diff --git a/SPECS-EXTENDED/389-ds-base/389-ds-base.spec b/SPECS-EXTENDED/389-ds-base/389-ds-base.spec index c9249aa9795..88260f12b33 100644 --- a/SPECS-EXTENDED/389-ds-base/389-ds-base.spec +++ b/SPECS-EXTENDED/389-ds-base/389-ds-base.spec @@ -68,7 +68,7 @@ ExcludeArch: i686 Summary: 389 Directory Server (%{variant}) Name: 389-ds-base Version: 3.1.1 -Release: 8%{?dist} +Release: 9%{?dist} License: GPL-3.0-or-later AND (0BSD OR Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT OR Zlib) AND (Apache-2.0 OR MIT) AND (CC-BY-4.0 AND MIT) AND (MIT OR Apache-2.0) AND Unicode-DFS-2016 AND (MIT OR CC0-1.0) AND (MIT OR Unlicense) AND 0BSD AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MIT AND ISC AND MPL-2.0 AND PSF-2.0 URL: https://www.port389.org Vendor: Microsoft Corporation @@ -83,6 +83,7 @@ Source4: 389-ds-base.sysusers Source5: https://fedorapeople.org/groups/389ds/libdb-5.3.28-59.tar.bz2 %endif +Patch0: rust-1.90-fixes.patch Provides: ldif2ldbm >= 0 # Attach the buildrequires to the top level package: @@ -732,6 +733,10 @@ exit 0 %endif %changelog +* Tue Jan 13 2025 Kavya Sree Kaitepalli - 3.1.1-9 +- Bump release to rebuild with rust +- Add patch add explicit lifetime for ValueArrayRef iterator + * Tue Jan 06 2026 Pawel Winogrodzki - 3.1.1-8 - Bumping release to rebuild with new 'net-snmp' libs. diff --git a/SPECS-EXTENDED/389-ds-base/rust-1.90-fixes.patch b/SPECS-EXTENDED/389-ds-base/rust-1.90-fixes.patch new file mode 100644 index 00000000000..c6c5bdaaf36 --- /dev/null +++ b/SPECS-EXTENDED/389-ds-base/rust-1.90-fixes.patch @@ -0,0 +1,25 @@ +From 3a0d6ff3272c4a3d5f2d552a436e4f0fe0756a0a Mon Sep 17 00:00:00 2001 +From: Kavya Sree Kaitepalli +Date: Wed, 29 Oct 2025 06:38:08 +0000 +Subject: [PATCH] Add explicit lifetime for ValueArrayRef iterator for Rust 1.90 + +--- + src/slapi_r_plugin/src/value.rs | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/slapi_r_plugin/src/value.rs b/src/slapi_r_plugin/src/value.rs +index 2fd35c8..fec74ac 100644 +--- a/src/slapi_r_plugin/src/value.rs ++++ b/src/slapi_r_plugin/src/value.rs +@@ -61,7 +61,7 @@ impl ValueArrayRef { + ValueArrayRef { raw_slapi_val } + } + +- pub fn iter(&self) -> ValueArrayRefIter { ++ pub fn iter(&self) -> ValueArrayRefIter<'_> { + ValueArrayRefIter { + idx: 0, + va_ref: &self, +-- +2.45.4 + diff --git a/SPECS-EXTENDED/hawtjni-runtime/hawtjni-runtime.spec b/SPECS-EXTENDED/hawtjni-runtime/hawtjni-runtime.spec index 82e8095fee0..c508e333eec 100644 --- a/SPECS-EXTENDED/hawtjni-runtime/hawtjni-runtime.spec +++ b/SPECS-EXTENDED/hawtjni-runtime/hawtjni-runtime.spec @@ -20,13 +20,14 @@ Distribution: Azure Linux %global debug_package %{nil} Name: hawtjni-runtime Version: 1.17 -Release: 2%{?dist} +Release: 3%{?dist} Summary: HawtJNI Runtime License: Apache-2.0 AND EPL-1.0 AND BSD-3-Clause URL: https://github.com/fusesource/hawtjni Source0: https://github.com/fusesource/hawtjni/archive/hawtjni-project-%{version}.tar.gz +Patch0: use-commons-lang3.patch BuildRequires: apache-commons-cli -BuildRequires: apache-commons-lang +BuildRequires: apache-commons-lang3 BuildRequires: fdupes BuildRequires: java-devel BuildRequires: javapackages-local-bootstrap @@ -48,7 +49,7 @@ This package contains the API documentation for hawtjni. Summary: Code generator that produces the JNI code Requires: %{name} = %{version} Requires: apache-commons-cli -Requires: apache-commons-lang +Requires: apache-commons-lang3 Requires: javapackages-tools Requires: objectweb-asm >= 5 Requires: xbean @@ -62,6 +63,7 @@ JNI code which powers the eclipse platform. %prep %setup -q -n hawtjni-hawtjni-project-%{version} +%patch -P 0 -p1 %pom_disable_module hawtjni-example %pom_disable_module hawtjni-maven-plugin @@ -69,7 +71,7 @@ JNI code which powers the eclipse platform. %pom_remove_plugin -r :maven-eclipse-plugin # this dependency seems to be missing -%pom_add_dep commons-lang:commons-lang hawtjni-generator +%pom_add_dep commons-lang:commons-lang3 hawtjni-generator for mod in runtime generator; do %pom_remove_parent hawtjni-${mod} @@ -80,19 +82,19 @@ done %build mkdir -p hawtjni-runtime/build/classes -javac -d hawtjni-runtime/build/classes -source 6 -target 6 \ +javac -d hawtjni-runtime/build/classes -source 8 -target 8 \ $(find hawtjni-runtime/src/main/java/ -name *.java | xargs) jar cf hawtjni-runtime.jar -C hawtjni-runtime/build/classes . mkdir -p hawtjni-generator/build/classes javac -d hawtjni-generator/build/classes \ - -source 6 -target 6 \ - -cp $(build-classpath commons-cli commons-lang objectweb-asm/asm objectweb-asm/asm-commons xbean/xbean-finder xbean/xbean-asm-util):hawtjni-runtime.jar \ + -source 8 -target 8 \ + -cp $(build-classpath commons-cli commons-lang3 objectweb-asm/asm objectweb-asm/asm-commons xbean/xbean-finder xbean/xbean-asm-util):hawtjni-runtime.jar \ $(find hawtjni-generator/src/main/java/ -name *.java | xargs) jar cf hawtjni-generator.jar -C hawtjni-generator/build/classes . jar uf hawtjni-generator.jar -C hawtjni-generator/src/main/resources . mkdir -p hawtjni-runtime/build/apidoc -javadoc -d hawtjni-runtime/build/apidoc -source 6 \ - -classpath $(build-classpath commons-cli commons-lang objectweb-asm/asm objectweb-asm/asm-commons xbean/xbean-finder xbean/xbean-asm-util) \ +javadoc -d hawtjni-runtime/build/apidoc -source 8 \ + -classpath $(build-classpath commons-cli commons-lang3 objectweb-asm/asm objectweb-asm/asm-commons xbean/xbean-finder xbean/xbean-asm-util) \ $(find hawtjni-runtime/src/main/java/ -name *.java && \ find hawtjni-generator/src/main/java/ -name *.java| xargs) @@ -113,9 +115,18 @@ install -m 0644 hawtjni-generator/pom.xml %{buildroot}%{_mavenpomdir}/hawtjni/ha # javadoc install -dm 755 %{buildroot}%{_javadocdir}/hawtjni cp -pr hawtjni-runtime/build/apidoc/* %{buildroot}%{_javadocdir}/hawtjni/ +# to remove license warnings +install -Dm 0644 hawtjni-runtime/build/apidoc/legal/LICENSE \ + %{buildroot}%{_licensedir}/hawtjni/LICENSE.javadoc + +install -Dm 0644 hawtjni-runtime/build/apidoc/legal/ADDITIONAL_LICENSE_INFO \ + %{buildroot}%{_licensedir}/hawtjni/ADDITIONAL_LICENSE_INFO.javadoc + +rm -rf %{buildroot}%{_javadocdir}/hawtjni/legal + %fdupes -s %{buildroot}%{_javadocdir}/hawtjni/ -%{jpackage_script org.fusesource.hawtjni.generator.HawtJNI "" "" commons-cli:commons-lang:objectweb-asm/asm:objectweb-asm/asm-commons:xbean/xbean-finder:xbean/xbean-asm-util:hawtjni/hawtjni-runtime:hawtjni/hawtjni-generator hawtjni-generator true} +%{jpackage_script org.fusesource.hawtjni.generator.HawtJNI "" "" commons-cli:commons-lang3:objectweb-asm/asm:objectweb-asm/asm-commons:xbean/xbean-finder:xbean/xbean-asm-util:hawtjni/hawtjni-runtime:hawtjni/hawtjni-generator hawtjni-generator true} %files -f .mfiles %license license.txt @@ -127,8 +138,13 @@ cp -pr hawtjni-runtime/build/apidoc/* %{buildroot}%{_javadocdir}/hawtjni/ %files -n hawtjni-javadoc %{_javadocdir}/hawtjni %license license.txt +%license %{_licensedir}/hawtjni/* %changelog +* Wed Dec 24 2025 Aninda Pradhan - 1.17-3 +- Updated dependencies to use commons-lang3 +- License verified + * Thu Oct 14 2021 Pawel Winogrodzki - 1.17-2 - Converting the 'Release' tag to the '[number].[distribution]' format. diff --git a/SPECS-EXTENDED/hawtjni-runtime/use-commons-lang3.patch b/SPECS-EXTENDED/hawtjni-runtime/use-commons-lang3.patch new file mode 100644 index 00000000000..8edcb7b88b7 --- /dev/null +++ b/SPECS-EXTENDED/hawtjni-runtime/use-commons-lang3.patch @@ -0,0 +1,11 @@ +--- a/hawtjni-generator/src/main/java/org/fusesource/hawtjni/generator/model/ReflectField.java ++++ b/hawtjni-generator/src/main/java/org/fusesource/hawtjni/generator/model/ReflectField.java +@@ -14,7 +14,7 @@ + import java.util.Arrays; + import java.util.HashSet; + +-import org.apache.commons.lang.StringUtils; ++import org.apache.commons.lang3.StringUtils; + import org.fusesource.hawtjni.runtime.FieldFlag; + import org.fusesource.hawtjni.runtime.JniField; + import org.fusesource.hawtjni.runtime.T32; diff --git a/SPECS-EXTENDED/kernel-ipe/config b/SPECS-EXTENDED/kernel-ipe/config index 74c9b7cea4b..54f47c4b9eb 100644 --- a/SPECS-EXTENDED/kernel-ipe/config +++ b/SPECS-EXTENDED/kernel-ipe/config @@ -1170,7 +1170,7 @@ CONFIG_XFRM_OFFLOAD=y CONFIG_XFRM_ALGO=m CONFIG_XFRM_USER=m # CONFIG_XFRM_USER_COMPAT is not set -# CONFIG_XFRM_INTERFACE is not set +CONFIG_XFRM_INTERFACE=m CONFIG_XFRM_SUB_POLICY=y CONFIG_XFRM_MIGRATE=y CONFIG_XFRM_STATISTICS=y @@ -1220,7 +1220,7 @@ CONFIG_INET_DIAG=m CONFIG_INET_TCP_DIAG=m CONFIG_INET_UDP_DIAG=m # CONFIG_INET_RAW_DIAG is not set -# CONFIG_INET_DIAG_DESTROY is not set +CONFIG_INET_DIAG_DESTROY=y CONFIG_TCP_CONG_ADVANCED=y CONFIG_TCP_CONG_BIC=m CONFIG_TCP_CONG_CUBIC=y diff --git a/SPECS-EXTENDED/kernel-ipe/config_aarch64 b/SPECS-EXTENDED/kernel-ipe/config_aarch64 index 5a9ed8b62d4..32f4cf7313d 100644 --- a/SPECS-EXTENDED/kernel-ipe/config_aarch64 +++ b/SPECS-EXTENDED/kernel-ipe/config_aarch64 @@ -1231,7 +1231,7 @@ CONFIG_INET_DIAG=m CONFIG_INET_TCP_DIAG=m CONFIG_INET_UDP_DIAG=m # CONFIG_INET_RAW_DIAG is not set -# CONFIG_INET_DIAG_DESTROY is not set +CONFIG_INET_DIAG_DESTROY=y CONFIG_TCP_CONG_ADVANCED=y CONFIG_TCP_CONG_BIC=m CONFIG_TCP_CONG_CUBIC=y diff --git a/SPECS-EXTENDED/kernel-ipe/kernel-ipe.signatures.json b/SPECS-EXTENDED/kernel-ipe/kernel-ipe.signatures.json index c7917859d21..1d73c240b09 100644 --- a/SPECS-EXTENDED/kernel-ipe/kernel-ipe.signatures.json +++ b/SPECS-EXTENDED/kernel-ipe/kernel-ipe.signatures.json @@ -1,8 +1,8 @@ { "Signatures": { "azurelinux-ca-20230216.pem": "d545401163c75878319f01470455e6bc18a5968e39dd964323225e3fe308849b", - "config": "4cf5c54b020b3af1f8b3af414359e7eba93cad0e505eb967a5d4b82e7e2ed9c9", - "config_aarch64": "13a66179d003e54d944683ec14768e73b0d6cd06a83d703f4b6a7f2b24f34334", + "config": "c5a9f5ed9cd1300d10dc5c353f29cf3c0d81f55a5bb1a7cc77b46e7480b834bf", + "config_aarch64": "afd473ab5c76245d5e4455b408a981865511a226a87146210cad12edc0c67865", "cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985", "cpupower.service": "b057fe9e5d0e8c36f485818286b80e3eba8ff66ff44797940e99b1fd5361bb98", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f", diff --git a/SPECS-EXTENDED/kernel-ipe/kernel-ipe.spec b/SPECS-EXTENDED/kernel-ipe/kernel-ipe.spec index ac765a305ff..93e7cd1ffa9 100644 --- a/SPECS-EXTENDED/kernel-ipe/kernel-ipe.spec +++ b/SPECS-EXTENDED/kernel-ipe/kernel-ipe.spec @@ -33,7 +33,7 @@ Summary: Linux Kernel Name: kernel-ipe Version: 6.6.119.3 -Release: 1%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -460,6 +460,12 @@ echo "initrd of kernel %{uname_r} removed" >&2 %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Fri Jan 16 2026 Rachel Menge - 6.6.119.3-3 +- Enable XFRM_INTERFACE + +* Thu Jan 08 2026 Rachel Menge - 6.6.119.3-2 +- Enable CONFIG_INET_DIAG_DESTROY + * Tue Jan 06 2026 CBL-Mariner Servicing Account - 6.6.119.3-1 - Auto-upgrade to 6.6.119.3 diff --git a/SPECS-EXTENDED/lasso/lasso.signatures.json b/SPECS-EXTENDED/lasso/lasso.signatures.json index a71c8f6e6e6..76a29baebcc 100644 --- a/SPECS-EXTENDED/lasso/lasso.signatures.json +++ b/SPECS-EXTENDED/lasso/lasso.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "lasso-2.8.0.tar.gz": "ffcbd5851d98586c7e1caf43bad66164211a3b61d12bf860a0598448ff9f2b38" + "lasso-2.9.0.tar.gz": "225f664fe602b73bb5eaf5c4b60a6b07eb2d936d0dd0cafb222524c801d98e5d" } } diff --git a/SPECS-EXTENDED/lasso/lasso.spec b/SPECS-EXTENDED/lasso/lasso.spec index 3bd2b175648..4a5c7f6b45b 100644 --- a/SPECS-EXTENDED/lasso/lasso.spec +++ b/SPECS-EXTENDED/lasso/lasso.spec @@ -3,20 +3,26 @@ Distribution: Azure Linux %global with_java 0 %global with_php 0 %global with_perl 1 +%global with_python3 1 %global with_wsf 0 -%global obsolete_old_lang_subpackages 0 +%global default_sign_algo "rsa-sha1" +%global min_hash_algo "sha1" %if %{with_php} -%if "%{php_version}" < "5.6" -%global ini_name %{name}.ini -%else %global ini_name 40-%{name}.ini %endif -%endif %global configure_args %{nil} %global configure_args %{configure_args} +%if %{default_sign_algo} + %global configure_args %{configure_args} --with-default-sign-algo=%{default_sign_algo} +%endif + +%if %{min_hash_algo} + %global configure_args %{configure_args} --with-min-hash-algo=%{min_hash_algo} +%endif + %if !%{with_java} %global configure_args %{configure_args} --disable-java %endif @@ -26,66 +32,56 @@ Distribution: Azure Linux %endif %if %{with_php} - %global configure_args %{configure_args} --enable-php5=yes --with-php5-config-dir=%{php_inidir} + %global configure_args %{configure_args} --enable-php5=no --enable-php7=yes --with-php7-config-dir=%{php_inidir} %else - %global configure_args %{configure_args} --enable-php5=no + %global configure_args %{configure_args} --enable-php5=no --enable-php7=no %endif %if %{with_wsf} %global configure_args %{configure_args} --enable-wsf --with-sasl2=%{_prefix}/sasl2 %endif +%if !%{with_python3} + %global configure_args %{configure_args} --disable-python +%endif + Summary: Liberty Alliance Single Sign On Name: lasso -Version: 2.8.0 +Version: 2.9.0 Release: 1%{?dist} -License: GPLv2+ -URL: http://lasso.entrouvert.org/ -Source: http://dev.entrouvert.org/lasso/lasso-%{version}.tar.gz +License: GPL-2.0-or-later +URL: https://lasso.entrouvert.org/ +Source0: https://git.entrouvert.org/entrouvert/lasso/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz BuildRequires: autoconf BuildRequires: automake BuildRequires: check-devel +BuildRequires: gcc BuildRequires: glib2-devel BuildRequires: gtk-doc BuildRequires: libtool BuildRequires: libtool-ltdl-devel BuildRequires: libxml2-devel -BuildRequires: libxslt-devel +BuildRequires: make BuildRequires: openssl-devel -BuildRequires: swig -BuildRequires: xmlsec1-devel >= 1.2.25-4 -BuildRequires: xmlsec1-openssl-devel >= 1.2.25-4 -BuildRequires: zlib-devel -%if %{with_java} -BuildRequires: java-devel -BuildRequires: jpackage-utils -%endif -%if %{with_perl} -BuildRequires: perl-devel -BuildRequires: perl-generators -BuildRequires: perl(Error) -BuildRequires: perl(ExtUtils::MakeMaker) -BuildRequires: perl(strict) -BuildRequires: perl(Test::More) -BuildRequires: perl(warnings) -BuildRequires: perl(XSLoader) -%endif -%if %{with_php} -BuildRequires: expat-devel -BuildRequires: php-devel -%endif -# The Lasso build system requires python, especially the binding generators BuildRequires: python3 -BuildRequires: python3-devel -BuildRequires: python3-lxml BuildRequires: python3-six +BuildRequires: (python3-setuptools if python3 >= 3.12) +BuildRequires: swig +BuildRequires: xmlsec1-devel +BuildRequires: xmlsec1-openssl-devel +BuildRequires: zlib-devel %if %{with_wsf} BuildRequires: cyrus-sasl-devel %endif -Requires: xmlsec1 >= 1.2.25-4 +Requires: xmlsec1 + +# lasso upstream no longer supports java bindings +# see https://dev.entrouvert.org/issues/45876#change-289747 +# and https://dev.entrouvert.org/issues/51418 +Obsoletes: java-lasso < %{version}-%{release} %description Lasso is a library that implements the Liberty Alliance Single Sign On @@ -104,7 +100,15 @@ documentation for Lasso. %if %{with_perl} %package -n perl-%{name} Summary: Liberty Alliance Single Sign On (lasso) Perl bindings -Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +BuildRequires: perl-devel +BuildRequires: perl-generators +BuildRequires: perl-interpreter +BuildRequires: perl(Error) +BuildRequires: perl(ExtUtils::MakeMaker) +BuildRequires: perl(strict) +BuildRequires: perl(Test::More) +BuildRequires: perl(warnings) +BuildRequires: perl(XSLoader) Requires: %{name}%{?_isa} = %{version}-%{release} %description -n perl-%{name} @@ -114,14 +118,11 @@ Perl language bindings for the lasso (Liberty Alliance Single Sign On) library. %if %{with_java} %package -n java-%{name} Summary: Liberty Alliance Single Sign On (lasso) Java bindings -Requires: java +Buildrequires: java-1.8.0-openjdk-devel +BuildRequires: jpackage-utils +Requires: java-headless Requires: jpackage-utils Requires: %{name}%{?_isa} = %{version}-%{release} -%if %{obsolete_old_lang_subpackages} -Provides: %{name}-java = %{version}-%{release} -Provides: %{name}-java%{?_isa} = %{version}-%{release} -Obsoletes: %{name}-java < %{version}-%{release} -%endif %description -n java-%{name} Java language bindings for the lasso (Liberty Alliance Single Sign On) library. @@ -130,6 +131,8 @@ Java language bindings for the lasso (Liberty Alliance Single Sign On) library. %if %{with_php} %package -n php-%{name} Summary: Liberty Alliance Single Sign On (lasso) PHP bindings +BuildRequires: expat-devel +BuildRequires: php-devel Requires: %{name}%{?_isa} = %{version}-%{release} Requires: php(zend-abi) = %{php_zend_api} Requires: php(api) = %{php_core_api} @@ -139,51 +142,52 @@ PHP language bindings for the lasso (Liberty Alliance Single Sign On) library. %endif + +%if %{with_python3} %package -n python3-%{name} %{?python_provide:%python_provide python3-%{name}} Summary: Liberty Alliance Single Sign On (lasso) Python bindings +BuildRequires: python3-devel +BuildRequires: python3-lxml Requires: python3 Requires: %{name}%{?_isa} = %{version}-%{release} -Provides: lasso-python = %{version}-%{release} %description -n python3-%{name} Python language bindings for the lasso (Liberty Alliance Single Sign On) library. +%endif %prep -%autosetup -p1 +%autosetup -n %{name} # Remove any python script shebang lines (unless they refer to python3) sed -i -E -e '/^#![[:blank:]]*(\/usr\/bin\/env[[:blank:]]+python[^3]?\>)|(\/usr\/bin\/python[^3]?\>)/d' \ `grep -r -l -E '^#![[:blank:]]*(/usr/bin/python[^3]?)|(/usr/bin/env[[:blank:]]+python[^3]?)' *` %build -export JAVA_HOME=%{java_home} +%if 0%{?with_java} +export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk +%endif +echo %{version} > .tarball-version ./autogen.sh - -%configure %{configure_args} --with-python=%{__python3} +%if 0%{?with_python3} + %configure %{configure_args} --with-python=%{__python3} +%else + %configure %{configure_args} +%endif %make_build CFLAGS="%{optflags}" %check -make check CK_TIMEOUT_MULTIPLIER=5 +make check CK_TIMEOUT_MULTIPLIER=10 %install -#install -m 755 -d %{buildroot}%{_datadir}/gtk-doc/html - -make install exec_prefix=%{_prefix} DESTDIR=%{buildroot} +%make_install exec_prefix=%{_prefix} find %{buildroot} -type f -name '*.la' -exec rm -f {} \; find %{buildroot} -type f -name '*.a' -exec rm -f {} \; # Perl subpackage %if %{with_perl} find %{buildroot} \( -name perllocal.pod -o -name .packlist \) -exec rm -v {} \; - -find %{buildroot}/usr/lib*/perl5 -type f -print | - sed "s@^%{buildroot}@@g" > %{name}-perl-filelist -if [ "$(cat %{name}-perl-filelist)X" = "X" ] ; then - echo "ERROR: EMPTY FILE LIST" - exit -1 -fi %endif # PHP subpackage @@ -199,10 +203,9 @@ fi %endif # Remove bogus doc files -rm -fr %{buildroot}%{_defaultdocdir}/%{name} +rm -fr %{buildroot}%{_docdir}/%{name} %ldconfig_scriptlets - %files %{_libdir}/liblasso.so.3* %doc AUTHORS NEWS README @@ -214,7 +217,9 @@ rm -fr %{buildroot}%{_defaultdocdir}/%{name} %{_includedir}/%{name} %if %{with_perl} -%files -n perl-%{name} -f %{name}-perl-filelist +%files -n perl-%{name} +%{perl_vendorarch}/Lasso.pm +%{perl_vendorarch}/auto/Lasso/ %endif %if %{with_java} @@ -231,12 +236,18 @@ rm -fr %{buildroot}%{_defaultdocdir}/%{name} %{_datadir}/php/%{name}/lasso.php %endif +%if %{with_python3} %files -n python3-%{name} %{python3_sitearch}/lasso.py* %{python3_sitearch}/_lasso.so %{python3_sitearch}/__pycache__/* +%endif %changelog +* Wed Dec 24 2025 Sumit Jena - 2.9.0-1 +- Upgrade to version 2.9.0 +- License verified + * Mon Sep 12 2022 Muhammad Falak - 2.8.0-1 - Bump version to 2.8.0 - Drop un-needed patches @@ -462,3 +473,4 @@ rm -fr %{buildroot}%{_defaultdocdir}/%{name} to build on Fedora 20 - Perl bindings are disabled as they fail to build - Disable doc building as it doesn't ork correctly for now + diff --git a/SPECS-EXTENDED/libreport/0001-gui-wizard-gtk-Fix-segfault.patch b/SPECS-EXTENDED/libreport/0001-gui-wizard-gtk-Fix-segfault.patch deleted file mode 100644 index fdf29016586..00000000000 --- a/SPECS-EXTENDED/libreport/0001-gui-wizard-gtk-Fix-segfault.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 1a22f30187163ce288b14e55a80539353a38b7be Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= -Date: Tue, 29 Sep 2020 14:16:00 +0200 -Subject: [PATCH] gui-wizard-gtk: Fix segfault - -Since show_error_as_msgbox() is specified as the custom logging handler -(via setting libreport_g_custom_logger), it will get called if an error -occurs in libreport_save_user_settings(). However, at that point, -g_wnd_assistant has already been destroyed, which leads to an invalid -read in show_error_as_msgbox(). - -This change unsets the custom logging handler after the GUI is destroyed -and adds an assertion in show_error_as_msgbox() checking that -g_wnd_assistant is not a null pointer. - -Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1883337 ---- - src/gui-wizard-gtk/main.c | 6 ++++-- - src/gui-wizard-gtk/wizard.c | 2 ++ - 2 files changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/gui-wizard-gtk/main.c b/src/gui-wizard-gtk/main.c -index e111948c..f094c5fb 100644 ---- a/src/gui-wizard-gtk/main.c -+++ b/src/gui-wizard-gtk/main.c -@@ -125,6 +125,7 @@ int main(int argc, char **argv) - /* List of events specified on the command line. */ - GList *user_event_list = NULL; - const char *prgname = "abrt"; -+ int ret = 0; - abrt_init(argv); - - /* I18n */ -@@ -217,13 +218,14 @@ int main(int argc, char **argv) - g_signal_connect(app, "startup", G_CALLBACK(startup_wizard), NULL); - - /* Enter main loop */ -- g_application_run(G_APPLICATION(app), argc, argv); -+ ret = g_application_run(G_APPLICATION(app), argc, argv); - g_object_unref(app); -+ libreport_g_custom_logger = NULL; - - if (opts & OPT_d) - delete_dump_dir_possibly_using_abrtd(g_dump_dir_name); - - libreport_save_user_settings(); - -- return 0; -+ return ret; - } -diff --git a/src/gui-wizard-gtk/wizard.c b/src/gui-wizard-gtk/wizard.c -index 775b709f..c4a0b4c0 100644 ---- a/src/gui-wizard-gtk/wizard.c -+++ b/src/gui-wizard-gtk/wizard.c -@@ -360,6 +360,8 @@ struct dump_dir *wizard_open_directory_for_writing(const char *dump_dir_name) - - void show_error_as_msgbox(const char *msg) - { -+ g_return_if_fail(g_wnd_assistant != NULL); -+ - GtkWidget *dialog = gtk_message_dialog_new(GTK_WINDOW(g_wnd_assistant), - GTK_DIALOG_DESTROY_WITH_PARENT, - GTK_MESSAGE_WARNING, --- -2.26.2 - diff --git a/SPECS-EXTENDED/libreport/0001-skip-unwanted-tests.patch b/SPECS-EXTENDED/libreport/0001-skip-unwanted-tests.patch new file mode 100644 index 00000000000..8be381fc86f --- /dev/null +++ b/SPECS-EXTENDED/libreport/0001-skip-unwanted-tests.patch @@ -0,0 +1,1310 @@ +From b31ffa842674babe78c66f32aac8062fc53ff397 Mon Sep 17 00:00:00 2001 +From: SumitJenaHCL +Date: Tue, 13 Jan 2026 12:07:08 +0530 +Subject: [PATCH] skip unwanted tests + +--- + tests/dump_dir.at | 620 ----------------------------------------- + tests/proc_helpers.at | 389 -------------------------- + tests/report_python.at | 37 --- + tests/ureport.at | 180 ------------ + 4 files changed, 1226 deletions(-) + +diff --git a/tests/dump_dir.at b/tests/dump_dir.at +index 748701a..8ac5400 100644 +--- a/tests/dump_dir.at ++++ b/tests/dump_dir.at +@@ -2,196 +2,6 @@ + + AT_BANNER([dump_dir]) + +-## --------- ## +-## dd_sanity ## +-## --------- ## +- +-AT_TESTFUN([dd_sanity], +-[[ +-#include "testsuite.h" +- +-void validate_dump_dir_contents(struct dump_dir *dd) +-{ +- int items = 0; +- assert(dd_exist(dd, FILENAME_TIME)); +- ++items; +- +- assert(dd_exist(dd, FILENAME_KERNEL)); +- ++items; +- +- assert(dd_exist(dd, FILENAME_HOSTNAME)); +- ++items; +- +- assert(dd_exist(dd, FILENAME_ARCHITECTURE)); +- ++items; +- +- assert(dd_exist(dd, FILENAME_OS_INFO)); +- ++items; +- +- assert(dd_exist(dd, FILENAME_OS_RELEASE)); +- ++items; +- +- assert(dd_exist(dd, FILENAME_OS_RELEASE)); +- ++items; +- +- assert(dd_exist(dd, FILENAME_TYPE)); +- ++items; +- +- assert(dd_exist(dd, FILENAME_LAST_OCCURRENCE)); +- ++items; +- +- assert(dd_exist(dd, "at_test_text")); +- assert(dd_get_item_size(dd, "at_test_text") == 3); +- ++items; +- +- assert(dd_exist(dd, "at_test_binary")); +- assert(dd_get_item_size(dd, "at_test_binary") == 4); +- ++items; +- +- struct stat srv_buf; +- stat("/etc/services", &srv_buf); +- +- assert(dd_exist(dd, "at_test_services")); +- assert(dd_get_item_size(dd, "at_test_services") == srv_buf.st_size); +- ++items; +- +- struct stat grp_buf; +- stat("/etc/group", &grp_buf); +- assert(dd_exist(dd, "at_test_group")); +- assert(dd_get_item_size(dd, "at_test_group") == grp_buf.st_size); +- ++items; +- +- struct stat pwd_buf; +- stat("/etc/passwd", &pwd_buf); +- assert(dd_exist(dd, "at_test_passwd")); +- assert(dd_get_item_size(dd, "at_test_passwd") == pwd_buf.st_size); +- ++items; +- +- dd_save_text(dd, "at_test_to_delete", "deleted"); +- assert(dd_exist(dd, "at_test_to_delete")); +- dd_delete_item(dd, "at_test_to_delete"); +- assert(!dd_exist(dd, "at_test_to_delete")); +- +- DIR *d1 = dd_init_next_file(dd); +- assert(d1 != NULL); +- +- int items_counter = 0; +- char *short_name, *full_name; +- while (dd_get_next_file(dd, &short_name, &full_name)) +- { +- ++items_counter; +- +- TS_ASSERT_PTR_IS_NOT_NULL(short_name); +- TS_ASSERT_PTR_IS_NOT_NULL(full_name); +- TS_ASSERT_STRING_EQ(short_name, (strrchr(full_name, '/') + 1), NULL); +- TS_ASSERT_STRING_BEGINS_WITH(full_name, dd->dd_dirname, NULL); +- TS_ASSERT_CHAR_EQ_MESSAGE(full_name[strlen(dd->dd_dirname)], '/', full_name); +- g_free(short_name); +- g_free(full_name); +- } +- +- TS_ASSERT_SIGNED_EQ(items, items_counter); +- TS_ASSERT_SIGNED_EQ(dd_get_items_count(dd), items); +- TS_ASSERT_PTR_IS_NULL(dd->next_dir); +- TS_ASSERT_SIGNED_EQ(dd_get_next_file(dd, NULL, NULL), 0); +- +- DIR *iterator_second_run = dd_init_next_file(dd); +- TS_ASSERT_PTR_IS_NOT_NULL(iterator_second_run); +- +- while (dd_get_next_file(dd, &short_name, &full_name)) +- { +- --items_counter; +- g_free(short_name); +- g_free(full_name); +- } +- +- TS_ASSERT_SIGNED_OP_MESSAGE(items_counter, ==, 0, "Second run iterator goes through all items"); +- +- DIR *iterator_third_run = dd_init_next_file(dd); +- TS_ASSERT_PTR_IS_NOT_NULL(iterator_third_run); +- TS_ASSERT_PTR_IS_NOT_NULL(dd->next_dir); +- dd_clear_next_file(dd); +- TS_ASSERT_PTR_IS_NULL(dd->next_dir); +- TS_ASSERT_SIGNED_OP_MESSAGE(dd_get_next_file(dd, NULL, NULL), ==, 0, "dd_clear_next_file(dd) stops iteration"); +-} +- +-TS_MAIN +-{ +- char template[] = "/tmp/XXXXXX/dump_dir"; +- +- char *last_slash = strrchr(template, '/'); +- *last_slash = '\0'; +- +- if (mkdtemp(template) == NULL) { +- perror("mkdtemp()"); +- return EXIT_FAILURE; +- } +- +- *last_slash = '/'; +- +- printf("Dump dir path: %s\n", template); +- +- fprintf(stderr, "Create new dump directory\n"); +- struct dump_dir *dd = dd_create(template, (uid_t)-1, 0640); +- assert(dd != NULL || !"Cannot create new dump directory"); +- +- dd_create_basic_files(dd, geteuid(), NULL); +- dd_save_text(dd, FILENAME_TYPE, "attest"); +- +- dd_save_text(dd, "at_test_text", "foo"); +- assert(dd_exist(dd, "at_test_text")); +- +- dd_save_binary(dd, "at_test_binary", "blah", 4); +- assert(dd_exist(dd, "at_test_binary")); +- +- dd_copy_file(dd, "at_test_services", "/etc/services"); +- +- const int etc_dir_fd = open("/etc", O_DIRECTORY | O_PATH | O_CLOEXEC | O_EXCL); +- assert(etc_dir_fd >= 0); +- dd_copy_file_at(dd, "at_test_group", etc_dir_fd, "group"); +- close(etc_dir_fd); +- +- int passwd_fd = open("/etc/passwd", O_RDONLY); +- assert(passwd_fd >= 0); +- dd_copy_fd(dd, "at_test_passwd", passwd_fd, 0, 0); +- close(passwd_fd); +- +- fprintf(stderr, "Test newly created dump directory\n"); +- validate_dump_dir_contents(dd); +- dd_close(dd); +- +- +- fprintf(stderr, "Test opened dump directory\n"); +- dd = dd_opendir(template, /*for writing*/0); +- assert(dd != NULL || !"Cannot open the dump directory"); +- validate_dump_dir_contents(dd); +- dd_close(dd); +- +- +- fprintf(stderr, "Test renamed dump directory\n"); +- dd = dd_opendir(template, /*for writing*/0); +- assert(dd != NULL || !"Cannot open the dump directory second time"); +- +- *(last_slash+1) = 'X'; +- assert(dd_rename(dd, template) == 0 || !"Cannot rename the dump directory"); +- +- validate_dump_dir_contents(dd); +- dd_close(dd); +- +- +- fprintf(stderr, "Test opened renamed dump directory\n"); +- assert(dd != NULL || !"Cannot open the renamed dump directory"); +- dd = dd_opendir(template, /*for writing*/0); +- validate_dump_dir_contents(dd); +- +- assert(dd_delete(dd) == 0); +- +- *last_slash = '\0'; +- assert(rmdir(template) == 0); +-} +-TS_RETURN_MAIN +-]]) +- + ## --------------------- ## + ## dd_create_open_delete ## + ## --------------------- ## +@@ -859,153 +669,6 @@ TS_RETURN_MAIN + + ]]) + +-## ---------- ## +-## dd_copy_fd ## +-## ---------- ## +- +-AT_TESTFUN([dd_copy_fd], +-[[ +-#include "testsuite.h" +- +-void test(const char buffer[], const size_t buffer_size) +-{ +- char template[] = "/tmp/XXXXXX"; +- +- if (mkdtemp(template) == NULL) { +- perror("mkdtemp()"); +- abort(); +- } +- +- printf("Dump dir path: %s\n", template); +- +- struct dump_dir *dd = dd_create(template, (uid_t)-1, 0640); +- assert(dd != NULL || !"Cannot create new dump directory"); +- +- dd_create_basic_files(dd, geteuid(), NULL); +- +- char tmpfile[] = "/tmp/libreport-attestsuite-dd_copy_fd.XXXXXX"; +- int tmpfd = mkstemp(tmpfile); +- libreport_full_write(tmpfd, buffer, buffer_size); +- +- { +- assert((-1) != lseek(tmpfd, 0, SEEK_SET)); +- +- const off_t read_truncated = dd_copy_fd(dd, "truncated", tmpfd, 0, buffer_size/2); +- TS_ASSERT_SIGNED_GE(read_truncated, buffer_size/2); +- TS_ASSERT_SIGNED_EQ(dd_get_item_size(dd, "truncated"), buffer_size/2); +- TS_ASSERT_SIGNED_EQ(dd_delete_item(dd, "truncated"), 0); +- } +- +- { +- assert((-1) != lseek(tmpfd, 0, SEEK_SET)); +- +- const off_t read_exact = dd_copy_fd(dd, "exact", tmpfd, 0, buffer_size); +- TS_ASSERT_SIGNED_EQ(read_exact, buffer_size); +- TS_ASSERT_SIGNED_EQ(dd_get_item_size(dd, "exact"), buffer_size); +- TS_ASSERT_SIGNED_EQ(dd_delete_item(dd, "exact"), 0); +- } +- +- { +- assert((-1) != lseek(tmpfd, 0, SEEK_SET)); +- +- const off_t read_bigger = dd_copy_fd(dd, "bigger", tmpfd, 0, buffer_size * 2); +- TS_ASSERT_SIGNED_EQ(read_bigger, buffer_size); +- TS_ASSERT_SIGNED_EQ(dd_get_item_size(dd, "bigger"), buffer_size); +- TS_ASSERT_SIGNED_EQ(dd_delete_item(dd, "bigger"), 0); +- } +- +- { +- assert((-1) != lseek(tmpfd, 0, SEEK_SET)); +- +- const off_t read_no_limit = dd_copy_fd(dd, "no_limit", tmpfd, 0, 0); +- TS_ASSERT_SIGNED_EQ(read_no_limit, buffer_size); +- TS_ASSERT_SIGNED_EQ(dd_get_item_size(dd, "no_limit"), buffer_size); +- TS_ASSERT_SIGNED_EQ(dd_delete_item(dd, "no_limit"), 0); +- } +- +- close(tmpfd); +- unlink(tmpfile); +- assert(dd_delete(dd) == 0); +-} +- +-TS_MAIN +-{ +- { +- char buffer[1024*2]; +- memset(buffer, 'x', sizeof(buffer)); +- test(buffer, sizeof(buffer)); +- } +- +- { +- char buffer[1024*4]; +- memset(buffer, 'y', sizeof(buffer)); +- test(buffer, sizeof(buffer)); +- } +- +- { +- char buffer[1024*6]; +- memset(buffer, 'z', sizeof(buffer)); +- test(buffer, sizeof(buffer)); +- } +- +- +- { +- char template[] = "/tmp/XXXXXX"; +- +- if (mkdtemp(template) == NULL) { +- perror("mkdtemp()"); +- return EXIT_FAILURE; +- } +- +- printf("Dump dir path: %s\n", template); +- +- struct dump_dir *dd = dd_create(template, (uid_t)-1, 0640); +- assert(dd != NULL || !"Cannot create new dump directory"); +- +- dd_create_basic_files(dd, geteuid(), NULL); +- +- { +- int opath_fd = open("/etc/services", O_PATH); +- char buf[16] = {0}; +- if (read(opath_fd, buf, sizeof(buf)/sizeof(buf[0])) == -1) +- { +- assert(errno == EBADF || !"O_PATH fd can be read"); +- close(opath_fd); +- +- opath_fd = open("/etc/services", O_PATH); +- assert(opath_fd >= 0); +- +- const off_t opath_read = dd_copy_fd(dd, "opath", opath_fd, 0, 0); +- TS_ASSERT_SIGNED_EQ(opath_read, -1); +- TS_ASSERT_SIGNED_EQ(dd_exist(dd, "opath"), 0); +- } +- close(opath_fd); +- } +- +- { +- int wronly_fd = open("/tmp/libreport.testsuite", O_WRONLY | O_CREAT | O_TRUNC, 0600); +- assert(wronly_fd >= 0 || !"Cannot create temporary file"); +- char buf[] = "Hello, world!"; +- assert(write(wronly_fd, buf, sizeof(buf)/sizeof(buf[0])) == sizeof(buf)/sizeof(buf[0])); +- close(wronly_fd); +- +- wronly_fd = open("/tmp/libreport.testsuite", O_WRONLY); +- assert(wronly_fd >= 0 || !"Cannot re-open temporary file"); +- +- const off_t wronly_read = dd_copy_fd(dd, "wronly", wronly_fd, 0, 0); +- TS_ASSERT_SIGNED_EQ(wronly_read, -1); +- TS_ASSERT_SIGNED_EQ(dd_exist(dd, "wronly"), 0); +- +- close(wronly_fd); +- } +- +- dd_delete(dd); +- } +-} +-TS_RETURN_MAIN +- +-]]) +- + ## ------------- ## + ## dd_load_int32 ## + ## ------------- ## +@@ -1277,289 +940,6 @@ int main(void) + } + ]]) + +-## ----------------- ## +-## dd_create_archive ## +-## ----------------- ## +- +-AT_TESTFUN([dd_create_archive], +-[[ +-#include "internal_libreport.h" +-#include +-#include +-#include +- +-static int copy_data(struct archive *in, struct archive *out) +-{ +- int r; +- const void *buff; +- size_t size; +- la_int64_t offset; +- +- for (;;) +- { +- r = archive_read_data_block(in, &buff, &size, &offset); +- if (r == ARCHIVE_EOF) +- return (ARCHIVE_OK); +- if (r < ARCHIVE_OK) +- return (r); +- r = archive_write_data_block(out, buff, size, offset); +- if (r < ARCHIVE_OK) +- { +- fprintf(stderr, "Error: archive_write_data_block() failed: %s\n", archive_error_string(out)); +- return (r); +- } +- } +-} +- +-void verify_archive(struct dump_dir *dd, const char *file_name, +- const_string_vector_const_ptr_t included_files, +- const_string_vector_const_ptr_t excluded_files) +-{ +- unsigned c = 0; +- for (const_string_vector_const_ptr_t i = included_files; i && *i; ++i) +- ++c; +- g_autofree int *check_array = g_malloc0(c * sizeof(int)); +- +- struct archive *in_archive; +- struct archive *out_archive; +- struct archive_entry *entry = NULL; +- int flags = ARCHIVE_EXTRACT_TIME|ARCHIVE_EXTRACT_PERM|ARCHIVE_EXTRACT_ACL|ARCHIVE_EXTRACT_FFLAGS; +- +- in_archive = archive_read_new(); +- archive_read_support_filter_gzip(in_archive); +- archive_read_support_format_tar(in_archive); +- +- int r = archive_read_open_filename(in_archive, file_name, 10240); +- if (r != ARCHIVE_OK) +- { +- fprintf(stderr, "Failed to open archive '%s': %s\n", file_name, archive_error_string(in_archive)); +- abort(); +- } +- const char *real_file = "/tmp/libreport-attest-extracted"; +- for (;;) +- { +- if (entry) +- archive_entry_clear(entry); +- r = archive_read_next_header(in_archive, &entry); +- if (r == ARCHIVE_EOF) +- { +- archive_entry_free(entry); +- archive_read_close(in_archive); +- //uncomment to cause a segfault +- //archive_read_free(in_archive); +- break; +- } +- +- const char *path = g_strdup(archive_entry_pathname(entry)); +- +- if (archive_entry_filetype(entry) != AE_IFREG) +- { +- fprintf(stderr, "Not regular file: '%s', found in archive: '%s'\n", path, file_name); +- g_free((void *)path); +- continue; +- } +- +- const_string_vector_const_ptr_t i = included_files; +- for (c = 0; i && *i; ++i, ++c) +- { +- if (strcmp(*i, path) == 0) +- break; +- } +- +- if (i && *i != NULL) +- { +- printf("Included file: '%s', found in archive '%s'\n", path, file_name); +- check_array[c] += 1; +- +- unlink(real_file); +- out_archive = archive_write_disk_new(); +- archive_write_disk_set_options(out_archive, flags); +- archive_write_disk_set_standard_lookup(out_archive); +- archive_entry_set_pathname(entry, "/tmp/libreport-attest-extracted"); +- r = archive_write_header(out_archive, entry); +- if (r != ARCHIVE_OK) +- fprintf(stderr, "Error: archive_write_header() failed: %s\n", archive_error_string(out_archive)); +- else if (archive_entry_size(entry) > 0) +- { +- r = copy_data(in_archive, out_archive); +- if (r != ARCHIVE_OK) +- { +- fprintf(stderr, "Error: copy_data() failed: %s\n", archive_error_string(out_archive)); +- abort(); +- } +- } +- +- archive_write_close(out_archive); +- archive_write_free(out_archive); +- +- g_autofree char *original = dd_load_text(dd, path); +- assert(original != NULL); +- assert(original[0] != '\0'); +- +- g_autofree char *extracted = libreport_xmalloc_xopen_read_close("/tmp/libreport-attest-extracted", NULL); +- assert(extracted != NULL); +- +- if (strcmp(extracted, original) != 0) +- { +- fprintf(stderr, "Invalid file contents: '%s'\nExp: '%s'\nGot: '%s'\n", path, original, extracted); +- abort(); +- } +- g_free((void *)path); +- continue; +- } +- +- i = excluded_files; +- for (; i && *i; ++i) +- { +- if (strcmp(*i, path) == 0) +- break; +- } +- +- if (i && *i != NULL) +- { +- fprintf(stderr, "Excluded file: '%s', found in archive '%s'\n", path, file_name); +- abort(); +- } +- +- fprintf(stderr, "Uncategorized file: '%s', found in archive '%s'\n", path, file_name); +- g_free((void *)path); +- } +- +- int err = 0; +- const_string_vector_const_ptr_t i = included_files; +- for (c = 0; i && *i; ++i, ++c) +- { +- switch (check_array[c]) +- { +- case 0: +- fprintf(stderr, "Not found included file: '%s', in archive: %s\n", *i, file_name); +- ++err; +- break; +- case 1: +- fprintf(stdout, "Found included file: '%s', in archive: %s\n", *i, file_name); +- break; +- default: +- fprintf(stderr, "%d occurrences of included file: '%s', in archive: %s\n", check_array[c], *i, file_name); +- ++err; +- break; +- } +- } +- +- if (err) +- abort(); +- +- return; +-} +- +-int main(void) +-{ +- libreport_g_verbose = 3; +- +- char template[] = "/tmp/XXXXXX"; +- +- if (mkdtemp(template) == NULL) { +- perror("mkdtemp()"); +- return EXIT_FAILURE; +- } +- +- printf("Dump dir path: %s\n", template); +- +- struct dump_dir *dd = dd_create(template, (uid_t)-1, 0640); +- assert(dd != NULL || !"Cannot create new dump directory"); +- +- +-#define COMMON_FILES "time", "last_occurrence", "uid", "kernel", \ +- "architecture", "hostname", "os_info", "os_release", \ +- "type", "count", "component", "program_log" +-#define SENSITIVE_FILES "environ", "backtrace", "secret_file", "private_file", \ +- "useless_file" +- +- dd_create_basic_files(dd, geteuid(), NULL); +- dd_save_text(dd, FILENAME_TYPE, "attest"); +- dd_save_text(dd, FILENAME_COUNT, "1"); +- dd_save_text(dd, FILENAME_COMPONENT, "libreport-attest"); +- dd_save_text(dd, "program_log", "Something very important!"); +- +- const gchar *excluded_files[] = { +- SENSITIVE_FILES, +- NULL, +- }; +- +- for (const gchar **iter = excluded_files; *iter; ++iter) +- dd_save_text(dd, *iter, *iter); +- +- /* Un-supported archive type */ +- { +- fprintf(stderr, "TEST-CASE: Un-supported type\n"); +- fprintf(stdout, "TEST-CASE: Un-supported type\n"); +- const int r = dd_create_archive(dd, "/tmp/libreport-attest.omg", NULL, 0); +- printf("dd_create_archive() == %d\n", r); +- assert(r == -ENOSYS || !"Not supported"); +- } +- +- /* File already exists. */ +- { +- fprintf(stderr, "TEST-CASE: File exists\n"); +- fprintf(stdout, "TEST-CASE: File exists\n"); +- char file_contents[] = "Non emtpy file"; +- const char *file_name = "/tmp/libreport-attest.tar.gz"; +- FILE *test_file = fopen(file_name, "w"); +- assert(test_file != NULL); +- assert(fprintf(test_file, "%s", file_contents) == strlen(file_contents)); +- fclose(test_file); +- +- assert(dd_create_archive(dd, file_name, NULL, 0) == -EEXIST || !"Exists"); +- +- g_autofree char *canary = libreport_xmalloc_xopen_read_close(file_name, NULL); +- assert(canary != NULL); +- assert(strcmp(canary, file_contents) == 0); +- } +- +- /* All elements */ +- { +- fprintf(stderr, "TEST-CASE: Compress all elements\n"); +- fprintf(stdout, "TEST-CASE: Compress all elements\n"); +- +- const gchar *included_files[] = { +- COMMON_FILES, +- SENSITIVE_FILES, +- NULL, +- }; +- +- const char *file_name = "/tmp/libreport-attest-all.tar.gz"; +- unlink(file_name); +- assert(dd_create_archive(dd, file_name, NULL, 0) == 0 || !"All elements"); +- +- verify_archive(dd, file_name, included_files, NULL); +- +- unlink(file_name); +- } +- +- /* Excluded elements */ +- { +- fprintf(stderr, "TEST-CASE: Exclude elements\n"); +- fprintf(stdout, "TEST-CASE: Exclude elements\n"); +- +- const char *included_files[] = { +- COMMON_FILES, +- NULL, +- }; +- +- const char *file_name = "/tmp/libreport-attest-excluded.tar.gz"; +- unlink(file_name); +- assert(dd_create_archive(dd, file_name, excluded_files, 0) == 0 || !"Excluded elements"); +- +- verify_archive(dd, file_name, included_files, excluded_files); +- +- unlink(file_name); +- } +- +- assert(dd_delete(dd) == 0); +- +- return 0; +-} +-]]) +- + ## --------------- ## + ## dd_compute_size ## + ## --------------- ## +diff --git a/tests/proc_helpers.at b/tests/proc_helpers.at +index 76d24e7..6ee576e 100644 +--- a/tests/proc_helpers.at ++++ b/tests/proc_helpers.at +@@ -432,243 +432,6 @@ TS_MAIN + TS_RETURN_MAIN + ]]) + +-## ---------------------- ## +-## libreport_dump_fd_info ## +-## ---------------------- ## +- +-AT_TESTFUN([libreport_dump_fd_info], [[ +-#include "testsuite.h" +-#include +-#include +-#include +- +-#define FILENAME_FORMAT "/tmp/libreport.testsuite.fdinfo.%d.