Merge branch '1.0-dev' into 1.0

Author: jslobodzian

SPECS/cloud-init/apply-netconfig-every-boot.patch

@@ -0,0 +1,42 @@
+From dc22786980a05129c5971e68ae37b1a9f76f882d Mon Sep 17 00:00:00 2001
+From: James Falcon <[email protected]>
+Date: Fri, 17 Sep 2021 16:25:22 -0500
+Subject: [PATCH] Set Azure to apply networking config every BOOT (#1023)
+
+In #1006, we set Azure to apply networking config every
+BOOT_NEW_INSTANCE because the BOOT_LEGACY option was causing problems
+applying networking the second time per boot. However,
+BOOT_NEW_INSTANCE is also wrong as Azure needs to apply networking
+once per boot, during init-local phase.
+
+Signed-off-by: Henry Beberman <[email protected]>
+
+---
+ cloudinit/sources/DataSourceAzure.py                |  6 +++++-
+ tests/integration_tests/modules/test_user_events.py | 10 ++++++----
+ 2 files changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
+index 3fb564c8dd..f8641dfd2f 100755
+--- a/cloudinit/sources/DataSourceAzure.py
++++ b/cloudinit/sources/DataSourceAzure.py
+@@ -22,7 +22,7 @@
+ from cloudinit import dmi
+ from cloudinit import log as logging
+ from cloudinit import net
+-from cloudinit.event import EventType
++from cloudinit.event import EventScope, EventType
+ from cloudinit.net import device_driver
+ from cloudinit.net.dhcp import EphemeralDHCPv4
+ from cloudinit import sources
+@@ -339,6 +339,10 @@ def temporary_hostname(temp_hostname, cfg, hostname_command='hostname'):
+ class DataSourceAzure(sources.DataSource):
+ 
+     dsname = 'Azure'
++    default_update_events = {EventScope.NETWORK: {
++        EventType.BOOT_NEW_INSTANCE,
++        EventType.BOOT,
++    }}
+     _negotiated = False
+     _metadata_imds = sources.UNSET
+     _ci_pkl_version = 1

SPECS/cloud-init/cloud-init.spec

@@ -3,7 +3,7 @@
 Summary:        Cloud instance init scripts
 Name:           cloud-init
 Version:        21.3
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPLv3
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -18,6 +18,8 @@ Patch2:         ds-vmware-mariner.patch
 Patch3:         cloud-cfg.patch
 Patch4:         networkd.patch
 Patch5:         mariner.patch
+Patch6:         update-metadata-on-BOOT_NEW_INSTANCE.patch
+Patch7:         apply-netconfig-every-boot.patch
 BuildRequires:  automake
 BuildRequires:  dbus
 BuildRequires:  iproute
@@ -158,6 +160,9 @@ rm -rf %{buildroot}
 %config(noreplace) %{_sysconfdir}/cloud/cloud.cfg.d/10-azure-kvp.cfg
 
 %changelog
+* Tue Feb 22 2022 Henry Beberman <[email protected]> - 21.3-4
+- Add patches from upstream to resolve a hang when reinitializing preprovisioned VMs.
+
 * Mon Oct 18 2021 Henry Beberman <[email protected]> - 21.3-3
 - Add azure-kvp subpackage.
 

