Merge branch 'fasttrack/3.0' into nicogbg/prometheus-High-CVEs-3.0

.github/CODEOWNERS

@@ -1,6 +1,5 @@
-# By default, all files require a review by at least one member of the Azure Linux developers team.
-# See teams here: https://github.com/orgs/microsoft/teams?query=mariner
-* @microsoft/cbl-mariner-devs
+# For stable release branches, ensure stable release maintainers are added as code reviewers
+* @microsoft/cbl-mariner-stable-maintainers
 
 # Modification to this file require admin approval.
 /.github/CODEOWNERS @microsoft/cbl-mariner-admins
@@ -11,83 +10,7 @@
 # Modifications to the CredScan exceptions require admin approval.
 /.config/CredScanSuppressions.json @microsoft/cbl-mariner-admins
 
-# Modification to what is considered "core packages" require admin approval.
-/SPECS/core-packages/* @microsoft/cbl-mariner-admins
-
-# Modification to specific packages go to specific teams
-/SPECS/kernel/* @microsoft/cbl-mariner-kernel
-/SPECS/kernel-headers/* @microsoft/cbl-mariner-kernel
-/SPECS/kernel-mshv/* @microsoft/cbl-mariner-kata-containers
-/SPECS/kernel-uvm/* @microsoft/cbl-mariner-kata-containers
-/SPECS-SIGNED/kernel-signed/* @microsoft/cbl-mariner-kernel
-/SPECS-SIGNED/kernel-mstflint-signed/* @microsoft/cbl-mariner-kernel
-
-/SPECS/grub2/* @microsoft/cbl-mariner-bootloader
-/SPECS/grubby/* @microsoft/cbl-mariner-bootloader
-/SPECS/shim/* @microsoft/cbl-mariner-bootloader
-/SPECS/shim-unsigned/* @microsoft/cbl-mariner-bootloader
-/SPECS/shim-unsigned-x64/* @microsoft/cbl-mariner-bootloader
-/SPECS/shim-unsigned-aarch64/* @microsoft/cbl-mariner-bootloader
-/SPECS-SIGNED/grub2-efi-binary-signed/* @microsoft/cbl-mariner-bootloader
-
-/SPECS/dracut/* @microsoft/cbl-mariner-dracut
-/SPECS/initramfs/* @microsoft/cbl-mariner-dracut
-/SPECS/verity-read-only-root/* @microsoft/cbl-mariner-dracut
-
-/SPECS/systemd/* @microsoft/cbl-mariner-systemd
-
-/SPECS/bcc/* @microsoft/cbl-mariner-debug-tools
-/SPECS/bpftrace/* @microsoft/cbl-mariner-debug-tools
-/SPECS/crash/* @microsoft/cbl-mariner-debug-tools
-/SPECS/gdb/* @microsoft/cbl-mariner-debug-tools
-/SPECS/kexec-tools/* @microsoft/cbl-mariner-debug-tools
-
-/SPECS/openssl/* @microsoft/cbl-mariner-openssl
-/SPECS/SymCrypt-OpenSSL/* @microsoft/cbl-mariner-openssl
-/SPECS/SymCrypt/* @microsoft/cbl-mariner-openssl
-
-/SPECS/dnf/* @microsoft/cbl-mariner-package-managers
-/SPECS/dnf-plugins-core/* @microsoft/cbl-mariner-package-managers
-/SPECS/rpm/* @microsoft/cbl-mariner-package-managers
-/SPECS/tdnf/* @microsoft/cbl-mariner-package-managers
-
-/SPECS/containerd/* @microsoft/cbl-mariner-container-runtime
-/SPECS/docker-buildx/* @microsoft/cbl-mariner-container-runtime
-/SPECS/docker-cli/* @microsoft/cbl-mariner-container-runtime
-/SPECS/kata-containers/* @microsoft/cbl-mariner-kata-containers
-/SPECS/kata-containers-cc/* @microsoft/cbl-mariner-kata-containers
-/SPECS/moby-containerd-cc/* @microsoft/cbl-mariner-kata-containers
-/SPECS/moby-engine/* @microsoft/cbl-mariner-container-runtime
-/SPECS/runc/* @microsoft/cbl-mariner-container-runtime
-/SPECS/virtiofsd/* @microsoft/cbl-mariner-kata-containers
-
-/SPECS/cloud-hypervisor-cvm/* @microsoft/cbl-mariner-kata-containers
-
-/SPECS/cloud-init/* @microsoft/cbl-mariner-provisioning
-/SPECS/walinuxagent/* @microsoft/cbl-mariner-provisioning
-
-# Modifications to the toolkit requires reviews from the toolkit team
-/toolkit/ @microsoft/cbl-mariner-tooling
-
-# Docs to be reviewed by general Azure Linux devs
-/toolkit/docs/ @microsoft/cbl-mariner-devs
-
-# Default image configurations to be reviewed by general Azure Linux devs
-/toolkit/imageconfigs/ @microsoft/cbl-mariner-devs
-
-# Package and toolchain manifests to be reviewed by toolchain team
-/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @microsoft/cbl-mariner-toolchain
-/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @microsoft/cbl-mariner-toolchain
-/toolkit/resources/manifests/package/toolchain_aarch64.txt @microsoft/cbl-mariner-toolchain
-/toolkit/resources/manifests/package/toolchain_x86_64.txt @microsoft/cbl-mariner-toolchain
-
-# Modifications to the raw toolchain require admin approval.
-/toolkit/scripts/toolchain/container/* @microsoft/cbl-mariner-admins
-/toolkit/scripts/toolchain/cgmanifest.json @microsoft/cbl-mariner-admins
-/toolkit/scripts/toolchain/create_toolchain_in_container.sh @microsoft/cbl-mariner-admins
-
-# Modifications to the trusted CA certificates require admin approval.
-/SPECS/*ca-certificates*/* @microsoft/cbl-mariner-admins
+/SPECS-EXTENDED/ @microsoft/cbl-mariner-devs
 
