->blk); +diff --git a/hw/ide/pci.c b/hw/ide/pci.c +index cce1da8..81cd312 100644 +--- a/hw/ide/pci.c ++++ b/hw/ide/pci.c +@@ -295,7 +295,10 @@ void bmdma_cmd_writeb(BMDMAState *bm, uint32_t val) + /* Ignore writes to SSBM if it keeps the old value */ + if ((val & BM_CMD_START) != (bm->cmd & BM_CMD_START)) { + if (!(val & BM_CMD_START)) { +- ide_cancel_dma_sync(idebus_active_if(bm->bus)); ++ IDEState *s = idebus_active_if(bm->bus); ++ if (s->blk) { ++ ide_cancel_dma_sync(s); ++ } + bm->status &= ~BM_STATUS_DMAING; + } else { + bm->cur_addr = bm->addr; diff --git a/SPECS/qemu-kvm/qemu-kvm.spec b/SPECS/qemu-kvm/qemu-kvm.spec index fec4c65ef8e..2030f53b222 100644 --- a/SPECS/qemu-kvm/qemu-kvm.spec +++ b/SPECS/qemu-kvm/qemu-kvm.spec @@ -1,7 +1,7 @@ Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 4.2.0 -Release: 18%{?dist} +Release: 19%{?dist} License: GPLv2 AND GPLv2+ AND CC-BY AND BSD Vendor: Microsoft Corporation Distribution: Mariner @@ -30,6 +30,14 @@ Patch13: CVE-2020-14364.patch Patch14: CVE-2020-13791.patch # CVE-2018-19665 patch never merged upstream, link: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html Patch15: CVE-2018-19665.patch +Patch16: CVE-2020-13361.patch +Patch17: CVE-2020-11869.patch +Patch18: CVE-2020-14415.patch +Patch19: CVE-2020-15859.patch +Patch20: CVE-2020-13362.patch +Patch21: CVE-2020-25742.patch +Patch22: CVE-2020-25743.patch +Patch23: CVE-2020-15469.patch BuildRequires: alsa-lib-devel BuildRequires: glib-devel BuildRequires: pixman-devel @@ -71,6 +79,14 @@ This package provides a command line tool for manipulating disk images. %patch13 -p1 %patch14 -p1 %patch15 -p1 +%patch16 -p1 +%patch17 -p1 +%patch18 -p1 +%patch19 -p1 +%patch20 -p1 +%patch21 -p1 +%patch22 -p1 +%patch23 -p1 %build @@ -131,6 +147,16 @@ chmod 755 %{buildroot}%{_bindir}/qemu %{_bindir}/qemu-nbd %changelog +* Wed Nov 11 2020 Henry Li - 4.2.0-19 +- Patch CVE-2020-13361 +- Patch CVE-2020-11869 +- Patch CVE-2020-14415 +- Patch CVE-2020-15859 +- Patch CVE-2020-13362 +- Patch CVE-2020-25742 +- Patch CVE-2020-25743 +- Patch CVE-2020-15469 + * Fri Oct 30 2020 Thomas Crain - 4.2.0-18 - Patch CVE-2018-19665 - Remove nopatch files for CVE-2016-7161, CVE-2015-7504, CVE-2017-5931, From 48144ec500ad83c3b120e896176eccf147134554 Mon Sep 17 00:00:00 2001 From: Henry Li Date: Thu, 12 Nov 2020 12:18:04 -0800 Subject: [PATCH 117/145] add patch for CVE-2020-24352 --- SPECS/qemu-kvm/CVE-2020-24352.patch | 28 ++++++++++++++++++++++++++++ SPECS/qemu-kvm/qemu-kvm.spec | 5 ++++- 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 SPECS/qemu-kvm/CVE-2020-24352.patch diff --git a/SPECS/qemu-kvm/CVE-2020-24352.patch b/SPECS/qemu-kvm/CVE-2020-24352.patch new file mode 100644 index 00000000000..328d111b411 --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2020-24352.patch @@ -0,0 +1,28 @@ +diff --git a/hw/display/ati_2d.c b/hw/display/ati_2d.c +index 23a8ae0..4dc10ea 100644 +--- a/hw/display/ati_2d.c ++++ b/hw/display/ati_2d.c +@@ -67,8 +75,9 @@ void ati_2d_blt(ATIVGAState *s) + dst_stride *= bpp; + } + uint8_t *end = s->vga.vram_ptr + s->vga.vram_size; +- if (dst_bits >= end || dst_bits + dst_x + (dst_y + s->regs.dst_height) * +- dst_stride >= end) { ++ if (dst_x > 0x3fff || dst_y > 0x3fff || dst_bits >= end ++ || dst_bits + dst_x ++ + (dst_y + s->regs.dst_height) * dst_stride >= end) { + qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n"); + return; + } +@@ -95,8 +108,9 @@ void ati_2d_blt(ATIVGAState *s) + src_bits += s->regs.crtc_offset & 0x07ffffff; + src_stride *= bpp; + } +- if (src_bits >= end || src_bits + src_x + +- (src_y + s->regs.dst_height) * src_stride >= end) { ++ if (src_x > 0x3fff || src_y > 0x3fff || src_bits >= end ++ || src_bits + src_x ++ + (src_y + s->regs.dst_height) * src_stride >= end) { + qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n"); + return; + } diff --git a/SPECS/qemu-kvm/qemu-kvm.spec b/SPECS/qemu-kvm/qemu-kvm.spec index 2030f53b222..47e49f053fe 100644 --- a/SPECS/qemu-kvm/qemu-kvm.spec +++ b/SPECS/qemu-kvm/qemu-kvm.spec @@ -36,8 +36,9 @@ Patch18: CVE-2020-14415.patch Patch19: CVE-2020-15859.patch Patch20: CVE-2020-13362.patch Patch21: CVE-2020-25742.patch -Patch22: CVE-2020-25743.patch +Patch22: CVE-2020-25743.patch Patch23: CVE-2020-15469.patch +Patch24: CVE-2020-24352.patch BuildRequires: alsa-lib-devel BuildRequires: glib-devel BuildRequires: pixman-devel @@ -87,6 +88,7 @@ This package provides a command line tool for manipulating disk images. %patch21 -p1 %patch22 -p1 %patch23 -p1 +%patch24 -p1 %build @@ -156,6 +158,7 @@ chmod 755 %{buildroot}%{_bindir}/qemu - Patch CVE-2020-25742 - Patch CVE-2020-25743 - Patch CVE-2020-15469 +- Patch CVE-2020-24352 * Fri Oct 30 2020 Thomas Crain - 4.2.0-18 - Patch CVE-2018-19665 From 717eb55dcf3663aeceb42ac347f1b8a0972adb23 Mon Sep 17 00:00:00 2001 From: Henry Beberman Date: Thu, 12 Nov 2020 18:31:01 -0800 Subject: [PATCH 118/145] Add aspnetcore-runtime package (#372) Add aspnetcore-runtime-3.1 package Clean up dotnet-runtime-3.1 spec --- SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md | 2 +- .../aspnetcore-runtime-3.1.signatures.json | 5 ++ .../aspnetcore-runtime-3.1.spec | 41 +++++++++++ .../dotnet-runtime-3.1.spec | 68 +++++++------------ cgmanifest.json | 10 +++ 5 files changed, 83 insertions(+), 43 deletions(-) create mode 100644 SPECS/aspnetcore-runtime-3.1/aspnetcore-runtime-3.1.signatures.json create mode 100644 SPECS/aspnetcore-runtime-3.1/aspnetcore-runtime-3.1.spec diff --git a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md index 280e882a90b..ab9eddeac9c 100644 --- a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md +++ b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md @@ -3,6 +3,6 @@ The CBL-Mariner SPEC files originated from a variety of sources with varying lic | Origin | License | SPECS | |-----------|-----------------------------------|------------| | Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | attr
autoconf213
babeltrace2
brotli
calamares
catch
cpprest
cryptsetup
dnf
dos2unix
ebtables
extra-cmake-modules
gnu-efi
hardening-check
heimdal
ipmitool
ipv6calc
kde-settings
kexec-tools
kf5
kf5-kconfig
kf5-kcoreaddons
kf5-ki18n
kf5-kwidgetsaddons
kpmcore-3.3.0
libatasmart
libburn
libcgroup
libcomps
libdnf
libisoburn
libisofs
libpwquality
libxcrypt
mokutil
mozjs60
open-vm-tools
openssl
p11-kit
perl-JSON
qt5-qtbase
qt5-qtdeclarative
qt5-qtsvg
qt5-qttools
qt5-rpm-macros
squashfs-tools
websocketpp
words
yaml-cpp
zipper
| -| Microsoft | [Microsoft MIT License](/LICENSES-AND-NOTICES/LICENSE.md) | auoms
azure-iot-sdk-c
azure-iotedge
azure-storage-cpp
bond
ccache
clamav
cloud-hypervisor
dtc
fluent-bit
freefont
gflags
go-md2man
GSL
ivykis
jsonbuilder
libiothsm-std
libuv
libxml++
lttng-consume
mariner-release
mariner-repos
mariner-rpm-macros
mm-common
msgpack
nlohmann-json
omi
pcre2
perl-Test-Warnings
rocksdb
shim-unsigned-x64
span-lite
swupdate
tinyxml2
toml11
tracelogging
vala
zstd | +| Microsoft | [Microsoft MIT License](/LICENSES-AND-NOTICES/LICENSE.md) | aspnetcore-runtime
auoms
azure-iot-sdk-c
azure-iotedge
azure-storage-cpp
bond
ccache
clamav
cloud-hypervisor
dtc
fluent-bit
freefont
gflags
go-md2man
GSL
ivykis
jsonbuilder
libiothsm-std
libuv
libxml++
lttng-consume
mariner-release
mariner-repos
mariner-rpm-macros
mm-common
msgpack
nlohmann-json
omi
pcre2
perl-Test-Warnings
rocksdb
shim-unsigned-x64
span-lite
swupdate
tinyxml2
toml11
tracelogging
vala
zstd | | Photon | [Photon License](LICENSE-PHOTON.md) and [Photon Notice](NOTICE.APACHE2).
Also see [LICENSE-EXCEPTIONS.PHOTON](LICENSE-EXCEPTIONS.PHOTON). | acl
alsa-lib
alsa-utils
ansible
ant
ant-contrib
apparmor
apr
apr-util
asciidoc
atftp
audit
autoconf
autoconf-archive
autofs
autogen
automake
babel
bash
bc
bcc
bind
binutils
bison
blktrace
boost
bridge-utils
btrfs-progs
bubblewrap
build-essential
bzip2
c-ares
ca-certificates
cairo
cdrkit
check
chkconfig
chrpath
cifs-utils
clang
cloud-init
cloud-utils-growpart
cmake
cni
core-packages
coreutils
cpio
cppunit
cracklib
crash
crash-gcore-command
createrepo_c
cri-tools
cronie
ctags
curl
cyrus-sasl
cython
dbus
dbus-glib
dejagnu
device-mapper-multipath
dhcp
dialog
diffutils
dkms
dmidecode
dnsmasq
docbook-dtd-xml
docbook-style-xsl
dosfstools
dotnet-runtime-3.1
dotnet-sdk-3.1
dracut
dstat
e2fsprogs
ed
efibootmgr
efivar
elfutils
erlang
etcd
ethtool
expat
expect
fcgi
file
filesystem
findutils
finger
flex
fontconfig
fping
freetype
fuse
gawk
gc
gcc
gdb
gdbm
gettext
git
glib
glib-networking
glibc
glibmm24
gmp
gnome-common
gnupg2
gnuplot
gnutls
gobject-introspection
golang
golang
gperf
gperftools
gpgme
gptfdisk
grep
groff
grub2
grub2-efi-binary-signed-aarch64
grub2-efi-binary-signed-x64
gtest
gtk-doc
guile
gzip
haproxy
harfbuzz
haveged
hdparm
http-parser
httpd
i2c-tools
iana-etc
icu
initramfs
initscripts
inotify-tools
intltool
iotop
iperf3
ipmitool
iproute
ipset
iptables
iputils
ipvsadm
ipxe
irqbalance
itstool
jansson
jna
jq
json-c
json-glib
kbd
keepalived
kernel
kernel-headers
kernel-hyperv
kernel-signed-aarch64
kernel-signed-x64
kexec-tools
keyutils
kmod
krb5
kubernetes
lapack
less
libaio
libarchive
libassuan
libatomic_ops
libcap
libcap-ng
libconfig
libdb
libdnet
libedit
libestr
libev
libevent
libfastjson
libffi
libgcrypt
libgpg-error
libgssglue
libgsystem
libgudev
libjpeg-turbo
libksba
liblogging
libmbim
libmnl
libmodulemd
libmpc
libmspack
libndp
libnetfilter_conntrack
libnetfilter_cthelper
libnetfilter_cttimeout
libnetfilter_queue
libnfnetlink
libnftnl
libnl3
libnsl2
libpcap
libpipeline
libpng
libpsl
libqmi
librelp
librepo
librsync
libseccomp
libselinux
libsepol
libserf
libsigc++20
libsolv
libsoup
libssh2
libtalloc
libtar
libtasn1
libtiff
libtirpc
libtool
libunistring
libunwind
libusb
libvirt
libwebp
libxml2
libxslt
libyaml
linux-firmware
lldb
lldpad
llvm
lm-sensors
lmdb
log4cpp
logrotate
lshw
lsof
lsscsi
ltrace
lttng-tools
lttng-ust
lua
lvm2
lz4
lzo
m2crypto
m4
make
man-db
man-pages
mariadb
maven
mc
mercurial
meson
mlocate
ModemManager
mpfr
msr-tools
mysql
nano
nasm
ncurses
ndctl
net-snmp
net-tools
nettle
newt
nfs-utils
nghttp2
nginx
ninja-build
nodejs
nodejs
npth
nspr
nss
nss-altfiles
ntp
numactl
numpy
nvme-cli
oniguruma
openipmi
openjdk8
openjdk8
openldap
openscap
openssh
openvswitch
ostree
pam
pango
parted
patch
pciutils
pcre
perl
perl-Canary-Stability
perl-CGI
perl-common-sense
perl-Crypt-SSLeay
perl-DBD-SQLite
perl-DBI
perl-DBIx-Simple
perl-Exporter-Tiny
perl-File-HomeDir
perl-File-Which
perl-IO-Socket-SSL
perl-JSON-Any
perl-JSON-XS
perl-libintl-perl
perl-List-MoreUtils
perl-Module-Build
perl-Module-Install
perl-Module-ScanDeps
perl-Net-SSLeay
perl-NetAddr-IP
perl-Object-Accessor
perl-Path-Class
perl-Try-Tiny
perl-Types-Serialiser
perl-WWW-Curl
perl-XML-Parser
perl-YAML
perl-YAML-Tiny
pgbouncer
pinentry
pixman
pkg-config
polkit
popt
postgresql
powershell
procps-ng
protobuf
protobuf-c
psmisc
pth
pyasn1-modules
pygobject3
pyOpenSSL
PyPAM
pyparsing
pytest
python-appdirs
python-asn1crypto
python-atomicwrites
python-attrs
python-backports-ssl_match_hostname
python-bcrypt
python-boto3
python-botocore
python-certifi
python-cffi
python-chardet
python-configobj
python-constantly
python-coverage
python-cryptography
python-daemon
python-dateutil
python-defusedxml
python-distro
python-docopt
python-docutils
python-ecdsa
python-enum34
python-futures
python-gevent
python-greenlet
python-hyperlink
python-hypothesis
python-idna
python-imagesize
python-incremental
python-iniparse
python-ipaddr
python-ipaddress
python-jinja2
python-jmespath
python-jsonpatch
python-jsonpointer
python-jsonschema
python-lockfile
python-lxml
python-m2r
python-mako
python-markupsafe
python-mistune
python-msgpack
python-netaddr
python-netifaces
python-ntplib
python-oauthlib
python-packaging
python-pam
python-pbr
python-pip
python-ply
python-prettytable
python-psutil
python-psycopg2
python-py
python-pyasn1
python-pycodestyle
python-pycparser
python-pycurl
python-Pygments
python-PyNaCl
python-pyvmomi
python-requests
python-setuptools
python-setuptools_scm
python-simplejson
python-six
python-snowballstemmer
python-sphinx
python-sphinx-theme-alabaster
python-sqlalchemy
python-Twisted
python-typing
python-urllib3
python-vcversioner
python-virtualenv
python-wcwidth
python-webob
python-websocket-client
python-werkzeug
python-zope-interface
python2
python3
pytz
PyYAML
rapidjson
readline
redis
rng-tools
rpcbind
rpcsvc-proto
rpm
rpm-ostree
rrdtool
rsync
rsyslog
ruby
rubygem-bundler
runc
rust
scons
sed
sg3_utils
shadow-utils
slang
snappy
socat
sqlite
sshpass
strace
strongswan
subversion
sudo
swig
syslinux
syslog-ng
sysstat
systemd
systemtap
tar
tboot
tcl
tcpdump
tcp_wrappers
tcsh
tdnf
telegraf
texinfo
tmux
tpm2-abrmd
tpm2-tools
tpm2-tss
traceroute
tree
trousers
tzdata
unbound
unixODBC
unzip
usbutils
userspace-rcu
utf8proc
util-linux
valgrind
vim
vsftpd
WALinuxAgent
wget
which
wpa_supplicant
xerces-c
xfsprogs
xinetd
xmlsec1
xmlto
xz
zchunk
zeromq
zip
zlib
zsh
| | OpenMamba | [Openmamba](https://openmamba.org/en/) | bash-completion
| \ No newline at end of file diff --git a/SPECS/aspnetcore-runtime-3.1/aspnetcore-runtime-3.1.signatures.json b/SPECS/aspnetcore-runtime-3.1/aspnetcore-runtime-3.1.signatures.json new file mode 100644 index 00000000000..78738445087 --- /dev/null +++ b/SPECS/aspnetcore-runtime-3.1/aspnetcore-runtime-3.1.signatures.json @@ -0,0 +1,5 @@ +{ + "Signatures": { + "aspnetcore-runtime-3.1.5-linux-x64.tar.gz": "bf202e612374eecf089b08db2085f36e54c09d6e93db0ff4244580ee47b9c61f" + } +} \ No newline at end of file diff --git a/SPECS/aspnetcore-runtime-3.1/aspnetcore-runtime-3.1.spec b/SPECS/aspnetcore-runtime-3.1/aspnetcore-runtime-3.1.spec new file mode 100644 index 00000000000..5f86b8844de --- /dev/null +++ b/SPECS/aspnetcore-runtime-3.1/aspnetcore-runtime-3.1.spec @@ -0,0 +1,41 @@ +%define debug_package %{nil} +Summary: Microsoft aspnetcore runtime +Name: aspnetcore-runtime-3.1 +Version: 3.1.5 +Release: 1%{?dist} +License: ASL 2.0 +Vendor: Microsoft Corporation +Distribution: Mariner +Group: Development/Tools +URL: https://github.com/dotnet/aspnetcore +Source0: https://download.visualstudio.microsoft.com/download/pr/6827d794-a218-4352-b3b3-a19ec773c975/e3e53bc2f20df220a29c6e09f74d8a00/aspnetcore-runtime-3.1.5-linux-x64.tar.gz +Requires: dotnet-runtime-3.1 +ExclusiveArch: x86_64 + +%description +ASP.NET Core is an open-source and cross-platform framework for building +modern cloud based internet connected applications, such as web apps, +IoT apps and mobile backends + +%prep +%setup -qc -T -a 0 dotnet-runtime-%{version} + +%build + +%install +mkdir -p %{buildroot}%{_libdir}/dotnet/shared +cp -r shared/Microsoft.AspNetCore.App %{buildroot}%{_libdir}/dotnet/shared + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + +%files +%license LICENSE.txt ThirdPartyNotices.txt +%defattr(-,root,root,0755) +%{_libdir}/dotnet/shared/Microsoft.AspNetCore.App + +%changelog +* Thu Nov 12 2020 Henry Beberman - 3.1.5-1 +- Add aspnetcore-runtime spec. +- License verified +- Original version for CBL-Mariner \ No newline at end of file diff --git a/SPECS/dotnet-runtime-3.1/dotnet-runtime-3.1.spec b/SPECS/dotnet-runtime-3.1/dotnet-runtime-3.1.spec index 9984504b4de..aecd4117aea 100644 --- a/SPECS/dotnet-runtime-3.1/dotnet-runtime-3.1.spec +++ b/SPECS/dotnet-runtime-3.1/dotnet-runtime-3.1.spec @@ -1,96 +1,80 @@ Summary: Microsoft .NET Core Runtime Name: dotnet-runtime-3.1 Version: 3.1.5 -Release: 1%{?dist} +Release: 2%{?dist} +License: MIT Vendor: Microsoft Corporation Distribution: Mariner -License: MIT -Url: https://github.com/dotnet/core Group: Development/Tools -ExclusiveArch: x86_64 +URL: https://github.com/dotnet/core Source0: https://download.visualstudio.microsoft.com/download/pr/d00eaeea-6d7b-4e73-9d96-c0234ed3b665/0d25d9d1aeaebdeef01d15370d5cd22b/dotnet-runtime-3.1.5-linux-x64.tar.gz - +Requires: glibc Requires: icu -Requires: libunwind Requires: krb5 +Requires: libgcc +Requires: libstdc++ +Requires: libunwind Requires: lttng-ust Requires: openssl Requires: zlib -Requires: glibc -Requires: libgcc -Requires: libstdc++ +ExclusiveArch: x86_64 %description .NET Core is a development platform that you can use to build command-line applications, microservices and modern websites. %prep -%setup -qc dotnet-runtime-%{version} +%setup -qc -T -a 0 dotnet-runtime-%{version} %build %install mkdir -p %{buildroot}%{_libdir}/dotnet -mkdir -p %{buildroot}%{_docdir}/dotnet-runtime-%{version} -cp LICENSE.txt ThirdPartyNotices.txt %{buildroot}%{_docdir}/dotnet-runtime-%{version} -rm LICENSE.txt ThirdPartyNotices.txt + cp -r * %{buildroot}%{_libdir}/dotnet mkdir -p %{buildroot}%{_bindir} ln -sf %{_libdir}/dotnet/dotnet %{buildroot}%{_bindir}/dotnet -# Pre-install -%pre - - # First argument is 1 => New Installation - # First argument is 2 => Upgrade - -# Post-install -%post - - # First argument is 1 => New Installation - # First argument is 2 => Upgrade - - /sbin/ldconfig - -# Pre-uninstall -%preun - - # First argument is 0 => Uninstall - # First argument is 1 => Upgrade - -# Post-uninstall -%postun - - /sbin/ldconfig - - # First argument is 0 => Uninstall - # First argument is 1 => Upgrade +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig %files -%license %{_docdir}/dotnet-runtime-%{version}/LICENSE.txt +%license LICENSE.txt ThirdPartyNotices.txt %defattr(-,root,root,0755) +%exclude %{_libdir}/dotnet/LICENSE.txt +%exclude %{_libdir}/dotnet/ThirdPartyNotices.txt %exclude %{_libdir}/debug -%{_docdir}/* %{_bindir}/dotnet %{_libdir}/* %changelog +* Thu Nov 12 2020 Henry Beberman - 3.1.5-2 +- Fix scriptlets and move licenses to the correct folder + * Fri Jun 19 2020 Andrew Phelps 3.1.5-1 - Update version to 3.1.5. Fix runtime requirements. + * Sat May 09 2020 Nick Samson 3.1.3-4 - Added %%license line automatically + * Tue May 05 2020 Emre Girgin 3.1.3-3 - Renaming dotnet-runtime to dotnet-runtime-3.1 + * Mon May 04 2020 Emre Girgin 3.1.3-2 - Replace BuildArch with ExclusiveArch + * Mon Mar 30 2020 Andrew Phelps 3.1.3-1 - Update to dotnet 3.1.3. License verified. + * Tue Sep 03 2019 Mateusz Malisz 2.2.0-2 - Initial CBL-Mariner import from Photon (license: Apache2). + * Wed Dec 05 2018 Ajay Kaher 2.2.0-1 - upgraded to version 2.2.0 + * Thu Sep 27 2018 Ajay Kaher 2.1.4-1 - upgraded to version 2.1.4 - add aarch64 support + * Wed Jan 31 2018 Priyesh Padmavilasom 2.0.5-1 - Initial build for photon diff --git a/cgmanifest.json b/cgmanifest.json index 1c21e2330e7..d83d070690c 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -100,6 +100,16 @@ } } }, + { + "component": { + "type": "other", + "other": { + "name": "aspnetcore-runtime-3.1", + "version": "3.1.5", + "downloadUrl": "https://download.visualstudio.microsoft.com/download/pr/6827d794-a218-4352-b3b3-a19ec773c975/e3e53bc2f20df220a29c6e09f74d8a00/aspnetcore-runtime-3.1.5-linux-x64.tar.gz" + } + } + }, { "component": { "type": "other", From fc79645dec9ecb0518121612c9963df48aa7ba03 Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Fri, 13 Nov 2020 12:40:36 -0800 Subject: [PATCH 119/145] Add missing requires to auoms package (#369) * Clean auoms.spec with linter feedback * Add missing requirements to auoms --- SPECS/auoms/auoms.spec | 119 ++++++++++++++++++++++------------------- 1 file changed, 64 insertions(+), 55 deletions(-) diff --git a/SPECS/auoms/auoms.spec b/SPECS/auoms/auoms.spec index 55fd11f0693..963eac05b76 100644 --- a/SPECS/auoms/auoms.spec +++ b/SPECS/auoms/auoms.spec @@ -1,10 +1,12 @@ %define debug_package %{nil} - Summary: Auditd plugin that forwards audit events to OMS Agent for Linux Name: auoms Version: 2.2.5 -Release: 2%{?dist} +Release: 4%{?dist} License: MIT +Vendor: Microsoft Corporation +Distribution: Mariner +Group: Applications/System URL: https://github.com/microsoft/OMS-Auditd-Plugin #Source0: https://github.com/microsoft/OMS-Auditd-Plugin/archive/v2.2.5-0.tar.gz Source0: %{name}-%{version}.tar.gz @@ -15,30 +17,28 @@ Source2: msgpack-c-cpp-2.0.0.zip #Source3: https://github.com/Tencent/rapidjson/archive/v1.0.2.tar.gz Source3: rapidjson-1.0.2.tar.gz Patch0: auoms.patch -Group: Applications/System -Vendor: Microsoft Corporation -Distribution: Mariner - -BuildRequires: unzip -BuildRequires: cmake -BuildRequires: wget -BuildRequires: sudo -BuildRequires: grep -BuildRequires: sed +BuildRequires: audit-devel BuildRequires: bash BuildRequires: bash-devel -BuildRequires: audit-devel BuildRequires: boost-devel +BuildRequires: cmake +BuildRequires: grep BuildRequires: python2 BuildRequires: python2-devel - +BuildRequires: sed +BuildRequires: sudo +BuildRequires: unzip +BuildRequires: wget Requires: audit -Requires: sudo Requires: bash -Requires: sed +Requires: chkconfig +Requires: glibc +Requires: initscripts Requires: libstdc++ Requires: perl -Requires: glibc +Requires: procps-ng +Requires: sed +Requires: sudo %description OMS Audit data collection daemon @@ -53,8 +53,8 @@ cp %{SOURCE3} ./ %build grep AUOMS_BUILDVERSION auoms.version | head -n 4 | cut -d'=' -f2 | tr '\n' '.' | sed 's/.$//' | sed 's/^/#define AUOMS_VERSION "/' > auoms_version.h sed -i 's/$/"/' auoms_version.h -cp -R /usr/include/boost /usr/local/include/boost -mv /usr/include/boost /usr/include/boost148 +cp -R %{_includedir}/boost /usr/local/include/boost +mv %{_includedir}/boost /usr/include/boost148 cd build ./configure --enable-ulinux && make clean && make @@ -65,11 +65,11 @@ install -vdm 755 %{buildroot}%{_sysconfdir}/opt/microsoft/auoms/outconf.d install -vdm 755 %{buildroot}%{_sysconfdir}/opt/microsoft/auoms/rules.d install -vdm 755 %{buildroot}/opt/microsoft/auoms install -vdm 755 %{buildroot}/opt/microsoft/auoms/bin -install -vdm 755 %{buildroot}/usr/share/selinux/packages/auoms -install -vdm 750 %{buildroot}/var/opt/microsoft/auoms/data -install -vdm 750 %{buildroot}/var/opt/microsoft/auoms/data/outputs +install -vdm 755 %{buildroot}%{_datadir}/selinux/packages/auoms +install -vdm 750 %{buildroot}%{_var}/opt/microsoft/auoms/data +install -vdm 750 %{buildroot}%{_var}/opt/microsoft/auoms/data/outputs -install -m 644 intermediate/selinux/* %{buildroot}/usr/share/selinux/packages/auoms +install -m 644 intermediate/selinux/* %{buildroot}%{_datadir}/selinux/packages/auoms install -m 555 installer/auoms.init %{buildroot}%{_sysconfdir}/init.d/auoms install -m 644 installer/conf/auoms.conf %{buildroot}%{_sysconfdir}/opt/microsoft/auoms install -m 644 installer/conf/auomscollect.conf %{buildroot}%{_sysconfdir}/opt/microsoft/auoms @@ -82,25 +82,25 @@ install -m 755 intermediate/builddir/release/bin/auoms %{buildroot}/opt install -m 755 intermediate/builddir/release/bin/auomsctl %{buildroot}/opt/microsoft/auoms/bin %clean -rm -rf $RPM_BUILD_ROOT +rm -rf %{buildroot} %pre #!/bin/sh if [ $1 -gt 1 ] ; then - if [ -e /etc/audisp/plugins.d/auoms.conf ]; then + if [ -e %{_sysconfdir}/audisp/plugins.d/auoms.conf ]; then echo "Pre: found etc/audisp/plugins.d/auoms.conf" - if [ -e /etc/audisp/plugins.d/auoms.conf.auomssave ]; then - rm /etc/audisp/plugins.d/auoms.conf.auomssave + if [ -e %{_sysconfdir}/audisp/plugins.d/auoms.conf.auomssave ]; then + rm %{_sysconfdir}/audisp/plugins.d/auoms.conf.auomssave fi - cp -p /etc/audisp/plugins.d/auoms.conf /etc/audisp/plugins.d/auoms.conf.auomssave + cp -p %{_sysconfdir}/audisp/plugins.d/auoms.conf %{_sysconfdir}/audisp/plugins.d/auoms.conf.auomssave fi - if [ -e /etc/audit/plugins.d/auoms.conf ]; then + if [ -e %{_sysconfdir}/audit/plugins.d/auoms.conf ]; then echo "Pre: found etc/audit/plugins.d/auoms.conf" - if [ -e /etc/audit/plugins.d/auoms.conf.auomssave ]; then - rm /etc/audit/plugins.d/auoms.conf.auomssave + if [ -e %{_sysconfdir}/audit/plugins.d/auoms.conf.auomssave ]; then + rm %{_sysconfdir}/audit/plugins.d/auoms.conf.auomssave fi - cp -p /etc/audit/plugins.d/auoms.conf /etc/audit/plugins.d/auoms.conf.auomssave + cp -p %{_sysconfdir}/audit/plugins.d/auoms.conf %{_sysconfdir}/audit/plugins.d/auoms.conf.auomssave fi fi @@ -117,24 +117,24 @@ fi SERVICEDIR=/opt/microsoft/auoms if [ $1 -gt 1 ] ; then - if [ -e /etc/audisp/plugins.d/auoms.conf.auomssave ]; then - echo "Post: found /etc/audisp/plugins.d/auoms.conf" - if [ -e /etc/audisp/plugins.d/auoms.conf ]; then - rm /etc/audisp/plugins.d/auoms.conf + if [ -e %{_sysconfdir}/audisp/plugins.d/auoms.conf.auomssave ]; then + echo "Post: found %{_sysconfdir}/audisp/plugins.d/auoms.conf" + if [ -e %{_sysconfdir}/audisp/plugins.d/auoms.conf ]; then + rm %{_sysconfdir}/audisp/plugins.d/auoms.conf fi - cp -p /etc/audisp/plugins.d/auoms.conf.auomssave /etc/audisp/plugins.d/auoms.conf + cp -p %{_sysconfdir}/audisp/plugins.d/auoms.conf.auomssave %{_sysconfdir}/audisp/plugins.d/auoms.conf fi - if [ -e /etc/audit/plugins.d/auoms.conf.auomssave ]; then - echo "Post: found /etc/audit/plugins.d/auoms.conf" - if [ -e /etc/audit/plugins.d/auoms.conf ]; then - rm /etc/audit/plugins.d/auoms.conf + if [ -e %{_sysconfdir}/audit/plugins.d/auoms.conf.auomssave ]; then + echo "Post: found %{_sysconfdir}/audit/plugins.d/auoms.conf" + if [ -e %{_sysconfdir}/audit/plugins.d/auoms.conf ]; then + rm %{_sysconfdir}/audit/plugins.d/auoms.conf fi - cp -p /etc/audit/plugins.d/auoms.conf.auomssave /etc/audit/plugins.d/auoms.conf + cp -p %{_sysconfdir}/audit/plugins.d/auoms.conf.auomssave %{_sysconfdir}/audit/plugins.d/auoms.conf fi echo "Post: executing upgrade" /opt/microsoft/auoms/bin/auomsctl upgrade fi -for dir in /usr/lib/systemd/system /lib/systemd/system; do +for dir in %{_lib}/systemd/system /lib/systemd/system; do if [ -e $dir ]; then install -m 644 ${SERVICEDIR}/auoms.service $dir systemctl enable auoms.service @@ -142,20 +142,20 @@ for dir in /usr/lib/systemd/system /lib/systemd/system; do fi done sudo /opt/microsoft/auoms/bin/auomsctl enable -rm -f /etc/audisp/plugins.d/auoms.conf.* -rm -f /etc/audit/plugins.d/auoms.conf.* +rm -f %{_sysconfdir}/audisp/plugins.d/auoms.conf.* +rm -f %{_sysconfdir}/audit/plugins.d/auoms.conf.* %postun #!/bin/sh if [ $1 -eq 0 ]; then - rm -f /etc/audisp/plugins.d/auoms.conf* - rm -f /etc/audit/plugins.d/auoms.conf* + rm -f %{_sysconfdir}/audisp/plugins.d/auoms.conf* + rm -f %{_sysconfdir}/audit/plugins.d/auoms.conf* - rm -rf -v /etc/opt/microsoft/auoms - rm -rf -v /var/opt/microsoft/auoms + rm -rf -v %{_sysconfdir}/opt/microsoft/auoms + rm -rf -v %{_var}/opt/microsoft/auoms fi -for dir in /usr/lib/systemd/system /lib/systemd/system; do +for dir in %{_lib}/systemd/system /lib/systemd/system; do if [ -e ${dir}/auoms.service ]; then systemctl disable auoms.service rm -f ${dir}/auoms.service @@ -165,8 +165,8 @@ done %files %defattr(-,root,root) -/usr/share/selinux/packages/auoms -/usr/share/selinux/packages/auoms/* +%{_datadir}/selinux/packages/auoms +%{_datadir}/selinux/packages/auoms/* %{_sysconfdir}/init.d/auoms %{_sysconfdir}/opt/microsoft/auoms %{_sysconfdir}/opt/microsoft/auoms/auoms.conf @@ -182,12 +182,21 @@ done /opt/microsoft/auoms/bin/auomscollect /opt/microsoft/auoms/bin/auoms /opt/microsoft/auoms/bin/auomsctl -/var/opt/microsoft/auoms -/var/opt/microsoft/auoms/data -/var/opt/microsoft/auoms/data/outputs +%{_var}/opt/microsoft/auoms +%{_var}/opt/microsoft/auoms/data +%{_var}/opt/microsoft/auoms/data/outputs %changelog +* Wed Nov 11 2020 Daniel McIlvaney - 2.2.5-4 +- Add dependnecy on chkconfig to avoid ownership conflict with /etc/init.d directory +- Add dependency on procps-ng so auomsctl can use pgrep +- Add dependnecy on initscripts so auomsctl can use /usr/sbin/service + +* Wed Nov 11 2020 Daniel McIlvaney - 2.2.5-3 +- Clean up spec file with feedback from linter + * Sat Oct 24 2020 Andrew Phelps 2.2.5-2 - Fix setup macro + * Thu Oct 22 2020 Andrew Phelps 2.2.5-1 - Initial CBL-Mariner version. From 42ff7786ced2b106304ef46a60743d13e5089335 Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Fri, 13 Nov 2020 14:40:30 -0800 Subject: [PATCH 120/145] Add status badge, update quickstart workflow (#377) --- .../{quickstart.yml => quickstart_1.0.yml} | 34 +++++++++++++------ README.md | 4 +++ 2 files changed, 28 insertions(+), 10 deletions(-) rename .github/workflows/{quickstart.yml => quickstart_1.0.yml} (75%) diff --git a/.github/workflows/quickstart.yml b/.github/workflows/quickstart_1.0.yml similarity index 75% rename from .github/workflows/quickstart.yml rename to .github/workflows/quickstart_1.0.yml index 33643c2bd07..d13ad062e1e 100644 --- a/.github/workflows/quickstart.yml +++ b/.github/workflows/quickstart_1.0.yml @@ -3,7 +3,7 @@ # # Workflow to automatedly verify the quickstart instructions -name: Verify Quickstart +name: Verify Quickstart 1.0 on: workflow_dispatch: @@ -11,7 +11,7 @@ on: - cron: "0 15 * * *" jobs: - iso_quickstart: + get_input-srpms: runs-on: ubuntu-18.04 steps: @@ -32,13 +32,34 @@ jobs: sudo apt-get update sudo apt -y install make tar wget curl rpm qemu-utils genisoimage pigz - - name: Configure the Environment + - name: Download SRPMS run: | pushd toolkit sudo make go-tools REBUILD_TOOLS=y sudo make input-srpms DOWNLOAD_SRPMS=y popd + iso_quickstart: + runs-on: ubuntu-18.04 + + steps: + - name: Checkout + uses: actions/checkout@v2.3.2 + with: + ref: '1.0-stable' + + - name: Set up Go 1.13 + uses: actions/setup-go@v2 + with: + go-version: 1.13 + id: go + + - name: Install Remaining Prerequisites + run: | + # Golang and docker are already installed on the agent + sudo apt-get update + sudo apt -y install make tar wget curl rpm qemu-utils genisoimage pigz + - name: ISO Quick Start run: | pushd toolkit @@ -66,13 +87,6 @@ jobs: sudo apt-get update sudo apt -y install make tar wget curl rpm qemu-utils genisoimage pigz - - name: Configure Environment - run: | - pushd toolkit - sudo make go-tools REBUILD_TOOLS=y - sudo make input-srpms DOWNLOAD_SRPMS=y - popd - - name: VHDX Quick Start run: | pushd toolkit diff --git a/README.md b/README.md index da432ea81db..d6579860806 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,9 @@ # CBL-Mariner +| Release Branch | Status | +| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| 1.0 | [![1.0 Status](https://github.com/microsoft/CBL-Mariner/workflows/Verify%20Quickstart%201.0/badge.svg)](https://github.com/microsoft/CBL-Mariner/actions?query=workflow%3A%22Verify+Quickstart+1.0%22) | + CBL-Mariner is an internal Linux distribution for Microsoft’s cloud infrastructure and edge products and services. CBL-Mariner is designed to provide a consistent platform for these devices and services and will enhance Microsoft’s ability to stay current on Linux updates. This initiative is part of Microsoft’s increasing investment in a wide range of Linux technologies, such as [SONiC](https://azure.microsoft.com/en-us/blog/sonic-the-networking-switch-software-that-powers-the-microsoft-global-cloud/), [Azure Sphere OS](https://docs.microsoft.com/en-us/azure-sphere/product-overview/what-is-azure-sphere) and [Windows Subsystem for Linux (WSL)](https://docs.microsoft.com/en-us/windows/wsl/about). CBL-Mariner is being shared publicly as part of Microsoft’s commitment to Open Source and to contribute back to the Linux community. CBL-Mariner does not change our approach or commitment to any existing third-party Linux distribution offerings. CBL-Mariner has been engineered with the notion that a small common core set of packages can address the universal needs of first party cloud and edge services while allowing individual teams to layer additional packages on top of the common core to produce images for their workloads. This is made possible by a simple build system that enables: From 177ea525269802aab45d95093818eee849376360 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Fri, 13 Nov 2020 16:49:07 -0800 Subject: [PATCH 121/145] Enabling network access for package builds running with `%check`. (#380) --- toolkit/tools/pkgworker/pkgworker.go | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/toolkit/tools/pkgworker/pkgworker.go b/toolkit/tools/pkgworker/pkgworker.go index ad028e3ca9e..c7a33322c62 100644 --- a/toolkit/tools/pkgworker/pkgworker.go +++ b/toolkit/tools/pkgworker/pkgworker.go @@ -135,7 +135,7 @@ func buildSRPMInChroot(chrootDir, rpmDirPath, workerTar, srpmFile, repoFile, rpm defer chroot.Close(noCleanup) // Place extra files that will be needed to build into the chroot - srpmFileInChroot, err := copyFilesIntoChroot(chroot, srpmFile, repoFile, rpmmacrosFile) + srpmFileInChroot, err := copyFilesIntoChroot(chroot, srpmFile, repoFile, rpmmacrosFile, runCheck) if err != nil { return } @@ -356,10 +356,11 @@ func removeLibArchivesFromSystem() (err error) { } // copyFilesIntoChroot copies several required build specific files into the chroot. -func copyFilesIntoChroot(chroot *safechroot.Chroot, srpmFile, repoFile, rpmmacrosFile string) (srpmFileInChroot string, err error) { +func copyFilesIntoChroot(chroot *safechroot.Chroot, srpmFile, repoFile, rpmmacrosFile string, runCheck bool) (srpmFileInChroot string, err error) { const ( chrootRepoDestDir = "/etc/yum.repos.d" chrootSrpmDestDir = "/root/SRPMS" + resolvFilePath = "/etc/resolv.conf" rpmmacrosDest = "/usr/lib/rpm/macros.d/macros.override" ) @@ -385,6 +386,16 @@ func copyFilesIntoChroot(chroot *safechroot.Chroot, srpmFile, repoFile, rpmmacro filesToCopy = append(filesToCopy, rpmmacrosCopy) } + if runCheck { + logger.Log.Warn("Enabling network access because we're running package tests (make argument 'RUN_CHECK' set to 'y').") + + resolvFileCopy := safechroot.FileToCopy{ + Src: resolvFilePath, + Dest: resolvFilePath, + } + filesToCopy = append(filesToCopy, resolvFileCopy) + } + err = chroot.AddFiles(filesToCopy...) return } From 7b9dcc53776b42f607d72df0a5425ca58e28efa4 Mon Sep 17 00:00:00 2001 From: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com> Date: Fri, 13 Nov 2020 16:50:24 -0800 Subject: [PATCH 122/145] Add support to build Arm64 ISO for CBL-Mariner (#373) * Add support to build Arm64 ISO for CBL-Mariner * Add support to build Arm64 ISO for CBL-Mariner * Add support to build Arm64 ISO for CBL-Mariner * Update to build_arch in imggen make file * Repetition removal suggestions. (#378) Repetition removal suggestions. Co-authored-by: schalam Co-authored-by: Pawel Winogrodzki --- .../arm64/isolinux/isolinux.bin | Bin 0 -> 38912 bytes .../arm64/isolinux/isolinux.cfg | 7 ++ .../arm64/isolinux/ldlinux.c32 | Bin 0 -> 116144 bytes .../imageconfigs/iso_initrd_arm64.json | 45 ++++++++++++ .../iso-initrd-packages-arm64.json | 66 ++++++++++++++++++ toolkit/scripts/imggen.mk | 8 +++ toolkit/tools/isomaker/maker.go | 56 +++++++++------ 7 files changed, 160 insertions(+), 22 deletions(-) create mode 100755 toolkit/resources/assets/isomaker/iso_root_arch-dependent_files/arm64/isolinux/isolinux.bin create mode 100755 toolkit/resources/assets/isomaker/iso_root_arch-dependent_files/arm64/isolinux/isolinux.cfg create mode 100644 toolkit/resources/assets/isomaker/iso_root_arch-dependent_files/arm64/isolinux/ldlinux.c32 create mode 100644 toolkit/resources/imageconfigs/iso_initrd_arm64.json create mode 100644 toolkit/resources/imageconfigs/packagelists/iso-initrd-packages-arm64.json diff --git a/toolkit/resources/assets/isomaker/iso_root_arch-dependent_files/arm64/isolinux/isolinux.bin b/toolkit/resources/assets/isomaker/iso_root_arch-dependent_files/arm64/isolinux/isolinux.bin new file mode 100755 index 0000000000000000000000000000000000000000..c908d07d055f9c28bdfdce2c0ce529a2220b9f91 GIT binary patch literal 38912 zcmce;dsGuw_dh&mF1d#Z5)c(NlZ2~?