Merge branch 'main' into 2.0

.pipelines/prchecks/PackageBuildPRCheck.yml

@@ -97,6 +97,7 @@ extends:
                       outputArtifactsFolder: $(ob_outputDirectory)
                       pipArtifactFeeds: "mariner/Mariner-Pypi-Feed"
                       selfRepoName: self
+                      testSuiteName: "[${{ configuration.name }}] Package test"
 
                   - task: PublishPipelineArtifact@1
                     inputs:

.pipelines/templates/PackageBuild.yml

@@ -98,6 +98,10 @@ parameters:
     type: string
     default: "srpms.tar.gz"
 
+  - name: testSuiteName
+    type: string
+    default: "Package test"
+
 steps:
   - template: ToolkitCheck.yml@${{ parameters.selfRepoName }}
     parameters:
@@ -220,3 +224,4 @@ steps:
           buildRepoRoot: ${{ parameters.buildRepoRoot }}
           failOnTestFailures: ${{ parameters.failOnTestFailures }}
           outputArtifactsFolder: ${{ parameters.outputArtifactsFolder }}
+          testSuiteName: ${{ parameters.testSuiteName }}

.pipelines/templates/PackageTestResultsAnalysis.yml

@@ -14,6 +14,10 @@ parameters:
     type: string
     default: "$(Build.ArtifactStagingDirectory)"
 
+  - name: testSuiteName
+    type: string
+    default: "Package test"
+
   # Local constants. Can't use variables in a template without jobs or stages.
   - name: reportFileName
     type: string
@@ -245,7 +249,7 @@ steps:
 
         logs_dir_path = "${{ parameters.buildRepoRoot }}/build/logs/pkggen/rpmbuilding"
         report_path = "${{ parameters.testsWorkspace }}/${{ parameters.reportFileName }}"
-        test_suit_name = f"[{machine()}] Package test"
+        test_suit_name = "${{ parameters.testSuiteName }}"
 
         logger = ADOPipelineLogger()
         logger.log(f"Analyzing tests results inside '{logs_dir_path}'.")

SPECS-EXTENDED/buildah/buildah.spec

@@ -21,7 +21,7 @@
 Summary:        A command line tool used for creating OCI Images
 Name:           buildah
 Version:        1.18.0
-Release:        17%{?dist}
+Release:        18%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -32,7 +32,7 @@ BuildRequires:  btrfs-progs-devel
 BuildRequires:  device-mapper-devel
 BuildRequires:  git
 BuildRequires:  glib2-devel
-BuildRequires:  glibc-static >= 2.35-4%{?dist}
+BuildRequires:  glibc-static >= 2.35-5%{?dist}
 BuildRequires:  go-md2man
 BuildRequires:  go-rpm-macros
 BuildRequires:  golang
@@ -123,6 +123,9 @@ cp imgtype %{buildroot}/%{_bindir}/%{name}-imgtype
 %{_datadir}/%{name}/test
 
 %changelog
+* Tue Oct 03 2023 Mandeep Plaha <[email protected]> - 1.18.0-18
+- Bump release to rebuild against glibc 2.35-5
+
 * Tue Sep 05 2023 Brian Fjeldstad <[email protected]> - 1.18.0-17
 - Address CVE-2022-2990
 

SPECS-EXTENDED/catatonit/catatonit.spec

@@ -3,7 +3,7 @@ Distribution:   Mariner
 
 Name: catatonit
 Version: 0.1.7
-Release: 7%{?dist}
+Release: 8%{?dist}
 Summary: A signal-forwarding process manager for containers
 License: GPLv3+
 URL: https://github.com/openSUSE/catatonit
@@ -13,7 +13,7 @@ BuildRequires: automake
 BuildRequires: file
 BuildRequires: gcc
 BuildRequires: git
-BuildRequires: glibc-static >= 2.35-4%{?dist}
+BuildRequires: glibc-static >= 2.35-5%{?dist}
 BuildRequires: libtool
 BuildRequires: make
 
@@ -61,6 +61,9 @@ ln -s %{_libexecdir}/%{name}/%{name} %{buildroot}%{_libexecdir}/podman/%{name}
 %{_libexecdir}/podman/%{name}
 
 %changelog
+* Tue Oct 03 2023 Mandeep Plaha <[email protected]> - 0.1.7-8
+- Bump release to rebuild against glibc 2.35-5
+
 * Wed Jul 05 2023 Andrew Phelps <[email protected]> - 0.1.7-7
 - Bump release to rebuild against glibc 2.35-4
 

