azurelinux-security
diff --git a/‎SPECS-EXTENDED/buildah/buildah.spec‎
Lines changed: 5 additions & 2 deletions b/‎SPECS-EXTENDED/buildah/buildah.spec‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎SPECS-EXTENDED/catatonit/catatonit.spec‎
Lines changed: 5 additions & 2 deletions b/‎SPECS-EXTENDED/catatonit/catatonit.spec‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎SPECS-EXTENDED/dyninst/dyninst.spec‎
Lines changed: 5 additions & 2 deletions b/‎SPECS-EXTENDED/dyninst/dyninst.spec‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎SPECS-EXTENDED/podman/podman.spec‎
Lines changed: 5 additions & 2 deletions b/‎SPECS-EXTENDED/podman/podman.spec‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎SPECS/busybox/busybox.spec‎
Lines changed: 5 additions & 2 deletions b/‎SPECS/busybox/busybox.spec‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎SPECS/flannel/flannel.spec‎
Lines changed: 5 additions & 2 deletions b/‎SPECS/flannel/flannel.spec‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎SPECS/glibc/add_support_record_failure_barrier.patch‎
Lines changed: 49 additions & 0 deletions b/‎SPECS/glibc/add_support_record_failure_barrier.patch‎
Lines changed: 49 additions & 0 deletions
diff --git a/‎SPECS/glibc/glibc.spec‎
Lines changed: 9 additions & 1 deletion b/‎SPECS/glibc/glibc.spec‎
Lines changed: 9 additions & 1 deletion
@@ -21,7 +21,7 @@
 Summary:        A command line tool used for creating OCI Images
 Name:           buildah
 Version:        1.18.0
-Release:        31%{?dist}
+Release:        32%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -32,7 +32,7 @@ BuildRequires:  btrfs-progs-devel
 BuildRequires:  device-mapper-devel
 BuildRequires:  git
 BuildRequires:  glib2-devel
-BuildRequires:  glibc-static >= 2.38-11%{?dist}
+BuildRequires:  glibc-static >= 2.38-12%{?dist}
 BuildRequires:  go-md2man
 BuildRequires:  go-rpm-macros
 BuildRequires:  golang
@@ -123,6 +123,9 @@ cp imgtype %{buildroot}/%{_bindir}/%{name}-imgtype
 %{_datadir}/%{name}/test
 
 %changelog
+* Thu Aug 28 2025 Kanishk Bansal <[email protected]> - 1.18.0-32
+- Bump to rebuild with updated glibc
+
 * Thu May 22 2025 Kanishk Bansal <[email protected]> - 1.18.0-31
 - Bump to rebuild with updated glibc
 
 
@@ -3,7 +3,7 @@ Distribution:   Azure Linux
 
 Name: catatonit
 Version: 0.1.7
-Release: 19%{?dist}
+Release: 20%{?dist}
 Summary: A signal-forwarding process manager for containers
 License: GPLv3+
 URL: https://github.com/openSUSE/catatonit
@@ -13,7 +13,7 @@ BuildRequires: automake
 BuildRequires: file
 BuildRequires: gcc
 BuildRequires: git
-BuildRequires: glibc-static >= 2.38-11%{?dist}
+BuildRequires: glibc-static >= 2.38-12%{?dist}
 BuildRequires: libtool
 BuildRequires: make
 
@@ -61,6 +61,9 @@ ln -s %{_libexecdir}/%{name}/%{name} %{buildroot}%{_libexecdir}/podman/%{name}
 %{_libexecdir}/podman/%{name}
 
 %changelog
+* Thu Aug 28 2025 Kanishk Bansal <[email protected]> - 0.1.7-20
+- Bump to rebuild with updated glibc
+
 * Thu May 22 2025 Kanishk Bansal <[email protected]> - 0.1.7-19
 - Bump to rebuild with updated glibc
 
