Merge branch '3.0-dev' into 3.0

SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.signatures.json

@@ -1,5 +1,5 @@
 {
- "Signatures": {
-  "SymCrypt-OpenSSL-1.6.0.tar.gz": "7265ddd737b582418a7f0c29144ab11af1bdfd8ea65fbb1a92711068fa606f61"
- }
+  "Signatures": {
+    "SymCrypt-OpenSSL-1.6.1.tar.gz": "8766d2f5c977960b1aab0099c0d74190b0705bc29f29ff4b266dac3729644658"
+  }
 }

SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec

@@ -1,6 +1,6 @@
 Summary:        The SymCrypt engine for OpenSSL (SCOSSL) allows the use of OpenSSL with SymCrypt as the provider for core cryptographic operations
 Name:           SymCrypt-OpenSSL
-Version:        1.6.0
+Version:        1.6.1
 Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
@@ -67,6 +67,9 @@ install SymCryptProvider/symcrypt_prov.cnf %{buildroot}%{_sysconfdir}/pki/tls/sy
 %{_sysconfdir}/pki/tls/symcrypt_prov.cnf
 
 %changelog
+* Wed Nov 27 2024 CBL-Mariner Servicing Account <[email protected]> - 1.6.1-1
+- Auto-upgrade to 1.6.1 - bug fixes
+
 * Mon Nov 25 2024 Tobias Brick <[email protected]> - 1.6.0-1
 - Upgrade to SymCrypt-OpenSSL 1.6.0
 

SPECS/multus/multus.spec

@@ -19,7 +19,7 @@
 Summary:        CNI plugin providing multiple interfaces in containers
 Name:           multus
 Version:        4.0.2
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -28,6 +28,8 @@ URL:            https://github.com/intel/multus-cni
 Source0:        https://github.com/k8snetworkplumbingwg/multus-cni/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 %define commit efdc0a5c7d1ea4bb236d638403420448b48782b3
 Patch0:         CVE-2023-3978.patch
+Patch1:         CVE-2023-44487.patch
+Patch2:         CVE-2023-45288.patch
 BuildRequires:  golang
 BuildRequires:  golang-packaging
 
@@ -70,6 +72,10 @@ install -D -m0644 deployments/multus-daemonset-crio.yml %{buildroot}%{_datadir}/
 %{_datarootdir}/k8s-yaml/multus/multus.yaml
 
 %changelog
+* Fri Nov 22 2024 Xiaohong Deng <[email protected]> - 4.0.2-3
+- Add patches to resolve CVE-2023-39325, CVE-2023-44487 and CVE-2023-45288.
+- CVE-2023-39325 is a subset of CVE-2023-44487 and the patches are combined.
+
 * Wed Aug 21 2024 Sumedh Sharma <[email protected]> - 4.0.2-2
 - Add patch to resolve CVE-2023-3978
 

SPECS/perl-Module-ScanDeps/CVE-2024-10224.patch

@@ -243,3 +243,39 @@ index 7bc9662..dd79c65 100644
          # e.g. for autosplit .ix and .al files. In the latter case,
          # the key may also start with "./" if found via a relative path in @INC.
          $key =~ s|\\|/|g;
+
+
+From 49468814a24221affe113664899be21aef60e846 Mon Sep 17 00:00:00 2001
+From: rschupp <[email protected]>
+Date: Fri, 8 Nov 2024 19:17:30 +0100
+Subject: [PATCH] fix parsing of "use if ..."
+
+Fixes errors in PAR::Packer test t/90-rt59710.t
+---
+ lib/Module/ScanDeps.pm | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/lib/Module/ScanDeps.pm b/lib/Module/ScanDeps.pm
+index f911440..71d8b75 100644
+--- a/lib/Module/ScanDeps.pm
++++ b/lib/Module/ScanDeps.pm
+@@ -925,7 +925,7 @@ sub scan_line {
+           next CHUNK;
+         }
+
+-        if (my ($pragma, $args) = /^use \s+ (autouse|if) \s+ (.+)/x)
++        if (my ($pragma, $args) = /^(?:use|no) \s+ (autouse|if) \s+ (.+)/x)
+         {
+             # NOTE: There are different ways the MODULE may
+             # be specified for the "autouse" and "if" pragmas, e.g.
+@@ -938,7 +938,9 @@ sub scan_line {
+             else {
+                 # The syntax of the "if" pragma is
+                 #   use if COND, MODULE => ARGUMENTS
+-                (undef, $module) = _parse_module_list($args);
++                # NOTE: This works only for simple conditions.
++                $args =~ s/.*? (?:,|=>) \s*//x;
++                ($module) = _parse_module_list($args);
+             }
+             $found{_mod2pm($pragma)}++;
+             $found{_mod2pm($module)}++ if $module;