%s" +- +-pid_t prepare_process(void) +-{ +- int toparent[2]; +- g_unix_open_pipe(toparent, 0, NULL); +- +- g_autofree char *binary = libreport_malloc_readlink("/proc/self/exe"); +- pid_t pid = fork(); +- if (pid < 0) { +- err(EXIT_FAILURE, "fork"); +- } +- +- if (pid == 0) { +- close(STDOUT_FILENO); +- libreport_xdup2(toparent[1], STDOUT_FILENO); +- +- DIR *fddir = opendir("/proc/self/fd"); +- struct dirent *dent; +- while ((dent = readdir(fddir))) { +- const int fd = atoi(dent->d_name); +- if (fd != STDOUT_FILENO) { +- close(fd); +- } +- } +- +- execl(binary, "wait", NULL); +- exit(EXIT_FAILURE); +- } +- +- close(toparent[1]); +- +- /* Wait for child */ +- char buf[8]; +- if (libreport_full_read(toparent[0], buf, 8) < 0) { +- fprintf(stderr, "Failed to read from child: %s\n", strerror(errno)); +- fflush(stderr); +- } +- +- close(toparent[0]); +- +- return pid; +-} +- +-void kill_process(pid_t pid) +-{ +- /* Notify child */ +- kill(pid, SIGTERM); +- int status = 0; +- if (libreport_safe_waitpid(pid, &status, 0) < 0) { +- fprintf(stderr, "Couldn't wait for child\n"); +- } +- else if (!WIFSIGNALED(status) || WTERMSIG(status) != SIGTERM) { +- fprintf(stderr, "Child was not TERMinated - %d\n", status); +- } +-} +- +-void check_file_contents(const char *fdinfo_filename) +-{ +- struct fd { +- int fd; +- const char *file; +- } fds[] = { +- { .fd = 0, .file = "/etc/services", }, +- { .fd = 2, .file = "/etc/passwd", }, +- { .fd = 3, .file = "/etc/group", }, +- }; +- +- g_autofree char *file = libreport_xmalloc_xopen_read_close(fdinfo_filename, NULL); +- int fdno = 0; +- char *cursor = file; +- char *line = file; +- char *end = file + strlen(file); +- while (cursor < end) { +- cursor = strchrnul(line, '\n'); +- if (*cursor != '\0') { +- *cursor = '\0'; +- } +- ++cursor; +- +- if (fdno < (sizeof(fds)/sizeof(fds[0]))) { +- int fd = 0; +- g_autofree char *file = NULL; +- const int res = sscanf(line, "%d:%ms", &fd, &file); +- TS_ASSERT_SIGNED_EQ(res, 2); +- TS_ASSERT_SIGNED_EQ(fd, fds[fdno].fd); +- TS_ASSERT_STRING_EQ(file, fds[fdno].file, "FD file name"); +- } +- +- line = cursor; +- int fieldscnt = 0; +- while (line < end) { +- cursor = strchrnul(line, '\n'); +- if (*cursor != '\0') { +- *cursor = '\0'; +- } +- ++cursor; +- +- if (strcmp(line, "") == 0) { +- break; +- } +- +- int col = 0; +- for (; col < strlen(line); ++col) { +- if (line[col] == ':') { +- break; +- } +- +- TS_ASSERT_TRUE(line[col] != ' ' && line[col] != '\t'); +- if (!g_testsuite_last_ok) { +- break; +- } +- } +- TS_ASSERT_SIGNED_NEQ(col, 0); +- TS_ASSERT_SIGNED_LT(col, strlen(line)); +- if (g_testsuite_last_ok) { +- TS_ASSERT_CHAR_EQ(line[col], ':'); +- } +- +- fieldscnt += g_testsuite_last_ok; +- line = cursor; +- } +- TS_ASSERT_SIGNED_GT(fieldscnt, 2); +- +- ++fdno; +- line = cursor; +- } +- +- TS_ASSERT_SIGNED_EQ(fdno, sizeof(fds)/sizeof(fds[0])); +-} +- +-TS_MAIN +-{ +- if (strcmp(argv[0], "wait") == 0) { +- FILE *services = fopen("/etc/services", "r"); +- FILE *passwd = fopen("/etc/passwd", "r"); +- FILE *group = fopen("/etc/group", "r"); +- +- /* Notify parent */ +- close(STDOUT_FILENO); +- +- /* Wait for parent */ +- while (1) { +- sleep(1); +- } +- +- fclose(group); +- fclose(passwd); +- fclose(services); +- exit(EXIT_SUCCESS); +- } +- +- pid_t pid = prepare_process(); +- +- char proc_dir_path[strlen("/proc/%d/fd") + sizeof(pid_t) * 3]; +- if (sizeof(proc_dir_path) <= snprintf(proc_dir_path, sizeof(proc_dir_path), "/proc/%d/fd", pid)) { +- errx(EXIT_FAILURE, "too small buffer for proc dir path"); +- } +- +- { +- TS_PRINTF("%s\n", "libreport_dump_fd_info"); +- char fdinfo_filename[strlen(FILENAME_FORMAT) + sizeof(pid_t) * 3 + strlen("libreport_dump_fd_info")]; +- if (sizeof(fdinfo_filename) <= snprintf(fdinfo_filename, sizeof(fdinfo_filename), FILENAME_FORMAT, pid, "libreport_dump_fd_info")) { +- errx(EXIT_FAILURE, "too small buffer for file name"); +- } +- +- TS_ASSERT_FUNCTION(libreport_dump_fd_info(fdinfo_filename, proc_dir_path)); +- +- struct stat st; +- TS_ASSERT_FUNCTION(stat(fdinfo_filename, &st)); +- if (g_testsuite_last_ok) { +- TS_ASSERT_SIGNED_EQ(st.st_mode & 0777, 0600); +- } +- +- check_file_contents(fdinfo_filename); +- +- unlink(fdinfo_filename); +- } +- +- { +- TS_PRINTF("%s\n", "libreport_dump_fd_info_ext"); +- char fdinfo_filename[strlen(FILENAME_FORMAT) + sizeof(pid_t) * 3 + strlen("libreport_dump_fd_info_ext")]; +- if (sizeof(fdinfo_filename) <= snprintf(fdinfo_filename, sizeof(fdinfo_filename), FILENAME_FORMAT, pid, "libreport_dump_fd_info_ext")) { +- errx(EXIT_FAILURE, "too small buffer for file name"); +- } +- +- const uid_t uid = getuid(); +- const gid_t gid = getgid(); +- TS_ASSERT_FUNCTION(libreport_dump_fd_info_ext(fdinfo_filename, proc_dir_path, uid, gid)); +- +- struct stat st; +- TS_ASSERT_FUNCTION(stat(fdinfo_filename, &st)); +- if (g_testsuite_last_ok) { +- TS_ASSERT_SIGNED_EQ(st.st_mode & 0777, 0600); +- } +- +- check_file_contents(fdinfo_filename); +- +- unlink(fdinfo_filename); +- } +- +- { +- TS_PRINTF("%s\n", "libreport_dump_fd_info_at"); +- char fdinfo_filename[strlen(FILENAME_FORMAT) + sizeof(pid_t) * 3 + strlen("libreport_dump_fd_info_at")]; +- if (sizeof(fdinfo_filename) <= snprintf(fdinfo_filename, sizeof(fdinfo_filename), FILENAME_FORMAT, pid, "libreport_dump_fd_info_at")) { +- errx(EXIT_FAILURE, "too small buffer for file name"); +- } +- +- FILE *dest = fopen(fdinfo_filename, "w"); +- const int pid_proc_fd = libreport_open_proc_pid_dir(pid); +- +- TS_ASSERT_FUNCTION(libreport_dump_fd_info_at(pid_proc_fd, dest)); +- +- close(pid_proc_fd); +- fclose(dest); +- +- check_file_contents(fdinfo_filename); +- +- unlink(fdinfo_filename); +- } +- +- kill_process(pid); +-} +-TS_RETURN_MAIN +-]]) +- +- + ## ------------- ## + ## get_fs-u_g-id ## + ## ------------- ## +@@ -1034,155 +797,3 @@ TS_MAIN + } + TS_RETURN_MAIN + ]]) +- +- +-## ------------------------------ ## +-## libreport_process_has_own_root ## +-## ------------------------------ ## +- +-AT_TESTFUN([libreport_process_has_own_root], [[ +-#include "testsuite.h" +-#include +-#include +- +-void write_cmd_output_to_fd(int fd, const char *cmd) +-{ +- FILE *proc = popen(cmd, "r"); +- if (proc == NULL) { +- err(EXIT_FAILURE, "popen(%s)", cmd); +- } +- +- g_autofree char *output = libreport_xmalloc_fgetline(proc); +- TS_PRINTF("%s : %s\n", cmd, output); +- +- const int retcode = pclose(proc); +- if (retcode == -1) { +- err(EXIT_FAILURE, "pclose(%s)", cmd); +- } +- +- if (retcode != 0) { +- errx(EXIT_FAILURE, "non-0 status %d of '%s'", retcode, cmd); +- } +- +- if (output == NULL) { +- errx(EXIT_FAILURE, "no output of '%s'", cmd); +- } +- +- libreport_full_write_str(fd, output); +-} +- +-TS_MAIN +-{ +- char mock_pid_proc[] = "/tmp/libreport.testsuite.pid.XXXXXX"; +- +- if (mkdtemp(mock_pid_proc) == NULL) { +- err(EXIT_FAILURE, "mkdtemp(%s)", mock_pid_proc); +- } +- +- const int mock_pid_proc_fd = open(mock_pid_proc, O_DIRECTORY); +- if (mock_pid_proc_fd < 0) { +- err(EXIT_FAILURE, "open(%s, O_DIRECTORY)", mock_pid_proc); +- } +- +- { +- /* TODO: add test for open file descriptors */ +- const int r = libreport_process_has_own_root_at(mock_pid_proc_fd); +- TS_ASSERT_SIGNED_EQ(r, -ENOENT); +- } +- +- /* Please, notice that the mode is intentionally 0000 - no read, no write, +- * no execute access */ +- int mntnf_fd = openat(mock_pid_proc_fd, "mountinfo", O_RDWR | O_CREAT | O_EXCL, 0000); +- +- { +- /* TODO: add test for open file descriptors */ +- const int r = libreport_process_has_own_root_at(mock_pid_proc_fd); +- TS_ASSERT_SIGNED_EQ(r, -EACCES); +- } +- +- /* Make the file readable & writable */ +- fchmod(mntnf_fd, 0600); +- +- { +- /* TODO: add test for open file descriptors */ +- const int r = libreport_process_has_own_root_at(mock_pid_proc_fd); +- TS_ASSERT_SIGNED_EQ(r, -ENOKEY); +- } +- +- libreport_full_write_str(mntnf_fd, "36 35 98:0 /madeuproot /foo rw,noatime master:1 - ext3 /dev/myroot rw,errors=continue\n"); +- libreport_full_write_str(mntnf_fd, "37 38 99:0 /mnt3 /mnt4 rw,noatime master:2 - ext3 /dev/boot rw,errors=continue\n"); +- +- fsync(mntnf_fd); +- lseek(mntnf_fd, 0, SEEK_SET); +- +- TS_PRINTF("Made-up mountinfo created in %s\n", mock_pid_proc); +- +- { +- /* TODO: add test for open file descriptors */ +- const int r = libreport_process_has_own_root_at(mock_pid_proc_fd); +- TS_ASSERT_SIGNED_EQ(r, -ENOKEY); +- } +- +- TS_PRINTF("Going to copy /proc/1/mountinfo to %s\n", mock_pid_proc); +- +- const int pid1_mntnf_fd = open("/proc/1/mountinfo", O_RDONLY); +- if (pid1_mntnf_fd < 0) { +- err(EXIT_FAILURE, "/proc/1/mountinfo"); +- } +- +- TS_PRINTF("Copying /proc/1/mountinfo to %s\n", mock_pid_proc); +- +- { +- int r = 0; +- +- while ((r = sendfile(mntnf_fd, pid1_mntnf_fd, NULL, 65535)) > 0) +- ; +- +- if (r < 0) { +- err(EXIT_FAILURE, "Cannot copy /proc/1/mountinfo to %s", mock_pid_proc); +- } +- } +- +- close(pid1_mntnf_fd); +- +- fsync(mntnf_fd); +- lseek(mntnf_fd, 0, SEEK_SET); +- +- TS_PRINTF("Copied /proc/1/mountinfo to %s\n", mock_pid_proc); +- +- { +- /* TODO: add test for open file descriptors */ +- const int r = libreport_process_has_own_root_at(mock_pid_proc_fd); +- TS_ASSERT_SIGNED_EQ(r, 0); +- } +- +- /* Test different source directory. Swap / with \ in the mock mountinfo. */ +- fsync(mntnf_fd); +- lseek(mntnf_fd, 0, SEEK_SET); +- +- libreport_full_write_str(mntnf_fd, "12 34 567:89 /madeuproot / "); +- write_cmd_output_to_fd(mntnf_fd, "findmnt -F /proc/1/mountinfo -r -n -o VFS-OPTIONS,OPT-FIELDS -T /"); +- libreport_full_write_str(mntnf_fd, " - "); +- write_cmd_output_to_fd(mntnf_fd, "findmnt -F /proc/1/mountinfo -r -n -o FSTYPE,SOURCE,FS-OPTIONS -T /"); +- +- fsync(mntnf_fd); +- lseek(mntnf_fd, 0, SEEK_SET); +- +- { +- /* TODO: add test for open file descriptors */ +- const int r = libreport_process_has_own_root_at(mock_pid_proc_fd); +- TS_ASSERT_SIGNED_EQ(r, 1); +- } +- +- close(mntnf_fd); +- +- if (unlinkat(mock_pid_proc_fd, "mountinfo", 0) < 0) { +- perror("unlinkat(fd, mountinfo)"); +- } +- +- if (rmdir(mock_pid_proc) < 0) { +- perror("rmdir(/mock_pid_dir)"); +- } +-} +-TS_RETURN_MAIN +-]]) +diff --git a/tests/report_python.at b/tests/report_python.at +index 31c0142..f267427 100644 +--- a/tests/report_python.at ++++ b/tests/report_python.at +@@ -70,43 +70,6 @@ if __name__ == "__main__": + sys.exit(main()) + ]]) + +-## ----------------------- ## +-## get_from_etc_os_release ## +-## ----------------------- ## +- +-AT_PYTESTFUN([get_from_etc_os_release], +-[[import sys +- +-sys.path.insert(0, "../../../src/report-python") +-sys.path.insert(0, "../../../src/report-python/report/.libs") +- +-report = __import__("report", globals(), locals(), [], 0) +-sys.modules["report"] = report +- +-import os +- +-if not os.path.exists("/etc/os-release"): +- print("Cannot run the test: '/etc/os-release' does not exist") +- sys.exit(1) +- +-exit_code = 0 +-if report.getProduct_fromOSRELEASE() != report.getProduct(): +- print("getProduct('{0}') did not return PRODUCT='{1}' from /etc/os-release".format(report.getProduct(), report.getProduct_fromOSRELEASE())) +- exit_code += 1 +- +-if report.getVersion_fromOSRELEASE() != report.getVersion(): +- print("getVersion('{0}') did not return PRODUCT_VERSION='{1}' from /etc/os-release".format(report.getVersion(), report.getVersion_fromOSRELEASE())) +- exit_code += 1 +- +-if exit_code != 0: +- print("++++ /etc/os-release ++++") +- with open("/etc/os-release") as osrel: +- sys.stdout.write(osrel.read()) +- print("^^^^ /etc/os-release ^^^^") +- +-sys.exit(exit_code) +-]]) +- + ## ---------------------------------- ## + ## create_dump_dir_uid_does_not_exist ## + ## ---------------------------------- ## +diff --git a/tests/ureport.at b/tests/ureport.at +index 7ac67dc..849f1c9 100644 +--- a/tests/ureport.at ++++ b/tests/ureport.at +@@ -764,101 +764,6 @@ int main(void) + } + ]]) + +-## -------------------------- ## +-## libreport_ureport_do_post ## +-## -------------------------- ## +- +-AT_TESTFUN([libreport_ureport_do_post], +-[[ +-#include "internal_libreport.h" +-#include "ureport.h" +-#include +-#include "libreport_curl.h" +-#include "problem_data.h" +- +-int main(void) +-{ +- libreport_g_verbose=3; +- +- struct dump_dir *dd = dd_create("./test", (uid_t)-1L, DEFAULT_DUMP_DIR_MODE); +- assert(dd != NULL); +- dd_create_basic_files(dd, (uid_t)-1L, NULL); +- dd_save_text(dd, FILENAME_TYPE, "CCpp"); +- dd_save_text(dd, FILENAME_ANALYZER, "CCpp"); +- dd_save_text(dd, FILENAME_PKG_EPOCH, "pkg_epoch"); +- dd_save_text(dd, FILENAME_PKG_ARCH, "pkg_arch"); +- dd_save_text(dd, FILENAME_PKG_RELEASE, "pkg_release"); +- dd_save_text(dd, FILENAME_PKG_VERSION, "pkg_version"); +- dd_save_text(dd, FILENAME_PKG_NAME, "pkg_name"); +- const char *bt = "{ \"signal\": 6, \"executable\": \"/usr/bin/will_abort\" }"; +- dd_save_text(dd, FILENAME_CORE_BACKTRACE, bt); +- dd_save_text(dd, FILENAME_COUNT, "1"); +- dd_close(dd); +- +- g_autofree char *json = libreport_ureport_from_dump_dir_ext("./test", NULL); +- +- /* wrong url */ +- struct ureport_server_config config; +- libreport_ureport_server_config_init(&config); +- struct post_state *post_state = libreport_ureport_do_post(json, &config, "not_exist"); +- assert(post_state->curl_result == CURLE_COULDNT_RESOLVE_HOST); +- +- free_post_state(post_state); +- libreport_ureport_server_config_destroy(&config); +- delete_dump_dir("./test"); +- +- return 0; +-} +-]]) +- +-## ------------------------- ## +-## libreport_ureport_submit ## +-## ------------------------- ## +- +-AT_TESTFUN([libreport_ureport_submit], +-[[ +-#include "internal_libreport.h" +-#include "ureport.h" +-#include +-#include "libreport_curl.h" +-#include "problem_data.h" +- +-int main(void) +-{ +- libreport_g_verbose=3; +- +- struct dump_dir *dd = dd_create("./test", (uid_t)-1L, DEFAULT_DUMP_DIR_MODE); +- assert(dd != NULL); +- dd_create_basic_files(dd, (uid_t)-1L, NULL); +- dd_save_text(dd, FILENAME_TYPE, "CCpp"); +- dd_save_text(dd, FILENAME_ANALYZER, "CCpp"); +- dd_save_text(dd, FILENAME_PKG_EPOCH, "pkg_epoch"); +- dd_save_text(dd, FILENAME_PKG_ARCH, "pkg_arch"); +- dd_save_text(dd, FILENAME_PKG_RELEASE, "pkg_release"); +- dd_save_text(dd, FILENAME_PKG_VERSION, "pkg_version"); +- dd_save_text(dd, FILENAME_PKG_NAME, "pkg_name"); +- const char *bt = "{ \"signal\": 6, \"executable\": \"/usr/bin/will_abort\" }"; +- dd_save_text(dd, FILENAME_CORE_BACKTRACE, bt); +- dd_save_text(dd, FILENAME_COUNT, "1"); +- dd_close(dd); +- +- g_autofree char *json = libreport_ureport_from_dump_dir_ext("./test", NULL); +- +- /* wrong url */ +- struct ureport_server_config config; +- libreport_ureport_server_config_init(&config); +- struct ureport_server_response *response = libreport_ureport_submit(json, &config); +- +- assert(response == NULL); +- +- libreport_ureport_server_response_free(response); +- libreport_ureport_server_config_destroy(&config); +- delete_dump_dir("./test"); +- +- return 0; +-} +-]]) +- + ## --------------------------- ## + ## ureport_json_attachment_new ## + ## --------------------------- ## +@@ -918,91 +823,6 @@ int main(void) + } + ]]) + +-## ----------------------------------- ## +-## libreport_ureport_from_dump_dir_ext ## +-## ----------------------------------- ## +- +-AT_TESTFUN([libreport_ureport_from_dump_dir_ext], +-[[ +-#include "internal_libreport.h" +-#include "ureport.h" +-#include +-#include "libreport_curl.h" +-#include "problem_data.h" +- +-int main(void) +-{ +- libreport_g_verbose=3; +- +- struct dump_dir *dd = dd_create("./test", (uid_t)-1L, DEFAULT_DUMP_DIR_MODE); +- assert(dd != NULL); +- dd_create_basic_files(dd, (uid_t)-1L, NULL); +- dd_save_text(dd, FILENAME_TYPE, "CCpp"); +- dd_save_text(dd, FILENAME_ANALYZER, "CCpp"); +- dd_save_text(dd, FILENAME_PKG_EPOCH, "pkg_epoch"); +- dd_save_text(dd, FILENAME_PKG_ARCH, "pkg_arch"); +- dd_save_text(dd, FILENAME_PKG_RELEASE, "pkg_release"); +- dd_save_text(dd, FILENAME_PKG_VERSION, "pkg_version"); +- dd_save_text(dd, FILENAME_PKG_NAME, "pkg_name"); +- const char *bt = "{ \"signal\": 6, \"executable\": \"/usr/bin/will_abort\" }"; +- dd_save_text(dd, FILENAME_CORE_BACKTRACE, bt); +- dd_save_text(dd, FILENAME_COUNT, "1"); +- dd_close(dd); +- +- /* no auth */ +- char *ureport = libreport_ureport_from_dump_dir_ext("./test", NULL); +- assert(strstr(ureport, "auth") == NULL); +- g_free(ureport); +- +- /* auth */ +- dd = dd_opendir("./test", 0); +- dd_save_text(dd, FILENAME_HOSTNAME, "env_hostname"); +- dd_close(dd); +- +- struct ureport_server_config config; +- libreport_ureport_server_config_init(&config); +- +- GHashTable *settings = g_hash_table_new_full(g_str_hash, g_str_equal, free, free); +- +- setenv("uReport_IncludeAuthData", "yes", 1); +- setenv("uReport_AuthDataItems", "hostname", 1); +- +- libreport_ureport_server_config_load(&config, settings); +- +- ureport = libreport_ureport_from_dump_dir_ext("./test", &config.ur_prefs); +- assert(strstr(ureport, "auth") != NULL); +- assert(strstr(ureport, "\"hostname\": \"env_hostname\"") != NULL); +- g_free(ureport); +- +- libreport_ureport_server_config_destroy(&config); +- if (settings) +- g_hash_table_destroy(settings); +- +- /* auth with unknown uReport_AuthDataItems */ +- libreport_ureport_server_config_init(&config); +- +- settings = g_hash_table_new_full(g_str_hash, g_str_equal, free, free); +- +- setenv("uReport_AuthDataItems", "hostname, unknown", 1); +- +- libreport_ureport_server_config_load(&config, settings); +- +- ureport = libreport_ureport_from_dump_dir_ext("./test", &config.ur_prefs); +- assert(strstr(ureport, "auth") != NULL); +- assert(strstr(ureport, "\"hostname\": \"env_hostname\"") != NULL); +- assert(strstr(ureport, "unknown") == NULL); +- g_free(ureport); +- +- libreport_ureport_server_config_destroy(&config); +- if (settings) +- g_hash_table_destroy(settings); +- delete_dump_dir("./test"); +- +- return 0; +-} +-]]) +- +- + ## ------------------------------------- ## + ## ureport_server_config_load_basic_auth ## + ## ------------------------------------- ## +-- +2.45.4 + diff --git a/SPECS-EXTENDED/libreport/libreport.signatures.json b/SPECS-EXTENDED/libreport/libreport.signatures.json index b0c554ae2f4..0325089df3b 100644 --- a/SPECS-EXTENDED/libreport/libreport.signatures.json +++ b/SPECS-EXTENDED/libreport/libreport.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "libreport-2.13.1.tar.gz": "d8523ff6993ba1514550eb745e09eb9e35b4e24bad0f31dcfccb6f4e3f58e2bf" + "libreport-2.17.15.tar.gz": "cf181ed248f6bf12233b459e4a504fab645b3ce8040b6855a073453756311166" } } diff --git a/SPECS-EXTENDED/libreport/libreport.spec b/SPECS-EXTENDED/libreport/libreport.spec index 5aa5500078c..b6a93f3e064 100644 --- a/SPECS-EXTENDED/libreport/libreport.spec +++ b/SPECS-EXTENDED/libreport/libreport.spec @@ -1,94 +1,94 @@ %bcond_without bugzilla + +%define dbus_devel dbus-devel %define libjson_devel json-c-devel + %define glib_ver 2.43.4 -Summary: Generic library for reporting various problems -Name: libreport -Version: 2.13.1 -Release: 9%{?dist} -License: GPLv2+ +Summary: Generic library for reporting various problems +Name: libreport +Version: 2.17.15 +Release: 1%{?dist} +License: GPL-2.0-or-later Vendor: Microsoft Corporation Distribution: Azure Linux -URL: https://abrt.readthedocs.org/ -Source: https://github.com/abrt/%{name}/archive/%{version}/%{name}-%{version}.tar.gz -Patch0: 0001-gui-wizard-gtk-Fix-segfault.patch -BuildRequires: dbus-devel -# BuildRequires: gtk3-devel -BuildRequires: asciidoc -BuildRequires: augeas -BuildRequires: augeas-devel -BuildRequires: curl-devel -BuildRequires: desktop-file-utils -BuildRequires: doxygen -BuildRequires: gettext -BuildRequires: git-core -BuildRequires: glib2-devel >= %{glib_ver} -BuildRequires: intltool -BuildRequires: libproxy-devel -BuildRequires: libtar-devel -BuildRequires: libtool -BuildRequires: libxml2-devel -BuildRequires: lz4 -BuildRequires: nettle-devel -BuildRequires: newt-devel -BuildRequires: python3-devel -BuildRequires: satyr-devel >= 0.24 -BuildRequires: systemd-devel -BuildRequires: texinfo -BuildRequires: xmlrpc-c -BuildRequires: xmlto -BuildRequires: xz -Requires: glib2 >= %{glib_ver} -Requires: libreport-filesystem = %{version}-%{release} -Requires: lz4 -Requires: nettle -Requires: satyr >= 0.24 -Requires: xz -%if 0%{?with_check} && 0%{?mariner_failing_tests} -# A test case uses zh_CN locale to verify XML event translations -BuildRequires: glibc-all-langpacks -%endif +URL: https://abrt.readthedocs.org/ +Source: https://github.com/abrt/%{name}/archive/%{version}/%{name}-%{version}.tar.gz +Patch1: 0001-skip-unwanted-tests.patch +BuildRequires: %{dbus_devel} +BuildRequires: gtk3-devel +BuildRequires: curl-devel +BuildRequires: desktop-file-utils +BuildRequires: python3-devel +BuildRequires: gettext +BuildRequires: libxml2-devel +BuildRequires: intltool +BuildRequires: libtool +BuildRequires: make +BuildRequires: texinfo +BuildRequires: asciidoc +BuildRequires: xmlto +BuildRequires: newt-devel +BuildRequires: satyr-devel >= 0.38 +BuildRequires: glib2-devel >= %{glib_ver} +BuildRequires: git-core + %if %{with bugzilla} -BuildRequires: xmlrpc-c-devel +BuildRequires: xmlrpc-c-devel %endif +BuildRequires: doxygen +BuildRequires: systemd-devel +BuildRequires: augeas-devel +BuildRequires: augeas +BuildRequires: libarchive-devel +Requires: libreport-filesystem = %{version}-%{release} +Requires: satyr%{?_isa} >= 0.38 +Requires: glib2%{?_isa} >= %{glib_ver} +Requires: libarchive%{?_isa} + # Required for the temporary modularity hack, see below %if 0%{?_module_build} -BuildRequires: sed +BuildRequires: sed %endif +Obsoletes: %{name}-compat < 2.13.2 +Obsoletes: %{name}-plugin-rhtsupport < 2.13.2 +Obsoletes: %{name}-rhel < 2.13.2 + %description Libraries providing API for reporting different problems in applications to different bug targets like Bugzilla, ftp, trac, etc... %package filesystem -Summary: Filesystem layout for libreport -BuildArch: noarch +Summary: Filesystem layout for libreport +BuildArch: noarch %description filesystem Filesystem layout for libreport %package devel -Summary: Development libraries and headers for libreport -Requires: libreport = %{version}-%{release} +Summary: Development libraries and headers for libreport +Requires: libreport = %{version}-%{release} %description devel Development libraries and headers for libreport %package web -Summary: Library providing network API for libreport -Requires: libreport = %{version}-%{release} +Summary: Library providing network API for libreport +Requires: libreport = %{version}-%{release} %description web Library providing network API for libreport %package web-devel -Summary: Development headers for libreport-web -Requires: libreport-web = %{version}-%{release} +Summary: Development headers for libreport-web +Requires: libreport-web = %{version}-%{release} %description web-devel Development headers for libreport-web %package -n python3-libreport +Summary: Python 3 bindings for report-libs %if 0%{?_module_build} # This is required for F26 Boltron (the modular release) # Different parts of libreport are shipped with different @@ -96,63 +96,81 @@ Development headers for libreport-web # strict NVR dependency to make it work. Temporary and # limited to F26 Boltron. %global distfreerelease %(echo %{release}|sed 's/%{?dist}$//'||echo 0) -Requires: libreport >= %{version}-%{distfreerelease} +Requires: libreport >= %{version}-%{distfreerelease} %else -Requires: libreport = %{version}-%{release} +Requires: libreport = %{version}-%{release} %endif -Summary: Python 3 bindings for report-libs +Requires: python3-dnf +Requires: python3-requests +Requires: python3-urllib3 %{?python_provide:%python_provide python3-libreport} -Requires: python3-dnf %description -n python3-libreport Python 3 bindings for report-libs. %package cli -Summary: %{name}'s command line interface -Requires: %{name} = %{version}-%{release} +Summary: %{name}'s command line interface +Requires: %{name} = %{version}-%{release} %description cli This package contains simple command line tool for working with problem dump reports %package newt -Summary: %{name}'s newt interface -Requires: %{name} = %{version}-%{release} -Provides: report-newt = 0:0.23-1 -Obsoletes: report-newt < 0:0.23-1 +Summary: %{name}'s newt interface +Requires: %{name} = %{version}-%{release} +Provides: report-newt = 0:0.23-1 +Obsoletes: report-newt < 0:0.23-1 %description newt This package contains a simple newt application for reporting bugs +%package gtk +Summary: GTK front-end for libreport +Requires: libreport = %{version}-%{release} +Requires: libreport-plugin-reportuploader = %{version}-%{release} +Provides: report-gtk = 0:0.23-1 +Obsoletes: report-gtk < 0:0.23-1 + +%description gtk +Applications for reporting bugs using libreport backend + +%package gtk-devel +Summary: Development libraries and headers for libreport +Requires: libreport-gtk = %{version}-%{release} + +%description gtk-devel +Development libraries and headers for libreport-gtk + %package plugin-kerneloops -Summary: %{name}'s kerneloops reporter plugin -Requires: %{name} = %{version}-%{release} -Requires: curl -Requires: libreport-web = %{version}-%{release} +Summary: %{name}'s kerneloops reporter plugin +Requires: curl +Requires: %{name} = %{version}-%{release} +Requires: libreport-web = %{version}-%{release} %description plugin-kerneloops This package contains plugin which sends kernel crash information to specified server, usually to kerneloops.org. %package plugin-logger -Summary: %{name}'s logger reporter plugin -Requires: %{name} = %{version}-%{release} +Summary: %{name}'s logger reporter plugin +Requires: %{name} = %{version}-%{release} %description plugin-logger The simple reporter plugin which writes a report to a specified file. %package plugin-systemd-journal -Summary: %{name}'s systemd journal reporter plugin -Requires: %{name} = %{version}-%{release} +Summary: %{name}'s systemd journal reporter plugin +Requires: %{name} = %{version}-%{release} %description plugin-systemd-journal The simple reporter plugin which writes a report to the systemd journal. %package plugin-mailx -Summary: %{name}'s mailx reporter plugin -Requires: %{name} = %{version}-%{release} -Requires: mailx +Summary: %{name}'s mailx reporter plugin +Requires: %{name} = %{version}-%{release} +Requires: /usr/bin/mailx %description plugin-mailx The simple reporter plugin which sends a report via mailx to a specified @@ -160,123 +178,56 @@ email address. %if %{with bugzilla} %package plugin-bugzilla -Summary: %{name}'s bugzilla plugin -Requires: %{name} = %{version}-%{release} -Requires: libreport-web = %{version}-%{release} +Summary: %{name}'s bugzilla plugin +Requires: %{name} = %{version}-%{release} +Requires: libreport-web = %{version}-%{release} +Requires: python3-libreport = %{version}-%{release} %description plugin-bugzilla Plugin to report bugs into the bugzilla. %endif %package plugin-mantisbt -Summary: %{name}'s mantisbt plugin -Requires: %{name} = %{version}-%{release} -Requires: libreport-web = %{version}-%{release} +Summary: %{name}'s mantisbt plugin +Requires: %{name} = %{version}-%{release} +Requires: libreport-web = %{version}-%{release} %description plugin-mantisbt Plugin to report bugs into the mantisbt. %package centos -Summary: %{name}'s CentOS Bug Tracker workflow -Requires: %{name} = %{version}-%{release} -Requires: libreport-plugin-mantisbt = %{version}-%{release} -Requires: libreport-web = %{version}-%{release} +Summary: %{name}'s CentOS Bug Tracker workflow +Requires: %{name} = %{version}-%{release} +Requires: libreport-web = %{version}-%{release} +Requires: libreport-plugin-mantisbt = %{version}-%{release} %description centos Workflows to report issues into the CentOS Bug Tracker. %package plugin-ureport -Summary: %{name}'s micro report plugin -BuildRequires: %{libjson_devel} -Requires: %{name} = %{version}-%{release} -Requires: libreport-web = %{version}-%{release} -%if 0%{?rhel} -Requires: python3-subscription-manager-rhsm -%endif +Summary: %{name}'s micro report plugin +BuildRequires: %{libjson_devel} +Requires: %{name} = %{version}-%{release} +Requires: libreport-web = %{version}-%{release} %description plugin-ureport Uploads micro-report to abrt server -%package plugin-rhtsupport -Summary: %{name}'s RHTSupport plugin -Requires: %{name} = %{version}-%{release} -Requires: libreport-web = %{version}-%{release} - -%description plugin-rhtsupport -Plugin to report bugs into RH support system. - -%if %{with bugzilla} -%package compat -Summary: %{name}'s compat layer for obsoleted 'report' package -Requires: %{name}-plugin-bugzilla = %{version}-%{release} -Requires: %{name}-plugin-rhtsupport = %{version}-%{release} -Requires: libreport = %{version}-%{release} - -%description compat -Provides 'report' command-line tool. -%endif - %package plugin-reportuploader -Summary: %{name}'s reportuploader plugin -Requires: %{name} = %{version}-%{release} -Requires: libreport-web = %{version}-%{release} +Summary: %{name}'s reportuploader plugin +Requires: %{name} = %{version}-%{release} +Requires: libreport-web = %{version}-%{release} %description plugin-reportuploader Plugin to report bugs into anonymous FTP site associated with ticketing system. -%if 0%{?fedora} -%package fedora -Summary: Default configuration for reporting bugs via Fedora infrastructure -Requires: %{name} = %{version}-%{release} - -%description fedora -Default configuration for reporting bugs via Fedora infrastructure -used to easily configure the reporting process for Fedora systems. Just -install this package and you're done. -%endif - -%if 0%{?rhel} -%package rhel -Summary: Default configuration for reporting bugs via Red Hat infrastructure -Requires: %{name} = %{version}-%{release} -Requires: %{name}-plugin-ureport - -%description rhel -Default configuration for reporting bugs via Red Hat infrastructure -used to easily configure the reporting process for Red Hat systems. Just -install this package and you're done. - -%package rhel-bugzilla -Summary: Default configuration for reporting bugs to Red Hat Bugzilla -Requires: %{name} = %{version}-%{release} -Requires: libreport-plugin-bugzilla = %{version}-%{release} -Requires: libreport-plugin-ureport = %{version}-%{release} - -%description rhel-bugzilla -Default configuration for reporting bugs to Red Hat Bugzilla used to easily -configure the reporting process for Red Hat systems. Just install this package -and you're done. - -%package rhel-anaconda-bugzilla -Summary: Default configuration for reporting anaconda bugs to Red Hat Bugzilla -Requires: %{name} = %{version}-%{release} -Requires: libreport-plugin-bugzilla = %{version}-%{release} - -%description rhel-anaconda-bugzilla -Default configuration for reporting Anaconda problems to Red Hat Bugzilla used -to easily configure the reporting process for Red Hat systems. Just install this -package and you're done. -%endif - %if %{with bugzilla} %package anaconda -Summary: Default configuration for reporting anaconda bugs -Requires: %{name} = %{version}-%{release} -Requires: libreport-plugin-reportuploader = %{version}-%{release} -%if 0%{?rhel} -Requires: libreport-plugin-rhtsupport = %{version}-%{release} -%else -Requires: libreport-plugin-bugzilla = %{version}-%{release} +Summary: Default configuration for reporting anaconda bugs +Requires: %{name} = %{version}-%{release} +Requires: libreport-plugin-reportuploader = %{version}-%{release} +%if ! 0%{?rhel} || 0%{?eln} +Requires: libreport-plugin-bugzilla = %{version}-%{release} %endif %description anaconda @@ -285,29 +236,25 @@ data over ftp/scp... %endif %prep -%autosetup -S git +%autosetup -p1 %build -autoconf +./autogen.sh %configure \ %if %{without bugzilla} --without-bugzilla \ -%endif -%if 0%{?rhel} - --enable-import-rhtsupport-cert \ %endif --enable-doxygen-docs \ - --disable-silent-rules \ - --without-gtk + --disable-silent-rules %make_build %install %make_install \ %if %{with python3} - PYTHON=python3 \ -%endif # with python3 + PYTHON=%{__python3} \ +%endif mandir=%{_mandir} %find_lang %{name} @@ -331,8 +278,6 @@ mkdir -p %{buildroot}/%{_datadir}/%{name}/workflows/ # After everything is installed, remove info dir rm -f %{buildroot}/%{_infodir}/dir -# Remove unwanted Fedora specific workflow configuration files -%if 0%{!?fedora:1} rm -f %{buildroot}/%{_datadir}/libreport/workflows/workflow_FedoraCCpp.xml rm -f %{buildroot}/%{_datadir}/libreport/workflows/workflow_FedoraKerneloops.xml rm -f %{buildroot}/%{_datadir}/libreport/workflows/workflow_FedoraPython.xml @@ -345,10 +290,8 @@ rm -f %{buildroot}/%{_datadir}/libreport/workflows/workflow_FedoraJavaScript.xml rm -f %{buildroot}/%{_sysconfdir}/libreport/workflows.d/report_fedora.conf rm -f %{buildroot}%{_mandir}/man5/report_fedora.conf.5 rm -f %{buildroot}/%{_datadir}/libreport/workflows/workflow_AnacondaFedora.xml -%endif # Remove unwanted RHEL specific workflow configuration files -%if 0%{!?rhel:1} rm -f %{buildroot}/%{_datadir}/libreport/workflows/workflow_RHELCCpp.xml rm -f %{buildroot}/%{_datadir}/libreport/workflows/workflow_RHELKerneloops.xml rm -f %{buildroot}/%{_datadir}/libreport/workflows/workflow_RHELPython.xml @@ -383,34 +326,50 @@ rm -f %{buildroot}/%{_sysconfdir}/libreport/workflows.d/report_rhel_bugzilla.con rm -f %{buildroot}%{_mandir}/man5/report_rhel.conf.5 rm -f %{buildroot}%{_mandir}/man5/report_uReport.conf.5 rm -f %{buildroot}%{_mandir}/man5/report_rhel_bugzilla.conf.5 -%endif - -rm -f %{buildroot}%{_mandir}/man1/report-gtk.1 -rm -f %{buildroot}%{_mandir}/man5/forbidden_words.conf.5 -rm -f %{buildroot}%{_mandir}/man5/ignored_words.conf.5 %check -make check -check_result=$? -if [[ $check_result -ne 0 ]]; then +make check|| { # find and print the logs of failed test # do not cat tests/testsuite.log because it contains a lot of bloat find tests/testsuite.dir -name "testsuite.log" -print -exec cat '{}' \; -fi -[[ $check_result -eq 0 ]] + exit 1 +} %ldconfig_scriptlets %ldconfig_scriptlets web +%if 0%{?rhel} && 0%{?rhel} <= 7 +%post gtk +%{?ldconfig} +# update icon cache +touch --no-create %{_datadir}/icons/hicolor &>/dev/null || : + +%postun gtk +%{?ldconfig} +if [ $1 -eq 0 ] ; then + touch --no-create %{_datadir}/icons/hicolor &>/dev/null + gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : +fi + +%posttrans gtk +gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : + +%endif %files -f %{name}.lang %doc README.md %license COPYING %config(noreplace) %{_sysconfdir}/%{name}/libreport.conf %config(noreplace) %{_sysconfdir}/%{name}/report_event.conf +%config(noreplace) %{_sysconfdir}/%{name}/forbidden_words.conf +%config(noreplace) %{_sysconfdir}/%{name}/ignored_words.conf +%config(noreplace) %{_sysconfdir}/%{name}/ignored_elements.conf %{_datadir}/%{name}/conf.d/libreport.conf %{_libdir}/libreport.so.* %{_mandir}/man5/libreport.conf.5* %{_mandir}/man5/report_event.conf.5* +%{_mandir}/man5/forbidden_words.conf.5* +%{_mandir}/man5/ignored_words.conf.5* +%{_mandir}/man5/ignored_elements.conf.5* # filesystem package owns /usr/share/augeas/lenses directory %{_datadir}/augeas/lenses/libreport.aug @@ -441,6 +400,9 @@ fi %{_includedir}/libreport/file_obj.h %{_includedir}/libreport/config_item_info.h %{_includedir}/libreport/workflow.h +%{_includedir}/libreport/problem_details_widget.h +%{_includedir}/libreport/problem_details_dialog.h +%{_includedir}/libreport/problem_utils.h %{_includedir}/libreport/ureport.h %{_includedir}/libreport/reporters.h %{_includedir}/libreport/global_configuration.h @@ -472,6 +434,16 @@ fi %{_bindir}/report-newt %{_mandir}/man1/report-newt.1.gz +%files gtk +%{_bindir}/report-gtk +%{_libdir}/libreport-gtk.so.* +%{_mandir}/man1/report-gtk.1.gz + +%files gtk-devel +%{_libdir}/libreport-gtk.so +%{_includedir}/libreport/internal_libreport_gtk.h +%{_libdir}/pkgconfig/libreport-gtk.pc + %files plugin-kerneloops %{_datadir}/%{name}/events/report_Kerneloops.xml %{_mandir}/man*/reporter-kerneloops.* @@ -515,7 +487,7 @@ fi %{_mandir}/man1/reporter-ureport.1.gz %{_mandir}/man5/ureport.conf.5.gz %{_datadir}/%{name}/events/report_uReport.xml -%if 0%{?rhel} +%if 0%{?rhel} && ! 0%{?eln} %config(noreplace) %{_sysconfdir}/libreport/workflows.d/report_uReport.conf %{_datadir}/%{name}/workflows/workflow_uReport.xml %{_mandir}/man5/report_uReport.conf.5.* @@ -545,6 +517,8 @@ fi %{_mandir}/man5/bugzilla_formatdup_analyzer_libreport.conf.5.* %{_mandir}/man5/bugzilla_format_kernel.conf.5.* %{_bindir}/reporter-bugzilla +%{_bindir}/reporter-bugzilla-python + %endif %files plugin-mantisbt @@ -581,26 +555,6 @@ fi %config(noreplace) %{_sysconfdir}/libreport/events.d/centos_report_event.conf %{_mandir}/man5/centos_report_event.conf.5.gz -%files plugin-rhtsupport -%config(noreplace) %{_sysconfdir}/libreport/plugins/rhtsupport.conf -%{_datadir}/%{name}/conf.d/plugins/rhtsupport.conf -%{_datadir}/%{name}/events/report_RHTSupport.xml -%{_datadir}/%{name}/events/report_RHTSupport_AddData.xml -%if 0%{?rhel} -%attr(600,root,root)%{_sysconfdir}/%{name}/cert-api.access.redhat.com.pem -%endif -%config(noreplace) %{_sysconfdir}/libreport/events.d/rhtsupport_event.conf -%{_mandir}/man1/reporter-rhtsupport.1.gz -%{_mandir}/man5/rhtsupport.conf.5.* -%{_mandir}/man5/rhtsupport_event.conf.5.* -%{_bindir}/reporter-rhtsupport - -%if %{with bugzilla} -%files compat -%{_bindir}/report -%{_mandir}/man1/report.1.gz -%endif - %files plugin-reportuploader %{_mandir}/man*/reporter-upload.* %{_mandir}/man5/uploader_event.conf.5.* @@ -617,67 +571,10 @@ fi %config(noreplace) %{_sysconfdir}/libreport/events/report_Uploader.conf %{_mandir}/man5/report_Uploader.conf.5.* -%if 0%{?fedora} -%files fedora -%{_datadir}/%{name}/workflows/workflow_FedoraCCpp.xml -%{_datadir}/%{name}/workflows/workflow_FedoraKerneloops.xml -%{_datadir}/%{name}/workflows/workflow_FedoraPython.xml -%{_datadir}/%{name}/workflows/workflow_FedoraPython3.xml -%{_datadir}/%{name}/workflows/workflow_FedoraVmcore.xml -%{_datadir}/%{name}/workflows/workflow_FedoraXorg.xml -%{_datadir}/%{name}/workflows/workflow_FedoraLibreport.xml -%{_datadir}/%{name}/workflows/workflow_FedoraJava.xml -%{_datadir}/%{name}/workflows/workflow_FedoraJavaScript.xml -%config(noreplace) %{_sysconfdir}/libreport/workflows.d/report_fedora.conf -%{_mandir}/man5/report_fedora.conf.5.* -%endif - -%if 0%{?rhel} -%files rhel -%{_datadir}/%{name}/workflows/workflow_RHELCCpp.xml -%{_datadir}/%{name}/workflows/workflow_RHELKerneloops.xml -%{_datadir}/%{name}/workflows/workflow_RHELPython.xml -%{_datadir}/%{name}/workflows/workflow_RHELvmcore.xml -%{_datadir}/%{name}/workflows/workflow_RHELxorg.xml -%{_datadir}/%{name}/workflows/workflow_RHELLibreport.xml -%{_datadir}/%{name}/workflows/workflow_RHELJava.xml -%{_datadir}/%{name}/workflows/workflow_RHELJavaScript.xml -%{_datadir}/%{name}/workflows/workflow_RHELAddDataCCpp.xml -%{_datadir}/%{name}/workflows/workflow_RHELAddDataJava.xml -%{_datadir}/%{name}/workflows/workflow_RHELAddDataKerneloops.xml -%{_datadir}/%{name}/workflows/workflow_RHELAddDataLibreport.xml -%{_datadir}/%{name}/workflows/workflow_RHELAddDataPython.xml -%{_datadir}/%{name}/workflows/workflow_RHELAddDatavmcore.xml -%{_datadir}/%{name}/workflows/workflow_RHELAddDataxorg.xml -%{_datadir}/%{name}/workflows/workflow_RHELAddDataJavaScript.xml -%config(noreplace) %{_sysconfdir}/libreport/workflows.d/report_rhel.conf -%config(noreplace) %{_sysconfdir}/libreport/workflows.d/report_rhel_add_data.conf -%{_mandir}/man5/report_rhel.conf.5.* - -%files rhel-bugzilla -%{_datadir}/%{name}/workflows/workflow_RHELBugzillaCCpp.xml -%{_datadir}/%{name}/workflows/workflow_RHELBugzillaKerneloops.xml -%{_datadir}/%{name}/workflows/workflow_RHELBugzillaPython.xml -%{_datadir}/%{name}/workflows/workflow_RHELBugzillaVmcore.xml -%{_datadir}/%{name}/workflows/workflow_RHELBugzillaXorg.xml -%{_datadir}/%{name}/workflows/workflow_RHELBugzillaLibreport.xml -%{_datadir}/%{name}/workflows/workflow_RHELBugzillaJava.xml -%{_datadir}/%{name}/workflows/workflow_RHELBugzillaJavaScript.xml -%config(noreplace) %{_sysconfdir}/libreport/workflows.d/report_rhel_bugzilla.conf -%{_mandir}/man5/report_rhel_bugzilla.conf.5.* - -%files rhel-anaconda-bugzilla -%{_datadir}/%{name}/workflows/workflow_AnacondaRHELBugzilla.xml -%endif %if %{with bugzilla} + %files anaconda -%if 0%{?fedora} -%{_datadir}/%{name}/workflows/workflow_AnacondaFedora.xml -%endif -%if 0%{?rhel} -%{_datadir}/%{name}/workflows/workflow_AnacondaRHEL.xml -%endif %{_datadir}/%{name}/workflows/workflow_AnacondaUpload.xml %config(noreplace) %{_sysconfdir}/libreport/workflows.d/anaconda_event.conf %config(noreplace) %{_sysconfdir}/libreport/events.d/bugzilla_anaconda_event.conf @@ -690,6 +587,10 @@ fi %endif %changelog +* Thu Nov 28 2024 Sumit Jena - 2.17.15-1 +- Update to version 2.17.15 +- License verified. + * Tue Dec 20 2022 Muhammad Falak - 2.13.1-9 - License verified diff --git a/SPECS-EXTENDED/mod_auth_openidc/mod_auth_openidc.spec b/SPECS-EXTENDED/mod_auth_openidc/mod_auth_openidc.spec index 6a9007e296d..7d9509d0b65 100644 --- a/SPECS-EXTENDED/mod_auth_openidc/mod_auth_openidc.spec +++ b/SPECS-EXTENDED/mod_auth_openidc/mod_auth_openidc.spec @@ -13,7 +13,7 @@ Summary: OpenID Connect auth module for Apache HTTP Server Name: mod_auth_openidc Version: 2.4.14.2 -Release: 1%{?dist} +Release: 2%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -30,7 +30,7 @@ BuildRequires: httpd-devel BuildRequires: jansson-devel BuildRequires: jq-devel BuildRequires: openssl-devel -BuildRequires: pcre-devel +BuildRequires: pcre2-devel Requires: httpd-mmn %description @@ -87,6 +87,9 @@ install -m 700 -d %{buildroot}%{httpd_pkg_cache_dir}/cache %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/cache %changelog +* Thu Jan 08 2026 Aditya Singh - 2.4.14.2-2 +- Bump to rebuild with updated pcre2. + * Tue Sep 05 2023 Archana Choudhary - 2.4.14.2-1 - Upgrade to 2.4.14.2 - CVE-2021-20718, CVE-2021-39191, CVE-2022-23527, CVE-2023-28625 - Add DESTDIR to resolve mod_auth_openidc.so filepath diff --git a/SPECS-EXTENDED/python-debtcollector/0x2ef3fe0ec2b075ab7458b5f8b702b20b13df2318.txt b/SPECS-EXTENDED/python-debtcollector/0x2ef3fe0ec2b075ab7458b5f8b702b20b13df2318.txt new file mode 100644 index 00000000000..3621be055e1 --- /dev/null +++ b/SPECS-EXTENDED/python-debtcollector/0x2ef3fe0ec2b075ab7458b5f8b702b20b13df2318.txt @@ -0,0 +1,45 @@ +pub ed25519/0xB702B20B13DF2318 2023-09-29 [SC] [expires: 2024-06-25] + Key fingerprint = 2EF3 FE0E C2B0 75AB 7458 B5F8 B702 B20B 13DF 2318 +uid OpenStack Infra (2024.1/Caracal Cycle) +sig 3 0xB702B20B13DF2318 2023-09-29 OpenStack Infra (2024.1/Caracal Cycle) +sig 0xCC0DFE2D21C023C9 2023-09-29 OpenStack Infra (2023.2/Bobcat Cycle) +sig 0x48F9961143495829 2023-09-29 Jeremy Stanley +sub cv25519/0x4F5DA9D1088748F6 2023-09-29 [E] [expires: 2024-06-25] +sig 0xB702B20B13DF2318 2023-09-29 OpenStack Infra (2024.1/Caracal Cycle) +sub ed25519/0x7A1014352C3D5B21 2023-09-29 [S] +sig 0xB702B20B13DF2318 2023-09-29 OpenStack Infra (2024.1/Caracal Cycle) + +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEZRbQahYJKwYBBAHaRw8BAQdAdlyc51z1dob7/74iQk2wS5qOo+Y8e2fKK52N +5MBISga0QU9wZW5TdGFjayBJbmZyYSAoMjAyNC4xL0NhcmFjYWwgQ3ljbGUpIDxp +bmZyYS1yb290QG9wZW5zdGFjay5vcmc+iJYEExYIAD4WIQQu8/4OwrB1q3RYtfi3 +ArILE98jGAUCZRbQagIbAwUJAWP1AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAK +CRC3ArILE98jGBFRAPoD6AIGsIElTS4YD9Ge4CvkAqYScnJX1f0fwB42jh8qUQEA +g5uBeIiITboxJJ2sAp7BFglmI9qlIA8oXcH5JxWn3AyIdQQQFggAHRYhBIFa/scp +OSOGSA4HbcwN/i0hwCPJBQJlFtFxAAoJEMwN/i0hwCPJq2wA/3oE/e6NW708CSHn +xVzibsKyGXGBvTUodrEeuH+X7wq8AP9da5TeEBTTF4NroTUhcAYiF/zy9JfuXgBR +yxPAPkRuCokCMwQQAQoAHRYhBJeuSW/ALeyfw1Oy50j5lhFDSVgpBQJlFtkkAAoJ +EEj5lhFDSVgpQZ8P/3iFup9THezUYtlRJ1Vc8XQCQ76dp51qaRIQrEcDDhcbLe+8 +AMCORms/o002ZmuQGQpWniNF4e8Yk7aUKyDNOqJTXYGGbL9GGJ7scuhlgxkvxp43 +ifrFBNkcZA6bUQLmzcTygNAPeWt9nX+asoHohTeX+ulbFIkGIRMg79ycQg0uotYu +UPii98t2cZWdWAlQCznMd8/KQLkiJIX6ENNu7ogpH8HFBLG4+jx5j89cEg1I8HJc +Siz8OFYukYSXBJjpqGtFrz443q+VDC0EmBuflGSY5WHoWSMGguvw3XKsKEEKKqlM +Pj6PY8R/Jn6yaHaSFGwJ0gLbSBDT0gpdXqtMRhcqd0FADUde4Vyikg4yKz8jt0yq +3JCMGWUgMT3lgjK2HDGrSOwMfUf6nCE2+1YgrZzDRMEuBRB21Wl5NZi4zxIly+JQ +SUtZxPHaYWHBFFh8KGU3usRunTj9BFif5cKelMPz4VgN6l8DQdL9c1SBxzE/J5M6 +4okpRTl5M8OjPPbH9saiTJtHQW5u41saWRHa3MOIDDGeUfE4vK+BQxFcGnzY/e30 +QR5GefNg2g5Wvgvxnt4cAibm5eM6++GoUEXQLVjnqSQ25/PYnJpIR0z5kOsI3GmJ +qsM/9O2fvddK7c8rPQASRIEJq9isZqkeSH2sjmEuW1aq59J2F2jglv/tzHGRuDgE +ZRbQahIKKwYBBAGXVQEFAQEHQMbvqwwqOivFt2vYoNCctSgvADuUs7thWQlGANPu +K4l5AwEIB4h+BBgWCAAmFiEELvP+DsKwdat0WLX4twKyCxPfIxgFAmUW0GoCGwwF +CQFj9QAACgkQtwKyCxPfIxi6iwD/coi4ZSSgqXWInRfnSERFL00F2pWVi5y6BGvs +jyWkiV0A/35kndSvYkC+EiZ7TDnWXQIByEcqYKJm6+CEhKdLuB4HuDMEZRbREBYJ +KwYBBAHaRw8BAQdA+Cg/MCVfg7hppQbogWXwDIGLmmMDK+k2yDrnXKY4tWCI7wQY +FggAIBYhBC7z/g7CsHWrdFi1+LcCsgsT3yMYBQJlFtEQAhsCAIEJELcCsgsT3yMY +diAEGRYIAB0WIQSNoB+ORY98QEADfvJ6EBQ1LD1bIQUCZRbREAAKCRB6EBQ1LD1b +IUGNAPwK9JB4ipZQ12YSe+Bpa4N46wF10AaOhvZkR0Ucdf03gQD/UPQ1zNTV/BMw +LSfyNXao5aUX3uz+z66ESNcLhHEcFQo4fAEAoby1BGLxBos0hVwg48fj4vPsEP45 +lE9fHjXo74+OHVwBAO8lAhJslw+KHHVS+lcTTfS/nMk0pPzWl3SMLBjiD6kH +=7Dhm +-----END PGP PUBLIC KEY BLOCK----- diff --git a/SPECS-EXTENDED/python-debtcollector/debtcollector-3.0.0.tar.gz.asc b/SPECS-EXTENDED/python-debtcollector/debtcollector-3.0.0.tar.gz.asc new file mode 100644 index 00000000000..1ada1445fa2 --- /dev/null +++ b/SPECS-EXTENDED/python-debtcollector/debtcollector-3.0.0.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- + +iHQEABYIAB0WIQSNoB+ORY98QEADfvJ6EBQ1LD1bIQUCZddqlgAKCRB6EBQ1LD1b +Ie6gAQDHIWhuyB9qB0Cu7YOYPBlm4hdrkmlPGj13lw4FyQz5OAD4wXtrWFpFBeFF +55uuPCnfWgW4PdtKqeK/DKuBBagFDw== +=mmVk +-----END PGP SIGNATURE----- diff --git a/SPECS-EXTENDED/python-debtcollector/python-debtcollector.signatures.json b/SPECS-EXTENDED/python-debtcollector/python-debtcollector.signatures.json index cdac8651db0..ac1953533e2 100644 --- a/SPECS-EXTENDED/python-debtcollector/python-debtcollector.signatures.json +++ b/SPECS-EXTENDED/python-debtcollector/python-debtcollector.signatures.json @@ -1,5 +1,7 @@ { "Signatures": { - "python-debtcollector-1.22.0.tar.gz": "d1756440d25a50e3eca2fc399c9e5f1ca2f9e6b837570a80b9450999f4290525" + "0x2ef3fe0ec2b075ab7458b5f8b702b20b13df2318.txt": "a4f619daa6f2f0d47c611fabc489cf634e55d2386bb4f92d2929d2c8aafef53e", + "debtcollector-3.0.0.tar.gz": "2a8917d25b0e1f1d0d365d3c1c6ecfc7a522b1e9716e8a1a4a915126f7ccea6f", + "debtcollector-3.0.0.tar.gz.asc": "38e46360865e6584be6ed0745b292ab2a8457bd65ad2d53b39ad4496962232f9" } -} +} \ No newline at end of file diff --git a/SPECS-EXTENDED/python-debtcollector/python-debtcollector.spec b/SPECS-EXTENDED/python-debtcollector/python-debtcollector.spec index f6fb2fc7f50..556fb0cc99e 100644 --- a/SPECS-EXTENDED/python-debtcollector/python-debtcollector.spec +++ b/SPECS-EXTENDED/python-debtcollector/python-debtcollector.spec @@ -1,14 +1,12 @@ Vendor: Microsoft Corporation Distribution: Azure Linux -# Macros for py2/py3 compatibility -%global pyver %{python3_pkgversion} -%global pyver_bin python%{pyver} -%global pyver_sitelib %{expand:%{python%{pyver}_sitelib}} -%global pyver_install %{expand:%{py%{pyver}_install}} -%global pyver_build %{expand:%{py%{pyver}_build}} -# End of macros for py2/py3 compatibility + +%{!?sources_gpg: %{!?dlrn:%global sources_gpg 1} } +%global sources_gpg_sign 0x2ef3fe0ec2b075ab7458b5f8b702b20b13df2318 %{!?upstream_version: %global upstream_version %{version}%{?milestone}} +# we are excluding some BRs from automatic generator +%global excluded_brs doc8 bandit pre-commit hacking flake8-import-order %global pypi_name debtcollector %global with_doc 1 @@ -21,35 +19,55 @@ It is a collection of functions/decorators which is used to signal a user when \ * further customizing the emitted messages Name: python-%{pypi_name} -Version: 1.22.0 -Release: 4%{?dist} +Version: 3.0.0 +Release: 10%{?dist} Summary: A collection of Python deprecation patterns and strategies -License: ASL 2.0 +License: Apache-2.0 URL: https://pypi.python.org/pypi/%{pypi_name} -Source0: https://tarballs.openstack.org/%{pypi_name}/%{pypi_name}-%{upstream_version}.tar.gz#/python-%{pypi_name}-%{upstream_version}.tar.gz +Source0: https://tarballs.openstack.org/%{pypi_name}/%{pypi_name}-%{upstream_version}.tar.gz +# Required for tarball sources verification +%if 0%{?sources_gpg} == 1 +Source101: https://tarballs.openstack.org/%{pypi_name}/%{pypi_name}-%{upstream_version}.tar.gz.asc +Source102: https://releases.openstack.org/_static/%{sources_gpg_sign}.txt +%endif + +BuildRequires: python-pip +BuildRequires: python-pbr +BuildRequires: python-wheel +BuildRequires: python-setuptools +BuildRequires: python3-pytest +BuildRequires: python-dulwich +BuildRequires: python-openstackdocstheme +BuildRequires: python-toml +BuildRequires: python-tox +BuildRequires: python-wrapt +BuildRequires: python-extras +BuildRequires: python-sphinx +BuildRequires: python-tox-current-env +BuildRequires: python-virtualenv +BuildRequires: python3-testtools +BuildRequires: python3-fixtures BuildArch: noarch -BuildRequires: git +# Required for tarball sources verification +%if 0%{?sources_gpg} == 1 +BuildRequires: /usr/bin/gpgv2 +%endif + +BuildRequires: git-core %description %{common_desc} -%package -n python%{pyver}-%{pypi_name} +%package -n python3-%{pypi_name} Summary: A collection of Python deprecation patterns and strategies -%{?python_provide:%python_provide python%{pyver}-%{pypi_name}} -BuildRequires: python%{pyver}-devel -BuildRequires: python%{pyver}-setuptools -BuildRequires: python%{pyver}-pbr +BuildRequires: python3-devel +BuildRequires: pyproject-rpm-macros -Requires: python%{pyver}-funcsigs -Requires: python%{pyver}-pbr -Requires: python%{pyver}-six -Requires: python%{pyver}-wrapt - -%description -n python%{pyver}-%{pypi_name} +%description -n python3-%{pypi_name} %{common_desc} @@ -57,42 +75,53 @@ Requires: python%{pyver}-wrapt %package -n python-%{pypi_name}-doc Summary: Documentation for the debtcollector module -BuildRequires: python%{pyver}-sphinx -BuildRequires: python%{pyver}-openstackdocstheme -BuildRequires: python%{pyver}-fixtures -BuildRequires: python%{pyver}-six -BuildRequires: python%{pyver}-wrapt - %description -n python-%{pypi_name}-doc Documentation for the debtcollector module %endif - %prep +# Required for tarball sources verification +%if 0%{?sources_gpg} == 1 +%{gpgverify} --keyring=%{SOURCE102} --signature=%{SOURCE101} --data=%{SOURCE0} +%endif %autosetup -n %{pypi_name}-%{upstream_version} -S git -# let RPM handle deps -rm -rf *requirements.txt + +sed -i /^[[:space:]]*-c{env:.