Skip to content

Sandbox/rdutta/3.0/update 3.0.20250423 3.0 v1#75

Closed
ranjan-dutta wants to merge 7226 commits into3.0-devfrom
sandbox/rdutta/3.0/update-3.0.20250423-3.0-v1
Closed

Sandbox/rdutta/3.0/update 3.0.20250423 3.0 v1#75
ranjan-dutta wants to merge 7226 commits into3.0-devfrom
sandbox/rdutta/3.0/update-3.0.20250423-3.0-v1

Conversation

@ranjan-dutta
Copy link
Contributor

@ranjan-dutta ranjan-dutta commented Apr 30, 2025

Merge Checklist

All boxes should be checked before merging the PR

  • [] The changes in the PR have been built and tested
  • [] cgmanifest file has been updated if required
  • [] Ready to merge

Description

Any Newly Introduced Dependencies

How Has This Been Tested?

v-smalavathu and others added 30 commits March 2, 2025 20:07
@v-smalavathu
libthai: Update Version from 0.1.28 -> 0.1.29 (#11064)
c11f579
@SumitJenaHCL
Upgrade: libsmbios version to 2.4.3 (#11057)
dc3b671
@SumitJenaHCL
Upgrade: libsigsegv version to 2.14 (#11056)
5ceb2bf
@SumitJenaHCL
Upgrade: libsigc++20 version to 2.12.1 (#11046)
0abef50
@SumitJenaHCL
Upgrade: librabbitmq version to 0.14.0 (#11018)
89692b6
@SumitJenaHCL
Upgrade: libsass version to 3.6.6 (#11023)
315b6c7
@SumitJenaHCL
Upgrade: intel-cmt-cat version to 24.05 (#11001)
8c92369
@v-smalavathu
libteam: Upgrade Version from 1.30 -> 1.32 (#11040)
48b5aec
@SumitJenaHCL
Upgrade: libqb version to 2.0.8 (#11017)
3f21f28
@jykanase
libbsd :update version to 0.12.2 (#10953)
e0f0f2c
@kevin-b-lockwood
Update libipt to 2.1.1-1 (#10939)
9038469
@SumitJenaHCL
Upgrade: libpinyin version to 2.9.92 (#11014)
ccf0294
@SumitJenaHCL
Upgrade: indent version to 2.2.13 (#11000)
5b8e197
@SumitJenaHCL
Upgrade: efi-rpm-macros version to 5 (#10928)
9b95278
@kevin-b-lockwood
Upgrade libplist to 2.6.0 (#10884)
5ed4959
@kevin-b-lockwood
Upgrade hdf to 4.3.0 (#10864)
87b05a4
@SumitJenaHCL
Upgrade: edac-utils version to 0.18 (#10860)
15233b5
@jykanase
fetchmail: Update to version 6.4.39 (#10856)
6621bff
@SumitJenaHCL
Upgrade: drpm version to 0.5.2 (#10847)
3a6f8d4
@v-smalavathu
discount: Update Version from 2.2.4 -> 2.2.7 (#10844)
69a4c93
@SumitJenaHCL
Upgrade: dropwatch version to 1.5.4 (#10842)
a0f3668
@jykanase
exiv2: Update to version 0.28.3 (#10820)
0e06c52
@kevin-b-lockwood
Upgrade gssntlmssp to 1.3.1-1 (#10791)
9b598d3
@kevin-b-lockwood
Upgrade gssdp to 1.6.3 (#10790)
0167500
@durgajagadeesh
libid3tag: Update to 0.16.3 (#10843)
a8cebac 
Co-authored-by: dj_palli <dj_palli@microsoft.com>
@kevin-b-lockwood
Upgrade graphene to 1.10.8-1 (#10779)
32047b8
@kevin-b-lockwood
Upgrade libgphoto2 to latest upstream (#10775)
5f0ac64
@SumitJenaHCL
Upgrade: dotconf version to 1.4.1 (#10752)
787ecdd
@jykanase
Upgrade SuperLU version to 7.0.0 (#10744)
f07579d
@durgajagadeesh
advancecomp: Upgraded to 2.6 version (#10697)
3400f1e 
Co-authored-by: dj_palli <dj_palli@microsoft.com>
CBL-Mariner-Bot and others added 18 commits March 31, 2025 15:05
@CBL-Mariner-Bot @Kanishk-Bansal
[AUTO-CHERRYPICK] Patch application-gateway-kubernetes-ingress for C…
52b3ad9 
…VE-2025-30204 [High] - branch 3.0-dev (#13230)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@CBL-Mariner-Bot @Kanishk-Bansal
[AUTO-CHERRYPICK] Patch coredns for CVE-2025-30204 [High] - branch …
fcd062f 
…3.0-dev (#13231)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@CBL-Mariner-Bot @Kanishk-Bansal
[AUTO-CHERRYPICK] Patch kubernetes for CVE-2025-30204 [High] - bran…
9a5b1e5 
…ch 3.0-dev (#13232)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@CBL-Mariner-Bot @Kanishk-Bansal
[AUTO-CHERRYPICK] Patch flannel for CVE-2025-30204 [High] - branch …
f7c2947 
…3.0-dev (#13234)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@CBL-Mariner-Bot @Kanishk-Bansal
[AUTO-CHERRYPICK] Patch keda for CVE-2025-30204, CVE-2025-29923 [Hi…
4d50670 
…gh] - branch 3.0-dev (#13235)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@CBL-Mariner-Bot @Kanishk-Bansal
[AUTO-CHERRYPICK] Patch telegraf for CVE-2025-30204 [High] - branch…
e467606 
… 3.0-dev (#13236)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@CBL-Mariner-Bot @Kanishk-Bansal
[AUTO-CHERRYPICK] Upgrade libreswan to 4.15 for CVE-2024-3652, CVE-…
a54213c 
…2024-2357, CVE-2023-30570 [High] - branch 3.0-dev (#13238)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@CBL-Mariner-Bot @Kanishk-Bansal
[AUTO-CHERRYPICK] Patch pytorch for CVE-2021-22569, CVE-2024-7776 […
7282abd 
…High] - branch 3.0-dev (#13239)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@CBL-Mariner-Bot
[AUTOPATCHER-CORE] Upgrade tzdata to 2025a upgrade to version 2025a (…
861fba8 
…#11994)
@CBL-Mariner-Bot
Prepare April 2025 Update (#13244)
64aa7ec
@CBL-Mariner-Bot @sindhu-karri
[AUTO-CHERRYPICK] Upgrade libxslt to fix CVE-2024-55549 and CVE-2025-…
2c7db7b 
…24855 [High] - branch 3.0-dev (#13243)