 
@@ -1,7 +1,7 @@
 Summary: An API for Run-time Code Generation
 License: LGPLv2+
 Name: dyninst
-Release: 21%{?dist}
+Release: 22%{?dist}
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL: http://www.dyninst.org
@@ -31,7 +31,7 @@ BuildRequires: tbb tbb-devel
 
 # Extra requires just for the testsuite
 BuildRequires: gcc-gfortran libstdc++-static libxml2-devel
-BuildRequires: glibc-static >= 2.38-11%{?dist}
+BuildRequires: glibc-static >= 2.38-12%{?dist}
 
 # Testsuite files should not provide/require anything
 %{?filter_setup:
@@ -194,6 +194,9 @@ echo "%{_libdir}/dyninst" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
 %attr(644,root,root) %{_libdir}/dyninst/testsuite/*.a
 
 %changelog
+* Thu Aug 28 2025 Kanishk Bansal <[email protected]> - 10.1.0-22
+- Bump to rebuild with updated glibc
+
 * Thu May 22 2025 Kanishk Bansal <[email protected]> - 10.1.0-21
 - Bump to rebuild with updated glibc
 
 
@@ -35,7 +35,7 @@
 
 Name:           podman
 Version:        4.1.1
-Release:        29%{?dist}
+Release:        30%{?dist}
 License:        ASL 2.0 and BSD and ISC and MIT and MPLv2.0
 Summary:        Manage Pods, Containers and Container Images
 Vendor:         Microsoft Corporation
@@ -50,7 +50,7 @@ BuildRequires:  go-md2man
 BuildRequires:  golang
 BuildRequires:  gcc
 BuildRequires:  glib2-devel
-BuildRequires:  glibc-static >= 2.38-11%{?dist}
+BuildRequires:  glibc-static >= 2.38-12%{?dist}
 BuildRequires:  git
 BuildRequires:  go-rpm-macros
 BuildRequires:  gpgme-devel
@@ -386,6 +386,9 @@ cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/
 
 # rhcontainerbot account currently managed by lsm5
 %changelog
+* Thu Aug 28 2025 Kanishk Bansal <[email protected]> - 4.1.1-30
+- Bump to rebuild with updated glibc
+
 * Thu May 22 2025 Kanishk Bansal <[email protected]> - 4.1.1-29
 - Bump to rebuild with updated glibc
 
 
@@ -1,7 +1,7 @@
 Summary:        Statically linked binary providing simplified versions of system commands
 Name:           busybox
 Version:        1.36.1
-Release:        14%{?dist}
+Release:        15%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -19,7 +19,7 @@ Patch5:         CVE-2023-42366.patch
 Patch6:         CVE-2023-39810.patch
 Patch7:         CVE-2022-48174.patch
 BuildRequires:  gcc
-BuildRequires:  glibc-static >= 2.38-11%{?dist}
+BuildRequires:  glibc-static >= 2.38-12%{?dist}
 BuildRequires:  libselinux-devel >= 1.27.7-2
 BuildRequires:  libsepol-devel
 %if 0%{?with_check}
@@ -106,6 +106,9 @@ SKIP_KNOWN_BUGS=1 ./runtest
 %{_mandir}/man1/busybox.petitboot.1.gz
 
 %changelog
+* Thu Aug 28 2025 Kanishk Bansal <[email protected]> - 1.36.1-15
+- Bump to rebuild with updated glibc
+
 * Mon Jul 07 2025 Kanishk Bansal <[email protected]> - 1.36.1-14
 - Patch CVE-2022-48174
 
 
@@ -3,7 +3,7 @@
 Summary:        Simple and easy way to configure a layer 3 network fabric designed for Kubernetes
 Name:           flannel
 Version:        0.24.2
-Release:        16%{?dist}
+Release:        17%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -18,7 +18,7 @@ Patch3:         CVE-2025-30204.patch
 Patch4:         CVE-2024-51744.patch
 BuildRequires:  gcc
 BuildRequires:  glibc-devel
-BuildRequires:  glibc-static >= 2.38-11%{?dist}
+BuildRequires:  glibc-static >= 2.38-12%{?dist}
 BuildRequires:  golang < 1.25
 BuildRequires:  kernel-headers
 