*_CONSTRAINTS_FILE.*/d tox.ini +sed -i "s/^deps = -c{env:.*_CONSTRAINTS_FILE.*/deps =/" tox.ini +sed -i /^minversion.*/d tox.ini +sed -i /^requires.*virtualenv.*/d tox.ini + +# Exclude some bad-known BRs +for pkg in %{excluded_brs};do + for reqfile in doc/requirements.txt test-requirements.txt; do + if [ -f $reqfile ]; then + sed -i /^${pkg}.*/d $reqfile + fi + done +done %build -%{pyver_build} +%pyproject_wheel + +%install +%pyproject_install %if 0%{?with_doc} # doc -%{pyver_bin} setup.py build_sphinx -b html +PYTHONPATH="%{buildroot}/%{python3_sitelib}" +%tox -e docs # Fix hidden-file-or-dir warnings -rm -fr doc/build/html/.buildinfo +rm -fr doc/build/html/.{doctrees,buildinfo} +rm -f doc/build/html/_static/images/docs/license.png %endif -%install -%{pyver_install} - -%files -n python%{pyver}-%{pypi_name} +%files -n python3-%{pypi_name} %doc README.rst CONTRIBUTING.rst %license LICENSE -%{pyver_sitelib}/%{pypi_name} -%{pyver_sitelib}/%{pypi_name}*.egg-info -%exclude %{pyver_sitelib}/%{pypi_name}/tests +%{python3_sitelib}/%{pypi_name} +%{python3_sitelib}/%{pypi_name}*.dist-info +%exclude %{python3_sitelib}/%{pypi_name}/tests %if 0%{?with_doc} %files -n python-%{pypi_name}-doc @@ -101,6 +130,10 @@ rm -fr doc/build/html/.buildinfo %endif %changelog +* Fri Jan 09 2026 Durga Jagadeesh Palli - 3.0.0-10 +- Upgrade to 3.0.0 (Reference: Fedora 44) +- License verified + * Fri Oct 15 2021 Pawel Winogrodzki - 1.22.0-4 - Initial CBL-Mariner import from Fedora 32 (license: MIT). @@ -121,4 +154,3 @@ rm -fr doc/build/html/.buildinfo * Fri Mar 08 2019 RDO 1.21.0-1 - Update to 1.21.0 - diff --git a/SPECS-EXTENDED/python-openstackdocstheme/python-openstackdocstheme.spec b/SPECS-EXTENDED/python-openstackdocstheme/python-openstackdocstheme.spec index a28628741cb..b1dcc700bf3 100644 --- a/SPECS-EXTENDED/python-openstackdocstheme/python-openstackdocstheme.spec +++ b/SPECS-EXTENDED/python-openstackdocstheme/python-openstackdocstheme.spec @@ -70,6 +70,7 @@ export PYTHONPATH=. sphinx-build -b html doc/source doc/build/html # remove the sphinx-build leftovers rm -rf html/.{doctrees,buildinfo} +rm -f doc/build/html/_static/images/docs/license.png %install %pyproject_install diff --git a/SPECS-EXTENDED/python-oslo-i18n/python-oslo-i18n.signatures.json b/SPECS-EXTENDED/python-oslo-i18n/python-oslo-i18n.signatures.json index 49f15dad773..f9ff3a0301b 100644 --- a/SPECS-EXTENDED/python-oslo-i18n/python-oslo-i18n.signatures.json +++ b/SPECS-EXTENDED/python-oslo-i18n/python-oslo-i18n.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "python-oslo-i18n-5.1.0.tar.gz": "6bf111a6357d5449640852de4640eae4159b5562bbba4c90febb0034abc095d0" + "python-oslo-i18n-6.7.1.tar.gz": "7dc879089056fe287a6fb46fa2e73ad88f8d4b989bd63f00486f494435b24ced" } } diff --git a/SPECS-EXTENDED/python-oslo-i18n/python-oslo-i18n.spec b/SPECS-EXTENDED/python-oslo-i18n/python-oslo-i18n.spec index 4d8d52943f4..8daac5b154e 100644 --- a/SPECS-EXTENDED/python-oslo-i18n/python-oslo-i18n.spec +++ b/SPECS-EXTENDED/python-oslo-i18n/python-oslo-i18n.spec @@ -1,38 +1,53 @@ -%global pypi_name oslo.i18n -%global pkg_name oslo-i18n -%global with_doc 0 +%{!?upstream_version: %global upstream_version %{version}%{?milestone}} +%global pypi_name oslo_i18n +%global pkg_name oslo_i18n +%global with_doc 1 + %global common_desc \ The oslo.i18n library contain utilities for working with internationalization \ (i18n) features, especially translation for text strings in an application \ or library. -Summary: OpenStack i18n library + Name: python-oslo-i18n -Version: 5.1.0 -Release: 4%{?dist} -License: ASL 2.0 +Version: 6.7.1 +Release: 2%{?dist} +Summary: OpenStack i18n library +License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Azure Linux URL: https://github.com/openstack/%{pypi_name} -Source0: https://tarballs.openstack.org/%{pypi_name}/%{pypi_name}-%{version}.tar.gz#/%{name}-%{version}.tar.gz -BuildRequires: git-core +Source0: https://files.pythonhosted.org/packages/source/o/%{pypi_name}/%{pypi_name}-%{upstream_version}.tar.gz#/%{name}-%{version}.tar.gz + BuildArch: noarch +BuildRequires: git-core + %description %{common_desc} %package -n python3-%{pkg_name} -%{?python_provide:%python_provide python3-%{pkg_name}} Summary: OpenStack i18n Python 2 library + BuildRequires: python3-devel +BuildRequires: pyproject-rpm-macros BuildRequires: python3-setuptools BuildRequires: python3-pbr BuildRequires: python3-babel BuildRequires: python3-six BuildRequires: python3-fixtures -# Required to compile translation files +BuildRequires: python3-tox +BuildRequires: python3-pluggy +BuildRequires: python3-py +BuildRequires: python3-toml +BuildRequires: python3-openstackdocstheme +BuildRequires: python3-dulwich +BuildRequires: python3-tox-current-env +BuildRequires: python3-filelock +BuildRequires: python3-pip BuildRequires: python3-babel +BuildRequires: python3-wheel +BuildRequires: python3-sphinxcontrib-apidoc Requires: python-%{pkg_name}-lang = %{version}-%{release} -Requires: python3-pbr >= 2.0.0 %description -n python3-%{pkg_name} %{common_desc} @@ -40,50 +55,69 @@ Requires: python3-pbr >= 2.0.0 %if 0%{?with_doc} %package -n python-%{pkg_name}-doc Summary: Documentation for OpenStack i18n library -BuildRequires: python3-sphinx -BuildRequires: python3-openstackdocstheme -BuildRequires: python3-sphinxcontrib-apidoc %description -n python-%{pkg_name}-doc Documentation for the oslo.i18n library. %endif %package -n python-%{pkg_name}-lang -Summary: Translation files for Oslo i18n library +Summary: Translation files for Oslo i18n library %description -n python-%{pkg_name}-lang Translation files for Oslo i18n library %prep -%autosetup -n %{pypi_name}-%{version} -rm -rf *.egg-info +%autosetup -n %{pypi_name}-%{upstream_version} -S git -# Let RPM handle the dependencies -rm -rf *requirements.txt -%build -%py3_build +sed -i /^[[:space:]]*-c{env:.*_CONSTRAINTS_FILE.*/d tox.ini +sed -i "s/^deps = -c{env:.*_CONSTRAINTS_FILE.*/deps =/" tox.ini +sed -i /^minversion.*/d tox.ini +sed -i /^requires.*virtualenv.*/d tox.ini -# Generate i18n files -python3 setup.py compile_catalog -d oslo_i18n/locale --domain oslo_i18n +# Exclude some bad-known BRs +for pkg in %{excluded_brs}; do + for reqfile in doc/requirements.txt test-requirements.txt; do + if [ -f $reqfile ]; then + sed -i /^${pkg}.*/d $reqfile + fi + done +done + +# Automatic BR generation +%generate_buildrequires +%if 0%{?with_doc} + %pyproject_buildrequires -t -e docs +%else + %pyproject_buildrequires +%endif + +%build +%pyproject_wheel %install -%py3_install +%pyproject_install %if 0%{?with_doc} -python3 setup.py build_sphinx --build-dir . -b html +%tox -e docs # remove the sphinx-build-3 leftovers -rm -rf html/.{doctrees,buildinfo} +rm -rf doc/build/html/.{doctrees,buildinfo} +rm -f doc/build/html/_static/images/docs/license.png # Fix this rpmlint warning +if [ -f html/_static/jquery.js ]; then sed -i "s|\r||g" html/_static/jquery.js +fi %endif +# Generate i18n files +python3 setup.py compile_catalog -d %{buildroot}%{python3_sitelib}/oslo_i18n/locale --domain oslo_i18n + # Install i18n .mo files (.po and .pot are not required) install -d -m 755 %{buildroot}%{_datadir} -rm -f oslo_i18n/locale/*/LC_*/oslo_i18n*po -rm -f oslo_i18n/locale/*pot -mv oslo_i18n/locale %{buildroot}%{_datadir}/locale +rm -f %{buildroot}%{python3_sitelib}/oslo_i18n/locale/*/LC_*/oslo_i18n*po +rm -f %{buildroot}%{python3_sitelib}/oslo_i18n/locale/*pot +mv %{buildroot}%{python3_sitelib}/oslo_i18n/locale %{buildroot}%{_datadir}/locale # Find language files %find_lang oslo_i18n --all-name @@ -92,21 +126,84 @@ mv oslo_i18n/locale %{buildroot}%{_datadir}/locale %doc ChangeLog CONTRIBUTING.rst PKG-INFO README.rst %license LICENSE %{python3_sitelib}/oslo_i18n -%{python3_sitelib}/*.egg-info +%{python3_sitelib}/*.dist-info %if 0%{?with_doc} %files -n python-%{pkg_name}-doc %license LICENSE -%doc html +%doc doc/build/html %endif %files -n python-%{pkg_name}-lang -f oslo_i18n.lang %license LICENSE %changelog -* Wed Mar 08 2023 Sumedh Sharma - 5.1.0-4 -- Initial CBL-Mariner import from Fedora 37 (license: MIT) -- license verified +* Mon Dec 22 2025 Archana Shettigar - 6.7.1-2 +- Initial Azure Linux import from Fedora 44 (license: MIT) +- License verified + +* Thu Nov 20 2025 Gwyn Ciesla - 6.7.1-1 +- 6.7.1 + +* Thu Nov 13 2025 Gwyn Ciesla - 6.7.0-1 +- 6.7.0 + +* Fri Sep 19 2025 Python Maint - 6.4.0-7 +- Rebuilt for Python 3.14.0rc3 bytecode + +* Fri Aug 15 2025 Python Maint - 6.4.0-6 +- Rebuilt for Python 3.14.0rc2 bytecode + +* Fri Jul 25 2025 Fedora Release Engineering - 6.4.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Tue Jun 03 2025 Python Maint - 6.4.0-4 +- Rebuilt for Python 3.14 + +* Mon Jun 02 2025 Python Maint - 6.4.0-3 +- Bootstrap for Python 3.14 + +* Sat Jan 18 2025 Fedora Release Engineering - 6.4.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Mon Oct 07 2024 Joel Capitao 6.4.0-1 +- Update to upstream version 6.4.0 + +* Fri Jul 19 2024 Fedora Release Engineering - 6.3.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Mon Jun 10 2024 Python Maint - 6.3.0-4 +- Rebuilt for Python 3.13 + +* Fri Jun 07 2024 Python Maint - 6.3.0-3 +- Bootstrap for Python 3.13 + +* Mon May 06 2024 Alfredo Moralejo 6.3.0-2 +- Update to upstream version 6.3.0 + +* Fri Jan 26 2024 Fedora Release Engineering - 6.1.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Jan 22 2024 Fedora Release Engineering - 6.1.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Oct 25 2023 Alfredo Moralejo 6.1.0-1 +- Update to upstream version 6.1.0 + +* Fri Jul 21 2023 Fedora Release Engineering - 6.0.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Jun 15 2023 Python Maint - 6.0.0-3 +- Rebuilt for Python 3.12 + +* Wed Apr 19 2023 Karolina Kula 6.0.0-2 +- Update to upstream version 6.0.0 + +* Thu Apr 13 2023 Alfredo Moralejo - 5.1.0-5 +- Fixed compatibility with sphinx >= 6.0 + +* Fri Jan 20 2023 Fedora Release Engineering - 5.1.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Fri Jul 22 2022 Fedora Release Engineering - 5.1.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild @@ -158,3 +255,4 @@ mv oslo_i18n/locale %{buildroot}%{_datadir}/locale * Fri Mar 08 2019 RDO 3.23.1-1 - Update to 3.23.1 + diff --git a/SPECS-EXTENDED/ripgrep/ripgrep.spec b/SPECS-EXTENDED/ripgrep/ripgrep.spec index 339b08380a8..15db81037ed 100644 --- a/SPECS-EXTENDED/ripgrep/ripgrep.spec +++ b/SPECS-EXTENDED/ripgrep/ripgrep.spec @@ -20,7 +20,7 @@ Name: ripgrep Version: 13.0.0 -Release: 10%{?dist} +Release: 11%{?dist} Summary: A search tool that combines ag with grep License: MIT AND Unlicense Vendor: Microsoft Corporation @@ -104,6 +104,9 @@ install -Dm 644 complete/_rg %{buildroot}%{_datadir}/zsh/site-functions/_rg %{_datadir}/zsh %changelog +* Wed Oct 15 2025 Kavya Sree Kaitepalli - 13.0.0-11 +- Bump release to rebuild with rust + * Fri Aug 08 2025 Azure Linux Security Servicing Account - 13.0.0-10 - Bump release to rebuild with rust diff --git a/SPECS-EXTENDED/rust-cbindgen/rust-cbindgen.spec b/SPECS-EXTENDED/rust-cbindgen/rust-cbindgen.spec index 467f2c777c7..06c237c8ef8 100644 --- a/SPECS-EXTENDED/rust-cbindgen/rust-cbindgen.spec +++ b/SPECS-EXTENDED/rust-cbindgen/rust-cbindgen.spec @@ -2,7 +2,7 @@ Summary: Tool for generating C bindings to Rust code Name: rust-cbindgen Version: 0.24.3 -Release: 6%{?dist} +Release: 7%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Azure Linux @@ -96,6 +96,9 @@ RUSTFLAGS=%{rustflags} cargo test --release %endif %changelog +* Wed Oct 15 2025 Kavya Sree Kaitepalli - 0.24.3-7 +- Bump release to rebuild with rust + * Fri Aug 08 2025 Azure Linux Security Servicing Account - 0.24.3-6 - Bump release to rebuild with rust diff --git a/SPECS-EXTENDED/suitesparse/suitesparse.signatures.json b/SPECS-EXTENDED/suitesparse/suitesparse.signatures.json index 1fab5c4eeb4..2f949f40150 100644 --- a/SPECS-EXTENDED/suitesparse/suitesparse.signatures.json +++ b/SPECS-EXTENDED/suitesparse/suitesparse.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "SuiteSparse-5.4.0.tar.gz": "374dd136696c653e34ef3212dc8ab5b61d9a67a6791d5ec4841efb838e94dbd1" + "suitesparse-7.11.0.tar.gz": "93ed4c4e546a49fc75884c3a8b807d5af4a91e39d191fbbc60a07380b12a35d1" } -} +} \ No newline at end of file diff --git a/SPECS-EXTENDED/suitesparse/suitesparse.spec b/SPECS-EXTENDED/suitesparse/suitesparse.spec index 2588b412dfe..3cd09a49578 100644 --- a/SPECS-EXTENDED/suitesparse/suitesparse.spec +++ b/SPECS-EXTENDED/suitesparse/suitesparse.spec @@ -1,38 +1,112 @@ -%global amd_version_major 2 -%global btf_version_major 1 -%global camd_version_major 2 -%global ccolamd_version_major 2 -%global cholmod_version_major 3 -%global colamd_version_major 2 -%global csparse_version_major 3 -%global cxsparse_version_major 3 -%global klu_version_major 1 -%global ldl_version_major 2 -%global rbio_version_major 2 -%global spqr_version_major 2 -%global SuiteSparse_config_major 5 -%global umfpack_version_major 5 +%global amd_version_major 3 +%global btf_version_major 2 +%global camd_version_major 3 +%global ccolamd_version_major 3 +%global cholmod_version_major 5 +%global colamd_version_major 3 +%global csparse_version_major 4 +%global cxsparse_version_major 4 +%global gpuqrengine_version_major 3 +%global graphblas_version_major 10 +%global klu_cholmod_version_major 2 +%global klu_version_major 2 +%global lagraph_version_major 1 +%global lagraphx_version_major 1 +%global ldl_version_major 3 +%global paru_version_major 1 +%global rbio_version_major 4 +%global spex_version_major 3 +%global spqr_version_major 4 +%global SuiteSparse_config_major 7 +%global SuiteSparse_gpuruntime_major 3 +%global SuiteSparse_metis_major 5 +%global umfpack_version_major 6 + ### CXSparse is a superset of CSparse, and the two share common header ### names, so it does not make sense to build both. CXSparse is built ### by default, but CSparse can be built instead by defining ### enable_csparse as 1 below. %global enable_csparse 0 -Summary: A collection of sparse matrix libraries +# Whether to build a separate version of libraries linked against an ILP64 BLAS +%if 0%{?__isa_bits} == 64 +%global build64 1 +%endif + +%global suitesparse_builds SuiteSparse %{?build64:SuiteSparse64 SuiteSparse64_} + +%global blaslib openblas + +# SuiteSparse uses a modified version of metis, so use it +%bcond_with system_metis + +%global commit 6ab1e9eb9e67264218ffbdfc25010650da449a39 + Name: suitesparse -Version: 5.4.0 -Release: 5%{?dist} -License: (LGPLv2+ OR BSD) AND LGPLv2+ AND GPLv2+ +Version: 7.11.0 +Release: 1%{?dist} +Summary: A collection of sparse matrix libraries Vendor: Microsoft Corporation Distribution: Azure Linux -URL: https://faculty.cse.tamu.edu/davis/suitesparse.html -Source0: https://faculty.cse.tamu.edu/davis/SuiteSparse/SuiteSparse-%{version}.tar.gz + +# See LICENSE.txt for a breakdown of all licenses: +# Shipped modules licenses: +# * AMD - BSD-3-Clause +# * BTF - LGPL-2.1-or-later +# * CAMD - BSD-3-Clause +# * COLAMD - BSD-3-Clause +# * CCOLAMD - BSD-3-Clause +# * CHOLMOD - LGPL-2.1-or-later AND GPL-2.0-or-later +# * CSparse - LGPL-2.1-or-later AND BSD-3-Clause +# * CXSparse - LGPL-2.1-or-later AND BSD-3-Clause +# * KLU - LGPL-2.1-or-later +# * LDL - LGPL-2.1-or-later +# * RBio - GPL-2.0-or-later +# * SPQR - GPL-2.0-or-later +# * UMFPACK - GPL-2.0-or-later +# +# Not shipped modules licenses: +# * GPUQREngine - GPL-2.0-or-later +# * GraphBLAS - Apache-2.0 AND GPL-3.0-or-later +# * SLIP_LU - LGPL-3.0-or-later OR GPL-2.0-or-later OR (LGPL-3.0-or-later AND GPL-2.0-or-later) +# * MATLAB_Tools - BSD-3-Clause AND GPL-2.0-or-later +# * Mongoose - GPL-3.0-only +# * ssget - BSD-3-Clause +# * SuiteSparse_GPURuntime - GPL-2.0-or-later + +License: BSD-3-Clause AND LGPL-2.1-or-later AND GPL-2.0-or-later +URL: http://faculty.cse.tamu.edu/davis/suitesparse.html +Source0: https://github.com/DrTimothyAldenDavis/SuiteSparse/archive/v%{version}/%{name}-%{version}.tar.gz + +BuildRequires: cmake BuildRequires: gcc BuildRequires: gcc-c++ -BuildRequires: hardlink +BuildRequires: gcc-gfortran +BuildRequires: make + +BuildRequires: gmp-devel +%if %{with system_metis} BuildRequires: metis-devel +%else +Provides: bundled(metis) = 5.1.0 +%endif +BuildRequires: %{blaslib}-devel +BuildRequires: mpfr-devel +# openblas is still required for 64-bit suffixed versions BuildRequires: openblas-devel +BuildRequires: lapack-devel +BuildRequires: mpfr-devel BuildRequires: tbb-devel +BuildRequires: hardlink + +# Not packaged in Fedora +Provides: bundled(cpu_features) = 0.6.0 +# GraphBLAS redefines malloc() so must use bundled versions +Provides: bundled(lz4) = 1.9.3 +Provides: bundled(zstd) = 1.5.5 + +Obsoletes: umfpack <= 5.0.1 +Obsoletes: ufsparse <= 2.1.1 Provides: ufsparse = %{version}-%{release} %description @@ -54,15 +128,19 @@ matrices. The package includes the following libraries: SuiteSparse_config configuration file for all the above packages. RBio read/write files in Rutherford/Boeing format + %package devel Summary: Development headers for SuiteSparse Requires: %{name} = %{version}-%{release} +Obsoletes: umfpack-devel <= 5.0.1 +Obsoletes: ufsparse-devel <= 2.1.1 Provides: ufsparse-devel = %{version}-%{release} %description devel The suitesparse-devel package contains files needed for developing applications which use the suitesparse libraries. + %package static Summary: Static version of SuiteSparse libraries Requires: %{name}-devel = %{version}-%{release} @@ -72,12 +150,15 @@ Provides: ufsparse-static = %{version}-%{release} The suitesparse-static package contains the statically linkable version of the suitesparse libraries. + +%if 0%{?build64} %package -n %{name}64 Summary: A collection of sparse matrix libraries (ILP64 version) %description -n %{name}64 The suitesparse collection compiled against an ILP64 BLAS library. + %package -n %{name}64-devel Summary: Development headers for SuiteSparse (ILP64 version) Requires: %{name}-devel = %{version}-%{release} @@ -87,6 +168,7 @@ Requires: %{name}64 = %{version}-%{release} The suitesparse64-devel package contains files needed for developing applications which use the suitesparse libraries (ILP64 version). + %package -n %{name}64-static Summary: Static version of SuiteSparse libraries (ILP64 version) Requires: %{name}-devel = %{version}-%{release} @@ -95,12 +177,14 @@ Requires: %{name}-devel = %{version}-%{release} The suitesparse64-static package contains the statically linkable version of the suitesparse libraries (ILP64 version). + %package -n %{name}64_ Summary: A collection of sparse matrix libraries (ILP64 version) %description -n %{name}64_ The suitesparse collection compiled against an ILP64 BLAS library. + %package -n %{name}64_-devel Summary: Development headers for SuiteSparse (ILP64 version) Requires: %{name}-devel = %{version}-%{release} @@ -112,6 +196,7 @@ applications which use the suitesparse libraries (ILP64 version) compiled against a BLAS library with the "64_" symbol name suffix (see openblas-*64_ packages). + %package -n %{name}64_-static Summary: Static version of SuiteSparse libraries (ILP64 version) Requires: %{name}-devel = %{version}-%{release} @@ -120,22 +205,34 @@ Requires: %{name}-devel = %{version}-%{release} The suitesparse64_-static package contains the statically linkable version of the suitesparse libraries (ILP64 version) compiled against a BLAS library with the "64_" symbol name suffix (see openblas-*64_ packages). +%endif + %package doc Summary: Documentation files for SuiteSparse -Requires: %{name} = %{version}-%{release} BuildArch: noarch +Requires: %{name} = %{version}-%{release} %description doc This package contains documentation files for %{name}. + %prep -%setup -q -c -pushd SuiteSparse +%setup -c -q +mkdir Doc Licenses +pushd SuiteSparse-%{version} +#patch 0 -p1 -b .postfix +%if !0%{?enable_csparse} + sed -i -e /CSparse/d Makefile +%endif + # Build fails + sed -i -e /Mongoose/d Makefile +%if %{with system_metis} # Remove bundled metis - rm -r metis* - # Makefiles look for metis.h specifically - ln -s %{_includedir}/metis/*.h include/ + rm -r SuiteSparse_metis + # SuiteSparse looks for SuiteSparse_metis.h specifically + ln -s %{_includedir}/metis/metis.h include/SuiteSparse_metis.h +%endif # Fix pragma ivdep so gcc understands it. for fil in $(grep -Frl 'pragma ivdep' .); do @@ -144,239 +241,94 @@ pushd SuiteSparse rm -f ${fil}.orig done - # drop non-standard -O3 and duplicate -fexceptions from default CFLAGS - sed -i -e '/^ CF =/ s/ -O3 -fexceptions//' SuiteSparse_config/SuiteSparse_config.mk + # drop non-standard -O3 + sed -i -e '/OPTS.*-O3/d' CHOLMOD/SuiteSparse_metis/GKlib/GKlibSystem.cmake + + # collect docs and licenses in one place to ship + find -iname lesser.txt -o -iname lesserv3.txt -o -iname license.txt -o \ + -iname gpl.txt -o -iname GPLv2.txt -o -iname CONTRIBUTOR-LICENSE.txt -o -iname "SuiteSparse Individual Contributor License Agreement (20241011).pdf" -o -iname license \ + -a -not -type d | while read f; do + b="${f%%/*}" + r="${f#$b}" + x="$(echo "$r" | sed 's|/doc/|/|gi')" + install -m0644 -D "$f" "../Licenses/$b/$x" + done - # Allow adding a suffix to the library name - sed -i -e '/SO.*=/s/$(LIBRARY).so/$(LIBRARY)$(LIBRARY_SUFFIX).so/' \ - -e '/AR_TARGET *=/s/$(LIBRARY).a/$(LIBRARY)$(LIBRARY_SUFFIX).a/' SuiteSparse_config/SuiteSparse_config.mk - sed -i -e 's/-l\(amd\|btf\|camd\|ccolamd\|cholmod\|colamd\|csparse\|cxsparse\|klu\|ldl\|rbio\|spqr\|suitesparseconfig\|umfpack\)/-l\1$(LIBRARY_SUFFIX)/g' \ - $(find -name Makefile\* -o -name \*.mk) + # Copy documentation files but EXCLUDE License.txt, gpl.txt, GPLv2.txt, lesserv3.txt + find . -type f \( \ + -iname "*.pdf" -o \ + -iname "ChangeLog" -o \ + -iname "README*" -o \ + -iname "*.txt" \ + \) \ + ! -iname "License.txt" \ + ! -iname "gpl.txt" \ + ! -iname "GPLv2.txt" \ + ! -iname "lesserv3.txt" \ + ! -iname "CONTRIBUTOR-LICENSE.txt" \ + ! -iname "SuiteSparse Individual Contributor License Agreement (20241011).pdf" \ + | while read f; do + b="${f%%/*}" + r="${f#$b}" + x="$(echo "$r" | sed 's|/doc/|/|gi')" + install -m0644 -D "$f" "../Doc/$b/$x" + done popd -cp -a SuiteSparse SuiteSparse64 -cp -a SuiteSparse SuiteSparse64_ +%if 0%{?build64} +cp -al SuiteSparse-%{version} SuiteSparse64-%{version} +cp -al SuiteSparse-%{version} SuiteSparse64_-%{version} +%endif -%build -export AUTOCC=no -export CC=gcc +# hardlink duplicate documentation files +hardlink -cv Licenses/ -for build in SuiteSparse SuiteSparse64 SuiteSparse64_ +%build +# FindSuiteSparse_config looks for "build" +%global _vpath_builddir build +for build in %{suitesparse_builds} do - pushd $build - - # TODO - Try to use upstream makefile - will build more components - mkdir -p Doc/{AMD,BTF,CAMD,CCOLAMD,CHOLMOD,COLAMD,KLU,LDL,UMFPACK,SPQR,RBio} Include - - export CFLAGS="%{optflags} -I%{_includedir}/metis" - export LAPACK="" - # Set flags for ILP64 build - if [ $build = SuiteSparse64 ] - then - export CFLAGS="$CFLAGS -DBLAS64" - export BLAS=-lopenblas64 - export LIBRARY_SUFFIX=64 - elif [ $build = SuiteSparse64_ ] - then - export CFLAGS="$CFLAGS -DBLAS64 -DSUN64" - export BLAS=-lopenblas64_ - export LIBRARY_SUFFIX=64_ - else - export BLAS=-lopenblas - fi - - # SuiteSparse_config needs to come first - pushd SuiteSparse_config - %make_build CFLAGS="$CFLAGS" BLAS="$BLAS" LIBRARY_SUFFIX="$LIBRARY_SUFFIX" - cp -p *.h ../Include - popd - - pushd AMD - pushd Lib - %make_build CFLAGS="$CFLAGS" BLAS="$BLAS" LIBRARY_SUFFIX="$LIBRARY_SUFFIX" - popd - cp -p Include/*.h ../Include - cp -p README.txt Doc/License.txt Doc/lesser.txt Doc/ChangeLog Doc/*.pdf ../Doc/AMD - popd - - pushd BTF - pushd Lib - %make_build CFLAGS="$CFLAGS" BLAS="$BLAS" LIBRARY_SUFFIX="$LIBRARY_SUFFIX" - popd - cp -p Include/*.h ../Include - cp -p README.txt Doc/* ../Doc/BTF - popd - - pushd CAMD - pushd Lib - %make_build CFLAGS="$CFLAGS" BLAS="$BLAS" LIBRARY_SUFFIX="$LIBRARY_SUFFIX" - popd - cp -p Include/*.h ../Include - cp -p README.txt Doc/ChangeLog Doc/License.txt Doc/*.pdf ../Doc/CAMD - popd - - pushd CCOLAMD - pushd Lib - %make_build CFLAGS="$CFLAGS" BLAS="$BLAS" LIBRARY_SUFFIX="$LIBRARY_SUFFIX" - popd - cp -p Include/*.h ../Include - cp -p README.txt Doc/* ../Doc/CCOLAMD - popd - - pushd COLAMD - pushd Lib - %make_build CFLAGS="$CFLAGS" BLAS="$BLAS" LIBRARY_SUFFIX="$LIBRARY_SUFFIX" - popd - cp -p Include/*.h ../Include - cp -p README.txt Doc/* ../Doc/COLAMD - popd - - pushd CHOLMOD - pushd Lib - %make_build CFLAGS="$CFLAGS" BLAS="$BLAS" LIBRARY_SUFFIX="$LIBRARY_SUFFIX" - popd - cp -p Include/*.h ../Include - cp -p README.txt Doc/*.pdf ../Doc/CHOLMOD - cp -p Cholesky/lesser.txt ../Doc/CHOLMOD/Cholesky_License.txt - cp -p Core/lesser.txt ../Doc/CHOLMOD/Core_License.txt - cp -p MatrixOps/gpl.txt ../Doc/CHOLMOD/MatrixOps_License.txt - cp -p Partition/lesser.txt ../Doc/CHOLMOD/Partition_License.txt - cp -p Supernodal/gpl.txt ../Doc/CHOLMOD/Supernodal_License.txt - popd - - %if "%{?enable_csparse}" == "1" - pushd CSparse - pushd Source - %make_build CFLAGS="$CFLAGS" BLAS="$BLAS" LIBRARY_SUFFIX="$LIBRARY_SUFFIX" - cp -p cs.h ../../Include - popd - mkdir ../Doc/CSparse/ - cp -p Doc/* ../Doc/CSparse - popd - - %else - pushd CXSparse - pushd Lib - %make_build CFLAGS="$CFLAGS" BLAS="$BLAS" LIBRARY_SUFFIX="$LIBRARY_SUFFIX" - popd - cp -p Include/cs.h ../Include - mkdir ../Doc/CXSparse/ - cp -p Doc/* ../Doc/CXSparse - popd - %endif - - pushd KLU - pushd Lib - %make_build CFLAGS="$CFLAGS" BLAS="$BLAS" LIBRARY_SUFFIX="$LIBRARY_SUFFIX" - popd - cp -p Include/*.h ../Include - cp -p README.txt Doc/lesser.txt ../Doc/KLU - popd - - pushd LDL - pushd Lib - %make_build CFLAGS="$CFLAGS" BLAS="$BLAS" LIBRARY_SUFFIX="$LIBRARY_SUFFIX" - popd - cp -p Include/*.h ../Include - cp -p README.txt Doc/ChangeLog Doc/lesser.txt Doc/*.pdf ../Doc/LDL - popd - - pushd UMFPACK - pushd Lib - %make_build CFLAGS="$CFLAGS" BLAS="$BLAS" LIBRARY_SUFFIX="$LIBRARY_SUFFIX" - popd - cp -p Include/*.h ../Include - cp -p README.txt Doc/License.txt Doc/ChangeLog Doc/gpl.txt Doc/*.pdf ../Doc/UMFPACK - popd - - pushd SPQR - pushd Lib - %make_build CFLAGS="$CFLAGS -DHAVE_TBB -DNPARTITION" TBB=-ltbb BLAS="$BLAS" LIBRARY_SUFFIX="$LIBRARY_SUFFIX" - popd - cp -p Include/*.h* ../Include - cp -p README{,_SPQR}.txt - cp -p README_SPQR.txt Doc/* ../Doc/SPQR - popd - - pushd RBio - pushd Lib - %make_build CFLAGS="$CFLAGS" BLAS="$BLAS" LIBRARY_SUFFIX="$LIBRARY_SUFFIX" - popd - cp -p Include/*.h ../Include - cp -p README.txt Doc/ChangeLog Doc/License.txt ../Doc/RBio - popd - + pushd $build-%{version} + %set_build_flags + CMAKE_OPTIONS="-DCMAKE_C_FLAGS_RELEASE:STRING=-DNDEBUG -DCMAKE_CXX_FLAGS_RELEASE:STRING=-DNDEBUG -DCMAKE_Fortran_FLAGS_RELEASE:STRING=-DNDEBUG -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DCMAKE_INSTALL_DO_STRIP:BOOL=OFF \ + -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} -DCMAKE_INSTALL_LIBDIR=%{_libdir} -DCOMPACT=ON" +%if %{with system_metis} + CMAKE_OPTIONS="$CMAKE_OPTIONS -DSUITESPARSE_METIS_FOUND=true -DSUITESPARSE_METIS_INCLUDE_DIR=%{_includedir}/metis -DSUITESPARSE_METIS_LIBRARIES=%{_libdir}/libmetis.so" +%endif + # Set flags for ILP64 build + if [ $build = SuiteSparse64 ] + then + CMAKE_OPTIONS="$CMAKE_OPTIONS -DSUITESPARSE_INCLUDEDIR_POSTFIX=$build -DSUITESPARSE_PKGFILEDIR=%{_libdir}/$build -DCMAKE_RELEASE_POSTFIX=64 -DBLA_VENDOR=OpenBLAS -DALLOW_64BIT_BLAS=yes" + export CFLAGS="$CFLAGS -DBLAS_OPENBLAS_64" + elif [ $build = SuiteSparse64_ ] + then + CMAKE_OPTIONS="$CMAKE_OPTIONS -DSUITESPARSE_INCLUDEDIR_POSTFIX=$build -DSUITESPARSE_PKGFILEDIR=%{_libdir}/$build -DCMAKE_RELEASE_POSTFIX=64_ -DBLA_VENDOR=OpenBLAS -DALLOW_64BIT_BLAS=yes -DBLAS_LIBRARIES=%{_libdir}/libopenblas64_.so" + export CFLAGS="$CFLAGS -DBLAS_OPENBLAS_64" + else + CMAKE_OPTIONS="$CMAKE_OPTIONS -DSUITESPARSE_INCLUDEDIR_POSTFIX=suitesparse -DBLA_VENDOR=OpenBLAS" + fi + %make_build CMAKE_OPTIONS="$CMAKE_OPTIONS" JOBS=%{_smp_build_ncpus} popd done %install -mkdir -p %{buildroot}%{_libdir} -mkdir -p %{buildroot}%{_includedir}/%{name} -cp -a SuiteSparse/Include/*.{h,hpp} %{buildroot}%{_includedir}/%{name}/ -for build in SuiteSparse SuiteSparse64 SuiteSparse64_ +for build in %{suitesparse_builds} do - pushd $build - cp -a */Lib/*.a lib/*.so* %{buildroot}%{_libdir}/ - chmod 755 %{buildroot}%{_libdir}/*.so.* - - # collect licenses in one place to ship as base package documentation - rm -rf Licenses - mkdir Licenses - find */ -iname lesser.txt -o -iname license.txt -o -iname gpl.txt -o \ - -iname license | while read f; do - b="${f%%/*}" - r="${f#$b}" - x="$(echo "$r" | sed 's|/doc/|/|gi')" - install -m0644 -D "$f" "./Licenses/$b/$x" - done - - # hardlink duplicate documentation files - hardlink -cv Docs/ Licenses/ + pushd $build-%{version} + %make_install popd done - %check -check_status=0 -export AUTOCC=no -export CC=gcc -TESTDIRS="AMD CAMD CCOLAMD CHOLMOD COLAMD KLU LDL SPQR RBio UMFPACK" -%if "%{?enable_csparse}" == "1" -TESTDIRS="$TESTDIRS CSparse" -%else -TESTDIRS="$TESTDIRS CXSparse" -%endif -for build in SuiteSparse SuiteSparse64 SuiteSparse64_ +# Build demos as a check +for build in %{suitesparse_builds} do - pushd $build - export CFLAGS="%{optflags} -I%{_includedir}/metis" - export LAPACK="" - # Set flags for ILP64 build - if [ $build = SuiteSparse64 ] - then - export CFLAGS="$CFLAGS -DBLAS64" - export BLAS=-lopenblas64 - export LIBRARY_SUFFIX=64 - elif [ $build = SuiteSparse64_ ] - then - export CFLAGS="$CFLAGS -DBLAS64 -DSUN64" - export BLAS=-lopenblas64_ - export LIBRARY_SUFFIX=64_ - else - export BLAS=-lopenblas - fi - - for d in $TESTDIRS ; do - %make_build -C $d/Demo CFLAGS="$CFLAGS" LIB="%{?__global_ldflags} -lm -lrt" BLAS="$BLAS" LIBRARY_SUFFIX="$LIBRARY_SUFFIX" SPQR_CONFIG=-DHAVE_TBB TBB=-ltbb - if [[ $? -ne 0 ]]; then - check_status=1 - fi - done + pushd $build-%{version} + make install DESTDIR=%{buildroot} popd done -[[ $check_status -eq 0 ]] %files -%license SuiteSparse/Licenses +%license Licenses %{_libdir}/libamd.so.%{amd_version_major}* %{_libdir}/libbtf.so.%{btf_version_major}* %{_libdir}/libcamd.so.%{camd_version_major}* @@ -387,24 +339,75 @@ done %{_libdir}/libcsparse.so.%{csparse_version_major}* %endif %{_libdir}/libcxsparse.so.%{cxsparse_version_major}* +%{_libdir}/libgraphblas.so.%{graphblas_version_major}* +%{_libdir}/libklu_cholmod.so.%{klu_cholmod_version_major}* %{_libdir}/libklu.so.%{klu_version_major}* +%{_libdir}/liblagraph.so.%{lagraph_version_major}* +%{_libdir}/liblagraphx.so.%{lagraphx_version_major}* %{_libdir}/libldl.so.%{ldl_version_major}* +%{_libdir}/libparu.so.%{paru_version_major}* %{_libdir}/librbio.so.%{rbio_version_major}* +%{_libdir}/libspex.so.%{spex_version_major}* +%{_libdir}/libspexpython.so.%{spex_version_major}* %{_libdir}/libspqr.so.%{spqr_version_major}* %{_libdir}/libsuitesparseconfig.so.%{SuiteSparse_config_major}* %{_libdir}/libumfpack.so.%{umfpack_version_major}* %files devel -%{_includedir}/%{name} +%{_includedir}/%{name}/ +%{_libdir}/cmake/AMD/ +%{_libdir}/cmake/BTF/ +%{_libdir}/cmake/CAMD/ +%{_libdir}/cmake/CCOLAMD/ +%{_libdir}/cmake/CHOLMOD/ +%{_libdir}/cmake/COLAMD/ +%{_libdir}/cmake/CXSparse/ +%{_libdir}/cmake/GraphBLAS/ +%{_libdir}/cmake/KLU/ +%{_libdir}/cmake/KLU_CHOLMOD/ +%{_libdir}/cmake/LAGraph/ +%{_libdir}/cmake/LDL/ +%{_libdir}/cmake/ParU/ +%{_libdir}/cmake/RBio/ +%{_libdir}/cmake/SPEX/ +%{_libdir}/cmake/SPQR/ +%{_libdir}/cmake/SuiteSparse_config/ +%{_libdir}/cmake/SuiteSparse/ +%{_libdir}/cmake/UMFPACK/ +%exclude %{_libdir}/cmake/*/*_static*.cmake +%{_libdir}/pkgconfig/AMD.pc +%{_libdir}/pkgconfig/BTF.pc +%{_libdir}/pkgconfig/CAMD.pc +%{_libdir}/pkgconfig/CCOLAMD.pc +%{_libdir}/pkgconfig/CHOLMOD.pc +%{_libdir}/pkgconfig/COLAMD.pc +%{_libdir}/pkgconfig/CXSparse.pc +%{_libdir}/pkgconfig/GraphBLAS.pc +%{_libdir}/pkgconfig/KLU.pc +%{_libdir}/pkgconfig/KLU_CHOLMOD.pc +%{_libdir}/pkgconfig/LAGraph.pc +%{_libdir}/pkgconfig/LDL.pc +%{_libdir}/pkgconfig/ParU.pc +%{_libdir}/pkgconfig/RBio.pc +%{_libdir}/pkgconfig/SPEX.pc +%{_libdir}/pkgconfig/SPQR.pc +%{_libdir}/pkgconfig/SuiteSparse_config.pc +%{_libdir}/pkgconfig/UMFPACK.pc %{_libdir}/lib*.so +%if 0%{?build64} %exclude %{_libdir}/lib*64*.so +%endif %files static +%{_libdir}/cmake/*/*_static*.cmake %{_libdir}/lib*.a +%if 0%{?build64} %exclude %{_libdir}/lib*64*.a +%endif +%if 0%{?build64} %files -n %{name}64 -%license SuiteSparse64/Licenses +%license Licenses %{_libdir}/libamd64.so.%{amd_version_major}* %{_libdir}/libbtf64.so.%{btf_version_major}* %{_libdir}/libcamd64.so.%{camd_version_major}* @@ -415,21 +418,30 @@ done %{_libdir}/libcsparse64.so.%{csparse_version_major}* %endif %{_libdir}/libcxsparse64.so.%{cxsparse_version_major}* +%{_libdir}/libgraphblas64.so.%{graphblas_version_major}* +%{_libdir}/libklu_cholmod64.so.%{klu_cholmod_version_major}* %{_libdir}/libklu64.so.%{klu_version_major}* +%{_libdir}/liblagraph64.so.%{lagraph_version_major}* +%{_libdir}/liblagraphx64.so.%{lagraphx_version_major}* %{_libdir}/libldl64.so.%{ldl_version_major}* +%{_libdir}/libparu64.so.%{paru_version_major}* %{_libdir}/librbio64.so.%{rbio_version_major}* +%{_libdir}/libspex64.so.%{spex_version_major}* +%{_libdir}/libspexpython64.so.%{spex_version_major}* %{_libdir}/libspqr64.so.%{spqr_version_major}* %{_libdir}/libsuitesparseconfig64.so.%{SuiteSparse_config_major}* %{_libdir}/libumfpack64.so.%{umfpack_version_major}* %files -n %{name}64-devel +%{_includedir}/SuiteSparse64/ %{_libdir}/lib*64.so +%{_libdir}/SuiteSparse64 %files -n %{name}64-static %{_libdir}/lib*64.a %files -n %{name}64_ -%license SuiteSparse64_/Licenses +%license Licenses %{_libdir}/libamd64_.so.%{amd_version_major}* %{_libdir}/libbtf64_.so.%{btf_version_major}* %{_libdir}/libcamd64_.so.%{camd_version_major}* @@ -440,23 +452,37 @@ done %{_libdir}/libcsparse64_.so.%{csparse_version_major}* %endif %{_libdir}/libcxsparse64_.so.%{cxsparse_version_major}* +%{_libdir}/libgraphblas64_.so.%{graphblas_version_major}* +%{_libdir}/libklu_cholmod64_.so.%{klu_cholmod_version_major}* %{_libdir}/libklu64_.so.%{klu_version_major}* +%{_libdir}/liblagraph64_.so.%{lagraph_version_major}* +%{_libdir}/liblagraphx64_.so.%{lagraphx_version_major}* %{_libdir}/libldl64_.so.%{ldl_version_major}* +%{_libdir}/libparu64_.so.%{paru_version_major}* %{_libdir}/librbio64_.so.%{rbio_version_major}* +%{_libdir}/libspex64_.so.%{spex_version_major}* +%{_libdir}/libspexpython64_.so.%{spex_version_major}* %{_libdir}/libspqr64_.so.%{spqr_version_major}* %{_libdir}/libsuitesparseconfig64_.so.%{SuiteSparse_config_major}* %{_libdir}/libumfpack64_.so.%{umfpack_version_major}* %files -n %{name}64_-devel +%{_includedir}/SuiteSparse64_/ %{_libdir}/lib*64_.so +%{_libdir}/SuiteSparse64_ %files -n %{name}64_-static %{_libdir}/lib*64_.a +%endif %files doc -%doc SuiteSparse/Doc/* +%doc Doc/* %changelog +* Mon Dec 15 2025 Durga Jagadeesh Palli - 7.11.0-1 +- Upgrade to 7.11.0 (Reference: Fedora 42) +- License verified + * Mon Nov 28 2022 Muhammad Falak - 5.4.0-5 - License verified - Lint spec diff --git a/SPECS-EXTENDED/tardev-snapshotter/tardev-snapshotter.spec b/SPECS-EXTENDED/tardev-snapshotter/tardev-snapshotter.spec index bce19b03549..f3fc5fe3968 100644 --- a/SPECS-EXTENDED/tardev-snapshotter/tardev-snapshotter.spec +++ b/SPECS-EXTENDED/tardev-snapshotter/tardev-snapshotter.spec @@ -3,7 +3,7 @@ Summary: Tardev Snapshotter for containerd Name: tardev-snapshotter Version: 3.2.0.tardev1 -Release: 4%{?dist} +Release: 5%{?dist} License: ASL 2.0 Group: Tools/Container Vendor: Microsoft Corporation @@ -67,6 +67,9 @@ fi %config(noreplace) %{_unitdir}/%{name}.service %changelog +* Wed Oct 15 2025 Kavya Sree Kaitepalli - 3.2.0.tardev1-5 +- Bump release to rebuild with rust + * Fri Aug 08 2025 Azure Linux Security Servicing Account - 3.2.0.tardev1-4 - Bump release to rebuild with rust diff --git a/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec b/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec index 677d6a04653..90f79680d02 100644 --- a/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec +++ b/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec @@ -7,7 +7,7 @@ Summary: Signed Linux Kernel for %{buildarch} systems Name: kernel-64k-signed-%{buildarch} Version: 6.6.119.3 -Release: 1%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -105,6 +105,12 @@ echo "initrd of kernel %{uname_r} removed" >&2 %exclude /module_info.ld %changelog +* Fri Jan 16 2026 Rachel Menge - 6.6.119.3-3 +- Bump release to match kernel,kernel-ipe + +* Thu Jan 08 2026 Rachel Menge - 6.6.119.3-2 +- Bump release to match kernel,kernel-ipe,kernel-64k + * Tue Jan 06 2026 CBL-Mariner Servicing Account - 6.6.119.3-1 - Auto-upgrade to 6.6.119.3 diff --git a/SPECS-SIGNED/kernel-mshv-signed/kernel-mshv-signed.spec b/SPECS-SIGNED/kernel-mshv-signed/kernel-mshv-signed.spec index 00ebb4cc3be..5eaa396d001 100644 --- a/SPECS-SIGNED/kernel-mshv-signed/kernel-mshv-signed.spec +++ b/SPECS-SIGNED/kernel-mshv-signed/kernel-mshv-signed.spec @@ -10,7 +10,7 @@ Summary: Signed MSHV-enabled Linux Kernel for %{buildarch} systems Name: kernel-mshv-signed-%{buildarch} Version: 6.6.100.mshv1 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -140,6 +140,9 @@ echo "initrd of kernel %{uname_r} removed" >&2 %exclude /lib/modules/%{uname_r}/build %changelog +* Mon Jan 06 2026 Roaa Sakr - 6.6.100.mshv1-3 +- Enable ftrace syscalls tracing support in kernel config + * Wed Oct 22 2025 Saul Paredes - 6.6.100.mshv1-2 - Enable build on aarch64 diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec index 8ab5094b43a..d921e8fa9e1 100644 --- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec +++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec @@ -10,7 +10,7 @@ Summary: Signed Linux Kernel for %{buildarch} systems Name: kernel-signed-%{buildarch} Version: 6.6.119.3 -Release: 1%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -145,6 +145,12 @@ echo "initrd of kernel %{uname_r} removed" >&2 %exclude /module_info.ld %changelog +* Fri Jan 16 2026 Rachel Menge - 6.6.119.3-3 +- Bump release to match kernel,kernel-ipe + +* Thu Jan 08 2026 Rachel Menge - 6.6.119.3-2 +- Bump release to match kernel,kernel-ipe,kernel-64k + * Tue Jan 06 2026 CBL-Mariner Servicing Account - 6.6.119.3-1 - Auto-upgrade to 6.6.119.3 diff --git a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec index bc3d245b8ef..626708fcb60 100644 --- a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec +++ b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec @@ -6,7 +6,7 @@ Summary: Signed Unified Kernel Image for %{buildarch} systems Name: kernel-uki-signed-%{buildarch} Version: 6.6.119.3 -Release: 1%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -68,6 +68,12 @@ popd /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi %changelog +* Fri Jan 16 2026 Rachel Menge - 6.6.119.3-3 +- Bump release to match kernel,kernel-ipe + +* Thu Jan 08 2026 Rachel Menge - 6.6.119.3-2 +- Bump release to match kernel,kernel-ipe,kernel-64k + * Tue Jan 06 2026 CBL-Mariner Servicing Account - 6.6.119.3-1 - Auto-upgrade to 6.6.119.3 diff --git a/SPECS/avahi/CVE-2025-68276.patch b/SPECS/avahi/CVE-2025-68276.patch new file mode 100644 index 00000000000..b6e1a8cbab8 --- /dev/null +++ b/SPECS/avahi/CVE-2025-68276.patch @@ -0,0 +1,65 @@ +From 9aa21a5ba089c46301a1c489f9643a5900e2e4cb Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin +Date: Wed, 17 Dec 2025 08:11:23 +0000 +Subject: [PATCH] core: refuse to create wide-area record browsers when + wide-area is off + +It fixes a bug where it was possible for unprivileged local users to +crash avahi-daemon (with wide-area disabled) by creating record browsers +with the AVAHI_LOOKUP_USE_WIDE_AREA flag set via D-Bus (either by calling +the RecordBrowserNew method directly or by creating hostname/address/service +resolvers/browsers that create those browsers internally themselves). + +``` +$ gdbus call --system --dest org.freedesktop.Avahi --object-path / --method org.freedesktop.Avahi.Server.ResolveHostName -- -1 -1 yo.local -1 1 +Error: GDBus.Error:org.freedesktop.DBus.Error.NoReply: Message recipient disconnected from message bus without replying +``` +``` +dbus-protocol.c: interface=org.freedesktop.Avahi.Server, path=/, member=ResolveHostName +avahi-daemon: wide-area.c:725: avahi_wide_area_scan_cache: Assertion `e' failed. +==307948== +==307948== Process terminating with default action of signal 6 (SIGABRT) +==307948== at 0x4B3630C: __pthread_kill_implementation (pthread_kill.c:44) +==307948== by 0x4ADF921: raise (raise.c:26) +==307948== by 0x4AC74AB: abort (abort.c:77) +==307948== by 0x4AC741F: __assert_fail_base.cold (assert.c:118) +==307948== by 0x48D8B85: avahi_wide_area_scan_cache (wide-area.c:725) +==307948== by 0x48C8953: lookup_scan_cache (browse.c:351) +==307948== by 0x48C8B1B: lookup_go (browse.c:386) +==307948== by 0x48C9148: defer_callback (browse.c:516) +==307948== by 0x48AEA0E: expiration_event (timeeventq.c:94) +==307948== by 0x489D3AE: timeout_callback (simple-watch.c:447) +==307948== by 0x489D787: avahi_simple_poll_dispatch (simple-watch.c:563) +==307948== by 0x489D91E: avahi_simple_poll_iterate (simple-watch.c:605) +==307948== +``` + +wide-area has been disabled by default since +9c4214146738146e454f098264690e8e884c39bd (v0.9-rc2). + +https: //github.com/avahi/avahi/security/advisories/GHSA-mhf3-865v-g5rc +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/avahi/avahi/commit/0c013e2e819be3bda74cecf48b5f64956cf8a760.patch +--- + avahi-core/browse.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index 1cf0ee3..57435fc 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -543,6 +543,11 @@ AvahiSRecordBrowser *avahi_s_record_browser_prepare( + AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_FLAGS_VALID(flags, AVAHI_LOOKUP_USE_WIDE_AREA|AVAHI_LOOKUP_USE_MULTICAST), AVAHI_ERR_INVALID_FLAGS); + AVAHI_CHECK_VALIDITY_RETURN_NULL(server, !(flags & AVAHI_LOOKUP_USE_WIDE_AREA) || !(flags & AVAHI_LOOKUP_USE_MULTICAST), AVAHI_ERR_INVALID_FLAGS); + ++ if ((flags & AVAHI_LOOKUP_USE_WIDE_AREA) && !server->wide_area_lookup_engine) { ++ avahi_server_set_errno(server, AVAHI_ERR_NOT_SUPPORTED); ++ return NULL; ++ } ++ + if (!(b = avahi_new(AvahiSRecordBrowser, 1))) { + avahi_server_set_errno(server, AVAHI_ERR_NO_MEMORY); + return NULL; +-- +2.45.4 + diff --git a/SPECS/avahi/CVE-2025-68468.patch b/SPECS/avahi/CVE-2025-68468.patch new file mode 100644 index 00000000000..88c4252265d --- /dev/null +++ b/SPECS/avahi/CVE-2025-68468.patch @@ -0,0 +1,28 @@ +From 2aad32193f8b4391309498c884d6f906eb962c01 Mon Sep 17 00:00:00 2001 +From: Hugo Muis <198191869+friendlyhugo@users.noreply.github.com> +Date: Sun, 2 Mar 2025 18:06:24 +0100 +Subject: [PATCH] core: fix DoS bug by removing incorrect assertion + +Closes https://github.com/avahi/avahi/issues/683 + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/avahi/avahi/commit/f66be13d7f31a3ef806d226bf8b67240179d309a.patch +--- + avahi-core/browse.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index e8a915e..2966f95 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -295,7 +295,6 @@ static void lookup_multicast_callback( + lookup_drop_cname(l, interface, protocol, 0, r); + else { + /* It's a normal record, so let's call the user callback */ +- assert(avahi_key_equal(b->key, l->key)); + + b->callback(b, interface, protocol, event, r, flags, b->userdata); + } +-- +2.45.4 + diff --git a/SPECS/avahi/CVE-2025-68471.patch b/SPECS/avahi/CVE-2025-68471.patch new file mode 100644 index 00000000000..3057bb78f25 --- /dev/null +++ b/SPECS/avahi/CVE-2025-68471.patch @@ -0,0 +1,32 @@ +From 3c1445d537218a0678927dfbca54178b13062080 Mon Sep 17 00:00:00 2001 +From: Hugo Muis <198191869+friendlyhugo@users.noreply.github.com> +Date: Sun, 2 Mar 2025 18:06:24 +0100 +Subject: [PATCH] core: fix DoS bug by changing assert to return + +Closes https://github.com/avahi/avahi/issues/678 + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/avahi/avahi/pull/682/commits/9c6eb53bf2e290aed84b1f207e3ce35c54cc0aa1.patch +--- + avahi-core/browse.