diff --git a/.github/workflows/check-srpm-duplicates.yml b/.github/workflows/check-srpm-duplicates.yml new file mode 100644 index 0000000000..91c1a14fa9 --- /dev/null +++ b/.github/workflows/check-srpm-duplicates.yml @@ -0,0 +1,48 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +# This action checks that the specs in this repo +# generate SRPMs with unique names. +name: SRPMs duplicates check + +on: + push: + branches: [main, 2.0*, 3.0*, fasttrack/*] + pull_request: + branches: [main, 2.0*, 3.0*, fasttrack/*] + +jobs: + check: + name: SRPMs duplicates check + runs-on: ubuntu-latest + strategy: + matrix: + # Each group is published to a different repo, thus we only need to check + # for SRPM duplicates within the group. + specs-dirs-groups: ["SPECS SPECS-SIGNED", "SPECS-EXTENDED"] + + steps: + # Checkout the branch of our repo that triggered this action + - name: Workflow trigger checkout + uses: actions/checkout@v4 + + # For consistency, we use the same major/minor version of Python that Azure Linux ships + - name: Setup Python 3.12 + uses: actions/setup-python@v5 + with: + python-version: 3.12 + + # Generate the specs.json files. They are the input for the duplicates check script. + - name: Generate specs.json + run: | + set -euo pipefail + + for spec_folder in ${{ matrix.specs-dirs-groups }}; do + echo "Generating specs.json for spec folder '$spec_folder'." + + sudo make -C toolkit -j$(nproc) parse-specs REBUILD_TOOLS=y DAILY_BUILD_ID=lkg SPECS_DIR=../$spec_folder + cp -v build/pkg_artifacts/specs.json ${spec_folder}_specs.json + done + + - name: Check for duplicate SRPMs + run: python3 toolkit/scripts/check_srpm_duplicates.py *_specs.json diff --git a/SPECS-EXTENDED/389-ds-base/389-ds-base.spec b/SPECS-EXTENDED/389-ds-base/389-ds-base.spec index 0b608b1caa..a870233630 100644 --- a/SPECS-EXTENDED/389-ds-base/389-ds-base.spec +++ b/SPECS-EXTENDED/389-ds-base/389-ds-base.spec @@ -68,7 +68,7 @@ ExcludeArch: i686 Summary: 389 Directory Server (%{variant}) Name: 389-ds-base Version: 3.1.1 -Release: 2%{?dist} +Release: 3%{?dist} License: GPL-3.0-or-later AND (0BSD OR Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT OR Zlib) AND (Apache-2.0 OR MIT) AND (CC-BY-4.0 AND MIT) AND (MIT OR Apache-2.0) AND Unicode-DFS-2016 AND (MIT OR CC0-1.0) AND (MIT OR Unlicense) AND 0BSD AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MIT AND ISC AND MPL-2.0 AND PSF-2.0 URL: https://www.port389.org Vendor: Microsoft Corporation @@ -732,6 +732,9 @@ exit 0 %endif %changelog +* Mon Apr 21 2025 Kavya Sree Kaitepalli 3.1.1-3 +- Bump release to build with rust 1.85.0 + * Fri Sep 20 2024 Muhammad Falak 3.1.0-2 - Initial Azure Linux import from Fedora 42 (license: MIT) - License verified diff --git a/SPECS-EXTENDED/amtk/amtk.signatures.json b/SPECS-EXTENDED/amtk/amtk.signatures.json index c81948c35c..bad0df9ef6 100644 --- a/SPECS-EXTENDED/amtk/amtk.signatures.json +++ b/SPECS-EXTENDED/amtk/amtk.signatures.json @@ -1,5 +1,6 @@ { "Signatures": { - "amtk-5.0.2.tar.xz": "71cc891fbaaa3d0cb87eeef9a2f7e1a2acab62f738d09ea922fb4b9ea2f84f86" + "amtk-5.6.1.tar.xz": "d50115b85c872aac296934b5ee726a3fa156c6f5ad96d27e0edd0aa5ad173228" } } + diff --git a/SPECS-EXTENDED/amtk/amtk.spec b/SPECS-EXTENDED/amtk/amtk.spec index 922db79a98..f43238d784 100644 --- a/SPECS-EXTENDED/amtk/amtk.spec +++ b/SPECS-EXTENDED/amtk/amtk.spec @@ -1,20 +1,25 @@ Vendor: Microsoft Corporation Distribution: Azure Linux Name: amtk -Version: 5.0.2 -Release: 3%{?dist} +Version: 5.6.1 +Release: 8%{?dist} Summary: Actions, Menus and Toolbars Kit for GTK+ applications -License: LGPLv2+ +License: LGPL-3.0-or-later URL: https://wiki.gnome.org/Projects/Amtk -Source0: https://download.gnome.org/sources/amtk/5.0/amtk-%{version}.tar.xz +Source0: https://download.gnome.org/sources/amtk/5.6/amtk-%{version}.tar.xz BuildRequires: gcc BuildRequires: gettext +BuildRequires: gtk-doc +BuildRequires: meson BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(gobject-introspection-1.0) BuildRequires: pkgconfig(gtk+-3.0) +# Removed in F34 +Obsoletes: amtk-tests < 5.3.1 + %description Amtk is the acronym for “Actions, Menus and Toolbars Kit”. It is a basic GtkUIManager replacement based on GAction. It is suitable for both a @@ -30,34 +35,24 @@ The %{name}-devel package contains libraries and header files for developing applications that use %{name}. -%package tests -Summary: Tests for the %{name} package -Requires: %{name}%{?_isa} = %{version}-%{release} - -%description tests -The %{name}-tests package contains tests that can be used to verify -the functionality of the installed %{name} package. - - %prep -%autosetup +%autosetup -p1 %build -%configure --enable-installed-tests -%make_build V=1 +%meson -Dgtk_doc=true +%meson_build %install -%make_install -find $RPM_BUILD_ROOT -name '*.la' -delete +%meson_install %find_lang amtk-5 %files -f amtk-5.lang -%license COPYING -%doc AUTHORS NEWS README +%license LICENSES/LGPL-3.0-or-later.txt +%doc NEWS README.md %dir %{_libdir}/girepository-1.0 %{_libdir}/girepository-1.0/Amtk-5.typelib %{_libdir}/libamtk-5.so.0* @@ -70,18 +65,68 @@ find $RPM_BUILD_ROOT -name '*.la' -delete %{_datadir}/gir-1.0/Amtk-5.gir %dir %{_datadir}/gtk-doc %dir %{_datadir}/gtk-doc/html -%{_datadir}/gtk-doc/html/amtk-5.0/ - -%files tests -%dir %{_libexecdir}/installed-tests -%{_libexecdir}/installed-tests/amtk-5/ -%dir %{_datadir}/installed-tests -%{_datadir}/installed-tests/amtk-5/ +%{_datadir}/gtk-doc/html/amtk-5/ %changelog -* Fri Oct 15 2021 Pawel Winogrodzki - 5.0.2-3 -- Initial CBL-Mariner import from Fedora 32 (license: MIT). +* Fri Mar 14 2025 Durga Jagadeesh Palli - 5.6.1-8 +- Initial Azure Linux import from Fedora 41 (license: MIT) +- License verified. + +* Wed Jul 17 2024 Fedora Release Engineering - 5.6.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Mon Jan 29 2024 Fedora Release Engineering - 5.6.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Jan 22 2024 Fedora Release Engineering - 5.6.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 5.6.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Jul 19 2023 Fedora Release Engineering - 5.6.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Wed Jan 18 2023 Fedora Release Engineering - 5.6.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Mon Dec 12 2022 Kalev Lember - 5.6.1-1 +- Update to 5.6.1 +- Switch to SPDX license tags + +* Wed Jul 20 2022 Fedora Release Engineering - 5.3.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Wed Jan 19 2022 Fedora Release Engineering - 5.3.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Wed Jul 21 2021 Fedora Release Engineering - 5.3.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Thu Feb 18 2021 Kalev Lember - 5.3.1-1 +- Update to 5.3.1 +- Switch to meson build system +- Remove -tests sub package as the installed tests are gone upstream + +* Tue Jan 26 2021 Fedora Release Engineering - 5.2.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Sep 10 2020 Kalev Lember - 5.2.0-1 +- Update to 5.2.0 + +* Fri Sep 04 2020 Kalev Lember - 5.1.2-1 +- Update to 5.1.2 + +* Fri Jul 31 2020 Fedora Release Engineering - 5.1.1-3 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 27 2020 Fedora Release Engineering - 5.1.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Fri May 29 2020 Kalev Lember - 5.1.1-1 +- Update to 5.1.1 * Tue Jan 28 2020 Fedora Release Engineering - 5.0.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild diff --git a/SPECS-EXTENDED/ansible-freeipa/ansible-freeipa.signatures.json b/SPECS-EXTENDED/ansible-freeipa/ansible-freeipa.signatures.json index f6254611c3..2b73f73a7c 100644 --- a/SPECS-EXTENDED/ansible-freeipa/ansible-freeipa.signatures.json +++ b/SPECS-EXTENDED/ansible-freeipa/ansible-freeipa.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "ansible-freeipa-0.3.4.tar.gz": "3c60aadbd612cd577145e85582a5e3ab8d62787592d7789218196cf624ffc85f" + "ansible-freeipa-1.13.2.tar.gz": "f4965770a906c78988c097aa08a20f84ad268be3479401edeebfe47541cbe0c8" } } diff --git a/SPECS-EXTENDED/ansible-freeipa/ansible-freeipa.spec b/SPECS-EXTENDED/ansible-freeipa/ansible-freeipa.spec index ec9d7e36cf..c6f3c93fd4 100644 --- a/SPECS-EXTENDED/ansible-freeipa/ansible-freeipa.spec +++ b/SPECS-EXTENDED/ansible-freeipa/ansible-freeipa.spec @@ -1,5 +1,6 @@ Vendor: Microsoft Corporation Distribution: Azure Linux + # Turn off automatic python byte compilation because these are Ansible # roles and the files are transferred to the node and compiled there with # the python version used in the node @@ -7,30 +8,44 @@ Distribution: Azure Linux %global python %{__python3} +%global collection_namespace freeipa +%global collection_name ansible_freeipa +%global ansible_collections_dir %{_datadir}/ansible/collections/ansible_collections + Summary: Roles and playbooks to deploy FreeIPA servers, replicas and clients Name: ansible-freeipa -Version: 0.3.4 +Version: 1.13.2 Release: 2%{?dist} URL: https://github.com/freeipa/ansible-freeipa -License: GPLv3+ +License: GPL-3.0-or-later Source: https://github.com/freeipa/ansible-freeipa/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz BuildArch: noarch +BuildRequires: ansible +BuildRequires: python +BuildRequires: PyYAML %description -ansible-freeipa provides Ansible roles and playbooks to install and uninstall -FreeIPA servers, replicas and clients. Also modules for management. +Ansible roles to install and uninstall FreeIPA servers, replicas and clients, +roles for backups and SmartCard configuration, modules for management and also +playbooks for all roles and modules. -Note: The ansible playbooks and roles require a configured ansible environment -where the ansible nodes are reachable and are properly set up to have an IP +Note: The Ansible playbooks and roles require a configured Ansible environment +where the Ansible nodes are reachable and are properly set up to have an IP address and a working package manager. Features - - Server, replica and client deployment - Cluster deployments: Server, replicas and clients in one playbook - One-time-password (OTP) support for client installation - Repair mode for clients - Backup and restore, also to and from controller +- Smartcard setup for servers and clients +- Inventory plugin freeipa +- Modules for automembership rule management +- Modules for automount key management +- Modules for automount location management +- Modules for automount map management +- Modules for certificate management - Modules for config management - Modules for delegation management - Modules for dns config management @@ -43,18 +58,27 @@ Features - Modules for hbacsvcgroup management - Modules for host management - Modules for hostgroup management +- Modules for idoverridegroup management +- Modules for idoverrideuser management +- Modules for idp management +- Modules for idrange management +- Modules for idview management - Modules for location management +- Modules for netgroup management - Modules for permission management - Modules for privilege management - Modules for pwpolicy management - Modules for role management - Modules for self service management +- Modules for server management - Modules for service management +- Modules for service delegation rule management +- Modules for service delegation target management - Modules for sudocmd management - Modules for sudocmdgroup management - Modules for sudorule management - Modules for topology management -- Modules fot trust management +- Modules for trust management - Modules for user management - Modules for vault management @@ -76,15 +100,9 @@ Supported Distributions Requirements Controller - - - Ansible version: 2.8+ (ansible-freeipa is an Ansible Collection) - /usr/bin/kinit is required on the controller if a one time password (OTP) - is used - - python3-gssapi is required on the controller if a one time password (OTP) - is used with keytab to install the client. + - Ansible version: 2.13+ Node - - Supported FreeIPA version (see above) - Supported distribution (needed for package installation only, see above) @@ -95,7 +113,6 @@ is an issue for the processing in a simple playbook. Work is planned to have a new method to handle CSR for external signed CAs in a separate step before starting the server installation. - %package tests Summary: ansible-freeipa tests Requires: %{name} = %{version}-%{release} @@ -103,26 +120,38 @@ Requires: %{name} = %{version}-%{release} %description tests ansible-freeipa tests. +The tests for the collection are part of the collection sub package. + Please have a look at %{_datadir}/ansible-freeipa/requirements-tests.txt to get the needed requrements to run the tests. +%package collection +Summary: %{collection_namespace}.%{collection_name} collection +Provides: ansible-collection-%{collection_namespace}-%{collection_name} = %{version}-%{release} + +%description collection +The %{collection_namespace}.%{collection_name} collection, including tests. %prep -%setup -q +%autosetup -p1 +sed -i "s/python/python3/g" utils/build-galaxy-release.sh + # Do not create backup files with patches # Fix python modules and module utils: # - Remove shebang # - Remove execute flag -for i in roles/ipa*/library/*.py roles/ipa*/module_utils/*.py plugins/*/*.py; do +for i in roles/ipa*/library/*.py roles/ipa*/module_utils/*.py plugins/*/*.py; +do sed -i '1{/\/usr\/bin\/python*/d;}' $i + sed -i '1{/\/usr\/bin\/env python*/d;}' $i chmod a-x $i done -for i in utils/*.py utils/ansible-ipa-*-install utils/new_module \ - utils/changelog utils/ansible-doc-test; +for i in utils/*.py utils/new_module utils/changelog utils/ansible-doc-test; do sed -i '{s@/usr/bin/python*@%{python}@}' $i + sed -i '{s@/usr/bin/env python*@%{python}@}' $i done @@ -138,6 +167,10 @@ cp -rp roles/ipaclient %{buildroot}%{_datadir}/ansible/roles/ cp -rp roles/ipaclient/README.md README-client.md cp -rp roles/ipabackup %{buildroot}%{_datadir}/ansible/roles/ cp -rp roles/ipabackup/README.md README-backup.md +cp -rp roles/ipasmartcard_server %{buildroot}%{_datadir}/ansible/roles/ +cp -rp roles/ipasmartcard_server/README.md README-smartcard_server.md +cp -rp roles/ipasmartcard_client %{buildroot}%{_datadir}/ansible/roles/ +cp -rp roles/ipasmartcard_client/README.md README-smartcard_client.md install -m 755 -d %{buildroot}%{_datadir}/ansible/plugins/ cp -rp plugins/* %{buildroot}%{_datadir}/ansible/plugins/ @@ -147,14 +180,23 @@ cp -rp utils %{buildroot}%{_datadir}/ansible-freeipa/ install -m 755 -d %{buildroot}%{_datadir}/ansible-freeipa/tests cp -rp tests %{buildroot}%{_datadir}/ansible-freeipa/ +# Create collection and install to %{buildroot}%{ansible_collections_dir} +# ansible-galaxy collection install creates ansible_collections directory +# automatically in given path, therefore /.. +utils/build-galaxy-release.sh -o "%{version}" -p %{buildroot}%{ansible_collections_dir}/.. %{collection_namespace} %{collection_name} + %files %license COPYING %{_datadir}/ansible/roles/ipaserver %{_datadir}/ansible/roles/ipareplica %{_datadir}/ansible/roles/ipaclient %{_datadir}/ansible/roles/ipabackup +%{_datadir}/ansible/roles/ipasmartcard_server +%{_datadir}/ansible/roles/ipasmartcard_client +%{_datadir}/ansible/plugins/doc_fragments %{_datadir}/ansible/plugins/module_utils %{_datadir}/ansible/plugins/modules +%{_datadir}/ansible/plugins/inventory %doc README*.md %doc playbooks %{_datadir}/ansible-freeipa/requirements.txt @@ -165,7 +207,207 @@ cp -rp tests %{buildroot}%{_datadir}/ansible-freeipa/ %{_datadir}/ansible-freeipa/tests %{_datadir}/ansible-freeipa/requirements-tests.txt +%files collection +%dir %{ansible_collections_dir}/%{collection_namespace} +%{ansible_collections_dir}/%{collection_namespace}/%{collection_name} + %changelog +* Tue Nov 12 2024 Durga Jagadeesh Palli - 1.13.2-2 +- Initial Azure Linux import from Fedora 41 (license: MIT) +- License verified. + +* Mon Jul 1 2024 Thomas Woerner - 1.13.2-1 +- Update to version 1.13.2 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.13.2 + - Support for FreeIPA 4.12 + - Idempotency fixes + - Minimum supported ansible-core version: 2.15.0 + - Fixes for ansible-test 2.17.1 + +* Tue May 28 2024 Thomas Woerner - 1.13.1-1 +- Update to version 1.13.1 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.13.0 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.13.1 + Highlights: + - New inventory plugin + - Use batch command internally for ipahost, ipaservice and ipauser + - Fix idempotency issues in ipahost, ipaservice and ipauser + - Fix idempotency in ipaclient_dns_resolver + - Documentation fixes + +* Tue Apr 2 2024 Thomas Woerner - 1.12.1-2 +- New -collection sub package providing the freeipa.ansible_freeipa + collection +- New build requires for ansible-core and python + +* Mon Feb 12 2024 Thomas Woerner - 1.12.1-1 +- Update to version 1.12.1 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.12.1 + Highlights: + - Fix ipaserver deployment on CentOS 8 Stream + - Fix ipaclient deployment with automount + - Fix ipaclient OTP error reporting + - Add missing support for renaming groups and users + - Idempotency fixes in several modules + +* Mon Jan 22 2024 Fedora Release Engineering - 1.12.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 1.12.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Nov 27 2023 Thomas Woerner - 1.12.0-1 +- Update to version 1.12.0 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.12.0 + Highlights: + - New idoverridegroup management module. + - New idoverrideuser management module. + - New idview management module. + - New idp management module. + - Bug fixes and CI improvements. + +* Mon Jul 24 2023 Thomas Woerner - 1.11.1-1 +- Update to version 1.11.1 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.11.1 + Highlights: + - Support for GECOS, street, smb and idp attributes in ipauser module + - Support for indirect maps in ipaautomountmap module + - Update of user_auth_type choices in ipaconfig and ipauser modules + - Update of auth_ind choices in ipahost and ipaservice modules + - Upstream test and environment enhancements + - Documentation updates + +* Wed Jul 19 2023 Fedora Release Engineering - 1.11.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Mon Jun 12 2023 Thomas Woerner - 1.11.0-1 +- Update to version 1.11.0 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.11.0 + Highlights: + - Multiple service management with ipaservice module + - New ipacert module for certificate management + - Action group support for the Ansible collections on Ansible Galaxy and + Ansible AutomationHub + - Fixed maxsequence handling in ipapwpolicy module + - Even more Ansible lint driven changes + +* Wed Apr 5 2023 Thomas Woerner - 1.10.0-1 +- Update to version 1.10.0 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.10.0 + Highlights: + - ipagroup: Allow multiple group management. + - ipaclient: Add subid option to select the sssd profile with-subid. + - ipaclient: Fix allow_repair with removed krb5.conf and DNS lookup. + - ipaclient: Keep server affinity while deploying by deferring the + creation the final krb5.conf. + - ipaserver: Allow deployments with random serial numbers. + - ipareplica/server: Enable removal from domain with undeployment. + - More Ansible lint fixes. + +* Fri Mar 10 2023 Rafael Jeffman - 1.9.2-2 +- Migrate to SPDX license + +* Tue Jan 31 2023 Thomas Woerner - 1.9.2-1 +- Update to version 1.9.2 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.9.2 + +* Mon Jan 30 2023 Thomas Woerner - 1.9.1-1 +- Update to version 1.9.1 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.9.1 + Highlights: + - Ansible 2.14 test and lint fixes + - pwpolicy: Allow clearing policy values + - More bug fixes + +* Wed Jan 18 2023 Fedora Release Engineering - 1.9.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Tue Dec 6 2022 Thomas Woerner - 1.9.0-1 +- Update to version 1.9.0 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.9.0 + Highlights: + - New netgroup management module + - sudorule: Add support for 'hostmask' parameter + - pwpolicy: Add support for password check and grace limit + - ipaclient: No kinit on controller for deployment using OTP + - ipaclient: Configure DNS resolver + - Support for ansible-core 2.14 tests + +* Mon Sep 12 2022 Thomas Woerner - 1.8.4-1 +- Update to version 1.8.4 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.4 + +* Tue Aug 16 2022 Thomas Woerner - 1.8.3-1 +- Update to version 1.8.3 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.3 + +* Thu Jul 28 2022 Thomas Woerner - 1.8.2-1 +- Update to version 1.8.2 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.2 + +* Wed Jul 20 2022 Fedora Release Engineering - 1.8.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Thu Jul 7 2022 Thomas Woerner - 1.8.1-1 +- Update to version 1.8.1 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.1 + +* Fri Jun 24 2022 Thomas Woerner - 1.8.0-1 +- Update to version 1.8.0 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.0 + +* Fri Apr 29 2022 Thomas Woerner - 1.7.0-1 +- Update to version 1.7.0 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.7.0 +- Update to version 1.6.3 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.3 + +* Wed Jan 26 2022 Thomas Woerner - 1.6.2-1 +- Update to version 1.6.2 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.2 + +* Fri Jan 21 2022 Thomas Woerner - 1.6.1-1 +- Update to version 1.6.1 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.1 +- Update to version 1.6.0 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.0 + +* Wed Jan 19 2022 Fedora Release Engineering - 1.5.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Tue Dec 28 2021 Thomas Woerner - 1.5.3-1 +- Update to version 1.5.3 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.3 +- Update to version 1.5.2 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.2 +- Update to version 1.5.1 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.1 + +* Tue Dec 7 2021 Thomas Woerner - 1.5.0-1 +- Update to version 1.5.0 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.0 + +* Wed Oct 6 2021 Thomas Woerner - 0.4.0-1 +- Update to version 0.4.0 + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.4.0 + +* Wed Jul 21 2021 Fedora Release Engineering - 0.3.