From 451b9513e4d224d47e3d4d2d543e1bc834b78794 Mon Sep 17 00:00:00 2001 From: Scott Little Date: Wed, 2 Dec 2020 12:08:27 -0500 Subject: [PATCH 01/54] Fix selection of release specific mock prototype Commit https://review.opendev.org/c/starlingx/root/+/762700 was intended to include the code to select the release specific mock config prototype. e.g. mock.cfg.centos7.proto As delivered, it would always select the default. e.g. mock.cfg.proto Other improvements: - remove some trailing whitespace - improved cleanup of temorary directories Closes-Bug: 1906547 Signed-off-by: Scott Little Change-Id: I3e988fb0e861efcf9cd16b8a46b74398dbb1db17 --- centos-mirror-tools/download_mirror.sh | 9 +++++ toCOPY/generate-centos-repo.sh | 47 +++++++++++++++++++------- toCOPY/populate_downloads.sh | 12 +++++-- 3 files changed, 54 insertions(+), 14 deletions(-) diff --git a/centos-mirror-tools/download_mirror.sh b/centos-mirror-tools/download_mirror.sh index e0deb3fb..c7adfbc8 100755 --- a/centos-mirror-tools/download_mirror.sh +++ b/centos-mirror-tools/download_mirror.sh @@ -10,6 +10,15 @@ source $DOWNLOAD_MIRROR_DIR/../toCOPY/lst_utils.sh export DL_MIRROR_LOG_DIR="${DL_MIRROR_LOG_DIR:-./logs}" export DL_MIRROR_OUTPUT_DIR="${DL_MIRROR_OUTPUT_DIR:-./output/stx/CentOS}" +cleanup () { + if [ -e "${TMP_LST_DIR}" ]; then + \rm -rf ${TMP_LST_DIR} + fi +} + +trap "cleanup ; exit 1" INT HUP TERM QUIT +trap "cleanup" EXIT + # A temporary compatability step to save download time # during the shift to the new DL_MIRROR_OUTPUT_DIR location. # diff --git a/toCOPY/generate-centos-repo.sh b/toCOPY/generate-centos-repo.sh index deedaa75..48eadcf9 100755 --- a/toCOPY/generate-centos-repo.sh +++ b/toCOPY/generate-centos-repo.sh @@ -67,7 +67,8 @@ cleanup () { fi } -trap "cleanup ; exit 1" INT +trap "cleanup ; exit 1" INT HUP TERM QUIT +trap "cleanup" EXIT if [ -z "$MY_REPO" ]; then echo "\$MY_REPO is not set. Ensure you are running this script" @@ -128,11 +129,16 @@ timestamp="$(date +%F_%H%M)" mock_cfg_prefix="mock.cfg" mock_cfg_default_suffix="proto" mock_cfg_suffix="${mock_cfg_default_suffix}" -if [ -f /etc/os-release ]; then - mock_cfg_distro="$(source /etc/os-release; echo ${ID}${VERSION_ID}.proto)" -fi +mock_cfg_distro="" +mock_cfg_release_prefix=${mock_cfg_prefix} mock_cfg_dir=$MY_REPO/build-tools/repo_files mock_cfg_dest_dir=$MY_REPO/centos-repo +if [ -f /etc/os-release ]; then + mock_cfg_distro="$(source /etc/os-release; echo ${ID}${VERSION_ID})" + if [ ! -z "${mock_cfg_distro}" ]; then + mock_cfg_release_prefix=${mock_cfg_prefix}.${mock_cfg_distro} + fi +fi comps_xml_file=$MY_REPO/build-tools/repo_files/comps.xml comps_xml_dest_dir=$MY_REPO/centos-repo/Binary @@ -412,7 +418,7 @@ copy_with_backup () { if [ ! -d ${dest_dir} ]; then dest_file="$2" - dest_dir=$(dir_name ${dest_file}) + dest_dir=$(dirname ${dest_file}) if [ ! -d ${dest_dir} ]; then echo "destination directory '${dest_dir}' does not exist!" exit 1 @@ -467,15 +473,32 @@ done echo "Copying mock.cfg.proto file." -# First look for layer specific file to copy. -mock_cfg_file="${mock_cfg_dir}/${mock_cfg_prefix}.${layer}.${mock_cfg_suffix}" -if [ -f "$mock_cfg_file" ]; then - copy_with_backup ${mock_cfg_file} ${mock_cfg_dest_dir}/${mock_cfg_prefix}.${layer}.${mock_cfg_default_suffix} +# +# There are several mock.cfg.proto to choose from. +# They may be specific to release (e.g. centos7/8), +# specific to layer (e.g. distro), or both. +# + +# First look for release specific, layer specific file to copy. +mock_cfg_file="${mock_cfg_dir}/${mock_cfg_release_prefix}.${layer}.${mock_cfg_suffix}" +if [ ! -f "${mock_cfg_file}" ]; then + # Substitute release default, layer specific file to copy. + mock_cfg_file="${mock_cfg_dir}/${mock_cfg_prefix}.${layer}.${mock_cfg_suffix}" +fi +if [ -f "${mock_cfg_file}" ]; then + echo "copy_with_backup '${mock_cfg_file}' '${mock_cfg_dest_dir}/${mock_cfg_prefix}.${layer}.${mock_cfg_default_suffix}'" + copy_with_backup "${mock_cfg_file}" "${mock_cfg_dest_dir}/${mock_cfg_prefix}.${layer}.${mock_cfg_default_suffix}" fi -# Always copy the default -mock_cfg_file=${mock_cfg_dir}/${mock_cfg_prefix}.${mock_cfg_suffix} -copy_with_backup ${mock_cfg_file} ${mock_cfg_dest_dir}/${mock_cfg_prefix}.${mock_cfg_default_suffix} +# Always copy the default (with respect to layer) +# First look for release specific, layer default file to copy. +mock_cfg_file="${mock_cfg_dir}/${mock_cfg_release_prefix}.${mock_cfg_suffix}" +if [ ! -f "${mock_cfg_file}" ]; then + # Substitute release default, layer default file to copy. + mock_cfg_file="${mock_cfg_dir}/${mock_cfg_prefix}.${mock_cfg_suffix}" +fi +echo "copy_with_backup '${mock_cfg_file}' '${mock_cfg_dest_dir}/${mock_cfg_prefix}.${mock_cfg_default_suffix}'" +copy_with_backup "${mock_cfg_file}" "${mock_cfg_dest_dir}/${mock_cfg_prefix}.${mock_cfg_default_suffix}" echo "Copying contents from other list files." diff --git a/toCOPY/populate_downloads.sh b/toCOPY/populate_downloads.sh index 7d8f7b44..e434becf 100755 --- a/toCOPY/populate_downloads.sh +++ b/toCOPY/populate_downloads.sh @@ -20,6 +20,15 @@ usage () { echo " --mirror-dir=: Set the mirror directory. This is where the previously download tarballs are located." } +cleanup () { + if [ -e "${TMP_LST_DIR}" ]; then + \rm -rf ${TMP_LST_DIR} + fi +} + +trap "cleanup ; exit 1" INT HUP TERM QUIT +trap "cleanup" EXIT + mirror_dir="" if [ -z "$MY_REPO" ]; then @@ -68,6 +77,7 @@ extra_downloads_template="extra_downloads.lst" TMP_LST_DIR=$(mktemp -d /tmp/tmp_lst_dir_XXXXXX) mkdir -p $TMP_LST_DIR + tarball_lst="$TMP_LST_DIR/${tarball_downloads_template}" extra_downloads_lst="$TMP_LST_DIR/${extra_downloads_template}" merge_lst ${config_dir} ${distro} ${tarball_downloads_template} > ${tarball_lst} @@ -111,5 +121,3 @@ done for x in ${extra_downloads}; do ln -sf ${mirror_dir}/downloads/$x ${downloads_dir} done - -\rm -rf ${TMP_LST_DIR} From bbf8b0402a5b428105ac6c476dbd2b15c1a48ff8 Mon Sep 17 00:00:00 2001 From: Scott Little Date: Fri, 4 Dec 2020 16:08:25 -0500 Subject: [PATCH 02/54] tb.sh: container stuck in - Removal In Progress Systemd is once preventing a clean exit of the build container. Mapping /run and /tmp to tmpfs helps on some systems. Partial-bug: 1907119 Change-Id: I3fc54792d18b632fbd5cab678ce4fa348bc96873 Signed-off-by: Scott Little --- tb.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tb.sh b/tb.sh index 82b10cc7..151981cc 100755 --- a/tb.sh +++ b/tb.sh @@ -64,6 +64,8 @@ function run_container { -v ${HOST_MIRROR_DIR}:/import/mirrors:ro \ -v /sys/fs/cgroup:/sys/fs/cgroup:ro \ -v ~/.ssh:/mySSH:ro \ + --tmpfs /tmp \ + --tmpfs /run \ -e "container=docker" \ -e MYUNAME=${MYUNAME} \ --privileged=true \ From c7f398e9ea89da5e016e8a17a284ce181f0b98e4 Mon Sep 17 00:00:00 2001 From: Joe Slater Date: Wed, 11 Nov 2020 10:33:55 -0500 Subject: [PATCH 03/54] curl: fix CVE-2019-5482 - heap overflow in tftp curl-7.29.0-59.el7 libcurl-7.29.0-59.el7 libcurl-devel-7.29.0-59.el7 depends on libssh2-1.8.0-4.el7 libssh2-devel-1.8.0-4.el7 Closes-Bug: 190214 Change-Id: I2755068e55dc8c70452894030404df3d936fa6a5 Signed-off-by: Joe Slater --- .../config/centos/compiler/rpms_centos.lst | 4 ---- centos-mirror-tools/config/centos/distro/rpms_centos.lst | 5 ----- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 5 ----- centos-mirror-tools/config/centos/mock/rpms_centos.lst | 9 +++++---- 4 files changed, 5 insertions(+), 18 deletions(-) diff --git a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst index c57ae24d..34b6aa73 100644 --- a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst @@ -23,7 +23,6 @@ bzip2-devel-1.0.6-13.el7.x86_64.rpm # cracklib-2.9.0-11.el7.x86_64.rpm provided by mock # cracklib-dicts-2.9.0-11.el7.x86_64.rpm provided by mock # cryptsetup-libs-2.0.3-3.el7.x86_64.rpm provided by mock -# curl-7.29.0-51.el7_6.3.x86_64.rpm provided by mock # cyrus-sasl-lib-2.1.26-23.el7.x86_64.rpm provided by mock # dbus-1.10.24-12.el7.x86_64.rpm provided by mock dbus-devel-1.10.24-12.el7.x86_64.rpm @@ -99,8 +98,6 @@ libcap-devel-2.22-9.el7.x86_64.rpm # libcap-ng-0.7.5-4.el7.x86_64.rpm provided by mock libcap-ng-devel-0.7.5-4.el7.x86_64.rpm libcroco-0.6.12-4.el7.x86_64.rpm -# libcurl-7.29.0-51.el7_6.3.x86_64.rpm provided by mock -# libcurl-devel-7.29.0-51.el7_6.3.x86_64.rpm provided by mock # libdb-5.3.21-24.el7.x86_64.rpm provided by mock libdb-devel-5.3.21-24.el7.x86_64.rpm # libdb-utils-5.3.21-24.el7.x86_64.rpm provided by mock @@ -132,7 +129,6 @@ libselinux-devel-2.5-14.1.el7.x86_64.rpm # libsepol-2.5-10.el7.x86_64.rpm provided by mock libsepol-devel-2.5-10.el7.x86_64.rpm # libsmartcols-2.23.2-59.el7.x86_64.rpm provided by mock -# libssh2-1.4.3-12.el7.x86_64.rpm provided by mock # libstdc++-4.8.5-36.el7.x86_64.rpm provided by mock # libstdc++-devel-4.8.5-36.el7.x86_64.rpm provided by mock # libtasn1-4.10-1.el7.x86_64.rpm provided by mock diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index d7543c05..9bdf6855 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -99,7 +99,6 @@ cryptsetup-devel-2.0.3-3.el7.x86_64.rpm ctags-5.8-13.el7.x86_64.rpm cups-client-1.6.3-35.el7.x86_64.rpm cups-libs-1.6.3-35.el7.x86_64.rpm -# curl-7.29.0-51.el7_6.3.x86_64.rpm provided by mock cyrus-sasl-2.1.26-23.el7.x86_64.rpm cyrus-sasl-devel-2.1.26-23.el7.x86_64.rpm cyrus-sasl-gssapi-2.1.26-23.el7.x86_64.rpm @@ -345,8 +344,6 @@ libcmocka-devel-1.1.5-1.el7.x86_64.rpm libcollection-0.7.0-32.el7.x86_64.rpm libcomps-0.1.8-12.el7.x86_64.rpm libcroco-0.6.12-4.el7.x86_64.rpm -# libcurl-7.29.0-51.el7_6.3.x86_64.rpm provided by mock -# libcurl-devel-7.29.0-51.el7_6.3.x86_64.rpm provided by mock libdaemon-0.14-7.el7.x86_64.rpm # libdb-5.3.21-24.el7.x86_64.rpm provided by mock libdb-devel-5.3.21-24.el7.x86_64.rpm @@ -433,8 +430,6 @@ libSM-1.2.2-2.el7.x86_64.rpm libsndfile-1.0.25-10.el7.x86_64.rpm libsolv-0.6.34-4.el7.x86_64.rpm libsoup-2.62.2-2.el7.x86_64.rpm -# libssh2-1.4.3-12.el7.x86_64.rpm provided by mock -libssh2-devel-1.4.3-12.el7.x86_64.rpm # libstdc++-4.8.5-36.el7.x86_64.rpm provided by mock # libtasn1-4.10-1.el7.x86_64.rpm provided by mock libtasn1-devel-4.10-1.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index fbd9b23e..d0087e2c 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -104,7 +104,6 @@ crudini-0.9-2.el7.noarch.rpm cryptsetup-2.0.3-3.el7.x86_64.rpm # cryptsetup-libs-2.0.3-3.el7.x86_64.rpm provided by mock cups-libs-1.6.3-35.el7.x86_64.rpm -# curl-7.29.0-51.el7_6.3.x86_64.rpm provided by mock cyrus-sasl-2.1.26-23.el7.x86_64.rpm cyrus-sasl-gssapi-2.1.26-23.el7.x86_64.rpm # cyrus-sasl-lib-2.1.26-23.el7.x86_64.rpm provided by mock @@ -384,8 +383,6 @@ libcollection-0.7.0-32.el7.x86_64.rpm libcomps-0.1.8-12.el7.x86_64.rpm libconfig-1.4.9-5.el7.x86_64.rpm libcroco-0.6.12-4.el7.x86_64.rpm -# libcurl-7.29.0-51.el7_6.3.x86_64.rpm provided by mock -# libcurl-devel-7.29.0-51.el7_6.3.x86_64.rpm provided by mock libdaemon-0.14-7.el7.x86_64.rpm # libdb-5.3.21-24.el7.x86_64.rpm provided by mock libdb-devel-5.3.21-24.el7.x86_64.rpm @@ -479,8 +476,6 @@ libSM-1.2.2-2.el7.x86_64.rpm libSM-devel-1.2.2-2.el7.x86_64.rpm libsndfile-1.0.25-10.el7.x86_64.rpm libsolv-0.6.34-4.el7.x86_64.rpm -# libssh2-1.4.3-12.el7.x86_64.rpm provided by mock -libssh2-devel-1.4.3-12.el7.x86_64.rpm # libstdc++-4.8.5-36.el7.x86_64.rpm provided by mock libsysfs-2.1.0-16.el7.x86_64.rpm # libtasn1-4.10-1.el7.x86_64.rpm provided by mock diff --git a/centos-mirror-tools/config/centos/mock/rpms_centos.lst b/centos-mirror-tools/config/centos/mock/rpms_centos.lst index 3100c2b2..d388c24c 100644 --- a/centos-mirror-tools/config/centos/mock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/mock/rpms_centos.lst @@ -14,7 +14,7 @@ cpp-4.8.5-36.el7.x86_64.rpm cracklib-2.9.0-11.el7.x86_64.rpm cracklib-dicts-2.9.0-11.el7.x86_64.rpm cryptsetup-libs-2.0.3-3.el7.x86_64.rpm -curl-7.29.0-51.el7_6.3.x86_64.rpm +curl-7.29.0-59.el7.x86_64.rpm cyrus-sasl-lib-2.1.26-23.el7.x86_64.rpm dbus-1.10.24-12.el7.x86_64.rpm dbus-libs-1.10.24-12.el7.x86_64.rpm @@ -61,8 +61,8 @@ libassuan-2.1.0-3.el7.x86_64.rpm libattr-2.4.46-13.el7.x86_64.rpm libcap-2.22-9.el7.x86_64.rpm libcap-ng-0.7.5-4.el7.x86_64.rpm -libcurl-7.29.0-51.el7_6.3.x86_64.rpm -libcurl-devel-7.29.0-51.el7_6.3.x86_64.rpm +libcurl-7.29.0-59.el7.x86_64.rpm +libcurl-devel-7.29.0-59.el7.x86_64.rpm libdb-5.3.21-24.el7.x86_64.rpm libdb-utils-5.3.21-24.el7.x86_64.rpm libffi-3.0.13-18.el7.x86_64.rpm @@ -77,7 +77,8 @@ libpwquality-1.2.3-5.el7.x86_64.rpm libselinux-2.5-14.1.el7.x86_64.rpm libsepol-2.5-10.el7.x86_64.rpm libsmartcols-2.23.2-59.el7.x86_64.rpm -libssh2-1.4.3-12.el7.x86_64.rpm +libssh2-1.8.0-4.el7.x86_64.rpm +libssh2-devel-1.8.0-4.el7.x86_64.rpm libstdc++-4.8.5-36.el7.x86_64.rpm libstdc++-devel-4.8.5-36.el7.x86_64.rpm libtasn1-4.10-1.el7.x86_64.rpm From 1f3f3e08bc8fa33cf34541f408df4975c787367b Mon Sep 17 00:00:00 2001 From: Davlet Panech Date: Mon, 14 Dec 2020 10:01:45 -0500 Subject: [PATCH 04/54] Update CentOS vault URL to HTTPS CentOS vault HTTP url redirects to HTTPS, but yum displays misleading error messages when the secondary HTTPS request fails. Use HTTPS directly. Change-Id: I687c1de2378de11abb5ad981bc73b66d8c40ba2a Closes-Bug: 1908088 Signed-off-by: Davlet Panech --- Dockerfile | 2 +- centos-mirror-tools/dl_other_from_centos_repo.sh | 2 +- centos-mirror-tools/utils_tests.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8042541f..eba205a2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,7 +31,7 @@ ARG MYUNAME=builder ARG MYUID=1000 # CentOS & EPEL URLs that match the base image # Override these with --build-arg if you have a mirror -ARG CENTOS_7_8_URL=http://vault.centos.org/centos/7.8.2003 +ARG CENTOS_7_8_URL=https://vault.centos.org/centos/7.8.2003 ARG EPEL_7_8_URL=https://archives.fedoraproject.org/pub/archive/epel/7.2020-04-20 ARG MY_EMAIL= diff --git a/centos-mirror-tools/dl_other_from_centos_repo.sh b/centos-mirror-tools/dl_other_from_centos_repo.sh index caa46e9d..d16e7dc4 100755 --- a/centos-mirror-tools/dl_other_from_centos_repo.sh +++ b/centos-mirror-tools/dl_other_from_centos_repo.sh @@ -5,7 +5,7 @@ # # -# Download non-RPM files from http://vault.centos.org/7.4.1708/os/x86_64/ +# Download non-RPM files from https://vault.centos.org/7.4.1708/os/x86_64/ # DL_OTHER_FROM_CENTOS_REPO_DIR="$(dirname "$(readlink -f "${BASH_SOURCE[0]}" )" )" diff --git a/centos-mirror-tools/utils_tests.sh b/centos-mirror-tools/utils_tests.sh index 8a7da11d..1ffab382 100644 --- a/centos-mirror-tools/utils_tests.sh +++ b/centos-mirror-tools/utils_tests.sh @@ -40,7 +40,7 @@ check_result "$res" "$expect" # get_url res=$(get_url "acpid-2.0.19-9.el7.x86_64.rpm" "L1") -expect="http://vault.centos.org/centos/7.4.1708/cr/x86_64/Packages/acpid-2.0.19-9.el7.x86_64.rpm" +expect="https://vault.centos.org/centos/7.4.1708/cr/x86_64/Packages/acpid-2.0.19-9.el7.x86_64.rpm" check_result "$res" "$expect" res=$(get_url "python2-httpbin-0.5.0-6.el7.noarch.rpm#http://cbs.centos.org/kojifiles/packages/python-httpbin/0.5.0/6.el7/noarch/python2-httpbin-0.5.0-6.el7.noarch.rpm" "L1") From 1fd6f3f636ec7b0780815120f10e1beb545bc07f Mon Sep 17 00:00:00 2001 From: Scott Little Date: Tue, 15 Dec 2020 14:17:34 -0500 Subject: [PATCH 05/54] tidy stx/downloads directory $MY_REPO/stx/downloads contains links to tarballs and other files relevant to the build. It is populated by populate_downloads.sh. On subsequent runs, new links might be added, but old links are not cleaned up. Adopt the convention used by generate-centos-repo.sh of moving the old content under a timestamp backup directory, leaving an empty directory to re-populate. Closes-bug: 1908297 Signed-off-by: Scott Little Change-Id: Ib6c8b782db6c369cb00e8fe8c64be099d7a5d238 --- toCOPY/generate-centos-repo.sh | 12 ++++++------ toCOPY/populate_downloads.sh | 7 ++++++- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/toCOPY/generate-centos-repo.sh b/toCOPY/generate-centos-repo.sh index 48eadcf9..9bdb7fcf 100755 --- a/toCOPY/generate-centos-repo.sh +++ b/toCOPY/generate-centos-repo.sh @@ -183,13 +183,13 @@ if [ ! -d "${dest_dir}" ]; then fi for t in "Binary" "Source" ; do - target_dir=${dest_dir}/$t - if [ ! -d "$target_dir" ]; then - mkdir -p "$target_dir" - else - mv -f "$target_dir" "$target_dir-backup-$timestamp" - mkdir -p "$target_dir" + target_dir=${dest_dir}/${t} + + if [ -d "${target_dir}" ]; then + mv -f "${target_dir}" "${target_dir}-backup-${timestamp}" fi + + mkdir -p "${target_dir}" done # diff --git a/toCOPY/populate_downloads.sh b/toCOPY/populate_downloads.sh index e434becf..0a02fb62 100755 --- a/toCOPY/populate_downloads.sh +++ b/toCOPY/populate_downloads.sh @@ -91,7 +91,12 @@ if [ -f ${extra_downloads_lst} ]; then fi -mkdir -p ${MY_REPO}/stx/downloads +if [ -d "${downloads_dir}" ]; then + timestamp="$(date +%F_%H%M)" + mv -f "${downloads_dir}" "${downloads_dir}-backup-${timestamp}" +fi + +mkdir -p ${downloads_dir} grep -v "^#" ${tarball_lst} | while read x; do if [ -z "$x" ]; then From be49af95252f7fb5eb58232dcf80e8a3510e0bf2 Mon Sep 17 00:00:00 2001 From: Scott Little Date: Thu, 17 Dec 2020 16:14:49 -0500 Subject: [PATCH 06/54] Add layer awareness to mirror-check.sh This tool was missed when layered builds were introduced. It looks for lst files under the wrong path. I've added a layer arguement and fixed the path. It also needs to ignore commented lines within lst files. I also add dnf support. Cloned from pkg-manager-utils.sh since stx-tools is sometimes expected to stand on it's own. One gap that I'm not addressing in this update. It only looks at the upstream repo, never at the cengn mirror. If a package has been dropped by upstream, it reports as missing. Closes-Bug: 1908751 Signed-off-by: Scott Little Change-Id: Idf4c9010c195f2fe8f7d0432c41c94fab00aec2c --- .gitignore | 1 + centos-mirror-tools/mirror-check.sh | 58 ++++++++++++++++++++++++++--- 2 files changed, 53 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index cad81b6e..20552688 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ localrc toCOPY/.gitconfig centos-mirror-tools/logs/ centos-mirror-tools/output/ +centos-mirror-tools/mirror-check-failures.log # Sphinx documentation doc/build/ diff --git a/centos-mirror-tools/mirror-check.sh b/centos-mirror-tools/mirror-check.sh index 29df5823..68516fab 100755 --- a/centos-mirror-tools/mirror-check.sh +++ b/centos-mirror-tools/mirror-check.sh @@ -40,14 +40,43 @@ ERROR_LOG_FILE="mirror-check-failures.log" truncate -s 0 $ERROR_LOG_FILE retcode=0 extra_opts="" +layer="$LAYER" +valid_layers=('compiler' 'distro' 'flock') + + +# Cloned from cgcs-root/build-tools/pkg-manager-utils.sh +# Ideally this can still be used when tools is the only git +# that has been cloned. + +# Yum vs DNF compatibility +YUM=$(which yum 2>> /dev/null) +DNF=$(which dnf 2>> /dev/null) +PKG_MANAGER="" +REPOQUERY=$(which repoquery 2>> /dev/null) +REPOQUERY_SUB_COMMAND="" +REPOQUERY_RESOLVE="--resolve" +REPOQUERY_WHATPROVIDES_DELIM=" " +if [ ! -z ${DNF} ]; then + PKG_MANAGER="dnf" + REPOQUERY=${DNF} + REPOQUERY_SUB_COMMAND="repoquery --disable-modular-filtering" + REPOQUERY_RESOLVE="" + REPOQUERY_WHATPROVIDES_DELIM="," +elif [ ! -z ${YUM} ]; then + PKG_MANAGER="yum" +else + >&2 echo "ERROR: Couldn't find a supported package manager" + exit 1 +fi usage() { - echo "$0 [-c ]" + echo "$0 [-c ] [-l ]" echo "" echo "Options:" echo " -c: Use an alternate yum.conf rather than the system file (option passed" echo " on to subscripts when appropriate)" + echo " -l: Check specific layer (one of 'all ${valid_layers[@]}')" echo "" } @@ -79,8 +108,10 @@ get_repoquery_info() { else repoquery_opts= fi - repoquery $extra_opts ${RELEASEVER} -C --qf '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}' \ - $repoquery_opts "$_package_name" + $REPOQUERY $REPOQUERY_SUB_COMMAND \ + $extra_opts ${RELEASEVER} -C \ + --qf '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}' \ + $repoquery_opts "$_package_name" } _check_rpms() { @@ -113,12 +144,27 @@ check_rpms() { done } -while getopts "c:" opt; do +while getopts "c:l:" opt; do case $opt in c) extra_opts="-c ${OPTARG}" grep -q "releasever=" $OPTARG && RELEASEVER="--$(grep releasever= ${OPTARG})" ;; + l) + layer="${OPTARG}" + if [ "$layer" == "all" ]; then + layer="" + else + case " ${valid_layers[@]} " in + *" $layer "* ) echo "found layer $layer" + ;; + *) echo "'$layer' is invalid" + usage + exit 1 + ;; + esac + fi + ;; \?) echo "Invalid option: -$OPTARG" >&2 usage @@ -133,11 +179,11 @@ if ! yum $extra_opts ${RELEASEVER} makecache; then exit 1 fi -for rpm_list in "$RPMS_CENTOS_LIST" "$RPMS_3RD_PARTY_LIST"; do +for rpm_list in $(find config/centos/$layer -name "$RPMS_CENTOS_LIST" -o -name "$RPMS_3RD_PARTY_LIST"); do info "Reading $rpm_list..." for arch in "src" "noarch" "x86_64"; do info "Getting info for $arch