 # Image Customizer
 /toolkit/tools/imagecustomizer/ @microsoft/cbl-mariner-imagecustomizer

LICENSES-AND-NOTICES/SPECS/data/licenses.json

@@ -1709,6 +1709,7 @@
                 "python-humanize",
                 "python-hwdata",
                 "python-importlib-metadata",
+                "python-iniconfig",
                 "python-inotify",
                 "python-into-dbus-python",
                 "python-IPy",
@@ -2712,6 +2713,7 @@
                 "gnutls",
                 "gobject-introspection",
                 "golang",
+                "golang-1.22",
                 "gperf",
                 "gperftools",
                 "gpgme",

README.md

@@ -33,8 +33,10 @@ Note: Support for the ISO is community based. Before filing a new bug or feature
 ## Getting Help
 - Bugs, feature requests and questions can be filed as GitHub issues.
 - We are starting a public community call for Azure Linux users to get together and discuss new features, provide feedback, and learn more about how others are using Azure Linux. In each session, we will feature a new demo. The schedule for the upcoming community calls are:
-- 7/25/24 from 8-9am (PST) [Click to join](https://teams.microsoft.com/l/meetup-join/19%3ameeting_NGM1YWZiMDMtYWZkZi00NzBmLWExNjgtM2RkMjFmYTNiYmU2%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2230697089-15b8-4c68-b67e-7db9cd4f02ea%22%7d) 
-- 9/26/24 from 8-9am (PST) [Click to join](https://teams.microsoft.com/l/meetup-join/19%3ameeting_NGM1YWZiMDMtYWZkZi00NzBmLWExNjgtM2RkMjFmYTNiYmU2%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2230697089-15b8-4c68-b67e-7db9cd4f02ea%22%7d)
+- 11/21/24 from 8-9am (PST) [Click to join](https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDcyZjRkYWMtOWQxYS00OTk3LWFhNmMtMTMwY2VhMTA4OTZi%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2271a6ce92-58a5-4ea0-96f4-bd4a0401370a%22%7d)
+- 1/23/25 from 8-9am (PST) [Click to join](https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDcyZjRkYWMtOWQxYS00OTk3LWFhNmMtMTMwY2VhMTA4OTZi%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2271a6ce92-58a5-4ea0-96f4-bd4a0401370a%22%7d)
+- 3/27/25 from 8-9am (PST) [Click to join](https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDcyZjRkYWMtOWQxYS00OTk3LWFhNmMtMTMwY2VhMTA4OTZi%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2271a6ce92-58a5-4ea0-96f4-bd4a0401370a%22%7d)
+- 5/22/25 from 8-9am (PST) [Click to join](https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDcyZjRkYWMtOWQxYS00OTk3LWFhNmMtMTMwY2VhMTA4OTZi%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2271a6ce92-58a5-4ea0-96f4-bd4a0401370a%22%7d)
 