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index 2966f95..1cf0ee3 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -319,7 +319,10 @@ static int lookup_start(AvahiSRBLookup *l) { + assert(l); + + assert(!(l->flags & AVAHI_LOOKUP_USE_WIDE_AREA) != !(l->flags & AVAHI_LOOKUP_USE_MULTICAST)); +- assert(!l->wide_area && !l->multicast); ++ if (l->wide_area || l->multicast) { ++ /* Avoid starting a duplicate lookup */ ++ return 0; ++ } + + if (l->flags & AVAHI_LOOKUP_USE_WIDE_AREA) { + +-- +2.45.4 + diff --git a/SPECS/avahi/avahi.spec b/SPECS/avahi/avahi.spec index 65e8fe36093..9f399208855 100644 --- a/SPECS/avahi/avahi.spec +++ b/SPECS/avahi/avahi.spec @@ -3,7 +3,7 @@ Summary: Local network service discovery Name: avahi Version: 0.8 -Release: 5%{?dist} +Release: 6%{?dist} License: LGPLv2+ Vendor: Microsoft Corporation Distribution: Azure Linux @@ -19,6 +19,9 @@ Patch6: CVE-2023-38473.patch Patch7: CVE-2023-38470.patch Patch8: CVE-2023-38471.patch Patch9: CVE-2024-52616.patch +Patch10: CVE-2025-68276.patch +Patch11: CVE-2025-68468.patch +Patch12: CVE-2025-68471.patch BuildRequires: automake BuildRequires: dbus-devel >= 0.90 BuildRequires: dbus-glib-devel >= 0.70 @@ -426,7 +429,10 @@ exit 0 %endif %changelog -* Thu Feb 13 2024 Kanishk Bansal - 0.8-5 +* Wed Jan 14 2026 Azure Linux Security Servicing Account - 0.8-6 +- Patch for CVE-2025-68471, CVE-2025-68276, CVE-2025-68468 + +* Thu Feb 13 2025 Kanishk Bansal - 0.8-5 - Fix CVE-2024-52616 with an upstream patch * Mon Dec 02 2024 Kanishk Bansal - 0.8-4 diff --git a/SPECS/azurelinux-release/azurelinux-release.spec b/SPECS/azurelinux-release/azurelinux-release.spec index 2e51c6fe520..9d4bf63a971 100644 --- a/SPECS/azurelinux-release/azurelinux-release.spec +++ b/SPECS/azurelinux-release/azurelinux-release.spec @@ -5,7 +5,7 @@ Summary: Azure Linux release files Name: azurelinux-release Version: %{dist_version}.0 -Release: 38%{?dist} +Release: 39%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Azure Linux @@ -118,6 +118,9 @@ install -Dm0644 %{SOURCE4} -t %{buildroot}%{_sysctldir}/ %{_sysctldir}/*.conf %changelog +* Mon Jan 19 2026 CBL-Mariner Servicing Account - 3.0-39 +- Bump release for Feb 2026 Update + * Tue Dec 30 2025 CBL-Mariner Servicing Account - 3.0-38 - Bump release for January 2026 Update diff --git a/SPECS/cloud-hypervisor/cloud-hypervisor.spec b/SPECS/cloud-hypervisor/cloud-hypervisor.spec index 2ed1c588719..477e2d4e934 100644 --- a/SPECS/cloud-hypervisor/cloud-hypervisor.spec +++ b/SPECS/cloud-hypervisor/cloud-hypervisor.spec @@ -5,7 +5,7 @@ Name: cloud-hypervisor Summary: Cloud Hypervisor is an open source Virtual Machine Monitor (VMM) that runs on top of the KVM hypervisor and the Microsoft Hypervisor (MSHV). Version: 41.0.139 -Release: 1%{?dist} +Release: 3%{?dist} License: ASL 2.0 OR BSD-3-clause Vendor: Microsoft Corporation Distribution: Azure Linux @@ -137,6 +137,9 @@ cargo build --release --target=%{rust_musl_target} %{cargo_pkg_feature_opts} %{c %license LICENSES/CC-BY-4.0.txt %changelog +* Wed Oct 15 2025 Kavya Sree Kaitepalli - 41.0.139-3 +- Bump release to rebuild with rust + * Thu Oct 09 2025 Saul Paredes - 41.0.139-2 - Enable build on aarch64 diff --git a/SPECS/harfbuzz/CVE-2026-22693.patch b/SPECS/harfbuzz/CVE-2026-22693.patch new file mode 100644 index 00000000000..2a20c19bcd1 --- /dev/null +++ b/SPECS/harfbuzz/CVE-2026-22693.patch @@ -0,0 +1,31 @@ +From bb423ce7d5d1a7b8c111dc52a08020df0dc5bf67 Mon Sep 17 00:00:00 2001 +From: Behdad Esfahbod +Date: Fri, 9 Jan 2026 04:54:42 -0700 +Subject: [PATCH] malloc fail test (#5710) + +Fixes https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-xvjr-f2r9-c7ww + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/harfbuzz/harfbuzz/commit/1265ff8d990284f04d8768f35b0e20ae5f60daae.patch +--- + src/hb-ot-cmap-table.hh | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/hb-ot-cmap-table.hh b/src/hb-ot-cmap-table.hh +index e2e2581..2f7d727 100644 +--- a/src/hb-ot-cmap-table.hh ++++ b/src/hb-ot-cmap-table.hh +@@ -1534,6 +1534,10 @@ struct SubtableUnicodesCache { + { + SubtableUnicodesCache* cache = + (SubtableUnicodesCache*) hb_malloc (sizeof(SubtableUnicodesCache)); ++ ++ if (unlikely (!cache)) ++ return nullptr; ++ + new (cache) SubtableUnicodesCache (source_table); + return cache; + } +-- +2.45.4 + diff --git a/SPECS/harfbuzz/harfbuzz.spec b/SPECS/harfbuzz/harfbuzz.spec index 93362b045ec..01b68255a0c 100644 --- a/SPECS/harfbuzz/harfbuzz.spec +++ b/SPECS/harfbuzz/harfbuzz.spec @@ -1,7 +1,7 @@ Summary: opentype text shaping engine Name: harfbuzz Version: 8.3.0 -Release: 3%{?dist} +Release: 4%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Azure Linux @@ -9,6 +9,7 @@ Group: System Environment/Libraries URL: https://harfbuzz.github.io/ Source0: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz Patch0: CVE-2024-56732.patch +Patch1: CVE-2026-22693.patch BuildRequires: pkgconfig(cairo) BuildRequires: pkgconfig(freetype2) BuildRequires: pkgconfig(glib-2.0) @@ -91,6 +92,9 @@ find . -type f -name "*.py" -exec sed -i'' -e '1 s|^#!\s*/usr/bin/env\s\+python3 %{_libdir}/libharfbuzz-icu.so.* %changelog +* Mon Jan 12 2026 Azure Linux Security Servicing Account - 8.3.0-4 +- Patch for CVE-2026-22693 + * Wed Jan 08 2025 Sudipta Pandit - 8.3.0-3 - Patch for CVE-2024-56732 diff --git a/SPECS/kata-containers-cc/kata-containers-cc.spec b/SPECS/kata-containers-cc/kata-containers-cc.spec index 9878d82e498..c769da8047b 100644 --- a/SPECS/kata-containers-cc/kata-containers-cc.spec +++ b/SPECS/kata-containers-cc/kata-containers-cc.spec @@ -3,7 +3,7 @@ Name: kata-containers-cc Version: 3.15.0.aks0 -Release: 5%{?dist} +Release: 6%{?dist} Summary: Kata Confidential Containers package developed for Confidential Containers on AKS License: ASL 2.0 URL: https://github.com/microsoft/kata-containers @@ -11,7 +11,7 @@ Vendor: Microsoft Corporation Distribution: Azure Linux Source0: https://github.com/microsoft/kata-containers/archive/refs/tags/%{version}.tar.gz#/%{sourceName}-%{version}.tar.gz Source1: %{sourceName}-%{version}-cargo.tar.gz - +Patch0: rust-1.90-fixes.patch ExclusiveArch: x86_64 BuildRequires: azurelinux-release @@ -150,6 +150,10 @@ fi %{tools_pkg}/tools/osbuilder/node-builder/azure-linux/agent-install/usr/lib/systemd/system/kata-agent.service %changelog +* Wed Oct 15 2025 Kavya Sree Kaitepalli - 3.15.0-aks0-6 +- Bump release to rebuild with rust +- Add patch to suppress dead_code warnings and add explicit lifetime for U32Set iterator + * Fri Aug 08 2025 Azure Linux Security Servicing Account - 3.15.0-aks0-5 - Bump release to rebuild with rust diff --git a/SPECS/kata-containers-cc/rust-1.90-fixes.patch b/SPECS/kata-containers-cc/rust-1.90-fixes.patch new file mode 100644 index 00000000000..ccc55438ab4 --- /dev/null +++ b/SPECS/kata-containers-cc/rust-1.90-fixes.patch @@ -0,0 +1,51 @@ +From 40df9e0f016e4ce67e90e3e7f5b0ec87c5cb0a32 Mon Sep 17 00:00:00 2001 +From: Kavya Sree Kaitepalli +Date: Tue, 28 Oct 2025 17:39:43 +0000 +Subject: [PATCH] Suppress dead_code warnings and add explicit lifetime for U32Set iterator for Rust 1.90 + +--- + src/agent/src/device/block_device_handler.rs | 1 + + src/agent/src/storage/block_handler.rs | 1 + + src/libs/kata-types/src/utils/u32_set.rs | 2 +- + 3 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/agent/src/device/block_device_handler.rs b/src/agent/src/device/block_device_handler.rs +index d518f9d..8607751 100644 +--- a/src/agent/src/device/block_device_handler.rs ++++ b/src/agent/src/device/block_device_handler.rs +@@ -29,6 +29,7 @@ use tracing::instrument; + pub struct VirtioBlkPciDeviceHandler {} + + #[derive(Debug)] ++#[allow(dead_code)] + pub struct VirtioBlkCcwDeviceHandler {} + + #[derive(Debug)] +diff --git a/src/agent/src/storage/block_handler.rs b/src/agent/src/storage/block_handler.rs +index 251a4df..074efc3 100644 +--- a/src/agent/src/storage/block_handler.rs ++++ b/src/agent/src/storage/block_handler.rs +@@ -94,6 +94,7 @@ impl StorageHandler for VirtioBlkPciHandler { + } + + #[derive(Debug)] ++#[allow(dead_code)] + pub struct VirtioBlkCcwHandler {} + + #[async_trait::async_trait] +diff --git a/src/libs/kata-types/src/utils/u32_set.rs b/src/libs/kata-types/src/utils/u32_set.rs +index 44c55a1..837e7a0 100644 +--- a/src/libs/kata-types/src/utils/u32_set.rs ++++ b/src/libs/kata-types/src/utils/u32_set.rs +@@ -47,7 +47,7 @@ impl U32Set { + } + + /// Get an iterator over the CPU set. +- pub fn iter(&self) -> Iter { ++ pub fn iter(&self) -> Iter<'_, u32> { + self.0.iter() + } + } +-- +2.45.4 + diff --git a/SPECS/kata-containers/kata-containers.spec b/SPECS/kata-containers/kata-containers.spec index def885dcdb8..2aca704ccca 100644 --- a/SPECS/kata-containers/kata-containers.spec +++ b/SPECS/kata-containers/kata-containers.spec @@ -2,7 +2,7 @@ Name: kata-containers Version: 3.19.1.kata2 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Kata Containers package developed for Pod Sandboxing on AKS License: ASL 2.0 URL: https://github.com/microsoft/kata-containers @@ -10,6 +10,7 @@ Vendor: Microsoft Corporation Distribution: Azure Linux Source0: https://github.com/microsoft/kata-containers/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz Source1: %{name}-%{version}-cargo.tar.gz +Patch0: rust-1.90-fixes.patch BuildRequires: azurelinux-release BuildRequires: golang @@ -113,6 +114,10 @@ popd %{tools_pkg}/tools/osbuilder/node-builder/azure-linux/agent-install/usr/lib/systemd/system/kata-agent.service %changelog +* Wed Oct 15 2025 Kavya Sree Kaitepalli - 3.19.1.kata2-3 +- Bump release to rebuild with rust +- Add patch to suppress dead_code warnings and add explicit lifetime for U32Set iterator + * Thu Oct 09 2025 Saul Paredes - 3.19.1.kata2-2 - Enable build on aarch64 diff --git a/SPECS/kata-containers/rust-1.90-fixes.patch b/SPECS/kata-containers/rust-1.90-fixes.patch new file mode 100644 index 00000000000..ccc55438ab4 --- /dev/null +++ b/SPECS/kata-containers/rust-1.90-fixes.patch @@ -0,0 +1,51 @@ +From 40df9e0f016e4ce67e90e3e7f5b0ec87c5cb0a32 Mon Sep 17 00:00:00 2001 +From: Kavya Sree Kaitepalli +Date: Tue, 28 Oct 2025 17:39:43 +0000 +Subject: [PATCH] Suppress dead_code warnings and add explicit lifetime for U32Set iterator for Rust 1.90 + +--- + src/agent/src/device/block_device_handler.rs | 1 + + src/agent/src/storage/block_handler.rs | 1 + + src/libs/kata-types/src/utils/u32_set.rs | 2 +- + 3 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/agent/src/device/block_device_handler.rs b/src/agent/src/device/block_device_handler.rs +index d518f9d..8607751 100644 +--- a/src/agent/src/device/block_device_handler.rs ++++ b/src/agent/src/device/block_device_handler.rs +@@ -29,6 +29,7 @@ use tracing::instrument; + pub struct VirtioBlkPciDeviceHandler {} + + #[derive(Debug)] ++#[allow(dead_code)] + pub struct VirtioBlkCcwDeviceHandler {} + + #[derive(Debug)] +diff --git a/src/agent/src/storage/block_handler.rs b/src/agent/src/storage/block_handler.rs +index 251a4df..074efc3 100644 +--- a/src/agent/src/storage/block_handler.rs ++++ b/src/agent/src/storage/block_handler.rs +@@ -94,6 +94,7 @@ impl StorageHandler for VirtioBlkPciHandler { + } + + #[derive(Debug)] ++#[allow(dead_code)] + pub struct VirtioBlkCcwHandler {} + + #[async_trait::async_trait] +diff --git a/src/libs/kata-types/src/utils/u32_set.rs b/src/libs/kata-types/src/utils/u32_set.rs +index 44c55a1..837e7a0 100644 +--- a/src/libs/kata-types/src/utils/u32_set.rs ++++ b/src/libs/kata-types/src/utils/u32_set.rs +@@ -47,7 +47,7 @@ impl U32Set { + } + + /// Get an iterator over the CPU set. +- pub fn iter(&self) -> Iter { ++ pub fn iter(&self) -> Iter<'_, u32> { + self.0.iter() + } + } +-- +2.45.4 + diff --git a/SPECS/kernel-64k/config_aarch64 b/SPECS/kernel-64k/config_aarch64 index bfb275af2e0..571ac5d10ef 100644 --- a/SPECS/kernel-64k/config_aarch64 +++ b/SPECS/kernel-64k/config_aarch64 @@ -1232,7 +1232,7 @@ CONFIG_INET_DIAG=m CONFIG_INET_TCP_DIAG=m CONFIG_INET_UDP_DIAG=m # CONFIG_INET_RAW_DIAG is not set -# CONFIG_INET_DIAG_DESTROY is not set +CONFIG_INET_DIAG_DESTROY=y CONFIG_TCP_CONG_ADVANCED=y CONFIG_TCP_CONG_BIC=m CONFIG_TCP_CONG_CUBIC=y diff --git a/SPECS/kernel-64k/kernel-64k.signatures.json b/SPECS/kernel-64k/kernel-64k.signatures.json index fd45f8ba156..d839792e7c9 100644 --- a/SPECS/kernel-64k/kernel-64k.signatures.json +++ b/SPECS/kernel-64k/kernel-64k.signatures.json @@ -1,7 +1,7 @@ { "Signatures": { "azurelinux-ca-20230216.pem": "d545401163c75878319f01470455e6bc18a5968e39dd964323225e3fe308849b", - "config_aarch64": "6d2e88673d91554507a822cc3dcba16bb4b40ef068cb20d486769ae64734794a", + "config_aarch64": "ef77f961216e025b10001fa83cbadf4e558a25dce21125715e373b7b2d004277", "cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985", "cpupower.service": "b057fe9e5d0e8c36f485818286b80e3eba8ff66ff44797940e99b1fd5361bb98", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f", diff --git a/SPECS/kernel-64k/kernel-64k.spec b/SPECS/kernel-64k/kernel-64k.spec index a1e076b1410..2485593d7f2 100644 --- a/SPECS/kernel-64k/kernel-64k.spec +++ b/SPECS/kernel-64k/kernel-64k.spec @@ -27,7 +27,7 @@ Summary: Linux Kernel Name: kernel-64k Version: 6.6.119.3 -Release: 1%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -380,6 +380,12 @@ echo "initrd of kernel %{uname_r} removed" >&2 %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Fri Jan 16 2026 Rachel Menge - 6.6.119.3-3 +- Bump release to match kernel,kernel-ipe + +* Thu Jan 08 2026 Rachel Menge - 6.6.119.3-2 +- Enable CONFIG_INET_DIAG_DESTROY + * Tue Jan 06 2026 CBL-Mariner Servicing Account - 6.6.119.3-1 - Auto-upgrade to 6.6.119.3 diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec index 9b372c0240d..a46d570a7c3 100644 --- a/SPECS/kernel-headers/kernel-headers.spec +++ b/SPECS/kernel-headers/kernel-headers.spec @@ -14,7 +14,7 @@ Summary: Linux API header files Name: kernel-headers Version: 6.6.119.3 -Release: 1%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -75,6 +75,12 @@ done %endif %changelog +* Fri Jan 16 2026 Rachel Menge - 6.6.119.3-3 +- Bump release to match kernel,kernel-ipe + +* Thu Jan 08 2026 Rachel Menge - 6.6.119.3-2 +- Bump release to match kernel,kernel-ipe,kernel-64k + * Tue Jan 06 2026 CBL-Mariner Servicing Account - 6.6.119.3-1 - Auto-upgrade to 6.6.119.3 diff --git a/SPECS/kernel-mshv/config b/SPECS/kernel-mshv/config index 8e61f3743df..8b0c5b0d8a5 100644 --- a/SPECS/kernel-mshv/config +++ b/SPECS/kernel-mshv/config @@ -7379,6 +7379,7 @@ CONFIG_RING_BUFFER=y CONFIG_EVENT_TRACING=y CONFIG_CONTEXT_SWITCH_TRACER=y CONFIG_TRACING=y +CONFIG_GENERIC_TRACER=y CONFIG_TRACING_SUPPORT=y CONFIG_FTRACE=y # CONFIG_BOOTTIME_TRACING is not set @@ -7390,8 +7391,7 @@ CONFIG_FTRACE=y # CONFIG_OSNOISE_TRACER is not set # CONFIG_TIMERLAT_TRACER is not set # CONFIG_MMIOTRACE is not set -# CONFIG_ENABLE_DEFAULT_TRACERS is not set -# CONFIG_FTRACE_SYSCALLS is not set +CONFIG_FTRACE_SYSCALLS=y # CONFIG_TRACER_SNAPSHOT is not set CONFIG_BRANCH_PROFILE_NONE=y # CONFIG_PROFILE_ANNOTATED_BRANCHES is not set @@ -7410,6 +7410,7 @@ CONFIG_PROBE_EVENTS=y # CONFIG_TRACEPOINT_BENCHMARK is not set # CONFIG_RING_BUFFER_BENCHMARK is not set # CONFIG_TRACE_EVAL_MAP_FILE is not set +# CONFIG_FTRACE_STARTUP_TEST is not set # CONFIG_RING_BUFFER_STARTUP_TEST is not set # CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS is not set # CONFIG_PREEMPTIRQ_DELAY_TEST is not set diff --git a/SPECS/kernel-mshv/kernel-mshv.signatures.json b/SPECS/kernel-mshv/kernel-mshv.signatures.json index b13fe569715..66cc111c09a 100644 --- a/SPECS/kernel-mshv/kernel-mshv.signatures.json +++ b/SPECS/kernel-mshv/kernel-mshv.signatures.json @@ -3,7 +3,7 @@ "50_mariner_mshv.cfg": "12bf23f8857f893549933a20062ad2a69c3c654b87893e8dd3ce42f9329801c7", "50_mariner_mshv_menuentry": "5a46bb273be0e829fec4e1f498b1a11b59ded6e14d42a19be7da860c3f4c35be", "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0", - "config": "544925b5fdc925b8abcc44f497ac65c89381dfac8ee0a1ef6a178beab94cf879", + "config": "8ce3731fe06abb3fcf51942bb680ee425fac59de76818ac5491d53553550e2f5", "kernel-mshv-6.6.100.mshv1.tar.gz": "4ea7cd612712401f2537fdeb12ebb28373532c11f649ebcd1b7c5c39af839893", "config_aarch64": "a1ce617173428aa4c5b89ccfbe35705ed6dc53521b26590328a7a4f81aefb404" } diff --git a/SPECS/kernel-mshv/kernel-mshv.spec b/SPECS/kernel-mshv/kernel-mshv.spec index 480c9b9d23b..39617adf3cf 100644 --- a/SPECS/kernel-mshv/kernel-mshv.spec +++ b/SPECS/kernel-mshv/kernel-mshv.spec @@ -18,7 +18,7 @@ Summary: Mariner kernel that has MSHV Host support Name: kernel-mshv Version: 6.6.100.mshv1 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Group: Development/Tools Vendor: Microsoft Corporation @@ -267,6 +267,9 @@ echo "initrd of kernel %{uname_r} removed" >&2 %{_includedir}/perf/perf_dlfilter.h %changelog +* Mon Jan 06 2026 Roaa Sakr - 6.6.100.mshv1-3 +- Enable ftrace syscalls tracing support in kernel config + * Wed Oct 08 2025 Saul Paredes - 6.6.100.mshv1-2 - Enable build on aarch64 diff --git a/SPECS/kernel/config b/SPECS/kernel/config index 74c9b7cea4b..54f47c4b9eb 100644 --- a/SPECS/kernel/config +++ b/SPECS/kernel/config @@ -1170,7 +1170,7 @@ CONFIG_XFRM_OFFLOAD=y CONFIG_XFRM_ALGO=m CONFIG_XFRM_USER=m # CONFIG_XFRM_USER_COMPAT is not set -# CONFIG_XFRM_INTERFACE is not set +CONFIG_XFRM_INTERFACE=m CONFIG_XFRM_SUB_POLICY=y CONFIG_XFRM_MIGRATE=y CONFIG_XFRM_STATISTICS=y @@ -1220,7 +1220,7 @@ CONFIG_INET_DIAG=m CONFIG_INET_TCP_DIAG=m CONFIG_INET_UDP_DIAG=m # CONFIG_INET_RAW_DIAG is not set -# CONFIG_INET_DIAG_DESTROY is not set +CONFIG_INET_DIAG_DESTROY=y CONFIG_TCP_CONG_ADVANCED=y CONFIG_TCP_CONG_BIC=m CONFIG_TCP_CONG_CUBIC=y diff --git a/SPECS/kernel/config_aarch64 b/SPECS/kernel/config_aarch64 index 5a9ed8b62d4..32f4cf7313d 100644 --- a/SPECS/kernel/config_aarch64 +++ b/SPECS/kernel/config_aarch64 @@ -1231,7 +1231,7 @@ CONFIG_INET_DIAG=m CONFIG_INET_TCP_DIAG=m CONFIG_INET_UDP_DIAG=m # CONFIG_INET_RAW_DIAG is not set -# CONFIG_INET_DIAG_DESTROY is not set +CONFIG_INET_DIAG_DESTROY=y CONFIG_TCP_CONG_ADVANCED=y CONFIG_TCP_CONG_BIC=m CONFIG_TCP_CONG_CUBIC=y diff --git a/SPECS/kernel/kernel-uki.spec b/SPECS/kernel/kernel-uki.spec index 10cea4e07cb..84b1f73d786 100644 --- a/SPECS/kernel/kernel-uki.spec +++ b/SPECS/kernel/kernel-uki.spec @@ -13,7 +13,7 @@ Summary: Unified Kernel Image Name: kernel-uki Version: 6.6.119.3 -Release: 1%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -70,6 +70,12 @@ cp %{buildroot}/boot/vmlinuz-uki-%{kernelver}.efi %{buildroot}/boot/efi/EFI/Linu /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi %changelog +* Fri Jan 16 2026 Rachel Menge - 6.6.119.3-3 +- Bump release to match kernel,kernel-ipe + +* Thu Jan 08 2026 Rachel Menge - 6.6.119.3-2 +- Bump release to match kernel,kernel-ipe,kernel-64k + * Tue Jan 06 2026 CBL-Mariner Servicing Account - 6.6.119.3-1 - Auto-upgrade to 6.6.119.3 diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json index d02a8a96472..605622f8a67 100644 --- a/SPECS/kernel/kernel.signatures.json +++ b/SPECS/kernel/kernel.signatures.json @@ -1,8 +1,8 @@ { "Signatures": { "azurelinux-ca-20230216.pem": "d545401163c75878319f01470455e6bc18a5968e39dd964323225e3fe308849b", - "config": "4cf5c54b020b3af1f8b3af414359e7eba93cad0e505eb967a5d4b82e7e2ed9c9", - "config_aarch64": "13a66179d003e54d944683ec14768e73b0d6cd06a83d703f4b6a7f2b24f34334", + "config": "c5a9f5ed9cd1300d10dc5c353f29cf3c0d81f55a5bb1a7cc77b46e7480b834bf", + "config_aarch64": "afd473ab5c76245d5e4455b408a981865511a226a87146210cad12edc0c67865", "cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985", "cpupower.service": "b057fe9e5d0e8c36f485818286b80e3eba8ff66ff44797940e99b1fd5361bb98", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f", diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec index 3033b7a6594..09b74a06c3d 100644 --- a/SPECS/kernel/kernel.spec +++ b/SPECS/kernel/kernel.spec @@ -32,7 +32,7 @@ Summary: Linux Kernel Name: kernel Version: 6.6.119.3 -Release: 1%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -440,6 +440,12 @@ echo "initrd of kernel %{uname_r} removed" >&2 %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Fri Jan 16 2026 Rachel Menge - 6.6.119.3-3 +- Enable XFRM_INTERFACE + +* Thu Jan 08 2026 Rachel Menge - 6.6.119.3-2 +- Enable CONFIG_INET_DIAG_DESTROY + * Tue Jan 06 2026 CBL-Mariner Servicing Account - 6.6.119.3-1 - Auto-upgrade to 6.6.119.3 diff --git a/SPECS/libsodium/libsodium.signatures.json b/SPECS/libsodium/libsodium.signatures.json index 2b8574ad7d9..2b7f78bf9bc 100644 --- a/SPECS/libsodium/libsodium.signatures.json +++ b/SPECS/libsodium/libsodium.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "libsodium-1.0.19.tar.gz": "018d79fe0a045cca07331d37bd0cb57b2e838c51bc48fd837a1472e50068bbea" + "libsodium-1.0.19-final.tar.gz": "a8ee12ac57f8357dc9976ea76a4a32051fda2577494f10c20067fb5586f12e3b" } } \ No newline at end of file diff --git a/SPECS/libsodium/libsodium.spec b/SPECS/libsodium/libsodium.spec index 9c4d597ae42..cac95efca38 100644 --- a/SPECS/libsodium/libsodium.spec +++ b/SPECS/libsodium/libsodium.spec @@ -3,12 +3,12 @@ Summary: The Sodium crypto library Name: libsodium Version: 1.0.19 -Release: 1%{?dist} +Release: 2%{?dist} License: ISC Vendor: Microsoft Corporation Distribution: Azure Linux URL: https://libsodium.org/ -Source0: https://download.libsodium.org/%{name}/releases/%{name}-%{version}.tar.gz +Source0: https://github.com/jedisct1/%{name}/archive/refs/tags/%{version}-FINAL.tar.gz#/%{name}-%{version}-final.tar.gz BuildRequires: gcc BuildRequires: make @@ -34,7 +34,7 @@ This package contains libraries and header files for developing applications that use %{name} libraries. %prep -%autosetup -n %{name}-stable +%autosetup -p1 -n %{name}-%{version}-FINAL %build %configure \ @@ -68,6 +68,9 @@ find %{buildroot} -type f -name "*.a" -delete -print %changelog +* Tue Jan 06 2026 Kanishk Bansal - 1.0.19-2 +- Update to version 1.0.19-FINAL for CVE-2025-69277 + * Fri Feb 02 2024 Thien Trung Vuong - 1.0.19-1 - Update to version 1.0.19 - Update soname to 26 diff --git a/SPECS/libtasn1/CVE-2025-13151.patch b/SPECS/libtasn1/CVE-2025-13151.patch new file mode 100644 index 00000000000..53b69269634 --- /dev/null +++ b/SPECS/libtasn1/CVE-2025-13151.patch @@ -0,0 +1,41 @@ +From 19c67d35287ca30929e0f4353cdc1b89de1ae75e Mon Sep 17 00:00:00 2001 +From: AllSpark +Date: Mon, 12 Jan 2026 16:41:34 +0000 +Subject: [PATCH] Fix for CVE-2025-13151: prevent stack-based buffer overflow + in asn1_expand_octet_string; update NEWS + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: AI Backport of https://gitlab.com/gnutls/libtasn1/-/commit/d276cc495a2a32b182c3c39851f1ba58f2d9f9b8.patch +--- + NEWS | 1 + + lib/decoding.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/NEWS b/NEWS +index cbd09eb..2100e6f 100644 +--- a/NEWS ++++ b/NEWS +@@ -4,6 +4,7 @@ GNU Libtasn1 NEWS -*- outline -*- + - Clarify libtasn1.map license. Closes: #38. + - Fix ETYPE_OK out of bounds read. Closes: #32. + - Update gnulib files and various maintenance fixes. ++- Fix for vulnerbaility CVE-2025-13151 Stack-based buffer overflow + + * Noteworthy changes in release 4.18.0 (2021-11-09) [stable] + - Improve GTK-DOC manual. Closes: #35. +diff --git a/lib/decoding.c b/lib/decoding.c +index b9245c4..bc45138 100644 +--- a/lib/decoding.c ++++ b/lib/decoding.c +@@ -1976,7 +1976,7 @@ int + asn1_expand_octet_string (asn1_node_const definitions, asn1_node * element, + const char *octetName, const char *objectName) + { +- char name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE]; ++ char name[2 * ASN1_MAX_NAME_SIZE + 2], value[ASN1_MAX_NAME_SIZE]; + int retCode = ASN1_SUCCESS, result; + int len, len2, len3; + asn1_node_const p2; +-- +2.45.4 + diff --git a/SPECS/libtasn1/libtasn1.spec b/SPECS/libtasn1/libtasn1.spec index 9f924d84c2e..f73a3e1afae 100644 --- a/SPECS/libtasn1/libtasn1.spec +++ b/SPECS/libtasn1/libtasn1.spec @@ -1,7 +1,7 @@ Summary: ASN.1 library Name: libtasn1 Version: 4.19.0 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv3+ AND LGPLv2+ Vendor: Microsoft Corporation Distribution: Azure Linux @@ -9,6 +9,7 @@ Group: System Environment/Libraries URL: https://www.gnu.org/software/libtasn1/ Source0: https://ftp.gnu.org/gnu/libtasn1/%{name}-%{version}.tar.gz Patch0: CVE-2024-12133.patch +Patch1: CVE-2025-13151.patch Provides: libtasn1-tools = %{version}-%{release} %description @@ -58,7 +59,10 @@ make %{?_smp_mflags} check %{_mandir}/man3/* %changelog -* Fri Feb 21 2024 Ankita Pareek - 4.19.0-2 +* Mon Jan 12 2026 Azure Linux Security Servicing Account - 4.19.0-3 +- Patch for CVE-2025-13151 + +* Fri Feb 21 2025 Ankita Pareek - 4.19.0-2 - Address CVE-2024-12133 * Tue Oct 25 2022 Pawel Winogrodzki - 4.19.0-1 diff --git a/SPECS/libvirt/CVE-2025-12748.patch b/SPECS/libvirt/CVE-2025-12748.patch new file mode 100644 index 00000000000..16cbc3875fa --- /dev/null +++ b/SPECS/libvirt/CVE-2025-12748.patch @@ -0,0 +1,1327 @@ +From 42813e33416a8b4c052829bea5e8a938a7ba9eca Mon Sep 17 00:00:00 2001 +From: Marc Deslauriers +Date: Mon, 8 Dec 2025 10:52:22 -0500 + +Subject: [PATCH] Pre-requisite for CVE-2025-12748 + +Upstream Patch reference: +1. https://git.launchpad.net/ubuntu/+source/libvirt/patch/?id=42813e33416a8b4c052829bea5e8a938a7ba9eca +2. https://git.launchpad.net/ubuntu/+source/libvirt/patch/?id=d7d1c76f23d767698ce0838ec4eddf1b214c4bbf +3. https://git.launchpad.net/ubuntu/+source/libvirt/patch/?id=1991519ee70ae620312e808c5bfd1bc296208431 +--- + src/qemu/qemu_driver.c | 46 ++++--- + src/qemu/qemu_saveimage.c | 268 +++++++++++++++++++++++--------------- + src/qemu/qemu_saveimage.h | 21 ++- + src/qemu/qemu_snapshot.c | 9 +- + 4 files changed, 207 insertions(+), 137 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index 448e6b1..c4b0128 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -5757,9 +5757,12 @@ qemuDomainRestoreInternal(virConnectPtr conn, + if (flags & VIR_DOMAIN_SAVE_RESET_NVRAM) + reset_nvram = true; + +- fd = qemuSaveImageOpen(driver, NULL, path, &def, &data, ++ if (qemuSaveImageGetMetadata(driver, NULL, path, &def, &data) < 0) ++ goto cleanup; ++ ++ fd = qemuSaveImageOpen(driver, path, + (flags & VIR_DOMAIN_SAVE_BYPASS_CACHE) != 0, +- &wrapperFd, false, false); ++ &wrapperFd, false); + if (fd < 0) + goto cleanup; + +@@ -5888,15 +5891,11 @@ qemuDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *path, + virQEMUDriver *driver = conn->privateData; + char *ret = NULL; + g_autoptr(virDomainDef) def = NULL; +- int fd = -1; + virQEMUSaveData *data = NULL; + + virCheckFlags(VIR_DOMAIN_SAVE_IMAGE_XML_SECURE, NULL); + +- fd = qemuSaveImageOpen(driver, NULL, path, &def, &data, +- false, NULL, false, false); +- +- if (fd < 0) ++ if (qemuSaveImageGetMetadata(driver, NULL, path, &def, &data) < 0) + goto cleanup; + + if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0) +@@ -5906,7 +5905,6 @@ qemuDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *path, + + cleanup: + virQEMUSaveDataFree(data); +- VIR_FORCE_CLOSE(fd); + return ret; + } + +@@ -5930,9 +5928,10 @@ qemuDomainSaveImageDefineXML(virConnectPtr conn, const char *path, + else if (flags & VIR_DOMAIN_SAVE_PAUSED) + state = 0; + +- fd = qemuSaveImageOpen(driver, NULL, path, &def, &data, +- false, NULL, true, false); ++ if (qemuSaveImageGetMetadata(driver, NULL, path, &def, &data) < 0) ++ goto cleanup; + ++ fd = qemuSaveImageOpen(driver, path, 0, NULL, false); + if (fd < 0) + goto cleanup; + +@@ -5989,7 +5988,6 @@ qemuDomainManagedSaveGetXMLDesc(virDomainPtr dom, unsigned int flags) + g_autofree char *path = NULL; + char *ret = NULL; + g_autoptr(virDomainDef) def = NULL; +- int fd = -1; + virQEMUSaveData *data = NULL; + qemuDomainObjPrivate *priv; + +@@ -6011,15 +6009,13 @@ qemuDomainManagedSaveGetXMLDesc(virDomainPtr dom, unsigned int flags) + goto cleanup; + } + +- if ((fd = qemuSaveImageOpen(driver, priv->qemuCaps, path, &def, &data, +- false, NULL, false, false)) < 0) ++ if (qemuSaveImageGetMetadata(driver, priv->qemuCaps, path, &def, &data) < 0) + goto cleanup; + + ret = qemuDomainDefFormatXML(driver, priv->qemuCaps, def, flags); + + cleanup: + virQEMUSaveDataFree(data); +- VIR_FORCE_CLOSE(fd); + virDomainObjEndAPI(&vm); + return ret; + } +@@ -6075,14 +6071,26 @@ qemuDomainObjRestore(virConnectPtr conn, + virQEMUSaveData *data = NULL; + virFileWrapperFd *wrapperFd = NULL; + +- fd = qemuSaveImageOpen(driver, NULL, path, &def, &data, +- bypass_cache, &wrapperFd, false, true); +- if (fd < 0) { +- if (fd == -3) +- ret = 1; ++ ret = qemuSaveImageGetMetadata(driver, NULL, path, &def, &data); ++ if (ret < 0) { ++ if (qemuSaveImageIsCorrupt(driver, path)) { ++ if (unlink(path) < 0) { ++ virReportSystemError(errno, ++ _("cannot remove corrupt file: %1$s"), ++ path); ++ ret = -1; ++ } else { ++ virResetLastError(); ++ ret = 1; ++ } ++ } + goto cleanup; + } + ++ fd = qemuSaveImageOpen(driver, path, bypass_cache, &wrapperFd, false); ++ if (fd < 0) ++ goto cleanup; ++ + if (virHookPresent(VIR_HOOK_DRIVER_QEMU)) { + int hookret; + +diff --git a/src/qemu/qemu_saveimage.c b/src/qemu/qemu_saveimage.c +index 89112e3..db442a5 100644 +--- a/src/qemu/qemu_saveimage.c ++++ b/src/qemu/qemu_saveimage.c +@@ -247,6 +247,90 @@ qemuSaveImageGetCompressionCommand(virQEMUSaveFormat compression) + } + + ++static int ++qemuSaveImageReadHeader(int fd, virQEMUSaveData **ret_data) ++{ ++ g_autoptr(virQEMUSaveData) data = NULL; ++ virQEMUSaveHeader *header; ++ size_t xml_len; ++ size_t cookie_len; ++ ++ data = g_new0(virQEMUSaveData, 1); ++ header = &data->header; ++ if (saferead(fd, header, sizeof(*header)) != sizeof(*header)) { ++ virReportError(VIR_ERR_OPERATION_FAILED, ++ "%s", _("failed to read qemu header")); ++ return -1; ++ } ++ ++ if (memcmp(header->magic, QEMU_SAVE_MAGIC, sizeof(header->magic)) != 0) { ++ if (memcmp(header->magic, QEMU_SAVE_PARTIAL, sizeof(header->magic)) == 0) { ++ virReportError(VIR_ERR_OPERATION_FAILED, "%s", ++ _("save image is incomplete")); ++ return -1; ++ } ++ ++ virReportError(VIR_ERR_OPERATION_FAILED, "%s", ++ _("image magic is incorrect")); ++ return -1; ++ } ++ ++ if (header->version > QEMU_SAVE_VERSION) { ++ /* convert endianness and try again */ ++ qemuSaveImageBswapHeader(header); ++ } ++ ++ if (header->version > QEMU_SAVE_VERSION) { ++ virReportError(VIR_ERR_OPERATION_FAILED, ++ _("image version is not supported (%1$d > %2$d)"), ++ header->version, QEMU_SAVE_VERSION); ++ return -1; ++ } ++ ++ if (header->compressed >= QEMU_SAVE_FORMAT_LAST) { ++ virReportError(VIR_ERR_OPERATION_FAILED, ++ _("unsupported save image format: %1$d"), header->compressed); ++ return -1; ++ } ++ ++ if (header->data_len <= 0) { ++ virReportError(VIR_ERR_OPERATION_FAILED, ++ _("invalid header data length: %1$d"), header->data_len); ++ return -1; ++ } ++ ++ if (header->cookieOffset) ++ xml_len = header->cookieOffset; ++ else ++ xml_len = header->data_len; ++ ++ cookie_len = header->data_len - xml_len; ++ ++ data->xml = g_new0(char, xml_len); ++ ++ if (saferead(fd, data->xml, xml_len) != xml_len) { ++ virReportError(VIR_ERR_OPERATION_FAILED, ++ "%s", _("failed to read domain XML")); ++ return -1; ++ } ++ ++ if (cookie_len > 0) { ++ data->cookie = g_new0(char, cookie_len); ++ ++ if (saferead(fd, data->cookie, cookie_len) != cookie_len) { ++ virReportError(VIR_ERR_OPERATION_FAILED, "%s", ++ _("failed to read cookie")); ++ return -1; ++ } ++ } ++ ++ if (ret_data) ++ *ret_data = g_steal_pointer(&data); ++ ++ return 0; ++} ++ ++ + /** + * qemuSaveImageDecompressionStart: + * @data: data from memory state file +@@ -520,41 +604,99 @@ qemuSaveImageGetCompressionProgram(const char *imageFormat, + + + /** +- * qemuSaveImageOpen: ++ * qemuSaveImageIsCorrupt: ++ * @driver: qemu driver data ++ * @path: path of the save image ++ * ++ * Returns true if the save image file identified by @path does not exist or ++ * has a corrupt header. Returns false otherwise. ++ */ ++ ++bool ++qemuSaveImageIsCorrupt(virQEMUDriver *driver, const char *path) ++{ ++ g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); ++ VIR_AUTOCLOSE fd = -1; ++ virQEMUSaveHeader header; ++ ++ if ((fd = qemuDomainOpenFile(cfg, NULL, path, O_RDONLY, NULL)) < 0) ++ return true; ++ ++ if (saferead(fd, &header, sizeof(header)) != sizeof(header)) ++ return true; ++ ++ if (memcmp(header.magic, QEMU_SAVE_MAGIC, sizeof(header.magic)) != 0 || ++ memcmp(header.magic, QEMU_SAVE_PARTIAL, sizeof(header.magic)) == 0) ++ return true; ++ ++ return false; ++} ++ ++ ++/** ++ * qemuSaveImageGetMetadata: + * @driver: qemu driver data + * @qemuCaps: pointer to qemuCaps if the domain is running or NULL + * @path: path of the save image + * @ret_def: returns domain definition created from the XML stored in the image + * @ret_data: returns structure filled with data from the image header ++ * ++ * Open the save image file, read libvirt's save image metadata, and populate ++ * the @ret_def and @ret_data structures. Returns 0 on success and -1 on failure. ++ */ ++int ++qemuSaveImageGetMetadata(virQEMUDriver *driver, ++ virQEMUCaps *qemuCaps, ++ const char *path, ++ virDomainDef **ret_def, ++ virQEMUSaveData **ret_data) ++{ ++ g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); ++ VIR_AUTOCLOSE fd = -1; ++ virQEMUSaveData *data; ++ g_autoptr(virDomainDef) def = NULL; ++ int rc; ++ ++ if ((fd = qemuDomainOpenFile(cfg, NULL, path, O_RDONLY, NULL)) < 0) ++ return -1; ++ ++ if ((rc = qemuSaveImageReadHeader(fd, ret_data)) < 0) ++ return rc; ++ ++ data = *ret_data; ++ /* Create a domain from this XML */ ++ if (!(def = virDomainDefParseString(data->xml, driver->xmlopt, qemuCaps, ++ VIR_DOMAIN_DEF_PARSE_INACTIVE | ++ VIR_DOMAIN_DEF_PARSE_SKIP_VALIDATE))) ++ return -1; ++ ++ *ret_def = g_steal_pointer(&def); ++ ++ return 0; ++} ++ ++ ++/** ++ * qemuSaveImageOpen: ++ * @driver: qemu driver data ++ * @path: path of the save image + * @bypass_cache: bypass cache when opening the file + * @wrapperFd: returns the file wrapper structure + * @open_write: open the file for writing (for updates) +- * @unlink_corrupt: remove the image file if it is corrupted + * +- * Returns the opened fd of the save image file and fills the appropriate fields +- * on success. On error returns -1 on most failures, -3 if corrupt image was +- * unlinked (no error raised). ++ * Returns the opened fd of the save image file on success, -1 on failure. + */ + int + qemuSaveImageOpen(virQEMUDriver *driver, +- virQEMUCaps *qemuCaps, + const char *path, +- virDomainDef **ret_def, +- virQEMUSaveData **ret_data, + bool bypass_cache, + virFileWrapperFd **wrapperFd, +- bool open_write, +- bool unlink_corrupt) ++ bool open_write) + { + g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); + VIR_AUTOCLOSE fd = -1; + int ret = -1; +- g_autoptr(virQEMUSaveData) data = NULL; +- virQEMUSaveHeader *header; +- g_autoptr(virDomainDef) def = NULL; + int oflags = open_write ? O_RDWR : O_RDONLY; +- size_t xml_len; +- size_t cookie_len; + + if (bypass_cache) { + int directFlag = virFileDirectFdFlag(); +@@ -574,100 +716,10 @@ qemuSaveImageOpen(virQEMUDriver *driver, + VIR_FILE_WRAPPER_BYPASS_CACHE))) + return -1; + +- data = g_new0(virQEMUSaveData, 1); +- +- header = &data->header; +- if (saferead(fd, header, sizeof(*header)) != sizeof(*header)) { +- if (unlink_corrupt) { +- if (unlink(path) < 0) { +- virReportSystemError(errno, +- _("cannot remove corrupt file: %1$s"), +- path); +- return -1; +- } else { +- return -3; +- } +- } +- +- virReportError(VIR_ERR_OPERATION_FAILED, +- "%s", _("failed to read qemu header")); ++ /* Read the header to position the file pointer for QEMU. Unfortunately we ++ * can't use lseek with virFileWrapperFD. */ ++ if (qemuSaveImageReadHeader(fd, NULL) < 0) + return -1; +- } +- +- if (memcmp(header->magic, QEMU_SAVE_MAGIC, sizeof(header->magic)) != 0) { +- if (memcmp(header->magic, QEMU_SAVE_PARTIAL, sizeof(header->magic)) == 0) { +- if (unlink_corrupt) { +- if (unlink(path) < 0) { +- virReportSystemError(errno, +- _("cannot remove corrupt file: %1$s"), +- path); +- return -1; +- } else { +- return -3; +- } +- } +- +- virReportError(VIR_ERR_OPERATION_FAILED, "%s", +- _("save image is incomplete")); +- return -1; +- } +- +- virReportError(VIR_ERR_OPERATION_FAILED, "%s", +- _("image magic is incorrect")); +- return -1; +- } +- +- if (header->version > QEMU_SAVE_VERSION) { +- /* convert endianness and try again */ +- qemuSaveImageBswapHeader(header); +- } +- +- if (header->version > QEMU_SAVE_VERSION) { +- virReportError(VIR_ERR_OPERATION_FAILED, +- _("image version is not supported (%1$d > %2$d)"), +- header->version, QEMU_SAVE_VERSION); +- return -1; +- } +- +- if (header->data_len <= 0) { +- virReportError(VIR_ERR_OPERATION_FAILED, +- _("invalid header data length: %1$d"), header->data_len); +- return -1; +- } +- +- if (header->cookieOffset) +- xml_len = header->cookieOffset; +- else +- xml_len = header->data_len; +- +- cookie_len = header->data_len - xml_len; +- +- data->xml = g_new0(char, xml_len); +- +- if (saferead(fd, data->xml, xml_len) != xml_len) { +- virReportError(VIR_ERR_OPERATION_FAILED, +- "%s", _("failed to read domain XML")); +- return -1; +- } +- +- if (cookie_len > 0) { +- data->cookie = g_new0(char, cookie_len); +- +- if (saferead(fd, data->cookie, cookie_len) != cookie_len) { +- virReportError(VIR_ERR_OPERATION_FAILED, "%s", +- _("failed to read cookie")); +- return -1; +- } +- } +- +- /* Create a domain from this XML */ +- if (!(def = virDomainDefParseString(data->xml, driver->xmlopt, qemuCaps, +- VIR_DOMAIN_DEF_PARSE_INACTIVE | +- VIR_DOMAIN_DEF_PARSE_SKIP_VALIDATE))) +- return -1; +- +- *ret_def = g_steal_pointer(&def); +- *ret_data = g_steal_pointer(&data); + + ret = fd; + fd = -1; +diff --git a/src/qemu/qemu_saveimage.h b/src/qemu/qemu_saveimage.h +index e541792..8859fab 100644 +--- a/src/qemu/qemu_saveimage.h ++++ b/src/qemu/qemu_saveimage.h +@@ -69,17 +69,26 @@ qemuSaveImageStartVM(virConnectPtr conn, + virDomainAsyncJob asyncJob) + ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5) ATTRIBUTE_NONNULL(6); + ++bool ++qemuSaveImageIsCorrupt(virQEMUDriver *driver, ++ const char *path) ++ ATTRIBUTE_NONNULL(2); ++ ++int ++qemuSaveImageGetMetadata(virQEMUDriver *driver, ++ virQEMUCaps *qemuCaps, ++ const char *path, ++ virDomainDef **ret_def, ++ virQEMUSaveData **ret_data) ++ ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5); ++ + int + qemuSaveImageOpen(virQEMUDriver *driver, +- virQEMUCaps *qemuCaps, + const char *path, +- virDomainDef **ret_def, +- virQEMUSaveData **ret_data, + bool bypass_cache, + virFileWrapperFd **wrapperFd, +- bool open_write, +- bool unlink_corrupt) +- ATTRIBUTE_NONNULL(3) ATTRIBUTE_NONNULL(4); ++ bool open_write) ++ ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(4); + + int + qemuSaveImageGetCompressionProgram(const char *imageFormat, +diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c +index 9819448..a1f1f32 100644 +--- a/src/qemu/qemu_snapshot.c ++++ b/src/qemu/qemu_snapshot.c +@@ -2083,11 +2083,12 @@ qemuSnapshotRevertExternalPrepare(virDomainObj *vm, + g_autoptr(virDomainDef) savedef = NULL; + + memdata->path = snapdef->memorysnapshotfile; +- memdata->fd = qemuSaveImageOpen(driver, NULL, memdata->path, +- &savedef, &memdata->data, +- false, NULL, +- false, false); ++ if (qemuSaveImageGetMetadata(driver, NULL, memdata->path, &savedef, ++ &memdata->data) < 0) ++ return -1; + ++ memdata->fd = qemuSaveImageOpen(driver, memdata->path, ++ false, NULL, false); + if (memdata->fd < 0) + return -1; + +-- +2.43.0 + +From 4ceddd072ab794135b59364cb95386ef70b51b92 Mon Sep 17 00:00:00 2001 +From: Marc Deslauriers +Date: Mon, 8 Dec 2025 10:52:22 -0500 +Subject: [PATCH 1/8] conf: Add virDomainDefIDsParseString + +Upstream Patch reference: +1. https://git.launchpad.net/ubuntu/+source/libvirt/patch/?id=4ceddd072ab794135b59364cb95386ef70b51b92 +2. https://git.launchpad.net/ubuntu/+source/libvirt/patch/?id=97a53db9756cbc880ed3f4dc054e9a15690a2176 +3. https://git.launchpad.net/ubuntu/+source/libvirt/patch/?id=1b8d1bd4b10e8eaa9a247487d709440ebba014ed +4. https://git.launchpad.net/ubuntu/+source/libvirt/patch/?id=7a62099efb32ca270e1808fead3263569b81eeea +5. https://git.launchpad.net/ubuntu/+source/libvirt/patch/?id=b4b37eb7ae3296c8b8520b5ad5e4cbce4dbcb8ca +6. https://git.launchpad.net/ubuntu/+source/libvirt/patch/?id=8928cf500e1a94b6f78bc5b1840fa300f18406dd +7. https://git.launchpad.net/ubuntu/+source/libvirt/patch/?id=e8e0d3ce28a0856c14d1fe3d2b5977f164938b9a +8. https://git.launchpad.net/ubuntu/+source/libvirt/patch/?id=6ab6e8705128808aa90b9281bcf046a8cf61dbba + +--- + src/conf/domain_conf.c | 29 +++++++++++++++++++++++++++++ + src/conf/domain_conf.h | 3 +++ + src/libvirt_private.syms | 1 + + 3 files changed, 33 insertions(+) + +diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c +index 5d55d2a..8726161 100644 +--- a/src/conf/domain_conf.c ++++ b/src/conf/domain_conf.c +@@ -19626,6 +19626,35 @@ virDomainDefParse(const char *xmlStr, + return virDomainDefParseNode(ctxt, xmlopt, parseOpaque, flags); + } + ++virDomainDef * ++virDomainDefIDsParseString(const char *xmlStr, ++ virDomainXMLOption *xmlopt, ++ unsigned int flags) ++{ ++ g_autoptr(virDomainDef) def = NULL; ++ g_autoptr(xmlDoc) xml = NULL; ++ g_autoptr(xmlXPathContext) ctxt = NULL; ++ bool uuid_generated = false; ++ ++ xml = virXMLParseWithIndent(NULL, xmlStr, _("(domain_definition)"), ++ "domain", &ctxt, "domain.rng", false); ++ ++ if (!xml) ++ return NULL; ++ ++ def = virDomainDefNew(xmlopt); ++ if (!def) ++ return NULL; ++ ++ if (virDomainDefParseIDs(def, ctxt, flags, &uuid_generated) < 0) ++ return NULL; ++ ++ if (uuid_generated) ++ memset(def->uuid, 0, VIR_UUID_BUFLEN); ++ ++ return g_steal_pointer(&def); ++} ++ + virDomainDef * + virDomainDefParseString(const char *xmlStr, + virDomainXMLOption *xmlopt, +diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h +index d176bda..4073012 100644 +--- a/src/conf/domain_conf.h ++++ b/src/conf/domain_conf.h +@@ -3754,6 +3754,9 @@ virDomainDiskDef *virDomainDiskDefParse(const char *xmlStr, + virStorageSource *virDomainDiskDefParseSource(const char *xmlStr, + virDomainXMLOption *xmlopt, + unsigned int flags); ++virDomainDef * virDomainDefIDsParseString(const char *xmlStr, ++ virDomainXMLOption *xmlopt, ++ unsigned int flags); + virDomainDef *virDomainDefParseString(const char *xmlStr, + virDomainXMLOption *xmlopt, + void *parseOpaque, +diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms +index fc26109..a1ec464 100644 +--- a/src/libvirt_private.syms ++++ b/src/libvirt_private.syms +@@ -345,6 +345,7 @@ virDomainDefHasSpiceGraphics; + virDomainDefHasUSB; + virDomainDefHasVcpusOffline; + virDomainDefHasVDPANet; ++virDomainDefIDsParseString; + virDomainDefLifecycleActionAllowed; + virDomainDefMaybeAddController; + virDomainDefMaybeAddInput; +-- +2.43.0 + +From 97a53db9756cbc880ed3f4dc054e9a15690a2176 Mon Sep 17 00:00:00 2001 +From: Marc Deslauriers +Date: Mon, 8 Dec 2025 10:52:22 -0500 +Subject: [PATCH 2/8] bhyve: Check ACLs before parsing the whole domain XML + +--- + src/bhyve/bhyve_driver.c | 24 ++++++++++++++++++------ + 1 file changed, 18 insertions(+), 6 deletions(-) + +diff --git a/src/bhyve/bhyve_driver.c b/src/bhyve/bhyve_driver.c +index 4203b13..c48bca3 100644 +--- a/src/bhyve/bhyve_driver.c ++++ b/src/bhyve/bhyve_driver.c +@@ -505,6 +505,15 @@ bhyveDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flag + if (!caps) + return NULL; + ++ /* Avoid parsing the whole domain definition for ACL checks */ ++ if (!(def = virDomainDefIDsParseString(xml, provconn->xmlopt, parse_flags))) ++ return NULL; ++ ++ if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0) ++ return NULL; ++ ++ g_clear_pointer(&def, virDomainDefFree); ++ + if ((def = virDomainDefParseString(xml, privconn->xmlopt, + NULL, parse_flags)) == NULL) + goto cleanup; +@@ -512,9 +521,6 @@ bhyveDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flag + if (virXMLCheckIllegalChars("name", def->name, "\n") < 0) + goto cleanup; + +- if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0) +- goto cleanup; +- + if (bhyveDomainAssignAddresses(def, NULL) < 0) + goto cleanup; + +@@ -878,11 +884,17 @@ bhyveDomainCreateXML(virConnectPtr conn, + if (flags & VIR_DOMAIN_START_AUTODESTROY) + start_flags |= VIR_BHYVE_PROCESS_START_AUTODESTROY; + +- if ((def = virDomainDefParseString(xml, privconn->xmlopt, +- NULL, parse_flags)) == NULL) +- goto cleanup; ++ /* Avoid parsing the whole domain definition for ACL checks */ ++ if (!(def = virDomainDefIDsParseString(xml, provconn->xmlopt, parse_flags))) ++ return NULL; + + if (virDomainCreateXMLEnsureACL(conn, def) < 0) ++ return NULL; ++ ++ g_clear_pointer(&def, virDomainDefFree); ++ ++ if ((def = virDomainDefParseString(xml, privconn->xmlopt, ++ NULL, parse_flags)) == NULL) + goto cleanup; + + if (bhyveDomainAssignAddresses(def, NULL) < 0) +-- +2.43.0 + +From 1b8d1bd4b10e8eaa9a247487d709440ebba014ed Mon Sep 17 00:00:00 2001 +From: Marc Deslauriers +Date: Mon, 8 Dec 2025 10:52:22 -0500 +Subject: [PATCH 3/8] libxl: Check ACLs before parsing the whole domain XML + +--- + src/libxl/libxl_driver.c | 20 +++++++++++++++----- + 1 file changed, 15 insertions(+), 5 deletions(-) + +diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c +index 6c843b9..19f5090 100644 +--- a/src/libxl/libxl_driver.c ++++ b/src/libxl/libxl_driver.c +@@ -1036,13 +1036,18 @@ libxlDomainCreateXML(virConnectPtr conn, const char *xml, + if (flags & VIR_DOMAIN_START_VALIDATE) + parse_flags |= VIR_DOMAIN_DEF_PARSE_VALIDATE_SCHEMA; + +- if (!