@@ -52,6 +52,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} ./dist/flanneld
 %{_bindir}/flanneld
 
 %changelog
+* Thu Aug 28 2025 Kanishk Bansal <[email protected]> - 0.24.2-17
+- Bump to rebuild with updated glibc
+
 * Sun Aug 31 2025 Andrew Phelps <[email protected]> - 0.24.2-16
 - Set BR for golang to < 1.25
 
 
@@ -0,0 +1,49 @@
+From 4335cd9b58d1449abfba1bb5060970785940a399 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <[email protected]>
+Date: Mon, 23 Dec 2024 13:57:55 +0100
+Subject: [PATCH] support: Add support_record_failure_barrier
+
+This can be used to stop execution after a TEST_COMPARE_BLOB
+failure, for example.
+
+(cherry picked from commit d0b8aa6de4529231fadfe604ac2c434e559c2d9e)
+---
+ support/check.h                  |  3 +++
+ support/support_record_failure.c | 10 ++++++++++
+ 2 files changed, 13 insertions(+)
+
+diff --git a/support/check.h b/support/check.h
+index 0a9fff484f..632fe5298a 100644
+--- a/support/check.h
++++ b/support/check.h
+@@ -207,6 +207,9 @@ void support_record_failure_reset (void);
+    failures or not.  */
+ int support_record_failure_is_failed (void);
+ 
++/* Terminate the process if any failures have been encountered so far.  */
++void support_record_failure_barrier (void);
++
+ __END_DECLS
+ 
+ #endif /* SUPPORT_CHECK_H */
+diff --git a/support/support_record_failure.c b/support/support_record_failure.c
+index 711f08801b..8466b895dc 100644
+--- a/support/support_record_failure.c
++++ b/support/support_record_failure.c
+@@ -112,3 +112,13 @@ support_record_failure_is_failed (void)
+      synchronization for reliable test error reporting anyway.  */
+   return __atomic_load_n (&state->failed, __ATOMIC_RELAXED);
+ }
++
++void
++support_record_failure_barrier (void)
++{
++  if (__atomic_load_n (&state->failed, __ATOMIC_RELAXED))
++    {
++      puts ("error: exiting due to previous errors");
++      exit (1);
++    }
++}
+-- 
+2.43.7
+
@@ -10,7 +10,7 @@
 Summary:        Main C library
 Name:           glibc
 Version:        2.38
-Release:        11%{?dist}
+Release:        12%{?dist}
 License:        BSD AND GPLv2+ AND Inner-Net AND ISC AND LGPLv2+ AND MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -45,6 +45,10 @@ Patch16:        CVE-2024-33600.patch
 # Patch of CVE-2024-33601 fixes CVE-2024-33602 also
 Patch17:        CVE-2024-33601.patch
 Patch18:        CVE-2025-0395.patch
+Patch19:        CVE-2025-4802.patch
+# Add test for CVE-2025-4802. Requires additional patch for a support function
+Patch20:        add_support_record_failure_barrier.patch
+Patch21:        test-CVE-2025-4802.patch
 
 # Patches for testing
 Patch100:       0001-Remove-Wno-format-cflag-from-tests.patch
@@ -367,6 +371,10 @@ grep "^FAIL: nptl/tst-mutex10" tests.sum >/dev/null && n=$((n+1)) ||:
 %exclude %{_libdir}/locale/C.utf8
 
 %changelog
+* Thu Aug 28 2025 Kanishk Bansal <[email protected]> - 2.38-12
+- Fix Patch application of CVE-2025-4802
+- Add test for CVE-2025-4802
+
 * Thu May 22 2025 Kanishk Bansal <[email protected]> - 2.38-11
 - Patch CVE-2023-4527, CVE-2023-4806, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2025-0395, CVE-2025-4802
 - Fix CVE-2023-5156