Remove psw protected zip file from upstream src (if psw cannot be found) (microsoft#13898)

Co-authored-by: CBL-Mariner Servicing Account <[email protected]>

Author: nicogbg

SPECS/libzip/libzip.signatures.json

@@ -1,5 +1,5 @@
 {
   "Signatures": {
-    "libzip-1.10.1.tar.xz": "dc3c8d5b4c8bbd09626864f6bcf93de701540f761d76b85d7c7d710f4bd90318"
+    "libzip-1.10.1-scrubbed.tar.xz": "22fcb0d7f7ae38bbe0baea0c2c54378881024f55a32be00a8641d3f9f71f32e4"
   }
 }

SPECS/libzip/libzip.spec

@@ -1,12 +1,13 @@
 Summary:        C library for reading, creating, and modifying zip archives
 Name:           libzip
 Version:        1.10.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://libzip.org/
-Source0:        https://libzip.org/download/libzip-%{version}.tar.xz
+# Note that scrubbed version of the source tarball contains upstream source minus password protected files which password is not known
+Source0:        https://libzip.org/download/libzip-%{version}.tar.xz#/libzip-%{version}-scrubbed.tar.xz
 BuildRequires:  bzip2-devel
 BuildRequires:  cmake >= 3.0.2
 BuildRequires:  gcc
@@ -115,6 +116,9 @@ make test
 %{_libdir}/pkgconfig/libzip.pc
 
 %changelog
+* Tue May 27 2025 Nicolas Guibourge <[email protected]> - 1.10.1-3
+- Remove password protected zip files from upstream src tarball
+
 * Mon Aug 19 2024 Andrew Phelps <[email protected]> - 1.10.1-2
 - Fix package tests
 - Switch to out-of-source build

SPECS/linux-firmware/linux-firmware.signatures.json

@@ -1,5 +1,5 @@
 {
   "Signatures": {
-    "linux-firmware-20230804.tar.gz": "c09913f675bea9623798eebf8b238cda49b62dfa1729cc7c2c17193b0ab22ff7"
+    "linux-firmware-20230804-scrubbed.tar.gz": "97c0a49b90e28284bd97de128057166c022245362af6d8a57951f5e7e547ffe5"
   }
 }

SPECS/linux-firmware/linux-firmware.spec

@@ -5,13 +5,14 @@
 Summary:        Linux Firmware
 Name:           linux-firmware
 Version:        20230804
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPL+ AND GPLv2+ AND MIT AND Redistributable, no modification permitted
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          System Environment/Kernel
 URL:            https://www.kernel.org/
-Source0:        https://git.kernel.org/pub/scm/linux/kernel/git/firmware/%{name}.git/snapshot/%{name}-%{version}.tar.gz
+# Note that scrubbed version of the source tarball contains upstream source minus password protected files which password is not known
+Source0:        https://www.kernel.org/pub/linux/kernel/firmware/%{name}-%{version}.tar.gz#/%{name}-%{version}-scrubbed.tar.gz
 BuildArch:      noarch
 
 Requires:       %{name}-broadcom = %{version}-%{release}
@@ -96,6 +97,9 @@ cp iwlwifi-8000C-*.ucode %{buildroot}%{_firmwarepath}
 %{_firmwarepath}/intel
 
 %changelog
+* Tue May 27 2025 Nicolas Guibourge <[email protected]> - 0230804-2
+- Remove password protected compressed files from upstream src tarball
+
 * Fri Oct 27 2023 CBL-Mariner Servicing Account <[email protected]> - 20230804-1
 - Auto-upgrade to 20230804 - Azure Linux 3.0 - package upgrades
 

