diff --git a/SPECS-EXTENDED/buildah/buildah.spec b/SPECS-EXTENDED/buildah/buildah.spec index c17d6cf3cf9..f19f2b33d4b 100644 --- a/SPECS-EXTENDED/buildah/buildah.spec +++ b/SPECS-EXTENDED/buildah/buildah.spec @@ -21,7 +21,7 @@ Summary: A command line tool used for creating OCI Images Name: buildah Version: 1.18.0 -Release: 18%{?dist} +Release: 19%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -123,6 +123,9 @@ cp imgtype %{buildroot}/%{_bindir}/%{name}-imgtype %{_datadir}/%{name}/test %changelog +* Tue Oct 10 2023 Dan Streetman - 1.18.0-19 +- Bump release to rebuild with updated version of Go. + * Tue Oct 03 2023 Mandeep Plaha - 1.18.0-18 - Bump release to rebuild against glibc 2.35-5 diff --git a/SPECS-EXTENDED/containernetworking-plugins/containernetworking-plugins.spec b/SPECS-EXTENDED/containernetworking-plugins/containernetworking-plugins.spec index d779bb81fe0..f377bdff5b1 100644 --- a/SPECS-EXTENDED/containernetworking-plugins/containernetworking-plugins.spec +++ b/SPECS-EXTENDED/containernetworking-plugins/containernetworking-plugins.spec @@ -24,7 +24,7 @@ Name: %{project}-%{repo} Version: 1.1.1 -Release: 11%{?dist} +Release: 12%{?dist} Summary: Libraries for writing CNI plugin License: ASL 2.0 and BSD and MIT Vendor: Microsoft Corporation @@ -129,6 +129,9 @@ install -p plugins/ipam/dhcp/systemd/cni-dhcp.socket %{buildroot}%{_unitdir} %{_unitdir}/cni-dhcp.socket %changelog +* Tue Oct 10 2023 Dan Streetman - 1.1.1-12 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.1.1-11 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS-EXTENDED/delve/delve.spec b/SPECS-EXTENDED/delve/delve.spec index 13171fbb370..e9d08793fc4 100644 --- a/SPECS-EXTENDED/delve/delve.spec +++ b/SPECS-EXTENDED/delve/delve.spec @@ -2,7 +2,7 @@ Vendor: Microsoft Corporation Distribution: Mariner Name: delve Version: 1.5.0 -Release: 14%{?dist} +Release: 15%{?dist} Summary: A debugger for the Go programming language License: MIT @@ -72,6 +72,9 @@ done %changelog +* Tue Oct 10 2023 Dan Streetman - 1.5.0-15 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.5.0-14 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS-EXTENDED/podman/podman.spec b/SPECS-EXTENDED/podman/podman.spec index 042b534a014..dd2de1be925 100644 --- a/SPECS-EXTENDED/podman/podman.spec +++ b/SPECS-EXTENDED/podman/podman.spec @@ -36,7 +36,7 @@ Name: podman Version: 4.1.1 -Release: 15%{?dist} +Release: 16%{?dist} License: ASL 2.0 and BSD and ISC and MIT and MPLv2.0 Summary: Manage Pods, Containers and Container Images Vendor: Microsoft Corporation @@ -387,6 +387,9 @@ cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/ # rhcontainerbot account currently managed by lsm5 %changelog +* Tue Oct 10 2023 Dan Streetman - 4.1.1-16 +- Bump release to rebuild with updated version of Go. + * Tue Oct 03 2023 Mandeep Plaha - 4.1.1-15 - Bump release to rebuild against glibc 2.35-5 diff --git a/SPECS-EXTENDED/umoci/umoci.spec b/SPECS-EXTENDED/umoci/umoci.spec index 5ea6290fc8a..a0cdb7c67fe 100644 --- a/SPECS-EXTENDED/umoci/umoci.spec +++ b/SPECS-EXTENDED/umoci/umoci.spec @@ -1,7 +1,7 @@ Summary: Open Container Image manipulation tool Name: umoci Version: 0.4.7 -Release: 11%{?dist} +Release: 12%{?dist} License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -39,6 +39,9 @@ go test -mod=vendor %{_bindir}/umoci %changelog +* Tue Oct 10 2023 Dan Streetman - 0.4.7-12 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 0.4.7-11 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.spec b/SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.spec index b122be1bd8d..d9b9e568f7e 100644 --- a/SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.spec +++ b/SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.spec @@ -1,7 +1,7 @@ Summary: The KeysInUse Engine for OpenSSL allows the logging of private key usage through OpenSSL Name: KeysInUse-OpenSSL Version: 0.3.4 -Release: 1%{?dist} +Release: 2%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -74,6 +74,9 @@ if [ -x %{_bindir}/keysinuseutil ]; then fi %changelog +* Tue Oct 10 2023 Dan Streetman - 0.3.4-2 +- Bump release to rebuild with updated version of Go. + * Fri Sep 22 2023 Maxwell Moyer-McKee - 0.3.4-1 - Fix memory leak for high reload public keys diff --git a/SPECS/application-gateway-kubernetes-ingress/application-gateway-kubernetes-ingress.spec b/SPECS/application-gateway-kubernetes-ingress/application-gateway-kubernetes-ingress.spec index 49917e0f643..8c5f057bc79 100644 --- a/SPECS/application-gateway-kubernetes-ingress/application-gateway-kubernetes-ingress.spec +++ b/SPECS/application-gateway-kubernetes-ingress/application-gateway-kubernetes-ingress.spec @@ -2,7 +2,7 @@ Summary: Application Gateway Ingress Controller Name: application-gateway-kubernetes-ingress Version: 1.4.0 -Release: 14%{?dist} +Release: 15%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -54,6 +54,9 @@ cp appgw-ingress %{buildroot}%{_bindir}/ %{_bindir}/appgw-ingress %changelog +* Tue Oct 10 2023 Dan Streetman - 1.4.0-15 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.4.0-14 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/azcopy/azcopy.spec b/SPECS/azcopy/azcopy.spec index 26e97845b4b..98aa278ae82 100644 --- a/SPECS/azcopy/azcopy.spec +++ b/SPECS/azcopy/azcopy.spec @@ -1,7 +1,7 @@ Summary: The new Azure Storage data transfer utility - AzCopy v10 Name: azcopy Version: 10.15.0 -Release: 12%{?dist} +Release: 13%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -61,6 +61,9 @@ go test -mod=vendor %{_bindir}/azcopy %changelog +* Tue Oct 10 2023 Dan Streetman - 10.15.0-13 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 10.15.0-12 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/blobfuse/blobfuse.spec b/SPECS/blobfuse/blobfuse.spec index 9daf1374f3e..66a76929642 100644 --- a/SPECS/blobfuse/blobfuse.spec +++ b/SPECS/blobfuse/blobfuse.spec @@ -1,7 +1,7 @@ Summary: FUSE adapter - Azure Storage Blobs Name: blobfuse Version: 1.4.5 -Release: 11%{?dist} +Release: 12%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -46,6 +46,9 @@ install -p -m 755 build/blobfuse %{buildroot}%{_bindir}/ %{_bindir}/blobfuse %changelog +* Tue Oct 10 2023 Dan Streetman - 1.4.5-12 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.4.5-11 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/blobfuse2/blobfuse2.spec b/SPECS/blobfuse2/blobfuse2.spec index cf99848b9b1..f22d1b93fd3 100644 --- a/SPECS/blobfuse2/blobfuse2.spec +++ b/SPECS/blobfuse2/blobfuse2.spec @@ -7,7 +7,7 @@ Summary: FUSE adapter - Azure Storage Name: blobfuse2 Version: %{blobfuse2_version} -Release: 1%{?dist} +Release: 2%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -80,6 +80,9 @@ install -D -m 0644 ./setup/blobfuse2-logrotate %{buildroot}%{_sysconfdir}/logrot %{_sysconfdir}/logrotate.d/blobfuse2 %changelog +* Tue Oct 10 2023 Dan Streetman - 2.1.0-2 +- Bump release to rebuild with updated version of Go. + * Mon Sep 04 2023 Anubhuti Shruti - 2.1.0-1 - Bump version to 2.1.0 diff --git a/SPECS/cert-manager/cert-manager.spec b/SPECS/cert-manager/cert-manager.spec index 7718d94447e..30fe1adb92a 100644 --- a/SPECS/cert-manager/cert-manager.spec +++ b/SPECS/cert-manager/cert-manager.spec @@ -1,7 +1,7 @@ Summary: Automatically provision and manage TLS certificates in Kubernetes Name: cert-manager Version: 1.11.2 -Release: 4%{?dist} +Release: 5%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -109,6 +109,9 @@ install -D -m0755 bin/webhook %{buildroot}%{_bindir}/ %{_bindir}/webhook %changelog +* Tue Oct 10 2023 Dan Streetman - 1.11.2-5 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.11.2-4 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/cf-cli/cf-cli.spec b/SPECS/cf-cli/cf-cli.spec index 0f2ad422373..1b23017b813 100644 --- a/SPECS/cf-cli/cf-cli.spec +++ b/SPECS/cf-cli/cf-cli.spec @@ -1,7 +1,7 @@ Summary: The official command line client for Cloud Foundry. Name: cf-cli Version: 8.4.0 -Release: 12%{?dist} +Release: 13%{?dist} License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -59,6 +59,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} ./out/cf %{_bindir}/cf %changelog +* Tue Oct 10 2023 Dan Streetman - 8.4.0-13 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 8.4.0-12 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/cni-plugins/cni-plugins.spec b/SPECS/cni-plugins/cni-plugins.spec index edc8e4ce5c7..168e1dce456 100644 --- a/SPECS/cni-plugins/cni-plugins.spec +++ b/SPECS/cni-plugins/cni-plugins.spec @@ -2,7 +2,7 @@ Summary: Container Network Interface (CNI) plugins Name: cni-plugins Version: 0.9.1 -Release: 14%{?dist} +Release: 15%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -39,6 +39,9 @@ make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck} %{_default_cni_plugins_dir}/* %changelog +* Tue Oct 10 2023 Dan Streetman - 0.9.1-15 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 0.9.1-14 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/cni/cni.spec b/SPECS/cni/cni.spec index 23928a7863f..e1b648197d8 100644 --- a/SPECS/cni/cni.spec +++ b/SPECS/cni/cni.spec @@ -24,7 +24,7 @@ Summary: Container Network Interface - networking for Linux containers Name: cni Version: 1.0.1 -Release: 13%{?dist} +Release: 14%{?dist} License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -113,6 +113,9 @@ install -m 755 -d "%{buildroot}%{cni_doc_dir}" %{_sbindir}/cnitool %changelog +* Tue Oct 10 2023 Dan Streetman - 1.0.1-14 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.0.1-13 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/containerized-data-importer/containerized-data-importer.spec b/SPECS/containerized-data-importer/containerized-data-importer.spec index 467e97d8e70..df3b846f19c 100644 --- a/SPECS/containerized-data-importer/containerized-data-importer.spec +++ b/SPECS/containerized-data-importer/containerized-data-importer.spec @@ -18,7 +18,7 @@ Summary: Container native virtualization Name: containerized-data-importer Version: 1.55.0 -Release: 14%{?dist} +Release: 