SPECS-EXTENDED/dyninst/dyninst.spec

@@ -1,7 +1,7 @@
 Summary: An API for Run-time Code Generation
 License: LGPLv2+
 Name: dyninst
-Release: 9%{?dist}
+Release: 10%{?dist}
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 URL: http://www.dyninst.org
@@ -31,7 +31,7 @@ BuildRequires: tbb tbb-devel
 
 # Extra requires just for the testsuite
 BuildRequires: gcc-gfortran libstdc++-static libxml2-devel
-BuildRequires: glibc-static >= 2.35-4%{?dist}
+BuildRequires: glibc-static >= 2.35-5%{?dist}
 
 # Testsuite files should not provide/require anything
 %{?filter_setup:
@@ -194,6 +194,9 @@ echo "%{_libdir}/dyninst" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
 %attr(644,root,root) %{_libdir}/dyninst/testsuite/*.a
 
 %changelog
+* Tue Oct 03 2023 Mandeep Plaha <[email protected]> - 10.1.0-10
+- Bump release to rebuild against glibc 2.35-5
+
 * Wed Jul 05 2023 Andrew Phelps <[email protected]> - 10.1.0-9
 - Bump release to rebuild against glibc 2.35-4
 

SPECS-EXTENDED/freeradius/fix-error-for-expansion-of-macro-in-thread.h.patch

@@ -0,0 +1,61 @@
+From 30ce5ccd62446349d432ff65d3fe8d46872423c8 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <[email protected]>
+Date: Wed, 18 Jan 2017 14:59:39 +0800
+Subject: [PATCH] fix error for expansion of macro in thread.h
+
+The parameter declaration is missing in expansion of macro
+which cause the build error:
+| In file included from src/freeradius-devel/libradius.h:80:0,
+|                  from src/lib/log.c:26:
+| src/lib/log.c: In function '__fr_thread_local_destroy_fr_strerror_buffer':
+| src/lib/log.c:37:31: error: 'fr_strerror_buffer' undeclared (first use in this function)
+|  fr_thread_local_setup(char *, fr_strerror_buffer) /* macro */
+|                                ^
+
+Add the missing declaration in macro.
+
+Upstream-Status: Pending
+
+Signed-off-by: Yi Zhao <[email protected]>
+---
+ src/include/threads.h | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/include/threads.h b/src/include/threads.h
+index e36d81dac0..2bcb6aadcb 100644
+--- a/src/include/threads.h
++++ b/src/include/threads.h
+@@ -89,7 +89,7 @@ static _t __fr_thread_local_init_##_n(pthread_destructor_t func)\
+ #  define fr_thread_local_get(_n) _n
+ #elif defined(HAVE_PTHREAD_H)
+ #  include <pthread.h>
+-#  define fr_thread_local_setup(_t, _n) \
++#  define fr_thread_local_setup(_t, _n) static __thread _t _n;\
+ static pthread_key_t __fr_thread_local_key_##_n;\
+ static pthread_once_t __fr_thread_local_once_##_n = PTHREAD_ONCE_INIT;\
+ static pthread_destructor_t __fr_thread_local_destructor_##_n = NULL;\
+@@ -100,17 +100,17 @@ static void __fr_thread_local_destroy_##_n(UNUSED void *unused)\
+ static void __fr_thread_local_key_init_##_n(void)\
+ {\
+ 	(void) pthread_key_create(&__fr_thread_local_key_##_n, __fr_thread_local_destroy_##_n);\
+-	(void) pthread_setspecific(__fr_thread_local_key_##_n, &(_n));\
+ }\
+ static _t __fr_thread_local_init_##_n(pthread_destructor_t func)\
+ {\
+ 	__fr_thread_local_destructor_##_n = func;\
+ 	if (_n) return _n; \
+ 	(void) pthread_once(&__fr_thread_local_once_##_n, __fr_thread_local_key_init_##_n);\
++	(void) pthread_setspecific(__fr_thread_local_key_##_n, &(_n));\
+ 	return _n;\
+ }
+-#  define fr_thread_local_init(_n, _f)			__fr_thread_local_init_##_n(_f)
+-#  define fr_thread_local_set(_n, _v)			__fr_thread_local_set_##_n(_v)
+-#  define fr_thread_local_get(_n)			__fr_thread_local_get_##_n()
++#  define fr_thread_local_init(_n, _f)	__fr_thread_local_init_##_n(_f)
++#  define fr_thread_local_set(_n, _v) ((int)!((_n = _v) || 1))
++#  define fr_thread_local_get(_n) _n
+ #endif
+ #endif
+-- 
+2.25.1
+

SPECS-EXTENDED/freeradius/freeradius-Use-system-crypto-policy-by-default.patch

@@ -4,6 +4,7 @@ Date: Wed, 8 May 2019 10:16:31 -0400
 Subject: [PATCH] Use system-provided crypto-policies by default
 