SPECS/perl/perl-remove-psw-protected-zip.patch

@@ -0,0 +1,38 @@
+diff -ru perl-5.38.2-orig/MANIFEST perl-5.38.2/MANIFEST
+--- perl-5.38.2-orig/MANIFEST	2025-05-27 11:19:46.070345254 -0400
++++ perl-5.38.2/MANIFEST	2025-05-27 11:23:50.224235644 -0400
+@@ -1399,7 +1399,6 @@
+ cpan/IO-Compress/t/cz-14gzopen.t			IO::Compress
+ cpan/IO-Compress/t/files/bad-efs.zip
+ cpan/IO-Compress/t/files/encrypt-aes.zip
+-cpan/IO-Compress/t/files/encrypt-standard.zip
+ cpan/IO-Compress/t/files/jar.zip
+ cpan/IO-Compress/t/files/meta.xml
+ cpan/IO-Compress/t/files/test.ods
+diff -ru perl-5.38.2-orig/cpan/IO-Compress/t/105oneshot-zip-only.t perl-5.38.2/cpan/IO-Compress/t/105oneshot-zip-only.t
+--- perl-5.38.2-orig/cpan/IO-Compress/t/105oneshot-zip-only.t	2025-05-27 11:19:46.300345249 -0400
++++ perl-5.38.2/cpan/IO-Compress/t/105oneshot-zip-only.t	2025-05-27 11:23:45.336599173 -0400
+@@ -163,23 +163,6 @@
+ }
+ 
+ {
+-    title "Detect encrypted zip file";
+-
+-    my $files = "./t/" ;
+-    $files = "./" if $ENV{PERL_CORE} ;
+-    $files .= "files/";
+-
+-    my $zipfile = "$files/encrypt-standard.zip" ;
+-    my $output;
+-
+-    ok ! unzip "$files/encrypt-standard.zip" => \$output ;
+-    like $UnzipError, qr/Encrypted content not supported/ ;
+-
+-    ok ! unzip "$files/encrypt-aes.zip" => \$output ;
+-    like $UnzipError, qr/Encrypted content not supported/ ;
+-}
+-
+-{
+     title "jar file with deflated directory";
+ 
+     # Create Jar as follow

SPECS/perl/perl.signatures.json

@@ -3,6 +3,6 @@
   "Pod-Html-license-clarification": "8667642d6d3a4ca8d8281b33b5e83a264e7681eb5080256331ae34b09d63b0cc",
   "gendep.macros": "acde93c38249583f6e24fa21cc4066ffbca617d36f8cba5d4676408ae0bbefb2",
   "macros.perl": "0597172591cea26c81e92b580b63cb1c5e812cc354c34ac21b8ebc1854713183",
-  "perl-5.38.2.tar.xz": "d91115e90b896520e83d4de6b52f8254ef2b70a8d545ffab33200ea9f1cf29e8"
+  "perl-5.38.2-scrubbed.tar.xz": "6f5b72cd31d009f364b5ac8b20b0e5493203b70a8d997ced785d5a2a5d68a1a7"
  }
 }

SPECS/perl/perl.spec

@@ -127,12 +127,13 @@ License:        GPL+ or Artistic
 Epoch:          %{perl_epoch}
 Version:        %{perl_version}
 # release number must be even higher, because dual-lived modules will be broken otherwise
-Release:        507%{?dist}
+Release:        508%{?dist}
 Summary:        Practical Extraction and Report Language
 Url:            https://www.perl.org/
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
-Source0:        https://www.cpan.org/src/5.0/perl-%{perl_version}.tar.xz
+# Note that scrubbed version of the source tarball contains upstream source minus password protected files which password is not known
+Source0:        https://www.cpan.org/src/5.0/perl-%{perl_version}.tar.xz#/perl-%{perl_version}-scrubbed.tar.xz
 Source3:        macros.perl
 # Tom Christiansen confirms Pod::Html uses the same license as perl
 Source6:        Pod-Html-license-clarification
@@ -174,6 +175,9 @@ Patch13:        perl-5.28.0-Pass-CFLAGS-to-dtrace.patch
 # Fixed in perl 5.39.3, in locale.c was more changes
 Patch14:         perl-5.38.0-Revert-Do-uselocale-earlier-in-init-process.patch
 
+# remove password protected zip file which password is not known
+Patch15:         perl-remove-psw-protected-zip.patch
+
 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
 Patch200:       perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
 
@@ -6840,6 +6844,9 @@ popd
 
 # Old changelog entries are preserved in CVS.
 %changelog
+* Tue May 27 2025 Nicolas Guibourge <[email protected]> - 4:5.38.2-508
+- Remove password protected zip files from upstream src tarball
+
 * Tue Apr 08 2025 Andrew Phelps <[email protected]> - 4:5.38.2-507
 - Patch CVE-2024-56406
 

cgmanifest.json

@@ -12232,7 +12232,7 @@
         "other": {
           "name": "linux-firmware",
           "version": "20230804",
-          "downloadUrl": "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/snapshot/linux-firmware-20230804.tar.gz"
+          "downloadUrl": "https://www.kernel.org/pub/linux/kernel/firmware/linux-firmware-20230804.tar.gz"
         }
       }
     },