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Wed Jul 14 2021 Thomas Woerner - 0.3.8-1 +- Update to version 0.3.8 + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.8 +- Update to version 0.3.7 + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.7 + +* Tue Jun 1 2021 Thomas Woerner - 0.3.6-1 +- Update to version 0.3.6 + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.6 + +* Wed Mar 3 2021 Thomas Woerner - 0.3.5-1 +- Update to version 0.3.5 + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.5 + * Fri Oct 15 2021 Pawel Winogrodzki - 0.3.4-2 - Initial CBL-Mariner import from Fedora 33 (license: MIT). diff --git a/SPECS-EXTENDED/apache-commons-digester/apache-commons-digester.signatures.json b/SPECS-EXTENDED/apache-commons-digester/apache-commons-digester.signatures.json index 84824424ec..9a676781e4 100644 --- a/SPECS-EXTENDED/apache-commons-digester/apache-commons-digester.signatures.json +++ b/SPECS-EXTENDED/apache-commons-digester/apache-commons-digester.signatures.json @@ -4,3 +4,4 @@ "commons-digester-2.1-src.tar.gz": "2713f07a6adec7e253d91f1fca70e658b93e1a63f1b6a36f4907a2b83088543f" } } + diff --git a/SPECS-EXTENDED/apache-commons-digester/apache-commons-digester.spec b/SPECS-EXTENDED/apache-commons-digester/apache-commons-digester.spec index 0c4819ee4e..27c682e856 100755 --- a/SPECS-EXTENDED/apache-commons-digester/apache-commons-digester.spec +++ b/SPECS-EXTENDED/apache-commons-digester/apache-commons-digester.spec @@ -3,7 +3,7 @@ Summary: Jakarta Commons Digester Package Name: apache-%{short_name} Version: 2.1 -Release: 4%{?dist} +Release: 5%{?dist} License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -11,6 +11,7 @@ Group: Development/Libraries/Java URL: https://commons.apache.org/proper/commons-digester Source0: https://dlcdn.apache.org/commons/%{base_name}/source/%{short_name}-%{version}-src.tar.gz Source1: %{name}-build.xml + BuildRequires: ant BuildRequires: commons-beanutils BuildRequires: commons-collections @@ -44,8 +45,9 @@ This package contains the javadoc documentation for the Jakarta Commons Digester Package. %prep -%setup -q -n %{short_name}-%{version}-src +%autosetup -n %{short_name}-%{version}-src cp %{SOURCE1} build.xml +sed -i s/1.6/1.8/g build.xml mkdir -p lib build-jar-repository -s lib commons-beanutils commons-logging @@ -82,6 +84,10 @@ ant test %{_javadocdir}/%{name} %changelog +* Fri Mar 28 2025 Durga Jagadeesh Palli - 2.1-5 +- Build error fix +- License verified + * Mon Nov 07 2022 Sumedh Sharma - 2.1-4 - Enable check section - License verified diff --git a/SPECS-EXTENDED/azl-otel-collector/azl-otel-collector.service b/SPECS-EXTENDED/azl-otel-collector/azl-otel-collector.service new file mode 100644 index 0000000000..91dba49b9d --- /dev/null +++ b/SPECS-EXTENDED/azl-otel-collector/azl-otel-collector.service @@ -0,0 +1,13 @@ +[Unit] +Description=Azure Linux OTEL Collector +After=network.target + +[Service] +Type=simple +ExecStart=/usr/bin/azl-otelcol --config /etc/azl-otel-collector/config.yaml +KillMode=process +Restart=on-failure +RestartSec=5s + +[Install] +WantedBy=multi-user.target diff --git a/SPECS-EXTENDED/azl-otel-collector/azl-otel-collector.signatures.json b/SPECS-EXTENDED/azl-otel-collector/azl-otel-collector.signatures.json new file mode 100644 index 0000000000..e791bf06ef --- /dev/null +++ b/SPECS-EXTENDED/azl-otel-collector/azl-otel-collector.signatures.json @@ -0,0 +1,7 @@ +{ + "Signatures": { + "azl-otel-collector-0.124.0.tar.gz": "2c11273db7045c693143cd2869e98b2a125362ff5f7adbade54af6f3e3a7f364", + "azl-otel-collector-0.124.0-govendor-v1.tar.gz": "171aac80bf3965b647f13d6cb41d72365d7870d2672133148149b34086368147", + "azl-otel-collector.service": "16d0fb39947318ca4912adc20613a79b88ec8ffae1bdb214001ac65a086d293c" + } +} diff --git a/SPECS-EXTENDED/azl-otel-collector/azl-otel-collector.spec b/SPECS-EXTENDED/azl-otel-collector/azl-otel-collector.spec new file mode 100644 index 0000000000..10742b698a --- /dev/null +++ b/SPECS-EXTENDED/azl-otel-collector/azl-otel-collector.spec @@ -0,0 +1,73 @@ +# Disabled debuginfo package as the autogenerated 'debugfiles.list' file is empty. +# In other words there were no debug symbols to package. +%global debug_package %{nil} +Summary: Azure Linux OpenTelemetry Collector Distribution +Name: azl-otel-collector +Version: 0.124.0 +Release: 1%{?dist} +License: MIT +Vendor: Microsoft Corporation +Distribution: Azure Linux +URL: https://github.com/microsoft/azl-otel-collector +Source0: https://github.com/microsoft/azl-otel-collector/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Source1: %{name}-%{version}-govendor-v1.tar.gz +Source2: azl-otel-collector.service +BuildRequires: golang +BuildRequires: systemd-rpm-macros + +%description +Azure Linux OpenTelemetry Collector is a custom distribution of the +OpenTelemetry Collector. It contains a subset of the components from the +https://github.com/open-telemetry/opentelemetry-collector-contrib repository and +also includes receivers developed by the Azure Linux team. + +%prep +%autosetup -n azl-otel-collector-%{version} +tar -xf %{SOURCE1} --no-same-owner -C cmd/azl-otelcol + +%build +export CGO_ENABLED=0 +%make_build MODFLAGS="-mod=vendor" BUILDTAGS="netgo osusergo static_build" LDFLAGS="-s -w" TRIMPATH=1 + +%install +mkdir -p "%{buildroot}/%{_bindir}" +install -D -m0755 bin/azl-otelcol %{buildroot}/%{_bindir} +mkdir -p "%{buildroot}%{_unitdir}" +install -D -m0644 %{SOURCE2} %{buildroot}%{_unitdir}/azl-otel-collector.service +mkdir -p "%{buildroot}%{_sysconfdir}/azl-otel-collector" +install -D -m0644 config/default-config.yaml %{buildroot}%{_sysconfdir}/azl-otel-collector/config.yaml + +%files +%{_bindir}/azl-otelcol +%license LICENSE +%doc README.md + +%package -n azl-otel-collector-service +Summary: Systemd service and configuration for azl-otel-collector +Requires: azl-otel-collector = %{version}-%{release} +# Include the smartmontools package needed by the smartdata receiver in the collector +Requires: smartmontools +Requires(post): systemd + +%description -n azl-otel-collector-service +This package contains the systemd unit file and default configuration +for the Azure Linux OpenTelemetry Collector. + +%pre -n azl-otel-collector-service +%systemd_preun azl-otel-collector.service + +%post -n azl-otel-collector-service +%systemd_post azl-otel-collector.service + +%postun -n azl-otel-collector-service +%systemd_postun_with_restart azl-otel-collector.service + +%files -n azl-otel-collector-service +%dir %{_sysconfdir}/azl-otel-collector +%config(noreplace) %{_sysconfdir}/azl-otel-collector/config.yaml +%{_unitdir}/azl-otel-collector.service + +%changelog +* Wed Apr 23 2025 Adit Jha - 0.124.0-1 +- Original version for Azure Linux +- License Verified diff --git a/SPECS-EXTENDED/azl-otel-collector/generate_source_tarball.sh b/SPECS-EXTENDED/azl-otel-collector/generate_source_tarball.sh new file mode 100644 index 0000000000..5772b08c4b --- /dev/null +++ b/SPECS-EXTENDED/azl-otel-collector/generate_source_tarball.sh @@ -0,0 +1,117 @@ +#!/bin/bash +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +# Quit on failure +set -e + +PKG_VERSION="" +SRC_TARBALL="" +VENDOR_VERSION="1" +OUT_FOLDER="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +# parameters: +# +# --srcTarball : src tarball file +# this file contains the 'initial' source code of the component +# and should be replaced with the new/modified src code +# --outFolder : folder where to copy the new tarball(s) +# --pkgVersion : package version +# --vendorVersion : vendor version +# +PARAMS="" +while (( "$#" )); do + case "$1" in + --srcTarball) + if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then + SRC_TARBALL=$2 + shift 2 + else + echo "Error: Argument for $1 is missing" >&2 + exit 1 + fi + ;; + --outFolder) + if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then + OUT_FOLDER=$2 + shift 2 + else + echo "Error: Argument for $1 is missing" >&2 + exit 1 + fi + ;; + --pkgVersion) + if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then + PKG_VERSION=$2 + shift 2 + else + echo "Error: Argument for $1 is missing" >&2 + exit 1 + fi + ;; + --vendorVersion) + if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then + VENDOR_VERSION=$2 + shift 2 + else + echo "Error: Argument for $1 is missing" >&2 + exit 1 + fi + ;; + -*|--*=) # unsupported flags + echo "Error: Unsupported flag $1" >&2 + exit 1 + ;; + *) # preserve positional arguments + PARAMS="$PARAMS $1" + shift + ;; + esac +done + +echo "--srcTarball -> $SRC_TARBALL" +echo "--outFolder -> $OUT_FOLDER" +echo "--pkgVersion -> $PKG_VERSION" +echo "--vendorVersion -> $VENDOR_VERSION" + +if [ -z "$PKG_VERSION" ]; then + echo "--pkgVersion parameter cannot be empty" + exit 1 +fi + +echo "-- create temp folder" +tmpdir=$(mktemp -d) +function cleanup { + echo "+++ cleanup -> remove $tmpdir" + rm -rf $tmpdir +} +trap cleanup EXIT + +TARBALL_FOLDER="$tmpdir/tarballFolder" +mkdir -p $TARBALL_FOLDER +cp $SRC_TARBALL $tmpdir + +pushd $tmpdir > /dev/null + +PKG_NAME="azl-otel-collector" +NAME_VER="$PKG_NAME-$PKG_VERSION" +VENDOR_TARBALL="$OUT_FOLDER/$NAME_VER-govendor-v$VENDOR_VERSION.tar.gz" + +echo "Unpacking source tarball..." +tar -xf $SRC_TARBALL + +echo "Vendor go modules..." +cd azl-otel-collector-"$PKG_VERSION"/cmd/azl-otelcol +go mod vendor + +echo "" +echo "=========================" +echo "Tar vendored tarball" +tar --sort=name \ + --mtime="2021-04-26 00:00Z" \ + --owner=0 --group=0 --numeric-owner \ + --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \ + -cf "$VENDOR_TARBALL" vendor + +popd > /dev/null +echo "$PKG_NAME vendored modules are available at $VENDOR_TARBALL" diff --git a/SPECS-EXTENDED/buildah/buildah.spec b/SPECS-EXTENDED/buildah/buildah.spec index 333f4485be..f0fd4e8191 100644 --- a/SPECS-EXTENDED/buildah/buildah.spec +++ b/SPECS-EXTENDED/buildah/buildah.spec @@ -21,7 +21,7 @@ Summary: A command line tool used for creating OCI Images Name: buildah Version: 1.18.0 -Release: 29%{?dist} +Release: 30%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -32,7 +32,7 @@ BuildRequires: btrfs-progs-devel BuildRequires: device-mapper-devel BuildRequires: git BuildRequires: glib2-devel -BuildRequires: glibc-static >= 2.38-9%{?dist} +BuildRequires: glibc-static >= 2.38-10%{?dist} BuildRequires: go-md2man BuildRequires: go-rpm-macros BuildRequires: golang @@ -123,6 +123,9 @@ cp imgtype %{buildroot}/%{_bindir}/%{name}-imgtype %{_datadir}/%{name}/test %changelog +* Mon May 12 2025 Andrew Phelps - 1.18.0-30 +- Bump to rebuild with updated glibc + * Tue Feb 25 2025 Chris Co - 1.18.0-29 - Bump to rebuild with updated glibc diff --git a/SPECS-EXTENDED/catatonit/catatonit.spec b/SPECS-EXTENDED/catatonit/catatonit.spec index 8fe9995d02..95d6abd771 100644 --- a/SPECS-EXTENDED/catatonit/catatonit.spec +++ b/SPECS-EXTENDED/catatonit/catatonit.spec @@ -3,7 +3,7 @@ Distribution: Azure Linux Name: catatonit Version: 0.1.7 -Release: 17%{?dist} +Release: 18%{?dist} Summary: A signal-forwarding process manager for containers License: GPLv3+ URL: https://github.com/openSUSE/catatonit @@ -13,7 +13,7 @@ BuildRequires: automake BuildRequires: file BuildRequires: gcc BuildRequires: git -BuildRequires: glibc-static >= 2.38-9%{?dist} +BuildRequires: glibc-static >= 2.38-10%{?dist} BuildRequires: libtool BuildRequires: make @@ -61,6 +61,9 @@ ln -s %{_libexecdir}/%{name}/%{name} %{buildroot}%{_libexecdir}/podman/%{name} %{_libexecdir}/podman/%{name} %changelog +* Mon May 12 2025 Andrew Phelps - 0.1.7-18 +- Bump to rebuild with updated glibc + * Tue Feb 25 2025 Chris Co - 0.1.7-17 - Bump to rebuild with updated glibc diff --git a/SPECS-EXTENDED/containernetworking-plugins/containernetworking-plugins.signatures.json b/SPECS-EXTENDED/containernetworking-plugins/containernetworking-plugins.signatures.json index fee40d0122..2dbc8203d5 100644 --- a/SPECS-EXTENDED/containernetworking-plugins/containernetworking-plugins.signatures.json +++ b/SPECS-EXTENDED/containernetworking-plugins/containernetworking-plugins.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "containernetworking-plugins-1.1.1.tar.gz": "c86c44877c47f69cd23611e22029ab26b613f620195b76b3ec20f589367a7962" + "containernetworking-plugins-1.6.1.tar.gz": "5e2ea69bca08bfb92921f22fa2cc1e69392ee139a5878068dfbc1c7568e37b01" } } diff --git a/SPECS-EXTENDED/containernetworking-plugins/containernetworking-plugins.spec b/SPECS-EXTENDED/containernetworking-plugins/containernetworking-plugins.spec index f2c34d4182..e38ea0f7d1 100644 --- a/SPECS-EXTENDED/containernetworking-plugins/containernetworking-plugins.spec +++ b/SPECS-EXTENDED/containernetworking-plugins/containernetworking-plugins.spec @@ -1,12 +1,4 @@ %global with_debug 1 - -%if 0%{?with_debug} -%global _find_debuginfo_dwz_opts %{nil} -%global _dwz_low_mem_die_limit 0 -%else -%global debug_package %{nil} -%endif - %global provider github %global provider_tld com %global project containernetworking @@ -17,289 +9,537 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild (non-rawhide only) -%define built_tag v1.1.1 +%define built_tag v1.6.1 %define built_tag_strip %(b=%{built_tag}; echo ${b:1}) + %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) %define download_url %{git0}/archive/%{built_tag}.tar.gz -Name: %{project}-%{repo} -Version: 1.1.1 -Release: 13%{?dist} -Summary: Libraries for writing CNI plugin -License: ASL 2.0 and BSD and MIT +Name: containernetworking-plugins +Version: 1.6.1 +Release: 4%{?dist} +Summary: Reference and example networking plugins, maintained by the CNI team + +# Generated by go-vendor-tools +License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND MIT Vendor: Microsoft Corporation Distribution: Azure Linux -URL: %{git0} +URL: https://github.com/containernetworking/plugins Source0: %{download_url}#/%{name}-%{version}.tar.gz -# If go_compiler is not set to 1, there is no virtual provide. Use golang instead. -BuildRequires: golang -BuildRequires: git -BuildRequires: go-md2man -BuildRequires: go-rpm-macros -BuildRequires: systemd-devel -Requires: systemd - - -Obsoletes: %{project}-cni < 0.7.1-2 -Provides: %{project}-cni = %{version}-%{release} -Provides: kubernetes-cni -Provides: container-network-stack = 1 -# vendored libraries -# awk '{print "Provides: bundled(golang("$1")) = "$2}' go.mod | sort | uniq | sed -e 's/-/_/g' -e '/bundled(golang())/d' -e '/bundled(golang(go\|module\|replace\|require))/d' -Provides: bundled(golang(github.com/Microsoft/go_winio)) = v0.4.17 -Provides: bundled(golang(github.com/Microsoft/hcsshim)) = v0.8.20 -Provides: bundled(golang(github.com/alexflint/go_filemutex)) = v1.1.0 -Provides: bundled(golang(github.com/buger/jsonparser)) = v1.1.1 -Provides: bundled(golang(github.com/containerd/cgroups)) = v1.0.1 -Provides: bundled(golang(github.com/containernetworking/cni)) = v1.0.1 -Provides: bundled(golang(github.com/coreos/go_iptables)) = v0.6.0 -Provides: bundled(golang(github.com/coreos/go_systemd/v22)) = v22.3.2 -Provides: bundled(golang(github.com/d2g/dhcp4)) = v0.0.0_20170904100407_a1d1b6c41b1c -Provides: bundled(golang(github.com/d2g/dhcp4client)) = v1.0.0 -Provides: bundled(golang(github.com/d2g/dhcp4server)) = v0.0.0_20181031114812_7d4a0a7f59a5 -Provides: bundled(golang(github.com/fsnotify/fsnotify)) = v1.4.9 -Provides: bundled(golang(github.com/godbus/dbus/v5)) = v5.0.4 -Provides: bundled(golang(github.com/gogo/protobuf)) = v1.3.2 -Provides: bundled(golang(github.com/golang/groupcache)) = v0.0.0_20200121045136_8c9f03a8e57e -Provides: bundled(golang(github.com/mattn/go_shellwords)) = v1.0.12 -Provides: bundled(golang(github.com/networkplumbing/go_nft)) = v0.2.0 -Provides: bundled(golang(github.com/nxadm/tail)) = v1.4.8 -Provides: bundled(golang(github.com/onsi/ginkgo)) = v1.16.4 -Provides: bundled(golang(github.com/onsi/gomega)) = v1.15.0 -Provides: bundled(golang(github.com/pkg/errors)) = v0.9.1 -Provides: bundled(golang(github.com/safchain/ethtool)) = v0.0.0_20210803160452_9aa261dae9b1 -Provides: bundled(golang(github.com/sirupsen/logrus)) = v1.8.1 -Provides: bundled(golang(github.com/vishvananda/netlink)) = v1.1.1_0.20210330154013_f5de75959ad5 -Provides: bundled(golang(github.com/vishvananda/netns)) = v0.0.0_20210104183010_2eb08e3e575f + +BuildRequires: golang >= 1.23 +BuildRequires: systemd-devel +BuildRequires: go-rpm-macros +BuildRequires: go-md2man + +Requires: systemd + +Obsoletes: containernetworking-cni < 0.7.1-2 +Provides: containernetworking-cni = %{version}-%{release} +Provides: kubernetes-cni +Provides: container-network-stack = 1 %description +%{common_description} The CNI (Container Network Interface) project consists of a specification and libraries for writing plugins to configure network interfaces in Linux containers, along with a number of supported plugins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. - %prep -%autosetup -Sgit -n %{repo}-%{built_tag_strip} -rm -rf plugins/main/windows +%autosetup -p1 -n plugins-%{version} # Use correct paths in cni-dhcp unitfiles -sed -i 's|/opt/cni/bin|\%{_prefix}/libexec/cni|' plugins/ipam/dhcp/systemd/cni-dhcp.service +# sed -i 's/\/opt\/cni\/bin/\%%{_libexecdir}\/cni/' plugins/ipam/dhcp/systemd/cni-dhcp.service +sed -i 's/\/opt\/cni\/bin/\%{_prefix}\/libexec\/cni/' plugins/ipam/dhcp/systemd/cni-dhcp.service + +# remove MS Windows specific plugins +rm -rf plugins/main/windows %build -export ORG_PATH="%{provider}.%{provider_tld}/%{project}" -export REPO_PATH="$ORG_PATH/%{repo}" - -if [ ! -h gopath/src/${REPO_PATH} ]; then - mkdir -p gopath/src/${ORG_PATH} - ln -s ../../../.. gopath/src/${REPO_PATH} || exit 255 -fi - -export GOPATH=$(pwd)/gopath -mkdir -p $(pwd)/bin - -echo "Building plugins" -export PLUGINS="plugins/meta/* plugins/main/* plugins/ipam/* plugins/sample" -for d in $PLUGINS; do - if [ -d "$d" ]; then - plugin="$(basename "$d")" - echo " $plugin" - %gobuild -o "${PWD}/bin/$plugin" "$@" "$REPO_PATH"/$d - fi -done +./build_linux.sh %install -install -d -p %{buildroot}%{_libexecdir}/cni/ -install -p -m 0755 bin/* %{buildroot}/%{_libexecdir}/cni +install -m 0755 -vd %{buildroot}%{_libexecdir}/cni +install -m 0755 -vp bin/* %{buildroot}/%{_libexecdir}/cni/ install -dp %{buildroot}%{_unitdir} install -p plugins/ipam/dhcp/systemd/cni-dhcp.service %{buildroot}%{_unitdir} -install -p plugins/ipam/dhcp/systemd/cni-dhcp.socket %{buildroot}%{_unitdir} - -#define license tag if not already defined -%{!?_licensedir:%global license %doc} +install -p plugins/ipam/dhcp/systemd/cni-dhcp.socket %{buildroot}%{_unitdir} %files -%license LICENSE -%doc *.md +%license vendor/modules.txt +%doc CONTRIBUTING.md OWNERS.md README.md RELEASING.md + %dir %{_libexecdir}/cni %{_libexecdir}/cni/* %{_unitdir}/cni-dhcp.service %{_unitdir}/cni-dhcp.socket %changelog -* Mon Oct 16 2023 CBL-Mariner Servicing Account - 1.1.1-13 -- Bump release to rebuild with go 1.20.10 +* Thu Apr 17 2025 Archana Shettigar - 1.6.1-4 +- Initial Azure Linux import from Fedora 41 (license: MIT). +- License verified. -* Tue Oct 10 2023 Dan Streetman - 1.1.1-12 -- Bump release to rebuild with updated version of Go. +* Tue Dec 31 2024 Bradley G Smith - 1.6.1-3 +- Align packit syntax with docker-compose example -* Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.1.1-11 -- Bump release to rebuild with go 1.19.12 +* Wed Dec 04 2024 Bradley G Smith - 1.6.1-2 +- Correct syntax to generate vendor archive -* Thu Jul 13 2023 CBL-Mariner Servicing Account - 1.1.1-10 -- Bump release to rebuild with go 1.19.11 +* Mon Dec 02 2024 Bradley G Smith - 1.6.1-1 +- Update to release v1.6.1 +- Resolves rhbz# +- Upstream bug fix +- Revised spec file that uses vendored archive in addition to upstream + source archive. -* Thu Jun 15 2023 CBL-Mariner Servicing Account - 1.1.1-9 -- Bump release to rebuild with go 1.19.10 +* Mon Dec 02 2024 Bradley G Smith - 1.6.0-2 +- Update packit to generate vendor archive -* Wed Apr 05 2023 CBL-Mariner Servicing Account - 1.1.1-8 -- Bump release to rebuild with go 1.19.8 +* Tue Oct 15 2024 Bradley G Smith - 1.6.0-1 +- Update to v1.6.0 -* Tue Mar 28 2023 CBL-Mariner Servicing Account - 1.1.1-7 -- Bump release to rebuild with go 1.19.7 +* Tue Sep 03 2024 Bradley G Smith - 1.5.1-1 +- Update to v1.5.1 +- Upstream fix to tar image's owner. -* Wed Mar 15 2023 CBL-Mariner Servicing Account - 1.1.1-6 -- Bump release to rebuild with go 1.19.6 +* Wed Jul 17 2024 Fedora Release Engineering - 1.4.0-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -* Fri Feb 03 2023 CBL-Mariner Servicing Account - 1.1.1-5 -- Bump release to rebuild with go 1.19.5 +* Tue Mar 19 2024 Bradley G Smith - 1.4.0-8 +- Add F40 support and update F38 to v1.4 -* Wed Jan 18 2023 CBL-Mariner Servicing Account - 1.1.1-4 -- Bump release to rebuild with go 1.19.4 +* Mon Mar 18 2024 Bradley G Smith - 1.4.0-7 +- Adds Initial Packit Integration -* Tue Nov 01 2022 Olivia Crain - 1.1.1-3 -- Bump release to rebuild with go 1.18.8 +* Sun Mar 17 2024 Bradley G Smith - 1.4.0-6 +- Fix incorrect bundled provides syntax -* Mon Aug 22 2022 Olivia Crain - 1.1.1-2 -- Bump release to rebuild against Go 1.18.5 +* Sat Feb 17 2024 Bradley G Smith - 1.4.0-5 +- Replace manual awk script with macro supported vendoring -* Fri Jul 22 2022 Suresh Babu Chalamalasetty - 1.1.1-1 -- Upgrade version to 1.1.1. -- Updated SPEC file for compatibility with 1.1.1 version. +* Sun Feb 11 2024 Maxwell G - 1.4.0-4 +- Rebuild for golang 1.22.0 -* Tue Mar 01 2022 Pawel Winogrodzki - 0.9.0-3 -- Fixing usage of the '%%gobuild' macro. -- License verified. +* Wed Jan 24 2024 Fedora Release Engineering - 1.4.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 1.4.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Jan 04 2024 Bradley G Smith - 1.4.0-1 +- Update to v1.4.0 + +* Wed Jul 19 2023 Fedora Release Engineering - 1.3.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Jun 22 2023 Yaakov Selkowitz - 1.3.0-2 +- Import 1.3.0 sources + +* Mon Jun 05 2023 Peter Hunt - 1.3.0-1 +- bump to v1.3.0 + +* Wed Mar 08 2023 Lokesh Mandvekar - 1.1.1-16 +- Resolves: #2161274, #2163068 - Rebuild for CVE-2022-41717 + +* Mon Mar 06 2023 Lokesh Mandvekar - 1.1.1-15 +- migrated to SPDX license + +* Thu Jan 19 2023 Fedora Release Engineering - 1.1.1-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Fri Oct 28 2022 Troy Dawson - 1.1.1-13 +- Add ExclusiveArch + +* Mon Oct 10 2022 Lokesh Mandvekar - 1.1.1-12 +- remove debbuild macros to comply with Fedora guidelines + +* Thu Aug 18 2022 Lokesh Mandvekar - 1.1.1-11 +- no bundled provides for debbuild + +* Wed Aug 17 2022 Lokesh Mandvekar - 1.1.1-10 +- use easier tag macros to make both fedora and debbuild happy + +* Tue Aug 16 2022 Lokesh Mandvekar - 1.1.1-9 +- enable debbuild + +* Thu Jul 21 2022 Maxwell G - 1.1.1-8 +- Fix FTBFS + +* Wed Jul 20 2022 Fedora Release Engineering - 1.1.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Tue Jul 19 2022 Maxwell G - 1.1.1-6 +- Rebuild for + CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang + +* Sat Jun 18 2022 Robert-André Mauchin - 1.1.1-5 +- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, + CVE-2022-27191, CVE-2022-29526, CVE-2022-30629 + +* Fri Jun 17 2022 Robert-André Mauchin - 1.1.1-4 +- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, + CVE-2022-27191, CVE-2022-29526, CVE-2022-30629 + +* Mon May 30 2022 Lokesh Mandvekar - 1.1.1-3 +- remove unused macros + +* Mon May 30 2022 RH Container Bot - 1.1.1-2 +- auto bump to v1.1.1 + +* Fri Apr 01 2022 Lokesh Mandvekar - 1.1.1-1 +- bump to v1.1.1 + +* Mon Mar 07 2022 Lokesh Mandvekar - 1.1.0-1 +- bump to v1.1.0 + +* Wed Feb 02 2022 Lokesh Mandvekar - 1.0.1-4 +- Provides: container-network-stack = 1 + +* Mon Jan 24 2022 Lokesh Mandvekar - 1.0.1-3 +- switch to autospec and Provides: container-network-stack + +* Wed Jan 19 2022 Fedora Release Engineering - 1.0.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Wed Sep 08 2021 RH Container Bot - 1.0.1-1 +- containernetworking-plugins-1.0.1-1 + +* Thu Aug 19 2021 Lokesh Mandvekar - 1.0.0-14 +- containernetworking-plugins-1.0.0-21 +- fix release tag and built v1.0.0 + +* Mon Aug 16 2021 RH Container Bot - 1.0.0-13 +- containernetworking-plugins-1.0.0-1 + +* Mon Aug 02 2021 Lokesh Mandvekar - 1.0.0-12 +- containernetworking-plugins-1.0.0-20.1.git2876cd5 +- Resolves: #1983596, #1987737 - Security fix for CVE-2021-34558 + +* Wed Jul 21 2021 Fedora Release Engineering - 1.0.0-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Wed Jul 21 2021 Fedora Release Engineering - 1.0.0-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Thu Jun 17 2021 RH Container Bot - 1.0.0-9 +- containernetworking-plugins-1.0.0-18.1.git2876cd5 +- autobuilt 2876cd5 + +* Mon Jun 14 2021 Lokesh Mandvekar - 1.0.0-8 +- containernetworking-plugins-1.0.0-17.1.git5238c13 +- BR: go-rpm-macros to re-enable debuginfo + +* Sat Jun 12 2021 Kevin Fenzi - 1.0.0-7 +- Disable debug packages to get rawhide composing. + +* Mon Jun 07 2021 Lokesh Mandvekar - 1.0.0-6 +- containernetworking-plugins-1.0.0-15.1.git5238c13 +- Resolves: #1962008 - use correct plugin path in unitfile + +* Mon Jun 07 2021 Lokesh Mandvekar - 1.0.0-5 +- Resolves: #1962008 + +* Thu Jun 03 2021 RH Container Bot - 1.0.0-4 +- containernetworking-plugins-1.0.0-14.1.git5238c13 +- autobuilt 5238c13 + +* Thu May 27 2021 RH Container Bot - 1.0.0-3 +- containernetworking-plugins-1.0.0-13.1.git78702e9 +- autobuilt 78702e9 + +* Thu May 20 2021 RH Container Bot - 1.0.0-2 +- containernetworking-plugins-1.0.0-12.1.git6618a0a +- autobuilt 6618a0a + +* Thu May 06 2021 RH Container Bot - 1.0.0-1 +- containernetworking-plugins-1.0.0-11.1.git8de0287 +- bump to 1.0.0 +- autobuilt 8de0287 + +* Tue Apr 20 2021 RH Container Bot - 0.9.1-10 +- containernetworking-plugins-0.9.1-10.1.gitb41052c +- autobuilt b41052c + +* Wed Mar 10 2021 RH Container Bot - 0.9.1-9 +- containernetworking-plugins-0.9.1-9.1.git2989aba +- autobuilt 2989aba + +* Mon Mar 08 2021 Lokesh Mandvekar - 0.9.1-8 +- containernetworking-plugins-0.9.1-8.1.gitd385120 +- fix build issues + +* Wed Mar 03 2021 RH Container Bot - 0.9.1-7 +- containernetworking-plugins-0.9.1-7.1.gitd385120 +- autobuilt d385120 -* Fri Apr 30 2021 Pawel Winogrodzki - 0.9.0-2 -- Initial CBL-Mariner import from Fedora 32 (license: MIT). -- Making binaries paths compatible with CBL-Mariner's paths. +* Wed Mar 03 2021 RH Container Bot - 0.9.1-6 +- containernetworking-plugins-0.9.1-6.1.git1c1799e +- autobuilt 1c1799e -* Wed Dec 9 2020 RH Container Bot - 0.9.0-1 -- autobuilt v0.9.0 +* Wed Mar 03 2021 RH Container Bot - 0.9.1-5 +- containernetworking-plugins-0.9.1-5.1.git0ea07b8 +- autobuilt 0ea07b8 -* Wed Aug 26 2020 RH Container Bot - 0.8.7-1 -- autobuilt v0.8.7 +* Wed Feb 24 2021 RH Container Bot - 0.9.1-4 +- containernetworking-plugins-0.9.1-4.1.git47927f5 +- autobuilt 47927f5 -* Wed May 13 2020 RH Container Bot - 0.8.6-1 -- autobuilt v0.8.6 +* Wed Feb 24 2021 RH Container Bot - 0.9.1-3 +- containernetworking-plugins-0.9.1-3.1.git8936113 +- autobuilt 8936113 -* Thu Jan 30 2020 Lokesh Mandvekar - 0.8.5-1.1.gitf5c3d1b +* Mon Feb 15 2021 Lokesh Mandvekar - 0.9.1-2 +- containernetworking-plugins-0.9.1-2.1.gitfa48f75 +- Resolves: #1928513 - install cni-dhcp unitfiles + +* Fri Feb 05 2021 Lokesh Mandvekar - 0.9.1-1 +- containernetworking-plugins-0.9.1-1.1.gitfa48f75 +- built fa48f75 + +* Fri Feb 05 2021 Lokesh Mandvekar - 0.9.0-7 +- include CVE ID in changelog + +* Fri Feb 05 2021 Lokesh Mandvekar - 0.9.0-6 +- containernetworking-plugins-0.9.0-27.1.git74a6b28 +- Resolves: #1919391,1925399 + +* Wed Jan 27 2021 RH Container Bot - 0.9.0-5 +- containernetworking-plugins-0.9.0-26.1.git8feef71 +- autobuilt 8feef71 + +* Tue Jan 26 2021 Fedora Release Engineering - 0.9.