packages..." - rpms=$(echo "$(grep -F "$arch.rpm" < $rpm_list)") + rpms=$(echo "$(grep -v '^#' $rpm_list | grep -F "$arch.rpm")") check_rpms "$rpms" done done From 1d175ac9c9cfcdfebeadb9db532cd73a78342cd7 Mon Sep 17 00:00:00 2001 From: Don Penney Date: Mon, 4 Jan 2021 13:22:26 -0500 Subject: [PATCH 07/54] Add python3 RPMs to compile layer The 'compile' layer build is failing due to missing python3 packages. These packages had been added to the distro and flock LST files previously, but not the compile layer. Closes-Bug: 1910130 Signed-off-by: Don Penney Change-Id: I44d1225b5a6c9e8ddbbfa91f0980d7b1b21d425b --- centos-mirror-tools/config/centos/compiler/rpms_centos.lst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst index 34b6aa73..6a305131 100644 --- a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst @@ -132,6 +132,7 @@ libsepol-devel-2.5-10.el7.x86_64.rpm # libstdc++-4.8.5-36.el7.x86_64.rpm provided by mock # libstdc++-devel-4.8.5-36.el7.x86_64.rpm provided by mock # libtasn1-4.10-1.el7.x86_64.rpm provided by mock +libtirpc-0.2.4-0.15.el7.x86_64.rpm libtool-2.4.2-22.el7_3.x86_64.rpm libunistring-0.9.3-9.el7.x86_64.rpm # libuser-0.60-9.el7.x86_64.rpm provided by mock @@ -240,8 +241,11 @@ pyparsing-2.1.10-3.el7.noarch.rpm python2-pyparsing-2.1.10-3.el7.noarch.rpm python3-3.6.8-10.el7.x86_64.rpm python3-devel-3.6.8-10.el7.x86_64.rpm +python3-libs-3.6.8-10.el7.x86_64.rpm +python3-pip-9.0.3-5.el7.noarch.rpm python3-rpm-generators-6-2.el7.noarch.rpm python3-rpm-macros-3-32.el7.noarch.rpm +python3-setuptools-39.2.0-10.el7.noarch.rpm python-2.7.5-76.el7.x86_64.rpm python-devel-2.7.5-76.el7.x86_64.rpm python-libs-2.7.5-76.el7.x86_64.rpm From 3fdacd356ec55403face16b8c02786e1496d3a7d Mon Sep 17 00:00:00 2001 From: "Chen, Haochuan Z" Date: Fri, 8 Jan 2021 10:03:05 +0800 Subject: [PATCH 08/54] Add rpm for ceph performance tuning tool, fio and dstat Story: 2008497 Task: 41555 Change-Id: I6e0f9b61b6c6815b255f3d02bfc06c623c56532f Signed-off-by: Chen, Haochuan Z --- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index d0087e2c..9aa678ed 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -107,6 +107,7 @@ cups-libs-1.6.3-35.el7.x86_64.rpm cyrus-sasl-2.1.26-23.el7.x86_64.rpm cyrus-sasl-gssapi-2.1.26-23.el7.x86_64.rpm # cyrus-sasl-lib-2.1.26-23.el7.x86_64.rpm provided by mock +daxctl-libs-65-5.el7.x86_64.rpm # dbus-1.10.24-12.el7.x86_64.rpm provided by mock dbus-glib-0.100-7.el7.x86_64.rpm # dbus-libs-1.10.24-12.el7.x86_64.rpm provided by mock @@ -138,6 +139,7 @@ dosfstools-3.0.20-10.el7.x86_64.rpm # dracut-033-554.el7.x86_64.rpm provided by mock dracut-config-rescue-033-554.el7.x86_64.rpm dracut-network-033-554.el7.x86_64.rpm +dstat-0.7.2-12.el7.noarch.rpm e2fsprogs-1.42.9-13.el7.x86_64.rpm e2fsprogs-libs-1.42.9-13.el7.x86_64.rpm easymock2-2.5.2-12.el7.noarch.rpm @@ -184,6 +186,7 @@ felix-framework-4.2.1-5.el7.noarch.rpm # file-libs-5.11-35.el7.x86_64.rpm provided by mock # filesystem-3.2-25.el7.x86_64.rpm provided by mock # findutils-4.5.11-6.el7.x86_64.rpm provided by mock +fio-3.7-2.el7.x86_64.rpm fipscheck-1.4.1-6.el7.x86_64.rpm fipscheck-lib-1.4.1-6.el7.x86_64.rpm firewalld-0.5.3-5.el7.noarch.rpm @@ -451,6 +454,7 @@ libpcap-1.5.3-11.el7.x86_64.rpm libpciaccess-0.14-1.el7.x86_64.rpm libpipeline-1.2.3-3.el7.x86_64.rpm libpmem-1.5.1-2.1.el7.x86_64.rpm +libpmemblk-1.5.1-2.1.el7.x86_64.rpm libproxy-0.4.11-11.el7.x86_64.rpm libpsm2-10.3.58-1.el7.x86_64.rpm libpsm2-compat-10.3.58-1.el7.x86_64.rpm @@ -583,6 +587,7 @@ netcf-libs-0.2.8-4.el7.x86_64.rpm nettle-2.7.1-8.el7.x86_64.rpm newt-0.52.15-4.el7.x86_64.rpm newt-python-0.52.15-4.el7.x86_64.rpm +ndctl-libs-65-5.el7.x86_64.rpm nfs-utils-1.3.0-0.61.el7.x86_64.rpm nmap-ncat-6.40-16.el7.x86_64.rpm nscd-2.17-260.el7.x86_64.rpm From 0c23f5ac98df20115b579a25063fad1429a850c4 Mon Sep 17 00:00:00 2001 From: Li Zhou Date: Mon, 18 Jan 2021 17:15:32 +0800 Subject: [PATCH 09/54] tcpdump: fix CVE-2018-19519 Update to tcpdump-4.9.2-4.el7_7.1.x86_64.rpm. Closes-Bug: 1912139 Signed-off-by: Li Zhou Change-Id: I53b80f4daebe98dacbb288ee5828fd7b901d0aed --- .../config/centos/flock/rpms_centos3rdparties.lst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst b/centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst index 2b1a0e49..204331b1 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst @@ -87,7 +87,7 @@ selinux-policy-mls-3.13.1-229.el7_6.6.noarch.rpm selinux-policy-targeted-3.13.1-229.el7_6.6.noarch.rpm spice-server-0.14.0-6.el7.x86_64.rpm systemtap-sdt-devel-3.3-3.el7.x86_64.rpm -tcpdump-4.9.2-3.el7.x86_64.rpm +tcpdump-4.9.2-4.el7_7.1.x86_64.rpm tkinter-2.7.5-76.el7.x86_64.rpm tuned-2.8.0-5.el7.noarch.rpm tuned-profiles-realtime-2.8.0-5.el7.noarch.rpm From bdaa704f78daf10b9b343d5423ff6a697a528313 Mon Sep 17 00:00:00 2001 From: Zhixiong Chi Date: Fri, 15 Jan 2021 05:49:33 -0500 Subject: [PATCH 10/54] file: fix CVE-2018-10360 Update to the following packages to 5.11-37: file-5.11-37.el7.x86_64.rpm file-libs-5.11-37.el7.x86_64.rpm file-devel-5.11-37.el7.x86_64.rpm Closes-Bug: 1912156 Change-Id: I34c1d4dc27afafd8fefb92a6e156cf75713262b0 Signed-off-by: Zhixiong Chi --- centos-mirror-tools/config/centos/compiler/rpms_centos.lst | 2 +- centos-mirror-tools/config/centos/distro/rpms_centos.lst | 4 ++-- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 4 ++-- centos-mirror-tools/config/centos/mock/rpms_centos.lst | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst index 6a305131..04363c0a 100644 --- a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst @@ -39,7 +39,7 @@ device-mapper-multipath-libs-0.4.9-119.el7.x86_64.rpm device-mapper-persistent-data-0.7.3-3.el7.x86_64.rpm # diffutils-3.3-4.el7.x86_64.rpm provided by mock # dracut-033-554.el7.x86_64.rpm provided by mock -file-devel-5.11-35.el7.x86_64.rpm +file-devel-5.11-37.el7.x86_64.rpm # filesystem-3.2-25.el7.x86_64.rpm provided by mock # findutils-4.5.11-6.el7.x86_64.rpm provided by mock fipscheck-1.4.1-6.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index 9bdf6855..ab5026b0 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -186,8 +186,8 @@ erlang-syntax_tools-18.3.4.4-2.el7.x86_64.rpm erlang-tools-18.3.4.4-2.el7.x86_64.rpm erlang-xmerl-18.3.4.4-2.el7.x86_64.rpm expect-5.45-14.el7_1.x86_64.rpm -# file-5.11-35.el7.x86_64.rpm provided by mock -# file-libs-5.11-35.el7.x86_64.rpm provided by mock +# file-5.11-37.el7.x86_64.rpm provided by mock +# file-libs-5.11-37.el7.x86_64.rpm provided by mock # filesystem-3.2-25.el7.x86_64.rpm provided by mock # findutils-4.5.11-6.el7.x86_64.rpm provided by mock fipscheck-1.4.1-6.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index d0087e2c..bb7ec916 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -180,8 +180,8 @@ fedfs-utils-devel-0.10.5-0.el7.x86_64.rpm fedfs-utils-lib-0.10.5-0.el7.x86_64.rpm fedfs-utils-nsdbparams-0.10.5-0.el7.x86_64.rpm felix-framework-4.2.1-5.el7.noarch.rpm -# file-5.11-35.el7.x86_64.rpm provided by mock -# file-libs-5.11-35.el7.x86_64.rpm provided by mock +# file-5.11-37.el7.x86_64.rpm provided by mock +# file-libs-5.11-37.el7.x86_64.rpm provided by mock # filesystem-3.2-25.el7.x86_64.rpm provided by mock # findutils-4.5.11-6.el7.x86_64.rpm provided by mock fipscheck-1.4.1-6.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/mock/rpms_centos.lst b/centos-mirror-tools/config/centos/mock/rpms_centos.lst index d388c24c..dbe3c733 100644 --- a/centos-mirror-tools/config/centos/mock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/mock/rpms_centos.lst @@ -26,8 +26,8 @@ dwz-0.11-3.el7.x86_64.rpm epel-release-7-11.noarch.rpm epel-rpm-macros-7-21.noarch.rpm fedpkg-minimal-1.1.0-7.el7.noarch.rpm -file-5.11-35.el7.x86_64.rpm -file-libs-5.11-35.el7.x86_64.rpm +file-5.11-37.el7.x86_64.rpm +file-libs-5.11-37.el7.x86_64.rpm filesystem-3.2-25.el7.x86_64.rpm findutils-4.5.11-6.el7.x86_64.rpm gawk-4.0.2-4.el7_3.1.x86_64.rpm From 73e3304c3c6be6bace95ca03ca5337f44c12ec61 Mon Sep 17 00:00:00 2001 From: Zhixiong Chi Date: Tue, 19 Jan 2021 21:13:44 -0500 Subject: [PATCH 11/54] avahi: fix CVE-2017-6519 Update to avahi-0.6.31-20.el7.x86_64.rpm Story: 2008532 Task: 41620 Change-Id: I67661e2107b4cd969569da51160c618cd5586d41 Signed-off-by: Zhixiong Chi --- centos-mirror-tools/config/centos/distro/rpms_centos.lst | 6 +++--- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index 9bdf6855..3f623977 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -19,9 +19,9 @@ autogen-5.18-5.el7.x86_64.rpm autogen-libopts-5.18-5.el7.x86_64.rpm autogen-libopts-devel-5.18-5.el7.x86_64.rpm automake-1.13.4-3.el7.noarch.rpm -avahi-0.6.31-19.el7.x86_64.rpm -avahi-devel-0.6.31-19.el7.x86_64.rpm -avahi-libs-0.6.31-19.el7.x86_64.rpm +avahi-0.6.31-20.el7.x86_64.rpm +avahi-devel-0.6.31-20.el7.x86_64.rpm +avahi-libs-0.6.31-20.el7.x86_64.rpm # basesystem-10.0-7.el7.centos.noarch.rpm provided by mock bash-completion-2.1-6.el7.noarch.rpm bc-1.06.95-13.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index d0087e2c..564a0d94 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -36,7 +36,7 @@ attr-2.4.46-13.el7.x86_64.rpm augeas-libs-1.4.0-6.el7.x86_64.rpm authconfig-6.2.8-30.el7.x86_64.rpm autogen-libopts-5.18-5.el7.x86_64.rpm -avahi-libs-0.6.31-19.el7.x86_64.rpm +avahi-libs-0.6.31-20.el7.x86_64.rpm avalon-framework-4.3-10.el7.noarch.rpm avalon-logkit-2.1-14.el7.noarch.rpm # basesystem-10.0-7.el7.centos.noarch.rpm provided by mock From 97c63675dab3957bcaff3718e8606ee13096f93e Mon Sep 17 00:00:00 2001 From: Zhixiong Chi Date: Wed, 20 Jan 2021 21:24:18 -0500 Subject: [PATCH 12/54] Add the bind-export packages for dhcp CVE issue Add the following two packages: bind-export-libs-9.11.4-26.P2.el7.x86_64.rpm bind-export-devel-9.11.4-26.P2.el7.x86_64.rpm Since when we fix the dhcp CVE issue in integ repo by upgrade the dhcp rpm package version, it will depend on the bind-export package. Story: 2008532 Task: 41638 Change-Id: If8485b64b110914885af40b8d65d26009102bf70 Signed-off-by: Zhixiong Chi --- centos-mirror-tools/config/centos/distro/rpms_centos.lst | 2 ++ centos-mirror-tools/config/centos/flock/rpms_centos.lst | 2 ++ 2 files changed, 4 insertions(+) diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index 9bdf6855..3e57db28 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -29,6 +29,8 @@ bind-libs-lite-9.9.4-72.el7.x86_64.rpm bind-license-9.9.4-72.el7.noarch.rpm bind-lite-devel-9.9.4-72.el7.x86_64.rpm bind-utils-9.9.4-72.el7.x86_64.rpm +bind-export-libs-9.11.4-26.P2.el7.x86_64.rpm +bind-export-devel-9.11.4-26.P2.el7.x86_64.rpm # binutils-2.27-41.base.el7.x86_64.rpm provided by mock binutils-devel-2.27-41.base.el7.x86_64.rpm bison-3.0.4-2.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 9aa678ed..b0383569 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -47,6 +47,8 @@ bind-libs-9.9.4-72.el7.x86_64.rpm bind-libs-lite-9.9.4-72.el7.x86_64.rpm bind-license-9.9.4-72.el7.noarch.rpm bind-utils-9.9.4-72.el7.x86_64.rpm +bind-export-libs-9.11.4-26.P2.el7.x86_64.rpm +bind-export-devel-9.11.4-26.P2.el7.x86_64.rpm # binutils-2.27-34.base.el7.x86_64.rpm provided by mock biosdevname-0.7.3-1.el7.x86_64.rpm bitmap-console-fonts-0.3-21.el7.noarch.rpm From 6a786cda18dbeb17f1bc65e79f1e9503e79a00be Mon Sep 17 00:00:00 2001 From: Melissa Wang Date: Wed, 20 Jan 2021 15:26:43 -0500 Subject: [PATCH 13/54] Add cloud-init pack to lst file This update adds the cloud-init rpm to the lst file so that it can be added to the qcow2 in the automated build. Story ID: 2007858 Task ID: 41654 Change-Id: I5a081191dae5fa9b7b7c96d1223b029932bbfb55 Signed-off-by: Melissa Wang --- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 1 + 1 file changed, 1 insertion(+) diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index d0087e2c..f5d04e20 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -83,6 +83,7 @@ checkpolicy-2.5-8.el7.x86_64.rpm cifs-utils-6.2-10.el7.x86_64.rpm cjkuni-ukai-fonts-0.2.20080216.1-51.el7.noarch.rpm cjkuni-uming-fonts-0.2.20080216.1-53.el7.noarch.rpm +cloud-init-19.4-7.el7.centos.3.x86_64.rpm comic-neue-angular-fonts-2.2-2.el7.noarch.rpm comic-neue-fonts-2.2-2.el7.noarch.rpm comic-neue-fonts-common-2.2-2.el7.noarch.rpm From 837e1dfe5590a97b6807c1811835fca5817dacd1 Mon Sep 17 00:00:00 2001 From: Li Zhou Date: Fri, 22 Jan 2021 02:22:11 +0000 Subject: [PATCH 14/54] vim: fix CVE-2019-12735 Update below packages to: vim-common-7.4.629-7.el7.x86_64.rpm vim-enhanced-7.4.629-7.el7.x86_64.rpm vim-filesystem-7.4.629-7.el7.x86_64.rpm vim-minimal-7.4.629-7.el7.x86_64.rpm Story: 2008532 Task: 41621 Change-Id: I0096997c93f94a93ca9e9c5cede094e147b5b010 Signed-off-by: Li Zhou --- centos-mirror-tools/config/centos/distro/rpms_centos.lst | 4 ++-- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index 9af81fcd..63f0fafb 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -1256,8 +1256,8 @@ usbredir-0.7.1-3.el7.x86_64.rpm usbredir-devel-0.7.1-3.el7.x86_64.rpm userspace-rcu-0.10.0-3.el7.x86_64.rpm # ustr-1.0.4-16.el7.x86_64.rpm provided by mock -vim-common-7.4.160-5.el7.x86_64.rpm -vim-filesystem-7.4.160-5.el7.x86_64.rpm +vim-common-7.4.629-7.el7.x86_64.rpm +vim-filesystem-7.4.629-7.el7.x86_64.rpm virt-what-1.18-4.el7.x86_64.rpm wayland-devel-1.15.0-1.el7.x86_64.rpm wayland-protocols-devel-1.14-1.el7.noarch.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 9046caab..dd50112f 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -1279,10 +1279,10 @@ userspace-rcu-devel-0.10.0-3.el7.x86_64.rpm # ustr-1.0.4-16.el7.x86_64.rpm provided by mock uuid-1.6.2-26.el7.x86_64.rpm uuid-devel-1.6.2-26.el7.x86_64.rpm -vim-common-7.4.160-5.el7.x86_64.rpm -vim-enhanced-7.4.160-5.el7.x86_64.rpm -vim-filesystem-7.4.160-5.el7.x86_64.rpm -vim-minimal-7.4.160-5.el7.x86_64.rpm +vim-common-7.4.629-7.el7.x86_64.rpm +vim-enhanced-7.4.629-7.el7.x86_64.rpm +vim-filesystem-7.4.629-7.el7.x86_64.rpm +vim-minimal-7.4.629-7.el7.x86_64.rpm virt-what-1.18-4.el7.x86_64.rpm vlgothic-fonts-20130607-2.el7.noarch.rpm vlgothic-p-fonts-20130607-2.el7.noarch.rpm From 2364efd18b8726eb95d637b4143e708abfecb968 Mon Sep 17 00:00:00 2001 From: Zhixiong Chi Date: Thu, 21 Jan 2021 05:10:12 -0500 Subject: [PATCH 15/54] bash: fix CVE-2019-9924 Upgrade to bash-4.2.46-34.el7.x86_64.rpm to fix CVE-2019-9924 issue. Story: 2008532 Task: 41646 Change-Id: Ie23a258aed42ce41b5c7629a5966cecff9bfb074 Signed-off-by: Zhixiong Chi --- centos-mirror-tools/config/centos/compiler/rpms_centos.lst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst index 6a305131..a535dbf8 100644 --- a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst @@ -5,7 +5,7 @@ at-spi2-atk-devel-2.26.2-1.el7.x86_64.rpm autoconf-2.69-11.el7.noarch.rpm automake-1.13.4-3.el7.noarch.rpm # basesystem-10.0-7.el7.centos.noarch.rpm provided by mock -bash-4.2.46-31.el7.x86_64.rpm +bash-4.2.46-34.el7.x86_64.rpm # binutils-2.27-34.base.el7.x86_64.rpm provided by mock binutils-devel-2.27-41.base.el7.x86_64.rpm bison-3.0.4-2.el7.x86_64.rpm From ba7b1dea566181577e7c8d075135da7297684a47 Mon Sep 17 00:00:00 2001 From: Li Zhou Date: Fri, 22 Jan 2021 02:37:28 +0000 Subject: [PATCH 16/54] samba: fix CVE-2019-3880 CVE-2019-10218 Update below packages to: samba-client-libs-4.10.16-5.el7.x86_64.rpm samba-common-4.10.16-5.el7.noarch.rpm samba-common-libs-4.10.16-5.el7.x86_64.rpm libwbclient-4.10.16-5.el7.x86_64.rpm Below packages are also updated for above packages' updated dependencies: libtdb-1.3.18-1.el7.x86_64.rpm libtevent-0.9.39-1.el7.x86_64.rpm Story: 2008532 Task: 41615 Signed-off-by: Li Zhou Change-Id: Ic4940f020e5ea063f1ca68787dbbb8e934fd5346 --- .../config/centos/distro/rpms_centos3rdparties.lst | 2 +- .../config/centos/flock/rpms_centos3rdparties.lst | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst b/centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst index 6321825a..e27852f5 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst @@ -39,7 +39,7 @@ liboath-devel-2.4.1-9.el7.x86_64.rpm libsemanage-python-2.5-14.el7.x86_64.rpm libss-1.42.9-13.el7.x86_64.rpm libtalloc-2.1.13-1.el7.x86_64.rpm -libtevent-0.9.36-1.el7.x86_64.rpm +libtevent-0.9.39-1.el7.x86_64.rpm lvm2-2.02.177-4.el7.x86_64.rpm lvm2-libs-2.02.177-4.el7.x86_64.rpm mesa-libEGL-18.0.5-3.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst b/centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst index 204331b1..09cb821d 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst @@ -39,9 +39,9 @@ libsemanage-python-2.5-14.el7.x86_64.rpm libss-1.42.9-13.el7.x86_64.rpm libss-devel-1.42.9-13.el7.x86_64.rpm libtalloc-2.1.13-1.el7.x86_64.rpm -libtdb-1.3.15-1.el7.x86_64.rpm -libtevent-0.9.36-1.el7.x86_64.rpm -libwbclient-4.8.3-4.el7.x86_64.rpm +libtdb-1.3.18-1.el7.x86_64.rpm +libtevent-0.9.39-1.el7.x86_64.rpm +libwbclient-4.10.16-5.el7.x86_64.rpm lvm2-2.02.177-4.el7.x86_64.rpm lvm2-libs-2.02.177-4.el7.x86_64.rpm # nss-softokn-3.36.0-5.el7_5.x86_64.rpm provided by mock @@ -78,9 +78,9 @@ python-virtualenv-15.1.0-2.el7.noarch.rpm qemu-vanilla-4.1.1+git.99c5874a9b-3.1.x86_64.rpm qemu-vanilla-bin-4.1.1+git.99c5874a9b-3.1.x86_64.rpm qemu-vanilla-data-4.1.1+git.99c5874a9b-3.1.x86_64.rpm -samba-client-libs-4.8.3-4.el7.x86_64.rpm -samba-common-4.8.3-4.el7.noarch.rpm -samba-common-libs-4.8.3-4.el7.x86_64.rpm +samba-client-libs-4.10.16-5.el7.x86_64.rpm +samba-common-4.10.16-5.el7.noarch.rpm +samba-common-libs-4.10.16-5.el7.x86_64.rpm selinux-policy-3.13.1-229.el7_6.6.noarch.rpm selinux-policy-minimum-3.13.1-229.el7_6.6.noarch.rpm selinux-policy-mls-3.13.1-229.el7_6.6.noarch.rpm From 7815964df2054b8de4ab04c47a0b15e537796f1e Mon Sep 17 00:00:00 2001 From: Li Zhou Date: Fri, 22 Jan 2021 03:32:18 +0000 Subject: [PATCH 17/54] unbound: fix CVE-2020-10772 CVE-2020-12663 Update below package to: unbound-libs-1.6.6-5.el7_8.x86_64.rpm Story: 2008532 Task: 41622 Signed-off-by: Li Zhou Change-Id: I51e8b2fe2e90009f1b508e2f8054c58ebe129578 --- centos-mirror-tools/config/centos/distro/rpms_centos.lst | 2 +- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index 9bdf6855..6ccd2d40 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -1245,7 +1245,7 @@ trousers-devel-0.3.14-2.el7.x86_64.rpm ttmkfdir-3.0.9-42.el7.x86_64.rpm # tzdata-2018g-1.el7.noarch.rpm provided by mock tzdata-java-2018g-1.el7.noarch.rpm -unbound-libs-1.6.6-1.el7.x86_64.rpm +unbound-libs-1.6.6-5.el7_8.x86_64.rpm unixODBC-2.3.1-11.el7.x86_64.rpm unixODBC-devel-2.3.1-11.el7.x86_64.rpm # unzip-6.0-19.el7.x86_64.rpm provided by mock diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 9aa678ed..c2c4df0e 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -1268,7 +1268,7 @@ trousers-0.3.14-2.el7.x86_64.rpm tulrich-tuffy-fonts-1.28-2.el7.noarch.rpm tuna-0.13-6.el7.noarch.rpm # tzdata-2018g-1.el7.noarch.rpm provided by mock -unbound-libs-1.6.6-1.el7.x86_64.rpm +unbound-libs-1.6.6-5.el7_8.x86_64.rpm unifont-fonts-10.0.07-2.el7.noarch.rpm # unzip-6.0-19.el7.x86_64.rpm provided by mock uriparser-0.7.5-9.el7.x86_64.rpm From 8440bb5d34bd22fd8c29f05d34e8452bc6cc0ea9 Mon Sep 17 00:00:00 2001 From: Li Zhou Date: Fri, 22 Jan 2021 06:18:28 +0000 Subject: [PATCH 18/54] spice: fix CVE-2019-3813 Update below packages to: spice-server-0.14.0-9.el7.x86_64.rpm spice-server-devel-0.14.0-9.el7.x86_64.rpm Story: 2008532 Task: 41641 Signed-off-by: Li Zhou Change-Id: Iee263332b5886d915366b445e3bcb8044abbf24a --- .../config/centos/distro/rpms_centos3rdparties.lst | 4 ++-- .../config/centos/flock/rpms_centos3rdparties.lst | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst b/centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst index 6321825a..5cffd7fa 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst @@ -71,8 +71,8 @@ rest-0.8.1-2.el7.x86_64.rpm selinux-policy-3.13.1-229.el7_6.6.noarch.rpm selinux-policy-devel-3.13.1-229.el7_6.6.noarch.rpm spice-protocol-0.12.14-1.el7.noarch.rpm -spice-server-0.14.0-6.el7.x86_64.rpm -spice-server-devel-0.14.0-6.el7.x86_64.rpm +spice-server-0.14.0-9.el7.x86_64.rpm +spice-server-devel-0.14.0-9.el7.x86_64.rpm # systemd-219-67.el7.x86_64.rpm provided by mock # systemd-devel-219-67.el7.x86_64.rpm provided by mock # systemd-libs-219-67.el7.x86_64.rpm provided by mock diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst b/centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst index 204331b1..f29fa7a7 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst @@ -85,7 +85,7 @@ selinux-policy-3.13.1-229.el7_6.6.noarch.rpm selinux-policy-minimum-3.13.1-229.el7_6.6.noarch.rpm selinux-policy-mls-3.13.1-229.el7_6.6.noarch.rpm selinux-policy-targeted-3.13.1-229.el7_6.6.noarch.rpm -spice-server-0.14.0-6.el7.x86_64.rpm +spice-server-0.14.0-9.el7.x86_64.rpm systemtap-sdt-devel-3.3-3.el7.x86_64.rpm tcpdump-4.9.2-4.el7_7.1.x86_64.rpm tkinter-2.7.5-76.el7.x86_64.rpm From b53edee359157a9efbfc1e2b295e1b0b97628115 Mon Sep 17 00:00:00 2001 From: Li Zhou Date: Fri, 22 Jan 2021 06:21:20 +0000 Subject: [PATCH 19/54] sqlite: fix CVE-2019-13734 Update below packages to: sqlite-3.7.17-8.el7_7.1.x86_64.rpm provided by mock sqlite-devel-3.7.17-8.el7_7.1.x86_64.rpm Story: 2008532 Task: 41640 Signed-off-by: Li Zhou Change-Id: Ia76daf7f82b8e9130cb6a7ca81ddb1633f14f3d9 --- centos-mirror-tools/config/centos/compiler/rpms_centos.lst | 4 ++-- centos-mirror-tools/config/centos/distro/rpms_centos.lst | 4 ++-- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 4 ++-- centos-mirror-tools/config/centos/mock/rpms_centos.lst | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst index 6a305131..ba0ebd39 100644 --- a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst @@ -262,8 +262,8 @@ rsync-3.1.2-4.el7.x86_64.rpm # setup-2.8.71-10.el7.noarch.rpm provided by mock # shadow-utils-4.1.5.1-25.el7.x86_64.rpm provided by mock # shared-mime-info-1.8-4.el7.x86_64.rpm provided by mock -# sqlite-3.7.17-8.el7.x86_64.rpm provided by mock -sqlite-devel-3.7.17-8.el7.x86_64.rpm +# sqlite-3.7.17-8.el7_7.1.x86_64.rpm provided by mock +sqlite-devel-3.7.17-8.el7_7.1.x86_64.rpm subversion-1.7.14-14.el7.x86_64.rpm subversion-libs-1.7.14-14.el7.x86_64.rpm # tar-1.26-35.el7.x86_64.rpm provided by mock diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index 9bdf6855..f7c5ab61 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -1008,8 +1008,8 @@ snappy-devel-1.1.0-3.el7.x86_64.rpm socat-1.7.3.2-2.el7.x86_64.rpm source-highlight-3.1.6-6.el7.x86_64.rpm spax-1.5.2-13.el7.x86_64.rpm -# sqlite-3.7.17-8.el7.x86_64.rpm provided by mock -sqlite-devel-3.7.17-8.el7.x86_64.rpm +# sqlite-3.7.17-8.el7_7.1.x86_64.rpm provided by mock +sqlite-devel-3.7.17-8.el7_7.1.x86_64.rpm ssmtp-2.64-14.el7.x86_64.rpm subversion-1.7.14-14.el7.x86_64.rpm subversion-libs-1.7.14-14.