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -107,64 +107,64 @@ libpipeline-devel-1.5.7-1.azl3.aarch64.rpm
 gdbm-1.23-1.azl3.aarch64.rpm
 gdbm-devel-1.23-1.azl3.aarch64.rpm
 gdbm-lang-1.23-1.azl3.aarch64.rpm
-perl-B-1.88-507.azl3.aarch64.rpm
-perl-Carp-1.54-507.azl3.noarch.rpm
-perl-Class-Struct-0.68-507.azl3.noarch.rpm
-perl-Data-Dumper-2.188-507.azl3.aarch64.rpm
-perl-DynaLoader-1.54-507.azl3.aarch64.rpm
-perl-Encode-3.19-507.azl3.aarch64.rpm
-perl-Errno-1.37-507.azl3.aarch64.rpm
-perl-Exporter-5.77-507.azl3.noarch.rpm
-perl-Fcntl-1.15-507.azl3.aarch64.rpm
-perl-File-Basename-2.86-507.azl3.noarch.rpm
-perl-File-Compare-1.100.700-507.azl3.noarch.rpm
-perl-File-Copy-2.41-507.azl3.noarch.rpm
-perl-File-Path-2.18-507.azl3.noarch.rpm
-perl-File-Temp-0.231.100-507.azl3.noarch.rpm
-perl-File-stat-1.13-507.azl3.noarch.rpm
-perl-FileHandle-2.05-507.azl3.noarch.rpm
-perl-Getopt-Long-2.54-507.azl3.noarch.rpm
-perl-Getopt-Std-1.13-507.azl3.noarch.rpm
-perl-HTTP-Tiny-0.086-507.azl3.noarch.rpm
-perl-I18N-Langinfo-0.22-507.azl3.aarch64.rpm
-perl-IO-1.52-507.azl3.aarch64.rpm
-perl-IPC-Open3-1.22-507.azl3.noarch.rpm
-perl-MIME-Base64-3.16-507.azl3.aarch64.rpm
-perl-POSIX-2.13-507.azl3.aarch64.rpm
-perl-PathTools-3.89-507.azl3.aarch64.rpm
-perl-Pod-Escapes-1.07-507.azl3.noarch.rpm
-perl-Pod-Perldoc-3.28.01-507.azl3.noarch.rpm
-perl-Pod-Simple-3.43-507.azl3.noarch.rpm
-perl-Pod-Usage-2.03-507.azl3.noarch.rpm
-perl-Scalar-List-Utils-1.63-507.azl3.aarch64.rpm
-perl-SelectSaver-1.02-507.azl3.noarch.rpm
-perl-Socket-2.036-507.azl3.aarch64.rpm
-perl-Storable-3.32-507.azl3.aarch64.rpm
-perl-Symbol-1.09-507.azl3.noarch.rpm
-perl-Term-ANSIColor-5.01-507.azl3.noarch.rpm
-perl-Term-Cap-1.18-507.azl3.noarch.rpm
-perl-Text-ParseWords-3.31-507.azl3.noarch.rpm
-perl-Text-Tabs+Wrap-2021.0814-507.azl3.noarch.rpm
-perl-Thread-Queue-3.14-507.azl3.noarch.rpm
-perl-Time-Local-1.300-507.azl3.noarch.rpm
-perl-Unicode-Normalize-1.32-507.azl3.aarch64.rpm
-perl-base-2.27-507.azl3.noarch.rpm
-perl-constant-1.33-507.azl3.noarch.rpm
-perl-if-0.61.000-507.azl3.noarch.rpm
-perl-interpreter-5.38.2-507.azl3.aarch64.rpm
-perl-libs-5.38.2-507.azl3.aarch64.rpm
-perl-locale-1.10-507.azl3.noarch.rpm
-perl-macros-5.38.2-507.azl3.noarch.rpm
-perl-mro-1.28-507.azl3.aarch64.rpm
-perl-overload-1.37-507.azl3.noarch.rpm
-perl-overloading-0.02-507.azl3.noarch.rpm
-perl-parent-0.241-507.azl3.noarch.rpm
-perl-podlators-5.01-507.azl3.noarch.rpm
-perl-subs-1.04-507.azl3.noarch.rpm
-perl-threads-2.36-507.azl3.aarch64.rpm
-perl-threads-shared-1.68-507.azl3.aarch64.rpm