15%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -198,6 +198,9 @@ install -m 0644 _out/manifests/release/cdi-cr.yaml %{buildroot}%{_datadir}/cdi/m %{_datadir}/cdi/manifests %changelog +* Tue Oct 10 2023 Dan Streetman - 1.55.0-15 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.55.0-14 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/coredns/coredns-1.8.0.spec b/SPECS/coredns/coredns-1.8.0.spec index 932873f09cf..35cce39b207 100644 --- a/SPECS/coredns/coredns-1.8.0.spec +++ b/SPECS/coredns/coredns-1.8.0.spec @@ -3,7 +3,7 @@ Summary: Fast and flexible DNS server Name: coredns Version: 1.8.0 -Release: 18%{?dist} +Release: 19%{?dist} License: Apache License 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -58,6 +58,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} %{name} %{_bindir}/%{name} %changelog +* Tue Oct 10 2023 Dan Streetman - 1.8.0-19 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.8.0-18 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/coredns/coredns-1.8.4.spec b/SPECS/coredns/coredns-1.8.4.spec index cb9d13c2cd3..dbbd4385075 100644 --- a/SPECS/coredns/coredns-1.8.4.spec +++ b/SPECS/coredns/coredns-1.8.4.spec @@ -3,7 +3,7 @@ Summary: Fast and flexible DNS server Name: coredns Version: 1.8.4 -Release: 17%{?dist} +Release: 18%{?dist} License: Apache License 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -58,6 +58,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} %{name} %{_bindir}/%{name} %changelog +* Tue Oct 10 2023 Dan Streetman - 1.8.4-18 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.8.4-17 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/coredns/coredns-1.8.6.spec b/SPECS/coredns/coredns-1.8.6.spec index 0cee9a8d4ba..932a6ac7397 100644 --- a/SPECS/coredns/coredns-1.8.6.spec +++ b/SPECS/coredns/coredns-1.8.6.spec @@ -3,7 +3,7 @@ Summary: Fast and flexible DNS server Name: coredns Version: 1.8.6 -Release: 13%{?dist} +Release: 14%{?dist} License: Apache License 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -58,6 +58,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} %{name} %{_bindir}/%{name} %changelog +* Tue Oct 10 2023 Dan Streetman - 1.8.6-14 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.8.6-13 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/coredns/coredns-1.9.3.spec b/SPECS/coredns/coredns-1.9.3.spec index 029f240c5c1..bd774ba5ac2 100644 --- a/SPECS/coredns/coredns-1.9.3.spec +++ b/SPECS/coredns/coredns-1.9.3.spec @@ -3,7 +3,7 @@ Summary: Fast and flexible DNS server Name: coredns Version: 1.9.3 -Release: 8%{?dist} +Release: 9%{?dist} License: Apache License 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -58,6 +58,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} %{name} %{_bindir}/%{name} %changelog +* Tue Oct 10 2023 Dan Streetman - 1.9.3-9 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.9.3-8 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/cri-o/cri-o.spec b/SPECS/cri-o/cri-o.spec index 59668bff1f7..3bf504b466f 100644 --- a/SPECS/cri-o/cri-o.spec +++ b/SPECS/cri-o/cri-o.spec @@ -26,7 +26,7 @@ Summary: OCI-based implementation of Kubernetes Container Runtime Interfa # Define macros for further referenced sources Name: cri-o Version: 1.21.2 -Release: 16%{?dist} +Release: 17%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -203,6 +203,9 @@ mkdir -p /opt/cni/bin %{_fillupdir}/sysconfig.kubelet %changelog +* Tue Oct 10 2023 Dan Streetman - 1.21.2-17 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.21.2-16 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/cri-tools/cri-tools.spec b/SPECS/cri-tools/cri-tools.spec index 7819a98d0d3..33f6299f635 100644 --- a/SPECS/cri-tools/cri-tools.spec +++ b/SPECS/cri-tools/cri-tools.spec @@ -7,7 +7,7 @@ Summary: CRI tools Name: cri-tools Version: 1.28.0 -Release: 1%{?dist} +Release: 2%{?dist} License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -44,6 +44,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} "${BUILD_FOLDER}/critest" %{_bindir}/critest %changelog +* Tue Oct 10 2023 Dan Streetman - 1.28.0-2 +- Bump release to rebuild with updated version of Go. + * Wed Sep 27 2023 CBL-Mariner Servicing Account - 1.28.0-1 - Auto-upgrade to 1.28.0 to fix vendored vulns CVE-2021-38561, CVE-2021-44716, CVE-2022-32149, CVE-2022-27664, CVE-2022-29526, CVE-2022-28948 diff --git a/SPECS/csi-driver-lvm/csi-driver-lvm.spec b/SPECS/csi-driver-lvm/csi-driver-lvm.spec index ee526d4cc9c..75b2f43e920 100644 --- a/SPECS/csi-driver-lvm/csi-driver-lvm.spec +++ b/SPECS/csi-driver-lvm/csi-driver-lvm.spec @@ -1,7 +1,7 @@ Summary: Container storage interface for logical volume management Name: csi-driver-lvm Version: 0.4.1 -Release: 12%{?dist} +Release: 13%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -63,6 +63,9 @@ install -D -m0755 bin/lvmplugin %{buildroot}%{_bindir}/ %{_bindir}/lvmplugin %changelog +* Tue Oct 10 2023 Dan Streetman - 0.4.1-13 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 0.4.1-12 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/dcos-cli/dcos-cli.spec b/SPECS/dcos-cli/dcos-cli.spec index 3b6ce259e61..de255623824 100644 --- a/SPECS/dcos-cli/dcos-cli.spec +++ b/SPECS/dcos-cli/dcos-cli.spec @@ -1,7 +1,7 @@ Summary: The command line for DC/OS Name: dcos-cli Version: 1.2.0 -Release: 12%{?dist} +Release: 13%{?dist} License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -45,6 +45,9 @@ go test -mod=vendor %{_bindir}/dcos %changelog +* Tue Oct 10 2023 Dan Streetman - 1.2.0-13 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.2.0-12 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/etcd/etcd-3.5.0.spec b/SPECS/etcd/etcd-3.5.0.spec index 21a33b8422b..31fa30203a2 100644 --- a/SPECS/etcd/etcd-3.5.0.spec +++ b/SPECS/etcd/etcd-3.5.0.spec @@ -3,7 +3,7 @@ Summary: A highly-available key value store for shared configuration Name: etcd Version: 3.5.0 -Release: 17%{?dist} +Release: 18%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -142,6 +142,9 @@ install -vdm755 %{buildroot}%{_sharedstatedir}/etcd /%{_docdir}/%{name}-%{version}-tools/* %changelog +* Tue Oct 10 2023 Dan Streetman - 3.5.0-18 +- Bump release to rebuild with updated version of Go. + * Wed Aug 23 2023 Rachel Menge - 3.5.0-17 - Backport patch for CVE-2023-32082 - Update patch fuzz to 2 for backporting patch diff --git a/SPECS/etcd/etcd-3.5.1.spec b/SPECS/etcd/etcd-3.5.1.spec index 43cccd3038a..68586566ebe 100644 --- a/SPECS/etcd/etcd-3.5.1.spec +++ b/SPECS/etcd/etcd-3.5.1.spec @@ -3,7 +3,7 @@ Summary: A highly-available key value store for shared configuration Name: etcd Version: 3.5.1 -Release: 15%{?dist} +Release: 16%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -147,6 +147,9 @@ install -vdm755 %{buildroot}%{_sharedstatedir}/etcd /%{_docdir}/%{name}-%{version}-tools/* %changelog +* Tue Oct 10 2023 Dan Streetman - 3.5.1-16 +- Bump release to rebuild with updated version of Go. + * Wed Aug 23 2023 Rachel Menge - 3.5.1-15 - Backport patch for CVE-2023-32082 - Update patch fuzz to 2 for backporting patch diff --git a/SPECS/etcd/etcd-3.5.3.spec b/SPECS/etcd/etcd-3.5.3.spec index 6860ca1cac0..70de8ea1b68 100644 --- a/SPECS/etcd/etcd-3.5.3.spec +++ b/SPECS/etcd/etcd-3.5.3.spec @@ -3,7 +3,7 @@ Summary: A highly-available key value store for shared configuration Name: etcd Version: 3.5.3 -Release: 10%{?dist} +Release: 11%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -147,6 +147,9 @@ install -vdm755 %{buildroot}%{_sharedstatedir}/etcd /%{_docdir}/%{name}-%{version}-tools/* %changelog +* Tue Oct 10 2023 Dan Streetman - 3.5.3-11 +- Bump release to rebuild with updated version of Go. + * Wed Aug 23 2023 Rachel Menge - 3.5.3-10 - Backport patch for CVE-2023-32082 - Update patch fuzz to 2 for backporting patch diff --git a/SPECS/etcd/etcd-3.5.4.spec b/SPECS/etcd/etcd-3.5.4.spec index 572d2f1d599..5dfe4224376 100644 --- a/SPECS/etcd/etcd-3.5.4.spec +++ b/SPECS/etcd/etcd-3.5.4.spec @@ -3,7 +3,7 @@ Summary: A highly-available key value store for shared configuration Name: etcd Version: 3.5.4 -Release: 10%{?dist} +Release: 11%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -147,6 +147,9 @@ install -vdm755 %{buildroot}%{_sharedstatedir}/etcd /%{_docdir}/%{name}-%{version}-tools/* %changelog +* Tue Oct 10 2023 Dan Streetman - 3.5.4-11 +- Bump release to rebuild with updated version of Go. + * Wed Aug 23 2023 Rachel Menge - 3.5.4-10 - Backport patch for CVE-2023-32082 - Update patch fuzz to 2 for backporting patch diff --git a/SPECS/etcd/etcd-3.5.5.spec b/SPECS/etcd/etcd-3.5.5.spec index 460b653605a..36876120468 100644 --- a/SPECS/etcd/etcd-3.5.5.spec +++ b/SPECS/etcd/etcd-3.5.5.spec @@ -3,7 +3,7 @@ Summary: A highly-available key value store for shared configuration Name: etcd Version: 3.5.5 -Release: 10%{?dist} +Release: 11%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -147,6 +147,9 @@ install -vdm755 %{buildroot}%{_sharedstatedir}/etcd /%{_docdir}/%{name}-%{version}-tools/* %changelog +* Tue Oct 10 2023 Dan Streetman - 3.5.5-11 +- Bump release to rebuild with updated version of Go. + * Wed Aug 23 2023 Rachel Menge - 3.5.5-10 - Patch CVE-2023-32082 - Update patch fuzz to 2 for backporting patch diff --git a/SPECS/etcd/etcd-3.5.6.spec b/SPECS/etcd/etcd-3.5.6.spec index d99d05b289a..8e6ce721d37 100644 --- a/SPECS/etcd/etcd-3.5.6.spec +++ b/SPECS/etcd/etcd-3.5.6.spec @@ -3,7 +3,7 @@ Summary: A highly-available key value store for shared configuration Name: etcd Version: 3.5.6 -Release: 10%{?dist} +Release: 11%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -147,6 +147,9 @@ install -vdm755 %{buildroot}%{_sharedstatedir}/etcd /%{_docdir}/%{name}-%{version}-tools/* %changelog +* Tue Oct 10 2023 Dan Streetman - 3.5.6-11 +- Bump release to rebuild with updated version of Go. + * Wed Aug 23 2023 Rachel Menge - 3.5.6-10 - Patch CVE-2023-32082 - Update patch fuzz to 2 for backporting patch diff --git a/SPECS/flannel/flannel.spec b/SPECS/flannel/flannel.spec index f94f292d6dd..cce5effe1e8 100644 --- a/SPECS/flannel/flannel.spec +++ b/SPECS/flannel/flannel.spec @@ -4,7 +4,7 @@ Summary: Simple and easy way to configure a layer 3 network fabric designed for Kubernetes Name: flannel Version: 0.14.0 -Release: 17%{?dist} +Release: 18%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -48,6 +48,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} ./dist/flanneld %{_bindir}/flanneld %changelog +* Tue Oct 10 2023 Dan Streetman - 0.14.0-18 +- Bump release to rebuild with updated version of Go. + * Tue Oct 03 2023 Mandeep Plaha - 0.14.0-17 - Bump release to rebuild against glibc 2.35-5 diff --git a/SPECS/gh/gh.spec b/SPECS/gh/gh.spec index 5c9df22ba50..2619ae97125 100644 --- a/SPECS/gh/gh.spec +++ b/SPECS/gh/gh.spec @@ -1,7 +1,7 @@ Summary: GitHub official command line tool Name: gh Version: 2.13.0 -Release: 14%{?dist} +Release: 15%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -72,6 +72,9 @@ make test %{_datadir}/zsh/site-functions/_gh %changelog +* Tue Oct 10 2023 Dan Streetman - 2.13.0-15 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 2.13.0-14 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/git-lfs/git-lfs.spec b/SPECS/git-lfs/git-lfs.spec index 73a82b48ac9..8f35d7c8443 100644 --- a/SPECS/git-lfs/git-lfs.spec +++ b/SPECS/git-lfs/git-lfs.spec @@ -2,7 +2,7 @@ Summary: Git extension for versioning large files Name: git-lfs Version: 3.1.4 -Release: 13%{?dist} +Release: 14%{?dist} Group: System Environment/Programming Vendor: Microsoft Corporation Distribution: Mariner @@ -77,6 +77,9 @@ git lfs uninstall %{_mandir}/man5/* %changelog +* Tue Oct 10 2023 Dan Streetman - 3.1.4-14 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 3.1.4-13 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/glide/glide.spec b/SPECS/glide/glide.spec index 63cb8c859a6..0aa5139d537 100644 --- a/SPECS/glide/glide.spec +++ b/SPECS/glide/glide.spec @@ -1,7 +1,7 @@ Summary: Vendor Package Management for Golang Name: glide Version: 0.13.3 -Release: 22%{?dist} +Release: 23%{?dist} License: MIT URL: https://github.com/Masterminds/glide # Source0: https://github.com/Masterminds/%{name}/archive/v%{version}.tar.gz @@ -53,6 +53,9 @@ popd %{_bindir}/glide %changelog +* Tue Oct 10 2023 Dan Streetman - 0.13.3-23 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 0.13.3-22 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/go-md2man/go-md2man.spec b/SPECS/go-md2man/go-md2man.spec index 085aca2f6ea..b5848b7e89e 100644 --- a/SPECS/go-md2man/go-md2man.spec +++ b/SPECS/go-md2man/go-md2man.spec @@ -1,7 +1,7 @@ Summary: Converts markdown into roff (man pages) Name: go-md2man Version: 2.0.1 -Release: 19%{?dist} +Release: 20%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -48,6 +48,9 @@ cp go-md2man-%{version}/LICENSE.md %{buildroot}%{_docdir}/%{name}-%{version}/LIC %{_bindir}/go-md2man %changelog +* Tue Oct 10 2023 Dan Streetman - 2.0.1-20 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 2.0.1-19 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/gobject-introspection/gobject-introspection.spec b/SPECS/gobject-introspection/gobject-introspection.spec index ecf16368955..2247c816cbc 100644 --- a/SPECS/gobject-introspection/gobject-introspection.spec +++ b/SPECS/gobject-introspection/gobject-introspection.spec @@ -2,7 +2,7 @@ Summary: Introspection system for GObject-based libraries Name: gobject-introspection Version: %{BaseVersion}.0 -Release: 14%{?dist} +Release: 15%{?dist} License: GPLv2+ AND LGPLv2+ AND MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -98,6 +98,9 @@ find %{buildroot} -type f -name "*.la" -delete -print %{_mandir}/man1/*.gz %changelog +* Tue Oct 10 2023 Dan Streetman - 1.71.0-15 +- Bump release to rebuild with updated version of Go. + * Wed Sep 20 2023 Jon Slobodzian - 1.71.0-14 - Recompile with stack-protection fixed gcc version (CVE-2023-4039) diff --git a/SPECS/golang/CVE-2023-44487.patch b/SPECS/golang/CVE-2023-44487.patch new file mode 100755 index 00000000000..fc30974d120 --- /dev/null +++ b/SPECS/golang/CVE-2023-44487.patch @@ -0,0 +1,592 @@ +From 9090209645b6984947ebc7ed8dad1ff6851351f3 Mon Sep 17 00:00:00 2001 +From: Davis Goodin +Date: Fri, 6 Oct 2023 10:00:13 -0700 +Subject: [PATCH] net/http: add configurable http2 limits and reduce + unnecessary work + +--- + src/net/http/h2_bundle.go | 393 +++++++++++++++++++++++++++++++++++--- + 1 file changed, 370 insertions(+), 23 deletions(-) + +diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go +index 1e0b83d493..4a8119161f 100644 +--- a/src/net/http/h2_bundle.go ++++ b/src/net/http/h2_bundle.go +@@ -3791,11 +3791,178 @@ func (p *http2pipe) Done() <-chan struct{} { + } + + const ( +- http2prefaceTimeout = 10 * time.Second +- http2firstSettingsTimeout = 2 * time.Second // should be in-flight with preface anyway +- http2handlerChunkWriteSize = 4 << 10 +- http2defaultMaxStreams = 250 // TODO: make this 100 as the GFE seems to? +- http2maxQueuedControlFrames = 10000 ++ http2prefaceTimeout = 10 * time.Second ++ http2firstSettingsTimeout = 2 * time.Second // should be in-flight with preface anyway ++ http2handlerChunkWriteSize = 4 << 10 ++ http2defaultMaxStreams = 250 // TODO: make this 100 as the GFE seems to? ++) ++ ++// Set up limits configured by environment variables. ++func init() { ++ var fail bool ++ checkErr := func(name string, err error) { ++ if err != nil { ++ fmt.Fprintf(os.Stderr, "could not parse environment for http2 limit config: %v: %v\n", name, err) ++ fail = true ++ } ++ } ++ boolEnv := func(name string) (bool, bool) { ++ if v := os.Getenv(name); v != "" { ++ b, err := strconv.ParseBool(v) ++ checkErr(name, err) ++ return b, true ++ } ++ return false, false ++ } ++ setBoolEnv := func(name string, p *bool) { ++ if v, ok := boolEnv(name); ok { ++ *p = v ++ } ++ } ++ setUint32Env := func(name string, p *uint32) { ++ if v := os.Getenv(name); v != "" { ++ parsed, err := strconv.ParseUint(v, 10, 32) ++ checkErr(name, err) ++ *p = uint32(parsed) ++ } ++ } ++ setInt32Env := func(name string, p *int) { ++ if v := os.Getenv(name); v != "" { ++ parsed, err := strconv.ParseInt(v, 10, 32) ++ checkErr(name, err) ++ *p = int(parsed) ++ } ++ } ++ setFloat64Env := func(name string, p *float64) { ++ if v := os.Getenv(name); v != "" { ++ parsed, err := strconv.ParseFloat(v, 64) ++ checkErr(name, err) ++ *p = parsed ++ } ++ ++ } ++ setDurationEnv := func(name string, p *time.Duration) { ++ if v := os.Getenv(name); v != "" { ++ parsed, err := time.ParseDuration(v) ++ checkErr(name, err) ++ *p = parsed ++ } ++ } ++ ++ const ( ++ rrlEnable = "MS_GO_HTTP2_RESET_RATE_LIMIT_ENABLE" ++ rrlMax = "MS_GO_HTTP2_RESET_RATE_LIMIT_MAX" ++ rrlWindow = "MS_GO_HTTP2_RESET_RATE_LIMIT_WINDOW" ++ rpEnable = "MS_GO_HTTP2_MAX_RESET_PROPORTION_ENABLE" ++ rpPercent = "MS_GO_HTTP2_MAX_RESET_PROPORTION_PERCENT" ++ rpMinReq = "MS_GO_HTTP2_MAX_RESET_PROPORTION_MIN_REQUESTS" ++ eycGoAwayTimeout = "MS_GO_HTTP2_CUSTOM_EYC_GOAWAY_TIMEOUT" ++ prEnable = "MS_GO_HTTP2_PREMATURE_RESET_LIMIT_ENABLE" ++ prMinStreams = "MS_GO_HTTP2_PREMATURE_RESET_LIMIT_MIN_STREAMS" ++ chlEnable = "MS_GO_HTTP2_CONCURRENT_HANDLER_LIMIT_ENABLE" ++ chlDouble = "MS_GO_HTTP2_CONCURRENT_HANDLER_LIMIT_DOUBLE" ++ chhlEnable = "MS_GO_HTTP2_CONCURRENT_HEADER_HANDLER_LIMIT_ENABLE" ++ closeConn = "MS_GO_HTTP2_EAGER_CLOSE_CONNECTION" ++ qcfMax = "MS_GO_HTTP2_MAX_QUEUED_CONTROL_FRAMES" ++ reuseF = "MS_GO_HTTP2_REUSE_FRAMES" ++ configEcho = "MS_GO_HTTP2_CONFIG_ECHO" ++ ) ++ ++ setBoolEnv(rrlEnable, &http2enableResetRateLimit) ++ if http2enableResetRateLimit { ++ setUint32Env(rrlMax, &http2resetRateLimitMax) ++ setDurationEnv(rrlWindow, &http2resetRateLimitWindow) ++ } ++ ++ setBoolEnv(rpEnable, &http2enableProportionalMaxReset) ++ if http2enableProportionalMaxReset { ++ setFloat64Env(rpPercent, &http2proportionalMaxResetPercent) ++ setUint32Env(rpMinReq, &http2proportionalMinRequests) ++ } ++ ++ setDurationEnv(eycGoAwayTimeout, &http2goAwayEnhanceYourCalmTimeout) ++ ++ setBoolEnv(prEnable, &http2enablePrematureResetLimit) ++ if http2enablePrematureResetLimit { ++ setUint32Env(prMinStreams, &http2prematureResetLimitMinStreams) ++ } ++ ++ setBoolEnv(chlEnable, &http2enableConcurrentHandlerLimit) ++ if http2enableConcurrentHandlerLimit { ++ if enabled, _ := boolEnv(chlDouble); enabled { ++ http2concurrentHandlerFactor = 2 ++ } ++ } ++ ++ setBoolEnv(chhlEnable, &http2enableConcurrentHeaderHandlerLimit) ++ ++ setBoolEnv(closeConn, &http2eagerCloseConnection) ++ ++ setInt32Env(qcfMax, &http2maxQueuedControlFrames) ++ ++ setBoolEnv(reuseF, &http2reuseFrames) ++ ++ setBoolEnv(configEcho, &http2enableConfigEcho) ++ ++ if http2enableConfigEcho { ++ fmt.Fprintln(os.Stderr, "--- http2 rate limit extras --- list of effective settings ---") ++ fmt.Fprintln(os.Stderr, rrlEnable, "=", http2enableResetRateLimit) ++ fmt.Fprintln(os.Stderr, rrlMax, "=", http2resetRateLimitMax) ++ fmt.Fprintln(os.Stderr, rrlWindow, "=", http2resetRateLimitWindow) ++ fmt.Fprintln(os.Stderr, rpEnable, "=", http2enableProportionalMaxReset) ++ fmt.Fprintln(os.Stderr, rpPercent, "=", http2proportionalMaxResetPercent) ++ fmt.Fprintln(os.Stderr, rpMinReq, "=", http2proportionalMinRequests) ++ fmt.Fprintln(os.Stderr, eycGoAwayTimeout, "=", http2goAwayEnhanceYourCalmTimeout) ++ fmt.Fprintln(os.Stderr, prEnable, "=", http2enablePrematureResetLimit) ++ fmt.Fprintln(os.Stderr, prMinStreams, "=", http2prematureResetLimitMinStreams) ++ fmt.Fprintln(os.Stderr, chlEnable, "=", http2enableConcurrentHandlerLimit) ++ fmt.Fprintln(os.Stderr, chlDouble, "resulted in factor of", http2concurrentHandlerFactor) ++ fmt.Fprintln(os.Stderr, chhlEnable, "=", http2enableConcurrentHeaderHandlerLimit) ++ fmt.Fprintln(os.Stderr, closeConn, "=", http2eagerCloseConnection) ++ fmt.Fprintln(os.Stderr, qcfMax, "=", http2maxQueuedControlFrames) ++ fmt.Fprintln(os.Stderr, reuseF, "=", http2reuseFrames) ++ fmt.Fprintln(os.Stderr, configEcho, "=", http2enableConfigEcho) ++ } ++ ++ if fail { ++ os.Exit(1) ++ } ++} ++ ++// Controls