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jan 20 2021 RH Container Bot - 0.9.0-3 +- containernetworking-plugins-0.9.0-24.1.git8c66d68 +- autobuilt 8c66d68 + +* Mon Jan 11 2021 RH Container Bot - 0.9.0-2 +- containernetworking-plugins-0.9.0-23.1.git48a97a7 +- autobuilt 48a97a7 + +* Thu Jan 07 2021 RH Container Bot - 0.9.0-1 +- containernetworking-plugins-0.9.0-22.1.git3819ef7 +- bump to 0.9.0 +- autobuilt 3819ef7 + +* Wed Dec 09 2020 RH Container Bot - 0.8.7-9 +- containernetworking-plugins-0.8.7-21.1.gite13bab9 +- autobuilt e13bab9 + +* Wed Nov 25 2020 RH Container Bot - 0.8.7-8 +- containernetworking-plugins-0.8.7-20.1.git509d645 +- autobuilt 509d645 + +* Thu Nov 19 2020 RH Container Bot - 0.8.7-7 +- containernetworking-plugins-0.8.7-19.1.gitcccf539 +- autobuilt cccf539 + +* Thu Nov 12 2020 RH Container Bot - 0.8.7-6 +- containernetworking-plugins-0.8.7-18.1.git8aad973 +- autobuilt 8aad973 + +* Thu Nov 05 2020 RH Container Bot - 0.8.7-5 +- containernetworking-plugins-0.8.7-17.1.gitccd872b +- autobuilt ccd872b + +* Fri Oct 23 2020 RH Container Bot - 0.8.7-4 +- containernetworking-plugins-0.8.7-16.1.git440dcc3 +- autobuilt 440dcc3 + +* Thu Oct 15 2020 RH Container Bot - 0.8.7-3 +- containernetworking-plugins-0.8.7-15.1.gita9abbaf +- autobuilt a9abbaf + +* Thu Oct 08 2020 RH Container Bot - 0.8.7-2 +- containernetworking-plugins-0.8.7-14.1.git6df03d7 +- autobuilt 6df03d7 + +* Wed Sep 16 2020 RH Container Bot - 0.8.7-1 +- containernetworking-plugins-0.8.7-13.1.gite78e6aa +- bump to 0.8.7 +- autobuilt e78e6aa + +* Wed Aug 26 2020 RH Container Bot - 0.8.6-12 +- containernetworking-plugins-0.8.6-12.1.git9b8de6a +- autobuilt 9b8de6a + +* Wed Aug 05 2020 RH Container Bot - 0.8.6-11 +- containernetworking-plugins-0.8.6-11.1.gitbd58999 +- autobuilt bd58999 + +* Wed Aug 05 2020 RH Container Bot - 0.8.6-10 +- containernetworking-plugins-0.8.6-10.1.git8a88f90 +- autobuilt 8a88f90 + +* Mon Jul 27 2020 Fedora Release Engineering - 0.8.6-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 22 2020 RH Container Bot - 0.8.6-8 +- containernetworking-plugins-0.8.6-8.1.gitd713ec6 +- autobuilt d713ec6 + +* Wed Jul 15 2020 RH Container Bot - 0.8.6-7 +- containernetworking-plugins-0.8.6-7.1.git6eb8e31 +- autobuilt 6eb8e31 + +* Wed Jul 08 2020 RH Container Bot - 0.8.6-6 +- containernetworking-plugins-0.8.6-6.1.gitc90b165 +- autobuilt c90b165 + +* Wed Jul 01 2020 RH Container Bot - 0.8.6-5 +- containernetworking-plugins-0.8.6-5.1.git28773dc +- autobuilt 28773dc + +* Wed Jun 24 2020 RH Container Bot - 0.8.6-4 +- containernetworking-plugins-0.8.6-4.1.gite1f8f9b +- autobuilt e1f8f9b + +* Wed Jun 03 2020 RH Container Bot - 0.8.6-3 +- containernetworking-plugins-0.8.6-3.1.git1fb9793 +- autobuilt 1fb9793 + +* Wed May 27 2020 RH Container Bot - 0.8.6-2 +- containernetworking-plugins-0.8.6-2.1.gitb76fdd7 +- autobuilt b76fdd7 + +* Fri May 15 2020 Lokesh Mandvekar - 0.8.6-1 +- containernetworking-plugins-0.8.6-1.1.gitad10b6f +- correct version tag + +* Wed May 13 2020 RH Container Bot - 0.8.5-12 +- containernetworking-plugins-0.8.5-8.1.gitad10b6f +- autobuilt ad10b6f + +* Wed Apr 29 2020 RH Container Bot - 0.8.5-11 +- containernetworking-plugins-0.8.5-7.1.gitf7a2fc9 +- autobuilt f7a2fc9 + +* Wed Apr 22 2020 RH Container Bot - 0.8.5-10 +- containernetworking-plugins-0.8.5-6.1.git5af9ff4 +- autobuilt 5af9ff4 + +* Wed Apr 15 2020 RH Container Bot - 0.8.5-9 +- containernetworking-plugins-0.8.5-5.1.gita78853f +- autobuilt a78853f + +* Wed Apr 08 2020 RH Container Bot - 0.8.5-8 +- containernetworking-plugins-0.8.5-4.1.gitf4332fe +- autobuilt f4332fe + +* Wed Apr 01 2020 RH Container Bot - 0.8.5-7 +- containernetworking-plugins-0.8.5-3.1.git117e30f +- autobuilt 117e30f + +* Fri Mar 20 2020 RH Container Bot - 0.8.5-6 +- containernetworking-plugins-0.8.5-2.1.git47a9fd8 +- autobuilt 47a9fd8 + +* Mon Feb 03 2020 Lokesh Mandvekar - 0.8.5-5 +- disable debuginfo for centos + +* Mon Feb 03 2020 Lokesh Mandvekar - 0.8.5-4 +- GO111MODULE=off + +* Mon Feb 03 2020 Lokesh Mandvekar - 0.8.5-3 +- use BR: golang + +* Mon Feb 03 2020 Lokesh Mandvekar - 0.8.5-2 +- use go-md2man as builddep + +* Thu Jan 30 2020 Lokesh Mandvekar - 0.8.5-1 +- containernetworking-plugins-0.8.5-1.1.gitf5c3d1b - bump to v0.8.5 - autobuilt f5c3d1b -* Tue Jan 28 2020 Fedora Release Engineering - 0.8.2-0.5.dev.git291ab6c +* Tue Jan 28 2020 Fedora Release Engineering - 0.8.2-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -* Wed Sep 18 2019 Lokesh Mandvekar (Bot) - 0.8.2-0.4.dev.git291ab6c +* Wed Sep 18 2019 Lokesh Mandvekar (Bot) - 0.8.2-4 +- containernetworking-plugins-0.8.2-0.4.dev.git291ab6c - autobuilt 291ab6c -* Wed Sep 11 2019 Lokesh Mandvekar (Bot) - 0.8.2-0.3.dev.git23d5525 +* Wed Sep 11 2019 Lokesh Mandvekar (Bot) - 0.8.2-3 +- containernetworking-plugins-0.8.2-0.3.dev.git23d5525 - autobuilt 23d5525 -* Wed Sep 11 2019 Lokesh Mandvekar (Bot) - 0.8.2-0.2.dev.git4bb2881 +* Wed Sep 11 2019 Lokesh Mandvekar (Bot) - 0.8.2-2 +- containernetworking-plugins-0.8.2-0.2.dev.git4bb2881 - autobuilt 4bb2881 -* Wed Aug 28 2019 Lokesh Mandvekar (Bot) - 0.8.2-0.1.dev.git7e68430 +* Wed Aug 28 2019 Lokesh Mandvekar (Bot) - 0.8.2-1 +- containernetworking-plugins-0.8.2-0.1.dev.git7e68430 - bump to 0.8.2 - autobuilt 7e68430 -* Wed Aug 14 2019 Lokesh Mandvekar (Bot) - 0.8.1-7.1.dev.git485be65 +* Wed Aug 14 2019 Lokesh Mandvekar (Bot) - 0.8.1-9 +- containernetworking-plugins-0.8.1-7.1.dev.git485be65 - autobuilt 485be65 -* Wed Aug 14 2019 Lokesh Mandvekar (Bot) - 0.8.1-6.1.dev.gitc9e1c0c +* Wed Aug 14 2019 Lokesh Mandvekar (Bot) - 0.8.1-8 +- containernetworking-plugins-0.8.1-6.1.dev.gitc9e1c0c - autobuilt c9e1c0c -* Mon Aug 12 2019 Lokesh Mandvekar (Bot) - 0.8.1-5.1.dev.git2d6d4b2 +* Mon Aug 12 2019 Lokesh Mandvekar (Bot) - 0.8.1-7 +- containernetworking-plugins-0.8.1-5.1.dev.git2d6d4b2 - autobuilt 2d6d4b2 -* Wed Aug 07 2019 Lokesh Mandvekar (Bot) - 0.8.1-4.1.dev.gitccd683e +* Wed Aug 07 2019 Lokesh Mandvekar (Bot) - 0.8.1-6 +- containernetworking-plugins-0.8.1-4.1.dev.gitccd683e - autobuilt ccd683e -* Wed Jul 24 2019 Lokesh Mandvekar (Bot) - 0.8.1-3.1.dev.gitded2f17 +* Wed Jul 31 2019 Lokesh Mandvekar - 0.8.1-5 +- built_tag macro records exact upstream tag built + +* Wed Jul 24 2019 Lokesh Mandvekar (Bot) - 0.8.1-4 +- containernetworking-plugins-0.8.1-3.1.dev.gitded2f17 - autobuilt ded2f17 -* Thu Jul 18 2019 Lokesh Mandvekar (Bot) - 0.8.1-2.1.dev.git7ba2bcf +* Thu Jul 18 2019 Lokesh Mandvekar (Bot) - 0.8.1-3 +- containernetworking-plugins-0.8.1-2.1.dev.git7ba2bcf - autobuilt 7ba2bcf -* Wed Jul 10 2019 Lokesh Mandvekar - 0.8.1-1.1.dev.git966bbcb +* Wed Jul 10 2019 Lokesh Mandvekar - 0.8.1-2 +- containernetworking-plugins-0.8.1-1.1.dev.git966bbcb - built 966bbcb - hook up to autobuild * Fri Jun 07 2019 Lokesh Mandvekar - 0.8.1-1 +- containernetworking-plugins-0.8.1-1 - bump to v0.8.1 +* Fri May 31 2019 Lokesh Mandvekar - 0.7.5-3 +- add centos7 conditionals + +* Fri May 31 2019 Lokesh Mandvekar - 0.7.5-2 +- BR: git and remove ExcludeArch + * Fri May 31 2019 Lokesh Mandvekar - 0.7.5-1 +- containernetworking-plugins-0.7.5-1 - Resolves: #1715758 - CVE-2019-9946 - bump to v0.7.5 -- BR: git -- remove ExcludeArch: ppc64 * Wed Feb 27 2019 Jason Brooks - 0.7.4-2 -- add Provides kubernetes-cni for compatibility with upstream kubelet package +- add provides kubernetes-cni for upstream kubelet compat * Wed Feb 13 2019 Lokesh Mandvekar - 0.7.4-1 +- containernetworking-plugins-0.7.4-1 - bump to v0.7.4 * Thu Jan 31 2019 Fedora Release Engineering - 0.7.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Thu Aug 30 2018 Lokesh Mandvekar - 0.7.3-2 +- containernetworking-plugins-0.7.3-2 - correct upgrade path from older -cni package - for whatever reason, "<" works but "<=" doesn't for obsoletion * Mon Aug 20 2018 Lokesh Mandvekar - 0.7.3-1 +- containernetworking-plugins-0.7.3-1 - Resolves: #1613909 - rename package to containernetworking-plugins - Obsoletes containernetworking-cni - bump to v0.7.3 - -* Wed Jul 18 2018 Lokesh Mandvekar - 0.7.1-1 -- Resolves: #1543200 - bump to v0.7.1 -- remove patch in dist-git from 0.6.0-2 (already upstreamed) - -* Thu Jul 12 2018 Fedora Release Engineering - 0.6.0-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Mon Apr 2 2018 Peter Robinson 0.6.0-4 -- Own the libexec cni directory - -* Wed Feb 07 2018 Fedora Release Engineering - 0.6.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Tue Jan 23 2018 Dan Williams - 0.6.0-2 -- skip settling IPv4 addresses - -* Mon Jan 08 2018 Frantisek Kluknavsky - 0.6.0-1 -- rebased to 7480240de9749f9a0a5c8614b17f1f03e0c06ab9 - -* Fri Oct 13 2017 Lokesh Mandvekar - 0.5.2-7 -- do not install to /opt (against Fedora Guidelines) - -* Thu Aug 24 2017 Jan Chaloupka - 0.5.2-6 -- Enable devel subpackage - -* Wed Aug 02 2017 Fedora Release Engineering - 0.5.2-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Wed Jul 26 2017 Fedora Release Engineering - 0.5.2-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Thu Jul 13 2017 Lokesh Mandvekar - 0.5.2-3 -- excludearch: ppc64 as it's not in goarches anymore -- re-enable s390x - -* Fri Jun 30 2017 Lokesh Mandvekar - 0.5.2-2 -- upstream moved to github.com/containernetworking/plugins -- built commit dcf7368 -- provides: containernetworking-plugins -- use vendored deps because they're a lot less of a PITA -- excludearch: s390x for now (rhbz#1466865) - -* Mon Jun 12 2017 Timothy St. Clair - 0.5.2-1 -- Update to 0.5.2 -- Softlink to default /opt/cni/bin directories - -* Sun May 07 2017 Timothy St. Clair - 0.5.1-1 -- Initial package +## END: Generated by rpmautospec diff --git a/SPECS-EXTENDED/dyninst/dyninst.spec b/SPECS-EXTENDED/dyninst/dyninst.spec index 1cc7af992a..000ba95e12 100644 --- a/SPECS-EXTENDED/dyninst/dyninst.spec +++ b/SPECS-EXTENDED/dyninst/dyninst.spec @@ -1,7 +1,7 @@ Summary: An API for Run-time Code Generation License: LGPLv2+ Name: dyninst -Release: 19%{?dist} +Release: 20%{?dist} Vendor: Microsoft Corporation Distribution: Azure Linux URL: http://www.dyninst.org @@ -31,7 +31,7 @@ BuildRequires: tbb tbb-devel # Extra requires just for the testsuite BuildRequires: gcc-gfortran libstdc++-static libxml2-devel -BuildRequires: glibc-static >= 2.38-9%{?dist} +BuildRequires: glibc-static >= 2.38-10%{?dist} # Testsuite files should not provide/require anything %{?filter_setup: @@ -194,6 +194,9 @@ echo "%{_libdir}/dyninst" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf %attr(644,root,root) %{_libdir}/dyninst/testsuite/*.a %changelog +* Mon May 12 2025 Andrew Phelps - 10.1.0-20 +- Bump to rebuild with updated glibc + * Tue Feb 25 2025 Chris Co - 10.1.0-19 - Bump to rebuild with updated glibc diff --git a/SPECS-EXTENDED/freexl/freexl.signatures.json b/SPECS-EXTENDED/freexl/freexl.signatures.json index 7b35ceacf5..1978b57cc6 100644 --- a/SPECS-EXTENDED/freexl/freexl.signatures.json +++ b/SPECS-EXTENDED/freexl/freexl.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "freexl-1.0.6.tar.gz": "3de8b57a3d130cb2881ea52d3aa9ce1feedb1b57b7daa4eb37f751404f90fc22" + "freexl-2.0.0.tar.gz": "176705f1de58ab7c1eebbf5c6de46ab76fcd8b856508dbd28f5648f7c6e1a7f0" } } diff --git a/SPECS-EXTENDED/freexl/freexl.spec b/SPECS-EXTENDED/freexl/freexl.spec index e5bf1e8b80..cb9c275547 100644 --- a/SPECS-EXTENDED/freexl/freexl.spec +++ b/SPECS-EXTENDED/freexl/freexl.spec @@ -8,8 +8,8 @@ %bcond_without autoreconf Summary: Library to extract data from within an Excel spreadsheet Name: freexl -Version: 1.0.6 -Release: 19%{?dist} +Version: 2.0.0 +Release: 1%{?dist} # The entire source is triply-licensed as (MPL-1.1 OR GPL-2.0-or-later OR # LGPL-2.1-or-later), except for some build-system files that do not contribute # to the license of the binary RPMs: @@ -29,6 +29,8 @@ Source0: https://www.gaia-gis.it/gaia-sins/freexl-sources/%{name}-%{versi BuildRequires: gcc BuildRequires: make +BuildRequires: minizip-devel + %if %{with autoreconf} BuildRequires: autoconf BuildRequires: automake @@ -131,6 +133,10 @@ find '%{buildroot}' -type f -name '*.la' -print -delete %endif %changelog +* Mon Oct 28 2024 Jyoti kanase - 2.0.0-1 +- Upgrade to version 2.0.0 +- License verified + * Wed Aug 09 2023 Archana Choudhary - 1.0.6-19 - Initial CBL-Mariner import from Fedora 37 (license: MIT). - Disable doc_pdf diff --git a/SPECS-EXTENDED/generic-logos/generic-logos.spec b/SPECS-EXTENDED/generic-logos/generic-logos.spec index ad24762955..4ce70de89e 100644 --- a/SPECS-EXTENDED/generic-logos/generic-logos.spec +++ b/SPECS-EXTENDED/generic-logos/generic-logos.spec @@ -1,8 +1,11 @@ +%global _kde4_appsdir /usr/share/kde4/apps +%global _kde4_iconsdir /usr/share/icons + Vendor: Microsoft Corporation Distribution: Azure Linux Name: generic-logos Version: 18.0.0 -Release: 11%{?dist} +Release: 12%{?dist} Summary: Icons and pictures URL: https://pagure.io/generic-logos @@ -11,7 +14,7 @@ Source0: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2 License: GPLv2 and LGPLv2+ BuildArch: noarch -Obsoletes: redhat-logos +Obsoletes: redhat-logos < %{version}-%{release} Obsoletes: generic-logos < 17.0.0-5 Provides: redhat-logos = %{version}-%{release} Provides: system-logos = %{version}-%{release} @@ -158,6 +161,10 @@ fi %{_datadir}/pixmaps/poweredby.png %changelog +* Thu Apr 24 2025 Durga Jagadeesh Palli - 18.0.0-12 +- Fix build error by correcting file paths: _kde4_appsdir and _kde4_iconsdir must start with "/". +- License verified. + * Fri Oct 15 2021 Pawel Winogrodzki - 18.0.0-11 - Initial CBL-Mariner import from Fedora 32 (license: MIT). diff --git a/SPECS-EXTENDED/hyphen-ca/hyphen-ca.signatures.json b/SPECS-EXTENDED/hyphen-ca/hyphen-ca.signatures.json index 408dea4b92..ffb84477d7 100644 --- a/SPECS-EXTENDED/hyphen-ca/hyphen-ca.signatures.json +++ b/SPECS-EXTENDED/hyphen-ca/hyphen-ca.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "hyph-ca.oxt": "57319f9e21affccb0f10a0497acb98bed0cbb7ff413c7836f5cd509645ffeca8" + "hyphen-ca-1.5.tar.gz": "a5a2d675946075374cf384e2d44628e6b22110289dd8d291858cbdedc37f1c62" } } diff --git a/SPECS-EXTENDED/hyphen-ca/hyphen-ca.spec b/SPECS-EXTENDED/hyphen-ca/hyphen-ca.spec index 16d7ce375b..dea1ed8869 100644 --- a/SPECS-EXTENDED/hyphen-ca/hyphen-ca.spec +++ b/SPECS-EXTENDED/hyphen-ca/hyphen-ca.spec @@ -2,11 +2,12 @@ Vendor: Microsoft Corporation Distribution: Azure Linux Name: hyphen-ca Summary: Catalan hyphenation rules -Version: 0.9.3 -Release: 20%{?dist} -Source: https://downloads.sourceforge.net/project/aoo-extensions/2010/7/hyph-ca.oxt -URL: http://extensions.services.openoffice.org/project/ca_hyph -License: GPLv3 +Epoch: 1 +Version: 1.5 +Release: 5%{?dist} +Source: https://github.com/jaumeortola/hyphen-ca/archive/refs/tags/v1.5.tar.gz#/%{name}-%{version}.tar.gz +URL: https://github.com/jaumeortola/hyphen-ca +License: GPL-3.0-or-later BuildArch: noarch Requires: hyphen @@ -16,10 +17,10 @@ Supplements: (hyphen and langpacks-ca) Catalan hyphenation rules. %prep -%autosetup -c +%autosetup %build -for i in release-note_en.txt release-note_ca.txt; do +for i in office/release-note_en.txt; do tr -d '\r' < $i > $i.new touch -r $i $i.new mv -f $i.new $i @@ -27,7 +28,7 @@ done %install mkdir -p $RPM_BUILD_ROOT/%{_datadir}/hyphen -cp -p hyph_ca_ANY.dic $RPM_BUILD_ROOT/%{_datadir}/hyphen/hyph_ca_ES.dic +cp -p office/hyph_ca_ANY.dic $RPM_BUILD_ROOT/%{_datadir}/hyphen/hyph_ca_ES.dic pushd $RPM_BUILD_ROOT/%{_datadir}/hyphen/ ca_ES_aliases="ca_AD ca_FR ca_IT" for lang in $ca_ES_aliases; do @@ -37,15 +38,50 @@ popd %files -%doc release-note_en.txt release-note_ca.txt LICENSES-en.txt LLICENCIES-ca.txt +%doc office/release-note_en.txt README.md +%license office/gpl.txt %{_datadir}/hyphen/* %changelog -* Mon Nov 01 2021 Muhammad Falak - 0.9.3-20 -- Remove epoch +* Tue Oct 29 2024 Sreenivasulu Malavathula - 1:1.5-5 +- Initial Azure Linux import from Fedora 41 (license: MIT) +- License verified -* Fri Oct 15 2021 Pawel Winogrodzki - 1:0.9.3-19 -- Initial CBL-Mariner import from Fedora 32 (license: MIT). +* Thu Jul 18 2024 Fedora Release Engineering - 1:1.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Wed Jan 24 2024 Fedora Release Engineering - 1:1.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sat Jan 20 2024 Fedora Release Engineering - 1:1.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Aug 10 2023 Parag Nemade - 1:1.5-1 +- Resolves:rh#2230536 - Update to new Upstream Source + +* Thu Jul 20 2023 Fedora Release Engineering - 1:0.9.3-26 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Feb 23 2023 Caolán McNamara - 1:0.9.3-25 +- migrated to SPDX license + +* Thu Jan 19 2023 Fedora Release Engineering - 1:0.9.3-24 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Jul 21 2022 Fedora Release Engineering - 1:0.9.3-23 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Thu Jan 20 2022 Fedora Release Engineering - 1:0.9.3-22 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Jul 22 2021 Fedora Release Engineering - 1:0.9.3-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Jan 26 2021 Fedora Release Engineering - 1:0.9.3-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 1:0.9.3-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Jan 29 2020 Fedora Release Engineering - 1:0.9.3-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild diff --git a/SPECS-EXTENDED/hyphen-it/hyphen-it.signatures.json b/SPECS-EXTENDED/hyphen-it/hyphen-it.signatures.json index cb4f0193ea..d3d126b90e 100644 --- a/SPECS-EXTENDED/hyphen-it/hyphen-it.signatures.json +++ b/SPECS-EXTENDED/hyphen-it/hyphen-it.signatures.json @@ -1,6 +1,6 @@ { "Signatures": { - "hyph_it_IT.zip": "3e7961e7b1bc13e0c6f13826fccb415ceb37bbc68a2a83739db2b7a442a6e197", - "hyphen-it-LICENSE.txt": "d2a8ec9077dc0227226ae618a80a20d3ba606374a5b489cd6a61a8161d7d089f" + "dizionario_italiano-5.1.1.tar.gz": "ed840e5e90fa7752761edc5729a5c5bcb66caa3cc31fcd738235d235160ccc88" } } + diff --git a/SPECS-EXTENDED/hyphen-it/hyphen-it.spec b/SPECS-EXTENDED/hyphen-it/hyphen-it.spec index 209e9cffea..e5ee08ca3c 100644 --- a/SPECS-EXTENDED/hyphen-it/hyphen-it.spec +++ b/SPECS-EXTENDED/hyphen-it/hyphen-it.spec @@ -1,28 +1,28 @@ Vendor: Microsoft Corporation Distribution: Azure Linux -Name: hyphen-it -Summary: Italian hyphenation rules -%global upstreamid 20071127 -Version: 0.%{upstreamid} -Release: 23%{?dist} -Source0: http://download.services.openoffice.org/contrib/dictionaries/hyph_it_IT.zip -Source1: hyphen-it-LICENSE.txt -URL: http://wiki.services.openoffice.org/wiki/Dictionaries -License: LGPLv2+ -BuildArch: noarch -Requires: hyphen -Supplements: (hyphen and langpacks-it) -Provides: hyphen-la = 0.%{upstreamid}-3%{?dist} +Name: hyphen-it +Summary: Italian hyphenation rules +Version: 5.1.1 +Release: 7%{?dist} +# The license text is embedded within the README files +# Here we specify the thesaurus license only as other files are not packaged +License: LGPL-2.1-only +URL: https://pagure.io/dizionario_italiano +Source: %{url}/archive/%{version}/dizionario_italiano-%{version}.tar.gz + +BuildArch: noarch +Requires: hyphen +Supplements: (hyphen and langpacks-it) +Provides: hyphen-la = %{version} %description Italian hyphenation rules. %prep -%autosetup -c -n hyphen-it -cp %{SOURCE1} ./LICENSE.txt -chmod -x * +%autosetup -n dizionario_italiano-%{version} %build +# Nothing to do %install mkdir -p $RPM_BUILD_ROOT/%{_datadir}/hyphen @@ -35,15 +35,56 @@ for lang in $it_IT_aliases; do ln -s hyph_it_IT.dic "hyph_"$lang".dic" done - %files -%license LICENSE.txt -%doc README_hyph_it_IT.txt -%{_datadir}/hyphen/* +%license LICENSES/lgpl-2.1.txt +%doc CHANGELOG.txt README.md README_hyph_it_IT.txt +%{_datadir}/hyphen/hyph_it_IT.dic +%{_datadir}/hyphen/hyph_it_CH.dic +%{_datadir}/hyphen/hyph_la_VA.dic %changelog -* Fri Oct 15 2021 Pawel Winogrodzki - 0.20071127-23 -- Initial CBL-Mariner import from Fedora 32 (license: MIT). +* Wed Nov 06 2024 Sreenivasulu Malavathula - 5.1.1-7 +- Initial Azure Linux import from Fedora 41 (license: MIT) +- License verified + +* Thu Jul 18 2024 Fedora Release Engineering - 5.1.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Wed Jan 24 2024 Fedora Release Engineering - 5.1.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sat Jan 20 2024 Fedora Release Engineering - 5.1.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Jul 20 2023 Fedora Release Engineering - 5.1.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Sun Jun 04 2023 Mattia Verga - 5.1.1-2 +- Use sources from pagure.io project + +* Sun Jun 04 2023 Mattia Verga - 5.1.1-1 +- Switch to libreoffice dictionaries from libreitalia.org + +* Thu Feb 23 2023 Caolán McNamara - 0.20071127-29 +- migrated to SPDX license + +* Thu Jan 19 2023 Fedora Release Engineering - 0.20071127-28 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Jul 21 2022 Fedora Release Engineering - 0.20071127-27 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Thu Jan 20 2022 Fedora Release Engineering - 0.20071127-26 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Jul 22 2021 Fedora Release Engineering - 0.20071127-25 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Jan 26 2021 Fedora Release Engineering - 0.20071127-24 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 0.20071127-23 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Jan 29 2020 Fedora Release Engineering - 0.20071127-22 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild @@ -103,14 +144,14 @@ done * Tue Feb 24 2009 Fedora Release Engineering - 0.20071127-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild -* Sun Nov 02 2008 Caolan McNamara - 0.20071127-3 +* Sun Nov 02 2008 Caolán McNamara - 0.20071127-3 - add Latin alias -* Thu Nov 29 2007 Caolan McNamara - 0.20071127-2 +* Thu Nov 29 2007 Caolán McNamara - 0.20071127-2 - add switz italian alias -* Tue Nov 27 2007 Caolan McNamara - 0.20071127-1 +* Tue Nov 27 2007 Caolán McNamara - 0.20071127-1 - latest version -* Fri Nov 23 2007 Caolan McNamara - 0.20030809-1 +* Fri Nov 23 2007 Caolán McNamara - 0.20030809-1 - initial version diff --git a/SPECS-EXTENDED/hyphen-tk/hyph-tk.tex b/SPECS-EXTENDED/hyphen-tk/hyph-tk.tex index b6c5209ab4..81c766bf7d 100644 --- a/SPECS-EXTENDED/hyphen-tk/hyph-tk.tex +++ b/SPECS-EXTENDED/hyphen-tk/hyph-tk.tex @@ -1,18 +1,45 @@ -% Hyphenation patterns for Turkmen (hyph-tk.tex) -% -% Author: Nazar Annagurban -% License: Public domain -% Version: 0.1 -% Date: 16 March 2010 -% -% ---------------------------------------------------------------------- -% -% The file has been auto-generated from generate_patterns_tk.rb -% that is part of hyph-utf8. -% -% For more information about UTF-8 hyphenation patterns for TeX and -% links to this file see -% http://www.tug.org/tex-hyphen/ +% title: Hyphenation patterns for Turkmen +% copyright: Copyright (C) 2010-2015 Nazar Annagurban +% notice: This file is part of the hyph-utf8 package. +% See http://www.hyphenation.org/tex for more information. +% language: +% name: Turkmen +% tag: tk +% version: 0.1 16 March 2010 +% authors: +% - +% name: Nazar Annagurban +% contact: nazartm (at) gmail.com +% licence: +% name: MIT +% url: https://opensource.org/licenses/MIT +% text: > +% Permission is hereby granted, free of charge, to any person obtaining a copy +% of this software and associated documentation files (the "Software"), to deal +% in the Software without restriction, including without limitation the rights +% to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +% copies of the Software, and to permit persons to whom the Software is +% furnished to do so, subject to the following conditions: +% +% The above copyright notice and this permission notice shall be included in +% all copies or substantial portions of the Software. +% +% THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +% IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +% FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE +% AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +% LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +% OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +% THE SOFTWARE. +% hyphenmins: +% typesetting: +% left: 2 +% right: 2 +% texlive: +% encoding: ec +% babelname: turkmen +% message: Turkmen hyphenation patterns +% description: Hyphenation patterns for Turkmen in T1/EC and UTF-8 encodings. % \patterns{ % Some suffixes are added through a hyphen. When hyphenating these words, a hyphen is added before the hyphen so that the line ends with a hyphen and the new line starts with a hyphen. diff --git a/SPECS-EXTENDED/hyphen-tk/hyphen-tk-cleantex.patch b/SPECS-EXTENDED/hyphen-tk/hyphen-tk-cleantex.patch index 56641c3f4b..a223bf42aa 100644 --- a/SPECS-EXTENDED/hyphen-tk/hyphen-tk-cleantex.patch +++ b/SPECS-EXTENDED/hyphen-tk/hyphen-tk-cleantex.patch @@ -1,14 +1,14 @@ ---- hyph-tk.tex 2010-03-16 13:42:31.000000000 +0000 -+++ hyph-tk.tex 2010-03-16 13:42:43.000000000 +0000 -@@ -14,7 +14,6 @@ - % links to this file see - % http://www.tug.org/tex-hyphen/ +--- hyph-tk.tex 2023-03-28 22:26:50.638117327 +0100 ++++ hyph-tk.tex 2023-03-28 22:27:21.875694151 +0100 +@@ -41,7 +41,6 @@ + % message: Turkmen hyphenation patterns + % description: Hyphenation patterns for Turkmen in T1/EC and UTF-8 encodings. % -\patterns{ % Some suffixes are added through a hyphen. When hyphenating these words, a hyphen is added before the hyphen so that the line ends with a hyphen and the new line starts with a hyphen. 