 ## Trademarks
 

SPECS-EXTENDED/apache-commons-io/apache-commons-io-build.xml

@@ -10,7 +10,7 @@
 
   <property name="project.groupId" value="commons-io"/>
   <property name="project.artifactId" value="commons-io"/>
-  <property name="project.version" value="2.8.0"/>
+  <property name="project.version" value="2.14.0"/>
   <property name="project.name" value="Apache Commons IO"/>
   <property name="project.description" value="The Apache Commons IO library 
 contains utility classes, stream implementations, file filters, 

SPECS-EXTENDED/apache-commons-io/apache-commons-io.signatures.json

@@ -1,7 +1,7 @@
 {
  "Signatures": {
-  "apache-commons-io-build.xml": "3661f04824b5f93033dfc9f993a97f1435ff467f7e3cf5e2846f2d63a690ad3b",
-  "commons-io-2.8.0-src.tar.gz": "1e44c2b038bf825526305f0320b2e24dce039f399968326aab30c475ab765612",
-  "commons-io-2.8.0-src.tar.gz.asc": "5df617e9034a4e31cf7671af111edae1537dd14dc8d5e2fa4392a038f912df61"
+  "apache-commons-io-build.xml": "d7daa228b59ff41d5917745a77732bd31dc38dc1cea4edf1f65879c8ab82c4a2",
+  "commons-io-2.14.0-src.tar.gz": "306d53e907f491b9ac6b0e74e6ad9d8cbc0cf1b024cfb21df59a0c486fd181bc",
+  "commons-io-2.14.0-src.tar.gz.asc": "e46f87969e7accfa80aa194207c47d213730bc2427fb8ce7affbbfef5c3d1ec5"
  }
 }

SPECS-EXTENDED/apache-commons-io/apache-commons-io.spec

@@ -22,8 +22,8 @@ Distribution:   Azure Linux
 %define short_name      commons-%{base_name}
 %bcond_with tests
 Name:           apache-%{short_name}
-Version:        2.8.0
-Release:        2%{?dist}
+Version:        2.14.0
+Release:        1%{?dist}
 Summary:        Utilities to assist with developing IO functionality
 License:        Apache-2.0
 Group:          Development/Libraries/Java
@@ -93,6 +93,10 @@ cp -pr target/site/apidocs/* %{buildroot}%{_javadocdir}/%{name}
 %doc %{_javadocdir}/%{name}
 
 %changelog
+* Mon Oct 7 2024 Bhagyashri Pathak <[email protected]> - 2.14.0-1
+- Upgrade to 2.14.0 to fix the CVE-2024-47554.
+- License verified
+
 * Thu Oct 14 2021 Pawel Winogrodzki <[email protected]> - 2.8.0-2
 - Converting the 'Release' tag to the '[number].[distribution]' format.
 

SPECS-EXTENDED/apache-commons-io/commons-io-2.14.0-src.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEELbTx7w+nYezE6pNchv3H4qESYssFAmURZkQACgkQhv3H4qES
+YssmAAf+Opr906UCvufO2/ncd3Q2RuJDC24WoUlK8t18yNLTXcG1ZhxtqHn0ms/l
+D59OwQQaerBr2f/Y4dB1WLTg/XIrgtbmjImKk0iOXwVirb5etdXdnLUXf3oRvJG+
+C98BB26kY4QPYmRzQMFdf6AVRMZvva51c+u7zrKDOC0/VlxYPY8UlYQfCJ6Uyxqu
+TMUwQ1/cfSr65DIQui/X/RM09tGcyItb2wScZlGSq7FqtYNUj6GYAEZqhPeG74pq
+5xC19viyCGnTLO8LRaqmzmqidMPcYc95GqO9BiQDcI393qZJsq9GSxMwvIPcVJNp
+l6oNdUcPRxIf0yFJm47dmFtEeM4KXg==
+=+Thz
+-----END PGP SIGNATURE-----

SPECS-SIGNED/grub2-efi-binary-signed/grub2-efi-binary-signed.spec

@@ -12,7 +12,7 @@
 Summary:        Signed GRand Unified Bootloader for %{buildarch} systems
 Name:           grub2-efi-binary-signed-%{buildarch}
 Version:        2.06
-Release:        20%{?dist}
+Release:        21%{?dist}
 License:        GPLv3+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -79,6 +79,9 @@ cp %{SOURCE3} %{buildroot}/boot/efi/EFI/BOOT/%{grubpxeefiname}
 /boot/efi/EFI/BOOT/%{grubpxeefiname}
 
