Merge pull request #4926 from microsoft/olivia/merge

Merge 1.0-dev for February 2023 Release 3

CVE-2023-0796.nopatch

@@ -0,0 +1 @@
+The CVE-2023-0795.patch also fixes CVE-2023-0796

CVE-2023-0797.nopatch

@@ -0,0 +1 @@
+The CVE-2023-0795.patch also fixes CVE-2023-0797

CVE-2023-0798.nopatch

@@ -0,0 +1 @@
+The CVE-2023-0795.patch also fixes CVE-2023-0798

CVE-2023-0799.nopatch

@@ -0,0 +1 @@
+The CVE-2023-0795.patch also fixes CVE-2023-0799

SPECS-SIGNED/grub2-efi-binary-signed/grub2-efi-binary-signed.spec

@@ -10,7 +10,7 @@
 Summary:        Signed GRand Unified Bootloader for %{buildarch} systems
 Name:           grub2-efi-binary-signed-%{buildarch}
 Version:        2.06~rc1
-Release:        9%{?dist}
+Release:        10%{?dist}
 License:        GPLv3+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -54,6 +54,9 @@ cp %{SOURCE1} %{buildroot}/boot/efi/EFI/BOOT/%{grubefiname}
 /boot/efi/EFI/BOOT/%{grubefiname}
 
 %changelog
+* Wed Feb 08 2023 Dan Streetman <[email protected]> - 2.06~rc1-10
+- CVE-2022-3775
+
 * Wed Dec 28 2022 Osama Esmail <[email protected]> - 2.06~rc1-9
 - Bump release number to match grub release number
 

SPECS-SIGNED/kernel-signed/kernel-signed.spec

@@ -9,7 +9,7 @@
 %define uname_r %{version}-%{release}
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-signed-%{buildarch}
-Version:        5.10.167.1
+Version:        5.10.168.1
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -147,6 +147,12 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %endif
 
 %changelog
+* Wed Feb 22 2023 CBL-Mariner Servicing Account <[email protected]> - 5.10.168.1-1
+- Auto-upgrade to 5.10.168.1
+
+* Wed Feb 15 2023 Rachel Menge <[email protected]> - 5.10.167.1-2
+- Bump release number to match kernel release
+
 * Tue Feb 07 2023 CBL-Mariner Servicing Account <[email protected]> - 5.10.167.1-1
 - Auto-upgrade to 5.10.167.1
 

SPECS/bind/bind.signatures.json

@@ -1,5 +1,5 @@
 {
   "Signatures": {
-    "bind-9.16.33.tar.xz": "ec4fbea4b2e368d1824971509e33fa159224ad14b436034c6bcd46104c328d91"
+    "bind-9.16.37.tar.xz": "0e4661d522a2fe1f111c1f0685e7d6993d657f81dae24e7a75dbd8db3ef2e2ab"
   }
 }

SPECS/bind/bind.spec

@@ -1,24 +1,26 @@
 Summary:        Domain Name System software
 Name:           bind
-Version:        9.16.33
+Version:        9.16.37
 Release:        1%{?dist}
 License:        ISC
+Vendor:         Microsoft Corporation
+Distribution:   Mariner
+Group:          Development/Tools
 URL:            https://www.isc.org/downloads/bind/
 Source0:        https://ftp.isc.org/isc/bind9/%{version}/%{name}-%{version}.tar.xz
 # CVE-2019-6470 is fixed by updating the dhcp package to 4.4.1 or greater
 Patch0:         CVE-2019-6470.nopatch
-Group:          Development/Tools
-Vendor:         Microsoft Corporation
-Distribution:   Mariner
-Requires:       openssl
-Requires:       libuv
-Requires(pre):  /usr/sbin/useradd /usr/sbin/groupadd
-Requires(postun):/usr/sbin/userdel /usr/sbin/groupdel
-BuildRequires:  openssl-devel
 BuildRequires:  libcap-devel
-BuildRequires:  python3
-BuildRequires:  python-ply
 BuildRequires:  libuv-devel
+BuildRequires:  openssl-devel
+BuildRequires:  python-ply
+BuildRequires:  python3
+Requires:       libuv
+Requires:       openssl
+Requires(postun): %{_sbindir}/groupdel
+Requires(postun): %{_sbindir}/userdel
+Requires(pre):  %{_sbindir}/groupadd
+Requires(pre):  %{_sbindir}/useradd
 # Enforce fix for CVE-2019-6470
 Conflicts:      dhcp < 4.4.1
 