#Ns82HbA&v4EJyq6h>4KgoKNt1_PEMhN`Wt zZEY)}t+lqbeXIhu7K{b8)uMQ7ecGb6Ix*H#wTh_ZJ!qfr^L^L5-nD*z{j!*ubLO10 z&wcODK6?)%w@d30WXl!_^3QJvf;2Y>5B+)UlVAQ%t|#5K6Jg(a-4+r|Q{9G%bcZV(o}-9_y#wgBXvtXU zIt=+q=yp*(-6pB0r$6H&2;IY?bUPkQ6Hf3v#&35CrrTf^%~2E2666w`nws8f>vWRT zcVYfN_Sm^btW$=l&s3w#8P(NvTF15mTAxLeN6zKt^jzbD?`Y8Pf6;hKe^kSxEiRC> z1@>0;u=Pr-jkZW>aG8$vp&6;c#oUV<{~!=agAI{51~;FCIl5`}LTSB$e=NYv{*2f! zqIQxqHq9LXJ&M$Ka*!?)*!lLc#|`W^2;G)|(CvS%<8&ZHt=&&m&dg(fuj}L@_di_x zn_KkizqoYUU+ZXox51BYPe2@UAKDV>!lmbP{#s}FZS2*5NA!$a<#~J8=oiic_zsS6 zFYd;^gA`T<9ShvZrX$V$tQlojA!DO$6d#M($c7ts%vAr8v6mg8|GLF?ZupA^G#`HFNCtYwr z)@>kIDdKoY7t-(AbO*&O7da^SpY%g6s;g%t&(n6MPvMZe$bDzrnBU25Q3CQKvW+`6 z?_Jy1010yXNP=nAd79jF9Hn~(Q5xgG1?uLZ4DR_IO=rJD;AB06V@apbI!$$}TPpChPJvO>P)jgJ%UF)O^uYc9Y zkp#cFAZLo-@l`uw16&l9$pnNl=kj5_R^7m}X`Tcbs3pym00 z+cU@oS`O^iIohJ-*?Kt>f;q7Ew$V!5d_rbx_VEa&3)@A(qb?JI4NBdv3BfHs+k!*U z8vGD&@I&z$asM6D1*F+$n;BlgddKl&Vl(SKy2~S&O+k)LFtfg+ZK7Z{6*)$k*-4{t zDa=P$pHWr!^QBIH;iGA#`#80&h-4=6Cu-`tT_1AAbUo>Jt zZ0e$f*ras5Y<5s^h)jmaBFZc3Dwi)SG06NP{ADV&I%N9HVAU*HOpr`hY$&djg{`Vy zzDibXkQJ7S1<3NM^3vt2jJ5M*NK(0MNqM3^6;@Rl%a*TNCaZ$C z(qdUvaaGmw@>Q~;$_$lt zWA6>+vYN5ya>I+V3FU=FWAUp0MT0I}URqrA|63%g+_hK9nAQm!pK@fWpP5&G7>dg(46vz&lK&Eqdfu+FE|iupEi@F%BDB*}7A3;M)ytO_&wnv= zFB%VrCAGL%R$?$z%$qTzs;=t!2nVgHGn7{bEiEsbQMIH@MweI0%E~K?|Mx(Rji(ll ztgN`Q5+);ovM~Kv#{&Op1`=CVxU5*Vw4`|HN;oesvIWA?sI07e(Lu2wd~6C|v}2yE zq7u%RtWdVHxNfZFmBnx({uzn12rUv3qtzmjV>e`i$zXnSL!H@Y!+P@uL^j5u|F8X6 z5~WLY41%y`gkBJH4nfGKPoB~xb3)*LsX*wG7 z$SiRheEXCwLV7vkR)z!~NGl1Z)VGqdZV@2m-M9BKGNi*3X&vJh{jGzoEKCk=Rh@?! zl%r!A$R-2{f?T9yjN*;fpIVQ%UT?ka{B38@GN;#3b@y$#!AU+<&~f_gdq^PDV1 z2{lkcG`9xzahh9WnmT}T=Nb2RVKa=2zW{72V$?rR$!R)x?q(6pe(=|u1*{P{=!CIV zNV4h_t4543U4NYQJR8$=W19$7j^5lhmNFGFP8drWb?KjHeD7FG>pwH_3M>~SQLFUsPD-g#T$On@lW#;9+XjF#KebG45 ziXdhikN%h@5P&?re#6{{^+rCi(_NS0=+OQnG?V@mrXh$a>$=Ux44S(G+b_)f?-YI) zWbwH$@4r(`A1y{Ch~0OTe)pdwrk6hI3KyQ;ZFJdhBwccFGhCq8pV8n48l1HqU17D4 zJkuT6FY7jr=xwHj9j#8XDGNLg7$nD#EpSi`fya<-5GWYDzd^Rp9eZa?&xS4TST-JS zhfh^^=Q;$!M7pEs8^53Fk8LnhrwP80_nxZMtK;EvoJV5UjvOWN<$KdK*TcZmqoQ5FB87z|exHTdPskDZNdXktzGbn3eqh z%C7it_6Y~9^`n`fxAW;%|Gz4^_xCh==Q}RvJ3vwv^XNA>aJFG|WNXy~=9lLF{mm!$ z-!IxTmh&+Ly8DM0=j&~c9gpb(NF4TQ3^@GL-WPrK@3+?Da7dsS$6xdiE*x4%x9w}C zg`5MehADL0!Li_>R)gD%5frfporf^i4H>2(ZFuPpp)7&0?~UrA6#w@;y5Q*k^h04S z9v!V`+>Y&Qu5@X5lD^-_d)NaE*s*z2U?H9nHUF=C8TfhI0U2HSPX&HXE<;E z4`5mW{)3o0T00Pp0MduR>5SVys0q!tUBC1=-}W2<(bRe4(y?k~=j$dN;z6A0F1ulL z?YYehhg){UeC=iU_{)Jh7LEe2e(GJ3}&fi9!GS9=e z?>3IrT|gc-C}mFK$~>sHC?I2V{NfakMT{J$dm}7UXg-1eVB4}KJu@RUImLWO^weTd z`dR9g!C%9%Lab5GFs(9>(JFCf*pj9U!B7T=ZC71A5b9bzC(y;QkZ_LWOXG}FrzvrA zV-kuWEmNX+R}D9A%Iu=y8TBcavbUt!A zt@w^8|Ks!1l)>c2voOgbfMVcJ`-i80))zjuU1)(=3-OjO|8PxvA?LK2w z8+;IJCJNhGx#GpRXa282ugq&fo4GC7pm{Mc_o4Qwu!Q+Bhuq#hKU7(xhKtA#OH&4_ zFV*-|PM!uA+SsyU<~_P%J|W7^%E@1xXX}8SM;yO(@Wvkh?tnlYaa`;elO&F_9b=lS zqc1f@XC8GL)~iP=gP4(Xx2w=SvCSvVkI_mG7$NArW;@z^5{~-)z57rDO7Dd-4(!oq z=h&=T7pJ6qm#3i{j?HsQJ(T5P<^$JM)56RP=LVPaOwU z-7o6iAKU!hSl#2F*ZuKW-QSJX{qaNFSmp2mYv1oMF@4OX5$1_CjU>(2huE=sJT@lN zn9Kh6I+wtXSvPLA!hOHjIcVK|7;evo<6}~mNkK_4&NAOpgrUNXKp+^c!X)aS_NUAhZ`o`1kh>-p!5>VFP< z5M&0#SFnC$8Db(3$mX15tLB}5p0E8U{=+f9+V{bMt@V{C@%*$b|m; zlOP}buXs1aj$=BSliLwImggC)H>OD}2%8x!TQ&yoS3wvJ(Q`%lsxcLXg2?>;^LyUT z|9KlxxN59SDb#76t4Ffs&%wIi@>SJ^rOS(CG}LSSUml|~!2(&DLqs0dBfx?;AsR%u z^97qsP0z@5&bpul_|s)j#qOA!hH$2I%{Biyn_kA~0Wz`YHyr#5xui^W>T}`!y&rcN zHzCN!mgooGmtABC6a4_fiK9z4*_Sdy&RFhj6OZI{&4nCQ39%{YrJP2Td31!k%*-LV zvtK3Fh@IkEQurT!yf{BE=UrQH5^71{xd!B-72~)U=K23%zV+1nrzoHqh1^)`jiTjl zTBR4?f6ESOt_Q+pUMzIDf3IQp_s~bJo9suLhn&pNOi$D$Cog~TySBEk;PkdPLW%R_ zQ!tIF00=M-W7SjJyzWSlrf#Fl6WYAMl!hXF#2~o8#pdj9>Nec5J+QTzE!j)y?5GC8GRf{=%aUAH92zNheT#zl=Fer4dj1R=KrK~Tudahl1VPxm1p zLhz7i*17Qj+4wP>X7ccN56wJah~*^<2;TP+e=Oj zx$-tW!$Wg%lsyi2SlU!Ujx9B%i?;zPD!-;6njqXz&)Arru4F%C5ic|q(W^+@SU@*~ zDre(Hy{TS_5;e&hKOSag(a`Xxvu&X0Ms%ScwJcc!P8+Z|{e?D;hB^rlt$s;;W&vl$Uq7i|9$Inp8 zL!Ngo_9&_2ARYt1QTGQN)`&T#C;S@B8WGHhl;p8)_74LTI3i`!DdS~*PQI-xJ`Ztx z3xc~_<&LApfL8?Y&&k6YrQ_G_$l&V;ej_85={-uMVi_fZk^tTp(Fl^A6>l6Wq1S-+ zXxb~^7UPbZhXqDKr{`V#Wx`1wv*p;U41w<0MGaQ%St3s1mWZ;$OSE;oTs;r26_G7d zFXlpS*>uVvPA*9)#=@hq9DV23IYZh-0;X4WRsD-$oHOM8lH5X^(%^VRc9!FINpT$* z*EVi3NCS0#3&LDF)=##-R1C0U;9mrm2<%gfK;822VQ$~qCo?=|M($8obTh^3A>$t{xRN=2SJgeHNtJozX}ptyK1z+Ld5_O{iqB3d zU4}Afi+f8HDsW#R*kwsZx>Kvo3%oKg#F*xaa7{gfJo4~)em~6sD6nEYtvZ>xTj}^$ z){F>&dxSG0n9Ig*m@$-No7U?3M&uhSyj^?BJyy(h=rvPI{5TJ_$~283Ox2w(Zr$<* zK6B(Cu!uu*^3>wF8HiE#@2Ns-GI2)<46fE>&Yc$b3MoPL&+R8)?|!09sNL3G2&B#e zJbN7bN1Cg4I-g@+>i3NUH^=*Fa+bZB%h=AjSyQ*MkF>r#$zl-9-dYUUT_Ze~L=XQ} z9>G@P7Jk@cmcGG54+2;D9z_R6+N|zGsXH+EKWVE+fHej%TgSJE74B;>>)VKqz|=oh zFK67>qmDxVWNaUpHLh}^oLD_^?(2xqz z&2Eclh(ZU^o)*)ZSO5i*o4uXs(Hx1O<(SK~wu{=%1 zZP9SdtR(c;n%JWy5m{g3_3JK1rv7a3SMertAc{PUFVvNkj|%lZi+&cV7xu_Wkl(60HtXUA5rv7PS6t5ToRsjTxMy;rbR{c7*wfoAG*%t&3l+ z${~wHWGzJ=>8GKf@Un(GS9XhtZY`H@(ecb{B)EZOGhNm<+1l2BObRQe5|bAcuIix&LunRXRJzH{>p7A$*Ew$W| z5aKE%J_s`cqLDLmNbi_ z0FxHBu9sj$>7ycSz7lKP%*_NcOBA<4tK|80i$Mrm9j2(IfTy_|jm^j+cz70~OS}Sz zkRyg0T!8rZwySe(&cexpxn0sAsekJF_r_bg9MzH*TZSRO~aZ z%Dqw9T^{ke@`N5iu_&cm#=3dDERHDXFkhtHmMF6j-+1}&<)8c@@nc|_iqCI+1+C^< zb^$;hxp=gJH?WlFXn3|YfrI|gbTuJCt87hB+tQ*@oBEkyLS%q9cy*jET2CZJGq>ZS z6Bp)E&on;Cr02>ox{oNByz1}CNkvmyquO<`fR1(b;iD-rV4cd6J)u2q1@5j-Ln5Qo zBBT92h&CiQT&brXOfRbBIun$h#yzT2*4K9^Kf!fL_&G;xEH0c*HmyzTT=Ts|7Z&yX zCo3gMBIz`sn}q37be7fYhQxcGBwnC;b$TjOphbh13}aqoE>g&J>cgkf3bf@0WBU|3i>Y(xX>+beDxk%N*c6`7L zcBh_}}FAlD0tux3-#H*jw z{N0Oj`Tj%M{#gPEwKVvmWiGYZ`_R9Oo^TOMDsGAPjG_7~c9WJx(t+E|In{Yfh;n|0 zjC|#k7AGqC^OL+t^RWsd@@@=%ggC7_Wr@aFEd7~9lg$Oa;fqUP0N%M+-7%rl|n|-kpe=UP`C$vH|Q#vhEq(4lJ4OlMpnAyYrA&pVB@ty}iY$vfA!dI()ogQ`FFC=0>sgJzfO*9H zLVhwj@aMxGnE{zc<@kjt8Qx4j&fI78UQDgbl8&b8eqb&oyp8e5y^jWN?j;_j2rJS6 zPhXE}R9RE;pgN?03idZmppN<2XGDBd(tR(sehU@g*R?YRVQZ*)^RsQ6ua_>)`%uHF zncK0%z@E{rqRQpcl9O?}OMY3ud;8pcl&9KuD}t95Vo6IUL`;OJFG4Czj()m?92@8 zq+)Q5ZOh+ah&?>VsFS9;u)75(#ni@WQM1-ZN*jn$-jq zh4`UuekpvFGZKj2x?dlS8l#-Q#=SK^HFD_}dzVIVdSCglDCby+xmSGeGQc9mi=<*K zffCRCRXb7PC;Rkem9r|-8Zy_A!s{~+%hrE1f1T%sJz0yTb&I|9i+L=2>LsX|GH(p1V%0!1CNFs0qkR!E$-Vq?E0n~KH;@7IwLi%M&ysY@8adrc-0^bSD&tW(3~rAI_^dTycf^e(VvsA%#BcT zW7OsiSy1~cAsoTXS!RG8Ob`<0VW;7bk_b~4@zym2PJAb#alQG-ps zaVGOPYeIzBxwLT7w_%Iiz9b(xG-# z$ws**!0!+mOe1>L0IaW<{)FK*GUZi=40~MYqPCn{}ydCjOsls%TZ>EN^SyZGPBYNDEFU*dJgvN(d0k;kLAmK{3-&R)Rv;rKCINTC9w08ZOdN>X5SuFXu(s z*G^&W#G)LJeI_UMWI*WUi!sH4o{so1t>VvduH! z&TkAX#IQn)ZNth<7{};kDaV`sARCuLi6n{@T+_V@m_O}Le2axV`TNtI$-z-k-Ns`4 zn<(7Q))!(LTs>?Um*?)1IB(xl?y&vS6%*FtaiY-qT2OpJLS4=vo8BwpplhYpXb?G3 zm_B)Fj09MJnY$)E+2@Lt{$-3meEK%y-aemry;EFRnME|LH z9z1t%dT1nip$~{lFFGTaj{)W$`*@x*BbYVmHst3xqh4QAEWQ8!$fzSXYQhr!TX}cO z2d+9ibH|CL=3(3r=C}=II+yv|o}E99dD6t6oj_0lA&u@aX#4_3&*Kl^WwFzXqB%Xo z=<@E5_wV1Iy{p?nj{nusGd$`$&Fd2L9dm7Zo#b9P*zk;Qs*Uk3jmFh+E6 z6j>rA@+~qRv?4hNZbO4aHO6zs-3wJx_LtvVyDk#9$U9^rDKj*{T2d3#$7{G)s!osK zV(VJ1wJJ?up9=mwt(P)*=YTq@bUZa0X3bA=uN}vG58Y3*!RlaZ0eW-0UB(W$h?$%*n;|#N5C;12deer??2S~=yv2D@tr(7Ih89_S|~|; z#89Cnl0r+IitGsHa^6hO#WTHH5(U#f>F0f~RH^!@4`mQ9B^9#`N-vrlXi4|{)2(@J~zflLh5p*J$VZfR}ScKz-sm?jW=wc0XrVnrlQIsy7yaP>E_xz7TEY0o3 z0itpIr(t;+%m=Z)hiWc`5P=VsH@YAruq1r@*m}&LvgrF@hlFLm-%+e z=T1Y@lT%At@{p3%pINDob?NM%RI#$tdh9keJs~6lu=^jxbf70ZH3kLlqF@6fF)teX z_v7u|!hB)y-3D&Z*Go;z@q?Xz5GjXZ`4|M@23exQG4B{KRnFlLM8_3%noDs53>> zUbGmVe$}QS@}XMgsAcm&Oslcym5ycHZgs-+6M9`AKor?>NSeRo7n)+%evvWf=H*Rq& zPvxw@(B^Pwv_(Ylnc-#-kre0HXMS9$KY*`sT9>b9*mTSR!PThsBVO;`Rzx5q52rfeVPY2af35LSxx9q*Q&oy* zkA4=pA>{ngX54>~;|_D*f4~t!9v(4`{8~d;GdDWMS*u2^Z_3g{JZNel59f@6pRD;Y ze0;rA^-z7!Q0u|LRZ)%y;GAP;nWRD(e|nlO-ymbaWWE2^2p*=xnRC?3&CrsRdmdkT zYOeLI!3W}%xlze6qWTNm)j0FWd<$D-q@a@)7_tVc)vVDS+A_gq^G%XJ%4l#GxSQfd z4wd=(Q}b!S=9{raWNvs;*9ew z$vAV#d~?Ves!~5OPBRY}oJ5Z2g_nUO!J*r1lOPPFlJP=w$fHz0rz+n$G-=hV{FF^xXAw(^;vlAc-A~RwVGsxl4mf{FI{1O)e8W) z&rB}i$lqOPqki-0BOYj_HPSv}$k!XW125Ls2f6V;d3aVIu?~PH5EwIl?f5>z4<;$$ zC4-k&I>Kq>)PqmBMU*tNa!Xsco==cRke)%o^nwIb?@sNlZLh;R)&tfr+oO-D@_>fi z6@k~3$@2S@=X~$H^vel(H)o8W@GwH}r`=0^IAh2OMc3yTG!ija^2^^?d48^ZQ@~zC zxhBKIu0>BEo%L@)vW=oh5sgp2Nw)ffxViY%~_muO7z)8%7PuA~mS`yx2LHw_Dsqc?mzq9%9zjSrP;Jk5 zUnB_|&tNMZEJH~`a|0Ah)f22qgr7Zem0kNA7-oNvuTNkjkRtyw^Rukh%E!oMeSPP)e>ql|oLgUW8* zrTE=S$ZuGwDHiguVwnY6G!+M|zM@u?ON$YcV#vBWOrN-Hz%S^Pm*mPBuVA~DXv9>O zVM4&xcQ)jf5zyM706)>VtT?hfrkRt8#5QB{S?}cg%-P&AcqzP$r4%2P;86tEw8fPCwFLV^xNDVgGo?J$f>Oq9 z`~o1tpsEtwOMH7tf}qWlJE3y{GrarjwaC!!ufBBI^|wn7{pFz$@8RvQe=84}c1=`J zD4O>9_{JmvII;XX4af(kO9i|{!MX_0Jh^_au)wzngb8yr!itxcDNVImRL#7jGMVp^ zEgdqW@Js}hX^|B|%Dr0iB~Rw-0qo;Cq@i@uqtz4s*_Vntu<IYR&9mSLKWf4s-2h z-1L`}r>byj$|vLz%5MR+H3VzM2=j@+9GjgW{p@(ba_Kf5za*&6#g_9gdxocf1yPJw zMB<%A05GRJ9=Z&&AyIf+j0T0~4e;oS_ghLSC7nsF@?(CWsF{B9%M`ARQ7D(!zJW=a zoMfX#X;~wp*n+nx%{=naFVtOi6>f-OpveHbnAE=PYv81=VTY%Dl@~517UlQt9xhqO zi5CsrrI}ezFYH}>;j%XyGE?DNIE`9ZrXEe+G#V$yu{e_XOL1-GmNY)s{}C`KdEjq* zS;W`o6H@=}zS>fEji-Fto1R?=)s@;YZjIn))dv3rWhgbzYHa|!oK%O5F!7OU=vL`c z$80GlhuDPj2{jL$amdGAWUOsXn4#?PI@Rb%2y0FC5KBD7-_mT{vI}%9Srt#z(Yuoo! zD0M*Lx^bTl_-tu3O`Na?C=7#G-D?I&naH+e?jq9nhkdR`$hTusy z;Rx{i0Cl8Ky9mU7mjKc{{UXTmy#%JyX&xXHx&^;Z&Kv~PZQ8+=pP|w8)hyAWZOo-+ zFVKT&&yGy`{5%@)%ZK-a6p~lDy4_12LYEcX7}1ZtRd6W<>sUyLkbgt1L-nElTTy1;QF9J3_r-XgE<@KQ8TbvG-*_h=TZ z=Nj+vi~Hp<0rG1BZmD4%o@c@oy!ct{Cl9jtbKu*Bq-@w0+hh@s6wcYmT9% zrNsP<$kZ^h>2x8A72$ZpS{&NTHp$QWTg`G=aB+KQ1NeywQ2u*D<*N~rS36T(fP7`5 zzK^@2*!r3Q_b%J+;d0d)gUqIWsiZAgF2l*6xMX6qw^M&j7ZI=!+daYCQ>(bJ2;l6t z3I9433KrGJtRva5!wGzCTr4_Y z_gS2gcMb?vE9SMnCjAl>0lXjrH65L}7=UUqK)tGzWK&!kO6)TkjpPwCr%cdO_|mM> z1o_eyvMJylo*73!nmwr)s~|YN1V>Wrs^(1D$PEWAW_eK`&pb$k5=H@SKFX^W8mICJ z>rG~#LW zQaudC4Tew-bhD7xt(1`9IMuHO9F*rsGL1-#@*OWH;<`FasK;6f>UbGWL<2{_v8s8d z5fXXa7?DUQeHQ?MZzxD0IL90N4S3@z1JTIQy~NS0gR3Vp!PcgN;Kun?yV+gi6`v%8kVI@;P+FLrrWGr%Kv2%Yvh~1 zqGBVO*MdHiXBxtw?gj+d(wX1AD`p9Mnaj{q=l;5h7W{qIwq~Mx2o>aK)$-T27XU26 zah;hJ46S4}fSqyAWnOz=6!cT6KoNH)aY%JaojA09q9x>2#@6Ct)c~jnaiW@aPRF0U z7!u~VW?tYIO~B(%1wE%jvW91o-2}^JwQm&R%xUp9GHjf1%Txao`u8x>{M*n@o9G$7>CVXpwyQT`=rw^zQ<^;8)r_*umUS_oEddSs`;$5XULS zBb&AO!M2$Vcj_1G|1jWB{^bz_f8|d;@9)pmxdfZaIGqAt%;Yqs=Lu zyW+TA`_^%BsgP?k z@@YTn3HsSbiqZ(`)T)6p<)yqEdU>p6mRx%Rdck#DL`|9uA>F2+PUsZ!6ED-ef7Jr) zjx`@NbNou6F#pbSu2#zFr|zjQ8Kn)s$)`l9Co3*|tCyAt_{=YkuXFO9*PsjdTP?F3 z+ulxfSQPYGN24<9>>A&!vlYdFQw->0z%2&3&{3`!q!a^wF^DMw)sO58i-E8hgcJi& zF$gFI;$k2x1}??GqZp9zr4~@1^ldDdOttysQpfuaV%}+Ifi)T2U61TCrD5PEwX0z* z($*m>SwYPXY?jqm@_0Ep+tCevLU&y}iZ+Z4#-T zx!sdm=AFvksC69{0EF4-RUn+M2U+OO0-fDNoxD5zYLF5aV{6?_)XmKNm zYD7vKLDEK~x(Up!&us#sMZYwH<>J?yz==rkUK2Q3@K+P~J`#M<1o|VvS54qTBy2Z|r0 zZXyTUZpyFw4d2R6?VlRqDlrNUgX2@zKO${GS)nHrrcs|CP|Ay^@z?+8$$jT189@BH z2E|Hm@6cWHlHc-HlvCeD?ZXZJBWFyKqt}$^qU}6vTK@I#6#?GU)9w&~Tagcw@m|Hy zjVxrM_8Q=_OM4Z}b({AwbxFH*LUqQ=rUfQ~>S;j&z8;W>Su)^dB$U0C3zYFUaf96G z67qr6Z`^7!H18uxC+U|>IszfOm>9Sm5yxOSJReFkvt0Qu8? zQN9;%dT0R7JLD0fM5LIjmFLc<-Y+Cu-Peydp)EHwcH?6gnwWe-ODq;*$Tu~pHE=5R z>JLNy!#Xa`Q{OcRS$kIZyj)CZNQvq^z8K-CkFOIzPb;ih;G%-6xWL4JRfd6Z}T!`#Pf)=oyCW17zRZ}YdhF!N*F_&s@K!K%p(eR7@_97MZL zWOv>@TF+Os26la$3s7e0Zl|tfKt3Upr~e!`+jQVz!;@MuF#b%N-|*HsQ@rgzE2uw9 zOqYIHVi3IDZWqT)@J~b*uRa6*Ss4ZFP}f0Zc` z9Tydh-lUb}u?sCHScLWN(FajUuTJq$7+%i=6WY>hFX4Ke!TKU_E0|o3IQY~>pKnqQ zL)e^~g*tg;bGj~+@-K99%3CkQ02kZNo!QXwq9^&?omuayPB$ILPhVIs_dEkg%PfgL zo>ING26!JABB#K~g!y^*R$)y?qBzu!Na}K57-zl+2x_vR;W*v0o@d3$7WtjaE-t1g z8w^_L_YO=?u*_1@31DwFX>p(LFHFv+XyENasqin^`uOZ$EcFpJLFXZl5 z?&o>P0{}J8$%`R!L%`zEZRwH1L== z<~gS1aXzx6lNnSfJSu5;BHtASjJwPWptARgnjf~Ib5&y(@2-NqLRtLT%e~&e2X+}| zDhx_R#rsJqJ}m{8aG7~i*H%- z+sYYxpeOjYEul?{?Y}v}n%Z3$+M?&TX!6%8Cml{TJ)yF~lM^uc=cZUi_kx(zx6`6T z^4v^9s)FuI@H3)lbfZ5|h9)K-no`GK1rDSkGx#ln<^<(L)8h?fBX241a2yCjCjcBH zJRTVusLpU8zxM0I3TFHM3M`UNsi!_>*xkw-x!PMB!UdtmYmw;JB-B zPgcu!?&kLTJK$$#fbIIt``ikdcV`xrJr9gh#fNVvYNe^57oQ@(^QWAXB4WOpA&>gl zp5F9cppW^E&>BOvoZvC(h(r;(9C+=_8OcY>%+%8N49hIss#A5eeCQ1^5ytQw`4+JW zey?De)!o_gPVpfazCH?E~N~Re|1#rdQ_sY=vMI5=cv{1%%oDPEzp6&5>CDTx}r6U z4T%$^zN_K*OiZ%D4>GFs4;;@rHYrZ+y`^|y6WrgsGi&S>&I{cW?!&FE7X_RPrfWt)jyDRYs!^17UJa}X?9X&$C{XLG+?JeO!mYC(-KUZC?3O65yyLBqTOyZ*_d4PK zZejlFu?zFYiwZL3_%iBnSNqRd;)u^B5nCjR?565fYmu4cEAj`>7i`EI8BTh)aWH(! z|3lP!fHigff57+Lk-ZZ(XzooQ2?PN}1qEd<2^$3@VTEZ}Az>&%5KuyhqE_o{ZPnIU zZEIZ>6&Gr?b=C!HT@8%`>$W2A{r#W!dEe(D4STc(So^v+kwR3B98v+DvdxOdMczA5I>KTvViN^=Z&cZImv z0pb8Zdfa=Q^BvljMCt|M>mDxKE6q=a(JH8QJtdwN@NIZIt`CDit0;C(c z2?NOX@s9N2cW0uoA7HaQvY+HOW;s&)Eo3Uk{J}Q&SIi#-8K$cC{2Fz6=^AA_UiW?I zF(5k!2V|D;@JlH%u-%hJ!~Y5YV{8jMJu<-7^9x%ky}i;dHX@PUL$rBesOoPmnQrYI zYdKAr7dp%KZ~MbSqU|cc?9@Zch@{W4pYn_2hNvX?D|Z{kFxf(tY&|7QqYh9CSOPXQ58w%m}qT{lH?oQ&d;UBGnRC`>~{TZ@t?;|a62CNL}9dmbLNk>3I9oR z<2B$Ar+A^qBAC0Bs65cuo1W3Vya&ZN`y{zHiP36MBet1YlrP2HrHfBi zQd<_PJZXa$qCRIi(1JsxE#=((jwIkQ`g;aV#Mxg3gNtBvx>C9@wf!T*=$zVmh!8{{ zUe)AdYyQkUZcMUE+CS0_sQHEcrvj8-fNm;42fjg{G{zDWC$%uc?3g)SYAu89^eZI+ z&&s%2zL=}6_ZCSo6gC3cMzAA`guWgy+q|5-TSG;W4Cxc$x3jDa~+-WjYE z0b`dofrZPgDX($fPV8J;BWkjjP1ej<_CX_V6w$dH+&LBx`id(Ju92ExbH62w)ox=2 zpD;GqJh* zsd$;hv3D6(h6sigC+XWNFzRC}XY9}6{BiwGA0^VSq7F#z?cteI@VPzCHfvljY>9NY zb>>2n^Ge&DuubK2e(-N0qhY3}~q{UH-$6#p4sq~5u63`w``#m8#ePIlvgFNj84 z=6RarvC3Bd`&>_S&n((YgF_sRKGl4ayI(m`VK>raus6dpG5ETs?J3msLDR_yielhz z+n=NY$>By=ojN&=K_M}UjZWqhp<{EA7VPkR$owG*+0IU-oXW=<1x)ja)@hIdiLk#{ zoG@P+(CKWnQs%(j78RvgSV_%_eWbMPldwKjJP)|y*?c6s#`(-05v14_iUd5fE=l}J zBDCjQ!;8zpBqwKcJ5IzcASM+q*-P#E#F1MzeEIsvu`!Zw{xHOo+mW0DPuEf0>e%TB zt&2);2rK1854Yx1QJXk~$6b<2LP7Q)msr}5w9|4~RB&(X?{=0H9nLYLEDm!xbu-`% z$884U;hCEO7@iUdtXY=?tGxvCQcmL6p9A9Fh-lb73PD1=jpHno1%Si@B+WNd)8Kcx zSpa59;o*--D?%pVjV*c5VFXhA^WZ+kClffoV>l0=sib(bSzC+I81U_k3~$)EbF7K> zS_aH#hQHOJ5UMjoEM$e08775P7>JNWyCB5C?U-MT%x42VNkXbMD%um2@UQ{Y_*TUY z7pH--#LV#|q>n6&q*J70FETk8JG0u5Arw9OpPa{Ny4O6&BDRzW=tZ^!h)&G7x$<*iB-7P-B5ZfmRN@Lr3 zRMavXmA?n&Qumh4_Pj@+kK^Yz1U!y$WZeBG&Vdf5NHjH*%JR)XCT#+1%GxxHf>#P6 zV`7u1lKPfQ3p2Rq@Pd0EafHt)hu;SP4>s%|4O2*0?jw*1BP+f(jfjSdY}%PRpD==&3QdH&oUPdw-4g; z?)BR-e6L>=i|$S{vPmp0-P#1E$7h*{sB?&O@P}spvD+*jGl6Y@@zPh#(vV0Y%^<}0 zMubsu-}>XJjv*;?&=ABLJGS;+1PTV?5D*0!8D#=;{A-}%=wLSL{~M)Wd<)+*EyaN4 zQ2gO2e(AnkX`E3M9HVccMq+W0fv9~c@;ud?w9+m)0?kE5imTz2pcIVlZ(@@)d}%#; z1`>xw*dKOt4NNQS#YKJX;%FY)4?7^JkDVJ1^Nz#&D7bk_3Y+Ei1ojWZiSppYRKUxm zCrWgqh`7B!tBXeDM#f5mOhmp20Hd4bC66zE2}Q)!gCP53K#-fqSy3mFg%s`-QWL6% zQq)jXs()M(a9^7W+*4!3__)BOYrjcL#Is6g(Gu+*nNU%;4F;w%*WL*%@SV#(`hmNi2<&+ci}pcco@D@MkW{N92C_y!z1H%20mZv6X$ z>6x=0w<6~6_?RM#`N zT{Q5SwCG^F@gH-dRAh}}LtnT7o8q78O*u|;AY~m#hr!+MaM$?tSeX6cLKb)F(9T+z z+o4;PAx1^ugyOvUbQ_D6pH>#vbqfSvHx6rAy_*V7I3BY2f3OfAEaMJZP&c!^%hh}) z}_YOAUX#ci0FDwMi{%M|L?>(F2H2QSNt1?iNV1lb02uX9~1j%1LwPBg;(d{+_tI5np$#7lvmDS>X`!Hp&t33}|Gs-PZci*T{@a zCUfFe1HbFF?nuyn|6WLzQ9>$Dw4a0}cjwqMJqOwb zqDLB`MwTF7ENKpGq=3oEk%xpeNro2sT)6LQM zNpgc(b(0@87r%)^yy(H{>idRt?$PPihD+_A>Gkf`hGXrYT}a?q!#O+C+VFKPn8XI# zX|)imQ5pQQMQ$+-a`%{?lF51Qp3C5dCHm>RzraWHyWIB@;%W3#G=V-6Nn+hhk4T9s zyL&SP8{}q_O^L#I%ObNgi^8-)2G@7$r|p>|&^z@=VzX~A)XZ{hWjCm7kYv`x{@?Xq z&%I;)u{mH{9sD+m1K`xzfAO!RDP1vS!WRHMzNZ*IWW2S;SkbzdXqnNiH@EWUwes4} zOBRIKI$w3P#;~m+gmB=l;tXDJorWK({1^V(&LcYhV!evA+k(&5Azi}Aux=5h-f#wy z&?X_>w4lods(LZnvN+)Q+4)&b_=4q(;NOxcBq4pH86Aegi|8A$1y#?l%uXcRDHr=*Oa!; zf1k81EJor3v{2#WO1y|IF1` z)?FaJ8k>dU%k|b>0IwYC&Ij{+Ie)-jz9b?N{JK4IWWAKl3E!KjwGsGY3CY!c$g$nkC$V$p=4tNbTb zXTt^C@|H6ut>Ce%eZF&lcNu%Y0aJ%_KA1;3XlQS5>j!ZiMR-<%CqKA)e}(zy^!Y!H zjH{rXugcv|fyNrpv8lFHXx&w7F)O-d8J7(+w%$psU%MW zAx7t&Mw(sLd8cVoz*q(J?pFI%=-nMsHsY1d{&_tk*&w@%*~dY&PUP};i2d&&(0>GY zZCd+S!D`}8TgzpULrvIfdfFs9#mMGN8~vM^3PR4w=6HL+Mf;d@27p1XcWg0Mczc-CMjmbsDesGTh0}w*OsEBT*n;W<|<%2xI-H6EDV6)5!To z%2>K2{NIxn7p1LYIU1FQntzwSsnCRdkH}jekG4ILys3CeB+R#3YH0YiiQEutt`tr0 zzt7_yxB@PvjHQY^C(TQ@xv!?booD0B#%QVX@1S(&F7AQ7EE}Z(JAHQE!5{GOY9@o- zcP&m&(uB>oXg5rV`Fy^7+B1 z@?XsCUwn`}l*a9=TdkK{sEgO$h%I;m_a&9LG1-Bm5DVOF#3rA2G1r{b^nKl%xXS zzZ+!doE)3SvAo)+kxF3g^HInkj%hnV{JFjDGm#K!eDVq1@H6`Rm|bseH#B_@vq6^$ zieQ9CC{ch(JI4%8mSi41lOxIZqm5neJWkTnjbih(bY6%>RgO&bu7C{E#JhYC-Ad~t zIR4iDO8z?fJrRXv{9RJEIqy&fYIe|u*Ln#{JqCu$v&A)*8Y3C#F7cQh&CZ$j0 zTbJ}X(3>6j=Ugy+@!Q!nn_*Ib&YI|ANAfJ(BrLOw&b@AcFZm8sM?X~_@BB9dkw z=KjsJhUH9^Ob@Jk^uEBpfXT85b63NZ_5~>9Zv_!JPm86o$nmIq`I&qw9&qu?7$M5P!@Q*+g*(_}ZNg(E-X_*GDrY`+{Kscrg$w{j)k&>|pfy z{n3>sPW?JgN?F|vYoijM^70^*#iCz*Z|=9oIFl(Nf_8|c#S23b-sR)`35TUiWD6vC+Cf9n<;&A%AeCTTihLO6!`ZE>iIThAC& zi887LKWnYg&XOH%rhTh;u|6W0(9ASO<+J9F8?#TtpI0l!HlmL(Co!&HUXSF^EJnf2 zP!`SH|7r_}mV#(^MYI?sQj#E=f<_h5TynukGx?+zI@LReloGLBVa_FzTa`rEjzkZu zSHxF{d+FNxKV>^8@=un@((+5o6Ia$G(#?9YSK|!3lU9 z3Bv|=5DZ<)*DqUrPFrxID&2vQJSY~4`MIRTpem{U(_SQ&9=}-fU zoIR6FSVv1e%|1eEFl^6qCL7?ULpkNAIErvnnCO-Wtz{hTMAp>M!D;KtMe~RLc(H7z z*4o|}NvLc5`5Lhy4RfT)!e-$)UhTrfc#`zU`0Qt(SleHugUpmP08dfprbyS^z`vX| z$F>D8JF$s5n{Rkg{Mq9T2db&#dF0vCV0ku~<7kJeI@n2%dKh zBGr@R-Z7LhQ3>UiwuEA7y^3*dpYR{24D?XD>J?8R(O1#7fsK@JS|~Tn;NKt1Fv(Y5 zwyp7^oOBuk95qm6zks}p7p;q_rP@w%vP-hJZNtZ69ZruOknsQ?o21F2X-AUE`;O4z z>_l4P(d11uaG;Nob6p$K#&C>aSh}?cMv|!LinF$*Wwl*g;;H}c_55zkUZkIVurXq# zt*VSG7zj>2^wkD8#Qg5nPU~V~)dll)$hjh5G1>!uA^Q`U)dTiJJm7TPZT8na&t!Xj z(>NQ1dQN?jyvqN>Q4Io_@s>3;G_Pp?`c-I3moRZ>SS)OzTK7Ihv-a_E^Lw`y%z>wd zS@`7K{qy0r=SIkmyKg_vVUg9CwxEU4i8010-EnAq7T||vLEHxK)TRI3ZP5(Y4Ygec-C-re?GQe%58C=?tk4CimtyIZ>qWYPMfff1ZZ zGep9N?EkKs>QZ3(vQrX4bV;@Wel~4MJBfgPpYCi~&3cHEC5*#f0mo%;oElfK(+a;^ zYiVucENkPO#bY{o!BB!=il_Z0!LQWy|2&o-TLhkJ#3+62qni~QEO<{ zsL*ZOf;q^?S-FNxb&c{2=u_@;(kUiC)s3RuPiaGV|{SLC{3_s%>prM2d5% zz>0R!0S2m0bxQ)J0jHsFVkx9~azN7-wUiCV!b{%OtC1 zZTv57?w$SaZ}IUG?&AIB!F%F4zjSjbh@@t9;&=+HJBD@KhK9h~=1CvCupTr-c|G#H zlW^7$mFLJaf0X2;oE{xi(s_pQCGCwI$l%-^wuBB0464w`7>l9XQIa2SIktTEi{-O_ zf|)IxM*nbxNwVpj#;QWwJHsAhDK`Dxv9YY2Y@MCMMWvGS+XIgCFejL1Ll%!8QZG(3 zU%x&M{PIJ<*biq7=~ZRsf7ASIPVXF0gWmxMd3Ort^AC6NM_|B7`DZe^GwqHfY=JP7 zPq0Vln2~NC$OZ_B$Ni1H+5BEP#1diOv5ov>17GmH(GuaVv5xy7+^gb)5G7vF=Z$GT zCe$82xa}dab>$PI-%EVHvh@8KEKI3FcwXl9$FzPR;90;qC$2F=O2ZqfcrB`ZSRx}D zLFW7L+Ebl5_{27&k6~jB%}xk!fJMb#kl`JP-~BHcr~k zcbP<$++Js7KVc8gtQ4M|75h$cxpRii3a(3z?i%&MPycA`*dp+=+Nu#pk}G}mo9}(* zI-3_O3(+6^*PXT;{S|w)BjCA5@cRhRQo?Uu6z=kZk9M%ob`wPE=*HUbT2!cIu{2Cf ztMgWzwPf-XCoD@_=!l9>DK@_Zf4{2_Zn~;6XCG_m{L8Q(I0)x-&OkALu`gx3L2)lWZ57SF!*_IEVSAD8@kxkY@?Aq_hLu$D&t z?x{?^AjZ77a-JPu9yXXW?a!YjpZ!?K591ccJ!|TVKt zImV_s#M-_g$K7_M3vJ<9_FCDs0+(EeFSQ?S#~LMMx$!dnEngc)-%kon08 zsyt*lR*$Y4sppltfa9z~HY*>@;b$dc8SNhhhM5Z;5_2eqaqS=Z#u=79osQ*n*(5e1 zqWs$IMXC=v8Q6ADOD$>_w>P1DW25EE9yIHNYMdQZgp=$IL1>T&o7j)FeW#L8@b70% zum@*n2MWh$k~mh)PQ!5XkHYsW2oDu9e@~jYv7kIwyL53@3#7KX41wU_p$ST9q%~$*F&H=ab;oX=( z`2%ElJSXAO+>>d@VGPgpk3pI95GFVuMixz9#?d0ZZDX{0#jPxZf=&LM&mQZ2#^h)=gfI!X$ty^^ftUr<%reEZ-tbn0@RVRo*4VHZ<^2lG7FbO@M}&th5qjw`=n8pT#> zSIzj$&w{ca3tPr6SD}S3yA}`9X4A~Pf7sXFcrKr~QgSWo13V)O_H>SJT{PR*pK6pd z_|%_mj91d=5RY#7-E57iefRtZ`GYj*+#ilnlR={GKS~LDeRkD2TXhblk1w)tI(g{4 zFx$5;J-7bcB^dYJnZ**_XQE-6`Q>3^i#;phx0Xjty2I+Q$S;|3TIdJU) zEqm--#abvTp97B5hMAI!iBCPxhOPLk{b)4}GCC$n6W>0S3Tl5G7Iw-OHwoh!izJ+c z#+zOl>%8tS>5e|KxY7w(N^hMhP+ni~^Toq{JEm@W(3Z{p4AwnX^BRfQzY+_Fd56Ja zIP=p{Zc~4%__<`YC+j+~+H=^{bp2l#0|#RyZ(i-AD_W6ewdbM05HQ7w;0LX)2j-)a zTY=OxxA7lSnDI19Iqj$N*nuV>Y66?LGUnl(S*1tbVU{^4IFH1kG>66x{E!Kb^Ahy0 zJX?3kwsy}phvu5-au)tJpq)A1Q<{*4X%1ZoRwft0nx%=8SiKW8L}!Sb49ftB%9voL;7qo7$&G3duG zwVy=oFH9SKwcfCSVHyFy)JCB+Yp=q!8Bv2HIiUF7kBUre)uCE*(5k} zr-%gb+`}~n#w>i^LVWm_C?u1KOGP`Pff$3oF<^>+fIC$Z`T+=1g5qI$1D_snPVNiO zQt?X)_>svB@idPTcD-gfy*rs{O#%Ghcj427tMAsw#M5w}Vg&Y{0LC6A(zDoz98fm7 zUg&i6Si=>J+|6eSIbu5}2m^glG$HLb0rl#z>9Zs#UEmz0DE#bqIcHYSasD^RC1S#v z@#btm(L;&fXK~^7|Hh0$uR}MTD;ecU411G&6neqe%2gijr-Ty!F=4+fEDTeOj$QiM zg;b>TyfbzX;uW1G3Cx1idz~E*Jv^p$@;vzYE86>qiIFT4*GmH4lZ{VoVduuiJ_=pD z4j0i5Ld_&w!@$g>v8tIgsJYzVy_>(NBL@+m6VV>vZTJ}wF^Rv6C3w03?Me}MJ2?60 z1Kjan2N8+#Uen6%Acc|@=legxT`BlLn9@H3h6lp@FD;l41&TAl$@t-uu~jE6fut&f z3PM$oNChd`5F~>kadYcV04)X(sboZ~{y`|?&;}(O=#DD~k~?#tBsYGuFaPmwl?tj& zf`S1*(J2X<=E#=>JMkca?H|JZeltNVeSngP97-T5Y#!YzqU6BBKHfb1pM46P3lU0ULRg1PMh)V2r`%L8b0IXa)q)DJh<_y)rVg)QN@Z6I-Cswp^ha0_hNK5l`}0 z5lDkXi~0m06%r?c+D`J_M+Im)fTzxzqyltu;br9v6<{>9s1rt>LSvrbMvH6;p16SMxU-4O;KSAc9;lBCRw2w?PPi@IX?W8YU(KDE~f45U<&q z8=!(VsGt)Uq0K7jr;E^mL~ zf_zC!m;k>b(s;(NtXQY3o=^mN)`?5>)sM>kMtw1qY&3|gOT?AMq!munG;vWum5emtA=z>N zv)H)}i%V*0bzQXe?h}eiXkJgp^#a82e;!4CpOBm22@3gXsch)~cjhT7)0XQCL7jn- zY7nP@Hist6If;$dW8=#)dWi}XN76`ZpDZpQJ%sRRXMUcd|}KEk!829PY_s3uIH$HrIF@;Ju-`6!hY)QPLBNGl;v?W{Ud z_PYVifG9*%ayp?9r-iE~Ffz)@>%{fN`u`aw6_9CQS24AvSX;M-lH#oMfG3E>@g)nG z;?iQen?X%saFgol3NSH0X8z=i<{)rt>h+qGn{e zR3Y?uMgtqwG3f>Kig!CUu({f`{^bl;21MhZ@tZV}(p7DwAyY0<(3J3uI0nR!Kf!d> z>{VigjG{MIwcz9?>}o9#6hlmik{6|l&x7*PRe6x75lYWapBR;N>7x0|32 zW@UL1X|GghEEOB83hJZAQ~zh`1nCQ*%&Ls7s>Di$MknU_#3xQ$o@;D`lNM<6wja2{Evu4_R)Ori zdQDy47x}V4D2y5>tPyD`Urh6kqxPbynAT?)(uxrqv;u`9HmNqPD38%a){qWZ5aeI( zd^L9v?9Jst#H~<4=54>Udq2bYr-ws;oR;z?_F$y@mn-DL+jajacsZ7w33JaAuP=%A<~LIX z=hHXr_>71k!Tdu{+sA+aii-pAsaZToe3y9xR+_;2aQ-7T;yr|fsf8)BW295kBQ@r% z2&E~K07s9(v+iQ&*ve4gRp9Z(7+^uE8lTc)44zDue}J+Ns!=nQiV%o+@b<~H&j5jl zk_Y`26nHP_qlRlTSI=gHDMR$)JimM~d=KM6i`6dq>ez-Mq|Da@f6!2W#E-H44>2EVkW*Q56I-ZuJEa&!iZs)Q(OljTc(37a%atENiT&E5;N18jzT9^PeH!e2 z3}rzZ)$}k~2n3kW7K(Q>4X~kPvU#w(;cSyy82hPRO?{^3t{VcY!o@a)iN??X=b7?8 z&h8DN@=;Ww@o>K&GAuO}+cjX*d+Ct?Q|(U$m~M=UK`S*}zifFZ_s=BXhJ3k+Ql|j| ze|aB&y@viegFH#Knj54T6;Rc5xq8mpPkVA51b-fcD1F>dxpFwJj0Z&xA=#RMa~gRc zWwHiKyCffl(cEBy9aJ}j+|*>xqDXg5Y6gO~zueS2Q-{Dh4GUj5=0JgtXq;Lvf1(2y z=pv--qkCwWZ7Fp zdr3p4m=Lyxeo%|M2M>X*1(TZPN8xa~a;Bpr7m^)!GMNr&sMFfWEBJ%Pp;m{#|NQBW zdizvaki7>Rxq+tCcjO4~bprKPPOg3k`=|zC>LTYMezeA6Xd1rd z`4BRsp)buj(r*G{jn$BOM6$67Rvtm;scDya_vp^h8jS+4Wh2jqu$=JmyVbv}8Uh=e zeQ;Iy?ID2Wx)B}`$|0c8EmxSv#i~6&s!NN85VM-!q4>mY`S(eNbTHI}s5C<9O!+9| zxyI!fm5eTSHM3uhc@6^N%Ge%x?!F-)(_o@ZxoO-qHAqv03N#w3-^?T5nUD%~_yhI8 z`k~My4gL7P@=w?-9P)4`ABT;=yBQ|~))b1;B%Pt5J3p28(eNQZXELhz-dU>XW2dN* zXtfV9gnX~2n$+tRLm*ufpu8+MjsHo_4O4_7n{yp{Ck=fsFHrQ#`y4E4dXn02&RzN= ziaa;oMCGcnH|pwfqc}LyHi}G)aJf81Iv8z2K!og1y*$LTg8Ni2AEmgcskhaW>xTfY z_VrgcCEW$z(!IxI6bRF_y)MV#z#(K<1LhdyM}_}Vl%x2~q*?me@=%9c;an`WD}4|M zcklmjB-P~epIQ=@2OvlBMsQcd|F2YT@?4~$&P|l=irpZ|i@q5umXQ&Qr94W-Dc%c( zbZA>RHD3|xb+q}7qK{gkLFQ`ZpCEx?tG}as2DFf(3>9wI@JG$^QPCc?)3@rTsiToV z>YhAWx;!F2F7gA7YzkeoN-^qrPXksjkdF#E8n^MYjnI9aJk&3+pgN3X$){=f7iP;%oF6s(#~S%(kF#9m zDC3C+JGq#=CrZ^0U#aKR-o+NPrF~h6L$NXql$a?E$uJ=&)lMzy1=EH=fQD@-k@qpU z8nA7FyieSs;nvdSqw*7tPKrL!wun@ccZ(zpA!H8lXOcBHf9Pi-JhE8r={AJi(U8=1 zMKee3a9q(hA+>qCVw4j{-qP>oCf)_L;;dpca6z~*OKp}9G0$j_&jq>SA@Es~dW395 zuvioP{S5i2ON|B#iIR_ctkgKlFORu7Lz^|sxXbdREFl?d14bjT{I_zGbF~H=yd-ZK zSIO{R=;#9JG~*8j$ww8g>VN`uw(AggiN-fAknCj76!5zf!z9N7XwVG}lRKN-Wg(_) zmJ!z*Qq(TfhY(ofCZx;zsP{D3eUmhFB0m~x%#{$&3jBwVNDW+6AU`^(n?-h(XEk#^ zmI?MPA8G^55;DTEkrv6w*eE!a=QyvD*VWpBl~I)~p7((FXZFi6fv2WW5z33zU^8;% zM~Q#v%21f0cH2XC;&T&_I=#FZC1Um@n#tcao#%bb|K%7@!`8l)hcat5^pmafKDRCE z@oQzxGk_3E<|#)N!|H$|icsp1nyOYG3mD?Q&c%t)(n&*rqVZeikQ*{;Vktih=W&#w zsL*Go@5`~jG?Bh!UjlS$WV~Wjs8J(M3e%*SYUW2Zo-kC~t5M{Yk~mruSfx&nRhaOH zYA&iUIk#$%+0&&P{`xBe2pOJoNvQg-m zhAYsL5r+6m`RiP1Znz0##$%flp`tG}Q#TaLk2(=#llkva)6>ZzMnz<{Uf#l;O%7TD zSE{SU3KJ5h@!Xm%Z>G*W_N$uLMcGiQ4(L$tZX5!EzN3k|eM2MH_>OWk8mAWt@;+{| zhMQZe-E$NiX0NfzLvT&_P4cQF`*M|^D1^tP9(7yQAR=g*=1-nIu6FoVZ4M(lR5kyd zVulBU=iTBigl1iaj=z$J_zBJ}xJHH|4|VK8b$Rg+eT~N9#uVuW+yv50SIM}WB-eOs z`ddDlv`x*YDL!EW`l6fUQLky7I@;we&eWQ z8x2+ZJY8`WISZ*Ns%auWE3B)_tFJ5whxMCaPC;FnPFp?+D%O?cl~x(^%EDmDg?W_X zyt-n2d4Ud+x)s*tmEn-?G)+s46hWj8Iq9dGS7*?Y&aHV3P%&vmt1l|flWkHrFtz3N zq~H)%lJ_eu&(K7p79vem_;HO@n3qU{Ndww|DW0}mJfSqaMn@x()#Qu}KbR|VR(n0G z$P0(-@Hx7?s$$fG(3Iwt6k~-KzuCJtjRplYl0qG<&k%$9N5`U8w| zeJzewg;R9&Y2{cW@G{48*Rou51TV3JtI7FR$gLsQYBo6$;!!GQ35cQD^jo@cy;q&cPM=!5n(Jz zKufFFFh)Gra`Kp3V`;I%4v|i;aY##Gv0g2zq~}&KNMBggj|0sr)T#<YEF5$JWu*VFb)3FmUYF}g7<5TUc@?e0CkvBrDhivBsJy^ah$;8s z_X%yzB^;@tu*;PQt<5WrEX02+ng^w?R;5&{7^MhWSfC3>t7NB3^VBX?04*JGC@rp1 z)H8J@tcj~9>8o>H@XN)Gi4ME+lht{K>NTDz{^gqLu&_8_b3H;&7^iE}Dh9{dRNHda zc&O(TFCvUJ@?3_>x284pnRoS?A~Euc)$IP~7Tk0`uub)d^9hb>*D~Jh~35<n5pY=Pz0lOR7OdOE~coi z9GaTQ!3Qd5$A;gnG*%g0y$?f0M)dcL#NSsL^v_l`P&~*lNiY#rk&?=S#v1od_enm3 z)dgq~Ls?u@k{aFkg~R)>gTxj}Vvx3L0!w&YPERI1pJSpTGYSe*47Hs_#oOw-cH}gd z*E1QUIkJS+=9A0%URhJDkI$+M3zW#_lQ{{+7r;lveY*Ft+}PDvz>CfnK&rxC^bBq`6#Lnd|1= z!@u5EEq6y`Qf@g?k^$GkI(CbGm#@zyValR8C-emk&m;2+!d!`)3pYHBr$+V^_b!m- z(-&t2Q3Cn4#v>~a0i$6S$g3|ckUvO1qTREh;ESJR zy&{?0XT~S>|*GWV;;p~&7cl7!aj8mE-_d$i;Hz#y7ZqvvMT}rCgd>TR9 zNWh@Jp+N5~#|#TSt0oi|mkBSie76P2Acb^GfbQ0;{yL~AyTlOtt-iGGiwmcOH@`mU zwn-?H(k>tqPWcQXekou0H3w?nM2))?;MGc`7^G#&nl_(in*1@S!L?s4C3UMM{=RY@ zXk|*FmEKQ1zw)j$N~FQMrZ`7Qinq$U3>%m?p-j@~@d@d*TtZKUH`2Eq^YITJ`OUY> zM-n9SJ~hqrllT#5m(T0zvOn;mGW~=s_=}=wW1a2Vdr6Oeb}bZzpY$wFGP36u`wqIF zm2IfsyX-#a6!O2IR;{ZqmhJMBmodFzdX?VaeR3aCLuR|p8!PEEim_;@Y;Y6rT7cKC zX)08EcFr~3eO8TU*Pbu3j;APE-Mh|Wc@g31(NKNKg&tdEGev8^8Gn2-aXbJwZY<4^ zB)Slc7>MfmshntzCA^bUdfejKFmDk|&5y%-P0*iLPW61(ag)NcFM$~- zT}*6-;Aljfa{oALQJ!yYCCx6@sJnqc^wsgCawub8)DNdNupy2=e6mV?9}1wvt!Tau z-G{=&&~XU_iCJNEh}YUBcYS?2|M<3V11qvS@GuIajTg3Qqi-q<@YXb`bQ8k&Lh)^3 z0uT@P)QA(I8hK&~mBOP7P8qZjoZ{f$(8bwbUf^?i?TeMrb1~dX6Qi^@P`q}xoDWOW6CSMm1%}_z%Dk#!(*9os5 z562Ec@#H=su~tDw0mC|3oklc0P^>YG=jID*v1lqy1@ zGGT`G8>mtRRr@xhf;ImVyL${Os6jqVDi_BuS#$vq^XD&tN{`I~DZ(MX>8Gv>TGU7rGX!e^wlU zh=Z2}M)bfCIFtwp-t0O;?q+Bv?mr+7J|LPaiL!Hoe7c}-_j%t?^aA;HgUg6p#n*x zQdf-)!o;Vt8nu8g!W4;{h+Vyc%ioebDsB?Q2SGPa3WiUUQxeEE5eQsfdZ-{=1xd(O zY`gENg1iP%!uhsf)6ar8FMTe+#P%Vw;4+b1yXCQ<_g~`NlW8g_giH{HUI2nOAe>yW zdtNkou$V+ZY|y%{6|2aPf}RLo{*p#6O#Yln{=a^Qyc9X))woDi4?&tCC@&WhsNNL% zK1E0XCA4VoGp&;;)Lgsp@$}lEwK;E6-tF1tn^mxda{F6{@dxZD-0yMIsHuz{OBsDt zl^<>dF8O)g_Fo#_^&Ox$9Nt~S*>l)**7zj9e`wOHi!;_=@AZxR&+qU4n!dcIgvTN% zbHbX7`$}Hv+1<^nPS0|4!+z@@dplIX?Vdcd`Q_-bRd5sgpwB#qDgR!aabYHF5B=8l zAHTWQ>)Z0sL(HAFni*)yc{8(Rb+gyrEc%=u(lWQ--m@$GaxkB_U_dBvreto#2SwK{tiGKL?OpR9cex*UCCRAifg1mu zcklMpr3-$V&hGqq@TKv@vg;RTd^phSTk5fzne*)Hzdn@ic)aU2OV%J`?s-@Bux8@C zY)8%NmF|9B{(sk;cApvSU&CFQTHNiHwbwb2)mt_DnRx2lz-35H7;UjA_FBMyMx(_FB-X%3hz9-a<a-zMJAd=%Zh@MQqFbr6Fa@_1{R#@wK!o(x#x_gMztBMpic)&TsiUgA-`^ z?~B1{^p+Lwt=L5HFkCGe=>Nx zwp@71_V{{EPj;5N)9w7>>B?h^UvP3((cTxJPruKZ&lYI{p|$qV7yGyOjr_WF&RItM z-#Zs|yl^W%#jtsX@;$^B)D%+n&F;7y_2ilZ&bR{PJ zY0Hk~eFvIFd46&6i;<&BA~Vt=ehq#Yt!u0Hfqt zw}2nC)F+?%Wv!j>G}y*_TvGJO2C>?=^VO9%;X@Y1atv_62F9 z51uLSS6MyjLaQyiD{ob`O*-~+z_FYeC(^QN;tNBZ&R>|Y#M*aAU1+NzpN!vGy0J0g z>7rhTC+UZ3k+UKaEG%!$8}E9fc-@f=BZdPR51tec-_fIW(4G#z*L$6R_}fLtdrj$c zYUURHmbkY%b7p;b%+@T|)gj&OV#1~b9h#)Csot}5#?I$uTZ;>#t87~mSCmfQ^wXvS z*V|XMU3b5ykeJ@X| zeX47o=T^AIA4tqB&MQxvK77bh$AUNSlwP!q{XM_U!BJ!D{Tm;x*>yX>(du^pRJGU*68!Wy(O0yZ@(DtGkIg_vD{RDzy$6H0|5%Z_+T3ZSTaIS!mG5os>i~NV*Ow{yg>YYk zex(9Of(yY&@FxTjW)T(=wrlA5k%B`SVpb_wMJOcvRfAWKf>DHV1fKU(2x){xgk^+} z2zi8$38x9=gsWuQ;4Yz_@K{4ezJe8m90H%TTQr!hQ!t*8M3^QuJ|rw5tklpBo^I(~ z2+@RfawZoMz9f82_=A6`Q_zXvLFhr~Md(Kems{T<%pl|w_7hGL&JZ-hBMs(e3LFR> z2$6&s!ZAX#21j#+9{@}>`07{Gw z$5st?mI|B+Ze+TNwHrY=LHL1iQ6#ucxI<_pywKoarJxO&#AA@(6MhveQ>_)uBrIof z3HxN}CBlz{8bU4M2?1VI6d-aZX>hSskfUL|ooY_V)evqk-aOFY>!9FGLMUOVP>C1y z>j+Pou%m)90o0f8 zyA#2k{-X>w*hl1&ngnNXCgjX8eJk|Mx z*@R41UZTkyxdwB*DOUP>sYeI{2rS?*!rO!~gbCtYqI6Zdtj(5QVg1+311A?@-d{?@ zxl}2kif}`6!&|dE7T)Sc>COoDuA4eu!)_n-mF#HdtH7GT9vBHJ0*e*fDdkuO^X{q> znKa{YcOeWBKnVm!!#Af2y>*1$gu{eyMGaL__dDS^;h!2T-%!9MI8;n%w6J+!#Ag{6 z5UQoUxiQWB)DJ~(H%ZDW!UjSS;R}J8>96YL3U}2m!cmFBH4UXb)UMJRmOT|D6Xp@J zBv*z2mEpunKXR^kCms%;irIW!(Gc8Q4Ulj$3Er6N@=oj=>wi+3tB&xDVZ9~o?@aI` z{(G*8!6KeA;x?l@B#m~54dz?>D6k?^YFMxK5**gli_l$!izgF6PUJT6{Cjpu!;ZcR z{?6k~LTVADvfV5*FW?NY*tI-egVl}%R~c4OLWjBJ5jbl52;UICBU}*2Reti9r15;R z=%+Fr7Xqup!25^+44=23Bk(u!eB<5^Q5oWUWD4qLp3ME#TLY?dTnW^0>O=LUhW?8b)4*i;8YHNrGt`?LE6#kTX*Pw40i(!t z#;_LuPAiMfw9bm+<%BDQ>(aW6k%N4fk3)&`LvfVTgDk}~JbVZNWSU<=GCx?pSgD&J zHtv_s;i6oQ3vmfP?XXzgEe3k>S`D#fq%T(oy*|zu$1Z`wYfs7e`Y+oPUUCpBRF15@ zuy6aiAmj1-6Quq!v)_MxmZlKqzCKa2#ADuW?`ucCVYC{~URK$u@;^!NOtwR%%7M4m z5OhU#Rnh+Ywk+SWKP_jDcjZpQRkepqRwl@JOya2U4!tm_Mfcp$Ew9ce{T0yEs&QP= zzP4r|u7#eCP4z3<#`cST2X+!Ij28Fu2EYXdb;O?N)*%^yh zxGX#B?KKhIW58eW4CW6K$gHQ=`0KOhpDH)B`*>iqak1ZA6 z{AnmpSv)t8Uw7HnNPVvx4~E|J^O>kCi?Ql9QMbkz^XAPMG>^n=%LEH!kI^%&`oGe3 ziP2v+R`kw|L7x~LH!6LX$Dn+o)3uT2fxi47v<2Dy{VjaDHWc{6{iY7O^88sSufX+k z^aE1nWz9{Qn{v)4q1he$9_t-940&*X&dl6GZ)s(1V{2#c;OLa(lTw_55leMZQK11I zWm;rxTrWq%jw|lEv-*y9F1gDM`G4F0Rtah!TdyBj|E|IJZPp|r@_=Q$!GAwIFKh1c v-48&YuOCxk=Ak0%bPBruQd9fbtjMx;Rr}USr_8fTQo!$c{r}JZRDpj1CsCPn literal 0 HcmV?d00001 diff --git a/toolkit/resources/assets/isomaker/iso_root_arch-dependent_files/arm64/isolinux/isolinux.cfg b/toolkit/resources/assets/isomaker/iso_root_arch-dependent_files/arm64/isolinux/isolinux.cfg new file mode 100755 index 00000000000..ad3722d179a --- /dev/null +++ b/toolkit/resources/assets/isomaker/iso_root_arch-dependent_files/arm64/isolinux/isolinux.cfg @@ -0,0 +1,7 @@ +# D-I config version 2.0 +totaltimeout 1 + +default Installer +label Installer + kernel vmlinuz + append initrd=initrd.img root=/dev/ram0 loglevel=3 \ No newline at end of file diff --git a/toolkit/resources/assets/isomaker/iso_root_arch-dependent_files/arm64/isolinux/ldlinux.c32 b/toolkit/resources/assets/isomaker/iso_root_arch-dependent_files/arm64/isolinux/ldlinux.c32 new file mode 100644 index 0000000000000000000000000000000000000000..51009c5ba8d947b7451cb20d3b7c939be3ea7a67 GIT binary patch literal 116144 zcmaHU3qVxW+V&n8VN`TRBSXW)niA6r(qocXXn?rY=9 zqzTCui$w|i1S`P`S<}6WG8|aB*Yq2%M8PLo30JNV{(xc0XUD=N(7f%A7?s&S4yKY~x5|$981dZvYIC~?UH7Hc6 zhSeegelf%YD z*@}Z2Elx;bQ4+g`j9D?T@>*qh@jonIUHg)w6wwW<9R;x14!yjuZ`3`597<`FO>vAV z>AKXmKzaJ=O))(Z6y*j>wXSEt1mmF83| z){@C1uNYW7hIPT8MR@Y?JdCFhPZ1s$p1_YAFN*^NxKzIX6}S>lvE(JdRd`g%A$r?S z8Qva~Y;~KfqImHBB%Y`7RN;9B&$D=*!^0oy_iuQfC&AAPc-GFJg?*VH=Z}}yoqNMo{m3TK;Fi)4bOHwHFyF)JMmJBXAhpec=)r=1f?F> zAm0OU059+3`2bH7o+EfZ!*dJ|e~#n%TD&Prv&3(KC-4}O{{-~mIfdtEJm>KI2hVvt z9e*x#BzSMd^E;kP()|yKmw|pfR*UHn0u05|4Nn-Jo_HL1dgBTFT!Hs+JXhkmO1ei# zWSD;P{c2!;`F;&B3eUB8uETQ!o@hKb;^EH_i9>-m$@iNj(mw|8x8fPr!EHF+|AJ=( zp4;$@#B)0y{)_^S#*-lVSYV=jPnI|ycn_Wlk~7{!yidY2MY>IuI2||>&n!G|cU!!C zP-W}r4P(o9C+_3#^Y`?ZraxiPSNFbh!LhR|?`oQT>%I%UHz)3WuYPFD zYi}X!4_{YBUOrVCZgu@5-O;4>7}gRJd1X@An_r!E@3p7y`^#zg^SR=}w1;*y9D8eh z-jKg-I-POV-#>kSz~YAw-}KojW5{nesspYMerDc!xT#lteCL@Ljy`7_KB@XW+ZXR% z=lW{wKmNX|N9LaQ&!opsUoq>`%~f@g-pSXGbGy^NRIED|h0ja6Bkaxl_rJXQXs_?` zHZFL4(o1hGj*1(R;{5sS&IezpkHdQeeDi=x-H|e z{tqXP==y5z-v<{xGkE=V+QTjB;~zdfwa1%{$}a;Vr-i(`qA{!7RXF77jpL8)x@*?s zezpI#Q{L#d`iZ#hIX!lrsXX|U`zyz=vn2x_T6OnpPfoij=*adv>|I+wpF9tIf8xZq zpZ>Y&-D20O9$jZd-q*DJu^*NyvSuehO_N24E#rt&7BUks|`14I0 z40mDf{@)89s$Edt|M5{bUVdfL&Gw4F+foE*3#~-^d z_Qr)(F9+{RJ=pE*3%%_rC6i)CoJ=_IH`0^NBWzLpniVcQ6SGcLex4YzIrJ8neag*s-!EMG{EC6Ej`%8g z{Eh3r`1tGfTR!dbwEpkM9_;txXYZb^^KM+#Gj#KalS#{#eEI6zt-I`RF1&a}Ww^3A z#D4nv&x#$#-hCl?@1%>iy56tdbMtH4KK=IW{LiZ*53OI@)y!qJHU+xRr+!WU*LA&Kc=lA=sxc}O(Q@$MV zNGpf0KmC*jw^NLPO22k0<^y3}+8yZ6emC$#9>s}+{2{NF{RN#w_)h6h?8MzcGO`Sx z)``Du{j>j%o&1A3<@alc^rH}UMW^^*cL-1aQVJ=5_A9kdNVeb;?igRG+&#UF=pWZ=V%x_C4`DX=$0n-2DPU%hSlwMt@`pWNA{=amN--%l~ z$$v}Nb^(}w?{+HWxv3L>s#AH2I?4A+r}|peiQm~to|;bbtDVX>vXgw*canc?CwY=P z$$O?#dLf{Q>gJB6R!$-knLyqi1q7jJiJPcfb1uj(K_<;(3PPh=R;@W)V}l~{vEz`qwXT8ng=As^LF`7%)dDPOdw_Z;F4`x4`lOz(H( zf9jy3d?)#BkWc?eQP#-x?}j}8#)2T>k^(tkV3v#kzmOeuc~${&sVdP)CBfZ01O*vp_>n9>dDoy0;aLHgf@_$%BN zvCgJ^U&5Y3|4@`P>Hi4od*eo|RUwzCf7Hhcq-WNDm{O1Y-oYX=UHZo${khl=Vf`_` z+@4r7V)G(Uo-qigqkgZI>5ql~?ePB}$!