Co-authored-by: sindhu-karri <33163197+sindhu-karri@users.noreply.github.com>
@CBL-Mariner-Bot @Kanishk-Bansal @jslobodzian
[AUTO-CHERRYPICK] Patch prometheus for CVE-2025-30204 [High] - bran…
fb8d13a 
…ch 3.0-dev (#13233)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@manuelh-dev @CBL-Mariner-Bot
kata(-cc): upgrade kata-containers(-cc) to 3.2.0.azl5 (#13246)
4524ea4 
- Prevent hanging when ReadStreamRequest is blocked by policy
- Have the agent reformat CreateContainer requests in order to improve policy validation
- Fix for GHSA-qppj-fm5r-hxr3

Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
@CBL-Mariner-Bot
[AUTOPATCHER-CORE] Bugfix: 56213770, 56248605, upgrade cifs-utils to …
666e1f1 
…7.3 (#13116)
@rikenm1 @CBL-Mariner-Bot
Update Conda to 24.3.0 and bring missing runtime deps (#12648)
edf199a 
Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
@jslobodzian
Merge branch '3.0-dev' into joslobo/merge-for-april-update
0f6561e
@jslobodzian
Merge to 3.0 for April 2025 Update (#13256)
39cc18a
@ranjan-dutta
Merge tag '3.0.20250423-3.0' into 3.0-dev
7e5c061 
build tag "3.0.20250423-3.0"

# By CBL-Mariner-Bot (631) and others
# Via GitHub (214) and others
* tag '3.0.20250423-3.0': (6844 commits)
  Update Conda to 24.3.0  and bring missing runtime deps (#12648)
  [AUTOPATCHER-CORE] Bugfix: 56213770, 56248605, upgrade cifs-utils to 7.3  (#13116)
  kata(-cc): upgrade kata-containers(-cc) to 3.2.0.azl5 (#13246)
  [AUTO-CHERRYPICK] Patch `prometheus` for CVE-2025-30204 [High] - branch 3.0-dev (#13233)
  [AUTO-CHERRYPICK] Upgrade libxslt to fix CVE-2024-55549 and CVE-2025-24855 [High] - branch 3.0-dev (#13243)
  Prepare April 2025 Update (#13244)
  [AUTOPATCHER-CORE] Upgrade tzdata to 2025a upgrade to version 2025a (#11994)
  [AUTO-CHERRYPICK] Patch `pytorch` for CVE-2021-22569, CVE-2024-7776 [High] - branch 3.0-dev (#13239)
  [AUTO-CHERRYPICK] Upgrade `libreswan` to 4.15 for CVE-2024-3652, CVE-2024-2357, CVE-2023-30570 [High] - branch 3.0-dev (#13238)
  [AUTO-CHERRYPICK] Patch `telegraf` for CVE-2025-30204 [High] - branch 3.0-dev (#13236)
  [AUTO-CHERRYPICK] Patch `keda` for CVE-2025-30204, CVE-2025-29923 [High] - branch 3.0-dev (#13235)
  [AUTO-CHERRYPICK] Patch `flannel` for CVE-2025-30204 [High] - branch 3.0-dev (#13234)
  [AUTO-CHERRYPICK] Patch `kubernetes` for CVE-2025-30204 [High] - branch 3.0-dev (#13232)
  [AUTO-CHERRYPICK] Patch `coredns` for CVE-2025-30204 [High] - branch 3.0-dev (#13231)
  [AUTO-CHERRYPICK] Patch `application-gateway-kubernetes-ingress` for CVE-2025-30204 [High] - branch 3.0-dev (#13230)
  [AUTO-CHERRYPICK] Patch `packer` for CVE-2025-30204 [High] - branch 3.0-dev (#13229)
  [AUTO-CHERRYPICK] Patch cert-manager for CVE-2025-30204 [High] - branch 3.0-dev (#13228)
  [AUTO-CHERRYPICK] Patch `azcopy` for CVE-2025-30204 [High] - branch 3.0-dev (#13227)
  [AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade mariadb to 10.11.11 for CVE-2025-21490 - branch 3.0-dev (#13226)
  [AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade libdwarf to 0.9.2 for CVE-2024-2002 [High] - branch 3.0-dev (#13225)
  ...