@@ -28,13 +30,14 @@ for the Internet. It is a reference implementation of those protocols, but it is
 also production-grade software, suitable for use in high-volume and high-reliability applications.
 
 %package utils
-Summary: BIND utilities
+Summary:        BIND utilities
+
 %description utils
 %{summary}.
 
-
 %prep
 %autosetup -p1
+
 %build
 ./configure \
     --prefix=%{_prefix}
@@ -44,29 +47,30 @@ make -C lib/bind9 %{?_smp_mflags}
 make -C lib/isccfg %{?_smp_mflags}
 make -C lib/irs %{?_smp_mflags}
 make -C bin/dig %{?_smp_mflags}
+
 %install
 make -C bin/dig DESTDIR=%{buildroot} install
-find %{buildroot} -name '*.la' -delete
+find %{buildroot} -type f -name "*.la" -delete -print
 mkdir -p %{buildroot}/%{_sysconfdir}
-mkdir -p %{buildroot}/%{_prefix}/lib/tmpfiles.d
+mkdir -p %{buildroot}/%{_libdir}/tmpfiles.d
 cat << EOF >> %{buildroot}/%{_sysconfdir}/named.conf
 zone "." in {
     type master;
     allow-update {none;}; // no DDNS by default
 };
 EOF
-echo "d /run/named 0755 named named - -" > %{buildroot}/%{_prefix}/lib/tmpfiles.d/named.conf
+echo "d /run/named 0755 named named - -" > %{buildroot}/%{_libdir}/tmpfiles.d/named.conf
 
 %pre
 if ! getent group named >/dev/null; then
     groupadd -r named
 fi
 if ! getent passwd named >/dev/null; then
-    useradd -g named -d /var/lib/bind\
+    useradd -g named -d %{_sharedstatedir}/bind\
         -s /bin/false -M -r named
 fi
-%post -p /sbin/ldconfig
 
+%post -p /sbin/ldconfig
 %postun
 /sbin/ldconfig
 if getent passwd named >/dev/null; then
@@ -81,9 +85,12 @@ fi
 %license LICENSE
 %{_bindir}/*
 %{_sysconfdir}/*
-%{_prefix}/lib/tmpfiles.d/named.conf
+%{_libdir}/tmpfiles.d/named.conf
 
 %changelog
+* Mon Feb 13 2023 CBL-Mariner Servicing Account <[email protected]> - 9.16.37-1
+- Auto-upgrade to 9.16.37 - to fix CVE-2022-3736, CVE-2022-3094, CVE-2022-3924
+
 * Mon Nov 14 2022 CBL-Mariner Servicing Account <[email protected]> - 9.16.33-1
 - Auto-upgrade to 9.16.33 - CVE-2022-2795,CVE-2022-3080
 

SPECS/binutils/CVE-2022-4285.patch

@@ -0,0 +1,32 @@
+From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <[email protected]>
+Date: Wed, 19 Oct 2022 15:09:12 +0100
+Subject: [PATCH] Fix an illegal memory access when parsing an ELF file
+ containing corrupt symbol version information.
+
+	PR 29699
+	* elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field
+	of the section header is zero.
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/elf.c     | 4 +++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/elf.c b/bfd/elf.c
+index fe00e0f9189..7cd7febcf95 100644
+--- a/bfd/elf.c
++++ b/bfd/elf.c
+@@ -8730,7 +8730,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
+ 	  bfd_set_error (bfd_error_file_too_big);
+ 	  goto error_return_verref;
+ 	}
+-      elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt);
++      if (amt == 0)
++	goto error_return_verref;
++      elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt);
+       if (elf_tdata (abfd)->verref == NULL)
+ 	goto error_return_verref;
+
+-- 
+2.31.1
+