~}MWForGF;E zA4cV#gaJ^#ry<|luPVw6>7R!9asPr%$ojdA@O=@!pY;DH%6|pxPx4jpFNgkOBtH-S z2lNps`DBbwYk$PLP4W`d*C#(?ze1+}F!Iw-UxD&Hi*Q?xx7&ji`L%Sg*CnXGH({UL zYoPpA@V`LG110|>80&ol^B9?aIs8xkg!Ux)1k~S5w2vEP_*VG$|3Ojy8f2z77WMMb zMXZ0Ne;oRUrysN^-%5TQ_W9T`MTwRCAmp31Us3Lr^|=!I>_5hA|CH}7@VdJ!!j8#H z5#RV!QM@w#Nt8eBZF9eb{3;}v*IsZ$mU2Tv*8c{i|HoPM4=4ch{{Z=Sn{5&MD&()g z9>e|#8|Bd9q$Zt)D_MHp&<__)e zI@H&_XrBT74FO*O&S8h;U5EPVjSU@$C3pessdSII|3?4q@LvIY2hD=}5^>W16w+H7ZV`J#tgm9!U+7+QZ;ZSL z>*I`~TrI;tf$&{A)c4y+zq&*E&m;Y7VBgou@DAwrb?7%>AHN~~K2%D;KNIoiBK|E1 z&+#S%@drY`SIYPeu%BZc`manB#qwnPc(oJZzej$kCZYeUkzZ{Gds+v5{TuQRlKxkq zd~w?_Ux404`HHtL57Hkj{nx|ZMx%dzO!C_y&wR);Q1VdZx9WNG)PUvv z5dJ4R=<_-%W%&1@uhYKv@oq8XsjjgojgW)m`*XhC)6)IJvFfDHc{?618& zbyMb`fBF6}4`s~qX~=)!Yl<>YhF=1C55IyrljMIve!oIqh=uywCyL(XnqK7QXcd$FAHxBV%eX@N%(g)=m+QDAl z>WaEZG56USz8UduKLwr3{2h>|-GAP2>krl=bE283glR1pf_spgna}9t8gg?de(> z{wmnZ4Y21p$zOqg0_^1`$qP|mKOSkHPv$_LAAU5?hM4|e5N<`WqHy1k{4cJpE*P|AYGObr5~J zc>|J8^;`>po*R}1XXhWhL) z{SP62BMw;t)x@MnRe@Tggh#%`eJSGBUH$+_|pQ^hFuUUHN%gIrHyJTa>A!E=-%3 zpT7v+i&N9`igJoF3v<$PQsljmNVT9oO+ zBO*xO)SSGme5EbG{7hF`#^QF42!G-rsY?oTATE3spkNEgrAp|mxpxI({gk3(?yMD7b=CBChbtjoPx9h6d!WA3Ul&=P#HOkGjfJ0 zQFOt~+Ad|IwcNtu~6In!0R47sM$EQ*xm-25f?yIrUg z@p^Y&+uQuS{K8CSicnHYexXYlo950)%vqdMlwYV6`5yo|f@^B3kI_iUG|Aa!2a!pzik=|Xz}p_M5nq^2*) zP|~wAa*!*G*R>aZz3YD%O?7khCyF%*`)Mb*0UNwfz^jRH5t+HBKukfN-6h zM6j%!!bMBcPz4$JRFSDl1vZoB%1liwoL>a1&q!rMQrvl>JuS-5aOY+gA(uR8D>pxH zJ`IzGA)3>ow7mI{F^`Q0l~m|T&CL+4f#u39EJU@6(r4vB`ZlA0_2m~XOI?(Pwi_@& zRAVYlGB>BlrMR+lic+(Rlqs&X^o3*HS?$4!vfWu($Pvxdm0Gx{-6IQz-=08QvZgbv z9eL&C<+uvd7G)JdqdBe)RFpKWFg+V)+Mc4w!Ym9*l9$g$Lsg}w7N#wMCQ?xg8STMy zGEhX8vq)KL$QYd) zF?5@UR=X%|sc5IlaBCcw}L(h+sbo(l|ymp5No zPzW0wK2ljEk=0EHG`!3VB~QBMw)w*B(ifVofC}PBKt%TiD3BDdq(w_$1_h>FK8!Z+ zLQk8?%!*`ki;IfV)AEG9rJ_GX^ITSx3KUk!VyCAe4lu*bai<`U>6_JofoUmUi!#NC zR4}g)Y6UIGBcw}2-zLMk@`XS8Ir@w4PM{k-jrqcWi)CdlE(*M)1>R7^!c26AXqSuU zxdXMHlLv)CJ84Qrc6vc7I@yJ=yUg5-4xEmeF4MuC*ExuEk%1seAeUUcv)s9hOnn!j zDdsFq&2ulB$DspVYbq4Ut}QErt)AUmYARX~`+oMpsiFm#1A(v&YKdd599ows1?ctD zv(tn{2&8YIxrv~Xm_u?NDhmTL1Burqv~@XVi-EL5C-~onW|6lHkElyK#pM*h>?=~m zbRZRl5K@_xeSkTgXy@}Xq5gKtYUn`C2EkmJG~-j^z9mLInjm^hkms!Z+F2|LVpNDCYki{I<_{#2Zo+3J2(v18?X*qdjfzYPJ3xni} z$;IKi{fbjodeTjUOe7j?y$@nU5Hb5o%FE zVP;X$tr#${qH<;4O=}I104AZ*0wKrdyTL@?S(qM}gBPYFw{-q)%j-`JIk~YuH1mSU z9kP-n;K;0`C{r?Bi8<+_V`YD2$~QR^EjmCDV!Y@I0uCvKSPBNnR5yw&qnT1K=e%W6 z(fojGirKYwDEh5!Wxoqc#6UO{O0E~7)SP+KGYgB*-HZ3TP$=jjS*%8vCyD93ERrc| zM{;YRl&ocBCH+jPCHZryrQ^7^f(Ak@%S#VLpMv+4eDvJ`2O+u)I4uu7QD!A&Jq~sX>y$9q|QT|S*R?R1H2d>(5<7VM~`VTOn~s7 z!GWXA$7J-8>!h1$Oky95`!H*;A4cT9Cb3pxqr@hO$0RmOG$h*IGUJ6wbVv-B7$GrI zVw6Ou!~}_n630uNATdSaREaYs&XG7*Vur+QiNzAjC00sYE3sPQ28o*_)<~?C*eJ0{ z;xUQM5)FyU7PB6#62m1%NQ{;^RARiu1c@mUr%KF_m@RRs#1#@(ORSVwEpffXtrBY_ zHcC7s@wmihi7gU;m1x~+md7SBLSm%Ep%P;xCP++_I91|IiNzAjC00sYE3sPQ28o*_ z)<~?CXh{53qVl%1KZy|%of2at#!DP8ajL|*5_2Ukl~^jVQsO#^8zgR(SS#_6#A6aq zNNkaKNuq6=DQ~#MD2YQQj+B@vF-77WiP;ie5{o6Smbg~pdWoAP?vmIj@rcA`iKisC zO0;e_<#b4llo%~>xWojB6C}=*m?5!1;tGl764ywqmiW5F8j1TPHc31#(UAD7Lx8WK-Q zY?1h@#8!!yBr5MneM_`S43p@P7%nkFVx+_m*i7tdZC#@sPyh5}PHi#eCIbvncC`e)Q*%$AS;TPP~ircwh~A ztVL-eUc$W#;!KNjO5!o%REyFgv6As{P`rkSbIY|voPVw(?!tVU*vq1M$q zTH+u@X(kTF`7&`R?gruo zLAHZ93U^Y7hj3SpSdKf9#5*iX6cGoqPU2m-Z$rcZ`B37$xJyZ#fO{Rp`*HS8#F=qC zaVpNEiQRC=l{f=u`NRhlWdd;y?y3;e6lE$A7ddAV7vLT&^lWiMuf)C){ z_u-BZ5$Dz}BF?Rs5=U5+6-1oV7ZYo6KaIE)_jZV_NSBCn;!5H%=$rT%^i9MCfptU} zYBkXUeG_qRy@7ZE`X=H-zfDA(M{gxUuo_}D^i3QEeG_qiVIMIJ`X=sxzKPrL%_gx5 z`X)XLeG{*+D94FmxKl>NMY9vc-=KHl54{s7!ETAqLGQ$H=$(j*LzjqGLGSMYBcOL8 z4&ZG>9HfU4--O!5dH zG4xJ!Lhr=YxX(ev9is8XXy~2z2J}w65qc-);SL`W7bWHpae-kj@fP%7#4gZ3F$Vf4 zUWERM`OrV{W9XlF26qF9eJn~b@pY1)S-XkMChM*AM{V0g}Zyi3Ap1*Oo9H1 zlc0ZM9NIl`GTJ?H3iMC>1o|i5Zc(NZr$PV3XP|##l0}(IyxXE=5U1l_BypHU$t6Ao z{S)IYii`LP^iPaH`zJ0!`zOwX{)w}of8uPkf8w1MrIL6S`X@dJ{S$XX|HNA?N;PpP z+CT9j=%1Jh{S!Zh{)uy;f8qw{pLibnC(c9l6aNnV6Vsu8Vg~e2`~~_a&W8SpQ!L6c z;taHZ;#bf=@juW%@!x3w#7yX)m<9b4=R^O*oA5UZh_;dz%DDC!=K3(OWAxIu|9Izr33SM`xmB zN0CW)w^(p`Wuql2-U7jgk|&VQ6`Vn{$CIZBjzLYyP9aYaoKdr9 zlE(;+MyF)YC65w3fjpbsA$THr0l6YLlg?gB-f|fZFHayZCT|v;S!I`#HwlixOv$b! zuN9nGXRjsSB={WiYVvBq=aO$AuM`~0SF$&e7Yk0&vTMi-1kWX}C7&xeMa^y`PZ8Wj z-b9`tI7QDsMjj*h3i4+1D8Y-#4RVLzrQ|K-is0qst>i6#u>7mZ6%4W7X2C1TF~dUn z1z$t%Ag>jCEjd~o$}jjj@+k6Z!K=ynS-!VY@b%;|b)s~Zzboa9^M4OYsfL9L-_^YMLw52O7L3pY;uR-`^XE(6~S4x*-Ob=F0uTF$cxFF z1!q-fmyW?hrhYyntL0d_4J5 z@|KID{gW4yHw&IZUQXU5I2H@gKY6X-Gs)MIZxVbCc{O>p;B(10kXH(xLB5H+SnzD} z8u9|cbIEJT=L%jx-bkJzxQo1rJVEfKm4crj-$Y(4xItb+ zULg1>@>=q_g13-2lBWp%D|r)ng5a&>$H-#@zeL_l9woQ})n*&y4#9b=J-dZm5!^=J zO5Soow10BmHTO0P?jX03Hwhk2?jWxfJc2xee3Rgj9@ZsbslQ#>VLS9bZB=}VFO7dF4XOgca-y}Hx4iofGUM=`s@(tvbf@hF#A}caYZ#zLq?Ke3Rho$fL-s1+ONLCa)BHJ$VdyvEUoX zN0Ju^{yKRA`CRY{NAbm|#kS&$D_y|}zO!}HW=x+l$@n|GOX>;>EsD0^_#9FXHZ-f# zvnAsfzhCcDcGz`;dcdz8jjcWR#)XgX)~(LLjTXZwMt@gU>+Yf_TYaHwz0G$dws!Ud z52ZdRQdLhmjAW5+Kc-u+O?8H;ANXTyHLrHz+#A}#3x_qYzQP%X_r?oNOMyYfg_A(ptq8`oQJV6TqR0p=SCf* zH`ZOLC}p+wQmi2rJv&?^r~Pb}!!y5;MF9`&}}et*iO8O8u8 zP~8{q3)Oxyu0z4KR$~sv+}H!!UcBysz+NnA6_0ulI?qx^D)!RL5Z9wNO789kA%DX( z4J&874M1cFj$F%X5e_b2!B5n-)w5A3KS^QLQ!XsJlt3lg+RL5j3=4)z5XzBYJPHA| z27LnfIim#KA+=>`g+mxrVKeefCr7wGZ8dQxR{oc3O-xn2~wZbKT9_aNY0O zasuyqi1FbS)TT#g&FVY3@bOG_hPy)jxA_ageOADTNt2Dnn^EL_4iqBX_ysA7479z1 zPXSl=MF{JeVmycnE~$&nx1h3rlG(Wj>FPS9Ts%^7b@!<2xBLCZO|V3ddL|%HZ{rke zM5O?_V*HHyctAGE?jpr+@{r;dhWG4Tyz{cZKG7Kr&EBE7CwlOjG9&f?HtMP3BTSyd zptirJ8(fU1&-(o{XP2FJg%m%6Z&94ZD-hMy$D{rl$i16K<)=Wp;_GU}K?2`Pnqe%2 z48FC-67VU;V@SKCZZ?F_t7<5tx(mOJLFXvv6l1>d9tH2%TH{t26Xy<1g^+(gT61tj`*tcLY(4XOW^O*{Vl6jZ1?e4KNhxLmxJg934JG>!1xj zi3n`jW#{dsD&DmQPqKvpx}c+iC0S!@RWxzM-A70FRs03&gudI6o)?=zN=0}mjk7%5 zk`Pz#K3i{%Rbmgs9&XF$8fXJOnvIcGp&~>o*5Rg9B`w190jOU{I|jP+P5e`khs+=& zg=0&go=st-Sy&$JXB>jz`mSImqmki;2i;#AJLq)uPl@$HV#d#Khie@IOT$1}{3Uhu znAU0y+GqO4@ze{NDf+~#&|ZS{KBg9W(?IW3TpZMC*?CvAexD6p zhXWny1ZRZt4ov|g2oxRRzFH3%g-|Y=R_{AfcG^9!%2U@5{9Vw*! z_6#aA*)|&n5aLnw4^RT+7nR~s6NUdC_uffM5#!=%zd!Xs zsgc;zv3>*+Em2qJpbW?$N>|sKZxKj-C@LWuu2$_J6>cnMuUoISI_#zQV6GO=FsfJ6<2R_2teJz zf}!1T|51;+T4*d7#eOJIR4vyTHY(R?d&EX_MB&0b>Sz({_$id!NuiNb5#nMZ8)-KE#8hxkI%#wA!|^0>GaPUlL9@-Wgg z217}H#Etd)_66)IvqLuFoE}_g!l*ht_V5K4D*xy#bb8jo^{%U67S`z=b)Aqc29ajY z<{Ss3rhT$U{fBVw3+IPsdejYqbqAZJ87Q$$+wUF9s%q_NFKtFmd-;blMt4UQu1pxM z0PG%4rq$Ly_R{~63g~Sw?S)sh^-6o`0hG{tK(MRqrANWk)|IX_?=~ib?^`k5c$tX} z96eAF&YbN}F30=mDB;kLnR4kjdXV5h(rYk&x$YT#gK)v=n&Qnu2ceAg*cDD3@i(O+3Y%fMb?;=N|QnO8pwiqxQ-%xfxo+bW@)xutie~Vh& zqxiR#F54yx3S;%vF&0GO+$zSSGh;GOye$}Q4n6IeA+WsUxcW!CR)ky1!$T8%zi8ee z@Y8cK>-xakhhqogvKTiY_IM^FcIoKKIj_8QEzO?#bySp$qSMwqPq$)8ah(rgP+ zb+LZ$SF(N>oqt%Y-i(cDhxb*?wou?0*ui%A1Zvj%1l;3toiX;ZcWFWVGXMxS9>KU4 z@=tY+_bx;bIh2U5J+9tfTEuW16T0Z}PW`sHdRI?=X zDaNqn8DF%DF82m)uaxY@|4&r!L~~$ChTR8pasMpt|;wi8rtH} zc&yaM`p(GIH>0cejz%1)Fv`AN$-+QaRn0!DAG)oG6!ZdzMZ3QOVqk>w_Ci?tz~hMU zxcDPI!o01RHhYqrM}GsI*dGr;wk3aD##F)nB#r?CO~4vwxbO8OSztL>NR^ikp;Yyy zLtX)x7K2%K1cv!Gn^|f1sBemlozYz^Zq ztwuixj;14OmswuHER(!u!(S@TkRlmg*UlWELj9;0`eyk3B zd`YrlJ@V8^)S5YQ$hK-puxl}iNU~}h#Y>CN9$V|{t{ITl=6xUesr!bD0o+)Q`Dd5O z>6nXGilFj0%_z23%*&=2vk|7G?q&qiIKS0CdgoVkFXp&B;wK@^QmaReJDp2j%E#Od68JOVyU~PBpdKqfkW@u+0bI(<_?y;UoQoH&jK76%q44Ez;mbXmHn~WIYiUPU z65(3j(UnBFuI}hcB3vu+V&q@PtobSnv}X+i2MV;GjLm#a1Gj$K-N{hUF!w>>Jr={&>$vMuNP-Pmbk~};`a)4!_ezvbb+Q7pUqOM38stR zp71ibDtfZRDEFcq$&Pn8T$uKA9tN+)=+81CEybzd=kP4IXuAcqKBZS3Lf@tZc~YV@ z@k&`BN+YVOq;B0@i1L}Xr=nN;&d(U%SxlURw4Q_aXa|j(25_QUhlQ=;YvhIyX8aBm zzFfqg!}wOGy3@*rWiMR-!_+=icSe(PVe1qYjUdpr@f${96uc?|zGa7Xm62RsV6?uj z+TMV5O}7T#l5M&g$)K`5B!}s06gY}spFC92)p+6Q?jq_zOO94|Ccp(r+Fz{obw!R9 z#lnn}Z`Re3Wj*5C;bMVIXh z(k|+%6QMNpsW7K2b=4u_*h}{#D-6MV0XnAK$cxLfa6Q3_uwk(WMu9xigmT;LFE`rN zN``}nZY}5RpahiL6f0m>^+8e62QeMmMF`i|f=-;u8tw1WGvpJ2s2DAC!E zZjp%ae(oNg85THL%R{xJzAF)^FB(gIXzDnh4bFWThT(yIeJ|o~Dvt5a zfZW)y2*ZZOO>X?QAcAKjb!o20xRK$)+AL)^%BSIqmjR#9ev?;;r>(s#A4GNCq842ONGiOeK9 zQr$TeFN&)_Is=RQDkxMh7OfBE8;^cVdpsLW(=>PEWh7{(WvmsiRFdHluhg-zO1#oM zj3wfgO~A;-tEY+$W=AjNWiF+$j6_ouqYzsr_fgJbxGkyMKZiYxw!b0?(@}GlkmNhZ z=`qxXI+=iUu-Ls1Yf=r;qMoox*kT+y!Rdb{sMr>cLe4UzApO8DBl}e3+zxxGo`{-(XaG?JEZhWS1(^*{O%t6dGWX3xO*my z^?lFDY$zwQL9w;w5_gIbC*dLs|8%!x?>5HR$ADhwtjp#GmYG;!1Db`jcb+0{uJQ_M}bq{W3Jp{74R?o9x zVAX!Y6rtvOQ77GyW$_9uD>30j4qs?3=I~(O-K72$qh9Q~_zJZ#%D%f+HPSHjVmsHq zt+q~dOm+0YkTA9hOV-7~p0TghP0{M?yA=aT`?Wpx-FI1xV|d;3t<}|uZWGVCIF>$6ShH~c5< zyMv8VCSNa-U&dGF6lCP#b>aD5drmqQ*7owO2|+CX!acqAG}}DZAn$Ha#vR`tcXS{^ z1S0Hdc37BXka0sG$zbDZhB(k`&$l*&u(Vhjeam-qhJqF9d6?lbBaC79TYkZ-g|7`B z>oDU2MuR;+I6P~jDZ-u~k^k+!F?)<4Y+W5QK8LSXZ}}asA2Q&{2xRRU8X{bF2~Ur8 zl<}7EvsnyFi?0iACt%YgaK=z_%E^K18?13l>bA^6O>(liaXf4v!vV!$zooj&w{VZk z$(CSyhktqx_C4Th*0a4dBOH_29uN_3JAV+dB3b{~C4Yx|sc>HZXJ@z^{+7}sgGf)+ z=de!WCoDOb+A{P6*w8dKcL?w`100Y6P9RA+oVu__Ec$``2#Acd)Y>k_QbaTk;b$6JtmNBrAIxS33vKfQ0xulEfB|3I{nFSGzZj6-_ zrWar?FE@b9X->UpXs!^y)tTTs#rdeaD<%lT{K=PmH@D5PFMRA7;~#={+0+L)?XBpE z)o%CV-yU)Wmvo1e^Va?EUo2kO?|pt9HIY|Cq5 zie??2=SV!wrYAVHRqVCBKfu9Lbkt$e@*Klz zL&)}98so~Nph>3HThA!V{BImFoUwb_C^Rje}O6X9hqU5P~W zGOiVjRVZknu5^SpzCr`kgr9e&$g97Z>~k{izo0@R%}h56LsXP;KaY+YkVuqqw{%}% znPL1}v^gAmoVSU~)8U`CL19E~BUvZBW38fAqK#L-GOI){ zAaj1>(|%(z8-TI1X&@1*vr@p zk5m0!+$X%>;MG%AVdg!@^e<&^ukYlXTDEu$uy(m;A{sR6hrLy>6wy<)3JDnf&FIf0 zI_;f%P46+5%3k^g3;}{1JPr`O;Ny&V0{sqr%PQfEY`8WT*x45@p!WIz>jbM)A zNwJuded9SMA?E$`;`w2OdC&{le8m+Z7+vGDTvuT#g1%Oo#tM;-`%d2yY=1{VXFJ5H z*SgP<6i?`)Dr}sDbipLVU9VmYTe4?21C$-Mmp*`94o{)qI|XQTH^n!t>Ngy&XblT2 zDMkj`q*hNuT56|3Jn;W`a5#BkI74skihQ}x(xk>rbJlD9I+1x#`mW`x*u53Iq4Apvu} zV2oh&Eu2<*`!m@p4mFT!j!42T^zTXTVqAx0gqi|YY#6;z+StRWt4QNRZ2M_qu_hhf z6%IC!$>W^KNS^$uPegevJ~4#GI85UZ93u|hM$4sVMU)Aq&= z*Yst#%^&YQFhg4XPR`h=JN~UclujHpV?Ajv>jj5#zOOu02TW~bpjFd4Z^N3*lN@Rc z`2yAV2*>++PmLdG>Qz(GziCZzm+fVLzydI88Ld$w)t?Z|dlZJ{sgj*tADP-iT@kU2 z+aJb$1Y(`3wV}p`pCj=oCf=Y4U)iw4g@!CmoILC53AAD32}Uzh_}PvK!qvL~nZd|C zu6GsvF>YrVSqz6W>?Y%3CSJ#|!pD1u5bQ5zF&{zC!4;sV>JHN(S2);9@ePAwj6hWM zXpmBWn|m%e!g?1LqadqTe_XuN{=`|Bhu%jVnOTh(5tnNOd#R1_&!dT>NQlqLL+L&Q z_Eg0nBcqE5>Ixl)ExJfwI9JVEA)@Hbc4C6h2?z~p>z`9t)t*8fHCY=-Axy+Pg;X`{ z1u*9FKgS&39#i`-G2ap~d8!y`BrqmkDin4YdE7-qWkRJ^q!C{vIPKW`E3_J)COAr~ zcu$ZQ+RKgu5r^|yaXCk=4E)IMV!8 zR@e~)K%@3oLR;NMVf{!0TO^eDi4GASkP%)+g!d4kxGlnmjKHxj(s)ot5JikV9G~a9 z`5lTIU+B6XG|m3Z-m$)`#a6yZL*(r1*6yH-J-Er*Z`cs+hrPmC-XBqeo~k6XI5&vm zxZ-8+)Ca?)4_jcJH$_BG(V(*FvI1d9hEa!b-seSP_nV1*jy?p1=;f)JVLCJl2Tn8C z{6*F0hzN5{{|%;p1iQVW&tPp&e2$WfUc;Lp0?s!Bt~3K)+cqQ{Mk2Cj6>$Q68{_h7 zgYPC!RXzu{7J~;HFuTDWqV!@EG3x8tHXIHIVZ&Ig9lW2Q#ywSw%*=Y5F|h~0wKf@% z?`bI8Q?5+0tFUe$8jg8HEg0R9rrEb%$ui8xgutvHZ70V# z?{R3_Q?@c%3nCW6Xn$`3`?w_|9?=NvMaF1$PTMQiPjTKqcn*tVyEbOHhF0@4qQuHke=tU7Dye+>Vqd)V@7x{V5K*1F~F-f#P z){2P9W6SUHdr#ucQ}wZ#ZiFd%Jlo>;A0sCJGWGwSN4R>5WEO{tBz$K$qbP-ed0!KW zeP$;1J~k;(4}ICWJi8It0@Aj4`R>Zm1kY-K6y8xV$QorY?%Q$Ojr+XnCU|n@ zmZjP3+fm}-&MftE@Df{=z7=1op~>tN(Y4!*rw&2^_XTfKwS#Ajo$%u3yms!4@g{@e z9XWfZTh16Sf^Q0DC|-v>6(8*Cmc>hC-d!*c&-9>82=iCr^WG9$Z0#8%j|u3k#tMsP zy7i3lARNwHY_2ZGsRJ0McJAY}%U-$y@#|GVbhR46jhoOO&D%!CwRrW;W)4+-O&$LY zCm*me8=9YYI}*U!&-5rZJ*Kc--us~#2koT;5Y@bU>%#Ts+g-SIdrmtyc&~9Egb{Z} z3yi!&2!kaiuAWlla3>BLXJdI+j0=_Tc)x;8d8)28^N19A*h?GfnB1M3MKy;PFLT~% zFWUk~<6~%631aAxDXrUq52_^#ro z7mCjzE`a*FitTY9P60f__o}-&vMa7D&At1x^{6v3tQ$+Q1A`Mt^Mu1;*oA!G--UXq zH&1?yov|tC=O~ZQKqw|E4Cq)|W z4b5YSMeQN(q!0`3STKLTrmvf8Cr z2PT!~Y|^Ot4kZ&O4Zc{9I-fZXhlad&u$t?wdh#Wh_4`KaAL!D4#-Si?&bfNxNWs+= z2M=ZE-KTtG^t^B#t$8H0*jt}rh0@OnrMs;9oxYzy`HzJ)B!{!u2xHS8jr89a?R!ri zP5QQZR59H0IO|5^8(e+B%Rt@1TNb0P!d^;X_Y)1DWmTg^`HOd^ur6Iwv8fVf-r=1M z)7I({I{`tt_d3#OLJ(~~nnM_F8mu=;%+&iLbyV`GUM_p5)FJMZC^`!iQTCbN+=Q@SO;ZApJ0o2SLMHov{_o4KCe~@#nv+r{yD;I=Bp- zF?|x!hOw|V=2r5Op;iQPuT3dXIH*@(slF~v|sR!0&b*M43snWTLzj5`JL zaS$*P5FHm<9z-s7bZTQ~XlIRK@SN4*CNEA##T|So(Q2$m1l-^LCkC~Wy1yb}#O&c8 zf5~lA4XaUujxBI6)nQm+XeABPnLBI;lj$zm(53dt$G(#9QLigY-pB7^Z4S)n{r}|_ z7JFJdv*(Oe^Qqs5^1#vaj*~kPkuPfJ)bB#|_~$O{XP4sYdR?TmJJRrV73ujw(a`#; zCvC2713$vfUs%`6zHTKSA*^4!Jn%zprcEngft*^3L#+)@D*1z2az7QY5VPv`V^Arn z`x`z?e}_$_rZ>VE8(44H2{{de^u$MdwhmeUE4p&_Vz@U`+J6I>aSxg{l%XXKwyOKX zOa5S?-5+{(5bY@&^@28?}}>y^~4MbD${?@$G=?8gvs*c0#YxUN(J zC7*Dmwd??nR>oY?COE9>-tdx(+1ROf9}~$z0AY{DJ&?X+Pm)MdFUh5BF?tE=40jIH z-z%Q?}~;E1>wDY;ifj&d^>Ra z(iZBz%eWeICuAOGgrM(27tqT;-04vt7uE2|dz?~u)K|ca6;c#;d>Vx>kQ^=3^IyMXWhB0^CiMf*^bajVwvW-eIUO>>bMj7ne z=S14*(1LIqeMwK~&_;hs z*lbZCrJG_r0|kjeF^&DIs1-~q??g4>@{MZ(0>?8PFouz`@WS!c<&45xGzy7zPok6G zGej6gm_%V3(^#?bjG?v zQI*zU*9v`H3^=B_k0TE~#fjpl=(t-p)j3s9i3H5lQz8I!?AvFAse6awb*`SmPZl!t z6t>T7T%-l$X6Y$dmq6MqeMS&p#=|9qFZbX@xJ<~>6;{Q4?}=&S7~J@RIOqTzT8n>j z0@~;tFS{7~_Noa0nOm0bU@FKU0U0DZ6Ybl^@xzdrvAmdTgBfdQ-{HS!W5lBx`9((` zt<}D*5uS-D&^>K_-g_``S_llki?JT6!_^};zQL$yj6I=fW^bU`sQZ?7FpNl}@DL3n zISz*LDNO)h`iY$lY#@f{8+oXMkB|ZfU)n*w@-so)==UTBbvGV>5+Et2BG?XAyMlQe zppI!6Nrr-?phv=YlXVzOsz!rDz;NS7(Iq)>6D!z)c;N_p7sDDiW89dPN_PczC>ji; zHg<~EJOKSkuwpMg3oRnXWD(;M{ASMfeg!w-O(7nFk5Pq+@>HdnSy~O3G;n+A4+v^x zqIw`T>dIak1aZ~+5cFwq!2n;8c(cVb&9dPemo0uMuD^fkJB{N|e2`=0BTcSs(Doc| zbjCT%=tek-J1Az~yRZfYnLNYb5Xb{Q%NdN|rf9tP;}KFPL+S@-Vl@L1jNjk{oedR% zTnuCuZ6E^8o`q)E3Sm9!zeLP1me)5KuHV7+&qc0Amc@4rwU@@ivV8n#MznCqWnIAU zS{#r&3Ry-P_2{TP>I)*pcQE3j%Fs_=TAVIV$GxOi|k-FHe(dJ z=8`)5Z7>@QDo3>sJX=b+BccwyXc|P^qgHnWF1TyI>FAR7!8)Ppe%M-{ruc4nv{#$Y zzl0Cg3-w|6^2F+Hz^5*_7Xzi>7MnTpPcc3~7g|#H(g^WoUi2BPuH@n>(s)aFJq9oB zGmIvdxcb5|##^)?+~|#W`nK`=G=%hw<7qs$9qi?a@!_yo2O4C!j*;NA%c8g; zNZaAFk9QsLbrHp~Z$p4URT{sbpYHNLz9Z~7O_*z)ru`tU#zh&QAwWspzYxMx;4it% z>r#t*ngwbQ|D3K5a~d83E)Ea4ay&p*UYfZ!@rX9kB(U&6rV4aJvG%D$o{c-kw`hzVMNyo~AwPSGAzNvWdM0u(OYX>t9!M`^fP;{XZg_a>40<7-U6 zD1LFX8MUlq8Hh1Ec$^~++P1G+3pe}ry?r-!w->RRzor-_wTYj`MSKz2_q7SxGvo3>WUi0 zEc|0sD4K9`geT0Q;nTz9=<9F9_HEbwT3)oeFIrUYONfn+0F5Y&Y9)L7;ty=;t4fg* z&h45l`qKtp6RyP+xfZLii?FqlJ^#5CMmw{q`1h`h`{Vf1lk%cx=4-_lyDYZXmlR-7 z3H6km#8IR#!uTg5qoTU*`QBRoH+p$W?)d1kUn|MQyZGAH_z*)_N!>q?WQEEQ+8*`W zP)}7NnxsCwqSmmg%~*S_@~EG`$6@5hx6w(S7a?sfoB(l^l45*JR}JRdg3;qs5pXx0 z9-3LalW8i;5c0Ti{wJK#@!GewqBH(RIIUr1-k;>c`c5Iv6)a&&OYz0fB|Vsb6>Fh9 z$TtS2l<;eOk0o_NZM@U`=JQyd}uc7>EcS^@PY^81wWkGTz@tH&Hc5 zJnB|lBs62_YBNIXRa@~}bNCXC0@1~|y6Y-7*8J!3R}in#Rf=$4vAV8DId|6@k0P|M zudxF`0|jq+k9Dyh9xRSn`WL|3OX?D1ElPYh_e7Zy=6Dd%%unBPgt=nlVK;=Usz7yu zlwf?|gu%0u(z?P7uHE4NH^NSq(l-c;i|ceakd=yMNxOp>>#bLIJ603 zy-qRqu;uRAg>N9G;av46!|5sw$7eTOe+ZKau}OQO03Ge+@0f4k?>{glA+7N#IwROv zvQ}R&%pz3Z$*QUk#ky8R7FvPut08C#uVda5n#!m0RVC|vJ^>*VaQSVyE7v6yOLVi36Qe2)ll4FX^RftjNEhvm`1=5`N{ z!?8}l_JX^6eTWiw*?kp02E8J=JQ>d2T%i+vhcOoohL_fA-a(#X{El@^N!>>`qw>s| ziTNe&JCYAVBM z8|l|zVc*)Iy70~)os)t+%|RF~xI)vXmMQ9o;<69N@8a8UvX}h_FBN0)@r}LoC%ner z?C13~q{RTpT)9t0KW#2fsb{TQr?7 z5I)Sl`!@CR?XIOl$aBWKrrqaM%&=fldONo`-4pPaI8+u6-yc?G(;mCQWXJmYaTL?1 zj^@|5y>(sq^nwq@dUQBR45K-A-wx53c=5>F-9vr1;4gy=p^urO?=##EVv1OB;bRAU zj^RwutC*J-wEIrPc1F-Kjt3~2q*yIFv#iQHTYWsHuWRFw;Z9N1otmO0j^W1 z{Bfe%lN9Q}^(AKQPQ7Q@0r|&9mIqaYmSdJ@DdxAEcKjag>N;-BNPJ^?(r2Rzzec8N zy~D?~5tp#$AC(dEw5f~2=^OdmGZE_Ii>ak;iD`WHKfYxGhD75|U5cY%+p zx)%RuCMU@x44gqm447)Hqb3qtBC#eCHIN69SA&57zI(M%0WF1@1XLi?lVDDcW4)rb zx9#uRhqk_2ZS6&T6cYjo*s46P2>1f3^$Z6!V1*Er`F+uq`FdIAtNF4^q8BB8NT_9NY8QNb z%9z@vsYxqQH&jlTw3lVloH=Zy^BKF@JBCd@XMePvZ+bD7YQFr^D9%ZHc+%dA2i`HE;ONuZ(9E=Va{y$glL&LgHe`H+{+j;%D z>6-aE5nsGaH$2|H;rsOGh84Z#?Hs=C)}y!mZU4J*&OmzpBq7s2ya%25Ht$iRbBM8x zP53aF(=Pp~&B4xnL9?g9tY(9Loo4nafu_#BgMC}9Yx?=Ze~an5?S0PWgx^sK7m;9p z3}@Y93wsp3TdXTjB1f@|No0K;m=f@AFFhC;HnIJxWO>`1WXYeSy{?YDs}9{`<`pHu z=wTJXN{gpv2QANd}+edNpLpWgagMlM3? zqx`meVTL}*;Y~RVdENZ1eS*ZMT_U-a6@&@nkz1UhD z`JMGTgiT83P@t}#o7{W*sKf%wv7y!aAt&ljIQ@;NYI zkHh4?Rr+3JM0+5|e62k&x{cohZGq7hPQn!l-e5W4{!2cSv`V(6$qUhI-h@C^J1@=d zeOeZ%;J{W8NmAv$liV^WxH(&m3Hrwg6^q}=4~p^1gU1#LaHhCH4fz(rgS9q132e}=w#0HuxC6|oe)nK z5E|>owv7ZQ4pMDi!2uivvEB-Xb5BA-n~n8(GK=1IW@qUZ4zWu;as}w`1)b(bSMx5m z7qPBC<0^rB7O%S8)3vXz9F{Z_w$22nPI+aqo?(l9OswlCZh<$B7f{NmS}a6M_bo~j z{;FJ1buvI0O=jv4s$0wVxWWf`w;jCO85!ChI-@OE(Za3Wa_18{uoV$1zRYi5s~Rez zq2$H(V^4i4KG6-kTqTA`ROgu^=zO1D@vLf16zAn;hT<|Q6-C(WGGB|MS$|&CF)R=q zz2bctYR*Q3e#S&|W2c>F?9Mg0l)C3kvv1pOHhfw*Yihd3d0U;%!s)$5*f)icfjal4 zlgpavh9!sfSBE!osEFKNes z_m@)U=_=`yusVy&FpUSmSDcXW*ZwinDm=9hh8yep3t1>#L1`phSBQOArToE7DHv3* zoBXm$UgaideIXp&WwB&fh+t9D@%+T`_i!{e-G zzbLW1qzYZdL9$gjGs@176zcap!biMjbMuib{q7%2dAXQ4R)_*v`-(QbEYf^J)anx9 zbw&?lo=?>LP&k_cXrwn&qG(g%M?{t_h?J}dmfaF5ESrZRxx`F$vdbcop=EbOvdX?6 z%}bOK>9Tks$i#Q}OhRqWpM+(juL9skzi)ZEGB}ngG5U`!6V0l|mO5E>tKK5oo)y=Y z&Cy%L6U2&BW%viEtgIIAF;eG2`dxOT-tujU|dg%p^O}hgqYZpIi(4`H4U^2w0XCTC49)SorA;4D zO6+8O(xxw(3HtKk!FtO27CJva!{^E$ZknDZx_y?%;uLUt64AG1E)iAqSGiMct4|^z zIR8lwR)BnRO{a7~Uwx2;zwl7y#ol1_l&bQ!TG8VNP#sF8(JjaTe!Yb!7(B3gHTKsM z;^Po&rgQXGO-3gG^bQg2bp6T7aEWtS*|m}CvJ3Q<{ezxL_|Ma%a547dt8^1abx|`iHgh@o$HZc{{v2 z#%tk489-cf>QoucR!qUhmUD+&sxe*NF^bRdwN3D1>XdE1sfYo`rSX8z3wgdEjIdyx zHxw@DimsPxdMa(9=OiX9(w5%3fRFeLZ?{+NjsfSVPmF=6$s1z#sko`28sFG@xB@Xt zZfw8ks#(YWsyy+T?|u5HxzqlH=3?t5MMO(k`(pb;k`LZ&o&SQ=6Z_&*X?CRn;+cQ$ zX%;fO@dtG`!pcH!Rd1T_e)=e@W12ViVlK$rOpX=7o|f=fKBViC#+Bv}pXJLlo7qA6 zoFSx(n+!=OChByV(FLr=3rT;z>EBOS6H2#f30_EXyK zJIH7J!J(;gR3;^)GWQ5D)X}{VJPHU_884JR}G^0BWo}`%@(1V4TBaL4iksY8&U{{$7FVpbECCsnWLwV$2_fn} zVs4JDml;xI>gbbtoPLE7^h zCn&W-_8Dq;2S<5DwBly8C)WQ7fAy7>Omu9`07mMqoKj(T)l+#uQB02}XWO3Yl%X>ar#tM%su+Wl>C2K&!2ubx&(5rpbdNm8kR z#pn>U(3n!cH!|EzywEIlW>IGr7gKB0C;2oxtFSfEf(8Z~u4VTLnD; zTL_o|1TZSd8PX%&TF~QYMnEYRXi6~0?^Df`OEbTuPHCp{1@-x>hutO=!W?hHZx2yT z2=biJg#V-_nDmsA!9}T%{RHA=tZR9WV)dc0ut|G4ZL&knLOeGZrPF9`7;MY{<75xX z9H-o^-61AF0f|Brn!4vJ00Sn$0ud~|8}0f3NA2?p&3y$2QG_#afS~A*&^2t-wt2h2 zvVtuWgi(4whHpJG&{eqA4BMyrx&1WhCrv>(seKkQKPSf)E6bo=t1K{TQzV9yJ?v#- zT|cF0d{!^F0^XBpVqLSQ^|ogjoAQjrcbkvsO+)q7oAkB!3|Yd8g6?UP*=zRekFMLc z`%q^ddbf2&9di{i*4d4!!pT%<|Mh3GRM|HWlU_oE)hzm!9?!YVUCJkzD6A?~i5%(u z2D&Shi_MBv?iV=WQ*dT@gpvSE8=XjgO(fI4LjeCFGTn%>?8tj7GRpjspi^5mG_n*D z@|T?&In$ZQE_cIp#J1-}s)(;@qvNXAOmy7qCE#uIM!7- z(u*zmiWS3e?I;9u(+rm8B)+Jl#}DF_DfwA)ynLaxFkluLm*CZ>r~}24K5#0JYZN(^ zKfap#?W0t~`NydWUEf6Tzkw$;R?LPvmr~J}f)1>M+IztR1H%r{`5Q z_h(1Xa|+_sg<{+ByoYWnXE@*f3B{}P;?oPw>0zvdBIqH^9_RPs7u?;p>#I*~fg?^d zYq?!9RQ#QqH36f4$coIKa(|9=^2m7-4%8A(O}kyIx*C?QVyzo5%r5;ba(eS++0pDZ zVzp(L{FK{9`r7KG{S89So|KAJ2-6O!vUZ5Fuf`X7xvl#}WJ2?ck0a&a-n89#i~z?( z-G+*BzHa{%bfM>8!`~-K_BF5r(lIv3bn|#8RXZ;ZZs8B?OJZFsrG?|Y3%K2R77jSXi#yN%>?WURra)#%IYm&hvQOS z%Z5$3X03{IJXuNY~I&%zkdi*9JQNEle67l^65NUc6Rg(w-6kYLy)H^B>y>_1&_sf&vGuO zN|o|oB0^v0uaYd;UK~6~AZbZ6dh1-0L_QerUG~}<+$3S2C(T_gp%Mv=mC!dNG+shs zLi1G(p)|DmwVJ+G%td8)=(jUT6hUL6lUQ?`(A0#MS%?0;Fy1{NGS!~PEB*a9$CS2i*VkAw3xi5v$27U9R!O>-_@~A_|Vg5~-wG zmWv=Ovk3n|8BP3-%`y#HO`|wfifb$9*Z8y9AH`=5-wdxxOjI2iAN?As_(IfI__>&$ z5Y1ChwWd=(k*9K89?hanZ{ig7Rin4er1B;hW`*9em26F+=KcwK%TEdFcmImN&Hd*& zr#JUk=`GtO?g!l}uG-z4H}_9+H}A?NaC84HddnC_Cor3$w``{B=Kcm;H>)y}^%f2u zJP8X7YVN-+GPY@0bN>Rp<%mQ!s>sE9%O5D;+|QZWO~kZUPf=()HSt@bt?68+OJoz0 zqwUNwKqj$CIwfDwX3*P-gqK;$lB@sl9Ev9%R;lnCH!%<<&9DD3i!|p7nQp1WsTov( z6kd@j3YHpYwA9wEg*}NKgWFt+mRQKhdA|ltfnVkJ*Ektm(2^9E(8tMM!zrGuw@~>C zIVkbRuTQq+hMla|tz_HU779~1up(PEm3R#puw6B~`DKivV9-~iW9EQ`Gnk0@*N!YA zL+ft>rf;UsK?K{Mh)HFK{j?b74tk}p2RTRYpif<03vBqegBzM7Kp zisT^tR0ZqkVD7i6s%WeFHt-|+K7F9V6Oh^YIy&~S^ynPvQL*$$_H05!nKRtnssb!d zMZ$K8`6tJ7Ouo{2VQ^mODZ!Zs)){@F$Vj7a6!$;yme_hL1={N8B)+45XD8;W-?>t= zU#XI;nJfK9e^Fz0d1>degNahot(R8GH5TuC$qzB;s?CJ7uJm?S&*T?-$}nF(XA6Hl z&Yy|#IvcvH>%Gp)lFNBs<$0DEkMmpWfmH!v4fVCoFS@CSI=s%0QX!8MC;fdIYO9~& z#Ja0zWF|zMYS+ST)l-)~ zm|q>p<{YR#keu$1E^*h#@xf*P(qPt4pT8C3MOh}(g4SfYu`v~?GUzh77i0l~H-2zG zw)(OJ5#A|bS%e6`N?5R8Up*WhUgiWT>3sNtEIOnuvcJQ2SzTQ?mxDWigb+UGos z===rl$CGXASyPcW>g)8?H8a}hT&avunwQMj%0jOHIN)zS>Wiis2mPE5?bfn3r%bgrAP#Z=hekx$u@ScrC-%$VQ>-h4 z)@W2TAyFqG7v=z$95E|MZgUOS>>J;b_4XPHTlXI?ll&Kdo!ZyMx+aps*1`IzN<7`V zI+(0Wovzl|Q&h`mO3O;{e+_cTu}9Oi*@KCrNZB?=V65;c{>9j=!?IL8S=JRn>k92U z*>WWJ)Y(2&(e`Zi9B&^JJ>EuZm6#Py23_z5N(hG4aY84sL9%<;ccni}sV{A1gI0M6 zQPG#&EytMlY*kCC23Nm@*dS>Eg>!`KC611 zfxTz4HW%@sCKy+J!znD;lQVL-s!71^7PK=83C3$D8y#1mslFnZoRNqBC*sUWc!8Ay z=A-~xJcSEt8z;R?Q@wmMi(bBp(^+zPqNgJ`mSvY7i=2XhSdaOiYUIEV5%9PgsrG70 znC@YZ#{N&rDs85H9a+S=B>UTO1l?U-|1;hfj-sph_=P_Heq?s7p^fHGKEgU;$0tXN zI$}rU8_n=6vPZR5vlrG$BKKZ4fAk6-MUk6ruC4SWy@$*1wz*2$*g;K#V& z-}UiPXdunMk-C_&lrGfRUud79I(pDAhkwyVb5DF#m|fPI(KKw|K}S&y;C8eI)_smA zIw1ykuAO*AUi4z(!`^6?{P?1$IC=Ir!6>HqV`UER6xvhV?@V=a=j6I~b5FJXDmuE; z9^(dfv)8g#-Ny%q1?vkr=B`7bJ7Aroycrd3g0~KBF3Zl2!W*(Z6F2}CBg7k_saV&= zblsI&w%Viam7TFnKy1Gpv)JV-ONcBY#USwp8W3YH%JZaq;C&*GLK{Jobs33K{0%iT zZVb_hz&G|9PvkZ{Kg)-ut+5K9;h?bISQfyuF12Xlnaasu(+1nJlc1R?e)ggtFrdU! zBpGDM24LDvd_>NmAuX*cAcwmjJkRYHHqW&{+I|!uJKOLj?Tf3iP(2;2lBT!`kgb|>9+b@X=U*sDi1)PF>a7~UBDb0**?ZlTe5t{H z!~KvK4}!c&qqm4b9~<~gqwF!hB@l z4kT4esV?OS3?_Xfy^R|6})n z{G(hFdP!zikQ3Q-^fFjPIEQ;3=o_GuF zX%K4LzX4Q&*mCX*VoPGY_E2*_nEkwq*;^L9QdR+*^iw|avUngI)M0S;Gf1QPB~>yj z?*8g6f04<2AgpBF1>w=^NR3r?6M5-Ju4iE5xPvj;BN+7aa^9jeL64G$YSWMMW83G- z4|9x0Qsb(B8%t+9*unp*bOJ7|z1gs223n7#6aVSdzb`6yio3CQo z`l)8^3yD3BCef!A*ZDV2YDhD??+4TXGxWRg!!jxQ-jzI zS78w4{iHphiYfynst__?M=D@AOYnWPT|p*>7$8BsfDRt*jN_x70Ewz`YLBs~Tz~{N zM8v%4*@UtQg`%TqNIHQ+!bK}J;Mp_<%KM|8YE-{xRH$^Kzf2s24=98ecniV{h7Uq` z*`V6PQGUd_K0yCNul_59Zyb#9H_}&kjd;c?dyG3tQ;ij@5f@mK0)tS;ehE%SRJuqt zgX13|et-tnfEtJ*(7POJCd6^78qLFs2DqRwXl3|5lQ@VDK9VVrm0=JaTu6Cfp7T7v ztT$?TxJWpDW%z4@U9yt*cpxiDj@Q1^ zy!So*fzGmQF_8@La?Jzl%s1Pa#jJk+mgw_kV3(Y>VWs1C5bK*h`yrYbL^8ehqkzQT zO)MBy_$ArgP7DpdcKEBKsgul=;S)x4xf^%FXvRntefG0d(E#M+AxBMJz7fLv_Hk6a z{Huf~uInS>lqJ|u>W_|q!U{n{m$=@zTVV7hd2LdN_-qOhA4#l*piCPAyTB!|(?JK! zby|OYoX~ph--Dy}eku}BpFn6$L^A9*50UnOssgaMb4m1EQU?g_gyEMp1Hn@W`l9D6m{g@;(z#M~ zSB4^-NKt?y*T+cs5>&rdpt>&ws#xM*p;-Zq#jneQdhLfmb9;-_cQRGnwxg6A|<o*;8XETFOTo7~1>f&Leso;Hw|X#qYe@JKzW2MrfT#%&2F8mp@EyX5g3nXD(PX5;8-*Dj z=Z!f27rugp#XNS8gm}5Z6q|;~w4%3!@o7IMUE}*=xFR8|>=~F~*qWz}`)2DrKQ`v` z0^`1?wayE2%7Qwu?~;k3Md_DJJhgF@5_|t#VI0ki{>KD%J0M8(XVxjs{bG{pYM)(g zevXneV_jE#&Wh5FEcm+^_t^B7y+9RM3V-u}uGq5?kWR>PM>G8j4B)TcvWh6PuXFd1 zA+q`~5KerF66G@sD)uCyHU@dKaR{)OPq5QU3 zizu#1v96R1Bo4JpB$0624_ZldPM3IBx_KASN{TsAxce`hLQc3i>-I-ug7kXpY?+j9 zEvCle^~k<~u3@Hit|X*vEnHXx?OPGrVqKRWRjRs{n2bw?lY#@oSEroE=V_|DTB-fZ zg}`IxpX8aF(=F)=&JW9*S9uIB zmsAdNROui;LP|*V`1K#+dTLxt6Xeq_mD6;@H$-48*&bMzwOKlwgxm1pM^Il)VMzp6 zo+KEbG|c`1bJNnXQ~)UE55(dB&8;sdKB>_D7YX;E@DHt#ZKHh(R3+ExQZLhrRo9to znki`awUFZ4`xtzynLytXTFDjt(QEP~%NvpfM;Vdt0#Om;%)+)cV()3cNQzLELX*k| zl@W;PHWbp?>}VdVhlBv<@jdT7cM15TZzbelDZc93*Qu%3{@V&QDX#-tdBow)7fz*^SOUmp zT=Nx-#mB2fl_#P%^ZaOK_-esIH>yWPMZ#0u&%-KxKIwtM=}Ihv)E3+U6L&v)?d#RY zt@HsL3fQ%SKQ()Te9jD)##_Qar91WkI_d7g-NQ@nJGcIhgcok&4}B`vY$F zi&SSS!}HnX|AHtde6sey*EqcSvOF%b)O&&Jo%WQajQXzdoddn#vR!v&@lubd2TI{G z4z-xw33>U0{NwFiA1PcArNGtptL}#=1*X^??uWQ2nQuSqe#pa#|2+*sL^K4?oTwpS zDIKICC_F(!F!n1Ng8YB1A;@8_ztj+jft-jOcY-i^uz*}N1UX7Wkf$^R#rEW7pvP3~ zN{?#@a+QW4=Ohh5o*iV({~u}yb`1yx5x|Nmj+lSyEzb}eTQ9t0kbE%K-hnI`>w4<% zVA}>0!!5COkn?XLluw^*Fc+`|<))?W7s)ACl=89!vt5PdiqzsU510pCrDOV?;Mqpe zI~IDQV$Xy5(AeXR&9HA%O-+!dI<03#amWUlbD)b?oF<1rk4a^iXmr^3fG(`+&Tcs% zy2R*9Ly(j%ZC&HX7l1AJ+}7nR>rZJ?Kf*+4<0rH8tMsktS-FhQm5@wh_b|ie!K#ntD<~@0S338lHN^IMbhPwYTjKxf z=}0D}N}Eg!pDafm-?PcK9j+=?Sn>?}e%7H_R|A`(6Nh$*J2atacWA$t=^Pl^Wol@0 zio?*dWN2R(Lg-Q#*Z;}r8qhVn!<%dT*&Sc~|9X6?(!m2vqi*wr5h55e!j^+4k1#cP za$Mz(@b#uaBXlQEbd-!RTSiz8=9^v4ihnY^(NP_|MlRuv3|$8esh2^ zU~M)SH%r_J6b|7IueWi~@W!hNY?DMeky$fDMtB{ok<--wqQbddA90E>2szEZkFgZn z^@%e}p=Rv>7(mT|qkxl86O>e_x$7UJrc`Kyl!BU^6}X1nE>eEM+JXIN?^j3lt&>MJ zdhn>+Nt03O&%L=OAY*EWw4J5@bW9DOxPz)!gPQUGU{KWfPeyf~8r9KHzB;Ol+)@4V z_*_*+2hCN9nk!NEn*D2r%Ao#(wfMi7sMMJL-%Zp%7}AUeWM+1yFjF7GZ(fJ7`%}DY z>tFA9>#y&Wh2f?Rh6t&ncHR~C$#&A$aL(ny2BYtC_ZI5m9anX|14HJYw)4Qwj-8*s zo!Gf)XYWq?-Oim~ytA`wHp{Nxc)u^%^toK?lE>gecEd9uM$Z~N{NTC9dKgJEsju}P zsvMHC^lv^gCK6~q!gG3PR@n?;-dL_|9M|pq*xX*wZANWP4@cC#ox9t!jXm!*AE}B?YoF|uZs~L@GGby+)qe7LoDl;7jF9(BU%5wLgk9!^ z@#{8A&$8!l%8pMRwt1rC7|Zs1B3i*l$LHM`Zmf_K(QxA1|Bk1&(YHuHLd~a{sa%9Iw=fih)y#1pG$nf6oe{T#79*TJG z;a#|@_syW;8q&sZ?sE<5XV}*x9ml%HeZ(X{x^FPIdAI_)i$(Lr$`Onta*KPw%S%E} zPYBpMSU3;_=UbMfHuQLd9`jRu^|l6chL2;ny*dHRPVpm2AOj=W9P~iB=3Kw|{eXG2 z?b>tjDkhm`1v(RCnU-O3VgIzYS-DQm8rhcFO*DW;*pTY6tK1rGb{DvRfI(sVmq?(o zu0|%o#Cg$n&R=jhTZJQ}9rAQw)!S%G&8p4lx8Js=?N$bPilFH1_-Le^b@mCe<*D+l_UY z7pbdeCU#hW*t|?^HxRmbcbXbawy$bnpFW9QG7%H-S^pBhPs|e0%IF~2ZTyA5X>sc& zevlqDw=2IvYkbJKhd6Ka^oH1rcM+QPL^OEFXpy)`W=}Q8J@^`&C>?(shHh@a6@%<` zuOQx7&ULZ7=$wERG}8upP}7bXuO$te+;s(btDaF|g-NTPARM3NQ^&M2q=ud<&qUA3 zeH${UZ-72%%?j}tt63k?pR3AgV9wKcqAb2jATThk)a63Je|+F>t?p=_UwC}95nfo9 z-lG~gyaP+yruJ1bVq@>+m>Xh=tFJapZAN6KR|8@(HE2dY?Crmp8I zc3NgX$b!%Pr-VW!EJm!U;aZegUeB1S0LUB-@Zx1=(bhy4ZRo4Fn3!#?Yx)GKx@fDn zcXwKg~sFh6GdAeT>EY{7?=nlWP;lX&{PiDHq=zmWU`Lqc@z zHyl4XqvrYkLDD5i{@}uTYytHaF;7*`HEH$-%v#Y_HqLoSr25m-1MZdXk8dOUIwma( zVd!I$xL%?xPrgfnMF<67*&re)vqwGw0D5k*UHnGc;u07@nCSwcLV&PXfZ)ePOXAlG z3I|HNn+}MV0P#05zAn`CJ`kt~Hoe2>{cJkqi61%LPoWEx#Jx@Y$47GJRn!j}dXRS@ zpXz7mBj=@^96wP`*sjQVO=thAa7_x9Uw0H3Syl^MOP9%~VKK92qVeCb2# zs`9zgXpQQJxRcDWN6@%5Y2U%Lh%r0;U`bcNRmKoA><1sE(e8jW8VVP^rLTQy+{P`G zI^r!03tn}5E`TP=0Fb^`??`CzrDM(h=Kj(ZS{v`L8l4xnVdCdy+GHu!3v_iuvQMTgp_dALkJ$2fLo)3oLz zcSfq3k1UIn%ZfZczI3zMSC-Y3-li2hh4G~?^OfF|ZX_-imlO}HFTatP-4-ZzhN{OQpojs$v%J~g!evfm8{FS;-O{K3P-Cii`0?rBx;?K&so69mhQE$1vHaEk&OJ6$* ze`eWpy=|kpRf);!h{pHCF-D#OprX!v`!EX+{trH22;B%nX{>R5_EppxuMZNcRqIYZ zC9otj_UGF@D*sPa{^Y_r$%QkM3u}`LrzRKHBo`JZ7miIXEKDxUPc9567v?1w<|Y^B z#LGjq$;M!^F@Q@te=UEqYjJ&opnrQw{6@PpeBp zc!3O>3pIWwY9?1D23%^1%MeEDx8Gr>7VG-`KwTTTRjHYK?RRe$iiiqx5g#;~vV2-f z3sqOIF@-~Xjshn1?@tEhIKC)uRo+hM^xwYI06W8HV(;a!J! z7`r^FI)1x(TYuNKeslA`b=`O0eQv$P?d#gMuc+gGiK{oeuROd*e;VfKJ$M~t?0v;` zBO&7m;!1*-sc@t?tJk{NTA^7Jl)I3u-e~r#9y9vBxy*L1Q-W;KTdm0@+1^9Llip3k z-*OK2RMAORfhsr`0Ns(bF>-F{vff1_n$k<7`xgZYqWecJ>-A21fB3bw{?sw=mQVDj zc6zrs&VM2=46&}=Z$*2}(dHtNF|1kK{|LHlQQS5FVDWLWlyx}PHSMpgqSJb3xZt?< zR#()i>a}M5Jp~k3IF}NSa5p2?eL5v9-MSvHLrYHqT3bDbcd0AG+&A?*=e54IbX-w# zp6BpRyzm@;t8Rw*sh#0g`|Zeisr=3v^E@hLze2Kr^I_`yZTI`QQ^(ZCARx`3qniKO z-s8>3m+fDQ+eFm^n!N;Q$ztgY;iD`Cy4i#KvD~fQSY~@8`G?sg%rJ5pPTr@pH=NKjei;*}a1 z%+9}&&WvT$@F=c6fk9vDA(6nhTcfNB{7{wJi_bAXDd@4L_zR9$X?XwHXWx&=V$}r% zN_YCria`9%fZ0Wc(gTgT1qZA;&3llXy*6BCAm3uim%5WwXa5}@AM4uqUJ6*Rl2I;h zozTCwe;F`9H1^+MR|*yMJVXiP5e+#^JXlwnQ^Pgv)Tc`4`K?X;%9!Q5oc5FPyJfiM zQTuKxq~KVDi`G-qAtyNslbqs?RI}%ZfI(d%lO57j`D;|-f^cR0n(#H)2jy7P{MIa( zi^u-qF>FS@OY~J8<}Qp(TYo570rp66x&*y-@#1fqZ;Zk5fmPub zP_HZ4mzGvw<2dLjXZr>72hf*_ily0Syc86ZxctTf3*~Xa8%RQF_G@IerfA*-Fw8Lt zjQO%CMNS(-fiyWRtCKY+Xif=OBf08yDo;cNtrY=tTcTKiyI5SV2F-U8>3qrP_^h!O zYX-hC&o+)}(RAfy${HcP^%rb`e5cmi{WN~Pb+zAlgY31KZ;u6g7>uOi;_5Auud}WW z;FNz-z`D4!NsEeK@LID^&D6V~ivY7V8GSEtF58MYn_GOfvs>rB2F4_{0V}6;jussX z&}3?VO9AJv@r42BU7#|Rym=fpvC);YUO9dL4$)z`(HY_A46D&!x?^$B+*Poy^x$H@ z_tS!H=5{B5*I9qTj?!*?&vvsR-9?!^`$|N4DmcyUInHXXf%w0Goy|?uv&jVDVPiwU zd4S2b&NOj(d%YhB2F7dQ#pfdf(!#FAXIaHz@4IF%mu=-_tXg;k*c||al|tV+i|ma< z$7t$yNuwZ@xG@{cZ=pq23aQnU`c$9RB4*R43jDWYATKAhg`SAomN20Kb4x*|-ugW{ z=bUA39z$WAUyAy;i(soKKiMz9n| z+bD^-&R`r#M$WY6`LAH-HqA38yY#iDKb}km;f0RuDlcJw7qud`7o}W(hc^xFv~#Pv!i= z0i#(!x7HI4IYVe!v)`s=UX-VV2ZxzZBItF%eI=k)WtalSJAcz#9&y`IR~4n;IO3U+ zVCx}guNv8FP|s@x2M5NMI2*R%-CWRHdd%^aZeKhUyZ(dr(j%1GVCA?>0cLd;5%f3L z%uG#yl?Jyc-P|~|V6&_{osA*0(+Luc=lY?j3_)^pR|>lKQ2Huy&d7Q-%ad5cq%ekZ zWBm=Tbf~27Li>6a0Q7%50hpYqZHF-i$ydpjJcyyr5c$nxh#qq@A-{yU1Zwo-RMhC# zqT*^0x7mK~FZ9~}n-~Pyfo33OhmjC8r&D>n`XX+yd2(zktFY`)-(h%=8jSGUepGkN za^Ac&Q11_<%gYCUB7R<)bsA9*6U8Gz(I+5I=P!_uoXX~ZNkaC$SG#qZ^ghqdlYaEt zODW}cM{hw45eWFx#c)i$;~{TgvODG(CrRRgBti3>TiI-QkPOmTBEUl7F8NH>MqH_z zFr#()-Kbbn10r3sHMh5V>lQa&?E2)qHDKRyy-cYry<#*%MY%=7qcSF8?B^UxgM{LD z5AIDVy;+teeM%s(OKJr-B7d8T#8TxH{W;L5;Pu%GKH+PjUji2@tLZ@aozzm2}8GeIujR0KY z(K@gxy#FAUhrg(ZaR!yd;Fw`w&6 zA9WtyNvA+5``0%p-0+L%IQlK-zLnuoc#w{a)>psuwYSkX7@yRb{cXVptL*j$a|z%} z!!9Qy`c{vJ6Q_N=Xm?k5VL`vK?t0nG0M4NKX6Gktah7C&mG^FIc*$CxYc2`Im*n)6 z2k-5?_nn^d(7k`V_Y>oY7U5lRo~CTL;3tzBOm3Fm8!#vNjGl}M#u0z?z2@a(y`yk7 zm)@3%l4+k+T}UePKZ-5}=FPTW!H7=H&eI6Gg2P&^dQC(4fL!zm*?ve*CTO9WAlV?E z0ke;F9oz;~QM&5Sb=Wt7a?B~m`QXpZuqE<}W2nEg=pz4_(LMkWiw-$q_eLWsb@F?-s_sheDN0U}=pe^YA^Sen#!a*VYt0wO#&C9!KCTTH zycLmLtQMJ-I&}VuV)$0g_#zp-*!cjdEXd>r z++NnJUNS!Atu3l{zIUMFVM~=^*7)NK{Z?Vv(WO4Wxm2S<$7g|6cvc#G><}K8Vj0eARhL_%qr?--4cMOMUXXl1X-)Z#m@>rkqf;7jaQghVcW>ECNzw_9?A~9H( z(^!0Y^6agPhSI`tQ$Y1U*UX2> z;sf95R!rMHWdMJRSyN+OepWffkQe&x$?%?(F2FtOAFi@|uo;x=NiF~82f*fA?$nO1 zcQGCp>#*~?pe5%_pq3#rc(ul{h(hzICw{vhJ71^UDh`{ygFtEjp2aZM)hhLOD^Rm$ zY>G6BX2UuKx*0VK?!p{LZj}4lk@Lut%LQLF>LB&0taT!_3}<<QT!c6+Be8tq+Z>WrqOC_t& zo+O*^2wxb*bxVicMJ{_e&=OCozf;+MK(-&-SHVGCjjSkAA5bZ`kiuvI35!I^*(+-K zly71b?6c^AG3Xqs-quwo{`wl7*luFT<-W-zf(>S&2%(ypAD?!-_(uEH zE2YP(U_NS^OU+N*J|or@hhZSa(iywQkUCe?^sjSF zDdd}y(){*;>!r30f1$Q+W=(S~Hu0h_&WCxF$JD}qz;TfEsM1>a)nc<0RH z;8eD~3I}`b8yJ*2G!#w}FUxRzfACg2uby-&y1v<7p<1jPXfYqyi_Kse6Q`7AsozTZ zRlTuZ3jdg}+ob`YP9upy*vU_#chOh=A`_wN4s31rBFtDVD!)C79t#wuBIb0Y{SJ6N z09K>l!@G*4##enfsLTf}IAV0eE{h^n?Lp&}JoT;VcwvbYuTZy*bHBi0(081XD&-jA z??y(eFg&9F_Q){t&0=3a!@X6K+YnoO42+-kgx-3DD+CSJO7YSnW|O}5mBR_PRff-q zt@RPAxoJ^dB!JL*hI-}C=kd1REB6|$ht&0~m1D_6xv}jli`{Z(S}RKkS--nMQrNA5 ztho*5@A@gkDWLE7S_4q>`FxEcEf0gf{GMpe3qXeRH}@-BIB@zzCg0yaGkgYatyK}t z*BIh`iF7)1rbor3`h^goK)Jwdsyz|bXR63q0u%FytyBV?i>&DE@G>?c2}&T z=yxb~6DFsg14+o2Uo2HvWr@q-EM8py=Gafb|A;KNXSn>L5*jHN>SQ*u5T5V_5{M2T zKmrlk5|7f%gw8!#sObjr^@qz4rPV1Amf^V19arH=6mUUiNndUm#zK=v6o` zc#FKPD88ag2DCpxyJDJfQMuM3Ro0B5%2K<-cBRZZIQYLpTo@e9$uis}`7B4<#k%p_~B-8Mz-SM}Cq zZk|eZv92DW#C{uwt%ms|nqFeHF@i&^UFgJ$sjqw3#yjyl0yL;oD;m!5F(4smEyP5IS0ovd6)l6Vlh7Y`oKI5i%-qejXk{$=Dnwo zO@TO4MpuH~12P~6BT{|9?wp+JhKEMfOvx~$vjO|mfnmJ=Ijh%4(Gj>oeSqG1^j2I2 zdJ^9h4&rK%{IGK7&Z<$m(aTg=)=Mx-9@#_@aYgi9jGTKRLmcz61@*-Cs4w&_rS>AU z{N|fjI*{(HZcXYf;#b;Sn8s1ENsYqOWE{0kV%@Kek)G$G_Yf8!-it~E_|&jKAk4Ly2= zf=%Sz#9u|H1~M0H@%EEJ=C2Q?uV$x5(r(j`#si5cZO2#EO0TKjYEj@~FEIX(DijrW zwbP%!5D>C5zsVDAOr$a!s|?o*<$QDxeg)j4~@WStFI?m!)Fg%HM{E1Hx9wK|*O6Jhr zK%8%hn$HSOi+*hE?Zu_Z2Hp6e7o}rjJV02qa}3}z-!wk#bzVc{UqRUbs@8Hi1@$Rk z2BP_ODIx$M|MKnBjQzA9_$&yQp>4qWryr4ILQM+)@Bo`cT#wJjtRaVld=eCVZFmCEI%faZ?{|DhYXndc8g7g?1JS2muA+4 z(0{mA6_RkUa#i@s^TCbEc3#S7n*e*Tb=Q191DIfFg5c}en{ zJo&S3jJyD~$k_Y2m#Hl0oC*OJq}T6$@OZh|lyl|e7;)?xBa!B1l)fEz^XgOvb?Q{% zeLQTiN&<-cRKXRTE9ZF;7UiG(uYPa&XacW~#f|;QM76W+A@JGwq}!EslyIeTC4iS3 z9gEPtj$vlwHTM^FeENj3zARqlO>o$(NZL5*qUSv<=CQ6DKx0ris8rf=a#YAy=pP82 z>S_u%Hiw8Dh4lKOEJ8@SGXxOArSP8!q1o3?l97Wu@)#tGE*_6v1}bMLnkm}vWl$ZWg+7j25K zx{=Y?JwS~rQm@bW?N3ajw$&QPArYY?B1`rSM%@9}OaeKj(q3Nz;N#pDqor?+Bg*?oJLq3)e_bS2jt+Ja5~{2VH}QKl|eW}IEQd1 z;T*!4yk6xeoJ$x>*sHP#=Mk2cvI&O?=Mx@6IG=DK;Q--6!ea>!B|MgJvA%lZFz*h1 z^&;KdZRLiEmTpMZl0C@35dU)cm&?CA{z;yE{uT0XEdPqVUEWWtWS>mlKqsW~55^^I}R!TY6F`f9#p&Wn} z?7$UUV`7ua|Y8(l&5y0~1+5sUl1n)i+Q9lhR8Z{j3$PzaEE3dV$*b#E(dIqRcb)m)H|oEMr|G+0cNqYVSQ2hA10ZBq+sQSyb|Xg>0q6 zso#A0H9wqJ61Q%L13-T>QR`e@2{Y+t>5g9Xf=C2J<)SLXFE&^2PT^}U3X=@Rj zlALPFHh?zzl)MG6psOV*cJm}_P^@dkORyVWHbf-dTBVldF1dIRh|dfT<<*nKFz+j! z_9*Y>uA)txj}1Gt&KvQK^KaQ_bZ8EjnbezPJ@Pt~75aA=#CDoBwTG1}fsbhDxX$8I z)!J}cV&?-m;Y$yd~S1%`Vqt28#J6Jz~s8a>gSarGJhfd?Q#sRC|J_PRSi&S6Y@a^hvf zWNd!KWKcO?tV^tX@##HawzJDc@uvELw>|DlB5r8oD&rn=rK)j5=SOZu-d6|JgFVa! zoE5}AP}L;Ndp&e%Qmk8w7)dSqM=lhg`PN&%50H9{nLt7QbFwWJW>OCg7C&P91B?ac zD!B4$Pm6N@m1nH^NbxVV?~S`I!?@V)-3o;AqMvc-gSLwKz6r8ZM<-XS)if15osYvC zsFsD=+(ou?B^x*Dw)6oe+}7WtTA`pgzw+B>kbDT091DtHmDp(ioxKd#X}<799|ya% zq8+jI($5r9)gyewy3R+VH!!G3y4@$+A44W+K+PJk+n12B+e=0h^)&01Fk}mcjP)35 z!21O{Aly)>#BV=G1vKVAyct3qLz({U&dwsHK9lj7{p31`GT7D!gsYi*n zV3R=s?_mtTBrX21B*|b3wirin1iX}!lav=z3h4HSP|0`}%P& z8FCUh?xiQy>>t5|4H4%{}1YBmH8jk%{uf?>NeJ~7JaqrpZ^c4|4QA7 zB_I~_pmiqFxum-{-FtBUrrkniP}H_~@%ie+g;$7HrzT7**l8R|YrNFx(#BPMo|>>D zGOf}#1OdQ$uM5_-s$(l<2F#62zkgiITA2rDjhX07_~NN_R#7c6c+FR&zFF}T=y3)*Jr0)#t#RX(aHhVK4ZMZ2x}irdL0s(am*LVGmagN<|#smj&e?c zE>bN1LNb`$Jjw{Qpz9yt^!0Vt9FzwfN_x$Op|;{7Cwzv696$aqRBUp|T|gBhoD!zM zZ_QcYeb=g4!okpe_t9B$1gzS^_!IriAFCC>0$fgGApT?qq*U+*>dcT;TTVVq>5BOg z6Apj;XQO>2Bbwy2Uo$M(c1`%4_S|9ooIAel9%@*W-nk$g^jWt=#xKAuN~4y*^HO3A zS|6B0J|}o0y=d)I!{?R+#_O%JE$8E$lBwf)C~Jp&4J#Rko;qL23?CN9JmA!%($Y$1q{(-hbF;+-iz~H~8Jc`+&TN&Q zUNR$HzSEsaDm|lQMuvQ6I2Wt*%#sVCg{;4#G{pVSPVnvE}6r4ljm|HM!my zL2qrSfcG3d76><(Qzss)iGIlNLul`UX|u{H_0O|m1}XTeF@CFD+yHCVaLA4aD<+KP%WuDV z2|zv-Gjoi9$ZD0l(RmQ4{X&&=PA( zja5-ei3YQ*#-Tg*L$bbCMARsoo-#Oe#tS@4Jk0Rl6W0^4DsC__TrEEYzyhU6^vM-uYO?U``gemCtFtin02V((xitMXP)cOSGQ!m z|DVjh-hlIpfrvL$PNOZ0M%?O*pSew`K1Rx+u!;yz$C|3kq9LkVz$Q&=Dz~P{40zMP zZNJPyMU8qHm9L_WskxX^*+959OkpkpwaF<?&AG{n1<5H9E6rFEgwC!2$CT|F17u>kVyco8MZ`-tBb9WK3jRC2 zT;w&MmEH{MWeRLCnlkhOydK^C4?0>8tUenvsGqY%|C)A{^f0Qc+bvQ&G91&9p~tI= zS9-hyf`}__1neod2|cd+oubD#2FTGb#Ml&e?x3BCQuP2$eJI+t@3<88R$_!u)c;?C zh3-y2nclK#Z_QyvZ&uw60MVUg@1`_GCW@@YZJ45unkh3dz&leBkq+Q>xZq0Jp>* z{(!}4(rthl5nx*LuZd5+NY46C$AtZ~0Xnnl3S;|}#Ia@3Q_i;vHo_)hTm=cZ)kjOx zfwOm?;#Q0E2f^WuLjs3u6$So>6Fr%;O&Xl{ag{d(vuY9I1ZK(q5@s2LE4W2fa01Md zU&2gPBrsEZX`%EwJL58uyLLSRod>vWqPOe<07w_NyXH>4Z1CXGb|!=OdG5PF?77PR4TnRIZsmADOIW zLOT7f9Aiym{VASdO)EaD)0)K!R6N<5R)hS&{K9+R6*4*zC+a%8#`4i2w#}+Z?>Gr0v3Uocy%q?B& zwfB7;*i{!I5?7a5^;50tN-Rrik4fazcpHea!n+CZEU*0ZiTMw;P$m#>8PNjK>Ce^p z%zK-O(Vu%j#h4GthDd*|Rx=-x9hd%Gd4^eiS5NfCW#NDOPqGuHew(0!g&9vx!jJoBNK zWMKy0fYj5rW!vs}P4cXr9DA=Jo`=)ZRaO(VJbPl?LtArFO}rI3*IXszFs)|(A{qNl zLq;PqvRQ%Wih<54{osuFqD-_v@yVBWCNj)VJDoHyH*={mlg80z`r{LZBp#CD)j6^o zMmG0FMiUycR2GiXd;xS(8FWN67jfu1GjB z%r4ka(R|m}lAdUv^*!WI74=Se^IcqOi1ryPxEqvaboh+rWA$i;vAkA~WW+1I>CQ+V zlTQTFAfIiW&M@!J&V8f2Tf7^;G_B+Uv%UQmaJDBOdQ&P+JajM!qd#50yDytKu(p?9 zV+m(v=g6aY8C=!$;GA_jR+XCmU}bnn?8r};)@Tk!7DGJPS^ns4CWOaIxCx&4qbiHE za6CF!qJNqWtU1`+fE8$UzU*zx`h4Ta`Fg9|p*5E0`1IDV6OzL@1pT9S!#6b>pFj%HpIdO4O>EYm~&Li0pCA}ER;wHIpeEY zdCVsBh*z`fn~&(~o%zV1uh@ zRRX>^f2``Uox20^`#i8M7+`81@~oA@wjjCXrz*=;wpGhH>NWZ@^andpqIB-b$l3xG z3gv9ddr{Q*=0-UiGCI#p%}&78($yZmChbHm9J1%)@nfq^Sv&PS0CB!jT^{oSth{=cP^fa^BlL?z|_f^PHbkzp88$P%C|9@!FJ^I(*x0O3{-w{Pq&<}MomvI|FWmwl!nmc@Jgj1 zVP3oDJ&vkwhk5GpQFL)^E!pRb%T?t%XrPgQFoIj%c3c(Wpx$3i1@!)Ez4f=!VF7`x zsQ)G(|KGhIalH32rZNR*xA)=ym%V?oz{L#&dDdi*>t?sxH%G4<81rn zPy!|rF+fBDSQByq>$7gpde%*j4Td{D$1Sh% z8T0Mes1806ek?KcCYu5V2G+p!USzWHe`Q%iIdHB&h}PIBU7_4?u;F=?QCwaM&#^=j zA>R5ZZyVm=BWzqhytI`r#z2{kGfJ7y^3wC&GFvsa#!R~JR+H|nYSK-&`h(8t?8bY= z??w?iObO5Q8Ea~Svlt(0@;8bb=Z4#4G%D?s0+gCkfTQgL2jQ=@MlW5&lklrUxJtay zoL?Y340qhZA9ZctO$bpi+)S5(qIhCCZi$}eS83ubdF&Z;F zr~MLX8Gawkh>0^<#i{snt{Wy69uLCvdNvhk9S31+x=g7%-jq6iHnL-xUyPqkS$t0D<7ac3>E9)qo$^^p)|mMRvS1DU=@A=@^$ve)C(M z-=;#XUzFL?