# Conflicts:
#	.gitattributes
#	.github/CODEOWNERS
#	.github/workflows/azurelinux-spec-cleaner.patch
#	.github/workflows/check-circular-deps.yml
#	.github/workflows/check-entangled-specs.yml
#	.github/workflows/check-license-map.yml
#	.github/workflows/check-manifests.yml
#	.github/workflows/check-package-cgmanifest.yml
#	.github/workflows/check-source-signatures.yml
#	.github/workflows/check-spec.yml
#	.github/workflows/check-static-glibc.yml
#	.github/workflows/go-test-coverage.yml
#	.github/workflows/lint-specs.yml
#	.github/workflows/merge-conflict-check.yml
#	.github/workflows/validate-cg-manifest.sh
#	.gitignore
#	CODE_OF_CONDUCT.md
#	LICENSE
#	LICENSES-AND-NOTICES/LICENSE.md
#	LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
#	LICENSES-AND-NOTICES/SPECS/data/licenses.json
#	README.md
#	SECURITY.md
#	SPECS-EXTENDED/flite/flite.signatures.json
#	SPECS-EXTENDED/flite/flite.spec
#	SPECS-EXTENDED/glassfish-annotation-api/glassfish-annotation-api-build.xml
#	SPECS-EXTENDED/glassfish-annotation-api/glassfish-annotation-api.signatures.json
#	SPECS-EXTENDED/glassfish-annotation-api/glassfish-annotation-api.spec
#	SPECS-EXTENDED/kde-filesystem/kde-filesystem.signatures.json
#	SPECS-EXTENDED/kde-filesystem/kde-filesystem.spec
#	SPECS-EXTENDED/kde-filesystem/teamnames
#	SPECS-EXTENDED/libcdio-paranoia/libcdio-paranoia.signatures.json
#	SPECS-EXTENDED/libcdio-paranoia/libcdio-paranoia.spec
#	SPECS-EXTENDED/libcdio/libcdio.signatures.json
#	SPECS-EXTENDED/libcdio/libcdio.spec
#	SPECS-EXTENDED/libcdr/libcdr.signatures.json
#	SPECS-EXTENDED/libcdr/libcdr.spec
#	SPECS-EXTENDED/libdazzle/libdazzle.signatures.json
#	SPECS-EXTENDED/libdazzle/libdazzle.spec
#	SPECS-EXTENDED/libdc1394/libdc1394.signatures.json
#	SPECS-EXTENDED/libdc1394/libdc1394.spec
#	SPECS-EXTENDED/libdvdnav/libdvdnav.signatures.json
#	SPECS-EXTENDED/libdvdnav/libdvdnav.spec
#	SPECS-EXTENDED/libsecret/libsecret.signatures.json
#	SPECS-EXTENDED/libsecret/libsecret.spec
#	SPECS-EXTENDED/memkind/memkind.signatures.json
#	SPECS-EXTENDED/memkind/memkind.spec
#	SPECS-EXTENDED/ocaml-curses/ocaml-curses.signatures.json
#	SPECS-EXTENDED/ocaml-curses/ocaml-curses.spec
#	SPECS-EXTENDED/ocaml-extlib/ocaml-extlib.signatures.json
#	SPECS-EXTENDED/ocaml-extlib/ocaml-extlib.spec
#	SPECS-EXTENDED/ogdi/ogdi.signatures.json
#	SPECS-EXTENDED/ogdi/ogdi.spec
#	SPECS-EXTENDED/opencryptoki/opencryptoki.signatures.json
#	SPECS-EXTENDED/opencryptoki/opencryptoki.spec
#	SPECS-EXTENDED/optipng/optipng.signatures.json
#	SPECS-EXTENDED/optipng/optipng.spec
#	SPECS-EXTENDED/perl-Authen-SASL/perl-Authen-SASL.signatures.json
#	SPECS-EXTENDED/perl-Authen-SASL/perl-Authen-SASL.spec
#	SPECS-EXTENDED/perl-B-Hooks-EndOfScope/perl-B-Hooks-EndOfScope.signatures.json
#	SPECS-EXTENDED/perl-B-Hooks-EndOfScope/perl-B-Hooks-EndOfScope.spec
#	SPECS-EXTENDED/perl-Business-ISBN-Data/perl-Business-ISBN-Data.signatures.json
#	SPECS-EXTENDED/perl-Business-ISBN-Data/perl-Business-ISBN-Data.spec
#	SPECS-EXTENDED/perl-Compress-Raw-Lzma/perl-Compress-Raw-Lzma.signatures.json
#	SPECS-EXTENDED/perl-Compress-Raw-Lzma/perl-Compress-Raw-Lzma.spec
#	SPECS-EXTENDED/perl-Config-Tiny/perl-Config-Tiny.signatures.json
#	SPECS-EXTENDED/perl-Config-Tiny/perl-Config-Tiny.spec
#	SPECS-EXTENDED/perl-Crypt-OpenSSL-Random/perl-Crypt-OpenSSL-Random.signatures.json
#	SPECS-EXTENDED/perl-Crypt-OpenSSL-Random/perl-Crypt-OpenSSL-Random.spec
#	SPECS-EXTENDED/perl-Data-Peek/perl-Data-Peek.signatures.json
