Merge branch 'fasttrack/3.0' into sammeluch/CVE-2024-43802

microsoft · Oct 17, 2024 · 5588fb5 · 5588fb5
2 parents a1da7d1 + a65729d
commit 5588fb5
Show file tree

Hide file tree

Showing 597 changed files with 27,479 additions and 6,096 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -62,7 +62,6 @@
 /SPECS/virtiofsd/* @microsoft/cbl-mariner-kata-containers
 
 /SPECS/cloud-hypervisor-cvm/* @microsoft/cbl-mariner-kata-containers
-/SPECS/hvloader/* @microsoft/cbl-mariner-kata-containers
 
 /SPECS/cloud-init/* @microsoft/cbl-mariner-provisioning
 /SPECS/walinuxagent/* @microsoft/cbl-mariner-provisioning

diff --git a/.pipelines/containerSourceData/busybox/Dockerfile-Busybox b/.pipelines/containerSourceData/busybox/Dockerfile-Busybox
@@ -33,8 +33,7 @@ RUN mkdir /staging \
     && pushd /staging \
     && rm -rf boot media mnt opt run \
     && rm -rf usr/lib/sysimage \
-    && rm -rf var/cache \
-    && rm -rf var/lib/rpm; \
+    && rm -rf var/cache; \
 	ln -vL /staging/usr/sbin/busybox /staging/bin/; \
 	chroot /staging /bin/busybox --install -s /bin
 

diff --git a/.pipelines/containerSourceData/scripts/BuildGoldenContainer.sh b/.pipelines/containerSourceData/scripts/BuildGoldenContainer.sh
@@ -58,7 +58,7 @@ set -e
 #     -j OUTPUT -k ./rpms.tar.gz -l ~/azurelinux/.pipelines/containerSourceData \
 #     -m "false" -n "false" -p development -q "false" -u "true"
 
-while getopts ":a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:v:" OPTIONS; do
+while getopts ":a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:v:w:" OPTIONS; do
     case ${OPTIONS} in
     a ) BASE_IMAGE_NAME_FULL=$OPTARG;;
     b ) ACR=$OPTARG;;
@@ -82,6 +82,7 @@ while getopts ":a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:v:" OPTIONS; do
     t ) SBOM_SCRIPT=$OPTARG;;
     u ) DISTROLESS=$OPTARG;;
     v ) VERSION_EXTRACT_CMD=$OPTARG;;
+    w ) TOOLCHAIN_RPMS_TARBALL=$OPTARG;;
 
     \? )
         echo "Error - Invalid Option: -$OPTARG" 1>&2
@@ -125,6 +126,7 @@ function print_inputs {
     echo "SBOM_TOOL_PATH                -> $SBOM_TOOL_PATH"
     echo "SBOM_SCRIPT                   -> $SBOM_SCRIPT"
     echo "DISTROLESS                    -> $DISTROLESS"
+    echo "TOOLCHAIN_RPMS_TARBALL -> $TOOLCHAIN_RPMS_TARBALL"
 }
 
 function validate_inputs {
@@ -168,6 +170,11 @@ function validate_inputs {
         exit 1
     fi
 
+    if [[ ! -f $TOOLCHAIN_RPMS_TARBALL ]]; then
+        echo "Error - No TOOLCHAIN_RPMS tarball found under '$TOOLCHAIN_RPMS_TARBALL'."
+        exit 1
+    fi
+
     if [ ! -d "$CONTAINER_SRC_DIR" ]; then
         echo "Error - Container source directory does not exist."
         exit 1
@@ -236,7 +243,9 @@ function prepare_docker_directory {
     mkdir -pv "$HOST_MOUNTED_DIR"
 