1-4 % Allow hyphen after a vowel if and only if there is a single consonant before next the vowel -@@ -2393,4 +2392,3 @@ +@@ -2420,4 +2419,3 @@ n2g1l n1g2r s2k1w diff --git a/SPECS-EXTENDED/hyphen-tk/hyphen-tk.signatures.json b/SPECS-EXTENDED/hyphen-tk/hyphen-tk.signatures.json index 2c8f46d1f9..b2aceda837 100644 --- a/SPECS-EXTENDED/hyphen-tk/hyphen-tk.signatures.json +++ b/SPECS-EXTENDED/hyphen-tk/hyphen-tk.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "hyph-tk.tex": "27e8c32bb4423bbfa08fb812e37772edc355e660fcdc5e7f7d4e12d8b0fad2ae" + "hyph-tk.tex": "801ef59c14dab4fec0a9ae178632e63b8ef9f0362dcea74f4a3689a4a7908690" } } diff --git a/SPECS-EXTENDED/hyphen-tk/hyphen-tk.spec b/SPECS-EXTENDED/hyphen-tk/hyphen-tk.spec index ca02349654..822704db27 100644 --- a/SPECS-EXTENDED/hyphen-tk/hyphen-tk.spec +++ b/SPECS-EXTENDED/hyphen-tk/hyphen-tk.spec @@ -1,15 +1,13 @@ -%global upstream_commit ee22323218150388abdeb36184ad5861e3669b65 -%global upstreamid 20110620 - Vendor: Microsoft Corporation Distribution: Azure Linux Name: hyphen-tk Summary: Turkmen hyphenation rules +%global upstreamid 20210322 Version: 0.%{upstreamid} -Release: 18%{?dist} -Source: https://github.com/hyphenation/tex-hyphen/blob/%{upstream_commit}/hyph-utf8/tex/generic/hyph-utf8/patterns/tex/hyph-tk.tex -URL: http://tug.org/tex-hyphen -License: Public Domain +Release: 6%{?dist} +Source0: https://mirrors.ctan.org/language/hyph-utf8/tex/patterns/tex/hyph-tk.tex +URL: https://ctan.org +License: MIT BuildArch: noarch BuildRequires: hyphen-devel Requires: hyphen @@ -22,31 +20,61 @@ Turkmen hyphenation rules. %prep %setup -T -q -c -n hyphen-tk cp -p %{SOURCE0} . -%patch 0 -p0 -b .clean +%patch -P0 -p0 -b .clean %build substrings.pl hyph-tk.tex hyph_tk_TM.dic UTF-8 echo "Created with substring.pl by substrings.pl hyph-tk.tex hyph_tk_TM.dic UTF-8" > README echo "Original in-line credits were:" >> README echo "" >> README -head -n 15 hyph-tk.tex >> README +head -n 33 hyph-tk.tex >> README %install mkdir -p $RPM_BUILD_ROOT/%{_datadir}/hyphen cp -p hyph_tk_TM.dic $RPM_BUILD_ROOT/%{_datadir}/hyphen - %files %license README %{_datadir}/hyphen/hyph_tk_TM.dic %changelog -* Mon Apr 25 2022 Pawel Winogrodzki - 0.20110620-18 -- Updating source URLs. -- License verified. +* Fri Nov 08 2024 Sreenivasulu Malavathula - 0.20210322-6 +- Initial Azure Linux import from Fedora 41 (license: MIT) +- License verified + +* Thu Jul 18 2024 Fedora Release Engineering - 0.20210322-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Wed Jan 24 2024 Fedora Release Engineering - 0.20210322-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sat Jan 20 2024 Fedora Release Engineering - 0.20210322-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Jul 20 2023 Fedora Release Engineering - 0.20210322-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Tue Mar 28 2023 Caolán McNamara - 0.20210322-1 +- latest version with clarified license +- migrated to SPDX license + +* Thu Jan 19 2023 Fedora Release Engineering - 0.20110620-22 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Jul 21 2022 Fedora Release Engineering - 0.20110620-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Thu Jan 20 2022 Fedora Release Engineering - 0.20110620-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Jul 22 2021 Fedora Release Engineering - 0.20110620-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Jan 26 2021 Fedora Release Engineering - 0.20110620-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -* Fri Oct 15 2021 Pawel Winogrodzki - 0.20110620-17 -- Initial CBL-Mariner import from Fedora 32 (license: MIT). +* Tue Jul 28 2020 Fedora Release Engineering - 0.20110620-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Jan 29 2020 Fedora Release Engineering - 0.20110620-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild diff --git a/SPECS-EXTENDED/jsch/jsch-0.1.54-sourcetarget.patch b/SPECS-EXTENDED/jsch/jsch-0.1.54-sourcetarget.patch index ffaac50733..79dbd01207 100644 --- a/SPECS-EXTENDED/jsch/jsch-0.1.54-sourcetarget.patch +++ b/SPECS-EXTENDED/jsch/jsch-0.1.54-sourcetarget.patch @@ -6,8 +6,8 @@ destdir="${build}" - target="1.4" - source="1.4" -+ target="1.6" -+ source="1.6" ++ target="1.8" ++ source="1.8" debug="${javac.debug}"> - + -+ ++ - --> diff --git a/SPECS-EXTENDED/jsch/jsch.spec b/SPECS-EXTENDED/jsch/jsch.spec index 2a823ca0e1..e469c96629 100644 --- a/SPECS-EXTENDED/jsch/jsch.spec +++ b/SPECS-EXTENDED/jsch/jsch.spec @@ -20,7 +20,7 @@ Distribution: Azure Linux Name: jsch Version: 0.1.55 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Pure Java implementation of SSH2 License: BSD-3-Clause Group: Development/Libraries/Java @@ -64,9 +64,7 @@ X11 forwarding, file transfer, etc., and you can integrate its functionality into your own Java programs. %prep -%setup -q -%patch 0 -p1 -%patch 1 -p1 +%autosetup -p1 cp %{SOURCE1} pom.xml %pom_remove_parent @@ -107,6 +105,10 @@ cp -pr examples/* %{buildroot}%{_datadir}/%{name} %{_datadir}/%{name} %changelog +* Thu May 08 2025 Archana Shettigar - 0.1.55-3 +- Build fix +- License verified + * Thu Oct 14 2021 Pawel Winogrodzki - 0.1.55-2 - Converting the 'Release' tag to the '[number].[distribution]' format. @@ -122,6 +124,7 @@ cp -pr examples/* %{buildroot}%{_datadir}/%{name} + create the osgi manifest during the ant build + replaces the MANIFEST.MF file - Miscellaneous clean-up + * Fri Sep 20 2019 Fridrich Strba - Remove reference to the parent from pom file, since we are not building with maven diff --git a/SPECS-EXTENDED/jzlib/jzlib.signatures.json b/SPECS-EXTENDED/jzlib/jzlib.signatures.json index ababad7afd..0ee9df98b7 100644 --- a/SPECS-EXTENDED/jzlib/jzlib.signatures.json +++ b/SPECS-EXTENDED/jzlib/jzlib.signatures.json @@ -1,6 +1,6 @@ { "Signatures": { "jzlib-1.1.3.tar.gz": "83da656205fe9cae8fc17aaff71237836acac582a88116c7579e362126bd0ec4", - "jzlib_build.xml": "75de32ade3ea2fc09e037e7b79e072d4f4d74374549d0d76f50c182a638e977b" + "jzlib_build.xml": "30a78ad543c967bbb9b43e824430e1d860fdb805fa327f94f891ec7cd9121601" } } diff --git a/SPECS-EXTENDED/jzlib/jzlib.spec b/SPECS-EXTENDED/jzlib/jzlib.spec index 1fa02c5b66..1053752775 100644 --- a/SPECS-EXTENDED/jzlib/jzlib.spec +++ b/SPECS-EXTENDED/jzlib/jzlib.spec @@ -20,7 +20,7 @@ Distribution: Azure Linux Name: jzlib Version: 1.1.3 -Release: 5%{?dist} +Release: 6%{?dist} Summary: Re-implementation of zlib in pure Java License: BSD-3-Clause Group: Development/Libraries/Java @@ -102,6 +102,10 @@ cp -r target/site/apidocs/* %{buildroot}%{_javadocdir}/%{name}/ %license LICENSE.txt %changelog +* Mon Apr 28 2025 Archana Shettigar - 1.1.3-6 +- Fixing the build for jzlib in 3.0-dev branch +- License verified + * Thu Oct 14 2021 Pawel Winogrodzki - 1.1.3-5 - Converting the 'Release' tag to the '[number].[distribution]' format. diff --git a/SPECS-EXTENDED/jzlib/jzlib_build.xml b/SPECS-EXTENDED/jzlib/jzlib_build.xml index a308703ad2..99bb782bee 100644 --- a/SPECS-EXTENDED/jzlib/jzlib_build.xml +++ b/SPECS-EXTENDED/jzlib/jzlib_build.xml @@ -12,7 +12,7 @@ - + diff --git a/SPECS-EXTENDED/kernel-lpg-innovate/azurelinux-ca-20230216.pem b/SPECS-EXTENDED/kernel-lpg-innovate/azurelinux-ca-20230216.pem new file mode 100644 index 0000000000..04204bb1b6 --- /dev/null +++ b/SPECS-EXTENDED/kernel-lpg-innovate/azurelinux-ca-20230216.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIGtjCCBJ6gAwIBAgITMwAAAAJjlHB6Ftnx2gAAAAAAAjANBgkqhkiG9w0BAQ0F +ADBaMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u +MSswKQYDVQQDEyJNaWNyb3NvZnQgTWFyaW5lciBSU0EgUm9vdCBDQSAyMDIzMB4X +DTIzMDIxNjE5MzkwMloXDTM4MDIwOTIxMjU1M1owYDELMAkGA1UEBhMCVVMxHjAc +BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjExMC8GA1UEAxMoTWFyaW5lciBU +cnVzdGVkIEJhc2UgUlNBIENvZGUgU2lnbmluZyBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAL+8TFnwSX6pE1J6Eb4fdVJy0pLmFrY1G8oqxfPqY0l0 +rezoei1p8hZrPAsk1l/lp+BIDrYl/0TiZOSkVBMod569/JDntohvjycZtCKK+9PY +MophsyD5XvsK7xNaRixxTTOLJ561iKQqny29bJNgO/N909s9pXFa1chQKWm3Ib8I +SiZwj0CixWTwfGmTqa9pR1mwQydUK8HS4uO5i2WqB065b1R48rEGmC0m4WYX37Od +EFU7ZzorMrdG8tYFL+rCfZExkBoqcUD6So3Zsz/KQenxTNKyv3UIV3szTP7W8gLG ++3KTr4YS6U+6zztTp+at3DlH0GFBIoGMNnxns/7tZoUL2Ee9CL91gX5FEQ1iyc53 +szYhQ82LjwQ+MRVRppbsDTduTCrl49xp+Ofd7vQusNw8t2mDA4bdoXgPOrHHv+0A +kR4yXDwxdhWMMQ7prUKO9lYGDJL97b44B0rlyBPpqMYZshgZCGGYhzw+UXcOQ1hz +M+gAKcSX/iMl12RGGeqd41SeeysXXefQLfJlyVsjr4Tx7RjemWfiwJiL5RrM3MXf +UmRhZJPPDd0QTM+7LCohuPh3C142FctB3DSszHN5OWxcHGLVFsw73UtD+jLhZ2WD +43Yqb+iHKafjY3hTBULQdozk14jVLTe2xfTlr8TTUilIoAdoE02LiVtL5VUqZq9x +AgMBAAGjggFtMIIBaTAOBgNVHQ8BAf8EBAMCAYYwEAYJKwYBBAGCNxUBBAMCAQAw +HQYDVR0OBBYEFHVUsV99cPzwjbkPqmp1wb60in5cMBkGCSsGAQQBgjcUAgQMHgoA +UwB1AGIAQwBBMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU7bP/DNX8DLvF +HUX1cl9wFfnIxqYwZQYDVR0fBF4wXDBaoFigVoZUaHR0cDovL3d3dy5taWNyb3Nv +ZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIwTWFyaW5lciUyMFJTQSUyMFJv +b3QlMjBDQSUyMDIwMjMuY3JsMHIGCCsGAQUFBwEBBGYwZDBiBggrBgEFBQcwAoZW +aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQl +MjBNYXJpbmVyJTIwUlNBJTIwUm9vdCUyMENBJTIwMjAyMy5jcnQwDQYJKoZIhvcN +AQENBQADggIBAGCiLo+kLmHETBNIjwNBCpRyamuzfXjG54bMYrS0kPjAWD8vaxA4 +GzaXyM/yk2q50xmEbRdDlhfdk/PkmYOFTvI+4Dd33kltMCy2/lwf1Ci8XIlYAH/e +IiO4lKqIk2Dbfn2eMCMeFFx0BQ0zvxHJYUMWz/kqdTxR57LZclBUGPn+Q/2pDZYf +uXGsS1rQqFBV6yxSgDLAAO9AuBvz32rwlGyichrufHEM1+YfjP8w6wpi0u/JHTeq +A6zFshkXxXQYL7R8IjlCUVWIG9vBA0YgdcaYXY5MT1WctMcWCCu12gWtU3fOC86X +rf+A++UtCYXAL1h4g0YOpZIL6LRh7CiR5Kh7cw9ylYv93+YESQHY2VAwCs+j/xRe +xkv5oWRGkzAqESSv0iJfZg7DzvyE+9XbIYKGoS2NrPyGCStZsXl7B3QpA4dAvj0o +ye5YZXbFtIgHS4uGyUYvEYYedNC4/ujZ7tcBvxKB3BzKJry7MkLtUJhfqQnVDFkY +8wpy24yem9IDR0n2Ua1a9/kbmxDT+lJ4q7fMxPJf2QnTkdQXSuNejz6N4yUqiX22 +2HLmkDFdheq2hMY0oi5PkivsnYn7b4sDclyuen04BFBIwfy0RwRSWEfzwTfdrGT6 +V/XT/3n9twDIFZyK8oRjUlwo0GAiq8r0uwPOKnLQPpKJpWC4ICs1LjkB +-----END CERTIFICATE----- diff --git a/SPECS-EXTENDED/kernel-lpg-innovate/cpupower b/SPECS-EXTENDED/kernel-lpg-innovate/cpupower new file mode 100644 index 0000000000..9865c61f1a --- /dev/null +++ b/SPECS-EXTENDED/kernel-lpg-innovate/cpupower @@ -0,0 +1,2 @@ +CPUPOWER_START_OPTS="frequency-set -g performance" +CPUPOWER_STOP_OPTS="frequency-set -g ondemand" diff --git a/SPECS-EXTENDED/kernel-lpg-innovate/cpupower.service b/SPECS-EXTENDED/kernel-lpg-innovate/cpupower.service new file mode 100644 index 0000000000..5f10ab7ee3 --- /dev/null +++ b/SPECS-EXTENDED/kernel-lpg-innovate/cpupower.service @@ -0,0 +1,13 @@ +[Unit] +Description=Configure CPU power related settings +After=syslog.target + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/sysconfig/cpupower +ExecStart=/usr/bin/cpupower $CPUPOWER_START_OPTS +ExecStop=/usr/bin/cpupower $CPUPOWER_STOP_OPTS + +[Install] +WantedBy=multi-user.target diff --git a/SPECS-EXTENDED/kernel-lpg-innovate/kernel-lpg-innovate.normal.config b/SPECS-EXTENDED/kernel-lpg-innovate/kernel-lpg-innovate.normal.config new file mode 100644 index 0000000000..41605efdf8 --- /dev/null +++ b/SPECS-EXTENDED/kernel-lpg-innovate/kernel-lpg-innovate.normal.config @@ -0,0 +1,8159 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86_64 6.6.85.1 Kernel Configuration +# +CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0" +CONFIG_CC_IS_GCC=y +CONFIG_GCC_VERSION=130200 +CONFIG_CLANG_VERSION=0 +CONFIG_AS_IS_GNU=y +CONFIG_AS_VERSION=24100 +CONFIG_LD_IS_BFD=y +CONFIG_LD_VERSION=24100 +CONFIG_LLD_VERSION=0 +CONFIG_CC_CAN_LINK=y +CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y +CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y +CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND=y +CONFIG_TOOLS_SUPPORT_RELR=y +CONFIG_CC_HAS_ASM_INLINE=y +CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y +CONFIG_PAHOLE_VERSION=125 +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_TABLE_SORT=y +CONFIG_THREAD_INFO_IN_TASK=y + +# +# General setup +# +CONFIG_INIT_ENV_ARG_LIMIT=32 +# CONFIG_COMPILE_TEST is not set +# CONFIG_WERROR is not set +CONFIG_LOCALVERSION="" +# CONFIG_LOCALVERSION_AUTO is not set +CONFIG_BUILD_SALT="" +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +CONFIG_HAVE_KERNEL_ZSTD=y +CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +# CONFIG_KERNEL_XZ is not set +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +# CONFIG_KERNEL_ZSTD is not set +CONFIG_DEFAULT_INIT="" +CONFIG_DEFAULT_HOSTNAME="" +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +CONFIG_SYSVIPC_COMPAT=y +CONFIG_POSIX_MQUEUE=y +CONFIG_POSIX_MQUEUE_SYSCTL=y +# CONFIG_WATCH_QUEUE is not set +CONFIG_CROSS_MEMORY_ATTACH=y +# CONFIG_USELIB is not set +CONFIG_AUDIT=y +CONFIG_HAVE_ARCH_AUDITSYSCALL=y +CONFIG_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_GENERIC_IRQ_EFFECTIVE_AFF_MASK=y +CONFIG_GENERIC_PENDING_IRQ=y +CONFIG_GENERIC_IRQ_MIGRATION=y +CONFIG_HARDIRQS_SW_RESEND=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_IRQ_MSI_IOMMU=y +CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y +CONFIG_GENERIC_IRQ_RESERVATION_MODE=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +# CONFIG_GENERIC_IRQ_DEBUGFS is not set +# end of IRQ subsystem + +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_INIT=y +CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y +CONFIG_HAVE_POSIX_CPU_TIMERS_TASK_WORK=y +CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y +CONFIG_CONTEXT_TRACKING=y +CONFIG_CONTEXT_TRACKING_IDLE=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +# CONFIG_NO_HZ_FULL is not set +CONFIG_NO_HZ=y +CONFIG_HIGH_RES_TIMERS=y +CONFIG_CLOCKSOURCE_WATCHDOG_MAX_SKEW_US=100 +# end of Timers subsystem + +CONFIG_BPF=y + +# +# BPF subsystem +# +CONFIG_BPF_SYSCALL=y +CONFIG_BPF_UNPRIV_DEFAULT_OFF=y +# CONFIG_BPF_PRELOAD is not set +# end of BPF subsystem + +CONFIG_PREEMPT_NONE_BUILD=y +CONFIG_PREEMPT_NONE=y +# CONFIG_PREEMPT_VOLUNTARY is not set +# CONFIG_PREEMPT is not set +# CONFIG_SCHED_CORE is not set + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +# CONFIG_IRQ_TIME_ACCOUNTING is not set +CONFIG_BSD_PROCESS_ACCT=y +CONFIG_BSD_PROCESS_ACCT_V3=y +CONFIG_TASKSTATS=y +CONFIG_TASK_DELAY_ACCT=y +CONFIG_TASK_XACCT=y +CONFIG_TASK_IO_ACCOUNTING=y +CONFIG_PSI=y +# CONFIG_PSI_DEFAULT_DISABLED is not set +# end of CPU/Task time and stats accounting + +CONFIG_CPU_ISOLATION=y + +# +# RCU Subsystem +# +CONFIG_TREE_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_TREE_SRCU=y +CONFIG_TASKS_RCU_GENERIC=y +CONFIG_TASKS_TRACE_RCU=y +CONFIG_RCU_STALL_COMMON=y +CONFIG_RCU_NEED_SEGCBLIST=y +# end of RCU Subsystem + +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +CONFIG_IKHEADERS=m +CONFIG_LOG_BUF_SHIFT=18 +CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 +# CONFIG_PRINTK_INDEX is not set +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y + +# +# Scheduler features +# +CONFIG_UCLAMP_TASK=y +CONFIG_UCLAMP_BUCKETS_COUNT=5 +# end of Scheduler features + +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y +CONFIG_CC_HAS_INT128=y +CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" +CONFIG_GCC10_NO_ARRAY_BOUNDS=y +CONFIG_CC_NO_ARRAY_BOUNDS=y +CONFIG_ARCH_SUPPORTS_INT128=y +CONFIG_NUMA_BALANCING=y +CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y +CONFIG_CGROUPS=y +CONFIG_PAGE_COUNTER=y +# CONFIG_CGROUP_FAVOR_DYNMODS is not set +CONFIG_MEMCG=y +CONFIG_MEMCG_KMEM=y +CONFIG_BLK_CGROUP=y +CONFIG_CGROUP_WRITEBACK=y +CONFIG_CGROUP_SCHED=y +CONFIG_FAIR_GROUP_SCHED=y +CONFIG_CFS_BANDWIDTH=y +# CONFIG_RT_GROUP_SCHED is not set +CONFIG_SCHED_MM_CID=y +CONFIG_UCLAMP_TASK_GROUP=y +CONFIG_CGROUP_PIDS=y +CONFIG_CGROUP_RDMA=y +CONFIG_CGROUP_FREEZER=y +CONFIG_CGROUP_HUGETLB=y +CONFIG_CPUSETS=y +CONFIG_PROC_PID_CPUSET=y +CONFIG_CGROUP_DEVICE=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_CGROUP_PERF=y +CONFIG_CGROUP_BPF=y +# CONFIG_CGROUP_MISC is not set +# CONFIG_CGROUP_DEBUG is not set +CONFIG_SOCK_CGROUP_DATA=y +CONFIG_NAMESPACES=y +CONFIG_UTS_NS=y +CONFIG_TIME_NS=y +CONFIG_IPC_NS=y +CONFIG_USER_NS=y +CONFIG_PID_NS=y +CONFIG_NET_NS=y +CONFIG_CHECKPOINT_RESTORE=y +# CONFIG_SCHED_AUTOGROUP is not set +CONFIG_RELAY=y +CONFIG_BLK_DEV_INITRD=y +CONFIG_INITRAMFS_SOURCE="" +CONFIG_RD_GZIP=y +CONFIG_RD_BZIP2=y +CONFIG_RD_LZMA=y +CONFIG_RD_XZ=y +CONFIG_RD_LZO=y +CONFIG_RD_LZ4=y +CONFIG_RD_ZSTD=y +# CONFIG_BOOT_CONFIG is not set +CONFIG_INITRAMFS_PRESERVE_MTIME=y +CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y +# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set +CONFIG_LD_ORPHAN_WARN=y +CONFIG_LD_ORPHAN_WARN_LEVEL="warn" +CONFIG_SYSCTL=y +CONFIG_HAVE_UID16=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +CONFIG_EXPERT=y +CONFIG_UID16=y +CONFIG_MULTIUSER=y +CONFIG_SGETMASK_SYSCALL=y +CONFIG_SYSFS_SYSCALL=y +CONFIG_FHANDLE=y +CONFIG_POSIX_TIMERS=y +CONFIG_PRINTK=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +# CONFIG_PCSPKR_PLATFORM is not set +CONFIG_BASE_FULL=y +CONFIG_FUTEX=y +CONFIG_FUTEX_PI=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_IO_URING=y +CONFIG_ADVISE_SYSCALLS=y +CONFIG_MEMBARRIER=y +CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_SELFTEST is not set +CONFIG_KALLSYMS_ALL=y +CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y +CONFIG_KALLSYMS_BASE_RELATIVE=y +CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y +CONFIG_KCMP=y +CONFIG_RSEQ=y +CONFIG_CACHESTAT_SYSCALL=y +# CONFIG_DEBUG_RSEQ is not set +CONFIG_HAVE_PERF_EVENTS=y +CONFIG_GUEST_PERF_EVENTS=y +CONFIG_PC104=y + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +# end of Kernel Performance Events And Counters + +CONFIG_SYSTEM_DATA_VERIFICATION=y +CONFIG_PROFILING=y + +# +# Kexec and crash features +# +CONFIG_CRASH_CORE=y +CONFIG_KEXEC_CORE=y +# CONFIG_KEXEC is not set +CONFIG_KEXEC_FILE=y +CONFIG_KEXEC_SIG=y +# CONFIG_KEXEC_SIG_FORCE is not set +CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y +CONFIG_CRASH_DUMP=y +CONFIG_CRASH_HOTPLUG=y +CONFIG_CRASH_MAX_MEMORY_RANGES=8192 +# end of Kexec and crash features +# end of General setup + +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_MMU=y +CONFIG_ARCH_MMAP_RND_BITS_MIN=28 +CONFIG_ARCH_MMAP_RND_BITS_MAX=32 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 +CONFIG_GENERIC_ISA_DMA=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_ARCH_MAY_HAVE_PC_FDC=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_AUDIT_ARCH=y +CONFIG_HAVE_INTEL_TXT=y +CONFIG_X86_64_SMP=y +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_DYNAMIC_PHYSICAL_MASK=y +CONFIG_PGTABLE_LEVELS=4 +CONFIG_CC_HAS_SANE_STACKPROTECTOR=y + +# +# Processor type and features +# +CONFIG_SMP=y +CONFIG_X86_X2APIC=y +# CONFIG_X86_MPPARSE is not set +# CONFIG_GOLDFISH is not set +# CONFIG_X86_CPU_RESCTRL is not set +CONFIG_X86_EXTENDED_PLATFORM=y +# CONFIG_X86_NUMACHIP is not set +# CONFIG_X86_VSMP is not set +# CONFIG_X86_UV is not set +# CONFIG_X86_GOLDFISH is not set +CONFIG_X86_INTEL_MID=y +CONFIG_X86_INTEL_LPSS=y +CONFIG_X86_AMD_PLATFORM_DEVICE=y +CONFIG_IOSF_MBI=y +# CONFIG_IOSF_MBI_DEBUG is not set +CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +CONFIG_HYPERVISOR_GUEST=y +CONFIG_PARAVIRT=y +CONFIG_PARAVIRT_XXL=y +# CONFIG_PARAVIRT_DEBUG is not set +CONFIG_PARAVIRT_SPINLOCKS=y +CONFIG_X86_HV_CALLBACK_VECTOR=y +CONFIG_XEN=y +CONFIG_XEN_PV=y +CONFIG_XEN_512GB=y +CONFIG_XEN_PV_SMP=y +CONFIG_XEN_PV_DOM0=y +CONFIG_XEN_PVHVM=y +CONFIG_XEN_PVHVM_SMP=y +# CONFIG_XEN_PVHVM_GUEST is not set +CONFIG_XEN_SAVE_RESTORE=y +# CONFIG_XEN_DEBUG_FS is not set +# CONFIG_XEN_PVH is not set +CONFIG_XEN_DOM0=y +CONFIG_XEN_PV_MSR_SAFE=y +CONFIG_KVM_GUEST=y +CONFIG_ARCH_CPUIDLE_HALTPOLL=y +# CONFIG_PVH is not set +# CONFIG_PARAVIRT_TIME_ACCOUNTING is not set +CONFIG_PARAVIRT_CLOCK=y +# CONFIG_JAILHOUSE_GUEST is not set +# CONFIG_ACRN_GUEST is not set +CONFIG_INTEL_TDX_GUEST=y +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +# CONFIG_MCORE2 is not set +# CONFIG_MATOM is not set +CONFIG_GENERIC_CPU=y +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_TSC=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_IA32_FEAT_CTL=y +CONFIG_X86_VMX_FEATURE_NAMES=y +# CONFIG_PROCESSOR_SELECT is not set +CONFIG_CPU_SUP_INTEL=y +CONFIG_CPU_SUP_AMD=y +CONFIG_CPU_SUP_HYGON=y +CONFIG_CPU_SUP_CENTAUR=y +CONFIG_CPU_SUP_ZHAOXIN=y +CONFIG_HPET_TIMER=y +CONFIG_HPET_EMULATE_RTC=y +CONFIG_DMI=y +CONFIG_GART_IOMMU=y +CONFIG_BOOT_VESA_SUPPORT=y +CONFIG_MAXSMP=y +CONFIG_NR_CPUS_RANGE_BEGIN=8192 +CONFIG_NR_CPUS_RANGE_END=8192 +CONFIG_NR_CPUS_DEFAULT=8192 +CONFIG_NR_CPUS=8192 +CONFIG_SCHED_CLUSTER=y +CONFIG_SCHED_SMT=y +CONFIG_SCHED_MC=y +CONFIG_SCHED_MC_PRIO=y +CONFIG_X86_LOCAL_APIC=y +CONFIG_X86_IO_APIC=y +CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y +CONFIG_X86_MCE=y +CONFIG_X86_MCELOG_LEGACY=y +CONFIG_X86_MCE_INTEL=y +CONFIG_X86_MCE_AMD=y +CONFIG_X86_MCE_THRESHOLD=y +# CONFIG_X86_MCE_INJECT is not set + +# +# Performance monitoring +# +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +CONFIG_PERF_EVENTS_INTEL_RAPL=m +CONFIG_PERF_EVENTS_INTEL_CSTATE=m +# CONFIG_PERF_EVENTS_AMD_POWER is not set +CONFIG_PERF_EVENTS_AMD_UNCORE=y +# CONFIG_PERF_EVENTS_AMD_BRS is not set +# end of Performance monitoring + +# CONFIG_X86_VSYSCALL_EMULATION is not set +CONFIG_X86_IOPL_IOPERM=y +CONFIG_MICROCODE=y +# CONFIG_MICROCODE_LATE_LOADING is not set +CONFIG_X86_MSR=m +# CONFIG_X86_CPUID is not set +# CONFIG_X86_5LEVEL is not set +CONFIG_X86_DIRECT_GBPAGES=y +# CONFIG_X86_CPA_STATISTICS is not set +CONFIG_X86_MEM_ENCRYPT=y +CONFIG_AMD_MEM_ENCRYPT=y +CONFIG_NUMA=y +CONFIG_AMD_NUMA=y +CONFIG_X86_64_ACPI_NUMA=y +# CONFIG_NUMA_EMU is not set +CONFIG_NODES_SHIFT=10 +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +CONFIG_ARCH_MEMORY_PROBE=y +CONFIG_ARCH_PROC_KCORE_TEXT=y +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +CONFIG_X86_PMEM_LEGACY_DEVICE=y +CONFIG_X86_PMEM_LEGACY=y +CONFIG_X86_CHECK_BIOS_CORRUPTION=y +# CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK is not set +CONFIG_MTRR=y +CONFIG_MTRR_SANITIZER=y +CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0 +CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 +CONFIG_X86_PAT=y +CONFIG_ARCH_USES_PG_UNCACHED=y +CONFIG_X86_UMIP=y +CONFIG_CC_HAS_IBT=y +CONFIG_X86_CET=y +CONFIG_X86_KERNEL_IBT=y +CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +CONFIG_X86_INTEL_TSX_MODE_OFF=y +# CONFIG_X86_INTEL_TSX_MODE_ON is not set +# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set +CONFIG_X86_SGX=y +# CONFIG_X86_USER_SHADOW_STACK is not set +CONFIG_EFI=y +CONFIG_EFI_STUB=y +CONFIG_EFI_HANDOVER_PROTOCOL=y +# CONFIG_EFI_MIXED is not set +# CONFIG_EFI_FAKE_MEMMAP is not set +CONFIG_EFI_RUNTIME_MAP=y +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +CONFIG_SCHED_HRTICK=y +CONFIG_ARCH_SUPPORTS_KEXEC=y +CONFIG_ARCH_SUPPORTS_KEXEC_FILE=y +CONFIG_ARCH_SELECTS_KEXEC_FILE=y +CONFIG_ARCH_SUPPORTS_KEXEC_PURGATORY=y +CONFIG_ARCH_SUPPORTS_KEXEC_SIG=y +CONFIG_ARCH_SUPPORTS_KEXEC_SIG_FORCE=y +CONFIG_ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG=y +CONFIG_ARCH_SUPPORTS_KEXEC_JUMP=y +CONFIG_ARCH_SUPPORTS_CRASH_DUMP=y +CONFIG_ARCH_SUPPORTS_CRASH_HOTPLUG=y +CONFIG_PHYSICAL_START=0x1000000 +CONFIG_RELOCATABLE=y +CONFIG_RANDOMIZE_BASE=y +CONFIG_X86_NEED_RELOCS=y +CONFIG_PHYSICAL_ALIGN=0x1000000 +CONFIG_DYNAMIC_MEMORY_LAYOUT=y +CONFIG_RANDOMIZE_MEMORY=y +CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa +CONFIG_HOTPLUG_CPU=y +# CONFIG_COMPAT_VDSO is not set +# CONFIG_LEGACY_VSYSCALL_XONLY is not set +CONFIG_LEGACY_VSYSCALL_NONE=y +# CONFIG_CMDLINE_BOOL is not set +# CONFIG_MODIFY_LDT_SYSCALL is not set +# CONFIG_STRICT_SIGALTSTACK_SIZE is not set +CONFIG_HAVE_LIVEPATCH=y +# end of Processor type and features + +CONFIG_CC_HAS_SLS=y +CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_CC_HAS_ENTRY_PADDING=y +CONFIG_FUNCTION_PADDING_CFI=11 +CONFIG_FUNCTION_PADDING_BYTES=16 +CONFIG_CPU_MITIGATIONS=y +CONFIG_PAGE_TABLE_ISOLATION=y +CONFIG_RETPOLINE=y +CONFIG_CPU_IBPB_ENTRY=y +CONFIG_CPU_IBRS_ENTRY=y +# CONFIG_SLS is not set +# CONFIG_GDS_FORCE_MITIGATION is not set +CONFIG_MITIGATION_RFDS=y +CONFIG_MITIGATION_SPECTRE_BHI=y +CONFIG_ARCH_HAS_ADD_PAGES=y + +# +# Power management and ACPI options +# +CONFIG_ARCH_HIBERNATION_HEADER=y +CONFIG_SUSPEND=y +CONFIG_SUSPEND_FREEZER=y +# CONFIG_SUSPEND_SKIP_SYNC is not set +CONFIG_HIBERNATE_CALLBACKS=y +CONFIG_HIBERNATION=y +CONFIG_HIBERNATION_SNAPSHOT_DEV=y +CONFIG_PM_STD_PARTITION="" +CONFIG_PM_SLEEP=y +CONFIG_PM_SLEEP_SMP=y +# CONFIG_PM_AUTOSLEEP is not set +# CONFIG_PM_USERSPACE_AUTOSLEEP is not set +# CONFIG_PM_WAKELOCKS is not set +CONFIG_PM=y +# CONFIG_PM_DEBUG is not set +CONFIG_PM_CLK=y +# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set +# CONFIG_ENERGY_MODEL is not set +CONFIG_ARCH_SUPPORTS_ACPI=y +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set +CONFIG_ACPI_SPCR_TABLE=y +# CONFIG_ACPI_FPDT is not set +CONFIG_ACPI_LPIT=y +CONFIG_ACPI_SLEEP=y +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +CONFIG_ACPI_AC=m +CONFIG_ACPI_BATTERY=m +CONFIG_ACPI_BUTTON=m +# CONFIG_ACPI_TINY_POWER_BUTTON is not set +CONFIG_ACPI_VIDEO=m +CONFIG_ACPI_FAN=m +# CONFIG_ACPI_TAD is not set +# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_CSTATE=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_CPPC_LIB=y +CONFIG_ACPI_PROCESSOR=y +CONFIG_ACPI_IPMI=m +CONFIG_ACPI_HOTPLUG_CPU=y +CONFIG_ACPI_PROCESSOR_AGGREGATOR=y +CONFIG_ACPI_THERMAL=y +CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y +# CONFIG_ACPI_TABLE_UPGRADE is not set +# CONFIG_ACPI_DEBUG is not set +CONFIG_ACPI_PCI_SLOT=y +CONFIG_ACPI_CONTAINER=y +CONFIG_ACPI_HOTPLUG_MEMORY=y +CONFIG_ACPI_HOTPLUG_IOAPIC=y +# CONFIG_ACPI_SBS is not set +CONFIG_ACPI_HED=y +# CONFIG_ACPI_CUSTOM_METHOD is not set +# CONFIG_ACPI_BGRT is not set +# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set +CONFIG_ACPI_NFIT=y +# CONFIG_NFIT_SECURITY_DEBUG is not set +CONFIG_ACPI_NUMA=y +# CONFIG_ACPI_HMAT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +CONFIG_ACPI_APEI=y +CONFIG_ACPI_APEI_GHES=y +CONFIG_ACPI_APEI_PCIEAER=y +CONFIG_ACPI_APEI_MEMORY_FAILURE=y +# CONFIG_ACPI_APEI_EINJ is not set +CONFIG_ACPI_APEI_ERST_DEBUG=m +# CONFIG_ACPI_DPTF is not set +# CONFIG_ACPI_EXTLOG is not set +CONFIG_ACPI_ADXL=y +# CONFIG_ACPI_CONFIGFS is not set +# CONFIG_ACPI_PFRUT is not set +CONFIG_ACPI_PCC=y +# CONFIG_ACPI_FFH is not set +CONFIG_PMIC_OPREGION=y +CONFIG_ACPI_PRMT=y +CONFIG_X86_PM_TIMER=y + +# +# CPU Frequency scaling +# +CONFIG_CPU_FREQ=y +CONFIG_CPU_FREQ_GOV_ATTR_SET=y +CONFIG_CPU_FREQ_GOV_COMMON=y +CONFIG_CPU_FREQ_STAT=y +CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y +# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL is not set +CONFIG_CPU_FREQ_GOV_PERFORMANCE=y +CONFIG_CPU_FREQ_GOV_POWERSAVE=m +CONFIG_CPU_FREQ_GOV_USERSPACE=m +CONFIG_CPU_FREQ_GOV_ONDEMAND=m +CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m +CONFIG_CPU_FREQ_GOV_SCHEDUTIL=y + +# +# CPU frequency scaling drivers +# +CONFIG_X86_INTEL_PSTATE=y +CONFIG_X86_PCC_CPUFREQ=m +# CONFIG_X86_AMD_PSTATE is not set +# CONFIG_X86_AMD_PSTATE_UT is not set +CONFIG_X86_ACPI_CPUFREQ=m +# CONFIG_X86_ACPI_CPUFREQ_CPB is not set +# CONFIG_X86_POWERNOW_K8 is not set +CONFIG_X86_AMD_FREQ_SENSITIVITY=m +# CONFIG_X86_SPEEDSTEP_CENTRINO is not set +# CONFIG_X86_P4_CLOCKMOD is not set + +# +# shared options +# +# end of CPU Frequency scaling + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +CONFIG_CPU_IDLE_GOV_LADDER=y +CONFIG_CPU_IDLE_GOV_MENU=y +# CONFIG_CPU_IDLE_GOV_TEO is not set +CONFIG_CPU_IDLE_GOV_HALTPOLL=y +CONFIG_HALTPOLL_CPUIDLE=y +# end of CPU Idle + +CONFIG_INTEL_IDLE=y +# end of Power management and ACPI options + +# +# Bus options (PCI etc.) +# +CONFIG_PCI_DIRECT=y +CONFIG_PCI_MMCONFIG=y +CONFIG_PCI_XEN=y +CONFIG_MMCONF_FAM10H=y +# CONFIG_PCI_CNB20LE_QUIRK is not set +# CONFIG_ISA_BUS is not set +CONFIG_ISA_DMA_API=y +CONFIG_AMD_NB=y +# end of Bus options (PCI etc.) + +# +# Binary Emulations +# +CONFIG_IA32_EMULATION=y +# CONFIG_X86_X32_ABI is not set +CONFIG_COMPAT_32=y +CONFIG_COMPAT=y +CONFIG_COMPAT_FOR_U64_ALIGNMENT=y +# end of Binary Emulations + +CONFIG_HAVE_KVM=y +CONFIG_HAVE_KVM_PFNCACHE=y +CONFIG_HAVE_KVM_IRQCHIP=y +CONFIG_HAVE_KVM_IRQFD=y +CONFIG_HAVE_KVM_IRQ_ROUTING=y +CONFIG_HAVE_KVM_DIRTY_RING=y +CONFIG_HAVE_KVM_DIRTY_RING_TSO=y +CONFIG_HAVE_KVM_DIRTY_RING_ACQ_REL=y +CONFIG_HAVE_KVM_EVENTFD=y +CONFIG_KVM_MMIO=y +CONFIG_KVM_ASYNC_PF=y +CONFIG_HAVE_KVM_MSI=y +CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y +CONFIG_KVM_VFIO=y +CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT=y +CONFIG_KVM_COMPAT=y +CONFIG_HAVE_KVM_IRQ_BYPASS=y +CONFIG_HAVE_KVM_NO_POLL=y +CONFIG_KVM_XFER_TO_GUEST_WORK=y +CONFIG_HAVE_KVM_PM_NOTIFIER=y +CONFIG_KVM_GENERIC_HARDWARE_ENABLING=y +CONFIG_VIRTUALIZATION=y +CONFIG_KVM=m +CONFIG_KVM_WERROR=y +CONFIG_KVM_INTEL=m +CONFIG_X86_SGX_KVM=y +CONFIG_KVM_AMD=m +CONFIG_KVM_SMM=y +# CONFIG_KVM_XEN is not set +# CONFIG_KVM_PROVE_MMU is not set +CONFIG_AS_AVX512=y +CONFIG_AS_SHA1_NI=y +CONFIG_AS_SHA256_NI=y +CONFIG_AS_TPAUSE=y +CONFIG_AS_GFNI=y +CONFIG_AS_WRUSS=y +CONFIG_ARCH_CONFIGURES_CPU_MITIGATIONS=y + +# +# General architecture-dependent options +# +CONFIG_HOTPLUG_SMT=y +CONFIG_HOTPLUG_CORE_SYNC=y +CONFIG_HOTPLUG_CORE_SYNC_DEAD=y +CONFIG_HOTPLUG_CORE_SYNC_FULL=y +CONFIG_HOTPLUG_SPLIT_STARTUP=y +CONFIG_HOTPLUG_PARALLEL=y +CONFIG_GENERIC_ENTRY=y +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_ARCH_CORRECT_STACKTRACE_ON_KRETPROBE=y +CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y +CONFIG_HAVE_NMI=y +CONFIG_TRACE_IRQFLAGS_SUPPORT=y +CONFIG_TRACE_IRQFLAGS_NMI_SUPPORT=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_HAS_FORTIFY_SOURCE=y +CONFIG_ARCH_HAS_SET_MEMORY=y +CONFIG_ARCH_HAS_SET_DIRECT_MAP=y +CONFIG_ARCH_HAS_CPU_FINALIZE_INIT=y +CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_ARCH_WANTS_NO_INSTR=y +CONFIG_HAVE_ASM_MODVERSIONS=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_RSEQ=y +CONFIG_HAVE_RUST=y +CONFIG_HAVE_FUNCTION_ARG_ACCESS_API=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_MMU_GATHER_TABLE_FREE=y +CONFIG_MMU_GATHER_RCU_TABLE_FREE=y +CONFIG_MMU_GATHER_MERGE_VMAS=y +CONFIG_MMU_LAZY_TLB_REFCOUNT=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_ARCH_HAS_NMI_SAFE_THIS_CPU_OPS=y +CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y +CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y +CONFIG_HAVE_ARCH_SECCOMP=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP=y +CONFIG_SECCOMP_FILTER=y +# CONFIG_SECCOMP_CACHE_DEBUG is not set +CONFIG_HAVE_ARCH_STACKLEAK=y +CONFIG_HAVE_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR_STRONG=y +CONFIG_ARCH_SUPPORTS_LTO_CLANG=y +CONFIG_ARCH_SUPPORTS_LTO_CLANG_THIN=y +CONFIG_LTO_NONE=y +CONFIG_ARCH_SUPPORTS_CFI_CLANG=y +CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y +CONFIG_HAVE_CONTEXT_TRACKING_USER=y +CONFIG_HAVE_CONTEXT_TRACKING_USER_OFFSTACK=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_MOVE_PUD=y +CONFIG_HAVE_MOVE_PMD=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_HUGE_VMALLOC=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_ARCH_WANT_PMD_MKWRITE=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_HAVE_MOD_ARCH_SPECIFIC=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_HAVE_SOFTIRQ_ON_OWN_STACK=y +CONFIG_SOFTIRQ_ON_OWN_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_HAVE_EXIT_THREAD=y +CONFIG_ARCH_MMAP_RND_BITS=32 +CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS=y +CONFIG_ARCH_MMAP_RND_COMPAT_BITS=8 +CONFIG_HAVE_ARCH_COMPAT_MMAP_BASES=y +CONFIG_PAGE_SIZE_LESS_THAN_64KB=y +CONFIG_PAGE_SIZE_LESS_THAN_256KB=y +CONFIG_HAVE_OBJTOOL=y +CONFIG_HAVE_NOINSTR_HACK=y +CONFIG_HAVE_NOINSTR_VALIDATION=y +CONFIG_HAVE_UACCESS_VALIDATION=y +CONFIG_HAVE_STACK_VALIDATION=y +CONFIG_HAVE_RELIABLE_STACKTRACE=y +CONFIG_OLD_SIGSUSPEND3=y +CONFIG_COMPAT_OLD_SIGACTION=y +CONFIG_COMPAT_32BIT_TIME=y +CONFIG_HAVE_ARCH_VMAP_STACK=y +CONFIG_VMAP_STACK=y +CONFIG_HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET=y +CONFIG_RANDOMIZE_KSTACK_OFFSET=y +CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y +CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y +CONFIG_STRICT_KERNEL_RWX=y +CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y +CONFIG_STRICT_MODULE_RWX=y +CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y +CONFIG_ARCH_USE_MEMREMAP_PROT=y +# CONFIG_LOCK_EVENT_COUNTS is not set +CONFIG_ARCH_HAS_MEM_ENCRYPT=y +CONFIG_ARCH_HAS_CC_PLATFORM=y +CONFIG_ARCH_WANT_LD_ORPHAN_WARN=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_SUPPORTS_PAGE_TABLE_CHECK=y +CONFIG_ARCH_HAS_ELFCORE_COMPAT=y +CONFIG_ARCH_HAS_PARANOID_L1D_FLUSH=y +CONFIG_DYNAMIC_SIGFRAME=y +CONFIG_HAVE_ARCH_NODE_DEV_GROUP=y +CONFIG_ARCH_HAS_NONLEAF_PMD_YOUNG=y + +# +# GCOV-based kernel profiling +# +# CONFIG_GCOV_KERNEL is not set +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# end of GCOV-based kernel profiling + +CONFIG_HAVE_GCC_PLUGINS=y +CONFIG_GCC_PLUGINS=y +# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set +CONFIG_FUNCTION_ALIGNMENT_4B=y +CONFIG_FUNCTION_ALIGNMENT_16B=y +CONFIG_FUNCTION_ALIGNMENT=16 +# end of General architecture-dependent options + +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=0 +CONFIG_MODULE_SIG_FORMAT=y +CONFIG_MODULES=y +# CONFIG_MODULE_DEBUG is not set +CONFIG_MODULE_FORCE_LOAD=y +CONFIG_MODULE_UNLOAD=y +# CONFIG_MODULE_FORCE_UNLOAD is not set +# CONFIG_MODULE_UNLOAD_TAINT_TRACKING is not set +CONFIG_MODVERSIONS=y +CONFIG_ASM_MODVERSIONS=y +# CONFIG_MODULE_SRCVERSION_ALL is not set +CONFIG_MODULE_SIG=y +CONFIG_MODULE_SIG_FORCE=y +CONFIG_MODULE_SIG_ALL=y +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +# CONFIG_MODULE_SIG_SHA256 is not set +# CONFIG_MODULE_SIG_SHA384 is not set +CONFIG_MODULE_SIG_SHA512=y +CONFIG_MODULE_SIG_HASH="sha512" +CONFIG_MODULE_COMPRESS_NONE=y +# CONFIG_MODULE_COMPRESS_GZIP is not set +# CONFIG_MODULE_COMPRESS_XZ is not set +# CONFIG_MODULE_COMPRESS_ZSTD is not set +# CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is not set +CONFIG_MODPROBE_PATH="/sbin/modprobe" +# CONFIG_TRIM_UNUSED_KSYMS is not set +CONFIG_MODULES_TREE_LOOKUP=y +CONFIG_BLOCK=y +CONFIG_BLOCK_LEGACY_AUTOLOAD=y +CONFIG_BLK_CGROUP_RWSTAT=y +CONFIG_BLK_CGROUP_PUNT_BIO=y +CONFIG_BLK_DEV_BSG_COMMON=y +CONFIG_BLK_ICQ=y +CONFIG_BLK_DEV_BSGLIB=y +CONFIG_BLK_DEV_INTEGRITY=y +CONFIG_BLK_DEV_INTEGRITY_T10=y +CONFIG_BLK_DEV_ZONED=y +CONFIG_BLK_DEV_THROTTLING=y +# CONFIG_BLK_DEV_THROTTLING_LOW is not set +# CONFIG_BLK_WBT is not set +CONFIG_BLK_CGROUP_IOLATENCY=y +# CONFIG_BLK_CGROUP_FC_APPID is not set +# CONFIG_BLK_CGROUP_IOCOST is not set +# CONFIG_BLK_CGROUP_IOPRIO is not set +CONFIG_BLK_DEBUG_FS=y +CONFIG_BLK_DEBUG_FS_ZONED=y +# CONFIG_BLK_SED_OPAL is not set +# CONFIG_BLK_INLINE_ENCRYPTION is not set + +# +# Partition Types +# +CONFIG_PARTITION_ADVANCED=y +# CONFIG_ACORN_PARTITION is not set +# CONFIG_AIX_PARTITION is not set +# CONFIG_OSF_PARTITION is not set +# CONFIG_AMIGA_PARTITION is not set +# CONFIG_ATARI_PARTITION is not set +# CONFIG_MAC_PARTITION is not set +CONFIG_MSDOS_PARTITION=y +CONFIG_BSD_DISKLABEL=y +CONFIG_MINIX_SUBPARTITION=y +CONFIG_SOLARIS_X86_PARTITION=y +CONFIG_UNIXWARE_DISKLABEL=y +# CONFIG_LDM_PARTITION is not set +# CONFIG_SGI_PARTITION is not set +# CONFIG_ULTRIX_PARTITION is not set +# CONFIG_SUN_PARTITION is not set +# CONFIG_KARMA_PARTITION is not set +CONFIG_EFI_PARTITION=y +# CONFIG_SYSV68_PARTITION is not set +# CONFIG_CMDLINE_PARTITION is not set +# end of Partition Types + +CONFIG_BLK_MQ_PCI=y +CONFIG_BLK_MQ_VIRTIO=y +CONFIG_BLK_PM=y +CONFIG_BLOCK_HOLDER_DEPRECATED=y +CONFIG_BLK_MQ_STACKING=y + +# +# IO Schedulers +# +CONFIG_MQ_IOSCHED_DEADLINE=y +CONFIG_MQ_IOSCHED_KYBER=y +CONFIG_IOSCHED_BFQ=m +CONFIG_BFQ_GROUP_IOSCHED=y +# CONFIG_BFQ_CGROUP_DEBUG is not set +# end of IO Schedulers + +CONFIG_PREEMPT_NOTIFIERS=y +CONFIG_ASN1=y +CONFIG_INLINE_SPIN_UNLOCK_IRQ=y +CONFIG_INLINE_READ_UNLOCK=y +CONFIG_INLINE_READ_UNLOCK_IRQ=y +CONFIG_INLINE_WRITE_UNLOCK=y +CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_MUTEX_SPIN_ON_OWNER=y +CONFIG_RWSEM_SPIN_ON_OWNER=y +CONFIG_LOCK_SPIN_ON_OWNER=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_QUEUED_RWLOCKS=y +CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE=y +CONFIG_ARCH_HAS_SYNC_CORE_BEFORE_USERMODE=y +CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y +CONFIG_FREEZER=y + +# +# Executable file formats +# +CONFIG_BINFMT_ELF=y +CONFIG_COMPAT_BINFMT_ELF=y +CONFIG_ELFCORE=y +CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y +CONFIG_BINFMT_SCRIPT=y +CONFIG_BINFMT_MISC=m +CONFIG_COREDUMP=y +# end of Executable file formats + +# +# Memory Management options +# +CONFIG_SWAP=y +# CONFIG_ZSWAP is not set +CONFIG_ZSMALLOC=m +# CONFIG_ZSMALLOC_STAT is not set +CONFIG_ZSMALLOC_CHAIN_SIZE=8 + +# +# SLAB allocator options +# +# CONFIG_SLAB_DEPRECATED is not set +CONFIG_SLUB=y +# CONFIG_SLUB_TINY is not set +# CONFIG_SLAB_MERGE_DEFAULT is not set +CONFIG_SLAB_FREELIST_RANDOM=y +CONFIG_SLAB_FREELIST_HARDENED=y +# CONFIG_SLUB_STATS is not set +CONFIG_SLUB_CPU_PARTIAL=y +# CONFIG_RANDOM_KMALLOC_CACHES is not set +# end of SLAB allocator options + +CONFIG_SHUFFLE_PAGE_ALLOCATOR=y +# CONFIG_COMPAT_BRK is not set +CONFIG_SPARSEMEM=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_ARCH_WANT_OPTIMIZE_DAX_VMEMMAP=y +CONFIG_ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP=y +CONFIG_HAVE_FAST_GUP=y +CONFIG_NUMA_KEEP_MEMINFO=y +CONFIG_MEMORY_ISOLATION=y +CONFIG_EXCLUSIVE_SYSTEM_RAM=y +CONFIG_HAVE_BOOTMEM_INFO_NODE=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y +CONFIG_MEMORY_HOTPLUG=y +CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE=y +CONFIG_MEMORY_HOTREMOVE=y +CONFIG_MHP_MEMMAP_ON_MEMORY=y +CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_MEMORY_BALLOON=y +CONFIG_BALLOON_COMPACTION=y +CONFIG_COMPACTION=y +CONFIG_COMPACT_UNEVICTABLE_DEFAULT=1 +CONFIG_PAGE_REPORTING=y +CONFIG_MIGRATION=y +CONFIG_DEVICE_MIGRATION=y +CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y +CONFIG_ARCH_ENABLE_THP_MIGRATION=y +CONFIG_CONTIG_ALLOC=y +CONFIG_PCP_BATCH_SCALE_MAX=5 +CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_MMU_NOTIFIER=y +CONFIG_KSM=y +CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 +CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y +CONFIG_MEMORY_FAILURE=y +# CONFIG_HWPOISON_INJECT is not set +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_ARCH_WANTS_THP_SWAP=y +CONFIG_TRANSPARENT_HUGEPAGE=y +# CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS is not set +CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y +CONFIG_THP_SWAP=y +# CONFIG_READ_ONLY_THP_FOR_FS is not set +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_USE_PERCPU_NUMA_NODE_ID=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +# CONFIG_CMA is not set +CONFIG_MEM_SOFT_DIRTY=y +CONFIG_GENERIC_EARLY_IOREMAP=y +# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set +# CONFIG_IDLE_PAGE_TRACKING is not set +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_ARCH_HAS_CURRENT_STACK_POINTER=y +CONFIG_ARCH_HAS_PTE_DEVMAP=y +CONFIG_ARCH_HAS_ZONE_DMA_SET=y +# CONFIG_ZONE_DMA is not set +CONFIG_ZONE_DMA32=y +CONFIG_ZONE_DEVICE=y +CONFIG_HMM_MIRROR=y +CONFIG_GET_FREE_REGION=y +CONFIG_DEVICE_PRIVATE=y +CONFIG_VMAP_PFN=y +CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y +CONFIG_ARCH_HAS_PKEYS=y +CONFIG_VM_EVENT_COUNTERS=y +# CONFIG_PERCPU_STATS is not set +# CONFIG_GUP_TEST is not set +# CONFIG_DMAPOOL_TEST is not set +CONFIG_ARCH_HAS_PTE_SPECIAL=y +CONFIG_MAPPING_DIRTY_HELPERS=y +CONFIG_MEMFD_CREATE=y +CONFIG_SECRETMEM=y +CONFIG_ANON_VMA_NAME=y +CONFIG_USERFAULTFD=y +CONFIG_HAVE_ARCH_USERFAULTFD_WP=y +CONFIG_HAVE_ARCH_USERFAULTFD_MINOR=y +CONFIG_PTE_MARKER_UFFD_WP=y +CONFIG_LRU_GEN=y +CONFIG_LRU_GEN_ENABLED=y +# CONFIG_LRU_GEN_STATS is not set +CONFIG_ARCH_SUPPORTS_PER_VMA_LOCK=y +CONFIG_PER_VMA_LOCK=y +CONFIG_LOCK_MM_AND_FIND_VMA=y + +# +# Data Access Monitoring +# +# CONFIG_DAMON is not set +# end of Data Access Monitoring +# end of Memory Management options + +CONFIG_NET=y +CONFIG_COMPAT_NETLINK_MESSAGES=y +CONFIG_NET_INGRESS=y +CONFIG_NET_EGRESS=y +CONFIG_NET_XGRESS=y +CONFIG_NET_REDIRECT=y +CONFIG_SKB_EXTENSIONS=y + +# +# Networking options +# +CONFIG_PACKET=y +CONFIG_PACKET_DIAG=m +CONFIG_UNIX=y +CONFIG_UNIX_SCM=y +CONFIG_AF_UNIX_OOB=y +CONFIG_UNIX_DIAG=m +CONFIG_TLS=m +# CONFIG_TLS_DEVICE is not set +# CONFIG_TLS_TOE is not set +CONFIG_XFRM=y +CONFIG_XFRM_OFFLOAD=y +CONFIG_XFRM_ALGO=m +CONFIG_XFRM_USER=m +# CONFIG_XFRM_USER_COMPAT is not set +# CONFIG_XFRM_INTERFACE is not set +CONFIG_XFRM_SUB_POLICY=y +CONFIG_XFRM_MIGRATE=y +CONFIG_XFRM_STATISTICS=y +CONFIG_XFRM_AH=m +CONFIG_XFRM_ESP=m +CONFIG_XFRM_IPCOMP=m +CONFIG_NET_KEY=m +# CONFIG_NET_KEY_MIGRATE is not set +CONFIG_SMC=m +CONFIG_SMC_DIAG=m +CONFIG_XDP_SOCKETS=y +CONFIG_XDP_SOCKETS_DIAG=m +CONFIG_NET_HANDSHAKE=y +CONFIG_INET=y +CONFIG_IP_MULTICAST=y +CONFIG_IP_ADVANCED_ROUTER=y +CONFIG_IP_FIB_TRIE_STATS=y +CONFIG_IP_MULTIPLE_TABLES=y +CONFIG_IP_ROUTE_MULTIPATH=y +CONFIG_IP_ROUTE_VERBOSE=y +CONFIG_IP_ROUTE_CLASSID=y +# CONFIG_IP_PNP is not set +CONFIG_NET_IPIP=m +CONFIG_NET_IPGRE_DEMUX=m +CONFIG_NET_IP_TUNNEL=y +CONFIG_NET_IPGRE=m +CONFIG_NET_IPGRE_BROADCAST=y +CONFIG_IP_MROUTE_COMMON=y +CONFIG_IP_MROUTE=y +CONFIG_IP_MROUTE_MULTIPLE_TABLES=y +CONFIG_IP_PIMSM_V1=y +CONFIG_IP_PIMSM_V2=y +CONFIG_SYN_COOKIES=y +CONFIG_NET_IPVTI=m +CONFIG_NET_UDP_TUNNEL=y +CONFIG_NET_FOU=m +CONFIG_NET_FOU_IP_TUNNELS=y +CONFIG_INET_AH=m +CONFIG_INET_ESP=m +CONFIG_INET_ESP_OFFLOAD=m +# CONFIG_INET_ESPINTCP is not set +CONFIG_INET_IPCOMP=m +CONFIG_INET_TABLE_PERTURB_ORDER=16 +CONFIG_INET_XFRM_TUNNEL=m +CONFIG_INET_TUNNEL=m +CONFIG_INET_DIAG=m +CONFIG_INET_TCP_DIAG=m +CONFIG_INET_UDP_DIAG=m +# CONFIG_INET_RAW_DIAG is not set +# CONFIG_INET_DIAG_DESTROY is not set +CONFIG_TCP_CONG_ADVANCED=y +CONFIG_TCP_CONG_BIC=m +CONFIG_TCP_CONG_CUBIC=y +CONFIG_TCP_CONG_WESTWOOD=m +CONFIG_TCP_CONG_HTCP=m +CONFIG_TCP_CONG_HSTCP=m +CONFIG_TCP_CONG_HYBLA=m +CONFIG_TCP_CONG_VEGAS=m +CONFIG_TCP_CONG_NV=m +CONFIG_TCP_CONG_SCALABLE=m +CONFIG_TCP_CONG_LP=m +CONFIG_TCP_CONG_VENO=m +CONFIG_TCP_CONG_YEAH=m +CONFIG_TCP_CONG_ILLINOIS=m +CONFIG_TCP_CONG_DCTCP=m +CONFIG_TCP_CONG_CDG=m +CONFIG_TCP_CONG_BBR=m +CONFIG_DEFAULT_CUBIC=y +# CONFIG_DEFAULT_RENO is not set +CONFIG_DEFAULT_TCP_CONG="cubic" +CONFIG_TCP_MD5SIG=y +CONFIG_IPV6=y +CONFIG_IPV6_ROUTER_PREF=y +CONFIG_IPV6_ROUTE_INFO=y +CONFIG_IPV6_OPTIMISTIC_DAD=y +CONFIG_INET6_AH=m +CONFIG_INET6_ESP=m +CONFIG_INET6_ESP_OFFLOAD=m +# CONFIG_INET6_ESPINTCP is not set +CONFIG_INET6_IPCOMP=m +CONFIG_IPV6_MIP6=m +# CONFIG_IPV6_ILA is not set +CONFIG_INET6_XFRM_TUNNEL=m +CONFIG_INET6_TUNNEL=m +CONFIG_IPV6_VTI=m +CONFIG_IPV6_SIT=m +CONFIG_IPV6_SIT_6RD=y +CONFIG_IPV6_NDISC_NODETYPE=y +CONFIG_IPV6_TUNNEL=m +CONFIG_IPV6_GRE=m +CONFIG_IPV6_FOU=m +CONFIG_IPV6_FOU_TUNNEL=m +CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_IPV6_SUBTREES=y +CONFIG_IPV6_MROUTE=y +CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y +CONFIG_IPV6_PIMSM_V2=y +# CONFIG_IPV6_SEG6_LWTUNNEL is not set +# CONFIG_IPV6_SEG6_HMAC is not set +# CONFIG_IPV6_RPL_LWTUNNEL is not set +# CONFIG_IPV6_IOAM6_LWTUNNEL is not set +CONFIG_NETLABEL=y +CONFIG_MPTCP=y +CONFIG_INET_MPTCP_DIAG=m +CONFIG_MPTCP_IPV6=y +CONFIG_NETWORK_SECMARK=y +CONFIG_NET_PTP_CLASSIFY=y +CONFIG_NETWORK_PHY_TIMESTAMPING=y +CONFIG_NETFILTER=y +CONFIG_NETFILTER_ADVANCED=y +CONFIG_BRIDGE_NETFILTER=m + +# +# Core Netfilter Configuration +# +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_EGRESS=y +CONFIG_NETFILTER_SKIP_EGRESS=y +CONFIG_NETFILTER_NETLINK=y +CONFIG_NETFILTER_FAMILY_BRIDGE=y +CONFIG_NETFILTER_FAMILY_ARP=y +CONFIG_NETFILTER_BPF_LINK=y +# CONFIG_NETFILTER_NETLINK_HOOK is not set +CONFIG_NETFILTER_NETLINK_ACCT=m +CONFIG_NETFILTER_NETLINK_QUEUE=m +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NETFILTER_NETLINK_OSF=m +CONFIG_NF_CONNTRACK=m +CONFIG_NF_LOG_SYSLOG=m +CONFIG_NETFILTER_CONNCOUNT=m +CONFIG_NF_CONNTRACK_MARK=y +CONFIG_NF_CONNTRACK_SECMARK=y +CONFIG_NF_CONNTRACK_ZONES=y +CONFIG_NF_CONNTRACK_PROCFS=y +CONFIG_NF_CONNTRACK_EVENTS=y +CONFIG_NF_CONNTRACK_TIMEOUT=y +CONFIG_NF_CONNTRACK_TIMESTAMP=y +CONFIG_NF_CONNTRACK_LABELS=y +CONFIG_NF_CONNTRACK_OVS=y +CONFIG_NF_CT_PROTO_DCCP=y +CONFIG_NF_CT_PROTO_GRE=y +CONFIG_NF_CT_PROTO_SCTP=y +CONFIG_NF_CT_PROTO_UDPLITE=y +CONFIG_NF_CONNTRACK_AMANDA=m +CONFIG_NF_CONNTRACK_FTP=m +CONFIG_NF_CONNTRACK_H323=m +CONFIG_NF_CONNTRACK_IRC=m +CONFIG_NF_CONNTRACK_BROADCAST=m +CONFIG_NF_CONNTRACK_NETBIOS_NS=m +CONFIG_NF_CONNTRACK_SNMP=m +CONFIG_NF_CONNTRACK_PPTP=m +CONFIG_NF_CONNTRACK_SANE=m +CONFIG_NF_CONNTRACK_SIP=m +CONFIG_NF_CONNTRACK_TFTP=m +CONFIG_NF_CT_NETLINK=m +CONFIG_NF_CT_NETLINK_TIMEOUT=m +# CONFIG_NF_CT_NETLINK_HELPER is not set +CONFIG_NETFILTER_NETLINK_GLUE_CT=y +CONFIG_NF_NAT=m +CONFIG_NF_NAT_AMANDA=m +CONFIG_NF_NAT_FTP=m +CONFIG_NF_NAT_IRC=m +CONFIG_NF_NAT_SIP=m +CONFIG_NF_NAT_TFTP=m +CONFIG_NF_NAT_REDIRECT=y +CONFIG_NF_NAT_MASQUERADE=y +CONFIG_NF_NAT_OVS=y +CONFIG_NETFILTER_SYNPROXY=m +CONFIG_NF_TABLES=m +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y +CONFIG_NFT_NUMGEN=m +CONFIG_NFT_CT=m +CONFIG_NFT_FLOW_OFFLOAD=m +CONFIG_NFT_CONNLIMIT=m +CONFIG_NFT_LOG=m +CONFIG_NFT_LIMIT=m +CONFIG_NFT_MASQ=m +CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m +CONFIG_NFT_TUNNEL=m +CONFIG_NFT_QUEUE=m +CONFIG_NFT_QUOTA=m +CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m +CONFIG_NFT_COMPAT=m +CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +# CONFIG_NFT_XFRM is not set +# CONFIG_NFT_SOCKET is not set +# CONFIG_NFT_OSF is not set +CONFIG_NFT_TPROXY=m +# CONFIG_NFT_SYNPROXY is not set +# CONFIG_NF_DUP_NETDEV is not set +# CONFIG_NFT_DUP_NETDEV is not set +# CONFIG_NFT_FWD_NETDEV is not set +# CONFIG_NFT_REJECT_NETDEV is not set +# CONFIG_NF_FLOW_TABLE_INET is not set +CONFIG_NF_FLOW_TABLE=m +# CONFIG_NF_FLOW_TABLE_PROCFS is not set +CONFIG_NETFILTER_XTABLES=y +CONFIG_NETFILTER_XTABLES_COMPAT=y + +# +# Xtables combined modules +# +CONFIG_NETFILTER_XT_MARK=m +CONFIG_NETFILTER_XT_CONNMARK=m +CONFIG_NETFILTER_XT_SET=m + +# +# Xtables targets +# +CONFIG_NETFILTER_XT_TARGET_AUDIT=m +CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m +CONFIG_NETFILTER_XT_TARGET_CONNMARK=m +CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m +CONFIG_NETFILTER_XT_TARGET_CT=m +CONFIG_NETFILTER_XT_TARGET_DSCP=m +CONFIG_NETFILTER_XT_TARGET_HL=m +CONFIG_NETFILTER_XT_TARGET_HMARK=m +CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m +# CONFIG_NETFILTER_XT_TARGET_LED is not set +CONFIG_NETFILTER_XT_TARGET_LOG=m +CONFIG_NETFILTER_XT_TARGET_MARK=m +CONFIG_NETFILTER_XT_NAT=m +CONFIG_NETFILTER_XT_TARGET_NETMAP=m +CONFIG_NETFILTER_XT_TARGET_NFLOG=m +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m +CONFIG_NETFILTER_XT_TARGET_NOTRACK=m +CONFIG_NETFILTER_XT_TARGET_RATEEST=m +CONFIG_NETFILTER_XT_TARGET_REDIRECT=m +CONFIG_NETFILTER_XT_TARGET_MASQUERADE=m +CONFIG_NETFILTER_XT_TARGET_TEE=m +CONFIG_NETFILTER_XT_TARGET_TPROXY=m +CONFIG_NETFILTER_XT_TARGET_TRACE=m +CONFIG_NETFILTER_XT_TARGET_SECMARK=m +CONFIG_NETFILTER_XT_TARGET_TCPMSS=m +CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m + +# +# Xtables matches +# +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m +CONFIG_NETFILTER_XT_MATCH_BPF=m +CONFIG_NETFILTER_XT_MATCH_CGROUP=m +CONFIG_NETFILTER_XT_MATCH_CLUSTER=m +CONFIG_NETFILTER_XT_MATCH_COMMENT=m +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m +CONFIG_NETFILTER_XT_MATCH_CONNLABEL=m +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m +CONFIG_NETFILTER_XT_MATCH_CONNMARK=m +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m +CONFIG_NETFILTER_XT_MATCH_CPU=m +CONFIG_NETFILTER_XT_MATCH_DCCP=m +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=m +CONFIG_NETFILTER_XT_MATCH_DSCP=m +CONFIG_NETFILTER_XT_MATCH_ECN=m +CONFIG_NETFILTER_XT_MATCH_ESP=m +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m +CONFIG_NETFILTER_XT_MATCH_HELPER=m +CONFIG_NETFILTER_XT_MATCH_HL=m +CONFIG_NETFILTER_XT_MATCH_IPCOMP=m +CONFIG_NETFILTER_XT_MATCH_IPRANGE=m +CONFIG_NETFILTER_XT_MATCH_IPVS=m +# CONFIG_NETFILTER_XT_MATCH_L2TP is not set +CONFIG_NETFILTER_XT_MATCH_LENGTH=m +CONFIG_NETFILTER_XT_MATCH_LIMIT=m +CONFIG_NETFILTER_XT_MATCH_MAC=m +CONFIG_NETFILTER_XT_MATCH_MARK=m +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m +CONFIG_NETFILTER_XT_MATCH_NFACCT=m +CONFIG_NETFILTER_XT_MATCH_OSF=m +CONFIG_NETFILTER_XT_MATCH_OWNER=m +CONFIG_NETFILTER_XT_MATCH_POLICY=m +CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m +CONFIG_NETFILTER_XT_MATCH_QUOTA=m +CONFIG_NETFILTER_XT_MATCH_RATEEST=m +CONFIG_NETFILTER_XT_MATCH_REALM=m +CONFIG_NETFILTER_XT_MATCH_RECENT=m +CONFIG_NETFILTER_XT_MATCH_SCTP=m +CONFIG_NETFILTER_XT_MATCH_SOCKET=m +CONFIG_NETFILTER_XT_MATCH_STATE=m +CONFIG_NETFILTER_XT_MATCH_STATISTIC=m +CONFIG_NETFILTER_XT_MATCH_STRING=m +CONFIG_NETFILTER_XT_MATCH_TCPMSS=m +CONFIG_NETFILTER_XT_MATCH_TIME=m +CONFIG_NETFILTER_XT_MATCH_U32=m +# end of Core Netfilter Configuration + +CONFIG_IP_SET=m +CONFIG_IP_SET_MAX=256 +CONFIG_IP_SET_BITMAP_IP=m +CONFIG_IP_SET_BITMAP_IPMAC=m +CONFIG_IP_SET_BITMAP_PORT=m +CONFIG_IP_SET_HASH_IP=m +CONFIG_IP_SET_HASH_IPMARK=m +CONFIG_IP_SET_HASH_IPPORT=m +CONFIG_IP_SET_HASH_IPPORTIP=m +CONFIG_IP_SET_HASH_IPPORTNET=m +CONFIG_IP_SET_HASH_IPMAC=m +CONFIG_IP_SET_HASH_MAC=m +CONFIG_IP_SET_HASH_NETPORTNET=m +CONFIG_IP_SET_HASH_NET=m +CONFIG_IP_SET_HASH_NETNET=m +CONFIG_IP_SET_HASH_NETPORT=m +CONFIG_IP_SET_HASH_NETIFACE=m +CONFIG_IP_SET_LIST_SET=m +CONFIG_IP_VS=m +CONFIG_IP_VS_IPV6=y +CONFIG_IP_VS_DEBUG=y +CONFIG_IP_VS_TAB_BITS=12 + +# +# IPVS transport protocol load balancing support +# +CONFIG_IP_VS_PROTO_TCP=y +CONFIG_IP_VS_PROTO_UDP=y +CONFIG_IP_VS_PROTO_AH_ESP=y +CONFIG_IP_VS_PROTO_ESP=y +CONFIG_IP_VS_PROTO_AH=y +CONFIG_IP_VS_PROTO_SCTP=y + +# +# IPVS scheduler +# +CONFIG_IP_VS_RR=m +CONFIG_IP_VS_WRR=m +CONFIG_IP_VS_LC=m +CONFIG_IP_VS_WLC=m +# CONFIG_IP_VS_FO is not set +# CONFIG_IP_VS_OVF is not set +CONFIG_IP_VS_LBLC=m +CONFIG_IP_VS_LBLCR=m +CONFIG_IP_VS_DH=m +CONFIG_IP_VS_SH=m +CONFIG_IP_VS_MH=m +CONFIG_IP_VS_SED=m +CONFIG_IP_VS_NQ=m +# CONFIG_IP_VS_TWOS is not set + +# +# IPVS SH scheduler +# +CONFIG_IP_VS_SH_TAB_BITS=8 + +# +# IPVS MH scheduler +# +CONFIG_IP_VS_MH_TAB_INDEX=12 + +# +# IPVS application helper +# +CONFIG_IP_VS_FTP=m +CONFIG_IP_VS_NFCT=y +CONFIG_IP_VS_PE_SIP=m + +# +# IP: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV4=m +CONFIG_NF_SOCKET_IPV4=m +CONFIG_NF_TPROXY_IPV4=m +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y +CONFIG_NF_DUP_IPV4=m +CONFIG_NF_LOG_ARP=m +CONFIG_NF_LOG_IPV4=m +CONFIG_NF_REJECT_IPV4=m +CONFIG_NF_NAT_SNMP_BASIC=m +CONFIG_NF_NAT_PPTP=m +CONFIG_NF_NAT_H323=m +CONFIG_IP_NF_IPTABLES=m +CONFIG_IP_NF_MATCH_AH=m +CONFIG_IP_NF_MATCH_ECN=m +CONFIG_IP_NF_MATCH_RPFILTER=m +CONFIG_IP_NF_MATCH_TTL=m +CONFIG_IP_NF_FILTER=m +CONFIG_IP_NF_TARGET_REJECT=m +CONFIG_IP_NF_TARGET_SYNPROXY=m +CONFIG_IP_NF_NAT=m +CONFIG_IP_NF_TARGET_MASQUERADE=m +CONFIG_IP_NF_TARGET_NETMAP=m +CONFIG_IP_NF_TARGET_REDIRECT=m +CONFIG_IP_NF_MANGLE=m +CONFIG_IP_NF_TARGET_ECN=m +CONFIG_IP_NF_TARGET_TTL=m +CONFIG_IP_NF_RAW=m +CONFIG_IP_NF_SECURITY=m +CONFIG_IP_NF_ARPTABLES=m +CONFIG_IP_NF_ARPFILTER=m +CONFIG_IP_NF_ARP_MANGLE=m +# end of IP: Netfilter Configuration + +# +# IPv6: Netfilter Configuration +# +CONFIG_NF_SOCKET_IPV6=m +CONFIG_NF_TPROXY_IPV6=m +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +# CONFIG_NFT_FIB_IPV6 is not set +CONFIG_NF_DUP_IPV6=m +CONFIG_NF_REJECT_IPV6=m +CONFIG_NF_LOG_IPV6=m +CONFIG_IP6_NF_IPTABLES=m +CONFIG_IP6_NF_MATCH_AH=m +CONFIG_IP6_NF_MATCH_EUI64=m +CONFIG_IP6_NF_MATCH_FRAG=m +CONFIG_IP6_NF_MATCH_OPTS=m +CONFIG_IP6_NF_MATCH_HL=m +CONFIG_IP6_NF_MATCH_IPV6HEADER=m +CONFIG_IP6_NF_MATCH_MH=m +CONFIG_IP6_NF_MATCH_RPFILTER=m +CONFIG_IP6_NF_MATCH_RT=m +# CONFIG_IP6_NF_MATCH_SRH is not set +CONFIG_IP6_NF_TARGET_HL=m +CONFIG_IP6_NF_FILTER=m +CONFIG_IP6_NF_TARGET_REJECT=m +CONFIG_IP6_NF_TARGET_SYNPROXY=m +CONFIG_IP6_NF_MANGLE=m +CONFIG_IP6_NF_RAW=m +CONFIG_IP6_NF_SECURITY=m +CONFIG_IP6_NF_NAT=m +CONFIG_IP6_NF_TARGET_MASQUERADE=m +CONFIG_IP6_NF_TARGET_NPT=m +# end of IPv6: Netfilter Configuration + +CONFIG_NF_DEFRAG_IPV6=m +# CONFIG_NF_TABLES_BRIDGE is not set +# CONFIG_NF_CONNTRACK_BRIDGE is not set +CONFIG_BRIDGE_NF_EBTABLES=m +CONFIG_BRIDGE_EBT_BROUTE=m +CONFIG_BRIDGE_EBT_T_FILTER=m +CONFIG_BRIDGE_EBT_T_NAT=m +CONFIG_BRIDGE_EBT_802_3=m +CONFIG_BRIDGE_EBT_AMONG=m +CONFIG_BRIDGE_EBT_ARP=m +CONFIG_BRIDGE_EBT_IP=m +CONFIG_BRIDGE_EBT_IP6=m +CONFIG_BRIDGE_EBT_LIMIT=m +CONFIG_BRIDGE_EBT_MARK=m +CONFIG_BRIDGE_EBT_PKTTYPE=m +CONFIG_BRIDGE_EBT_STP=m +CONFIG_BRIDGE_EBT_VLAN=m +CONFIG_BRIDGE_EBT_ARPREPLY=m +CONFIG_BRIDGE_EBT_DNAT=m +CONFIG_BRIDGE_EBT_MARK_T=m +CONFIG_BRIDGE_EBT_REDIRECT=m +CONFIG_BRIDGE_EBT_SNAT=m +CONFIG_BRIDGE_EBT_LOG=m +CONFIG_BRIDGE_EBT_NFLOG=m +# CONFIG_BPFILTER is not set +# CONFIG_IP_DCCP is not set +CONFIG_IP_SCTP=m +# CONFIG_SCTP_DBG_OBJCNT is not set +CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y +# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_SHA1 is not set +# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_NONE is not set +CONFIG_SCTP_COOKIE_HMAC_MD5=y +CONFIG_SCTP_COOKIE_HMAC_SHA1=y +CONFIG_INET_SCTP_DIAG=m +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +# CONFIG_L2TP is not set +CONFIG_STP=m +CONFIG_GARP=m +CONFIG_MRP=m +CONFIG_BRIDGE=m +CONFIG_BRIDGE_IGMP_SNOOPING=y +CONFIG_BRIDGE_VLAN_FILTERING=y +# CONFIG_BRIDGE_MRP is not set +# CONFIG_BRIDGE_CFM is not set +# CONFIG_NET_DSA is not set +CONFIG_VLAN_8021Q=m +CONFIG_VLAN_8021Q_GVRP=y +CONFIG_VLAN_8021Q_MVRP=y +CONFIG_LLC=m +# CONFIG_LLC2 is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_6LOWPAN is not set +# CONFIG_IEEE802154 is not set +CONFIG_NET_SCHED=y + +# +# Queueing/Scheduling +# +CONFIG_NET_SCH_HTB=m +CONFIG_NET_SCH_HFSC=m +CONFIG_NET_SCH_PRIO=m +CONFIG_NET_SCH_MULTIQ=m +CONFIG_NET_SCH_RED=m +CONFIG_NET_SCH_SFB=m +CONFIG_NET_SCH_SFQ=m +CONFIG_NET_SCH_TEQL=m +CONFIG_NET_SCH_TBF=m +# CONFIG_NET_SCH_CBS is not set +CONFIG_NET_SCH_ETF=m +CONFIG_NET_SCH_MQPRIO_LIB=m +# CONFIG_NET_SCH_TAPRIO is not set +CONFIG_NET_SCH_GRED=m +CONFIG_NET_SCH_NETEM=m +CONFIG_NET_SCH_DRR=m +CONFIG_NET_SCH_MQPRIO=m +# CONFIG_NET_SCH_SKBPRIO is not set +CONFIG_NET_SCH_CHOKE=m +CONFIG_NET_SCH_QFQ=m +CONFIG_NET_SCH_CODEL=m +CONFIG_NET_SCH_FQ_CODEL=m +# CONFIG_NET_SCH_CAKE is not set +CONFIG_NET_SCH_FQ=m +# CONFIG_NET_SCH_HHF is not set +# CONFIG_NET_SCH_PIE is not set +CONFIG_NET_SCH_INGRESS=m +CONFIG_NET_SCH_PLUG=m +# CONFIG_NET_SCH_ETS is not set +# CONFIG_NET_SCH_DEFAULT is not set + +# +# Classification +# +CONFIG_NET_CLS=y +CONFIG_NET_CLS_BASIC=m +CONFIG_NET_CLS_ROUTE4=m +CONFIG_NET_CLS_FW=m +CONFIG_NET_CLS_U32=m +CONFIG_CLS_U32_PERF=y +CONFIG_CLS_U32_MARK=y +CONFIG_NET_CLS_FLOW=m +CONFIG_NET_CLS_CGROUP=m +CONFIG_NET_CLS_BPF=m +CONFIG_NET_CLS_FLOWER=m +CONFIG_NET_CLS_MATCHALL=m +CONFIG_NET_EMATCH=y +CONFIG_NET_EMATCH_STACK=32 +CONFIG_NET_EMATCH_CMP=m +CONFIG_NET_EMATCH_NBYTE=m +CONFIG_NET_EMATCH_U32=m +CONFIG_NET_EMATCH_META=m +CONFIG_NET_EMATCH_TEXT=m +# CONFIG_NET_EMATCH_CANID is not set +CONFIG_NET_EMATCH_IPSET=m +# CONFIG_NET_EMATCH_IPT is not set +CONFIG_NET_CLS_ACT=y +CONFIG_NET_ACT_POLICE=m +CONFIG_NET_ACT_GACT=m +CONFIG_GACT_PROB=y +CONFIG_NET_ACT_MIRRED=m +# CONFIG_NET_ACT_SAMPLE is not set +CONFIG_NET_ACT_IPT=m +CONFIG_NET_ACT_NAT=m +CONFIG_NET_ACT_PEDIT=m +# CONFIG_NET_ACT_SIMP is not set +CONFIG_NET_ACT_SKBEDIT=m +CONFIG_NET_ACT_CSUM=m +# CONFIG_NET_ACT_MPLS is not set +# CONFIG_NET_ACT_VLAN is not set +CONFIG_NET_ACT_BPF=m +# CONFIG_NET_ACT_CONNMARK is not set +# CONFIG_NET_ACT_CTINFO is not set +# CONFIG_NET_ACT_SKBMOD is not set +# CONFIG_NET_ACT_IFE is not set +CONFIG_NET_ACT_TUNNEL_KEY=m +CONFIG_NET_ACT_CT=m +# CONFIG_NET_ACT_GATE is not set +CONFIG_NET_TC_SKB_EXT=y +CONFIG_NET_SCH_FIFO=y +CONFIG_DCB=y +CONFIG_DNS_RESOLVER=m +# CONFIG_BATMAN_ADV is not set +CONFIG_OPENVSWITCH=m +CONFIG_OPENVSWITCH_GRE=m +CONFIG_OPENVSWITCH_VXLAN=m +CONFIG_OPENVSWITCH_GENEVE=m +CONFIG_VSOCKETS=y +# CONFIG_VSOCKETS_DIAG is not set +CONFIG_VSOCKETS_LOOPBACK=m +CONFIG_VMWARE_VMCI_VSOCKETS=m +CONFIG_VIRTIO_VSOCKETS=m +CONFIG_VIRTIO_VSOCKETS_COMMON=m +CONFIG_HYPERV_VSOCKETS=y +CONFIG_NETLINK_DIAG=m +CONFIG_MPLS=y +CONFIG_NET_MPLS_GSO=m +# CONFIG_MPLS_ROUTING is not set +CONFIG_NET_NSH=m +# CONFIG_HSR is not set +CONFIG_NET_SWITCHDEV=y +CONFIG_NET_L3_MASTER_DEV=y +# CONFIG_QRTR is not set +# CONFIG_NET_NCSI is not set +CONFIG_PCPU_DEV_REFCNT=y +CONFIG_MAX_SKB_FRAGS=17 +CONFIG_RPS=y +CONFIG_RFS_ACCEL=y +CONFIG_SOCK_RX_QUEUE_MAPPING=y +CONFIG_XPS=y +CONFIG_CGROUP_NET_PRIO=y +CONFIG_CGROUP_NET_CLASSID=y +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y +# CONFIG_BPF_STREAM_PARSER is not set +CONFIG_NET_FLOW_LIMIT=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# end of Network testing +# end of Networking options + +# CONFIG_HAMRADIO is not set +CONFIG_CAN=m +CONFIG_CAN_RAW=m +CONFIG_CAN_BCM=m +CONFIG_CAN_GW=m +# CONFIG_CAN_J1939 is not set +# CONFIG_CAN_ISOTP is not set +CONFIG_BT=m +CONFIG_BT_BREDR=y +CONFIG_BT_RFCOMM=m +CONFIG_BT_RFCOMM_TTY=y +CONFIG_BT_BNEP=m +# CONFIG_BT_BNEP_MC_FILTER is not set +# CONFIG_BT_BNEP_PROTO_FILTER is not set +CONFIG_BT_HIDP=m +CONFIG_BT_LE=y +CONFIG_BT_LE_L2CAP_ECRED=y +# CONFIG_BT_LEDS is not set +# CONFIG_BT_MSFTEXT is not set +# CONFIG_BT_AOSPEXT is not set +CONFIG_BT_DEBUGFS=y +# CONFIG_BT_SELFTEST is not set +# CONFIG_BT_FEATURE_DEBUG is not set + +# +# Bluetooth device drivers +# +CONFIG_BT_INTEL=m +CONFIG_BT_BCM=m +CONFIG_BT_RTL=m +CONFIG_BT_HCIBTUSB=m +# CONFIG_BT_HCIBTUSB_AUTOSUSPEND is not set +CONFIG_BT_HCIBTUSB_POLL_SYNC=y +CONFIG_BT_HCIBTUSB_BCM=y +# CONFIG_BT_HCIBTUSB_MTK is not set +CONFIG_BT_HCIBTUSB_RTL=y +CONFIG_BT_HCIBTSDIO=m +# CONFIG_BT_HCIUART is not set +CONFIG_BT_HCIBCM203X=m +# CONFIG_BT_HCIBCM4377 is not set +# CONFIG_BT_HCIBPA10X is not set +# CONFIG_BT_HCIBFUSB is not set +# CONFIG_BT_HCIVHCI is not set +# CONFIG_BT_MRVL is not set +# CONFIG_BT_ATH3K is not set +# CONFIG_BT_MTKSDIO is not set +# CONFIG_BT_MTKUART is not set +CONFIG_BT_HCIRSI=m +# CONFIG_BT_VIRTIO is not set +# CONFIG_BT_NXPUART is not set +# end of Bluetooth device drivers + +# CONFIG_AF_RXRPC is not set +# CONFIG_AF_KCM is not set +CONFIG_STREAM_PARSER=y +# CONFIG_MCTP is not set +CONFIG_FIB_RULES=y +CONFIG_WIRELESS=y +CONFIG_WEXT_CORE=y +CONFIG_WEXT_PROC=y +CONFIG_CFG80211=m +# CONFIG_NL80211_TESTMODE is not set +# CONFIG_CFG80211_DEVELOPER_WARNINGS is not set +# CONFIG_CFG80211_CERTIFICATION_ONUS is not set +CONFIG_CFG80211_REQUIRE_SIGNED_REGDB=y +CONFIG_CFG80211_USE_KERNEL_REGDB_KEYS=y +CONFIG_CFG80211_DEFAULT_PS=y +# CONFIG_CFG80211_DEBUGFS is not set +CONFIG_CFG80211_CRDA_SUPPORT=y +CONFIG_CFG80211_WEXT=y +CONFIG_MAC80211=m +CONFIG_MAC80211_HAS_RC=y +CONFIG_MAC80211_RC_MINSTREL=y +CONFIG_MAC80211_RC_DEFAULT_MINSTREL=y +CONFIG_MAC80211_RC_DEFAULT="minstrel_ht" +# CONFIG_MAC80211_MESH is not set +CONFIG_MAC80211_LEDS=y +# CONFIG_MAC80211_DEBUGFS is not set +# CONFIG_MAC80211_DEBUG_MENU is not set +CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 +# CONFIG_RFKILL is not set +CONFIG_NET_9P=m +CONFIG_NET_9P_FD=m +CONFIG_NET_9P_VIRTIO=m +CONFIG_NET_9P_XEN=m +# CONFIG_NET_9P_RDMA is not set +# CONFIG_NET_9P_DEBUG is not set +# CONFIG_CAIF is not set +CONFIG_CEPH_LIB=m +# CONFIG_CEPH_LIB_PRETTYDEBUG is not set +# CONFIG_CEPH_LIB_USE_DNS_RESOLVER is not set +# CONFIG_NFC is not set +# CONFIG_PSAMPLE is not set +# CONFIG_NET_IFE is not set +# CONFIG_LWTUNNEL is not set +CONFIG_DST_CACHE=y +CONFIG_GRO_CELLS=y +CONFIG_NET_SELFTESTS=y +CONFIG_NET_SOCK_MSG=y +CONFIG_NET_DEVLINK=y +CONFIG_PAGE_POOL=y +# CONFIG_PAGE_POOL_STATS is not set +CONFIG_FAILOVER=y +CONFIG_ETHTOOL_NETLINK=y + +# +# Device Drivers +# +CONFIG_HAVE_EISA=y +# CONFIG_EISA is not set +CONFIG_HAVE_PCI=y +CONFIG_PCI=y +CONFIG_PCI_DOMAINS=y +CONFIG_PCIEPORTBUS=y +CONFIG_HOTPLUG_PCI_PCIE=y +CONFIG_PCIEAER=y +# CONFIG_PCIEAER_INJECT is not set +CONFIG_PCIE_ECRC=y +CONFIG_PCIEASPM=y +CONFIG_PCIEASPM_DEFAULT=y +# CONFIG_PCIEASPM_POWERSAVE is not set +# CONFIG_PCIEASPM_POWER_SUPERSAVE is not set +# CONFIG_PCIEASPM_PERFORMANCE is not set +CONFIG_PCIE_PME=y +# CONFIG_PCIE_DPC is not set +# CONFIG_PCIE_PTM is not set +CONFIG_PCI_MSI=y +CONFIG_PCI_QUIRKS=y +# CONFIG_PCI_DEBUG is not set +# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set +# CONFIG_PCI_STUB is not set +# CONFIG_PCI_PF_STUB is not set +CONFIG_XEN_PCIDEV_FRONTEND=m +CONFIG_PCI_ATS=y +CONFIG_PCI_LOCKLESS_CONFIG=y +CONFIG_PCI_IOV=y +CONFIG_PCI_PRI=y +CONFIG_PCI_PASID=y +# CONFIG_PCI_P2PDMA is not set +CONFIG_PCI_LABEL=y +CONFIG_PCI_HYPERV=y +# CONFIG_PCIE_BUS_TUNE_OFF is not set +CONFIG_PCIE_BUS_DEFAULT=y +# CONFIG_PCIE_BUS_SAFE is not set +# CONFIG_PCIE_BUS_PERFORMANCE is not set +# CONFIG_PCIE_BUS_PEER2PEER is not set +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +CONFIG_HOTPLUG_PCI=y +CONFIG_HOTPLUG_PCI_ACPI=y +CONFIG_HOTPLUG_PCI_ACPI_IBM=m +# CONFIG_HOTPLUG_PCI_CPCI is not set +# CONFIG_HOTPLUG_PCI_SHPC is not set + +# +# PCI controller drivers +# +CONFIG_VMD=y +CONFIG_PCI_HYPERV_INTERFACE=y + +# +# Cadence-based PCIe controllers +# +# end of Cadence-based PCIe controllers + +# +# DesignWare-based PCIe controllers +# +# CONFIG_PCI_MESON is not set +# CONFIG_PCIE_DW_PLAT_HOST is not set +# end of DesignWare-based PCIe controllers + +# +# Mobiveil-based PCIe controllers +# +# end of Mobiveil-based PCIe controllers +# end of PCI controller drivers + +# +# PCI Endpoint +# +# CONFIG_PCI_ENDPOINT is not set +# end of PCI Endpoint + +# +# PCI switch controller drivers +# +# CONFIG_PCI_SW_SWITCHTEC is not set +# end of PCI switch controller drivers + +# CONFIG_CXL_BUS is not set +# CONFIG_PCCARD is not set +# CONFIG_RAPIDIO is not set + +# +# Generic Driver Options +# +CONFIG_AUXILIARY_BUS=y +CONFIG_UEVENT_HELPER=y +CONFIG_UEVENT_HELPER_PATH="" +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +# CONFIG_DEVTMPFS_SAFE is not set +CONFIG_STANDALONE=y +CONFIG_PREVENT_FIRMWARE_BUILD=y + +# +# Firmware loader +# +CONFIG_FW_LOADER=y +CONFIG_FW_LOADER_PAGED_BUF=y +CONFIG_FW_LOADER_SYSFS=y +CONFIG_EXTRA_FIRMWARE="" +CONFIG_FW_LOADER_USER_HELPER=y +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set +CONFIG_FW_LOADER_COMPRESS=y +CONFIG_FW_LOADER_COMPRESS_XZ=y +# CONFIG_FW_LOADER_COMPRESS_ZSTD is not set +CONFIG_FW_CACHE=y +# CONFIG_FW_UPLOAD is not set +# end of Firmware loader + +CONFIG_WANT_DEV_COREDUMP=y +CONFIG_ALLOW_DEV_COREDUMP=y +CONFIG_DEV_COREDUMP=y +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set +# CONFIG_TEST_ASYNC_DRIVER_PROBE is not set +CONFIG_SYS_HYPERVISOR=y +CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y +CONFIG_REGMAP=y +CONFIG_REGMAP_I2C=m +CONFIG_DMA_SHARED_BUFFER=y +# CONFIG_DMA_FENCE_TRACE is not set +# CONFIG_FW_DEVLINK_SYNC_STATE_TIMEOUT is not set +# end of Generic Driver Options + +# +# Bus devices +# +# CONFIG_MHI_BUS is not set +# CONFIG_MHI_BUS_EP is not set +# end of Bus devices + +# +# Cache Drivers +# +# end of Cache Drivers + +CONFIG_CONNECTOR=y +CONFIG_PROC_EVENTS=y + +# +# Firmware Drivers +# + +# +# ARM System Control and Management Interface Protocol +# +# end of ARM System Control and Management Interface Protocol + +# CONFIG_EDD is not set +CONFIG_FIRMWARE_MEMMAP=y +CONFIG_DMIID=y +CONFIG_DMI_SYSFS=m +CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y +# CONFIG_ISCSI_IBFT is not set +# CONFIG_FW_CFG_SYSFS is not set +CONFIG_SYSFB=y +# CONFIG_SYSFB_SIMPLEFB is not set +# CONFIG_GOOGLE_FIRMWARE is not set + +# +# EFI (Extensible Firmware Interface) Support +# +CONFIG_EFI_ESRT=y +CONFIG_EFI_VARS_PSTORE=y +# CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE is not set +CONFIG_EFI_DXE_MEM_ATTRIBUTES=y +CONFIG_EFI_RUNTIME_WRAPPERS=y +# CONFIG_EFI_BOOTLOADER_CONTROL is not set +# CONFIG_EFI_CAPSULE_LOADER is not set +# CONFIG_EFI_TEST is not set +# CONFIG_APPLE_PROPERTIES is not set +CONFIG_RESET_ATTACK_MITIGATION=y +# CONFIG_EFI_RCI2_TABLE is not set +# CONFIG_EFI_DISABLE_PCI_DMA is not set +CONFIG_EFI_EARLYCON=y +# CONFIG_EFI_CUSTOM_SSDT_OVERLAYS is not set +# CONFIG_EFI_DISABLE_RUNTIME is not set +# CONFIG_EFI_COCO_SECRET is not set +CONFIG_UNACCEPTED_MEMORY=y +# end of EFI (Extensible Firmware Interface) Support + +CONFIG_UEFI_CPER=y +CONFIG_UEFI_CPER_X86=y + +# +# Tegra firmware driver +# +# end of Tegra firmware driver +# end of Firmware Drivers + +# CONFIG_GNSS is not set +# CONFIG_MTD is not set +# CONFIG_OF is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +# CONFIG_PNP_DEBUG_MESSAGES is not set + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set +# CONFIG_BLK_DEV_FD is not set +CONFIG_CDROM=y +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +CONFIG_ZRAM=m +CONFIG_ZRAM_DEF_COMP_LZORLE=y +# CONFIG_ZRAM_DEF_COMP_LZO is not set +CONFIG_ZRAM_DEF_COMP="lzo-rle" +# CONFIG_ZRAM_WRITEBACK is not set +# CONFIG_ZRAM_TRACK_ENTRY_ACTIME is not set +# CONFIG_ZRAM_MEMORY_TRACKING is not set +# CONFIG_ZRAM_MULTI_COMP is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_DRBD is not set +CONFIG_BLK_DEV_NBD=m +CONFIG_BLK_DEV_RAM=y +CONFIG_BLK_DEV_RAM_COUNT=16 +CONFIG_BLK_DEV_RAM_SIZE=4096 +# CONFIG_CDROM_PKTCDVD is not set +# CONFIG_ATA_OVER_ETH is not set +CONFIG_XEN_BLKDEV_FRONTEND=m +# CONFIG_XEN_BLKDEV_BACKEND is not set +CONFIG_VIRTIO_BLK=m +CONFIG_BLK_DEV_RBD=m +# CONFIG_BLK_DEV_UBLK is not set + +# +# NVME Support +# +CONFIG_NVME_CORE=y +CONFIG_BLK_DEV_NVME=y +CONFIG_NVME_MULTIPATH=y +# CONFIG_NVME_VERBOSE_ERRORS is not set +# CONFIG_NVME_HWMON is not set +CONFIG_NVME_FABRICS=m +CONFIG_NVME_RDMA=m +CONFIG_NVME_FC=m +CONFIG_NVME_TCP=m +# CONFIG_NVME_AUTH is not set +CONFIG_NVME_TARGET=m +# CONFIG_NVME_TARGET_PASSTHRU is not set +CONFIG_NVME_TARGET_LOOP=m +# CONFIG_NVME_TARGET_RDMA is not set +# CONFIG_NVME_TARGET_FC is not set +CONFIG_NVME_TARGET_TCP=m +# CONFIG_NVME_TARGET_AUTH is not set +# end of NVME Support + +# +# Misc devices +# +# CONFIG_AD525X_DPOT is not set +# CONFIG_DUMMY_IRQ is not set +# CONFIG_IBM_ASM is not set +# CONFIG_PHANTOM is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ICS932S401 is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_APDS9802ALS is not set +# CONFIG_ISL29003 is not set +# CONFIG_ISL29020 is not set +# CONFIG_SENSORS_TSL2550 is not set +# CONFIG_SENSORS_BH1770 is not set +# CONFIG_SENSORS_APDS990X is not set +# CONFIG_HMC6352 is not set +# CONFIG_DS1682 is not set +CONFIG_VMWARE_BALLOON=m +# CONFIG_SRAM is not set +# CONFIG_DW_XDATA_PCIE is not set +# CONFIG_PCI_ENDPOINT_TEST is not set +# CONFIG_XILINX_SDFEC is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_AT24 is not set +# CONFIG_EEPROM_LEGACY is not set +# CONFIG_EEPROM_MAX6875 is not set +CONFIG_EEPROM_93CX6=m +# CONFIG_EEPROM_IDT_89HPESX is not set +# CONFIG_EEPROM_EE1004 is not set +# end of EEPROM support + +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# +# CONFIG_TI_ST is not set +# end of Texas Instruments shared transport line discipline + +# CONFIG_SENSORS_LIS3_I2C is not set +# CONFIG_ALTERA_STAPL is not set +CONFIG_INTEL_MEI=m +CONFIG_INTEL_MEI_ME=m +# CONFIG_INTEL_MEI_TXE is not set +# CONFIG_INTEL_MEI_GSC is not set +# CONFIG_INTEL_MEI_HDCP is not set +# CONFIG_INTEL_MEI_PXP is not set +# CONFIG_INTEL_MEI_GSC_PROXY is not set +CONFIG_VMWARE_VMCI=m +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_BCM_VK is not set +# CONFIG_MISC_ALCOR_PCI is not set +# CONFIG_MISC_RTSX_PCI is not set +# CONFIG_MISC_RTSX_USB is not set +# CONFIG_UACCE is not set +# CONFIG_PVPANIC is not set +# CONFIG_GP_PCI1XXXX is not set +# end of Misc devices + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +CONFIG_RAID_ATTRS=y +CONFIG_SCSI_COMMON=y +CONFIG_SCSI=y +CONFIG_SCSI_DMA=y +CONFIG_SCSI_NETLINK=y +CONFIG_SCSI_PROC_FS=y + +# +# SCSI support type (disk, tape, CD-ROM) +# +CONFIG_BLK_DEV_SD=y +# CONFIG_CHR_DEV_ST is not set +CONFIG_BLK_DEV_SR=y +CONFIG_CHR_DEV_SG=y +CONFIG_BLK_DEV_BSG=y +# CONFIG_CHR_DEV_SCH is not set +# CONFIG_SCSI_CONSTANTS is not set +CONFIG_SCSI_LOGGING=y +CONFIG_SCSI_SCAN_ASYNC=y + +# +# SCSI Transports +# +CONFIG_SCSI_SPI_ATTRS=y +CONFIG_SCSI_FC_ATTRS=y +CONFIG_SCSI_ISCSI_ATTRS=y +CONFIG_SCSI_SAS_ATTRS=y +CONFIG_SCSI_SAS_LIBSAS=m +CONFIG_SCSI_SAS_ATA=y +CONFIG_SCSI_SAS_HOST_SMP=y +CONFIG_SCSI_SRP_ATTRS=m +# end of SCSI Transports + +CONFIG_SCSI_LOWLEVEL=y +CONFIG_ISCSI_TCP=m +CONFIG_ISCSI_BOOT_SYSFS=m +CONFIG_SCSI_CXGB3_ISCSI=m +CONFIG_SCSI_CXGB4_ISCSI=m +CONFIG_SCSI_BNX2_ISCSI=m +# CONFIG_SCSI_BNX2X_FCOE is not set +CONFIG_BE2ISCSI=m +CONFIG_BLK_DEV_3W_XXXX_RAID=m +CONFIG_SCSI_HPSA=m +CONFIG_SCSI_3W_9XXX=m +CONFIG_SCSI_3W_SAS=m +CONFIG_SCSI_ACARD=m +CONFIG_SCSI_AACRAID=m +CONFIG_SCSI_AIC7XXX=m +CONFIG_AIC7XXX_CMDS_PER_DEVICE=32 +CONFIG_AIC7XXX_RESET_DELAY_MS=5000 +CONFIG_AIC7XXX_DEBUG_ENABLE=y +CONFIG_AIC7XXX_DEBUG_MASK=0 +CONFIG_AIC7XXX_REG_PRETTY_PRINT=y +CONFIG_SCSI_AIC79XX=m +CONFIG_AIC79XX_CMDS_PER_DEVICE=32 +CONFIG_AIC79XX_RESET_DELAY_MS=5000 +CONFIG_AIC79XX_DEBUG_ENABLE=y +CONFIG_AIC79XX_DEBUG_MASK=0 +CONFIG_AIC79XX_REG_PRETTY_PRINT=y +CONFIG_SCSI_AIC94XX=m +CONFIG_AIC94XX_DEBUG=y +CONFIG_SCSI_MVSAS=m +CONFIG_SCSI_MVSAS_DEBUG=y +CONFIG_SCSI_MVSAS_TASKLET=y +CONFIG_SCSI_MVUMI=m +CONFIG_SCSI_ADVANSYS=m +CONFIG_SCSI_ARCMSR=m +CONFIG_SCSI_ESAS2R=m +CONFIG_MEGARAID_NEWGEN=y +CONFIG_MEGARAID_MM=m +CONFIG_MEGARAID_MAILBOX=m +CONFIG_MEGARAID_LEGACY=m +CONFIG_MEGARAID_SAS=m +CONFIG_SCSI_MPT3SAS=m +CONFIG_SCSI_MPT2SAS_MAX_SGE=128 +CONFIG_SCSI_MPT3SAS_MAX_SGE=128 +CONFIG_SCSI_MPT2SAS=m +CONFIG_SCSI_MPI3MR=m +CONFIG_SCSI_SMARTPQI=y +CONFIG_SCSI_HPTIOP=m +CONFIG_SCSI_BUSLOGIC=m +CONFIG_SCSI_FLASHPOINT=y +# CONFIG_SCSI_MYRB is not set +# CONFIG_SCSI_MYRS is not set +CONFIG_VMWARE_PVSCSI=y +CONFIG_XEN_SCSI_FRONTEND=m +CONFIG_HYPERV_STORAGE=y +CONFIG_LIBFC=m +CONFIG_LIBFCOE=m +CONFIG_FCOE=m +CONFIG_FCOE_FNIC=m +# CONFIG_SCSI_SNIC is not set +CONFIG_SCSI_DMX3191D=m +# CONFIG_SCSI_FDOMAIN_PCI is not set +CONFIG_SCSI_ISCI=m +CONFIG_SCSI_IPS=m +CONFIG_SCSI_INITIO=m +CONFIG_SCSI_INIA100=m +CONFIG_SCSI_STEX=m +CONFIG_SCSI_SYM53C8XX_2=y +CONFIG_SCSI_SYM53C8XX_DMA_ADDRESSING_MODE=1 +CONFIG_SCSI_SYM53C8XX_DEFAULT_TAGS=16 +CONFIG_SCSI_SYM53C8XX_MAX_TAGS=64 +CONFIG_SCSI_SYM53C8XX_MMIO=y +CONFIG_SCSI_IPR=m +CONFIG_SCSI_IPR_TRACE=y +CONFIG_SCSI_IPR_DUMP=y +CONFIG_SCSI_QLOGIC_1280=m +CONFIG_SCSI_QLA_FC=m +CONFIG_TCM_QLA2XXX=m +# CONFIG_TCM_QLA2XXX_DEBUG is not set +CONFIG_SCSI_QLA_ISCSI=m +# CONFIG_QEDI is not set +# CONFIG_QEDF is not set +CONFIG_SCSI_LPFC=m +CONFIG_SCSI_LPFC_DEBUG_FS=y +# CONFIG_SCSI_EFCT is not set +CONFIG_SCSI_DC395x=m +CONFIG_SCSI_AM53C974=m +CONFIG_SCSI_WD719X=m +CONFIG_SCSI_DEBUG=m +CONFIG_SCSI_PMCRAID=m +CONFIG_SCSI_PM8001=m +CONFIG_SCSI_BFA_FC=m +CONFIG_SCSI_VIRTIO=y +CONFIG_SCSI_CHELSIO_FCOE=m +CONFIG_SCSI_DH=y +CONFIG_SCSI_DH_RDAC=y +CONFIG_SCSI_DH_HP_SW=m +CONFIG_SCSI_DH_EMC=m +CONFIG_SCSI_DH_ALUA=m +# end of SCSI device support + +CONFIG_ATA=y +CONFIG_SATA_HOST=y +CONFIG_PATA_TIMINGS=y +CONFIG_ATA_VERBOSE_ERROR=y +CONFIG_ATA_FORCE=y +CONFIG_ATA_ACPI=y +# CONFIG_SATA_ZPODD is not set +CONFIG_SATA_PMP=y + +# +# Controllers with non-SFF native interface +# +CONFIG_SATA_AHCI=y +CONFIG_SATA_MOBILE_LPM_POLICY=0 +# CONFIG_SATA_AHCI_PLATFORM is not set +# CONFIG_AHCI_DWC is not set +# CONFIG_SATA_INIC162X is not set +# CONFIG_SATA_ACARD_AHCI is not set +CONFIG_SATA_SIL24=y +CONFIG_ATA_SFF=y + +# +# SFF controllers with custom DMA interface +# +CONFIG_PDC_ADMA=y +CONFIG_SATA_QSTOR=y +CONFIG_SATA_SX4=y +CONFIG_ATA_BMDMA=y + +# +# SATA SFF controllers with BMDMA +# +CONFIG_ATA_PIIX=y +# CONFIG_SATA_DWC is not set +CONFIG_SATA_MV=y +CONFIG_SATA_NV=y +CONFIG_SATA_PROMISE=y +CONFIG_SATA_SIL=y +CONFIG_SATA_SIS=y +CONFIG_SATA_SVW=y +CONFIG_SATA_ULI=y +CONFIG_SATA_VIA=y +CONFIG_SATA_VITESSE=y + +# +# PATA SFF controllers with BMDMA +# +CONFIG_PATA_ALI=y +CONFIG_PATA_AMD=y +CONFIG_PATA_ARTOP=y +CONFIG_PATA_ATIIXP=y +CONFIG_PATA_ATP867X=y +CONFIG_PATA_CMD64X=y +CONFIG_PATA_CYPRESS=y +CONFIG_PATA_EFAR=y +CONFIG_PATA_HPT366=y +CONFIG_PATA_HPT37X=y +CONFIG_PATA_HPT3X2N=y +CONFIG_PATA_HPT3X3=y +CONFIG_PATA_HPT3X3_DMA=y +CONFIG_PATA_IT8213=y +CONFIG_PATA_IT821X=y +CONFIG_PATA_JMICRON=y +CONFIG_PATA_MARVELL=y +CONFIG_PATA_NETCELL=y +CONFIG_PATA_NINJA32=y +CONFIG_PATA_NS87415=y +CONFIG_PATA_OLDPIIX=y +# CONFIG_PATA_OPTIDMA is not set +CONFIG_PATA_PDC2027X=y +# CONFIG_PATA_PDC_OLD is not set +# CONFIG_PATA_RADISYS is not set +# CONFIG_PATA_RDC is not set +CONFIG_PATA_SCH=y +# CONFIG_PATA_SERVERWORKS is not set +# CONFIG_PATA_SIL680 is not set +CONFIG_PATA_SIS=y +# CONFIG_PATA_TOSHIBA is not set +# CONFIG_PATA_TRIFLEX is not set +CONFIG_PATA_VIA=y +# CONFIG_PATA_WINBOND is not set + +# +# PIO-only SFF controllers +# +CONFIG_PATA_CMD640_PCI=y +CONFIG_PATA_MPIIX=y +CONFIG_PATA_NS87410=y +CONFIG_PATA_OPTI=y +CONFIG_PATA_RZ1000=y + +# +# Generic fallback / legacy drivers +# +CONFIG_PATA_ACPI=y +CONFIG_ATA_GENERIC=y +CONFIG_PATA_LEGACY=m +CONFIG_MD=y +CONFIG_BLK_DEV_MD=m +CONFIG_MD_BITMAP_FILE=y +CONFIG_MD_LINEAR=m +CONFIG_MD_RAID0=m +CONFIG_MD_RAID1=m +CONFIG_MD_RAID10=m +CONFIG_MD_RAID456=m +CONFIG_MD_MULTIPATH=m +# CONFIG_MD_FAULTY is not set +# CONFIG_MD_CLUSTER is not set +# CONFIG_BCACHE is not set +CONFIG_BLK_DEV_DM_BUILTIN=y +CONFIG_BLK_DEV_DM=y +# CONFIG_DM_DEBUG is not set +CONFIG_DM_BUFIO=m +# CONFIG_DM_DEBUG_BLOCK_MANAGER_LOCKING is not set +CONFIG_DM_BIO_PRISON=m +CONFIG_DM_PERSISTENT_DATA=m +# CONFIG_DM_UNSTRIPED is not set +CONFIG_DM_CRYPT=m +CONFIG_DM_SNAPSHOT=m +CONFIG_DM_THIN_PROVISIONING=m +# CONFIG_DM_CACHE is not set +# CONFIG_DM_WRITECACHE is not set +# CONFIG_DM_EBS is not set +# CONFIG_DM_ERA is not set +# CONFIG_DM_CLONE is not set +CONFIG_DM_MIRROR=m +# CONFIG_DM_LOG_USERSPACE is not set +CONFIG_DM_RAID=m +CONFIG_DM_ZERO=m +CONFIG_DM_MULTIPATH=m +CONFIG_DM_MULTIPATH_QL=m +CONFIG_DM_MULTIPATH_ST=m +CONFIG_DM_MULTIPATH_HST=m +CONFIG_DM_MULTIPATH_IOA=m +CONFIG_DM_DELAY=m +# CONFIG_DM_DUST is not set +# CONFIG_DM_INIT is not set +CONFIG_DM_UEVENT=y +CONFIG_DM_FLAKEY=m +CONFIG_DM_VERITY=m +CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG=y +CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y +CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_PLATFORM_KEYRING=y +CONFIG_DM_VERITY_FEC=y +# CONFIG_DM_SWITCH is not set +# CONFIG_DM_LOG_WRITES is not set +# CONFIG_DM_INTEGRITY is not set +# CONFIG_DM_ZONED is not set +# CONFIG_DM_AUDIT is not set +CONFIG_TARGET_CORE=m +CONFIG_TCM_IBLOCK=m +CONFIG_TCM_FILEIO=m +CONFIG_TCM_PSCSI=m +CONFIG_TCM_USER2=m +CONFIG_LOOPBACK_TARGET=m +CONFIG_TCM_FC=m +CONFIG_ISCSI_TARGET=m +# CONFIG_ISCSI_TARGET_CXGB4 is not set +# CONFIG_REMOTE_TARGET is not set +CONFIG_FUSION=y +CONFIG_FUSION_SPI=y +# CONFIG_FUSION_FC is not set +CONFIG_FUSION_SAS=y +CONFIG_FUSION_MAX_SGE=40 +CONFIG_FUSION_CTL=y +CONFIG_FUSION_LOGGING=y + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# end of IEEE 1394 (FireWire) support + +# CONFIG_MACINTOSH_DRIVERS is not set +CONFIG_NETDEVICES=y +CONFIG_MII=m +CONFIG_NET_CORE=y +CONFIG_BONDING=m +CONFIG_DUMMY=m +CONFIG_WIREGUARD=m +# CONFIG_WIREGUARD_DEBUG is not set +# CONFIG_EQUALIZER is not set +# CONFIG_NET_FC is not set +CONFIG_IFB=m +# CONFIG_NET_TEAM is not set +CONFIG_MACVLAN=m +CONFIG_MACVTAP=m +CONFIG_IPVLAN_L3S=y +CONFIG_IPVLAN=m +# CONFIG_IPVTAP is not set +CONFIG_VXLAN=y +CONFIG_GENEVE=m +# CONFIG_BAREUDP is not set +# CONFIG_GTP is not set +# CONFIG_AMT is not set +# CONFIG_MACSEC is not set +CONFIG_NETCONSOLE=m +CONFIG_NETCONSOLE_DYNAMIC=y +# CONFIG_NETCONSOLE_EXTENDED_LOG is not set +CONFIG_NETPOLL=y +CONFIG_NET_POLL_CONTROLLER=y +CONFIG_TUN=m +CONFIG_TAP=m +# CONFIG_TUN_VNET_CROSS_LE is not set +CONFIG_VETH=y +CONFIG_VIRTIO_NET=y +# CONFIG_NLMON is not set +CONFIG_NET_VRF=m +CONFIG_VSOCKMON=m +# CONFIG_ARCNET is not set +CONFIG_ETHERNET=y +CONFIG_MDIO=m +# CONFIG_NET_VENDOR_3COM is not set +# CONFIG_NET_VENDOR_ADAPTEC is not set +CONFIG_NET_VENDOR_AGERE=y +# CONFIG_ET131X is not set +CONFIG_NET_VENDOR_ALACRITECH=y +# CONFIG_SLICOSS is not set +CONFIG_NET_VENDOR_ALTEON=y +CONFIG_ACENIC=m +# CONFIG_ACENIC_OMIT_TIGON_I is not set +# CONFIG_ALTERA_TSE is not set +# CONFIG_NET_VENDOR_AMAZON is not set +CONFIG_NET_VENDOR_AMD=y +CONFIG_AMD8111_ETH=m +CONFIG_PCNET32=m +# CONFIG_AMD_XGBE is not set +# CONFIG_PDS_CORE is not set +# CONFIG_NET_VENDOR_AQUANTIA is not set +# CONFIG_NET_VENDOR_ARC is not set +CONFIG_NET_VENDOR_ASIX=y +CONFIG_NET_VENDOR_ATHEROS=y +CONFIG_ATL2=m +CONFIG_ATL1=m +CONFIG_ATL1E=m +CONFIG_ATL1C=m +CONFIG_ALX=m +# CONFIG_CX_ECAT is not set +CONFIG_NET_VENDOR_BROADCOM=y +CONFIG_B44=m +CONFIG_B44_PCI_AUTOSELECT=y +CONFIG_B44_PCICORE_AUTOSELECT=y +CONFIG_B44_PCI=y +# CONFIG_BCMGENET is not set +CONFIG_BNX2=m +CONFIG_CNIC=m +CONFIG_TIGON3=m +CONFIG_TIGON3_HWMON=y +CONFIG_BNX2X=m +CONFIG_BNX2X_SRIOV=y +# CONFIG_SYSTEMPORT is not set +CONFIG_BNXT=m +CONFIG_BNXT_SRIOV=y +CONFIG_BNXT_FLOWER_OFFLOAD=y +# CONFIG_BNXT_DCB is not set +CONFIG_BNXT_HWMON=y +CONFIG_NET_VENDOR_CADENCE=y +# CONFIG_MACB is not set +CONFIG_NET_VENDOR_CAVIUM=y +# CONFIG_THUNDER_NIC_PF is not set +# CONFIG_THUNDER_NIC_VF is not set +# CONFIG_THUNDER_NIC_BGX is not set +# CONFIG_THUNDER_NIC_RGX is not set +CONFIG_CAVIUM_PTP=m +# CONFIG_LIQUIDIO is not set +# CONFIG_LIQUIDIO_VF is not set +CONFIG_NET_VENDOR_CHELSIO=y +CONFIG_CHELSIO_T1=m +CONFIG_CHELSIO_T1_1G=y +CONFIG_CHELSIO_T3=m +CONFIG_CHELSIO_T4=m +# CONFIG_CHELSIO_T4_DCB is not set +CONFIG_CHELSIO_T4VF=m +CONFIG_CHELSIO_LIB=m +CONFIG_CHELSIO_INLINE_CRYPTO=y +# CONFIG_CHELSIO_IPSEC_INLINE is not set +CONFIG_NET_VENDOR_CISCO=y +CONFIG_ENIC=m +# CONFIG_NET_VENDOR_CORTINA is not set +CONFIG_NET_VENDOR_DAVICOM=y +# CONFIG_DNET is not set +CONFIG_NET_VENDOR_DEC=y +CONFIG_NET_TULIP=y +# CONFIG_DE2104X is not set +CONFIG_TULIP=m +# CONFIG_TULIP_MWI is not set +CONFIG_TULIP_MMIO=y +CONFIG_TULIP_NAPI=y +# CONFIG_TULIP_NAPI_HW_MITIGATION is not set +# CONFIG_WINBOND_840 is not set +# CONFIG_DM9102 is not set +# CONFIG_ULI526X is not set +CONFIG_NET_VENDOR_DLINK=y +CONFIG_DL2K=m +CONFIG_SUNDANCE=m +# CONFIG_SUNDANCE_MMIO is not set +CONFIG_NET_VENDOR_EMULEX=y +CONFIG_BE2NET=m +CONFIG_BE2NET_HWMON=y +# CONFIG_BE2NET_BE2 is not set +# CONFIG_BE2NET_BE3 is not set +# CONFIG_BE2NET_LANCER is not set +# CONFIG_BE2NET_SKYHAWK is not set + +# +# WARNING: be2net is useless without any enabled chip +# +CONFIG_NET_VENDOR_ENGLEDER=y +# CONFIG_TSNEP is not set +CONFIG_NET_VENDOR_EZCHIP=y +CONFIG_NET_VENDOR_FUNGIBLE=y +# CONFIG_FUN_ETH is not set +CONFIG_NET_VENDOR_GOOGLE=y +# CONFIG_GVE is not set +# CONFIG_NET_VENDOR_HUAWEI is not set +CONFIG_NET_VENDOR_I825XX=y +CONFIG_NET_VENDOR_INTEL=y +CONFIG_E100=m +CONFIG_E1000=m +CONFIG_E1000E=m +CONFIG_E1000E_HWTS=y +CONFIG_IGB=m +CONFIG_IGB_HWMON=y +CONFIG_IGB_DCA=y +CONFIG_IGBVF=m +CONFIG_IXGBE=m +CONFIG_IXGBE_HWMON=y +CONFIG_IXGBE_DCA=y +CONFIG_IXGBE_DCB=y +CONFIG_IXGBE_IPSEC=y +CONFIG_IXGBEVF=m +CONFIG_IXGBEVF_IPSEC=y +CONFIG_I40E=m +CONFIG_I40E_DCB=y +CONFIG_IAVF=m +CONFIG_I40EVF=m +CONFIG_ICE=m +CONFIG_ICE_SWITCHDEV=y +CONFIG_ICE_HWTS=y +CONFIG_FM10K=m +CONFIG_IGC=m +CONFIG_JME=m +CONFIG_NET_VENDOR_LITEX=y +CONFIG_NET_VENDOR_MARVELL=y +# CONFIG_MVMDIO is not set +CONFIG_SKGE=m +# CONFIG_SKGE_DEBUG is not set +# CONFIG_SKGE_GENESIS is not set +CONFIG_SKY2=m +# CONFIG_SKY2_DEBUG is not set +# CONFIG_OCTEON_EP is not set +# CONFIG_PRESTERA is not set +CONFIG_NET_VENDOR_MELLANOX=y +CONFIG_MLX4_EN=m +CONFIG_MLX4_EN_DCB=y +CONFIG_MLX4_CORE=m +CONFIG_MLX4_DEBUG=y +# CONFIG_MLX4_CORE_GEN2 is not set +CONFIG_MLX5_CORE=m +CONFIG_MLX5_FPGA=y +CONFIG_MLX5_CORE_EN=y +CONFIG_MLX5_EN_ARFS=y +CONFIG_MLX5_EN_RXNFC=y +CONFIG_MLX5_MPFS=y +CONFIG_MLX5_ESWITCH=y +CONFIG_MLX5_BRIDGE=y +CONFIG_MLX5_CLS_ACT=y +CONFIG_MLX5_TC_CT=y +CONFIG_MLX5_TC_SAMPLE=y +CONFIG_MLX5_CORE_EN_DCB=y +CONFIG_MLX5_CORE_IPOIB=y +CONFIG_MLX5_EN_IPSEC=y +CONFIG_MLX5_SW_STEERING=y +# CONFIG_MLX5_SF is not set +CONFIG_MLXSW_CORE=m +CONFIG_MLXSW_CORE_HWMON=y +CONFIG_MLXSW_CORE_THERMAL=y +CONFIG_MLXSW_PCI=m +CONFIG_MLXSW_I2C=m +CONFIG_MLXSW_SPECTRUM=m +CONFIG_MLXSW_SPECTRUM_DCB=y +CONFIG_MLXSW_MINIMAL=m +CONFIG_MLXFW=m +# CONFIG_NET_VENDOR_MICREL is not set +CONFIG_NET_VENDOR_MICROCHIP=y +# CONFIG_LAN743X is not set +# CONFIG_VCAP is not set +# CONFIG_NET_VENDOR_MICROSEMI is not set +CONFIG_NET_VENDOR_MICROSOFT=y +CONFIG_MICROSOFT_MANA=m +CONFIG_NET_VENDOR_MYRI=y +CONFIG_MYRI10GE=m +CONFIG_MYRI10GE_DCA=y +# CONFIG_FEALNX is not set +# CONFIG_NET_VENDOR_NI is not set +# CONFIG_NET_VENDOR_NATSEMI is not set +# CONFIG_NET_VENDOR_NETERION is not set +# CONFIG_NET_VENDOR_NETRONOME is not set +CONFIG_NET_VENDOR_NVIDIA=y +CONFIG_FORCEDETH=m +# CONFIG_NET_VENDOR_OKI is not set +# CONFIG_ETHOC is not set +# CONFIG_NET_VENDOR_PACKET_ENGINES is not set +CONFIG_NET_VENDOR_PENSANDO=y +# CONFIG_IONIC is not set +CONFIG_NET_VENDOR_QLOGIC=y +# CONFIG_QLA3XXX is not set +# CONFIG_QLCNIC is not set +CONFIG_NETXEN_NIC=m +CONFIG_QED=m +CONFIG_QED_SRIOV=y +CONFIG_QEDE=m +CONFIG_NET_VENDOR_BROCADE=y +CONFIG_BNA=m +CONFIG_NET_VENDOR_QUALCOMM=y +# CONFIG_QCOM_EMAC is not set +# CONFIG_RMNET is not set +# CONFIG_NET_VENDOR_RDC is not set +CONFIG_NET_VENDOR_REALTEK=y +CONFIG_8139CP=m +CONFIG_8139TOO=m +CONFIG_8139TOO_PIO=y +CONFIG_8139TOO_TUNE_TWISTER=y +CONFIG_8139TOO_8129=y +# CONFIG_8139_OLD_RX_RESET is not set +CONFIG_R8169=m +CONFIG_NET_VENDOR_RENESAS=y +CONFIG_NET_VENDOR_ROCKER=y +CONFIG_ROCKER=m +CONFIG_NET_VENDOR_SAMSUNG=y +# CONFIG_SXGBE_ETH is not set +# CONFIG_NET_VENDOR_SEEQ is not set +# CONFIG_NET_VENDOR_SILAN is not set +# CONFIG_NET_VENDOR_SIS is not set +# CONFIG_NET_VENDOR_SOLARFLARE is not set +# CONFIG_NET_VENDOR_SMSC is not set +# CONFIG_NET_VENDOR_SOCIONEXT is not set +# CONFIG_NET_VENDOR_STMICRO is not set +# CONFIG_NET_VENDOR_SUN is not set +# CONFIG_NET_VENDOR_SYNOPSYS is not set +# CONFIG_NET_VENDOR_TEHUTI is not set +# CONFIG_NET_VENDOR_TI is not set +CONFIG_NET_VENDOR_VERTEXCOM=y +# CONFIG_NET_VENDOR_VIA is not set +CONFIG_NET_VENDOR_WANGXUN=y +# CONFIG_NGBE is not set +# CONFIG_TXGBE is not set +# CONFIG_NET_VENDOR_WIZNET is not set +CONFIG_NET_VENDOR_XILINX=y +# CONFIG_XILINX_EMACLITE is not set +# CONFIG_XILINX_AXI_EMAC is not set +# CONFIG_XILINX_LL_TEMAC is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_NET_SB1000 is not set +CONFIG_PHYLINK=m +CONFIG_PHYLIB=y +CONFIG_SWPHY=y +# CONFIG_LED_TRIGGER_PHY is not set +CONFIG_FIXED_PHY=y +# CONFIG_SFP is not set + +# +# MII PHY device drivers +# +CONFIG_AMD_PHY=m +# CONFIG_ADIN_PHY is not set +# CONFIG_ADIN1100_PHY is not set +# CONFIG_AQUANTIA_PHY is not set +CONFIG_AX88796B_PHY=m +CONFIG_BROADCOM_PHY=m +# CONFIG_BCM54140_PHY is not set +CONFIG_BCM7XXX_PHY=m +# CONFIG_BCM84881_PHY is not set +CONFIG_BCM87XX_PHY=m +CONFIG_BCM_NET_PHYLIB=m +CONFIG_BCM_NET_PHYPTP=m +# CONFIG_CICADA_PHY is not set +# CONFIG_CORTINA_PHY is not set +# CONFIG_DAVICOM_PHY is not set +# CONFIG_ICPLUS_PHY is not set +CONFIG_LXT_PHY=m +# CONFIG_INTEL_XWAY_PHY is not set +CONFIG_LSI_ET1011C_PHY=m +CONFIG_MARVELL_PHY=m +# CONFIG_MARVELL_10G_PHY is not set +# CONFIG_MARVELL_88Q2XXX_PHY is not set +# CONFIG_MARVELL_88X2222_PHY is not set +# CONFIG_MAXLINEAR_GPHY is not set +# CONFIG_MEDIATEK_GE_PHY is not set +CONFIG_MICREL_PHY=m +# CONFIG_MICROCHIP_T1S_PHY is not set +CONFIG_MICROCHIP_PHY=m +# CONFIG_MICROCHIP_T1_PHY is not set +# CONFIG_MICROSEMI_PHY is not set +# CONFIG_MOTORCOMM_PHY is not set +CONFIG_NATIONAL_PHY=m +# CONFIG_NXP_CBTX_PHY is not set +# CONFIG_NXP_C45_TJA11XX_PHY is not set +# CONFIG_NXP_TJA11XX_PHY is not set +# CONFIG_NCN26000_PHY is not set +# CONFIG_QSEMI_PHY is not set +CONFIG_REALTEK_PHY=m +# CONFIG_RENESAS_PHY is not set +# CONFIG_ROCKCHIP_PHY is not set +# CONFIG_SMSC_PHY is not set +CONFIG_STE10XP=m +# CONFIG_TERANETICS_PHY is not set +# CONFIG_DP83822_PHY is not set +# CONFIG_DP83TC811_PHY is not set +# CONFIG_DP83848_PHY is not set +# CONFIG_DP83867_PHY is not set +# CONFIG_DP83869_PHY is not set +# CONFIG_DP83TD510_PHY is not set +# CONFIG_VITESSE_PHY is not set +# CONFIG_XILINX_GMII2RGMII is not set +# CONFIG_PSE_CONTROLLER is not set +CONFIG_CAN_DEV=m +# CONFIG_CAN_VCAN is not set +# CONFIG_CAN_VXCAN is not set +CONFIG_CAN_NETLINK=y +CONFIG_CAN_CALC_BITTIMING=y +# CONFIG_CAN_CAN327 is not set +# CONFIG_CAN_KVASER_PCIEFD is not set +# CONFIG_CAN_SLCAN is not set +# CONFIG_CAN_C_CAN is not set +# CONFIG_CAN_CC770 is not set +# CONFIG_CAN_CTUCANFD_PCI is not set +# CONFIG_CAN_IFI_CANFD is not set +# CONFIG_CAN_M_CAN is not set +# CONFIG_CAN_PEAK_PCIEFD is not set +# CONFIG_CAN_SJA1000 is not set +# CONFIG_CAN_SOFTING is not set + +# +# CAN USB interfaces +# +# CONFIG_CAN_8DEV_USB is not set +# CONFIG_CAN_EMS_USB is not set +# CONFIG_CAN_ESD_USB is not set +# CONFIG_CAN_ETAS_ES58X is not set +# CONFIG_CAN_F81604 is not set +# CONFIG_CAN_GS_USB is not set +# CONFIG_CAN_KVASER_USB is not set +# CONFIG_CAN_MCBA_USB is not set +# CONFIG_CAN_PEAK_USB is not set +# CONFIG_CAN_UCAN is not set +# end of CAN USB interfaces + +# CONFIG_CAN_DEBUG_DEVICES is not set +CONFIG_MDIO_DEVICE=y +CONFIG_MDIO_BUS=y +CONFIG_FWNODE_MDIO=y +CONFIG_ACPI_MDIO=y +CONFIG_MDIO_DEVRES=y +# CONFIG_MDIO_BITBANG is not set +# CONFIG_MDIO_BCM_UNIMAC is not set +# CONFIG_MDIO_MVUSB is not set +# CONFIG_MDIO_THUNDER is not set + +# +# MDIO Multiplexers +# + +# +# PCS device drivers +# +# end of PCS device drivers + +CONFIG_PPP=y +CONFIG_PPP_BSDCOMP=m +CONFIG_PPP_DEFLATE=m +CONFIG_PPP_FILTER=y +CONFIG_PPP_MPPE=m +CONFIG_PPP_MULTILINK=y +CONFIG_PPPOE=m +# CONFIG_PPPOE_HASH_BITS_1 is not set +# CONFIG_PPPOE_HASH_BITS_2 is not set +CONFIG_PPPOE_HASH_BITS_4=y +# CONFIG_PPPOE_HASH_BITS_8 is not set +CONFIG_PPPOE_HASH_BITS=4 +CONFIG_PPTP=m +CONFIG_PPP_ASYNC=m +CONFIG_PPP_SYNC_TTY=m +# CONFIG_SLIP is not set +CONFIG_SLHC=y + +# +# Host-side USB support is needed for USB Network Adapter support +# +CONFIG_USB_NET_DRIVERS=m +# CONFIG_USB_CATC is not set +# CONFIG_USB_KAWETH is not set +# CONFIG_USB_PEGASUS is not set +# CONFIG_USB_RTL8150 is not set +# CONFIG_USB_RTL8152 is not set +CONFIG_USB_LAN78XX=m +CONFIG_USB_USBNET=m +CONFIG_USB_NET_AX8817X=m +CONFIG_USB_NET_AX88179_178A=m +CONFIG_USB_NET_CDCETHER=m +# CONFIG_USB_NET_CDC_EEM is not set +CONFIG_USB_NET_CDC_NCM=m +CONFIG_USB_NET_HUAWEI_CDC_NCM=m +CONFIG_USB_NET_CDC_MBIM=m +# CONFIG_USB_NET_DM9601 is not set +# CONFIG_USB_NET_SR9700 is not set +# CONFIG_USB_NET_SR9800 is not set +# CONFIG_USB_NET_SMSC75XX is not set +# CONFIG_USB_NET_SMSC95XX is not set +# CONFIG_USB_NET_GL620A is not set +CONFIG_USB_NET_NET1080=m +# CONFIG_USB_NET_PLUSB is not set +# CONFIG_USB_NET_MCS7830 is not set +# CONFIG_USB_NET_RNDIS_HOST is not set +CONFIG_USB_NET_CDC_SUBSET_ENABLE=m +CONFIG_USB_NET_CDC_SUBSET=m +# CONFIG_USB_ALI_M5632 is not set +# CONFIG_USB_AN2720 is not set +CONFIG_USB_BELKIN=y +CONFIG_USB_ARMLINUX=y +# CONFIG_USB_EPSON2888 is not set +# CONFIG_USB_KC2190 is not set +CONFIG_USB_NET_ZAURUS=m +# CONFIG_USB_NET_CX82310_ETH is not set +# CONFIG_USB_NET_KALMIA is not set +CONFIG_USB_NET_QMI_WWAN=m +# CONFIG_USB_NET_INT51X1 is not set +# CONFIG_USB_IPHETH is not set +# CONFIG_USB_SIERRA_NET is not set +# CONFIG_USB_VL600 is not set +# CONFIG_USB_NET_CH9200 is not set +# CONFIG_USB_NET_AQC111 is not set +CONFIG_USB_RTL8153_ECM=m +CONFIG_WLAN=y +CONFIG_WLAN_VENDOR_ADMTEK=y +# CONFIG_ADM8211 is not set +CONFIG_WLAN_VENDOR_ATH=y +# CONFIG_ATH_DEBUG is not set +# CONFIG_ATH5K is not set +# CONFIG_ATH5K_PCI is not set +# CONFIG_ATH9K is not set +# CONFIG_ATH9K_HTC is not set +# CONFIG_CARL9170 is not set +# CONFIG_ATH6KL is not set +# CONFIG_AR5523 is not set +# CONFIG_WIL6210 is not set +# CONFIG_ATH10K is not set +# CONFIG_WCN36XX is not set +CONFIG_WLAN_VENDOR_ATMEL=y +# CONFIG_ATMEL is not set +# CONFIG_AT76C50X_USB is not set +CONFIG_WLAN_VENDOR_BROADCOM=y +# CONFIG_B43 is not set +# CONFIG_B43LEGACY is not set +# CONFIG_BRCMSMAC is not set +# CONFIG_BRCMFMAC is not set +CONFIG_WLAN_VENDOR_CISCO=y +# CONFIG_AIRO is not set +CONFIG_WLAN_VENDOR_INTEL=y +# CONFIG_IPW2100 is not set +# CONFIG_IPW2200 is not set +# CONFIG_IWL4965 is not set +# CONFIG_IWL3945 is not set +CONFIG_IWLWIFI=m +CONFIG_IWLWIFI_LEDS=y +# CONFIG_IWLDVM is not set +CONFIG_IWLMVM=m +CONFIG_IWLWIFI_OPMODE_MODULAR=y + +# +# Debugging Options +# +# CONFIG_IWLWIFI_DEBUG is not set +# end of Debugging Options + +CONFIG_WLAN_VENDOR_INTERSIL=y +# CONFIG_HOSTAP is not set +# CONFIG_HERMES is not set +# CONFIG_P54_COMMON is not set +CONFIG_WLAN_VENDOR_MARVELL=y +# CONFIG_LIBERTAS is not set +# CONFIG_LIBERTAS_THINFIRM is not set +# CONFIG_MWIFIEX is not set +# CONFIG_MWL8K is not set +CONFIG_WLAN_VENDOR_MEDIATEK=y +# CONFIG_MT7601U is not set +# CONFIG_MT76x0U is not set +# CONFIG_MT76x0E is not set +# CONFIG_MT76x2E is not set +# CONFIG_MT76x2U is not set +# CONFIG_MT7603E is not set +# CONFIG_MT7615E is not set +# CONFIG_MT7663U is not set +# CONFIG_MT7663S is not set +# CONFIG_MT7915E is not set +# CONFIG_MT7921E is not set +# CONFIG_MT7921S is not set +# CONFIG_MT7921U is not set +# CONFIG_MT7996E is not set +CONFIG_WLAN_VENDOR_MICROCHIP=y +# CONFIG_WILC1000_SDIO is not set +CONFIG_WLAN_VENDOR_PURELIFI=y +# CONFIG_PLFXLC is not set +CONFIG_WLAN_VENDOR_RALINK=y +# CONFIG_RT2X00 is not set +CONFIG_WLAN_VENDOR_REALTEK=y +# CONFIG_RTL8180 is not set +# CONFIG_RTL8187 is not set +CONFIG_RTL_CARDS=m +# CONFIG_RTL8192CE is not set +# CONFIG_RTL8192SE is not set +# CONFIG_RTL8192DE is not set +# CONFIG_RTL8723AE is not set +# CONFIG_RTL8723BE is not set +# CONFIG_RTL8188EE is not set +# CONFIG_RTL8192EE is not set +# CONFIG_RTL8821AE is not set +# CONFIG_RTL8192CU is not set +# CONFIG_RTL8XXXU is not set +# CONFIG_RTW88 is not set +# CONFIG_RTW89 is not set +CONFIG_WLAN_VENDOR_RSI=y +CONFIG_RSI_91X=m +CONFIG_RSI_DEBUGFS=y +CONFIG_RSI_SDIO=m +CONFIG_RSI_USB=m +CONFIG_RSI_COEX=y +CONFIG_WLAN_VENDOR_SILABS=y +# CONFIG_WFX is not set +CONFIG_WLAN_VENDOR_ST=y +# CONFIG_CW1200 is not set +CONFIG_WLAN_VENDOR_TI=y +# CONFIG_WL1251 is not set +# CONFIG_WL12XX is not set +# CONFIG_WL18XX is not set +# CONFIG_WLCORE is not set +CONFIG_WLAN_VENDOR_ZYDAS=y +# CONFIG_USB_ZD1201 is not set +# CONFIG_ZD1211RW is not set +CONFIG_WLAN_VENDOR_QUANTENNA=y +# CONFIG_QTNFMAC_PCIE is not set +# CONFIG_USB_NET_RNDIS_WLAN is not set +# CONFIG_MAC80211_HWSIM is not set +# CONFIG_VIRT_WIFI is not set +# CONFIG_WAN is not set + +# +# Wireless WAN +# +# CONFIG_WWAN is not set +# end of Wireless WAN + +CONFIG_XEN_NETDEV_FRONTEND=m +# CONFIG_XEN_NETDEV_BACKEND is not set +CONFIG_VMXNET3=y +# CONFIG_FUJITSU_ES is not set +CONFIG_HYPERV_NET=y +# CONFIG_NETDEVSIM is not set +CONFIG_NET_FAILOVER=y +# CONFIG_ISDN is not set + +# +# Input device support +# +CONFIG_INPUT=y +CONFIG_INPUT_LEDS=m +CONFIG_INPUT_FF_MEMLESS=m +CONFIG_INPUT_SPARSEKMAP=m +# CONFIG_INPUT_MATRIXKMAP is not set +CONFIG_INPUT_VIVALDIFMAP=y + +# +# Userland interfaces +# +CONFIG_INPUT_MOUSEDEV=m +# CONFIG_INPUT_MOUSEDEV_PSAUX is not set +CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 +CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 +# CONFIG_INPUT_JOYDEV is not set +CONFIG_INPUT_EVDEV=m +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +CONFIG_INPUT_KEYBOARD=y +# CONFIG_KEYBOARD_ADC is not set +# CONFIG_KEYBOARD_ADP5588 is not set +# CONFIG_KEYBOARD_ADP5589 is not set +CONFIG_KEYBOARD_ATKBD=y +# CONFIG_KEYBOARD_QT1050 is not set +# CONFIG_KEYBOARD_QT1070 is not set +# CONFIG_KEYBOARD_QT2160 is not set +# CONFIG_KEYBOARD_DLINK_DIR685 is not set +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_GPIO is not set +# CONFIG_KEYBOARD_GPIO_POLLED is not set +# CONFIG_KEYBOARD_TCA6416 is not set +# CONFIG_KEYBOARD_TCA8418 is not set +# CONFIG_KEYBOARD_MATRIX is not set +# CONFIG_KEYBOARD_LM8323 is not set +# CONFIG_KEYBOARD_LM8333 is not set +# CONFIG_KEYBOARD_MAX7359 is not set +# CONFIG_KEYBOARD_MCS is not set +# CONFIG_KEYBOARD_MPR121 is not set +# CONFIG_KEYBOARD_NEWTON is not set +# CONFIG_KEYBOARD_OPENCORES is not set +# CONFIG_KEYBOARD_SAMSUNG is not set +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_TM2_TOUCHKEY is not set +# CONFIG_KEYBOARD_XTKBD is not set +# CONFIG_KEYBOARD_CYPRESS_SF is not set +CONFIG_INPUT_MOUSE=y +CONFIG_MOUSE_PS2=m +CONFIG_MOUSE_PS2_ALPS=y +# CONFIG_MOUSE_PS2_BYD is not set +CONFIG_MOUSE_PS2_LOGIPS2PP=y +CONFIG_MOUSE_PS2_SYNAPTICS=y +# CONFIG_MOUSE_PS2_SYNAPTICS_SMBUS is not set +CONFIG_MOUSE_PS2_CYPRESS=y +CONFIG_MOUSE_PS2_LIFEBOOK=y +CONFIG_MOUSE_PS2_TRACKPOINT=y +# CONFIG_MOUSE_PS2_ELANTECH is not set +# CONFIG_MOUSE_PS2_SENTELIC is not set +# CONFIG_MOUSE_PS2_TOUCHKIT is not set +CONFIG_MOUSE_PS2_FOCALTECH=y +# CONFIG_MOUSE_PS2_VMMOUSE is not set +# CONFIG_MOUSE_SERIAL is not set +# CONFIG_MOUSE_APPLETOUCH is not set +# CONFIG_MOUSE_BCM5974 is not set +# CONFIG_MOUSE_CYAPA is not set +# CONFIG_MOUSE_ELAN_I2C is not set +# CONFIG_MOUSE_VSXXXAA is not set +# CONFIG_MOUSE_GPIO is not set +# CONFIG_MOUSE_SYNAPTICS_I2C is not set +# CONFIG_MOUSE_SYNAPTICS_USB is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +CONFIG_INPUT_MISC=y +# CONFIG_INPUT_AD714X is not set +# CONFIG_INPUT_BMA150 is not set +# CONFIG_INPUT_E3X0_BUTTON is not set +# CONFIG_INPUT_MMA8450 is not set +# CONFIG_INPUT_APANEL is not set +# CONFIG_INPUT_GPIO_BEEPER is not set +# CONFIG_INPUT_GPIO_DECODER is not set +# CONFIG_INPUT_GPIO_VIBRA is not set +# CONFIG_INPUT_ATLAS_BTNS is not set +# CONFIG_INPUT_ATI_REMOTE2 is not set +# CONFIG_INPUT_KEYSPAN_REMOTE is not set +# CONFIG_INPUT_KXTJ9 is not set +# CONFIG_INPUT_POWERMATE is not set +# CONFIG_INPUT_YEALINK is not set +# CONFIG_INPUT_CM109 is not set +CONFIG_INPUT_UINPUT=m +# CONFIG_INPUT_PCF8574 is not set +# CONFIG_INPUT_PWM_BEEPER is not set +# CONFIG_INPUT_PWM_VIBRA is not set +# CONFIG_INPUT_GPIO_ROTARY_ENCODER is not set +# CONFIG_INPUT_DA7280_HAPTICS is not set +# CONFIG_INPUT_ADXL34X is not set +# CONFIG_INPUT_IMS_PCU is not set +# CONFIG_INPUT_IQS269A is not set +# CONFIG_INPUT_IQS626A is not set +# CONFIG_INPUT_IQS7222 is not set +# CONFIG_INPUT_CMA3000 is not set +CONFIG_INPUT_XEN_KBDDEV_FRONTEND=y +# CONFIG_INPUT_IDEAPAD_SLIDEBAR is not set +# CONFIG_INPUT_DRV260X_HAPTICS is not set +# CONFIG_INPUT_DRV2665_HAPTICS is not set +# CONFIG_INPUT_DRV2667_HAPTICS is not set +# CONFIG_RMI4_CORE is not set + +# +# Hardware I/O ports +# +CONFIG_SERIO=y +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +CONFIG_SERIO_I8042=y +# CONFIG_SERIO_SERPORT is not set +# CONFIG_SERIO_CT82C710 is not set +# CONFIG_SERIO_PCIPS2 is not set +CONFIG_SERIO_LIBPS2=y +# CONFIG_SERIO_RAW is not set +# CONFIG_SERIO_ALTERA_PS2 is not set +# CONFIG_SERIO_PS2MULT is not set +# CONFIG_SERIO_ARC_PS2 is not set +CONFIG_HYPERV_KEYBOARD=y +# CONFIG_SERIO_GPIO_PS2 is not set +# CONFIG_USERIO is not set +# CONFIG_GAMEPORT is not set +# end of Hardware I/O ports +# end of Input device support + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_VT_CONSOLE_SLEEP=y +CONFIG_HW_CONSOLE=y +CONFIG_VT_HW_CONSOLE_BINDING=y +CONFIG_UNIX98_PTYS=y +# CONFIG_LEGACY_PTYS is not set +# CONFIG_LEGACY_TIOCSTI is not set +# CONFIG_LDISC_AUTOLOAD is not set + +# +# Serial drivers +# +CONFIG_SERIAL_EARLYCON=y +CONFIG_SERIAL_8250=y +CONFIG_SERIAL_8250_DEPRECATED_OPTIONS=y +CONFIG_SERIAL_8250_PNP=y +# CONFIG_SERIAL_8250_16550A_VARIANTS is not set +# CONFIG_SERIAL_8250_FINTEK is not set +CONFIG_SERIAL_8250_CONSOLE=y +CONFIG_SERIAL_8250_DMA=y +CONFIG_SERIAL_8250_PCILIB=y +CONFIG_SERIAL_8250_PCI=y +# CONFIG_SERIAL_8250_EXAR is not set +CONFIG_SERIAL_8250_NR_UARTS=32 +CONFIG_SERIAL_8250_RUNTIME_UARTS=8 +CONFIG_SERIAL_8250_EXTENDED=y +CONFIG_SERIAL_8250_MANY_PORTS=y +# CONFIG_SERIAL_8250_PCI1XXXX is not set +CONFIG_SERIAL_8250_SHARE_IRQ=y +# CONFIG_SERIAL_8250_DETECT_IRQ is not set +CONFIG_SERIAL_8250_RSA=y +CONFIG_SERIAL_8250_DWLIB=y +CONFIG_SERIAL_8250_DW=m +# CONFIG_SERIAL_8250_RT288X is not set +CONFIG_SERIAL_8250_LPSS=m +CONFIG_SERIAL_8250_MID=m +CONFIG_SERIAL_8250_PERICOM=y + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_KGDB_NMI is not set +# CONFIG_SERIAL_UARTLITE is not set +CONFIG_SERIAL_CORE=y +CONFIG_SERIAL_CORE_CONSOLE=y +CONFIG_CONSOLE_POLL=y +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_LANTIQ is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_SC16IS7XX is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +# CONFIG_SERIAL_FSL_LINFLEXUART is not set +# CONFIG_SERIAL_SPRD is not set +# end of Serial drivers + +CONFIG_SERIAL_MCTRL_GPIO=y +# CONFIG_SERIAL_NONSTANDARD is