Merge branch 'main' into 2.0

microsoft · Jun 21, 2023 · 9765a16 · 9765a16
2 parents ff99c4f + d3979a0
commit 9765a16
Show file tree

Hide file tree

Showing 7 changed files with 94 additions and 149 deletions.
diff --git a/.github/fabricbot.json b/.github/fabricbot.json
diff --git a/.github/policies/resourceManagement.yml b/.github/policies/resourceManagement.yml
@@ -0,0 +1,83 @@
+id: 
+name: GitOps.PullRequestIssueManagement
+description: GitOps.PullRequestIssueManagement primitive
+owner: 
+resource: repository
+disabled: false
+where: 
+configuration:
+  resourceManagementConfiguration:
+    scheduledSearches: []
+    eventResponderTasks:
+    - if:
+      - payloadType: Pull_Request
+      then:
+      - if:
+        - includesModifiedFiles:
+            files:
+            - SPECS/
+            - SPECS-SIGNED/
+        then:
+        - addLabel:
+            label: Packaging
+      - if:
+        - includesModifiedFiles:
+            files:
+            - toolkit/docs/
+        then:
+        - addLabel:
+            label: documentation
+      - if:
+        - includesModifiedFiles:
+            files:
+            - toolkit/tools/
+            - toolkit/scripts/
+        then:
+        - addLabel:
+            label: Tools
+      - if:
+        - includesModifiedFiles:
+            files:
+            - toolkit/imageconfigs/
+            - toolkit/tools/imagegen/configuration
+        then:
+        - addLabel:
+            label: Schema
+      description: 
+    - if:
+      - payloadType: Pull_Request
+      - filesMatchPattern:
+          pattern: (CVE|cve)-\d+-\d+\.(no)?patch
+      then:
+      - addLabel:
+          label: security
+      description: 
+    - if:
+      - payloadType: Pull_Request
+      - isAction:
+          action: Opened
+      - isActivitySender:
+          user: CBL-Mariner-Bot
+          issueAuthor: False
+      then:
+      - addLabel:
+          label: Automatic PR
+      description: 
+    - if:
+      - payloadType: Pull_Request
+      then:
+      - if:
+        - targetsBranch:
+            branch: 1.0-dev
+        then:
+        - addLabel:
+            label: 1.0-dev
+      - if:
+        - targetsBranch:
+            branch: main
+        then:
+        - addLabel:
+            label: main
+      description: 
+onFailure: 
+onSuccess: 
diff --git a/SPECS/libcap/libcap.spec b/SPECS/libcap/libcap.spec
@@ -60,7 +60,7 @@ sed -i "s|pass_capsh --chroot=\$(/bin/pwd) ==||g" quicktest.sh
 %{_mandir}/man3/*
 
 %changelog
-* Thu JUn 15 2023 Henry Li <[email protected]> - 2.60-2
+* Thu Jun 15 2023 Henry Li <[email protected]> - 2.60-2
 - Add patch to resolve CVE-2023-2602 and CVE-2023-2603
 - Use autosetup
 

diff --git a/SPECS/msft-golang/msft-golang.signatures.json b/SPECS/msft-golang/msft-golang.signatures.json
@@ -1,6 +1,6 @@
 {
  "Signatures": {
-  "go.20230404.2.src.tar.gz": "05a5275e6102a680c6367f67bf3e25234094a9bf6bacb9d99610e5fb5d5388e0",
+  "go.20230606.2.src.tar.gz": "6905d65e0f813c48d64ea71bafc119975e85593e424b9b5e864ccba65c505baf",
   "go1.4-bootstrap-20171003.tar.gz": "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52"
  }
 }
diff --git a/SPECS/msft-golang/msft-golang.spec b/SPECS/msft-golang/msft-golang.spec
@@ -12,14 +12,14 @@
 %define __find_requires %{nil}
 Summary:        Go
 Name:           msft-golang
-Version:        1.19.8
+Version:        1.19.10
 Release:        1%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          System Environment/Security
 URL:            https://github.com/microsoft/go
-Source0:        https://github.com/microsoft/go/releases/download/v1.19.8-1/go.20230404.2.src.tar.gz
+Source0:        https://github.com/microsoft/go/releases/download/v1.19.10-1/go.20230606.2.src.tar.gz
 Source1:        https://dl.google.com/go/go1.4-bootstrap-20171003.tar.gz
 Patch0:         go14_bootstrap_aarch64.patch
 Conflicts:      go
@@ -115,6 +115,9 @@ fi
 %{_bindir}/*
 
 %changelog
+* Tue Jun 06 2023 Bala <[email protected]> - 1.19.10-1
+- Upgrade to 1.19.10 to fix CVE-2023-29404
+
 * Wed Apr 05 2023 Muhammad Falak <[email protected]> - 1.19.8-1
 - Bump version to address CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538
 

diff --git a/cgmanifest.json b/cgmanifest.json
@@ -13453,8 +13453,8 @@
         "type": "other",
         "other": {
           "name": "msft-golang",
-          "version": "1.19.8",
-          "downloadUrl": "https://github.com/microsoft/go/releases/download/v1.19.8-1/go.20230404.2.src.tar.gz"
+          "version": "1.19.10",
+          "downloadUrl": "https://github.com/microsoft/go/releases/download/v1.19.10-1/go.20230606.2.src.tar.gz"
         }
       }
     },

diff --git a/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh b/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh
@@ -314,7 +314,7 @@ build_rpm_in_chroot_no_install xz
 build_rpm_in_chroot_no_install zstd
 build_rpm_in_chroot_no_install lz4
 build_rpm_in_chroot_no_install m4
-build_rpm_in_chroot_no_install libcap
+build_rpm_in_chroot_no_install libcap libcap # Use full naming since we have a collision with libcap-ng
 build_rpm_in_chroot_no_install popt
 build_rpm_in_chroot_no_install tar
 build_rpm_in_chroot_no_install gawk
@@ -586,7 +586,7 @@ copy_rpm_subpackage python3-jinja2
 
 # systemd-bootstrap requires libcap, xz, kbd, kmod, util-linux, meson, intltool, python3-jinja2
 # gperf is also needed, but is installed earlier
-chroot_and_install_rpms libcap
+chroot_and_install_rpms libcap libcap # Use full naming since we have a collision with libcap-ng
 chroot_and_install_rpms lz4
 chroot_and_install_rpms xz
 chroot_and_install_rpms kbd