|BH~VAp2z{vdbrxoTuQgUb@&=u-H(AV%r(NQOZ{4uzn`lo;H?24YP=q z1F70(5vTD&I8*HP11yo$MiEIlx8Es(C?qZ$mE6fJ{0U}(t9dk0WiRmA7Svb-3oYy# zvoUj=v7lyCN*|(zW*g5|yHZ%cYLz%*Dp+hBRJL$wjc`qWhBZD*firtM+Wy2PgdeG8 z13ILZsR#ltNRMwnssS;;3H^)r|e2 znkoJ!>IyGuNquCx5SoE8!8iF<#WG=e`v6T_h+RAfj?T~Ft42w$8q2WLY1Fh^od%z> zsNGb?j*!$Hs;K`M8w<^CDX%#1{)13(es16t)ohFCVSb{$QyPNd2-_Cvubew(jPAw? zIJeIroiYBTpM!@wuT4%IA@%6yh>&`AvkLWV{ZMuk{p7!_vHLq{$fEv%6dNtb91&ewUt>G0)qMsdF+N6hl(}cQxc&IRnag3Jc)~TPclJD}Tf0<-4dIoEC*B+NQK+x^R!rEr#u4~9^*LffiRDH>P7lgwb3HH zz{RV8bS<12bgs`Q1NzMw`WSs#xC!&5IqH##GB383 z9Etje``_2M$ha*I>DD#n&|xUMV9K||EtjzbR`GOqYG73X59kF}6?2g)J>g|-MXG0n zWr;bH`hPX=E}3!sdeZ`w;w^_C3tHnvd^TbA=F%coRX z;(d^~Ey;N5QJF!vapvpT&-5&oxQ!Bv*0?rHBi2HdMyy4#No4V*2rs_4m1dlX+`3Wv zBHg@|upj4#RWdphgFP+B_KLyb)~0c6UccXn8Vih7vV(WpbUx>08jUQR6=N2cH2)M1 z=wd39drOR&skVJ1IP^a))i9(Q=&uD1pRpa)1Hu~wQ>NNp)wf7l1=YHW9!N(x5mYNp zdH_)a`r8pN=z(1HG2)#_iH&;0)3$!I4Bl#|)um9*|B-1aTmzPY)0g_W22z|!NXn+4 z|EQ;}`Ch1E)7qLJCVKg`H9r*9JrdOkgDF32*H{`N4ddCCMUu3PWMlK}G*ZV}FnJB8 zJ&!IWUp7|W)r^-l#lf8Wj3>mc?&A<+pJI zt+dV0ii33YfipeUCVRroJH;Xi&5LNHBh-9@SRzO8wA;D;vp`$CbNjo2-HDuk4l0mjp2lSy}suY2`2>$M{tde_MLyqdAFLFvd4`} zb71VbLsXlPk?Fj9tAvA9aN?8B9Xr;LH={*_m(CqOR8{(&{qOhO{3I67NtD_D@aW2v z-?3(@?2M_l=~ZbQPH$m%s&jkGQ#dqcrv-0~SWmx5Gd4?j>gwF=efvN2==Vu*!Fi*P z>gr3#!Nx%qXPEm}H#9<^jwhg;nGWMgajod>T>niPjx5+Z*9%d|pFNoIh;zplNw#yx zHkIIG`wu05_JT_6n^s(G6`9PD_h@=sGI-VCK9$z4w#I#(Nqu|&8IS&mnbdxrN!@2A z6_Pn1taHaB&&QDLKB+Z&lw@WqPDDs{YE9Qvq>&1fVx%HMw3d_sU!GtViByRMPW4{% zHFF)ox#L~^&-)K2e`>|d!F$O&tL!V%TGDz)V#StNSvSTurT^Ju4Sd+ULwJyAz)<%c zD_DeA9dfo4?y`sT9+|^AcWmCJisBJzE&BhVqEL0mP_-&>s@Iyu^g#|*`JFr7&<{X` zV^%HbLWK;dVAg5v1V9{;QLAlYiIgH%=MN!U~c?p-(O-kM~#3mPio`QbFp6nZ8) zN45yQ9oS9h_zD}otScEp1L*SXp+1)J8R;gU+Qgr*?1zFimi1*^NGQ@FcJxCE6gd@c zuH(Df12f=j_ME;ODzgn1*L0y7fhW~K=v+UFFh{)`+%A)If=Dwq%Si6rk#_?oN6>3S zNjDz356do%h?wceGA`8-M*02FQ6(anx6QfZW@^+}{lxwcl24lr`@KlRetmUum+s}u zHSEsr<&vWvvctgkc1NYz)Fk81?T?QUNrR*z`0O@29kz4FEu`UE$dh{3R80HVQ$atL zx}U8$s+SGUyQH(Dd)w;hxIORt+x`k)EBw1m<}7-_M$OAi8FBB9N)qYZ@hJpN*?+jF z>M^7AQ6{?IS+Ob8KV^rHbNiF312&tV8b-L2C#|>fNM{%PiNvr!(g=g|F8yNa)DRb5 zCyU`)lU$p|-rYrG!l6F;>DCXEO!N0Ifq|0IA|sgg0~ut^95{FMrP{Ee;2h)IjOcjr zFN|+&#C7cd+@n8qt})Jl+kE^7l|s+szBLvt(=taq``y2?nU$AD^!@t}^;C^2I(#V8 ze{&G)q~4fL>RID06J}sv5&+oG=p>6YxE?4?BZLRU&kHMut}Xz3l(y zu*R*9Z_|UEmk*$*NXJ%5hrao78UC%itj)GRMeT-&gG1yh9?pc;r*ISk)>3{P4nTJe z%?KvRu2{mI`A3~W>0RizJ%NdLXueEii?|mq<(G;xUcW_{-978$g+tYJd~&n^*KNgj z5K=+tIp+58NVc`|gq@NhcJ~`h+aS>k>)Temf%+B+ENlq74x>qrS==WsJ0N_#89!pR zH4iZ7cPFC-4xJg02*b@MP998*mBx#Dd_w+>y3$B^@g4o`d^zOrfY(M|V`kaRn@ zKdi{h$w|Fq+^fzzawwhPBwGiQIU-ZhNV-I0sPfS74M?0^&_h zB+3X!j%~(T=Lr7dF4M@nn{eb=Uc%}vdvTq=-e=n)6@u!N&It@Y$=zNqqUbMirP>ZS zfBlJVn^cmL4o;NI#ZF1V6vl?osCBy~DqfJHH`79EY;V}!nd#9V6H8Cvj<2G`dBVCF z10Tn22(KAVIeU!9RRTQ-kzTtlbaaN5Wl8?(ek`CInZj;?pRtFcNIZr<5~2lD?s4w; zdR+bAIDE=4S2Oj8rPWo#H=oHo=rjcrj{ zu*#-mo04P%I!EbNnJ8_OU;^#EboC*W%xM7K5H}35cKWcP2&UTtk#xxwql8v()4g&- zuDu1>e2i5~o=s8_anZ8x#6F4Bs}fdd(~Hvdy(jjv^_R^Cy+?hN{|DbCRHaQRSuHPH zj+pAKBK5sXLhlDGsTmSw1j=eydzub_vy^Aey%|ZweLIT69Up{Q#pk_LA6 znJgX!d>~xyKvYY=9 zn`?tO2k$oKf7sZQ%bt^ha}xAFjM^ETY0ux+ zl+H+!7G|pS31<}FYCp`BYGKFE=|`-ZWVT?n-QVtWD*NA0N!o=X51dL_^R+;GJcl;)Hkrjn=wKF(+3|{u%A~`2>QYQiO0np0 zDU~HP&`zC@s*c%Avt@~ zvo(~2;nKgF=WaHugg^3q@x35CVY8Z6svQv0g|~ZC!{LN!BrDh~r#5##Ip4)b$nRh9;)I4x7L-m(~()mD^C037zo5hXN~k7`ud|Gq4l z$@mbKm8?9aWtH&RP?LUi1aHDk%Q9G=U6rRJmTzt9mHpbW`>n7-*~Y5e>{BeSzs%XP zSK}vUX77;$huM351Mri*M|`#N3|Ubw3(u^RhFG4?Wf>8(H!J@rTe{3dah?lid{1M7 zjiVbmy0y(#ZtON6d^cuW%jzr!$~K9%NooPRtuRgU(pIR}8QKcfI&&Kb^u$tFCL9XY zP*O}KO=}jD%QR(~iXuqcB$GUo#+jBAMG4-KD{F<5YV=97^-0s)?$|j{*0u=Zju+8U z{A}&8wpFVg0PTgnr3PHIN){}AOF2Lp-4NirS+?)9lKp4a+xoJ-_>{dcaQe!%@qxom zBrCmw3r?yvbJ+8yF~;?IEGMStH)ZD(hxk`5Ldv23?ymP&@ljeMu=?ye8k7Jp>8SQi8jbz^5R$#8suW)Jp)S#i3 z=cl;Z3KV^0W1v4dXsEUMDVbDQ&O1?KehUGj3+8Rl!2?NHxxD7rR$!(Rmq**vIsPHn zA92MUyOmk-&g2b0BG*C*&&e9G-fkwG^A9S~@2u3cIr_e*x#LM|{~l{)ymKR@ErSe% zGFSGft8^dtO@o{~@@E!UsVcD0NQ;K4Yp*bBCk7{89tgXdzVeKe8N1pK1&hK%S*PpR zf6&IZvNaQE}Z=8Jn<@z1`0B&7xy} zcMsX$&7BWoT&?w_dY8yKb(vDgT}r7Oh(U2lpU?ast?Z;oHAH?R_bp**N1H20RuL7I z$aQ%lyOBptvQTqTWzVNsSgW;5op&DUN3u%fWtueO*}(npagXYI;SY@Y4*JN^R_vkQ zQ|5A!*^k&L&p~1l2}yJaYzxAiP_jb|_!;7Ih|I{@xVQQJIN#iL6Eg=>Vf<6gEs_#N z`#`EZdmNEbWabSv4BO|yHJ);&xm(8B7Jgt z=!HmcS&|l$={-_|OXO`0;>acbVVW>>awH*eFpj+)+`3|A6S}Becic=Rv8aA|pD#&u zLe@)Cn$W2id=5+4uc3T%~NZH0HaYkE{hVwG14z>2b$P`o#H$ z%hQ|`5%w*WnO8|U871kRMK#aN5#*9iGLq=XT1U2(@UK%^7p^XY8~2(8nuw58Uuahe zxVmcsxaNZ7j8(}@M|X83MM5l9d3JpssXXxa=SQ9q92$u;Ph%xc9; zR9}iddC}BJ0=v#cndI&E>`o zsa%Ub)R>f({jxDPomRlP{UrTV{((k2XDIjCc(qkTfyeGw2^~Nkg7s6YC@N*W%#@+e z%wEL7cUGXXZz>3^E}#$0V?Rz?Ndd_~(PS4FVK{uX7Qrs!^Qhycq>oe?m5WvYiCMxHbnKx&feb91R2Ok=vYvA}9>vdyP<$U9*!o#)d;`d6QdCvM2Z z&OuM38kAfjYu8KU9gcKqG97;>u`#(yKBY>+$`!HEo63qr4sTk}g*!JISOnPB?~|*H z?Sa1}?a#>!RA$;w;`R~=aLdVPSAGj_qeXH~Lc~D`8Ki7_iKKB~d*EO^(h%Q#cEtO> zHig%WOEl_&7IKpgMxgr-%Ah*Etz@3si>T}}mEG*Nl7-Ty@xVAQ#gUWfzmkzHUIwuE zj@Ka_-=sfa=a2GuEmgo8&iEpuVW;y~M9kAQlTzgdN4v4Lgm?b@NtI*9BI8Z!RkDVe zzbjJt=1S%BLM$3AQOkZjmEdl5(YgL&Gu6W2(aeRp`h-j(&B(B>sG!s0&89eguY3zZ z6fz|194RuF$d)b*J!%HbnJc@bpyQ}aDNP>dS)89g3zFqt6p`=-gV(jnNd$eyVwI(Y zz`?-Z9cu zdQe5N*@_}?vTsvAIo>xzd`yBzE2*bm{8w;;n#0J6Ua4c!^#$kG2R9t0xy%lh%mX#E zpOX5;Tb%)_yv~3Tcu{U2XTitH<`&83T6}b76J}B~R#(QaUTn;-;tjFDub_?LpKi>U z$LntU51rT#O^3V{Oxft%UMP=8*c&6mN&^Xo&0nWGGHuHVMesVDGUz4V@btGM?_ac>rabgev;gcf{4YEJN`n&9es zW5(hIQiaO&(~5O&FJf+Tw)zv20Kdhuup#wO`ZZw*j2V^2{KYH_o+gxqv&+;up7t=u zFS>*wm!p%pr1zqk>*z~RG_`22$fsV@)7Vg}*N#c_Mg+7C; zfT2>%fCAs3*Gp%ub9)iR#DGG7By+CR_RHWMl*cbMc~kcdMJI1in2W0Bd`eAIgC}GF9kMH!@@?mKF7W!aOI<$%D;llq^ncFn3%d6gt($Dl9bb#% z35fcKj{0kYDY(rFUf+im(dUhB0vgaHdh$n;{pY7Lu|a~Er|bSA)KOlT_9uK3&AA$7Ym`2uK7aO zG)S%AR2(HO4ehL?ZMtv@x{yOgPIrcO^FTd5Boc(h4uK4*`A$xYK?Nuf;JmJVyrJ-cPb0Kt9GaP30 zFbgkd!w|p>jCyxd$|cgs5fm5YzvchLR?GnmH79w6leQ#Hx`>YF&|B%#W!z$Bwg^A* z5I)0lqrX)^H{|O0rZ`60%B}(ep`4OKiLpSyer&1)6U*8QXS@R$hIlfE{T)tZ_klQy%ZhlEdq&eRq zMS8Q)ooQXB@kyCcOj=}PgJ7R_Gn9LecpK4p-u+^v8 z{240uV-U(-DH1z6&0X1_niI~>vP%6(mDSJxW|oyH915(qTNe%##507 zu3PthGjZDX22S5*$7$?{m)I}nwcb6>|ana2({=5jMzhWi0}9k?G501j~*K8Lq8B;;nMdyyQ8dMa=odUrBZm|N5OzOPK}MOiVIa z5WOw%)xo}*ZHa@$N9jbpRVJC9ae;#;xk83(-)l1CvF2D>V}Fiu7s|l|M4L2TW=IB@1^x!s`>;!}IH~-Uy zfx%~(niC>4!ta51_sx6Js4upX`Nry3VCxA7+! zg#{t*(F%N)?oT$>2{$sLu)wzW#@))xZgb_M{cp#l`t4i{nb>|Or)9T6ndYyur1J|j zbQc*c>HH9_{)b@0$-tQ;jyzIK+(sJTV_qgF*M<9)rJy@dyRP#7o-Bx?Pr&fCw zW^&i)5xE64w&++TjGT}3jn{9=Xe&~yYP#24Y=kqEZ6W_5ri-^L{L;@*N;Z!L~Krs_Z3a?Iojftm}nN^ID*YD z%G!F-^tPgimE%rEp~ZXL@*ECL2GU8yc8{M()3zz$^3dv{70`F5H4C zA9@LfFE^Wpi$!)(L5PEHQc*g35Xt!qt``M&@fY*&|6Ruyh4pkGqJ9Wc~_4L{uar6a~@I%Jkp5Mv^=2@{6jxOQ<;KE`e4$m2;PX zQB);0v8;;VSwvf3_@XfSpPCY*qWV@<;GwN58Jp!B9-`u+X%TTzktr?;C~;A7W+u1r zne~mda$Zzs{j{KrAUD0T9vS3oG3T9&>QQp67f3|SQnDm{7t*AwM20NSv?+EF5-2g! zNr)NEdu4plVzTcHd`3+%rp>eFUqg;cXKufPTa|3I;`IDejpwYLKVuv@Cv6_~7zK!q z+0H)$X>ef&*kO5)F#l3nx|=ggv&5(%Go?+HI%5*1wgdFTe} z`>=EQGoww)KiTy5S!;b;$8=&fb17l34eadMdL+pV`;>5`N+no9hv5|dN#dIKonKY(gj-?J4I1c z86}D`=;R5wvr38}%9yq|w%XBAj5CE$&olUUsdh^Gw2sm=q)JP7siaTSD!IYb_6FPB zRs9VXEtCg`vP>z|%I<-P_^Crqc(kc*cHP8GQ?Rs!qy#=k-egIb>@>m@ox8kb?NMIk zko%+Ux=pXP>)vtts))L4xkW&FJhXDASm~tU$#5bs z6B}M`G@aOS4KhHAclLC^v>TT zgAW}wd5BGvSTIH2HxelcVQ~<^oJh*_)-~j)sxR&F*hvG9M2eY6&)w4AXW8If83{cQ zlb+5-=iL6PbPR}hR2yX9KC{I#kvU!WWrvc>;-Ps_fs8OMaUA6}3s&DN)Bco>KO)pe zV%5_cK7J=gQ%psz93++DA9PvBQk>iOa^EXbw;9}aeZG$Bp9FEvT<(tce72&3{YSE2 z=PKH$6Ozyg& zZy_BSo9wCVUzVMj>HZLbr1Sn9mwgm4;mTCWk&7YIr6D-iFNS*y>Ee@X`9u!I%ii~~ ztM7TLuQnkiv+=SK>@ee+aEr^5oh`=$hZ6%w5<)5JfeGH35SA4O!e-g^B)!fa8r0bq zjk2oXb=({-3kzlS9m8c2kT)sv*hhJjTu6GEI?2#ETN-3|GhxyDL+J2<=w&of>BG%x z+OzI&Eu^pgetO(>FTGf%n2%IwGma;1zt5LZJ6Yl?p2BH2Im~lx)EoJ)a^-C?FIerc z&-R4*G%55qhAD?EH1go#6u3kO$LZ=d|7a0n`9C(2f?T~ipiL_f-lL0QeddqwC0A>~ zIXb1&M}Qm&2haH_vgn>6$MY6y{)8|jZC8VjnzIIZs?N64xg%p{_FK-D-_y;g^Id;~ z6#bd3aYgxhxoH8dgL}pvmu|?6P;CXXldsHMt+&evs>)-elzNOs#ZwAw+{l_z3OD2b zVAM{QUbDy(`QH{5}M*7UN=)MXkqnRafma5UP{ zIVR*}dgD1(s7}F|H(kkoJG{t}VyeyG=bAEd+?b~5)gil*Sfxpsg{s7ODN}Gdu`?lg zybzK`^e#y;s!YM6`vpRU5@wvgE%YeFWxGgtC~XOu8uxz~i+odpWgHcr=bPdY;l*os z#3EWg@=tkX!`qLjxCk|4TJ}4IoMp4y-U$6k zd5Q*Q6}D5#R+aZ99X(%v1`rtf5zfbV9NBepWlBcr=mCUUU>*-2-Yt{-cG zrc@i+F!eeIS+1i0hh!i)6kf_V36});+1Sh>+5ylBFOuH8iQ%vg_#QdmulGq`GJ zCa23ybE9ojO6LBb@7q?4X@V-OUZ=ZQazLXLy`D8aW(xYCk1O=-uQnyK$=0r?WO5wGOiJATNZw>c!ycR#M`73lugeT8WB&&y-W-bec%qPK zRP4+jc8y@X%YW0ns8auoqv-E&4bsHel{4u+whB|y;U$fbEoZ8scZu*6hG3`H!YeF z_4l!DuiW9|oi>8MiY3Y6GRT(csWx>|#D4_NFjbe%EiH5z3Cak`X&(t%b{1arg=E!urQEema%Zis7H7#F-vg>*xFOFBVGM0Wjj=v@g>mjEW&TMF&LLM|_g z^REgPCTyCU&@v|>RNwr5f&XG_0iDY3u)RrMs47o&?4`@1>O*(oOVM!ycXYqS^y9m_ z`8z=FX(l^5e$PnI{Ju+V027f^$Yq8ilZnui3^$qH-nezC3yfrD~(e+j#=c@Ct+r5D=GBcJl{puK$o zPQ-yRN9xEK8`r74NuPc{e5mg$fs_B_rUAw*pR-NvZ{=8cufS_zEq8$4r)gd@ zCkqnoJO3#8x_7F)tZRt}GTH-wIK!DE1X0eGO;SzTs*mOrXj=TXhX|R>4ppi2-)hvl z0-yJ4tnsW{lQY=xS2nL1>G0qD^f>&e@wfeky^NU^qhC(DObY!*#NUBe;;Xh(6Xsms zKA%LBd-dK$ya)>SO2Lw+@K0MvjAt`i^_yAeDlRE4oIib@tFFN{f2ymZuGUk%)Zb9< ztFEhcRaQ5+D}2?BZkMOdUt2juTT)l&8?Tj?SJ${JUA{V3c}-1SMY+%ITJBz6*RT?2 z4X(oC1=`5!uN!#d6cyeuuM2fpWuf|8#9yMS(t7nE2r*n;r475>OOUSW+G<}zZ=PR%A zRWEnf`F*4&qLUJAs;igc_G;Dj<@NP=(7Y?Xmd;--G1k|VuhcyF(v~f$TwY$URWGlv zsjeUPFvkzudfHM?-$lo-p3D(a%txMAKN+DHgZ-nEgwx_a&U!nrf2&YV2nMP2S% zdp*=rv*K#yeqWu`U9Aw!aw>O)ON^ATYpBcX#$V;C9PjFpBS&hp8{A&6>&AKIOKy_* z+?CZnSA;&b&~OQbqYAmcfqeS3*;3wh4VA72H-*sPt|Z&FZcW-njf!%ayP=k) zUm>*6JeAeU%a^(#-E!psbZ^RWG$hQ!(i%_WY86d?x(MpP2Xw>gI0xYkzhoyb9z!a3=hM zrJh8M=wt0gFOcscUW@-L_!Bq)UI#COR`4{~1|9}K13v(xCP@7smOFZdHq1L_SmlJg zVN}S91~(-xeaD2nJk4M0g``z=s)b>BwOC>l+ffs)Ru;M9sjjAGNqK`dX4HhdT%j8T zU1o)ntJODEE`i82$1%AR@~#$hmAhP-aj(p@FeS^~7Z0-S)+%u-WSy&~u68Mu$;uw@l8#s^ z>2lQ%yUJZl{2q^6wG;OWcZF&!otkjn&e+GvVt1e>C*Bn z9cvFd6nBN6);v$*ranrWYLK|<>b$;&@_JWRt((zc`qY{87t)~U-iW5o54JBw7O+>{5n=gMy=c>P>)Za1cZ=U>>L60CM5DD={<$VE~vGR33P+pYVQX&F3 zj+RdafN*G!%Lm@5T{S_YRmxbc##J?L535j$)aK|f7dGorupA7wRMDRcbNE&aq5+^e zU;7#69q&@(s%uzf53P7+8J&3pj0K&s&ri2o=_;@FHeqh6_EouR>s*!PzH)6=z1w1N z=+IplmRI|Hbli*}UVlZE**d7>Ci??l6a7M;U%~L8O|4}RZ}8XS%jI23m0#|nyRV75 zt8_P3Qvs!&R94D>q7^nQb=6dReVt9XL|Q0KiQ&l1gEonVqgrOIfB6!6B^lAGs%t7; zR?WYH|R&e$b;UTsoC-7->9Ukxua z11=?+bQg@1P`nZb0=@yA$6s4vx`BW&fK)IaHLo5MSykNH+z4eWiCdLIQ=Oj@t*fYj zyHk{|Enn{LtQC|wJh$)@;u>N$(mAQ1N{LNzr&gHJHfZ2qeW_4dq)r1vM*>Zb@dvOWLwW-2dR(q;dOIl7rRcb|5<+boJ zF0*b%h|y493-zbN%-6U^tN6VuYb&Z6>T0WR!;|@8j7#{y7^4t~-klVkHMrRgFtTvM zuF3}H9t|qka-XlfqRLElQQ1@%Lyy0LHtvq0P$U^vY*Vee=U!1k+DT@_LRx^ErdSEf z+E86D+;xfNhB7sqad~YW?0I(|6|t7y8W>8|W?_uYDrGij&1zXv9OaTyclmOuq0;%p zBzGRncmoZsUU7|9dp2ErsRU+|^isj-1Zv%`YOf*$b=z0vcGbFlaGlFwKP#3=393rL z;7czAk!CHqm5G~pX<%Z;;H_v~Rqk~yfsLXyKvtX;R-*cgrt-lT<*$o?A+1T<@-+7FAdQ&Q$bJRIn$xiPk#3OA zRH^}0xg7tJmI~?2DI#HDq$jT`mljY{y`-U>PQOrn7CxbznMJg_@9JnIt|5upGKsu= zq;wNe=USmj5D5iFO&XyjQ93Tw<8_Hr=0T)QlBPH?>Q0x)tZueuWwcvcvQn5Gsm`?( zQd`eDDiMn6bC$TJR>{l|8kDJ8=~exlRXoDrsYLl1M7>%W{f}GbK9Rvvs9sllg;&{A z$Gz}SX5FyH8G^T_Kr^g#wh`Gt+LS zOa&qyI=^%s*`xMSVPI8jy%GR@U}b$>HDggUcu)EAYDR^wVHKJqH{9VDKf0EzltEeb zQnVs9#3Kx$p;xYy@`Zwtl4N>Vy|h-528vO=B7^cwvjs~dt*mRR)nd&4T0)|>%6va! z&Ge1Ac_megZrH4DOWYOZ#3a49*`t=#d3;UOVVDu@ySOc9rsLC!Iz1~NDj#l>)v)Fc zChOce?9BTD-6X}4yjrQDLY>{6khIf{Rk@`Hag}?htY;||YOCL;2okN24Q?hiQp4f) zD$MqQL;?mYHa{{)V_ZeJ(It}}A%r%CsY)lI8DeoK-Hxk@4>9~;BwG|A#k&+5d1JoT z)-_4tM!%HN+qzvd>F5+cLGMyYfzh(8kx9B0udAZQU0zH3w^*8mB{QckbjhG^jQ-a;<%*i}>g8S+9SLki6XOKjq&b*LXA$Et%2+RTBY}Xk^1z=k3~R+ETco%dDRm_= zjP+TGgh(~9DDM)}D5AYgtPjdvRb!PZZAMIrT#}-*SX;cABtn~C+u8mj9hBLYzZeuu z8@+0g>L#r!3%lV{(U>y|SZ`By=4yf^r-d=*<3jrNPU?8I5^A<^hB(nmMBqmr%{i>H zDy)}!Yj&Dc|K-wwQV(hng8A#akdQVO?L0N@G3G&u$m7R>I%2ZQ2A?@(E-(Jx%@OH zRW#E2it6!=nunj}ZPdJ#+L8)QyNwGFz5%`s{sa6JXqpQ_M)O)^O8h=v8<`d{#xzii z>4@pqCeNQ*Jfw%3I(Xbo$|x+8>A=gE$+PFV7|dL^bosf)yDl3xZsa)cWj(~f^730% zt#7PWvr(MlAa}*Ek$Ef3@71;E{ccL&i03x96_MqCoax{C&Rl@$5uIB!eCxZ6Ylr|U zJ5#9=m^U)dO5pTKg)Syv3@E;?5sVsJQ?tU1MBK=fr9l`RmOrAAbaUgWZeU>XE6Kbo zlF@E%YLNIxot(oBGH>5VmpLsyTU_$JTCw43`qr5qE7P6dBXsLZwAk<~subPKLczZ( zR%HCk%o2~3Edi_==3U)GQLXdZj*0{9%8ZGx~{*4-z zJ8s3liVJ(a?VMq1^X3*#onA6`$dDo0sF9;bUPVKRvnM1udh|?5?LUB<4VdD2YD6HY zKD&zQ>Q^>YFRk*qM&;*Ub;ao1QMs<`7@e=Esq@#nCNq-31u}}eW*{bZ6*8JPxGvaC zr74SiHy%h|gUCc2!UDP4Frd=Qx6oAE`8SDfao}2$W0f=Ag*WEi(N0kQYy`<+y z?5Gw_<$ewXj_Ne5q)E0_xj+_>w8@%h0hkRIgL=>megt-cgWwB4DuSJw;BX`-_vq2H zX9~Yw{Ce|q@=LXTeXL(!>(|fvrFHvV)a}>5+iyU(U-|`p7hm9a$pwA`&;QGyzQx<^ z2?>e(WF&D|zhvvzquZ}%x1Z4Kd_SS(`F=v@|H)6v=zsE~M)m32w_iUgMk%^TaYc%$ zd+~HHjth|glJk>);J}Rk;cw9Y@Fz0;t2~qu}e{6OasaFcrK4vcbP7XU9z#8b+7q=Ws)1^tPD7oB`Ww{WppHNtf%;3-U!pEUU4|M$4WSN19fSd@8qCSYa z6m==;2dE#Q4nQ4%`fb#2qh61CJ?fjNZ=zm}dNt|})E%fzs7!`1zUWs}o>aS6Mjar9Vhx#$<$Ebr*2c!NF^@pgppx%P|9_o9j*P>pF`U2_; zsB2NzqJ~k!sIt0P09;@(NCmS&E~p0%Fa>0RDv%Bqf^lF4u!CZd2`WJvm1#N(9@n0-z%=SjaAM6#b1Q4`m!@I;e{gnP{eP9FB9HO zdd>)cBz&5L8{w0LR}zW}gl7`Sragi1asoM?EBLa%NO~fwq$w7Xwpd6SV-ZPjM3s2e zYI|k15&?>s+FUUZsivmHP^LsaVyiYCDUrKr&jLMr1lYPG(;sssUb7^B5eKq=hiQ*2 z(Xl)rvp9|IN(jJZNg;On#WoBzB}EvrTo%35gm1aqS5+swlgx#`CblUdHj`;d)VUP~ zocU5O(rekMB)cwL6%7?4cVa=bqAD7|618fk`bl_*)paakT!0wN!lu-V7*k4VT}?(6F1iYp|2UJ?30?knm% zSEw{Z9o5K6WqHk&XA3%#7&FI_2)p`#kSsbyzD0bT!&WlvDQ{r8qeAvVL<&fiwVEBr zSXy~9t)&uKznVM4;emQM{CnWp6b`=vstiuW-xUsj16&dehyMhwxH}xa3w$5kc~3ap zdviE^5zxUA@P}`N!)IJIDK?yedMG1x4pafe%YC^o0o?wehOBkYMB-mVi6Oy${5^RqC z3G1{18bxYC9RAng|6=i<-X|eR{3l+NP%i!#rzY6Ne|%cPDDj`$H=&pKPwAh~s{Aij zjh`8hBUMXtc(uMsgV8hdapckw?9@_|=mi{$feZ7GP)W3-85CeX$ai`X$3no2DtWWk zFNqx_jun8}RPtV}PZIk(994i>R`MgL1mI`^Q!pRJKds#{52R@qIS%1}1bQFHt{Pcc~CEzQV??e-r8|9K<1hJed4b`zXp62^B;+SAo^M`67#dD%z_X6U!V%THh>b$ zAL3ui|0cja56R!P%6~Ox_An*CW0n7M%vWH38dd635X``Q8vj!MQfK;+|J_#kdofcE z$$PBw7n%;m`~a%B4}c=fhw(4ve7W1F2@~^{u zCFbW*r9RyQW??>KmH)Zge=Ffj`7Z`8-2WI=1I?fS^I!Nb<-ZW5WB!I!{wpw#!@SQb z|0>K`m>)%z@@fH7Fn@x7DgSe||5vQ?uf$Cz?thLd?$?82%pLfb@D_m#%-^xf|8~q1 zF~4nw2mYn}&(;2aXO+JPH^XuND^#KPMo^0RBm7JG z-wZCr{2x~NufhCP%zv`VzZUaI%+I0r26uy*m_NTj``=CYlHPJK1ouBhwSje@5c46v zOM1QrF2=m2Tl?Q{m47wgv-!RaRnn`2shE%9U&`}b?f*Ac`MYs54EMi86?$y|C746_ zm-4>}48r_9tNd4Ez6SHVR{1Z-dN1XR{5{OJOT5YR{1Z(JOc9$)Skcq(=eaFzvSm!?f-SF{Fmb9GTi?f zRpPr7Ovd~%{)L{A_Wwhx{3GrEJ*)idaC0T@UqE$&d%!HrVdhJH)c#tTCnY0|5IIdx zIPes>@?LQ2y_rqm3`J=A=>l# zn?L&B(9Rd{7dKG#r(U3e*^iK!M{QLE8w3E9xNVy zOjf><;mG>njnR+K&1CWS>YJNDn$`1Cl#!Y z1dxvJ)(*)=3H5VT*IsD|wXd*gpMX&-ZCXEYCHTOwY2#3fz`1_&`E~=S1k1oJ;AZ0bI;tP6 z1{;6@&i4DJW&a~oW?I^PsFMB%QJJY~52N-)<+2E+euyeNm|9VpNoc=AO+$SPwLj`1 z>-#6D@;hm%VN{M|e}TvT`E54ss#Pk?W^pexvthml@GFo%Vpq^)(;mU?(aqYU84IP=HDy3f~eh}F?Www%A;M}#l&$0^Kn3K zc1oZUM>F-n%16}h3~n4&-bkZM-1Wws4w{?8%@MmxF?V-&8Ft<2augbj!5)9nIR1=X z_jtEqHvxCQ{q1iT6QxR@sAv00-C+i&>W_SvIwbUwdL-$Ux+L{M>XX!8sZ&zVrA|q` zmwLqv_}o7NlW?4?W#^Kq?~7jAr`TVFKHk!&qqkf7f#?xUD>s*-Pqg$y&?i~?O!OiS zkZ>+TpKR$bN8iKJUxB`-rO!n#g)i>MpdVuC$D;p=rO!t{)Y4BxpK0l@ML*2aPeMQ3 z(wCsW%+gOmpJnN%q0hGTGtmoCg??Ktz0mY~=!GU?|3gbJ_V=R~`iT8QmR{_Cgk9Odvi6{l)R}7Zkvda@Uh05^Ux(gi=^M~XS&O|NeWWd{ zKrdw~_N&lG+QJ(2QjTK34!xA4=+~o{auofY=%pM*zX^S$EdB-HD{GO!vL;C`?RyahTy7&zD4v_T*rOaV87TCfg02zG(@z;Q5W z19=8Zz&F8@;5Bd>^xA0CGQb3|5LAN}@I$a2>;-2)#+^2;1S|r#gS)^_!Rz2CNN%CM zfoY%){0Ga0!SBEy!Qa6DpMFyR&XA_dHjzJ24z_@Y z!EW$Ja02v(SIPl%z)e8vVLj^I7C!hpZH|nsd#E#aAN)N*n}qoI%AcEdVe4DO{&$vr z#K#AJPgP-@jh8na}i; zaWz%hNA%5Fvu5gD=ro(?MHfeKralfeGPY#0gg|j< zJ{St&Mc?JS@R%s7uV3`M$&*aMvGAOIzyNR%QMc&X?4x+pgD|fBFbZG7^~QBKcalR~ z{Xg?N`D|y#OA9q^0q}rEun}wp4}k4p4>$l0gX17^65}iw4#t8~umE^KBiIPGf(O8M zum>Cfhrw}>ScHEt9E=5}U;*%eMz9fV1rLDjU=KI|4uj($u^9hgI2a2`!2;j`jbJ0# z3LXI4!5(k`90tchVhR4ia4;5>f(5_>8o@@e6+8g8gFWB?I1G-1#8Ui&;b1H%1q*-& zG=hy_D|i5G2YbK)a2Om1iIedUhJ&%76f6K9&6K$9qa)Iz+rG4Bu>FU7!JmQ zQm_DcKqJ@)wt@%1cCZH=0EfYGkT@0pU^o~HO2Go)0gYfI*a{v1+rb`i02~I#LE?4z z2gAWwPzn|R4`>7%!B+49*ber91K=JNs4v7i(z03Of?HiE6-0k9qH0cZP3 zuPy%`dez3~<}Wx=Tc%uJu#Q@Yuc}s?R?3{H1|E{RQ*>S!b%ds1pSaYtXV@YzhGoLf zP@7THfc)fZ1Y%zNUDLhvGfAM}Ta3Au9o?8(v)YMW0sX8Er#Lm>zbEVTrb*0ou zv?IB63i~?QcBGB0U}qM$WmQ@VcFJ!u>T^y?P--3e>Ld^2BTet{S+={)=Vd4=i<1q^b#hvu;tez@6aVO(|K>Gj4&!o1- z{#=$7fQpCyUiy6L?_=X78ulTZ?k1ti_#lvRL)=L@NW9{1G?1_pL2jXmAN9as{UizE zmfa9hcYCR;f84(4;2zQ#`ME3&tK_VK znzY&cs7({ZkR?iIR*uo6YE+?#xRY^2 zaGzyHQDI3wAXzlL&CiiO@LO?U{UY%;U>0ggcruO)9*Gnhb`f{0V%)iCw}QRcMSd46C%oT(Ab6M&}REan8N!%%3!TK)WB2ZyP>CFZ*FJv- literal 0 HcmV?d00001 diff --git a/toolkit/resources/imageconfigs/iso_initrd_arm64.json b/toolkit/resources/imageconfigs/iso_initrd_arm64.json new file mode 100644 index 00000000000..c1d2457b787 --- /dev/null +++ b/toolkit/resources/imageconfigs/iso_initrd_arm64.json @@ -0,0 +1,45 @@ +{ + "Disks": [ + { + "Artifacts": [ + { + "Name": "iso-initrd", + "Type": "initrd", + "Compression": "tar.gz" + } + ] + } + ], + "SystemConfigs": [ + { + "Name": "ISO initrd", + "PackageLists": [ + "packagelists/iso-initrd-packages-arm64.json" + ], + "KernelOptions": { + "default": "kernel" + }, + "AdditionalFiles": { + "../../out/tools/imager":"/installer/imager", + "../../out/tools/liveinstaller":"/installer/liveinstaller", + "../assets/efi/grub/grub.cfg":"/installer/efi/grub/grub.cfg", + "../assets/efi/grub/grubEncrypt.cfg":"/installer/efi/grub/grubEncrypt.cfg", + "../assets/grub2/grub.cfg":"/installer/grub2/grub.cfg", + "additionalfiles/iso_initrd/init":"/init", + "additionalfiles/iso_initrd/installer/EULA.txt":"/installer/EULA.txt", + "additionalfiles/iso_initrd/root/runliveinstaller":"/root/runliveinstaller", + "additionalfiles/iso_initrd/usr/lib/mariner/terminfo/mariner-installer":"/usr/lib/mariner/terminfo/m/mariner-installer", + "additionalfiles/iso_initrd/usr/lib/systemd/system/getty@.service":"/usr/lib/systemd/system/getty@.service", + "additionalfiles/iso_initrd/usr/lib/systemd/system/serial-getty@.service":"/usr/lib/systemd/system/serial-getty@.service", + "../manifests/image/local.repo":"/etc/yum.repos.d/mariner-iso.repo" + }, + "Users": [ + { + "Name": "root", + "PasswordExpiresDays": 99999, + "StartupCommand": "/root/runliveinstaller" + } + ] + } + ] +} \ No newline at end of file diff --git a/toolkit/resources/imageconfigs/packagelists/iso-initrd-packages-arm64.json b/toolkit/resources/imageconfigs/packagelists/iso-initrd-packages-arm64.json new file mode 100644 index 00000000000..ef763d9093d --- /dev/null +++ b/toolkit/resources/imageconfigs/packagelists/iso-initrd-packages-arm64.json @@ -0,0 +1,66 @@ +{ + "packages": [ + "pam", + "attr", + "bash", + "bzip2", + "cifs-utils", + "coreutils", + "cpio", + "cracklib", + "cracklib-dicts", + "cryptsetup", + "curl", + "dbus", + "dosfstools", + "dracut", + "e2fsprogs", + "efibootmgr", + "efivar", + "expat", + "file", + "filesystem", + "findutils", + "glib", + "glibc", + "gmp", + "gptfdisk", + "grep", + "grub2-efi-binary", + "gzip", + "haveged", + "less", + "libcap", + "libgcc", + "libstdc++", + "lvm2", + "kernel", + "lua", + "ncurses", + "ncurses-term", + "nspr", + "nss", + "openssl", + "mariner-release", + "parted", + "pcre", + "pkg-config", + "popt", + "readline", + "rpm", + "sed", + "shadow-utils", + "shim-unsigned", + "squashfs-tools", + "sqlite", + "systemd", + "tar", + "tdnf", + "usbutils", + "util-linux", + "vim", + "words", + "xz", + "zlib" + ] +} diff --git a/toolkit/scripts/imggen.mk b/toolkit/scripts/imggen.mk index 3a6b42efd7e..ef02c799605 100644 --- a/toolkit/scripts/imggen.mk +++ b/toolkit/scripts/imggen.mk @@ -11,7 +11,11 @@ assets_files = $(shell find $(assets_dir)) imggen_local_repo = $(MANIFESTS_DIR)/image/local.repo imagefetcher_local_repo = $(MANIFESTS_DIR)/package/local.repo imagefetcher_cloned_repo = $(MANIFESTS_DIR)/package/fetcher.repo +ifeq ($(build_arch),aarch64) +initrd_config_json = $(RESOURCES_DIR)/imageconfigs/iso_initrd_arm64.json +else initrd_config_json = $(RESOURCES_DIR)/imageconfigs/iso_initrd.json +endif meta_user_data_files = $(META_USER_DATA_DIR)/user-data $(META_USER_DATA_DIR)/meta-data ova_ovfinfo = $(assets_dir)/ova/ovfinfo.txt ova_vmxtemplate = $(assets_dir)/ova/vmx-template @@ -35,7 +39,11 @@ image_external_package_cache_summary = $(imggen_config_dir)/image_external_deps. artifact_dir = $(IMAGES_DIR)/$(config_name) imager_disk_output_dir = $(imggen_config_dir)/imager_output imager_disk_output_files = $(shell find $(imager_disk_output_dir) -not -name '*:*') +ifeq ($(build_arch),aarch64) +initrd_img = $(IMAGES_DIR)/iso_initrd_arm64/iso-initrd.img +else initrd_img = $(IMAGES_DIR)/iso_initrd/iso-initrd.img +endif meta_user_data_iso = ${IMAGES_DIR)/meta-user-data.iso $(call create_folder,$(workspace_dir)) diff --git a/toolkit/tools/isomaker/maker.go b/toolkit/tools/isomaker/maker.go index 60da7f30a7d..69be75e6536 100644 --- a/toolkit/tools/isomaker/maker.go +++ b/toolkit/tools/isomaker/maker.go @@ -23,6 +23,7 @@ import ( const ( efiBootImgPathRelativeToIsoRoot = "boot/grub2/efiboot.img" + initrdEFIBootDirectoryPath = "boot/efi/EFI/BOOT" isoRootArchDependentDirPath = "assets/isomaker/iso_root_arch-dependent_files" ) @@ -131,10 +132,8 @@ func (im *IsoMaker) copyInitrd() { // which is booted in case of an UEFI boot of the ISO image. func (im *IsoMaker) setUpIsoGrub2Bootloader() { const ( - blockSizeInBytes = 1024 * 1024 - numberOfBlocksToCopy = 3 - bootx64BootloaderFile = "boot/efi/EFI/BOOT/bootx64.efi" - grubx64BootloaderFile = "boot/efi/EFI/BOOT/grubx64.efi" + blockSizeInBytes = 1024 * 1024 + numberOfBlocksToCopy = 3 ) logger.Log.Info("Preparing ISO's bootloaders.") @@ -175,36 +174,49 @@ func (im *IsoMaker) setUpIsoGrub2Bootloader() { }() logger.Log.Debug("Copying EFI modules into efiboot.img.") - // Copy Shim (bootx64.efi) and grub2 (grubx64.efi) + // Copy Shim (boot64.efi) and grub2 (grub64.efi) + if runtime.GOARCH == "arm64" { + im.copyShimFromInitrd(efiBootImgTempMountDir, "bootaa64.efi", "grubaa64.efi") + } else { + im.copyShimFromInitrd(efiBootImgTempMountDir, "bootx64.efi", "grubx64.efi") + } +} + +func (im *IsoMaker) copyShimFromInitrd(efiBootImgTempMountDir, bootBootloaderFile, grubBootloaderFile string) { bootDirPath := filepath.Join(efiBootImgTempMountDir, "EFI", "BOOT") - bootx64EfiFilePath := filepath.Join(bootDirPath, "bootx64.efi") - im.extractFromInitrdAndCopy(bootx64BootloaderFile, bootx64EfiFilePath) - grubx64EfiFilePath := filepath.Join(bootDirPath, "grubx64.efi") - im.extractFromInitrdAndCopy(grubx64BootloaderFile, grubx64EfiFilePath) - im.applyRufusWorkaround() + initrdBootBootloaderFilePath := filepath.Join(initrdEFIBootDirectoryPath, bootBootloaderFile) + buildDirBootEFIFilePath := filepath.Join(bootDirPath, bootBootloaderFile) + im.extractFromInitrdAndCopy(initrdBootBootloaderFilePath, buildDirBootEFIFilePath) + + initrdGrubBootloaderFilePath := filepath.Join(initrdEFIBootDirectoryPath, grubBootloaderFile) + buildDirGrubEFIFilePath := filepath.Join(bootDirPath, grubBootloaderFile) + im.extractFromInitrdAndCopy(initrdGrubBootloaderFilePath, buildDirGrubEFIFilePath) + + im.applyRufusWorkaround(bootBootloaderFile, grubBootloaderFile) } -// Rufus ISO-to-USB converter has a limitation where it will only copy the bootx64.efi binary from a given efi*.img +// Rufus ISO-to-USB converter has a limitation where it will only copy the boot64.efi binary from a given efi*.img // archive into the standard UEFI EFI/BOOT folder instead of extracting the whole archive as per the El Torito ISO // specification. // // Most distros (including ours) use a 2 stage bootloader flow (shim->grub->kernel). Since the Rufus limitation only -// copies the 1st stage to EFI/BOOT/bootx64.efi, it cannot find the 2nd stage bootloader (grubx64.efi) which should -// be in the same directory: EFI/BOOT/grubx64.efi. This causes the USB installation to fail to boot. +// copies the 1st stage to EFI/BOOT/boot64.efi, it cannot find the 2nd stage bootloader (grub64.efi) which should +// be in the same directory: EFI/BOOT/grub64.efi. This causes the USB installation to fail to boot. // // Rufus prioritizes the presence of an EFI folder on the ISO disk over extraction of the efi*.img archive. // So to workaround the limitation, create an EFI folder and make a duplicate copy of the bootloader files // in EFI/Boot so Rufus doesn't attempt to extract the efi*.img in the first place. -func (im *IsoMaker) applyRufusWorkaround() { - const ( - bootx64BootloaderFile = "boot/efi/EFI/BOOT/bootx64.efi" - grubx64BootloaderFile = "boot/efi/EFI/BOOT/grubx64.efi" - ) - bootx64EfiUsbFilePath := filepath.Join(im.buildDirPath, "efi/boot/bootx64.efi") - im.extractFromInitrdAndCopy(bootx64BootloaderFile, bootx64EfiUsbFilePath) - grubx64EfiUsbFilePath := filepath.Join(im.buildDirPath, "efi/boot/grubx64.efi") - im.extractFromInitrdAndCopy(grubx64BootloaderFile, grubx64EfiUsbFilePath) +func (im *IsoMaker) applyRufusWorkaround(bootBootloaderFile, grubBootloaderFile string) { + const buildDirBootEFIDirectoryPath = "efi/boot" + + initrdBootloaderFilePath := filepath.Join(initrdEFIBootDirectoryPath, bootBootloaderFile) + buildDirBootEFIUsbFilePath := filepath.Join(im.buildDirPath, buildDirBootEFIDirectoryPath, bootBootloaderFile) + im.extractFromInitrdAndCopy(initrdBootloaderFilePath, buildDirBootEFIUsbFilePath) + + initrdGrubEFIFilePath := filepath.Join(initrdEFIBootDirectoryPath, grubBootloaderFile) + buildDirGrubEFIUsbFilePath := filepath.Join(im.buildDirPath, buildDirBootEFIDirectoryPath, grubBootloaderFile) + im.extractFromInitrdAndCopy(initrdGrubEFIFilePath, buildDirGrubEFIUsbFilePath) } // createVmlinuzImage builds the 'vmlinuz' file containing the Linux kernel From b8128668034819ddae6cb9eb895d34839189abcc Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Mon, 16 Nov 2020 05:31:23 -0800 Subject: [PATCH 123/145] Patch CVE-2019-19126 in glibc (#360) --- SPECS/glibc/CVE-2019-19126.patch | 31 +++++++++++++++++++ SPECS/glibc/glibc.spec | 7 ++++- .../manifests/package/pkggen_core_aarch64.txt | 14 ++++----- .../manifests/package/pkggen_core_x86_64.txt | 14 ++++----- .../manifests/package/toolchain_aarch64.txt | 14 ++++----- .../manifests/package/toolchain_x86_64.txt | 14 ++++----- 6 files changed, 65 insertions(+), 29 deletions(-) create mode 100644 SPECS/glibc/CVE-2019-19126.patch diff --git a/SPECS/glibc/CVE-2019-19126.patch b/SPECS/glibc/CVE-2019-19126.patch new file mode 100644 index 00000000000..1f5720dd60e --- /dev/null +++ b/SPECS/glibc/CVE-2019-19126.patch @@ -0,0 +1,31 @@ +From 7966ce07e89fa4ccc8fdba00d4439fc652862462 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Marcin=20Ko=C5=9Bcielnicki?= +Date: Thu, 21 Nov 2019 00:20:15 +0100 +Subject: [PATCH] rtld: Check __libc_enable_secure before honoring + LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) [BZ #25204] + +The problem was introduced in glibc 2.23, in commit +b9eb92ab05204df772eb4929eccd018637c9f3e9 +("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT"). + +(cherry picked from commit d5dfad4326fc683c813df1e37bbf5cf920591c8e) +--- + sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h +index 194369174d..ac694c032e 100644 +--- a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h ++++ b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h +@@ -31,7 +31,8 @@ + environment variable, LD_PREFER_MAP_32BIT_EXEC. */ + #define EXTRA_LD_ENVVARS \ + case 21: \ +- if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \ ++ if (!__libc_enable_secure \ ++ && memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \ + GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \ + |= bit_arch_Prefer_MAP_32BIT_EXEC; \ + break; +-- +2.18.4 diff --git a/SPECS/glibc/glibc.spec b/SPECS/glibc/glibc.spec index d009a29b782..83b33879041 100644 --- a/SPECS/glibc/glibc.spec +++ b/SPECS/glibc/glibc.spec @@ -4,7 +4,7 @@ Summary: Main C library Name: glibc Version: 2.28 -Release: 13%{?dist} +Release: 14%{?dist} License: LGPLv2+ Vendor: Microsoft Corporation Distribution: Mariner @@ -31,6 +31,8 @@ Patch10: CVE-2020-1751.nopatch # Rationale: Exploit requires crafted pattern in regex compiler meant only for trusted content Patch11: CVE-2018-20796.nopatch Patch12: CVE-2019-7309.patch +# CVE-2019-19126 patch taken from upstream commit 7966ce07e89fa4ccc8fdba00d4439fc652862462 +Patch13: CVE-2019-19126.patch Requires: filesystem Provides: rtld(GNU_HASH) Provides: /sbin/ldconfig @@ -304,6 +306,9 @@ grep "^FAIL: nptl/tst-eintr1" tests.sum >/dev/null && n=$((n+1)) ||: %defattr(-,root,root) %changelog +* Tue Nov 10 2020 Thomas Crain - 2.28-14 +- Patch CVE-2019-19126 + * Wed Oct 28 2020 Henry Li - 2.28-13 - Used autosetup - Added patch to resolve CVE-2019-7309 diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 116f8ba8b25..11833386a67 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,12 +1,12 @@ filesystem-1.1-7.cm1.aarch64.rpm kernel-headers-5.4.72-1.cm1.noarch.rpm -glibc-2.28-13.cm1.aarch64.rpm -glibc-devel-2.28-13.cm1.aarch64.rpm -glibc-i18n-2.28-13.cm1.aarch64.rpm -glibc-iconv-2.28-13.cm1.aarch64.rpm -glibc-lang-2.28-13.cm1.aarch64.rpm -glibc-nscd-2.28-13.cm1.aarch64.rpm -glibc-tools-2.28-13.cm1.aarch64.rpm +glibc-2.28-14.cm1.aarch64.rpm +glibc-devel-2.28-14.cm1.aarch64.rpm +glibc-i18n-2.28-14.cm1.aarch64.rpm +glibc-iconv-2.28-14.cm1.aarch64.rpm +glibc-lang-2.28-14.cm1.aarch64.rpm +glibc-nscd-2.28-14.cm1.aarch64.rpm +glibc-tools-2.28-14.cm1.aarch64.rpm zlib-1.2.11-3.cm1.aarch64.rpm zlib-devel-1.2.11-3.cm1.aarch64.rpm file-5.38-1.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 0b244513fa5..d2c7e691ad8 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,12 +1,12 @@ filesystem-1.1-7.cm1.x86_64.rpm kernel-headers-5.4.72-1.cm1.noarch.rpm -glibc-2.28-13.cm1.x86_64.rpm -glibc-devel-2.28-13.cm1.x86_64.rpm -glibc-i18n-2.28-13.cm1.x86_64.rpm -glibc-iconv-2.28-13.cm1.x86_64.rpm -glibc-lang-2.28-13.cm1.x86_64.rpm -glibc-nscd-2.28-13.cm1.x86_64.rpm -glibc-tools-2.28-13.cm1.x86_64.rpm +glibc-2.28-14.cm1.x86_64.rpm +glibc-devel-2.28-14.cm1.x86_64.rpm +glibc-i18n-2.28-14.cm1.x86_64.rpm +glibc-iconv-2.28-14.cm1.x86_64.rpm +glibc-lang-2.28-14.cm1.x86_64.rpm +glibc-nscd-2.28-14.cm1.x86_64.rpm +glibc-tools-2.28-14.cm1.x86_64.rpm zlib-1.2.11-3.cm1.x86_64.rpm zlib-devel-1.2.11-3.cm1.x86_64.rpm file-5.38-1.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 01630a02bec..e4d87257dbf 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -104,13 +104,13 @@ gettext-0.19.8.1-3.cm1.aarch64.rpm gettext-debuginfo-0.19.8.1-3.cm1.aarch64.rpm gfortran-9.1.0-7.cm1.aarch64.rpm glib-2.58.0-6.cm1.aarch64.rpm -glibc-2.28-13.cm1.aarch64.rpm -glibc-devel-2.28-13.cm1.aarch64.rpm -glibc-i18n-2.28-13.cm1.aarch64.rpm -glibc-iconv-2.28-13.cm1.aarch64.rpm -glibc-lang-2.28-13.cm1.aarch64.rpm -glibc-nscd-2.28-13.cm1.aarch64.rpm -glibc-tools-2.28-13.cm1.aarch64.rpm +glibc-2.28-14.cm1.aarch64.rpm +glibc-devel-2.28-14.cm1.aarch64.rpm +glibc-i18n-2.28-14.cm1.aarch64.rpm +glibc-iconv-2.28-14.cm1.aarch64.rpm +glibc-lang-2.28-14.cm1.aarch64.rpm +glibc-nscd-2.28-14.cm1.aarch64.rpm +glibc-tools-2.28-14.cm1.aarch64.rpm glib-debuginfo-2.58.0-6.cm1.aarch64.rpm glib-devel-2.58.0-6.cm1.aarch64.rpm glib-schemas-2.58.0-6.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 8b6c762309a..a5746b7374c 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -104,13 +104,13 @@ gettext-0.19.8.1-3.cm1.x86_64.rpm gettext-debuginfo-0.19.8.1-3.cm1.x86_64.rpm gfortran-9.1.0-7.cm1.x86_64.rpm glib-2.58.0-6.cm1.x86_64.rpm -glibc-2.28-13.cm1.x86_64.rpm -glibc-devel-2.28-13.cm1.x86_64.rpm -glibc-i18n-2.28-13.cm1.x86_64.rpm -glibc-iconv-2.28-13.cm1.x86_64.rpm -glibc-lang-2.28-13.cm1.x86_64.rpm -glibc-nscd-2.28-13.cm1.x86_64.rpm -glibc-tools-2.28-13.cm1.x86_64.rpm +glibc-2.28-14.cm1.x86_64.rpm +glibc-devel-2.28-14.cm1.x86_64.rpm +glibc-i18n-2.28-14.cm1.x86_64.rpm +glibc-iconv-2.28-14.cm1.x86_64.rpm +glibc-lang-2.28-14.cm1.x86_64.rpm +glibc-nscd-2.28-14.cm1.x86_64.rpm +glibc-tools-2.28-14.cm1.x86_64.rpm glib-debuginfo-2.58.0-6.cm1.x86_64.rpm glib-devel-2.58.0-6.cm1.x86_64.rpm glib-schemas-2.58.0-6.cm1.x86_64.rpm From 6f11f9cd2b7ccc4d7cb06b1754ff4edf8a8294ca Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Mon, 16 Nov 2020 11:31:49 -0800 Subject: [PATCH 124/145] Adding `local::lib` perl5 library to fix package tests. (#381) * Adding `local::lib` perl5 library to fix package tests. --- SPECS/perl-JSON-Any/perl-JSON-Any.spec | 8 +++-- .../perl-List-MoreUtils.spec | 34 ++++++++++++------- SPECS/perl-Net-SSLeay/perl-Net-SSLeay.spec | 6 +++- SPECS/perl-YAML/perl-YAML.spec | 6 +++- SPECS/wget/wget.spec | 6 +++- .../manifests/package/toolchain_aarch64.txt | 4 +-- .../manifests/package/toolchain_x86_64.txt | 4 +-- 7 files changed, 46 insertions(+), 22 deletions(-) diff --git a/SPECS/perl-JSON-Any/perl-JSON-Any.spec b/SPECS/perl-JSON-Any/perl-JSON-Any.spec index ad402445c2a..ece266419ae 100644 --- a/SPECS/perl-JSON-Any/perl-JSON-Any.spec +++ b/SPECS/perl-JSON-Any/perl-JSON-Any.spec @@ -1,7 +1,7 @@ Summary: Wrapper Class for the various JSON classes Name: perl-JSON-Any Version: 1.39 -Release: 6%{?dist} +Release: 7%{?dist} License: Perl Artistic License 2.0 Group: Development/Libraries URL: http://search.cpan.org/~ether/JSON-Any-1.39/lib/JSON/Any.pm @@ -31,7 +31,8 @@ find %{buildroot} -depth -type d -exec rmdir {} 2>/dev/null \; %check export PERL_MM_USE_DEFAULT=1 -cpan Test::Fatal Test::Requires Test::Warnings Test::Without::Module +cpan local::lib +cpan Test::Fatal Test::Requires Test::Warnings Test::Without::Module make test %files @@ -40,6 +41,9 @@ make test %{_mandir}/man?