SPECS/perl-Module-ScanDeps/perl-Module-ScanDeps.spec

@@ -2,7 +2,7 @@
 Summary:        Recursively scan Perl code for dependencies
 Name:           perl-Module-ScanDeps
 Version:        1.35
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        GPL+ or Artistic
 Group:          Development/Libraries
 Source0:        https://cpan.metacpan.org/authors/id/R/RS/RSCHUPP/Module-ScanDeps-%{version}.tar.gz
@@ -15,10 +15,14 @@ BuildRequires:  perl >= 5.28.0
 BuildRequires:  perl(ExtUtils::MakeMaker)
 BuildRequires:  perl-generators
 %if 0%{?with_check}
+BuildRequires:  perl(AutoLoader)
+BuildRequires:  perl(blib)
 BuildRequires:  perl(CPAN)
 BuildRequires:  perl(CPAN::Meta)
 BuildRequires:  perl(FindBin)
+BuildRequires:  perl(Test)
 BuildRequires:  perl(Test::More)
+BuildRequires:  perl(Test::Pod)
 %endif
 
 Requires:       perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
@@ -55,6 +59,7 @@ find %{buildroot} -type f -name .packlist -exec rm -f {} +
 export PERL_MM_USE_DEFAULT=1
 cpan local::lib
 cpan Test::Requires
+cpan IPC::Run3
 make %{?_smp_mflags} test
 
 %files
@@ -65,13 +70,16 @@ make %{?_smp_mflags} test
 %{_mandir}/man3/*
 
 %changelog
+* Mon Nov 25 2024 Pawel Winogrodzki <[email protected]> - 1.35-3
+- Fixing perl-Module-ScanDeps tests.
+
 * Fri Nov 15 2024 Pawel Winogrodzki <[email protected]> - 1.35-2
 - Patched CVE-2024-10224.
 
 * Mon Dec 18 2023 CBL-Mariner Servicing Account <[email protected]> - 1.35-1
 - Auto-upgrade to 1.35 - Azure Linux 3.0 - package upgrades
 
-* Tue Aug 23 2020 Muhammad Falak <[email protected]> - 1.31-2
+* Tue Aug 23 2022 Muhammad Falak <[email protected]> - 1.31-2
 - Add BR on `perl-{(CPAN::*),(FindBin),(Test::More)}` to enable ptest
 
 * Fri Apr 22 2022 Mateusz Malisz <[email protected]> - 1.31-1

cgmanifest.json

@@ -28246,8 +28246,8 @@
         "type": "other",
         "other": {
           "name": "SymCrypt-OpenSSL",
-          "version": "1.6.0",
-          "downloadUrl": "https://github.com/microsoft/SymCrypt-OpenSSL/archive/v1.6.0.tar.gz"
+          "version": "1.6.1",
+          "downloadUrl": "https://github.com/microsoft/SymCrypt-OpenSSL/archive/v1.6.1.tar.gz"
         }
       }
     },

toolkit/imageconfigs/cvm.json → toolkit/imageconfigs/marketplace-gen2-cvm.json

@@ -5,7 +5,7 @@
             "MaxSize": 2048,
             "Artifacts": [
                 {
-                    "Name": "cvm",
+                    "Name": "cblmariner-gen2-cvm",
                     "Type": "vhd"
                 }
             ],