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 9aa678ed..1e417304 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -1208,8 +1208,8 @@ snappy-1.1.0-3.el7.x86_64.rpm socat-1.7.3.2-2.el7.x86_64.rpm spawn-fcgi-1.6.3-5.el7.x86_64.rpm speex-1.2-0.19.rc1.el7.x86_64.rpm -# sqlite-3.7.17-8.el7.x86_64.rpm provided by mock -sqlite-devel-3.7.17-8.el7.x86_64.rpm +# sqlite-3.7.17-8.el7_7.1.x86_64.rpm provided by mock +sqlite-devel-3.7.17-8.el7_7.1.x86_64.rpm squashfs-tools-4.3-0.21.gitaae0aff4.el7.x86_64.rpm sshpass-1.06-1.el7.x86_64.rpm stix-fonts-1.1.0-5.el7.noarch.rpm diff --git a/centos-mirror-tools/config/centos/mock/rpms_centos.lst b/centos-mirror-tools/config/centos/mock/rpms_centos.lst index d388c24c..6b4feb67 100644 --- a/centos-mirror-tools/config/centos/mock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/mock/rpms_centos.lst @@ -167,7 +167,7 @@ sed-4.2.2-5.el7.x86_64.rpm setup-2.8.71-10.el7.noarch.rpm shadow-utils-4.1.5.1-25.el7.x86_64.rpm shared-mime-info-1.8-4.el7.x86_64.rpm -sqlite-3.7.17-8.el7.x86_64.rpm +sqlite-3.7.17-8.el7_7.1.x86_64.rpm tar-1.26-35.el7.x86_64.rpm tzdata-2018g-1.el7.noarch.rpm unzip-6.0-19.el7.x86_64.rpm From f7384e32ae7549fbcae669782bd896ed68cc8c66 Mon Sep 17 00:00:00 2001 From: Zhixiong Chi Date: Fri, 22 Jan 2021 00:49:11 -0500 Subject: [PATCH 20/54] dbus: fix CVE-2020-12049 Upgrade the below packages to: dbus-1.10.24-15.el7.x86_64.rpm dbus-devel-1.10.24-15.el7.x86_64.rpm dbus-libs-1.10.24-15.el7.x86_64.rpm Story: 2008532 Task: 41655 Change-Id: Idda21afb1247e0fdbcb5bbdf3cf38d7ea63a9d2a Signed-off-by: Zhixiong Chi --- centos-mirror-tools/config/centos/compiler/rpms_centos.lst | 6 +++--- centos-mirror-tools/config/centos/distro/rpms_centos.lst | 6 +++--- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 4 ++-- centos-mirror-tools/config/centos/mock/rpms_centos.lst | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst index 04363c0a..ad878e8a 100644 --- a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst @@ -24,9 +24,9 @@ bzip2-devel-1.0.6-13.el7.x86_64.rpm # cracklib-dicts-2.9.0-11.el7.x86_64.rpm provided by mock # cryptsetup-libs-2.0.3-3.el7.x86_64.rpm provided by mock # cyrus-sasl-lib-2.1.26-23.el7.x86_64.rpm provided by mock -# dbus-1.10.24-12.el7.x86_64.rpm provided by mock -dbus-devel-1.10.24-12.el7.x86_64.rpm -# dbus-libs-1.10.24-12.el7.x86_64.rpm provided by mock +# dbus-1.10.24-15.el7.x86_64.rpm provided by mock +dbus-devel-1.10.24-15.el7.x86_64.rpm +# dbus-libs-1.10.24-15.el7.x86_64.rpm provided by mock dejavu-fonts-common-2.33-6.el7.noarch.rpm dejavu-sans-fonts-2.33-6.el7.noarch.rpm # device-mapper-1.02.146-4.el7.x86_64.rpm provided by mock diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index 9af81fcd..89ef6786 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -105,11 +105,11 @@ cyrus-sasl-2.1.26-23.el7.x86_64.rpm cyrus-sasl-devel-2.1.26-23.el7.x86_64.rpm cyrus-sasl-gssapi-2.1.26-23.el7.x86_64.rpm # cyrus-sasl-lib-2.1.26-23.el7.x86_64.rpm provided by mock -# dbus-1.10.24-12.el7.x86_64.rpm provided by mock -dbus-devel-1.10.24-12.el7.x86_64.rpm +# dbus-1.10.24-15.el7.x86_64.rpm provided by mock +dbus-devel-1.10.24-15.el7.x86_64.rpm dbus-glib-0.100-7.el7.x86_64.rpm dbus-glib-devel-0.100-7.el7.x86_64.rpm -# dbus-libs-1.10.24-12.el7.x86_64.rpm provided by mock +# dbus-libs-1.10.24-15.el7.x86_64.rpm provided by mock dbus-python-1.1.1-9.el7.x86_64.rpm dconf-0.28.0-4.el7.x86_64.rpm dejavu-fonts-common-2.33-6.el7.noarch.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 9046caab..b184bfad 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -110,9 +110,9 @@ cyrus-sasl-2.1.26-23.el7.x86_64.rpm cyrus-sasl-gssapi-2.1.26-23.el7.x86_64.rpm # cyrus-sasl-lib-2.1.26-23.el7.x86_64.rpm provided by mock daxctl-libs-65-5.el7.x86_64.rpm -# dbus-1.10.24-12.el7.x86_64.rpm provided by mock +# dbus-1.10.24-15.el7.x86_64.rpm provided by mock dbus-glib-0.100-7.el7.x86_64.rpm -# dbus-libs-1.10.24-12.el7.x86_64.rpm provided by mock +# dbus-libs-1.10.24-15.el7.x86_64.rpm provided by mock dbus-python-1.1.1-9.el7.x86_64.rpm d-din-condensed-fonts-1.0-1.el7.noarch.rpm d-din-exp-fonts-1.0-1.el7.noarch.rpm diff --git a/centos-mirror-tools/config/centos/mock/rpms_centos.lst b/centos-mirror-tools/config/centos/mock/rpms_centos.lst index dbe3c733..98eb3ef5 100644 --- a/centos-mirror-tools/config/centos/mock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/mock/rpms_centos.lst @@ -16,8 +16,8 @@ cracklib-dicts-2.9.0-11.el7.x86_64.rpm cryptsetup-libs-2.0.3-3.el7.x86_64.rpm curl-7.29.0-59.el7.x86_64.rpm cyrus-sasl-lib-2.1.26-23.el7.x86_64.rpm -dbus-1.10.24-12.el7.x86_64.rpm -dbus-libs-1.10.24-12.el7.x86_64.rpm +dbus-1.10.24-15.el7.x86_64.rpm +dbus-libs-1.10.24-15.el7.x86_64.rpm device-mapper-1.02.146-4.el7.x86_64.rpm device-mapper-libs-1.02.146-4.el7.x86_64.rpm diffutils-3.3-4.el7.x86_64.rpm From c9b3e4af17581571177611aaee60c13a1309fb20 Mon Sep 17 00:00:00 2001 From: Zhixiong Chi Date: Fri, 22 Jan 2021 01:59:47 -0500 Subject: [PATCH 21/54] libcgroup: fix CVE-2018-14348 Upgrade the below packages to: libcgroup-0.41-21.el7.x86_64.rpm libcgroup-tools-0.41-21.el7.x86_64.rpm Story: 2008532 Task: 41656 Change-Id: I2aa7a300f269755c885e20530d8bf843f45c0837 Signed-off-by: Zhixiong Chi --- centos-mirror-tools/config/centos/distro/rpms_centos.lst | 2 +- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index 89ef6786..f3019a4e 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -340,7 +340,7 @@ libcacard-devel-2.5.2-2.1.el7.x86_64.rpm libcap-devel-2.22-9.el7.x86_64.rpm # libcap-ng-0.7.5-4.el7.x86_64.rpm provided by mock libcap-ng-devel-0.7.5-4.el7.x86_64.rpm -libcgroup-0.41-20.el7.x86_64.rpm +libcgroup-0.41-21.el7.x86_64.rpm libcmocka-1.1.5-1.el7.x86_64.rpm libcmocka-devel-1.1.5-1.el7.x86_64.rpm libcollection-0.7.0-32.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index b184bfad..42d93efd 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -382,8 +382,8 @@ libcacard-2.5.2-2.1.el7.x86_64.rpm # libcap-2.22-9.el7.x86_64.rpm provided by mock # libcap-ng-0.7.5-4.el7.x86_64.rpm provided by mock libcap-ng-devel-0.7.5-4.el7.x86_64.rpm -libcgroup-0.41-20.el7.x86_64.rpm -libcgroup-tools-0.41-20.el7.x86_64.rpm +libcgroup-0.41-21.el7.x86_64.rpm +libcgroup-tools-0.41-21.el7.x86_64.rpm libcollection-0.7.0-32.el7.x86_64.rpm libcomps-0.1.8-12.el7.x86_64.rpm libconfig-1.4.9-5.el7.x86_64.rpm From 9fad2088fe8f5e884d0ebf07c3e234123bbd34d8 Mon Sep 17 00:00:00 2001 From: Zhixiong Chi Date: Fri, 22 Jan 2021 02:02:03 -0500 Subject: [PATCH 22/54] libjpeg-turbo: fix CVE-2018-14498 Upgrade the below packages to: libjpeg-turbo-1.2.90-8.el7.x86_64.rpm libjpeg-turbo-devel-1.2.90-8.el7.x86_64.rpm Story: 2008532 Task: 41657 Change-Id: Ic2083117eaf7f2ace4ca2c87a2e2a1e0fe8d5725 Signed-off-by: Zhixiong Chi --- centos-mirror-tools/config/centos/distro/rpms_centos.lst | 4 ++-- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index f3019a4e..361f8c67 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -385,8 +385,8 @@ libimagequant-2.8.2-2.el7.x86_64.rpm libini_config-1.3.1-32.el7.x86_64.rpm libiscsi-1.9.0-7.el7.x86_64.rpm libiscsi-devel-1.9.0-7.el7.x86_64.rpm -libjpeg-turbo-1.2.90-6.el7.x86_64.rpm -libjpeg-turbo-devel-1.2.90-6.el7.x86_64.rpm +libjpeg-turbo-1.2.90-8.el7.x86_64.rpm +libjpeg-turbo-devel-1.2.90-8.el7.x86_64.rpm libkadm5-1.15.1-34.el7.x86_64.rpm libmicrohttpd-0.9.59-2.el7.x86_64.rpm libmicrohttpd-devel-0.9.59-2.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 42d93efd..b16d6f17 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -424,7 +424,7 @@ libICE-devel-1.0.9-9.el7.x86_64.rpm libiec61883-1.2.0-10.el7.x86_64.rpm libimagequant-2.8.2-2.el7.x86_64.rpm libini_config-1.3.1-32.el7.x86_64.rpm -libjpeg-turbo-1.2.90-6.el7.x86_64.rpm +libjpeg-turbo-1.2.90-8.el7.x86_64.rpm libkadm5-1.15.1-34.el7.x86_64.rpm libmng-1.0.10-14.el7.x86_64.rpm libmnl-1.0.3-7.el7.x86_64.rpm From 359c43c08328021e6757230e7093d80e740ede37 Mon Sep 17 00:00:00 2001 From: Zhixiong Chi Date: Fri, 22 Jan 2021 02:05:24 -0500 Subject: [PATCH 23/54] libsndfile: CVE-2018-13139 Upgrade the below packages to: libsndfile-1.0.25-12.el7.x86_64.rpm Story: 2008532 Task: 41658 Change-Id: I7ca91731beb7afe7d7515f12392173fdb041c14a Signed-off-by: Zhixiong Chi --- centos-mirror-tools/config/centos/distro/rpms_centos.lst | 2 +- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index 361f8c67..b9263ce6 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -429,7 +429,7 @@ libselinux-utils-2.5-14.1.el7.x86_64.rpm libsepol-devel-2.5-10.el7.x86_64.rpm libSM-1.2.2-2.el7.x86_64.rpm # libsmartcols-2.23.2-59.el7.x86_64.rpm provided by mock -libsndfile-1.0.25-10.el7.x86_64.rpm +libsndfile-1.0.25-12.el7.x86_64.rpm libsolv-0.6.34-4.el7.x86_64.rpm libsoup-2.62.2-2.el7.x86_64.rpm # libstdc++-4.8.5-36.el7.x86_64.rpm provided by mock diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index b16d6f17..dbca89a7 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -480,7 +480,7 @@ libshout-2.2.2-11.el7.x86_64.rpm libSM-1.2.2-2.el7.x86_64.rpm # libsmartcols-2.23.2-59.el7.x86_64.rpm provided by mock libSM-devel-1.2.2-2.el7.x86_64.rpm -libsndfile-1.0.25-10.el7.x86_64.rpm +libsndfile-1.0.25-12.el7.x86_64.rpm libsolv-0.6.34-4.el7.x86_64.rpm # libstdc++-4.8.5-36.el7.x86_64.rpm provided by mock libsysfs-2.1.0-16.el7.x86_64.rpm From 677ab7fa3304da29d6eda2c366d4581fb9acc272 Mon Sep 17 00:00:00 2001 From: Zhixiong Chi Date: Fri, 22 Jan 2021 02:08:45 -0500 Subject: [PATCH 24/54] libtiff: fix CVE-2018-8905 Upgrade the below packages to: libtiff-4.0.3-35.el7.x86_64.rpm libtiff-devel-4.0.3-35.el7.x86_64.rpm Story: 2008532 Task: 41659 Change-Id: I44776633cb8031f1d506c7216b0973c85bdae979 Signed-off-by: Zhixiong Chi --- centos-mirror-tools/config/centos/distro/rpms_centos.lst | 2 +- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index b9263ce6..d650707f 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -436,7 +436,7 @@ libsoup-2.62.2-2.el7.x86_64.rpm # libtasn1-4.10-1.el7.x86_64.rpm provided by mock libtasn1-devel-4.10-1.el7.x86_64.rpm libthai-0.1.14-9.el7.x86_64.rpm -libtiff-4.0.3-27.el7_3.x86_64.rpm +libtiff-4.0.3-35.el7.x86_64.rpm libtimezonemap-0.4.4-1.el7.x86_64.rpm libtimezonemap-devel-0.4.4-1.el7.x86_64.rpm libtirpc-0.2.4-0.15.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index dbca89a7..3a77ab6f 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -487,8 +487,8 @@ libsysfs-2.1.0-16.el7.x86_64.rpm # libtasn1-4.10-1.el7.x86_64.rpm provided by mock libteam-1.27-5.el7.x86_64.rpm libtheora-1.1.1-8.el7.x86_64.rpm -libtiff-4.0.3-27.el7_3.x86_64.rpm -libtiff-devel-4.0.3-27.el7_3.x86_64.rpm +libtiff-4.0.3-35.el7.x86_64.rpm +libtiff-devel-4.0.3-35.el7.x86_64.rpm libtirpc-0.2.4-0.15.el7.x86_64.rpm libtirpc-devel-0.2.4-0.15.el7.x86_64.rpm libtomcrypt-1.17-33.20170623gitcd6e602.el7.x86_64.rpm From 71eb4028ee7b33ce594325a7a37a81e417c250b4 Mon Sep 17 00:00:00 2001 From: Zhixiong Chi Date: Fri, 22 Jan 2021 02:15:30 -0500 Subject: [PATCH 25/54] ipmitool: fix CVE-2020-5208 Upgrade the below package to: ipmitool-1.8.18-9.el7_7.x86_64.rpm Story: 2008532 Task: 41660 Change-Id: I4679321578500bfe1df12a036721f5338b13b2d2 Signed-off-by: Zhixiong Chi --- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 9046caab..ba1a05ef 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -304,7 +304,7 @@ ipa-mincho-fonts-003.03-5.el7.noarch.rpm ipa-pgothic-fonts-003.03-5.el7.noarch.rpm ipa-pmincho-fonts-003.03-5.el7.noarch.rpm iperf3-3.1.7-2.el7.x86_64.rpm -ipmitool-1.8.18-7.el7.x86_64.rpm +ipmitool-1.8.18-9.el7_7.x86_64.rpm iproute-4.11.0-14.el7.x86_64.rpm ipset-6.38-3.el7_6.x86_64.rpm ipset-libs-6.38-3.el7_6.x86_64.rpm From bd8cf5a79290db8c6efaaaba592c57b694c121a7 Mon Sep 17 00:00:00 2001 From: Zhixiong Chi Date: Fri, 22 Jan 2021 03:34:19 -0500 Subject: [PATCH 26/54] cups: fix CVE-2018-4700 Upgrade the below packages to: cups-client-1.6.3-51.el7.x86_64.rpm cups-libs-1.6.3-51.el7.x86_64.rpm Story: 2008532 Task: 41662 Change-Id: I8d9f8fd7571f7e400b8ef203bcdcf76bbde274e7 Signed-off-by: Zhixiong Chi --- centos-mirror-tools/config/centos/distro/rpms_centos.lst | 4 ++-- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index 9af81fcd..10a05022 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -99,8 +99,8 @@ cryptsetup-2.0.3-3.el7.x86_64.rpm cryptsetup-devel-2.0.3-3.el7.x86_64.rpm # cryptsetup-libs-2.0.3-3.el7.x86_64.rpm provided by mock ctags-5.8-13.el7.x86_64.rpm -cups-client-1.6.3-35.el7.x86_64.rpm -cups-libs-1.6.3-35.el7.x86_64.rpm +cups-client-1.6.3-51.el7.x86_64.rpm +cups-libs-1.6.3-51.el7.x86_64.rpm cyrus-sasl-2.1.26-23.el7.x86_64.rpm cyrus-sasl-devel-2.1.26-23.el7.x86_64.rpm cyrus-sasl-gssapi-2.1.26-23.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 9046caab..665fd5e3 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -105,7 +105,7 @@ crontabs-1.11-6.20121102git.el7.noarch.rpm crudini-0.9-2.el7.noarch.rpm cryptsetup-2.0.3-3.el7.x86_64.rpm # cryptsetup-libs-2.0.3-3.el7.x86_64.rpm provided by mock -cups-libs-1.6.3-35.el7.x86_64.rpm +cups-libs-1.6.3-51.el7.x86_64.rpm cyrus-sasl-2.1.26-23.el7.x86_64.rpm cyrus-sasl-gssapi-2.1.26-23.el7.x86_64.rpm # cyrus-sasl-lib-2.1.26-23.el7.x86_64.rpm provided by mock From 9509a95f6562313030922e93ead36ea48521f99d Mon Sep 17 00:00:00 2001 From: Zhixiong Chi Date: Fri, 22 Jan 2021 03:37:39 -0500 Subject: [PATCH 27/54] httpd: fix CVE-2018-1312 CVE-2019-0220 CVE-2018-17199 Upgrade the below packages to: httpd-2.4.6-95.el7.centos.x86_64.rpm httpd-tools-2.4.6-95.el7.centos.x86_64.rpm Story: 2008532 Task: 41661 Change-Id: I09c5d73e384eb757d5907eda1b0df374c44acdcf Signed-off-by: Zhixiong Chi --- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 9046caab..2db95875 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -290,8 +290,8 @@ horai-ume-uigothic-fonts-610-2.el7.noarch.rpm # hostname-3.13-3.el7.x86_64.rpm provided by mock httpcomponents-client-4.2.5-5.el7_0.noarch.rpm httpcomponents-core-4.2.4-6.el7.noarch.rpm -httpd-2.4.6-88.el7.centos.x86_64.rpm -httpd-tools-2.4.6-88.el7.centos.x86_64.rpm +httpd-2.4.6-95.el7.centos.x86_64.rpm +httpd-tools-2.4.6-95.el7.centos.x86_64.rpm hwdata-0.252-9.1.el7.x86_64.rpm hwloc-libs-1.11.8-4.el7.x86_64.rpm impallari-lobster-fonts-1.4-8.el7.noarch.rpm From 1ccf94214e3e65437b3162d88e2d0554a6987efd Mon Sep 17 00:00:00 2001 From: Li Zhou Date: Sun, 24 Jan 2021 04:04:38 +0000 Subject: [PATCH 28/54] polkit: fix CVE-2018-1116 Update below packages to: polkit-0.112-26.el7.x86_64.rpm polkit-devel-0.112-26.el7.x86_64.rpm polkit-docs-0.112-26.el7.noarch.rpm Story: 2008532 Task: 41666 Signed-off-by: Li Zhou Change-Id: I8b85c4fb02d951c016379594a93cda932f0f2483 --- centos-mirror-tools/config/centos/distro/rpms_centos.lst | 6 +++--- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index f7c5ab61..cf12045b 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -666,9 +666,9 @@ pesign-0.109-10.el7.x86_64.rpm pixman-0.34.0-1.el7.x86_64.rpm pixman-devel-0.34.0-1.el7.x86_64.rpm # pkgconfig-0.27.1-4.el7.x86_64.rpm provided by mock -polkit-0.112-22.el7.x86_64.rpm -polkit-devel-0.112-22.el7.x86_64.rpm -polkit-docs-0.112-22.el7.noarch.rpm +polkit-0.112-26.el7.x86_64.rpm +polkit-devel-0.112-26.el7.x86_64.rpm +polkit-docs-0.112-26.el7.noarch.rpm polkit-pkla-compat-0.1-4.el7.x86_64.rpm poppler-0.26.5-20.el7.x86_64.rpm poppler-data-0.4.6-3.el7.noarch.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 1e417304..dde8cbd4 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -704,7 +704,7 @@ plexus-interpolation-1.15-8.el7.noarch.rpm plexus-sec-dispatcher-1.4-13.el7.noarch.rpm plexus-utils-3.0.9-9.el7.noarch.rpm pm-utils-1.4.1-27.el7.x86_64.rpm -polkit-0.112-22.el7.x86_64.rpm +polkit-0.112-26.el7.x86_64.rpm polkit-pkla-compat-0.1-4.el7.x86_64.rpm # popt-1.13-16.el7.x86_64.rpm provided by mock popt-devel-1.13-16.el7.x86_64.rpm From 5f65806a263d58d7b031e71313b63cf8defc6619 Mon Sep 17 00:00:00 2001 From: Li Zhou Date: Sun, 24 Jan 2021 04:06:03 +0000 Subject: [PATCH 29/54] procps-ng: fix CVE-2018-1122 Update below package to: procps-ng-3.3.10-28.el7.x86_64.rpm Story: 2008532 Task: 41667 Signed-off-by: Li Zhou Change-Id: Ic77255b742b691be041f9958609ed7bc227d0d49 --- centos-mirror-tools/config/centos/compiler/rpms_centos.lst | 2 +- centos-mirror-tools/config/centos/distro/rpms_centos.lst | 2 +- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 2 +- centos-mirror-tools/config/centos/mock/rpms_centos.lst | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst index ba0ebd39..664c86ed 100644 --- a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst @@ -236,7 +236,7 @@ perl-Text-Unidecode-0.04-20.el7.noarch.rpm # pkgconfig-0.27.1-4.el7.x86_64.rpm provided by mock # popt-1.13-16.el7.x86_64.rpm provided by mock popt-devel-1.13-16.el7.x86_64.rpm -# procps-ng-3.3.10-23.el7.x86_64.rpm provided by mock +# procps-ng-3.3.10-28.el7.x86_64.rpm provided by mock pyparsing-2.1.10-3.el7.noarch.rpm python2-pyparsing-2.1.10-3.el7.noarch.rpm python3-3.6.8-10.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index f7c5ab61..b82a5e5a 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -678,7 +678,7 @@ postgresql-9.2.24-1.el7_5.x86_64.rpm postgresql-devel-9.2.24-1.el7_5.x86_64.rpm postgresql-libs-9.2.24-1.el7_5.x86_64.rpm pps-tools-devel-0-0.9.20120407git0deb9c.el7.x86_64.rpm -# procps-ng-3.3.10-23.el7.x86_64.rpm provided by mock +# procps-ng-3.3.10-28.el7.x86_64.rpm provided by mock psmisc-22.20-15.el7.x86_64.rpm # pth-2.0.7-23.el7.x86_64.rpm provided by mock pycairo-1.8.10-8.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 1e417304..1bd3961c 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -713,7 +713,7 @@ postgresql-contrib-9.2.24-1.el7_5.x86_64.rpm postgresql-devel-9.2.24-1.el7_5.x86_64.rpm postgresql-libs-9.2.24-1.el7_5.x86_64.rpm postgresql-server-9.2.24-1.el7_5.x86_64.rpm -# procps-ng-3.3.10-23.el7.x86_64.rpm provided by mock +# procps-ng-3.3.10-28.el7.x86_64.rpm provided by mock psmisc-22.20-15.el7.x86_64.rpm psutils-1.17-44.el7.x86_64.rpm # pth-2.0.7-23.el7.x86_64.rpm provided by mock diff --git a/centos-mirror-tools/config/centos/mock/rpms_centos.lst b/centos-mirror-tools/config/centos/mock/rpms_centos.lst index 6b4feb67..ed65d356 100644 --- a/centos-mirror-tools/config/centos/mock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/mock/rpms_centos.lst @@ -141,7 +141,7 @@ pigz-2.3.4-1.el7.x86_64.rpm pinentry-0.8.1-17.el7.x86_64.rpm pkgconfig-0.27.1-4.el7.x86_64.rpm popt-1.13-16.el7.x86_64.rpm -procps-ng-3.3.10-23.el7.x86_64.rpm +procps-ng-3.3.10-28.el7.x86_64.rpm pth-2.0.7-23.el7.x86_64.rpm pygpgme-0.3-9.el7.x86_64.rpm pyliblzma-0.5.3-11.el7.x86_64.rpm From 7c08668f79e3c7003ad006bd0b0a42810cd19560 Mon Sep 17 00:00:00 2001 From: Li Zhou Date: Mon, 25 Jan 2021 07:19:09 +0000 Subject: [PATCH 30/54] microcode_ctl: fix CVE-2020-0549 Update below package to: microcode_ctl-2.1-73.el7.x86_64.rpm Story: 2008532 Task: 41679 Signed-off-by: Li Zhou Change-Id: I0df78aea2d38f27359b3f464b01a27637f91093f --- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 1e417304..a168890c 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -560,7 +560,7 @@ mdi-common-1.4.57.0-4.el7.noarch.rpm mdi-fonts-1.4.57.0-4.el7.noarch.rpm memcached-1.4.39-1.el7.x86_64.rpm mercurial-2.6.2-8.el7_4.x86_64.rpm -microcode_ctl-2.1-47.2.el7_6.x86_64.rpm +microcode_ctl-2.1-73.el7.x86_64.rpm mod_wsgi-3.4-18.el7.x86_64.rpm moyogo-molengo-fonts-0.10-9.el7.noarch.rpm mozilla-fira-fonts-common-4.202-1.el7.noarch.rpm From 40af436ba5876569403a04534bd243ac32d11eb0 Mon Sep 17 00:00:00 2001 From: Li Zhou Date: Mon, 25 Jan 2021 07:21:21 +0000 Subject: [PATCH 31/54] openjpeg2: fix CVE-2020-6851 CVE-2020-8112 Update below package to: openjpeg2-2.3.1-3.el7_7.x86_64.rpm Story: 2008532 Task: 41678 Signed-off-by: Li Zhou Change-Id: Ic6a9211d72eb60e3377d036d5d796f9a4b0efd88 --- centos-mirror-tools/config/centos/distro/rpms_centos.lst | 2 +- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index f7c5ab61..8f71b14c 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -565,7 +565,7 @@ numactl-libs-2.0.9-7.el7.x86_64.rpm nvme-cli-1.8.1-3.el7.x86_64.rpm oniguruma-5.9.5-3.el7.x86_64.rpm openjade-1.3.2-45.el7.x86_64.rpm -openjpeg2-2.3.1-1.el7.x86_64.rpm +openjpeg2-2.3.1-3.el7_7.x86_64.rpm openjpeg-libs-1.5.1-18.el7.x86_64.rpm openpgm-5.2.122-2.el7.x86_64.rpm opensc-0.16.0-10.20170227git777e2a3.