Merge branch 'main' into joslobo/jan-update-2

Author: jslobodzian

.github/workflows/go-test-coverage.yml

@@ -19,7 +19,7 @@ jobs:
     steps:
 
     - name: Set up Go 1.x
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
         go-version: '${{ env.EXPECTED_GO_VERSION }}'
       id: go

.github/workflows/quickstart_1.0.yml

@@ -21,7 +21,7 @@ jobs:
         ref: '1.0-stable'
 
     - name: Set up Go 1.19
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v5
       with:
         go-version: 1.19
       id: go
@@ -49,7 +49,7 @@ jobs:
         ref: '1.0-stable'
 
     - name: Set up Go 1.19
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v5
       with:
         go-version: 1.19
       id: go
@@ -76,7 +76,7 @@ jobs:
         ref: '1.0-stable'
 
     - name: Set up Go 1.19
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v5
       with:
         go-version: 1.19
       id: go

.github/workflows/quickstart_2.0.yml

@@ -21,7 +21,7 @@ jobs:
         ref: '2.0-stable'
 
     - name: Set up Go 1.20
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v5
       with:
         go-version: 1.20
       id: go
@@ -50,7 +50,7 @@ jobs:
         ref: '2.0-stable'
 
     - name: Set up Go 1.20
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v5
       with:
         go-version: 1.20
       id: go
@@ -78,7 +78,7 @@ jobs:
         ref: '2.0-stable'
 
     - name: Set up Go 1.20
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v5
       with:
         go-version: 1.20
       id: go

SPECS-EXTENDED/libdwarf/libdwarf.signatures.json

@@ -9,7 +9,7 @@
 %define uname_r %{version}-%{release}
 Summary:        Signed Linux Kernel for Azure
 Name:           kernel-azure-signed-%{buildarch}
-Version:        5.15.139.1
+Version:        5.15.145.2
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -153,6 +153,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %exclude /module_info.ld
 
 %changelog
+* Tue Jan 16 2024 Gary Swalling <gaswal@microsoft.com> - 5.15.145.2-1
+- Update to 5.15.145.2
+
 * Tue Dec 05 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 5.15.139.1-1
 - Auto-upgrade to 5.15.139.1
 

SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec

@@ -4,7 +4,7 @@
 %define uname_r %{version}-%{release}
 Summary:        Signed Linux Kernel for HCI
 Name:           kernel-hci-signed-%{buildarch}
-Version:        5.15.139.1
+Version:        5.15.145.2
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -149,6 +149,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %exclude /module_info.ld
 
 %changelog
+* Tue Jan 16 2024 Gary Swalling <gaswal@microsoft.com> - 5.15.145.2-1
+- Update to 5.15.145.2
+
 * Tue Dec 05 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 5.15.139.1-1
 - Auto-upgrade to 5.15.139.1
 

SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec

@@ -4,7 +4,7 @@
 %define uname_r %{version}-%{release}
 Summary:        Signed Linux Kernel for MOS systems
 Name:           kernel-mos-signed-%{buildarch}
-Version:        5.15.139.1
+Version:        5.15.145.2
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -150,6 +150,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %exclude /module_info.ld
 
 %changelog
+* Tue Jan 16 2024 Gary Swalling <gaswal@microsoft.com> - 5.15.145.2-1
+- Update to 5.15.145.2
+
 * Mon Dec 11 2023 Rachel Menge <rachelmenge@microsoft.com> - 5.15.139.1-1
 - Update to 5.15.139.1
 

SPECS-SIGNED/kernel-mos-signed/kernel-mos-signed.spec

@@ -9,7 +9,7 @@
 %define uname_r %{version}-%{release}
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-signed-%{buildarch}
-Version:        5.15.139.1
+Version:        5.15.145.2
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -153,6 +153,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %exclude /module_info.ld
 
 %changelog
+* Tue Jan 16 2024 Gary Swalling <gaswal@microsoft.com> - 5.15.145.2-1
+- Update to 5.15.145.2
+
 * Tue Dec 05 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 5.15.139.1-1
 - Auto-upgrade to 5.15.139.1
 

