Merge branch '3.0-dev' into 3.0

microsoft · Dec 23, 2024 · a3ff34f · a3ff34f
2 parents 3be92e2 + 0604281
commit a3ff34f
Show file tree

Hide file tree

Showing 132 changed files with 6,062 additions and 775 deletions.
diff --git a/.github/policies/resourceManagement.yml b/.github/policies/resourceManagement.yml
@@ -13,34 +13,37 @@ configuration:
           - payloadType: Pull_Request
         then:
           - if:
-              - includesModifiedFiles:
-                  files:
-                    - SPECS/
-                    - SPECS-EXTENDED/
-                    - SPECS-SIGNED/
+              - filesMatchPattern:
+                  pattern: "^(SPECS|SPECS-EXTENDED|SPECS-SIGNED)/"
+                  matchAny: true
             then:
               - addLabel:
                   label: Packaging
           - if:
-              - includesModifiedFiles:
-                  files:
-                    - toolkit/docs/
+              - filesMatchPattern:
+                  pattern: "^SPECS-EXTENDED/"
+                  matchAny: true
+            then:
+              - addLabel:
+                  label: specs-extended
+          - if:
+              - filesMatchPattern:
+                  pattern: "^toolkit/docs/"
+                  matchAny: true
             then:
               - addLabel:
                   label: documentation
           - if:
-              - includesModifiedFiles:
-                  files:
-                    - toolkit/tools/
-                    - toolkit/scripts/
+              - filesMatchPattern:
+                  pattern: "^toolkit/(tools|scripts)/"
+                  matchAny: true
             then:
               - addLabel:
                   label: Tools
           - if:
-              - includesModifiedFiles:
-                  files:
-                    - toolkit/imageconfigs/
-                    - toolkit/tools/imagegen/configuration
+              - filesMatchPattern:
+                  pattern: "^toolkit/(imageconfigs|tools/imagegen/configuration)/"
+                  matchAny: true
             then:
               - addLabel:
                   label: Schema
@@ -69,16 +72,40 @@ configuration:
         then:
           - if:
               - targetsBranch:
-                  branch: 1.0-dev
+                  branch: main
             then:
               - addLabel:
-                  label: 1.0-dev
+                  label: main
           - if:
               - targetsBranch:
-                  branch: main
+                  branch: 2.0
             then:
               - addLabel:
-                  label: main
+                  label: 2.0
+          - if:
+              - targetsBranch:
+                  branch: 3.0-dev
+            then:
+              - addLabel:
+                  label: 3.0-dev
+          - if:
+              - targetsBranch:
+                  branch: 3.0
+            then:
+              - addLabel:
+                  label: 3.0
+          - if:
+              - targetsBranch:
+                  branch: fasttrack/2.0
+            then:
+              - addLabel:
+                  label: fasttrack/2.0
+          - if:
+              - targetsBranch:
+                  branch: fasttrack/3.0
+            then:
+              - addLabel:
+                  label: fasttrack/3.0
         description:
 onFailure:
 onSuccess:
diff --git a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
diff --git a/LICENSES-AND-NOTICES/SPECS/data/licenses.json b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
@@ -2223,6 +2223,7 @@
                 "cloud-hypervisor-cvm",
                 "cmake-fedora",
                 "containerd",
+                "containerd2",
                 "coredns",
                 "dcos-cli",
                 "debugedit",

diff --git a/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec b/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec
@@ -7,7 +7,7 @@
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-64k-signed-%{buildarch}
 Version:        6.6.57.1
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -105,6 +105,9 @@ echo "initrd of kernel %{uname_r} removed" >&2
 %exclude /module_info.ld
 
 %changelog
+* Sun Dec 22 2024 Ankita Pareek <[email protected]> - 6.6.57.1-7
+- Bump release to match kernel
+
 * Wed Dec 18 2024 Rachel Menge <[email protected]> - 6.6.57.1-6
 - Bump release to match kernel-64k
 

diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec
@@ -10,7 +10,7 @@
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-signed-%{buildarch}
 Version:        6.6.57.1
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -145,6 +145,9 @@ echo "initrd of kernel %{uname_r} removed" >&2
 %exclude /module_info.ld
 