#	SPECS-EXTENDED/perl-Data-Peek/perl-Data-Peek.spec
#	SPECS-EXTENDED/perl-File-Slurp/perl-File-Slurp.signatures.json
#	SPECS-EXTENDED/perl-File-Slurp/perl-File-Slurp.spec
#	SPECS-EXTENDED/perl-Importer/perl-Importer.signatures.json
#	SPECS-EXTENDED/perl-Importer/perl-Importer.spec
#	SPECS-EXTENDED/perl-Net-Telnet/perl-Net-Telnet.signatures.json
#	SPECS-EXTENDED/perl-Net-Telnet/perl-Net-Telnet.spec
#	SPECS-EXTENDED/perl-Test-Harness/perl-Test-Harness.signatures.json
#	SPECS-EXTENDED/perl-Test-Harness/perl-Test-Harness.spec
#	SPECS-EXTENDED/perl-Test-Inter/perl-Test-Inter.signatures.json
#	SPECS-EXTENDED/perl-Test-Inter/perl-Test-Inter.spec
#	SPECS-EXTENDED/perl-XString/perl-XString.signatures.json
#	SPECS-EXTENDED/perl-XString/perl-XString.spec
#	SPECS-EXTENDED/plexus-pom/plexus-pom.signatures.json
#	SPECS-EXTENDED/plexus-pom/plexus-pom.spec
#	SPECS-EXTENDED/pps-tools/pps-tools.signatures.json
#	SPECS-EXTENDED/pps-tools/pps-tools.spec
#	SPECS-EXTENDED/python-dulwich/python-dulwich.signatures.json
#	SPECS-EXTENDED/python-dulwich/python-dulwich.spec
#	SPECS-EXTENDED/python-qrcode/python-qrcode.signatures.json
#	SPECS-EXTENDED/python-qrcode/python-qrcode.spec
#	SPECS-EXTENDED/python-rdflib/python-rdflib.signatures.json
#	SPECS-EXTENDED/python-rdflib/python-rdflib.spec
#	SPECS-EXTENDED/python-requests-file/python-requests-file.signatures.json
#	SPECS-EXTENDED/python-requests-file/python-requests-file.spec
#	SPECS-EXTENDED/python-requests-kerberos/python-requests-kerberos.signatures.json
#	SPECS-EXTENDED/python-requests-kerberos/python-requests-kerberos.spec
#	SPECS-EXTENDED/python-urwid/python-urwid.signatures.json
#	SPECS-EXTENDED/python-urwid/python-urwid.spec
#	SPECS-EXTENDED/python-voluptuous/python-voluptuous.signatures.json
#	SPECS-EXTENDED/python-voluptuous/python-voluptuous.spec
#	SPECS-EXTENDED/python3-typed_ast/python3-typed_ast.signatures.json
#	SPECS-EXTENDED/python3-typed_ast/python3-typed_ast.spec
#	SPECS-EXTENDED/rdma-core/rdma-core.spec
#	SPECS-EXTENDED/relaxngDatatype/relaxngDatatype.spec
#	SPECS-EXTENDED/rhash/rhash.signatures.json
#	SPECS-EXTENDED/rhash/rhash.spec
#	SPECS-EXTENDED/udica/udica.signatures.json
#	SPECS-EXTENDED/udica/udica.spec
#	SPECS-EXTENDED/units/units.signatures.json
#	SPECS-EXTENDED/units/units.spec
#	SPECS-EXTENDED/v4l-utils/v4l-utils.spec
#	SPECS-EXTENDED/virt-p2v/virt-p2v.signatures.json
#	SPECS-EXTENDED/virt-p2v/virt-p2v.spec
#	SPECS-SIGNED/edk2-hvloader-signed/edk2-hvloader-signed.spec
#	SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec
#	SPECS-SIGNED/kernel-signed/kernel-signed.spec
#	SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec
#	SPECS-SIGNED/mlnx-nfsrdma-signed/mlnx-nfsrdma-signed.spec
#	SPECS/WALinuxAgent/WALinuxAgent.spec
#	SPECS/application-gateway-kubernetes-ingress/application-gateway-kubernetes-ingress.spec
#	SPECS/asc/asc.spec
#	SPECS/azcopy/azcopy.spec
#	SPECS/azurelinux-sysinfo/azurelinux-sysinfo.spec
#	SPECS/bash-completion/bash-completion.spec
#	SPECS/binutils/binutils.spec
#	SPECS/blobfuse2/blobfuse2.spec
#	SPECS/build-essential/build-essential.spec
#	SPECS/busybox/busybox.spec
#	SPECS/ca-certificates/ca-certificates.spec
#	SPECS/calamares/branding.desc
#	SPECS/calamares/calamares.signatures.json
#	SPECS/calamares/calamares.spec
#	SPECS/calamares/settings.conf
#	SPECS/calamares/show.qml
#	SPECS/ceph/ceph.spec
#	SPECS/cert-manager/cert-manager.spec
#	SPECS/cf-cli/cf-cli.spec