(def = virDomainDefParseString(xml, driver->xmlopt, +- NULL, parse_flags))) ++ if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags))) + goto cleanup; + + if (virDomainCreateXMLEnsureACL(conn, def) < 0) + goto cleanup; + ++ g_clear_pointer(&def, virDomainDefFree); ++ ++ if (!(def = virDomainDefParseString(xml, driver->xmlopt, ++ NULL, parse_flags))) ++ goto cleanup; ++ + if (!(vm = virDomainObjListAdd(driver->domains, &def, + driver->xmlopt, + VIR_DOMAIN_OBJ_LIST_ADD_LIVE | +@@ -2822,6 +2827,14 @@ libxlDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flag + if (flags & VIR_DOMAIN_DEFINE_VALIDATE) + parse_flags |= VIR_DOMAIN_DEF_PARSE_VALIDATE_SCHEMA; + ++ if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags))) ++ goto cleanup; ++ ++ if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0) ++ goto cleanup; ++ ++ g_clear_pointer(&def, virDomainDefFree); ++ + if (!(def = virDomainDefParseString(xml, driver->xmlopt, + NULL, parse_flags))) + goto cleanup; +@@ -2829,9 +2842,6 @@ libxlDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flag + if (virXMLCheckIllegalChars("name", def->name, "\n") < 0) + goto cleanup; + +- if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0) +- goto cleanup; +- + if (!(vm = virDomainObjListAdd(driver->domains, &def, + driver->xmlopt, + 0, +-- +2.43.0 + +From 7a62099efb32ca270e1808fead3263569b81eeea Mon Sep 17 00:00:00 2001 +From: akhila-guruju +Date: Thu, 15 Jan 2026 09:00:31 +0000 +Subject: [PATCH 4/8] lxc: Check ACLs before parsing the whole domain XML + +--- + src/lxc/lxc_driver.c | 22 +++++++++++++++++----- + 1 file changed, 17 insertions(+), 5 deletions(-) + +diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c +index c281998..e338624 100644 +--- a/src/lxc/lxc_driver.c ++++ b/src/lxc/lxc_driver.c +@@ -408,6 +408,15 @@ lxcDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags) + if (!(caps = virLXCDriverGetCapabilities(driver, false))) + goto cleanup; + ++ /* Avoid parsing the whole domain definition for ACL checks */ ++ if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags))) ++ goto cleanup; ++ ++ if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0) ++ goto cleanup; ++ ++ g_clear_pointer(&def, virDomainDefFree); ++ + if (!(def = virDomainDefParseString(xml, driver->xmlopt, + NULL, parse_flags))) + goto cleanup; +@@ -415,9 +424,6 @@ lxcDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags) + if (virXMLCheckIllegalChars("name", def->name, "\n") < 0) + goto cleanup; + +- if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0) +- goto cleanup; +- + if (virSecurityManagerVerify(driver->securityManager, def) < 0) + goto cleanup; + +@@ -1077,13 +1083,19 @@ lxcDomainCreateXMLWithFiles(virConnectPtr conn, + if (!(caps = virLXCDriverGetCapabilities(driver, false))) + goto cleanup; + +- if (!(def = virDomainDefParseString(xml, driver->xmlopt, +- NULL, parse_flags))) ++ /* Avoid parsing the whole domain definition for ACL checks */ ++ if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags))) + goto cleanup; + + if (virDomainCreateXMLWithFilesEnsureACL(conn, def) < 0) + goto cleanup; + ++ g_clear_pointer(&def, virDomainDefFree); ++ ++ if (!(def = virDomainDefParseString(xml, driver->xmlopt, ++ NULL, parse_flags))) ++ goto cleanup; ++ + if (virSecurityManagerVerify(driver->securityManager, def) < 0) + goto cleanup; + +-- +2.43.0 + +From b4b37eb7ae3296c8b8520b5ad5e4cbce4dbcb8ca Mon Sep 17 00:00:00 2001 +From: Marc Deslauriers +Date: Mon, 8 Dec 2025 10:52:22 -0500 +Subject: [PATCH 5/8] vz: Check ACLs before parsing the whole domain XML + +--- + src/vz/vz_driver.c | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c +index c7ceec2..1f8cad4 100644 +--- a/src/vz/vz_driver.c ++++ b/src/vz/vz_driver.c +@@ -795,6 +795,15 @@ vzDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags) + if (flags & VIR_DOMAIN_DEFINE_VALIDATE) + parse_flags |= VIR_DOMAIN_DEF_PARSE_VALIDATE_SCHEMA; + ++ /* Avoid parsing the whole domain definition for ACL checks */ ++ if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags))) ++ return NULL; ++ ++ if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0) ++ return NULL; ++ ++ g_clear_pointer(&def, virDomainDefFree); ++ + if ((def = virDomainDefParseString(xml, driver->xmlopt, + NULL, parse_flags)) == NULL) + goto cleanup; +@@ -802,9 +811,6 @@ vzDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags) + if (virXMLCheckIllegalChars("name", def->name, "\n") < 0) + goto cleanup; + +- if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0) +- goto cleanup; +- + dom = virDomainObjListFindByUUID(driver->domains, def->uuid); + if (dom == NULL) { + virResetLastError(); +@@ -2972,9 +2978,9 @@ vzDomainMigratePrepare3Params(virConnectPtr conn, + | VZ_MIGRATION_COOKIE_DOMAIN_NAME) < 0) + return -1; + +- if (!(def = virDomainDefParseString(dom_xml, driver->xmlopt, +- NULL, +- VIR_DOMAIN_DEF_PARSE_INACTIVE))) ++ /* Avoid parsing the whole domain definition for ACL checks */ ++ if (!(def = virDomainDefIDsParseString(dom_xml, driver->xmlopt, ++ VIR_DOMAIN_DEF_PARSE_INACTIVE))) + return -1; + + if (dname) { +-- +2.43.0 + +From 8928cf500e1a94b6f78bc5b1840fa300f18406dd Mon Sep 17 00:00:00 2001 +From: Marc Deslauriers +Date: Mon, 8 Dec 2025 10:52:22 -0500 +Subject: [PATCH 6/8] ch: Check ACLs before parsing the whole domain XML + +--- + src/ch/ch_driver.c | 23 +++++++++++++++++------ + 1 file changed, 17 insertions(+), 6 deletions(-) + +diff --git a/src/ch/ch_driver.c b/src/ch/ch_driver.c +index 96de504..722b74c 100644 +--- a/src/ch/ch_driver.c ++++ b/src/ch/ch_driver.c +@@ -202,14 +202,19 @@ chDomainCreateXML(virConnectPtr conn, + if (flags & VIR_DOMAIN_START_VALIDATE) + parse_flags |= VIR_DOMAIN_DEF_PARSE_VALIDATE_SCHEMA; + ++ /* Avoid parsing the whole domain definition for ACL checks */ ++ if (!(vmdef = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags))) ++ return NULL; ++ ++ if (virDomainCreateXMLEnsureACL(conn, vmdef) < 0) ++ return NULL; ++ ++ g_clear_pointer(&vmdef, virDomainDefFree); + + if ((vmdef = virDomainDefParseString(xml, driver->xmlopt, + NULL, parse_flags)) == NULL) + goto cleanup; + +- if (virDomainCreateXMLEnsureACL(conn, vmdef) < 0) +- goto cleanup; +- + if (!(vm = virDomainObjListAdd(driver->domains, + &vmdef, + driver->xmlopt, +@@ -284,6 +289,15 @@ chDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags) + if (flags & VIR_DOMAIN_START_VALIDATE) + parse_flags |= VIR_DOMAIN_DEF_PARSE_VALIDATE_SCHEMA; + ++ /* Avoid parsing the whole domain definition for ACL checks */ ++ if (!(vmdef = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags))) ++ return NULL; ++ ++ if (virDomainDefineXMLFlagsEnsureACL(conn, vmdef) < 0) ++ return NULL; ++ ++ g_clear_pointer(&vmdef, virDomainDefFree); ++ + if ((vmdef = virDomainDefParseString(xml, driver->xmlopt, + NULL, parse_flags)) == NULL) + goto cleanup; +@@ -291,9 +305,6 @@ chDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags) + if (virXMLCheckIllegalChars("name", vmdef->name, "\n") < 0) + goto cleanup; + +- if (virDomainDefineXMLFlagsEnsureACL(conn, vmdef) < 0) +- goto cleanup; +- + if (!(vm = virDomainObjListAdd(driver->domains, &vmdef, + driver->xmlopt, + 0, NULL))) +-- +2.43.0 + +From e8e0d3ce28a0856c14d1fe3d2b5977f164938b9a Mon Sep 17 00:00:00 2001 +From: Marc Deslauriers +Date: Mon, 8 Dec 2025 10:52:22 -0500 +Subject: [PATCH 7/8] qemu: Check ACLs before parsing the whole domain XML + +--- + src/qemu/qemu_driver.c | 90 ++++++++++++++++++++------------------- + src/qemu/qemu_migration.c | 24 ++++++++++- + src/qemu/qemu_migration.h | 4 +- + src/qemu/qemu_saveimage.c | 25 +++++++++-- + src/qemu/qemu_saveimage.h | 4 +- + src/qemu/qemu_snapshot.c | 4 +- + 6 files changed, 98 insertions(+), 53 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index c4b0128..ba83992 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -1604,11 +1604,17 @@ static virDomainPtr qemuDomainCreateXML(virConnectPtr conn, + if (flags & VIR_DOMAIN_START_RESET_NVRAM) + start_flags |= VIR_QEMU_PROCESS_START_RESET_NVRAM; + +- if (!(def = virDomainDefParseString(xml, driver->xmlopt, +- NULL, parse_flags))) +- goto cleanup; ++ /* Avoid parsing the whole domain definition for ACL checks */ ++ if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags))) ++ return NULL; + + if (virDomainCreateXMLEnsureACL(conn, def) < 0) ++ return NULL; ++ ++ g_clear_pointer(&def, virDomainDefFree); ++ ++ if (!(def = virDomainDefParseString(xml, driver->xmlopt, ++ NULL, parse_flags))) + goto cleanup; + + if (!(vm = virDomainObjListAdd(driver->domains, &def, +@@ -5757,7 +5763,7 @@ qemuDomainRestoreInternal(virConnectPtr conn, + if (flags & VIR_DOMAIN_SAVE_RESET_NVRAM) + reset_nvram = true; + +- if (qemuSaveImageGetMetadata(driver, NULL, path, &def, &data) < 0) ++ if (qemuSaveImageGetMetadata(driver, NULL, path, ensureACL, conn, &def, &data) < 0) + goto cleanup; + + fd = qemuSaveImageOpen(driver, path, +@@ -5766,9 +5772,6 @@ qemuDomainRestoreInternal(virConnectPtr conn, + if (fd < 0) + goto cleanup; + +- if (ensureACL(conn, def) < 0) +- goto cleanup; +- + if (virHookPresent(VIR_HOOK_DRIVER_QEMU)) { + int hookret; + +@@ -5895,10 +5898,9 @@ qemuDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *path, + + virCheckFlags(VIR_DOMAIN_SAVE_IMAGE_XML_SECURE, NULL); + +- if (qemuSaveImageGetMetadata(driver, NULL, path, &def, &data) < 0) +- goto cleanup; +- +- if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0) ++ if (qemuSaveImageGetMetadata(driver, NULL, path, ++ virDomainSaveImageGetXMLDescEnsureACL, ++ conn, &def, &data) < 0) + goto cleanup; + + ret = qemuDomainDefFormatXML(driver, NULL, def, flags); +@@ -5928,16 +5930,15 @@ qemuDomainSaveImageDefineXML(virConnectPtr conn, const char *path, + else if (flags & VIR_DOMAIN_SAVE_PAUSED) + state = 0; + +- if (qemuSaveImageGetMetadata(driver, NULL, path, &def, &data) < 0) ++ if (qemuSaveImageGetMetadata(driver, NULL, path, ++ virDomainSaveImageDefineXMLEnsureACL, ++ conn, &def, &data) < 0) + goto cleanup; + + fd = qemuSaveImageOpen(driver, path, 0, NULL, false); + if (fd < 0) + goto cleanup; + +- if (virDomainSaveImageDefineXMLEnsureACL(conn, def) < 0) +- goto cleanup; +- + if (STREQ(data->xml, dxml) && + (state < 0 || state == data->header.was_running)) { + /* no change to the XML */ +@@ -6009,7 +6010,8 @@ qemuDomainManagedSaveGetXMLDesc(virDomainPtr dom, unsigned int flags) + goto cleanup; + } + +- if (qemuSaveImageGetMetadata(driver, priv->qemuCaps, path, &def, &data) < 0) ++ if (qemuSaveImageGetMetadata(driver, priv->qemuCaps, path, ++ NULL, NULL, &def, &data) < 0) + goto cleanup; + + ret = qemuDomainDefFormatXML(driver, priv->qemuCaps, def, flags); +@@ -6071,7 +6073,7 @@ qemuDomainObjRestore(virConnectPtr conn, + virQEMUSaveData *data = NULL; + virFileWrapperFd *wrapperFd = NULL; + +- ret = qemuSaveImageGetMetadata(driver, NULL, path, &def, &data); ++ ret = qemuSaveImageGetMetadata(driver, NULL, path, NULL, NULL, &def, &data); + if (ret < 0) { + if (qemuSaveImageIsCorrupt(driver, path)) { + if (unlink(path) < 0) { +@@ -6419,6 +6421,15 @@ qemuDomainDefineXMLFlags(virConnectPtr conn, + if (flags & VIR_DOMAIN_DEFINE_VALIDATE) + parse_flags |= VIR_DOMAIN_DEF_PARSE_VALIDATE_SCHEMA; + ++ /* Avoid parsing the whole domain definition for ACL checks */ ++ if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags))) ++ return NULL; ++ ++ if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0) ++ return NULL; ++ ++ g_clear_pointer(&def, virDomainDefFree); ++ + if (!(def = virDomainDefParseString(xml, driver->xmlopt, + NULL, parse_flags))) + return NULL; +@@ -6426,9 +6437,6 @@ qemuDomainDefineXMLFlags(virConnectPtr conn, + if (virXMLCheckIllegalChars("name", def->name, "\n") < 0) + goto cleanup; + +- if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0) +- goto cleanup; +- + if (!(vm = virDomainObjListAdd(driver->domains, &def, + driver->xmlopt, + 0, &oldDef))) +@@ -10637,10 +10645,9 @@ qemuDomainMigratePrepareTunnel(virConnectPtr dconn, + return -1; + } + +- if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname))) +- return -1; +- +- if (virDomainMigratePrepareTunnelEnsureACL(dconn, def) < 0) ++ if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname, ++ dconn, ++ virDomainMigratePrepareTunnelEnsureACL))) + return -1; + + return qemuMigrationDstPrepareTunnel(driver, dconn, +@@ -10690,10 +10697,9 @@ qemuDomainMigratePrepare2(virConnectPtr dconn, + return -1; + } + +- if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname))) +- return -1; +- +- if (virDomainMigratePrepare2EnsureACL(dconn, def) < 0) ++ if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname, ++ dconn, ++ virDomainMigratePrepare2EnsureACL))) + return -1; + + /* Do not use cookies in v2 protocol, since the cookie +@@ -10912,10 +10918,9 @@ qemuDomainMigratePrepare3(virConnectPtr dconn, + QEMU_MIGRATION_DESTINATION))) + return -1; + +- if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname))) +- return -1; +- +- if (virDomainMigratePrepare3EnsureACL(dconn, def) < 0) ++ if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname, ++ dconn, ++ virDomainMigratePrepare3EnsureACL))) + return -1; + + return qemuMigrationDstPrepareDirect(driver, dconn, +@@ -11020,10 +11025,9 @@ qemuDomainMigratePrepare3Params(virConnectPtr dconn, + return -1; + } + +- if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname))) +- return -1; +- +- if (virDomainMigratePrepare3ParamsEnsureACL(dconn, def) < 0) ++ if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname, ++ dconn, ++ virDomainMigratePrepare3ParamsEnsureACL))) + return -1; + + return qemuMigrationDstPrepareDirect(driver, dconn, +@@ -11065,10 +11069,9 @@ qemuDomainMigratePrepareTunnel3(virConnectPtr dconn, + QEMU_MIGRATION_DESTINATION))) + return -1; + +- if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname))) +- return -1; +- +- if (virDomainMigratePrepareTunnel3EnsureACL(dconn, def) < 0) ++ if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname, ++ dconn, ++ virDomainMigratePrepareTunnel3EnsureACL))) + return -1; + + return qemuMigrationDstPrepareTunnel(driver, dconn, +@@ -11117,10 +11120,9 @@ qemuDomainMigratePrepareTunnel3Params(virConnectPtr dconn, + QEMU_MIGRATION_DESTINATION))) + return -1; + +- if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname))) +- return -1; +- +- if (virDomainMigratePrepareTunnel3ParamsEnsureACL(dconn, def) < 0) ++ if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname, ++ dconn, ++ virDomainMigratePrepareTunnel3ParamsEnsureACL))) + return -1; + + return qemuMigrationDstPrepareTunnel(driver, dconn, +diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c +index 25dc16a..e2bfb8a 100644 +--- a/src/qemu/qemu_migration.c ++++ b/src/qemu/qemu_migration.c +@@ -3850,7 +3850,9 @@ qemuMigrationAnyPrepareDef(virQEMUDriver *driver, + virQEMUCaps *qemuCaps, + const char *dom_xml, + const char *dname, +- char **origname) ++ char **origname, ++ virConnectPtr sconn, ++ int (*ensureACL)(virConnectPtr, virDomainDef *)) + { + virDomainDef *def; + char *name = NULL; +@@ -3861,6 +3863,24 @@ qemuMigrationAnyPrepareDef(virQEMUDriver *driver, + return NULL; + } + ++ if (ensureACL) { ++ g_autoptr(virDomainDef) aclDef = NULL; ++ ++ /* Avoid parsing the whole domain definition for ACL checks */ ++ if (!(aclDef = virDomainDefIDsParseString(dom_xml, driver->xmlopt, ++ VIR_DOMAIN_DEF_PARSE_INACTIVE))) ++ return NULL; ++ ++ if (dname) { ++ VIR_FREE(aclDef->name); ++ aclDef->name = g_strdup(dname); ++ } ++ ++ if (ensureACL(sconn, aclDef) < 0) { ++ return NULL; ++ } ++ } ++ + if (!(def = virDomainDefParseString(dom_xml, driver->xmlopt, + qemuCaps, + VIR_DOMAIN_DEF_PARSE_INACTIVE))) +@@ -4794,6 +4814,7 @@ qemuMigrationSrcRun(virQEMUDriver *driver, + if (!(persistDef = qemuMigrationAnyPrepareDef(driver, + priv->qemuCaps, + persist_xml, ++ NULL, NULL, + NULL, NULL))) + goto error; + } else if (xmlin) { +@@ -4803,6 +4824,7 @@ qemuMigrationSrcRun(virQEMUDriver *driver, + if (!(persistDef = qemuMigrationAnyPrepareDef(driver, + priv->qemuCaps, + xmlin, ++ NULL, NULL, + NULL, NULL))) + goto error; + } else { +diff --git a/src/qemu/qemu_migration.h b/src/qemu/qemu_migration.h +index ed62fd4..f43a96f 100644 +--- a/src/qemu/qemu_migration.h ++++ b/src/qemu/qemu_migration.h +@@ -131,7 +131,9 @@ qemuMigrationAnyPrepareDef(virQEMUDriver *driver, + virQEMUCaps *qemuCaps, + const char *dom_xml, + const char *dname, +- char **origname); ++ char **origname, ++ virConnectPtr sconn, ++ int (*ensureACL)(virConnectPtr, virDomainDef *)); + + int + qemuMigrationDstPrepareTunnel(virQEMUDriver *driver, +diff --git a/src/qemu/qemu_saveimage.c b/src/qemu/qemu_saveimage.c +index db442a5..469a210 100644 +--- a/src/qemu/qemu_saveimage.c ++++ b/src/qemu/qemu_saveimage.c +@@ -638,16 +638,21 @@ qemuSaveImageIsCorrupt(virQEMUDriver *driver, const char *path) + * @driver: qemu driver data + * @qemuCaps: pointer to qemuCaps if the domain is running or NULL + * @path: path of the save image ++ * @ensureACL: ACL callback to check against the definition or NULL ++ * @conn: parameter for the @ensureACL callback + * @ret_def: returns domain definition created from the XML stored in the image + * @ret_data: returns structure filled with data from the image header + * +- * Open the save image file, read libvirt's save image metadata, and populate +- * the @ret_def and @ret_data structures. Returns 0 on success and -1 on failure. ++ * Open the save image file, read libvirt's save image metadata, optionally ++ * check ACLs before parsing the whole domain definition and populate the ++ * @ret_def and @ret_data structures. Returns 0 on success and -1 on failure. + */ + int + qemuSaveImageGetMetadata(virQEMUDriver *driver, + virQEMUCaps *qemuCaps, + const char *path, ++ int (*ensureACL)(virConnectPtr, virDomainDef *), ++ virConnectPtr conn, + virDomainDef **ret_def, + virQEMUSaveData **ret_data) + { +@@ -655,6 +660,8 @@ qemuSaveImageGetMetadata(virQEMUDriver *driver, + VIR_AUTOCLOSE fd = -1; + virQEMUSaveData *data; + g_autoptr(virDomainDef) def = NULL; ++ unsigned int parse_flags = VIR_DOMAIN_DEF_PARSE_INACTIVE | ++ VIR_DOMAIN_DEF_PARSE_SKIP_VALIDATE; + int rc; + + if ((fd = qemuDomainOpenFile(cfg, NULL, path, O_RDONLY, NULL)) < 0) +@@ -664,10 +671,20 @@ qemuSaveImageGetMetadata(virQEMUDriver *driver, + return rc; + + data = *ret_data; ++ ++ if (ensureACL) { ++ /* Parse only the IDs for ACL checks */ ++ g_autoptr(virDomainDef) aclDef = virDomainDefIDsParseString(data->xml, ++ driver->xmlopt, ++ parse_flags); ++ ++ if (!aclDef || ensureACL(conn, aclDef) < 0) ++ return -1; ++ } ++ + /* Create a domain from this XML */ + if (!(def = virDomainDefParseString(data->xml, driver->xmlopt, qemuCaps, +- VIR_DOMAIN_DEF_PARSE_INACTIVE | +- VIR_DOMAIN_DEF_PARSE_SKIP_VALIDATE))) ++ parse_flags))) + return -1; + + *ret_def = g_steal_pointer(&def); +diff --git a/src/qemu/qemu_saveimage.h b/src/qemu/qemu_saveimage.h +index 8859fab..d02f5ea 100644 +--- a/src/qemu/qemu_saveimage.h ++++ b/src/qemu/qemu_saveimage.h +@@ -78,9 +78,11 @@ int + qemuSaveImageGetMetadata(virQEMUDriver *driver, + virQEMUCaps *qemuCaps, + const char *path, ++ int (*ensureACL)(virConnectPtr, virDomainDef *), ++ virConnectPtr conn, + virDomainDef **ret_def, + virQEMUSaveData **ret_data) +- ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5); ++ ATTRIBUTE_NONNULL(6) ATTRIBUTE_NONNULL(7); + + int + qemuSaveImageOpen(virQEMUDriver *driver, +diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c +index a1f1f32..eab22b7 100644 +--- a/src/qemu/qemu_snapshot.c ++++ b/src/qemu/qemu_snapshot.c +@@ -2083,8 +2083,8 @@ qemuSnapshotRevertExternalPrepare(virDomainObj *vm, + g_autoptr(virDomainDef) savedef = NULL; + + memdata->path = snapdef->memorysnapshotfile; +- if (qemuSaveImageGetMetadata(driver, NULL, memdata->path, &savedef, +- &memdata->data) < 0) ++ if (qemuSaveImageGetMetadata(driver, NULL, memdata->path, NULL, NULL, ++ &savedef, &memdata->data) < 0) + return -1; + + memdata->fd = qemuSaveImageOpen(driver, memdata->path, +-- +2.43.0 + +From 6ab6e8705128808aa90b9281bcf046a8cf61dbba Mon Sep 17 00:00:00 2001 +From: Marc Deslauriers +Date: Mon, 8 Dec 2025 10:52:22 -0500 +Subject: [PATCH 8/8] bhyve: s/provconn/privcon/ + +--- + src/bhyve/bhyve_driver.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/bhyve/bhyve_driver.c b/src/bhyve/bhyve_driver.c +index c48bca3..2a7e3eb 100644 +--- a/src/bhyve/bhyve_driver.c ++++ b/src/bhyve/bhyve_driver.c +@@ -506,7 +506,7 @@ bhyveDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flag + return NULL; + + /* Avoid parsing the whole domain definition for ACL checks */ +- if (!(def = virDomainDefIDsParseString(xml, provconn->xmlopt, parse_flags))) ++ if (!(def = virDomainDefIDsParseString(xml, privconn->xmlopt, parse_flags))) + return NULL; + + if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0) +@@ -885,7 +885,7 @@ bhyveDomainCreateXML(virConnectPtr conn, + start_flags |= VIR_BHYVE_PROCESS_START_AUTODESTROY; + + /* Avoid parsing the whole domain definition for ACL checks */ +- if (!(def = virDomainDefIDsParseString(xml, provconn->xmlopt, parse_flags))) ++ if (!(def = virDomainDefIDsParseString(xml, privconn->xmlopt, parse_flags))) + return NULL; + + if (virDomainCreateXMLEnsureACL(conn, def) < 0) +-- +2.43.0 + + diff --git a/SPECS/libvirt/libvirt.spec b/SPECS/libvirt/libvirt.spec index a943ce7e76d..f6a1c5b845d 100644 --- a/SPECS/libvirt/libvirt.spec +++ b/SPECS/libvirt/libvirt.spec @@ -185,7 +185,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 10.0.0 -Release: 6%{?dist} +Release: 7%{?dist} License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -200,6 +200,7 @@ Patch1: CVE-2024-1441.patch Patch2: CVE-2024-2494.patch Patch3: CVE-2024-4418.patch Patch4: CVE-2025-13193.patch +Patch5: CVE-2025-12748.patch Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon-config-network = %{version}-%{release} @@ -2190,6 +2191,9 @@ exit 0 %endif %changelog +* Thu Jan 15 2026 Akhila Guruju - 10.0.0-7 +- Patch CVE-2025-12748 + * Fri Nov 21 2025 Azure Linux Security Servicing Account - 10.0.0-6 - Patch for CVE-2025-13193 diff --git a/SPECS/libxml2/CVE-2025-7425.patch b/SPECS/libxml2/CVE-2025-7425.patch new file mode 100644 index 00000000000..4133c5d5adf --- /dev/null +++ b/SPECS/libxml2/CVE-2025-7425.patch @@ -0,0 +1,798 @@ +From b7d2ad6e1b376c10edffcb0973485c861dc89559 Mon Sep 17 00:00:00 2001 +From: David Kilzer +Date: Mon, 23 Jun 2025 14:41:56 -0700 +Subject: [PATCH] libxslt: heap-use-after-free in xmlFreeID caused by `atype` + corruption + +* include/libxml/tree.h: +(XML_ATTR_CLEAR_ATYPE): Add. +(XML_ATTR_GET_ATYPE): Add. +(XML_ATTR_SET_ATYPE): Add. +(XML_NODE_ADD_EXTRA): Add. +(XML_NODE_CLEAR_EXTRA): Add. +(XML_NODE_GET_EXTRA): Add. +(XML_NODE_SET_EXTRA): Add. +(XML_DOC_ADD_PROPERTIES): Add. +(XML_DOC_CLEAR_PROPERTIES): Add. +(XML_DOC_GET_PROPERTIES): Add. +(XML_DOC_SET_PROPERTIES): Add. +- Add macros for accessing fields with upper bits that may be set by + libxslt. + +* HTMLparser.c: +(htmlNewDocNoDtD): +* SAX2.c: +(xmlSAX2StartDocument): +(xmlSAX2EndDocument): +* parser.c: +(xmlParseEntityDecl): +(xmlParseExternalSubset): +(xmlParseReference): +(xmlCtxtParseDtd): +* runxmlconf.c: +(xmlconfTestInvalid): +(xmlconfTestValid): +* tree.c: +(xmlNewDoc): +(xmlFreeProp): +(xmlNodeSetDoc): +(xmlSetNsProp): +(xmlDOMWrapAdoptBranch): +* valid.c: +(xmlFreeID): +(xmlAddIDInternal): +(xmlValidateAttributeValueInternal): +(xmlValidateOneAttribute): +(xmlValidateRef): +* xmlreader.c: +(xmlTextReaderStartElement): +(xmlTextReaderStartElementNs): +(xmlTextReaderValidateEntity): +(xmlTextReaderRead): +(xmlTextReaderNext): +(xmlTextReaderIsEmptyElement): +(xmlTextReaderPreserve): +* xmlschemas.c: +(xmlSchemaPValAttrNodeID): +* xmlschemastypes.c: +(xmlSchemaValAtomicType): +- Adopt macros by renaming the struct fields, recompiling and fixing + compiler failures, then changing the struct field names back. + +Upstream patch reference: https://gitlab.gnome.org/-/project/1762/uploads/302ecfda701895ebd0fa438a66d1a7a4/gnome-libxslt-bug-140-apple-fix.diff +--- + HTMLparser.c | 2 +- + SAX2.c | 6 ++-- + include/libxml/tree.h | 14 ++++++++- + parser.c | 8 ++--- + runxmlconf.c | 4 +-- + tree.c | 20 ++++++------- + valid.c | 68 +++++++++++++++++++++---------------------- + xmlreader.c | 30 +++++++++---------- + xmlschemas.c | 4 +-- + xmlschemastypes.c | 12 ++++---- + 10 files changed, 90 insertions(+), 78 deletions(-) + +diff --git a/HTMLparser.c b/HTMLparser.c +index abcdfe2..6781b43 100644 +--- a/HTMLparser.c ++++ b/HTMLparser.c +@@ -2489,7 +2489,7 @@ htmlNewDocNoDtD(const xmlChar *URI, const xmlChar *ExternalID) { + cur->refs = NULL; + cur->_private = NULL; + cur->charset = XML_CHAR_ENCODING_UTF8; +- cur->properties = XML_DOC_HTML | XML_DOC_USERBUILT; ++ XML_DOC_SET_PROPERTIES(cur, XML_DOC_HTML | XML_DOC_USERBUILT); + if ((ExternalID != NULL) || + (URI != NULL)) + xmlCreateIntSubset(cur, BAD_CAST "html", ExternalID, URI); +diff --git a/SAX2.c b/SAX2.c +index b6be1a6..1a520a6 100644 +--- a/SAX2.c ++++ b/SAX2.c +@@ -973,7 +973,7 @@ xmlSAX2StartDocument(void *ctx) + xmlSAX2ErrMemory(ctxt, "xmlSAX2StartDocument"); + return; + } +- ctxt->myDoc->properties = XML_DOC_HTML; ++ XML_DOC_SET_PROPERTIES(ctxt->myDoc, XML_DOC_HTML); + ctxt->myDoc->parseFlags = ctxt->options; + #else + xmlGenericError(xmlGenericErrorContext, +@@ -986,9 +986,9 @@ xmlSAX2StartDocument(void *ctx) + } else { + doc = ctxt->myDoc = xmlNewDoc(ctxt->version); + if (doc != NULL) { +- doc->properties = 0; ++ XML_DOC_CLEAR_PROPERTIES(doc); + if (ctxt->options & XML_PARSE_OLD10) +- doc->properties |= XML_DOC_OLD10; ++ XML_DOC_ADD_PROPERTIES(doc, XML_DOC_OLD10); + doc->parseFlags = ctxt->options; + if (ctxt->encoding != NULL) + doc->encoding = xmlStrdup(ctxt->encoding); +diff --git a/include/libxml/tree.h b/include/libxml/tree.h +index b498966..93f7e31 100644 +--- a/include/libxml/tree.h ++++ b/include/libxml/tree.h +@@ -367,7 +367,6 @@ struct _xmlElement { + #endif + }; + +- + /** + * XML_LOCAL_NAMESPACE: + * +@@ -448,6 +447,10 @@ struct _xmlAttr { + void *psvi; /* for type/PSVI information */ + }; + ++#define XML_ATTR_CLEAR_ATYPE(attr) (((attr)->atype) = 0) ++#define XML_ATTR_GET_ATYPE(attr) (((attr)->atype) & ~(15U << 27)) ++#define XML_ATTR_SET_ATYPE(attr, type) ((attr)->atype = ((((attr)->atype) & (15U << 27)) | ((type) & ~(15U << 27)))) ++ + /** + * xmlID: + * +@@ -509,6 +512,11 @@ struct _xmlNode { + unsigned short extra; /* extra data for XPath/XSLT */ + }; + ++#define XML_NODE_ADD_EXTRA(node, type) ((node)->extra |= ((type) & ~(15U << 12))) ++#define XML_NODE_CLEAR_EXTRA(node) (((node)->extra) = 0) ++#define XML_NODE_GET_EXTRA(node) (((node)->extra) & ~(15U << 12)) ++#define XML_NODE_SET_EXTRA(node, type) ((node)->extra = ((((node)->extra) & (15U << 12)) | ((type) & ~(15U << 12)))) ++ + /** + * XML_GET_CONTENT: + * +@@ -587,6 +595,10 @@ struct _xmlDoc { + set at the end of parsing */ + }; + ++#define XML_DOC_ADD_PROPERTIES(doc, type) ((doc)->properties |= ((type) & ~(15U << 27))) ++#define XML_DOC_CLEAR_PROPERTIES(doc) (((doc)->properties) = 0) ++#define XML_DOC_GET_PROPERTIES(doc) (((doc)->properties) & ~(15U << 27)) ++#define XML_DOC_SET_PROPERTIES(doc, type) ((doc)->properties = ((((doc)->properties) & (15U << 27)) | ((type) & ~(15U << 27)))) + + typedef struct _xmlDOMWrapCtxt xmlDOMWrapCtxt; + typedef xmlDOMWrapCtxt *xmlDOMWrapCtxtPtr; +diff --git a/parser.c b/parser.c +index d3f30b2..9a259a1 100644 +--- a/parser.c ++++ b/parser.c +@@ -5489,7 +5489,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) { + xmlErrMemory(ctxt, "New Doc failed"); + goto done; + } +- ctxt->myDoc->properties = XML_DOC_INTERNAL; ++ XML_DOC_SET_PROPERTIES(ctxt->myDoc, XML_DOC_INTERNAL); + } + if (ctxt->myDoc->intSubset == NULL) + ctxt->myDoc->intSubset = xmlNewDtd(ctxt->myDoc, +@@ -5560,7 +5560,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) { + xmlErrMemory(ctxt, "New Doc failed"); + goto done; + } +- ctxt->myDoc->properties = XML_DOC_INTERNAL; ++ XML_DOC_SET_PROPERTIES(ctxt->myDoc, XML_DOC_INTERNAL); + } + + if (ctxt->myDoc->intSubset == NULL) +@@ -7022,7 +7022,7 @@ xmlParseExternalSubset(xmlParserCtxtPtr ctxt, const xmlChar *ExternalID, + xmlErrMemory(ctxt, "New Doc failed"); + return; + } +- ctxt->myDoc->properties = XML_DOC_INTERNAL; ++ XML_DOC_SET_PROPERTIES(ctxt->myDoc, XML_DOC_INTERNAL); + } + if ((ctxt->myDoc != NULL) && (ctxt->myDoc->intSubset == NULL)) + xmlCreateIntSubset(ctxt->myDoc, NULL, ExternalID, SystemID); +@@ -7405,7 +7405,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) { + (nw != NULL) && + (nw->type == XML_ELEMENT_NODE) && + (nw->children == NULL)) +- nw->extra = 1; ++ XML_NODE_SET_EXTRA(nw, 1); + + break; + } +diff --git a/runxmlconf.c b/runxmlconf.c +index 8df9df1..1356c84 100644 +--- a/runxmlconf.c ++++ b/runxmlconf.c +@@ -192,7 +192,7 @@ xmlconfTestInvalid(const char *id, const char *filename, int options) { + id, filename); + } else { + /* invalidity should be reported both in the context and in the document */ +- if ((ctxt->valid != 0) || (doc->properties & XML_DOC_DTDVALID)) { ++ if ((ctxt->valid != 0) || (XML_DOC_GET_PROPERTIES(doc) & XML_DOC_DTDVALID)) { + test_log("test %s : %s failed to detect invalid document\n", + id, filename); + nb_errors++; +@@ -224,7 +224,7 @@ xmlconfTestValid(const char *id, const char *filename, int options) { + ret = 0; + } else { + /* validity should be reported both in the context and in the document */ +- if ((ctxt->valid == 0) || ((doc->properties & XML_DOC_DTDVALID) == 0)) { ++ if ((ctxt->valid == 0) || ((XML_DOC_GET_PROPERTIES(doc) & XML_DOC_DTDVALID) == 0)) { + test_log("test %s : %s failed to validate a valid document\n", + id, filename); + nb_errors++; +diff --git a/tree.c b/tree.c +index eae778d..2fc26cd 100644 +--- a/tree.c ++++ b/tree.c +@@ -1185,7 +1185,7 @@ xmlNewDoc(const xmlChar *version) { + cur->compression = -1; /* not initialized */ + cur->doc = cur; + cur->parseFlags = 0; +- cur->properties = XML_DOC_USERBUILT; ++ XML_DOC_SET_PROPERTIES(cur, XML_DOC_USERBUILT); + /* + * The in memory encoding is always UTF8 + * This field will never change and would +@@ -2122,7 +2122,7 @@ xmlFreeProp(xmlAttrPtr cur) { + xmlDeregisterNodeDefaultValue((xmlNodePtr)cur); + + /* Check for ID removal -> leading to invalid references ! */ +- if ((cur->doc != NULL) && (cur->atype == XML_ATTRIBUTE_ID)) { ++ if ((cur->doc != NULL) && (XML_ATTR_GET_ATYPE(cur) == XML_ATTRIBUTE_ID)) { + xmlRemoveID(cur->doc, cur); + } + if (cur->children != NULL) xmlFreeNodeList(cur->children); +@@ -2871,7 +2871,7 @@ xmlSetTreeDoc(xmlNodePtr tree, xmlDocPtr doc) { + if(tree->type == XML_ELEMENT_NODE) { + prop = tree->properties; + while (prop != NULL) { +- if (prop->atype == XML_ATTRIBUTE_ID) { ++ if (XML_ATTR_GET_ATYPE(prop) == XML_ATTRIBUTE_ID) { + xmlRemoveID(tree->doc, prop); + } + +@@ -7019,9 +7019,9 @@ xmlSetNsProp(xmlNodePtr node, xmlNsPtr ns, const xmlChar *name, + /* + * Modify the attribute's value. + */ +- if (prop->atype == XML_ATTRIBUTE_ID) { ++ if (XML_ATTR_GET_ATYPE(prop) == XML_ATTRIBUTE_ID) { + xmlRemoveID(node->doc, prop); +- prop->atype = XML_ATTRIBUTE_ID; ++ XML_ATTR_SET_ATYPE(prop, XML_ATTRIBUTE_ID); + } + if (prop->children != NULL) + xmlFreeNodeList(prop->children); +@@ -7041,7 +7041,7 @@ xmlSetNsProp(xmlNodePtr node, xmlNsPtr ns, const xmlChar *name, + tmp = tmp->next; + } + } +- if (prop->atype == XML_ATTRIBUTE_ID) ++ if (XML_ATTR_GET_ATYPE(prop) == XML_ATTRIBUTE_ID) + xmlAddID(NULL, node->doc, value, prop); + return(prop); + } +@@ -9296,7 +9296,7 @@ ns_end: + if (cur->type == XML_ELEMENT_NODE) { + cur->psvi = NULL; + cur->line = 0; +- cur->extra = 0; ++ XML_NODE_CLEAR_EXTRA(cur); + /* + * Walk attributes. + */ +@@ -9312,11 +9312,11 @@ ns_end: + * Attributes. + */ + if ((sourceDoc != NULL) && +- (((xmlAttrPtr) cur)->atype == XML_ATTRIBUTE_ID)) ++ (XML_ATTR_GET_ATYPE((xmlAttrPtr) cur) == XML_ATTRIBUTE_ID)) + { + xmlRemoveID(sourceDoc, (xmlAttrPtr) cur); + } +- ((xmlAttrPtr) cur)->atype = 0; ++ XML_ATTR_CLEAR_ATYPE((xmlAttrPtr) cur); + ((xmlAttrPtr) cur)->psvi = NULL; + } + break; +@@ -10037,7 +10037,7 @@ xmlDOMWrapAdoptAttr(xmlDOMWrapCtxtPtr ctxt, + } + + XML_TREE_ADOPT_STR(attr->name); +- attr->atype = 0; ++ XML_ATTR_CLEAR_ATYPE(attr); + attr->psvi = NULL; + /* + * Walk content. +diff --git a/valid.c b/valid.c +index 67e1b1d..b17b8f7 100644 +--- a/valid.c ++++ b/valid.c +@@ -1887,7 +1887,7 @@ xmlScanIDAttributeDecl(xmlValidCtxtPtr ctxt, xmlElementPtr elem, int err) { + if (elem == NULL) return(0); + cur = elem->attributes; + while (cur != NULL) { +- if (cur->atype == XML_ATTRIBUTE_ID) { ++ if (XML_ATTR_GET_ATYPE(cur) == XML_ATTRIBUTE_ID) { + ret ++; + if ((ret > 1) && (err)) + xmlErrValidNode(ctxt, (xmlNodePtr) elem, XML_DTD_MULTIPLE_ID, +@@ -2260,7 +2260,7 @@ xmlDumpAttributeDecl(xmlBufferPtr buf, xmlAttributePtr attr) { + xmlBufferWriteChar(buf, ":"); + } + xmlBufferWriteCHAR(buf, attr->name); +- switch (attr->atype) { ++ switch (XML_ATTR_GET_ATYPE(attr)) { + case XML_ATTRIBUTE_CDATA: + xmlBufferWriteChar(buf, " CDATA"); + break; +@@ -2733,7 +2733,7 @@ xmlAddID(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value, + return(NULL); + } + if (attr != NULL) +- attr->atype = XML_ATTRIBUTE_ID; ++ XML_ATTR_SET_ATYPE(attr, XML_ATTRIBUTE_ID); + return(ret); + } + +@@ -2812,7 +2812,7 @@ xmlIsID(xmlDocPtr doc, xmlNodePtr elem, xmlAttrPtr attr) { + if ((fullelemname != felem) && (fullelemname != elem->name)) + xmlFree(fullelemname); + +- if ((attrDecl != NULL) && (attrDecl->atype == XML_ATTRIBUTE_ID)) ++ if ((attrDecl != NULL) && (XML_ATTR_GET_ATYPE(attrDecl) == XML_ATTRIBUTE_ID)) + return(1); + } + return(0); +@@ -2853,7 +2853,7 @@ xmlRemoveID(xmlDocPtr doc, xmlAttrPtr attr) { + + xmlHashRemoveEntry(table, ID, xmlFreeIDTableEntry); + xmlFree(ID); +- attr->atype = 0; ++ XML_ATTR_CLEAR_ATYPE(attr); + return(0); + } + +@@ -3138,8 +3138,8 @@ xmlIsRef(xmlDocPtr doc, xmlNodePtr elem, xmlAttrPtr attr) { + elem->name, attr->name); + + if ((attrDecl != NULL) && +- (attrDecl->atype == XML_ATTRIBUTE_IDREF || +- attrDecl->atype == XML_ATTRIBUTE_IDREFS)) ++ (XML_ATTR_GET_ATYPE(attrDecl) == XML_ATTRIBUTE_IDREF || ++ XML_ATTR_GET_ATYPE(attrDecl) == XML_ATTRIBUTE_IDREFS)) + return(1); + } + return(0); +@@ -3523,7 +3523,7 @@ xmlIsMixedElement(xmlDocPtr doc, const xmlChar *name) { + + static int + xmlIsDocNameStartChar(xmlDocPtr doc, int c) { +- if ((doc == NULL) || (doc->properties & XML_DOC_OLD10) == 0) { ++ if ((doc == NULL) || (XML_DOC_GET_PROPERTIES(doc) & XML_DOC_OLD10) == 0) { + /* + * Use the new checks of production [4] [4a] amd [5] of the + * Update 5 of XML-1.0 +@@ -3553,7 +3553,7 @@ xmlIsDocNameStartChar(xmlDocPtr doc, int c) { + + static int + xmlIsDocNameChar(xmlDocPtr doc, int c) { +- if ((doc == NULL) || (doc->properties & XML_DOC_OLD10) == 0) { ++ if ((doc == NULL) || (XML_DOC_GET_PROPERTIES(doc) & XML_DOC_OLD10) == 0) { + /* + * Use the new checks of production [4] [4a] amd [5] of the + * Update 5 of XML-1.0 +@@ -4103,7 +4103,7 @@ xmlValidCtxtNormalizeAttributeValue(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + + if (attrDecl == NULL) + return(NULL); +- if (attrDecl->atype == XML_ATTRIBUTE_CDATA) ++ if (XML_ATTR_GET_ATYPE(attrDecl) == XML_ATTRIBUTE_CDATA) + return(NULL); + + ret = xmlStrdup(value); +@@ -4165,7 +4165,7 @@ xmlValidNormalizeAttributeValue(xmlDocPtr doc, xmlNodePtr elem, + + if (attrDecl == NULL) + return(NULL); +- if (attrDecl->atype == XML_ATTRIBUTE_CDATA) ++ if (XML_ATTR_GET_ATYPE(attrDecl) == XML_ATTRIBUTE_CDATA) + return(NULL); + + ret = xmlStrdup(value); +@@ -4180,7 +4180,7 @@ xmlValidateAttributeIdCallback(void *payload, void *data, + const xmlChar *name ATTRIBUTE_UNUSED) { + xmlAttributePtr attr = (xmlAttributePtr) payload; + int *count = (int *) data; +- if (attr->atype == XML_ATTRIBUTE_ID) (*count)++; ++ if (XML_ATTR_GET_ATYPE(attr) == XML_ATTRIBUTE_ID) (*count)++; + } + + /** +@@ -4212,7 +4212,7 @@ xmlValidateAttributeDecl(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + /* Attribute Default Legal */ + /* Enumeration */ + if (attr->defaultValue != NULL) { +- val = xmlValidateAttributeValueInternal(doc, attr->atype, ++ val = xmlValidateAttributeValueInternal(doc, XML_ATTR_GET_ATYPE(attr), + attr->defaultValue); + if (val == 0) { + xmlErrValidNode(ctxt, (xmlNodePtr) attr, XML_DTD_ATTRIBUTE_DEFAULT, +@@ -4223,7 +4223,7 @@ xmlValidateAttributeDecl(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + } + + /* ID Attribute Default */ +- if ((attr->atype == XML_ATTRIBUTE_ID)&& ++ if ((XML_ATTR_GET_ATYPE(attr) == XML_ATTRIBUTE_ID)&& + (attr->def != XML_ATTRIBUTE_IMPLIED) && + (attr->def != XML_ATTRIBUTE_REQUIRED)) { + xmlErrValidNode(ctxt, (xmlNodePtr) attr, XML_DTD_ID_FIXED, +@@ -4233,7 +4233,7 @@ xmlValidateAttributeDecl(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + } + + /* One ID per Element Type */ +- if (attr->atype == XML_ATTRIBUTE_ID) { ++ if (XML_ATTR_GET_ATYPE(attr) == XML_ATTRIBUTE_ID) { + int nbId; + + /* the trick is that we parse DtD as their own internal subset */ +@@ -4492,9 +4492,9 @@ xmlValidateOneAttribute(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + attr->name, elem->name, NULL); + return(0); + } +- attr->atype = attrDecl->atype; ++ XML_ATTR_SET_ATYPE(attr, attrDecl->atype); + +- val = xmlValidateAttributeValueInternal(doc, attrDecl->atype, value); ++ val = xmlValidateAttributeValueInternal(doc, XML_ATTR_GET_ATYPE(attrDecl), value); + if (val == 0) { + xmlErrValidNode(ctxt, elem, XML_DTD_ATTRIBUTE_VALUE, + "Syntax of value for attribute %s of %s is not valid\n", +@@ -4513,19 +4513,19 @@ xmlValidateOneAttribute(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + } + + /* Validity Constraint: ID uniqueness */ +- if (attrDecl->atype == XML_ATTRIBUTE_ID) { ++ if (XML_ATTR_GET_ATYPE(attrDecl) == XML_ATTRIBUTE_ID) { + if (xmlAddID(ctxt, doc, value, attr) == NULL) + ret = 0; + } + +- if ((attrDecl->atype == XML_ATTRIBUTE_IDREF) || +- (attrDecl->atype == XML_ATTRIBUTE_IDREFS)) { ++ if ((XML_ATTR_GET_ATYPE(attrDecl) == XML_ATTRIBUTE_IDREF) || ++ (XML_ATTR_GET_ATYPE(attrDecl) == XML_ATTRIBUTE_IDREFS)) { + if (xmlAddRef(ctxt, doc, value, attr) == NULL) + ret = 0; + } + + /* Validity Constraint: Notation Attributes */ +- if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) { ++ if (XML_ATTR_GET_ATYPE(attrDecl) == XML_ATTRIBUTE_NOTATION) { + xmlEnumerationPtr tree = attrDecl->tree; + xmlNotationPtr nota; + +@@ -4555,7 +4555,7 @@ xmlValidateOneAttribute(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + } + + /* Validity Constraint: Enumeration */ +- if (attrDecl->atype == XML_ATTRIBUTE_ENUMERATION) { ++ if (XML_ATTR_GET_ATYPE(attrDecl) == XML_ATTRIBUTE_ENUMERATION) { + xmlEnumerationPtr tree = attrDecl->tree; + while (tree != NULL) { + if (xmlStrEqual(tree->name, value)) break; +@@ -4580,7 +4580,7 @@ xmlValidateOneAttribute(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + + /* Extra check for the attribute value */ + ret &= xmlValidateAttributeValue2(ctxt, doc, attr->name, +- attrDecl->atype, value); ++ XML_ATTR_GET_ATYPE(attrDecl), value); + + return(ret); + } +@@ -4679,7 +4679,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { + return(0); + } + +- val = xmlValidateAttributeValueInternal(doc, attrDecl->atype, value); ++ val = xmlValidateAttributeValueInternal(doc, XML_ATTR_GET_ATYPE(attrDecl), value); + if (val == 0) { + if (ns->prefix != NULL) { + xmlErrValidNode(ctxt, elem, XML_DTD_INVALID_DEFAULT, +@@ -4729,7 +4729,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { + #endif + + /* Validity Constraint: Notation Attributes */ +- if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) { ++ if (XML_ATTR_GET_ATYPE(attrDecl) == XML_ATTRIBUTE_NOTATION) { + xmlEnumerationPtr tree = attrDecl->tree; + xmlNotationPtr nota; + +@@ -4771,7 +4771,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { + } + + /* Validity Constraint: Enumeration */ +- if (attrDecl->atype == XML_ATTRIBUTE_ENUMERATION) { ++ if (XML_ATTR_GET_ATYPE(attrDecl) == XML_ATTRIBUTE_ENUMERATION) { + xmlEnumerationPtr tree = attrDecl->tree; + while (tree != NULL) { + if (xmlStrEqual(tree->name, value)) break; +@@ -4809,10 +4809,10 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { + /* Extra check for the attribute value */ + if (ns->prefix != NULL) { + ret &= xmlValidateAttributeValue2(ctxt, doc, ns->prefix, +- attrDecl->atype, value); ++ XML_ATTR_GET_ATYPE(attrDecl), value); + } else { + ret &= xmlValidateAttributeValue2(ctxt, doc, BAD_CAST "xmlns", +- attrDecl->atype, value); ++ XML_ATTR_GET_ATYPE(attrDecl), value); + } + + return(ret); +@@ -6570,7 +6570,7 @@ xmlValidateRef(xmlRefPtr ref, xmlValidCtxtPtr ctxt, + while (IS_BLANK_CH(*cur)) cur++; + } + xmlFree(dup); +- } else if (attr->atype == XML_ATTRIBUTE_IDREF) { ++ } else if (XML_ATTR_GET_ATYPE(attr) == XML_ATTRIBUTE_IDREF) { + id = xmlGetID(ctxt->doc, name); + if (id == NULL) { + xmlErrValidNode(ctxt, attr->parent, XML_DTD_UNKNOWN_ID, +@@ -6578,7 +6578,7 @@ xmlValidateRef(xmlRefPtr ref, xmlValidCtxtPtr ctxt, + attr->name, name, NULL); + ctxt->valid = 0; + } +- } else if (attr->atype == XML_ATTRIBUTE_IDREFS) { ++ } else if (XML_ATTR_GET_ATYPE(attr) == XML_ATTRIBUTE_IDREFS) { + xmlChar *dup, *str = NULL, *cur, save; + + dup = xmlStrdup(name); +@@ -6778,7 +6778,7 @@ xmlValidateAttributeCallback(void *payload, void *data, + + if (cur == NULL) + return; +- switch (cur->atype) { ++ switch (XML_ATTR_GET_ATYPE(cur)) { + case XML_ATTRIBUTE_CDATA: + case XML_ATTRIBUTE_ID: + case XML_ATTRIBUTE_IDREF : +@@ -6793,7 +6793,7 @@ xmlValidateAttributeCallback(void *payload, void *data, + if (cur->defaultValue != NULL) { + + ret = xmlValidateAttributeValue2(ctxt, ctxt->doc, cur->name, +- cur->atype, cur->defaultValue); ++ XML_ATTR_GET_ATYPE(cur), cur->defaultValue); + if ((ret == 0) && (ctxt->valid == 1)) + ctxt->valid = 0; + } +@@ -6801,14 +6801,14 @@ xmlValidateAttributeCallback(void *payload, void *data, + xmlEnumerationPtr tree = cur->tree; + while (tree != NULL) { + ret = xmlValidateAttributeValue2(ctxt, ctxt->doc, +- cur->name, cur->atype, tree->name); ++ cur->name, XML_ATTR_GET_ATYPE(cur), tree->name); + if ((ret == 0) && (ctxt->valid == 1)) + ctxt->valid = 0; + tree = tree->next; + } + } + } +- if (cur->atype == XML_ATTRIBUTE_NOTATION) { ++ if (XML_ATTR_GET_ATYPE(cur) == XML_ATTRIBUTE_NOTATION) { + doc = cur->doc; + if (cur->elem == NULL) { + xmlErrValid(ctxt, XML_ERR_INTERNAL_ERROR, +diff --git a/xmlreader.c b/xmlreader.c +index 979385a..38196fa 100644 +--- a/xmlreader.c ++++ b/xmlreader.c +@@ -610,7 +610,7 @@ xmlTextReaderStartElement(void *ctx, const xmlChar *fullname, + if ((ctxt->node != NULL) && (ctxt->input != NULL) && + (ctxt->input->cur != NULL) && (ctxt->input->cur[0] == '/') && + (ctxt->input->cur[1] == '>')) +- ctxt->node->extra = NODE_IS_EMPTY; ++ XML_NODE_SET_EXTRA(ctxt->node, NODE_IS_EMPTY); + } + if (reader != NULL) + reader->state = XML_TEXTREADER_ELEMENT; +@@ -675,7 +675,7 @@ xmlTextReaderStartElementNs(void *ctx, + if ((ctxt->node != NULL) && (ctxt->input != NULL) && + (ctxt->input->cur != NULL) && (ctxt->input->cur[0] == '/') && + (ctxt->input->cur[1] == '>')) +- ctxt->node->extra = NODE_IS_EMPTY; ++ XML_NODE_SET_EXTRA(ctxt->node, NODE_IS_EMPTY); + } + if (reader != NULL) + reader->state = XML_TEXTREADER_ELEMENT; +@@ -1075,7 +1075,7 @@ skip_children: + xmlNodePtr tmp; + if (reader->entNr == 0) { + while ((tmp = node->last) != NULL) { +- if ((tmp->extra & NODE_IS_PRESERVED) == 0) { ++ if ((XML_NODE_GET_EXTRA(tmp) & NODE_IS_PRESERVED) == 0) { + xmlUnlinkNode(tmp); + xmlTextReaderFreeNode(reader, tmp); + } else +@@ -1327,7 +1327,7 @@ get_next_node: + if ((oldstate == XML_TEXTREADER_ELEMENT) && + (reader->node->type == XML_ELEMENT_NODE) && + (reader->node->children == NULL) && +- ((reader->node->extra & NODE_IS_EMPTY) == 0) ++ ((XML_NODE_GET_EXTRA(reader->node) & NODE_IS_EMPTY) == 0) + #ifdef LIBXML_XINCLUDE_ENABLED + && (reader->in_xinclude <= 0) + #endif +@@ -1341,7 +1341,7 @@ get_next_node: + xmlTextReaderValidatePop(reader); + #endif /* LIBXML_REGEXP_ENABLED */ + if ((reader->preserves > 0) && +- (reader->node->extra & NODE_IS_SPRESERVED)) ++ (XML_NODE_GET_EXTRA(reader->node) & NODE_IS_SPRESERVED)) + reader->preserves--; + reader->node = reader->node->next; + reader->state = XML_TEXTREADER_ELEMENT; +@@ -1357,7 +1357,7 @@ get_next_node: + (reader->node->prev != NULL) && + (reader->node->prev->type != XML_DTD_NODE)) { + xmlNodePtr tmp = reader->node->prev; +- if ((tmp->extra & NODE_IS_PRESERVED) == 0) { ++ if ((XML_NODE_GET_EXTRA(tmp) & NODE_IS_PRESERVED) == 0) { + if (oldnode == tmp) + oldnode = NULL; + xmlUnlinkNode(tmp); +@@ -1370,7 +1370,7 @@ get_next_node: + if ((oldstate == XML_TEXTREADER_ELEMENT) && + (reader->node->type == XML_ELEMENT_NODE) && + (reader->node->children == NULL) && +- ((reader->node->extra & NODE_IS_EMPTY) == 0)) {; ++ ((XML_NODE_GET_EXTRA(reader->node) & NODE_IS_EMPTY) == 0)) {; + reader->state = XML_TEXTREADER_END; + goto node_found; + } +@@ -1379,7 +1379,7 @@ get_next_node: + xmlTextReaderValidatePop(reader); + #endif /* LIBXML_REGEXP_ENABLED */ + if ((reader->preserves > 0) && +- (reader->node->extra & NODE_IS_SPRESERVED)) ++ (XML_NODE_GET_EXTRA(reader->node) & NODE_IS_SPRESERVED)) + reader->preserves--; + reader->node = reader->node->parent; + if ((reader->node == NULL) || +@@ -1403,7 +1403,7 @@ get_next_node: + #endif + (reader->entNr == 0) && + (oldnode->type != XML_DTD_NODE) && +- ((oldnode->extra & NODE_IS_PRESERVED) == 0)) { ++ ((XML_NODE_GET_EXTRA(oldnode) & NODE_IS_PRESERVED) == 0)) { + xmlUnlinkNode(oldnode); + xmlTextReaderFreeNode(reader, oldnode); + } +@@ -1416,7 +1416,7 @@ get_next_node: + #endif + (reader->entNr == 0) && + (reader->node->last != NULL) && +- ((reader->node->last->extra & NODE_IS_PRESERVED) == 0)) { ++ ((XML_NODE_GET_EXTRA(reader->node->last) & NODE_IS_PRESERVED) == 0)) { + xmlNodePtr tmp = reader->node->last; + xmlUnlinkNode(tmp); + xmlTextReaderFreeNode(reader, tmp); +@@ -1599,7 +1599,7 @@ xmlTextReaderNext(xmlTextReaderPtr reader) { + return(xmlTextReaderRead(reader)); + if (reader->state == XML_TEXTREADER_END || reader->state == XML_TEXTREADER_BACKTRACK) + return(xmlTextReaderRead(reader)); +- if (cur->extra & NODE_IS_EMPTY) ++ if (XML_NODE_GET_EXTRA(cur) & NODE_IS_EMPTY) + return(xmlTextReaderRead(reader)); + do { + ret = xmlTextReaderRead(reader); +@@ -3022,7 +3022,7 @@ xmlTextReaderIsEmptyElement(xmlTextReaderPtr reader) { + if (reader->in_xinclude > 0) + return(1); + #endif +- return((reader->node->extra & NODE_IS_EMPTY) != 0); ++ return((XML_NODE_GET_EXTRA(reader->node) & NODE_IS_EMPTY) != 0); + } + + /** +@@ -3884,15 +3884,15 @@ xmlTextReaderPreserve(xmlTextReaderPtr reader) { + return(NULL); + + if ((cur->type != XML_DOCUMENT_NODE) && (cur->type != XML_DTD_NODE)) { +- cur->extra |= NODE_IS_PRESERVED; +- cur->extra |= NODE_IS_SPRESERVED; ++ XML_NODE_ADD_EXTRA(cur, NODE_IS_PRESERVED); ++ XML_NODE_ADD_EXTRA(cur, NODE_IS_SPRESERVED); + } + reader->preserves++; + + parent = cur->parent;; + while (parent != NULL) { + if (parent->type == XML_ELEMENT_NODE) +- parent->extra |= NODE_IS_PRESERVED; ++ XML_NODE_ADD_EXTRA(parent, NODE_IS_PRESERVED); + parent = parent->parent; + } + return(cur); +diff --git a/xmlschemas.c b/xmlschemas.c +index 4662ebb..f205828 100644 +--- a/xmlschemas.c ++++ b/xmlschemas.c +@@ -6032,7 +6032,7 @@ xmlSchemaPValAttrNodeID(xmlSchemaParserCtxtPtr ctxt, xmlAttrPtr attr) + /* + * NOTE: the IDness might have already be declared in the DTD + */ +- if (attr->atype != XML_ATTRIBUTE_ID) { ++ if (XML_ATTR_GET_ATYPE(attr) != XML_ATTRIBUTE_ID) { + xmlIDPtr res; + xmlChar *strip; + +@@ -6055,7 +6055,7 @@ xmlSchemaPValAttrNodeID(xmlSchemaParserCtxtPtr ctxt, xmlAttrPtr attr) + NULL, NULL, "Duplicate value '%s' of simple " + "type 'xs:ID'", value, NULL); + } else +- attr->atype = XML_ATTRIBUTE_ID; ++ XML_ATTR_SET_ATYPE(attr, XML_ATTRIBUTE_ID); + } + } else if (ret > 0) { + ret = XML_SCHEMAP_S4S_ATTR_INVALID_VALUE; +diff --git a/xmlschemastypes.c b/xmlschemastypes.c +index 60268e2..d6e131a 100644 +--- a/xmlschemastypes.c ++++ b/xmlschemastypes.c +@@ -2990,7 +2990,7 @@ xmlSchemaValAtomicType(xmlSchemaTypePtr type, const xmlChar * value, + /* + * NOTE: the IDness might have already be declared in the DTD + */ +- if (attr->atype != XML_ATTRIBUTE_ID) { ++ if (XML_ATTR_GET_ATYPE(attr) != XML_ATTRIBUTE_ID) { + xmlIDPtr res; + xmlChar *strip; + +@@ -3003,7 +3003,7 @@ xmlSchemaValAtomicType(xmlSchemaTypePtr type, const xmlChar * value, + if (res == NULL) { + ret = 2; + } else { +- attr->atype = XML_ATTRIBUTE_ID; ++ XML_ATTR_SET_ATYPE(attr, XML_ATTRIBUTE_ID); + } + } + } +@@ -3028,7 +3028,7 @@ xmlSchemaValAtomicType(xmlSchemaTypePtr type, const xmlChar * value, + xmlFree(strip); + } else + xmlAddRef(NULL, node->doc, value, attr); +- attr->atype = XML_ATTRIBUTE_IDREF; ++ XML_ATTR_SET_ATYPE(attr, XML_ATTRIBUTE_IDREF); + } + goto done; + case XML_SCHEMAS_IDREFS: +@@ -3042,7 +3042,7 @@ xmlSchemaValAtomicType(xmlSchemaTypePtr type, const xmlChar * value, + (node->type == XML_ATTRIBUTE_NODE)) { + xmlAttrPtr attr = (xmlAttrPtr) node; + +- attr->atype = XML_ATTRIBUTE_IDREFS; ++ XML_ATTR_SET_ATYPE(attr, XML_ATTRIBUTE_IDREFS); + } + goto done; + case XML_SCHEMAS_ENTITY:{ +@@ -3073,7 +3073,7 @@ xmlSchemaValAtomicType(xmlSchemaTypePtr type, const xmlChar * value, + (node->type == XML_ATTRIBUTE_NODE)) { + xmlAttrPtr attr = (xmlAttrPtr) node; + +- attr->atype = XML_ATTRIBUTE_ENTITY; ++ XML_ATTR_SET_ATYPE(attr, XML_ATTRIBUTE_ENTITY); + } + goto done; + } +@@ -3090,7 +3090,7 @@ xmlSchemaValAtomicType(xmlSchemaTypePtr type, const xmlChar * value, + (node->type == XML_ATTRIBUTE_NODE)) { + xmlAttrPtr attr = (xmlAttrPtr) node; + +- attr->atype = XML_ATTRIBUTE_ENTITIES; ++ XML_ATTR_SET_ATYPE(attr, XML_ATTRIBUTE_ENTITIES); + } + goto done; + case XML_SCHEMAS_NOTATION:{ +-- +2.43.0 + diff --git a/SPECS/libxml2/libxml2.spec b/SPECS/libxml2/libxml2.spec index ad8f7c77572..d8ffd218cb2 100644 --- a/SPECS/libxml2/libxml2.spec +++ b/SPECS/libxml2/libxml2.spec @@ -1,7 +1,7 @@ Summary: Libxml2 Name: libxml2 Version: 2.11.5 -Release: 7%{?dist} +Release: 8%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Azure Linux @@ -21,6 +21,7 @@ Patch9: CVE-2025-6021.patch Patch10: CVE-2025-6170.patch Patch11: CVE-2025-49794_CVE-2025-49796.patch Patch12: CVE-2025-49795.patch +Patch13: CVE-2025-7425.patch BuildRequires: python3-devel BuildRequires: python3-xml @@ -92,6 +93,9 @@ find %{buildroot} -type f -name "*.la" -delete -print %{_libdir}/cmake/libxml2/libxml2-config.cmake %changelog +* Mon Jan 12 2026 Akhila Guruju - 2.11.5-8 +- Patch CVE-2025-7525 + * Wed Oct 29 2025 Azure Linux Security Servicing Account - 2.11.5-7 - Patch for CVE-2025-49795 diff --git a/SPECS/openvswitch/0001-tests-Fix-SSL-db-implementation-test-with-openssl-3..patch b/SPECS/openvswitch/0001-tests-Fix-SSL-db-implementation-test-with-openssl-3..patch new file mode 100644 index 00000000000..3fee58644ac --- /dev/null +++ b/SPECS/openvswitch/0001-tests-Fix-SSL-db-implementation-test-with-openssl-3..patch @@ -0,0 +1,38 @@ +From 7c4c453945ce68b04f36162637dac8a651a1601a Mon Sep 17 00:00:00 2001 +Message-ID: <7c4c453945ce68b04f36162637dac8a651a1601a.1709801660.git.tredaelli@redhat.com> +From: Timothy Redaelli +Date: Tue, 5 Mar 2024 19:50:10 +0100 +Subject: [PATCH] tests: Fix "SSL db: implementation" test with openssl > + 3.2.0. + +In OpenSSL 3.2.0 (81b741f) all the "alert" error messages was updated to +replace "sslv3" with "ssl/tls". + +This commit updates the "SSL db: implementation" test to support both the +pre-openssl 3.2.0 error message: "sslv3 alert certificate unknown" and the +post-openssl 3.2.0 error message: "ssl/tls alert certificate unknown". + +Signed-off-by: Timothy Redaelli +--- + tests/ovsdb-server.at | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/tests/ovsdb-server.at b/tests/ovsdb-server.at +index b8ccc4c8e..35447a52e 100644 +--- a/tests/ovsdb-server.at ++++ b/tests/ovsdb-server.at +@@ -936,8 +936,10 @@ AT_CHECK_UNQUOTED( + [ignore]) + # The error message for being unable to negotiate a shared ciphersuite + # is 'sslv3 alert handshake failure'. This is not the clearest message. ++# In openssl 3.2.0 all the error messages was updated to replace "sslv3" with ++# "ssl/tls". + AT_CHECK_UNQUOTED( +- [grep "sslv3 alert handshake failure" output], [0], ++ [grep -E "(sslv3|ssl/tls) alert handshake failure" output], [0], + [stdout], + [ignore]) + OVSDB_SERVER_SHUTDOWN([" +-- +2.44.0 + diff --git a/SPECS/openvswitch/0001-tests-Fix-compatibility-issue-with-Python-3.13-in-vl.patch b/SPECS/openvswitch/0001-tests-Fix-compatibility-issue-with-Python-3.13-in-vl.patch new file mode 100644 index 00000000000..d74d4ff457e --- /dev/null +++ b/SPECS/openvswitch/0001-tests-Fix-compatibility-issue-with-Python-3.13-in-vl.patch @@ -0,0 +1,42 @@ +From 9185793e75435d890f18d391eaaeab0ade6f1415 Mon Sep 17 00:00:00 2001 +Message-ID: <9185793e75435d890f18d391eaaeab0ade6f1415.1716386938.git.tredaelli@redhat.com> +From: Frode Nordahl +Date: Mon, 8 Apr 2024 23:24:14 +0200 +Subject: [PATCH] tests: Fix compatibility issue with Python 3.13 in vlog.at. + +The vlog - Python3 test makes use of output from Python +Tracebacks in its test assertion. + +In Python 3.13 a line with tophat (``^``) markers is added below +Tracebacks from calls to assert [0], which makes the test fail. +This change of behavior is also backported to the Python 3.12 and +3.11 stable branches [1]. + +Strip lines containing one or more occurrence of the ``^`` +character from the output before performing the test assertions. + +0: https://github.com/python/cpython/pull/105935 +1: https://github.com/python/cpython/issues/116034 + +Reported-at: https://launchpad.net/bugs/2060434 +Signed-off-by: Frode Nordahl +Signed-off-by: Ilya Maximets +--- + tests/vlog.at | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tests/vlog.at b/tests/vlog.at +index 785014956..efe91479a 100644 +--- a/tests/vlog.at ++++ b/tests/vlog.at +@@ -8,6 +8,7 @@ AT_CHECK([$PYTHON3 $srcdir/test-vlog.py --log-file log_file \ + + AT_CHECK([sed -e 's/.*-.*-.*T..:..:..Z |//' \ + -e 's/File ".*", line [[0-9]][[0-9]]*,/File , line ,/' \ ++-e '/\^\+/d' \ + stderr_log], [0], [dnl + 0 | module_0 | EMER | emergency + 1 | module_0 | ERR | error +-- +2.45.0 + diff --git a/SPECS/openvswitch/openvswitch.spec b/SPECS/openvswitch/openvswitch.spec index 65294b861ff..93420038476 100644 --- a/SPECS/openvswitch/openvswitch.spec +++ b/SPECS/openvswitch/openvswitch.spec @@ -20,7 +20,7 @@ Summary: Open vSwitch daemon/database/utilities Name: openvswitch Version: 3.3.0 -Release: 1%{?dist} +Release: 2%{?dist} License: ASL 2.0 AND LGPLv2+ AND SISSL Vendor: Microsoft Corporation Distribution: Azure Linux @@ -32,6 +32,8 @@ Source1: openvswitch.sysusers # ovs-patches # OVS (including OVN) backports (0 - 300) +Patch0: 0001-tests-Fix-SSL-db-implementation-test-with-openssl-3..patch +Patch10: 0001-tests-Fix-compatibility-issue-with-Python-3.13-in-vl.patch BuildRequires: gcc gcc-c++ make BuildRequires: autoconf automake libtool @@ -394,7 +396,7 @@ fi %{_sbindir}/ovs-bugtool %{_mandir}/man8/ovs-dpctl-top.8* %{_mandir}/man8/ovs-bugtool.8* -%doc LICENSE +%license LICENSE %files test %{_bindir}/ovs-pcap @@ -495,13 +497,18 @@ fi %{_mandir}/man8/ovs-vswitchd.8* %{_mandir}/man8/ovs-parse-backtrace.8* %{_udevrulesdir}/91-vfio.rules -%doc LICENSE NOTICE README.rst NEWS rhel/README.RHEL.rst +%license LICENSE NOTICE +%doc README.rst NEWS rhel/README.RHEL.rst /var/lib/openvswitch %attr(750,openvswitch,openvswitch) %verify(not owner group) /var/log/openvswitch %ghost %attr(755,root,root) %verify(not owner group) %{_rundir}/openvswitch %{_sysusersdir}/openvswitch.conf %changelog +* Thu Jan 08 2026 Tobias Brick - 3.3.0-2 +- Add patches from fedora f40 to fix tests with new versions of openssl and python. +- Update to use correct locations for license files. + * Wed Feb 21 2024 Thien Trung Vuong - 3.3.0-1 - Update to version 3.3.0 diff --git a/SPECS/python-urllib3/CVE-2026-21441.patch b/SPECS/python-urllib3/CVE-2026-21441.patch new file mode 100644 index 00000000000..2daeb19a47f --- /dev/null +++ b/SPECS/python-urllib3/CVE-2026-21441.patch @@ -0,0 +1,89 @@ +From 8864ac407bba8607950025e0979c4c69bc7abc7b Mon Sep 17 00:00:00 2001 +From: Illia Volochii +Date: Wed, 7 Jan 2026 18:07:30 +0200 +Subject: [PATCH] Merge commit from fork + +* Stop decoding response content during redirects needlessly + +* Rename the new query parameter + +* Add a changelog entry + +Upstream patch Reference: https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b.patch +--- + dummyserver/handlers.py | 9 ++++++++- + src/urllib3/response.py | 6 +++++- + test/with_dummyserver/test_connectionpool.py | 19 +++++++++++++++++++ + 3 files changed, 32 insertions(+), 2 deletions(-) + +diff --git a/dummyserver/handlers.py b/dummyserver/handlers.py +index 86201a1..2bef080 100644 +--- a/dummyserver/handlers.py ++++ b/dummyserver/handlers.py +@@ -205,8 +205,15 @@ class TestingApp(RequestHandler): + if len(status) == 3: + status = f"{status} Redirect" + ++ compressed = params.get("compressed") == b"true" ++ + headers = [("Location", target)] +- return Response(status=status, headers=headers) ++ if compressed: ++ headers.append(("Content-Encoding", "gzip")) ++ data = gzip.compress(b"foo") ++ else: ++ data = b"" ++ return Response(body=data, status=status, headers=headers) + + def not_found(self, request: httputil.HTTPServerRequest) -> Response: + return Response("Not found", status="404 Not Found") +diff --git a/src/urllib3/response.py b/src/urllib3/response.py +index a06ecfb..6ddcbd6 100644 +--- a/src/urllib3/response.py ++++ b/src/urllib3/response.py +@@ -773,7 +773,11 @@ class HTTPResponse(BaseHTTPResponse): + Unread data in the HTTPResponse connection blocks the connection from being released back to the pool. + """ + try: +- self.read() ++ self.read( ++ # Do not spend resources decoding the content unless ++ # decoding has already been initiated. ++ decode_content=self._has_decoded_content, ++ ) + except (HTTPError, OSError, BaseSSLError, HTTPException): + pass + +diff --git a/test/with_dummyserver/test_connectionpool.py b/test/with_dummyserver/test_connectionpool.py +index ebfaf38..4f82136 100644 +--- a/test/with_dummyserver/test_connectionpool.py ++++ b/test/with_dummyserver/test_connectionpool.py +@@ -480,6 +480,25 @@ class TestConnectionPool(HTTPDummyServerTestCase): + assert r.status == 200 + assert r.data == b"Dummy server!" + ++ @mock.patch("urllib3.response.GzipDecoder.decompress") ++ def test_no_decoding_with_redirect_when_preload_disabled( ++ self, gzip_decompress: mock.MagicMock ++ ) -> None: ++ """ ++ Test that urllib3 does not attempt to decode a gzipped redirect ++ response when `preload_content` is set to `False`. ++ """ ++ with HTTPConnectionPool(self.host, self.port) as pool: ++ # Three requests are expected: two redirects and one final / 200 OK. ++ response = pool.request( ++ "GET", ++ "/redirect", ++ fields={"target": "/redirect?compressed=true", "compressed": "true"}, ++ preload_content=False, ++ ) ++ assert response.status == 200 ++ gzip_decompress.assert_not_called() ++ + def test_303_redirect_makes_request_lose_body(self) -> None: + with HTTPConnectionPool(self.host, self.port) as pool: + response = pool.request( +-- +2.43.0 + diff --git a/SPECS/python-urllib3/python-urllib3.spec b/SPECS/python-urllib3/python-urllib3.spec index 6e41244326b..25331f6cbdd 100644 --- a/SPECS/python-urllib3/python-urllib3.spec +++ b/SPECS/python-urllib3/python-urllib3.spec @@ -1,7 +1,7 @@ Summary: A powerful, sanity-friendly HTTP client for Python. Name: python-urllib3 Version: 2.0.7 -Release: 3%{?dist} +Release: 4%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Azure Linux @@ -15,6 +15,7 @@ Patch2: CVE-2024-37891.patch Patch3: CVE-2025-50181.patch Patch4: CVE-2025-66418.patch Patch5: CVE-2025-66471.patch +Patch6: CVE-2026-21441.patch %description A powerful, sanity-friendly HTTP client for Python. @@ -86,6 +87,9 @@ skiplist+=" or test_respect_retry_after_header_sleep" %{python3_sitelib}/* %changelog +* Fri Jan 09 2026 Azure Linux Security Servicing Account - 2.0.7-4 +- Patch for CVE-2026-21441 + * Wed Dec 10 2025 Azure Linux Security Servicing Account - 2.0.7-3 - Patch for CVE-2025-66418, CVE-2025-66471 diff --git a/SPECS/rust/CVE-2025-4574.patch b/SPECS/rust/CVE-2025-4574.patch index 39d9ea6143a..76e51c9e97f 100644 --- a/SPECS/rust/CVE-2025-4574.patch +++ b/SPECS/rust/CVE-2025-4574.patch @@ -1,46 +1,22 @@ -From 599103c7aeae04fe9fd25dd4b7254c4cf456693c Mon Sep 17 00:00:00 2001 -From: akhila-guruju -Date: Mon, 2 Jun 2025 09:39:09 +0000 -Subject: [PATCH] Address CVE-2025-4574 - +From c8035d278308c0043512b50634b583d26f9be9dd Mon Sep 17 00:00:00 2001 +From: Kavya Sree Kaitepalli +Date: Tue, 28 Oct 2025 11:51:40 +0000 +Subject: [PATCH] CVE-2025-4574 Upstream Patch reference: https://github.com/crossbeam-rs/crossbeam/commit/6ec74ecae896df5fc239518b45a1bfd258c9db68 - --- - vendor/crossbeam-channel-0.5.13/.cargo-checksum.json | 2 +- - vendor/crossbeam-channel-0.5.13/src/flavors/list.rs | 2 +- vendor/crossbeam-channel-0.5.14/.cargo-checksum.json | 2 +- vendor/crossbeam-channel-0.5.14/src/flavors/list.rs | 2 +- - 4 files changed, 4 insertions(+), 4 deletions(-) + 2 files changed, 2 insertions(+), 2 deletions(-) -diff --git a/vendor/crossbeam-channel-0.5.13/.cargo-checksum.json b/vendor/crossbeam-channel-0.5.13/.cargo-checksum.json -index 6784db9eb..b0731762f 100644 ---- a/vendor/crossbeam-channel-0.5.13/.cargo-checksum.json -+++ b/vendor/crossbeam-channel-0.5.13/.cargo-checksum.json -@@ -1 +1 @@ --{"files":{"CHANGELOG.md":"6b520b783f5e0c17c6caa975defb9ed6e0ae1254a6a41a9bcd03d249bc942289","Cargo.lock":"605ed4a922e22b42c8a7b75624dfd55d6f0bc96bf76bbf016b003a2c44ddc29a","Cargo.toml":"0f7a8020ede552c5370c101973e8b77cdf5ce6d41f4b6f7b1420b97491fd1e24","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"5734ed989dfca1f625b40281ee9f4530f91b2411ec01cb748223e7eb87e201ab","LICENSE-THIRD-PARTY":"b16db96b93b1d7cf7bea533f572091ec6bca3234fbe0a83038be772ff391a44c","README.md":"5dfb91ebb498dec49948a440a53977109ec532388170e567c3c2a0339589aa4c","benches/crossbeam.rs":"96cb1abd23cac3ef8a7174a802e94609926b555bb02c9658c78723d433f1dd92","examples/fibonacci.rs":"4e88fa40048cdc31e9c7bb60347d46f92543d7ddf39cab3b52bfe44affdb6a02","examples/matching.rs":"63c250e164607a7a9f643d46f107bb5da846d49e89cf9069909562d20e530f71","examples/stopwatch.rs":"d02121258f08d56f1eb7997e19bcb9bacb6836cfa0abbba90a9e59d8a50ae5cf","src/channel.rs":"13fbbe12d4ec361855af1c3587fc80aea5f537db8dc44dd4f66c9e2b4ae9f5c1","src/context.rs":"477cc2b7bac7502fd2459288a58cc76f015b1ec8e87b853cda77ccb1808c6334","src/counter.rs":"b8f1e48ec634a7dab8e04c485209161587ecbbd2d57b0825467164d4554c6249","src/err.rs":"44cb2024ee6b0cd6fd24996430e53720769f64b4ac35016bc3e05cb9db48681d","src/flavors/array.rs":"79bc219187c9f40b156b9fe551c1176b66bf73e6d48905b23a2d74c6366a2205","src/flavors/at.rs":"04e07861534f2f7d5b5f884f2f5bc9c008427e6d0afa1c8ad401e1d7e54b57eb","src/flavors/list.rs":"280f55b51cefe9351a52c8d2186de368b688ad06885d083efe7e831726846520","src/flavors/mod.rs":"3d9d43bc38b0adb18c96c995c2bd3421d8e33ab6c30b20c3c467d21d48e485dc","src/flavors/never.rs":"747da857aa1a7601641f23f4930e6ad00ebaf50456d9be5c7aa270e2ecc24dcb","src/flavors/tick.rs":"0916ca3faef30b8cc591137701c456d5fc5b5b49cb1edad1e3a80d35bae222bb","src/flavors/zero.rs":"f9cbc9e035fadce808a4af86a223cfded89990ba1e9acfe731fb17a7fe12b432","src/lib.rs":"5b1c406fd1ce6140feae9000be361858da2aabe7fc9fffd0eafcb88020d2b268","src/select.rs":"7aa8addb82427141b0a4afa16fa4d23a02becab115a0a5a6d6d327728fd0672f","src/select_macro.rs":"522cfc8155825c1f260922c17ea6ef8ae672cf94863750c1a6115db2cbc9fc18","src/utils.rs":"9bd81aeb385a81409a63f4b9edc35444c7fd1d2724725f9c34ad7ca39dd69a18","src/waker.rs":"017f87a120d945502701c0dba79062c7fe55d44e5907cc6f8605b4510c90d529","tests/after.rs":"0154a8e152880db17a20514ecdd49dabc361d3629858d119b9746b5e932c780c","tests/array.rs":"a57ae6264e676f573d7adb5c4b024994e98bc6811352516adb3444f880f7125e","tests/golang.rs":"7b2ef219ba8a21841c133512f3a540f8279a2458304e9bbed7da81d6091ecd82","tests/iter.rs":"25dc02135bbae9d47a30f9047661648e66bdc134e40ba78bc2fbacbb8b3819bc","tests/list.rs":"3d1a4ae23bb6b4767242b8109a8efda26f1d3b28c0f90da3368f8eb9ca0eee37","tests/mpsc.rs":"5fbb5342fa7c9e4bcda5545255e0979dc6b9ba638edee127acf75372c18c925f","tests/never.rs":"ee40c4fc4dd5af4983fae8de6927f52b81174d222c162f745b26c4a6c7108e4f","tests/ready.rs":"4361352fa94254041e6c73e97b13be032c2d51c741f2a50519efe3000cf4dc28","tests/same_channel.rs":"2bab761443671e841e1b2476bd8082d75533a2f6be7946f5dbcee67cdc82dccb","tests/select.rs":"101ea8afd9a40d24c2d2aec29e5f2fdc4faac51aa1d7c9fe077b364f12edd206","tests/select_macro.rs":"4d6d52ad48f385c5b8f5023a590e00e7a4b632e80bd929b6fc89a53f5faee515","tests/thread_locals.rs":"f42fcddca959b3b44cd545b92949d65e33a54332b27f490ec92f9f29b7f8290c","tests/tick.rs":"5f697bd14c48505d932e82065b5302ef668e1cc19cac18e8ac22e0c83c221c1d","tests/zero.rs":"9c5af802d5efb2c711f8242b8905ed29cc2601e48dbd95e41c7e6fbfe2918398"},"package":"33480d6946193aa8033910124896ca395333cae7e2d1113d1fef6c3272217df2"} -\ No newline at end of file -+{"files":{"CHANGELOG.md":"6b520b783f5e0c17c6caa975defb9ed6e0ae1254a6a41a9bcd03d249bc942289","Cargo.lock":"605ed4a922e22b42c8a7b75624dfd55d6f0bc96bf76bbf016b003a2c44ddc29a","Cargo.toml":"0f7a8020ede552c5370c101973e8b77cdf5ce6d41f4b6f7b1420b97491fd1e24","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"5734ed989dfca1f625b40281ee9f4530f91b2411ec01cb748223e7eb87e201ab","LICENSE-THIRD-PARTY":"b16db96b93b1d7cf7bea533f572091ec6bca3234fbe0a83038be772ff391a44c","README.md":"5dfb91ebb498dec49948a440a53977109ec532388170e567c3c2a0339589aa4c","benches/crossbeam.rs":"96cb1abd23cac3ef8a7174a802e94609926b555bb02c9658c78723d433f1dd92","examples/fibonacci.rs":"4e88fa40048cdc31e9c7bb60347d46f92543d7ddf39cab3b52bfe44affdb6a02","examples/matching.rs":"63c250e164607a7a9f643d46f107bb5da846d49e89cf9069909562d20e530f71","examples/stopwatch.rs":"d02121258f08d56f1eb7997e19bcb9bacb6836cfa0abbba90a9e59d8a50ae5cf","src/channel.rs":"13fbbe12d4ec361855af1c3587fc80aea5f537db8dc44dd4f66c9e2b4ae9f5c1","src/context.rs":"477cc2b7bac7502fd2459288a58cc76f015b1ec8e87b853cda77ccb1808c6334","src/counter.rs":"b8f1e48ec634a7dab8e04c485209161587ecbbd2d57b0825467164d4554c6249","src/err.rs":"44cb2024ee6b0cd6fd24996430e53720769f64b4ac35016bc3e05cb9db48681d","src/flavors/array.rs":"79bc219187c9f40b156b9fe551c1176b66bf73e6d48905b23a2d74c6366a2205","src/flavors/at.rs":"04e07861534f2f7d5b5f884f2f5bc9c008427e6d0afa1c8ad401e1d7e54b57eb","src/flavors/list.rs":"048e31bda49b8d2b7bdbe36cae07065745c69990b6adf73d283b52543429baad","src/flavors/mod.rs":"3d9d43bc38b0adb18c96c995c2bd3421d8e33ab6c30b20c3c467d21d48e485dc","src/flavors/never.rs":"747da857aa1a7601641f23f4930e6ad00ebaf50456d9be5c7aa270e2ecc24dcb","src/flavors/tick.rs":"0916ca3faef30b8cc591137701c456d5fc5b5b49cb1edad1e3a80d35bae222bb","src/flavors/zero.rs":"f9cbc9e035fadce808a4af86a223cfded89990ba1e9acfe731fb17a7fe12b432","src/lib.rs":"5b1c406fd1ce6140feae9000be361858da2aabe7fc9fffd0eafcb88020d2b268","src/select.rs":"7aa8addb82427141b0a4afa16fa4d23a02becab115a0a5a6d6d327728fd0672f","src/select_macro.rs":"522cfc8155825c1f260922c17ea6ef8ae672cf94863750c1a6115db2cbc9fc18","src/utils.rs":"9bd81aeb385a81409a63f4b9edc35444c7fd1d2724725f9c34ad7ca39dd69a18","src/waker.rs":"017f87a120d945502701c0dba79062c7fe55d44e5907cc6f8605b4510c90d529","tests/after.rs":"0154a8e152880db17a20514ecdd49dabc361d3629858d119b9746b5e932c780c","tests/array.rs":"a57ae6264e676f573d7adb5c4b024994e98bc6811352516adb3444f880f7125e","tests/golang.rs":"7b2ef219ba8a21841c133512f3a540f8279a2458304e9bbed7da81d6091ecd82","tests/iter.rs":"25dc02135bbae9d47a30f9047661648e66bdc134e40ba78bc2fbacbb8b3819bc","tests/list.rs":"3d1a4ae23bb6b4767242b8109a8efda26f1d3b28c0f90da3368f8eb9ca0eee37","tests/mpsc.rs":"5fbb5342fa7c9e4bcda5545255e0979dc6b9ba638edee127acf75372c18c925f","tests/never.rs":"ee40c4fc4dd5af4983fae8de6927f52b81174d222c162f745b26c4a6c7108e4f","tests/ready.rs":"4361352fa94254041e6c73e97b13be032c2d51c741f2a50519efe3000cf4dc28","tests/same_channel.rs":"2bab761443671e841e1b2476bd8082d75533a2f6be7946f5dbcee67cdc82dccb","tests/select.rs":"101ea8afd9a40d24c2d2aec29e5f2fdc4faac51aa1d7c9fe077b364f12edd206","tests/select_macro.rs":"4d6d52ad48f385c5b8f5023a590e00e7a4b632e80bd929b6fc89a53f5faee515","tests/thread_locals.rs":"f42fcddca959b3b44cd545b92949d65e33a54332b27f490ec92f9f29b7f8290c","tests/tick.rs":"5f697bd14c48505d932e82065b5302ef668e1cc19cac18e8ac22e0c83c221c1d","tests/zero.rs":"9c5af802d5efb2c711f8242b8905ed29cc2601e48dbd95e41c7e6fbfe2918398"},"package":"33480d6946193aa8033910124896ca395333cae7e2d1113d1fef6c3272217df2"} -diff --git a/vendor/crossbeam-channel-0.5.13/src/flavors/list.rs b/vendor/crossbeam-channel-0.5.13/src/flavors/list.rs -index e7fb6150f..bad76e858 100644 ---- a/vendor/crossbeam-channel-0.5.13/src/flavors/list.rs -+++ b/vendor/crossbeam-channel-0.5.13/src/flavors/list.rs -@@ -596,7 +596,7 @@ impl Channel { - // In that case, just wait until it gets initialized. - while block.is_null() { - backoff.snooze(); -- block = self.head.block.load(Ordering::Acquire); -+ block = self.head.block.swap(ptr::null_mut(), Ordering::AcqRel); - } - } - diff --git a/vendor/crossbeam-channel-0.5.14/.cargo-checksum.json b/vendor/crossbeam-channel-0.5.14/.cargo-checksum.json -index b6da487d3..5cba471f5 100644 +index 6de68d6be..a8cb473bf 100644 --- a/vendor/crossbeam-channel-0.5.14/.cargo-checksum.json +++ b/vendor/crossbeam-channel-0.5.14/.cargo-checksum.json @@ -1 +1 @@ --{"files":{"CHANGELOG.md":"4a7e4bc790fa3e9acb9577c489964690aa3a9ef549571fefd9e15362022901c2","Cargo.lock":"a4cbda8f2355ee7e9543e1eb01fb67173c079ae0337146c12fa577a4df81fa83","Cargo.toml":"a61aa427c7e7b3d318db6130cb49e4d1a0a2677853a3f9b6774c0cba93106cf8","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"5734ed989dfca1f625b40281ee9f4530f91b2411ec01cb748223e7eb87e201ab","LICENSE-THIRD-PARTY":"b16db96b93b1d7cf7bea533f572091ec6bca3234fbe0a83038be772ff391a44c","README.md":"5dfb91ebb498dec49948a440a53977109ec532388170e567c3c2a0339589aa4c","benches/crossbeam.rs":"96cb1abd23cac3ef8a7174a802e94609926b555bb02c9658c78723d433f1dd92","examples/fibonacci.rs":"4e88fa40048cdc31e9c7bb60347d46f92543d7ddf39cab3b52bfe44affdb6a02","examples/matching.rs":"63c250e164607a7a9f643d46f107bb5da846d49e89cf9069909562d20e530f71","examples/stopwatch.rs":"d02121258f08d56f1eb7997e19bcb9bacb6836cfa0abbba90a9e59d8a50ae5cf","src/channel.rs":"13fbbe12d4ec361855af1c3587fc80aea5f537db8dc44dd4f66c9e2b4ae9f5c1","src/context.rs":"0c5f278572d3db33ed3dfba45f62c8db372c9153db0695a5cdecf700c2ba73a5","src/counter.rs":"b8f1e48ec634a7dab8e04c485209161587ecbbd2d57b0825467164d4554c6249","src/err.rs":"44cb2024ee6b0cd6fd24996430e53720769f64b4ac35016bc3e05cb9db48681d","src/flavors/array.rs":"79bc219187c9f40b156b9fe551c1176b66bf73e6d48905b23a2d74c6366a2205","src/flavors/at.rs":"04e07861534f2f7d5b5f884f2f5bc9c008427e6d0afa1c8ad401e1d7e54b57eb","src/flavors/list.rs":"a1269b2a9b83e688cbd4ba2f06f6ce02763ca5dcb3ed27214d0dc64a97de30f6","src/flavors/mod.rs":"3d9d43bc38b0adb18c96c995c2bd3421d8e33ab6c30b20c3c467d21d48e485dc","src/flavors/never.rs":"747da857aa1a7601641f23f4930e6ad00ebaf50456d9be5c7aa270e2ecc24dcb","src/flavors/tick.rs":"0916ca3faef30b8cc591137701c456d5fc5b5b49cb1edad1e3a80d35bae222bb","src/flavors/zero.rs":"f9cbc9e035fadce808a4af86a223cfded89990ba1e9acfe731fb17a7fe12b432","src/lib.rs":"5b1c406fd1ce6140feae9000be361858da2aabe7fc9fffd0eafcb88020d2b268","src/select.rs":"301c765751586204371bedb69162e23bcf7e094cbc37b72203698a18b889550f","src/select_macro.rs":"f30b726dff104b17c2dfbd67b271758d8c06d63ec4811ffab88b2e1dac43e3df","src/utils.rs":"9bd81aeb385a81409a63f4b9edc35444c7fd1d2724725f9c34ad7ca39dd69a18","src/waker.rs":"017f87a120d945502701c0dba79062c7fe55d44e5907cc6f8605b4510c90d529","tests/after.rs":"0154a8e152880db17a20514ecdd49dabc361d3629858d119b9746b5e932c780c","tests/array.rs":"a57ae6264e676f573d7adb5c4b024994e98bc6811352516adb3444f880f7125e","tests/golang.rs":"7b2ef219ba8a21841c133512f3a540f8279a2458304e9bbed7da81d6091ecd82","tests/iter.rs":"25dc02135bbae9d47a30f9047661648e66bdc134e40ba78bc2fbacbb8b3819bc","tests/list.rs":"e71d34f790af290e463707c2336ff221f7841767e961b91747aa00e21df0ad32","tests/mpsc.rs":"5fbb5342fa7c9e4bcda5545255e0979dc6b9ba638edee127acf75372c18c925f","tests/never.rs":"ee40c4fc4dd5af4983fae8de6927f52b81174d222c162f745b26c4a6c7108e4f","tests/ready.rs":"4361352fa94254041e6c73e97b13be032c2d51c741f2a50519efe3000cf4dc28","tests/same_channel.rs":"2bab761443671e841e1b2476bd8082d75533a2f6be7946f5dbcee67cdc82dccb","tests/select.rs":"101ea8afd9a40d24c2d2aec29e5f2fdc4faac51aa1d7c9fe077b364f12edd206","tests/select_macro.rs":"e83bd33b34c47d703abe06420a23868809468516943347bdbfb6af4db0cec65a","tests/thread_locals.rs":"f42fcddca959b3b44cd545b92949d65e33a54332b27f490ec92f9f29b7f8290c","tests/tick.rs":"5f697bd14c48505d932e82065b5302ef668e1cc19cac18e8ac22e0c83c221c1d","tests/zero.rs":"9c5af802d5efb2c711f8242b8905ed29cc2601e48dbd95e41c7e6fbfe2918398"},"package":"06ba6d68e24814cb8de6bb986db8222d3a027d15872cabc0d18817bc3c0e4471"} +-{"files":{".cargo_vcs_info.json":"3c8d4a7c01150c97d75f3c05bc1cfcb551350a61a52c9dbfa3e8faac9e6aeb21","CHANGELOG.md":"4a7e4bc790fa3e9acb9577c489964690aa3a9ef549571fefd9e15362022901c2","Cargo.lock":"a4cbda8f2355ee7e9543e1eb01fb67173c079ae0337146c12fa577a4df81fa83","Cargo.toml":"a61aa427c7e7b3d318db6130cb49e4d1a0a2677853a3f9b6774c0cba93106cf8","Cargo.toml.orig":"94298c51c4c10bc8462f17e3010bbf0d52af1c25278ed0fa1f5bc6832a972cb5","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"5734ed989dfca1f625b40281ee9f4530f91b2411ec01cb748223e7eb87e201ab","LICENSE-THIRD-PARTY":"b16db96b93b1d7cf7bea533f572091ec6bca3234fbe0a83038be772ff391a44c","README.md":"5dfb91ebb498dec49948a440a53977109ec532388170e567c3c2a0339589aa4c","benches/crossbeam.rs":"96cb1abd23cac3ef8a7174a802e94609926b555bb02c9658c78723d433f1dd92","examples/fibonacci.rs":"4e88fa40048cdc31e9c7bb60347d46f92543d7ddf39cab3b52bfe44affdb6a02","examples/matching.rs":"63c250e164607a7a9f643d46f107bb5da846d49e89cf9069909562d20e530f71","examples/stopwatch.rs":"d02121258f08d56f1eb7997e19bcb9bacb6836cfa0abbba90a9e59d8a50ae5cf","src/channel.rs":"13fbbe12d4ec361855af1c3587fc80aea5f537db8dc44dd4f66c9e2b4ae9f5c1","src/context.rs":"0c5f278572d3db33ed3dfba45f62c8db372c9153db0695a5cdecf700c2ba73a5","src/counter.rs":"b8f1e48ec634a7dab8e04c485209161587ecbbd2d57b0825467164d4554c6249","src/err.rs":"44cb2024ee6b0cd6fd24996430e53720769f64b4ac35016bc3e05cb9db48681d","src/flavors/array.rs":"79bc219187c9f40b156b9fe551c1176b66bf73e6d48905b23a2d74c6366a2205","src/flavors/at.rs":"04e07861534f2f7d5b5f884f2f5bc9c008427e6d0afa1c8ad401e1d7e54b57eb","src/flavors/list.rs":"a1269b2a9b83e688cbd4ba2f06f6ce02763ca5dcb3ed27214d0dc64a97de30f6","src/flavors/mod.rs":"3d9d43bc38b0adb18c96c995c2bd3421d8e33ab6c30b20c3c467d21d48e485dc","src/flavors/never.rs":"747da857aa1a7601641f23f4930e6ad00ebaf50456d9be5c7aa270e2ecc24dcb","src/flavors/tick.rs":"0916ca3faef30b8cc591137701c456d5fc5b5b49cb1edad1e3a80d35bae222bb","src/flavors/zero.rs":"f9cbc9e035fadce808a4af86a223cfded89990ba1e9acfe731fb17a7fe12b432","src/lib.rs":"5b1c406fd1ce6140feae9000be361858da2aabe7fc9fffd0eafcb88020d2b268","src/select.rs":"301c765751586204371bedb69162e23bcf7e094cbc37b72203698a18b889550f","src/select_macro.rs":"f30b726dff104b17c2dfbd67b271758d8c06d63ec4811ffab88b2e1dac43e3df","src/utils.rs":"9bd81aeb385a81409a63f4b9edc35444c7fd1d2724725f9c34ad7ca39dd69a18","src/waker.rs":"017f87a120d945502701c0dba79062c7fe55d44e5907cc6f8605b4510c90d529","tests/after.rs":"0154a8e152880db17a20514ecdd49dabc361d3629858d119b9746b5e932c780c","tests/array.rs":"a57ae6264e676f573d7adb5c4b024994e98bc6811352516adb3444f880f7125e","tests/golang.rs":"7b2ef219ba8a21841c133512f3a540f8279a2458304e9bbed7da81d6091ecd82","tests/iter.rs":"25dc02135bbae9d47a30f9047661648e66bdc134e40ba78bc2fbacbb8b3819bc","tests/list.rs":"e71d34f790af290e463707c2336ff221f7841767e961b91747aa00e21df0ad32","tests/mpsc.rs":"5fbb5342fa7c9e4bcda5545255e0979dc6b9ba638edee127acf75372c18c925f","tests/never.rs":"ee40c4fc4dd5af4983fae8de6927f52b81174d222c162f745b26c4a6c7108e4f","tests/ready.rs":"4361352fa94254041e6c73e97b13be032c2d51c741f2a50519efe3000cf4dc28","tests/same_channel.rs":"2bab761443671e841e1b2476bd8082d75533a2f6be7946f5dbcee67cdc82dccb","tests/select.rs":"101ea8afd9a40d24c2d2aec29e5f2fdc4faac51aa1d7c9fe077b364f12edd206","tests/select_macro.rs":"e83bd33b34c47d703abe06420a23868809468516943347bdbfb6af4db0cec65a","tests/thread_locals.rs":"f42fcddca959b3b44cd545b92949d65e33a54332b27f490ec92f9f29b7f8290c","tests/tick.rs":"5f697bd14c48505d932e82065b5302ef668e1cc19cac18e8ac22e0c83c221c1d","tests/zero.rs":"9c5af802d5efb2c711f8242b8905ed29cc2601e48dbd95e41c7e6fbfe2918398"},"package":"06ba6d68e24814cb8de6bb986db8222d3a027d15872cabc0d18817bc3c0e4471"} +\ No newline at end of file ++{"files":{".cargo_vcs_info.json":"3c8d4a7c01150c97d75f3c05bc1cfcb551350a61a52c9dbfa3e8faac9e6aeb21","CHANGELOG.md":"4a7e4bc790fa3e9acb9577c489964690aa3a9ef549571fefd9e15362022901c2","Cargo.lock":"a4cbda8f2355ee7e9543e1eb01fb67173c079ae0337146c12fa577a4df81fa83","Cargo.toml":"a61aa427c7e7b3d318db6130cb49e4d1a0a2677853a3f9b6774c0cba93106cf8","Cargo.toml.orig":"94298c51c4c10bc8462f17e3010bbf0d52af1c25278ed0fa1f5bc6832a972cb5","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"5734ed989dfca1f625b40281ee9f4530f91b2411ec01cb748223e7eb87e201ab","LICENSE-THIRD-PARTY":"b16db96b93b1d7cf7bea533f572091ec6bca3234fbe0a83038be772ff391a44c","README.md":"5dfb91ebb498dec49948a440a53977109ec532388170e567c3c2a0339589aa4c","benches/crossbeam.rs":"96cb1abd23cac3ef8a7174a802e94609926b555bb02c9658c78723d433f1dd92","examples/fibonacci.rs":"4e88fa40048cdc31e9c7bb60347d46f92543d7ddf39cab3b52bfe44affdb6a02","examples/matching.rs":"63c250e164607a7a9f643d46f107bb5da846d49e89cf9069909562d20e530f71","examples/stopwatch.rs":"d02121258f08d56f1eb7997e19bcb9bacb6836cfa0abbba90a9e59d8a50ae5cf","src/channel.rs":"13fbbe12d4ec361855af1c3587fc80aea5f537db8dc44dd4f66c9e2b4ae9f5c1","src/context.rs":"0c5f278572d3db33ed3dfba45f62c8db372c9153db0695a5cdecf700c2ba73a5","src/counter.rs":"b8f1e48ec634a7dab8e04c485209161587ecbbd2d57b0825467164d4554c6249","src/err.rs":"44cb2024ee6b0cd6fd24996430e53720769f64b4ac35016bc3e05cb9db48681d","src/flavors/array.rs":"79bc219187c9f40b156b9fe551c1176b66bf73e6d48905b23a2d74c6366a2205","src/flavors/at.rs":"04e07861534f2f7d5b5f884f2f5bc9c008427e6d0afa1c8ad401e1d7e54b57eb","src/flavors/list.rs":"03eda8e9e36022eb7f15b1d17e182efc56c8a1c4a7db5a60c0acd808012ceae8","src/flavors/mod.rs":"3d9d43bc38b0adb18c96c995c2bd3421d8e33ab6c30b20c3c467d21d48e485dc","src/flavors/never.rs":"747da857aa1a7601641f23f4930e6ad00ebaf50456d9be5c7aa270e2ecc24dcb","src/flavors/tick.rs":"0916ca3faef30b8cc591137701c456d5fc5b5b49cb1edad1e3a80d35bae222bb","src/flavors/zero.rs":"f9cbc9e035fadce808a4af86a223cfded89990ba1e9acfe731fb17a7fe12b432","src/lib.rs":"5b1c406fd1ce6140feae9000be361858da2aabe7fc9fffd0eafcb88020d2b268","src/select.rs":"301c765751586204371bedb69162e23bcf7e094cbc37b72203698a18b889550f","src/select_macro.rs":"f30b726dff104b17c2dfbd67b271758d8c06d63ec4811ffab88b2e1dac43e3df","src/utils.rs":"9bd81aeb385a81409a63f4b9edc35444c7fd1d2724725f9c34ad7ca39dd69a18","src/waker.rs":"017f87a120d945502701c0dba79062c7fe55d44e5907cc6f8605b4510c90d529","tests/after.rs":"0154a8e152880db17a20514ecdd49dabc361d3629858d119b9746b5e932c780c","tests/array.rs":"a57ae6264e676f573d7adb5c4b024994e98bc6811352516adb3444f880f7125e","tests/golang.rs":"7b2ef219ba8a21841c133512f3a540f8279a2458304e9bbed7da81d6091ecd82","tests/iter.rs":"25dc02135bbae9d47a30f9047661648e66bdc134e40ba78bc2fbacbb8b3819bc","tests/list.rs":"e71d34f790af290e463707c2336ff221f7841767e961b91747aa00e21df0ad32","tests/mpsc.rs":"5fbb5342fa7c9e4bcda5545255e0979dc6b9ba638edee127acf75372c18c925f","tests/never.rs":"ee40c4fc4dd5af4983fae8de6927f52b81174d222c162f745b26c4a6c7108e4f","tests/ready.rs":"4361352fa94254041e6c73e97b13be032c2d51c741f2a50519efe3000cf4dc28","tests/same_channel.rs":"2bab761443671e841e1b2476bd8082d75533a2f6be7946f5dbcee67cdc82dccb","tests/select.rs":"101ea8afd9a40d24c2d2aec29e5f2fdc4faac51aa1d7c9fe077b364f12edd206","tests/select_macro.rs":"e83bd33b34c47d703abe06420a23868809468516943347bdbfb6af4db0cec65a","tests/thread_locals.rs":"f42fcddca959b3b44cd545b92949d65e33a54332b27f490ec92f9f29b7f8290c","tests/tick.rs":"5f697bd14c48505d932e82065b5302ef668e1cc19cac18e8ac22e0c83c221c1d","tests/zero.rs":"9c5af802d5efb2c711f8242b8905ed29cc2601e48dbd95e41c7e6fbfe2918398"},"package":"06ba6d68e24814cb8de6bb986db8222d3a027d15872cabc0d18817bc3c0e4471"} \ No newline at end of file -+{"files":{"CHANGELOG.md":"4a7e4bc790fa3e9acb9577c489964690aa3a9ef549571fefd9e15362022901c2","Cargo.lock":"a4cbda8f2355ee7e9543e1eb01fb67173c079ae0337146c12fa577a4df81fa83","Cargo.toml":"a61aa427c7e7b3d318db6130cb49e4d1a0a2677853a3f9b6774c0cba93106cf8","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"5734ed989dfca1f625b40281ee9f4530f91b2411ec01cb748223e7eb87e201ab","LICENSE-THIRD-PARTY":"b16db96b93b1d7cf7bea533f572091ec6bca3234fbe0a83038be772ff391a44c","README.md":"5dfb91ebb498dec49948a440a53977109ec532388170e567c3c2a0339589aa4c","benches/crossbeam.rs":"96cb1abd23cac3ef8a7174a802e94609926b555bb02c9658c78723d433f1dd92","examples/fibonacci.rs":"4e88fa40048cdc31e9c7bb60347d46f92543d7ddf39cab3b52bfe44affdb6a02","examples/matching.rs":"63c250e164607a7a9f643d46f107bb5da846d49e89cf9069909562d20e530f71","examples/stopwatch.rs":"d02121258f08d56f1eb7997e19bcb9bacb6836cfa0abbba90a9e59d8a50ae5cf","src/channel.rs":"13fbbe12d4ec361855af1c3587fc80aea5f537db8dc44dd4f66c9e2b4ae9f5c1","src/context.rs":"0c5f278572d3db33ed3dfba45f62c8db372c9153db0695a5cdecf700c2ba73a5","src/counter.rs":"b8f1e48ec634a7dab8e04c485209161587ecbbd2d57b0825467164d4554c6249","src/err.rs":"44cb2024ee6b0cd6fd24996430e53720769f64b4ac35016bc3e05cb9db48681d","src/flavors/array.rs":"79bc219187c9f40b156b9fe551c1176b66bf73e6d48905b23a2d74c6366a2205","src/flavors/at.rs":"04e07861534f2f7d5b5f884f2f5bc9c008427e6d0afa1c8ad401e1d7e54b57eb","src/flavors/list.rs":"03eda8e9e36022eb7f15b1d17e182efc56c8a1c4a7db5a60c0acd808012ceae8","src/flavors/mod.rs":"3d9d43bc38b0adb18c96c995c2bd3421d8e33ab6c30b20c3c467d21d48e485dc","src/flavors/never.rs":"747da857aa1a7601641f23f4930e6ad00ebaf50456d9be5c7aa270e2ecc24dcb","src/flavors/tick.rs":"0916ca3faef30b8cc591137701c456d5fc5b5b49cb1edad1e3a80d35bae222bb","src/flavors/zero.rs":"f9cbc9e035fadce808a4af86a223cfded89990ba1e9acfe731fb17a7fe12b432","src/lib.rs":"5b1c406fd1ce6140feae9000be361858da2aabe7fc9fffd0eafcb88020d2b268","src/select.rs":"301c765751586204371bedb69162e23bcf7e094cbc37b72203698a18b889550f","src/select_macro.rs":"f30b726dff104b17c2dfbd67b271758d8c06d63ec4811ffab88b2e1dac43e3df","src/utils.rs":"9bd81aeb385a81409a63f4b9edc35444c7fd1d2724725f9c34ad7ca39dd69a18","src/waker.rs":"017f87a120d945502701c0dba79062c7fe55d44e5907cc6f8605b4510c90d529","tests/after.rs":"0154a8e152880db17a20514ecdd49dabc361d3629858d119b9746b5e932c780c","tests/array.rs":"a57ae6264e676f573d7adb5c4b024994e98bc6811352516adb3444f880f7125e","tests/golang.rs":"7b2ef219ba8a21841c133512f3a540f8279a2458304e9bbed7da81d6091ecd82","tests/iter.rs":"25dc02135bbae9d47a30f9047661648e66bdc134e40ba78bc2fbacbb8b3819bc","tests/list.rs":"e71d34f790af290e463707c2336ff221f7841767e961b91747aa00e21df0ad32","tests/mpsc.rs":"5fbb5342fa7c9e4bcda5545255e0979dc6b9ba638edee127acf75372c18c925f","tests/never.rs":"ee40c4fc4dd5af4983fae8de6927f52b81174d222c162f745b26c4a6c7108e4f","tests/ready.rs":"4361352fa94254041e6c73e97b13be032c2d51c741f2a50519efe3000cf4dc28","tests/same_channel.rs":"2bab761443671e841e1b2476bd8082d75533a2f6be7946f5dbcee67cdc82dccb","tests/select.rs":"101ea8afd9a40d24c2d2aec29e5f2fdc4faac51aa1d7c9fe077b364f12edd206","tests/select_macro.rs":"e83bd33b34c47d703abe06420a23868809468516943347bdbfb6af4db0cec65a","tests/thread_locals.rs":"f42fcddca959b3b44cd545b92949d65e33a54332b27f490ec92f9f29b7f8290c","tests/tick.rs":"5f697bd14c48505d932e82065b5302ef668e1cc19cac18e8ac22e0c83c221c1d","tests/zero.rs":"9c5af802d5efb2c711f8242b8905ed29cc2601e48dbd95e41c7e6fbfe2918398"},"package":"06ba6d68e24814cb8de6bb986db8222d3a027d15872cabc0d18817bc3c0e4471"} diff --git a/vendor/crossbeam-channel-0.5.14/src/flavors/list.rs b/vendor/crossbeam-channel-0.5.14/src/flavors/list.rs index 6c15991f9..8f1faaa8b 100644 --- a/vendor/crossbeam-channel-0.5.14/src/flavors/list.rs @@ -55,5 +31,5 @@ index 6c15991f9..8f1faaa8b 100644 } -- -2.45.2 +2.45.4 diff --git a/SPECS/rust/CVE-2025-53605.patch b/SPECS/rust/CVE-2025-53605.patch index bc13020a557..8d0bc44c7e9 100644 --- a/SPECS/rust/CVE-2025-53605.patch +++ b/SPECS/rust/CVE-2025-53605.patch @@ -1,8 +1,7 @@ -From f06992f46771c0a092593b9ebf7afd48740b3ed6 Mon Sep 17 00:00:00 2001 -From: esrauchg <140440793+esrauchg@users.noreply.github.com> -Date: Sun, 9 Mar 2025 17:23:01 -0400 -Subject: [PATCH] Apply depth limit to unknown groups (#756) - +From 2591e1c695bc67352524f20ea71a6546b333dfbd Mon Sep 17 00:00:00 2001 +From: Kavya Sree Kaitepalli +Date: Tue, 28 Oct 2025 12:06:28 +0000 +Subject: [PATCH] CVE-2025-53605 * Fix issue where a deeply nested unknown group could cause arbitrarily recursion depth. * Add drop(os) to fix tests @@ -20,13 +19,14 @@ Upstream Patch Reference: https://github.com/stepancheg/rust-protobuf/commit/f06 2 files changed, 60 insertions(+), 13 deletions(-) diff --git a/vendor/protobuf-3.7.1/.cargo-checksum.json b/vendor/protobuf-3.7.1/.cargo-checksum.json -index 4a85cefd8..305d4f167 100644 +index 1d8cd04f7..91c898c83 100644 --- a/vendor/protobuf-3.7.1/.cargo-checksum.json +++ b/vendor/protobuf-3.7.1/.cargo-checksum.json @@ -1 +1 @@ --{"files":{"Cargo.toml":"96cda32a56ae7f781b2142812f054e6f31435b30a2f0b2386346cbf277186920","LICENSE.txt":"7f2fa80a60e84f8dc0747abb0e42342f83bded04a20461a636b47c0331b92ddf","README.md":"14dbb3068c031afbd44010a4ff0c8146aa7e02f6051579177767f218fff9cd38","build.rs":"347d9aa6d4b102b6e83c65aeef89b1e1752536bd8ef80fc834a2c78d5cb2ff80","regenerate.sh":"df3bc8537c038fd356367e5af433c284dd5b76505c35f6f89deab0f099a3e3e0","src/byteorder.rs":"9e6b481be82182ac99ff9704468b4d64656fb922f90c54ca83a8d7ca1dfd2e3a","src/cached_size.rs":"895788d7356a1fcd0f2d7446996066f8c53a0f36032174a97273997e65440fa0","src/chars.rs":"816a0af0b830ecd43028e40295fe0bf9eb79263f00fee01678c75d4ac5b7e908","src/coded_input_stream/buf_read_iter.rs":"2cba31136e56dd63c9a17d1bf4627f430b2ed3ddb35abf4479f57bcb912cdb4e","src/coded_input_stream/buf_read_or_reader.rs":"2bf3befcfce8c97faae7563084a7d93931afc5b886419e491111c15b4139058e","src/coded_input_stream/input_buf.rs":"cf71e63d3aef90188c55b6d42aa7cad47bcba16b27e687e44a15bd45e65b8737","src/coded_input_stream/input_source.rs":"8ce41ec8d147d03adf2dbd27ae0fa0b6e33400b62a9c945ab7aa2224bf43a863","src/coded_input_stream/mod.rs":"ee6c11ddd3e224c6d91afe2574b3033525e9d164a15c8ec771cc8ea89de9ded6","src/coded_output_stream/buffer.rs":"cafbbb3f02df26c98a4e5556e99a5a2ce811ffea4c49ba982532a6d9a53ec7d8","src/coded_output_stream/mod.rs":"06289bfaa7971ef275b1017d8b5d4197b864fc881f83d0ed073a28fca894a0ba","src/coded_output_stream/output_target.rs":"ab28889b824b91688cb5c17cf79bdbec96aeeea59f22946b9f359b957cc40580","src/coded_output_stream/with.rs":"47541db9f4f51cacd406571f02d6abe8f4837413c7cecbe511fc0c24ef2384f2","src/descriptor.rs":"4b3f1a458d5e105c01c03671bce753b564fcddefabe36ab41f986ac070a33614","src/doctest_pb.rs":"74ffeba6811126ab8ed076e8d3debbb634f8f9bba3bd77f9c288e88d7937591a","src/enum_full.rs":"ca658951c42ef539ce6221d8f1b1e5005a1a14393460078c40611bb7091629d0","src/enum_or_unknown.rs":"3088b9d139f296284a44d4f9da9c75476dfa00168358328f46b1c52c73572521","src/enums.rs":"e0af03e21b48d3bb44d06a7971229e8e5ee6c8230323534f774f4874de3c9760","src/error.rs":"1839b319f456b56e2bb3c59f119f4c0bec53a02d52c92619b887bfdb1656183b","src/ext.rs":"b5c43e19ca56612e81560e520831da1746520be7944e506e44e07356b1415bbf","src/fixed.rs":"40b32b11dd53f0dc3de2c73f9003c6c0f762cf802e30e16beb5a22a18f8f2f50","src/lazy.rs":"b202a8cd252b11b013983f27c1ed5eac046674ed156a4e5e63357e15ead746df","src/lib.rs":"f22f0d3c3372cc68450071bb2abf8a1542d0f3348f5ec1133e9b785445494f56","src/message.rs":"a112b1d5c769d866a586a4c9af9245fa8029991563d2ff33c47e9d4c2b32fef7","src/message_dyn.rs":"c2d06029139a1ef09409227c0c501dd361b485ff1e4fcbf1d2b0cb579cd80fba","src/message_field.rs":"8456bcc3118a0f62d8eb3e5495be678ad75f5164e5dc67658667c7611e2099d9","src/message_full.rs":"4bbbb917a86aa3b14f63e93db41522c78223036b6e7d219769927059ff70205e","src/misc.rs":"1679b6f8b5c2b4375e71835fb7ca83a4de6db498f092abf5ab3a9f5eaccf0d5a","src/oneof.rs":"de5a694a56931308fc1a790678aaaf8b67d7c6b56c9f7b2fde36a14312863e05","src/oneof_full.rs":"b9d5d95db115b1ebf6e7c222373008d4f9f86e21347ddf50ef23f8cd11b8f777","src/owning_ref.rs":"1face1307d85ef98f5b9752eb45de47884c3ce68d31cec315ebfac6559ab501f","src/plugin.rs":"5bbb2aaecc59c590755e0fe972c4f231d506bbc1893d5f3e800d2e69ce805ec0","src/reflect/acc/mod.rs":"23500dd605f11f8def7d0f858a00cf1c85a7b95c293bc125ba0804a949b35162","src/reflect/acc/v2/map.rs":"46dab64d941e61fd61aa3794b2fab60bbd588a21ca9f1a378cdc022bbdfb60a1","src/reflect/acc/v2/mod.rs":"86639cfa45e3b2d08020c289001d87910fa972e9fb6a28a38880ccee51002a0c","src/reflect/acc/v2/repeated.rs":"07b62beb3bb81d1fa1de486c7cdce20ae2f4f46c2e93ed6f104b41d3a3a5beba","src/reflect/acc/v2/singular/mod.rs":"85bace3cf99fe0b05dce61bf19433077cf29506c6641b001935064fd37ab658f","src/reflect/acc/v2/singular/oneof.rs":"f70db73a0316185b8ae43b82cd29665d1140d920e7d28bb789a438eb06f9c62a","src/reflect/dynamic/map.rs":"565376a2db71cf607cb692b984acb41d16dfb04df59c9ad0eca8ba1fc85017cc","src/reflect/dynamic/mod.rs":"3ee7a82dbd5410d10eee44fdf3ae8b5f198185d7ff4a608f10a668eba6af3a73","src/reflect/dynamic/optional.rs":"db923e3d343f869c2bf4f157559686251ff9744dfd0560ba1d1b1b46ae1b81fd","src/reflect/dynamic/repeated.rs":"61a7c698b59280564a1deb7200884875a8844120058c3d69ea4d6aa5f6c4266e","src/reflect/enums/generated.rs":"44e5dbe08a1a15067744580c87c6d09f66dc364f2791fc1ecab919e1dacdec09","src/reflect/enums/mod.rs":"aed1b29e4e42f34b26476a6013e64b7ec8876cfa53633583a751c344fd3ab34c","src/reflect/error.rs":"532a9c117606e8597a40d60b3efebc9371c4f746919cc611aaaddf105cbb3608","src/reflect/field/dynamic.rs":"8e81f7b6f684ed58287eb2de20f3abb8dabb062601715421d3d1e4c041101602","src/reflect/field/index.rs":"4aeef75560e52bf865718f9323fc5b2b2318a6e4bb66fadc57f4875999cf15b3","src/reflect/field/mod.rs":"6c646e59e64e327a961e680f5b189cdb1d540b61b26cd345d623456a4f764a22","src/reflect/field/protobuf_field_type.rs":"6ec9ca95c25a9c9fe70fad51b1221676e9d3d5a6daac37d5633379471d8c4257","src/reflect/field/runtime_field_type.rs":"26166bb9d48caa0287dfe6235937e5bd647692ca75e8ee4855d0e198f9a79d73","src/reflect/file/building.rs":"53806efda5872c32f63f55582b767be8becff1d7bfb4ed0c11947c912ad55a75","src/reflect/file/dynamic.rs":"3e26271c31816dae043eb70c9990a6fc621c9b5241a555d968f731dfd4762489","src/reflect/file/fds.rs":"9a369eaea05a000710bf977cce28d3fad1463f8ffa42df35e4f5ac5de306f9e6","src/reflect/file/generated.rs":"88f3d88ddbcfa01812398ddc5c350c54cc42b15d99223a642574f55d4d6cdf69","src/reflect/file/index.rs":"3d53af11b39b164b488e3850c3a5be5ae4628c172b4475e4ae5b993225bdeae9","src/reflect/file/mod.rs":"b7aa1c4154677630b843c81d35c60f1374d00d44d3477e6e899e18cb7ae97db1","src/reflect/file/syntax.rs":"8d6d6c3a7bbf9217df3550410a9ba1eb9c08295aa410cc5d2e65efe1eec3ca3a","src/reflect/find_message_or_enum.rs":"e8b10159819cce4414da7681cb3ce0b4e62a45adf4e3e7933a3c1b4f8e97cfb8","src/reflect/map/empty.rs":"230cbcda25bfd3c6f348043eef032252b8a0d86a0c71d93d6206adc59d688732","src/reflect/map/generated.rs":"f1b332e97d267c3272b26be03bee80fe9420bb6fc203ae6f3f9dd3044d564778","src/reflect/map/mod.rs":"7648fa897f4a8acf1ab48b8bba8f165cb4b09a46125e645d600a7b9ced55e1a2","src/reflect/message/generated.rs":"c76f5e887534bc9648dd105718f79bb93465549d57b25c4a00957e603749721c","src/reflect/message/is_initialized_is_always_true.rs":"af716e9d0ce233fda9c7dee13814c24c188ea195cf907d81f74fb198ef2760ae","src/reflect/message/message_ref.rs":"80472f804a4dd3b91f6fec4451639ca356f2b33c502775e0fd6b2c3bfbe1be0a","src/reflect/message/mod.rs":"5ef7f5ecdc2de7c0789b8558711a976e2376fcaae67975a10d9f1bd4179703e5","src/reflect/mod.rs":"620cab65b696a13144ed54d589ca8c4176ecb8127b2ba2a294806f649c0fbd9f","src/reflect/name.rs":"0377dcf871ca5add5e168a3bff04d9f01fe5970db4dfb66272def6484dc7d54b","src/reflect/oneof/generated.rs":"c02b7cd7415f52366f6092559643869812db842bd1c383ce7d8759e519ab453a","src/reflect/oneof/mod.rs":"55c906888e89a7bfd1f8865cced5078905b512f3ce9af20d16614fdf5791c31d","src/reflect/optional/mod.rs":"5dada97750209aeddf1506eea0a59d709aeb3e44bae5443214e0c2950c870952","src/reflect/protobuf_type_box.rs":"5ed50bdefa5eebe8bf0547cb37def38d814653ac7a0d401eb4f05b8a72ebf509","src/reflect/reflect_eq.rs":"1352d0be16ff7dc2089d499b3fbcf40d501406e8648649092aa2cb21f207aac0","src/reflect/repeated/drain_iter.rs":"0f065e5ef884ee90189594b8a92d814c40a4b3ff80ed659f2f8a0ac56795011d","src/reflect/repeated/iter.rs":"f7f7bf56347850f567612feab9542c4658f251ce74b7b8fb7ed6612cb85584f0","src/reflect/repeated/mod.rs":"6084482af4936340e1bfd43ff8d06351c3d0316f26cb9f8b73bd8c16f3e9df98","src/reflect/repeated/transmute.rs":"ecd5b5b2772670b030a6d96b47b54bf8500ec0996920ef0db7d5f4b6f338c493","src/reflect/repeated/vec_downcast.rs":"7f4c2997d313f45bc46a097fad7c579d663c642cba425a7851f590282d58309d","src/reflect/rt/mod.rs":"4f0266be9bd092a6ee49a1f3453ff08eabfcebb65473b6c8552a260ac7a4817b","src/reflect/rt/v2.rs":"3faa866b4aa766875062071eb6db36c7c42a3d9145f66162a85aac91e200e354","src/reflect/runtime_type_box.rs":"6d8988ed25218f13da61db5dbbefa621df3fd7f1141669854c6ec9571b3eee6c","src/reflect/runtime_types.rs":"07b8eeac30f666c890ccac14c5076b77d010abf322b8f23883032e2ad003476e","src/reflect/service/index.rs":"4a41f90b6c8b3f5c8349075aec84fcbb90ab3028451d2ba40cb83257ff4d90c7","src/reflect/service/mod.rs":"1d0b5b3d9cd1968731971137ca320a91591ee9ca45828d3e4284da87397044f6","src/reflect/type_dynamic.rs":"76c9e764978c66444a4ffb5b558cbce241d1e1123c5dd6eb250f56b48b7b0a5c","src/reflect/types.rs":"fb6a18354a7a8fa7dc6a4db51793af8a5c41680bc49c1d157145a21a75f5f3e4","src/reflect/value/mod.rs":"56f7ff8c4541108fff20f83f7f12ef173ce398e642b482dc3a4cf92c9e1cea17","src/reflect/value/value_box.rs":"1037d01c52a4f0432e42a2c023f5c68ed458ed60b196597ca78f81b6207ecb83","src/reflect/value/value_ref.rs":"7a3490eb4918ee725ad59219b0fc5810b231eaf2ddf798ab75085b4acc145b2e","src/rt/map.rs":"c4bd4246181a43dc9cf1735ec5882955af595fba8ef839a06e0e1df399848520","src/rt/message.rs":"c9b9b3b8f25b6813b8ca2411f015ae80b2abba377d44f9f9b9c05cb45366229a","src/rt/mod.rs":"db610d871d8fb022ba4634199896534ecb3d6ad22c7e2cabbf4d7ad79e1c8c66","src/rt/packed.rs":"be2fae85812c39d815bcb0463e3ea67774770c25014b764b8712dd2b90d360c6","src/rt/repeated.rs":"213d08349efb21bc02fb5abd1d1c3f039ae1d4368f53f548cdf1999897c60f1c","src/rt/singular.rs":"2c982de7a686a8d0c430ce690297a524e892a70bca33d288c6e9b912d19e994c","src/rt/unknown_or_group.rs":"a0bf9af0bdb6ee4261bdc9d5136288e3d17f7de611b7f61943caf6d8eb38367d","src/rustproto.rs":"4a49fac5c9caaca991dd5505c154941e8f94708c254269119e64cf053f7aaea9","src/special.rs":"2f64cfbb0659249cf4a951cefb51b1a17ddf85785eb868b68af7546cd31a5101","src/text_format/mod.rs":"da0aeb839963afcba1923b68a06264185a927cef3f3075ca958c11fa1e780535","src/text_format/parse.rs":"c7be3464fa8f6624ed2001b450e999f93bea5f6118132b7f372110c7af5e5e71","src/text_format/print.rs":"7bd28696ce2a98f9520e2303b0f70fe1d46b045d550f55064a3b524b58f9dfab","src/timestamp.rs":"f0590e19fd7740bdc65a0dc6f9d73bf55559638515ca7849481022288a9bee43","src/unknown.rs":"fd6091ad04dadbde5793ea42af50fa51cf2e7737696029a9e0d1f001f0c1423d","src/varint/decode.rs":"5e9fdf9fb5fe82ddc223feaf5867c0a081bd67731635f88cb9a5b1faeeb79f82","src/varint/encode.rs":"bc0969a152aff774976216f9f2bdbc273a24da07d57b8e3ec96ebe691d4559c1","src/varint/generic.rs":"98e31da80c278cff672ddc8231241cc789ad6de138fa6ca6c0483ff1783f4957","src/varint/mod.rs":"643b5b2443b4e103fc4eeac7844dcda4b9c6b2bab3cfe9fba00145ccea9a4505","src/well_known_types/any.rs":"7db9c4f0df3f0809821e09bb0bd2ddaa07ff4471be005fc02f2be9828a1aedd1","src/well_known_types/api.rs":"80bf5fe39c7263a440d5c1bec8bb6c5a0dd274f73c3f702c4e223cfdf02f74eb","src/well_known_types/duration.rs":"33c4039d594eb8df4a35f1bae1ad2a5dc36a5bf167369d99faf480cc7e1cb284","src/well_known_types/empty.rs":"47f56d10483e9c6c3e276e54d877e70aaf3b2a57c269a636dd9948d0e4ff419f","src/well_known_types/field_mask.rs":"7b4d883c03ec89d83b919271d03273def230c30caae36b7247cba1b325ccc551","src/well_known_types/mod.rs":"b141483834c860b221d0946a584389ebcefc2c5f7692ce1f95869c9f83ff2c16","src/well_known_types/source_context.rs":"fbec3ec4e1e59be865d0b7cb4d3b08aa197b46ca27fc3d90ed7da30514df6355","src/well_known_types/struct_.rs":"00bfebd64c851a7e0b0b26d3fc1319fd072975cb84169066b5aa00a4871ac6c8","src/well_known_types/timestamp.rs":"bc8b3a27f7b1ec134aa5a9d1187b63e02d5d2e72b153a9b6153e0b7a078c003e","src/well_known_types/type_.rs":"789fa7e0ec2fe7fc5f68a06636ade107fc305780b597c7c9687dbe3560252514","src/well_known_types/wrappers.rs":"56cbbf290be81ce7d62fd33b883015ef3de2abc1d5f8c683e38e96397f1d056d","src/well_known_types_util/any.rs":"2b2e5cdf1d413bc13485bfc78c84d8403168d6b1a6dbc10d585bf10326120c81","src/well_known_types_util/duration.rs":"e0d9de89f8c7c4b2075f23c2a4451dfec4ae1f28c9784ea39a626a8c3aa9e005","src/well_known_types_util/mod.rs":"81fb1c0721602ffe91c4587f727457b59c8697863e3f853cd9569db5cee973e9","src/well_known_types_util/timestamp.rs":"f55906fef3190fa1786ed736ded16f3ac6de2095cb974af5a476c2a2f91260b3","src/wire_format.rs":"f1d09b0bd1e4c5e4072b5c943e749f7b727737bd08a6d82f81d4f2a60e2ab94e","src/zigzag.rs":"0dcbdf54d4bc8141fdc64d074e6f6f7633bbb66cc782cd4bd6d343ce0569c3de"},"package":"a3a7c64d9bf75b1b8d981124c14c179074e8caa7dfe7b6a12e6222ddcd0c8f72"} +-{"files":{".cargo_vcs_info.json":"f0fe98431b6d748bab808544c162886f8f7457a57f571e43be4c9276c69bd823","Cargo.toml":"96cda32a56ae7f781b2142812f054e6f31435b30a2f0b2386346cbf277186920","Cargo.toml.orig":"d5de446b2f66bab383f5d81372e74c205bc4a2f11783f2acca9c5c9eef2b06f8","LICENSE.txt":"7f2fa80a60e84f8dc0747abb0e42342f83bded04a20461a636b47c0331b92ddf","README.md":"14dbb3068c031afbd44010a4ff0c8146aa7e02f6051579177767f218fff9cd38","build.rs":"347d9aa6d4b102b6e83c65aeef89b1e1752536bd8ef80fc834a2c78d5cb2ff80","regenerate.sh":"df3bc8537c038fd356367e5af433c284dd5b76505c35f6f89deab0f099a3e3e0","src/byteorder.rs":"9e6b481be82182ac99ff9704468b4d64656fb922f90c54ca83a8d7ca1dfd2e3a","src/cached_size.rs":"895788d7356a1fcd0f2d7446996066f8c53a0f36032174a97273997e65440fa0","src/chars.rs":"816a0af0b830ecd43028e40295fe0bf9eb79263f00fee01678c75d4ac5b7e908","src/coded_input_stream/buf_read_iter.rs":"2cba31136e56dd63c9a17d1bf4627f430b2ed3ddb35abf4479f57bcb912cdb4e","src/coded_input_stream/buf_read_or_reader.rs":"2bf3befcfce8c97faae7563084a7d93931afc5b886419e491111c15b4139058e","src/coded_input_stream/input_buf.rs":"cf71e63d3aef90188c55b6d42aa7cad47bcba16b27e687e44a15bd45e65b8737","src/coded_input_stream/input_source.rs":"8ce41ec8d147d03adf2dbd27ae0fa0b6e33400b62a9c945ab7aa2224bf43a863","src/coded_input_stream/mod.rs":"ee6c11ddd3e224c6d91afe2574b3033525e9d164a15c8ec771cc8ea89de9ded6","src/coded_output_stream/buffer.rs":"cafbbb3f02df26c98a4e5556e99a5a2ce811ffea4c49ba982532a6d9a53ec7d8","src/coded_output_stream/mod.rs":"06289bfaa7971ef275b1017d8b5d4197b864fc881f83d0ed073a28fca894a0ba","src/coded_output_stream/output_target.rs":"ab28889b824b91688cb5c17cf79bdbec96aeeea59f22946b9f359b957cc40580","src/coded_output_stream/with.rs":"47541db9f4f51cacd406571f02d6abe8f4837413c7cecbe511fc0c24ef2384f2","src/descriptor.rs":"4b3f1a458d5e105c01c03671bce753b564fcddefabe36ab41f986ac070a33614","src/doctest_pb.rs":"74ffeba6811126ab8ed076e8d3debbb634f8f9bba3bd77f9c288e88d7937591a","src/enum_full.rs":"ca658951c42ef539ce6221d8f1b1e5005a1a14393460078c40611bb7091629d0","src/enum_or_unknown.rs":"3088b9d139f296284a44d4f9da9c75476dfa00168358328f46b1c52c73572521","src/enums.rs":"e0af03e21b48d3bb44d06a7971229e8e5ee6c8230323534f774f4874de3c9760","src/error.rs":"1839b319f456b56e2bb3c59f119f4c0bec53a02d52c92619b887bfdb1656183b","src/ext.rs":"b5c43e19ca56612e81560e520831da1746520be7944e506e44e07356b1415bbf","src/fixed.rs":"40b32b11dd53f0dc3de2c73f9003c6c0f762cf802e30e16beb5a22a18f8f2f50","src/lazy.rs":"b202a8cd252b11b013983f27c1ed5eac046674ed156a4e5e63357e15ead746df","src/lib.rs":"f22f0d3c3372cc68450071bb2abf8a1542d0f3348f5ec1133e9b785445494f56","src/message.rs":"a112b1d5c769d866a586a4c9af9245fa8029991563d2ff33c47e9d4c2b32fef7","src/message_dyn.rs":"c2d06029139a1ef09409227c0c501dd361b485ff1e4fcbf1d2b0cb579cd80fba","src/message_field.rs":"8456bcc3118a0f62d8eb3e5495be678ad75f5164e5dc67658667c7611e2099d9","src/message_full.rs":"4bbbb917a86aa3b14f63e93db41522c78223036b6e7d219769927059ff70205e","src/misc.rs":"1679b6f8b5c2b4375e71835fb7ca83a4de6db498f092abf5ab3a9f5eaccf0d5a","src/oneof.rs":"de5a694a56931308fc1a790678aaaf8b67d7c6b56c9f7b2fde36a14312863e05","src/oneof_full.rs":"b9d5d95db115b1ebf6e7c222373008d4f9f86e21347ddf50ef23f8cd11b8f777","src/owning_ref.rs":"1face1307d85ef98f5b9752eb45de47884c3ce68d31cec315ebfac6559ab501f","src/plugin.rs":"5bbb2aaecc59c590755e0fe972c4f231d506bbc1893d5f3e800d2e69ce805ec0","src/reflect/acc/mod.rs":"23500dd605f11f8def7d0f858a00cf1c85a7b95c293bc125ba0804a949b35162","src/reflect/acc/v2/map.rs":"46dab64d941e61fd61aa3794b2fab60bbd588a21ca9f1a378cdc022bbdfb60a1","src/reflect/acc/v2/mod.rs":"86639cfa45e3b2d08020c289001d87910fa972e9fb6a28a38880ccee51002a0c","src/reflect/acc/v2/repeated.rs":"07b62beb3bb81d1fa1de486c7cdce20ae2f4f46c2e93ed6f104b41d3a3a5beba","src/reflect/acc/v2/singular/mod.rs":"85bace3cf99fe0b05dce61bf19433077cf29506c6641b001935064fd37ab658f","src/reflect/acc/v2/singular/oneof.rs":"f70db73a0316185b8ae43b82cd29665d1140d920e7d28bb789a438eb06f9c62a","src/reflect/dynamic/map.rs":"565376a2db71cf607cb692b984acb41d16dfb04df59c9ad0eca8ba1fc85017cc","src/reflect/dynamic/mod.rs":"3ee7a82dbd5410d10eee44fdf3ae8b5f198185d7ff4a608f10a668eba6af3a73","src/reflect/dynamic/optional.rs":"db923e3d343f869c2bf4f157559686251ff9744dfd0560ba1d1b1b46ae1b81fd","src/reflect/dynamic/repeated.rs":"61a7c698b59280564a1deb7200884875a8844120058c3d69ea4d6aa5f6c4266e","src/reflect/enums/generated.rs":"44e5dbe08a1a15067744580c87c6d09f66dc364f2791fc1ecab919e1dacdec09","src/reflect/enums/mod.rs":"aed1b29e4e42f34b26476a6013e64b7ec8876cfa53633583a751c344fd3ab34c","src/reflect/error.rs":"532a9c117606e8597a40d60b3efebc9371c4f746919cc611aaaddf105cbb3608","src/reflect/field/dynamic.rs":"8e81f7b6f684ed58287eb2de20f3abb8dabb062601715421d3d1e4c041101602","src/reflect/field/index.rs":"4aeef75560e52bf865718f9323fc5b2b2318a6e4bb66fadc57f4875999cf15b3","src/reflect/field/mod.rs":"6c646e59e64e327a961e680f5b189cdb1d540b61b26cd345d623456a4f764a22","src/reflect/field/protobuf_field_type.rs":"6ec9ca95c25a9c9fe70fad51b1221676e9d3d5a6daac37d5633379471d8c4257","src/reflect/field/runtime_field_type.rs":"26166bb9d48caa0287dfe6235937e5bd647692ca75e8ee4855d0e198f9a79d73","src/reflect/file/building.rs":"53806efda5872c32f63f55582b767be8becff1d7bfb4ed0c11947c912ad55a75","src/reflect/file/dynamic.rs":"3e26271c31816dae043eb70c9990a6fc621c9b5241a555d968f731dfd4762489","src/reflect/file/fds.rs":"9a369eaea05a000710bf977cce28d3fad1463f8ffa42df35e4f5ac5de306f9e6","src/reflect/file/generated.rs":"88f3d88ddbcfa01812398ddc5c350c54cc42b15d99223a642574f55d4d6cdf69","src/reflect/file/index.rs":"3d53af11b39b164b488e3850c3a5be5ae4628c172b4475e4ae5b993225bdeae9","src/reflect/file/mod.rs":"b7aa1c4154677630b843c81d35c60f1374d00d44d3477e6e899e18cb7ae97db1","src/reflect/file/syntax.rs":"8d6d6c3a7bbf9217df3550410a9ba1eb9c08295aa410cc5d2e65efe1eec3ca3a","src/reflect/find_message_or_enum.rs":"e8b10159819cce4414da7681cb3ce0b4e62a45adf4e3e7933a3c1b4f8e97cfb8","src/reflect/map/empty.rs":"230cbcda25bfd3c6f348043eef032252b8a0d86a0c71d93d6206adc59d688732","src/reflect/map/generated.rs":"f1b332e97d267c3272b26be03bee80fe9420bb6fc203ae6f3f9dd3044d564778","src/reflect/map/mod.rs":"7648fa897f4a8acf1ab48b8bba8f165cb4b09a46125e645d600a7b9ced55e1a2","src/reflect/message/generated.rs":"c76f5e887534bc9648dd105718f79bb93465549d57b25c4a00957e603749721c","src/reflect/message/is_initialized_is_always_true.rs":"af716e9d0ce233fda9c7dee13814c24c188ea195cf907d81f74fb198ef2760ae","src/reflect/message/message_ref.rs":"80472f804a4dd3b91f6fec4451639ca356f2b33c502775e0fd6b2c3bfbe1be0a","src/reflect/message/mod.rs":"5ef7f5ecdc2de7c0789b8558711a976e2376fcaae67975a10d9f1bd4179703e5","src/reflect/mod.rs":"620cab65b696a13144ed54d589ca8c4176ecb8127b2ba2a294806f649c0fbd9f","src/reflect/name.rs":"0377dcf871ca5add5e168a3bff04d9f01fe5970db4dfb66272def6484dc7d54b","src/reflect/oneof/generated.rs":"c02b7cd7415f52366f6092559643869812db842bd1c383ce7d8759e519ab453a","src/reflect/oneof/mod.rs":"55c906888e89a7bfd1f8865cced5078905b512f3ce9af20d16614fdf5791c31d","src/reflect/optional/mod.rs":"5dada97750209aeddf1506eea0a59d709aeb3e44bae5443214e0c2950c870952","src/reflect/protobuf_type_box.rs":"5ed50bdefa5eebe8bf0547cb37def38d814653ac7a0d401eb4f05b8a72ebf509","src/reflect/reflect_eq.rs":"1352d0be16ff7dc2089d499b3fbcf40d501406e8648649092aa2cb21f207aac0","src/reflect/repeated/drain_iter.rs":"0f065e5ef884ee90189594b8a92d814c40a4b3ff80ed659f2f8a0ac56795011d","src/reflect/repeated/iter.rs":"f7f7bf56347850f567612feab9542c4658f251ce74b7b8fb7ed6612cb85584f0","src/reflect/repeated/mod.rs":"6084482af4936340e1bfd43ff8d06351c3d0316f26cb9f8b73bd8c16f3e9df98","src/reflect/repeated/transmute.rs":"ecd5b5b2772670b030a6d96b47b54bf8500ec0996920ef0db7d5f4b6f338c493","src/reflect/repeated/vec_downcast.rs":"7f4c2997d313f45bc46a097fad7c579d663c642cba425a7851f590282d58309d","src/reflect/rt/mod.rs":"4f0266be9bd092a6ee49a1f3453ff08eabfcebb65473b6c8552a260ac7a4817b","src/reflect/rt/v2.rs":"3faa866b4aa766875062071eb6db36c7c42a3d9145f66162a85aac91e200e354","src/reflect/runtime_type_box.rs":"6d8988ed25218f13da61db5dbbefa621df3fd7f1141669854c6ec9571b3eee6c","src/reflect/runtime_types.rs":"07b8eeac30f666c890ccac14c5076b77d010abf322b8f23883032e2ad003476e","src/reflect/service/index.rs":"4a41f90b6c8b3f5c8349075aec84fcbb90ab3028451d2ba40cb83257ff4d90c7","src/reflect/service/mod.rs":"1d0b5b3d9cd1968731971137ca320a91591ee9ca45828d3e4284da87397044f6","src/reflect/type_dynamic.rs":"76c9e764978c66444a4ffb5b558cbce241d1e1123c5dd6eb250f56b48b7b0a5c","src/reflect/types.rs":"fb6a18354a7a8fa7dc6a4db51793af8a5c41680bc49c1d157145a21a75f5f3e4","src/reflect/value/mod.rs":"56f7ff8c4541108fff20f83f7f12ef173ce398e642b482dc3a4cf92c9e1cea17","src/reflect/value/value_box.rs":"1037d01c52a4f0432e42a2c023f5c68ed458ed60b196597ca78f81b6207ecb83","src/reflect/value/value_ref.rs":"7a3490eb4918ee725ad59219b0fc5810b231eaf2ddf798ab75085b4acc145b2e","src/rt/map.rs":"c4bd4246181a43dc9cf1735ec5882955af595fba8ef839a06e0e1df399848520","src/rt/message.rs":"c9b9b3b8f25b6813b8ca2411f015ae80b2abba377d44f9f9b9c05cb45366229a","src/rt/mod.rs":"db610d871d8fb022ba4634199896534ecb3d6ad22c7e2cabbf4d7ad79e1c8c66","src/rt/packed.rs":"be2fae85812c39d815bcb0463e3ea67774770c25014b764b8712dd2b90d360c6","src/rt/repeated.rs":"213d08349efb21bc02fb5abd1d1c3f039ae1d4368f53f548cdf1999897c60f1c","src/rt/singular.rs":"2c982de7a686a8d0c430ce690297a524e892a70bca33d288c6e9b912d19e994c","src/rt/unknown_or_group.rs":"a0bf9af0bdb6ee4261bdc9d5136288e3d17f7de611b7f61943caf6d8eb38367d","src/rustproto.rs":"4a49fac5c9caaca991dd5505c154941e8f94708c254269119e64cf053f7aaea9","src/special.rs":"2f64cfbb0659249cf4a951cefb51b1a17ddf85785eb868b68af7546cd31a5101","src/text_format/mod.rs":"da0aeb839963afcba1923b68a06264185a927cef3f3075ca958c11fa1e780535","src/text_format/parse.rs":"c7be3464fa8f6624ed2001b450e999f93bea5f6118132b7f372110c7af5e5e71","src/text_format/print.rs":"7bd28696ce2a98f9520e2303b0f70fe1d46b045d550f55064a3b524b58f9dfab","src/timestamp.rs":"f0590e19fd7740bdc65a0dc6f9d73bf55559638515ca7849481022288a9bee43","src/unknown.rs":"fd6091ad04dadbde5793ea42af50fa51cf2e7737696029a9e0d1f001f0c1423d","src/varint/decode.rs":"5e9fdf9fb5fe82ddc223feaf5867c0a081bd67731635f88cb9a5b1faeeb79f82","src/varint/encode.rs":"bc0969a152aff774976216f9f2bdbc273a24da07d57b8e3ec96ebe691d4559c1","src/varint/generic.rs":"98e31da80c278cff672ddc8231241cc789ad6de138fa6ca6c0483ff1783f4957","src/varint/mod.rs":"643b5b2443b4e103fc4eeac7844dcda4b9c6b2bab3cfe9fba00145ccea9a4505","src/well_known_types/any.rs":"7db9c4f0df3f0809821e09bb0bd2ddaa07ff4471be005fc02f2be9828a1aedd1","src/well_known_types/api.rs":"80bf5fe39c7263a440d5c1bec8bb6c5a0dd274f73c3f702c4e223cfdf02f74eb","src/well_known_types/duration.rs":"33c4039d594eb8df4a35f1bae1ad2a5dc36a5bf167369d99faf480cc7e1cb284","src/well_known_types/empty.rs":"47f56d10483e9c6c3e276e54d877e70aaf3b2a57c269a636dd9948d0e4ff419f","src/well_known_types/field_mask.rs":"7b4d883c03ec89d83b919271d03273def230c30caae36b7247cba1b325ccc551","src/well_known_types/mod.rs":"b141483834c860b221d0946a584389ebcefc2c5f7692ce1f95869c9f83ff2c16","src/well_known_types/source_context.rs":"fbec3ec4e1e59be865d0b7cb4d3b08aa197b46ca27fc3d90ed7da30514df6355","src/well_known_types/struct_.rs":"00bfebd64c851a7e0b0b26d3fc1319fd072975cb84169066b5aa00a4871ac6c8","src/well_known_types/timestamp.rs":"bc8b3a27f7b1ec134aa5a9d1187b63e02d5d2e72b153a9b6153e0b7a078c003e","src/well_known_types/type_.rs":"789fa7e0ec2fe7fc5f68a06636ade107fc305780b597c7c9687dbe3560252514","src/well_known_types/wrappers.rs":"56cbbf290be81ce7d62fd33b883015ef3de2abc1d5f8c683e38e96397f1d056d","src/well_known_types_util/any.rs":"2b2e5cdf1d413bc13485bfc78c84d8403168d6b1a6dbc10d585bf10326120c81","src/well_known_types_util/duration.rs":"e0d9de89f8c7c4b2075f23c2a4451dfec4ae1f28c9784ea39a626a8c3aa9e005","src/well_known_types_util/mod.rs":"81fb1c0721602ffe91c4587f727457b59c8697863e3f853cd9569db5cee973e9","src/well_known_types_util/timestamp.rs":"f55906fef3190fa1786ed736ded16f3ac6de2095cb974af5a476c2a2f91260b3","src/wire_format.rs":"f1d09b0bd1e4c5e4072b5c943e749f7b727737bd08a6d82f81d4f2a60e2ab94e","src/zigzag.rs":"0dcbdf54d4bc8141fdc64d074e6f6f7633bbb66cc782cd4bd6d343ce0569c3de"},"package":"a3a7c64d9bf75b1b8d981124c14c179074e8caa7dfe7b6a12e6222ddcd0c8f72"} +\ No newline at end of file ++{"files":{".cargo_vcs_info.json":"f0fe98431b6d748bab808544c162886f8f7457a57f571e43be4c9276c69bd823","Cargo.toml":"96cda32a56ae7f781b2142812f054e6f31435b30a2f0b2386346cbf277186920","Cargo.toml.orig":"d5de446b2f66bab383f5d81372e74c205bc4a2f11783f2acca9c5c9eef2b06f8","LICENSE.txt":"7f2fa80a60e84f8dc0747abb0e42342f83bded04a20461a636b47c0331b92ddf","README.md":"14dbb3068c031afbd44010a4ff0c8146aa7e02f6051579177767f218fff9cd38","build.rs":"347d9aa6d4b102b6e83c65aeef89b1e1752536bd8ef80fc834a2c78d5cb2ff80","regenerate.sh":"df3bc8537c038fd356367e5af433c284dd5b76505c35f6f89deab0f099a3e3e0","src/byteorder.rs":"9e6b481be82182ac99ff9704468b4d64656fb922f90c54ca83a8d7ca1dfd2e3a","src/cached_size.rs":"895788d7356a1fcd0f2d7446996066f8c53a0f36032174a97273997e65440fa0","src/chars.rs":"816a0af0b830ecd43028e40295fe0bf9eb79263f00fee01678c75d4ac5b7e908","src/coded_input_stream/buf_read_iter.rs":"2cba31136e56dd63c9a17d1bf4627f430b2ed3ddb35abf4479f57bcb912cdb4e","src/coded_input_stream/buf_read_or_reader.rs":"2bf3befcfce8c97faae7563084a7d93931afc5b886419e491111c15b4139058e","src/coded_input_stream/input_buf.rs":"cf71e63d3aef90188c55b6d42aa7cad47bcba16b27e687e44a15bd45e65b8737","src/coded_input_stream/input_source.rs":"8ce41ec8d147d03adf2dbd27ae0fa0b6e33400b62a9c945ab7aa2224bf43a863","src/coded_input_stream/mod.rs":"9c9eef558aec08a5071303896703aae82a1fa1358d50784e836319e9dcdd2789","src/coded_output_stream/buffer.rs":"cafbbb3f02df26c98a4e5556e99a5a2ce811ffea4c49ba982532a6d9a53ec7d8","src/coded_output_stream/mod.rs":"06289bfaa7971ef275b1017d8b5d4197b864fc881f83d0ed073a28fca894a0ba","src/coded_output_stream/output_target.rs":"ab28889b824b91688cb5c17cf79bdbec96aeeea59f22946b9f359b957cc40580","src/coded_output_stream/with.rs":"47541db9f4f51cacd406571f02d6abe8f4837413c7cecbe511fc0c24ef2384f2","src/descriptor.rs":"4b3f1a458d5e105c01c03671bce753b564fcddefabe36ab41f986ac070a33614","src/doctest_pb.rs":"74ffeba6811126ab8ed076e8d3debbb634f8f9bba3bd77f9c288e88d7937591a","src/enum_full.rs":"ca658951c42ef539ce6221d8f1b1e5005a1a14393460078c40611bb7091629d0","src/enum_or_unknown.rs":"3088b9d139f296284a44d4f9da9c75476dfa00168358328f46b1c52c73572521","src/enums.rs":"e0af03e21b48d3bb44d06a7971229e8e5ee6c8230323534f774f4874de3c9760","src/error.rs":"1839b319f456b56e2bb3c59f119f4c0bec53a02d52c92619b887bfdb1656183b","src/ext.rs":"b5c43e19ca56612e81560e520831da1746520be7944e506e44e07356b1415bbf","src/fixed.rs":"40b32b11dd53f0dc3de2c73f9003c6c0f762cf802e30e16beb5a22a18f8f2f50","src/lazy.rs":"b202a8cd252b11b013983f27c1ed5eac046674ed156a4e5e63357e15ead746df","src/lib.rs":"f22f0d3c3372cc68450071bb2abf8a1542d0f3348f5ec1133e9b785445494f56","src/message.rs":"a112b1d5c769d866a586a4c9af9245fa8029991563d2ff33c47e9d4c2b32fef7","src/message_dyn.rs":"c2d06029139a1ef09409227c0c501dd361b485ff1e4fcbf1d2b0cb579cd80fba","src/message_field.rs":"8456bcc3118a0f62d8eb3e5495be678ad75f5164e5dc67658667c7611e2099d9","src/message_full.rs":"4bbbb917a86aa3b14f63e93db41522c78223036b6e7d219769927059ff70205e","src/misc.rs":"1679b6f8b5c2b4375e71835fb7ca83a4de6db498f092abf5ab3a9f5eaccf0d5a","src/oneof.rs":"de5a694a56931308fc1a790678aaaf8b67d7c6b56c9f7b2fde36a14312863e05","src/oneof_full.rs":"b9d5d95db115b1ebf6e7c222373008d4f9f86e21347ddf50ef23f8cd11b8f777","src/owning_ref.rs":"1face1307d85ef98f5b9752eb45de47884c3ce68d31cec315ebfac6559ab501f","src/plugin.rs":"5bbb2aaecc59c590755e0fe972c4f231d506bbc1893d5f3e800d2e69ce805ec0","src/reflect/acc/mod.rs":"23500dd605f11f8def7d0f858a00cf1c85a7b95c293bc125ba0804a949b35162","src/reflect/acc/v2/map.rs":"46dab64d941e61fd61aa3794b2fab60bbd588a21ca9f1a378cdc022bbdfb60a1","src/reflect/acc/v2/mod.rs":"86639cfa45e3b2d08020c289001d87910fa972e9fb6a28a38880ccee51002a0c","src/reflect/acc/v2/repeated.rs":"07b62beb3bb81d1fa1de486c7cdce20ae2f4f46c2e93ed6f104b41d3a3a5beba","src/reflect/acc/v2/singular/mod.rs":"85bace3cf99fe0b05dce61bf19433077cf29506c6641b001935064fd37ab658f","src/reflect/acc/v2/singular/oneof.rs":"f70db73a0316185b8ae43b82cd29665d1140d920e7d28bb789a438eb06f9c62a","src/reflect/dynamic/map.rs":"565376a2db71cf607cb692b984acb41d16dfb04df59c9ad0eca8ba1fc85017cc","src/reflect/dynamic/mod.rs":"3ee7a82dbd5410d10eee44fdf3ae8b5f198185d7ff4a608f10a668eba6af3a73","src/reflect/dynamic/optional.rs":"db923e3d343f869c2bf4f157559686251ff9744dfd0560ba1d1b1b46ae1b81fd","src/reflect/dynamic/repeated.rs":"61a7c698b59280564a1deb7200884875a8844120058c3d69ea4d6aa5f6c4266e","src/reflect/enums/generated.rs":"44e5dbe08a1a15067744580c87c6d09f66dc364f2791fc1ecab919e1dacdec09","src/reflect/enums/mod.rs":"aed1b29e4e42f34b26476a6013e64b7ec8876cfa53633583a751c344fd3ab34c","src/reflect/error.rs":"532a9c117606e8597a40d60b3efebc9371c4f746919cc611aaaddf105cbb3608","src/reflect/field/dynamic.rs":"8e81f7b6f684ed58287eb2de20f3abb8dabb062601715421d3d1e4c041101602","src/reflect/field/index.rs":"4aeef75560e52bf865718f9323fc5b2b2318a6e4bb66fadc57f4875999cf15b3","src/reflect/field/mod.rs":"6c646e59e64e327a961e680f5b189cdb1d540b61b26cd345d623456a4f764a22","src/reflect/field/protobuf_field_type.rs":"6ec9ca95c25a9c9fe70fad51b1221676e9d3d5a6daac37d5633379471d8c4257","src/reflect/field/runtime_field_type.rs":"26166bb9d48caa0287dfe6235937e5bd647692ca75e8ee4855d0e198f9a79d73","src/reflect/file/building.rs":"53806efda5872c32f63f55582b767be8becff1d7bfb4ed0c11947c912ad55a75","src/reflect/file/dynamic.rs":"3e26271c31816dae043eb70c9990a6fc621c9b5241a555d968f731dfd4762489","src/reflect/file/fds.rs":"9a369eaea05a000710bf977cce28d3fad1463f8ffa42df35e4f5ac5de306f9e6","src/reflect/file/generated.rs":"88f3d88ddbcfa01812398ddc5c350c54cc42b15d99223a642574f55d4d6cdf69","src/reflect/file/index.rs":"3d53af11b39b164b488e3850c3a5be5ae4628c172b4475e4ae5b993225bdeae9","src/reflect/file/mod.rs":"b7aa1c4154677630b843c81d35c60f1374d00d44d3477e6e899e18cb7ae97db1","src/reflect/file/syntax.rs":"8d6d6c3a7bbf9217df3550410a9ba1eb9c08295aa410cc5d2e65efe1eec3ca3a","src/reflect/find_message_or_enum.rs":"e8b10159819cce4414da7681cb3ce0b4e62a45adf4e3e7933a3c1b4f8e97cfb8","src/reflect/map/empty.rs":"230cbcda25bfd3c6f348043eef032252b8a0d86a0c71d93d6206adc59d688732","src/reflect/map/generated.rs":"f1b332e97d267c3272b26be03bee80fe9420bb6fc203ae6f3f9dd3044d564778","src/reflect/map/mod.rs":"7648fa897f4a8acf1ab48b8bba8f165cb4b09a46125e645d600a7b9ced55e1a2","src/reflect/message/generated.rs":"c76f5e887534bc9648dd105718f79bb93465549d57b25c4a00957e603749721c","src/reflect/message/is_initialized_is_always_true.rs":"af716e9d0ce233fda9c7dee13814c24c188ea195cf907d81f74fb198ef2760ae","src/reflect/message/message_ref.rs":"80472f804a4dd3b91f6fec4451639ca356f2b33c502775e0fd6b2c3bfbe1be0a","src/reflect/message/mod.rs":"5ef7f5ecdc2de7c0789b8558711a976e2376fcaae67975a10d9f1bd4179703e5","src/reflect/mod.rs":"620cab65b696a13144ed54d589ca8c4176ecb8127b2ba2a294806f649c0fbd9f","src/reflect/name.rs":"0377dcf871ca5add5e168a3bff04d9f01fe5970db4dfb66272def6484dc7d54b","src/reflect/oneof/generated.rs":"c02b7cd7415f52366f6092559643869812db842bd1c383ce7d8759e519ab453a","src/reflect/oneof/mod.rs":"55c906888e89a7bfd1f8865cced5078905b512f3ce9af20d16614fdf5791c31d","src/reflect/optional/mod.rs":"5dada97750209aeddf1506eea0a59d709aeb3e44bae5443214e0c2950c870952","src/reflect/protobuf_type_box.rs":"5ed50bdefa5eebe8bf0547cb37def38d814653ac7a0d401eb4f05b8a72ebf509","src/reflect/reflect_eq.rs":"1352d0be16ff7dc2089d499b3fbcf40d501406e8648649092aa2cb21f207aac0","src/reflect/repeated/drain_iter.rs":"0f065e5ef884ee90189594b8a92d814c40a4b3ff80ed659f2f8a0ac56795011d","src/reflect/repeated/iter.rs":"f7f7bf56347850f567612feab9542c4658f251ce74b7b8fb7ed6612cb85584f0","src/reflect/repeated/mod.rs":"6084482af4936340e1bfd43ff8d06351c3d0316f26cb9f8b73bd8c16f3e9df98","src/reflect/repeated/transmute.rs":"ecd5b5b2772670b030a6d96b47b54bf8500ec0996920ef0db7d5f4b6f338c493","src/reflect/repeated/vec_downcast.rs":"7f4c2997d313f45bc46a097fad7c579d663c642cba425a7851f590282d58309d","src/reflect/rt/mod.rs":"4f0266be9bd092a6ee49a1f3453ff08eabfcebb65473b6c8552a260ac7a4817b","src/reflect/rt/v2.rs":"3faa866b4aa766875062071eb6db36c7c42a3d9145f66162a85aac91e200e354","src/reflect/runtime_type_box.rs":"6d8988ed25218f13da61db5dbbefa621df3fd7f1141669854c6ec9571b3eee6c","src/reflect/runtime_types.rs":"07b8eeac30f666c890ccac14c5076b77d010abf322b8f23883032e2ad003476e","src/reflect/service/index.rs":"4a41f90b6c8b3f5c8349075aec84fcbb90ab3028451d2ba40cb83257ff4d90c7","src/reflect/service/mod.rs":"1d0b5b3d9cd1968731971137ca320a91591ee9ca45828d3e4284da87397044f6","src/reflect/type_dynamic.rs":"76c9e764978c66444a4ffb5b558cbce241d1e1123c5dd6eb250f56b48b7b0a5c","src/reflect/types.rs":"fb6a18354a7a8fa7dc6a4db51793af8a5c41680bc49c1d157145a21a75f5f3e4","src/reflect/value/mod.rs":"56f7ff8c4541108fff20f83f7f12ef173ce398e642b482dc3a4cf92c9e1cea17","src/reflect/value/value_box.rs":"1037d01c52a4f0432e42a2c023f5c68ed458ed60b196597ca78f81b6207ecb83","src/reflect/value/value_ref.rs":"7a3490eb4918ee725ad59219b0fc5810b231eaf2ddf798ab75085b4acc145b2e","src/rt/map.rs":"c4bd4246181a43dc9cf1735ec5882955af595fba8ef839a06e0e1df399848520","src/rt/message.rs":"c9b9b3b8f25b6813b8ca2411f015ae80b2abba377d44f9f9b9c05cb45366229a","src/rt/mod.rs":"db610d871d8fb022ba4634199896534ecb3d6ad22c7e2cabbf4d7ad79e1c8c66","src/rt/packed.rs":"be2fae85812c39d815bcb0463e3ea67774770c25014b764b8712dd2b90d360c6","src/rt/repeated.rs":"213d08349efb21bc02fb5abd1d1c3f039ae1d4368f53f548cdf1999897c60f1c","src/rt/singular.rs":"2c982de7a686a8d0c430ce690297a524e892a70bca33d288c6e9b912d19e994c","src/rt/unknown_or_group.rs":"a0bf9af0bdb6ee4261bdc9d5136288e3d17f7de611b7f61943caf6d8eb38367d","src/rustproto.rs":"4a49fac5c9caaca991dd5505c154941e8f94708c254269119e64cf053f7aaea9","src/special.rs":"2f64cfbb0659249cf4a951cefb51b1a17ddf85785eb868b68af7546cd31a5101","src/text_format/mod.rs":"da0aeb839963afcba1923b68a06264185a927cef3f3075ca958c11fa1e780535","src/text_format/parse.rs":"c7be3464fa8f6624ed2001b450e999f93bea5f6118132b7f372110c7af5e5e71","src/text_format/print.rs":"7bd28696ce2a98f9520e2303b0f70fe1d46b045d550f55064a3b524b58f9dfab","src/timestamp.rs":"f0590e19fd7740bdc65a0dc6f9d73bf55559638515ca7849481022288a9bee43","src/unknown.rs":"fd6091ad04dadbde5793ea42af50fa51cf2e7737696029a9e0d1f001f0c1423d","src/varint/decode.rs":"5e9fdf9fb5fe82ddc223feaf5867c0a081bd67731635f88cb9a5b1faeeb79f82","src/varint/encode.rs":"bc0969a152aff774976216f9f2bdbc273a24da07d57b8e3ec96ebe691d4559c1","src/varint/generic.rs":"98e31da80c278cff672ddc8231241cc789ad6de138fa6ca6c0483ff1783f4957","src/varint/mod.rs":"643b5b2443b4e103fc4eeac7844dcda4b9c6b2bab3cfe9fba00145ccea9a4505","src/well_known_types/any.rs":"7db9c4f0df3f0809821e09bb0bd2ddaa07ff4471be005fc02f2be9828a1aedd1","src/well_known_types/api.rs":"80bf5fe39c7263a440d5c1bec8bb6c5a0dd274f73c3f702c4e223cfdf02f74eb","src/well_known_types/duration.rs":"33c4039d594eb8df4a35f1bae1ad2a5dc36a5bf167369d99faf480cc7e1cb284","src/well_known_types/empty.rs":"47f56d10483e9c6c3e276e54d877e70aaf3b2a57c269a636dd9948d0e4ff419f","src/well_known_types/field_mask.rs":"7b4d883c03ec89d83b919271d03273def230c30caae36b7247cba1b325ccc551","src/well_known_types/mod.rs":"b141483834c860b221d0946a584389ebcefc2c5f7692ce1f95869c9f83ff2c16","src/well_known_types/source_context.rs":"fbec3ec4e1e59be865d0b7cb4d3b08aa197b46ca27fc3d90ed7da30514df6355","src/well_known_types/struct_.rs":"00bfebd64c851a7e0b0b26d3fc1319fd072975cb84169066b5aa00a4871ac6c8","src/well_known_types/timestamp.rs":"bc8b3a27f7b1ec134aa5a9d1187b63e02d5d2e72b153a9b6153e0b7a078c003e","src/well_known_types/type_.rs":"789fa7e0ec2fe7fc5f68a06636ade107fc305780b597c7c9687dbe3560252514","src/well_known_types/wrappers.rs":"56cbbf290be81ce7d62fd33b883015ef3de2abc1d5f8c683e38e96397f1d056d","src/well_known_types_util/any.rs":"2b2e5cdf1d413bc13485bfc78c84d8403168d6b1a6dbc10d585bf10326120c81","src/well_known_types_util/duration.rs":"e0d9de89f8c7c4b2075f23c2a4451dfec4ae1f28c9784ea39a626a8c3aa9e005","src/well_known_types_util/mod.rs":"81fb1c0721602ffe91c4587f727457b59c8697863e3f853cd9569db5cee973e9","src/well_known_types_util/timestamp.rs":"f55906fef3190fa1786ed736ded16f3ac6de2095cb974af5a476c2a2f91260b3","src/wire_format.rs":"f1d09b0bd1e4c5e4072b5c943e749f7b727737bd08a6d82f81d4f2a60e2ab94e","src/zigzag.rs":"0dcbdf54d4bc8141fdc64d074e6f6f7633bbb66cc782cd4bd6d343ce0569c3de"},"package":"a3a7c64d9bf75b1b8d981124c14c179074e8caa7dfe7b6a12e6222ddcd0c8f72"} \ No newline at end of file -+{"files":{"Cargo.toml":"96cda32a56ae7f781b2142812f054e6f31435b30a2f0b2386346cbf277186920","LICENSE.txt":"7f2fa80a60e84f8dc0747abb0e42342f83bded04a20461a636b47c0331b92ddf","README.md":"14dbb3068c031afbd44010a4ff0c8146aa7e02f6051579177767f218fff9cd38","build.rs":"347d9aa6d4b102b6e83c65aeef89b1e1752536bd8ef80fc834a2c78d5cb2ff80","regenerate.sh":"df3bc8537c038fd356367e5af433c284dd5b76505c35f6f89deab0f099a3e3e0","src/byteorder.rs":"9e6b481be82182ac99ff9704468b4d64656fb922f90c54ca83a8d7ca1dfd2e3a","src/cached_size.rs":"895788d7356a1fcd0f2d7446996066f8c53a0f36032174a97273997e65440fa0","src/chars.rs":"816a0af0b830ecd43028e40295fe0bf9eb79263f00fee01678c75d4ac5b7e908","src/coded_input_stream/buf_read_iter.rs":"2cba31136e56dd63c9a17d1bf4627f430b2ed3ddb35abf4479f57bcb912cdb4e","src/coded_input_stream/buf_read_or_reader.rs":"2bf3befcfce8c97faae7563084a7d93931afc5b886419e491111c15b4139058e","src/coded_input_stream/input_buf.rs":"cf71e63d3aef90188c55b6d42aa7cad47bcba16b27e687e44a15bd45e65b8737","src/coded_input_stream/input_source.rs":"8ce41ec8d147d03adf2dbd27ae0fa0b6e33400b62a9c945ab7aa2224bf43a863","src/coded_input_stream/mod.rs":"9c9eef558aec08a5071303896703aae82a1fa1358d50784e836319e9dcdd2789","src/coded_output_stream/buffer.rs":"cafbbb3f02df26c98a4e5556e99a5a2ce811ffea4c49ba982532a6d9a53ec7d8","src/coded_output_stream/mod.rs":"06289bfaa7971ef275b1017d8b5d4197b864fc881f83d0ed073a28fca894a0ba","src/coded_output_stream/output_target.rs":"ab28889b824b91688cb5c17cf79bdbec96aeeea59f22946b9f359b957cc40580","src/coded_output_stream/with.rs":"47541db9f4f51cacd406571f02d6abe8f4837413c7cecbe511fc0c24ef2384f2","src/descriptor.rs":"4b3f1a458d5e105c01c03671bce753b564fcddefabe36ab41f986ac070a33614","src/doctest_pb.rs":"74ffeba6811126ab8ed076e8d3debbb634f8f9bba3bd77f9c288e88d7937591a","src/enum_full.rs":"ca658951c42ef539ce6221d8f1b1e5005a1a14393460078c40611bb7091629d0","src/enum_or_unknown.rs":"3088b9d139f296284a44d4f9da9c75476dfa00168358328f46b1c52c73572521","src/enums.rs":"e0af03e21b48d3bb44d06a7971229e8e5ee6c8230323534f774f4874de3c9760","src/error.rs":"1839b319f456b56e2bb3c59f119f4c0bec53a02d52c92619b887bfdb1656183b","src/ext.rs":"b5c43e19ca56612e81560e520831da1746520be7944e506e44e07356b1415bbf","src/fixed.rs":"40b32b11dd53f0dc3de2c73f9003c6c0f762cf802e30e16beb5a22a18f8f2f50","src/lazy.rs":"b202a8cd252b11b013983f27c1ed5eac046674ed156a4e5e63357e15ead746df","src/lib.rs":"f22f0d3c3372cc68450071bb2abf8a1542d0f3348f5ec1133e9b785445494f56","src/message.rs":"a112b1d5c769d866a586a4c9af9245fa8029991563d2ff33c47e9d4c2b32fef7","src/message_dyn.rs":"c2d06029139a1ef09409227c0c501dd361b485ff1e4fcbf1d2b0cb579cd80fba","src/message_field.rs":"8456bcc3118a0f62d8eb3e5495be678ad75f5164e5dc67658667c7611e2099d9","src/message_full.rs":"4bbbb917a86aa3b14f63e93db41522c78223036b6e7d219769927059ff70205e","src/misc.rs":"1679b6f8b5c2b4375e71835fb7ca83a4de6db498f092abf5ab3a9f5eaccf0d5a","src/oneof.rs":"de5a694a56931308fc1a790678aaaf8b67d7c6b56c9f7b2fde36a14312863e05","src/oneof_full.rs":"b9d5d95db115b1ebf6e7c222373008d4f9f86e21347ddf50ef23f8cd11b8f777","src/owning_ref.rs":"1face1307d85ef98f5b9752eb45de47884c3ce68d31cec315ebfac6559ab501f","src/plugin.rs":"5bbb2aaecc59c590755e0fe972c4f231d506bbc1893d5f3e800d2e69ce805ec0","src/reflect/acc/mod.rs":"23500dd605f11f8def7d0f858a00cf1c85a7b95c293bc125ba0804a949b35162","src/reflect/acc/v2/map.rs":"46dab64d941e61fd61aa3794b2fab60bbd588a21ca9f1a378cdc022bbdfb60a1","src/reflect/acc/v2/mod.rs":"86639cfa45e3b2d08020c289001d87910fa972e9fb6a28a38880ccee51002a0c","src/reflect/acc/v2/repeated.rs":"07b62beb3bb81d1fa1de486c7cdce20ae2f4f46c2e93ed6f104b41d3a3a5beba","src/reflect/acc/v2/singular/mod.rs":"85bace3cf99fe0b05dce61bf19433077cf29506c6641b001935064fd37ab658f","src/reflect/acc/v2/singular/oneof.rs":"f70db73a0316185b8ae43b82cd29665d1140d920e7d28bb789a438eb06f9c62a","src/reflect/dynamic/map.rs":"565376a2db71cf607cb692b984acb41d16dfb04df59c9ad0eca8ba1fc85017cc","src/reflect/dynamic/mod.rs":"3ee7a82dbd5410d10eee44fdf3ae8b5f198185d7ff4a608f10a668eba6af3a73","src/reflect/dynamic/optional.rs":"db923e3d343f869c2bf4f157559686251ff9744dfd0560ba1d1b1b46ae1b81fd","src/reflect/dynamic/repeated.rs":"61a7c698b59280564a1deb7200884875a8844120058c3d69ea4d6aa5f6c4266e","src/reflect/enums/generated.rs":"44e5dbe08a1a15067744580c87c6d09f66dc364f2791fc1ecab919e1dacdec09","src/reflect/enums/mod.rs":"aed1b29e4e42f34b26476a6013e64b7ec8876cfa53633583a751c344fd3ab34c","src/reflect/error.rs":"532a9c117606e8597a40d60b3efebc9371c4f746919cc611aaaddf105cbb3608","src/reflect/field/dynamic.rs":"8e81f7b6f684ed58287eb2de20f3abb8dabb062601715421d3d1e4c041101602","src/reflect/field/index.rs":"4aeef75560e52bf865718f9323fc5b2b2318a6e4bb66fadc57f4875999cf15b3","src/reflect/field/mod.rs":"6c646e59e64e327a961e680f5b189cdb1d540b61b26cd345d623456a4f764a22","src/reflect/field/protobuf_field_type.rs":"6ec9ca95c25a9c9fe70fad51b1221676e9d3d5a6daac37d5633379471d8c4257","src/reflect/field/runtime_field_type.rs":"26166bb9d48caa0287dfe6235937e5bd647692ca75e8ee4855d0e198f9a79d73","src/reflect/file/building.rs":"53806efda5872c32f63f55582b767be8becff1d7bfb4ed0c11947c912ad55a75","src/reflect/file/dynamic.rs":"3e26271c31816dae043eb70c9990a6fc621c9b5241a555d968f731dfd4762489","src/reflect/file/fds.rs":"9a369eaea05a000710bf977cce28d3fad1463f8ffa42df35e4f5ac5de306f9e6","src/reflect/file/generated.rs":"88f3d88ddbcfa01812398ddc5c350c54cc42b15d99223a642574f55d4d6cdf69","src/reflect/file/index.rs":"3d53af11b39b164b488e3850c3a5be5ae4628c172b4475e4ae5b993225bdeae9","src/reflect/file/mod.rs":"b7aa1c4154677630b843c81d35c60f1374d00d44d3477e6e899e18cb7ae97db1","src/reflect/file/syntax.rs":"8d6d6c3a7bbf9217df3550410a9ba1eb9c08295aa410cc5d2e65efe1eec3ca3a","src/reflect/find_message_or_enum.rs":"e8b10159819cce4414da7681cb3ce0b4e62a45adf4e3e7933a3c1b4f8e97cfb8","src/reflect/map/empty.rs":"230cbcda25bfd3c6f348043eef032252b8a0d86a0c71d93d6206adc59d688732","src/reflect/map/generated.rs":"f1b332e97d267c3272b26be03bee80fe9420bb6fc203ae6f3f9dd3044d564778","src/reflect/map/mod.rs":"7648fa897f4a8acf1ab48b8bba8f165cb4b09a46125e645d600a7b9ced55e1a2","src/reflect/message/generated.rs":"c76f5e887534bc9648dd105718f79bb93465549d57b25c4a00957e603749721c","src/reflect/message/is_initialized_is_always_true.rs":"af716e9d0ce233fda9c7dee13814c24c188ea195cf907d81f74fb198ef2760ae","src/reflect/message/message_ref.rs":"80472f804a4dd3b91f6fec4451639ca356f2b33c502775e0fd6b2c3bfbe1be0a","src/reflect/message/mod.rs":"5ef7f5ecdc2de7c0789b8558711a976e2376fcaae67975a10d9f1bd4179703e5","src/reflect/mod.rs":"620cab65b696a13144ed54d589ca8c4176ecb8127b2ba2a294806f649c0fbd9f","src/reflect/name.rs":"0377dcf871ca5add5e168a3bff04d9f01fe5970db4dfb66272def6484dc7d54b","src/reflect/oneof/generated.rs":"c02b7cd7415f52366f6092559643869812db842bd1c383ce7d8759e519ab453a","src/reflect/oneof/mod.rs":"55c906888e89a7bfd1f8865cced5078905b512f3ce9af20d16614fdf5791c31d","src/reflect/optional/mod.rs":"5dada97750209aeddf1506eea0a59d709aeb3e44bae5443214e0c2950c870952","src/reflect/protobuf_type_box.rs":"5ed50bdefa5eebe8bf0547cb37def38d814653ac7a0d401eb4f05b8a72ebf509","src/reflect/reflect_eq.rs":"1352d0be16ff7dc2089d499b3fbcf40d501406e8648649092aa2cb21f207aac0","src/reflect/repeated/drain_iter.rs":"0f065e5ef884ee90189594b8a92d814c40a4b3ff80ed659f2f8a0ac56795011d","src/reflect/repeated/iter.rs":"f7f7bf56347850f567612feab9542c4658f251ce74b7b8fb7ed6612cb85584f0","src/reflect/repeated/mod.rs":"6084482af4936340e1bfd43ff8d06351c3d0316f26cb9f8b73bd8c16f3e9df98","src/reflect/repeated/transmute.rs":"ecd5b5b2772670b030a6d96b47b54bf8500ec0996920ef0db7d5f4b6f338c493","src/reflect/repeated/vec_downcast.rs":"7f4c2997d313f45bc46a097fad7c579d663c642cba425a7851f590282d58309d","src/reflect/rt/mod.rs":"4f0266be9bd092a6ee49a1f3453ff08eabfcebb65473b6c8552a260ac7a4817b","src/reflect/rt/v2.rs":"3faa866b4aa766875062071eb6db36c7c42a3d9145f66162a85aac91e200e354","src/reflect/runtime_type_box.rs":"6d8988ed25218f13da61db5dbbefa621df3fd7f1141669854c6ec9571b3eee6c","src/reflect/runtime_types.rs":"07b8eeac30f666c890ccac14c5076b77d010abf322b8f23883032e2ad003476e","src/reflect/service/index.rs":"4a41f90b6c8b3f5c8349075aec84fcbb90ab3028451d2ba40cb83257ff4d90c7","src/reflect/service/mod.rs":"1d0b5b3d9cd1968731971137ca320a91591ee9ca45828d3e4284da87397044f6","src/reflect/type_dynamic.rs":"76c9e764978c66444a4ffb5b558cbce241d1e1123c5dd6eb250f56b48b7b0a5c","src/reflect/types.rs":"fb6a18354a7a8fa7dc6a4db51793af8a5c41680bc49c1d157145a21a75f5f3e4","src/reflect/value/mod.rs":"56f7ff8c4541108fff20f83f7f12ef173ce398e642b482dc3a4cf92c9e1cea17","src/reflect/value/value_box.rs":"1037d01c52a4f0432e42a2c023f5c68ed458ed60b196597ca78f81b6207ecb83","src/reflect/value/value_ref.rs":"7a3490eb4918ee725ad59219b0fc5810b231eaf2ddf798ab75085b4acc145b2e","src/rt/map.rs":"c4bd4246181a43dc9cf1735ec5882955af595fba8ef839a06e0e1df399848520","src/rt/message.rs":"c9b9b3b8f25b6813b8ca2411f015ae80b2abba377d44f9f9b9c05cb45366229a","src/rt/mod.rs":"db610d871d8fb022ba4634199896534ecb3d6ad22c7e2cabbf4d7ad79e1c8c66","src/rt/packed.rs":"be2fae85812c39d815bcb0463e3ea67774770c25014b764b8712dd2b90d360c6","src/rt/repeated.rs":"213d08349efb21bc02fb5abd1d1c3f039ae1d4368f53f548cdf1999897c60f1c","src/rt/singular.rs":"2c982de7a686a8d0c430ce690297a524e892a70bca33d288c6e9b912d19e994c","src/rt/unknown_or_group.rs":"a0bf9af0bdb6ee4261bdc9d5136288e3d17f7de611b7f61943caf6d8eb38367d","src/rustproto.rs":"4a49fac5c9caaca991dd5505c154941e8f94708c254269119e64cf053f7aaea9","src/special.rs":"2f64cfbb0659249cf4a951cefb51b1a17ddf85785eb868b68af7546cd31a5101","src/text_format/mod.rs":"da0aeb839963afcba1923b68a06264185a927cef3f3075ca958c11fa1e780535","src/text_format/parse.rs":"c7be3464fa8f6624ed2001b450e999f93bea5f6118132b7f372110c7af5e5e71","src/text_format/print.rs":"7bd28696ce2a98f9520e2303b0f70fe1d46b045d550f55064a3b524b58f9dfab","src/timestamp.rs":"f0590e19fd7740bdc65a0dc6f9d73bf55559638515ca7849481022288a9bee43","src/unknown.rs":"fd6091ad04dadbde5793ea42af50fa51cf2e7737696029a9e0d1f001f0c1423d","src/varint/decode.rs":"5e9fdf9fb5fe82ddc223feaf5867c0a081bd67731635f88cb9a5b1faeeb79f82","src/varint/encode.rs":"bc0969a152aff774976216f9f2bdbc273a24da07d57b8e3ec96ebe691d4559c1","src/varint/generic.rs":"98e31da80c278cff672ddc8231241cc789ad6de138fa6ca6c0483ff1783f4957","src/varint/mod.rs":"643b5b2443b4e103fc4eeac7844dcda4b9c6b2bab3cfe9fba00145ccea9a4505","src/well_known_types/any.rs":"7db9c4f0df3f0809821e09bb0bd2ddaa07ff4471be005fc02f2be9828a1aedd1","src/well_known_types/api.rs":"80bf5fe39c7263a440d5c1bec8bb6c5a0dd274f73c3f702c4e223cfdf02f74eb","src/well_known_types/duration.rs":"33c4039d594eb8df4a35f1bae1ad2a5dc36a5bf167369d99faf480cc7e1cb284","src/well_known_types/empty.rs":"47f56d10483e9c6c3e276e54d877e70aaf3b2a57c269a636dd9948d0e4ff419f","src/well_known_types/field_mask.rs":"7b4d883c03ec89d83b919271d03273def230c30caae36b7247cba1b325ccc551","src/well_known_types/mod.rs":"b141483834c860b221d0946a584389ebcefc2c5f7692ce1f95869c9f83ff2c16","src/well_known_types/source_context.rs":"fbec3ec4e1e59be865d0b7cb4d3b08aa197b46ca27fc3d90ed7da30514df6355","src/well_known_types/struct_.rs":"00bfebd64c851a7e0b0b26d3fc1319fd072975cb84169066b5aa00a4871ac6c8","src/well_known_types/timestamp.rs":"bc8b3a27f7b1ec134aa5a9d1187b63e02d5d2e72b153a9b6153e0b7a078c003e","src/well_known_types/type_.rs":"789fa7e0ec2fe7fc5f68a06636ade107fc305780b597c7c9687dbe3560252514","src/well_known_types/wrappers.rs":"56cbbf290be81ce7d62fd33b883015ef3de2abc1d5f8c683e38e96397f1d056d","src/well_known_types_util/any.rs":"2b2e5cdf1d413bc13485bfc78c84d8403168d6b1a6dbc10d585bf10326120c81","src/well_known_types_util/duration.rs":"e0d9de89f8c7c4b2075f23c2a4451dfec4ae1f28c9784ea39a626a8c3aa9e005","src/well_known_types_util/mod.rs":"81fb1c0721602ffe91c4587f727457b59c8697863e3f853cd9569db5cee973e9","src/well_known_types_util/timestamp.rs":"f55906fef3190fa1786ed736ded16f3ac6de2095cb974af5a476c2a2f91260b3","src/wire_format.rs":"f1d09b0bd1e4c5e4072b5c943e749f7b727737bd08a6d82f81d4f2a60e2ab94e","src/zigzag.rs":"0dcbdf54d4bc8141fdc64d074e6f6f7633bbb66cc782cd4bd6d343ce0569c3de"},"package":"a3a7c64d9bf75b1b8d981124c14c179074e8caa7dfe7b6a12e6222ddcd0c8f72"} diff --git a/vendor/protobuf-3.7.1/src/coded_input_stream/mod.rs b/vendor/protobuf-3.7.1/src/coded_input_stream/mod.rs index a979df19c..dc8029c51 100644 --- a/vendor/protobuf-3.7.1/src/coded_input_stream/mod.rs @@ -123,5 +123,5 @@ index a979df19c..dc8029c51 100644 + } } -- -2.45.2 +2.45.4 diff --git a/SPECS/rust/rust.signatures.json b/SPECS/rust/rust.signatures.json index d88781170af..0538e0da355 100644 --- a/SPECS/rust/rust.signatures.json +++ b/SPECS/rust/rust.signatures.json @@ -1,12 +1,12 @@ { "Signatures": { - "cargo-1.85.0-aarch64-unknown-linux-gnu.tar.xz": "cdebe48b066d512d664c13441e8fae2d0f67106c2080aa44289d98b24192b8bc", - "cargo-1.85.0-x86_64-unknown-linux-gnu.tar.xz": "0aff33b57b0e0b102d762a2b53042846c1ca346cff4b7bd96b5c03c9e8e51d81", - "rust-std-1.85.0-aarch64-unknown-linux-gnu.tar.xz": "8af1d793f7820e9ad0ee23247a9123542c3ea23f8857a018651c7788af9bc5b7", - "rust-std-1.85.0-x86_64-unknown-linux-gnu.tar.xz": "285e105d25ebdf501341238d4c0594ecdda50ec9078f45095f793a736b1f1ac2", - "rustc-1.85.0-aarch64-unknown-linux-gnu.tar.xz": "e742b768f67303010b002b515f6613c639e69ffcc78cd0857d6fe7989e9880f6", - "rustc-1.85.0-x86_64-unknown-linux-gnu.tar.xz": "7436f13797475082cd87aa65547449e01659d6a810b4cd5f8aedc48bb9f89dfb", - "rustc-1.86.0-src-cargo.tar.gz": "65af8d68e71d9ee7849d680434bffc527125442da38bba9a14bb3c12abef0595", - "rustc-1.86.0-src.tar.xz": "d939eada065dc827a9d4dbb55bd48533ad14c16e7f0a42e70147029c82a7707b" + "cargo-1.89.0-aarch64-unknown-linux-gnu.tar.xz": "f9df3ee6d55a2387459b843477743fa386c3c0f126bd0be01691ee49309681b8", + "cargo-1.89.0-x86_64-unknown-linux-gnu.tar.xz": "99fc10be2aeedf2c23a484f217bfa76458494495a0eee33e280d3616bb08282d", + "rust-std-1.89.0-aarch64-unknown-linux-gnu.tar.xz": "abea0955dded88c68d731524ab9d29b162fae23bf5805b9f1dec063cba37c2aa", + "rust-std-1.89.0-x86_64-unknown-linux-gnu.tar.xz": "2719470dcd78b3f97d78b978c8f85a1a58d84ff11b62558294621c01bca34d49", + "rustc-1.89.0-aarch64-unknown-linux-gnu.tar.xz": "16ed8d8c7628a481c8501e7cd1022a123269b297bdedbb7f211f37a15e937e0e", + "rustc-1.89.0-x86_64-unknown-linux-gnu.tar.xz": "b42c254e1349df86bd40bc28fdf386172a1a46f2eeabe3c7a08a75cf1fb60e27", + "rustc-1.90.0-src-cargo.tar.gz": "72f6a52e8c4df6047b51bea1e6231faf7ff43a0cedddad6a91e14f9a6f924c17", + "rustc-1.90.0-src.tar.xz": "6bfeaddd90ffda2f063492b092bfed925c4b8c701579baf4b1316e021470daac" } } \ No newline at end of file diff --git a/SPECS/rust/rust.spec b/SPECS/rust/rust.spec index 7d438733090..a995ad79e24 100644 --- a/SPECS/rust/rust.spec +++ b/SPECS/rust/rust.spec @@ -3,13 +3,13 @@ # Release date and version of stage 0 compiler can be found in "src/stage0" inside the extracted "Source0". # Look for "date:" and "rustc:". -%define release_date 2025-02-20 -%define stage0_version 1.85.0 +%define release_date 2025-08-07 +%define stage0_version 1.89.0 Summary: Rust Programming Language Name: rust -Version: 1.86.0 -Release: 10%{?dist} +Version: 1.90.0 +Release: 1%{?dist} License: (ASL 2.0 OR MIT) AND BSD AND CC-BY-3.