     # Copy files into docker context directory
-    tar -xf "$RPMS_TARBALL" -C "$HOST_MOUNTED_DIR"/
+    tar -xvf "$RPMS_TARBALL" -C "$HOST_MOUNTED_DIR"/
+    # we look for the toolchain rpms in the same directory as the rpms tarball
+    tar -xvf "$TOOLCHAIN_RPMS_TARBALL" -C "$HOST_MOUNTED_DIR/RPMS"/
     cp -v "$CONTAINER_SRC_DIR/azurelinuxlocal.repo" "$HOST_MOUNTED_DIR"/
 }
 

diff --git a/.pipelines/templatesWithCheckout/SodiffCheck.yml b/.pipelines/templatesWithCheckout/SodiffCheck.yml
@@ -13,6 +13,14 @@ parameters:
     type: string
     default: "rpms.tar.gz"
 
+  - name: sodiffRepoCommand
+    type: string
+    default: "sodiff-repo"
+
+  - name: sodiffRepoFile
+    type: string
+    default: "sodiff.repo"
+
   - name: sourcesWorkspace
     type: string
     default: "$(Agent.TempDirectory)/SourcesWorkspace"
@@ -52,16 +60,16 @@ steps:
       sodiff_out_dir="${{ parameters.buildRepoRoot }}/out/sodiff"
       mkdir -p $sodiff_out_dir
 
-      echo "Generate sodiff.repo file"
-      sudo make -sC "$toolkit_dir" sodiff-repo
+      echo "Generate sodiff repo file"
+      sudo make -sC "$toolkit_dir" ${{ parameters.sodiffRepoCommand }}
 
       echo "Generate input file"
       find $sodiff_rpms_dir -type f -name '*.rpm' -exec basename {} \; > ./sodiff-rpms
 
       sodiff_release_ver=`cat ${{ parameters.buildRepoRoot }}/SPECS/azurelinux-release/azurelinux-release.spec | grep "Version:" | cut -d " " -f 1 --complement | xargs`
       echo "sodiff release ver: $sodiff_release_ver"
       
-      $toolkit_dir/scripts/sodiff/mariner-sodiff.sh $sodiff_rpms_dir/ $toolkit_dir/scripts/sodiff/sodiff.repo $sodiff_release_ver $sodiff_out_dir < ./sodiff-rpms
+      $toolkit_dir/scripts/sodiff/mariner-sodiff.sh -r $sodiff_rpms_dir/ -f ${{ parameters.buildRepoRoot }}/build/sodiff/${{ parameters.sodiffRepoFile }} -v $sodiff_release_ver -o $sodiff_out_dir -e true < ./sodiff-rpms
 