/* %changelog +* Fri Nov 13 2020 Pawel Winogrodzki - 1.39-7 +- Adding 'local::lib' perl5 library to fix test dependencies. + * Sat May 09 00:20:40 PST 2020 Nick Samson - 1.39-6 - Added %%license line automatically diff --git a/SPECS/perl-List-MoreUtils/perl-List-MoreUtils.spec b/SPECS/perl-List-MoreUtils/perl-List-MoreUtils.spec index d57a06278fd..abcb0a94da1 100644 --- a/SPECS/perl-List-MoreUtils/perl-List-MoreUtils.spec +++ b/SPECS/perl-List-MoreUtils/perl-List-MoreUtils.spec @@ -1,20 +1,22 @@ # Got the intial spec from Fedora and modified it -Summary: Provide the stuff missing in List::Util -Name: perl-List-MoreUtils -Version: 0.428 -Release: 4%{?dist} -License: GPL+ or Artistic +Summary: Provide the stuff missing in List::Util +Name: perl-List-MoreUtils +Version: 0.428 +Release: 5%{?dist} +License: ASL 2.0 AND (GPLv1 OR Artistic) Group: Development/Libraries -URL: http://search.cpan.org/dist/List-MoreUtils/ -Source0: https://cpan.metacpan.org/authors/id/R/RE/REHSACK/List-MoreUtils-%{version}.tar.gz -%define sha1 List-MoreUtils=fe63dcadb0e2a6ae3ce981d6913a19e96fc56a98 +URL: http://search.cpan.org/dist/List-MoreUtils/ +Source0: https://cpan.metacpan.org/authors/id/R/RE/REHSACK/List-MoreUtils-%{version}.tar.gz Vendor: Microsoft Corporation Distribution: Mariner + BuildArch: noarch -BuildRequires: perl >= 5.28.0 -Requires: perl >= 5.28.0 -BuildRequires: perl-Exporter-Tiny -Requires: perl-Exporter-Tiny + +BuildRequires: perl >= 5.28.0 +BuildRequires: perl-Exporter-Tiny + +Requires: perl >= 5.28.0 +Requires: perl-Exporter-Tiny %description List::MoreUtils provides some trivial but commonly needed functionality @@ -36,17 +38,23 @@ find %{buildroot} -name 'perllocal.pod' -delete # Install required module List::MoreUtils::XS for maketest export PERL_MM_USE_DEFAULT=1 echo "yes" | cpan -a +cpan local::lib cpan -i List::MoreUtils::XS make test %files -%license LICENSE +%license ARTISTIC-1.0 GPL-1 LICENSE %{perl_vendorlib}/List/ %{_mandir}/man3/List::MoreUtils.3* %{_mandir}/man3/List::MoreUtils::PP.3* %{_mandir}/man3/List::MoreUtils::Contributing.3.gz %changelog +* Fri Nov 13 2020 Pawel Winogrodzki - 0.428-5 +- Adding 'local::lib' perl5 library to fix test dependencies. +- Removed %%sha1 macro. +- License verified and extended %%license macro to include all license files. + * Sat May 09 00:21:01 PST 2020 Nick Samson - 0.428-4 - Added %%license line automatically diff --git a/SPECS/perl-Net-SSLeay/perl-Net-SSLeay.spec b/SPECS/perl-Net-SSLeay/perl-Net-SSLeay.spec index f4d68ce534c..69f39f79e79 100644 --- a/SPECS/perl-Net-SSLeay/perl-Net-SSLeay.spec +++ b/SPECS/perl-Net-SSLeay/perl-Net-SSLeay.spec @@ -1,7 +1,7 @@ Summary: Perl extension for using OpenSSL Name: perl-Net-SSLeay Version: 1.88 -Release: 2%{?dist} +Release: 3%{?dist} License: Artistic 2.0 Group: Development/Libraries URL: https://metacpan.org/pod/distribution/Net-SSLeay/lib/Net/SSLeay.pod @@ -48,6 +48,7 @@ find %{buildroot} -type f -name '*.bs' -empty -delete # Install required modules for test - Test::Pod, Test::Exception, Test::Warn and Test::NoWarnings export PERL_MM_USE_DEFAULT=1 echo "yes" | cpan -a +cpan local::lib cpan -i Test::Pod Test::Exception Test::Warn Test::NoWarnings make test @@ -57,6 +58,9 @@ make test %{_mandir}/man?/* %changelog +* Fri Nov 13 2020 Pawel Winogrodzki - 1.88-3 +- Adding 'local::lib' perl5 library to fix test dependencies. + * Sat May 09 00:21:16 PST 2020 Nick Samson - 1.88-2 - Added %%license line automatically diff --git a/SPECS/perl-YAML/perl-YAML.spec b/SPECS/perl-YAML/perl-YAML.spec index 916835c4343..3b7284da6ad 100644 --- a/SPECS/perl-YAML/perl-YAML.spec +++ b/SPECS/perl-YAML/perl-YAML.spec @@ -2,7 +2,7 @@ Summary: YAML Ain't Markup Language (tm) Name: perl-YAML Version: 1.26 -Release: 3%{?dist} +Release: 4%{?dist} License: GPL+ or Artistic Group: Development/Libraries URL: http://search.cpan.org/dist/YAML/ @@ -40,6 +40,7 @@ find %{buildroot} -name 'perllocal.pod' -delete %check export PERL_MM_USE_DEFAULT=1 +cpan local::lib cpan Test::YAML make %{?_smp_mflags} test @@ -84,6 +85,9 @@ make %{?_smp_mflags} test %{_mandir}/man3/YAML::Types.3* %changelog +* Fri Nov 13 2020 Pawel Winogrodzki - 1.26-4 +- Adding 'local::lib' perl5 library to fix test dependencies. + * Sat May 09 00:21:35 PST 2020 Nick Samson - 1.26-3 - Added %%license line automatically diff --git a/SPECS/wget/wget.spec b/SPECS/wget/wget.spec index 423af80818b..ee6f0a65c79 100644 --- a/SPECS/wget/wget.spec +++ b/SPECS/wget/wget.spec @@ -1,7 +1,7 @@ Summary: A network utility to retrieve files from the Web Name: wget Version: 1.20.3 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv3+ URL: https://www.gnu.org/software/wget/wget.html Group: System Environment/NetworkingPrograms @@ -49,6 +49,7 @@ rm -rf %{buildroot}/%{_infodir} %check export PERL_MM_USE_DEFAULT=1 +cpan local::lib cpan HTTP::Daemon make %{?_smp_mflags} check @@ -62,6 +63,9 @@ rm -rf %{buildroot}/* %{_mandir}/man1/* %changelog +* Fri Nov 13 2020 Pawel Winogrodzki - 1.20.3-3 +- Adding 'local::lib' perl5 library to fix test dependencies. + * Wed Oct 07 2020 Pawel Winogrodzki 1.20.3-2 - Updating certificate bundle path to include full set of trust information. * Mon Jun 08 2020 Joe Schmitt 1.20.3-1 diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index e4d87257dbf..8b149be6b91 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -378,8 +378,8 @@ util-linux-devel-2.32.1-3.cm1.aarch64.rpm util-linux-lang-2.32.1-3.cm1.aarch64.rpm util-linux-libs-2.32.1-3.cm1.aarch64.rpm veritysetup-2.3.3-2.cm1.aarch64.rpm -wget-1.20.3-2.cm1.aarch64.rpm -wget-debuginfo-1.20.3-2.cm1.aarch64.rpm +wget-1.20.3-3.cm1.aarch64.rpm +wget-debuginfo-1.20.3-3.cm1.aarch64.rpm which-2.21-7.cm1.aarch64.rpm which-debuginfo-2.21-7.cm1.aarch64.rpm xz-5.2.4-3.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index a5746b7374c..ff64ec3f30a 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -378,8 +378,8 @@ util-linux-devel-2.32.1-3.cm1.x86_64.rpm util-linux-lang-2.32.1-3.cm1.x86_64.rpm util-linux-libs-2.32.1-3.cm1.x86_64.rpm veritysetup-2.3.3-2.cm1.x86_64.rpm -wget-1.20.3-2.cm1.x86_64.rpm -wget-debuginfo-1.20.3-2.cm1.x86_64.rpm +wget-1.20.3-3.cm1.x86_64.rpm +wget-debuginfo-1.20.3-3.cm1.x86_64.rpm which-2.21-7.cm1.x86_64.rpm which-debuginfo-2.21-7.cm1.x86_64.rpm xz-5.2.4-3.cm1.x86_64.rpm From ea706b71aa918e771ea8779af5c3691e5102e97d Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com> Date: Mon, 16 Nov 2020 15:21:50 -0800 Subject: [PATCH 125/145] Fix systemd CVE-2019-6454 and CVE-2020-1712 patches (#374) * Fix CVE-2019-6454 patch * Update toolchain txt files * Fix CVE-2020-1712 patch * Update upstream patch info for CVE's 2019-6454/2020-1712 * Fix async_polkit_callback patch --- SPECS/systemd/CVE-2019-6454.patch | 74 ++++- SPECS/systemd/CVE-2020-1712.patch | 267 +++++++++++++++--- SPECS/systemd/systemd-bootstrap.spec | 8 +- SPECS/systemd/systemd.spec | 8 +- .../manifests/package/toolchain_aarch64.txt | 14 +- .../manifests/package/toolchain_x86_64.txt | 14 +- 6 files changed, 316 insertions(+), 69 deletions(-) diff --git a/SPECS/systemd/CVE-2019-6454.patch b/SPECS/systemd/CVE-2019-6454.patch index e98dd653c49..e1bb0252532 100644 --- a/SPECS/systemd/CVE-2019-6454.patch +++ b/SPECS/systemd/CVE-2019-6454.patch @@ -1,3 +1,7 @@ +Adapted from upstream systemd patches: +* sd-bus: if we receive an invalid dbus message, ignore and proceeed (https://github.com/systemd/systemd/commit/6d586a13717ae057aa1b4127400c3de61cd5b9e7) +* Allocate temporary strings to hold dbus paths on the heap (https://github.com/systemd/systemd/commit/f519a19bcd5afe674a9b8fc462cd77d8bad403c1) + --- a/src/libsystemd/sd-bus/bus-internal.c +++ b/src/libsystemd/sd-bus/bus-internal.c @@ -45,7 +45,7 @@ @@ -45,7 +49,7 @@ + prefix = new(char, pl + 1); + if (!prefix) + return -ENOMEM; -+ ++ OBJECT_PATH_FOREACH_PREFIX(prefix, path) { r = object_manager_serialize_path(bus, reply, prefix, path, true, error); if (r < 0) @@ -89,10 +93,11 @@ OBJECT_PATH_FOREACH_PREFIX(prefix, path) { n = hashmap_get(bus->nodes, prefix); if (n) -@@ -2091,8 +2106,9 @@ +@@ -2090,9 +2105,9 @@ + const char *interface, char **names) { - BUS_DONT_DESTROY(bus); +- BUS_DONT_DESTROY(bus); + _cleanup_free_ char *prefix = NULL; bool found_interface = false; - char *prefix; @@ -100,11 +105,13 @@ int r; assert_return(bus, -EINVAL); -@@ -2110,6 +2126,12 @@ +@@ -2110,6 +2125,14 @@ included in the PropertiesChanged message. */ if (names && names[0] == NULL) return 0; + ++ BUS_DONT_DESTROY(bus); ++ + pl = strlen(path); + assert(pl <= BUS_PATH_SIZE_MAX); + prefix = new(char, pl + 1); @@ -113,6 +120,14 @@ do { bus->nodes_modified = false; +@@ -2120,7 +2143,6 @@ + if (bus->nodes_modified) + continue; + +- prefix = alloca(strlen(path) + 1); + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + r = emit_properties_changed_on_interface(bus, prefix, path, interface, true, &found_interface, names); + if (r != 0) @@ -2252,7 +2274,8 @@ static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *path) { @@ -123,17 +138,18 @@ int r; assert(bus); -@@ -2297,7 +2320,12 @@ +@@ -2296,8 +2319,13 @@ + return r; if (bus->nodes_modified) return 0; - -- prefix = alloca(strlen(path) + 1); ++ + pl = strlen(path); + assert(pl <= BUS_PATH_SIZE_MAX); + prefix = new(char, pl + 1); + if (!prefix) + return -ENOMEM; -+ + +- prefix = alloca(strlen(path) + 1); OBJECT_PATH_FOREACH_PREFIX(prefix, path) { r = object_added_append_all_prefix(bus, m, s, prefix, path, true); if (r < 0) @@ -147,17 +163,18 @@ int r; assert(bus); -@@ -2468,7 +2497,12 @@ +@@ -2467,8 +2496,13 @@ + return r; if (bus->nodes_modified) return 0; - -- prefix = alloca(strlen(path) + 1); ++ + pl = strlen(path); + assert(pl <= BUS_PATH_SIZE_MAX); + prefix = new(char, pl + 1); + if (!prefix) + return -ENOMEM; -+ + +- prefix = alloca(strlen(path) + 1); OBJECT_PATH_FOREACH_PREFIX(prefix, path) { r = object_removed_append_all_prefix(bus, m, s, prefix, path, true); if (r < 0) @@ -185,3 +202,36 @@ OBJECT_PATH_FOREACH_PREFIX(prefix, path) { r = interfaces_added_append_one_prefix(bus, m, prefix, path, interface, true); if (r != 0) + +--- a/src/libsystemd/sd-bus/bus-socket.c ++++ b/src/libsystemd/sd-bus/bus-socket.c +@@ -1081,7 +1081,7 @@ + } + + static int bus_socket_make_message(sd_bus *bus, size_t size) { +- sd_bus_message *t; ++ sd_bus_message *t = NULL; + void *b; + int r; + +@@ -1106,7 +1106,9 @@ + bus->fds, bus->n_fds, + NULL, + &t); +- if (r < 0) { ++ if (r == -EBADMSG) ++ log_debug_errno(r, "Received invalid message from connection %s, dropping.", strna(bus->description)); ++ else if (r < 0) { + free(b); + return r; + } +@@ -1117,7 +1119,8 @@ + bus->fds = NULL; + bus->n_fds = 0; + +- bus->rqueue[bus->rqueue_size++] = t; ++ if (t) ++ bus->rqueue[bus->rqueue_size++] = t; + + return 1; + } diff --git a/SPECS/systemd/CVE-2020-1712.patch b/SPECS/systemd/CVE-2020-1712.patch index 15eab5437d8..6395890492d 100644 --- a/SPECS/systemd/CVE-2020-1712.patch +++ b/SPECS/systemd/CVE-2020-1712.patch @@ -1,3 +1,112 @@ +Adapted from systemd upstream patch: https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2 + +Changes for Mariner: +* Add two kinds of references to bus messages (https://github.com/systemd/systemd/commit/1b3f9dd759ca0ea215e7b89f8ce66d1b724497b9) +* Use queue message references for managing r/w message queues in connection objects (https://github.com/systemd/systemd/commit/c1757a70eac0382c4837a3833d683919f6a48ed7) + +--- a/man/rules/meson.build ++++ b/man/rules/meson.build +@@ -168,6 +168,7 @@ + 'sd_bus_open_system_remote', + 'sd_bus_open_user'], + ''], ++['sd_bus_enqueue_for_read', '3', [], ''], + ['sd_bus_error', + '3', + ['SD_BUS_ERROR_MAKE_CONST', + +--- a/man/sd_bus_enqueue_for_read.xml ++++ b/man/sd_bus_enqueue_for_read.xml +@@ -0,0 +1,88 @@ ++ ++ ++ ++ ++ ++ ++ ++ sd_bus_enqueue_for_read ++ systemd ++ ++ ++ ++ sd_bus_enqueue_for_read ++ 3 ++ ++ ++ ++ sd_bus_enqueue_for_read ++ ++ Re-enqueue a bus message on a bus connection, for reading. ++ ++ ++ ++ ++ #include <systemd/sd-bus.h> ++ ++ ++ int sd_bus_enqueue_for_read ++ sd_bus *bus ++ sd_bus_message *message ++ ++ ++ ++ ++ ++ ++ Description ++ ++ sd_bus_enqueue_for_read() may be used to re-enqueue an incoming bus message on ++ the local read queue, so that it is processed and dispatched locally again, similar to how an incoming ++ message from the peer is processed. Takes a bus connection object and the message to enqueue. A reference ++ is taken of the message and the caller's reference thus remains in possession of the caller. The message ++ is enqueued at the end of the queue, thus will be dispatched after all other already queued messages are ++ dispatched. ++ ++ This call is primarily useful for dealing with incoming method calls that may be processed only ++ after an additional asynchronous operation completes. One example are PolicyKit authorization requests ++ that are determined to be necessary to autorize a newly incoming method call: when the PolicyKit response ++ is received the original method call may be re-enqueued to process it again, this time with the ++ authorization result known. ++ ++ ++ ++ Return Value ++ ++ On success, this function return 0 or a positive integer. On failure, it returns a negative errno-style ++ error code. ++ ++ ++ Errors ++ ++ Returned errors may indicate the following problems: ++ ++ ++ ++ -ECHILD ++ ++ The bus connection has been created in a different process. ++ ++ ++ ++ ++ ++ ++ ++ ++ See Also ++ ++ ++ systemd1, ++ sd-bus3, ++ sd_bus_send3, ++ ++ ++ ++ + --- a/src/shared/bus-util.c +++ b/src/shared/bus-util.c @@ -319,10 +319,9 @@ @@ -38,13 +147,13 @@ @@ -349,19 +361,44 @@ assert(reply); assert(q); - + + assert(q->slot); q->slot = sd_bus_slot_unref(q->slot); + + assert(!q->reply); q->reply = sd_bus_message_ref(reply); - + + /* Now, let's dispatch the original message a second time be re-enqueing. This will then traverse the + * whole message processing again, and thus re-validating and re-retrieving the "userdata" field + * again. @@ -75,7 +184,7 @@ - r = bus_maybe_reply_error(q->request, r, &error_buffer); + if (r < 0) + goto fail; - + -finish: + r = sd_bus_enqueue_for_read(sd_bus_message_get_bus(q->request), q->request); + if (r < 0) @@ -86,7 +195,7 @@ + log_debug_errno(r, "Processing asynchronous PolicyKit reply failed, ignoring: %m"); + (void) sd_bus_reply_method_errno(q->request, r, NULL); async_polkit_query_free(q); - + return r; @@ -382,11 +419,12 @@ #if ENABLE_POLKIT @@ -181,7 +290,35 @@ memmove(bus->wqueue, bus->wqueue + 1, sizeof(sd_bus_message*) * bus->wqueue_size); bus->windex = 0; -@@ -1838,7 +1838,7 @@ +@@ -1745,6 +1745,15 @@ + return 0; + } + ++static void rqueue_drop_one(sd_bus *bus, size_t i) { ++ assert(bus); ++ assert(i < bus->rqueue_size); ++ ++ bus_message_unref_queued(bus->rqueue[i], bus); ++ memmove(bus->rqueue + i, bus->rqueue + i + 1, sizeof(sd_bus_message*) * (bus->rqueue_size - i - 1)); ++ bus->rqueue_size--; ++} ++ + static int dispatch_rqueue(sd_bus *bus, bool hint_priority, int64_t priority, sd_bus_message **m) { + int r, ret = 0; + +@@ -1760,9 +1769,8 @@ + if (bus->rqueue_size > 0) { + /* Dispatch a queued message */ + +- *m = bus->rqueue[0]; +- bus->rqueue_size--; +- memmove(bus->rqueue, bus->rqueue + 1, sizeof(sd_bus_message*) * bus->rqueue_size); ++ *m = sd_bus_message_ref(bus->rqueue[0]); ++ rqueue_drop_one(bus, 0); + return 1; + } + +@@ -1838,7 +1846,7 @@ * of the wqueue array is always allocated so * that we always can remember how much was * written. */ @@ -190,7 +327,7 @@ bus->wqueue_size = 1; bus->windex = idx; } -@@ -1852,7 +1852,7 @@ +@@ -1852,7 +1860,7 @@ if (!GREEDY_REALLOC(bus->wqueue, bus->wqueue_allocated, bus->wqueue_size + 1)) return -ENOMEM; @@ -199,24 +336,69 @@ } finish: -@@ -2084,7 +2084,7 @@ +@@ -2078,36 +2086,29 @@ + usec_t left; + + while (i < bus->rqueue_size) { +- sd_bus_message *incoming = NULL; ++ _cleanup_(sd_bus_message_unrefp) sd_bus_message *incoming = NULL; + +- incoming = bus->rqueue[i]; ++ incoming = sd_bus_message_ref(bus->rqueue[i]); if (incoming->reply_cookie == cookie) { /* Found a match! */ -- -+ bus_message_unref_queued(bus->rqueue[i], bus); - memmove(bus->rqueue + i, bus->rqueue + i + 1, sizeof(sd_bus_message*) * (bus->rqueue_size - i - 1)); - bus->rqueue_size--; + +- memmove(bus->rqueue + i, bus->rqueue + i + 1, sizeof(sd_bus_message*) * (bus->rqueue_size - i - 1)); +- bus->rqueue_size--; ++ rqueue_drop_one(bus, i); log_debug_bus_message(incoming); -@@ -2118,6 +2118,7 @@ + + if (incoming->header->type == SD_BUS_MESSAGE_METHOD_RETURN) { + + if (incoming->n_fds <= 0 || bus->accept_fd) { + if (reply) +- *reply = incoming; +- else +- sd_bus_message_unref(incoming); ++ *reply = TAKE_PTR(incoming); + + return 1; + } + +- r = sd_bus_error_setf(error, SD_BUS_ERROR_INCONSISTENT_MESSAGE, "Reply message contained file descriptors which I couldn't accept. Sorry."); +- sd_bus_message_unref(incoming); +- return r; ++ return sd_bus_error_setf(error, SD_BUS_ERROR_INCONSISTENT_MESSAGE, "Reply message contained file descriptors which I couldn't accept. Sorry."); + + } else if (incoming->header->type == SD_BUS_MESSAGE_METHOD_ERROR) { +- r = sd_bus_error_copy(error, &incoming->error); +- sd_bus_message_unref(incoming); +- return r; ++ return sd_bus_error_copy(error, &incoming->error); + } else { + r = -EIO; + goto fail; +@@ -2118,15 +2119,11 @@ incoming->sender && streq(bus->unique_name, incoming->sender)) { -+ bus_message_unref_queued(bus->rqueue[i], bus); - memmove(bus->rqueue + i, bus->rqueue + i + 1, sizeof(sd_bus_message*) * (bus->rqueue_size - i - 1)); - bus->rqueue_size--; - -@@ -4075,3 +4076,27 @@ +- memmove(bus->rqueue + i, bus->rqueue + i + 1, sizeof(sd_bus_message*) * (bus->rqueue_size - i - 1)); +- bus->rqueue_size--; ++ rqueue_drop_one(bus, i); + +- /* Our own message? Somebody is trying +- * to send its own client a message, +- * let's not dead-lock, let's fail +- * immediately. */ ++ /* Our own message? Somebody is trying to send its own client a message, ++ * let's not dead-lock, let's fail immediately. */ + +- sd_bus_message_unref(incoming); + r = -ELOOP; + goto fail; + } +@@ -4075,3 +4072,27 @@ *ret = bus->wqueue_size; return 0; } @@ -234,8 +416,8 @@ + return -ENOTCONN; + + /* Re-enqueue a message for reading. This is primarily useful for PolicyKit-style authentication, -+ * where we want accept a message, then determine we need to interactively authenticate the user, and then -+ * when we want to process the message again. */ ++ * where we accept a message, then determine we need to interactively authenticate the user, and then ++ * we want to process the message again. */ + + r = bus_rqueue_make_room(bus); + if (r < 0) @@ -258,21 +440,26 @@ --- a/src/libsystemd/sd-bus/bus-message.c +++ b/src/libsystemd/sd-bus/bus-message.c -@@ -876,28 +876,78 @@ - return 0; - } +@@ -101,7 +101,8 @@ --_public_ sd_bus_message* sd_bus_message_ref(sd_bus_message *m) { + message_reset_parts(m); + +- sd_bus_unref(m->bus); ++ /* Note that we don't unref m->bus here. That's already done by sd_bus_message_unref() as each user ++ * reference to the bus message also is considered a reference to the bus connection itself. */ + + if (m->free_fds) { + close_many(m->fds, m->n_fds); +@@ -880,10 +881,15 @@ -+_public_ sd_bus_message* sd_bus_message_ref(sd_bus_message *m) { if (!m) return NULL; - -- assert(m->n_ref > 0); ++ + /* We are fine if this message so far was either explicitly reffed or not reffed but queued into at + * least one bus connection object. */ + assert(m->n_ref > 0 || m->n_queued > 0); -+ + +- assert(m->n_ref > 0); m->n_ref++; + /* Each user reference to a bus message shall also be considered a ref on the bus */ @@ -280,9 +467,7 @@ return m; } - _public_ sd_bus_message* sd_bus_message_unref(sd_bus_message *m) { -- - if (!m) +@@ -893,10 +899,56 @@ return NULL; assert(m->n_ref > 0); @@ -296,8 +481,8 @@ - if (m->n_ref > 0) + if (m->n_ref > 0 || m->n_queued > 0) -+ return NULL; -+ + return NULL; ++ + /* Unset the bus field if neither the user has a reference nor this message is queued. We are careful + * to reset the field only after the last reference to the bus is dropped, after all we might keep + * multiple references to the bus, once for each reference kept on ourselves. */ @@ -334,10 +519,10 @@ + m->n_queued--; + + if (m->n_ref > 0 || m->n_queued > 0) - return NULL; - -+ m->bus = NULL; ++ return NULL; + ++ m->bus = NULL; + return message_free(m); } @@ -368,16 +553,20 @@ + +sd_bus_message* bus_message_ref_queued(sd_bus_message *m, sd_bus *bus); +sd_bus_message* bus_message_unref_queued(sd_bus_message *m, sd_bus *bus); -\ No newline at end of file + --- a/src/libsystemd/sd-bus/bus-socket.c +++ b/src/libsystemd/sd-bus/bus-socket.c -@@ -1117,7 +1117,7 @@ +@@ -1119,8 +1119,10 @@ bus->fds = NULL; bus->n_fds = 0; -- bus->rqueue[bus->rqueue_size++] = t; -+ bus->rqueue[bus->rqueue_size++] = bus_message_ref_queued(t, bus); +- if (t) +- bus->rqueue[bus->rqueue_size++] = t; ++ if (t) { ++ bus->rqueue[bus->rqueue_size++] = bus_message_ref_queued(t, bus); ++ sd_bus_message_unref(t); ++ } return 1; } diff --git a/SPECS/systemd/systemd-bootstrap.spec b/SPECS/systemd/systemd-bootstrap.spec index 528362f3108..7db44bf16f7 100644 --- a/SPECS/systemd/systemd-bootstrap.spec +++ b/SPECS/systemd/systemd-bootstrap.spec @@ -1,7 +1,7 @@ Summary: Bootstrap version of systemd. Workaround for systemd circular dependency. Name: systemd-bootstrap Version: 239 -Release: 30%{?dist} +Release: 31%{?dist} License: LGPLv2+ AND GPLv2+ AND MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -244,6 +244,10 @@ rm -rf %{buildroot}/* %{_mandir}/man3/* %changelog +* Fri Nov 13 2020 Nicolas Ontiveros - 239-31 +- Fix CVE-2019-6454 patch. Add upstream patch info. +- Fix CVE-2020-1712 patch. Add upstream patch info. + * Thu Oct 22 2020 Nicolas Ontiveros - 239-30 - Use autosetup - Fix CVE-2019-3842 @@ -267,7 +271,7 @@ rm -rf %{buildroot}/* * Wed May 20 2020 Joe Schmitt 239-26 - Remove 99-vmware-hotplug.rules. -* Sat May 09 00:20:49 PST 2020 Nick Samson - 239-25 +* Sat May 09 2020 Nick Samson - 239-25 - Added %%license line automatically * Wed May 06 2020 Emre Girgin 239-24 diff --git a/SPECS/systemd/systemd.spec b/SPECS/systemd/systemd.spec index 31c4b4a9fcf..2ca346be0f6 100644 --- a/SPECS/systemd/systemd.spec +++ b/SPECS/systemd/systemd.spec @@ -1,7 +1,7 @@ Summary: Systemd-239 Name: systemd Version: 239 -Release: 33%{?dist} +Release: 34%{?dist} License: LGPLv2+ AND GPLv2+ AND MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -267,6 +267,10 @@ rm -rf %{buildroot}/* %files lang -f %{name}.lang %changelog +* Fri Nov 13 2020 Nicolas Ontiveros - 239-34 +- Fix CVE-2019-6454 patch. Add upstream patch info. +- Fix CVE-2020-1712 patch. Add upstream patch info. + * Thu Oct 22 2020 Nicolas Ontiveros - 239-33 - Use autosetup - Fix CVE-2019-3842 @@ -298,7 +302,7 @@ rm -rf %{buildroot}/* * Wed May 20 2020 Joe Schmitt 239-26 - Remove 99-vmware-hotplug.rules. -* Sat May 09 00:20:49 PST 2020 Nick Samson - 239-25 +* Sat May 09 2020 Nick Samson - 239-25 - Added %%license line automatically * Wed May 06 2020 Emre Girgin 239-24 diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 8b149be6b91..361d46ec053 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -353,13 +353,13 @@ sqlite-devel-3.32.3-2.cm1.aarch64.rpm sqlite-libs-3.32.3-2.cm1.aarch64.rpm swig-3.0.12-4.cm1.aarch64.rpm swig-debuginfo-3.0.12-4.cm1.aarch64.rpm -systemd-239-33.cm1.aarch64.rpm -systemd-bootstrap-239-30.cm1.aarch64.rpm -systemd-bootstrap-debuginfo-239-30.cm1.aarch64.rpm -systemd-bootstrap-devel-239-30.cm1.aarch64.rpm -systemd-debuginfo-239-33.cm1.aarch64.rpm -systemd-devel-239-33.cm1.aarch64.rpm -systemd-lang-239-33.cm1.aarch64.rpm +systemd-239-34.cm1.aarch64.rpm +systemd-bootstrap-239-31.cm1.aarch64.rpm +systemd-bootstrap-debuginfo-239-31.cm1.aarch64.rpm +systemd-bootstrap-devel-239-31.cm1.aarch64.rpm +systemd-debuginfo-239-34.cm1.aarch64.rpm +systemd-devel-239-34.cm1.aarch64.rpm +systemd-lang-239-34.cm1.aarch64.rpm tar-1.32-2.cm1.aarch64.rpm tar-debuginfo-1.32-2.cm1.aarch64.rpm tdnf-2.1.0-4.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index ff64ec3f30a..950e60a6fe8 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -353,13 +353,13 @@ sqlite-devel-3.32.3-2.cm1.x86_64.rpm sqlite-libs-3.32.3-2.cm1.x86_64.rpm swig-3.0.12-4.cm1.x86_64.rpm swig-debuginfo-3.0.12-4.cm1.x86_64.rpm -systemd-239-33.cm1.x86_64.rpm -systemd-bootstrap-239-30.cm1.x86_64.rpm -systemd-bootstrap-debuginfo-239-30.cm1.x86_64.rpm -systemd-bootstrap-devel-239-30.cm1.x86_64.rpm -systemd-debuginfo-239-33.cm1.x86_64.rpm -systemd-devel-239-33.cm1.x86_64.rpm -systemd-lang-239-33.cm1.x86_64.rpm +systemd-239-34.cm1.x86_64.rpm +systemd-bootstrap-239-31.cm1.x86_64.rpm +systemd-bootstrap-debuginfo-239-31.cm1.x86_64.rpm +systemd-bootstrap-devel-239-31.cm1.x86_64.rpm +systemd-debuginfo-239-34.cm1.x86_64.rpm +systemd-devel-239-34.cm1.x86_64.rpm +systemd-lang-239-34.cm1.x86_64.rpm tar-1.32-2.cm1.x86_64.rpm tar-debuginfo-1.32-2.cm1.x86_64.rpm tdnf-2.1.0-4.cm1.x86_64.rpm From 00770b7334f94de9ba9007850d38b556ef8d4cab Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Mon, 16 Nov 2020 18:49:55 -0800 Subject: [PATCH 126/145] Patch CVE-2020-8037 in tcpdump (#383) Co-authored-by: Pawel Winogrodzki --- SPECS/tcpdump/CVE-2020-8037.patch | 63 +++++++++++++++++++ SPECS/tcpdump/tcpdump.spec | 101 +++++++++++++++++------------- 2 files changed, 121 insertions(+), 43 deletions(-) create mode 100644 SPECS/tcpdump/CVE-2020-8037.patch diff --git a/SPECS/tcpdump/CVE-2020-8037.patch b/SPECS/tcpdump/CVE-2020-8037.patch new file mode 100644 index 00000000000..2852845eb74 --- /dev/null +++ b/SPECS/tcpdump/CVE-2020-8037.patch @@ -0,0 +1,63 @@ +From 32027e199368dad9508965aae8cd8de5b6ab5231 Mon Sep 17 00:00:00 2001 +From: Guy Harris +Date: Sat, 18 Apr 2020 14:04:59 -0700 +Subject: [PATCH] PPP: When un-escaping, don't allocate a too-large buffer. + +The buffer should be big enough to hold the captured data, but it +doesn't need to be big enough to hold the entire on-the-network packet, +if we haven't captured all of it. + +(backported from commit e4add0b010ed6f2180dcb05a13026242ed935334) +--- + print-ppp.c | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/print-ppp.c b/print-ppp.c +index 891761728..33fb03412 100644 +--- a/print-ppp.c ++++ b/print-ppp.c +@@ -1367,19 +1367,29 @@ print_bacp_config_options(netdissect_options *ndo, + return 0; + } + ++/* ++ * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes. ++ * The length argument is the on-the-wire length, not the captured ++ * length; we can only un-escape the captured part. ++ */ + static void + ppp_hdlc(netdissect_options *ndo, + const u_char *p, int length) + { ++ u_int caplen = ndo->ndo_snapend - p; + u_char *b, *t, c; + const u_char *s; +- int i, proto; ++ u_int i; ++ int proto; + const void *se; + ++ if (caplen == 0) ++ return; ++ + if (length <= 0) + return; + +- b = (u_char *)malloc(length); ++ b = (u_char *)malloc(caplen); + if (b == NULL) + return; + +@@ -1388,10 +1398,10 @@ ppp_hdlc(netdissect_options *ndo, + * Do this so that we dont overwrite the original packet + * contents. + */ +- for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) { ++ for (s = p, t = b, i = caplen; i != 0; i--) { + c = *s++; + if (c == 0x7d) { +- if (i <= 1 || !ND_TTEST(*s)) ++ if (i <= 1) + break; + i--; + c = *s++ ^ 0x20; diff --git a/SPECS/tcpdump/tcpdump.spec b/SPECS/tcpdump/tcpdump.spec index df3210db52b..15082341742 100644 --- a/SPECS/tcpdump/tcpdump.spec +++ b/SPECS/tcpdump/tcpdump.spec @@ -1,13 +1,14 @@ Summary: Packet Analyzer Name: tcpdump Version: 4.9.3 -Release: 2%{?dist} +Release: 3%{?dist} License: BSD -URL: https://www.tcpdump.org -Source0: https://www.tcpdump.org/release/%{name}-%{version}.tar.gz -Group: Networking Vendor: Microsoft Corporation Distribution: Mariner +Group: Networking +URL: https://www.tcpdump.org +Source0: https://www.tcpdump.org/release/%{name}-%{version}.tar.gz +Patch0: CVE-2020-8037.patch BuildRequires: libpcap-devel Requires: libpcap @@ -17,7 +18,7 @@ It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. %prep -%setup -q +%autosetup -p1 %build %configure @@ -25,7 +26,7 @@ make %{?_smp_mflags} %install make DESTDIR=%{buildroot} install -find %{buildroot} -name '*.la' -delete +find %{buildroot} -type f -name "*.la" -delete -print %check make %{?_smp_mflags} check @@ -37,43 +38,57 @@ make %{?_smp_mflags} check %{_mandir}/man1/* %changelog +* Fri Nov 13 2020 Thomas Crain - 4.9.3-3 +- Patch CVE-2020-8037 +- Lint to Mariner style + * Sat May 09 00:21:40 PST 2020 Nick Samson - 4.9.3-2 - Added %%license line automatically -* Tue Apr 21 2020 Emre Girgin 4.9.3-1 -- Upgrade to 4.9.3 to resolve 28 CVEs. -- Fixed CVE-2020-10103. -- Fixed CVE-2020-10105. -- Update Source0 and URL. -- License verified. -* Tue Sep 03 2019 Mateusz Malisz 4.9.2-3 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Thu Mar 14 2019 Michelle Wang 4.9.2-2 -- Add patch CVE-2018-19519 -* Fri Sep 15 2017 Dheeraj Shetty 4.9.2-1 -- Updating version to 4.9.2 -* Thu Sep 07 2017 Dheeraj Shetty 4.9.1-2 -- Fix for CVE-2017-11541 CVE-2017-11542 and CVE-2017-11543 -* Thu Aug 03 2017 Dheeraj Shetty 4.9.1-1 -- Updating version to 4.9.1 -* Thu Feb 02 2017 Dheeraj Shetty 4.9.0-1 -- Adding latest version to handle following CVEsue Oct 04 2016 ChangLee 4.7.4-3 -- Modified %check -* Tue May 24 2016 Priyesh Padmavilasom 4.7.4-2 -- GA - Bump release of all rpms -* Wed Jan 20 2016 Anish Swaminathan 4.7.4-1 -- Upgrade version. -* Mon Apr 6 2015 Mahmoud Bassiouny 4.7.3-1 -- Updating version to 4.7.3 +* Tue Apr 21 2020 Emre Girgin - 4.9.3-1 +- Upgrade to 4.9.3 to resolve 28 CVEs. +- Fixed CVE-2020-10103. +- Fixed CVE-2020-10105. +- Update Source0 and URL. +- License verified. + +* Tue Sep 03 2019 Mateusz Malisz - 4.9.2-3 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Thu Mar 14 2019 Michelle Wang - 4.9.2-2 +- Add patch CVE-2018-19519 + +* Fri Sep 15 2017 Dheeraj Shetty - 4.9.2-1 +- Updating version to 4.9.2 + +* Thu Sep 07 2017 Dheeraj Shetty - 4.9.1-2 +- Fix for CVE-2017-11541 CVE-2017-11542 and CVE-2017-11543 + +* Thu Aug 03 2017 Dheeraj Shetty - 4.9.1-1 +- Updating version to 4.9.1 + +* Thu Feb 02 2017 Dheeraj Shetty - 4.9.0-1 +- Adding latest version to handle following CVEsue Oct 04 2016 ChangLee - 4.7.4-3 +- Modified %check + +* Tue May 24 2016 Priyesh Padmavilasom - 4.7.4-2 +- GA - Bump release of all rpms + +* Wed Jan 20 2016 Anish Swaminathan - 4.7.4-1 +- Upgrade version. + +* Mon Apr 6 2015 Mahmoud Bassiouny - 4.7.3-1 +- Updating version to 4.7.3 From 450c329ab020212974383d077293a24dc3911d12 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Mon, 16 Nov 2020 20:27:54 -0800 Subject: [PATCH 127/145] Installing `ca-certificates` package for ptest builds. (#389) --- toolkit/tools/pkgworker/pkgworker.go | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/toolkit/tools/pkgworker/pkgworker.go b/toolkit/tools/pkgworker/pkgworker.go index c7a33322c62..5e45d833bae 100644 --- a/toolkit/tools/pkgworker/pkgworker.go +++ b/toolkit/tools/pkgworker/pkgworker.go @@ -175,7 +175,7 @@ func buildRPMFromSRPMInChroot(srpmFile string, runCheck bool, defines map[string } // Query and install the build requirements for this SRPM - err = installBuildRequires(defines) + err = installBuildRequires(defines, runCheck) if err != nil { return } @@ -236,10 +236,11 @@ func moveBuiltRPMs(rpmOutDir, dstDir string) (builtRPMs []string, err error) { return } -func installBuildRequires(defines map[string]string) (err error) { +func installBuildRequires(defines map[string]string, runCheck bool) (err error) { // Query the BuildRequires fields from this spec and turn them into an array of PackageVersions const ( emptyQueryFormat = "" + caCertificatesPackage = "ca-certificates" unresolvedOutputPrefix = "No package" unresolvedOutputPostfix = "available" alreadyInstalledPostfix = "is already installed." @@ -264,7 +265,12 @@ func installBuildRequires(defines map[string]string) (err error) { return } - if len(buildRequires) > 0 { + if runCheck || len(buildRequires) > 0 { + var ( + stderr string + stdout string + ) + defaultArgs := []string{"install", "-y"} installArgs := make([]string, 0, len(buildRequires)+len(defaultArgs)) @@ -282,10 +288,11 @@ func installBuildRequires(defines map[string]string) (err error) { installArgs = append(installArgs, strings.TrimSpace(buildReq)) } - var ( - stderr string - stdout string - ) + if runCheck { + logger.Log.Warn("Adding the 'ca-certificates' package - needed for package tests (make argument 'RUN_CHECK' set to 'y').") + + installArgs = append(installArgs, caCertificatesPackage) + } stdout, stderr, err = shell.Execute("tdnf", installArgs...) if err != nil { From 513170d593aa4be57d20fa0546df798f57147206 Mon Sep 17 00:00:00 2001 From: nicolas guibourge Date: Tue, 17 Nov 2020 08:38:40 -0800 Subject: [PATCH 128/145] Change name of CVE-2019-16275 patch (#390) * Change name of CVE-2019-16275 patch * lint the .spec file --- ...unexpected-.patch => CVE-2019-16275.patch} | 0 SPECS/wpa_supplicant/wpa_supplicant.spec | 60 +++++++++++-------- 2 files changed, 34 insertions(+), 26 deletions(-) rename SPECS/wpa_supplicant/{0001-AP-Silently-ignore-management-frame-from-unexpected-.patch => CVE-2019-16275.patch} (100%) diff --git a/SPECS/wpa_supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch b/SPECS/wpa_supplicant/CVE-2019-16275.patch similarity index 100% rename from SPECS/wpa_supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch rename to SPECS/wpa_supplicant/CVE-2019-16275.patch diff --git a/SPECS/wpa_supplicant/wpa_supplicant.spec b/SPECS/wpa_supplicant/wpa_supplicant.spec index f25b656276c..8ecae1c1f95 100644 --- a/SPECS/wpa_supplicant/wpa_supplicant.spec +++ b/SPECS/wpa_supplicant/wpa_supplicant.spec @@ -1,19 +1,18 @@ -Summary: WPA client -Name: wpa_supplicant -Version: 2.9 -Release: 1%{?dist} -License: BSD -URL: https://w1.fi -Group: Applications/Communications -Vendor: Microsoft Corporation -Distribution: Mariner -Source0: https://w1.fi/releases/%{name}-%{version}.tar.gz -BuildRequires: libnl3-devel openssl-devel -Requires: libnl3 -Requires: openssl - -# This patch fixes CVE-2019-16275 -Patch0: 0001-AP-Silently-ignore-management-frame-from-unexpected-.patch +Summary: WPA client +Name: wpa_supplicant +Version: 2.9 +Release: 2%{?dist} +License: BSD +Vendor: Microsoft Corporation +Distribution: Mariner +Group: Applications/Communications +URL: https://w1.fi +Source0: https://w1.fi/releases/%{name}-%{version}.tar.gz +Patch0: CVE-2019-16275.patch +BuildRequires: libnl3-devel +BuildRequires: openssl-devel +Requires: libnl3 +Requires: openssl %description WPA Supplicant is a Wi-Fi Protected Access (WPA) client and IEEE 802.1X supplicant @@ -56,31 +55,31 @@ make BINDIR=%{_sbindir} LIBDIR=%{_libdir} %{?