 %changelog
+* Sun Dec 22 2024 Ankita Pareek <[email protected]> - 6.6.57.1-7
+- Bump release to match kernel
+
 * Wed Dec 18 2024 Rachel Menge <[email protected]> - 6.6.57.1-6
 - Bump release to match kernel-64k
 

diff --git a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec
@@ -6,7 +6,7 @@
 Summary:        Signed Unified Kernel Image for %{buildarch} systems
 Name:           kernel-uki-signed-%{buildarch}
 Version:        6.6.57.1
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -68,6 +68,9 @@ popd
 /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi
 
 %changelog
+* Sun Dec 22 2024 Ankita Pareek <[email protected]> - 6.6.57.1-7
+- Bump release to match kernel
+
 * Wed Dec 18 2024 Rachel Menge <[email protected]> - 6.6.57.1-6
 - Bump release to match kernel-64k
 

diff --git a/SPECS/avahi/CVE-2023-38469.patch b/SPECS/avahi/CVE-2023-38469.patch
@@ -0,0 +1,43 @@
+From c89fd5f2e85052f1f8b74ddeff38235932236889 Mon Sep 17 00:00:00 2001
+From: Kanishk-Bansal <[email protected]>
+Date: Wed, 27 Nov 2024 08:48:59 +0000
+Subject: [PATCH] Fix CVE patch
+
+---
+ avahi-core/rr.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/avahi-core/rr.c b/avahi-core/rr.c
+index 7fa0bee..b03a24c 100644
+--- a/avahi-core/rr.c
++++ b/avahi-core/rr.c
+@@ -32,6 +32,7 @@
+ #include <avahi-common/malloc.h>
+ #include <avahi-common/defs.h>
+
++#include "dns.h"
+ #include "rr.h"
+ #include "log.h"
+ #include "util.h"
+@@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r) {
+         case AVAHI_DNS_TYPE_TXT: {
+
+             AvahiStringList *strlst;
++            size_t used = 0;
+
+-            for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next)
++            for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) {
+                 if (strlst->size > 255 || strlst->size <= 0)
+                     return 0;
+
++                used += 1+strlst->size;
++                if (used > AVAHI_DNS_RDATA_MAX)
++                    return 0;
++            }
++
+             return 1;
+         }
+     }
+-- 
+2.45.2
+
diff --git a/SPECS/avahi/CVE-2023-38470.patch b/SPECS/avahi/CVE-2023-38470.patch
@@ -0,0 +1,51 @@
+From cc5f44eb015384d8c764646c48b9da80f811446c Mon Sep 17 00:00:00 2001
+From: Kanishk-Bansal <[email protected]>
+Date: Mon, 2 Dec 2024 10:25:43 +0000
+Subject: [PATCH] Fix CVE-2023-38470
+
+---
+ avahi-common/domain-test.c | 14 ++++++++++++++
+ avahi-common/domain.c      |  2 +-
+ 2 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c
+index cf763ec..3acc1c1 100644
+--- a/avahi-common/domain-test.c
++++ b/avahi-common/domain-test.c
+@@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) {
+     printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo."));
+     avahi_free(s);
+
++    printf("%s\n", s = avahi_normalize_name_strdup("."));
++    avahi_free(s);
++
++    s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}."
++		    "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}"
++		    ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`"
++		    "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?."
++		    "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}."
++		    "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?"
++		    "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM."
++		    "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?."
++		    "}.?.?.?.}.=.?.?.}");
++    assert(s == NULL);
++
+     printf("%i\n", avahi_domain_equal("\\065aa bbb\\.\\046cc.cc\\\\.dee.fff.", "Aaa BBB\\.\\.cc.cc\\\\.dee.fff"));
+     printf("%i\n", avahi_domain_equal("A", "a"));
+
+diff --git a/avahi-common/domain.c b/avahi-common/domain.c
+index 3b1ab68..e66d241 100644
+--- a/avahi-common/domain.c
++++ b/avahi-common/domain.c
+@@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s, char *ret_s, size_t size) {
+         }
+
+         if (!empty) {
+-            if (size < 1)
++            if (size < 2)
+                 return NULL;
+
+             *(r++) = '.';
+-- 
+2.45.2
+