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -41,7 +41,7 @@ Source4: https://static.rust-lang.org/dist/%{release_date}/rust-std-%{sta Source5: https://static.rust-lang.org/dist/%{release_date}/cargo-%{stage0_version}-aarch64-unknown-linux-gnu.tar.xz Source6: https://static.rust-lang.org/dist/%{release_date}/rustc-%{stage0_version}-aarch64-unknown-linux-gnu.tar.xz Source7: https://static.rust-lang.org/dist/%{release_date}/rust-std-%{stage0_version}-aarch64-unknown-linux-gnu.tar.xz -Patch0: CVE-2025-4574.patch +Patch0: CVE-2025-4574.patch Patch1: CVE-2025-53605.patch Patch2: CVE-2024-11738.patch BuildRequires: binutils @@ -181,6 +181,9 @@ rm %{buildroot}%{_docdir}/docs/html/.lock %{_mandir}/man1/* %changelog +* Tue Oct 28 2025 Kavya Sree Kaitepalli - 1.90.0-1 +- Upgrade to 1.90.0 + * Mon Nov 10 2025 Andrew Phelps - 1.86.0-10 - Bump to rebuild with updated glibc diff --git a/SPECS/tensorflow/CVE-2026-21441.patch b/SPECS/tensorflow/CVE-2026-21441.patch new file mode 100644 index 00000000000..ef1888e623e --- /dev/null +++ b/SPECS/tensorflow/CVE-2026-21441.patch @@ -0,0 +1,32 @@ +From 8864ac407bba8607950025e0979c4c69bc7abc7b Mon Sep 17 00:00:00 2001 +From: Illia Volochii +Date: Wed, 7 Jan 2026 18:07:30 +0200 +Subject: [PATCH] Merge commit from fork + +* Stop decoding response content during redirects needlessly + +Upstream Patch Reference: https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b.patch +--- + pypi_urllib3/site-packages/urllib3/response.py | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/pypi_urllib3/site-packages/urllib3/response.py b/pypi_urllib3/site-packages/urllib3/response.py +index 47e75fd1..0c0e20ff 100644 +--- a/pypi_urllib3/site-packages/urllib3/response.py ++++ b/pypi_urllib3/site-packages/urllib3/response.py +@@ -635,7 +635,11 @@ class HTTPResponse(BaseHTTPResponse): + Unread data in the HTTPResponse connection blocks the connection from being released back to the pool. + """ + try: +- self.read() ++ self.read( ++ # Do not spend resources decoding the content unless ++ # decoding has already been initiated. ++ decode_content=self._has_decoded_content, ++ ) + except (HTTPError, OSError, BaseSSLError, HTTPException): + pass + +-- +2.45.4 + diff --git a/SPECS/tensorflow/tensorflow.spec b/SPECS/tensorflow/tensorflow.spec index ff5a5649ef1..1dac0140536 100644 --- a/SPECS/tensorflow/tensorflow.spec +++ b/SPECS/tensorflow/tensorflow.spec @@ -1,7 +1,7 @@ Summary: TensorFlow is an open source machine learning framework for everyone. Name: tensorflow Version: 2.16.1 -Release: 9%{?dist} +Release: 10%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -14,8 +14,9 @@ Patch1: CVE-2024-6232.patch Patch2: CVE-2024-8088.patch Patch3: CVE-2024-3651.patch Patch4: CVE-2024-35195.patch -Patch5: CVE-2024-5569.patch -Patch6: CVE-2024-6923.patch +Patch5: CVE-2024-5569.patch +Patch6: CVE-2024-6923.patch +Patch7: CVE-2026-21441.patch BuildRequires: bazel BuildRequires: binutils BuildRequires: build-essential @@ -96,6 +97,7 @@ popd pushd /root/.cache/bazel/_bazel_$USER/$MD5_HASH/external/ patch -p1 < %{PATCH4} patch -p1 < %{PATCH5} +patch -p1 < %{PATCH7} pushd python_x86_64-unknown-linux-gnu/lib/python3.12/email/ patch -p1 < %{PATCH6} @@ -132,6 +134,9 @@ bazel --batch build //tensorflow/tools/pip_package:build_pip_package %{_bindir}/toco_from_protos %changelog +* Tue Jan 13 2026 Aditya Singh - 2.16.1-10 +- Patch for CVE-2026-21441 + * Tue Jan 28 2025 Kavya Sree Kaitepalli - 2.16.1-9 - Patch CVE-2024-5569 , CVE-2023-45803 and CVE-2024-6923 @@ -165,7 +170,7 @@ bazel --batch build //tensorflow/tools/pip_package:build_pip_package * Tue Aug 01 2023 Riken Maharjan - 2.11.0-4 - Remove .bazelversion file. -* Thu Jan 03 2022 Riken Maharjan - 2.11.0-3 +* Tue Jan 03 2023 Riken Maharjan - 2.11.0-3 - Add tf-nightly subpackage. * Thu Dec 08 2022 Riken Maharjan - 2.11.0-2 diff --git a/SPECS/wget/CVE-2025-69194.patch b/SPECS/wget/CVE-2025-69194.patch new file mode 100644 index 00000000000..b53cc8dba5d --- /dev/null +++ b/SPECS/wget/CVE-2025-69194.patch @@ -0,0 +1,118 @@ +From 123ff418b984d84bdabb7fb7002719d4ebe19d72 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20R=C3=BChsen?= +Date: Fri, 26 Dec 2025 19:03:35 +0100 +Subject: [PATCH] Fix file overwrite issue with metalink +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fix a remotely triggered arbitrary file write/overwrite abusing +metalink path traversal. + +Reported-by: Arkadi +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://gitlab.com/gnuwget/wget2/-/commit/684be4785280fbe6b8666080bbdd87e7e5299ac5.patch +--- + libwget/metalink.c | 23 +++++++++++++++++++++-- + src/wget.c | 25 ++++++++++++++++++------- + 2 files changed, 39 insertions(+), 9 deletions(-) + +diff --git a/libwget/metalink.c b/libwget/metalink.c +index ecac46c..8d35065 100644 +--- a/libwget/metalink.c ++++ b/libwget/metalink.c +@@ -167,6 +167,25 @@ static void add_mirror(metalink_context *ctx, const char *value) + ctx->priority = 999999; + } + ++static const char *sanitized_filename(const char *in) ++{ ++ // RFC 5854: ++ // The path MUST NOT contain any directory traversal ++ // directives or information. The path MUST be relative. The path ++ // MUST NOT begin with a "/", "./", or "../"; contain "/../"; or end ++ // with "/..". ++ if (*in == '/' ++ || !strncmp(in, "./", 2) ++ || !strncmp(in, "../", 3) ++ || strstr(in, "/../") ++ || wget_match_tail(in, "/../")) ++ { ++ return NULL; ++ } ++ ++ return wget_strdup(in); ++} ++ + static void metalink_parse(void *context, int flags, const char *dir, const char *attr, const char *val, size_t len, size_t pos WGET_GCC_UNUSED) + { + metalink_context *ctx = context; +@@ -192,7 +211,7 @@ static void metalink_parse(void *context, int flags, const char *dir, const char + if (attr) { + if (*dir == 0) { // /metalink/file + if (!ctx->metalink->name && !wget_strcasecmp_ascii(attr, "name")) { +- ctx->metalink->name = wget_strdup(value); ++ ctx->metalink->name = sanitized_filename(value); + } + } else if (!wget_strcasecmp_ascii(dir, "/verification/pieces")) { + if (!wget_strcasecmp_ascii(attr, "type")) { +@@ -237,7 +256,7 @@ static void metalink_parse(void *context, int flags, const char *dir, const char + if (attr) { + if (*dir == 0) { // /metalink/file + if (!ctx->metalink->name && !wget_strcasecmp_ascii(attr, "name")) { +- ctx->metalink->name = wget_strdup(value); ++ ctx->metalink->name = sanitized_filename(value); + } + } else if (!wget_strcasecmp_ascii(dir, "/pieces")) { + if (!wget_strcasecmp_ascii(attr, "type")) { +diff --git a/src/wget.c b/src/wget.c +index b5e0f14..bbf9583 100644 +--- a/src/wget.c ++++ b/src/wget.c +@@ -2085,18 +2085,26 @@ static void process_response(wget_http_response *resp) + error_printf(_("File length %llu - remove job\n"), (unsigned long long)job->metalink->size); + } else if (!job->metalink->mirrors) { + error_printf(_("No download mirrors found - remove job\n")); ++ } else if (!job->metalink->name || !*job->metalink->name) { ++ error_printf(_("Metalink file name is invalid, missing or empty - remove job\n")); + } else { + // just loaded a metalink description, create parts and sort mirrors + + // start or resume downloading + if (!job_validate_file(job)) { +- // sort mirrors by priority to download from highest priority first +- wget_metalink_sort_mirrors(job->metalink); +- +- // wake up sleeping workers +- wget_thread_cond_signal(worker_cond); +- +- job->done = 0; // do not remove this job from queue yet ++ // Account for retries ++ if (config.tries && ++job->failures > config.tries) { ++ error_printf(_("Metalink validation failed: max tries reached - remove job\n")); ++ job->done = 1; ++ } else { ++ // sort mirrors by priority to download from highest priority first ++ wget_metalink_sort_mirrors(job->metalink); ++ ++ // wake up sleeping workers ++ wget_thread_cond_signal(worker_cond); ++ ++ job->done = 0; // do not remove this job from queue yet ++ } + } // else file already downloaded and checksum ok + } + return; +@@ -2981,6 +2989,9 @@ void metalink_parse_localfile(const char *fname) + } else if (!metalink->mirrors) { + error_printf(_("No download mirrors found\n")); + wget_metalink_free(&metalink); ++ } else if (!metalink->name || !*metalink->name) { ++ error_printf(_("Metalink file name is missing or empty\n")); ++ wget_metalink_free(&metalink); + } else { + // create parts and sort mirrors + JOB job = { .metalink = metalink }; +-- +2.45.4 + diff --git a/SPECS/wget/CVE-2025-69195.patch b/SPECS/wget/CVE-2025-69195.patch new file mode 100644 index 00000000000..5d27e7a12da --- /dev/null +++ b/SPECS/wget/CVE-2025-69195.patch @@ -0,0 +1,37 @@ +From 0b49beb33a0f870b3677a5a4cff772f4428e867d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20R=C3=BChsen?= +Date: Fri, 26 Dec 2025 18:27:24 +0100 +Subject: [PATCH] Fix remote buffer overflow in get_local_filename_real() + +In src/blacklist.c:get_local_filename_real(), the stack/heap selection for +fname_esc was inverted, so the code used `char tmp[1024]` exactly when the +required size is >1024, leading to stack corruption when +wget_restrict_file_name() writes into it. + +This was introduced by commit 3dc30f5f0c6f8feae97f866c537324f821ea05d. + +Reported-by: Arkadi +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://gitlab.com/gnuwget/wget2/-/commit/fc7fcbc00e0a2c8606d44ab216195afb3f08cc98.patch +--- + src/blacklist.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/blacklist.c b/src/blacklist.c +index ca8d18e..71a74c3 100644 +--- a/src/blacklist.c ++++ b/src/blacklist.c +@@ -135,8 +135,8 @@ static char * get_local_filename_real(const wget_iri *iri) + char tmp[1024]; + + char *fname_esc = (sizeof(tmp) < buf.length * 3 + 1) +- ? tmp +- : wget_malloc(buf.length * 3 + 1); ++ ? wget_malloc(buf.length * 3 + 1) ++ : tmp; + + if (wget_restrict_file_name(fname, fname_esc, config.restrict_file_names) != fname) { + // escaping was really done, replace fname +-- +2.45.4 + diff --git a/SPECS/wget/wget.spec b/SPECS/wget/wget.spec index 4b4a5eb4015..b8a4ee57715 100644 --- a/SPECS/wget/wget.spec +++ b/SPECS/wget/wget.spec @@ -3,7 +3,7 @@ Summary: An advanced file and recursive website downloader Name: wget Version: 2.1.0 -Release: 6%{?dist} +Release: 7%{?dist} License: GPL-3.0-or-later AND LGPL-3.0-or-later AND GFDL-1.3-or-later URL: https://gitlab.com/gnuwget/wget2 Group: System Environment/NetworkingPrograms @@ -31,6 +31,8 @@ Patch0006: 0006-Disable-TCP-Fast-Open-by-default.patch Patch0007: fix-ssl-read-and-write-error-check.patch # https://github.com/rockdaboot/wget2/issues/344 Patch0008: set-debug_skip_body-for-OCSP-requests-in-openssl-tls-provider.patch +Patch9: CVE-2025-69194.patch +Patch10: CVE-2025-69195.patch BuildRequires: autoconf BuildRequires: automake @@ -163,6 +165,9 @@ echo ".so man1/%{name}.1" > %{buildroot}%{_mandir}/man1/wget.1 %{_mandir}/man3/libwget*.3* %changelog +* Mon Jan 12 2026 Azure Linux Security Servicing Account - 2.1.0-7 +- Patch for CVE-2025-69194, CVE-2025-69195 + * Mon Feb 24 2025 Sam Meluch - 2.1.0-6 - Add %check section from Fedora upstream. diff --git a/cgmanifest.json b/cgmanifest.json index 80006b57c6c..10c37507eab 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -8651,8 +8651,8 @@ "type": "other", "other": { "name": "lasso", - "version": "2.8.0", - "downloadUrl": "http://dev.entrouvert.org/lasso/lasso-2.8.0.tar.gz" + "version": "2.9.0", + "downloadUrl": "https://git.entrouvert.org/entrouvert/lasso/archive/v2.9.0.tar.gz" } } }, @@ -11001,8 +11001,8 @@ "type": "other", "other": { "name": "libreport", - "version": "2.13.1", - "downloadUrl": "https://github.com/abrt/libreport/archive/2.13.1/libreport-2.13.1.tar.gz" + "version": "2.17.15", + "downloadUrl": "https://github.com/abrt/libreport/archive/2.17.15/libreport-2.17.15.tar.gz" } } }, @@ -11232,7 +11232,7 @@ "other": { "name": "libsodium", "version": "1.0.19", - "downloadUrl": "https://download.libsodium.org/libsodium/releases/libsodium-1.0.19.tar.gz" + "downloadUrl": "https://github.com/jedisct1/libsodium/archive/refs/tags/1.0.19-FINAL.tar.gz" } } }, @@ -22633,8 +22633,8 @@ "type": "other", "other": { "name": "python-debtcollector", - "version": "1.22.0", - "downloadUrl": "https://tarballs.openstack.org/debtcollector/debtcollector-1.22.0.tar.gz" + "version": "3.0.0", + "downloadUrl": "https://tarballs.openstack.org/debtcollector/debtcollector-3.0.0.tar.gz" } } }, @@ -23943,8 +23943,8 @@ "type": "other", "other": { "name": "python-oslo-i18n", - "version": "5.1.0", - "downloadUrl": "https://tarballs.openstack.org/oslo.i18n/oslo.i18n-5.1.0.tar.gz" + "version": "6.7.1", + "downloadUrl": "https://files.pythonhosted.org/packages/source/o/oslo_i18n/oslo_i18n-6.7.1.tar.gz" } } }, @@ -27524,8 +27524,8 @@ "type": "other", "other": { "name": "rust", - "version": "1.86.0", - "downloadUrl": "https://static.rust-lang.org/dist/rustc-1.86.0-src.tar.xz" + "version": "1.90.0", + "downloadUrl": "https://static.rust-lang.org/dist/rustc-1.90.0-src.tar.xz" } } }, @@ -28676,8 +28676,8 @@ "type": "other", "other": { "name": "suitesparse", - "version": "5.4.0", - "downloadUrl": "https://faculty.cse.tamu.edu/davis/SuiteSparse/SuiteSparse-5.4.0.tar.gz" + "version": "7.11.0", + "downloadUrl": "https://github.com/DrTimothyAldenDavis/SuiteSparse/archive/v7.11.0/suitesparse-7.11.0.tar.gz" } } }, diff --git a/toolkit/Makefile b/toolkit/Makefile index 05da21b5119..f65636fe78d 100644 --- a/toolkit/Makefile +++ b/toolkit/Makefile @@ -164,8 +164,13 @@ else VALIDATE_TOOLCHAIN_GPG ?= y endif endif +##help:var:VALIDATE_IMAGE_GPG:{y,n}=Enable RPM GPG signature verification during package fetching and image builds. When enabled, all packages must be signed - this validates that packages have completed the signing process. Default is 'n' for local development with unsigned packages. Production builds use a multi-step workflow (build packages -> sign packages -> build images) and should set 'y' for the final image build step to enforce that all packages are signed. Keys used for validation can be modified with the IMAGE_GPG_VALIDATION_KEYS variable. +VALIDATE_IMAGE_GPG ?= n -TOOLCHAIN_GPG_VALIDATION_KEYS ?= $(wildcard $(PROJECT_ROOT)/SPECS/azurelinux-repos/MICROSOFT-*-GPG-KEY) $(wildcard $(toolkit_root)/repos/MICROSOFT-*-GPG-KEY) +# Default GPG keys for package GPG validation, used with VALIDATE_TOOLCHAIN_GPG and VALIDATE_IMAGE_GPG +default_gpg_keys := $(wildcard $(PROJECT_ROOT)/SPECS/azurelinux-repos/MICROSOFT-*-GPG-KEY) $(wildcard $(toolkit_root)/repos/MICROSOFT-*-GPG-KEY) +TOOLCHAIN_GPG_VALIDATION_KEYS ?= $(default_gpg_keys) +IMAGE_GPG_VALIDATION_KEYS ?= $(default_gpg_keys) ######## COMMON MAKEFILE UTILITIES ######## diff --git a/toolkit/docs/building/building.md b/toolkit/docs/building/building.md index 2469cba2889..951dd2f4e6b 100644 --- a/toolkit/docs/building/building.md +++ b/toolkit/docs/building/building.md @@ -865,6 +865,10 @@ Authentication mode for downloading source files for SRPM packing. Valid options | INCREMENTAL_TOOLCHAIN | n | Only build toolchain RPM packages if they are not already present | RUN_CHECK | n | Run the %check sections when compiling packages | ALLOW_TOOLCHAIN_REBUILDS | n | Do not treat rebuilds of toolchain packages during regular package build phase as errors. +| VALIDATE_TOOLCHAIN_GPG | (auto - based on toolchain build mode) | Enable RPM GPG signature verification for toolchain packages. Automatically set to `y` when downloading pre-built toolchain packages (`REBUILD_TOOLCHAIN=n`), and `n` when rebuilding locally or using `DAILY_BUILD_ID`. Packages are validated against keys specified in `TOOLCHAIN_GPG_VALIDATION_KEYS`. +| TOOLCHAIN_GPG_VALIDATION_KEYS | `$(PROJECT_ROOT)/SPECS/azurelinux-repos/MICROSOFT-*-GPG-KEY $(toolkit_root)/repos/MICROSOFT-*-GPG-KEY` | Space separated list of GPG key files used to validate RPM signatures when `VALIDATE_TOOLCHAIN_GPG=y`. +| VALIDATE_IMAGE_GPG | n | Enable RPM GPG signature verification during image builds. When set to `y`, all packages fetched for image generation must have valid GPG signatures. Packages are validated against keys specified in `IMAGE_GPG_VALIDATION_KEYS`. Production builds should enable this to ensure all packages have completed the signing process. +| IMAGE_GPG_VALIDATION_KEYS | `$(PROJECT_ROOT)/SPECS/azurelinux-repos/MICROSOFT-*-GPG-KEY $(toolkit_root)/repos/MICROSOFT-*-GPG-KEY` | Space separated list of GPG key files used to validate RPM signatures when `VALIDATE_IMAGE_GPG=y`. | PACKAGE_BUILD_RETRIES | 1 | Number of build retries for each package | CHECK_BUILD_RETRIES | 1 | Minimum number of check section retries for each package if RUN_CHECK=y and tests fail. | MAX_CASCADING_REBUILDS | | When a package rebuilds, how many additional layers of dependent packages will be forced to rebuild (leave unset for unbounded, i.e., all downstream packages will rebuild) diff --git a/toolkit/docs/security/intro.md b/toolkit/docs/security/intro.md index 12d19f97d0b..75e1e11777a 100644 --- a/toolkit/docs/security/intro.md +++ b/toolkit/docs/security/intro.md @@ -4,3 +4,5 @@ Below topics are dedicated to security-related details of the operating system. ## 1. [Security features](security-features.md) ## 2. [SSL CA certificates management](ca-certificates.md) +## 3. [Verifying ISO images](iso-image-verification.md) +## 4. [Production build recommendations](production-builds.md) diff --git a/toolkit/docs/security/production-builds.md b/toolkit/docs/security/production-builds.md new file mode 100644 index 00000000000..dab654e063c --- /dev/null +++ b/toolkit/docs/security/production-builds.md @@ -0,0 +1,30 @@ +# Production Build Recommendations + +When building images or ISOs for production deployment, enable explicit GPG signature verification to ensure all packages have completed the signing process: + +```bash +sudo make image VALIDATE_IMAGE_GPG=y CONFIG_FILE= +``` + +This validates that all RPM packages fetched during image generation have valid GPG signatures from the expected signing keys. + +## Build Workflow + +A typical production workflow separates package building from image generation: + +1. **Build packages** - Compile packages from source +2. **Sign packages** - Sign built packages with your GPG key +3. **Build images** - Generate images with `VALIDATE_IMAGE_GPG=y` to enforce all packages are signed + +This separation ensures unsigned or improperly signed packages cannot be included in final images. + +## Related Variables + +| Variable | Description | +|:---------|:------------| +| `VALIDATE_IMAGE_GPG` | Set to `y` to require valid GPG signatures on all image packages | +| `IMAGE_GPG_VALIDATION_KEYS` | GPG key files for signature validation | +| `VALIDATE_TOOLCHAIN_GPG` | Automatically enabled when downloading pre-built toolchain | +| `TOOLCHAIN_GPG_VALIDATION_KEYS` | GPG key files for toolchain validation | + +See [build variables](../building/building.md#all-build-variables) for full details. diff --git a/toolkit/imageconfigs/osguard-amd64.yaml b/toolkit/imageconfigs/osguard-amd64.yaml index 2d8460715d4..fb624145527 100644 --- a/toolkit/imageconfigs/osguard-amd64.yaml +++ b/toolkit/imageconfigs/osguard-amd64.yaml @@ -5,7 +5,7 @@ storage: bootType: efi disks: - partitionTableType: gpt - maxSize: 40G + maxSize: 30G partitions: - id: esp type: esp diff --git a/toolkit/imageconfigs/osguard-ci-amd64.yaml b/toolkit/imageconfigs/osguard-ci-amd64.yaml index 0b8a5ef8889..e241b80fa29 100644 --- a/toolkit/imageconfigs/osguard-ci-amd64.yaml +++ b/toolkit/imageconfigs/osguard-ci-amd64.yaml @@ -5,7 +5,7 @@ storage: bootType: efi disks: - partitionTableType: gpt - maxSize: 40G + maxSize: 30G partitions: - id: esp type: esp diff --git a/toolkit/imageconfigs/templates/osguard-base.yaml b/toolkit/imageconfigs/templates/osguard-base.yaml index da7a145df72..8238323f853 100644 --- a/toolkit/imageconfigs/templates/osguard-base.yaml +++ b/toolkit/imageconfigs/templates/osguard-base.yaml @@ -3,7 +3,7 @@ storage: disks: - partitionTableType: gpt - maxSize: 40G + maxSize: 30G partitions: - id: esp type: esp diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index c5ae38d3346..d2f8ff5ee6f 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,5 +1,5 @@ filesystem-1.1-21.azl3.aarch64.rpm -kernel-headers-6.6.119.3-1.azl3.noarch.rpm +kernel-headers-6.6.119.3-3.azl3.noarch.rpm glibc-2.38-16.azl3.aarch64.rpm glibc-devel-2.38-16.azl3.aarch64.rpm glibc-i18n-2.38-16.azl3.aarch64.rpm @@ -203,8 +203,8 @@ curl-8.11.1-4.azl3.aarch64.rpm curl-devel-8.11.1-4.azl3.aarch64.rpm curl-libs-8.11.1-4.azl3.aarch64.rpm createrepo_c-1.0.3-1.azl3.aarch64.rpm -libxml2-2.11.5-7.azl3.aarch64.rpm -libxml2-devel-2.11.5-7.azl3.aarch64.rpm +libxml2-2.11.5-8.azl3.aarch64.rpm +libxml2-devel-2.11.5-8.azl3.aarch64.rpm docbook-dtd-xml-4.5-11.azl3.noarch.rpm docbook-style-xsl-1.79.1-14.azl3.noarch.rpm libsepol-3.6-2.azl3.aarch64.rpm @@ -235,7 +235,7 @@ azurelinux-repos-shared-3.0-5.azl3.noarch.rpm azurelinux-repos-3.0-5.azl3.noarch.rpm libffi-3.4.4-1.azl3.aarch64.rpm libffi-devel-3.4.4-1.azl3.aarch64.rpm -libtasn1-4.19.0-2.azl3.aarch64.rpm +libtasn1-4.19.0-3.azl3.aarch64.rpm p11-kit-0.25.0-1.azl3.aarch64.rpm p11-kit-trust-0.25.0-1.azl3.aarch64.rpm ca-certificates-shared-3.0.0-14.azl3.noarch.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index be1bfd47a0e..beb018bcc2e 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,5 +1,5 @@ filesystem-1.1-21.azl3.x86_64.rpm -kernel-headers-6.6.119.3-1.azl3.noarch.rpm +kernel-headers-6.6.119.3-3.azl3.noarch.rpm glibc-2.38-16.azl3.x86_64.rpm glibc-devel-2.38-16.azl3.x86_64.rpm glibc-i18n-2.38-16.azl3.x86_64.rpm @@ -203,8 +203,8 @@ curl-8.11.1-4.azl3.x86_64.rpm curl-devel-8.11.1-4.azl3.x86_64.rpm curl-libs-8.11.1-4.azl3.x86_64.rpm createrepo_c-1.0.3-1.azl3.x86_64.rpm -libxml2-2.11.5-7.azl3.x86_64.rpm -libxml2-devel-2.11.5-7.azl3.x86_64.rpm +libxml2-2.11.5-8.azl3.x86_64.rpm +libxml2-devel-2.11.5-8.azl3.x86_64.rpm docbook-dtd-xml-4.5-11.azl3.noarch.rpm docbook-style-xsl-1.79.1-14.azl3.noarch.rpm libsepol-3.6-2.azl3.x86_64.rpm @@ -235,7 +235,7 @@ azurelinux-repos-shared-3.0-5.azl3.noarch.rpm azurelinux-repos-3.0-5.azl3.noarch.rpm libffi-3.4.4-1.azl3.x86_64.rpm libffi-devel-3.4.4-1.azl3.x86_64.rpm -libtasn1-4.19.0-2.azl3.x86_64.rpm +libtasn1-4.19.0-3.azl3.x86_64.rpm p11-kit-0.25.0-1.azl3.x86_64.rpm p11-kit-trust-0.25.0-1.azl3.x86_64.rpm ca-certificates-shared-3.0.0-14.azl3.noarch.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 7fe83a5826f..22df7dc8054 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -158,7 +158,7 @@ intltool-0.51.0-7.azl3.noarch.rpm itstool-2.0.7-1.azl3.noarch.rpm kbd-2.2.0-2.azl3.aarch64.rpm kbd-debuginfo-2.2.0-2.azl3.aarch64.rpm -kernel-headers-6.6.119.3-1.azl3.noarch.rpm +kernel-headers-6.6.119.3-3.azl3.noarch.rpm kmod-30-1.azl3.aarch64.rpm kmod-debuginfo-30-1.azl3.aarch64.rpm kmod-devel-30-1.azl3.aarch64.rpm @@ -234,17 +234,17 @@ libssh2-debuginfo-1.11.1-1.azl3.aarch64.rpm libssh2-devel-1.11.1-1.azl3.aarch64.rpm libstdc++-13.2.0-7.azl3.aarch64.rpm libstdc++-devel-13.2.0-7.azl3.aarch64.rpm -libtasn1-4.19.0-2.azl3.aarch64.rpm -libtasn1-debuginfo-4.19.0-2.azl3.aarch64.rpm -libtasn1-devel-4.19.0-2.azl3.aarch64.rpm +libtasn1-4.19.0-3.azl3.aarch64.rpm +libtasn1-debuginfo-4.19.0-3.azl3.aarch64.rpm +libtasn1-devel-4.19.0-3.azl3.aarch64.rpm libtool-2.4.7-1.azl3.aarch64.rpm libtool-debuginfo-2.4.7-1.azl3.aarch64.rpm libxcrypt-4.4.36-2.azl3.aarch64.rpm libxcrypt-debuginfo-4.4.36-2.azl3.aarch64.rpm libxcrypt-devel-4.4.36-2.azl3.aarch64.rpm -libxml2-2.11.5-7.azl3.aarch64.rpm -libxml2-debuginfo-2.11.5-7.azl3.aarch64.rpm -libxml2-devel-2.11.5-7.azl3.aarch64.rpm +libxml2-2.11.5-8.azl3.aarch64.rpm +libxml2-debuginfo-2.11.5-8.azl3.aarch64.rpm +libxml2-devel-2.11.5-8.azl3.aarch64.rpm libxslt-1.1.43-3.azl3.aarch64.rpm libxslt-debuginfo-1.1.43-3.azl3.aarch64.rpm libxslt-devel-1.1.43-3.azl3.aarch64.rpm @@ -544,7 +544,7 @@ python3-jinja2-3.1.2-3.azl3.noarch.rpm python3-libcap-ng-0.8.4-1.azl3.aarch64.rpm python3-libmount-2.40.2-3.azl3.aarch64.rpm python3-libs-3.12.9-7.azl3.aarch64.rpm -python3-libxml2-2.11.5-7.azl3.aarch64.rpm +python3-libxml2-2.11.5-8.azl3.aarch64.rpm python3-lxml-4.9.3-1.azl3.aarch64.rpm python3-magic-5.45-1.azl3.noarch.rpm python3-markupsafe-2.1.3-1.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 292ecbc00cc..8f3057df15b 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -165,8 +165,8 @@ intltool-0.51.0-7.azl3.noarch.rpm itstool-2.0.7-1.azl3.noarch.rpm kbd-2.2.0-2.azl3.x86_64.rpm kbd-debuginfo-2.2.0-2.azl3.x86_64.rpm -kernel-cross-headers-6.6.119.3-1.azl3.noarch.rpm -kernel-headers-6.6.119.3-1.azl3.noarch.rpm +kernel-cross-headers-6.6.119.3-3.azl3.noarch.rpm +kernel-headers-6.6.119.3-3.azl3.noarch.rpm kmod-30-1.azl3.x86_64.rpm kmod-debuginfo-30-1.azl3.x86_64.rpm kmod-devel-30-1.azl3.x86_64.rpm @@ -242,14 +242,14 @@ libssh2-debuginfo-1.11.1-1.azl3.x86_64.rpm libssh2-devel-1.11.1-1.azl3.x86_64.rpm libstdc++-13.2.0-7.azl3.x86_64.rpm libstdc++-devel-13.2.0-7.azl3.x86_64.rpm -libtasn1-4.19.0-2.azl3.x86_64.rpm -libtasn1-debuginfo-4.19.0-2.azl3.x86_64.rpm -libtasn1-devel-4.19.0-2.azl3.x86_64.rpm +libtasn1-4.19.0-3.azl3.x86_64.rpm +libtasn1-debuginfo-4.19.0-3.azl3.x86_64.rpm +libtasn1-devel-4.19.0-3.azl3.x86_64.rpm libtool-2.4.7-1.azl3.x86_64.rpm libtool-debuginfo-2.4.7-1.azl3.x86_64.rpm -libxml2-2.11.5-7.azl3.x86_64.rpm -libxml2-debuginfo-2.11.5-7.azl3.x86_64.rpm -libxml2-devel-2.11.5-7.azl3.x86_64.rpm +libxml2-2.11.5-8.azl3.x86_64.rpm +libxml2-debuginfo-2.11.5-8.azl3.x86_64.rpm +libxml2-devel-2.11.5-8.azl3.x86_64.rpm libxcrypt-4.4.36-2.azl3.x86_64.rpm libxcrypt-debuginfo-4.4.36-2.azl3.x86_64.rpm libxcrypt-devel-4.4.36-2.azl3.x86_64.rpm @@ -552,7 +552,7 @@ python3-jinja2-3.1.2-3.azl3.noarch.rpm python3-libcap-ng-0.8.4-1.azl3.x86_64.rpm python3-libmount-2.40.2-3.azl3.x86_64.rpm python3-libs-3.12.9-7.azl3.x86_64.rpm -python3-libxml2-2.11.5-7.azl3.x86_64.rpm +python3-libxml2-2.11.5-8.azl3.x86_64.rpm python3-lxml-4.9.3-1.azl3.x86_64.rpm python3-magic-5.45-1.azl3.noarch.rpm python3-markupsafe-2.1.3-1.azl3.x86_64.rpm diff --git a/toolkit/scripts/get_config_deps.sh b/toolkit/scripts/get_config_deps.sh index 1e724d03d0a..564f9ae46fc 100755 --- a/toolkit/scripts/get_config_deps.sh +++ b/toolkit/scripts/get_config_deps.sh @@ -44,6 +44,8 @@ do then echo "$filename" else - echo $(realpath "$config_base_dir/$filename") + # Use -m to canonicalize paths even if they don't exist + # This allows the Makefile to detect missing files and provide a helpful error + echo $(realpath -m "$config_base_dir/$filename") fi done diff --git a/toolkit/scripts/imggen.mk b/toolkit/scripts/imggen.mk index 881f30d6437..f0f1d2458e5 100644 --- a/toolkit/scripts/imggen.mk +++ b/toolkit/scripts/imggen.mk @@ -94,6 +94,20 @@ fetch-external-image-packages: $(image_external_package_cache_summary) # Validate the selected config file if any changes occur in the image config base directory. # Changes to files located outside the base directory will not be detected. validate-image-config: $(validate-config) + +# Validate that all config dependencies exist before Make tries to process them as prerequisites +# If we don't do this, Make will error out with a less-than-helpful message about having no rule to make +# the validation flag (since its a pattern match and if a dependency is missing, it can't match the pattern) +# Skip this check for printvar targets so users can still debug with the suggested command +ifneq ($(CONFIG_FILE),) + ifeq ($(filter printvar-%,$(MAKECMDGOALS)),) + config_missing_files = $(filter-out $(wildcard $(config_other_files)),$(config_other_files)) + ifneq ($(config_missing_files),) + $(error $(newline)$(newline)ERROR: Image configuration '$(CONFIG_FILE)' missing files:$(newline)$(newline)$(foreach file,$(config_missing_files), - $(file)$(newline))$(newline)Run this command to see all expected files:$(newline) make printvar-config_other_files CONFIG_FILE=$(CONFIG_FILE) --quiet$(newline)) + endif + endif +endif + $(STATUS_FLAGS_DIR)/validate-image-config%.flag: $(go-imageconfigvalidator) $(depend_CONFIG_FILE) $(CONFIG_FILE) $(config_other_files) $(if $(CONFIG_FILE),,$(error Must set CONFIG_FILE=)) $(go-imageconfigvalidator) \ @@ -126,7 +140,12 @@ ifneq ($(REPO_SNAPSHOT_TIME),) imagepkgfetcher_extra_flags += --repo-snapshot-time=$(REPO_SNAPSHOT_TIME) endif -$(image_package_cache_summary): $(go-imagepkgfetcher) $(chroot_worker) $(toolchain_rpms) $(imggen_local_repo) $(depend_REPO_LIST) $(REPO_LIST) $(depend_CONFIG_FILE) $(CONFIG_FILE) $(validate-config) $(RPMS_DIR) $(imggen_rpms) $(depend_REPO_SNAPSHOT_TIME) $(STATUS_FLAGS_DIR)/imagegen_cleanup.flag +ifeq ($(VALIDATE_IMAGE_GPG),y) +imagepkgfetcher_extra_flags += --enable-gpg-check +imagepkgfetcher_extra_flags += $(foreach key,$(IMAGE_GPG_VALIDATION_KEYS),--gpg-key=$(key)) +endif + +$(image_package_cache_summary): $(go-imagepkgfetcher) $(chroot_worker) $(toolchain_rpms) $(imggen_local_repo) $(depend_REPO_LIST) $(REPO_LIST) $(depend_CONFIG_FILE) $(CONFIG_FILE) $(validate-config) $(RPMS_DIR) $(imggen_rpms) $(depend_REPO_SNAPSHOT_TIME) $(depend_VALIDATE_IMAGE_GPG) $(depend_IMAGE_GPG_VALIDATION_KEYS) $(IMAGE_GPG_VALIDATION_KEYS) $(STATUS_FLAGS_DIR)/imagegen_cleanup.flag $(if $(CONFIG_FILE),,$(error Must set CONFIG_FILE=)) $(go-imagepkgfetcher) \ --input=$(CONFIG_FILE) \ diff --git a/toolkit/scripts/toolchain.mk b/toolkit/scripts/toolchain.mk index e0856b56543..c193717d128 100644 --- a/toolkit/scripts/toolchain.mk +++ b/toolkit/scripts/toolchain.mk @@ -309,7 +309,7 @@ $(toolchain_rpms): $(TOOLCHAIN_MANIFEST) $(STATUS_FLAGS_DIR)/toolchain_local_tem # No archive was selected, so download from online package server instead. All packages must be available for this step to succeed. else -$(toolchain_rpms): $(TOOLCHAIN_MANIFEST) $(STATUS_FLAGS_DIR)/toolchain_auto_cleanup.flag $(depend_REBUILD_TOOLCHAIN) $(go-downloader) $(SCRIPTS_DIR)/toolchain/download_toolchain_rpm.sh $(TOOLCHAIN_GPG_VALIDATION_KEYS) +$(toolchain_rpms): $(TOOLCHAIN_MANIFEST) $(STATUS_FLAGS_DIR)/toolchain_auto_cleanup.flag $(depend_REBUILD_TOOLCHAIN) $(go-downloader) $(SCRIPTS_DIR)/toolchain/download_toolchain_rpm.sh $(depend_TOOLCHAIN_GPG_VALIDATION_KEYS) $(TOOLCHAIN_GPG_VALIDATION_KEYS) @log_file="$(toolchain_downloads_logs_dir)/$(notdir $@).log" && \ rm -f "$$log_file" && \ $(SCRIPTS_DIR)/toolchain/download_toolchain_rpm.sh \ diff --git a/toolkit/scripts/utils.mk b/toolkit/scripts/utils.mk index e4565110809..b00b75e1299 100644 --- a/toolkit/scripts/utils.mk +++ b/toolkit/scripts/utils.mk @@ -15,6 +15,12 @@ build_arch := $(shell uname -m) no_repo_acl = $(STATUS_FLAGS_DIR)/no_repo_acl.flag +# Define newline for use in error messages and output formatting +define newline + + +endef + ######## MISC. MAKEFILE Functions ######## # Creates a folder if it doesn't exist. Also sets the timestamp to 0 if it is @@ -60,10 +66,11 @@ endef ######## VARIABLE DEPENDENCY TRACKING ######## # List of variables to watch for changes. -watch_vars=PACKAGE_BUILD_LIST PACKAGE_REBUILD_LIST PACKAGE_IGNORE_LIST REPO_LIST CONFIG_FILE STOP_ON_PKG_FAIL TOOLCHAIN_ARCHIVE REBUILD_TOOLCHAIN SRPM_PACK_LIST SPECS_DIR MAX_CASCADING_REBUILDS RUN_CHECK TEST_RUN_LIST TEST_RERUN_LIST TEST_IGNORE_LIST EXTRA_BUILD_LAYERS LICENSE_CHECK_MODE VALIDATE_TOOLCHAIN_GPG REPO_SNAPSHOT_TIME PACKAGE_CACHE_SUMMARY +watch_vars=PACKAGE_BUILD_LIST PACKAGE_REBUILD_LIST PACKAGE_IGNORE_LIST REPO_LIST CONFIG_FILE STOP_ON_PKG_FAIL TOOLCHAIN_ARCHIVE REBUILD_TOOLCHAIN SRPM_PACK_LIST SPECS_DIR MAX_CASCADING_REBUILDS RUN_CHECK TEST_RUN_LIST TEST_RERUN_LIST TEST_IGNORE_LIST EXTRA_BUILD_LAYERS LICENSE_CHECK_MODE VALIDATE_TOOLCHAIN_GPG TOOLCHAIN_GPG_VALIDATION_KEYS VALIDATE_IMAGE_GPG IMAGE_GPG_VALIDATION_KEYS REPO_SNAPSHOT_TIME PACKAGE_CACHE_SUMMARY # Current list: $(depend_PACKAGE_BUILD_LIST) $(depend_PACKAGE_REBUILD_LIST) $(depend_PACKAGE_IGNORE_LIST) $(depend_REPO_LIST) $(depend_CONFIG_FILE) $(depend_STOP_ON_PKG_FAIL) # $(depend_TOOLCHAIN_ARCHIVE) $(depend_REBUILD_TOOLCHAIN) $(depend_SRPM_PACK_LIST) $(depend_SPECS_DIR) $(depend_EXTRA_BUILD_LAYERS) $(depend_MAX_CASCADING_REBUILDS) $(depend_RUN_CHECK) $(depend_TEST_RUN_LIST) -# $(depend_TEST_RERUN_LIST) $(depend_TEST_IGNORE_LIST) $(depend_LICENSE_CHECK_MODE) $(depend_VALIDATE_TOOLCHAIN_GPG) $(depend_REPO_SNAPSHOT_TIME) $(depend_PACKAGE_CACHE_SUMMARY) +# $(depend_TEST_RERUN_LIST) $(depend_TEST_IGNORE_LIST) $(depend_LICENSE_CHECK_MODE) $(depend_VALIDATE_TOOLCHAIN_GPG) $(depend_TOOLCHAIN_GPG_VALIDATION_KEYS) $(depend_VALIDATE_IMAGE_GPG) +# $(depend_IMAGE_GPG_VALIDATION_KEYS) $(depend_REPO_SNAPSHOT_TIME) $(depend_PACKAGE_CACHE_SUMMARY) .PHONY: variable_depends_on_phony clean-variable_depends_on_phony setfacl_always_run_phony clean: clean-variable_depends_on_phony diff --git a/toolkit/tools/imagegen/installutils/installutils.go b/toolkit/tools/imagegen/installutils/installutils.go index 0ee732ef2a9..2c183b73329 100644 --- a/toolkit/tools/imagegen/installutils/installutils.go +++ b/toolkit/tools/imagegen/installutils/installutils.go @@ -766,7 +766,9 @@ func TdnfInstallWithProgress(packageName, installRoot string, currentPackagesIns return } - // TDNF 3.x uses repositories from installchroot instead of host. Passing setopt for repo files directory to use local repo for installroot installation + // TDNF 3.x uses repositories from installchroot instead of host. Passing setopt for repo files directory to use local repo for installroot installation. + // Note: --nogpgcheck is used here because GPG signature validation is performed earlier during package fetching (imagepkgfetcher) + // when VALIDATE_IMAGE_GPG=y is set. Packages in the local repo have already been verified. err = shell.NewExecBuilder("tdnf", "-v", "install", packageName, "--installroot", installRoot, "--nogpgcheck", "--assumeyes", "--setopt", "reposdir=/etc/yum.repos.d/", releaseverCliArg). StdoutCallback(onStdout). @@ -830,7 +832,9 @@ func calculateTotalPackages(packages []string, installRoot string) (installedPac stderr string ) - // Issue an install request but stop right before actually performing the install (assumeno) + // Issue an install request but stop right before actually performing the install (assumeno). + // Note: --nogpgcheck is safe here because this is a dry-run (--assumeno) and packages are validated + // during fetching when VALIDATE_IMAGE_GPG=y is set. stdout, stderr, err = shell.Execute("tdnf", "install", releaseverCliArg, "--assumeno", "--nogpgcheck", pkg, "--installroot", installRoot) if err != nil { // tdnf aborts the process when it detects an install with --assumeno. @@ -1815,11 +1819,8 @@ func ProvisionUserSSHCerts(installChroot safechroot.ChrootInterface, username st ) (err error) { var ( pubKeyData []string - exists bool ) const squashErrors = false - const authorizedKeysTempFilePerms = 0644 - const authorizedKeysTempFile = "/tmp/authorized_keys" const sshDirectoryPermission = "0700" // Skip user SSH directory generation when not provided with public keys @@ -1835,27 +1836,21 @@ func ProvisionUserSSHCerts(installChroot safechroot.ChrootInterface, username st authorizedKeysFile := filepath.Join(userSSHKeyDir, userutils.SSHAuthorizedKeysFileName) - exists, err = file.PathExists(authorizedKeysTempFile) + // Create a guaranteed unique temporary file for authorized_keys as a staging file which we will copy + // into the chroot. + tmpFile, err := os.CreateTemp("", "authorized_keys_*") if err != nil { - logger.Log.Warnf("Error accessing %s file : %v", authorizedKeysTempFile, err) + logger.Log.Warnf("Failed to create temporary authorized_keys file: %v", err) return } - if !exists { - logger.Log.Debugf("File %s does not exist. Creating file...", authorizedKeysTempFile) - err = file.Create(authorizedKeysTempFile, authorizedKeysTempFilePerms) - if err != nil { - logger.Log.Warnf("Failed to create %s file : %v", authorizedKeysTempFile, err) - return - } - } else { - err = os.Truncate(authorizedKeysTempFile, 0) - if err != nil { - logger.Log.Warnf("Failed to truncate %s file : %v", authorizedKeysTempFile, err) - return - } - } + authorizedKeysTempFile := tmpFile.Name() defer os.Remove(authorizedKeysTempFile) + if err = tmpFile.Close(); err != nil { + logger.Log.Warnf("Failed to close temporary authorized_keys file: %v", err) + return + } + allSSHKeys := []string(nil) if includeExistingKeys { diff --git a/toolkit/tools/imagepkgfetcher/imagepkgfetcher.go b/toolkit/tools/imagepkgfetcher/imagepkgfetcher.go index 3b70a6c9db6..8ca24933ba6 100644 --- a/toolkit/tools/imagepkgfetcher/imagepkgfetcher.go +++ b/toolkit/tools/imagepkgfetcher/imagepkgfetcher.go @@ -16,6 +16,7 @@ import ( "github.com/microsoft/azurelinux/toolkit/tools/internal/packagerepo/repoutils" "github.com/microsoft/azurelinux/toolkit/tools/internal/pkggraph" "github.com/microsoft/azurelinux/toolkit/tools/internal/pkgjson" + "github.com/microsoft/azurelinux/toolkit/tools/internal/rpm" "github.com/microsoft/azurelinux/toolkit/tools/internal/timestamp" "github.com/microsoft/azurelinux/toolkit/tools/pkg/profile" @@ -49,6 +50,9 @@ var ( inputSummaryFile = app.Flag("input-summary-file", "Path to a file with the summary of packages cloned to be restored").String() outputSummaryFile = app.Flag("output-summary-file", "Path to save the summary of packages cloned").String() + enableGpgCheck = app.Flag("enable-gpg-check", "Enable RPM GPG signature verification for all repositories during package fetching.").Bool() + gpgKeyPaths = app.Flag("gpg-key", "Path to a GPG key file for signature validation. May be specified multiple times. Required if enable-gpg-check is set.").ExistingFiles() + logFlags = exe.SetupLogFlags(app) profFlags = exe.SetupProfileFlags(app) timestampFile = app.Flag("timestamp-file", "File that stores timestamps for this program.").String() @@ -73,6 +77,10 @@ func main() { logger.Log.Fatal("input-graph must be provided if external-only is set.") } + if *enableGpgCheck && len(*gpgKeyPaths) == 0 { + logger.Log.Fatal("--enable-gpg-check requires at least one --gpg-key path") + } + timestamp.StartEvent("initialize and configure cloner", nil) cloner, err := rpmrepocloner.ConstructCloner(*outDir, *tmpDir, *workertar, *existingRpmDir, *existingToolchainRpmDir, *tlsClientCert, *tlsClientKey, *repoFiles, *repoSnapshotTime) @@ -110,6 +118,14 @@ func main() { logger.Log.Panicf("Failed to clone RPM repo. Error: %s", err) } + // Validate GPG signatures of downloaded packages if enabled + if *enableGpgCheck { + err = rpm.ValidateDirectoryRPMSignatures(cloner.CloneDirectory(), *gpgKeyPaths) + if err != nil { + logger.Log.Panicf("Failed to validate RPM signatures. Error: %s", err) + } + } + timestamp.StartEvent("finalize cloned packages", nil) err = cloner.ConvertDownloadedPackagesIntoRepo() diff --git a/toolkit/tools/internal/rpm/rpm.go b/toolkit/tools/internal/rpm/rpm.go index 8ef77dffe56..96f817b8557 100644 --- a/toolkit/tools/internal/rpm/rpm.go +++ b/toolkit/tools/internal/rpm/rpm.go @@ -5,6 +5,8 @@ package rpm import ( "fmt" + "os" + "os/exec" "path/filepath" "regexp" "runtime" @@ -501,6 +503,91 @@ func InstallRPM(rpmFile string) (err error) { return } +const rpmKeysProgram = "rpmkeys" + +// importGPGKeysToRPMDb imports GPG keys into an RPM database for signature verification. +// - rpmDbRoot: path to a directory to use as the RPM database root (will be created if it doesn't exist) +// - gpgKeyPaths: paths to GPG key files to import into the RPM database +// This should be called once before validating multiple RPMs with checkRPMSignature. +func importGPGKeysToRPMDb(rpmDbRoot string, gpgKeyPaths []string) (err error) { + if _, err := exec.LookPath(rpmKeysProgram); err != nil { + return fmt.Errorf("%s command not found - explicit GPG signature enforcement requires this tool:\n%w", rpmKeysProgram, err) + } + for _, keyPath := range gpgKeyPaths { + _, stderr, importErr := shell.Execute(rpmKeysProgram, "--root", rpmDbRoot, "--import", keyPath) + if importErr != nil { + return fmt.Errorf("failed to import GPG key (%s) into RPM database: %v:\n%w", keyPath, stderr, importErr) + } + } + return nil +} + +// checkRPMSignature validates the GPG signature of an RPM file. +// - rpmFile: path to the RPM file to validate +// - rpmDbRoot: path to a directory used as the RPM database root (must have GPG keys already imported via importGPGKeysToRpmDb) +// Returns an error if the RPM signature is missing or invalid. +func checkRPMSignature(rpmFile string, rpmDbRoot string) (err error) { + _, stderr, err := shell.Execute(rpmKeysProgram, "--root", rpmDbRoot, "--checksig", rpmFile, "-D", "%_pkgverify_level signature") + if err != nil { + return fmt.Errorf("RPM signature validation failed for (%s): %v\n%w", rpmFile, stderr, err) + } + return nil +} + +// ValidateDirectoryRPMSignatures validates the GPG signatures of all RPM files in a directory. +// It creates an isolated RPM database, imports the provided GPG keys, and validates each RPM. +// Returns an error if any RPM has a missing or invalid signature. +func ValidateDirectoryRPMSignatures(rpmDir string, gpgKeyPaths []string) (err error) { + logger.Log.Info("Validating GPG signatures of downloaded packages") + + // Create a temporary directory for the isolated RPM database + rpmDbRoot, err := os.MkdirTemp("", "rpm-gpg-check-*") + if err != nil { + return fmt.Errorf("failed to create temporary directory for RPM database:\n%w", err) + } + defer os.RemoveAll(rpmDbRoot) + + // Import GPG keys once before validating all RPMs + err = importGPGKeysToRPMDb(rpmDbRoot, gpgKeyPaths) + if err != nil { + return err + } + + // Find all RPM files in the directory (recursively) + var rpmFiles []string + err = filepath.WalkDir(rpmDir, func(path string, d os.DirEntry, walkErr error) error { + if walkErr != nil { + return walkErr + } + if !d.IsDir() && filepath.Ext(path) == ".rpm" { + rpmFiles = append(rpmFiles, path) + } + return nil + }) + if err != nil { + return fmt.Errorf("failed to find RPM files in (%s):\n%w", rpmDir, err) + } + + if len(rpmFiles) == 0 { + logger.Log.Debug("No RPM files found to validate") + return nil + } + + logger.Log.Infof("Validating %d RPM files", len(rpmFiles)) + + // Validate each RPM + for _, rpmFile := range rpmFiles { + logger.Log.Debugf("Validating signature of: %s", filepath.Base(rpmFile)) + err = checkRPMSignature(rpmFile, rpmDbRoot) + if err != nil { + return fmt.Errorf("GPG signature validation failed:\n%w", err) + } + } + + logger.Log.Info("All downloaded RPMs have valid GPG signatures") + return nil +} + // QueryRPMProvides returns what an RPM file provides. // This includes any provides made by a generator and files provided by the rpm. func QueryRPMProvides(rpmFile string) (provides []string, err error) {