for additional rate limiting and performance-related configuration. ++// The defaults below are based on other implementations and experimentation and ++// aren't tuned to a specific Go scenario unless noted. ++var ( ++ http2enableResetRateLimit bool // enable a rate limit on the number of resets performed by a connection. ++ http2resetRateLimitMax uint32 = 1000 // Maximum number of resets to allow. ++ http2resetRateLimitWindow = time.Second * 30 // The time window the maximum limit is applied to. Performs a simple counter reset. Not a sliding window. ++ ++ http2enableProportionalMaxReset bool // Enable a maximum number of resets as a percentage of new streams created. ++ http2proportionalMaxResetPercent float64 = 99.0 // Maximum % of resets per new streams to allow. ++ http2proportionalMinRequests uint32 = 1000 // Minimum number of requests before applying the max reset rate. ++ ++ http2goAwayEnhanceYourCalmTimeout = http2goAwayTimeout // An override timeout for a GOAWAY with the EnhanceYourCalm error. ++ ++ // Enable a limit to the number of times a connection can prematurely reset ++ // streams. A reset is considered premature if it arrives before the ++ // response headers are sent. ++ http2enablePrematureResetLimit bool ++ http2prematureResetLimitMinStreams uint32 = 500 // Number of total streams that must be reached before the rule is applied. ++ ++ // Enable a limit to the number of handlers that will run concurrently to ++ // serve each connection. The limit is set to the max number of streams. ++ http2enableConcurrentHandlerLimit bool = true ++ http2concurrentHandlerFactor uint32 = 1 // A multiple of the max number of streams to use as the limit. 1, or 2 if doubled by config. ++ ++ // Enable a limit to the number of headers that will be handled concurrently. ++ // This uses the same limit as the concurrent handler limit. ++ http2enableConcurrentHeaderHandlerLimit bool = true ++ ++ http2eagerCloseConnection bool // Treat some stream errors as connection errors to eagerly close the connection. ++ http2maxQueuedControlFrames int = 500 // Maximum number of control frames that can be queued. Exceeding this limit closes the connection. ++ http2reuseFrames bool = true // Call SetReuseFrames. It isn't clear this is safe, but we haven't found a reason not to. ++ ++ http2enableConfigEcho bool // Print the settings to stderr. Use to ensure the config is as expected. + ) + + var ( +@@ -4165,6 +4332,13 @@ func (s *http2Server) ServeConn(c net.Conn, opts *http2ServeConnOpts) { + sawClientPreface: opts.SawClientPreface, + } + ++ if http2enableConcurrentHeaderHandlerLimit { ++ sc.headerHandlerSem = make(chan struct{}, s.maxConcurrentStreams()*http2concurrentHandlerFactor) ++ for i := 0; i < cap(sc.headerHandlerSem); i++ { ++ sc.headerHandlerSem <- struct{}{} ++ } ++ } ++ + s.state.registerConn(sc) + defer s.state.unregisterConn(sc) + +@@ -4198,6 +4372,9 @@ func (s *http2Server) ServeConn(c net.Conn, opts *http2ServeConnOpts) { + fr.ReadMetaHeaders = hpack.NewDecoder(s.maxDecoderHeaderTableSize(), nil) + fr.MaxHeaderListSize = sc.maxHeaderListSize() + fr.SetMaxReadFrameSize(s.maxReadFrameSize()) ++ if http2reuseFrames { ++ fr.SetReuseFrames() ++ } + sc.framer = fr + + if tc, ok := c.(http2connectionStater); ok { +@@ -4308,6 +4485,8 @@ type http2serverConn struct { + remoteAddrStr string + writeSched http2WriteScheduler + ++ headerHandlerSem chan struct{} // semaphore restricting the number of active header handlers. Receive to lock, send to unlock. ++ + // Everything following is owned by the serve loop; use serveG.check(): + serveG http2goroutineLock // used to verify funcs are on serve() + pushEnabled bool +@@ -4320,9 +4499,11 @@ type http2serverConn struct { + advMaxStreams uint32 // our SETTINGS_MAX_CONCURRENT_STREAMS advertised the client + curClientStreams uint32 // number of open streams initiated by the client + curPushedStreams uint32 // number of open streams initiated by server push ++ curHandlers uint32 // number of running handler goroutines + maxClientStreamID uint32 // max ever seen from client (odd), or 0 if there have been no client requests + maxPushPromiseID uint32 // ID of the last push promise (even), or 0 if there have been no pushes + streams map[uint32]*http2stream ++ unstartedHandlers []http2unstartedHandler + initialStreamSendWindowSize int32 + maxFrameSize int32 + peerMaxHeaderListSize uint32 // zero means unknown (default) +@@ -4338,6 +4519,21 @@ type http2serverConn struct { + shutdownTimer *time.Timer // nil until used + idleTimer *time.Timer // nil if unused + ++ // Also owned by the serve loop; use serveG.check(): ++ ++ // totalStreams is used by enablePrematureResetLimit and enableProportionalMaxReset. ++ // Total number of streams created over lifetime of the connection. ++ totalStreams uint32 ++ ++ // See enableResetRateLimit bool ++ resetCount uint32 ++ nextCountReset time.Time ++ // See enableProportionalMaxReset bool ++ totalResetRequests uint32 ++ ++ minResetStreams uint32 // number of streams which must be reset before checking for excessive prematurely reset streams. ++ prematureResetStreams uint32 // number of premature reset streams ++ + // Owned by the writeFrameAsync goroutine: + headerWriteBuf bytes.Buffer + hpackEncoder *hpack.Encoder +@@ -4718,6 +4914,8 @@ func (sc *http2serverConn) serve() { + return + case http2gracefulShutdownMsg: + sc.startGracefulShutdownInternal() ++ case http2handlerDoneMsg: ++ sc.handlerDone() + default: + panic("unknown timer") + } +@@ -4744,7 +4942,11 @@ func (sc *http2serverConn) serve() { + sentGoAway := sc.inGoAway && !sc.needToSendGoAway && !sc.writingFrame + gracefulShutdownComplete := sc.goAwayCode == http2ErrCodeNo && sc.curOpenStreams() == 0 + if sentGoAway && sc.shutdownTimer == nil && (sc.goAwayCode != http2ErrCodeNo || gracefulShutdownComplete) { +- sc.shutDownIn(http2goAwayTimeout) ++ if sc.goAwayCode == http2ErrCodeEnhanceYourCalm { ++ sc.shutDownIn(http2goAwayEnhanceYourCalmTimeout) ++ } else { ++ sc.shutDownIn(http2goAwayTimeout) ++ } + } + } + } +@@ -4765,6 +4967,7 @@ var ( + http2idleTimerMsg = new(http2serverMessage) + http2shutdownTimerMsg = new(http2serverMessage) + http2gracefulShutdownMsg = new(http2serverMessage) ++ http2handlerDoneMsg = new(http2serverMessage) + ) + + func (sc *http2serverConn) onSettingsTimer() { sc.sendServeMsg(http2settingsTimerMsg) } +@@ -5171,6 +5374,7 @@ func (sc *http2serverConn) resetStream(se http2StreamError) { + sc.writeFrame(http2FrameWriteRequest{write: se}) + if st, ok := sc.streams[se.StreamID]; ok { + st.resetQueued = true ++ st.cancelCtx() + } + } + +@@ -5336,6 +5540,20 @@ func (sc *http2serverConn) processWindowUpdate(f *http2WindowUpdateFrame) error + func (sc *http2serverConn) processResetStream(f *http2RSTStreamFrame) error { + sc.serveG.check() + ++ if http2enableResetRateLimit { ++ now := time.Now() ++ if now.After(sc.nextCountReset) { ++ sc.nextCountReset = now.Add(http2resetRateLimitWindow) ++ sc.resetCount = 0 ++ } ++ // Count all reset frames, whether or not there is an associated active stream. This rate ++ // limit is following an approach that simply counts incoming frames. ++ sc.resetCount++ ++ if sc.resetCount > http2resetRateLimitMax { ++ return sc.countError("", http2ConnectionError(http2ErrCodeEnhanceYourCalm)) ++ } ++ } ++ + state, st := sc.state(f.StreamID) + if state == http2stateIdle { + // 6.4 "RST_STREAM frames MUST NOT be sent for a +@@ -5346,8 +5564,30 @@ func (sc *http2serverConn) processResetStream(f *http2RSTStreamFrame) error { + return sc.countError("reset_idle_stream", http2ConnectionError(http2ErrCodeProtocol)) + } + if st != nil { ++ if http2enableProportionalMaxReset { ++ // Count reset requests that are actually closing a stream. This counter is compared to ++ // a counter tracking number of streams that are actually created. Counting only ++ // actually-closed streams is intended to keep the counts balanced. ++ sc.totalResetRequests++ ++ rate := 100 * float64(sc.totalResetRequests) / float64(sc.totalStreams) ++ if sc.totalStreams > uint32(http2proportionalMinRequests) && rate > http2proportionalMaxResetPercent { ++ return sc.countError("", http2ConnectionError(http2ErrCodeEnhanceYourCalm)) ++ } ++ } + st.cancelCtx() + sc.closeStream(st, http2streamError(f.StreamID, f.ErrCode)) ++ if http2enablePrematureResetLimit { ++ // Check if the request was prematurely reset, by comparing its lifetime ++ // to the configured threshold. ++ if !st.wroteHeaders { ++ sc.prematureResetStreams++ ++ if sc.totalStreams > http2prematureResetLimitMinStreams && ++ float64(sc.prematureResetStreams)/float64(sc.totalStreams) >= 0.5 { ++ // Returning an error here will cause a GOAWAY to be sent. ++ return sc.countError("too_many_premature_resets", http2ConnectionError(http2ErrCodeEnhanceYourCalm)) ++ } ++ } ++ } + } + return nil + } +@@ -5369,6 +5609,7 @@ func (sc *http2serverConn) closeStream(st *http2stream, err error) { + } else { + sc.curClientStreams-- + } ++ st.cancelCtx() + delete(sc.streams, st.id) + if len(sc.streams) == 0 { + sc.setConnState(StateIdle) +@@ -5533,7 +5774,11 @@ func (sc *http2serverConn) processData(f *http2DataFrame) error { + // Already have a stream error in flight. Don't send another. + return nil + } +- return sc.countError("closed", http2streamError(id, http2ErrCodeStreamClosed)) ++ if http2eagerCloseConnection { ++ return sc.countError("closed", http2ConnectionError(http2ErrCodeStreamClosed)) ++ } else { ++ return sc.countError("closed", http2streamError(id, http2ErrCodeStreamClosed)) ++ } + } + if st.body == nil { + panic("internal error: should have a body in this state") +@@ -5675,7 +5920,11 @@ func (sc *http2serverConn) processHeaders(f *http2MetaHeadersFrame) error { + // this state, it MUST respond with a stream error (Section 5.4.2) of + // type STREAM_CLOSED. + if st.state == http2stateHalfClosedRemote { +- return sc.countError("headers_half_closed", http2streamError(id, http2ErrCodeStreamClosed)) ++ if http2eagerCloseConnection { ++ return sc.countError("headers_half_closed", http2ConnectionError(http2ErrCodeStreamClosed)) ++ } else { ++ return sc.countError("headers_half_closed", http2streamError(id, http2ErrCodeStreamClosed)) ++ } + } + return st.processTrailerHeaders(f) + } +@@ -5713,6 +5962,24 @@ func (sc *http2serverConn) processHeaders(f *http2MetaHeadersFrame) error { + return sc.countError("over_max_streams_race", http2streamError(id, http2ErrCodeRefusedStream)) + } + ++ var scheduled bool ++ if http2enableConcurrentHeaderHandlerLimit { ++ t := time.NewTimer(33 * time.Second) // longer than the 30-second timeout used by kube clients ++ defer t.Stop() ++ ++ select { ++ case <-sc.headerHandlerSem: ++ case <-t.C: ++ return sc.countError("timeout_handlers", http2streamError(id, http2ErrCodeEnhanceYourCalm)) ++ } ++ ++ defer func() { ++ if !scheduled { ++ sc.headerHandlerSem <- struct{}{} ++ } ++ }() ++ } ++ + initialState := http2stateOpen + if f.StreamEnded() { + initialState = http2stateHalfClosedRemote +@@ -5759,7 +6026,8 @@ func (sc *http2serverConn) processHeaders(f *http2MetaHeadersFrame) error { + } + } + +- go sc.runHandler(rw, req, handler) ++ scheduled = true ++ sc.scheduleHandler(id, rw, req, handler, true) + return nil + } + +@@ -5780,7 +6048,7 @@ func (sc *http2serverConn) upgradeRequest(req *Request) { + sc.conn.SetReadDeadline(time.Time{}) + } + +- go sc.runHandler(rw, req, sc.handler.ServeHTTP) ++ sc.scheduleHandler(id, rw, req, sc.handler.ServeHTTP, false) + } + + func (st *http2stream) processTrailerHeaders(f *http2MetaHeadersFrame) error { +@@ -5838,6 +6106,14 @@ func (sc *http2serverConn) newStream(id, pusherID uint32, state http2streamState + panic("internal error: cannot create stream with id 0") + } + ++ sc.totalStreams++ ++ // Detect wraparounds. ++ if sc.totalStreams == 0 { ++ // Reset the premature reset counter, else ++ // it will skew the reset ratio. ++ sc.prematureResetStreams = 0 ++ } ++ + ctx, cancelCtx := context.WithCancel(sc.baseCtx) + st := &http2stream{ + sc: sc, +@@ -6010,25 +6286,88 @@ func (sc *http2serverConn) newWriterAndRequestNoBody(st *http2stream, rp http2re + } + + func (sc *http2serverConn) newResponseWriter(st *http2stream, req *Request) *http2responseWriter { +- rws := http2responseWriterStatePool.Get().(*http2responseWriterState) +- bwSave := rws.bw +- *rws = http2responseWriterState{} // zero all the fields +- rws.conn = sc +- rws.bw = bwSave +- rws.bw.Reset(http2chunkWriter{rws}) +- rws.stream = st +- rws.req = req +- return &http2responseWriter{rws: rws} ++ out := &http2responseWriter{} ++ out.prep = func() { ++ rws := http2responseWriterStatePool.Get().(*http2responseWriterState) ++ bwSave := rws.bw ++ *rws = http2responseWriterState{} // zero all the fields ++ rws.conn = sc ++ rws.bw = bwSave ++ rws.bw.Reset(http2chunkWriter{rws}) ++ rws.stream = st ++ rws.req = req ++ out.rws = rws ++ } ++ return out ++} ++ ++type http2unstartedHandler struct { ++ streamID uint32 ++ rw *http2responseWriter ++ req *Request ++ handler func(ResponseWriter, *Request) ++ isHeader bool ++} ++ ++// scheduleHandler starts a handler goroutine, ++// or schedules one to start as soon as an existing handler finishes. ++func (sc *http2serverConn) scheduleHandler(streamID uint32, rw *http2responseWriter, req *Request, handler func(ResponseWriter, *Request), isHeader bool) { ++ sc.serveG.check() ++ maxHandlers := sc.advMaxStreams * http2concurrentHandlerFactor ++ if sc.curHandlers < maxHandlers || !http2enableConcurrentHandlerLimit { ++ sc.curHandlers++ ++ go sc.runHandler(rw, req, handler, isHeader) ++ return ++ } ++ sc.unstartedHandlers = append(sc.unstartedHandlers, http2unstartedHandler{ ++ streamID: streamID, ++ rw: rw, ++ req: req, ++ handler: handler, ++ isHeader: isHeader, ++ }) ++ return ++} ++ ++func (sc *http2serverConn) handlerDone() { ++ sc.serveG.check() ++ sc.curHandlers-- ++ i := 0 ++ maxHandlers := sc.advMaxStreams * http2concurrentHandlerFactor ++ for ; i < len(sc.unstartedHandlers); i++ { ++ u := sc.unstartedHandlers[i] ++ if sc.streams[u.streamID] == nil { ++ // This stream was reset before its goroutine had a chance to start. ++ if http2enableConcurrentHeaderHandlerLimit && u.isHeader { ++ sc.headerHandlerSem <- struct{}{} ++ } ++ continue ++ } ++ if sc.curHandlers >= maxHandlers { ++ break ++ } ++ sc.curHandlers++ ++ go sc.runHandler(u.rw, u.req, u.handler, u.isHeader) ++ } ++ sc.unstartedHandlers = sc.unstartedHandlers[i:] + } + + // Run on its own goroutine. +-func (sc *http2serverConn) runHandler(rw *http2responseWriter, req *Request, handler func(ResponseWriter, *Request)) { ++func (sc *http2serverConn) runHandler(rw *http2responseWriter, req *Request, handler func(ResponseWriter, *Request), isHeader bool) { ++ if rw.rws == nil { ++ rw.prep() ++ } ++ + didPanic := true + defer func() { + rw.rws.stream.cancelCtx() + if req.MultipartForm != nil { + req.MultipartForm.RemoveAll() + } ++ if http2enableConcurrentHeaderHandlerLimit && isHeader { ++ sc.headerHandlerSem <- struct{}{} ++ } ++ sc.sendServeMsg(http2handlerDoneMsg) + if didPanic { + e := recover() + sc.writeFrameFromHandler(http2FrameWriteRequest{ +@@ -6046,7 +6385,10 @@ func (sc *http2serverConn) runHandler(rw *http2responseWriter, req *Request, han + } + rw.handlerDone() + }() +- handler(rw, req) ++ // skip handler for canceled context ++ if req.Context().Err() == nil { ++ handler(rw, req) ++ } + didPanic = false + } + +@@ -6222,7 +6564,8 @@ func (b *http2requestBody) Read(p []byte) (n int, err error) { + // simply crash (caller's mistake), but the much larger responseWriterState + // and buffers are reused between multiple requests. + type http2responseWriter struct { +- rws *http2responseWriterState ++ prep func() // Assigns and prepares rws. (Lazy init.) ++ rws *http2responseWriterState + } + + // Optional http.ResponseWriter interfaces implemented. +@@ -6670,6 +7013,10 @@ func (w *http2responseWriter) write(lenData int, dataB []byte, dataS string) (n + if rws == nil { + panic("Write called after Handler finished") + } ++ if rws.stream.ctx.Err() != nil { ++ // skip write for canceled context ++ return 0, http2errStreamClosed ++ } + if !rws.wroteHeader { + w.WriteHeader(200) + } +@@ -6886,7 +7233,7 @@ func (sc *http2serverConn) startPush(msg *http2startPushRequest) { + panic(fmt.Sprintf("newWriterAndRequestNoBody(%+v): %v", msg.url, err)) + } + +- go sc.runHandler(rw, req, sc.handler.ServeHTTP) ++ go sc.runHandler(rw, req, sc.handler.ServeHTTP, false) + return promisedID, nil + } + +-- +2.42.0.windows.2 + diff --git a/SPECS/golang/golang.spec b/SPECS/golang/golang.spec index 65467e86e00..30aff21905e 100644 --- a/SPECS/golang/golang.spec +++ b/SPECS/golang/golang.spec @@ -14,7 +14,7 @@ Summary: Go Name: golang Version: 1.20.7 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD-3-Clause Vendor: Microsoft Corporation Distribution: Mariner @@ -25,6 +25,7 @@ Source1: https://dl.google.com/go/go1.4-bootstrap-20171003.tar.gz Source2: https://dl.google.com/go/go%{bootstrap_compiler_version}.src.tar.gz Patch0: go14_bootstrap_aarch64.patch Patch1: permit-requests-with-invalid-header.patch +Patch2: CVE-2023-44487.patch Obsoletes: %{name} < %{version} Provides: %{name} = %{version} Provides: go = %{version}-%{release} @@ -41,6 +42,7 @@ mv -v go go-bootstrap %setup -q -n go %patch1 -p1 +%patch2 -p1 %build # (go >= 1.20 bootstraps with go >= 1.17) @@ -143,6 +145,9 @@ fi %{_bindir}/* %changelog +* Tue Oct 10 2023 Dan Streetman - 1.20.7-2 +- Patch CVE-2023-44487 + * Tue Aug 15 2023 Muhammad Falak - 1.20.7-1 - Bump version to 1.20.7 - Introduce patch to permit requests with invalid host header diff --git a/SPECS/helm/helm.spec b/SPECS/helm/helm.spec index a454a779bea..dd7366ca4ed 100644 --- a/SPECS/helm/helm.spec +++ b/SPECS/helm/helm.spec @@ -2,7 +2,7 @@ Name: helm Version: 3.10.3 -Release: 9%{?dist} +Release: 10%{?dist} Summary: The Kubernetes Package Manager Group: Applications/Networking License: Apache 2.0 @@ -56,6 +56,9 @@ install -m 755 ./helm %{buildroot}%{_bindir} go test -v ./cmd/helm %changelog +* Tue Oct 10 2023 Dan Streetman - 3.10.3-10 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 3.10.3-9 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/influx-cli/influx-cli.spec b/SPECS/influx-cli/influx-cli.spec index 621d16b4118..6dc78fa9672 100644 --- a/SPECS/influx-cli/influx-cli.spec +++ b/SPECS/influx-cli/influx-cli.spec @@ -18,7 +18,7 @@ Summary: CLI for managing resources in InfluxDB Name: influx-cli Version: 2.6.1 -Release: 11%{?dist} +Release: 12%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -81,6 +81,9 @@ bin/influx completion zsh > %{buildroot}/%{_datadir}/zsh/site-functions/_influx %{_datadir}/zsh %changelog +* Tue Oct 10 2023 Dan Streetman - 2.6.1-12 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 2.6.1-11 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/influxdb/influxdb.spec b/SPECS/influxdb/influxdb.spec index 31db3063196..6de41423282 100644 --- a/SPECS/influxdb/influxdb.spec +++ b/SPECS/influxdb/influxdb.spec @@ -18,7 +18,7 @@ Summary: Scalable datastore for metrics, events, and real-time analytics Name: influxdb Version: 2.6.1 -Release: 10%{?dist} +Release: 11%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -144,6 +144,9 @@ go test ./... %{_tmpfilesdir}/influxdb.conf %changelog +* Tue Oct 10 2023 Dan Streetman - 2.6.1-11 +- Bump release to rebuild with updated version of Go. + * Thu Sep 07 2023 Daniel McIlvaney - 2.6.1-10 - Bump package to rebuild with rust 1.72.0 diff --git a/SPECS/jx/jx.spec b/SPECS/jx/jx.spec index 72c827f574a..2206d8812d5 100644 --- a/SPECS/jx/jx.spec +++ b/SPECS/jx/jx.spec @@ -1,7 +1,7 @@ Summary: Command line tool for working with Jenkins X. Name: jx Version: 3.2.236 -Release: 12%{?dist} +Release: 13%{?dist} License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -60,6 +60,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} ./build/jx %{_bindir}/jx %changelog +* Tue Oct 10 2023 Dan Streetman - 3.2.236-13 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 3.2.236-12 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/kata-containers-cc/kata-containers-cc.spec b/SPECS/kata-containers-cc/kata-containers-cc.spec index 5a763492c95..ff6a19c9c7b 100644 --- a/SPECS/kata-containers-cc/kata-containers-cc.spec +++ b/SPECS/kata-containers-cc/kata-containers-cc.spec @@ -8,7 +8,7 @@ Name: kata-containers-cc Version: 0.6.