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 1e417304..cb3a370a 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -606,7 +606,7 @@ nvme-cli-1.8.1-3.el7.x86_64.rpm objectweb-asm-3.3.1-9.el7.noarch.rpm oflb-asana-math-fonts-0.954-1.el7.noarch.rpm OpenIPMI-modalias-2.0.23-2.el7.x86_64.rpm -openjpeg2-2.3.1-1.el7.x86_64.rpm +openjpeg2-2.3.1-3.el7_7.x86_64.rpm openmpi-1.10.7-2.el7.x86_64.rpm openpgm-5.2.122-2.el7.x86_64.rpm open-sans-fonts-1.10-1.el7.noarch.rpm From 5440eb14768cee3658c5c4d10279eb7e8ef6c0b1 Mon Sep 17 00:00:00 2001 From: Li Zhou Date: Mon, 25 Jan 2021 07:25:13 +0000 Subject: [PATCH 32/54] unzip: fix CVE-2018-18384 CVE-2019-13232 Update below packages to: unzip-6.0-21.el7.x86_64.rpm Story: 2008532 Task: 41681 Signed-off-by: Li Zhou Change-Id: Iccd6a16cd573d96254d785ae9d3b44b42fd1a95d --- centos-mirror-tools/config/centos/distro/rpms_centos.lst | 2 +- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 2 +- centos-mirror-tools/config/centos/mock/rpms_centos.lst | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index 06958318..7c39faa9 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -1250,7 +1250,7 @@ tzdata-java-2018g-1.el7.noarch.rpm unbound-libs-1.6.6-5.el7_8.x86_64.rpm unixODBC-2.3.1-11.el7.x86_64.rpm unixODBC-devel-2.3.1-11.el7.x86_64.rpm -# unzip-6.0-19.el7.x86_64.rpm provided by mock +# unzip-6.0-21.el7.x86_64.rpm provided by mock urw-fonts-2.4-16.el7.noarch.rpm usbredir-0.7.1-3.el7.x86_64.rpm usbredir-devel-0.7.1-3.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 04a8c8ae..3520c984 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -1273,7 +1273,7 @@ tuna-0.13-6.el7.noarch.rpm # tzdata-2018g-1.el7.noarch.rpm provided by mock unbound-libs-1.6.6-5.el7_8.x86_64.rpm unifont-fonts-10.0.07-2.el7.noarch.rpm -# unzip-6.0-19.el7.x86_64.rpm provided by mock +# unzip-6.0-21.el7.x86_64.rpm provided by mock uriparser-0.7.5-9.el7.x86_64.rpm usbredir-0.7.1-3.el7.x86_64.rpm userspace-rcu-devel-0.10.0-3.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/mock/rpms_centos.lst b/centos-mirror-tools/config/centos/mock/rpms_centos.lst index e8397e70..33657860 100644 --- a/centos-mirror-tools/config/centos/mock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/mock/rpms_centos.lst @@ -170,7 +170,7 @@ shared-mime-info-1.8-4.el7.x86_64.rpm sqlite-3.7.17-8.el7_7.1.x86_64.rpm tar-1.26-35.el7.x86_64.rpm tzdata-2018g-1.el7.noarch.rpm -unzip-6.0-19.el7.x86_64.rpm +unzip-6.0-21.el7.x86_64.rpm ustr-1.0.4-16.el7.x86_64.rpm which-2.20-7.el7.x86_64.rpm xz-5.2.2-1.el7.x86_64.rpm From 511859ef18129b3ac830c9f609f0324996e7c432 Mon Sep 17 00:00:00 2001 From: Davlet Panech Date: Wed, 27 Jan 2021 19:06:41 -0500 Subject: [PATCH 33/54] Dockerfile: fail in "yum install" on missing packages By default "yum install" ignores packages that can't be downloaded and return 0 to the shell. In a Dockerfile such falsely successful commands are cached by "docker build", so that the next time we run "docker build" the "yum install" is not even attempted: # this "succeeds" and gets cached during the first "docker build", # even if the URL returns an error (eg DNS error or HTTP 404). # During a second "docker build" this bringis back the FS layer # from the cache and doesn't attempt to re-download the package # from that URL RUN yum install python3 http://some/url.rpm ... This patch avoids the problem in case CENGN mirror is down. Change-Id: I65f2185ce8a1832f3fc1be4135b0a49653654b5b Closes-Bug: 1912682 Signed-off-by: Davlet Panech --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index eba205a2..df4b420f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -43,6 +43,7 @@ COPY toCOPY/yum.repos.d/*.repo /etc/yum.repos.d/ COPY centos-mirror-tools/rpm-gpg-keys/RPM-GPG-KEY-EPEL-7 /etc/pki/rpm-gpg/ RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY* && \ echo "http_caching=packages" >> /etc/yum.conf && \ + echo "skip_missing_names_on_install=0" >>/etc/yum.conf && \ # yum variables must be in lower case ; \ echo "$CENTOS_7_8_URL" >/etc/yum/vars/centos_7_8_url && \ echo "$EPEL_7_8_URL" >/etc/yum/vars/epel_7_8_url && \ From 6ed078685c413b7199cd18bdde6cb8ad33fdb711 Mon Sep 17 00:00:00 2001 From: Li Zhou Date: Mon, 25 Jan 2021 07:49:54 +0000 Subject: [PATCH 34/54] nspr/nss/nss-softokn/nss-util: CVE-2018-12404 and CVE-2019-11745 Update below packages to: nspr-4.25.0-2.el7_9.x86_64.rpm nspr-devel-4.25.0-2.el7_9.x86_64.rpm nss-3.53.1-3.el7_9.x86_64.rpm nss-devel-3.53.1-3.el7_9.x86_64.rpm nss-softokn-3.53.1-6.el7_9.x86_64.rpm nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm nss-sysinit-3.53.1-3.el7_9.x86_64.rpm nss-tools-3.53.1-3.el7_9.x86_64.rpm nss-util-3.53.1-1.el7_9.x86_64.rpm nss-util-devel-3.53.1-1.el7_9.x86_64.rpm Story: 2008532 Task: 41680 Task: 41700 Signed-off-by: Li Zhou Change-Id: I0c17c36418f55db9dd7c9ed6567c74d828564bff Signed-off-by: Zhixiong Chi --- .../config/centos/compiler/rpms_centos.lst | 16 ++++++++-------- .../centos/compiler/rpms_centos3rdparties.lst | 8 ++++---- .../config/centos/distro/rpms_centos.lst | 16 ++++++++-------- .../centos/distro/rpms_centos3rdparties.lst | 8 ++++---- .../config/centos/flock/rpms_centos.lst | 12 ++++++------ .../centos/flock/rpms_centos3rdparties.lst | 8 ++++---- .../config/centos/mock/rpms_centos.lst | 10 +++++----- .../config/centos/mock/rpms_centos3rdparties.lst | 4 ++-- 8 files changed, 41 insertions(+), 41 deletions(-) diff --git a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst index 73f954e7..fe768b91 100644 --- a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst @@ -178,15 +178,15 @@ ncurses-devel-5.9-14.20130511.el7_4.x86_64.rpm # ncurses-libs-5.9-14.20130511.el7_4.x86_64.rpm provided by mock neon-0.30.0-3.el7.x86_64.rpm nettle-2.7.1-8.el7.x86_64.rpm -# nspr-4.19.0-1.el7_5.x86_64.rpm provided by mock -nspr-devel-4.19.0-1.el7_5.x86_64.rpm -# nss-3.36.0-7.el7_5.x86_64.rpm provided by mock -nss-devel-3.36.0-7.el7_5.x86_64.rpm +# nspr-4.25.0-2.el7_9.x86_64.rpm provided by mock +nspr-devel-4.25.0-2.el7_9.x86_64.rpm +# nss-3.53.1-3.el7_9.x86_64.rpm provided by mock +nss-devel-3.53.1-3.el7_9.x86_64.rpm # nss-pem-1.0.3-5.el7.x86_64.rpm provided by mock -# nss-sysinit-3.36.0-7.el7_5.x86_64.rpm provided by mock -# nss-tools-3.36.0-7.el7_5.x86_64.rpm provided by mock -# nss-util-3.36.0-1.el7_5.x86_64.rpm provided by mock -nss-util-devel-3.36.0-1.el7_5.x86_64.rpm +# nss-sysinit-3.53.1-3.el7_9.x86_64.rpm provided by mock +# nss-tools-3.53.1-3.el7_9.x86_64.rpm provided by mock +# nss-util-3.53.1-1.el7_9.x86_64.rpm provided by mock +nss-util-devel-3.53.1-1.el7_9.x86_64.rpm openssh-7.4p1-16.el7.x86_64.rpm openssh-clients-7.4p1-16.el7.x86_64.rpm openssl-devel-1.0.2k-16.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/compiler/rpms_centos3rdparties.lst b/centos-mirror-tools/config/centos/compiler/rpms_centos3rdparties.lst index 43f3bf53..0a56a662 100644 --- a/centos-mirror-tools/config/centos/compiler/rpms_centos3rdparties.lst +++ b/centos-mirror-tools/config/centos/compiler/rpms_centos3rdparties.lst @@ -22,10 +22,10 @@ mesa-libgbm-18.0.5-3.el7.x86_64.rpm mesa-libGL-18.0.5-3.el7.x86_64.rpm mesa-libglapi-18.0.5-3.el7.x86_64.rpm mesa-libGL-devel-18.0.5-3.el7.x86_64.rpm -# nss-softokn-3.36.0-5.el7_5.x86_64.rpm provided by mock -nss-softokn-devel-3.36.0-5.el7_5.x86_64.rpm -# nss-softokn-freebl-3.36.0-5.el7_5.x86_64.rpm provided by mock -nss-softokn-freebl-devel-3.36.0-5.el7_5.x86_64.rpm +# nss-softokn-3.53.1-6.el7_9.x86_64.rpm provided by mock +nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm +# nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm provided by mock +nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm # openldap-2.4.44-20.el7.x86_64.rpm provided by mock # systemd-219-67.el7.x86_64.rpm provided by mock # systemd-devel-219-67.el7.x86_64.rpm provided by mock diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index 06958318..13845295 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -553,15 +553,15 @@ newt-0.52.15-4.el7.x86_64.rpm newt-devel-0.52.15-4.el7.x86_64.rpm nfs-utils-1.3.0-0.61.el7.x86_64.rpm nmap-ncat-6.40-16.el7.x86_64.rpm -# nspr-4.19.0-1.el7_5.x86_64.rpm provided by mock -nspr-devel-4.19.0-1.el7_5.x86_64.rpm -# nss-3.36.0-7.el7_5.x86_64.rpm provided by mock -nss-devel-3.36.0-7.el7_5.x86_64.rpm +# nspr-4.25.0-2.el7_9.x86_64.rpm provided by mock +nspr-devel-4.25.0-2.el7_9.x86_64.rpm +# nss-3.53.1-3.el7_9.x86_64.rpm provided by mock +nss-devel-3.53.1-3.el7_9.x86_64.rpm # nss-pem-1.0.3-5.el7.x86_64.rpm provided by mock -# nss-sysinit-3.36.0-7.el7_5.x86_64.rpm provided by mock -# nss-tools-3.36.0-7.el7_5.x86_64.rpm provided by mock -# nss-util-3.36.0-1.el7_5.x86_64.rpm provided by mock -nss-util-devel-3.36.0-1.el7_5.x86_64.rpm +# nss-sysinit-3.53.1-3.el7_9.x86_64.rpm provided by mock +# nss-tools-3.53.1-3.el7_9.x86_64.rpm provided by mock +# nss-util-3.53.1-1.el7_9.x86_64.rpm provided by mock +nss-util-devel-3.53.1-1.el7_9.x86_64.rpm numactl-devel-2.0.9-7.el7.x86_64.rpm numactl-libs-2.0.9-7.el7.x86_64.rpm nvme-cli-1.8.1-3.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst b/centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst index 58cd3e09..8aba971c 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst @@ -50,10 +50,10 @@ mesa-libglapi-18.0.5-3.el7.x86_64.rpm mesa-libGL-devel-18.0.5-3.el7.x86_64.rpm NetworkManager-glib-1.12.0-8.el7_6.x86_64.rpm NetworkManager-glib-devel-1.12.0-8.el7_6.x86_64.rpm -# nss-softokn-3.36.0-5.el7_5.x86_64.rpm provided by mock -nss-softokn-devel-3.36.0-5.el7_5.x86_64.rpm -# nss-softokn-freebl-3.36.0-5.el7_5.x86_64.rpm provided by mock -nss-softokn-freebl-devel-3.36.0-5.el7_5.x86_64.rpm +# nss-softokn-3.53.1-6.el7_9.x86_64.rpm provided by mock +nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm +# nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm provided by mock +nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm # openldap-2.4.44-20.el7.x86_64.rpm provided by mock policycoreutils-2.5-29.el7.x86_64.rpm policycoreutils-devel-2.5-29.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 04a8c8ae..13e2a9a8 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -594,15 +594,15 @@ ndctl-libs-65-5.el7.x86_64.rpm nfs-utils-1.3.0-0.61.el7.x86_64.rpm nmap-ncat-6.40-16.el7.x86_64.rpm nscd-2.17-260.el7.x86_64.rpm -# nspr-4.19.0-1.el7_5.x86_64.rpm provided by mock -# nss-3.36.0-7.el7_5.x86_64.rpm provided by mock +# nspr-4.25.0-2.el7_9.x86_64.rpm provided by mock +# nss-3.53.1-3.el7_9.x86_64.rpm provided by mock nss_compat_ossl-0.9.6-8.el7.x86_64.rpm nss-pam-ldapd-0.8.13-16.el7.x86_64.rpm # nss-pem-1.0.3-5.el7.x86_64.rpm provided by mock -# nss-sysinit-3.36.0-7.el7_5.x86_64.rpm provided by mock -# nss-tools-3.36.0-7.el7_5.x86_64.rpm provided by mock -# nss-util-3.36.0-1.el7_5.x86_64.rpm provided by mock -nss-util-devel-3.36.0-1.el7_5.x86_64.rpm +# nss-sysinit-3.53.1-3.el7_9.x86_64.rpm provided by mock +# nss-tools-3.53.1-3.el7_9.x86_64.rpm provided by mock +# nss-util-3.53.1-1.el7_9.x86_64.rpm provided by mock +nss-util-devel-3.53.1-1.el7_9.x86_64.rpm numactl-devel-2.0.9-7.el7.x86_64.rpm numactl-libs-2.0.9-7.el7.x86_64.rpm nvme-cli-1.8.1-3.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst b/centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst index f33e20b2..28280fab 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst @@ -44,10 +44,10 @@ libtevent-0.9.39-1.el7.x86_64.rpm libwbclient-4.10.16-5.el7.x86_64.rpm lvm2-2.02.177-4.el7.x86_64.rpm lvm2-libs-2.02.177-4.el7.x86_64.rpm -# nss-softokn-3.36.0-5.el7_5.x86_64.rpm provided by mock -nss-softokn-devel-3.36.0-5.el7_5.x86_64.rpm -# nss-softokn-freebl-3.36.0-5.el7_5.x86_64.rpm provided by mock -nss-softokn-freebl-devel-3.36.0-5.el7_5.x86_64.rpm +# nss-softokn-3.53.1-6.el7_9.x86_64.rpm provided by mock +nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm +# nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm provided by mock +nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm ntfs-3g-2017.3.23-11.el7.x86_64.rpm ntfs-3g-devel-2017.3.23-11.el7.x86_64.rpm ntfsprogs-2017.3.23-11.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/mock/rpms_centos.lst b/centos-mirror-tools/config/centos/mock/rpms_centos.lst index e8397e70..5961163b 100644 --- a/centos-mirror-tools/config/centos/mock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/mock/rpms_centos.lst @@ -95,12 +95,12 @@ mpfr-3.1.1-4.el7.x86_64.rpm ncurses-5.9-14.20130511.el7_4.x86_64.rpm ncurses-base-5.9-14.20130511.el7_4.noarch.rpm ncurses-libs-5.9-14.20130511.el7_4.x86_64.rpm -nspr-4.19.0-1.el7_5.x86_64.rpm -nss-3.36.0-7.el7_5.x86_64.rpm +nspr-4.25.0-2.el7_9.x86_64.rpm +nss-3.53.1-3.el7_9.x86_64.rpm nss-pem-1.0.3-5.el7.x86_64.rpm -nss-sysinit-3.36.0-7.el7_5.x86_64.rpm -nss-tools-3.36.0-7.el7_5.x86_64.rpm -nss-util-3.36.0-1.el7_5.x86_64.rpm +nss-sysinit-3.53.1-3.el7_9.x86_64.rpm +nss-tools-3.53.1-3.el7_9.x86_64.rpm +nss-util-3.53.1-1.el7_9.x86_64.rpm openldap-2.4.44-20.el7.x86_64.rpm openssl-libs-1.0.2k-16.el7.x86_64.rpm p11-kit-0.23.5-3.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/mock/rpms_centos3rdparties.lst b/centos-mirror-tools/config/centos/mock/rpms_centos3rdparties.lst index fb95aa42..2ee23a56 100644 --- a/centos-mirror-tools/config/centos/mock/rpms_centos3rdparties.lst +++ b/centos-mirror-tools/config/centos/mock/rpms_centos3rdparties.lst @@ -9,8 +9,8 @@ ima-evm-utils-1.1-2.el7.x86_64.rpm libblkid-2.23.2-59.el7.x86_64.rpm libcom_err-1.42.9-13.el7.x86_64.rpm libsemanage-2.5-14.el7.x86_64.rpm -nss-softokn-3.36.0-5.el7_5.x86_64.rpm -nss-softokn-freebl-3.36.0-5.el7_5.x86_64.rpm +nss-softokn-3.53.1-6.el7_9.x86_64.rpm +nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm systemd-219-67.el7.x86_64.rpm systemd-devel-219-67.el7.x86_64.rpm systemd-libs-219-67.el7.x86_64.rpm From 6f4738643d710e0031f3f916e4bcb7bb441a5db1 Mon Sep 17 00:00:00 2001 From: Joe Slater Date: Tue, 19 Jan 2021 17:00:57 -0500 Subject: [PATCH 35/54] libxslt: fix CVE-2019-11068 - bypass of protection mechanism Move to libxslt-1.1.28-6.el7.x86-64.rpm libxslt-devel-1.1.28-6.el7.x86-64.rpm (unused for iso build) libxslt-python-1.1.28-6.el7.x86-64.rpm (unused for iso build) Closes-Bug: 1906470 Change-Id: Iac627c89d7dfb115c869bc9b8b52b0ece38ea796 Signed-off-by: Joe Slater --- centos-mirror-tools/config/centos/distro/rpms_centos.lst | 2 +- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index 06958318..72f4d4ff 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -502,7 +502,7 @@ libXrandr-devel-1.5.1-2.el7.x86_64.rpm libXrender-0.9.10-1.el7.x86_64.rpm libXrender-devel-0.9.10-1.el7.x86_64.rpm libxshmfence-1.2-1.el7.x86_64.rpm -libxslt-1.1.28-5.el7.x86_64.rpm +libxslt-1.1.28-6.el7.x86_64.rpm libXt-1.1.5-3.el7.x86_64.rpm libXtst-1.2.3-1.el7.x86_64.rpm libXxf86vm-1.1.4-1.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 04a8c8ae..8a040dc8 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -523,9 +523,9 @@ libXi-1.7.9-1.el7.x86_64.rpm # libxml2-2.9.1-6.el7_2.3.x86_64.rpm provided by mock libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm libXpm-devel-3.5.12-1.el7.x86_64.rpm -libxslt-1.1.28-5.el7.x86_64.rpm -libxslt-devel-1.1.28-5.el7.x86_64.rpm -libxslt-python-1.1.28-5.el7.x86_64.rpm +libxslt-1.1.28-6.el7.x86_64.rpm +libxslt-devel-1.1.28-6.el7.x86_64.rpm +libxslt-python-1.1.28-6.el7.x86_64.rpm libXt-devel-1.1.5-3.el7.x86_64.rpm libXtst-1.2.3-1.el7.x86_64.rpm libXv-1.0.11-1.el7.x86_64.rpm From ebc9f32d7de526b44234a56423dd6785243cc386 Mon Sep 17 00:00:00 2001 From: Joe Slater Date: Fri, 5 Feb 2021 11:37:56 -0500 Subject: [PATCH 36/54] nss: fix CVE-2019-17006 - crypto primitives missing length checks Update versions of nss, nss-utils, nss-tools, nss-sysinit, nss-softokn, nss-softokn-freebl, and nspr. All packages except the devel versions are on the default iso. The structure of all lst files was preserved. Closes-Bug: 1906471 Change-Id: I98f1cf059cb1f91c1836f0f62807ba345668450f Signed-off-by: Joe Slater --- .../config/centos/compiler/rpms_centos.lst | 16 ++++++++-------- .../centos/compiler/rpms_centos3rdparties.lst | 8 ++++---- .../config/centos/distro/rpms_centos.lst | 16 ++++++++-------- .../centos/distro/rpms_centos3rdparties.lst | 8 ++++---- .../config/centos/flock/rpms_centos.lst | 12 ++++++------ .../centos/flock/rpms_centos3rdparties.lst | 8 ++++---- .../config/centos/mock/rpms_centos.lst | 10 +++++----- .../config/centos/mock/rpms_centos3rdparties.lst | 4 ++-- 8 files changed, 41 insertions(+), 41 deletions(-) diff --git a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst index 73f954e7..fe768b91 100644 --- a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst @@ -178,15 +178,15 @@ ncurses-devel-5.9-14.20130511.el7_4.x86_64.rpm # ncurses-libs-5.9-14.20130511.el7_4.x86_64.rpm provided by mock neon-0.30.0-3.el7.x86_64.rpm nettle-2.7.1-8.el7.x86_64.rpm -# nspr-4.19.0-1.el7_5.x86_64.rpm provided by mock -nspr-devel-4.19.0-1.el7_5.x86_64.rpm -# nss-3.36.0-7.el7_5.x86_64.rpm provided by mock -nss-devel-3.36.0-7.el7_5.x86_64.rpm +# nspr-4.25.0-2.el7_9.x86_64.rpm provided by mock +nspr-devel-4.25.0-2.el7_9.x86_64.rpm +# nss-3.53.1-3.el7_9.x86_64.rpm provided by mock +nss-devel-3.53.1-3.el7_9.x86_64.rpm # nss-pem-1.0.3-5.el7.x86_64.rpm provided by mock -# nss-sysinit-3.36.0-7.el7_5.x86_64.rpm provided by mock -# nss-tools-3.36.0-7.el7_5.x86_64.rpm provided by mock -# nss-util-3.36.0-1.el7_5.x86_64.rpm provided by mock -nss-util-devel-3.36.0-1.el7_5.x86_64.rpm +# nss-sysinit-3.53.1-3.el7_9.x86_64.rpm provided by mock +# nss-tools-3.53.1-3.el7_9.x86_64.rpm provided by mock +# nss-util-3.53.1-1.el7_9.x86_64.rpm provided by mock +nss-util-devel-3.53.1-1.el7_9.x86_64.rpm openssh-7.4p1-16.el7.x86_64.rpm openssh-clients-7.4p1-16.el7.x86_64.rpm openssl-devel-1.0.2k-16.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/compiler/rpms_centos3rdparties.lst b/centos-mirror-tools/config/centos/compiler/rpms_centos3rdparties.lst index 43f3bf53..0a56a662 100644 --- a/centos-mirror-tools/config/centos/compiler/rpms_centos3rdparties.lst +++ b/centos-mirror-tools/config/centos/compiler/rpms_centos3rdparties.lst @@ -22,10 +22,10 @@ mesa-libgbm-18.0.5-3.el7.x86_64.rpm mesa-libGL-18.0.5-3.el7.x86_64.rpm mesa-libglapi-18.0.5-3.el7.x86_64.rpm mesa-libGL-devel-18.0.5-3.el7.x86_64.rpm -# nss-softokn-3.36.0-5.el7_5.x86_64.rpm provided by mock -nss-softokn-devel-3.36.0-5.el7_5.x86_64.rpm -# nss-softokn-freebl-3.36.0-5.el7_5.x86_64.rpm provided by mock -nss-softokn-freebl-devel-3.36.0-5.el7_5.x86_64.rpm +# nss-softokn-3.53.1-6.el7_9.x86_64.rpm provided by mock +nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm +# nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm provided by mock +nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm # openldap-2.4.44-20.el7.x86_64.rpm provided by mock # systemd-219-67.el7.x86_64.rpm provided by mock # systemd-devel-219-67.el7.x86_64.rpm provided by mock diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index 72f4d4ff..e4851cf6 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -553,15 +553,15 @@ newt-0.52.15-4.el7.x86_64.rpm newt-devel-0.52.15-4.el7.x86_64.rpm nfs-utils-1.3.0-0.61.el7.x86_64.rpm nmap-ncat-6.40-16.el7.x86_64.rpm -# nspr-4.19.0-1.el7_5.x86_64.rpm provided by mock -nspr-devel-4.19.0-1.el7_5.x86_64.rpm -# nss-3.36.0-7.el7_5.x86_64.rpm provided by mock -nss-devel-3.36.0-7.el7_5.x86_64.rpm +# nspr-4.25.0-2.el7_9.x86_64.rpm provided by mock +nspr-devel-4.25.0-2.el7_9.x86_64.rpm +# nss-3.53.1-3.el7_9.x86_64.rpm provided by mock +nss-devel-3.53.1-3.el7_9.x86_64.rpm # nss-pem-1.0.3-5.el7.x86_64.rpm provided by mock -# nss-sysinit-3.36.0-7.el7_5.x86_64.rpm provided by mock -# nss-tools-3.36.0-7.el7_5.x86_64.rpm provided by mock -# nss-util-3.36.0-1.el7_5.x86_64.rpm provided by mock -nss-util-devel-3.36.0-1.el7_5.x86_64.rpm +# nss-sysinit-3.53.1-3.el7_9.x86_64.rpm provided by mock +# nss-tools-3.53.1-3.el7_9.x86_64.rpm provided by mock +# nss-util-3.53.1-1.el7_9.x86_64.rpm provided by mock +nss-util-devel-3.53.1-1.el7_9.x86_64.rpm numactl-devel-2.0.9-7.el7.x86_64.rpm numactl-libs-2.0.9-7.el7.x86_64.rpm nvme-cli-1.8.1-3.