#	SPECS/cifs-utils/cifs-utils.signatures.json
#	SPECS/cifs-utils/cifs-utils.spec
#	SPECS/cloud-init/cloud-init.spec
#	SPECS/cmake/cmake.spec
#	SPECS/cni-plugins/cni-plugins.spec
#	SPECS/cni/cni.spec
#	SPECS/conda/conda.signatures.json
#	SPECS/conda/conda.spec
#	SPECS/containerd/containerd.spec
#	SPECS/containerd2/containerd2.spec
#	SPECS/containerized-data-importer/containerized-data-importer.spec
#	SPECS/core-packages/core-packages.spec
#	SPECS/coredns/coredns.spec
#	SPECS/cri-tools/cri-tools.spec
#	SPECS/cronie/cronie.spec
#	SPECS/dcos-cli/dcos-cli.spec
#	SPECS/distroless-packages/distroless-packages.spec
#	SPECS/docker-buildx/docker-buildx.spec
#	SPECS/docker-cli/docker-cli.spec
#	SPECS/docker-compose/docker-compose.spec
#	SPECS/dosfstools/dosfstools.spec
#	SPECS/dracut/dracut.spec
#	SPECS/edk2/CVE-2022-3996.patch
#	SPECS/edk2/CVE-2024-6119.patch
#	SPECS/edk2/edk2.spec
#	SPECS/efibootmgr/efibootmgr.spec
#	SPECS/elfutils/10-ptrace-yama.conf
#	SPECS/elfutils/elfutils.signatures.json
#	SPECS/elfutils/elfutils.spec
#	SPECS/emacs/emacs.spec
#	SPECS/etcd/etcd.spec
#	SPECS/flannel/flannel.spec
#	SPECS/fluent-bit/fluent-bit.signatures.json
#	SPECS/fluent-bit/fluent-bit.spec
#	SPECS/freetds/freetds.spec
#	SPECS/future/future.signatures.json
#	SPECS/future/future.spec
#	SPECS/gdb/gdb.spec
#	SPECS/gh/gh.spec
#	SPECS/git-lfs/git-lfs.spec
#	SPECS/glib/glib.signatures.json
#	SPECS/glib/glib.spec
#	SPECS/go-md2man/go-md2man.spec
#	SPECS/gobject-introspection/gobject-introspection.spec
#	SPECS/golang-packaging/golang-packaging.spec
#	SPECS/grub2/grub2.spec
#	SPECS/heimdal/heimdal.spec
#	SPECS/helm/helm.spec
#	SPECS/hyperv-daemons/hyperv-daemons.signatures.json
#	SPECS/hyperv-daemons/hyperv-daemons.spec
#	SPECS/ig/ig.spec
#	SPECS/influx-cli/influx-cli.spec
#	SPECS/influxdb/influxdb.spec
#	SPECS/jq/jq.spec
#	SPECS/jx/jx.spec
#	SPECS/kata-containers-cc/kata-containers-cc.signatures.json
#	SPECS/kata-containers-cc/kata-containers-cc.spec
#	SPECS/kata-containers/kata-containers.signatures.json
#	SPECS/kata-containers/kata-containers.spec
#	SPECS/keda/keda.spec
#	SPECS/keras/keras.spec
#	SPECS/kernel-64k/config_aarch64
#	SPECS/kernel-64k/kernel-64k.signatures.json
#	SPECS/kernel-64k/kernel-64k.spec
#	SPECS/kernel-headers/kernel-headers.signatures.json
#	SPECS/kernel-headers/kernel-headers.spec
#	SPECS/kernel/CVE-2022-2785.nopatch
#	SPECS/kernel/config
#	SPECS/kernel/kernel-uki-dracut.conf
#	SPECS/kernel/kernel-uki.signatures.json
#	SPECS/kernel/kernel-uki.spec
#	SPECS/kernel/kernel.signatures.json
#	SPECS/kernel/kernel.spec
#	SPECS/kube-vip-cloud-provider/kube-vip-cloud-provider.spec
#	SPECS/kubernetes/kubernetes.spec
#	SPECS/kubevirt/kubevirt.spec
#	SPECS/kured/kured.spec
#	SPECS/libarchive/libarchive.spec
#	SPECS/libdwarf/libdwarf.signatures.json
#	SPECS/libdwarf/libdwarf.spec
#	SPECS/libdwarf/libdwarf_skip_test.patch
#	SPECS/libguestfs/libguestfs.spec
#	SPECS/libnbd/libnbd.spec
#	SPECS/libnvidia-container/libnvidia-container.spec
#	SPECS/libreswan/libreswan.signatures.json
#	SPECS/libreswan/libreswan.spec
#	SPECS/libssh/libssh.signatures.json
#	SPECS/libssh/libssh.spec
#	SPECS/libvirt/libvirt.spec
#	SPECS/libxcrypt/libxcrypt.spec
#	SPECS/libxslt/libxslt.signatures.json
#	SPECS/libxslt/libxslt.spec
#	SPECS/linux-firmware/linux-firmware.signatures.json
#	SPECS/linux-firmware/linux-firmware.spec
#	SPECS/local-path-provisioner/local-path-provisioner.spec
#	