 %changelog
+* Mon Oct 28 2024 Chris Co <[email protected]> - 2.06-21
+- Bump release number to match grub release
+
 * Tue Aug 13 2024 Daniel McIlvaney <[email protected]> - 2.06-20
 - Move grub2-rpm-macros to the azurelinux-rpm-macros package
 

SPECS-SIGNED/kernel-signed/kernel-signed.spec

@@ -9,8 +9,8 @@
 %define uname_r %{version}-%{release}
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-signed-%{buildarch}
-Version:        6.6.51.1
-Release:        5%{?dist}
+Version:        6.6.57.1
+Release:        2%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -145,6 +145,27 @@ echo "initrd of kernel %{uname_r} removed" >&2
 %exclude /module_info.ld
 
 %changelog
+* Wed Oct 30 2024 Thien Trung Vuong <[email protected]> - 6.6.57.1-2
+- Bump release to match kernel
+
+* Tue Oct 29 2024 CBL-Mariner Servicing Account <[email protected]> - 6.6.57.1-1
+- Auto-upgrade to 6.6.57.1
+
+* Thu Oct 24 2024 Rachel Menge <[email protected]> - 6.6.56.1-5
+- Bump release to match kernel
+
+* Wed Oct 23 2024 Rachel Menge <[email protected]> - 6.6.56.1-4
+- Bump release to match kernel
+
+* Wed Oct 23 2024 Rachel Menge <[email protected]> - 6.6.56.1-3
+- Bump release to match kernel
+
+* Tue Oct 22 2024 Rachel Menge <[email protected]> - 6.6.56.1-2
+- Bump release to match kernel
+
+* Thu Oct 17 2024 CBL-Mariner Servicing Account <[email protected]> - 6.6.56.1-1
+- Auto-upgrade to 6.6.56.1
+
 * Thu Oct 03 2024 Rachel Menge <[email protected]> - 6.6.51.1-5
 - Bump release to match kernel
 

SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec

@@ -5,8 +5,8 @@
 %define kernelver %{version}-%{release}
 Summary:        Signed Unified Kernel Image for %{buildarch} systems
 Name:           kernel-uki-signed-%{buildarch}
-Version:        6.6.51.1
-Release:        5%{?dist}
+Version:        6.6.57.1
+Release:        2%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -68,6 +68,27 @@ popd
 /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi
 
 %changelog
+* Wed Oct 30 2024 Thien Trung Vuong <[email protected]> - 6.6.57.1-2
+- Bump release to match kernel
+
+* Tue Oct 29 2024 CBL-Mariner Servicing Account <[email protected]> - 6.6.57.1-1
+- Auto-upgrade to 6.6.57.1
+
+* Thu Oct 24 2024 Rachel Menge <[email protected]> - 6.6.56.1-5
+- Bump release to match kernel
+
+* Wed Oct 23 2024 Rachel Menge <[email protected]> - 6.6.56.1-4
+- Bump release to match kernel
+
+* Wed Oct 23 2024 Rachel Menge <[email protected]> - 6.6.56.1-3
+- Bump release to match kernel
+
+* Tue Oct 22 2024 Rachel Menge <[email protected]> - 6.6.56.1-2
+- Bump release to match kernel
+
+* Thu Oct 17 2024 CBL-Mariner Servicing Account <[email protected]> - 6.6.56.1-1
+- Auto-upgrade to 6.6.56.1
+
 * Thu Oct 03 2024 Rachel Menge <[email protected]> - 6.6.51.1-5
 - Bump release to match kernel
 

SPECS/OpenIPMI/OpenIPMI.signatures.json

@@ -1,6 +1,6 @@
 {
  "Signatures": {
-  "OpenIPMI-2.0.33.tar.gz": "fb53e9ea5e2681cf8af7cda024b1a0044c675f84116ca27ae9616c8b7ad95b49",
+  "OpenIPMI-2.0.36.tar.gz": "a0403148fa5f7bed930c958a4d1c558047e273763a408b3a0368edc137cc55d9",
   "ipmi.service": "7f55866340569bfbb4bcce32a6218667d0e8dbba99d9aac4ef8e192d3952fa71",
   "openipmi-helper": "e646bf49b3962dd0cd6261d5a7c44240261c856e0bc47d70bdc2720a2ea7d530"
  }