_smp_mflags} mkdir -p %{buildroot}%{_sbindir} mkdir -p %{buildroot}%{_mandir}/man5 mkdir -p %{buildroot}%{_mandir}/man8 -mkdir -p %{buildroot}/usr/lib/systemd/system -mkdir -p %{buildroot}/etc/wpa_supplicant +mkdir -p %{buildroot}%{_lib}/systemd/system +mkdir -p %{buildroot}%{_sysconfdir}/wpa_supplicant cd wpa_supplicant install -v -m755 wpa_{cli,passphrase,supplicant} %{buildroot}%{_sbindir}/ install -v -m644 doc/docbook/wpa_supplicant.conf.5 %{buildroot}%{_mandir}/man5/ install -v -m644 doc/docbook/wpa_{cli,passphrase,supplicant}.8 %{buildroot}%{_mandir}/man8/ -cat > %{buildroot}/usr/lib/systemd/system/wpa_supplicant@.service << "EOF" +cat > %{buildroot}%{_lib}/systemd/system/wpa_supplicant@.service << "EOF" [Unit] -Description=WPA supplicant (%I) -BindsTo=sys-subsystem-net-devices-%i.device -After=sys-subsystem-net-devices-%i.device +Description=WPA supplicant (%{I}) +BindsTo=sys-subsystem-net-devices-%{i}.device +After=sys-subsystem-net-devices-%{i}.device [Service] Type=oneshot RemainAfterExit=yes -ExecStart=/usr/sbin/ip link set dev %I up -ExecStart=/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant-%I.conf -B -i %I -ExecStop=/usr/sbin/ip link set dev %I down +ExecStart=%{_sbindir}/ip link set dev %{I} up +ExecStart=%{_sbindir}/wpa_supplicant -c %{_sysconfdir}/wpa_supplicant/wpa_supplicant-%{I}.conf -B -i %{I} +ExecStop=%{_sbindir}/ip link set dev %{I} down [Install] WantedBy=multi-user.target EOF -cat > %{buildroot}/etc/wpa_supplicant/wpa_supplicant-wlan0.conf << "EOF" +cat > %{buildroot}%{_sysconfdir}/wpa_supplicant/wpa_supplicant-wlan0.conf << "EOF" ctrl_interface=/run/wpa_supplicant update_config=1 @@ -98,20 +97,29 @@ EOF %{_sysconfdir}/wpa_supplicant/wpa_supplicant-wlan0.conf %changelog +* Mon Nov 16 2020 Nicolas Guibourge - 2.9-2 +- Change name of CVE-2019-16275 patch. + * Thu May 14 2020 Henry Beberman 2.9-1 - Update version to 2.9. - Add patch for CVE-2019-16275. + * Sat May 09 00:20:37 PST 2020 Nick Samson - 2.7-4 - Added %%license line automatically + * Fri Apr 17 2020 Nicolas Ontiveros 2.7-3 - Rename libnl to libnl3. - Remove sha1 macro. + * Tue Sep 03 2019 Mateusz Malisz 2.7-2 - Initial CBL-Mariner import from Photon (license: Apache2). + * Thu Jan 3 2019 Michelle Wang 2.7-1 - Update version to 2.7. + * Fri Aug 17 2018 Alexey Makhalov 2.6-2 - Improve .service file: wait wlanX to appear, run daemon in background. - Added skeleton for wlan0 conf file. + * Tue Nov 14 2017 Alexey Makhalov 2.6-1 - Initial build. First version. From 46a7401992f543663adbc0ae01d8d25c5e60c0a1 Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Tue, 17 Nov 2020 10:28:58 -0800 Subject: [PATCH 129/145] Nopatch QEMU CVE-2020-12829 (#391) --- SPECS/qemu-kvm/CVE-2020-12829.nopatch | 5 +++++ SPECS/qemu-kvm/qemu-kvm.spec | 7 ++++++- 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 SPECS/qemu-kvm/CVE-2020-12829.nopatch diff --git a/SPECS/qemu-kvm/CVE-2020-12829.nopatch b/SPECS/qemu-kvm/CVE-2020-12829.nopatch new file mode 100644 index 00000000000..a1f438739ae --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2020-12829.nopatch @@ -0,0 +1,5 @@ +CVE-2020-12829 affects the sm501 video driver, which is only used for powerpc and SuperH emulation +CONFIG_SM501 is selected by CONFIG_SAM460EX and CONFIG_R2D (from ppc-softmmu and sh4 targets respectively) +We only build for the native architecture so we can nopatch this. + +This is resolved in qemu >= 5.0 \ No newline at end of file diff --git a/SPECS/qemu-kvm/qemu-kvm.spec b/SPECS/qemu-kvm/qemu-kvm.spec index 47e49f053fe..1dc1ee107e4 100644 --- a/SPECS/qemu-kvm/qemu-kvm.spec +++ b/SPECS/qemu-kvm/qemu-kvm.spec @@ -1,7 +1,7 @@ Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 4.2.0 -Release: 19%{?dist} +Release: 20%{?dist} License: GPLv2 AND GPLv2+ AND CC-BY AND BSD Vendor: Microsoft Corporation Distribution: Mariner @@ -39,6 +39,8 @@ Patch21: CVE-2020-25742.patch Patch22: CVE-2020-25743.patch Patch23: CVE-2020-15469.patch Patch24: CVE-2020-24352.patch +# CVE-2020-12820 only affects powerpc and SuperH emulation (see .nopatch file for details). Resloved fully in qemu >=5.0.0 +Patch25: CVE-2020-12829.nopatch BuildRequires: alsa-lib-devel BuildRequires: glib-devel BuildRequires: pixman-devel @@ -149,6 +151,9 @@ chmod 755 %{buildroot}%{_bindir}/qemu %{_bindir}/qemu-nbd %changelog +* Mon Nov 16 2020 Daniel McIlvaney - 4.2.0-20 +- Noatch CVE-2020-12829, only affects SuperH and PowerPC emulation + * Wed Nov 11 2020 Henry Li - 4.2.0-19 - Patch CVE-2020-13361 - Patch CVE-2020-11869 From 3af9abb6174c04e1625ac4b3f18157c13452b585 Mon Sep 17 00:00:00 2001 From: nicolas guibourge Date: Tue, 17 Nov 2020 12:40:54 -0800 Subject: [PATCH 130/145] nopatch nginx CVE-2009-4487 (#394) --- SPECS/nginx/CVE-2009-4487.nopatch | 0 SPECS/nginx/nginx.spec | 6 +++++- 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 SPECS/nginx/CVE-2009-4487.nopatch diff --git a/SPECS/nginx/CVE-2009-4487.nopatch b/SPECS/nginx/CVE-2009-4487.nopatch new file mode 100644 index 00000000000..e69de29bb2d diff --git a/SPECS/nginx/nginx.spec b/SPECS/nginx/nginx.spec index 393c8d70ec5..65fbb727013 100644 --- a/SPECS/nginx/nginx.spec +++ b/SPECS/nginx/nginx.spec @@ -1,7 +1,7 @@ Summary: High-performance HTTP server and reverse proxy Name: nginx Version: 1.16.1 -Release: 3%{?dist} +Release: 4%{?dist} License: BSD 2-Clause Vendor: Microsoft Corporation Distribution: Mariner @@ -11,6 +11,7 @@ Source0: https://nginx.org/download/%{name}-%{version}.tar.gz Source1: nginx.service Source2: nginx-njs-0.2.1.tar.gz Patch0: CVE-2019-20372.patch +Patch1: CVE-2009-4487.nopatch BuildRequires: openssl-devel BuildRequires: pcre-devel BuildRequires: which @@ -78,6 +79,9 @@ install -p -m 0644 %{SOURCE1} %{buildroot}%{_lib}/systemd/system/nginx.service %{_var}/log/nginx %changelog +* Tue Nov 17 2020 Nicolas Guibourge - 1.16.1-4 +- nopatch for CVE-2009-4487 + * Wed Oct 28 2020 Henry Li - 1.16.1-3 - Used autosetup - Added patch to resolve CVE-2019-20372 From de5e3c326da74d477c095595a13867be48aee1da Mon Sep 17 00:00:00 2001 From: nicolas guibourge Date: Tue, 17 Nov 2020 12:41:52 -0800 Subject: [PATCH 131/145] CVE-2020-15778 - no patch (#393) * CVE-2020-15778 - no patch * re-lint spec (re-linting always add a white line in the spec => may be a bug in the tool) --- SPECS/openssh/CVE-2020-15778.nopatch | 1 + SPECS/openssh/openssh.spec | 12 ++++++------ 2 files changed, 7 insertions(+), 6 deletions(-) create mode 100644 SPECS/openssh/CVE-2020-15778.nopatch diff --git a/SPECS/openssh/CVE-2020-15778.nopatch b/SPECS/openssh/CVE-2020-15778.nopatch new file mode 100644 index 00000000000..3811041da13 --- /dev/null +++ b/SPECS/openssh/CVE-2020-15778.nopatch @@ -0,0 +1 @@ +The CVE is a won't fix for OpenSSH (confirmed on their mailing list). See here: https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf. \ No newline at end of file diff --git a/SPECS/openssh/openssh.spec b/SPECS/openssh/openssh.spec index be15b50fc8f..970452530f5 100644 --- a/SPECS/openssh/openssh.spec +++ b/SPECS/openssh/openssh.spec @@ -2,7 +2,7 @@ Summary: Free version of the SSH connectivity tools Name: openssh Version: 8.0p1 -Release: 11%{?dist} +Release: 12%{?dist} License: BSD Vendor: Microsoft Corporation Distribution: Mariner @@ -12,23 +12,19 @@ Source0: https://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name} Source1: http://www.linuxfromscratch.org/blfs/downloads/stable-systemd/blfs-systemd-units-%{systemd_units_rel}.tar.xz Source2: sshd.service Source3: sshd-keygen.service - Patch0: blfs_systemd_fixes.patch Patch1: CVE-2019-16905.patch - # Nopatches section - # Community agreed to not patch this Patch100: CVE-2007-2768.nopatch Patch101: CVE-2020-14145.nopatch - +Patch102: CVE-2020-15778.nopatch BuildRequires: e2fsprogs-devel BuildRequires: groff BuildRequires: krb5-devel BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: systemd - Requires: openssh-clients = %{version}-%{release} Requires: openssh-server = %{version}-%{release} @@ -147,6 +143,7 @@ fi rm -rf %{buildroot}/* + %files %license LICENCE @@ -192,6 +189,9 @@ rm -rf %{buildroot}/* %{_mandir}/man8/ssh-pkcs11-helper.8.gz %changelog +* Tue Nov 17 2020 Nicolas Guibourge - 8.0p1-12 +- Nopatching CVE-2020-15778. + * Tue Nov 03 2020 Pawel Winogrodzki - 8.0p1-11 - Nopatching CVE-2020-14145. From 87b598fe84d3168982816104b75788ccb304a072 Mon Sep 17 00:00:00 2001 From: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com> Date: Wed, 18 Nov 2020 13:23:32 -0500 Subject: [PATCH 132/145] Install cracklib before building pam (#375) (#396) --- toolkit/scripts/toolchain/build_official_toolchain_rpms.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh b/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh index 1251058b8ff..45e1e414b4f 100755 --- a/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh +++ b/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh @@ -352,6 +352,9 @@ build_rpm_in_chroot_no_install libxml2 chroot_and_install_rpms python-setuptools build_rpm_in_chroot_no_install cracklib +# pam needs cracklib +chroot_and_install_rpms cracklib + build_rpm_in_chroot_no_install cmake build_rpm_in_chroot_no_install pam build_rpm_in_chroot_no_install docbook-dtd-xml @@ -439,8 +442,6 @@ chroot_and_install_rpms ninja-build chroot_and_install_rpms gettext build_rpm_in_chroot_no_install meson -# libpwquality requires cracklib -chroot_and_install_rpms cracklib build_rpm_in_chroot_no_install libpwquality build_rpm_in_chroot_no_install json-c build_rpm_in_chroot_no_install libsepol From 84a77c7b8a55e362e3e543e32b62475a68dac38b Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Wed, 18 Nov 2020 10:46:26 -0800 Subject: [PATCH 133/145] Adding missing runtime dependency. (#388) * Adding missing runtime dependency. * Reordering toolkit package installation. --- SPECS/python-setuptools/python-setuptools.spec | 6 +++++- SPECS/python3/python3.spec | 6 +++++- toolkit/resources/manifests/package/toolchain_aarch64.txt | 2 +- toolkit/resources/manifests/package/toolchain_x86_64.txt | 2 +- toolkit/scripts/toolchain/build_official_toolchain_rpms.sh | 7 ++++--- 5 files changed, 16 insertions(+), 7 deletions(-) diff --git a/SPECS/python-setuptools/python-setuptools.spec b/SPECS/python-setuptools/python-setuptools.spec index 79c2b460305..e64aae15d72 100644 --- a/SPECS/python-setuptools/python-setuptools.spec +++ b/SPECS/python-setuptools/python-setuptools.spec @@ -3,7 +3,7 @@ Summary: Download, build, install, upgrade, and uninstall Python packages Name: python-setuptools Version: 40.2.0 -Release: 5%{?dist} +Release: 6%{?dist} License: MIT Group: Development/Languages Vendor: Microsoft Corporation @@ -17,6 +17,7 @@ BuildRequires: python2 BuildRequires: python2-libs BuildRequires: unzip +Requires: python-xml Requires: python2 Requires: python2-libs @@ -54,6 +55,9 @@ python2 setup.py test %{python2_sitelib}/* %changelog +* Mon Nov 16 2020 Pawel Winogrodzki - 40.2.0-6 +- Adding explicit runtime dependency on 'python-xml'. + * Sat May 09 00:21:39 PST 2020 Nick Samson - 40.2.0-5 - Added %%license line automatically diff --git a/SPECS/python3/python3.spec b/SPECS/python3/python3.spec index 5c1533fe822..eb8d10504e5 100644 --- a/SPECS/python3/python3.spec +++ b/SPECS/python3/python3.spec @@ -2,7 +2,7 @@ Summary: A high-level scripting language Name: python3 Version: 3.7.9 -Release: 2%{?dist} +Release: 3%{?dist} License: PSF Vendor: Microsoft Corporation Distribution: Mariner @@ -119,6 +119,7 @@ The PyPA recommended tool for installing Python packages. %package setuptools Summary: Download, build, install, upgrade, and uninstall Python packages. Group: Development/Tools +Requires: python3-xml Requires: python3 = %{version}-%{release} BuildArch: noarch @@ -263,6 +264,9 @@ rm -rf %{buildroot}/* %{_libdir}/python3.7/test/* %changelog +* Mon Nov 16 2020 Pawel Winogrodzki - 3.7.9-3 +- Adding explicit runtime dependency on 'python3-xml' for the 'python3-setuptool' subpackage. + * Fri Nov 06 2020 Thomas Crain - 3.7.9-2 - Patch CVE-2020-27619 diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 361d46ec053..3f081594362 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -330,7 +330,7 @@ python3-rpm-4.14.2-10.cm1.aarch64.rpm python-curses-2.7.18-5.cm1.aarch64.rpm python-gpg-1.13.1-6.cm1.aarch64.rpm python-rpm-4.14.2-10.cm1.aarch64.rpm -python-setuptools-40.2.0-5.cm1.noarch.rpm +python-setuptools-40.2.0-6.cm1.noarch.rpm python-xml-2.7.18-5.cm1.aarch64.rpm readline-7.0-4.cm1.aarch64.rpm readline-debuginfo-7.0-4.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 950e60a6fe8..7b07e4b570e 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -330,7 +330,7 @@ python3-rpm-4.14.2-10.cm1.x86_64.rpm python-curses-2.7.18-5.cm1.x86_64.rpm python-gpg-1.13.1-6.cm1.x86_64.rpm python-rpm-4.14.2-10.cm1.x86_64.rpm -python-setuptools-40.2.0-5.cm1.noarch.rpm +python-setuptools-40.2.0-6.cm1.noarch.rpm python-xml-2.7.18-5.cm1.x86_64.rpm readline-7.0-4.cm1.x86_64.rpm readline-debuginfo-7.0-4.cm1.x86_64.rpm diff --git a/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh b/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh index 45e1e414b4f..15893d56b02 100755 --- a/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh +++ b/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh @@ -348,6 +348,10 @@ chroot_and_install_rpms libssh2 build_rpm_in_chroot_no_install curl build_rpm_in_chroot_no_install libxml2 +# python-setuptools needs python-xml +# python-xml is built by building python2 +chroot_and_install_rpms python-xml + # cracklib needs python-setuptools chroot_and_install_rpms python-setuptools build_rpm_in_chroot_no_install cracklib @@ -381,9 +385,6 @@ build_rpm_in_chroot_no_install libsolv # glib needs perl-XML-Parser, python-xml chroot_and_install_rpms perl-XML-Parser -# python-xml is built by building python2 -chroot_and_install_rpms python-xml - build_rpm_in_chroot_no_install glib build_rpm_in_chroot_no_install libassuan build_rpm_in_chroot_no_install npth From ba513a2e53b7e721be785953c9b37358c12d9372 Mon Sep 17 00:00:00 2001 From: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com> Date: Wed, 18 Nov 2020 14:55:44 -0500 Subject: [PATCH 134/145] Fix missing ant requires (#397) (#398) --- SPECS/ant/ant.spec | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/SPECS/ant/ant.spec b/SPECS/ant/ant.spec index 3b4a610fb78..8ff7a98b55c 100644 --- a/SPECS/ant/ant.spec +++ b/SPECS/ant/ant.spec @@ -1,23 +1,23 @@ +%define _prefix /var/opt/apache-%{name} +%define _bindir %{_prefix}/bin +%define _libdir %{_prefix}/lib Summary: Apache Ant Name: ant Version: 1.10.9 -Release: 1%{?dist} -License: ASL 2.0 and BSD and W3C -URL: https://ant.apache.org -Group: Applications/System +Release: 2%{?dist} +License: ASL 2.0 AND BSD AND W3C Vendor: Microsoft Corporation Distribution: Mariner -BuildArch: noarch +Group: Applications/System +URL: https://ant.apache.org Source0: https://archive.apache.org/dist/ant/source/apache-%{name}-%{version}-src.tar.gz Source1: https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/hamcrest/hamcrest-1.3.tgz Source2: https://dl.bintray.com/vmware/photon_sources/1.0/maven-ant-tasks-2.1.3.tar.gz - -Requires: openjre8 -BuildRequires: openjre8 -BuildRequires: openjdk8 -%define _prefix /var/opt/apache-%{name} -%define _bindir %{_prefix}/bin -%define _libdir %{_prefix}/lib +BuildRequires: openjdk8 +BuildRequires: openjre8 +Requires: openjre8 +Requires: which +BuildArch: noarch %description The Ant package contains binaries for a build system @@ -118,6 +118,9 @@ bootstrap/bin/ant -v run-tests %{_bindir}/runant.pl %changelog +* Wed Nov 18 2020 Joe Schmitt - 1.10.9-2 +- Add runtime requires on which. It is used to find the java executable when ant runs. + * Wed Oct 21 2020 Henry Li - 1.10.9-1 - Updated to version 1.10.9 to resolve CVE-2020-11979 * Thu May 21 2020 Ruying Chen - 1.10.8-1 From 8b3b80703b7194b239fee7848079a87ec70eb661 Mon Sep 17 00:00:00 2001 From: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com> Date: Wed, 18 Nov 2020 17:21:20 -0800 Subject: [PATCH 135/145] Disable kernel config SLUB_DEBUG_ON due to tcp throughput perf impact (#387) --- .../kernel-signed-aarch64/kernel-signed-aarch64.spec | 5 ++++- SPECS-SIGNED/kernel-signed-x64/kernel-signed-x64.spec | 5 ++++- SPECS/kernel/config | 2 +- SPECS/kernel/config_aarch64 | 2 +- SPECS/kernel/kernel.signatures.json | 4 ++-- SPECS/kernel/kernel.spec | 5 ++++- 6 files changed, 16 insertions(+), 7 deletions(-) diff --git a/SPECS-SIGNED/kernel-signed-aarch64/kernel-signed-aarch64.spec b/SPECS-SIGNED/kernel-signed-aarch64/kernel-signed-aarch64.spec index 985693c7e7d..379aeebbb05 100644 --- a/SPECS-SIGNED/kernel-signed-aarch64/kernel-signed-aarch64.spec +++ b/SPECS-SIGNED/kernel-signed-aarch64/kernel-signed-aarch64.spec @@ -3,7 +3,7 @@ Summary: Signed Linux Kernel for aarch64 systems Name: kernel-signed-aarch64 Version: 5.4.72 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -80,6 +80,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %config %{_localstatedir}/lib/initramfs/kernel/%{uname_r} %changelog +* Mon Nov 16 2020 Suresh Babu Chalamalasetty - 5.4.72-3 +- Update release number + * Tue Nov 10 2020 Suresh Babu Chalamalasetty - 5.4.72-2 - Update release number diff --git a/SPECS-SIGNED/kernel-signed-x64/kernel-signed-x64.spec b/SPECS-SIGNED/kernel-signed-x64/kernel-signed-x64.spec index 3e35da25c00..ad5022c6bf5 100644 --- a/SPECS-SIGNED/kernel-signed-x64/kernel-signed-x64.spec +++ b/SPECS-SIGNED/kernel-signed-x64/kernel-signed-x64.spec @@ -3,7 +3,7 @@ Summary: Signed Linux Kernel for x86_64 systems Name: kernel-signed-x64 Version: 5.4.72 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -80,6 +80,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %config %{_localstatedir}/lib/initramfs/kernel/%{uname_r} %changelog +* Mon Nov 16 2020 Suresh Babu Chalamalasetty - 5.4.72-3 +- Update release number + * Tue Nov 10 2020 Suresh Babu Chalamalasetty - 5.4.72-2 - Update release number diff --git a/SPECS/kernel/config b/SPECS/kernel/config index 8ce64f67c54..67bff494c32 100644 --- a/SPECS/kernel/config +++ b/SPECS/kernel/config @@ -6497,7 +6497,7 @@ CONFIG_PAGE_POISONING_ZERO=y # CONFIG_DEBUG_PAGE_REF is not set # CONFIG_DEBUG_RODATA_TEST is not set # CONFIG_DEBUG_OBJECTS is not set -CONFIG_SLUB_DEBUG_ON=y +# CONFIG_SLUB_DEBUG_ON is not set # CONFIG_SLUB_STATS is not set CONFIG_HAVE_DEBUG_KMEMLEAK=y # CONFIG_DEBUG_KMEMLEAK is not set diff --git a/SPECS/kernel/config_aarch64 b/SPECS/kernel/config_aarch64 index 39aa5f55555..a044d0346ca 100644 --- a/SPECS/kernel/config_aarch64 +++ b/SPECS/kernel/config_aarch64 @@ -8360,7 +8360,7 @@ CONFIG_PAGE_POISONING_ZERO=y # CONFIG_DEBUG_PAGE_REF is not set # CONFIG_DEBUG_RODATA_TEST is not set # CONFIG_DEBUG_OBJECTS is not set -CONFIG_SLUB_DEBUG_ON=y +# CONFIG_SLUB_DEBUG_ON is not set # CONFIG_SLUB_STATS is not set CONFIG_HAVE_DEBUG_KMEMLEAK=y # CONFIG_DEBUG_KMEMLEAK is not set diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json index 50966affc5b..587774e9be0 100644 --- a/SPECS/kernel/kernel.signatures.json +++ b/SPECS/kernel/kernel.signatures.json @@ -1,7 +1,7 @@ { "Signatures": { - "config": "681e8ff274fc3fc79eaf38d5152e99702e22346bd2aaff06925715dcf1a00fc3", - "config_aarch64": "90f267acf12957a69d3b1feef8dbd6283b67138a8c0034e4c47d56326e83690d", + "config": "b8a4aa3fd3e234ff28dc43e5f95c53456eebd9a02d28593553b7c1a0615562dc", + "config_aarch64": "b12f419ff792eb8bd491c53431bf2be9f8070d90ef2059057f9738573663eb2d", "linux-msft-5.4.72.tar.gz": "3407ccf8505595ae3e7a7b30c206190a0762f3e202f21f9de88a8d59e182ddef" } } \ No newline at end of file diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec index c5fc610e164..966d6c738fc 100644 --- a/SPECS/kernel/kernel.spec +++ b/SPECS/kernel/kernel.spec @@ -3,7 +3,7 @@ Summary: Linux Kernel Name: kernel Version: 5.4.72 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -403,6 +403,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_libdir}/perf/include/bpf/* %changelog +* Mon Nov 16 2020 Suresh Babu Chalamalasetty - 5.4.72-3 +- Disable kernel config SLUB_DEBUG_ON due to tcp throughput perf impact + * Tue Nov 10 2020 Suresh Babu Chalamalasetty - 5.4.72-2 - Enable kernel configs for Arm64 HyperV, Ampere and Cavium SoCs support From 28692542d0d5abc875b52d8bcb75a1365fabeff0 Mon Sep 17 00:00:00 2001 From: Christopher Co Date: Wed, 18 Nov 2020 18:12:32 -0800 Subject: [PATCH 136/145] diskutils: Add MBR disk setup (#382) parted uses the msdos option to create an MBR disk. So let's pass the correct msdos option to parted instead of mbr when the user wants to make an MBR disk. - Create new ConvertToPartedArgument method to convert a given PartitionTableType to its associated parted argument - Add unit tests for ConvertToPartedArgument method - Pass "msdos" option to parted instead of "mbr" in diskutils --- .../configuration/partitiontabletype.go | 16 +++++++++++ .../configuration/partitiontabletype_test.go | 28 +++++++++++++++++-- toolkit/tools/imagegen/diskutils/diskutils.go | 8 +++++- 3 files changed, 48 insertions(+), 4 deletions(-) diff --git a/toolkit/tools/imagegen/configuration/partitiontabletype.go b/toolkit/tools/imagegen/configuration/partitiontabletype.go index e30c276e499..a532a465c7b 100644 --- a/toolkit/tools/imagegen/configuration/partitiontabletype.go +++ b/toolkit/tools/imagegen/configuration/partitiontabletype.go @@ -22,6 +22,12 @@ const ( PartitionTableTypeNone PartitionTableType = "" ) +var partitionTableTypeToPartedArgument = map[PartitionTableType]string{ + PartitionTableTypeGpt: "gpt", + PartitionTableTypeMbr: "msdos", + PartitionTableTypeNone: "", +} + func (p PartitionTableType) String() string { return fmt.Sprintf(string(p)) } @@ -46,6 +52,16 @@ func (p *PartitionTableType) IsValid() (err error) { return fmt.Errorf("invalid value for PartitionTableType (%s)", p) } +// ConvertToPartedArgument returns the parted argument corresponding to the +// partition table type +func (p *PartitionTableType) ConvertToPartedArgument() (partedArgument string, err error) { + if err = p.IsValid(); err != nil { + return + } + partedArgument = partitionTableTypeToPartedArgument[*p] + return +} + // UnmarshalJSON Unmarshals a PartitionTableType entry func (p *PartitionTableType) UnmarshalJSON(b []byte) (err error) { // Use an intermediate type which will use the default JSON unmarshal implementation diff --git a/toolkit/tools/imagegen/configuration/partitiontabletype_test.go b/toolkit/tools/imagegen/configuration/partitiontabletype_test.go index cfbeb29a92e..ea7af515cc9 100644 --- a/toolkit/tools/imagegen/configuration/partitiontabletype_test.go +++ b/toolkit/tools/imagegen/configuration/partitiontabletype_test.go @@ -17,9 +17,14 @@ var ( PartitionTableType("mbr"), PartitionTableType(""), } - invalidPartitionTableType = PartitionTableType("not_a_partition_type") - validPartitionTableTypeJSON = `"gpt"` - invalidPartitionTableTypeJSON = `1234` + invalidPartitionTableType = PartitionTableType("not_a_partition_type") + validPartitionTableTypeJSON = `"gpt"` + invalidPartitionTableTypeJSON = `1234` + validPartitionTableTypesToPartedArguments = map[PartitionTableType]string{ + PartitionTableType("gpt"): "gpt", + PartitionTableType("mbr"): "msdos", + PartitionTableType(""): "", + } ) func TestShouldSucceedValidPartitionsMatch_PartitionTableType(t *testing.T) { @@ -75,3 +80,20 @@ func TestShouldFailParsingInvalidJSON_PartitionTableType(t *testing.T) { assert.Error(t, err) assert.Equal(t, "failed to parse [PartitionTableType]: json: cannot unmarshal number into Go value of type configuration.IntermediateTypePartitionTableType", err.Error()) } + +func TestShouldSucceedConvertToPartedArgument_PartitionTableType(t *testing.T) { + var ptt PartitionTableType + assert.Equal(t, len(validPartitionTableTypes), len(ptt.GetValidPartitionTableTypes())) + + for _, partitionType := range validPartitionTableTypes { + partedArgument, err := partitionType.ConvertToPartedArgument() + assert.NoError(t, err) + assert.Equal(t, partedArgument, validPartitionTableTypesToPartedArguments[partitionType]) + } +} + +func TestShouldFailConvertToPartedArgument_PartitionTableType(t *testing.T) { + _, err := invalidPartitionTableType.ConvertToPartedArgument() + assert.Error(t, err) + assert.Equal(t, "invalid value for PartitionTableType (not_a_partition_type)", err.Error()) +} diff --git a/toolkit/tools/imagegen/diskutils/diskutils.go b/toolkit/tools/imagegen/diskutils/diskutils.go index ec79450eb9d..0e797aa6d4c 100644 --- a/toolkit/tools/imagegen/diskutils/diskutils.go +++ b/toolkit/tools/imagegen/diskutils/diskutils.go @@ -244,7 +244,13 @@ func CreatePartitions(diskDevPath string, disk configuration.Disk, rootEncryptio // Create new partition table partitionTableType := disk.PartitionTableType - _, stderr, err = shell.Execute("parted", diskDevPath, "--script", "mklabel", partitionTableType.String()) + logger.Log.Debugf("Converting partition table type (%v) to parted argument", partitionTableType) + partedArgument, err := partitionTableType.ConvertToPartedArgument() + if err != nil { + logger.Log.Errorf("Unable to convert partition table type (%v) to parted argument", partitionTableType) + return + } + _, stderr, err = shell.Execute("parted", diskDevPath, "--script", "mklabel", partedArgument) if err != nil { logger.Log.Warnf("Failed to set partition table type using parted: %v", stderr) return From 18397732ababd3799c69a2e0c45efd85346f84e4 Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Thu, 19 Nov 2020 11:03:52 -0800 Subject: [PATCH 137/145] Don't warn about StreamOutput log buffer overflow (#400) --- toolkit/tools/internal/logger/log.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/toolkit/tools/internal/logger/log.go b/toolkit/tools/internal/logger/log.go index 91eac6c8a3b..1dfbeee128c 100644 --- a/toolkit/tools/internal/logger/log.go +++ b/toolkit/tools/internal/logger/log.go @@ -145,8 +145,7 @@ func StreamOutput(pipe io.Reader, logFunction func(...interface{}), wg *sync.Wai select { case outputChan <- line: default: - // In the event the buffer is full, just print to console - Log.Warnf("Output buffer full: dropping: \"%s\"", line) + // In the event the buffer is full, drop the line } } } From 58e41e2f43630de3de0826c4496847885885e2cb Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Thu, 19 Nov 2020 13:24:00 -0800 Subject: [PATCH 138/145] Ptest fixes for `tdnf`, `tcsh`, `sysstat`. (#392) * Installing Python dependencies for the tests. * Adding `BuildRequires` on `shadow-utils` and `sudo` to fix `tcsh` package tests. * Removing `%check` section from `sysstat`. * Updating changelog and adding linter's suggestions. --- SPECS/sysstat/sysstat.spec | 77 ++-- SPECS/tcsh/tcsh.spec | 143 +++--- SPECS/tdnf/tdnf.spec | 430 ++++++++++-------- .../manifests/package/pkggen_core_aarch64.txt | 8 +- .../manifests/package/pkggen_core_x86_64.txt | 8 +- .../manifests/package/toolchain_aarch64.txt | 12 +- .../manifests/package/toolchain_x86_64.txt | 12 +- 7 files changed, 402 insertions(+), 288 deletions(-) diff --git a/SPECS/sysstat/sysstat.spec b/SPECS/sysstat/sysstat.spec index 06d43cef792..fa93af63204 100644 --- a/SPECS/sysstat/sysstat.spec +++ b/SPECS/sysstat/sysstat.spec @@ -1,7 +1,7 @@ Summary: The Sysstat package contains utilities to monitor system performance and usage activity Name: sysstat Version: 12.3.3 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 URL: http://sebastien.godard.pagesperso-orange.fr/ Group: Development/Debuggers @@ -9,8 +9,11 @@ Vendor: Microsoft Corporation Distribution: Mariner #Source0: https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz Source0: %{name}-%{version}.tar.gz + BuildRequires: cronie + Requires: cronie + %description The Sysstat package contains utilities to monitor system performance and usage activity. Sysstat contains the sar utility, common to many commercial Unixes, and tools you can schedule via cron to collect and historize performance and activity data. @@ -37,9 +40,6 @@ install -D -m 0644 %{_builddir}/%{name}-%{version}/cron/sysstat-collect.service %find_lang %{name} -%check -make test - %clean rm -rf %{buildroot}/* @@ -57,30 +57,45 @@ rm -rf %{buildroot}/* %changelog -* Mon Jun 08 2020 Ruying Chen 12.3.3-1 -- Update to 12.3.3 -* Sat May 09 2020 Nick Samson 12.1.2-4 -- Added %%license line automatically -* Tue Apr 07 2020 Pawel Winogrodzki 12.1.2-3 -- Fixed "Source0" tag and moved to GitHub sources. -- License verified. -* Tue Sep 03 2019 Mateusz Malisz 12.1.2-2 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Thu Jan 03 2019 Keerthana K 12.1.2-1 -- Update to 12.1.2 to fix CVEs. -* Mon Sep 17 2018 Tapas Kundu 12.0.1-1 -- Updated to 12.0.1 release -* Thu Apr 27 2017 Priyesh Padmavilasom 11.4.3-2 -- Ensure debuginfo -* Tue Apr 11 2017 Vinay Kulkarni 11.4.3-1 -- Update to version 11.4.3 -* Thu Jan 05 2017 Xiaolin Li 11.4.2-1 -- Updated to version 11.4.2 and enable install cron. -* Tue May 24 2016 Priyesh Padmavilasom 11.2.0-3 -- GA - Bump release of all rpms -* Wed May 4 2016 Divya Thaluru 11.2.0-2 -- Adding systemd service file -* Wed Jan 20 2016 Priyesh Padmavilasom 11.2.0-1 -- Update to 11.2.0-1. -* Mon Nov 30 2015 Harish Udaiya Kumar 11.1.8-1 -- Initial build. First version +* Mon Nov 16 2020 Pawel Winogrodzki - 12.3.3-2 +- Removing %%check section as the package doesn't have a test suite. + +* Mon Jun 08 2020 Ruying Chen - 12.3.3-1 +- Update to 12.3.3 + +* Sat May 09 2020 Nick Samson - 12.1.2-4 +- Added %%license line automatically + +* Tue Apr 07 2020 Pawel Winogrodzki - 12.1.2-3 +- Fixed "Source0" tag and moved to GitHub sources. +- License verified. + +* Tue Sep 03 2019 Mateusz Malisz - 12.1.2-2 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Thu Jan 03 2019 Keerthana K - 12.1.2-1 +- Update to 12.1.2 to fix CVEs. + +* Mon Sep 17 2018 Tapas Kundu - 12.0.1-1 +- Updated to 12.0.1 release + +* Thu Apr 27 2017 Priyesh Padmavilasom - 11.4.3-2 +- Ensure debuginfo + +* Tue Apr 11 2017 Vinay Kulkarni - 11.4.3-1 +- Update to version 11.4.3 + +* Thu Jan 05 2017 Xiaolin Li - 11.4.2-1 +- Updated to version 11.4.2 and enable install cron. + +* Tue May 24 2016 Priyesh Padmavilasom - 11.2.0-3 +- GA - Bump release of all rpms + +* Wed May 4 2016 Divya Thaluru - 11.2.0-2 +- Adding systemd service file + +* Wed Jan 20 2016 Priyesh Padmavilasom - 11.2.0-1 +- Update to 11.2.0-1. + +* Mon Nov 30 2015 Harish Udaiya Kumar - 11.1.8-1 +- Initial build. First version diff --git a/SPECS/tcsh/tcsh.spec b/SPECS/tcsh/tcsh.spec index 84b945c3a71..ee2f1fe638f 100644 --- a/SPECS/tcsh/tcsh.spec +++ b/SPECS/tcsh/tcsh.spec @@ -2,21 +2,32 @@ Summary: An enhanced version of csh, the C shell Name: tcsh Version: 6.20.00 -Release: 8%{?dist} +Release: 9%{?dist} License: BSD +Vendor: Microsoft Corporation +Distribution: Mariner Group: System Environment/Shells -Source: https://astron.com/pub/%{name}/old/%{name}-%{version}.tar.gz +URL: https://www.tcsh.org/ +Source0: https://astron.com/pub/%{name}/old/%{name}-%{version}.tar.gz + # patch origin http://pkgs.fedoraproject.org/cgit/rpms/tcsh.git/ Patch0: tcsh-6.20.00-009-fix-regexp-for-backlash-quoting-tests.patch -URL: https://www.tcsh.org/ -Vendor: Microsoft Corporation -Distribution: Mariner -Provides: csh = %{version} -Provides: /bin/tcsh, /bin/csh + BuildRequires: ncurses-devel + +%if %{with_check} +BuildRequires: shadow-utils +BuildRequires: sudo +%endif + Requires: ncurses Requires(post): /bin/grep -Requires(postun): coreutils /bin/grep +Requires(postun): /bin/grep +Requires(postun): coreutils + +Provides: csh = %{version} +Provides: /bin/csh +Provides: /bin/tcsh %description Tcsh is an enhanced but completely compatible version of csh, the C @@ -74,36 +85,37 @@ sudo -u test make check && userdel test -r -f %clean rm -rf %{buildroot} + %post if [ $1 -eq 1 ] ; then - if [ ! -f /etc/shells ]; then - echo "%{_bindir}/tcsh" >> /etc/shells - echo "%{_bindir}/csh" >> /etc/shells - echo "/bin/tcsh" >> /etc/shells - echo "/bin/csh" >> /etc/shells + if [ ! -f %{_sysconfdir}/shells ]; then + echo "%{_bindir}/tcsh" >> %{_sysconfdir}/shells + echo "%{_bindir}/csh" >> %{_sysconfdir}/shells + echo "/bin/tcsh" >> %{_sysconfdir}/shells + echo "/bin/csh" >> %{_sysconfdir}/shells else - grep -q '^%{_bindir}/tcsh$' /etc/shells || \ - echo "%{_bindir}/tcsh" >> /etc/shells - grep -q '^%{_bindir}/csh$' /etc/shells || \ - echo "%{_bindir}/csh" >> /etc/shells - grep -q '^/bin/tcsh$' /etc/shells || \ - echo "/bin/tcsh" >> /etc/shells - grep -q '^/bin/csh$' /etc/shells || \ - echo "/bin/csh" >> /etc/shells + grep -q '^%{_bindir}/tcsh$' %{_sysconfdir}/shells || \ + echo "%{_bindir}/tcsh" >> %{_sysconfdir}/shells + grep -q '^%{_bindir}/csh$' %{_sysconfdir}/shells || \ + echo "%{_bindir}/csh" >> %{_sysconfdir}/shells + grep -q '^/bin/tcsh$' %{_sysconfdir}/shells || \ + echo "/bin/tcsh" >> %{_sysconfdir}/shells + grep -q '^/bin/csh$' %{_sysconfdir}/shells || \ + echo "/bin/csh" >> %{_sysconfdir}/shells fi fi %postun if [ $1 -eq 0 ] ; then if [ ! -x %{_bindir}/tcsh ]; then - grep -v '^%{_bindir}/tcsh$' /etc/shells | \ - grep -v '^%{_bindir}/csh$' > /etc/shells.rpm && \ - mv /etc/shells.rpm /etc/shells + grep -v '^%{_bindir}/tcsh$' %{_sysconfdir}/shells | \ + grep -v '^%{_bindir}/csh$' > %{_sysconfdir}/shells.rpm && \ + mv %{_sysconfdir}/shells.rpm %{_sysconfdir}/shells fi if [ ! -x /bin/tcsh ]; then - grep -v '^/bin/tcsh$' /etc/shells | \ - grep -v '^/bin/csh$' > /etc/shells.rpm && \ - mv /etc/shells.rpm /etc/shells + grep -v '^/bin/tcsh$' %{_sysconfdir}/shells | \ + grep -v '^/bin/csh$' > %{_sysconfdir}/shells.rpm && \ + mv %{_sysconfdir}/shells.rpm %{_sysconfdir}/shells fi fi @@ -115,33 +127,50 @@ fi %{_mandir}/man1/*.1* %changelog -* Sat May 09 00:21:11 PST 2020 Nick Samson - 6.20.00-8 -- Added %%license line automatically -* Mon Apr 13 2020 Eric Li 6.20.00-7 -- Verified license. -* Thu Apr 09 2020 Nicolas Ontiveros 6.20.00-6 -- Remove toybox and only use coreutils for requires. -* Tue Sep 03 2019 Mateusz Malisz 6.20.00-5 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Mon Sep 18 2017 Alexey Makhalov 6.20.00-4 -- Requires coreutils or toybox and /bin/grep -* Tue Jun 6 2017 Alexey Makhalov 6.20.00-3 -- Fix make check issues. -* Tue Apr 25 2017 Priyesh Padmavilasom 6.20.00-2 -- Ensure non empty debuginfo -* Tue Mar 28 2017 Xiaolin Li 6.20.00-1 -- Updated to version 6.20.00 -* Tue Feb 07 2017 Divya Thaluru 6.19.00-6 -- Added /bin/csh and /bin/tsch entries in /etc/shells -* Wed Dec 14 2016 Alexey Makhalov 6.19.00-5 -- tcsh.glibc-2.24.patch -* Wed May 25 2016 Anish Swaminathan 6.19.00-4 -- Fix calloc for gcc 5 optimization -* Tue May 24 2016 Priyesh Padmavilasom 6.19.00-3 -- GA - Bump release of all rpms -* Wed May 4 2016 Priyesh Padmavilasom 6.19.00-2 -- Fix for upgrade issues -* Thu Jan 21 2016 Anish Swaminathan 6.19.00-1 -- Upgrade version -* Wed Apr 1 2015 Divya Thaluru 6.18.01-1 -- Initial build. First version +* Mon Nov 16 2020 Pawel Winogrodzki - 6.20.00-9 +- Adding 'BuildRequires' on 'shadow-utils' and 'sudo' to fix the package tests. + +* Sat May 09 2020 Nick Samson - 6.20.00-8 +- Added %%license line automatically + +* Mon Apr 13 2020 Eric Li - 6.20.00-7 +- Verified license. + +* Thu Apr 09 2020 Nicolas Ontiveros - 6.20.00-6 +- Remove toybox and only use coreutils for requires. + +* Tue Sep 03 2019 Mateusz Malisz - 6.20.00-5 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Mon Sep 18 2017 Alexey Makhalov - 6.20.00-4 +- Requires coreutils or toybox and /bin/grep + +* Tue Jun 6 2017 Alexey Makhalov - 6.20.00-3 +- Fix make check issues. + +* Tue Apr 25 2017 Priyesh Padmavilasom - 6.20.00-2 +- Ensure non empty debuginfo + +* Tue Mar 28 2017 Xiaolin Li - 6.20.00-1 +- Updated to version 6.20.00 + +* Tue Feb 07 2017 Divya Thaluru - 6.19.00-6 +- Added /bin/csh and /bin/tsch entries in /etc/shells + +* Wed Dec 14 2016 Alexey Makhalov - 6.19.00-5 +- tcsh.glibc-2.24.patch + +* Wed May 25 2016 Anish Swaminathan - 6.19.00-4 +- Fix calloc for gcc 5 optimization + +* Tue May 24 2016 Priyesh Padmavilasom - 6.19.00-3 +- GA - Bump release of all rpms + +* Wed May 4 2016 Priyesh Padmavilasom - 6.19.00-2 +- Fix for upgrade issues + +* Thu Jan 21 2016 Anish Swaminathan - 6.19.00-1 +- Upgrade version + +* Wed Apr 1 2015 Divya Thaluru - 6.18.01-1 +- Initial build. First version diff --git a/SPECS/tdnf/tdnf.spec b/SPECS/tdnf/tdnf.spec index f84e356c748..29fee739268 100644 --- a/SPECS/tdnf/tdnf.spec +++ b/SPECS/tdnf/tdnf.spec @@ -5,39 +5,19 @@ Summary: dnf/yum equivalent using C libs Name: tdnf Version: 2.1.0 -Release: 4%{?dist} +Release: 5%{?dist} +License: LGPLv2.1 AND GPLv2 Vendor: Microsoft Corporation Distribution: Mariner -License: LGPLv2.1 and GPLv2 -URL: https://github.com/vmware/tdnf/wiki Group: Applications/RPM -Requires: rpm-libs -Requires: curl -Requires: tdnf-cli-libs = %{version}-%{release} -Requires: libsolv -Requires: openssl-libs -BuildRequires: popt-devel -BuildRequires: rpm-devel -BuildRequires: openssl-devel -BuildRequires: libsolv-devel -BuildRequires: curl-devel -#plugin repogpgcheck -BuildRequires: gpgme-devel -BuildRequires: cmake -BuildRequires: python3-devel -%if %{with_check} -BuildRequires: createrepo_c -BuildRequires: glib -BuildRequires: libxml2 -%endif -Obsoletes: yum -Provides: yum +URL: https://github.com/vmware/tdnf/wiki #Source0: https://github.com/vmware/tdnf/archive/v%{version}.tar.gz Source0: %{name}-%{version}.tar.gz Source1: cache-updateinfo Source2: cache-updateinfo.service Source3: cache-updateinfo.timer Source4: tdnfrepogpgcheck.conf + Patch0: tdnf-fix-distroverpkg-search.patch Patch1: tdnf-ssl-support.patch Patch2: tdnf-add-download-command.patch @@ -47,23 +27,52 @@ Patch5: tdnf-support-multiple-gpgkeys.patch Patch6: tdnf-add-download-no-deps-command.patch Patch7: tdnf-use-custom-keyring-for-gpg-checks.patch +BuildRequires: cmake +BuildRequires: curl-devel +#plugin repogpgcheck +BuildRequires: gpgme-devel +BuildRequires: libsolv-devel +BuildRequires: openssl-devel +BuildRequires: popt-devel +BuildRequires: python3-devel +BuildRequires: rpm-devel + +%if %{with_check} +BuildRequires: createrepo_c +BuildRequires: glib +BuildRequires: libxml2 +BuildRequires: python3-requests +BuildRequires: python3-setuptools +BuildRequires: python3-xml +%endif + +Requires: curl +Requires: libsolv +Requires: openssl-libs +Requires: rpm-libs +Requires: tdnf-cli-libs = %{version}-%{release} + +Obsoletes: yum +Provides: yum + %description tdnf is a yum/dnf equivalent which uses libsolv and libcurl %define _tdnfpluginsdir %{_libdir}/tdnf-plugins %package devel -Summary: A Library providing C API for tdnf -Group: Development/Libraries -Requires: tdnf = %{version}-%{release} -Requires: libsolv-devel +Summary: A Library providing C API for tdnf +Group: Development/Libraries + +Requires: libsolv-devel +Requires: tdnf = %{version}-%{release} %description devel Development files for tdnf %package cli-libs -Summary: Library providing cli libs for tdnf like clients -Group: Development/Libraries +Summary: Library providing cli libs for tdnf like clients +Group: Development/Libraries %description cli-libs Library providing cli libs for tdnf like clients. @@ -71,6 +80,7 @@ Library providing cli libs for tdnf like clients. %package plugin-repogpgcheck Summary: tdnf plugin providing gpg verification for repository metadata Group: Development/Libraries + Requires: gpgme %description plugin-repogpgcheck @@ -79,7 +89,9 @@ tdnf plugin providing gpg verification for repository metadata %package python Summary: python bindings for tdnf Group: Development/Libraries + Requires: python3 + %description python python bindings for tdnf @@ -99,19 +111,21 @@ cmake \ make %{?_smp_mflags} && make python %check +easy_install_3=$(ls /usr/bin |grep easy_install |grep 3) +$easy_install_3 pytest cd build && make %{?_smp_mflags} check %install cd build && make DESTDIR=%{buildroot} install find %{buildroot} -name '*.a' -delete -mkdir -p %{buildroot}/var/cache/tdnf +mkdir -p %{buildroot}%{_var}/cache/tdnf ln -sf %{_bindir}/tdnf %{buildroot}%{_bindir}/tyum ln -sf %{_bindir}/tdnf %{buildroot}%{_bindir}/yum install -v -D -m 0755 %{SOURCE1} %{buildroot}%{_bindir}/tdnf-cache-updateinfo install -v -D -m 0644 %{SOURCE2} %{buildroot}%{_libdir}/systemd/system/tdnf-cache-updateinfo.service install -v -D -m 0644 %{SOURCE3} %{buildroot}%{_libdir}/systemd/system/tdnf-cache-updateinfo.timer install -v -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/tdnf/pluginconf.d/tdnfrepogpgcheck.conf -mv %{buildroot}/usr/lib/pkgconfig/tdnfcli.pc %{buildroot}/usr/lib/pkgconfig/tdnf-cli-libs.pc +mv %{buildroot}%{_lib}/pkgconfig/tdnfcli.pc %{buildroot}%{_lib}/pkgconfig/tdnf-cli-libs.pc mkdir -p %{buildroot}/%{_tdnfpluginsdir}/tdnfrepogpgcheck mv %{buildroot}/%{_tdnfpluginsdir}/libtdnfrepogpgcheck.so %{buildroot}/%{_tdnfpluginsdir}/tdnfrepogpgcheck/libtdnfrepogpgcheck.so @@ -150,159 +164,215 @@ find %{buildroot} -name '*.pyc' -delete %files %license COPYING - %defattr(-,root,root,0755) - %{_bindir}/tdnf - %{_bindir}/tyum - %{_bindir}/yum - %{_bindir}/tdnf-cache-updateinfo - %{_libdir}/libtdnf.so.* - %config(noreplace) %{_sysconfdir}/tdnf/tdnf.conf - %config %{_libdir}/systemd/system/tdnf-cache-updateinfo.service - %config(noreplace) %{_libdir}/systemd/system/tdnf-cache-updateinfo.timer - %dir /var/cache/tdnf - %{_datadir}/bash-completion/completions/tdnf - +%defattr(-,root,root,0755) +%{_bindir}/tdnf +%{_bindir}/tyum +%{_bindir}/yum +%{_bindir}/tdnf-cache-updateinfo +%{_libdir}/libtdnf.so.* +%config(noreplace) %{_sysconfdir}/tdnf/tdnf.conf +%config %{_libdir}/systemd/system/tdnf-cache-updateinfo.service +%config(noreplace) %{_libdir}/systemd/system/tdnf-cache-updateinfo.timer +%dir %{_var}/cache/tdnf +%{_datadir}/bash-completion/completions/tdnf + %files devel - %defattr(-,root,root) - %{_includedir}/tdnf/*.h - %{_libdir}/libtdnf.so - %{_libdir}/libtdnfcli.so - %exclude %{_libdir}/debug - %{_libdir}/pkgconfig/tdnf.pc - %{_libdir}/pkgconfig/tdnf-cli-libs.pc +%defattr(-,root,root) +%{_includedir}/tdnf/*.h +%{_libdir}/libtdnf.so +%{_libdir}/libtdnfcli.so +%exclude %{_libdir}/debug +%{_libdir}/pkgconfig/tdnf.pc +%{_libdir}/pkgconfig/tdnf-cli-libs.pc %files cli-libs - %defattr(-,root,root) - %{_libdir}/libtdnfcli.so.* +%defattr(-,root,root) +%{_libdir}/libtdnfcli.so.* %files plugin-repogpgcheck - %defattr(-,root,root) - %dir %{_sysconfdir}/tdnf/pluginconf.d - %config(noreplace) %{_sysconfdir}/tdnf/pluginconf.d/tdnfrepogpgcheck.conf - %{_tdnfpluginsdir}/tdnfrepogpgcheck/libtdnfrepogpgcheck.so +%defattr(-,root,root) +%dir %{_sysconfdir}/tdnf/pluginconf.d +%config(noreplace) %{_sysconfdir}/tdnf/pluginconf.d/tdnfrepogpgcheck.conf +%{_tdnfpluginsdir}/tdnfrepogpgcheck/libtdnfrepogpgcheck.so %files python - %defattr(-,root,root) - %{python3_sitelib}/* - +%defattr(-,root,root) +%{python3_sitelib}/* + %changelog -* Fri Aug 14 2020 Joe Schmitt 2.1.0-4 -- Add tdnf-use-custom-keyring-for-gpg-checks.patch -* Thu Jul 30 2020 Joe Schmitt 2.1.0-3 -- Add tdnf-add-download-no-deps-command.patch. -* Wed Jul 29 2020 Emre Girgin 2.1.0-2 -- Fix 'repolist' command failure when gpgkey field is empty. -* Tue May 19 2020 Emre Girgin 2.1.0-1 -- Update URL, and License. -- License verified. -- Upgrade to 2.1.0. -- Add support for multiple gpgkeys in the .repo file. -* Sat May 09 00:21:26 PST 2020 Nick Samson -- Added %%license line automatically -* Tue Apr 07 2020 Nicolas Ontiveros 2.0.0-16 -- Don't install updateinfo.sh to the motdgen directory. -- Remove motd triggers. -- Fixed Source0. -* Mon Nov 25 2019 Andrew Phelps 2.0.0-15 -- Fix $basearch and $releasever handling. -* Thu Nov 21 2019 Joe Schmitt 2.0.0-14 -- Fix "showorder" output to match the rest of tdnf formatting. -* Wed Nov 20 2019 Joe Schmitt 2.0.0-13 -- Add "download" command and "showorder" option. -* Wed Oct 30 2019 Emre Girgin 2.0.0-12 -- Add support for SSL verification options in .repo files. -* Tue Sep 03 2019 Mateusz Malisz 2.0.0-11 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Fri Mar 15 2019 Ankit Jain 2.0.0-10 -- Added skipconflicts and skipobsoletes to check command. -* Thu Mar 14 2019 Keerthana K 2.0.0-9 -- GPGCheck fix on RPM version 4.14.2 -* Mon Mar 04 2019 Keerthana K 2.0.0-8 -- makecache and refresh command updates. -* Thu Feb 14 2019 Keerthana K 2.0.0-7 -- Fix to address issues when no repos are enabled. -* Wed Jan 23 2019 Keerthana K 2.0.0-6 -- Fix Memory leak and curl status type. -* Wed Jan 02 2019 Keerthana K 2.0.0-5 -- Added make check. -* Tue Dec 04 2018 Keerthana K 2.0.0-4 -- Add support for libsolv caching. -- Fix bug in tdnf updateinfo command. -- Fix bug on list available command. -* Wed Nov 21 2018 Keerthana K 2.0.0-3 -- Update to 2.0.0 beta release. -* Mon Oct 08 2018 Keerthana K 2.0.0-2 -- Fix bug on tdnf crash when photon-iso repo only enabled without mounting cdrom. -* Fri Feb 09 2018 Priyesh Padmavilasom 2.0.0-1 -- update to 2.0.0 -* Tue Jan 30 2018 Priyesh Padmavilasom 1.2.2-3 -- patch to error out early for permission issues. -* Tue Oct 10 2017 Priyesh Padmavilasom 1.2.2-2 -- Fix bug in obsolete protected packages. -* Wed Oct 4 2017 Priyesh Padmavilasom 1.2.2-1 -- update to v1.2.2 -* Sat Sep 30 2017 Priyesh Padmavilasom 1.2.1-5 -- Output problems while resolving to stderr (instead of stdout) -* Wed Sep 27 2017 Bo Gan 1.2.1-4 -- Improve suggestion in motd message -* Thu Sep 14 2017 Bo Gan 1.2.1-3 -- Add suggestion in motd message -* Fri Jul 21 2017 Priyesh Padmavilasom 1.2.1-2 -- Modify quiet patch. -* Tue Jul 18 2017 Priyesh Padmavilasom 1.2.1-1 -- Update to v1.2.1 -* Tue May 30 2017 Bo Gan 1.2.0-5 -- Fix cache-updateinfo script again -* Fri May 12 2017 Priyesh Padmavilasom 1.2.0-4 -- Patch repo refresh to allow quiet flags -* Wed May 10 2017 Bo Gan 1.2.0-3 -- Fix cache-updateinfo script -* Fri May 05 2017 Priyesh Padmavilasom 1.2.0-2 -- Fix Requires for cli-libs -* Wed May 03 2017 Priyesh Padmavilasom 1.2.0-1 -- update to v1.2.0 -* Sun Apr 30 2017 Bo Gan 1.1.0-5 -- Do not write to stdout in motd triggers -* Thu Apr 20 2017 Bo Gan 1.1.0-4 -- motd hooks/triggers for updateinfo notification -* Fri Apr 14 2017 Dheerajs Shetty 1.1.0-3 -- Adding a patch to compile with latest hawkey version -* Mon Dec 19 2016 Xiaolin Li 1.1.0-2 -- BuildRequires libsolv-devel. -* Thu Dec 08 2016 Priyesh Padmavilasom 1.1.0-1 -- update to v1.1.0 -* Thu Nov 17 2016 Alexey Makhalov 1.0.9-3 -- Use rpm-libs at runtime -* Tue May 24 2016 Priyesh Padmavilasom 1.0.9-2 -- GA - Bump release of all rpms -* Fri May 20 2016 Priyesh Padmavilasom 1.0.9-1 -- Update to 1.0.9. Contains fixes for updateinfo. -* Wed May 4 2016 Priyesh Padmavilasom 1.0.8-3 -- Fix link installs, fix devel header dir -* Fri Apr 1 2016 Priyesh Padmavilasom 1.0.8-2 -- Update version which was missed with 1.0.8-1, apply string limits -* Fri Apr 1 2016 Priyesh Padmavilasom 1.0.8-1 -- Code scan fixes, autotest path fix, support --releasever -* Thu Jan 14 2016 Priyesh Padmavilasom 1.0.7 -- Fix return codes on install and check-update -- Add tests for install existing and update -* Wed Jan 13 2016 Priyesh Padmavilasom 1.0.6 -- Support distroverpkg and add tests to work with make check -* Mon Dec 14 2015 Priyesh Padmavilasom 1.0.5 -- Support for multiple packages in alter commands -- Support url vars for releasever and basearch -* Fri Oct 2 2015 Priyesh Padmavilasom 1.0.4 -- Fix upgrade to work without args, Engage distro-sync -- Fix install to resolve to latest available -- Fix formats, fix refresh on download output -* Tue Sep 8 2015 Priyesh Padmavilasom 1.0.3 -- Fix metadata creation issues. Engage refresh flag. -- Do not check gpgkey when gpgcheck is turned off in repo. -* Thu Jul 23 2015 Priyesh Padmavilasom 1.0.2 -- Support reinstalls in transaction. Handle non-existent packages correctly. -* Mon Jul 13 2015 Alexey Makhalov 1.0.1-2 -- Create -debuginfo package. Use parallel make. -* Tue Jun 30 2015 Priyesh Padmavilasom 1.0.1 -- Proxy support, keepcache fix, valgrind leaks fix -* Fri Jan 23 2015 Priyesh Padmavilasom 1.0 -- Initial build. First version +* Mon Nov 16 2020 Pawel Winogrodzki - 2.1.0-5 +- Extending 'BuildRequires' with "pytest's" dependencies to fix the package tests. + +* Fri Aug 14 2020 Joe Schmitt - 2.1.0-4 +- Add tdnf-use-custom-keyring-for-gpg-checks.patch + +* Thu Jul 30 2020 Joe Schmitt - 2.1.0-3 +- Add tdnf-add-download-no-deps-command.patch. + +* Wed Jul 29 2020 Emre Girgin - 2.1.0-2 +- Fix 'repolist' command failure when gpgkey field is empty. + +* Tue May 19 2020 Emre Girgin - 2.1.0-1 +- Update URL, and License. +- License verified. +- Upgrade to 2.1.0. +- Add support for multiple gpgkeys in the .repo file. + +* Sat May 09 00:21:26 PST 2020 Nick Samson +- Added %%license line automatically + +* Tue Apr 07 2020 Nicolas Ontiveros - 2.0.0-16 +- Don't install updateinfo.sh to the motdgen directory. +- Remove motd triggers. +- Fixed Source0. + +* Mon Nov 25 2019 Andrew Phelps - 2.0.0-15 +- Fix $basearch and $releasever handling. + +* Thu Nov 21 2019 Joe Schmitt - 2.0.0-14 +- Fix "showorder" output to match the rest of tdnf formatting. + +* Wed Nov 20 2019 Joe Schmitt - 2.0.0-13 +- Add "download" command and "showorder" option. + +* Wed Oct 30 2019 Emre Girgin - 2.0.0-12 +- Add support for SSL verification options in .repo files. + +* Tue Sep 03 2019 Mateusz Malisz - 2.0.0-11 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Fri Mar 15 2019 Ankit Jain - 2.0.0-10 +- Added skipconflicts and skipobsoletes to check command. + +* Thu Mar 14 2019 Keerthana K - 2.0.0-9 +- GPGCheck fix on RPM version 4.14.2 + +* Mon Mar 04 2019 Keerthana K - 2.0.0-8 +- makecache and refresh command updates. + +* Thu Feb 14 2019 Keerthana K - 2.0.0-7 +- Fix to address issues when no repos are enabled. + +* Wed Jan 23 2019 Keerthana K - 2.0.0-6 +- Fix Memory leak and curl status type. + +* Wed Jan 02 2019 Keerthana K - 2.0.0-5 +- Added make check. + +* Tue Dec 04 2018 Keerthana K - 2.0.0-4 +- Add support for libsolv caching. +- Fix bug in tdnf updateinfo command. +- Fix bug on list available command. + +* Wed Nov 21 2018 Keerthana K - 2.0.0-3 +- Update to 2.0.0 beta release. + +* Mon Oct 08 2018 Keerthana K - 2.0.0-2 +- Fix bug on tdnf crash when photon-iso repo only enabled without mounting cdrom. + +* Fri Feb 09 2018 Priyesh Padmavilasom - 2.0.0-1 +- update to 2.0.0 + +* Tue Jan 30 2018 Priyesh Padmavilasom - 1.2.2-3 +- patch to error out early for permission issues. + +* Tue Oct 10 2017 Priyesh Padmavilasom - 1.2.2-2 +- Fix bug in obsolete protected packages. + +* Wed Oct 4 2017 Priyesh Padmavilasom - 1.2.2-1 +- update to v1.2.2 + +* Sat Sep 30 2017 Priyesh Padmavilasom - 1.2.1-5 +- Output problems while resolving to stderr (instead of stdout) + +* Wed Sep 27 2017 Bo Gan - 1.2.1-4 +- Improve suggestion in motd message + +* Thu Sep 14 2017 Bo Gan - 1.2.1-3 +- Add suggestion in motd message + +* Fri Jul 21 2017 Priyesh Padmavilasom - 1.2.1-2 +- Modify quiet patch. + +* Tue Jul 18 2017 Priyesh Padmavilasom - 1.2.1-1 +- Update to v1.2.1 + +* Tue May 30 2017 Bo Gan - 1.2.0-5 +- Fix cache-updateinfo script again + +* Fri May 12 2017 Priyesh Padmavilasom - 1.2.0-4 +- Patch repo refresh to allow quiet flags + +* Wed May 10 2017 Bo Gan - 1.2.0-3 +- Fix cache-updateinfo script + +* Fri May 05 2017 Priyesh Padmavilasom - 1.2.0-2 +- Fix Requires for cli-libs + +* Wed May 03 2017 Priyesh Padmavilasom - 1.2.0-1 +- update to v1.2.0 + +* Sun Apr 30 2017 Bo Gan - 1.1.0-5 +- Do not write to stdout in motd triggers + +* Thu Apr 20 2017 Bo Gan - 1.1.0-4 +- motd hooks/triggers for updateinfo notification + +* Fri Apr 14 2017 Dheerajs Shetty - 1.1.0-3 +- Adding a patch to compile with latest hawkey version + +* Mon Dec 19 2016 Xiaolin Li - 1.1.0-2 +- BuildRequires libsolv-devel. + +* Thu Dec 08 2016 Priyesh Padmavilasom - 1.1.0-1 +- update to v1.1.0 + +* Thu Nov 17 2016 Alexey Makhalov - 1.0.9-3 +- Use rpm-libs at runtime + +* Tue May 24 2016 Priyesh Padmavilasom - 1.0.9-2 +- GA - Bump release of all rpms + +* Fri May 20 2016 Priyesh Padmavilasom - 1.0.9-1 +- Update to 1.0.9. Contains fixes for updateinfo. + +* Wed May 4 2016 Priyesh Padmavilasom - 1.0.8-3 +- Fix link installs, fix devel header dir + +* Fri Apr 1 2016 Priyesh Padmavilasom - 1.0.8-2 +- Update version which was missed with 1.0.8-1, apply string limits + +* Fri Apr 1 2016 Priyesh Padmavilasom - 1.0.8-1 +- Code scan fixes, autotest path fix, support --releasever + +* Thu Jan 14 2016 Priyesh Padmavilasom - 1.0.7 +- Fix return codes on install and check-update +- Add tests for install existing and update + +* Wed Jan 13 2016 Priyesh Padmavilasom - 1.0.6 +- Support distroverpkg and add tests to work with make check + +* Mon Dec 14 2015 Priyesh Padmavilasom - 1.0.5 +- Support for multiple packages in alter commands +- Support url vars for releasever and basearch + +* Fri Oct 2 2015 Priyesh Padmavilasom - 1.0.4 +- Fix upgrade to work without args, Engage distro-sync +- Fix install to resolve to latest available +- Fix formats, fix refresh on download output + +* Tue Sep 8 2015 Priyesh Padmavilasom - 1.0.3 +- Fix metadata creation issues. Engage refresh flag. +- Do not check gpgkey when gpgcheck is turned off in repo. + +* Thu Jul 23 2015 Priyesh Padmavilasom - 1.0.2 +- Support reinstalls in transaction. Handle non-existent packages correctly. + +* Mon Jul 13 2015 Alexey Makhalov - 1.0.1-2 +- Create -debuginfo package. Use parallel make. + +* Tue Jun 30 2015 Priyesh Padmavilasom - 1.0.1 +- Proxy support, keepcache fix, valgrind leaks fix + +* Fri Jan 23 2015 Priyesh Padmavilasom - 1.0 +- Initial build. First version diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 11833386a67..8380b65694a 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -132,10 +132,10 @@ libssh2-devel-1.9.0-1.cm1.aarch64.rpm curl-7.68.0-2.cm1.aarch64.rpm curl-devel-7.68.0-2.cm1.aarch64.rpm curl-libs-7.68.0-2.cm1.aarch64.rpm -tdnf-2.1.0-4.cm1.aarch64.rpm -tdnf-cli-libs-2.1.0-4.cm1.aarch64.rpm -tdnf-devel-2.1.0-4.cm1.aarch64.rpm -tdnf-plugin-repogpgcheck-2.1.0-4.cm1.aarch64.rpm +tdnf-2.1.0-5.cm1.aarch64.rpm +tdnf-cli-libs-2.1.0-5.cm1.aarch64.rpm +tdnf-devel-2.1.0-5.cm1.aarch64.rpm +tdnf-plugin-repogpgcheck-2.1.0-5.cm1.aarch64.rpm createrepo_c-0.11.1-6.cm1.aarch64.rpm libxml2-2.9.10-3.cm1.aarch64.rpm libxml2-devel-2.9.10-3.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index d2c7e691ad8..453e03dce4c 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -132,10 +132,10 @@ libssh2-devel-1.9.0-1.cm1.x86_64.rpm curl-7.68.0-2.cm1.x86_64.rpm curl-devel-7.68.0-2.cm1.x86_64.rpm curl-libs-7.68.0-2.cm1.x86_64.rpm -tdnf-2.1.0-4.cm1.x86_64.rpm -tdnf-cli-libs-2.1.0-4.cm1.x86_64.rpm -tdnf-devel-2.1.0-4.cm1.x86_64.rpm -tdnf-plugin-repogpgcheck-2.1.0-4.cm1.x86_64.rpm +tdnf-2.1.0-5.cm1.x86_64.rpm +tdnf-cli-libs-2.1.0-5.cm1.x86_64.rpm +tdnf-devel-2.1.0-5.cm1.x86_64.rpm +tdnf-plugin-repogpgcheck-2.1.0-5.cm1.x86_64.rpm createrepo_c-0.11.1-6.cm1.x86_64.rpm libxml2-2.9.10-3.cm1.x86_64.rpm libxml2-devel-2.9.10-3.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 3f081594362..80ded36af85 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -362,12 +362,12 @@ systemd-devel-239-34.cm1.aarch64.rpm systemd-lang-239-34.cm1.aarch64.rpm tar-1.32-2.cm1.aarch64.rpm tar-debuginfo-1.32-2.cm1.aarch64.rpm -tdnf-2.1.0-4.cm1.aarch64.rpm -tdnf-cli-libs-2.1.0-4.cm1.aarch64.rpm -tdnf-debuginfo-2.1.0-4.cm1.aarch64.rpm -tdnf-devel-2.1.0-4.cm1.aarch64.rpm -tdnf-plugin-repogpgcheck-2.1.0-4.cm1.aarch64.rpm -tdnf-python-2.1.0-4.cm1.aarch64.rpm +tdnf-2.1.0-5.cm1.aarch64.rpm +tdnf-cli-libs-2.1.0-5.cm1.aarch64.rpm +tdnf-debuginfo-2.1.0-5.cm1.aarch64.rpm +tdnf-devel-2.1.0-5.cm1.aarch64.rpm +tdnf-plugin-repogpgcheck-2.1.0-5.cm1.aarch64.rpm +tdnf-python-2.1.0-5.cm1.aarch64.rpm texinfo-6.5-7.cm1.aarch64.rpm texinfo-debuginfo-6.5-7.cm1.aarch64.rpm unzip-6.0-18.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 7b07e4b570e..252e0bfd07f 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -362,12 +362,12 @@ systemd-devel-239-34.cm1.x86_64.rpm systemd-lang-239-34.cm1.x86_64.rpm tar-1.32-2.cm1.x86_64.rpm tar-debuginfo-1.32-2.cm1.x86_64.rpm -tdnf-2.1.0-4.cm1.x86_64.rpm -tdnf-cli-libs-2.1.0-4.cm1.x86_64.rpm -tdnf-debuginfo-2.1.0-4.cm1.x86_64.rpm -tdnf-devel-2.1.0-4.cm1.x86_64.rpm -tdnf-plugin-repogpgcheck-2.1.0-4.cm1.x86_64.rpm -tdnf-python-2.1.0-4.cm1.x86_64.rpm +tdnf-2.1.0-5.cm1.x86_64.rpm +tdnf-cli-libs-2.1.0-5.cm1.x86_64.rpm +tdnf-debuginfo-2.1.0-5.cm1.x86_64.rpm +tdnf-devel-2.1.0-5.cm1.x86_64.rpm +tdnf-plugin-repogpgcheck-2.1.0-5.cm1.x86_64.rpm +tdnf-python-2.1.0-5.cm1.x86_64.rpm texinfo-6.5-7.cm1.x86_64.rpm texinfo-debuginfo-6.5-7.cm1.x86_64.rpm unzip-6.0-18.cm1.x86_64.rpm From 2d3633af7f4fe9f4f59179ceac55ad1733b48d93 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Thu, 19 Nov 2020 15:42:59 -0800 Subject: [PATCH 139/145] Fixing `subversion` ptests. (#402) * Adding build-time dependencies for `%check`. * Aligning changelog with our conventions. --- SPECS/subversion/subversion.spec | 165 +++++++++++++++++++------------ 1 file changed, 101 insertions(+), 64 deletions(-) diff --git a/SPECS/subversion/subversion.spec b/SPECS/subversion/subversion.spec index d38599cb0a0..080ab2edc2b 100644 --- a/SPECS/subversion/subversion.spec +++ b/SPECS/subversion/subversion.spec @@ -1,46 +1,57 @@ Summary: The Apache Subversion control system Name: subversion Version: 1.14.0 -Release: 2%{?dist} +Release: 3%{?dist} License: ASL 2.0 -URL: https://subversion.apache.org/ -Group: Utilities/System Vendor: Microsoft Corporation Distribution: Mariner +Group: Utilities/System +URL: https://subversion.apache.org/ Source0: https://archive.apache.org/dist/%{name}/%{name}-%{version}.tar.bz2 -Requires: apr -Requires: apr-util -Requires: libserf BuildRequires: apr-devel BuildRequires: apr-util BuildRequires: apr-util-devel -BuildRequires: sqlite-devel -BuildRequires: libtool BuildRequires: expat-devel BuildRequires: libserf-devel +BuildRequires: libtool BuildRequires: lz4 -BuildRequires: utf8proc-devel +BuildRequires: sqlite-devel BuildRequires: swig +BuildRequires: utf8proc-devel + +%if %{with_check} +BuildRequires: python-xml +BuildRequires: python2 +BuildRequires: shadow-utils +BuildRequires: sudo +%endif + +Requires: apr +Requires: apr-util +Requires: libserf Requires: utf8proc %description The Apache version control system. %package devel -Summary: Header and development files for mesos -Requires: %{name} = %{version} +Summary: Header and development files for mesos + +Requires: %{name} = %{version} + %description devel subversion-devel package contains header files, libraries. %package perl -Summary: Allows Perl scripts to directly use Subversion repositories. -Requires: perl -Requires: %{name} = %{version} +Summary: Allows Perl scripts to directly use Subversion repositories. + +Requires: %{name} = %{version} +Requires: perl + %description perl Provides Perl (SWIG) support for Subversion version control system. - %prep %setup -q @@ -95,52 +106,78 @@ sudo -u test make check && userdel test -r -f %exclude %{_libdir}/perl5/*/*/perllocal.pod %changelog -* Thu Jun 11 2020 Henry Beberman 1.14.0-2 -- Add -Wformat to fix the build because -Werror=format-security is enabled. -* Tue Jun 09 2020 Andrew Phelps 1.14.0-1 -- Update to 1.14.0 to fix: CVE-2019-0203, CVE-2018-11782, CVE-2018-11803 -* Sat May 09 2020 Nick Samson 1.10.2-7 -- Added %%license line automatically -* Mon Apr 13 2020 Emre Girgin 1.10.2-6 -- Rename serf to libserf. -- Update Source0 and URL to use https. Update License. License verified. -* Tue Sep 03 2019 Mateusz Malisz 1.10.2-5 -- Initial CBL-Mariner import from Photon (license: Apache2). -* Tue Mar 05 2019 Siju Maliakkal 1.10.2-4 -- Excluding conflicting perllocal.pod -* Tue Oct 02 2018 Siju Maliakkal 1.10.2-3 -- Added Perl bindings -* Fri Sep 21 2018 Ankit Jain 1.10.2-2 -- Added utf8proc as Requires. -* Wed Sep 19 2018 Ankit Jain 1.10.2-1 -- Updated to version 1.10.2 -* Mon Jan 22 2018 Xiaolin Li 1.9.7-2 -- Compile subversion with https repository access module support -* Mon Aug 28 2017 Xiaolin Li 1.9.7-1 -- Update to version 1.9.7. -* Thu Jun 15 2017 Xiaolin Li 1.9.5-2 -- Fix make check issues. -* Wed Apr 12 2017 Vinay Kulkarni 1.9.5-1 -- Update to version 1.9.5 -* Tue Dec 27 2016 Xiaolin Li 1.9.4-2 -- Moved pkgconfig/*.pc to devel subpackage. -* Wed Nov 23 2016 Harish Udaiya Kumar 1.9.4-1 -- Upgraded to version 1.9.4, fixes CVE-2016-2167 CVE-2016-2168 -* Wed Nov 16 2016 Alexey Makhalov 1.9.3-8 -- Use sqlite-{devel,libs} -* Mon Oct 10 2016 ChangLee 1.9.3-7 -- Modified %check -* Tue May 24 2016 Priyesh Padmavilasom 1.9.3-6 -- GA - Bump release of all rpms -* Tue Feb 23 2016 Xiaolin Li 1.9.3-1 -- Updated to version 1.9.3 -* Tue Nov 10 2015 Xiaolin Li 1.8.13-5 -- Handled locale files with macro find_lang -* Tue Sep 22 2015 Harish Udaiya Kumar 1.8.13-4 -- Updated build-requires after creating devel package for apr. -* Mon Sep 21 2015 Xiaolin Li 1.8.13-3 -- Move .a, and .so files to devel pkg. -* Tue Sep 08 2015 Vinay Kulkarni 1.8.13-2 -- Move headers into devel pkg. -* Fri Jun 26 2015 Sarah Choi 1.8.13-1 -- Initial build. First version +* Wed Nov 18 2020 Pawel Winogrodzki - 1.14.0-3 +- Adding 'BuildRequires' on 'python', 'shadow-utils' and 'sudo' to fix the package tests. + +* Thu Jun 11 2020 Henry Beberman - 1.14.0-2 +- Add -Wformat to fix the build because -Werror=format-security is enabled. + +* Tue Jun 09 2020 Andrew Phelps - 1.14.0-1 +- Update to 1.14.0 to fix: CVE-2019-0203, CVE-2018-11782, CVE-2018-11803 + +* Sat May 09 2020 Nick Samson - 1.10.2-7 +- Added %%license line automatically + +* Mon Apr 13 2020 Emre Girgin - 1.10.2-6 +- Rename serf to libserf. +- Update Source0 and URL to use https. Update License. License verified. + +* Tue Sep 03 2019 Mateusz Malisz - 1.10.2-5 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Tue Mar 05 2019 Siju Maliakkal - 1.10.2-4 +- Excluding conflicting perllocal.pod + +* Tue Oct 02 2018 Siju Maliakkal - 1.10.2-3 +- Added Perl bindings + +* Fri Sep 21 2018 Ankit Jain - 1.10.2-2 +- Added utf8proc as Requires. + +* Wed Sep 19 2018 Ankit Jain - 1.10.2-1 +- Updated to version 1.10.2 + +* Mon Jan 22 2018 Xiaolin Li - 1.9.7-2 +- Compile subversion with https repository access module support + +* Mon Aug 28 2017 Xiaolin Li - 1.9.7-1 +- Update to version 1.9.7. + +* Thu Jun 15 2017 Xiaolin Li - 1.9.5-2 +- Fix make check issues. + +* Wed Apr 12 2017 Vinay Kulkarni - 1.9.5-1 +- Update to version 1.9.5 + +* Tue Dec 27 2016 Xiaolin Li - 1.9.4-2 +- Moved pkgconfig/*.pc to devel subpackage. + +* Wed Nov 23 2016 Harish Udaiya Kumar - 1.9.4-1 +- Upgraded to version 1.9.4, fixes CVE-2016-2167 CVE-2016-2168 + +* Wed Nov 16 2016 Alexey Makhalov - 1.9.3-8 +- Use sqlite-{devel,libs} + +* Mon Oct 10 2016 ChangLee - 1.9.3-7 +- Modified %check + +* Tue May 24 2016 Priyesh Padmavilasom - 1.9.3-6 +- GA - Bump release of all rpms + +* Tue Feb 23 2016 Xiaolin Li - 1.9.3-1 +- Updated to version 1.9.3 + +* Tue Nov 10 2015 Xiaolin Li - 1.8.13-5 +- Handled locale files with macro find_lang + +* Tue Sep 22 2015 Harish Udaiya Kumar - 1.8.13-4 +- Updated build-requires after creating devel package for apr. + +* Mon Sep 21 2015 Xiaolin Li - 1.8.13-3 +- Move .a, and .so files to devel pkg. + +* Tue Sep 08 2015 Vinay Kulkarni - 1.8.13-2 +- Move headers into devel pkg. + +* Fri Jun 26 2015 Sarah Choi - 1.8.13-1 +- Initial build. First version From 20ad7ea04488aa2b47469d682afff342fd268344 Mon Sep 17 00:00:00 2001 From: Andrew Phelps Date: Fri, 20 Nov 2020 10:50:34 -0800 Subject: [PATCH 140/145] Fix check tests for json-c, libmodulemd, libpwquality (#405) * fix tests * update manifests * fix typo --- SPECS/json-c/json-c.spec | 7 +++++-- SPECS/libmodulemd/libmodulemd.spec | 5 ++++- SPECS/libpwquality/libpwquality.spec | 8 ++++---- .../manifests/package/toolchain_aarch64.txt | 14 +++++++------- .../manifests/package/toolchain_x86_64.txt | 14 +++++++------- 5 files changed, 27 insertions(+), 21 deletions(-) diff --git a/SPECS/json-c/json-c.spec b/SPECS/json-c/json-c.spec index 0806fc32567..b7b27c9e6d6 100644 --- a/SPECS/json-c/json-c.spec +++ b/SPECS/json-c/json-c.spec @@ -1,7 +1,7 @@ Summary: A JSON implementation in C Name: json-c Version: 0.14 -Release: 2%{?dist} +Release: 3%{?dist} License: MIT Group: System Environment/Base Vendor: Microsoft Corporation @@ -42,7 +42,8 @@ make DESTDIR=%{buildroot} install -C build rm -r %{buildroot}%{_libdir}/cmake/%{name} %check -make %{?