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst b/centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst index 58cd3e09..8aba971c 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst @@ -50,10 +50,10 @@ mesa-libglapi-18.0.5-3.el7.x86_64.rpm mesa-libGL-devel-18.0.5-3.el7.x86_64.rpm NetworkManager-glib-1.12.0-8.el7_6.x86_64.rpm NetworkManager-glib-devel-1.12.0-8.el7_6.x86_64.rpm -# nss-softokn-3.36.0-5.el7_5.x86_64.rpm provided by mock -nss-softokn-devel-3.36.0-5.el7_5.x86_64.rpm -# nss-softokn-freebl-3.36.0-5.el7_5.x86_64.rpm provided by mock -nss-softokn-freebl-devel-3.36.0-5.el7_5.x86_64.rpm +# nss-softokn-3.53.1-6.el7_9.x86_64.rpm provided by mock +nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm +# nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm provided by mock +nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm # openldap-2.4.44-20.el7.x86_64.rpm provided by mock policycoreutils-2.5-29.el7.x86_64.rpm policycoreutils-devel-2.5-29.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 8a040dc8..a896d570 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -594,15 +594,15 @@ ndctl-libs-65-5.el7.x86_64.rpm nfs-utils-1.3.0-0.61.el7.x86_64.rpm nmap-ncat-6.40-16.el7.x86_64.rpm nscd-2.17-260.el7.x86_64.rpm -# nspr-4.19.0-1.el7_5.x86_64.rpm provided by mock -# nss-3.36.0-7.el7_5.x86_64.rpm provided by mock +# nspr-4.25.0-2.el7_9.x86_64.rpm provided by mock +# nss-3.53.1-3.el7_9.x86_64.rpm provided by mock nss_compat_ossl-0.9.6-8.el7.x86_64.rpm nss-pam-ldapd-0.8.13-16.el7.x86_64.rpm # nss-pem-1.0.3-5.el7.x86_64.rpm provided by mock -# nss-sysinit-3.36.0-7.el7_5.x86_64.rpm provided by mock -# nss-tools-3.36.0-7.el7_5.x86_64.rpm provided by mock -# nss-util-3.36.0-1.el7_5.x86_64.rpm provided by mock -nss-util-devel-3.36.0-1.el7_5.x86_64.rpm +# nss-sysinit-3.53.1-3.el7_9.x86_64.rpm provided by mock +# nss-tools-3.53.1-3.el7_9.x86_64.rpm provided by mock +# nss-util-3.53.1-1.el7_9.x86_64.rpm provided by mock +nss-util-devel-3.53.1-1.el7_9.x86_64.rpm numactl-devel-2.0.9-7.el7.x86_64.rpm numactl-libs-2.0.9-7.el7.x86_64.rpm nvme-cli-1.8.1-3.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst b/centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst index f33e20b2..28280fab 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst @@ -44,10 +44,10 @@ libtevent-0.9.39-1.el7.x86_64.rpm libwbclient-4.10.16-5.el7.x86_64.rpm lvm2-2.02.177-4.el7.x86_64.rpm lvm2-libs-2.02.177-4.el7.x86_64.rpm -# nss-softokn-3.36.0-5.el7_5.x86_64.rpm provided by mock -nss-softokn-devel-3.36.0-5.el7_5.x86_64.rpm -# nss-softokn-freebl-3.36.0-5.el7_5.x86_64.rpm provided by mock -nss-softokn-freebl-devel-3.36.0-5.el7_5.x86_64.rpm +# nss-softokn-3.53.1-6.el7_9.x86_64.rpm provided by mock +nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm +# nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm provided by mock +nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm ntfs-3g-2017.3.23-11.el7.x86_64.rpm ntfs-3g-devel-2017.3.23-11.el7.x86_64.rpm ntfsprogs-2017.3.23-11.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/mock/rpms_centos.lst b/centos-mirror-tools/config/centos/mock/rpms_centos.lst index e8397e70..5961163b 100644 --- a/centos-mirror-tools/config/centos/mock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/mock/rpms_centos.lst @@ -95,12 +95,12 @@ mpfr-3.1.1-4.el7.x86_64.rpm ncurses-5.9-14.20130511.el7_4.x86_64.rpm ncurses-base-5.9-14.20130511.el7_4.noarch.rpm ncurses-libs-5.9-14.20130511.el7_4.x86_64.rpm -nspr-4.19.0-1.el7_5.x86_64.rpm -nss-3.36.0-7.el7_5.x86_64.rpm +nspr-4.25.0-2.el7_9.x86_64.rpm +nss-3.53.1-3.el7_9.x86_64.rpm nss-pem-1.0.3-5.el7.x86_64.rpm -nss-sysinit-3.36.0-7.el7_5.x86_64.rpm -nss-tools-3.36.0-7.el7_5.x86_64.rpm -nss-util-3.36.0-1.el7_5.x86_64.rpm +nss-sysinit-3.53.1-3.el7_9.x86_64.rpm +nss-tools-3.53.1-3.el7_9.x86_64.rpm +nss-util-3.53.1-1.el7_9.x86_64.rpm openldap-2.4.44-20.el7.x86_64.rpm openssl-libs-1.0.2k-16.el7.x86_64.rpm p11-kit-0.23.5-3.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/mock/rpms_centos3rdparties.lst b/centos-mirror-tools/config/centos/mock/rpms_centos3rdparties.lst index fb95aa42..2ee23a56 100644 --- a/centos-mirror-tools/config/centos/mock/rpms_centos3rdparties.lst +++ b/centos-mirror-tools/config/centos/mock/rpms_centos3rdparties.lst @@ -9,8 +9,8 @@ ima-evm-utils-1.1-2.el7.x86_64.rpm libblkid-2.23.2-59.el7.x86_64.rpm libcom_err-1.42.9-13.el7.x86_64.rpm libsemanage-2.5-14.el7.x86_64.rpm -nss-softokn-3.36.0-5.el7_5.x86_64.rpm -nss-softokn-freebl-3.36.0-5.el7_5.x86_64.rpm +nss-softokn-3.53.1-6.el7_9.x86_64.rpm +nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm systemd-219-67.el7.x86_64.rpm systemd-devel-219-67.el7.x86_64.rpm systemd-libs-219-67.el7.x86_64.rpm From 8be170ef575984b45d8822a89c0d645b6b4ec267 Mon Sep 17 00:00:00 2001 From: Sanjay K Mukherjee Date: Thu, 18 Jun 2020 17:20:15 -0400 Subject: [PATCH 37/54] cve_policy_filter.py supports CVSSV2 and CVSSV3 vulnerability report generation Added new files for CVSSv3 scan report generation Added new files: new file: cve_policy_filter.py new file: template_v3.txt Change-Id: I93978825f973435eb34a0c8e6b3d18e1ac580595 Signed-off-by: Sanjay K Mukherjee --- cve_support/cve_policy_filter.py | 246 ++++++++++++++++++++++--------- cve_support/template_v3.txt | 127 ++++++++++++++++ 2 files changed, 303 insertions(+), 70 deletions(-) create mode 100644 cve_support/template_v3.txt diff --git a/cve_support/cve_policy_filter.py b/cve_support/cve_policy_filter.py index dff356d2..1fc246f0 100644 --- a/cve_support/cve_policy_filter.py +++ b/cve_support/cve_policy_filter.py @@ -14,6 +14,16 @@ import sys import os from lp import find_lp_assigned +cves_valid = [] +cves_to_fix = [] +cves_to_fix_lp = [] +cves_to_track = [] +cves_w_errors = [] +cves_wont_fix = [] +cves_to_omit = [] +cves_report = {} + + def print_html_report(cves_report, title): """ Print the html report @@ -22,9 +32,14 @@ def print_html_report(cves_report, title): template_loader = jinja2.FileSystemLoader(searchpath="./") template_env = jinja2.Environment(loader=template_loader) - template_file = "template.txt" + if CVSS_VER == "cvssv3": + template_file = "template_v3.txt" + heads = ["cve_id", "status", "cvss3Score", "av", "ac", "ui","a"] + else: + template_file = "template.txt" + heads = ["cve_id", "status", "cvss2Score", "av", "ac", "au", "ai"] + template = template_env.get_template(template_file) - heads = ["cve_id", "status", "cvss2Score", "av", "ac", "au", "ai"] output_text = template.render(cves_to_fix=cves_report["cves_to_fix"],\ cves_to_fix_lp=cves_report["cves_to_fix_lp"],\ cves_to_track=cves_report["cves_to_track"],\ @@ -49,10 +64,16 @@ def print_report(cves_report, title): print("\n") print(cve["id"]) print("status : " + cve["status"]) - print("cvss2Score : " + str(cve["cvss2Score"])) + if CVSS_VER == "cvssv3": + print("cvss3Score : " + str(cve["cvss3Score"])) + else: + print("cvss2Score : " + str(cve["cvss2Score"])) print("Attack Vector: " + cve["av"]) print("Access Complexity : " + cve["ac"]) - print("Authentication: " + cve["au"]) + if CVSS_VER == "cvssv3": + print("User Interaction: " + cve["ui"]) + else: + print("Authentication: " + cve["au"]) print("Availability Impact :" + cve["ai"]) print("Affected packages:") print(cve["affectedpackages"]) @@ -88,8 +109,12 @@ def print_report(cves_report, title): print(cve_line) - print("\nERROR: CVEs that have no cvss2Score or cvss2Vector: %d \n" \ - % (len(cves_report["cves_w_errors"]))) + if CVSS_VER == "cvssv3": + print("\nERROR: CVEs that have no cvss3Score or cvss3Vector: %d \n" \ + % (len(cves_report["cves_w_errors"]))) + else: + print("\nERROR: CVEs that have no cvss2Score or cvss2Vector: %d \n" \ + % (len(cves_report["cves_w_errors"]))) for cve in cves_report["cves_w_errors"]: print(cve) @@ -130,49 +155,112 @@ def get_affectedpackages(data, cve_id): allfixed = "unfixed" return affectedpackages_list, allfixed -def main(): +def update_report(): + cves_report["cves_to_fix"] = cves_to_fix + cves_report["cves_to_fix_lp"] = cves_to_fix_lp + cves_report["cves_to_track"] = cves_to_track + cves_report["cves_w_errors"] = cves_w_errors + cves_report["cves_wont_fix"] = cves_wont_fix + cves_report["cves_to_omit"] = cves_to_omit + +def cvssv3_pb_alg(): """ - main function - Rules to consider a CVE valid for STX from: - https://wiki.openstack.org/wiki/StarlingX/Security/CVE_Support_Policy + Patchback algo for CVSSV3 report """ - data = {} - cves = [] - cves_valid = [] - cves_to_fix = [] - cves_to_fix_lp = [] - cves_to_track = [] - cves_w_errors = [] - cves_wont_fix = [] - cves_to_omit = [] - cves_report = {} + for cve in cves_valid: + if (cve["cvss3Score"] >= 7.8 + and cve["av"] == "N" + and cve["ac"] == "L" + and cve["ui"] == "R" + and cve["ai"] != "N"): + if cve["status"] == "fixed": + bug = find_lp_assigned(cve["id"]) + if (bug): + print(bug["status"]) + if (bug["status"] == "Invalid" or bug["status"] == "Won't Fix"): + cves_wont_fix.append(cve) + else: + cves_to_fix_lp.append(cve) + else: + cves_to_fix.append(cve) + else: + cves_to_track.append(cve) + else: + cves_to_omit.append(cve) - if len(sys.argv) < 3: - print("\nERROR : Missing arguments, the expected arguments are:") - print("\n %s \n" % (sys.argv[0])) - print("\n result.json = json file generated from: vuls report -format-json") - print("\n") - sys.exit(0) + update_report() - if os.path.isfile(sys.argv[1]): - results_json = sys.argv[1] - else: - print("%s is not a file" % sys.argv[1]) - sys.exit(0) - title = sys.argv[2] +def cvssv2_pb_alg(): + """ + Patchback algo for CVSSV2 report + """ + for cve in cves_valid: + if (cve["cvss2Score"] >= 7.0 + and cve["av"] == "N" + and cve["ac"] == "L" + and ("N" in cve["au"] or "S" in cve["au"]) + and ("P" in cve["ai"] or "C" in cve["ai"])): + if cve["status"] == "fixed": + bug = find_lp_assigned(cve["id"]) + if (bug): + print(bug["status"]) + if (bug["status"] == "Invalid" or bug["status"] == "Won't Fix"): + cves_wont_fix.append(cve) + else: + cves_to_fix_lp.append(cve) + else: + cves_to_fix.append(cve) + else: + cves_to_track.append(cve) + else: + cves_to_omit.append(cve) - try: - with open(results_json) as json_file: - data = json.load(json_file) - except ValueError as error: - print(error) + update_report() - for element in data["scannedCves"]: - cve = {} - cve["id"] = str(element.strip()) - cves.append(cve) +def cvssv3_parse_n_report(cves,title,data): + """ + Parse and generate report for CVSSV3 + """ + for cve in cves: + cve_id = cve["id"] + affectedpackages_list = [] + allfixed = "fixed" + try: + nvd2_score = data["scannedCves"][cve_id]["cveContents"]["nvd"]["cvss3Score"] + cvss3vector = data["scannedCves"][cve_id]["cveContents"]["nvd"]["cvss3Vector"] + except KeyError: + cves_w_errors.append(cve) + else: + cve["cvss3Score"] = nvd2_score + for element in cvss3vector.split("/"): + if "AV:" in element: + _av = element.split(":")[1] + if "AC:" in element: + _ac = element.split(":")[1] + if "A:" in element: + _ai = element.split(":")[1] + if "UI:" in element: + _ui = element.split(":")[1] + print(cve) + cve["av"] = str(_av) + cve["ac"] = str(_ac) + cve["ai"] = str(_ai) + cve["ui"] = str(_ui) + cve["summary"] = get_summary(data, cve_id) + cve["sourcelink"] = get_source_link(data, cve_id) + affectedpackages_list, allfixed = get_affectedpackages(data, cve_id) + cve["affectedpackages"] = affectedpackages_list + cve["status"] = allfixed + cves_valid.append(cve) + cvssv3_pb_alg() + print_report(cves_report, title) + print_html_report(cves_report, title) +def cvssv2_parse_n_report(cves,title,data): + """ + Parse and generate report for CVSSV2 + """ for cve in cves: cve_id = cve["id"] affectedpackages_list = [] @@ -203,37 +291,55 @@ def main(): cve["affectedpackages"] = affectedpackages_list cve["status"] = allfixed cves_valid.append(cve) - - for cve in cves_valid: - if (cve["cvss2Score"] >= 7.0 - and cve["av"] == "N" - and cve["ac"] == "L" - and ("N" in cve["au"] or "S" in cve["au"]) - and ("P" in cve["ai"] or "C" in cve["ai"])): - if cve["status"] == "fixed": - bug = find_lp_assigned(cve["id"]) - if (bug): - print(bug["status"]) - if (bug["status"] == "Invalid" or bug["status"] == "Won't Fix"): - cves_wont_fix.append(cve) - else: - cves_to_fix_lp.append(cve) - else: - cves_to_fix.append(cve) - else: - cves_to_track.append(cve) - else: - cves_to_omit.append(cve) - - cves_report["cves_to_fix"] = cves_to_fix - cves_report["cves_to_fix_lp"] = cves_to_fix_lp - cves_report["cves_to_track"] = cves_to_track - cves_report["cves_w_errors"] = cves_w_errors - cves_report["cves_wont_fix"] = cves_wont_fix - cves_report["cves_to_omit"] = cves_to_omit - + cvssv2_pb_alg() print_report(cves_report, title) print_html_report(cves_report, title) +def main(): + """ + main function + Rules to consider a CVE valid for STX from: + https://wiki.openstack.org/wiki/StarlingX/Security/CVE_Support_Policy + """ + data = {} + cves = [] + + + if len(sys.argv) < 4: + print("\nERROR : Missing arguments, the expected arguments are:") + print("\n %s <result.json> <title> [cvssv3|cvssv2]\n" % (sys.argv[0])) + print("\n result.json = json file generated from: vuls report -format-json") + print("\n") + sys.exit(0) + + if os.path.isfile(sys.argv[1]): + results_json = sys.argv[1] + else: + print("%s is not a file" % sys.argv[1]) + sys.exit(0) + + title = sys.argv[2] + + try: + with open(results_json) as json_file: + data = json.load(json_file) + except ValueError as error: + print(error) + + for element in data["scannedCves"]: + cve = {} + cve["id"] = str(element.strip()) + cves.append(cve) + global CVSS_VER + CVSS_VER=sys.argv[3].lower() + if CVSS_VER =="cvssv3": + cvssv3_parse_n_report(cves,title,data) + elif CVSS_VER == "cvssv2": + cvssv2_parse_n_report(cves,title,data) + else: + print("\n argument not matching \n enter [cvssv3|cvssv2] ") + sys.exit(0) + + if __name__ == "__main__": main() diff --git a/cve_support/template_v3.txt b/cve_support/template_v3.txt new file mode 100644 index 00000000..a666c9ba --- /dev/null +++ b/cve_support/template_v3.txt @@ -0,0 +1,127 @@ +<head></head> +<body> + <h1>Security report from vuls scan from {{title}}</h1> + <h2>CVEs to fix w/o a launchpad assigned: {{cves_to_fix | length}}</h2> + <table> + {% if cves_to_fix|length >= 1 %} + <tr> + {% for head in heads %} + <th>{{head}}</th> + {% endfor %} + </tr> + + {% for cve in cves_to_fix %} + <tr> + <td>{{cve["id"]}}</td> + <td>{{cve["status"]}}</td> + <td>{{cve["cvss3Score"]}}</td> + <td>{{cve["av"]}}</td> + <td>{{cve["ac"]}}</td> + <td>{{cve["ui"]}}</td> + <td>{{cve["ai"]}}</td> + </tr> + {% endfor %} + {% endif %} + </table> + <h2>CVEs to fix w/ a launchpad assigend: {{cves_to_fix_lp | length}}</h2> + <table> + {% if cves_to_fix_lp|length >= 1 %} + <tr> + {% for head in heads %} + <th>{{head}}</th> + {% endfor %} + </tr> + + {% for cve in cves_to_fix_lp %} + <tr> + <td>{{cve["id"]}}</td> + <td>{{cve["status"]}}</td> + <td>{{cve["cvss3Score"]}}</td> + <td>{{cve["av"]}}</td> + <td>{{cve["ac"]}}</td> + <td>{{cve["ui"]}}</td> + <td>{{cve["ai"]}}</td> + </tr> + {% endfor %} + {% endif %} + </table> + <h2> CVEs to track for incoming fix: {{cves_to_track | length}}</h2> + <table> + {% if cves_to_track|length >= 1 %} + <tr> + {% for head in heads %} + <th>{{head}}</th> + {% endfor %} + </tr> + + {% for cve in cves_to_track %} + <tr> + <td>{{cve["id"]}}</td> + <td>{{cve["status"]}}</td> + <td>{{cve["cvss3Score"]}}</td> + <td>{{cve["av"]}}</td> + <td>{{cve["ac"]}}</td> + <td>{{cve["ui"]}}</td> + <td>{{cve["ai"]}}</td> + </tr> + {% endfor %} + {% endif %} + </table> + <h2> CVEs that are Invalid or Won't Fix: {{cves_wont_fix | length}}</h2> + <table> + {% if cves_wont_fix|length >= 1 %} + <tr> + {% for head in heads %} + <th>{{head}}</th> + {% endfor %} + </tr> + + {% for cve in cves_wont_fix %} + <tr> + <td>{{cve["id"]}}</td> + <td>{{cve["status"]}}</td> + <td>{{cve["cvss3Score"]}}</td> + <td>{{cve["av"]}}</td> + <td>{{cve["ac"]}}</td> + <td>{{cve["ui"]}}</td> + <td>{{cve["ai"]}}</td> + </tr> + {% endfor %} + {% endif %} + </table> + + <h2> CVEs to omit: {{cves_to_omit | length}}</h2> + <table> + {% if cves_to_omit|length >= 1 %} + <tr> + {% for head in heads %} + <th>{{head}}</th> + {% endfor %} + </tr> + + {% for cve in cves_to_omit %} + <tr> + <td>{{cve["id"]}}</td> + <td>{{cve["status"]}}</td> + <td>{{cve["cvss3Score"]}}</td> + <td>{{cve["av"]}}</td> + <td>{{cve["ac"]}}</td> + <td>{{cve["ui"]}}</td> + <td>{{cve["ai"]}}</td> + </tr> + {% endfor %} + {% endif %} + </table> + + <h2>ERROR: CVEs that have no cvss3Score or cvss2Vector:{{cves_w_errors | length}}</h2> + <table> + {% if cves_w_errors|length >= 1 %} + {% for cve in cves_w_errors %} + <tr> + <td>{{cve["id"]}}</td> + <td>{{cve["status"]}}</td> + </tr> + {% endfor %} + {% endif %} + </table> +</body> From d427e90a1c33fb3355c08614d3661b4519f35654 Mon Sep 17 00:00:00 2001 From: Zhixiong Chi <zhixiong.chi@windriver.com> Date: Wed, 10 Feb 2021 21:27:17 -0500 Subject: [PATCH 38/54] Revert "Add the bind-export packages for dhcp CVE issue" This reverts commit 97c63675dab3957bcaff3718e8606ee13096f93e. Since we revert the dhcp new version in integ layer, so we also revert this dependence. Closes-Bug: #1915050 Depends-On: https://review.opendev.org/c/starlingx/integ/+/775056 Change-Id: Id7e9a42703cf1c14e04bbf1c1db931f4f05d7840 Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> --- centos-mirror-tools/config/centos/distro/rpms_centos.lst | 2 -- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 2 -- 2 files changed, 4 deletions(-) diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index 13ee8e08..25d13c51 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -29,8 +29,6 @@ bind-libs-lite-9.9.4-72.el7.x86_64.rpm bind-license-9.9.4-72.el7.noarch.rpm bind-lite-devel-9.9.4-72.el7.x86_64.rpm bind-utils-9.9.4-72.el7.x86_64.rpm -bind-export-libs-9.11.4-26.P2.el7.x86_64.rpm -bind-export-devel-9.11.4-26.P2.el7.x86_64.rpm # binutils-2.27-41.base.el7.x86_64.rpm provided by mock binutils-devel-2.27-41.base.el7.x86_64.rpm bison-3.0.4-2.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 34036dd4..208227af 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -47,8 +47,6 @@ bind-libs-9.9.4-72.el7.x86_64.rpm bind-libs-lite-9.9.4-72.el7.x86_64.rpm bind-license-9.9.4-72.el7.noarch.rpm bind-utils-9.9.4-72.el7.x86_64.rpm -bind-export-libs-9.11.4-26.P2.el7.x86_64.rpm -bind-export-devel-9.11.4-26.P2.el7.x86_64.rpm # binutils-2.27-34.base.el7.x86_64.rpm provided by mock biosdevname-0.7.3-1.el7.x86_64.rpm bitmap-console-fonts-0.3-21.el7.noarch.rpm From 4665c2250dbb1691105a00482ed841f0237bbf94 Mon Sep 17 00:00:00 2001 From: Li Zhou <li.zhou@windriver.com> Date: Tue, 26 Jan 2021 19:35:23 -0800 Subject: [PATCH 39/54] python: fix CVE-2019-9636 CVE-2019-10160 CVE-2019-9948 CVE-2019-16056 in rpm list Python is upgraded to version 2.7.5-89 in srpm build to fix above CVEs. Update below packages for the updated depencies of python upgrading: python2-rpm-macros-3-34.el7.noarch.rpm python-rpm-macros-3-34.el7.noarch.rpm python-srpm-macros-3-34.el7.noarch.rpm Update below packages to below versions too in rpm list: python-2.7.5-89.el7.x86_64.rpm python-devel-2.7.5-89.el7.x86_64.rpm python-libs-2.7.5-89.el7.x86_64.rpm This commit need work together with the commit <python: fix CVE-2019-9636 CVE-2019-10160 CVE-2019-9948 CVE-2019-16056 in srpm build> for repository starlingx/compile. Story: 2008532 Task: 41665 Signed-off-by: Li Zhou <li.zhou@windriver.com> Change-Id: I280cbc0408b41008ec2e07f2453d20fd6226c54a --- .../config/centos/compiler/rpms_centos.lst | 6 +++--- .../config/centos/flock/rpms_centos.lst | 6 +++--- .../config/centos/mock/rpms_centos.lst | 12 ++++++------ 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst index 77de59f8..08d8652e 100644 --- a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst @@ -246,9 +246,9 @@ python3-pip-9.0.3-5.el7.noarch.rpm python3-rpm-generators-6-2.el7.noarch.rpm python3-rpm-macros-3-32.el7.noarch.rpm python3-setuptools-39.2.0-10.el7.noarch.rpm -python-2.7.5-76.el7.x86_64.rpm -python-devel-2.7.5-76.el7.x86_64.rpm -python-libs-2.7.5-76.el7.x86_64.rpm +python-2.7.5-89.el7.x86_64.rpm +python-devel-2.7.5-89.el7.x86_64.rpm +python-libs-2.7.5-89.el7.x86_64.rpm # qrencode-libs-3.4.1-3.el7.x86_64.rpm provided by mock # readline-6.2-10.el7.x86_64.rpm provided by mock readline-devel-6.2-10.