 
-    displayName: "Sodiff check"
+    displayName: "Sodiff check"
diff --git a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
diff --git a/LICENSES-AND-NOTICES/SPECS/data/licenses.json b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
@@ -35,6 +35,7 @@
         "Fedora": {
             "license": "[Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files)",
             "specs": [
+                "389-ds-base",
                 "a52dec",
                 "abseil-cpp",
                 "accountsservice",
@@ -601,6 +602,7 @@
                 "libcmpiutil",
                 "libcomps",
                 "libcroco",
+                "libcxx",
                 "libdaemon",
                 "libdap",
                 "libdatrie",
@@ -689,6 +691,7 @@
                 "liblqr-1",
                 "liblzf",
                 "libmad",
+                "libmd",
                 "libmediaart",
                 "libmicrohttpd",
                 "libmikmod",
@@ -921,6 +924,7 @@
                 "mod_security_crs",
                 "mod_wsgi",
                 "mokutil",
+                "mosh",
                 "mpage",
                 "mrtg",
                 "mstflint",
@@ -1207,6 +1211,7 @@
                 "perl-Devel-Hide",
                 "perl-Devel-Leak",
                 "perl-Devel-LexAlias",
+                "perl-Devel-Refcount",
                 "perl-Devel-Size",
                 "perl-Devel-StackTrace",
                 "perl-Devel-Symdump",
@@ -1324,6 +1329,7 @@
                 "perl-Mail-IMAPTalk",
                 "perl-Mail-SPF",
                 "perl-MailTools",
+                "perl-Match-Simple",
                 "perl-Math-Int64",
                 "perl-Math-Random-ISAAC",
                 "perl-MIME-Charset",
@@ -1448,6 +1454,7 @@
                 "perl-Sub-Exporter",
                 "perl-Sub-Exporter-Progressive",
                 "perl-Sub-Identify",
+                "perl-Sub-Infix",
                 "perl-Sub-Info",
                 "perl-Sub-Install",
                 "perl-Sub-Name",
@@ -1569,6 +1576,7 @@
                 "phodav",
                 "php",
                 "php-pear",
+                "php-pecl-apcu",
                 "php-pecl-zip",
                 "physfs",
                 "picosat",
@@ -1635,6 +1643,7 @@
                 "python-async-generator",
                 "python-augeas",
                 "python-azure-sdk",
+                "python-backoff",
                 "python-beautifulsoup4",
                 "python-betamax",
                 "python-blinker",
@@ -1707,6 +1716,7 @@
                 "python-isodate",
                 "python-isort",
                 "python-itsdangerous",
+                "python-junitxml",
                 "python-justbases",
                 "python-justbytes",
                 "python-jwcrypto",
@@ -1760,6 +1770,7 @@
                 "python-pymongo",
                 "python-PyMySQL",
                 "python-pyperclip",
+                "python-pyproject-metadata",
                 "python-pyroute2",
                 "python-pyrsistent",
                 "python-pysocks",
@@ -1793,6 +1804,7 @@
                 "python-rfc3986",
                 "python-rich",
                 "python-rpm-generators",
+                "python-rpmautospec-core",
                 "python-rpmfluff",
                 "python-rtslib",
                 "python-ruamel-yaml",
@@ -2007,6 +2019,7 @@
                 "stress-ng",
                 "stunnel",
                 "subscription-manager",
+                "subunit",
                 "suitesparse",
                 "SuperLU",
                 "supermin",
@@ -2134,7 +2147,7 @@
                 "xorg-x11-proto-devel",
                 "xorg-x11-server",
                 "xorg-x11-server-utils",
-		"xorg-x11-server-Xwayland",
+                "xorg-x11-server-Xwayland",
                 "xorg-x11-util-macros",
                 "xorg-x11-utils",
                 "xorg-x11-xauth",
@@ -2231,7 +2244,6 @@
                 "GSL",
                 "gtk-update-icon-cache",
                 "helm",
-                "hvloader",
                 "ig",
                 "intel-pf-bb-config",
                 "ivykis",
@@ -2420,6 +2432,7 @@
                 "umoci",
                 "usrsctp",
                 "vala",
+                "valkey",
                 "verity-read-only-root",
                 "vnstat",
                 "zstd"

diff --git a/SPECS-EXTENDED/389-ds-base/389-ds-base-devel.README b/SPECS-EXTENDED/389-ds-base/389-ds-base-devel.README
@@ -0,0 +1,4 @@
+For detailed information on developing plugins for 389 Directory Server visit
+
+https://www.port389.org/docs/389ds/design/plugins.html
+https://github.com/389ds/389-ds-base/blob/main/src/slapi_r_plugin/README.md
diff --git a/SPECS-EXTENDED/389-ds-base/389-ds-base.signatures.json b/SPECS-EXTENDED/389-ds-base/389-ds-base.signatures.json
@@ -0,0 +1,8 @@
+{
+ "Signatures": {
+  "389-ds-base-3.1.1.tar.bz2": "e111c4bc3ad2efa5d73a7d7a18d03ff84ee53afa25b631a8a31cd19cb0fe854b",
+  "389-ds-base-devel.README": "f69e816db24e12423e921ea6a1b3d6cd326715eae9079646358143018fff75fe",
+  "389-ds-base.sysusers": "c710a2b07565c29e5293d42cab8519cc0351a0d772e0e13693be0ed4ea6a19bf",
+  "jemalloc-5.3.0.tar.bz2": "2db82d1e7119df3e71b7640219b6dfe84789bc0537983c3b7ac4f7189aecfeaa"
+ }
+}