SPECS/binutils/binutils.spec

@@ -1,14 +1,15 @@
 Summary:        Contains a linker, an assembler, and other tools
 Name:           binutils
 Version:        2.36.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        GPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          System Environment/Base
 URL:            https://www.gnu.org/software/binutils
 Source0:        https://ftp.gnu.org/gnu/binutils/%{name}-%{version}.tar.xz
 Patch0:         CVE-2021-45078.patch
+Patch1:         CVE-2022-4285.patch
 
 %description
 The Binutils package contains a linker, an assembler,
@@ -119,6 +120,9 @@ make %{?_smp_mflags} check
 %{_libdir}/libctf.so.0.*
 
 %changelog
+* Thu Feb 09 2023 Dan Streetman <[email protected]> 2.36.1-3
+- CVE-2022-4285
+
 * Thu Dec 23 2021 Muhammad Falak <[email protected]> 2.36.1-2
 - Fix CVE-2021-45078
 

SPECS/clamav/clamav.signatures.json

@@ -1,5 +1,5 @@
 {
- "Signatures": {
-  "clamav-0.103.6.tar.gz": "aaa12e3dc19f1d323b1c50d7a10fa8af557e4390149e864d59bde39b6ad9ba33"
- }
+  "Signatures": {
+    "clamav-0.103.8.tar.gz": "6f49da6ee927936de13d359e559d3944248e3a257d40b80b6c99ebe6fe8c8c3f"
+  }
 }

SPECS/clamav/clamav.spec

@@ -2,8 +2,8 @@
 %{!?python3_sitelib: %global python3_sitelib %(python3 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")}
 Summary:        Open source antivirus engine
 Name:           clamav
-Version:        0.103.6
-Release:        2%{?dist}
+Version:        0.103.8
+Release:        1%{?dist}
 License:        ASL 2.0 AND BSD AND bzip2-1.0.4 AND GPLv2 AND LGPLv2+ AND MIT AND Public Domain AND UnRar
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -99,6 +99,9 @@ rm -f %{_var}/log/freshclam.log
 %ghost %attr(-,clamav,clamav) %{_var}/log/freshclam.log
 
 %changelog
+* Fri Feb 17 2023 CBL-Mariner Servicing Account <[email protected]> - 0.103.8-1
+- Auto-upgrade to 0.103.8 - CVE-2023-20032
+
 *Fri Jul 22 2022 Olivia Crain <[email protected]> - 0.103.6-2
 - Fix freshclam DB download (backport of Tom Fay's 2.0 changes)
 - Create/delete clamav user and group on preinstall/postuninstall