SPECS/mariadb-connector-c/mariadb-connector-c.spec
#	SPECS/mariadb/mariadb.signatures.json
#	SPECS/mariadb/mariadb.spec
#	SPECS/mesa/mesa.spec
#	SPECS/moby-containerd-cc/CVE-2023-44487.patch
#	SPECS/moby-containerd-cc/moby-containerd-cc.spec
#	SPECS/moby-engine/moby-engine.spec
#	SPECS/mock-core-configs/mock-core-configs.spec
#	SPECS/mock/mock.spec
#	SPECS/multus/multus.spec
#	SPECS/node-problem-detector/node-problem-detector.spec
#	SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec
#	SPECS/ocaml-fileutils/ocaml-fileutils.spec
#	SPECS/opa/opa.spec
#	SPECS/openblas/openblas.spec
#	SPECS/openssh/openssh.spec
#	SPECS/openssl/openssl.spec
#	SPECS/packer/packer.spec
#	SPECS/pesign/pesign.spec
#	SPECS/php/php.signatures.json
#	SPECS/php/php.spec
#	SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec
#	SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec
#	SPECS/prometheus-adapter/prometheus-adapter.spec
#	SPECS/prometheus-node-exporter/prometheus-node-exporter.spec
#	SPECS/prometheus-process-exporter/prometheus-process-exporter.spec
#	SPECS/prometheus/prometheus.spec
#	SPECS/python-jinja2/python-jinja2.spec
#	SPECS/python-rpmautospec-core/python-rpmautospec-core.spec
#	SPECS/python-twisted/python-twisted.spec
#	SPECS/pytorch/pytorch.spec
#	SPECS/qemu/qemu.spec
#	SPECS/qtbase/qtbase.spec
#	SPECS/rasdaemon/rasdaemon.spec
#	SPECS/rdma-core/rdma-core.spec
#	SPECS/readline/readline.spec
#	SPECS/rpm-ostree/rpm-ostree.spec
#	SPECS/rpm/rpm.spec
#	SPECS/rpmdevtools/rpmdevtools.spec
#	SPECS/rsyslog/rsyslog.conf
#	SPECS/rsyslog/rsyslog.logrotate
#	SPECS/rsyslog/rsyslog.signatures.json
#	SPECS/rsyslog/rsyslog.spec
#	SPECS/runc/runc.spec
#	SPECS/selinux-policy/0036-fstools-Add-additional-perms-for-cloud-utils-growpar.patch
#	SPECS/selinux-policy/selinux-policy.spec
#	SPECS/shadow-utils/login-defs
#	SPECS/shadow-utils/shadow-utils.signatures.json
#	SPECS/shadow-utils/shadow-utils.spec
#	SPECS/skopeo/skopeo.spec
#	SPECS/sriov-network-device-plugin/sriov-network-device-plugin.spec
#	SPECS/strace/strace.signatures.json
#	SPECS/strace/strace.spec
#	SPECS/supermin/supermin.spec
#	SPECS/systemd-bootstrap/systemd-bootstrap.spec
#	SPECS/systemd/systemd.signatures.json
#	SPECS/systemd/systemd.spec
#	SPECS/tdnf/tdnf-add-installonlypkgs-config.patch
#	SPECS/tdnf/tdnf-installonlypkgs.patch
#	SPECS/tdnf/tdnf.spec
#	SPECS/telegraf/telegraf.signatures.json
#	SPECS/telegraf/telegraf.spec
#	SPECS/thrift/thrift.spec
#	SPECS/tzdata/tzdata.signatures.json
#	SPECS/tzdata/tzdata.spec
#	SPECS/usbip/usbip.spec
#	SPECS/usermode/usermode.spec
#	SPECS/vim/vim.signatures.json
#	SPECS/vim/vim.spec
#	SPECS/vitess/vitess.spec
#	SPECS/vte291/vte291.spec
#	SPECS/wget/wget.spec
#	SPECS/xdp-tools/xdp-tools.spec
#	cgmanifest.json
#	toolkit/Makefile
#	toolkit/imageconfigs/core-container.json
#	toolkit/imageconfigs/core-efi-aarch64.json
#	toolkit/imageconfigs/core-efi.json
#	toolkit/imageconfigs/full.json
#	toolkit/imageconfigs/packagelists/base-image-packages.json
#	toolkit/imageconfigs/packagelists/core-packages-image.json
#	toolkit/imageconfigs/packagelists/minimal-os-packages.json
#	toolkit/imageconfigs/packagelists/virtualization-host-packages.json
#	toolkit/resources/assets/isomaker/iso_root_static_files/boot/grub2/grub.cfg
#	toolkit/resources/imageconfigs/iso_initrd.json
#	toolkit/resources/imageconfigs/packagelists/iso-initrd-packages-arm64.json
#	toolkit/resources/imageconfigs/packagelists/iso-initrd-packages.json