SPECS-SIGNED/kernel-signed/kernel-signed.spec

@@ -0,0 +1,154 @@
+diff --git a/lib/wasm-micro-runtime-WAMR-1.2.2/core/iwasm/interpreter/wasm_loader.c b/lib/wasm-micro-runtime-WAMR-1.2.2/core/iwasm/interpreter/wasm_loader.c
+index a3c4f42..eb7bf58 100644
+--- a/lib/wasm-micro-runtime-WAMR-1.2.2/core/iwasm/interpreter/wasm_loader.c
++++ b/lib/wasm-micro-runtime-WAMR-1.2.2/core/iwasm/interpreter/wasm_loader.c
+@@ -5475,6 +5475,7 @@ wasm_loader_pop_frame_ref(WASMLoaderContext *ctx, uint8 type, char *error_buf,
+     return true;
+ }
+ 
++#if WASM_ENABLE_FAST_INTERP == 0
+ static bool
+ wasm_loader_push_pop_frame_ref(WASMLoaderContext *ctx, uint8 pop_cnt,
+                                uint8 type_push, uint8 type_pop, char *error_buf,
+@@ -5489,6 +5490,7 @@ wasm_loader_push_pop_frame_ref(WASMLoaderContext *ctx, uint8 pop_cnt,
+         return false;
+     return true;
+ }
++#endif
+ 
+ static bool
+ wasm_loader_push_frame_csp(WASMLoaderContext *ctx, uint8 label_type,
+@@ -6165,27 +6167,6 @@ wasm_loader_pop_frame_offset(WASMLoaderContext *ctx, uint8 type,
+     return true;
+ }
+ 
+-static bool
+-wasm_loader_push_pop_frame_offset(WASMLoaderContext *ctx, uint8 pop_cnt,
+-                                  uint8 type_push, uint8 type_pop,
+-                                  bool disable_emit, int16 operand_offset,
+-                                  char *error_buf, uint32 error_buf_size)
+-{
+-    uint8 i;
+-
+-    for (i = 0; i < pop_cnt; i++) {
+-        if (!wasm_loader_pop_frame_offset(ctx, type_pop, error_buf,
+-                                          error_buf_size))
+-            return false;
+-    }
+-    if (!wasm_loader_push_frame_offset(ctx, type_push, disable_emit,
+-                                       operand_offset, error_buf,
+-                                       error_buf_size))
+-        return false;
+-
+-    return true;
+-}
+-
+ static bool
+ wasm_loader_push_frame_ref_offset(WASMLoaderContext *ctx, uint8 type,
+                                   bool disable_emit, int16 operand_offset,
+@@ -6219,12 +6200,24 @@ wasm_loader_push_pop_frame_ref_offset(WASMLoaderContext *ctx, uint8 pop_cnt,
+                                       bool disable_emit, int16 operand_offset,
+                                       char *error_buf, uint32 error_buf_size)
+ {
+-    if (!wasm_loader_push_pop_frame_offset(ctx, pop_cnt, type_push, type_pop,
+-                                           disable_emit, operand_offset,
+-                                           error_buf, error_buf_size))
++    uint8 i;
++
++    for (i = 0; i < pop_cnt; i++) {
++        if (!wasm_loader_pop_frame_offset(ctx, type_pop, error_buf,
++                                          error_buf_size))
++            return false;
++
++        if (!wasm_loader_pop_frame_ref(ctx, type_pop, error_buf,
++                                       error_buf_size))
++            return false;
++    }
++
++    if (!wasm_loader_push_frame_offset(ctx, type_push, disable_emit,
++                                       operand_offset, error_buf,
++                                       error_buf_size))
+         return false;
+-    if (!wasm_loader_push_pop_frame_ref(ctx, pop_cnt, type_push, type_pop,
+-                                        error_buf, error_buf_size))
++        
++    if (!wasm_loader_push_frame_ref(ctx, type_push, error_buf, error_buf_size))
+         return false;
+ 
+     return true;
+diff --git a/lib/wasm-micro-runtime-WAMR-1.2.2/core/iwasm/interpreter/wasm_mini_loader.c b/lib/wasm-micro-runtime-WAMR-1.2.2/core/iwasm/interpreter/wasm_mini_loader.c
+index aa5e18f..83be375 100644
+--- a/lib/wasm-micro-runtime-WAMR-1.2.2/core/iwasm/interpreter/wasm_mini_loader.c
++++ b/lib/wasm-micro-runtime-WAMR-1.2.2/core/iwasm/interpreter/wasm_mini_loader.c
+@@ -3936,6 +3936,7 @@ wasm_loader_pop_frame_ref(WASMLoaderContext *ctx, uint8 type, char *error_buf,
+     return true;
+ }
+ 