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 208227af..4db467ba 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -904,7 +904,7 @@ python2-requests-oauthlib-0.8.0-5.el7.noarch.rpm python2-retryz-0.1.8-1.el7.noarch.rpm python2-rfc3986-1.2.0-1.el7.noarch.rpm python2-rjsmin-1.0.12-2.el7.x86_64.rpm -# python2-rpm-macros-3-25.el7.noarch.rpm provided by mock +# python2-rpm-macros-3-34.el7.noarch.rpm provided by mock python2-rsa-3.4.1-1.el7.noarch.rpm python2-ruamel-ordereddict-0.4.9-3.el7.x86_64.rpm python2-ruamel-yaml-0.13.14-2.el7.x86_64.rpm @@ -1095,7 +1095,7 @@ python-repoze-lru-0.4-3.el7.noarch.rpm python-repoze-who-2.1-1.el7.noarch.rpm python-retrying-1.2.3-4.el7.noarch.rpm python-routes-2.4.1-1.el7.noarch.rpm -# python-rpm-macros-3-25.el7.noarch.rpm provided by mock +# python-rpm-macros-3-34.el7.noarch.rpm provided by mock python-rtslib-2.1.fb63-13.el7.noarch.rpm python-s3transfer-0.1.13-1.el7.noarch.rpm python-schedutils-0.4-6.el7.x86_64.rpm @@ -1108,7 +1108,7 @@ python-slip-dbus-0.4.0-4.el7.noarch.rpm python-sphinx-locale-1.6.2-3.el7.noarch.rpm python-sqlalchemy-utils-0.31.3-2.el7.noarch.rpm python-sqlparse-0.1.18-5.el7.noarch.rpm -# python-srpm-macros-3-25.el7.noarch.rpm provided by mock +# python-srpm-macros-3-34.el7.noarch.rpm provided by mock python-subprocess32-3.2.6-4.el7.x86_64.rpm python-subunit-1.0.0-1.el7.noarch.rpm python-swift-2.15.1-1.el7.noarch.rpm diff --git a/centos-mirror-tools/config/centos/mock/rpms_centos.lst b/centos-mirror-tools/config/centos/mock/rpms_centos.lst index 8590d4da..1e7c3db5 100644 --- a/centos-mirror-tools/config/centos/mock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/mock/rpms_centos.lst @@ -145,14 +145,14 @@ procps-ng-3.3.10-28.el7.x86_64.rpm pth-2.0.7-23.el7.x86_64.rpm pygpgme-0.3-9.el7.x86_64.rpm pyliblzma-0.5.3-11.el7.x86_64.rpm -# python-2.7.5-76.el7.x86_64.rpm -# python-devel-2.7.5-76.el7.x86_64.rpm -python2-rpm-macros-3-25.el7.noarch.rpm +# python-2.7.5-89.el7.x86_64.rpm +# python-devel-2.7.5-89.el7.x86_64.rpm +python2-rpm-macros-3-34.el7.noarch.rpm python-iniparse-0.4-9.el7.noarch.rpm -# python-libs-2.7.5-76.el7.x86_64.rpm +# python-libs-2.7.5-89.el7.x86_64.rpm python-pycurl-7.19.0-19.el7.x86_64.rpm -python-rpm-macros-3-25.el7.noarch.rpm -python-srpm-macros-3-25.el7.noarch.rpm +python-rpm-macros-3-34.el7.noarch.rpm +python-srpm-macros-3-34.el7.noarch.rpm python-urlgrabber-3.10-9.el7.noarch.rpm pyxattr-0.5.1-5.el7.x86_64.rpm qrencode-libs-3.4.1-3.el7.x86_64.rpm From 9c01064e16700bb253c1f1607bfb7c75b2571745 Mon Sep 17 00:00:00 2001 From: Li Zhou <li.zhou@windriver.com> Date: Tue, 26 Jan 2021 07:46:07 +0000 Subject: [PATCH 40/54] openssh: fix CVE-2018-15473 from repo list Update below packages to: openssh-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm Story: 2008532 Task: 41668 Signed-off-by: Li Zhou <li.zhou@windriver.com> Change-Id: I6876364bd86e520ccf49d3de2ef342b162247d8f --- centos-mirror-tools/config/centos/compiler/rpms_centos.lst | 4 ++-- centos-mirror-tools/config/centos/distro/rpms_centos.lst | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst index 77de59f8..1a6859a9 100644 --- a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst @@ -187,8 +187,8 @@ nss-devel-3.53.1-3.el7_9.x86_64.rpm # nss-tools-3.53.1-3.el7_9.x86_64.rpm provided by mock # nss-util-3.53.1-1.el7_9.x86_64.rpm provided by mock nss-util-devel-3.53.1-1.el7_9.x86_64.rpm -openssh-7.4p1-16.el7.x86_64.rpm -openssh-clients-7.4p1-16.el7.x86_64.rpm +openssh-7.4p1-21.el7.x86_64.rpm +openssh-clients-7.4p1-21.el7.x86_64.rpm openssl-devel-1.0.2k-16.el7.x86_64.rpm # openssl-libs-1.0.2k-16.el7.x86_64.rpm provided by mock # p11-kit-0.23.5-3.el7.x86_64.rpm provided by mock diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index 25d13c51..c3adb81b 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -570,8 +570,8 @@ openjpeg-libs-1.5.1-18.el7.x86_64.rpm openpgm-5.2.122-2.el7.x86_64.rpm opensc-0.16.0-10.20170227git777e2a3.el7.x86_64.rpm opensp-1.5.2-19.el7.x86_64.rpm -openssh-7.4p1-16.el7.x86_64.rpm -openssh-clients-7.4p1-16.el7.x86_64.rpm +openssh-7.4p1-21.el7.x86_64.rpm +openssh-clients-7.4p1-21.el7.x86_64.rpm openssl-1.0.2k-16.el7.x86_64.rpm openssl-devel-1.0.2k-16.el7.x86_64.rpm # openssl-libs-1.0.2k-16.el7.x86_64.rpm provided by mock From 5279d637150f8f8a1a8b4b64dc268f6549290b3f Mon Sep 17 00:00:00 2001 From: Zhixiong Chi <zhixiong.chi@windriver.com> Date: Fri, 22 Jan 2021 03:28:14 -0500 Subject: [PATCH 41/54] glibc: fix CVE-2016-10739 Upgrade the below packages to: glibc-2.17-317.el7.x86_64.rpm glibc-devel-2.17-317.el7.x86_64.rpm glibc-static-2.17-317.el7.x86_64.rpm glibc-common-2.17-317.el7.x86_64.rpm glibc-headers-2.17-317.el7.x86_64.rpm nscd-2.17-317.el7.x86_64.rpm Story: 2008532 Task: 41663 Change-Id: Ia589fdb5ae0208053b12eafd23ef8183664b92be Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> --- .../config/centos/compiler/rpms_centos.lst | 10 +++++----- .../config/centos/distro/rpms_centos.lst | 10 +++++----- .../config/centos/flock/rpms_centos.lst | 10 +++++----- centos-mirror-tools/config/centos/mock/rpms_centos.lst | 8 ++++---- 4 files changed, 19 insertions(+), 19 deletions(-) diff --git a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst index 77de59f8..ba0ca787 100644 --- a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst @@ -59,11 +59,11 @@ gettext-common-devel-0.19.8.1-3.el7.noarch.rpm gettext-devel-0.19.8.1-3.el7.x86_64.rpm gettext-libs-0.19.8.1-3.el7.x86_64.rpm git-1.8.3.1-20.el7.x86_64.rpm -# glibc-2.17-260.el7.x86_64.rpm provided by mock -# glibc-common-2.17-260.el7.x86_64.rpm provided by mock -# glibc-devel-2.17-260.el7.x86_64.rpm provided by mock -# glibc-headers-2.17-260.el7.x86_64.rpm provided by mock -glibc-static-2.17-260.el7.x86_64.rpm +# glibc-2.17-317.el7.x86_64.rpm provided by mock +# glibc-common-2.17-317.el7.x86_64.rpm provided by mock +# glibc-devel-2.17-317.el7.x86_64.rpm provided by mock +# glibc-headers-2.17-317.el7.x86_64.rpm provided by mock +glibc-static-2.17-317.el7.x86_64.rpm gl-manpages-1.1-7.20130122.el7.noarch.rpm # gmp-6.0.0-15.el7.x86_64.rpm provided by mock gmp-devel-6.0.0-15.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index 25d13c51..bc46e05e 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -230,11 +230,11 @@ giflib-4.1.6-9.el7.x86_64.rpm git-1.8.3.1-20.el7.x86_64.rpm glade-devel-3.20.0-1.el7.x86_64.rpm glade-libs-3.20.0-1.el7.x86_64.rpm -# glibc-2.17-260.el7.x86_64.rpm provided by mock -# glibc-common-2.17-260.el7.x86_64.rpm provided by mock -# glibc-devel-2.17-260.el7.x86_64.rpm provided by mock -# glibc-headers-2.17-260.el7.x86_64.rpm provided by mock -glibc-static-2.17-260.el7.x86_64.rpm +# glibc-2.17-317.el7.x86_64.rpm provided by mock +# glibc-common-2.17-317.el7.x86_64.rpm provided by mock +# glibc-devel-2.17-317.el7.x86_64.rpm provided by mock +# glibc-headers-2.17-317.el7.x86_64.rpm provided by mock +glibc-static-2.17-317.el7.x86_64.rpm glib-networking-2.56.1-1.el7.x86_64.rpm gl-manpages-1.1-7.20130122.el7.noarch.rpm glusterfs-5.2-1.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 208227af..cba13a71 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -214,10 +214,10 @@ geronimo-jms-1.1.1-19.el7.noarch.rpm gettext-0.19.8.1-3.el7.x86_64.rpm gettext-libs-0.19.8.1-3.el7.x86_64.rpm git-1.8.3.1-20.el7.x86_64.rpm -# glibc-2.17-260.el7.x86_64.rpm provided by mock -# glibc-common-2.17-260.el7.x86_64.rpm provided by mock -# glibc-devel-2.17-260.el7.x86_64.rpm provided by mock -# glibc-headers-2.17-260.el7.x86_64.rpm provided by mock +# glibc-2.17-317.el7.x86_64.rpm provided by mock +# glibc-common-2.17-317.el7.x86_64.rpm provided by mock +# glibc-devel-2.17-317.el7.x86_64.rpm provided by mock +# glibc-headers-2.17-317.el7.x86_64.rpm provided by mock glib-networking-2.56.1-1.el7.x86_64.rpm glusterfs-5.2-1.el7.x86_64.rpm glusterfs-api-5.2-1.el7.x86_64.rpm @@ -591,7 +591,7 @@ newt-python-0.52.15-4.el7.x86_64.rpm ndctl-libs-65-5.el7.x86_64.rpm nfs-utils-1.3.0-0.61.el7.x86_64.rpm nmap-ncat-6.40-16.el7.x86_64.rpm -nscd-2.17-260.el7.x86_64.rpm +nscd-2.17-317.el7.x86_64.rpm # nspr-4.25.0-2.el7_9.x86_64.rpm provided by mock # nss-3.53.1-3.el7_9.x86_64.rpm provided by mock nss_compat_ossl-0.9.6-8.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/mock/rpms_centos.lst b/centos-mirror-tools/config/centos/mock/rpms_centos.lst index 8590d4da..65f20bce 100644 --- a/centos-mirror-tools/config/centos/mock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/mock/rpms_centos.lst @@ -35,10 +35,10 @@ gcc-4.8.5-36.el7.x86_64.rpm gcc-c++-4.8.5-36.el7.x86_64.rpm gdb-7.6.1-114.el7.x86_64.rpm gdbm-1.10-8.el7.x86_64.rpm -glibc-2.17-260.el7.x86_64.rpm -glibc-common-2.17-260.el7.x86_64.rpm -glibc-devel-2.17-260.el7.x86_64.rpm -glibc-headers-2.17-260.el7.x86_64.rpm +glibc-2.17-317.el7.x86_64.rpm +glibc-common-2.17-317.el7.x86_64.rpm +glibc-devel-2.17-317.el7.x86_64.rpm +glibc-headers-2.17-317.el7.x86_64.rpm gmp-6.0.0-15.el7.x86_64.rpm gnupg2-2.0.22-5.el7_5.x86_64.rpm gpgme-1.3.2-5.el7.x86_64.rpm From 965746b9d4224b6a34c7a0ac3d026393abb57c4b Mon Sep 17 00:00:00 2001 From: Zhixiong Chi <zhixiong.chi@windriver.com> Date: Sun, 24 Jan 2021 20:55:34 -0500 Subject: [PATCH 42/54] bind: fix five CVE issues Upgrade to the below packages to fix the CVE issues: bind-libs-lite-9.11.4-26.P2.el7.x86_64.rpm bind-license-9.11.4-26.P2.el7.noarch.rpm bind-lite-devel-9.11.4-26.P2.el7.x86_64.rpm bind-utils-9.11.4-26.P2.el7.x86_64.rpm bind-libs-9.11.4-26.P2.el7.x86_64.rpm bind-export-libs-9.11.4-26.P2.el7.x86_64.rpm bind-export-devel-9.11.4-26.P2.el7.x86_64.rpm Meanwhile this patch need to be merged with the upgraded dhcp togother. CVE: CVE-2018-5741 CVE-2018-5742 CVE-2018-5743 CVE-2019-6477 CVE-2020-8617 Story: 2008532 Task: 41642 Change-Id: If3bbac8f7d992f6a1f8e2f4df88b563d58feeffc Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> --- .../config/centos/distro/rpms_centos.lst | 10 ++++++---- .../config/centos/flock/rpms_centos.lst | 10 ++++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index c3adb81b..4b231fd9 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -25,10 +25,12 @@ avahi-libs-0.6.31-20.el7.x86_64.rpm # basesystem-10.0-7.el7.centos.noarch.rpm provided by mock bash-completion-2.1-6.el7.noarch.rpm bc-1.06.95-13.el7.x86_64.rpm -bind-libs-lite-9.9.4-72.el7.x86_64.rpm -bind-license-9.9.4-72.el7.noarch.rpm -bind-lite-devel-9.9.4-72.el7.x86_64.rpm -bind-utils-9.9.4-72.el7.x86_64.rpm +bind-libs-lite-9.11.4-26.P2.el7.x86_64.rpm +bind-license-9.11.4-26.P2.el7.noarch.rpm +bind-lite-devel-9.11.4-26.P2.el7.x86_64.rpm +bind-utils-9.11.4-26.P2.el7.x86_64.rpm +bind-export-libs-9.11.4-26.P2.el7.x86_64.rpm +bind-export-devel-9.11.4-26.P2.el7.x86_64.rpm # binutils-2.27-41.base.el7.x86_64.rpm provided by mock binutils-devel-2.27-41.base.el7.x86_64.rpm bison-3.0.4-2.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 208227af..e9b71e2e 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -43,10 +43,12 @@ avalon-logkit-2.1-14.el7.noarch.rpm bash-completion-2.1-6.el7.noarch.rpm bc-1.06.95-13.el7.x86_64.rpm bcel-5.2-18.el7.noarch.rpm -bind-libs-9.9.4-72.el7.x86_64.rpm -bind-libs-lite-9.9.4-72.el7.x86_64.rpm -bind-license-9.9.4-72.el7.noarch.rpm -bind-utils-9.9.4-72.el7.x86_64.rpm +bind-libs-9.11.4-26.P2.el7.x86_64.rpm +bind-libs-lite-9.11.4-26.P2.el7.x86_64.rpm +bind-license-9.11.4-26.P2.el7.noarch.rpm +bind-utils-9.11.4-26.P2.el7.x86_64.rpm +bind-export-libs-9.11.4-26.P2.el7.x86_64.rpm +bind-export-devel-9.11.4-26.P2.el7.x86_64.rpm # binutils-2.27-34.base.el7.x86_64.rpm provided by mock biosdevname-0.7.3-1.el7.x86_64.rpm bitmap-console-fonts-0.3-21.el7.noarch.rpm From d968dcaec856a9dc9f8a65b1874ddeb78aad017d Mon Sep 17 00:00:00 2001 From: Scott Little <scott.little@windriver.com> Date: Fri, 5 Mar 2021 09:20:36 -0500 Subject: [PATCH 43/54] Add missing centos 7.9 rt source repo Signed-off-by: Scott Little <scott.little@windriver.com> Change-Id: I81b9127900a45be8bc4b47e2aca5cb1aa02c3d20 --- centos-mirror-tools/yum.repos.d/StarlingX-Centos-7.9.repo | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/centos-mirror-tools/yum.repos.d/StarlingX-Centos-7.9.repo b/centos-mirror-tools/yum.repos.d/StarlingX-Centos-7.9.repo index bf65e03a..8b230abd 100644 --- a/centos-mirror-tools/yum.repos.d/StarlingX-Centos-7.9.repo +++ b/centos-mirror-tools/yum.repos.d/StarlingX-Centos-7.9.repo @@ -86,6 +86,13 @@ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 enabled=1 +[StarlingX-C7.9.2009-rt-source] +name=StarlingX-CentOS-7.9.2009 - rt-source +baseurl=https://vault.centos.org/centos/7.9.2009/rt/Source/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 +enabled=1 + [StarlingX-C7.9.2009-rt] name=StarlingX-CentOS-7.9.2009 - rt baseurl=http://mirror.centos.org/centos/7.9.2009/rt/x86_64/ From ec5110928c5013177dc593d1df293a01ac033a0f Mon Sep 17 00:00:00 2001 From: Joe Slater <joe.slater@windriver.com> Date: Tue, 9 Mar 2021 13:08:35 -0500 Subject: [PATCH 44/54] perl: fix CVE-2020-10878 - integer overflow Update to perl-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm Closes-Bug: 1918154 Change-Id: I28bb5dd732209153080c93b3098397338d8552c3 Signed-off-by: Joe Slater <joe.slater@windriver.com> --- .../config/centos/compiler/rpms_centos.lst | 8 ++++---- .../config/centos/distro/rpms_centos.lst | 14 +++++++------- .../config/centos/flock/rpms_centos.lst | 12 ++++++------ .../config/centos/mock/rpms_centos.lst | 8 ++++---- 4 files changed, 21 insertions(+), 21 deletions(-) diff --git a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst index dce625b9..fb0f9c75 100644 --- a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst @@ -198,7 +198,7 @@ pakchois-0.4-10.el7.x86_64.rpm # pam-1.1.8-22.el7.x86_64.rpm provided by mock # pcre-8.32-17.el7.x86_64.rpm provided by mock pcre-devel-8.32-17.el7.x86_64.rpm -# perl-5.16.3-294.el7_6.x86_64.rpm provided by mock +# perl-5.16.3-299.el7_9.x86_64.rpm provided by mock # perl-Carp-1.26-244.el7.noarch.rpm provided by mock # perl-constant-1.27-2.el7.noarch.rpm provided by mock perl-Data-Dumper-2.145-3.el7.x86_64.rpm @@ -213,11 +213,11 @@ perl-Error-0.17020-2.el7.noarch.rpm perl-Git-1.8.3.1-20.el7.noarch.rpm # perl-HTTP-Tiny-0.033-3.el7.noarch.rpm provided by mock perl-libintl-1.20-12.el7.x86_64.rpm -# perl-libs-5.16.3-294.el7_6.x86_64.rpm provided by mock -# perl-macros-5.16.3-294.el7_6.x86_64.rpm provided by mock +# perl-libs-5.16.3-299.el7_9.x86_64.rpm provided by mock +# perl-macros-5.16.3-299.el7_9.x86_64.rpm provided by mock # perl-parent-0.225-244.el7.noarch.rpm provided by mock # perl-PathTools-3.40-5.el7.x86_64.rpm provided by mock -# perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm provided by mock +# perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm provided by mock # perl-podlators-2.5.1-3.el7.noarch.rpm provided by mock # perl-Pod-Perldoc-3.20-4.el7.noarch.rpm provided by mock # perl-Pod-Simple-3.28-4.el7.noarch.rpm provided by mock diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index f59dfcc4..9e04e55a 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -596,7 +596,7 @@ pcre-devel-8.32-17.el7.x86_64.rpm pcsc-lite-1.8.8-8.el7.x86_64.rpm pcsc-lite-ccid-1.4.10-14.el7.x86_64.rpm pcsc-lite-libs-1.8.8-8.el7.x86_64.rpm -# perl-5.16.3-294.el7_6.x86_64.rpm provided by mock +# perl-5.16.3-299.el7_9.x86_64.rpm provided by mock perl-Business-ISBN-2.06-2.el7.noarch.rpm perl-Business-ISBN-Data-20120719.001-2.el7.noarch.rpm # perl-Carp-1.26-244.el7.noarch.rpm provided by mock @@ -604,7 +604,7 @@ perl-Compress-Raw-Zlib-2.061-4.el7.x86_64.rpm perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64.rpm # perl-constant-1.27-2.el7.noarch.rpm provided by mock perl-Data-Dumper-2.145-3.el7.x86_64.rpm -perl-devel-5.16.3-294.el7_6.x86_64.rpm +perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-Digest-1.17-245.el7.noarch.rpm perl-Digest-MD5-2.52-3.el7.x86_64.rpm # perl-Encode-2.51-7.el7.x86_64.rpm provided by mock @@ -612,8 +612,8 @@ perl-Encode-Locale-1.03-5.el7.noarch.rpm perl-Env-1.04-2.el7.noarch.rpm perl-Error-0.17020-2.el7.noarch.rpm # perl-Exporter-5.68-3.el7.noarch.rpm provided by mock -perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm -perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm +perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm +perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-ExtUtils-MakeMaker-6.68-3.el7.noarch.rpm perl-ExtUtils-Manifest-1.61-244.el7.noarch.rpm perl-ExtUtils-ParseXS-3.18-3.el7.noarch.rpm @@ -631,12 +631,12 @@ perl-HTTP-Message-6.06-6.el7.noarch.rpm perl-IO-Compress-2.061-2.el7.noarch.rpm perl-IO-HTML-1.00-2.el7.noarch.rpm perl-libintl-1.20-12.el7.x86_64.rpm -# perl-libs-5.16.3-294.el7_6.x86_64.rpm provided by mock +# perl-libs-5.16.3-299.el7_9.x86_64.rpm provided by mock perl-LWP-MediaTypes-6.02-2.el7.noarch.rpm -# perl-macros-5.16.3-294.el7_6.x86_64.rpm provided by mock +# perl-macros-5.16.3-299.el7_9.x86_64.rpm provided by mock # perl-parent-0.225-244.el7.noarch.rpm provided by mock # perl-PathTools-3.40-5.el7.x86_64.rpm provided by mock -# perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm provided by mock +# perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm provided by mock # perl-podlators-2.5.1-3.el7.noarch.rpm provided by mock # perl-Pod-Perldoc-3.20-4.el7.noarch.rpm provided by mock # perl-Pod-Simple-3.28-4.el7.noarch.rpm provided by mock diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 85d21a1a..9b55dbf0 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -649,16 +649,16 @@ pciutils-3.5.1-3.el7.x86_64.rpm pciutils-libs-3.5.1-3.el7.x86_64.rpm # pcre-8.32-17.el7.x86_64.rpm provided by mock pcre-devel-8.32-17.el7.x86_64.rpm -# perl-5.16.3-294.el7_6.x86_64.rpm provided by mock +# perl-5.16.3-299.el7_9.x86_64.rpm provided by mock # perl-Carp-1.26-244.el7.noarch.rpm provided by mock # perl-constant-1.27-2.el7.noarch.rpm provided by mock perl-Data-Dumper-2.145-3.el7.x86_64.rpm -perl-devel-5.16.3-294.el7_6.x86_64.rpm +perl-devel-5.16.3-299.el7_9.x86_64.rpm # perl-Encode-2.51-7.el7.x86_64.rpm provided by mock perl-Encode-Locale-1.03-5.el7.noarch.rpm perl-Error-0.17020-2.el7.noarch.rpm # perl-Exporter-5.68-3.el7.noarch.rpm provided by mock -perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm +perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-ExtUtils-MakeMaker-6.68-3.el7.noarch.rpm perl-ExtUtils-Manifest-1.61-244.el7.noarch.rpm perl-ExtUtils-ParseXS-3.18-3.el7.noarch.rpm @@ -670,11 +670,11 @@ perl-generators-1.08-7.el7.noarch.rpm perl-Git-1.8.3.1-20.el7.noarch.rpm perl-hivex-1.3.10-6.9.el7.x86_64.rpm # perl-HTTP-Tiny-0.033-3.el7.noarch.rpm provided by mock -# perl-libs-5.16.3-294.el7_6.x86_64.rpm provided by mock -# perl-macros-5.16.3-294.el7_6.x86_64.rpm provided by mock +# perl-libs-5.16.3-299.el7_9.x86_64.rpm provided by mock +# perl-macros-5.16.3-299.el7_9.x86_64.rpm provided by mock # perl-parent-0.225-244.el7.noarch.rpm provided by mock # perl-PathTools-3.40-5.el7.x86_64.rpm provided by mock -# perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm provided by mock +# perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm provided by mock # perl-podlators-2.5.1-3.el7.noarch.rpm provided by mock # perl-Pod-Perldoc-3.20-4.el7.noarch.rpm provided by mock # perl-Pod-Simple-3.28-4.el7.noarch.rpm provided by mock diff --git a/centos-mirror-tools/config/centos/mock/rpms_centos.lst b/centos-mirror-tools/config/centos/mock/rpms_centos.lst index c495610e..4abea3f4 100644 --- a/centos-mirror-tools/config/centos/mock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/mock/rpms_centos.lst @@ -108,7 +108,7 @@ p11-kit-trust-0.23.5-3.el7.x86_64.rpm pam-1.1.8-22.el7.x86_64.rpm patch-2.7.1-10.el7_5.x86_64.rpm pcre-8.32-17.el7.x86_64.rpm -perl-5.16.3-294.el7_6.x86_64.rpm +perl-5.16.3-299.el7_9.x86_64.rpm perl-Carp-1.26-244.el7.noarch.rpm perl-constant-1.27-2.el7.noarch.rpm perl-Encode-2.51-7.el7.x86_64.rpm @@ -118,11 +118,11 @@ perl-File-Temp-0.23.01-3.el7.noarch.rpm perl-Filter-1.49-3.el7.x86_64.rpm perl-Getopt-Long-2.40-3.el7.noarch.rpm perl-HTTP-Tiny-0.033-3.el7.noarch.rpm -perl-libs-5.16.3-294.el7_6.x86_64.rpm -perl-macros-5.16.3-294.el7_6.x86_64.rpm +perl-libs-5.16.3-299.el7_9.x86_64.rpm +perl-macros-5.16.3-299.el7_9.x86_64.rpm perl-parent-0.225-244.el7.noarch.rpm perl-PathTools-3.40-5.el7.x86_64.rpm -perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm +perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm perl-podlators-2.5.1-3.el7.noarch.rpm