SPECS/cloud-init/update-metadata-on-BOOT_NEW_INSTANCE.patch

@@ -0,0 +1,60 @@
+From e69a88745e37061e0ab0a1e67ad11015cca610c1 Mon Sep 17 00:00:00 2001
+From: James Falcon <[email protected]>
+Date: Fri, 3 Sep 2021 12:57:20 -0500
+Subject: [PATCH] Set Azure to only update metadata on BOOT_NEW_INSTANCE
+ (#1006)
+
+In #834, we refactored the handling of events for fetching new metadata.
+Previously, in Azure's __init__, the BOOT event was added to the
+update_events, so it was assumed that Azure required the standard BOOT
+behavior, which is to apply metadata twice every boot: once during
+local-init, then again during standard init phase.
+https://github.com/canonical/cloud-init/blob/21.2/cloudinit/sources/DataSourceAzure.py#L356
+
+However, this line was effectively meaningless. After the metadata was
+fetched in local-init, it was then pickled out to disk. Because
+"update_events" was a class variable, the EventType.BOOT was not
+persisted into the pickle. When the pickle was then unpickled in the
+init phase, metadata did not get re-fetched because EventType.BOOT was
+not present, so Azure is effectely only BOOT_NEW_INSTANCE.
+
+Fetching metadata twice during boot causes some issue for
+pre-provisioning on Azure because updating metadata during
+re-provisioning will cause cloud-init to poll for reprovisiondata again
+in DataSourceAzure, which will infinitely return 404(reprovisiondata
+is deleted from IMDS after health signal was sent by cloud-init during
+init-local). This makes cloud-init stuck in 'init'
+
+Signed-off-by: Henry Beberman <[email protected]>
+
+---
+ cloudinit/sources/DataSourceAzure.py | 9 +--------
+ 1 file changed, 1 insertion(+), 8 deletions(-)
+
+diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
+index caffa944f3..3fb564c8dd 100755
+--- a/cloudinit/sources/DataSourceAzure.py
++++ b/cloudinit/sources/DataSourceAzure.py
+@@ -22,7 +22,7 @@
+ from cloudinit import dmi
+ from cloudinit import log as logging
+ from cloudinit import net
+-from cloudinit.event import EventScope, EventType
++from cloudinit.event import EventType
+ from cloudinit.net import device_driver
+ from cloudinit.net.dhcp import EphemeralDHCPv4
+ from cloudinit import sources
+@@ -339,13 +339,6 @@ def temporary_hostname(temp_hostname, cfg, hostname_command='hostname'):
+ class DataSourceAzure(sources.DataSource):
+ 
+     dsname = 'Azure'
+-    # Regenerate network config new_instance boot and every boot
+-    default_update_events = {EventScope.NETWORK: {
+-        EventType.BOOT_NEW_INSTANCE,
+-        EventType.BOOT,
+-        EventType.BOOT_LEGACY
+-    }}
+-
+     _negotiated = False
+     _metadata_imds = sources.UNSET
+     _ci_pkl_version = 1

SPECS/expat/expat.signatures.json

@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "expat-2.4.4.tar.bz2": "14c58c2a0b5b8b31836514dfab41bd191836db7aa7b84ae5c47bc0327a20d64a"
+  "expat-2.4.6.tar.bz2": "ce317706b07cae150f90cddd4253f5b4fba929607488af5ac47bf2bc08e31f09"
  }
-}
+}

SPECS/expat/expat.spec

@@ -1,7 +1,7 @@
 %global 		underscore_version $(echo %{version} | cut -d. -f1-3 --output-delimiter="_")
 Summary:        An XML parser library
 Name:           expat
-Version:        2.4.4
+Version:        2.4.6
 Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
@@ -65,6 +65,10 @@ rm -rf %{buildroot}/%{_docdir}/%{name}
 %{_libdir}/libexpat.so.1*
 
 %changelog
+* Thu Feb 24 2022 Thomas Crain <[email protected]> - 2.4.6-1
+- Upgrade to latest upstream version to fix CVE-2022-25313, CVE-2022-25314,
+  CVE-2022-25315, CVE-2022-25235, CVE-2022-25236
+
 * Mon Jan 31 2022 Neha Agarwal <[email protected]> - 2.4.4-1
 - Update version to 2.4.4 to address CVE-2022-23852
 

SPECS/mariner-release/mariner-release.spec

@@ -1,7 +1,7 @@
 Summary:       CBL-Mariner release files
 Name:          mariner-release
 Version:       1.0
-Release:       33%{?dist}
+Release:       35%{?dist}
 License:       MIT
 Group:         System Environment/Base
 URL:           https://aka.ms/cbl-mariner
@@ -36,7 +36,7 @@ cat > %{buildroot}/usr/lib/os-release << EOF
 NAME="Common Base Linux Mariner"
 VERSION="%{mariner_release_version}"
 ID=mariner
-VERSION_ID=$version_id
+VERSION_ID="$version_id"
 PRETTY_NAME="CBL-Mariner/Linux"
 ANSI_COLOR="1;34"
 HOME_URL="%{url}"
@@ -67,6 +67,10 @@ rm -rf $RPM_BUILD_ROOT
 %config(noreplace) /etc/issue.net
 
 %changelog
+*   Fri Feb 25 2022 Jon Slobodzian <[email protected]> - 1.0-35
+-   Updating version for March update.
+*   Thu Feb 24 2022 Pawel Winogrodzki <[email protected]> - 1.0-34
+-   Surrounding 'VERSION_ID' inside 'os-release' with double quotes.
 *   Mon Feb 07 2022 Jon Slobodzian <[email protected]> - 1.0-33
 -   Updating version for February update.
 *   Wed Jan 26 2022 Jon Slobodzian <[email protected]> - 1.0-32