++#if WASM_ENABLE_FAST_INTERP == 0
+ static bool
+ wasm_loader_push_pop_frame_ref(WASMLoaderContext *ctx, uint8 pop_cnt,
+                                uint8 type_push, uint8 type_pop, char *error_buf,
+@@ -3950,6 +3951,7 @@ wasm_loader_push_pop_frame_ref(WASMLoaderContext *ctx, uint8 pop_cnt,
+         return false;
+     return true;
+ }
++#endif
+ 
+ static bool
+ wasm_loader_push_frame_csp(WASMLoaderContext *ctx, uint8 label_type,
+@@ -4607,25 +4609,6 @@ wasm_loader_pop_frame_offset(WASMLoaderContext *ctx, uint8 type,
+     return true;
+ }
+ 
+-static bool
+-wasm_loader_push_pop_frame_offset(WASMLoaderContext *ctx, uint8 pop_cnt,
+-                                  uint8 type_push, uint8 type_pop,
+-                                  bool disable_emit, int16 operand_offset,
+-                                  char *error_buf, uint32 error_buf_size)
+-{
+-    for (int i = 0; i < pop_cnt; i++) {
+-        if (!wasm_loader_pop_frame_offset(ctx, type_pop, error_buf,
+-                                          error_buf_size))
+-            return false;
+-    }
+-    if (!wasm_loader_push_frame_offset(ctx, type_push, disable_emit,
+-                                       operand_offset, error_buf,
+-                                       error_buf_size))
+-        return false;
+-
+-    return true;
+-}
+-
+ static bool
+ wasm_loader_push_frame_ref_offset(WASMLoaderContext *ctx, uint8 type,
+                                   bool disable_emit, int16 operand_offset,
+@@ -4659,12 +4642,24 @@ wasm_loader_push_pop_frame_ref_offset(WASMLoaderContext *ctx, uint8 pop_cnt,
+                                       bool disable_emit, int16 operand_offset,
+                                       char *error_buf, uint32 error_buf_size)
+ {
+-    if (!wasm_loader_push_pop_frame_offset(ctx, pop_cnt, type_push, type_pop,
+-                                           disable_emit, operand_offset,
+-                                           error_buf, error_buf_size))
++    uint8 i;
++
++    for (i = 0; i < pop_cnt; i++) {
++        if (!wasm_loader_pop_frame_offset(ctx, type_pop, error_buf,
++                                          error_buf_size))
++            return false;
++
++        if (!wasm_loader_pop_frame_ref(ctx, type_pop, error_buf,
++                                       error_buf_size))
++            return false;
++    }
++
++    if (!wasm_loader_push_frame_offset(ctx, type_push, disable_emit,
++                                       operand_offset, error_buf,
++                                       error_buf_size))
+         return false;
+-    if (!wasm_loader_push_pop_frame_ref(ctx, pop_cnt, type_push, type_pop,
+-                                        error_buf, error_buf_size))
++        
++    if (!wasm_loader_push_frame_ref(ctx, type_push, error_buf, error_buf_size))
+         return false;
+ 
+     return true;

SPECS/fluent-bit/CVE-2023-52284.patch

@@ -1,13 +1,14 @@
 Summary:        Fast and Lightweight Log processor and forwarder for Linux, BSD and OSX
 Name:           fluent-bit
 Version:        2.1.10
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        Apache-2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 URL:            https://fluentbit.io
 Source0:        https://github.com/fluent/%{name}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Patch0:         CVE-2023-48105.patch
+Patch1:         CVE-2023-52284.patch
 BuildRequires:  bison
 BuildRequires:  cmake
 BuildRequires:  cyrus-sasl-devel
@@ -38,7 +39,7 @@ Requires:       %{name} = %{version}
 Development files for %{name}
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 
@@ -81,6 +82,10 @@ Development files for %{name}
 %{_libdir}/fluent-bit/*.so
 
 %changelog
+* Wed Jan 10 2024 Henry Li <lihl@microsoft.com> - 2.1.10-3
+- Address CVE-2023-52284
+- Change to autosetup
+
 * Wed Dec 06 2023 Chris Gunn <chrisgun@Microsoft.com> - 2.1.10-2
 - CVE-2023-48105