perl-Pod-Perldoc-3.20-4.el7.noarch.rpm perl-Pod-Simple-3.28-4.el7.noarch.rpm From f1010717c7d09a4e55fceeface747f49fcb4f446 Mon Sep 17 00:00:00 2001 From: Scott Little <scott.little@windriver.com> Date: Fri, 5 Mar 2021 10:32:37 -0500 Subject: [PATCH 45/54] fix for tb.sh dies on rmdir /var/lib/mock tb.sh create might fail to create the builder docker image. Yum install of the mock package failed, but yum did not report the failure because other packages in the instalation set succeeded. A subsequent command in the dockerfile fails when it tries to remove/relocate /var/lib/mock, but failes because it is not present. The yum error reporting was corrected in a recent update. But this does not address cached copies of old and broken yum install steps that pre-date the fix. The mock package is paricularly sensitive as it has cengn as the only source, where as other packages have multiple sources. One option is to force docker to not use the cache at all, which is slow. The second option is to change the docker file, placing the yum command to install mock under a seperate docker RUN command. The altered build instructions ensure that the docker cache with the broken install can't be used. While we are at it, move the user/project customization steps as far down as possible to improve cache usage. This change implements both. Closes-Bug: 1917901 Signed-off-by: Scott Little <scott.little@windriver.com> Change-Id: I28041bb44af53384c00a750b7162c6c6808c4e2d --- Dockerfile | 123 ++++++++++++++++++++++++++++------------------------- tb.sh | 13 +++++- 2 files changed, 75 insertions(+), 61 deletions(-) diff --git a/Dockerfile b/Dockerfile index df4b420f..7d80671b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -59,10 +59,8 @@ RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY* && \ VOLUME /run /tmp # Download required dependencies by mirror/build processes. -RUN groupadd -g 751 cgts && \ - echo "mock:x:751:root" >> /etc/group && \ - echo "mockbuild:x:9001:" >> /etc/group && \ - yum install -y anaconda \ +RUN yum install -y \ + anaconda \ anaconda-runtime \ autoconf-archive \ autogen \ @@ -90,8 +88,6 @@ RUN groupadd -g 751 cgts && \ lighttpd-mod_geoip \ net-tools \ mkisofs \ - http://mirror.starlingx.cengn.ca/mirror/centos/epel/dl.fedoraproject.org/pub/epel/7/x86_64/Packages/m/mock-1.4.16-1.el7.noarch.rpm \ - http://mirror.starlingx.cengn.ca/mirror/centos/epel/dl.fedoraproject.org/pub/epel/7/x86_64/Packages/m/mock-core-configs-31.6-1.el7.noarch.rpm \ mongodb \ mongodb-server \ pax \ @@ -123,21 +119,26 @@ RUN groupadd -g 751 cgts && \ vim-enhanced \ wget -# This image requires a set of scripts and helpers -# for working correctly, in this section they are -# copied inside the image. -COPY toCOPY/finishSetup.sh /usr/local/bin -COPY toCOPY/populate_downloads.sh /usr/local/bin -COPY toCOPY/generate-local-repo.sh /usr/local/bin -COPY toCOPY/generate-centos-repo.sh /usr/local/bin -COPY toCOPY/lst_utils.sh /usr/local/bin -COPY toCOPY/.inputrc /home/$MYUNAME/ -COPY toCOPY/builder-constraints.txt /home/$MYUNAME/ +# Finally install a locked down version of mock +RUN groupadd -g 751 cgts && \ + echo "mock:x:751:root" >> /etc/group && \ + echo "mockbuild:x:9001:" >> /etc/group && \ + yum install -y \ + http://mirror.starlingx.cengn.ca/mirror/centos/epel/dl.fedoraproject.org/pub/epel/7/x86_64/Packages/m/mock-1.4.16-1.el7.noarch.rpm \ + http://mirror.starlingx.cengn.ca/mirror/centos/epel/dl.fedoraproject.org/pub/epel/7/x86_64/Packages/m/mock-core-configs-31.6-1.el7.noarch.rpm + +# mock custumizations +# forcing chroots since a couple of packages naughtily insist on network access and +# we dont have nspawn and networks happy together. +RUN useradd -s /sbin/nologin -u 9001 -g 9001 mockbuild && \ + rmdir /var/lib/mock && \ + ln -s /localdisk/loadbuild/mock /var/lib/mock && \ + rmdir /var/cache/mock && \ + ln -s /localdisk/loadbuild/mock-cache /var/cache/mock && \ + echo "config_opts['use_nspawn'] = False" >> /etc/mock/site-defaults.cfg && \ + echo "config_opts['rpmbuild_networking'] = True" >> /etc/mock/site-defaults.cfg && \ + echo >> /etc/mock/site-defaults.cfg -# Thes are included for backward compatibility, and -# should be removed after a reasonable time. -COPY toCOPY/generate-cgcs-tis-repo /usr/local/bin -COPY toCOPY/generate-cgcs-centos-repo.sh /usr/local/bin # cpan modules, installing with cpanminus to avoid stupid questions since cpan is whack RUN cpanm --notest Fatal && \ @@ -146,10 +147,6 @@ RUN cpanm --notest Fatal && \ cpanm --notest XML::Parser && \ cpanm --notest XML::Simple -# pip installs -RUN pip install -c /home/$MYUNAME/builder-constraints.txt python-subunit junitxml --upgrade && \ - pip install -c /home/$MYUNAME/builder-constraints.txt tox --upgrade - # Install repo tool RUN curl https://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo && \ chmod a+x /usr/local/bin/repo @@ -161,17 +158,34 @@ RUN yum install -y golang && \ mkdir -p ${GOPATH}/bin && \ curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh -# mock time -# forcing chroots since a couple of packages naughtily insist on network access and -# we dont have nspawn and networks happy together. -RUN useradd -s /sbin/nologin -u 9001 -g 9001 mockbuild && \ - rmdir /var/lib/mock && \ - ln -s /localdisk/loadbuild/mock /var/lib/mock && \ - rmdir /var/cache/mock && \ - ln -s /localdisk/loadbuild/mock-cache /var/cache/mock && \ - echo "config_opts['use_nspawn'] = False" >> /etc/mock/site-defaults.cfg && \ - echo "config_opts['rpmbuild_networking'] = True" >> /etc/mock/site-defaults.cfg && \ - echo >> /etc/mock/site-defaults.cfg +# Uprev git, git-review, repo +RUN yum install -y dh-autoreconf curl-devel expat-devel gettext-devel openssl-devel perl-devel zlib-devel asciidoc xmlto docbook2X && \ + cd /tmp && \ + wget https://github.com/git/git/archive/v2.29.2.tar.gz -O git-2.29.2.tar.gz && \ + tar xzvf git-2.29.2.tar.gz && \ + cd git-2.29.2 && \ + make configure && \ + ./configure --prefix=/usr/local && \ + make all doc && \ + make install install-doc && \ + cd /tmp && \ + rm -rf git-2.29.2.tar.gz git-2.29.2 && \ + pip install git-review --upgrade + +# Systemd Enablement +RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ + rm -f /lib/systemd/system/multi-user.target.wants/*;\ + rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/* + +# pip installs +COPY toCOPY/builder-constraints.txt /home/$MYUNAME/ +RUN pip install -c /home/$MYUNAME/builder-constraints.txt python-subunit junitxml --upgrade && \ + pip install -c /home/$MYUNAME/builder-constraints.txt tox --upgrade # Inherited tools for mock stuff # we at least need the mock_cache_unlock tool @@ -181,6 +195,21 @@ RUN cd /opt/mock_overlay && \ make && \ make install +# This image requires a set of scripts and helpers +# for working correctly, in this section they are +# copied inside the image. +COPY toCOPY/finishSetup.sh /usr/local/bin +COPY toCOPY/populate_downloads.sh /usr/local/bin +COPY toCOPY/generate-local-repo.sh /usr/local/bin +COPY toCOPY/generate-centos-repo.sh /usr/local/bin +COPY toCOPY/lst_utils.sh /usr/local/bin +COPY toCOPY/.inputrc /home/$MYUNAME/ + +# Thes are included for backward compatibility, and +# should be removed after a reasonable time. +COPY toCOPY/generate-cgcs-tis-repo /usr/local/bin +COPY toCOPY/generate-cgcs-centos-repo.sh /usr/local/bin + # ENV setup RUN echo "# Load stx-builder configuration" >> /etc/profile.d/stx-builder-conf.sh && \ echo "if [[ -r \${HOME}/buildrc ]]; then" >> /etc/profile.d/stx-builder-conf.sh && \ @@ -232,30 +261,6 @@ RUN echo "$MYUNAME ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers && \ sed -i "s/dir-listing.activate/#dir-listing.activate/g" /etc/lighttpd/conf.d/dirlisting.conf && \ echo "dir-listing.activate = \"enable\"" >> /etc/lighttpd/conf.d/dirlisting.conf -# Uprev git, git-review, repo -RUN yum install -y dh-autoreconf curl-devel expat-devel gettext-devel openssl-devel perl-devel zlib-devel asciidoc xmlto docbook2X && \ - cd /tmp && \ - wget https://github.com/git/git/archive/v2.29.2.tar.gz -O git-2.29.2.tar.gz && \ - tar xzvf git-2.29.2.tar.gz && \ - cd git-2.29.2 && \ - make configure && \ - ./configure --prefix=/usr/local && \ - make all doc && \ - make install install-doc && \ - cd /tmp && \ - rm -rf git-2.29.2.tar.gz git-2.29.2 && \ - pip install git-review --upgrade - -# Systemd Enablement -RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ - rm -f /lib/systemd/system/multi-user.target.wants/*;\ - rm -f /etc/systemd/system/*.wants/*;\ - rm -f /lib/systemd/system/local-fs.target.wants/*; \ - rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ - rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ - rm -f /lib/systemd/system/basic.target.wants/*;\ - rm -f /lib/systemd/system/anaconda.target.wants/* - RUN useradd -r -u $MYUID -g cgts -m $MYUNAME && \ ln -s /home/$MYUNAME/.ssh /mySSH && \ rsync -av /etc/skel/ /home/$MYUNAME/ diff --git a/tb.sh b/tb.sh index 151981cc..e1b86ef5 100755 --- a/tb.sh +++ b/tb.sh @@ -24,12 +24,17 @@ CMD=$1 TC_CONTAINER_NAME=${MYUNAME}-centos-builder TC_CONTAINER_TAG=local/${MYUNAME}-stx-builder:7.8 TC_DOCKERFILE=Dockerfile +NO_CACHE=0 function create_container { local EXTRA_ARGS="" if [ ! -z ${MY_EMAIL} ]; then - EXTRA_ARGS="--build-arg MY_EMAIL=${MY_EMAIL}" + EXTRA_ARGS+="--build-arg MY_EMAIL=${MY_EMAIL}" + fi + + if [ $NO_CACHE -eq 1 ]; then + EXTRA_ARGS+=" --no-cache" fi docker build \ @@ -87,7 +92,7 @@ function clean_container { } function usage { - echo "$0 [create|run|exec|env|stop|kill|clean]" + echo "$0 [create|create_no_cache|run|exec|env|stop|kill|clean]" } case $CMD in @@ -109,6 +114,10 @@ case $CMD in create) create_container ;; + create_no_cache) + NO_CACHE=1 + create_container + ;; exec) exec_container ;; From eeef5c451d72b1ac557e1e149d4732d1bc040785 Mon Sep 17 00:00:00 2001 From: Scott Little <scott.little@windriver.com> Date: Thu, 18 Mar 2021 10:03:21 -0400 Subject: [PATCH 46/54] Disable linuxsoft.cern.ch repos that are no longer responding failure: repodata/repomd.xml from Starlingx-linuxsoft.cern.ch_cern_centos_7.5_rt_Sources: [Errno 256] No more mirrors to try. http://linuxsoft.cern.ch/cern/centos/7.5/rt/Sources/repodata/repomd.xml: [Errno 14] curl#7 - "Failed to connect to 2001:1458:d00:1a::391: Network is unreachable" Closes-Bug: 1920024 Signed-off-by: Scott Little <scott.little@windriver.com> Change-Id: Ia741b02fa10522309a30548b9879a471639db033 --- .../yum.repos.d/StarlingX_3rd_linuxsoft_cern_ch.repo | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/centos-mirror-tools/yum.repos.d/StarlingX_3rd_linuxsoft_cern_ch.repo b/centos-mirror-tools/yum.repos.d/StarlingX_3rd_linuxsoft_cern_ch.repo index 5cc4ba85..fc4aa5f4 100644 --- a/centos-mirror-tools/yum.repos.d/StarlingX_3rd_linuxsoft_cern_ch.repo +++ b/centos-mirror-tools/yum.repos.d/StarlingX_3rd_linuxsoft_cern_ch.repo @@ -4,4 +4,4 @@ [Starlingx-linuxsoft.cern.ch_cern_centos_7.5_rt_Sources] name=Starlingx-linuxsoft.cern.ch_cern_centos_7.5_rt_Sources - linuxsoft.cern.ch_cern_centos_7.5_rt_Sources baseurl=http://linuxsoft.cern.ch/cern/centos/7.5/rt/Sources/ -enabled=1 +enabled=0 From 9507d97d2a15eed3602454bea0c8da3e94e3df85 Mon Sep 17 00:00:00 2001 From: Scott Little <scott.little@windriver.com> Date: Wed, 10 Mar 2021 09:58:54 -0500 Subject: [PATCH 47/54] Parallel downloads Download_mirror.sh takes 15 hours to download all the rpms and tarballs required to build StarlingX into a fresh workspace. It should be much faster than that. Replace the current serial download algorithm with one that is parallel. I'll cap it at 8 parallel downloads for now. I'm a little worried about overwelming CENGN. This is sufficient to drop download times from 15 to 3 hours for a fresh workspace, and 30 min to 5 min to refresh an existing workspace. Closes-Bug: 1918477 Signed-off-by: Scott Little <scott.little@windriver.com> Change-Id: I469b4fee3cb304fe2984aa697ce2dc6cec52e79e --- centos-mirror-tools/dl_rpms.sh | 272 ++++++++++++++---- centos-mirror-tools/download_mirror.sh | 50 +++- .../make_stx_mirror_yum_conf.sh | 11 +- centos-mirror-tools/utils.sh | 7 +- 4 files changed, 267 insertions(+), 73 deletions(-) diff --git a/centos-mirror-tools/dl_rpms.sh b/centos-mirror-tools/dl_rpms.sh index 0761ce4e..a88446aa 100755 --- a/centos-mirror-tools/dl_rpms.sh +++ b/centos-mirror-tools/dl_rpms.sh @@ -1,12 +1,12 @@ -#!/bin/bash -e +#!/bin/bash # # SPDX-License-Identifier: Apache-2.0 # # download RPMs/SRPMs from different sources. # this script was originated by Brian Avery, and later updated by Yong Hu -set -o errexit -set -o nounset +# set -o errexit +# set -o nounset # By default, we use "sudo" and we don't use a local yum.conf. These can # be overridden via flags. @@ -185,6 +185,181 @@ if [ $CLEAN_LOGS_ONLY -eq 1 ];then exit 0 fi +STOP_SCHEDULING=0 +FOUND_ERRORS=0 +MAX_WORKERS=8 +workers=0 +max_workers=$MAX_WORKERS + +# An array that maps worker index to pid, or to two special values +# 'Idle' indicates no running thread. +# 'Busy' indicates the worker is allocated, but it's pid isn't known yet. +declare -A dl_env + +# +# init_dl_env: Init the array that maps worker index to pid. +# +init_dl_env () { + local i=0 + local stop + + stop=$((max_workers-1)) + for i in $(seq 0 $stop); do + dl_env[$i]='Idle' + done +} + +# +# get_idle_dl_env: Find an idle worker, mark it allocated +# and return it's index. +get_idle_dl_env () { + local i=0 + local stop + + stop=$((max_workers-1)) + if [ $stop -ge 255 ]; then + stop=254 + fi + + for i in $(seq 0 $stop); do + if [ ${dl_env[$i]} == 'Idle' ]; then + dl_env[$i]='Busy' + return $i + fi + done + + return 255 +} + +# +# set_dl_env_pid: Set the pid of a previously allocated worker +# +set_dl_env_pid () { + local idx=$1 + local val=$2 + dl_env[$idx]=$val +} + +# +# release_dl_env: Mark a worker as idle. Call after reaping the thread. +# +release_dl_env () { + local idx=$1 + dl_env[$idx]='Idle' +} + +# +# reaper: Look for worker threads that have exited. +# Check/log it's exit code, and release the worker. +# Return the number of threads reaped. +# +reaper () { + local reaped=0 + local last_reaped=-1 + local i=0 + local stop + local p=0 + local ret=0 + + stop=$((max_workers-1)) + if [ $stop -ge 255 ]; then + stop=254 + fi + + while [ $reaped -gt $last_reaped ]; do + last_reaped=$reaped + for i in $(seq 0 $stop); do + p=${dl_env[$i]} + if [ "$p" == "Idle" ] || [ "$p" == "Busy" ]; then + continue + fi + # echo "test $i $p" + kill -0 $p &> /dev/null + if [ $? -ne 0 ]; then + wait $p + ret=$? + workers=$((workers-1)) + reaped=$((reaped+1)) + release_dl_env $i + if [ $ret -ne 0 ]; then + sleep 1 + echo "ERROR: $FUNCNAME (${LINENO}): Failed to download in 'b$i'" + cat "$DL_MIRROR_LOG_DIR/$i" >> $DL_MIRROR_LOG_DIR/errors + echo "ERROR: $FUNCNAME (${LINENO}): Failed to download in 'b$i'" >> $DL_MIRROR_LOG_DIR/errors + echo "" >> $DL_MIRROR_LOG_DIR/errors + FOUND_ERRORS=1 + fi + fi + done + done + return $reaped +} + +# +# download_worker: Download one file. +# This is the entry point for a worker thread. +# +download_worker () { + local dl_idx=$1 + local ff="$2" + local _level=$3 + + local rpm_name="" + local dest_dir="" + local rc=0 + local dl_result=1 + local lvl="" + local download_cmd="" + local download_url="" + local SFILE="" + local _arch="" + + _arch=$(get_arch_from_rpm $ff) + rpm_name="$(get_rpm_name $ff)" + dest_dir="$(get_dest_directory $_arch)" + + if [ ! -e $dest_dir/$rpm_name ]; then + for dl_src in $dl_source; do + case $dl_src in + $dl_from_stx_mirror) + lvl=$dl_from_stx_mirror + ;; + $dl_from_upstream) + lvl=$_level + ;; + *) + echo "Error: Unknown dl_source '$dl_src'" + continue + ;; + esac + + download_cmd="$(get_download_cmd $ff $lvl)" + + echo "Looking for $rpm_name" + echo "--> run: $download_cmd" + if $download_cmd ; then + download_url="$(get_url $ff $lvl)" + SFILE="$(get_rpm_level_name $rpm_name $lvl)" + process_result "$_arch" "$dest_dir" "$download_url" "$SFILE" + dl_result=0 + break + else + echo "Warning: $rpm_name not found" + fi + done + + if [ $dl_result -eq 1 ]; then + echo "Error: $rpm_name not found" + echo "missing_srpm:$rpm_name" >> $LOG + echo $rpm_name >> $MISSING_SRPMS + rc=1 + fi + else + echo "Already have $dest_dir/$rpm_name" + fi + return $rc +} + # Function to download different types of RPMs in different ways download () { local _file=$1 @@ -194,75 +369,62 @@ download () { local _arch="" - local rc=0 - local download_cmd="" - local download_url="" - local rpm_name="" - local SFILE="" - local lvl - local dl_result + FOUND_ERRORS=0 _list=$(cat $_file) _from=$(get_from $_file) echo "now the rpm will come from: $_from" for ff in $_list; do - _arch=$(get_arch_from_rpm $ff) - rpm_name="$(get_rpm_name $ff)" - dest_dir="$(get_dest_directory $_arch)" - - if [ ! -e $dest_dir/$rpm_name ]; then - dl_result=1 - for dl_src in $dl_source; do - case $dl_src in - $dl_from_stx_mirror) - lvl=$dl_from_stx_mirror - ;; - $dl_from_upstream) - lvl=$_level - ;; - *) - echo "Error: Unknown dl_source '$dl_src'" - continue - ;; - esac - - download_cmd="$(get_download_cmd $ff $lvl)" - - echo "Looking for $rpm_name" - echo "--> run: $download_cmd" - if $download_cmd ; then - download_url="$(get_url $ff $lvl)" - SFILE="$(get_rpm_level_name $rpm_name $lvl)" - process_result "$_arch" "$dest_dir" "$download_url" "$SFILE" - dl_result=0 - break - else - echo "Warning: $rpm_name not found" - fi - done - - if [ $dl_result -eq 1 ]; then - echo "Error: $rpm_name not found" - echo "missing_srpm:$rpm_name" >> $LOG - echo $rpm_name >> $MISSING_SRPMS - rc=1 + # Free up a worker if none available + while [ $workers -ge $max_workers ]; do + reaper + reaped=$? + if [ $reaped -eq 0 ]; then + sleep 0.1 fi - else - echo "Already have $dest_dir/$rpm_name" + done + + # Allocate a worker. b=the worker index + workers=$((workers+1)) + get_idle_dl_env + b=$? + if [ $b -ge 255 ]; then + echo "get_idle_dl_env failed to find a free slot" + exit 1 fi - echo + PREFIX="b$b" + + # Launch a thread in the background + ( download_worker $b $ff $_level 2>&1 | sed "s#^#${PREFIX}: #" | tee $DL_MIRROR_LOG_DIR/$b; exit ${PIPESTATUS[0]} ) & + + # Record the pid of background process + pp=$! + set_dl_env_pid $b $pp done - return $rc + # Wait for remaining workers to exit + while [ $workers -gt 0 ]; do + reaper + reaped=$? + if [ $reaped -eq 0 ]; then + sleep 0.1 + fi + done + + return $FOUND_ERRORS } +# Init the pool of worker threads +init_dl_env + + # Prime the cache loop_count=0 max_loop_count=5 echo "${SUDOCMD} yum ${YUMCONFOPT} ${RELEASEVER} makecache" -while ! ${SUDOCMD} yum ${YUMCONFOPT} ${RELEASEVER} makecache ; do +while ! ${SUDOCMD} yum ${YUMCONFOPT} ${RELEASEVER} makecache fast ; do # To protect against intermittent 404 errors, we'll retry # a few times. The suspected issue is pulling repodata # from multiple source that are temporarily inconsistent. diff --git a/centos-mirror-tools/download_mirror.sh b/centos-mirror-tools/download_mirror.sh index c7adfbc8..407011b9 100755 --- a/centos-mirror-tools/download_mirror.sh +++ b/centos-mirror-tools/download_mirror.sh @@ -1,4 +1,4 @@ -#!/bin/bash -e +#!