-perl-vars-1.05-507.azl3.noarch.rpm
-perl-5.38.2-507.azl3.aarch64.rpm
+perl-B-1.88-508.azl3.aarch64.rpm
+perl-Carp-1.54-508.azl3.noarch.rpm
+perl-Class-Struct-0.68-508.azl3.noarch.rpm
+perl-Data-Dumper-2.188-508.azl3.aarch64.rpm
+perl-DynaLoader-1.54-508.azl3.aarch64.rpm
+perl-Encode-3.19-508.azl3.aarch64.rpm
+perl-Errno-1.37-508.azl3.aarch64.rpm
+perl-Exporter-5.77-508.azl3.noarch.rpm
+perl-Fcntl-1.15-508.azl3.aarch64.rpm
+perl-File-Basename-2.86-508.azl3.noarch.rpm
+perl-File-Compare-1.100.700-508.azl3.noarch.rpm
+perl-File-Copy-2.41-508.azl3.noarch.rpm
+perl-File-Path-2.18-508.azl3.noarch.rpm
+perl-File-Temp-0.231.100-508.azl3.noarch.rpm
+perl-File-stat-1.13-508.azl3.noarch.rpm
+perl-FileHandle-2.05-508.azl3.noarch.rpm
+perl-Getopt-Long-2.54-508.azl3.noarch.rpm
+perl-Getopt-Std-1.13-508.azl3.noarch.rpm
+perl-HTTP-Tiny-0.086-508.azl3.noarch.rpm
+perl-I18N-Langinfo-0.22-508.azl3.aarch64.rpm
+perl-IO-1.52-508.azl3.aarch64.rpm
+perl-IPC-Open3-1.22-508.azl3.noarch.rpm
+perl-MIME-Base64-3.16-508.azl3.aarch64.rpm
+perl-POSIX-2.13-508.azl3.aarch64.rpm
+perl-PathTools-3.89-508.azl3.aarch64.rpm
+perl-Pod-Escapes-1.07-508.azl3.noarch.rpm
+perl-Pod-Perldoc-3.28.01-508.azl3.noarch.rpm
+perl-Pod-Simple-3.43-508.azl3.noarch.rpm
+perl-Pod-Usage-2.03-508.azl3.noarch.rpm
+perl-Scalar-List-Utils-1.63-508.azl3.aarch64.rpm
+perl-SelectSaver-1.02-508.azl3.noarch.rpm
+perl-Socket-2.036-508.azl3.aarch64.rpm
+perl-Storable-3.32-508.azl3.aarch64.rpm
+perl-Symbol-1.09-508.azl3.noarch.rpm
+perl-Term-ANSIColor-5.01-508.azl3.noarch.rpm
+perl-Term-Cap-1.18-508.azl3.noarch.rpm
+perl-Text-ParseWords-3.31-508.azl3.noarch.rpm
+perl-Text-Tabs+Wrap-2021.0814-508.azl3.noarch.rpm
+perl-Thread-Queue-3.14-508.azl3.noarch.rpm
+perl-Time-Local-1.300-508.azl3.noarch.rpm
+perl-Unicode-Normalize-1.32-508.azl3.aarch64.rpm
+perl-base-2.27-508.azl3.noarch.rpm
+perl-constant-1.33-508.azl3.noarch.rpm
+perl-if-0.61.000-508.azl3.noarch.rpm
+perl-interpreter-5.38.2-508.azl3.aarch64.rpm
+perl-libs-5.38.2-508.azl3.aarch64.rpm
+perl-locale-1.10-508.azl3.noarch.rpm
+perl-macros-5.38.2-508.azl3.noarch.rpm
+perl-mro-1.28-508.azl3.aarch64.rpm
+perl-overload-1.37-508.azl3.noarch.rpm
+perl-overloading-0.02-508.azl3.noarch.rpm
+perl-parent-0.241-508.azl3.noarch.rpm
+perl-podlators-5.01-508.azl3.noarch.rpm
+perl-subs-1.04-508.azl3.noarch.rpm
+perl-threads-2.36-508.azl3.aarch64.rpm
+perl-threads-shared-1.68-508.azl3.aarch64.rpm
+perl-vars-1.05-508.azl3.noarch.rpm
+perl-5.38.2-508.azl3.aarch64.rpm
 texinfo-7.0.3-1.azl3.aarch64.rpm
 gtk-doc-1.33.2-1.azl3.noarch.rpm
 autoconf-2.72-2.azl3.noarch.rpm