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Kata Confidential Containers License: ASL 2.0 Vendor: Microsoft Corporation @@ -290,6 +290,9 @@ install -D -m 0755 %{_builddir}/%{name}-%{version}/tools/osbuilder/image-builder %exclude %{osbuilder}/tools/osbuilder/rootfs-builder/ubuntu %changelog +* Tue Oct 10 2023 Dan Streetman - 0.6.1-2 +- Bump release to rebuild with updated version of Go. + * Mon Sep 18 2023 Dallas Delaney 0.6.1-1 - Update to use cloud-hypervisor-cvm and kernel-uvm-cm - Pull in latest source for genpolicy, utarfs, and overlay changes diff --git a/SPECS/kata-containers/kata-containers.spec b/SPECS/kata-containers/kata-containers.spec index 2f1d22d128e..a5aae2bc60a 100644 --- a/SPECS/kata-containers/kata-containers.spec +++ b/SPECS/kata-containers/kata-containers.spec @@ -44,7 +44,7 @@ Summary: Kata Containers version 2.x repository Name: kata-containers Version: 3.1.0 -Release: 7%{?dist} +Release: 8%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation URL: https://github.com/%{name}/%{name} @@ -230,6 +230,9 @@ ln -sf %{_bindir}/kata-runtime %{buildroot}%{_prefix}/local/bin/kata-runtime %exclude %{kataosbuilderdir}/rootfs-builder/ubuntu %changelog +* Tue Oct 10 2023 Dan Streetman - 3.1.0-8 +- Bump release to rebuild with updated version of Go. + * Wed Sep 27 2023 Dallas Delaney 3.1.0-7 - Refactor UVM build script and add -tools subpackage diff --git a/SPECS/keda/keda.spec b/SPECS/keda/keda.spec index ad15f90c613..ee480b262dc 100644 --- a/SPECS/keda/keda.spec +++ b/SPECS/keda/keda.spec @@ -1,7 +1,7 @@ Summary: Kubernetes-based Event Driven Autoscaling Name: keda Version: 2.4.0 -Release: 13%{?dist} +Release: 14%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -55,6 +55,9 @@ cp ./bin/keda-adapter %{buildroot}%{_bindir} %{_bindir}/%{name}-adapter %changelog +* Tue Oct 10 2023 Dan Streetman - 2.4.0-14 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 2.4.0-13 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/kube-vip-cloud-provider/kube-vip-cloud-provider.spec b/SPECS/kube-vip-cloud-provider/kube-vip-cloud-provider.spec index 6f16556483c..95649a848ec 100644 --- a/SPECS/kube-vip-cloud-provider/kube-vip-cloud-provider.spec +++ b/SPECS/kube-vip-cloud-provider/kube-vip-cloud-provider.spec @@ -1,7 +1,7 @@ Summary: The Kube-Vip cloud provider functions as a general-purpose cloud provider for on-premises bare-metal or virtualized setups Name: kube-vip-cloud-provider Version: 0.0.2 -Release: 11%{?dist} +Release: 12%{?dist} License: ASL 2.0 URL: https://github.com/kube-vip/kube-vip-cloud-provider Group: Applications/Text @@ -42,6 +42,9 @@ install kube-vip-cloud-provider %{buildroot}%{_bindir}/kube-vip-cloud-provider %{_bindir}/kube-vip-cloud-provider %changelog +* Tue Oct 10 2023 Dan Streetman - 0.0.2-12 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 0.0.2-11 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/kubevirt/kubevirt.spec b/SPECS/kubevirt/kubevirt.spec index 9f5ac981e6b..fe68393c1dc 100644 --- a/SPECS/kubevirt/kubevirt.spec +++ b/SPECS/kubevirt/kubevirt.spec @@ -19,7 +19,7 @@ Summary: Container native virtualization Name: kubevirt Version: 0.59.0 -Release: 8%{?dist} +Release: 9%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -211,6 +211,9 @@ install -p -m 0644 cmd/virt-handler/nsswitch.conf %{buildroot}%{_datadir}/kube-v %{_bindir}/virt-tests %changelog +* Tue Oct 10 2023 Dan Streetman - 0.59.0-9 +- Bump release to rebuild with updated version of Go. + * Tue Oct 03 2023 Mandeep Plaha - 0.59.0-8 - Bump release to rebuild against glibc 2.35-5 diff --git a/SPECS/kured/kured.spec b/SPECS/kured/kured.spec index 2ec7fac71f2..06cecc1f67d 100644 --- a/SPECS/kured/kured.spec +++ b/SPECS/kured/kured.spec @@ -25,7 +25,7 @@ Summary: Kubernetes daemonset to perform safe automatic node reboots Name: kured Version: 1.9.1 -Release: 13%{?dist} +Release: 14%{?dist} License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -122,6 +122,9 @@ sed -i -e 's|image: .*|image: registry.opensuse.org/kubic/kured:%{version}|g' %{ %{_datarootdir}/k8s-yaml/kured/kured.yaml %changelog +* Tue Oct 10 2023 Dan Streetman - 1.9.1-14 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.9.1-13 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/libguestfs/libguestfs.spec b/SPECS/libguestfs/libguestfs.spec index b632735fbd5..998d8ca5db0 100644 --- a/SPECS/libguestfs/libguestfs.spec +++ b/SPECS/libguestfs/libguestfs.spec @@ -25,7 +25,7 @@ Summary: Access and modify virtual machine disk images Name: libguestfs Version: 1.44.0 -Release: 16%{?dist} +Release: 17%{?dist} License: LGPLv2+ Vendor: Microsoft Corporation Distribution: Mariner @@ -1236,6 +1236,9 @@ rm ocaml/html/.gitignore %endif %changelog +* Tue Oct 10 2023 Dan Streetman - 1.44.0-17 +- Bump release to rebuild with updated version of Go. + * Tue Oct 03 2023 Mandeep Plaha - 1.44.0-16 - Bump release to rebuild against glibc 2.35-5 diff --git a/SPECS/libnvidia-container/libnvidia-container.spec b/SPECS/libnvidia-container/libnvidia-container.spec index f087a1ca6d4..e3c0ea927c7 100644 --- a/SPECS/libnvidia-container/libnvidia-container.spec +++ b/SPECS/libnvidia-container/libnvidia-container.spec @@ -4,7 +4,7 @@ Summary: NVIDIA container runtime library Name: libnvidia-container Version: 1.13.5 -Release: 2%{?dist} +Release: 3%{?dist} License: BSD AND ASL2.0 AND GPLv3+ AND LGPLv3+ AND MIT AND GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -132,6 +132,9 @@ This package contains command-line tools that facilitate using the library. %{_bindir}/* %changelog +* Tue Oct 10 2023 Dan Streetman - 1.13.5-3 +- Bump release to rebuild with updated version of Go. + * Wed Sep 20 2023 Jon Slobodzian - 1.13.5-2 - Recompile with stack-protection fixed gcc version (CVE-2023-4039) diff --git a/SPECS/local-path-provisioner/local-path-provisioner.spec b/SPECS/local-path-provisioner/local-path-provisioner.spec index 581147d5a87..8ef3f97438a 100644 --- a/SPECS/local-path-provisioner/local-path-provisioner.spec +++ b/SPECS/local-path-provisioner/local-path-provisioner.spec @@ -1,7 +1,7 @@ Summary: Provides a way for the Kubernetes users to utilize the local storage in each node Name: local-path-provisioner Version: 0.0.21 -Release: 11%{?dist} +Release: 12%{?dist} License: ASL 2.0 URL: https://github.com/rancher/local-path-provisioner Group: Applications/Text @@ -30,6 +30,9 @@ install local-path-provisioner %{buildroot}%{_bindir}/local-path-provisioner %{_bindir}/local-path-provisioner %changelog +* Tue Oct 10 2023 Dan Streetman - 0.0.21-12 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 0.0.21-11 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/moby-buildx/moby-buildx.spec b/SPECS/moby-buildx/moby-buildx.spec index d5a356840c2..e58e0fa0b1f 100644 --- a/SPECS/moby-buildx/moby-buildx.spec +++ b/SPECS/moby-buildx/moby-buildx.spec @@ -5,7 +5,7 @@ Summary: A Docker CLI plugin for extended build capabilities with BuildKi Name: moby-%{upstream_name} # update "commit_hash" above when upgrading version Version: 0.7.1 -Release: 13%{?dist} +Release: 14%{?dist} License: ASL 2.0 Group: Tools/Container Vendor: Microsoft Corporation @@ -42,6 +42,9 @@ cp -aT buildx "%{buildroot}/%{_libexecdir}/docker/cli-plugins/docker-buildx" %{_libexecdir}/docker/cli-plugins/docker-buildx %changelog +* Tue Oct 10 2023 Dan Streetman - 0.7.1-14 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 0.7.1-13 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/moby-cli/moby-cli.spec b/SPECS/moby-cli/moby-cli.spec index 0756c8f4b95..02ae9f80f62 100644 --- a/SPECS/moby-cli/moby-cli.spec +++ b/SPECS/moby-cli/moby-cli.spec @@ -4,7 +4,7 @@ Summary: The open-source application container engine client. Name: moby-%{upstream_name} Version: 20.10.25 -Release: 1%{?dist} +Release: 2%{?dist} License: ASL 2.0 Group: Tools/Container URL: https://github.com/docker/cli @@ -80,6 +80,9 @@ install -p -m 644 contrib/completion/fish/docker.fish %{buildroot}%{_datadir}/fi %{_datadir}/fish/vendor_completions.d/docker.fish %changelog +* Tue Oct 10 2023 Dan Streetman - 20.10.25-2 +- Bump release to rebuild with updated version of Go. + * Thu Aug 17 2023 Muhammad Falak - 20.10.25-1 - Bump version to 20.10.25 diff --git a/SPECS/moby-compose/moby-compose.spec b/SPECS/moby-compose/moby-compose.spec index 16d7a7427dd..ff6dfdd601e 100644 --- a/SPECS/moby-compose/moby-compose.spec +++ b/SPECS/moby-compose/moby-compose.spec @@ -1,7 +1,7 @@ Summary: Define and run multi-container applications with Docker Name: moby-compose Version: 2.17.2 -Release: 4%{?dist} +Release: 5%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -44,6 +44,9 @@ install -D -m0755 bin/build/docker-compose %{buildroot}/%{_libexecdir}/docker/cl %{_libexecdir}/docker/cli-plugins/docker-compose %changelog +* Tue Oct 10 2023 Dan Streetman - 2.17.2-5 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 2.17.2-4 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/moby-containerd-cc/moby-containerd-cc.spec b/SPECS/moby-containerd-cc/moby-containerd-cc.spec index 5ee01b3c822..866c47994aa 100644 --- a/SPECS/moby-containerd-cc/moby-containerd-cc.spec +++ b/SPECS/moby-containerd-cc/moby-containerd-cc.spec @@ -6,7 +6,7 @@ Summary: Industry-standard container runtime for confidential containers Name: moby-%{upstream_name} Version: 1.7.1 -Release: 4%{?dist} +Release: 5%{?dist} License: ASL 2.0 Group: Tools/Container URL: https://www.containerd.io @@ -77,6 +77,9 @@ fi %config(noreplace) %{_sysconfdir}/containerd/config.toml %changelog +* Tue Oct 10 2023 Dan Streetman - 1.7.1-5 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.7.1-4 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/moby-containerd/moby-containerd.spec b/SPECS/moby-containerd/moby-containerd.spec index 541eb46a53c..ae6163f42ab 100644 --- a/SPECS/moby-containerd/moby-containerd.spec +++ b/SPECS/moby-containerd/moby-containerd.spec @@ -5,7 +5,7 @@ Summary: Industry-standard container runtime Name: moby-%{upstream_name} Version: 1.6.22 -Release: 1%{?dist} +Release: 2%{?dist} License: ASL 2.0 Group: Tools/Container URL: https://www.containerd.io @@ -86,6 +86,9 @@ fi %config(noreplace) %{_sysconfdir}/containerd/config.toml %changelog +* Tue Oct 10 2023 Dan Streetman - 1.6.22-2 +- Bump release to rebuild with updated version of Go. + * Wed Aug 16 2023 Muhammad Falak - 1.6.22-1 - Bump version to 1.6.22 diff --git a/SPECS/moby-engine/moby-engine.spec b/SPECS/moby-engine/moby-engine.spec index dda11ddc0cf..eaf4f5b8a81 100644 --- a/SPECS/moby-engine/moby-engine.spec +++ b/SPECS/moby-engine/moby-engine.spec @@ -4,7 +4,7 @@ Summary: The open-source application container engine Name: %{upstream_name}-engine Version: 20.10.25 -Release: 1%{?dist} +Release: 2%{?dist} License: ASL 2.0 Group: Tools/Container URL: https://mobyproject.org @@ -126,6 +126,9 @@ fi %{_unitdir}/* %changelog +* Tue Oct 10 2023 Dan Streetman - 20.10.25-2 +- Bump release to rebuild with updated version of Go. + * Thu Aug 17 2023 Muhammad Falak - 20.10.25-1 - Bump version to 20.10.25 diff --git a/SPECS/moby-runc/moby-runc.spec b/SPECS/moby-runc/moby-runc.spec index c7e8e48f216..5335f6f0312 100644 --- a/SPECS/moby-runc/moby-runc.spec +++ b/SPECS/moby-runc/moby-runc.spec @@ -5,7 +5,7 @@ Summary: CLI tool for spawning and running containers per OCI spec. Name: moby-%{upstream_name} # update "commit_hash" above when upgrading version Version: 1.1.9 -Release: 1%{?dist} +Release: 2%{?dist} License: ASL 2.0 URL: https://github.com/opencontainers/runc Group: Virtualization/Libraries @@ -57,6 +57,9 @@ make install-man DESTDIR="%{buildroot}" PREFIX="%{_prefix}" %{_mandir}/* %changelog +* Tue Oct 10 2023 Dan Streetman - 1.1.9-2 +- Bump release to rebuild with updated version of Go. + * Tue Aug 15 2023 Muhammad Falak - 1.1.9-1 - Bump version to 1.1.9 diff --git a/SPECS/multus/multus.spec b/SPECS/multus/multus.spec index d9380948230..25c52654b36 100644 --- a/SPECS/multus/multus.spec +++ b/SPECS/multus/multus.spec @@ -19,7 +19,7 @@ Summary: CNI plugin providing multiple interfaces in containers Name: multus Version: 3.8 -Release: 11%{?dist} +Release: 12%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -70,6 +70,9 @@ install -D -m0644 images/multus-daemonset-crio.yml %{buildroot}%{_datadir}/k8s-y %{_datarootdir}/k8s-yaml/multus/multus.yaml %changelog +* Tue Oct 10 2023 Dan Streetman - 3.8-12 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 3.8-11 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/nginx/CVE-2023-44487.patch b/SPECS/nginx/CVE-2023-44487.patch new file mode 100644 index 00000000000..99f11b276e4 --- /dev/null +++ b/SPECS/nginx/CVE-2023-44487.patch @@ -0,0 +1,155 @@ +diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c +index 7c05ff1e7..13dcd0e0f 100644 +--- a/src/http/v2/ngx_http_v2.c ++++ b/src/http/v2/ngx_http_v2.c +@@ -194,6 +194,9 @@ static void ngx_http_v2_node_children_update(ngx_http_v2_node_t *node); + + static void ngx_http_v2_pool_cleanup(void *data); + ++static void ngx_http_v2_update_stream_rate(ngx_http_v2_connection_t *h2c); ++ ++ + + static ngx_http_v2_handler_pt ngx_http_v2_frame_states[] = { + ngx_http_v2_state_data, /* NGX_HTTP_V2_DATA_FRAME */ +@@ -1190,6 +1193,23 @@ ngx_http_v2_state_read_data(ngx_http_v2_connection_t *h2c, u_char *pos, + return ngx_http_v2_state_complete(h2c, pos, end); + } + ++static void ++ngx_http_v2_update_stream_rate(ngx_http_v2_connection_t *h2c) ++{ ++ ngx_http_v2_srv_conf_t *h2scf = ngx_http_get_module_srv_conf(h2c->http_connection->conf_ctx, ++ ngx_http_v2_module); ++ ++ /* dividing time by configured interval gives us the fixed window id */ ++ if (h2c->last_stream_record_time / h2scf->stream_rate_interval_ms ++ != ngx_current_msec / h2scf->stream_rate_interval_ms) ++ { ++ h2c->stream_rate = 0; ++ h2c->last_stream_record_time = ngx_current_msec; ++ } ++ ++ h2c->stream_rate++; ++} ++ + + static u_char * + ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos, +@@ -1321,6 +1341,27 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos, + goto rst_stream; + } + ++ /* ++ * track the number of streams per connection ++ * if stream rate exceeds the limit, send a GOAWAY frame ++ */ ++ ngx_http_v2_update_stream_rate(h2c); ++ ++ if (h2scf->max_stream_rate != 0 ++ && h2c->stream_rate >= (double) h2scf->max_stream_rate) { ++ ngx_log_error(NGX_LOG_ERR, h2c->connection->log, 0, ++ "frameshift detected, conn: %d, mitigation enabled: %d, stream rate: %ui", ++ h2c->connection->fd, h2scf->enable_frameshift_mitigation, h2c->stream_rate); ++ ++ if (h2scf->enable_frameshift_mitigation) { ++ /* ++ * finalize connection sends goaway and closes the connection ++ * when there are no more active streams ++ */ ++ return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_ENHANCE_YOUR_CALM); ++ } ++ } ++ + if (!h2c->settings_ack + && !(h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG) + && h2scf->preread_size < NGX_HTTP_V2_DEFAULT_WINDOW) +diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h +index cb9014ccf..cf5510165 100644 +--- a/src/http/v2/ngx_http_v2_module.h ++++ b/src/http/v2/ngx_http_v2_module.h +@@ -26,6 +26,9 @@ typedef struct { + ngx_uint_t concurrent_pushes; + size_t preread_size; + ngx_uint_t streams_index_mask; ++ ngx_uint_t max_stream_rate; ++ ngx_msec_t stream_rate_interval_ms; ++ ngx_flag_t enable_frameshift_mitigation; + } ngx_http_v2_srv_conf_t; + + +diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h +index cb9014ccf..cf5510165 100644 +--- a/src/http/v2/ngx_http_v2.h ++++ b/src/http/v2/ngx_http_v2.h +@@ -126,6 +126,9 @@ struct ngx_http_v2_connection_s { + ngx_uint_t idle; + ngx_uint_t priority_limit; + ++ ngx_uint_t stream_rate; ++ ngx_msec_t last_stream_record_time; ++ + ngx_uint_t pushing; + ngx_uint_t concurrent_pushes; + +diff --git a/src/http/v2/ngx_http_v2_module.c b/src/http/v2/ngx_http_v2_module.c +index 62af9a543..90266404c 100644 +--- a/src/http/v2/ngx_http_v2_module.c ++++ b/src/http/v2/ngx_http_v2_module.c +@@ -103,6 +103,27 @@ static ngx_command_t ngx_http_v2_commands[] = { + offsetof(ngx_http_v2_srv_conf_t, concurrent_pushes), + NULL }, + ++ { ngx_string("http2_max_stream_rate"), ++ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, ++ ngx_conf_set_num_slot, ++ NGX_HTTP_SRV_CONF_OFFSET, ++ offsetof(ngx_http_v2_srv_conf_t, max_stream_rate), ++ NULL }, ++ ++ { ngx_string("http2_stream_rate_interval_ms"), ++ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, ++ ngx_conf_set_msec_slot, ++ NGX_HTTP_SRV_CONF_OFFSET, ++ offsetof(ngx_http_v2_srv_conf_t, stream_rate_interval_ms), ++ NULL }, ++ ++ { ngx_string("http2_frameshift_mitigation"), ++ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, ++ ngx_conf_set_flag_slot, ++ NGX_HTTP_SRV_CONF_OFFSET, ++ offsetof(ngx_http_v2_srv_conf_t, enable_frameshift_mitigation), ++ NULL }, ++ + { ngx_string("http2_max_requests"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, + ngx_http_v2_obsolete, +@@ -323,6 +344,12 @@ ngx_http_v2_create_srv_conf(ngx_conf_t *cf) + + h2scf->streams_index_mask = NGX_CONF_UNSET_UINT; + ++ h2scf->max_stream_rate = NGX_CONF_UNSET_UINT; ++ ++ h2scf->stream_rate_interval_ms = NGX_CONF_UNSET_MSEC; ++ ++ h2scf->enable_frameshift_mitigation = NGX_CONF_UNSET; ++ + return h2scf; + } + +@@ -345,6 +372,15 @@ ngx_http_v2_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) + ngx_conf_merge_uint_value(conf->streams_index_mask, + prev->streams_index_mask, 32 - 1); + ++ ngx_conf_merge_uint_value(conf->max_stream_rate, ++ prev->max_stream_rate, 0); ++ ++ ngx_conf_merge_uint_value(conf->stream_rate_interval_ms, ++ prev->stream_rate_interval_ms, 100.0); ++ ++ ngx_conf_merge_value(conf->enable_frameshift_mitigation, ++ prev->enable_frameshift_mitigation, 0); ++ + return NGX_CONF_OK; + } + diff --git a/SPECS/nginx/nginx.spec b/SPECS/nginx/nginx.spec index c21f84acd42..4e6b2cd228e 100644 --- a/SPECS/nginx/nginx.spec +++ b/SPECS/nginx/nginx.spec @@ -7,7 +7,7 @@ Name: nginx # Currently on "stable" version of nginx from https://nginx.org/en/download.html. # Note: Stable versions are even (1.20), mainline versions are odd (1.21) Version: 1.22.1 -Release: 10%{?dist} +Release: 11%{?dist} License: BSD-2-Clause Vendor: Microsoft Corporation Distribution: Mariner @@ -17,6 +17,7 @@ Source0: https://nginx.org/download/%{name}-%{version}.tar.gz Source1: nginx.service Source2: https://github.com/nginx/njs/archive/refs/tags/%{njs_version}.tar.gz#/%{name}-njs-%{njs_version}.tar.gz Source3: https://github.com/open-telemetry/opentelemetry-cpp-contrib/archive/%{opentelemetry_cpp_contrib_git_commit}.tar.gz#/opentelemetry-cpp-contrib-%{opentelemetry_cpp_contrib_git_commit}.tar.gz +Patch0: CVE-2023-44487.patch BuildRequires: libxml2-devel BuildRequires: libxslt-devel BuildRequires: openssl-devel @@ -144,6 +145,9 @@ exit 0 %{_sysconfdir}/%{name}/modules/otel_ngx_module.so %changelog +* Thu Oct 05 2023 Dan Streetman - 1.22.1-11 +- Fix CVE-2023-44487 + * Wed Sep 20 2023 Jon Slobodzian - 1.22.1-10 - Recompile with stack-protection fixed gcc version (CVE-2023-4039) diff --git a/SPECS/nmi/nmi.spec b/SPECS/nmi/nmi.spec index 7574c7d1512..8e73d6b9cb7 100644 --- a/SPECS/nmi/nmi.spec +++ b/SPECS/nmi/nmi.spec @@ -2,7 +2,7 @@ Summary: Node Managed Identity Name: nmi Version: 1.8.7 -Release: 13%{?dist} +Release: 14%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -63,6 +63,9 @@ popd %{_bindir}/%{name} %changelog +* Tue Oct 10 2023 Dan Streetman - 1.8.7-14 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.8.7-13 