/bin/bash # # SPDX-License-Identifier: Apache-2.0 # @@ -19,6 +19,11 @@ cleanup () { trap "cleanup ; exit 1" INT HUP TERM QUIT trap "cleanup" EXIT +# Clear the error log before we begin +if [ -f $DL_MIRROR_LOG_DIR/errors ]; then + rm -f $DL_MIRROR_LOG_DIR/errors +fi + # A temporary compatability step to save download time # during the shift to the new DL_MIRROR_OUTPUT_DIR location. # @@ -115,8 +120,8 @@ make_stx_mirror_yum_conf="${DOWNLOAD_MIRROR_DIR}/make_stx_mirror_yum_conf.sh" # track optional arguments change_group_ids=1 -use_system_yum_conf=1 -alternate_yum_conf="" +use_system_yum_conf=0 +alternate_yum_conf="${DOWNLOAD_MIRROR_DIR}/yum.conf.sample" alternate_repo_dir="" rpm_downloader_extra_args="" tarball_downloader_extra_args="" @@ -166,6 +171,8 @@ dl_from_upstream () { MULTIPLE_DL_FLAG_ERROR_MSG="Error: Please use only one of: -s,-S,-u,-U" +TEMP_DIR="" +TEMP_DIR_CLEANUP="" multiple_dl_flag_check () { if [ "$dl_flag" != "" ]; then @@ -177,7 +184,7 @@ multiple_dl_flag_check () { # Parse out optional arguments -while getopts "c:Cd:ghI:sl:L:nSuUW:" o; do +while getopts "c:Cd:ghI:sl:L:nt:ySuUW:" o; do case "${o}" in c) # Pass -c ("use alternate yum.conf") to rpm downloader @@ -214,6 +221,15 @@ while getopts "c:Cd:ghI:sl:L:nSuUW:" o; do rpm_downloader_extra_args="${rpm_downloader_extra_args} -n" SUDO="" ;; + t) + # Set TEMP_DIR + TEMP_DIR="${OPTARG}" + ;; + y) + # Use hosts /etc/yum.conf + use_system_yum_conf=1 + alternate_yum_conf="" + ;; s) # Download from StarlingX mirror only. Do not use upstream sources. multiple_dl_flag_check @@ -383,16 +399,15 @@ echo "step #0: Configuring yum repos ..." if [ ${use_system_yum_conf} -ne 0 ]; then # Restore StarlingX_3rd repos from backup - REPO_SOURCE_DIR=/localdisk/yum.repos.d REPO_DIR=/etc/yum.repos.d - if [ -d $REPO_SOURCE_DIR ] && [ -d $REPO_DIR ]; then - ${SUDO} \cp -f $REPO_SOURCE_DIR/*.repo $REPO_DIR/ - fi if [ $layer != "all" ]; then if [ -d ${config_dir}/${distro}/${layer}/yum.repos.d ]; then - ${SUDO} \cp -f ${config_dir}/${distro}/${layer}/yum.repos.d/*.repo $REPO_DIR + ${SUDO} \cp -f -v ${config_dir}/${distro}/${layer}/yum.repos.d/*.repo $REPO_DIR/ fi + else + # copy all layers + ${SUDO} \cp -f -v ${config_dir}/${distro}/*/yum.repos.d/*.repo $REPO_DIR/ fi fi @@ -411,7 +426,6 @@ if [ $use_system_yum_conf -eq 0 ]; then fi fi -TEMP_DIR="" rpm_downloader_extra_args="${rpm_downloader_extra_args} -D $distro" if [ "$dl_flag" != "" ]; then @@ -428,7 +442,19 @@ if ! dl_from_stx; then else # We want to use stx mirror, so we need to create a new, modified yum.conf and yum.repos.d. # The modifications will add or substitute repos pointing to the StralingX mirror. - TEMP_DIR=$(mktemp -d /tmp/stx_mirror_XXXXXX) + if [ "$TEMP_DIR" == "" ]; then + if [ "$MY_WORKSPACE" != "" ]; then + TEMP_DIR="$MY_WORKSPACE/tmp/yum" + else + TEMP_DIR=$(mktemp -d /tmp/stx_mirror_XXXXXX) + TEMP_DIR_CLEANUP="y" + fi + fi + + if [ ! -d $TEMP_DIR ]; then + mkdir -p ${TEMP_DIR} + fi + TEMP_CONF="$TEMP_DIR/yum.conf" need_file ${make_stx_mirror_yum_conf} need_dir ${TEMP_DIR} @@ -685,7 +711,7 @@ fi # # Clean up the mktemp directory, if required. # -if [ "$TEMP_DIR" != "" ]; then +if [ "$TEMP_DIR" != "" ] && [ "$TEMP_DIR_CLEANUP" == "y" ]; then echo "${SUDO} rm -rf $TEMP_DIR" ${SUDO} \rm -rf "$TEMP_DIR" fi diff --git a/centos-mirror-tools/make_stx_mirror_yum_conf.sh b/centos-mirror-tools/make_stx_mirror_yum_conf.sh index 153cc13e..5ea18964 100755 --- a/centos-mirror-tools/make_stx_mirror_yum_conf.sh +++ b/centos-mirror-tools/make_stx_mirror_yum_conf.sh @@ -15,6 +15,7 @@ MAKE_STX_MIRROR_YUM_CONF_DIR="$(dirname "$(readlink -f "${BASH_SOURCE[0]}" )" )" source "$MAKE_STX_MIRROR_YUM_CONF_DIR/url_utils.sh" DISTRO="centos" +SUDO=sudo TEMP_DIR="" SRC_REPO_DIR="$MAKE_STX_MIRROR_YUM_CONF_DIR/yum.repos.d" @@ -38,6 +39,7 @@ usage () { echo " 'yum.repos.d' in same directory as this script" echo "-l <layer> = Download only packages required to build a given layer" echo "-u <lower-layer>,<build-type>,<repo_url> = Add/change the repo baseurl for a lower layer" + echo "-n don't use sudo" } declare -A layer_urls @@ -61,7 +63,7 @@ set_layer_urls () { # # option processing # -while getopts "D:d:l:Rr:u:y:" o; do +while getopts "D:d:l:nRr:u:y:" o; do case "${o}" in D) DISTRO="${OPTARG}" @@ -72,6 +74,9 @@ while getopts "D:d:l:Rr:u:y:" o; do l) LAYER="${OPTARG}" ;; + n) + SUDO="" + ;; r) SRC_REPO_DIR="${OPTARG}" ;; @@ -132,7 +137,7 @@ get_releasever () { if [ -f $SRC_YUM_CONF ] && grep -q '^releasever=' $SRC_YUM_CONF; then grep '^releasever=' $SRC_YUM_CONF | cut -d '=' -f 2 else - yum version nogroups | grep Installed | cut -d ' ' -f 2 | cut -d '/' -f 1 + ${SUDO} yum version nogroups | grep Installed | cut -d ' ' -f 2 | cut -d '/' -f 1 fi } @@ -143,7 +148,7 @@ get_releasever () { # cross compiling. # get_arch () { - yum version nogroups | grep Installed | cut -d ' ' -f 2 | cut -d '/' -f 2 + ${SUDO} yum version nogroups | grep Installed | cut -d ' ' -f 2 | cut -d '/' -f 2 } diff --git a/centos-mirror-tools/utils.sh b/centos-mirror-tools/utils.sh index 338fd097..a9a7faf6 100644 --- a/centos-mirror-tools/utils.sh +++ b/centos-mirror-tools/utils.sh @@ -23,7 +23,7 @@ get_yum_command() { yumdownloader_extra_opts="--exclude='*.i686' --archlist=noarch,x86_64" fi - echo "yumdownloader -q -C ${YUMCONFOPT} ${RELEASEVER} $yumdownloader_extra_opts $rpm_name" + echo "${SUDO} yumdownloader -q -C ${YUMCONFOPT} ${RELEASEVER} $yumdownloader_extra_opts $rpm_name" } get_wget_command() { @@ -74,7 +74,7 @@ get_url() { # filter urls for the desitered arch. local arr=( $(split_filename $_name) ) local arch=${arr[3]} - _ret="$($_url_cmd | grep "[.]$arch[.]rpm$" | head -n 1)" + _ret="$(${SUDO} $_url_cmd | grep "[.]$arch[.]rpm$" | head -n 1)" fi echo "$_ret" } @@ -173,7 +173,8 @@ get_download_cmd() { download_cmd="$(get_wget_command $rpm_name)" else # yumdownloader with the appropriate flag for src, noarch or x86_64 - download_cmd="${SUDOCMD} $(get_yum_command $rpm_name $_level)" + # download_cmd="${SUDOCMD} $(get_yum_command $rpm_name $_level)" + download_cmd="$(get_yum_command $rpm_name $_level)" fi else # Build wget command From 8d236c574317426c4180ac375faa3a709f2f2cc4 Mon Sep 17 00:00:00 2001 From: Carmen Rata <carmen.rata@windriver.com> Date: Mon, 5 Apr 2021 13:03:25 -0400 Subject: [PATCH 48/54] Update openscap rpms version in StarlingX build In order to be up-to-date with openscap tools used to scan for security violations we need to update the openscap rpms from: openscap-scanner-1.2.17-2.el7.x86_64 openscap-1.2.17-2.el7.x86_64 to: openscap-1.2.17-13.el7_9.x86_64.rpm openscap-scanner-1.2.17-13.el7_9.x86_64.rpm Story: 2008668 Task: 41956 Signed-off-by: Carmen Rata <carmen.rata@windriver.com> Change-Id: I043904a6a8a6e77ed6204e0015e33876ddf7a77a --- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 9d7235d6..aed4da98 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -628,6 +628,8 @@ openstack-swift-container-2.15.1-1.el7.noarch.rpm openstack-swift-doc-2.15.1-1.el7.noarch.rpm openstack-swift-object-2.15.1-1.el7.noarch.rpm openstack-swift-proxy-2.15.1-1.el7.noarch.rpm +openscap-1.2.17-13.el7_9.x86_64.rpm +openscap-scanner-1.2.17-13.el7_9.x86_64.rpm opus-1.0.2-6.el7.x86_64.rpm orc-0.4.26-1.el7.x86_64.rpm osinfo-db-tools-1.1.0-1.el7.x86_64.rpm From 26db2859dd3a5c060c337b886fd16c4d2d9f93af Mon Sep 17 00:00:00 2001 From: Scott Little <scott.little@windriver.com> Date: Mon, 12 Apr 2021 11:21:31 -0400 Subject: [PATCH 49/54] Replace basearch references in yum repos Some of our yum repos are using $basearch, rather than explicitly nameing x86_64, the only supported arch for StarlingX. This means yum downloads may fail if the download host not x86_64, or if $basearch is left undefined. This update replaces '$basearch' with 'x86_64' within the openstack repo definitions, making it consistent with all other repo definitions. Closes-Bug: 1923458 Signed-off-by: Scott Little <scott.little@windriver.com> Change-Id: I071c674bf79d7a98f0cf2493b88fe54d2b9d6efa --- .../yum.repos.d/StarlingX_CentOS-OpenStack-queens.repo | 6 +++--- .../yum.repos.d/StarlingX_CentOS-OpenStack-rocky.repo | 6 +++--- .../yum.repos.d/StarlingX_CentOS-OpenStack-stein.repo | 6 +++--- .../yum.repos.d/StarlingX_CentOS-OpenStack-train.repo | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/centos-mirror-tools/yum.repos.d/StarlingX_CentOS-OpenStack-queens.repo b/centos-mirror-tools/yum.repos.d/StarlingX_CentOS-OpenStack-queens.repo index d3c802fb..a5f29099 100644 --- a/centos-mirror-tools/yum.repos.d/StarlingX_CentOS-OpenStack-queens.repo +++ b/centos-mirror-tools/yum.repos.d/StarlingX_CentOS-OpenStack-queens.repo @@ -5,7 +5,7 @@ [centos-openstack-queens] name=CentOS-7 - OpenStack queens -baseurl=http://mirror.centos.org/centos/7/cloud/$basearch/openstack-queens/ +baseurl=http://mirror.centos.org/centos/7/cloud/x86_64/openstack-queens/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud @@ -13,14 +13,14 @@ exclude=sip,PyQt4 [centos-openstack-queens-test] name=CentOS-7 - OpenStack queens Testing -baseurl=https://buildlogs.centos.org/centos/7/cloud/$basearch/openstack-queens/ +baseurl=https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-queens/ gpgcheck=0 enabled=0 exclude=sip,PyQt4 [centos-openstack-queens-debuginfo] name=CentOS-7 - OpenStack queens - Debug -baseurl=http://debuginfo.centos.org/centos/7/cloud/$basearch/ +baseurl=http://debuginfo.centos.org/centos/7/cloud/x86_64/ gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud diff --git a/centos-mirror-tools/yum.repos.d/StarlingX_CentOS-OpenStack-rocky.repo b/centos-mirror-tools/yum.repos.d/StarlingX_CentOS-OpenStack-rocky.repo index cad336e6..560440e8 100644 --- a/centos-mirror-tools/yum.repos.d/StarlingX_CentOS-OpenStack-rocky.repo +++ b/centos-mirror-tools/yum.repos.d/StarlingX_CentOS-OpenStack-rocky.repo @@ -5,7 +5,7 @@ [centos-openstack-rocky] name=CentOS-7 - OpenStack rocky -baseurl=http://mirror.centos.org/centos/7/cloud/$basearch/openstack-rocky/ +baseurl=http://mirror.centos.org/centos/7/cloud/x86_64/openstack-rocky/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud @@ -13,14 +13,14 @@ exclude=sip,PyQt4 [centos-openstack-rocky-test] name=CentOS-7 - OpenStack rocky Testing -baseurl=https://buildlogs.centos.org/centos/7/cloud/$basearch/openstack-rocky/ +baseurl=https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-rocky/ gpgcheck=0 enabled=0 exclude=sip,PyQt4 [centos-openstack-rocky-debuginfo] name=CentOS-7 - OpenStack rocky - Debug -baseurl=http://debuginfo.centos.org/centos/7/cloud/$basearch/ +baseurl=http://debuginfo.centos.org/centos/7/cloud/x86_64/ gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud diff --git a/centos-mirror-tools/yum.repos.d/StarlingX_CentOS-OpenStack-stein.repo b/centos-mirror-tools/yum.repos.d/StarlingX_CentOS-OpenStack-stein.repo index a32c02f0..7427329e 100644 --- a/centos-mirror-tools/yum.repos.d/StarlingX_CentOS-OpenStack-stein.repo +++ b/centos-mirror-tools/yum.repos.d/StarlingX_CentOS-OpenStack-stein.repo @@ -5,7 +5,7 @@ [centos-openstack-stein] name=CentOS-7 - OpenStack stein -baseurl=http://mirror.centos.org/centos/7/cloud/$basearch/openstack-stein/ +baseurl=http://mirror.centos.org/centos/7/cloud/x86_64/openstack-stein/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud @@ -13,14 +13,14 @@ exclude=sip,PyQt4 [centos-openstack-stein-test] name=CentOS-7 - OpenStack stein Testing -baseurl=https://buildlogs.centos.org/centos/7/cloud/$basearch/openstack-stein/ +baseurl=https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-stein/ gpgcheck=0 enabled=0 exclude=sip,PyQt4 [centos-openstack-stein-debuginfo] name=CentOS-7 - OpenStack stein - Debug -baseurl=http://debuginfo.centos.org/centos/7/cloud/$basearch/ +baseurl=http://debuginfo.centos.org/centos/7/cloud/x86_64/ gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud diff --git a/centos-mirror-tools/yum.repos.d/StarlingX_CentOS-OpenStack-train.repo b/centos-mirror-tools/yum.repos.d/StarlingX_CentOS-OpenStack-train.repo index e0985c9a..e8cb1a28 100644 --- a/centos-mirror-tools/yum.repos.d/StarlingX_CentOS-OpenStack-train.repo +++ b/centos-mirror-tools/yum.repos.d/StarlingX_CentOS-OpenStack-train.repo @@ -5,7 +5,7 @@ [centos-openstack-train] name=CentOS-7 - OpenStack train -baseurl=http://mirror.centos.org/centos/7/cloud/$basearch/openstack-train/ +baseurl=http://mirror.centos.org/centos/7/cloud/x86_64/openstack-train/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud @@ -13,14 +13,14 @@ exclude=sip,PyQt4 [centos-openstack-train-test] name=CentOS-7 - OpenStack train Testing -baseurl=https://buildlogs.centos.org/centos/7/cloud/$basearch/openstack-train/ +baseurl=https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-train/ gpgcheck=0 enabled=0 exclude=sip,PyQt4 [centos-openstack-train-debuginfo] name=CentOS-7 - OpenStack train - Debug -baseurl=http://debuginfo.centos.org/centos/7/cloud/$basearch/ +baseurl=http://debuginfo.centos.org/centos/7/cloud/x86_64/ gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud From e31e0dda7a4c09143d41cd518ab97ea6112d7fb5 Mon Sep 17 00:00:00 2001 From: Li Zhou <li.zhou@windriver.com> Date: Tue, 13 Apr 2021 04:53:50 -0400 Subject: [PATCH 50/54] systemd: Upgrade to version 219-78.el7_9.3 Refer the lst entries to the new version. Partial-Bug: #1924691 Signed-off-by: Li Zhou <li.zhou@windriver.com> Change-Id: I557eff6a47f341cc67de02fd59024b28bb6cac84 --- .../config/centos/compiler/rpms_centos3rdparties.lst | 8 ++++---- .../config/centos/distro/rpms_centos3rdparties.lst | 8 ++++---- .../config/centos/mock/rpms_centos3rdparties.lst | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/centos-mirror-tools/config/centos/compiler/rpms_centos3rdparties.lst b/centos-mirror-tools/config/centos/compiler/rpms_centos3rdparties.lst index 0a56a662..f9d2879a 100644 --- a/centos-mirror-tools/config/centos/compiler/rpms_centos3rdparties.lst +++ b/centos-mirror-tools/config/centos/compiler/rpms_centos3rdparties.lst @@ -27,10 +27,10 @@ nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm # nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm provided by mock nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm # openldap-2.4.44-20.el7.x86_64.rpm provided by mock -# systemd-219-67.el7.x86_64.rpm provided by mock -# systemd-devel-219-67.el7.x86_64.rpm provided by mock -# systemd-libs-219-67.el7.x86_64.rpm provided by mock -# systemd-sysv-219-67.el7.x86_64.rpm provided by mock +# systemd-219-78.el7_9.3.x86_64.rpm provided by mock +# systemd-devel-219-78.el7_9.3.x86_64.rpm provided by mock +# systemd-libs-219-78.el7_9.3.x86_64.rpm provided by mock +# systemd-sysv-219-78.el7_9.3.x86_64.rpm provided by mock systemtap-sdt-devel-3.3-3.el7.x86_64.rpm # util-linux-2.23.2-59.el7.x86_64.rpm provided by mock valgrind-3.13.0-13.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst b/centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst index 8aba971c..343bad40 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst @@ -73,10 +73,10 @@ selinux-policy-devel-3.13.1-229.el7_6.6.noarch.rpm spice-protocol-0.12.14-1.el7.noarch.rpm spice-server-0.14.0-9.el7.x86_64.rpm spice-server-devel-0.14.0-9.el7.x86_64.rpm -# systemd-219-67.el7.x86_64.rpm provided by mock -# systemd-devel-219-67.el7.x86_64.rpm provided by mock -# systemd-libs-219-67.el7.x86_64.rpm provided by mock -# systemd-sysv-219-67.el7.x86_64.rpm provided by mock +# systemd-219-78.el7_9.3.x86_64.rpm provided by mock +# systemd-devel-219-78.el7_9.3.x86_64.rpm provided by mock +# systemd-libs-219-78.el7_9.3.x86_64.rpm provided by mock +# systemd-sysv-219-78.el7_9.3.x86_64.rpm provided by mock systemtap-3.3-3.el7.x86_64.rpm systemtap-client-3.3-3.el7.x86_64.rpm systemtap-devel-3.3-3.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/mock/rpms_centos3rdparties.lst b/centos-mirror-tools/config/centos/mock/rpms_centos3rdparties.lst index 2ee23a56..8411067e 100644 --- a/centos-mirror-tools/config/centos/mock/rpms_centos3rdparties.lst +++ b/centos-mirror-tools/config/centos/mock/rpms_centos3rdparties.lst @@ -11,8 +11,8 @@ libcom_err-1.42.9-13.el7.x86_64.rpm libsemanage-2.5-14.el7.x86_64.rpm nss-softokn-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm -systemd-219-67.el7.x86_64.rpm -systemd-devel-219-67.el7.x86_64.rpm -systemd-libs-219-67.el7.x86_64.rpm -systemd-sysv-219-67.el7.x86_64.rpm +systemd-219-78.el7_9.3.x86_64.rpm +systemd-devel-219-78.el7_9.3.x86_64.rpm +systemd-libs-219-78.el7_9.3.x86_64.rpm +systemd-sysv-219-78.el7_9.3.x86_64.rpm util-linux-2.23.2-59.el7.x86_64.rpm From 4c3ee114bcbff710c2049626044dd1ddc756cbd9 Mon Sep 17 00:00:00 2001 From: Joe Slater <joe.slater@windriver.com> Date: Tue, 27 Apr 2021 18:50:53 -0400 Subject: [PATCH 51/54] screen: fix CVE-2021-26937 segfault Advance to screen-4.1.0-0.27.20120314git3c2946.el7_9.x86_64.rpm. Closes-bug: 1926372 Change-Id: I41834e7b1e16153b0632751f59f7ac9f503389da Signed-off-by: Joe Slater <joe.slater@windriver.com> --- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index aed4da98..bf6e225e 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -1190,7 +1190,7 @@ sanlock-3.6.0-1.el7.x86_64.rpm sazanami-fonts-common-0.20040629-22.el7.noarch.rpm sazanami-gothic-fonts-0.20040629-22.el7.noarch.rpm sazanami-mincho-fonts-0.20040629-22.el7.noarch.rpm -screen-4.1.0-0.25.20120314git3c2946.el7.x86_64.rpm +screen-4.1.0-0.27.20120314git3c2946.el7_9.x86_64.rpm seabios-bin-1.11.0-2.el7.noarch.rpm seavgabios-bin-1.11.0-2.el7.noarch.rpm # sed-4.2.2-5.el7.x86_64.rpm provided by mock From b96ebc83d859a4a7802a462504817ecec6182a7b Mon Sep 17 00:00:00 2001 From: Scott Little <scott.little@windriver.com> Date: Mon, 3 May 2021 13:16:53 -0400 Subject: [PATCH 52/54] fix bad flockflock url MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit download_mirror.sh fails due to a bad path containing ‘stx-tools/centos-mirror-tools/config/centos/flockflock’ The path is constructed, and the trigger is when an EOL is missing from a centos_build_layer.cfg file, causing 'cat' to merge the last line of the offending file with the first line of the next file. Switch 'cat' to 'grep', which will always ensure an EOL is present. Along the way, we can filter out empty lines and comments. Closes-bug: 1926987 Signed-off-by: Scott Little <scott.little@windriver.com> Change-Id: I2404b3415f0f3e2f395c2bcb7a527aa01a488f61 --- toCOPY/lst_utils.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/toCOPY/lst_utils.sh b/toCOPY/lst_utils.sh index 295fdc92..a3bb86c3 100644 --- a/toCOPY/lst_utils.sh +++ b/toCOPY/lst_utils.sh @@ -52,7 +52,10 @@ merge_lst () { return 1 fi - layers=$(cat ${layer_cfgs} | sort --unique) + # Grep to ignore empty lines or whole line comments. + # Sed to drop any trailing comments. + # Side effect of grep over cat is adding any missing EOL. + layers=$(grep -h -v -e '^$' -e '^[ \t]*#' ${layer_cfgs} | sed -e 's/[ \t]*#.*$//'} | sort --unique) layers+=" mock" ( From ac05493480f6df6f31d071d29380c1b4f35b70a9 Mon Sep 17 00:00:00 2001 From: Scott Little <scott.little@windriver.com> Date: Tue, 4 May 2021 12:42:36 -0400 Subject: [PATCH 53/54] fix git-review within docker build environment 'tb create' fails to create a build environment since upstream git-review was updated of Apr 26. Fix is to install/update pbr ahead of git-review. Also, to reduce the likelyhood of this recurring, lock down specific versions of the pypi supplied tools we know to work. Closes-bug: 1927137 Signed-off-by: Scott Little <scott.little@windriver.com> Change-Id: Ib9fe6fd33de4d637f254ac421cc0427ee6131b65 --- Dockerfile | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7d80671b..114215d9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -158,7 +158,7 @@ RUN yum install -y golang && \ mkdir -p ${GOPATH}/bin && \ curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh -# Uprev git, git-review, repo +# Uprev git, repo RUN yum install -y dh-autoreconf curl-devel expat-devel gettext-devel openssl-devel perl-devel zlib-devel asciidoc xmlto docbook2X && \ cd /tmp && \ wget https://github.com/git/git/archive/v2.29.2.tar.gz -O git-2.29.2.tar.gz && \ @@ -169,8 +169,7 @@ RUN yum install -y dh-autoreconf curl-devel expat-devel gettext-devel openssl-d make all doc && \ make install install-doc && \ cd /tmp && \ - rm -rf git-2.29.2.tar.gz git-2.29.2 && \ - pip install git-review --upgrade + rm -rf git-2.29.2.tar.gz git-2.29.2 # Systemd Enablement RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ @@ -184,8 +183,10 @@ RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == system # pip installs COPY toCOPY/builder-constraints.txt /home/$MYUNAME/ -RUN pip install -c /home/$MYUNAME/builder-constraints.txt python-subunit junitxml --upgrade && \ - pip install -c /home/$MYUNAME/builder-constraints.txt tox --upgrade +RUN pip install -c /home/$MYUNAME/builder-constraints.txt pbr==5.6.0 --upgrade && \ + pip install -c /home/$MYUNAME/builder-constraints.txt git-review==2.1.0 --upgrade && \ + pip install -c /home/$MYUNAME/builder-constraints.txt python-subunit==1.4.0 junitxml==0.7 --upgrade && \ + pip install -c /home/$MYUNAME/builder-constraints.txt tox==3.23.0 --upgrade # Inherited tools for mock stuff # we at least need the mock_cache_unlock tool From 7b5f3a45e663866a3c0ca3ca86eb3c92bc7f0210 Mon Sep 17 00:00:00 2001 From: Scott Little <scott.little@windriver.com> Date: Wed, 5 May 2021 09:56:33 -0400 Subject: [PATCH 54/54] fix bad flockflock url pt 2 A stray '}' character found it's way into my prior update titled 'fix bad flockflock url' after testing. The result was the following error sed: -e expression #1, char 15: unexpected `}' This removes the unwanted '}', restoring the prior update to its intended form. Closes-bug: 1926987 Signed-off-by: Scott Little <scott.little@windriver.com> Change-Id: I48f4721ccaf121679916b01747243deedf5836cd --- toCOPY/lst_utils.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toCOPY/lst_utils.sh b/toCOPY/lst_utils.sh index a3bb86c3..e6a7aee3 100644 --- a/toCOPY/lst_utils.sh +++ b/toCOPY/lst_utils.sh @@ -55,7 +55,7 @@ merge_lst () { # Grep to ignore empty lines or whole line comments. # Sed to drop any trailing comments. # Side effect of grep over cat is adding any missing EOL. - layers=$(grep -h -v -e '^$' -e '^[ \t]*#' ${layer_cfgs} | sed -e 's/[ \t]*#.*$//'} | sort --unique) + layers=$(grep -h -v -e '^$' -e '^[ \t]*#' ${layer_cfgs} | sed -e 's/[ \t]*#.*$//' | sort --unique) layers+=" mock" (