 Signed-off-by: Alexander Scheel <[email protected]>
+[[email protected]]: update patch to 3.2.1 state
 ---
  raddb/mods-available/eap        | 4 ++--
  raddb/mods-available/inner-eap  | 2 +-
@@ -12,21 +13,21 @@ Signed-off-by: Alexander Scheel <[email protected]>
  4 files changed, 6 insertions(+), 6 deletions(-)
 
 diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap
-index 36849e10f2..b28c0f19c6 100644
+index 62152a6dfc..9f64963034 100644
 --- a/raddb/mods-available/eap
 +++ b/raddb/mods-available/eap
-@@ -368,7 +368,7 @@ eap {
- 		#
- 		#  For EAP-FAST, use "ALL:!EXPORT:!eNULL:!SSLv2"
+@@ -400,7 +400,7 @@ eap {
+ 		#  TLS cipher suites.  The format is listed
+ 		#  in "man 1 ciphers".
  		#
 -		cipher_list = "DEFAULT"
 +		cipher_list = "PROFILE=SYSTEM"
 
- 		#  If enabled, OpenSSL will use server cipher list
- 		#  (possibly defined by cipher_list option above)
-@@ -912,7 +912,7 @@ eap {
- 		#  Note - for OpenSSL 1.1.0 and above you may need
- 		#  to add ":@SECLEVEL=0"
+ 		#  Set this option to specify the allowed
+ 		#  TLS signature algorithms for OpenSSL 1.1.1 and above.
+@@ -1082,7 +1082,7 @@ eap {
+ 		#  "DEFAULT" as "DEFAULT" contains "!aNULL" so instead it is
+ 		#  recommended "ALL:!EXPORT:!eNULL:!SSLv2" is used
  		#
 -	#	cipher_list = "ALL:!EXPORT:!eNULL:!SSLv2"
 +	#	cipher_list = "PROFILE=SYSTEM"
@@ -47,23 +48,23 @@ index 576eb7739e..ffa07188e2 100644
  		#  You may want to set a very small fragment size.
  		#  The TLS data here needs to go inside of the
 diff --git a/raddb/sites-available/abfab-tls b/raddb/sites-available/abfab-tls
-index 92f1d6330e..cd69b3905a 100644
+index b8d0626bbe..073b2933c2 100644
 --- a/raddb/sites-available/abfab-tls
 +++ b/raddb/sites-available/abfab-tls
-@@ -19,7 +19,7 @@ listen {
+@@ -20,7 +20,7 @@ listen {
  		dh_file = ${certdir}/dh
  		fragment_size = 8192
  		ca_path = ${cadir}
 -		cipher_list = "DEFAULT"
 +		cipher_list = "PROFILE=SYSTEM"
-
  		cache {
  			enable = no
+ 			lifetime = 24 # hours
 diff --git a/raddb/sites-available/tls b/raddb/sites-available/tls
-index bbc761b1c5..83cd35b851 100644
+index 137fcbc6cc..a65f8a8711 100644
 --- a/raddb/sites-available/tls
 +++ b/raddb/sites-available/tls
-@@ -215,7 +215,7 @@ listen {
+@@ -292,7 +292,7 @@ listen {
  		# Set this option to specify the allowed
  		# TLS cipher suites.  The format is listed
  		# in "man 1 ciphers".
@@ -72,15 +73,14 @@ index bbc761b1c5..83cd35b851 100644
 
  		# If enabled, OpenSSL will use server cipher list
  		# (possibly defined by cipher_list option above)
-@@ -517,7 +517,7 @@ home_server tls {
+@@ -676,7 +676,7 @@ home_server tls {
  		# Set this option to specify the allowed
  		# TLS cipher suites.  The format is listed
  		# in "man 1 ciphers".
 -		cipher_list = "DEFAULT"
 +		cipher_list = "PROFILE=SYSTEM"
- 	}
 
- }
+ 		#
+ 		#  Connection timeout for outgoing TLS connections.
 -- 
-2.21.0
-
+2.21.0

SPECS-EXTENDED/freeradius/freeradius-no-buildtime-cert-gen.patch

@@ -6,73 +6,68 @@ Subject: [PATCH] Don't generate certificates in reproducible builds
 Signed-off-by: Alexander Scheel <[email protected]>
 ---
  Make.inc.in  | 5 +++++
- configure    | 4 ++++
+ configure    | 3 +++
  configure.ac | 3 +++
  raddb/all.mk | 4 ++++
- 4 files changed, 16 insertions(+)
+ 4 files changed, 15 insertions(+)
 