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/node-problem-detector/node-problem-detector.spec b/SPECS/node-problem-detector/node-problem-detector.spec index 4f4cb5c9daa..66cf5269801 100644 --- a/SPECS/node-problem-detector/node-problem-detector.spec +++ b/SPECS/node-problem-detector/node-problem-detector.spec @@ -1,7 +1,7 @@ Summary: Kubernetes daemon to detect and report node issues Name: node-problem-detector Version: 0.8.10 -Release: 15%{?dist} +Release: 16%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -64,6 +64,9 @@ make test %config(noreplace) %{_sysconfdir}/node-problem-detector.d/* %changelog +* Tue Oct 10 2023 Dan Streetman - 0.8.10-16 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 0.8.10-15 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec b/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec index 832393114e1..0df946a8ca3 100644 --- a/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec +++ b/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec @@ -2,7 +2,7 @@ Summary: NVIDIA container runtime hook Name: nvidia-container-toolkit Version: 1.13.5 -Release: 1%{?dist} +Release: 2%{?dist} License: ALS2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -94,6 +94,9 @@ rm -f %{_bindir}/nvidia-container-toolkit %{_bindir}/nvidia-ctk %changelog +* Tue Oct 10 2023 Dan Streetman - 1.13.5-2 +- Bump release to rebuild with updated version of Go. + * Thu Aug 24 2023 Henry Li - 1.13.5-1 - Upgrade to version 1.13.5 - Enforce golang to be equal to or greater than v1.20.7 diff --git a/SPECS/opa/opa.spec b/SPECS/opa/opa.spec index b4528dd7c4b..5760c5e80a0 100644 --- a/SPECS/opa/opa.spec +++ b/SPECS/opa/opa.spec @@ -5,7 +5,7 @@ Summary: Open source, general-purpose policy engine Name: opa Version: 0.50.2 -Release: 5%{?dist} +Release: 6%{?dist} # Upstream license specification: MIT and Apache-2.0 # Main package: ASL 2.0 # internal/jwx: MIT @@ -53,6 +53,9 @@ install -D -p -m 0644 man/* %{buildroot}%{_mandir}/man1/ %{_bindir}/* %changelog +* Tue Oct 10 2023 Dan Streetman - 0.50.2-6 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 0.50.2-5 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/packer/packer.spec b/SPECS/packer/packer.spec index 586bfd64668..5524689867a 100644 --- a/SPECS/packer/packer.spec +++ b/SPECS/packer/packer.spec @@ -1,7 +1,7 @@ Summary: Tool for creating identical machine images for multiple platforms from a single source configuration. Name: packer Version: 1.8.1 -Release: 13%{?dist} +Release: 14%{?dist} License: MPLv2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -60,6 +60,9 @@ go test -mod=vendor %{_bindir}/packer %changelog +* Tue Oct 10 2023 Dan Streetman - 1.8.1-14 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.8.1-13 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/prometheus-adapter/prometheus-adapter.spec b/SPECS/prometheus-adapter/prometheus-adapter.spec index 9bfb0c5e215..77265e57c8c 100644 --- a/SPECS/prometheus-adapter/prometheus-adapter.spec +++ b/SPECS/prometheus-adapter/prometheus-adapter.spec @@ -1,7 +1,7 @@ Summary: Kubernetes Custom, Resource, and External Metric APIs implemented to work with Prometheus. Name: prometheus-adapter Version: 0.10.0 -Release: 8%{?dist} +Release: 9%{?dist} License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -41,6 +41,9 @@ make test %doc README.md RELEASE.md %changelog +* Tue Oct 10 2023 Dan Streetman - 0.10.0-9 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 0.10.0-8 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/prometheus-node-exporter/prometheus-node-exporter.spec b/SPECS/prometheus-node-exporter/prometheus-node-exporter.spec index ce2fed558c5..82ef09852cb 100644 --- a/SPECS/prometheus-node-exporter/prometheus-node-exporter.spec +++ b/SPECS/prometheus-node-exporter/prometheus-node-exporter.spec @@ -5,7 +5,7 @@ Summary: Exporter for machine metrics Name: prometheus-node-exporter Version: 1.3.1 -Release: 19%{?dist} +Release: 20%{?dist} # Upstream license specification: Apache-2.0 License: ASL 2.0 AND MIT Vendor: Microsoft Corporation @@ -107,6 +107,9 @@ getent passwd 'prometheus' >/dev/null || useradd -r -g 'prometheus' -d '%{_share %dir %attr(0755,prometheus,prometheus) %{_sharedstatedir}/prometheus/node-exporter %changelog +* Tue Oct 10 2023 Dan Streetman - 1.3.1-20 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.3.1-19 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/prometheus-process-exporter/prometheus-process-exporter.spec b/SPECS/prometheus-process-exporter/prometheus-process-exporter.spec index 926dcf13112..6a2286172fd 100644 --- a/SPECS/prometheus-process-exporter/prometheus-process-exporter.spec +++ b/SPECS/prometheus-process-exporter/prometheus-process-exporter.spec @@ -5,7 +5,7 @@ Summary: Prometheus exporter exposing process metrics from procfs Name: prometheus-process-exporter Version: 0.7.10 -Release: 13%{?dist} +Release: 14%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -97,6 +97,9 @@ getent passwd 'prometheus' >/dev/null || useradd -r -g 'prometheus' -d '%{_share %dir %attr(0755,prometheus,prometheus) %{_sharedstatedir}/prometheus %changelog +* Tue Oct 10 2023 Dan Streetman - 0.7.10-14 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 0.7.10-13 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/prometheus/prometheus.spec b/SPECS/prometheus/prometheus.spec index f742f10b9e0..14f2072ac74 100644 --- a/SPECS/prometheus/prometheus.spec +++ b/SPECS/prometheus/prometheus.spec @@ -4,7 +4,7 @@ Summary: Prometheus monitoring system and time series database Name: prometheus Version: 2.37.0 -Release: 9%{?dist} +Release: 10%{?dist} License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -131,6 +131,9 @@ fi %doc README.md RELEASE.md documentation %changelog +* Tue Oct 10 2023 Dan Streetman - 2.37.0-10 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 2.37.0-9 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/rook/rook.spec b/SPECS/rook/rook.spec index 820649d54cd..b4a7d98c716 100644 --- a/SPECS/rook/rook.spec +++ b/SPECS/rook/rook.spec @@ -19,7 +19,7 @@ Summary: Orchestrator for distributed storage systems in cloud-native environments Name: rook Version: 1.6.2 -Release: 13%{?dist} +Release: 14%{?dist} License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -248,6 +248,9 @@ sed -i -e "s|\(.*tag: \)VERSION|\1%{helm_appVersion}|" %{values_yaml} # bother adding docs or changelog or anything %changelog +* Tue Oct 10 2023 Dan Streetman - 1.6.2-14 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.6.2-13 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/skopeo/skopeo.spec b/SPECS/skopeo/skopeo.spec index 94397d74a12..35e3b94cb79 100644 --- a/SPECS/skopeo/skopeo.spec +++ b/SPECS/skopeo/skopeo.spec @@ -1,7 +1,7 @@ Summary: Inspect container images and repositories on registries Name: skopeo Version: 1.12.0 -Release: 3%{?dist} +Release: 4%{?dist} License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -46,6 +46,9 @@ make test-unit-local %{_mandir}/man1/%%{name}* %changelog +* Tue Oct 10 2023 Dan Streetman - 1.12.0-4 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.12.0-3 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/sriov-network-device-plugin/sriov-network-device-plugin.spec b/SPECS/sriov-network-device-plugin/sriov-network-device-plugin.spec index 24dbe4c4104..e0bdaeef25d 100644 --- a/SPECS/sriov-network-device-plugin/sriov-network-device-plugin.spec +++ b/SPECS/sriov-network-device-plugin/sriov-network-device-plugin.spec @@ -1,7 +1,7 @@ Summary: Plugin for discovering and advertising networking resources Name: sriov-network-device-plugin Version: 3.5.1 -Release: 1%{?dist} +Release: 2%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -34,6 +34,9 @@ install -D -m0755 images/ddptool-1.0.1.12.tar.gz %{buildroot}%{_datadir}/%{name} %{_datadir}/%{name}/ddptool-1.0.1.12.tar.gz %changelog +* Tue Oct 10 2023 Dan Streetman - 3.5.1-2 +- Bump release to rebuild with updated version of Go. + * Thu Sep 28 2023 Aditya Dubey - 3.5.1-1 - Upgrade to v3.5.1 diff --git a/SPECS/telegraf/telegraf.spec b/SPECS/telegraf/telegraf.spec index d82fdc95e1f..3a7f4e30990 100644 --- a/SPECS/telegraf/telegraf.spec +++ b/SPECS/telegraf/telegraf.spec @@ -1,7 +1,7 @@ Summary: agent for collecting, processing, aggregating, and writing metrics. Name: telegraf Version: 1.27.3 -Release: 2%{?dist} +Release: 3%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -75,6 +75,9 @@ fi %dir %{_sysconfdir}/%{name}/telegraf.d %changelog +* Tue Oct 10 2023 Dan Streetman - 1.27.3-3 +- Bump release to rebuild with updated version of Go. + * Mon Aug 28 2023 Cameron Baird - 1.27.3-2 - Bump release to rebuild with go 1.20.7 diff --git a/SPECS/terraform/terraform.spec b/SPECS/terraform/terraform.spec index abe6729d097..73b2c926511 100644 --- a/SPECS/terraform/terraform.spec +++ b/SPECS/terraform/terraform.spec @@ -1,7 +1,7 @@ Summary: Infrastructure as code deployment management tool Name: terraform Version: 1.3.2 -Release: 10%{?dist} +Release: 11%{?dist} License: MPLv2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -57,6 +57,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} ./terraform %{_bindir}/terraform %changelog +* Tue Oct 10 2023 Dan Streetman - 1.3.2-11 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.3.2-10 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/vitess/vitess.spec b/SPECS/vitess/vitess.spec index 12d0751b863..b26e5de6265 100644 --- a/SPECS/vitess/vitess.spec +++ b/SPECS/vitess/vitess.spec @@ -3,7 +3,7 @@ Name: vitess Version: 16.0.2 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Database clustering system for horizontal scaling of MySQL # Upstream license specification: MIT and Apache-2.0 License: MIT and ASL 2.0 @@ -104,6 +104,9 @@ go check -t go/cmd \ %{_bindir}/* %changelog +* Tue Oct 10 2023 Dan Streetman - 16.0.2-5 +- Bump release to rebuild with updated version of Go. + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 16.0.2-4 - Bump release to rebuild with go 1.19.12