SPECS/OpenIPMI/OpenIPMI.spec

@@ -1,13 +1,13 @@
 Summary:        A shared library implementation of IPMI and the basic tools
 Name:           OpenIPMI
-Version:        2.0.33
+Version:        2.0.36
 Release:        1%{?dist}
 License:        LGPLv2+ AND GPLv2+ OR BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          System Environment/Base
 URL:            https://sourceforge.net/projects/openipmi/
-Source0:        https://downloads.sourceforge.net/openipmi/OpenIPMI-2.0.33.tar.gz
+Source0:        https://downloads.sourceforge.net/openipmi/%{name}-%{version}.tar.gz
 Source1:        openipmi-helper
 Source2:        ipmi.service
 BuildRequires:  ncurses-devel
@@ -190,6 +190,9 @@ echo "disable ipmi.service" > %{buildroot}%{_libdir}/systemd/system-preset/50-ip
 %{_mandir}/man5/ipmi_sim_cmd.5.gz
 
 %changelog
+* Mon Oct 14 2024 Suresh Thelkar <[email protected]> - 2.0.36-1
+- Upgrade to 2.0.36
+
 * Thu Mar 28 2024 Xiaohong Deng <[email protected]> - 2.0.33-1
 - Upgrade to 2.0.33
 

SPECS/apr/apr.signatures.json

@@ -1,5 +1,5 @@
 {
-  "Signatures": {
-    "apr-1.7.4.tar.gz": "a4137dd82a185076fa50ba54232d920a17c6469c30b0876569e1c2a05ff311d9"
-  }
-}
+ "Signatures": {
+  "apr-1.7.5.tar.gz": "3375fa365d67bcf945e52b52cba07abea57ef530f40b281ffbe977a9251361db"
+ }
+}

SPECS/apr/apr.spec

@@ -1,14 +1,15 @@
 %define         aprver  1
 Summary:        The Apache Portable Runtime
 Name:           apr
-Version:        1.7.4
+Version:        1.7.5
 Release:        1%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          System Environment/Libraries
 URL:            https://apr.apache.org/
 Source0:        https://dlcdn.apache.org/%{name}/%{name}-%{version}.tar.gz
+Patch0:         skip-known-test-failure.patch
 %if 0%{?with_check}
 # test_serv_by_name test requires /etc/services file from iana-etc package
 BuildRequires:  iana-etc
@@ -25,7 +26,7 @@ Requires:       %{name} = %{version}-%{release}
 It contains the libraries and header files to create applications
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 ./configure --prefix=%{_prefix} \
@@ -64,6 +65,10 @@ make -j1 check
 %{_libdir}/pkgconfig
 
 %changelog
+* Wed Oct 16 2024 Muhammad Falak <[email protected]> - 1.7.5-1
+- Upgrade version to address CVE-2023-49582
+- Enable ptests
+
 * Fri Oct 27 2023 CBL-Mariner Servicing Account <[email protected]> - 1.7.4-1
 - Auto-upgrade to 1.7.4 - Azure Linux 3.0 - package upgrades
 

SPECS/apr/skip-known-test-failure.patch

@@ -0,0 +1,31 @@
+From d4aa66b790e48f4745bcc6623b286577f2e0aef0 Mon Sep 17 00:00:00 2001
+From: Muhammad Falak R Wani <[email protected]>
+Date: Wed, 16 Oct 2024 19:47:33 +0530
+Subject: [PATCH] test: skip known test failure
+
+Signed-off-by: Muhammad Falak R Wani <[email protected]>
+---
+ test/Makefile.in | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/test/Makefile.in b/test/Makefile.in
+index e3b71e0..b609c74 100644
+--- a/test/Makefile.in
++++ b/test/Makefile.in
+@@ -172,6 +172,13 @@ check: $(TESTALL_COMPONENTS) $(STDTEST_PORTABLE) $(STDTEST_NONPORTABLE)
+ 					progfailed="$$progfailed '$$prog mode $$mode'"; \
+ 				fi; \
+ 			done; \
++		elif test "$$prog" = 'testall'; then \
++			./$$prog -v -x testsock; \
++			status=$$?; \
++			if test $$status != 0; then \
++				teststatus=$$status; \
++				progfailed="$$progfailed $$prog"; \
++			fi; \
+ 	        else \
+ 			./$$prog -v; \
+ 			status=$$?; \
+-- 
+2.40.1
+