 diff --git a/Make.inc.in b/Make.inc.in
 index 0b2cd74de8..8c623cf95c 100644
 --- a/Make.inc.in
 +++ b/Make.inc.in
-@@ -173,3 +173,8 @@ else
- 	TESTBINDIR = ./$(BUILD_DIR)/bin
+@@ -174,6 +174,10 @@ else
  	TESTBIN    = ./$(BUILD_DIR)/bin
  endif
-+
+ 
 +#
 +#  With reproducible builds, do not generate certificates during installation
 +#
 +ENABLE_REPRODUCIBLE_BUILDS = @ENABLE_REPRODUCIBLE_BUILDS@
+
+ #
+ #  For creating documentation via doc/all.mk
 diff --git a/configure b/configure
-index c2c599c92b..3d4403a844 100755
+index 77a1436510..74ff9a1fd4 100755
 --- a/configure
 +++ b/configure
-@@ -655,6 +655,7 @@ RUSERS
+@@ -652,6 +652,7 @@ AUTOCONF
+ ACLOCAL
+ RUSERS
  SNMPWALK
- SNMPGET
- PERL
 +ENABLE_REPRODUCIBLE_BUILDS
+ SNMPGET
  openssl_version_check_config
  WITH_DHCP
- modconfdir
-@@ -5586,6 +5587,7 @@ else
+@@ -5961,7 +5962,7 @@ else
+   openssl_version_check_config=
  fi
 
- 
+-
 +ENABLE_REPRODUCIBLE_BUILDS=yes
  # Check whether --enable-reproducible-builds was given.
  if test "${enable_reproducible_builds+set}" = set; then :
    enableval=$enable_reproducible_builds;  case "$enableval" in
-@@ -5597,6 +5599,7 @@ $as_echo "#define ENABLE_REPRODUCIBLE_BUILDS 1" >>confdefs.h
+@@ -5973,6 +5974,7 @@ $as_echo "#define ENABLE_REPRODUCIBLE_BUILDS 1" >>confdefs.h
      ;;
    *)
      reproducible_builds=no
 +    ENABLE_REPRODUCIBLE_BUILDS=no
    esac
 
  fi
-@@ -5604,6 +5607,7 @@ fi
-
-
-
-+
- CHECKRAD=checkrad
- # Extract the first word of "perl", so it can be a program name with args.
- set dummy perl; ac_word=$2
 diff --git a/configure.ac b/configure.ac
-index a7abf0025a..35b013f4af 100644
+index ce4d9b0ae5..790cbf02a0 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -619,6 +619,7 @@ AC_SUBST([openssl_version_check_config])
+@@ -697,6 +697,7 @@ AC_SUBST([openssl_version_check_config])
  dnl #
  dnl #  extra argument: --enable-reproducible-builds
  dnl #
 +ENABLE_REPRODUCIBLE_BUILDS=yes
  AC_ARG_ENABLE(reproducible-builds,
  [AS_HELP_STRING([--enable-reproducible-builds],
                  [ensure the build does not change each time])],
-@@ -630,8 +631,10 @@ AC_ARG_ENABLE(reproducible-builds,
+@@ -708,8 +709,10 @@ AC_ARG_ENABLE(reproducible-builds,
      ;;
    *)
      reproducible_builds=no
@@ -81,6 +76,10 @@ index a7abf0025a..35b013f4af 100644
  )
 +AC_SUBST(ENABLE_REPRODUCIBLE_BUILDS)
 
+ dnl #
+ dnl #  Enable the -fsanitize=fuzzer and link in the address sanitizer
+
+
 
  dnl #############################################################
 diff --git a/raddb/all.mk b/raddb/all.mk

SPECS-EXTENDED/freeradius/freeradius.signatures.json

@@ -2,8 +2,9 @@
  "Signatures": {
   "freeradius-logrotate": "d9f040861ee70def0c6fd6bad8b901503e1b48b5283cd319f72b28c6493ba29d",
   "freeradius-pam-conf": "5e7dc31dd832ee6365c32bbe8042863ef8381cb1f076dfad72caa2e86d7050d7",
-  "freeradius-server-3.0.21.tar.bz2": "c22dad43954b0cbc957564d3f8cbb942ff09853852d2c2155d54e6bd641a4e7d",
+  "freeradius-server-3.2.3.tar.bz2": "4a16aeffbfa1424e1f317fdf71d17e5523a4fd9564d87c747a60595ef93c5d1f",
   "freeradius-tmpfiles.conf": "125b30adfdee54a4ae3865e7a75ad71b91c1385190a2d3fb876cf20cfc923a08",
+  "freeradius.sysusers": "313b1c8868c014ae368861a92356818f16fabae594ba6483981097b2d815efe2",
   "radiusd.service": "300647599fcd3f96d2a8065dd49bfeab086a6353c6f97bd32edc698e3550e312"
  }
 }