#	toolkit/resources/manifests/image/local.repo
#	toolkit/resources/manifests/package/daily_build_repo.repo.template
#	toolkit/resources/manifests/package/license_file_exceptions.json
#	toolkit/resources/manifests/package/macro_packages.txt
#	toolkit/resources/manifests/package/macros.override
#	toolkit/resources/manifests/package/pkggen_core_aarch64.txt
#	toolkit/resources/manifests/package/pkggen_core_x86_64.txt
#	toolkit/resources/manifests/package/toolchain_aarch64.txt
#	toolkit/resources/manifests/package/toolchain_x86_64.txt
#	toolkit/resources/manifests/package/update_manifests.sh
#	toolkit/scripts/analysis.mk
#	toolkit/scripts/build_tag.mk
#	toolkit/scripts/check_entangled_specs.py
#	toolkit/scripts/check_spec_guidelines.py
#	toolkit/scripts/containerized-build/resources/azl.Dockerfile
#	toolkit/scripts/containerized-build/resources/local_repo
#	toolkit/scripts/get_lkg_id.sh
#	toolkit/scripts/imggen.mk
#	toolkit/scripts/requirements.txt
#	toolkit/scripts/rpmops.sh
#	toolkit/scripts/setuplkgtoolchain.sh
#	toolkit/scripts/spec_source_attributions.py
#	toolkit/scripts/toolchain.mk
#	toolkit/scripts/toolchain/build_official_toolchain_rpms.sh
#	toolkit/scripts/toolchain/container/Dockerfile
#	toolkit/scripts/toolchain/container/toolchain-sha256sums
#	toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh
#	toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh
#	toolkit/scripts/toolchain/create_toolchain_in_container.sh
#	toolkit/scripts/toolchain/download_toolchain_rpm.sh
#	toolkit/scripts/toolkit.mk
#	toolkit/scripts/update_manifest.sh
#	toolkit/tools/grapher/grapher.go
#	toolkit/tools/imagegen/attendedinstaller/attendedinstaller.go
#	toolkit/tools/imagegen/attendedinstaller/uitext/uitext.go
#	toolkit/tools/imagegen/attendedinstaller/views/finishview/finishview.go
#	toolkit/tools/imagegen/attendedinstaller/views/hostnameview/hostnameview.go
#	toolkit/tools/imagegen/configuration/configuration_test.go
#	toolkit/tools/imagegen/configuration/packagerepo.go
#	toolkit/tools/imagegen/configuration/packagerepo_test.go
#	toolkit/tools/imagegen/configuration/systemconfig.go
#	toolkit/tools/imagegen/configuration/testdata/test_configuration.json
#	toolkit/tools/imagegen/diskutils/diskutils.go
#	toolkit/tools/imagegen/diskutils/encryption.go
#	toolkit/tools/imagegen/installutils/installutils.go
#	toolkit/tools/imager/imager.go
#	toolkit/tools/internal/packagerepo/repocloner/repocloner.go
#	toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go
#	toolkit/tools/internal/pkgjson/pkgjson.go
#	toolkit/tools/internal/pkgjson/pkgjson_test.go
#	toolkit/tools/internal/resources/assets/grub2/grub
#	toolkit/tools/internal/resources/assets/grub2/grub.cfg
#	toolkit/tools/internal/resources/resources.go
#	toolkit/tools/internal/rpm/rpm.go
#	toolkit/tools/internal/safemount/safemount_test.go
#	toolkit/tools/internal/tdnf/tdnf.go
#	toolkit/tools/liveinstaller/liveinstaller.go
#	toolkit/tools/pkg/imagecustomizerlib/imageutils.go
#	toolkit/tools/pkg/isomakerlib/isomaker.go
#	toolkit/tools/pkggen/worker/create_worker_chroot.sh
#	toolkit/tools/srpmpacker/srpmpacker.go
@ranjan-dutta ranjan-dutta requested a review from a team as a code owner April 30, 2025 01:42
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 30, 2025
View reviewed changes
.github/workflows/check-package-update-gate.yml
Comment on lines +15 to +89
name: Check Package Update Gate
runs-on: ubuntu-latest
steps:

- name: Check out code
uses: actions/checkout@v4

- name: Get base commit for PRs
if: ${{ github.event_name == 'pull_request' }}
run: |
git fetch origin ${{ github.base_ref }}
echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> $GITHUB_ENV
echo "Merging ${{ github.sha }} into ${{ github.base_ref }}"

- name: Get base commit for Pushes
if: ${{ github.event_name == 'push' }}
run: |
git fetch origin ${{ github.event.before }}
echo "base_sha=${{ github.event.before }}" >> $GITHUB_ENV
echo "Merging ${{ github.sha }} into ${{ github.event.before }}"

- name: Get the changed files
run: |
echo "Files changed: '$(git diff-tree --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }})'"
changed_specs=$(git diff-tree --diff-filter=d --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }} | { grep "SPECS.*/.*\.spec$" || test $? = 1; })
echo "Files to validate: '${changed_specs}'"
echo "updated-specs=$(echo ${changed_specs})" >> $GITHUB_ENV

- name: Check each spec
run: |

if [[ -z "${{ env.updated-specs }}" ]]; then
echo "No spec files to validate. Exiting."
exit 0
fi

for spec in ${{ env.updated-specs }}
do
echo "Checking '$spec'."
# Expand macros if present
name=$(rpmspec --parse "$spec" | grep -E "^Name:\s*(.*)" | awk '{print $2}')
version=$(rpmspec --parse "$spec" | grep -E "^Version:\s*(.*)" | awk '{print $2}')

# Read from packagelist-gate.csv and iterate each row
# 1st column: package name
# 2nd column: condition (>=, =,'')
# 3rd column: version number

while IFS=, read -r package_name condition version_number; do
if [[ "$name" == "$package_name" ]]; then
case "$condition" in
">=" | "=" )
if [[ ("$condition" == ">=" && "$(printf '%s\n' "$version" "$version_number" | sort -V | head -n1)" == "$version_number") ||
("$condition" == "=" && "$version" == "$version_number") ]]; then
1>&2 echo "**** ERROR ****"
1>&2 echo "Spec '$spec' version '$version' is not allowed in Azure Linux. Error:'$spec $condition $version_number'."
1>&2 echo "**** ERROR ****"
error_found=1
fi
;;
*)
1>&2 echo "**** ERROR ****"
1>&2 echo "Spec $spec is not allowed in Azure Linux"
1>&2 echo "**** ERROR ****"
error_found=1
;;
esac
fi
done < .github/workflows/packagelist-gate.csv
done

if [[ -n $error_found ]]
then
exit 1
fi

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
@cheeyanglee
cleanup azurelinux specific SPECS
f0ec8fb 
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
@cheeyanglee
update changelog wording
0e76925 
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
@cheeyanglee
remove not required files
d233436 
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
@cheeyanglee
reset calamares to commit ca3bee2
1068fcc 
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
@cheeyanglee
update macros
a2f7d32 
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
@cheeyanglee
further clean up not required files
e42a66a 
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
@cheeyanglee
amend version for kata-container & kata-containers-cc
8dd7ae7 
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
@cheeyanglee
Copy link
Contributor

cheeyanglee commented May 16, 2025

merged V3
#99

@anujm1 anujm1 deleted the sandbox/rdutta/3.0/update-3.0.20250423-3.0-v1 branch May 19, 2025 07:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.