SPECS/curl/CVE-2022-43552.patch

@@ -0,0 +1,94 @@
+From f3b4c5edf97c157a8ad3727827d1ac94062cfff8 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <[email protected]>
+Date: Mon, 7 Nov 2022 17:09:48 +0100
+Subject: [PATCH] smb/telnet: do not free the protocol struct in *_done()
+
+It is managed by the generic layer.
+---
+ lib/smb.c    | 14 ++------------
+ lib/telnet.c |  3 ---
+ 2 files changed, 2 insertions(+), 15 deletions(-)
+
+diff --git a/lib/smb.c b/lib/smb.c
+index 2cfe041df..48d5a2fe0 100644
+--- a/lib/smb.c
++++ b/lib/smb.c
+@@ -56,12 +56,10 @@ static CURLcode smb_setup_connection(struct Curl_easy *data,
+                                      struct connectdata *conn);
+ static CURLcode smb_connect(struct Curl_easy *data, bool *done);
+ static CURLcode smb_connection_state(struct Curl_easy *data, bool *done);
+ static CURLcode smb_do(struct Curl_easy *data, bool *done);
+ static CURLcode smb_request_state(struct Curl_easy *data, bool *done);
+-static CURLcode smb_done(struct Curl_easy *data, CURLcode status,
+-                         bool premature);
+ static CURLcode smb_disconnect(struct Curl_easy *data,
+                                struct connectdata *conn, bool dead);
+ static int smb_getsock(struct Curl_easy *data, struct connectdata *conn,
+                        curl_socket_t *socks);
+ static CURLcode smb_parse_url_path(struct Curl_easy *data,
+@@ -72,11 +70,11 @@ static CURLcode smb_parse_url_path(struct Curl_easy *data,
+  */
+ const struct Curl_handler Curl_handler_smb = {
+   "SMB",                                /* scheme */
+   smb_setup_connection,                 /* setup_connection */
+   smb_do,                               /* do_it */
+-  smb_done,                             /* done */
++  ZERO_NULL,                            /* done */
+   ZERO_NULL,                            /* do_more */
+   smb_connect,                          /* connect_it */
+   smb_connection_state,                 /* connecting */
+   smb_request_state,                    /* doing */
+   smb_getsock,                          /* proto_getsock */
+@@ -99,11 +97,11 @@ const struct Curl_handler Curl_handler_smb = {
+  */
+ const struct Curl_handler Curl_handler_smbs = {
+   "SMBS",                               /* scheme */
+   smb_setup_connection,                 /* setup_connection */
+   smb_do,                               /* do_it */
+-  smb_done,                             /* done */
++  ZERO_NULL,                            /* done */
+   ZERO_NULL,                            /* do_more */
+   smb_connect,                          /* connect_it */
+   smb_connection_state,                 /* connecting */
+   smb_request_state,                    /* doing */
+   smb_getsock,                          /* proto_getsock */
+@@ -934,18 +932,10 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
+   request_state(data, next_state);
+
+   return CURLE_OK;
+ }
+
+-static CURLcode smb_done(struct Curl_easy *data, CURLcode status,
+-                         bool premature)
+-{
+-  (void) premature;
+-  Curl_safefree(data->req.p.smb);
+-  return status;
+-}
+-
+ static CURLcode smb_disconnect(struct Curl_easy *data,
+                                struct connectdata *conn, bool dead)
+ {
+   struct smb_conn *smbc = &conn->proto.smbc;
+   (void) dead;
+diff --git a/lib/telnet.c b/lib/telnet.c
+index 24d3f1efb..22bc81e75 100644
+--- a/lib/telnet.c
++++ b/lib/telnet.c
+@@ -1246,13 +1246,10 @@ static CURLcode telnet_done(struct Curl_easy *data,
+   if(!tn)
+     return CURLE_OK;
+
+   curl_slist_free_all(tn->telnet_vars);
+   tn->telnet_vars = NULL;
+-
+-  Curl_safefree(data->req.p.telnet);
+-
+   return CURLE_OK;
+ }
+
+ static CURLcode telnet_do(struct Curl_easy *data, bool *done)
+ {
+-- 
+2.38.1
+

SPECS/curl/curl.spec

@@ -2,14 +2,15 @@ Summary:        An URL retrieval utility and library
 Name:           curl
 # Heads up: 7.87 breaks perl-WWW-Curl (see #4588).
 Version:        7.86.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          System Environment/NetworkingLibraries
 URL:            https://curl.haxx.se
 Source0:        https://curl.haxx.se/download/%{name}-%{version}.tar.gz
 Patch0:         CVE-2022-43551.patch
+Patch1:         CVE-2022-43552.patch
 BuildRequires:  krb5-devel
 BuildRequires:  libssh2-devel
 BuildRequires:  openssl-devel
@@ -90,6 +91,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_libdir}/libcurl.so.4*
 
 %changelog
+* Mon Feb 13 2023 Dallas Delaney <[email protected]> - 7.86.0-3
+- Apply patch to fix CVE-2022-43552
+
 * Thu Jan 12 2023 Aurélien Bombo <[email protected]> - 7.86.0-2
 - Apply patch to fix CVE-2022-43551.