_smp_mflags} check -C build +cd build/tests +make %{?_smp_mflags} test %post -p /sbin/ldconfig %postun -p /sbin/ldconfig @@ -59,6 +60,8 @@ make %{?_smp_mflags} check -C build %{_libdir}/pkgconfig/%{name}.pc %changelog +* Thu Nov 19 2020 Andrew Phelps 0.14-3 +- Fix check tests * Tue Aug 04 2020 Henry Beberman 0.14-2 - Add a patch to fix a bug introduced by CVE-2020-12762.patch * Mon Jun 08 2020 Pawel Winogrodzki 0.14-1 diff --git a/SPECS/libmodulemd/libmodulemd.spec b/SPECS/libmodulemd/libmodulemd.spec index 2dfdf4a5ddf..61aca9f76fb 100644 --- a/SPECS/libmodulemd/libmodulemd.spec +++ b/SPECS/libmodulemd/libmodulemd.spec @@ -3,7 +3,7 @@ Summary: Module manipulating metadata files Name: libmodulemd Version: 2.5.0 -Release: 3%{?dist} +Release: 4%{?dist} License: MIT URL: https://github.com/fedora-modularity/libmodulemd Source0: https://github.com/fedora-modularity/libmodulemd/releases/download/%{name}-%{version}/modulemd-%{version}.tar.xz @@ -43,6 +43,7 @@ cd api1 ninja %check +export LC_CTYPE=C.utf8 cd api1 ninja test @@ -69,6 +70,8 @@ DESTDIR=%{buildroot}/ ninja install %{_includedir}/modulemd/* %changelog +* Thu Nov 19 2020 Andrew Phelps 2.5.0-4 +- Fix check test. * Sat May 09 2020 Nick Samson 2.5.0-3 - Added %%license line automatically * Tue Apr 07 2020 Nicolas Ontiveros 2.5.0-2 diff --git a/SPECS/libpwquality/libpwquality.spec b/SPECS/libpwquality/libpwquality.spec index 4da87a03de0..17d8840a5da 100644 --- a/SPECS/libpwquality/libpwquality.spec +++ b/SPECS/libpwquality/libpwquality.spec @@ -3,7 +3,7 @@ Summary: A library for password generation and password quality checking Name: libpwquality Version: 1.4.2 -Release: 4%{?dist} +Release: 5%{?dist} Vendor: Microsoft Corporation Distribution: Mariner URL: https://github.com/libpwquality/libpwquality/ @@ -84,9 +84,6 @@ mkdir $RPM_BUILD_ROOT%{_secconfdir}/pwquality.conf.d %find_lang libpwquality -%check -# Nothing yet - %ldconfig_scriptlets %files -f libpwquality.lang @@ -114,6 +111,9 @@ mkdir $RPM_BUILD_ROOT%{_secconfdir}/pwquality.conf.d %{python3_sitearch}/*.egg-info %changelog +* Thu Nov 19 2020 Andrew Phelps 1.4.2-5 +- Remove empty check section. + * Mon Jun 29 2020 Paul Monson 1.4.2-4 - Only create python3 symbolic link if /usr/bin/python3 does not exist. diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index daf997c43fa..93a650c1c45 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -140,9 +140,9 @@ gzip-debuginfo-1.9-5.cm1.aarch64.rpm integritysetup-2.3.3-2.cm1.aarch64.rpm intltool-0.51.0-7.cm1.noarch.rpm itstool-2.0.6-3.cm1.noarch.rpm -json-c-0.14-2.cm1.aarch64.rpm -json-c-debuginfo-0.14-2.cm1.aarch64.rpm -json-c-devel-0.14-2.cm1.aarch64.rpm +json-c-0.14-3.cm1.aarch64.rpm +json-c-debuginfo-0.14-3.cm1.aarch64.rpm +json-c-devel-0.14-3.cm1.aarch64.rpm kbd-2.0.4-5.cm1.aarch64.rpm kbd-debuginfo-2.0.4-5.cm1.aarch64.rpm kernel-headers-5.4.72-1.cm1.noarch.rpm @@ -192,9 +192,9 @@ libmpc-debuginfo-1.1.0-5.cm1.aarch64.rpm libpipeline-1.5.0-3.cm1.aarch64.rpm libpipeline-debuginfo-1.5.0-3.cm1.aarch64.rpm libpipeline-devel-1.5.0-3.cm1.aarch64.rpm -libpwquality-1.4.2-4.cm1.aarch64.rpm -libpwquality-debuginfo-1.4.2-4.cm1.aarch64.rpm -libpwquality-devel-1.4.2-4.cm1.aarch64.rpm +libpwquality-1.4.2-5.cm1.aarch64.rpm +libpwquality-debuginfo-1.4.2-5.cm1.aarch64.rpm +libpwquality-devel-1.4.2-5.cm1.aarch64.rpm libselinux-2.9-3.cm1.aarch64.rpm libselinux-debuginfo-2.9-3.cm1.aarch64.rpm libselinux-devel-2.9-3.cm1.aarch64.rpm @@ -325,7 +325,7 @@ python2-tools-2.7.18-5.cm1.aarch64.rpm python3-cracklib-2.9.7-2.cm1.aarch64.rpm python3-gpg-1.13.1-6.cm1.aarch64.rpm python3-libxml2-2.9.10-3.cm1.aarch64.rpm -python3-pwquality-1.4.2-4.cm1.aarch64.rpm +python3-pwquality-1.4.2-5.cm1.aarch64.rpm python3-rpm-4.14.2-10.cm1.aarch64.rpm python-curses-2.7.18-5.cm1.aarch64.rpm python-gpg-1.13.1-6.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index c41cde7720f..6295aba4654 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -140,9 +140,9 @@ gzip-debuginfo-1.9-5.cm1.x86_64.rpm integritysetup-2.3.3-2.cm1.x86_64.rpm intltool-0.51.0-7.cm1.noarch.rpm itstool-2.0.6-3.cm1.noarch.rpm -json-c-0.14-2.cm1.x86_64.rpm -json-c-debuginfo-0.14-2.cm1.x86_64.rpm -json-c-devel-0.14-2.cm1.x86_64.rpm +json-c-0.14-3.cm1.x86_64.rpm +json-c-debuginfo-0.14-3.cm1.x86_64.rpm +json-c-devel-0.14-3.cm1.x86_64.rpm kbd-2.0.4-5.cm1.x86_64.rpm kbd-debuginfo-2.0.4-5.cm1.x86_64.rpm kernel-headers-5.4.72-1.cm1.noarch.rpm @@ -192,9 +192,9 @@ libmpc-debuginfo-1.1.0-5.cm1.x86_64.rpm libpipeline-1.5.0-3.cm1.x86_64.rpm libpipeline-debuginfo-1.5.0-3.cm1.x86_64.rpm libpipeline-devel-1.5.0-3.cm1.x86_64.rpm -libpwquality-1.4.2-4.cm1.x86_64.rpm -libpwquality-debuginfo-1.4.2-4.cm1.x86_64.rpm -libpwquality-devel-1.4.2-4.cm1.x86_64.rpm +libpwquality-1.4.2-5.cm1.x86_64.rpm +libpwquality-debuginfo-1.4.2-5.cm1.x86_64.rpm +libpwquality-devel-1.4.2-5.cm1.x86_64.rpm libselinux-2.9-3.cm1.x86_64.rpm libselinux-debuginfo-2.9-3.cm1.x86_64.rpm libselinux-devel-2.9-3.cm1.x86_64.rpm @@ -325,7 +325,7 @@ python2-tools-2.7.18-5.cm1.x86_64.rpm python3-cracklib-2.9.7-2.cm1.x86_64.rpm python3-gpg-1.13.1-6.cm1.x86_64.rpm python3-libxml2-2.9.10-3.cm1.x86_64.rpm -python3-pwquality-1.4.2-4.cm1.x86_64.rpm +python3-pwquality-1.4.2-5.cm1.x86_64.rpm python3-rpm-4.14.2-10.cm1.x86_64.rpm python-curses-2.7.18-5.cm1.x86_64.rpm python-gpg-1.13.1-6.cm1.x86_64.rpm From 7da42bf31f0202d9aec946d11032817d27afc9e1 Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Fri, 20 Nov 2020 15:21:07 -0800 Subject: [PATCH 141/145] Fix qemu CVE-2018-12617 (#399) * Fix qemu CVE-2018-12617 --- SPECS/qemu-kvm/CVE-2018-12617.patch | 386 ++++++++++++++++++++++++++++ SPECS/qemu-kvm/qemu-kvm.spec | 7 +- 2 files changed, 392 insertions(+), 1 deletion(-) create mode 100644 SPECS/qemu-kvm/CVE-2018-12617.patch diff --git a/SPECS/qemu-kvm/CVE-2018-12617.patch b/SPECS/qemu-kvm/CVE-2018-12617.patch new file mode 100644 index 00000000000..ca0d3a3e4e4 --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2018-12617.patch @@ -0,0 +1,386 @@ +From a528fc1f446cdfb2ff648d1c0bfa0348e36cdfe2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Tue, 14 Apr 2020 15:30:42 +0200 +Subject: [PATCH 1/3] qga: Extract guest_file_handle_find() to + commands-common.h +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +As we are going to reuse this method, declare it in common +header. + +Signed-off-by: Philippe Mathieu-Daudé +Signed-off-by: Michael Roth + +Backported upstream commit 5d3586b834633c8ac462d4741b85b4036cbc0f93 +--- + qga/commands-common.h | 18 ++++++++++++++++++ + qga/commands-posix.c | 7 ++++--- + qga/commands-win32.c | 7 ++++--- + 3 files changed, 26 insertions(+), 6 deletions(-) + create mode 100644 qga/commands-common.h + +diff --git a/qga/commands-common.h b/qga/commands-common.h +new file mode 100644 +index 00000000..af90e548 +--- /dev/null ++++ b/qga/commands-common.h +@@ -0,0 +1,18 @@ ++/* ++ * QEMU Guest Agent common/cross-platform common commands ++ * ++ * Copyright (c) 2020 Red Hat, Inc. ++ * ++ * This work is licensed under the terms of the GNU GPL, version 2 or later. ++ * See the COPYING file in the top-level directory. ++ */ ++#ifndef QGA_COMMANDS_COMMON_H ++#define QGA_COMMANDS_COMMON_H ++ ++#include "qga-qapi-types.h" ++ ++typedef struct GuestFileHandle GuestFileHandle; ++ ++GuestFileHandle *guest_file_handle_find(int64_t id, Error **errp); ++ ++#endif +diff --git a/qga/commands-posix.c b/qga/commands-posix.c +index 1c1a165d..6aa68033 100644 +--- a/qga/commands-posix.c ++++ b/qga/commands-posix.c +@@ -26,6 +26,7 @@ + #include "qemu/sockets.h" + #include "qemu/base64.h" + #include "qemu/cutils.h" ++#include "commands-common.h" + + #ifdef HAVE_UTMPX + #include +@@ -226,12 +227,12 @@ typedef enum { + RW_STATE_WRITING, + } RwState; + +-typedef struct GuestFileHandle { ++struct GuestFileHandle { + uint64_t id; + FILE *fh; + RwState state; + QTAILQ_ENTRY(GuestFileHandle) next; +-} GuestFileHandle; ++}; + + static struct { + QTAILQ_HEAD(, GuestFileHandle) filehandles; +@@ -257,7 +258,7 @@ static int64_t guest_file_handle_add(FILE *fh, Error **errp) + return handle; + } + +-static GuestFileHandle *guest_file_handle_find(int64_t id, Error **errp) ++GuestFileHandle *guest_file_handle_find(int64_t id, Error **errp) + { + GuestFileHandle *gfh; + +diff --git a/qga/commands-win32.c b/qga/commands-win32.c +index 55ba5b26..b0f90e34 100644 +--- a/qga/commands-win32.c ++++ b/qga/commands-win32.c +@@ -37,6 +37,7 @@ + #include "qemu/queue.h" + #include "qemu/host-utils.h" + #include "qemu/base64.h" ++#include "commands-common.h" + + #ifndef SHTDN_REASON_FLAG_PLANNED + #define SHTDN_REASON_FLAG_PLANNED 0x80000000 +@@ -50,11 +51,11 @@ + + #define INVALID_SET_FILE_POINTER ((DWORD)-1) + +-typedef struct GuestFileHandle { ++struct GuestFileHandle { + int64_t id; + HANDLE fh; + QTAILQ_ENTRY(GuestFileHandle) next; +-} GuestFileHandle; ++}; + + static struct { + QTAILQ_HEAD(, GuestFileHandle) filehandles; +@@ -126,7 +127,7 @@ static int64_t guest_file_handle_add(HANDLE fh, Error **errp) + return handle; + } + +-static GuestFileHandle *guest_file_handle_find(int64_t id, Error **errp) ++GuestFileHandle *guest_file_handle_find(int64_t id, Error **errp) + { + GuestFileHandle *gfh; + QTAILQ_FOREACH(gfh, &guest_file_state.filehandles, next) { +-- +2.17.1 + + +From 352427fe776b7925c481fd1febbf9c95ae4f7c50 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Tue, 14 Apr 2020 15:30:43 +0200 +Subject: [PATCH 2/3] qga: Extract qmp_guest_file_read() to common commands.c +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Extract the common code shared by both POSIX/Win32 implementations. + +Signed-off-by: Philippe Mathieu-Daudé +Signed-off-by: Michael Roth + +Backported upstream commit ead83a136d54f7faa315922aff26fa11d216909f +Modified to apply to Mariner 4.2.0 by: Daniel McIlvaney +--- + qga/commands-common.h | 3 +++ + qga/commands-posix.c | 22 +++------------------- + qga/commands-win32.c | 20 +++----------------- + qga/commands.c | 26 ++++++++++++++++++++++++++ + 4 files changed, 35 insertions(+), 36 deletions(-) + +diff --git a/qga/commands-common.h b/qga/commands-common.h +index af90e548..90785ed4 100644 +--- a/qga/commands-common.h ++++ b/qga/commands-common.h +@@ -15,4 +15,7 @@ typedef struct GuestFileHandle GuestFileHandle; + + GuestFileHandle *guest_file_handle_find(int64_t id, Error **errp); + ++GuestFileRead *guest_file_read_unsafe(GuestFileHandle *gfh, ++ int64_t count, Error **errp); ++ + #endif +diff --git a/qga/commands-posix.c b/qga/commands-posix.c +index 6aa68033..c443da08 100644 +--- a/qga/commands-posix.c ++++ b/qga/commands-posix.c +@@ -450,29 +450,14 @@ void qmp_guest_file_close(int64_t handle, Error **errp) + g_free(gfh); + } + +-struct GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count, +- int64_t count, Error **errp) ++GuestFileRead *guest_file_read_unsafe(GuestFileHandle *gfh, ++ int64_t count, Error **errp) + { +- GuestFileHandle *gfh = guest_file_handle_find(handle, errp); + GuestFileRead *read_data = NULL; + guchar *buf; +- FILE *fh; ++ FILE *fh = gfh->fh; + size_t read_count; + +- if (!gfh) { +- return NULL; +- } +- +- if (!has_count) { +- count = QGA_READ_COUNT_DEFAULT; +- } else if (count < 0 || count >= UINT32_MAX) { +- error_setg(errp, "value '%" PRId64 "' is invalid for argument count", +- count); +- return NULL; +- } +- +- fh = gfh->fh; +- + /* explicitly flush when switching from writing to reading */ + if (gfh->state == RW_STATE_WRITING) { + int ret = fflush(fh); +@@ -487,7 +472,6 @@ struct GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count, + read_count = fread(buf, 1, count, fh); + if (ferror(fh)) { + error_setg_errno(errp, errno, "failed to read file"); +- slog("guest-file-read failed, handle: %" PRId64, handle); + } else { + buf[read_count] = 0; + read_data = g_new0(GuestFileRead, 1); +diff --git a/qga/commands-win32.c b/qga/commands-win32.c +index b0f90e34..42c3b639 100644 +--- a/qga/commands-win32.c ++++ b/qga/commands-win32.c +@@ -321,33 +321,19 @@ void qmp_guest_shutdown(bool has_mode, const char *mode, Error **errp) + } + } + +-GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count, +- int64_t count, Error **errp) ++GuestFileRead *guest_file_read_unsafe(GuestFileHandle *gfh, ++ int64_t count, Error **errp) + { + GuestFileRead *read_data = NULL; + guchar *buf; +- HANDLE fh; ++ HANDLE fh = gfh->fh; + bool is_ok; + DWORD read_count; +- GuestFileHandle *gfh = guest_file_handle_find(handle, errp); +- +- if (!gfh) { +- return NULL; +- } +- if (!has_count) { +- count = QGA_READ_COUNT_DEFAULT; +- } else if (count < 0 || count >= UINT32_MAX) { +- error_setg(errp, "value '%" PRId64 +- "' is invalid for argument count", count); +- return NULL; +- } + +- fh = gfh->fh; + buf = g_malloc0(count+1); + is_ok = ReadFile(fh, buf, count, &read_count, NULL); + if (!is_ok) { + error_setg_win32(errp, GetLastError(), "failed to read file"); +- slog("guest-file-read failed, handle %" PRId64, handle); + } else { + buf[read_count] = 0; + read_data = g_new0(GuestFileRead, 1); +diff --git a/qga/commands.c b/qga/commands.c +index 0c7d1385..73bf92ea 100644 +--- a/qga/commands.c ++++ b/qga/commands.c +@@ -18,6 +18,7 @@ + #include "qemu/base64.h" + #include "qemu/cutils.h" + #include "qemu/atomic.h" ++#include "commands-common.h" + + /* Maximum captured guest-exec out_data/err_data - 16MB */ + #define GUEST_EXEC_MAX_OUTPUT (16*1024*1024) +@@ -542,3 +543,28 @@ error: + g_free(info); + return NULL; + } ++ ++GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count, ++ int64_t count, Error **errp) ++{ ++ GuestFileHandle *gfh = guest_file_handle_find(handle, errp); ++ GuestFileRead *read_data; ++ ++ if (!gfh) { ++ return NULL; ++ } ++ if (!has_count) { ++ count = QGA_READ_COUNT_DEFAULT; ++ } else if (count < 0 || count >= UINT32_MAX) { ++ error_setg(errp, "value '%" PRId64 "' is invalid for argument count", ++ count); ++ return NULL; ++ } ++ ++ read_data = guest_file_read_unsafe(gfh, count, errp); ++ if (!read_data) { ++ slog("guest-file-write failed, handle: %" PRId64, handle); ++ } ++ ++ return read_data; ++} +-- +2.17.1 + + +From 7b645bdf29f4fe0367956906b9f15b268c4cf574 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Tue, 14 Apr 2020 15:30:44 +0200 +Subject: [PATCH 3/3] qga: Restrict guest-file-read count to 48 MB to avoid + crashes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +On [*] Daniel Berrangé commented: + + The QEMU guest agent protocol is not sensible way to access huge + files inside the guest. It requires the inefficient process of + reading the entire data into memory than duplicating it again in + base64 format, and then copying it again in the JSON serializer / + monitor code. + + For arbitrary general purpose file access, especially for large + files, use a real file transfer program or use a network block + device, not the QEMU guest agent. + +To avoid bug reports as BZ#1594054 (CVE-2018-12617), follow his +suggestion to put a low, hard limit on "count" in the guest agent +QAPI schema, and don't allow count to be larger than 48 MB. + +[*] https://www.mail-archive.com/qemu-devel@nongnu.org/msg693176.html + +Fixes: CVE-2018-12617 +Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1594054 +Reported-by: Fakhri Zulkifli +Suggested-by: Daniel P. Berrangé +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Daniel P. Berrangé +*update schema documentation to indicate 48MB limit instead of 10MB +Signed-off-by: Michael Roth + +Backported upstream commit 1329651fb4d4c5068ad12fd86aff7e52f9e18c34 +--- + qga/commands.c | 9 ++++++++- + qga/qapi-schema.json | 6 ++++-- + 2 files changed, 12 insertions(+), 3 deletions(-) + +diff --git a/qga/commands.c b/qga/commands.c +index 73bf92ea..d840c3e1 100644 +--- a/qga/commands.c ++++ b/qga/commands.c +@@ -11,6 +11,7 @@ + */ + + #include "qemu/osdep.h" ++#include "qemu/units.h" + #include "guest-agent-core.h" + #include "qga-qapi-commands.h" + #include "qapi/error.h" +@@ -24,6 +25,12 @@ + #define GUEST_EXEC_MAX_OUTPUT (16*1024*1024) + /* Allocation and I/O buffer for reading guest-exec out_data/err_data - 4KB */ + #define GUEST_EXEC_IO_SIZE (4*1024) ++/* ++ * Maximum file size to read - 48MB ++ * ++ * (48MB + Base64 3:4 overhead = JSON parser 64 MB limit) ++ */ ++#define GUEST_FILE_READ_COUNT_MAX (48 * MiB) + + /* Note: in some situations, like with the fsfreeze, logging may be + * temporarilly disabled. if it is necessary that a command be able +@@ -555,7 +562,7 @@ GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count, + } + if (!has_count) { + count = QGA_READ_COUNT_DEFAULT; +- } else if (count < 0 || count >= UINT32_MAX) { ++ } else if (count < 0 || count > GUEST_FILE_READ_COUNT_MAX) { + error_setg(errp, "value '%" PRId64 "' is invalid for argument count", + count); + return NULL; +diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json +index fb4605cc..e4cecda6 100644 +--- a/qga/qapi-schema.json ++++ b/qga/qapi-schema.json +@@ -266,11 +266,13 @@ + ## + # @guest-file-read: + # +-# Read from an open file in the guest. Data will be base64-encoded ++# Read from an open file in the guest. Data will be base64-encoded. ++# As this command is just for limited, ad-hoc debugging, such as log ++# file access, the number of bytes to read is limited to 48 MB. + # + # @handle: filehandle returned by guest-file-open + # +-# @count: maximum number of bytes to read (default is 4KB) ++# @count: maximum number of bytes to read (default is 4KB, maximum is 48MB) + # + # Returns: @GuestFileRead on success. + # +-- +2.17.1 + diff --git a/SPECS/qemu-kvm/qemu-kvm.spec b/SPECS/qemu-kvm/qemu-kvm.spec index 1dc1ee107e4..61cc8351bd8 100644 --- a/SPECS/qemu-kvm/qemu-kvm.spec +++ b/SPECS/qemu-kvm/qemu-kvm.spec @@ -1,7 +1,7 @@ Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 4.2.0 -Release: 20%{?dist} +Release: 21%{?dist} License: GPLv2 AND GPLv2+ AND CC-BY AND BSD Vendor: Microsoft Corporation Distribution: Mariner @@ -41,6 +41,7 @@ Patch23: CVE-2020-15469.patch Patch24: CVE-2020-24352.patch # CVE-2020-12820 only affects powerpc and SuperH emulation (see .nopatch file for details). Resloved fully in qemu >=5.0.0 Patch25: CVE-2020-12829.nopatch +Patch26: CVE-2018-12617.patch BuildRequires: alsa-lib-devel BuildRequires: glib-devel BuildRequires: pixman-devel @@ -91,6 +92,7 @@ This package provides a command line tool for manipulating disk images. %patch22 -p1 %patch23 -p1 %patch24 -p1 +%patch26 -p1 %build @@ -151,6 +153,9 @@ chmod 755 %{buildroot}%{_bindir}/qemu %{_bindir}/qemu-nbd %changelog +* Tue Nov 17 2020 Daniel McIlvaney - 4.2.0-21 +- Backport fix for CVE-2018-12617 from 5.0.0 + * Mon Nov 16 2020 Daniel McIlvaney - 4.2.0-20 - Noatch CVE-2020-12829, only affects SuperH and PowerPC emulation From bda9ad6c01688f7ad402779e3a4e6113e84984ba Mon Sep 17 00:00:00 2001 From: nicolas guibourge Date: Fri, 20 Nov 2020 16:27:08 -0800 Subject: [PATCH 142/145] increment release number for CBL-Mariner November release (#409) * increment release number for CBL-Mariner November release * increment release number for CBL-Mariner November release * address PR comments --- SPECS/mariner-release/mariner-release.spec | 4 +++- toolkit/resources/manifests/package/pkggen_core_aarch64.txt | 2 +- toolkit/resources/manifests/package/pkggen_core_x86_64.txt | 2 +- toolkit/resources/manifests/package/toolchain_aarch64.txt | 2 +- toolkit/resources/manifests/package/toolchain_x86_64.txt | 2 +- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/SPECS/mariner-release/mariner-release.spec b/SPECS/mariner-release/mariner-release.spec index bd8ecebfdfb..808257af588 100644 --- a/SPECS/mariner-release/mariner-release.spec +++ b/SPECS/mariner-release/mariner-release.spec @@ -1,7 +1,7 @@ Summary: CBL-Mariner release files Name: mariner-release Version: 1.0 -Release: 10%{?dist} +Release: 11%{?dist} License: MIT Group: System Environment/Base URL: https://aka.ms/cbl-mariner @@ -67,6 +67,8 @@ rm -rf $RPM_BUILD_ROOT %config(noreplace) /etc/issue.net %changelog +* Fri Nov 20 2020 Nicolas Guibourge - 1.0-11 +- Updating version for November update * Sat Oct 24 2020 Jon Slobodzian - 1.0-10 - Updating version for October update * Fri Sep 04 2020 Mateusz Malisz - 1.0-9 diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 5684c82fc2a..7fd8c71c1e5 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -58,7 +58,7 @@ findutils-lang-4.6.0-7.cm1.aarch64.rpm gettext-0.19.8.1-3.cm1.aarch64.rpm gzip-1.9-5.cm1.aarch64.rpm make-4.2.1-5.cm1.aarch64.rpm -mariner-release-1.0-10.cm1.noarch.rpm +mariner-release-1.0-11.cm1.noarch.rpm patch-2.7.6-7.cm1.aarch64.rpm util-linux-2.32.1-3.cm1.aarch64.rpm util-linux-devel-2.32.1-3.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 0bad15344dd..c73c1776d37 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -58,7 +58,7 @@ findutils-lang-4.6.0-7.cm1.x86_64.rpm gettext-0.19.8.1-3.cm1.x86_64.rpm gzip-1.9-5.cm1.x86_64.rpm make-4.2.1-5.cm1.x86_64.rpm -mariner-release-1.0-10.cm1.noarch.rpm +mariner-release-1.0-11.cm1.noarch.rpm patch-2.7.6-7.cm1.x86_64.rpm util-linux-2.32.1-3.cm1.x86_64.rpm util-linux-devel-2.32.1-3.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 93a650c1c45..fbc93a877d7 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -237,7 +237,7 @@ m4-debuginfo-1.4.18-4.cm1.aarch64.rpm make-4.2.1-5.cm1.aarch64.rpm make-debuginfo-4.2.1-5.cm1.aarch64.rpm mariner-check-macros-1.0-3.cm1.noarch.rpm -mariner-release-1.0-10.cm1.noarch.rpm +mariner-release-1.0-11.cm1.noarch.rpm mariner-repos-1.0-11.cm1.noarch.rpm mariner-repos-preview-1.0-11.cm1.noarch.rpm mariner-rpm-macros-1.0-3.cm1.noarch.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 6295aba4654..fa42a39c435 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -237,7 +237,7 @@ m4-debuginfo-1.4.18-4.cm1.x86_64.rpm make-4.2.1-5.cm1.x86_64.rpm make-debuginfo-4.2.1-5.cm1.x86_64.rpm mariner-check-macros-1.0-3.cm1.noarch.rpm -mariner-release-1.0-10.cm1.noarch.rpm +mariner-release-1.0-11.cm1.noarch.rpm mariner-repos-1.0-11.cm1.noarch.rpm mariner-repos-preview-1.0-11.cm1.noarch.rpm mariner-rpm-macros-1.0-3.cm1.noarch.rpm From 3b433a900c1ec05dbb544a8b8138a2ce1e8e8fcb Mon Sep 17 00:00:00 2001 From: Thomas Crain Date: Sun, 22 Nov 2020 07:30:29 -0800 Subject: [PATCH 143/145] Remove instances of %ldconfig_scriptlets in specs (#412) --- SPECS/cpprest/cpprest.spec | 9 ++++- SPECS/libpwquality/libpwquality.spec | 11 +++-- SPECS/libxcrypt/libxcrypt.spec | 40 +++++++++++-------- .../manifests/package/toolchain_aarch64.txt | 8 ++-- .../manifests/package/toolchain_x86_64.txt | 8 ++-- 5 files changed, 47 insertions(+), 29 deletions(-) diff --git a/SPECS/cpprest/cpprest.spec b/SPECS/cpprest/cpprest.spec index e89f3a98e42..500c16939a9 100644 --- a/SPECS/cpprest/cpprest.spec +++ b/SPECS/cpprest/cpprest.spec @@ -3,7 +3,7 @@ Name: cpprest Version: 2.10.14 -Release: 4%{?dist} +Release: 5%{?dist} Summary: C++ REST library Group: Applications/File License: MIT @@ -73,7 +73,9 @@ cd Release/build.release cd Release/build.release/Binaries ./test_runner *_test.so ||: -%ldconfig_scriptlets +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig %files %doc CONTRIBUTORS.txt @@ -89,6 +91,9 @@ cd Release/build.release/Binaries %changelog +* Sat Nov 21 2020 Thomas Crain - 2.10.14-5 +- Replace %%ldconfig_scriptlets with actual post/postun sections + * Tue Mar 31 2020 Paul Monson 2.10.14-4 - Fix Source0 URL. License verified. diff --git a/SPECS/libpwquality/libpwquality.spec b/SPECS/libpwquality/libpwquality.spec index 17d8840a5da..cf923193fac 100644 --- a/SPECS/libpwquality/libpwquality.spec +++ b/SPECS/libpwquality/libpwquality.spec @@ -3,7 +3,7 @@ Summary: A library for password generation and password quality checking Name: libpwquality Version: 1.4.2 -Release: 5%{?dist} +Release: 6%{?dist} Vendor: Microsoft Corporation Distribution: Mariner URL: https://github.com/libpwquality/libpwquality/ @@ -84,7 +84,9 @@ mkdir $RPM_BUILD_ROOT%{_secconfdir}/pwquality.conf.d %find_lang libpwquality -%ldconfig_scriptlets +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig %files -f libpwquality.lang %{!?_licensedir:%global license %%doc} @@ -111,6 +113,9 @@ mkdir $RPM_BUILD_ROOT%{_secconfdir}/pwquality.conf.d %{python3_sitearch}/*.egg-info %changelog +* Sat Nov 21 2020 Thomas Crain - 1.4.2-6 +- Replace %%ldconfig_scriptlets with actual post/postun sections + * Thu Nov 19 2020 Andrew Phelps 1.4.2-5 - Remove empty check section. @@ -211,4 +216,4 @@ mkdir $RPM_BUILD_ROOT%{_secconfdir}/pwquality.conf.d License field, Source URL, Require pam, other cleanups) * Mon Oct 3 2011 Tomas Mraz 0.9-1 -- first spec file for libpwquality \ No newline at end of file +- first spec file for libpwquality diff --git a/SPECS/libxcrypt/libxcrypt.spec b/SPECS/libxcrypt/libxcrypt.spec index 37f0a88d2cb..254799d073c 100644 --- a/SPECS/libxcrypt/libxcrypt.spec +++ b/SPECS/libxcrypt/libxcrypt.spec @@ -102,7 +102,7 @@ Summary: Extended crypt library for descrypt, md5crypt, bcrypt, and others Name: libxcrypt Version: 4.4.17 -Release: 2%{?dist} +Release: 3%{?dist} # For explicit license breakdown, see the # LICENSING file in the source tarball. License: LGPLv2+ AND BSD AND Public Domain @@ -344,10 +344,28 @@ for dir in ${build_dirs}; do } done +%if %{with override_glibc} +# This posttrans section is a stopgap to allow installing +# libxcrypt on a system that already has libcrypt from glibc. +# In a future release these will be removed and libxcrypt will be default. +%posttrans +rm %{_libdir}/libcrypt.so.1 +ln -s %{_libdir}/libxcrypt.so.%{sov} %{_libdir}/libcrypt.so.1 +%endif + +%post -p /sbin/ldconfig + +%postun +# See above comments about the %%posttrans section +%if %{with override_glibc} +rm %{_libdir}/libcrypt.so.1 +ln -s %{_libdir}/libcrypt-%{glibcversion}.so %{_libdir}/libcrypt.so.1 +%endif +/sbin/ldconfig -%ldconfig_scriptlets %if %{with compat_pkg} -%ldconfig_scriptlets compat +%post -n compat -p /sbin/ldconfig +%postun -n compat -p /sbin/ldconfig %endif @@ -377,19 +395,6 @@ done %{_mandir}/man5/crypt.5* -%if %{with override_glibc} -# These posttrans and postun sections are stopgaps to allow installing -# libxcrypt on a system that already has libcrypt from glibc. -# In a future release these will be removed and libxcrypt will be default. -%posttrans -rm %{_libdir}/libcrypt.so.1 -ln -s %{_libdir}/libxcrypt.so.%{sov} %{_libdir}/libcrypt.so.1 - -%postun -rm %{_libdir}/libcrypt.so.1 -ln -s %{_libdir}/libcrypt-%{glibcversion}.so %{_libdir}/libcrypt.so.1 -%endif - %if %{with compat_pkg} %files compat #%dir %{_fipsdir} @@ -447,6 +452,9 @@ ln -s %{_libdir}/libcrypt-%{glibcversion}.so %{_libdir}/libcrypt.so.1 %changelog +* Sat Nov 21 2020 Thomas Crain - 4.4.17-3 +- Replace %%ldconfig_scriptlets with actual post/postun sections + * Wed Oct 21 2020 Henry Beberman - 4.4.17-2 - Initial CBL-Mariner import from Fedora 31 (license: MIT). - Remove dependency on fipscheck diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index fbc93a877d7..f3b7fc5f40b 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -192,9 +192,9 @@ libmpc-debuginfo-1.1.0-5.cm1.aarch64.rpm libpipeline-1.5.0-3.cm1.aarch64.rpm libpipeline-debuginfo-1.5.0-3.cm1.aarch64.rpm libpipeline-devel-1.5.0-3.cm1.aarch64.rpm -libpwquality-1.4.2-5.cm1.aarch64.rpm -libpwquality-debuginfo-1.4.2-5.cm1.aarch64.rpm -libpwquality-devel-1.4.2-5.cm1.aarch64.rpm +libpwquality-1.4.2-6.cm1.aarch64.rpm +libpwquality-debuginfo-1.4.2-6.cm1.aarch64.rpm +libpwquality-devel-1.4.2-6.cm1.aarch64.rpm libselinux-2.9-3.cm1.aarch64.rpm libselinux-debuginfo-2.9-3.cm1.aarch64.rpm libselinux-devel-2.9-3.cm1.aarch64.rpm @@ -325,7 +325,7 @@ python2-tools-2.7.18-5.cm1.aarch64.rpm python3-cracklib-2.9.7-2.cm1.aarch64.rpm python3-gpg-1.13.1-6.cm1.aarch64.rpm python3-libxml2-2.9.10-3.cm1.aarch64.rpm -python3-pwquality-1.4.2-5.cm1.aarch64.rpm +python3-pwquality-1.4.2-6.cm1.aarch64.rpm python3-rpm-4.14.2-10.cm1.aarch64.rpm python-curses-2.7.18-5.cm1.aarch64.rpm python-gpg-1.13.1-6.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index fa42a39c435..e4437b45bfc 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -192,9 +192,9 @@ libmpc-debuginfo-1.1.0-5.cm1.x86_64.rpm libpipeline-1.5.0-3.cm1.x86_64.rpm libpipeline-debuginfo-1.5.0-3.cm1.x86_64.rpm libpipeline-devel-1.5.0-3.cm1.x86_64.rpm -libpwquality-1.4.2-5.cm1.x86_64.rpm -libpwquality-debuginfo-1.4.2-5.cm1.x86_64.rpm -libpwquality-devel-1.4.2-5.cm1.x86_64.rpm +libpwquality-1.4.2-6.cm1.x86_64.rpm +libpwquality-debuginfo-1.4.2-6.cm1.x86_64.rpm +libpwquality-devel-1.4.2-6.cm1.x86_64.rpm libselinux-2.9-3.cm1.x86_64.rpm libselinux-debuginfo-2.9-3.cm1.x86_64.rpm libselinux-devel-2.9-3.cm1.x86_64.rpm @@ -325,7 +325,7 @@ python2-tools-2.7.18-5.cm1.x86_64.rpm python3-cracklib-2.9.7-2.cm1.x86_64.rpm python3-gpg-1.13.1-6.cm1.x86_64.rpm python3-libxml2-2.9.10-3.cm1.x86_64.rpm -python3-pwquality-1.4.2-5.cm1.x86_64.rpm +python3-pwquality-1.4.2-6.cm1.x86_64.rpm python3-rpm-4.14.2-10.cm1.x86_64.rpm python-curses-2.7.18-5.cm1.x86_64.rpm python-gpg-1.13.1-6.cm1.x86_64.rpm From a26725d54327757344e1f074b752ade0359e6fe9 Mon Sep 17 00:00:00 2001 From: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com> Date: Mon, 23 Nov 2020 15:27:47 -0800 Subject: [PATCH 144/145] Update grub command line required to boot on some specific hardware SoCs (#384) * Update grub command line with inst.stage2 label CDROM * Update grub command line required to boot on some specific hardware SoCs Co-authored-by: schalam --- .../assets/isomaker/iso_root_static_files/boot/grub2/grub.cfg | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/toolkit/resources/assets/isomaker/iso_root_static_files/boot/grub2/grub.cfg b/toolkit/resources/assets/isomaker/iso_root_static_files/boot/grub2/grub.cfg index b1a738eee30..98d8356b4b8 100644 --- a/toolkit/resources/assets/isomaker/iso_root_static_files/boot/grub2/grub.cfg +++ b/toolkit/resources/assets/isomaker/iso_root_static_files/boot/grub2/grub.cfg @@ -1,7 +1,9 @@ set timeout=0 +# The use of mariner.media=CDROM is a workaround that our installer does not require +# but it is observed to be needed to boot on some hardware/SoCs. menuentry "CBL-Mariner" { search --label CDROM --set root - linux /isolinux/vmlinuz root=/dev/ram0 loglevel=3 + linux /isolinux/vmlinuz root=/dev/ram0 loglevel=3 mariner.media=CDROM initrd /isolinux/initrd.img } From 3525f42c392b844465c46beccda2a2bf289861ee Mon Sep 17 00:00:00 2001 From: Henry Beberman Date: Mon, 23 Nov 2020 16:48:59 -0800 Subject: [PATCH 145/145] Upgrade postgresql to 12.5 (#414) postgresql v12.5 resolves CVE-2020-25695 and CVE-2020-25694 --- SPECS/postgresql/postgresql.signatures.json | 2 +- SPECS/postgresql/postgresql.spec | 5 ++++- cgmanifest.json | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/SPECS/postgresql/postgresql.signatures.json b/SPECS/postgresql/postgresql.signatures.json index 3ba8c12ca6a..7ac4252f277 100644 --- a/SPECS/postgresql/postgresql.signatures.json +++ b/SPECS/postgresql/postgresql.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "postgresql-12.4.tar.bz2": "bee93fbe2c32f59419cb162bcc0145c58da9a8644ee154a30b9a5ce47de606cc" + "postgresql-12.5.tar.bz2": "bd0d25341d9578b5473c9506300022de26370879581f5fddd243a886ce79ff95" } } \ No newline at end of file diff --git a/SPECS/postgresql/postgresql.spec b/SPECS/postgresql/postgresql.spec index fbc8d6a74a5..4b9853f5aa9 100644 --- a/SPECS/postgresql/postgresql.spec +++ b/SPECS/postgresql/postgresql.spec @@ -1,6 +1,6 @@ Summary: PostgreSQL database engine Name: postgresql -Version: 12.4 +Version: 12.5 Release: 1%{?dist} License: PostgreSQL Vendor: Microsoft Corporation @@ -165,6 +165,9 @@ rm -rf %{buildroot}/* %{_libdir}/libpgtypes.a %changelog +* Mon Nov 23 2020 Henry Beberman - 12.5-1 +- Upgrading to 12.5 to fix CVE-2020-25695 and CVE-2020-25694. + * Tue Nov 03 2020 Pawel Winogrodzki - 12.4-1 - Upgrading to 12.4 to fix CVE-2020-14349 and CVE-2020-14350. diff --git a/cgmanifest.json b/cgmanifest.json index d83d070690c..5a062be51e9 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -4086,8 +4086,8 @@ "type": "other", "other": { "name": "postgresql", - "version": "12.4", - "downloadUrl": "https://ftp.postgresql.org/pub/source/v12.4/postgresql-12.4.tar.bz2" + "version": "12.5", + "downloadUrl": "https://ftp.postgresql.org/pub/source/v12.5/postgresql-12.5.tar.bz2" } } },