not set +# CONFIG_N_GSM is not set +# CONFIG_NOZOMI is not set +# CONFIG_NULL_TTY is not set +CONFIG_HVC_DRIVER=y +CONFIG_HVC_IRQ=y +CONFIG_HVC_XEN=y +CONFIG_HVC_XEN_FRONTEND=y +CONFIG_SERIAL_DEV_BUS=y +CONFIG_SERIAL_DEV_CTRL_TTYPORT=y +# CONFIG_TTY_PRINTK is not set +CONFIG_VIRTIO_CONSOLE=y +CONFIG_IPMI_HANDLER=m +CONFIG_IPMI_DMI_DECODE=y +CONFIG_IPMI_PLAT_DATA=y +CONFIG_IPMI_PANIC_EVENT=y +CONFIG_IPMI_PANIC_STRING=y +CONFIG_IPMI_DEVICE_INTERFACE=m +CONFIG_IPMI_SI=m +# CONFIG_IPMI_SSIF is not set +CONFIG_IPMI_WATCHDOG=m +CONFIG_IPMI_POWEROFF=m +CONFIG_HW_RANDOM=y +CONFIG_HW_RANDOM_TIMERIOMEM=m +CONFIG_HW_RANDOM_INTEL=m +CONFIG_HW_RANDOM_AMD=m +# CONFIG_HW_RANDOM_BA431 is not set +CONFIG_HW_RANDOM_VIA=m +CONFIG_HW_RANDOM_VIRTIO=m +# CONFIG_HW_RANDOM_XIPHERA is not set +# CONFIG_APPLICOM is not set +# CONFIG_MWAVE is not set +CONFIG_DEVMEM=y +CONFIG_NVRAM=m +# CONFIG_DEVPORT is not set +CONFIG_HPET=y +CONFIG_HPET_MMAP=y +CONFIG_HPET_MMAP_DEFAULT=y +CONFIG_HANGCHECK_TIMER=m +CONFIG_TCG_TPM=y +CONFIG_HW_RANDOM_TPM=y +CONFIG_TCG_TIS_CORE=y +CONFIG_TCG_TIS=y +# CONFIG_TCG_TIS_I2C is not set +# CONFIG_TCG_TIS_I2C_CR50 is not set +CONFIG_TCG_TIS_I2C_ATMEL=m +CONFIG_TCG_TIS_I2C_INFINEON=m +CONFIG_TCG_TIS_I2C_NUVOTON=m +CONFIG_TCG_NSC=m +CONFIG_TCG_ATMEL=m +CONFIG_TCG_INFINEON=m +CONFIG_TCG_XEN=m +CONFIG_TCG_CRB=y +# CONFIG_TCG_VTPM_PROXY is not set +# CONFIG_TCG_TIS_ST33ZP24_I2C is not set +# CONFIG_TELCLOCK is not set +# CONFIG_XILLYBUS is not set +# CONFIG_XILLYUSB is not set +# end of Character devices + +# +# I2C support +# +CONFIG_I2C=y +CONFIG_ACPI_I2C_OPREGION=y +CONFIG_I2C_BOARDINFO=y +# CONFIG_I2C_COMPAT is not set +CONFIG_I2C_CHARDEV=m +# CONFIG_I2C_MUX is not set +CONFIG_I2C_HELPER_AUTO=y +CONFIG_I2C_SMBUS=m +CONFIG_I2C_ALGOBIT=m + +# +# I2C Hardware Bus support +# + +# +# PC SMBus host controller drivers +# +# CONFIG_I2C_ALI1535 is not set +# CONFIG_I2C_ALI1563 is not set +# CONFIG_I2C_ALI15X3 is not set +CONFIG_I2C_AMD756=m +# CONFIG_I2C_AMD756_S4882 is not set +CONFIG_I2C_AMD8111=m +# CONFIG_I2C_AMD_MP2 is not set +CONFIG_I2C_I801=m +# CONFIG_I2C_ISCH is not set +# CONFIG_I2C_ISMT is not set +CONFIG_I2C_PIIX4=m +# CONFIG_I2C_NFORCE2 is not set +# CONFIG_I2C_NVIDIA_GPU is not set +# CONFIG_I2C_SIS5595 is not set +# CONFIG_I2C_SIS630 is not set +# CONFIG_I2C_SIS96X is not set +# CONFIG_I2C_VIA is not set +# CONFIG_I2C_VIAPRO is not set + +# +# ACPI drivers +# +# CONFIG_I2C_SCMI is not set + +# +# I2C system bus drivers (mostly embedded / system-on-chip) +# +# CONFIG_I2C_CBUS_GPIO is not set +CONFIG_I2C_DESIGNWARE_CORE=m +# CONFIG_I2C_DESIGNWARE_SLAVE is not set +CONFIG_I2C_DESIGNWARE_PLATFORM=m +# CONFIG_I2C_DESIGNWARE_BAYTRAIL is not set +# CONFIG_I2C_DESIGNWARE_PCI is not set +# CONFIG_I2C_EMEV2 is not set +# CONFIG_I2C_GPIO is not set +# CONFIG_I2C_OCORES is not set +# CONFIG_I2C_PCA_PLATFORM is not set +# CONFIG_I2C_SIMTEC is not set +# CONFIG_I2C_XILINX is not set + +# +# External I2C/SMBus adapter drivers +# +# CONFIG_I2C_DIOLAN_U2C is not set +# CONFIG_I2C_CP2615 is not set +# CONFIG_I2C_PCI1XXXX is not set +# CONFIG_I2C_ROBOTFUZZ_OSIF is not set +# CONFIG_I2C_TAOS_EVM is not set +# CONFIG_I2C_TINY_USB is not set + +# +# Other I2C/SMBus bus drivers +# +# CONFIG_I2C_MLXCPLD is not set +# CONFIG_I2C_VIRTIO is not set +# end of I2C Hardware Bus support + +# CONFIG_I2C_STUB is not set +# CONFIG_I2C_SLAVE is not set +# CONFIG_I2C_DEBUG_CORE is not set +# CONFIG_I2C_DEBUG_ALGO is not set +# CONFIG_I2C_DEBUG_BUS is not set +# end of I2C support + +# CONFIG_I3C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set +CONFIG_PPS=y +# CONFIG_PPS_DEBUG is not set + +# +# PPS clients support +# +# CONFIG_PPS_CLIENT_KTIMER is not set +# CONFIG_PPS_CLIENT_LDISC is not set +# CONFIG_PPS_CLIENT_GPIO is not set + +# +# PPS generators support +# + +# +# PTP clock support +# +CONFIG_PTP_1588_CLOCK=y +CONFIG_PTP_1588_CLOCK_OPTIONAL=y +# CONFIG_DP83640_PHY is not set +# CONFIG_PTP_1588_CLOCK_INES is not set +CONFIG_PTP_1588_CLOCK_KVM=m +# CONFIG_PTP_1588_CLOCK_IDT82P33 is not set +# CONFIG_PTP_1588_CLOCK_IDTCM is not set +# CONFIG_PTP_1588_CLOCK_MOCK is not set +# CONFIG_PTP_1588_CLOCK_VMW is not set +# end of PTP clock support + +CONFIG_PINCTRL=y +CONFIG_PINMUX=y +CONFIG_PINCONF=y +CONFIG_GENERIC_PINCONF=y +# CONFIG_DEBUG_PINCTRL is not set +# CONFIG_PINCTRL_AMD is not set +# CONFIG_PINCTRL_CY8C95X0 is not set +# CONFIG_PINCTRL_MCP23S08 is not set +# CONFIG_PINCTRL_SX150X is not set + +# +# Intel pinctrl drivers +# +CONFIG_PINCTRL_BAYTRAIL=y +# CONFIG_PINCTRL_CHERRYVIEW is not set +# CONFIG_PINCTRL_LYNXPOINT is not set +CONFIG_PINCTRL_INTEL=y +# CONFIG_PINCTRL_ALDERLAKE is not set +CONFIG_PINCTRL_BROXTON=m +# CONFIG_PINCTRL_CANNONLAKE is not set +# CONFIG_PINCTRL_CEDARFORK is not set +# CONFIG_PINCTRL_DENVERTON is not set +# CONFIG_PINCTRL_ELKHARTLAKE is not set +# CONFIG_PINCTRL_EMMITSBURG is not set +# CONFIG_PINCTRL_GEMINILAKE is not set +# CONFIG_PINCTRL_ICELAKE is not set +# CONFIG_PINCTRL_JASPERLAKE is not set +# CONFIG_PINCTRL_LAKEFIELD is not set +# CONFIG_PINCTRL_LEWISBURG is not set +# CONFIG_PINCTRL_METEORLAKE is not set +# CONFIG_PINCTRL_SUNRISEPOINT is not set +# CONFIG_PINCTRL_TIGERLAKE is not set +# CONFIG_PINCTRL_MERRIFIELD is not set +# CONFIG_PINCTRL_MOOREFIELD is not set +# end of Intel pinctrl drivers + +# +# Renesas pinctrl drivers +# +# end of Renesas pinctrl drivers + +CONFIG_GPIOLIB=y +CONFIG_GPIOLIB_FASTPATH_LIMIT=512 +CONFIG_GPIO_ACPI=y +CONFIG_GPIOLIB_IRQCHIP=y +# CONFIG_DEBUG_GPIO is not set +CONFIG_GPIO_SYSFS=y +CONFIG_GPIO_CDEV=y +CONFIG_GPIO_CDEV_V1=y +CONFIG_GPIO_GENERIC=m + +# +# Memory mapped GPIO drivers +# +# CONFIG_GPIO_AMDPT is not set +# CONFIG_GPIO_DWAPB is not set +CONFIG_GPIO_GENERIC_PLATFORM=m +CONFIG_GPIO_ICH=m +# CONFIG_GPIO_MB86S7X is not set +# CONFIG_GPIO_AMD_FCH is not set +# end of Memory mapped GPIO drivers + +# +# Port-mapped I/O GPIO drivers +# +# CONFIG_GPIO_VX855 is not set +# CONFIG_GPIO_104_DIO_48E is not set +# CONFIG_GPIO_104_IDIO_16 is not set +# CONFIG_GPIO_104_IDI_48 is not set +# CONFIG_GPIO_F7188X is not set +# CONFIG_GPIO_GPIO_MM is not set +# CONFIG_GPIO_IT87 is not set +CONFIG_GPIO_SCH=m +# CONFIG_GPIO_SCH311X is not set +# CONFIG_GPIO_WINBOND is not set +# CONFIG_GPIO_WS16C48 is not set +# end of Port-mapped I/O GPIO drivers + +# +# I2C GPIO expanders +# +# CONFIG_GPIO_FXL6408 is not set +# CONFIG_GPIO_DS4520 is not set +# CONFIG_GPIO_MAX7300 is not set +# CONFIG_GPIO_MAX732X is not set +# CONFIG_GPIO_PCA953X is not set +# CONFIG_GPIO_PCA9570 is not set +# CONFIG_GPIO_PCF857X is not set +# CONFIG_GPIO_TPIC2810 is not set +# end of I2C GPIO expanders + +# +# MFD GPIO expanders +# +# CONFIG_GPIO_ELKHARTLAKE is not set +# end of MFD GPIO expanders + +# +# PCI GPIO expanders +# +# CONFIG_GPIO_AMD8111 is not set +# CONFIG_GPIO_BT8XX is not set +# CONFIG_GPIO_MERRIFIELD is not set +# CONFIG_GPIO_ML_IOH is not set +# CONFIG_GPIO_PCI_IDIO_16 is not set +# CONFIG_GPIO_PCIE_IDIO_24 is not set +# CONFIG_GPIO_RDC321X is not set +# end of PCI GPIO expanders + +# +# USB GPIO expanders +# +# end of USB GPIO expanders + +# +# Virtual GPIO drivers +# +# CONFIG_GPIO_AGGREGATOR is not set +# CONFIG_GPIO_LATCH is not set +# CONFIG_GPIO_MOCKUP is not set +# CONFIG_GPIO_VIRTIO is not set +# CONFIG_GPIO_SIM is not set +# end of Virtual GPIO drivers + +# CONFIG_W1 is not set +# CONFIG_POWER_RESET is not set +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +CONFIG_POWER_SUPPLY_HWMON=y +# CONFIG_GENERIC_ADC_BATTERY is not set +# CONFIG_IP5XXX_POWER is not set +# CONFIG_TEST_POWER is not set +# CONFIG_CHARGER_ADP5061 is not set +# CONFIG_BATTERY_CW2015 is not set +# CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set +# CONFIG_BATTERY_DS2782 is not set +# CONFIG_BATTERY_SAMSUNG_SDI is not set +# CONFIG_BATTERY_SBS is not set +# CONFIG_CHARGER_SBS is not set +# CONFIG_BATTERY_BQ27XXX is not set +# CONFIG_BATTERY_MAX17040 is not set +# CONFIG_BATTERY_MAX17042 is not set +# CONFIG_CHARGER_MAX8903 is not set +# CONFIG_CHARGER_LP8727 is not set +# CONFIG_CHARGER_GPIO is not set +# CONFIG_CHARGER_LT3651 is not set +# CONFIG_CHARGER_LTC4162L is not set +# CONFIG_CHARGER_MAX77976 is not set +# CONFIG_CHARGER_BQ2415X is not set +# CONFIG_CHARGER_BQ24257 is not set +# CONFIG_CHARGER_BQ24735 is not set +# CONFIG_CHARGER_BQ2515X is not set +# CONFIG_CHARGER_BQ25890 is not set +# CONFIG_CHARGER_BQ25980 is not set +# CONFIG_CHARGER_BQ256XX is not set +# CONFIG_BATTERY_GAUGE_LTC2941 is not set +# CONFIG_BATTERY_GOLDFISH is not set +# CONFIG_BATTERY_RT5033 is not set +# CONFIG_CHARGER_RT9455 is not set +# CONFIG_CHARGER_BD99954 is not set +# CONFIG_BATTERY_UG3105 is not set +CONFIG_HWMON=y +# CONFIG_HWMON_DEBUG_CHIP is not set + +# +# Native drivers +# +# CONFIG_SENSORS_ABITUGURU is not set +# CONFIG_SENSORS_ABITUGURU3 is not set +# CONFIG_SENSORS_AD7414 is not set +# CONFIG_SENSORS_AD7418 is not set +# CONFIG_SENSORS_ADM1021 is not set +# CONFIG_SENSORS_ADM1025 is not set +# CONFIG_SENSORS_ADM1026 is not set +# CONFIG_SENSORS_ADM1029 is not set +# CONFIG_SENSORS_ADM1031 is not set +# CONFIG_SENSORS_ADM1177 is not set +# CONFIG_SENSORS_ADM9240 is not set +# CONFIG_SENSORS_ADT7410 is not set +# CONFIG_SENSORS_ADT7411 is not set +# CONFIG_SENSORS_ADT7462 is not set +# CONFIG_SENSORS_ADT7470 is not set +# CONFIG_SENSORS_ADT7475 is not set +# CONFIG_SENSORS_AHT10 is not set +# CONFIG_SENSORS_AQUACOMPUTER_D5NEXT is not set +# CONFIG_SENSORS_AS370 is not set +# CONFIG_SENSORS_ASC7621 is not set +# CONFIG_SENSORS_AXI_FAN_CONTROL is not set +CONFIG_SENSORS_K8TEMP=m +CONFIG_SENSORS_K10TEMP=m +CONFIG_SENSORS_FAM15H_POWER=m +# CONFIG_SENSORS_APPLESMC is not set +# CONFIG_SENSORS_ASB100 is not set +# CONFIG_SENSORS_ATXP1 is not set +# CONFIG_SENSORS_CORSAIR_CPRO is not set +# CONFIG_SENSORS_CORSAIR_PSU is not set +# CONFIG_SENSORS_DRIVETEMP is not set +# CONFIG_SENSORS_DS620 is not set +# CONFIG_SENSORS_DS1621 is not set +CONFIG_SENSORS_DELL_SMM=m +# CONFIG_I8K is not set +# CONFIG_SENSORS_I5K_AMB is not set +# CONFIG_SENSORS_F71805F is not set +# CONFIG_SENSORS_F71882FG is not set +# CONFIG_SENSORS_F75375S is not set +# CONFIG_SENSORS_FSCHMD is not set +# CONFIG_SENSORS_FTSTEUTATES is not set +# CONFIG_SENSORS_GL518SM is not set +# CONFIG_SENSORS_GL520SM is not set +# CONFIG_SENSORS_G760A is not set +# CONFIG_SENSORS_G762 is not set +# CONFIG_SENSORS_HIH6130 is not set +# CONFIG_SENSORS_HS3001 is not set +# CONFIG_SENSORS_IBMAEM is not set +# CONFIG_SENSORS_IBMPEX is not set +# CONFIG_SENSORS_IIO_HWMON is not set +# CONFIG_SENSORS_I5500 is not set +CONFIG_SENSORS_CORETEMP=m +# CONFIG_SENSORS_IT87 is not set +# CONFIG_SENSORS_JC42 is not set +# CONFIG_SENSORS_POWR1220 is not set +# CONFIG_SENSORS_LINEAGE is not set +# CONFIG_SENSORS_LTC2945 is not set +# CONFIG_SENSORS_LTC2947_I2C is not set +# CONFIG_SENSORS_LTC2990 is not set +# CONFIG_SENSORS_LTC2992 is not set +# CONFIG_SENSORS_LTC4151 is not set +# CONFIG_SENSORS_LTC4215 is not set +# CONFIG_SENSORS_LTC4222 is not set +# CONFIG_SENSORS_LTC4245 is not set +# CONFIG_SENSORS_LTC4260 is not set +# CONFIG_SENSORS_LTC4261 is not set +# CONFIG_SENSORS_MAX127 is not set +# CONFIG_SENSORS_MAX16065 is not set +# CONFIG_SENSORS_MAX1619 is not set +# CONFIG_SENSORS_MAX1668 is not set +# CONFIG_SENSORS_MAX197 is not set +# CONFIG_SENSORS_MAX31730 is not set +# CONFIG_SENSORS_MAX31760 is not set +# CONFIG_MAX31827 is not set +# CONFIG_SENSORS_MAX6620 is not set +# CONFIG_SENSORS_MAX6621 is not set +# CONFIG_SENSORS_MAX6639 is not set +# CONFIG_SENSORS_MAX6642 is not set +# CONFIG_SENSORS_MAX6650 is not set +# CONFIG_SENSORS_MAX6697 is not set +# CONFIG_SENSORS_MAX31790 is not set +# CONFIG_SENSORS_MC34VR500 is not set +# CONFIG_SENSORS_MCP3021 is not set +# CONFIG_SENSORS_TC654 is not set +# CONFIG_SENSORS_TPS23861 is not set +# CONFIG_SENSORS_MR75203 is not set +# CONFIG_SENSORS_LM63 is not set +# CONFIG_SENSORS_LM73 is not set +# CONFIG_SENSORS_LM75 is not set +# CONFIG_SENSORS_LM77 is not set +# CONFIG_SENSORS_LM78 is not set +# CONFIG_SENSORS_LM80 is not set +# CONFIG_SENSORS_LM83 is not set +# CONFIG_SENSORS_LM85 is not set +# CONFIG_SENSORS_LM87 is not set +# CONFIG_SENSORS_LM90 is not set +# CONFIG_SENSORS_LM92 is not set +# CONFIG_SENSORS_LM93 is not set +# CONFIG_SENSORS_LM95234 is not set +# CONFIG_SENSORS_LM95241 is not set +# CONFIG_SENSORS_LM95245 is not set +# CONFIG_SENSORS_PC87360 is not set +# CONFIG_SENSORS_PC87427 is not set +# CONFIG_SENSORS_NTC_THERMISTOR is not set +# CONFIG_SENSORS_NCT6683 is not set +# CONFIG_SENSORS_NCT6775 is not set +# CONFIG_SENSORS_NCT6775_I2C is not set +# CONFIG_SENSORS_NCT7802 is not set +# CONFIG_SENSORS_NCT7904 is not set +# CONFIG_SENSORS_NPCM7XX is not set +# CONFIG_SENSORS_NZXT_KRAKEN2 is not set +# CONFIG_SENSORS_NZXT_SMART2 is not set +# CONFIG_SENSORS_OCC_P8_I2C is not set +# CONFIG_SENSORS_OXP is not set +# CONFIG_SENSORS_PCF8591 is not set +# CONFIG_PMBUS is not set +# CONFIG_SENSORS_SBTSI is not set +# CONFIG_SENSORS_SBRMI is not set +# CONFIG_SENSORS_SHT15 is not set +# CONFIG_SENSORS_SHT21 is not set +# CONFIG_SENSORS_SHT3x is not set +# CONFIG_SENSORS_SHT4x is not set +# CONFIG_SENSORS_SHTC1 is not set +# CONFIG_SENSORS_SIS5595 is not set +# CONFIG_SENSORS_DME1737 is not set +# CONFIG_SENSORS_EMC1403 is not set +# CONFIG_SENSORS_EMC2103 is not set +# CONFIG_SENSORS_EMC2305 is not set +# CONFIG_SENSORS_EMC6W201 is not set +# CONFIG_SENSORS_SMSC47M1 is not set +# CONFIG_SENSORS_SMSC47M192 is not set +# CONFIG_SENSORS_SMSC47B397 is not set +# CONFIG_SENSORS_SCH5627 is not set +# CONFIG_SENSORS_SCH5636 is not set +# CONFIG_SENSORS_STTS751 is not set +# CONFIG_SENSORS_ADC128D818 is not set +# CONFIG_SENSORS_ADS7828 is not set +# CONFIG_SENSORS_AMC6821 is not set +# CONFIG_SENSORS_INA209 is not set +# CONFIG_SENSORS_INA2XX is not set +# CONFIG_SENSORS_INA238 is not set +# CONFIG_SENSORS_INA3221 is not set +# CONFIG_SENSORS_TC74 is not set +# CONFIG_SENSORS_THMC50 is not set +# CONFIG_SENSORS_TMP102 is not set +# CONFIG_SENSORS_TMP103 is not set +# CONFIG_SENSORS_TMP108 is not set +# CONFIG_SENSORS_TMP401 is not set +# CONFIG_SENSORS_TMP421 is not set +# CONFIG_SENSORS_TMP464 is not set +# CONFIG_SENSORS_TMP513 is not set +# CONFIG_SENSORS_VIA_CPUTEMP is not set +# CONFIG_SENSORS_VIA686A is not set +# CONFIG_SENSORS_VT1211 is not set +# CONFIG_SENSORS_VT8231 is not set +# CONFIG_SENSORS_W83773G is not set +# CONFIG_SENSORS_W83781D is not set +# CONFIG_SENSORS_W83791D is not set +# CONFIG_SENSORS_W83792D is not set +# CONFIG_SENSORS_W83793 is not set +# CONFIG_SENSORS_W83795 is not set +# CONFIG_SENSORS_W83L785TS is not set +# CONFIG_SENSORS_W83L786NG is not set +# CONFIG_SENSORS_W83627HF is not set +# CONFIG_SENSORS_W83627EHF is not set +# CONFIG_SENSORS_XGENE is not set + +# +# ACPI drivers +# +# CONFIG_SENSORS_ACPI_POWER is not set +# CONFIG_SENSORS_ATK0110 is not set +# CONFIG_SENSORS_ASUS_WMI is not set +# CONFIG_SENSORS_ASUS_EC is not set +# CONFIG_SENSORS_HP_WMI is not set +CONFIG_THERMAL=y +# CONFIG_THERMAL_NETLINK is not set +# CONFIG_THERMAL_STATISTICS is not set +CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0 +CONFIG_THERMAL_HWMON=y +CONFIG_THERMAL_WRITABLE_TRIPS=y +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_THERMAL_GOV_FAIR_SHARE is not set +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +CONFIG_THERMAL_GOV_USER_SPACE=y +# CONFIG_DEVFREQ_THERMAL is not set +# CONFIG_THERMAL_EMULATION is not set + +# +# Intel thermal drivers +# +# CONFIG_INTEL_POWERCLAMP is not set +CONFIG_X86_THERMAL_VECTOR=y +CONFIG_INTEL_TCC=y +CONFIG_X86_PKG_TEMP_THERMAL=m +# CONFIG_INTEL_SOC_DTS_THERMAL is not set + +# +# ACPI INT340X thermal drivers +# +# CONFIG_INT340X_THERMAL is not set +# end of ACPI INT340X thermal drivers + +# CONFIG_INTEL_PCH_THERMAL is not set +# CONFIG_INTEL_TCC_COOLING is not set +# CONFIG_INTEL_HFI_THERMAL is not set +# end of Intel thermal drivers + +# CONFIG_GENERIC_ADC_THERMAL is not set +CONFIG_WATCHDOG=y +CONFIG_WATCHDOG_CORE=y +# CONFIG_WATCHDOG_NOWAYOUT is not set +CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED=y +CONFIG_WATCHDOG_OPEN_TIMEOUT=0 +CONFIG_WATCHDOG_SYSFS=y +# CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT is not set + +# +# Watchdog Pretimeout Governors +# +# CONFIG_WATCHDOG_PRETIMEOUT_GOV is not set + +# +# Watchdog Device Drivers +# +CONFIG_SOFT_WATCHDOG=m +# CONFIG_WDAT_WDT is not set +# CONFIG_XILINX_WATCHDOG is not set +# CONFIG_ZIIRAVE_WATCHDOG is not set +# CONFIG_CADENCE_WATCHDOG is not set +# CONFIG_DW_WATCHDOG is not set +# CONFIG_MAX63XX_WATCHDOG is not set +# CONFIG_ACQUIRE_WDT is not set +# CONFIG_ADVANTECH_WDT is not set +# CONFIG_ADVANTECH_EC_WDT is not set +# CONFIG_ALIM1535_WDT is not set +# CONFIG_ALIM7101_WDT is not set +# CONFIG_EBC_C384_WDT is not set +# CONFIG_EXAR_WDT is not set +# CONFIG_F71808E_WDT is not set +# CONFIG_SP5100_TCO is not set +# CONFIG_SBC_FITPC2_WATCHDOG is not set +# CONFIG_EUROTECH_WDT is not set +# CONFIG_IB700_WDT is not set +# CONFIG_IBMASR is not set +# CONFIG_WAFER_WDT is not set +# CONFIG_I6300ESB_WDT is not set +# CONFIG_IE6XX_WDT is not set +# CONFIG_INTEL_MID_WATCHDOG is not set +CONFIG_ITCO_WDT=m +CONFIG_ITCO_VENDOR_SUPPORT=y +# CONFIG_IT8712F_WDT is not set +# CONFIG_IT87_WDT is not set +# CONFIG_HP_WATCHDOG is not set +# CONFIG_SC1200_WDT is not set +# CONFIG_PC87413_WDT is not set +# CONFIG_NV_TCO is not set +# CONFIG_60XX_WDT is not set +# CONFIG_CPU5_WDT is not set +# CONFIG_SMSC_SCH311X_WDT is not set +# CONFIG_SMSC37B787_WDT is not set +# CONFIG_TQMX86_WDT is not set +# CONFIG_VIA_WDT is not set +# CONFIG_W83627HF_WDT is not set +# CONFIG_W83877F_WDT is not set +# CONFIG_W83977F_WDT is not set +# CONFIG_MACHZ_WDT is not set +# CONFIG_SBC_EPX_C3_WATCHDOG is not set +# CONFIG_INTEL_MEI_WDT is not set +# CONFIG_NI903X_WDT is not set +# CONFIG_NIC7018_WDT is not set +# CONFIG_MEN_A21_WDT is not set +# CONFIG_XEN_WDT is not set + +# +# PCI-based Watchdog Cards +# +# CONFIG_PCIPCWATCHDOG is not set +# CONFIG_WDTPCI is not set + +# +# USB-based Watchdog Cards +# +# CONFIG_USBPCWATCHDOG is not set +CONFIG_SSB_POSSIBLE=y +CONFIG_SSB=m +CONFIG_SSB_SPROM=y +CONFIG_SSB_PCIHOST_POSSIBLE=y +CONFIG_SSB_PCIHOST=y +CONFIG_SSB_SDIOHOST_POSSIBLE=y +# CONFIG_SSB_SDIOHOST is not set +CONFIG_SSB_DRIVER_PCICORE_POSSIBLE=y +CONFIG_SSB_DRIVER_PCICORE=y +# CONFIG_SSB_DRIVER_GPIO is not set +CONFIG_BCMA_POSSIBLE=y +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +CONFIG_MFD_CORE=m +# CONFIG_MFD_AS3711 is not set +# CONFIG_MFD_SMPRO is not set +# CONFIG_PMIC_ADP5520 is not set +# CONFIG_MFD_AAT2870_CORE is not set +# CONFIG_MFD_BCM590XX is not set +# CONFIG_MFD_BD9571MWV is not set +# CONFIG_MFD_AXP20X_I2C is not set +# CONFIG_MFD_CS42L43_I2C is not set +# CONFIG_MFD_MADERA is not set +# CONFIG_PMIC_DA903X is not set +# CONFIG_MFD_DA9052_I2C is not set +# CONFIG_MFD_DA9055 is not set +# CONFIG_MFD_DA9062 is not set +# CONFIG_MFD_DA9063 is not set +# CONFIG_MFD_DA9150 is not set +# CONFIG_MFD_DLN2 is not set +# CONFIG_MFD_MC13XXX_I2C is not set +# CONFIG_MFD_MP2629 is not set +# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set +CONFIG_LPC_ICH=m +CONFIG_LPC_SCH=m +# CONFIG_INTEL_SOC_PMIC_MRFLD is not set +CONFIG_MFD_INTEL_LPSS=m +CONFIG_MFD_INTEL_LPSS_ACPI=m +CONFIG_MFD_INTEL_LPSS_PCI=m +# CONFIG_MFD_INTEL_PMC_BXT is not set +# CONFIG_MFD_IQS62X is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_88PM800 is not set +# CONFIG_MFD_88PM805 is not set +# CONFIG_MFD_88PM860X is not set +# CONFIG_MFD_MAX14577 is not set +# CONFIG_MFD_MAX77541 is not set +# CONFIG_MFD_MAX77693 is not set +# CONFIG_MFD_MAX77843 is not set +# CONFIG_MFD_MAX8907 is not set +# CONFIG_MFD_MAX8925 is not set +# CONFIG_MFD_MAX8997 is not set +# CONFIG_MFD_MAX8998 is not set +# CONFIG_MFD_MT6360 is not set +# CONFIG_MFD_MT6370 is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_MENF21BMC is not set +# CONFIG_MFD_VIPERBOARD is not set +# CONFIG_MFD_RETU is not set +# CONFIG_MFD_PCF50633 is not set +# CONFIG_MFD_SY7636A is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_RT4831 is not set +# CONFIG_MFD_RT5033 is not set +# CONFIG_MFD_RT5120 is not set +# CONFIG_MFD_RC5T583 is not set +# CONFIG_MFD_SI476X_CORE is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_MFD_SKY81452 is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_LP3943 is not set +# CONFIG_MFD_LP8788 is not set +# CONFIG_MFD_TI_LMU is not set +# CONFIG_MFD_PALMAS is not set +# CONFIG_TPS6105X is not set +# CONFIG_TPS65010 is not set +# CONFIG_TPS6507X is not set +# CONFIG_MFD_TPS65086 is not set +# CONFIG_MFD_TPS65090 is not set +# CONFIG_MFD_TI_LP873X is not set +# CONFIG_MFD_TPS6586X is not set +# CONFIG_MFD_TPS65910 is not set +# CONFIG_MFD_TPS65912_I2C is not set +# CONFIG_MFD_TPS6594_I2C is not set +# CONFIG_TWL4030_CORE is not set +# CONFIG_TWL6040_CORE is not set +# CONFIG_MFD_WL1273_CORE is not set +# CONFIG_MFD_LM3533 is not set +# CONFIG_MFD_TQMX86 is not set +# CONFIG_MFD_VX855 is not set +# CONFIG_MFD_ARIZONA_I2C is not set +# CONFIG_MFD_WM8400 is not set +# CONFIG_MFD_WM831X_I2C is not set +# CONFIG_MFD_WM8350_I2C is not set +# CONFIG_MFD_WM8994 is not set +# CONFIG_MFD_ATC260X_I2C is not set +# CONFIG_RAVE_SP_CORE is not set +# end of Multifunction device drivers + +# CONFIG_REGULATOR is not set +# CONFIG_RC_CORE is not set + +# +# CEC support +# +# CONFIG_MEDIA_CEC_SUPPORT is not set +# end of CEC support + +CONFIG_MEDIA_SUPPORT=m +# CONFIG_MEDIA_SUPPORT_FILTER is not set +# CONFIG_MEDIA_SUBDRV_AUTOSELECT is not set + +# +# Media device types +# +CONFIG_MEDIA_CAMERA_SUPPORT=y +CONFIG_MEDIA_ANALOG_TV_SUPPORT=y +CONFIG_MEDIA_DIGITAL_TV_SUPPORT=y +CONFIG_MEDIA_RADIO_SUPPORT=y +CONFIG_MEDIA_SDR_SUPPORT=y +CONFIG_MEDIA_PLATFORM_SUPPORT=y +CONFIG_MEDIA_TEST_SUPPORT=y +# end of Media device types + +# +# Media core support +# +CONFIG_VIDEO_DEV=m +CONFIG_MEDIA_CONTROLLER=y +CONFIG_DVB_CORE=m +# end of Media core support + +# +# Video4Linux options +# +CONFIG_VIDEO_V4L2_I2C=y +CONFIG_VIDEO_V4L2_SUBDEV_API=y +# CONFIG_VIDEO_ADV_DEBUG is not set +# CONFIG_VIDEO_FIXED_MINOR_RANGES is not set +CONFIG_V4L2_FWNODE=m +CONFIG_V4L2_ASYNC=m +# end of Video4Linux options + +# +# Media controller options +# +# CONFIG_MEDIA_CONTROLLER_DVB is not set +# end of Media controller options + +# +# Digital TV options +# +# CONFIG_DVB_MMAP is not set +CONFIG_DVB_NET=y +CONFIG_DVB_MAX_ADAPTERS=16 +CONFIG_DVB_DYNAMIC_MINORS=y +# CONFIG_DVB_DEMUX_SECTION_LOSS_LOG is not set +# CONFIG_DVB_ULE_DEBUG is not set +# end of Digital TV options + +# +# Media drivers +# + +# +# Media drivers +# +CONFIG_MEDIA_USB_SUPPORT=y + +# +# Webcam devices +# +CONFIG_USB_GSPCA=m +# CONFIG_USB_GSPCA_BENQ is not set +# CONFIG_USB_GSPCA_CONEX is not set +# CONFIG_USB_GSPCA_CPIA1 is not set +# CONFIG_USB_GSPCA_DTCS033 is not set +# CONFIG_USB_GSPCA_ETOMS is not set +# CONFIG_USB_GSPCA_FINEPIX is not set +# CONFIG_USB_GSPCA_JEILINJ is not set +# CONFIG_USB_GSPCA_JL2005BCD is not set +# CONFIG_USB_GSPCA_KINECT is not set +# CONFIG_USB_GSPCA_KONICA is not set +# CONFIG_USB_GSPCA_MARS is not set +# CONFIG_USB_GSPCA_MR97310A is not set +# CONFIG_USB_GSPCA_NW80X is not set +# CONFIG_USB_GSPCA_OV519 is not set +# CONFIG_USB_GSPCA_OV534 is not set +# CONFIG_USB_GSPCA_OV534_9 is not set +# CONFIG_USB_GSPCA_PAC207 is not set +# CONFIG_USB_GSPCA_PAC7302 is not set +# CONFIG_USB_GSPCA_PAC7311 is not set +# CONFIG_USB_GSPCA_SE401 is not set +# CONFIG_USB_GSPCA_SN9C2028 is not set +# CONFIG_USB_GSPCA_SN9C20X is not set +# CONFIG_USB_GSPCA_SONIXB is not set +# CONFIG_USB_GSPCA_SONIXJ is not set +# CONFIG_USB_GSPCA_SPCA1528 is not set +# CONFIG_USB_GSPCA_SPCA500 is not set +# CONFIG_USB_GSPCA_SPCA501 is not set +# CONFIG_USB_GSPCA_SPCA505 is not set +# CONFIG_USB_GSPCA_SPCA506 is not set +# CONFIG_USB_GSPCA_SPCA508 is not set +# CONFIG_USB_GSPCA_SPCA561 is not set +# CONFIG_USB_GSPCA_SQ905 is not set +# CONFIG_USB_GSPCA_SQ905C is not set +# CONFIG_USB_GSPCA_SQ930X is not set +# CONFIG_USB_GSPCA_STK014 is not set +# CONFIG_USB_GSPCA_STK1135 is not set +# CONFIG_USB_GSPCA_STV0680 is not set +# CONFIG_USB_GSPCA_SUNPLUS is not set +# CONFIG_USB_GSPCA_T613 is not set +# CONFIG_USB_GSPCA_TOPRO is not set +# CONFIG_USB_GSPCA_TOUPTEK is not set +# CONFIG_USB_GSPCA_TV8532 is not set +# CONFIG_USB_GSPCA_VC032X is not set +# CONFIG_USB_GSPCA_VICAM is not set +# CONFIG_USB_GSPCA_XIRLINK_CIT is not set +# CONFIG_USB_GSPCA_ZC3XX is not set +# CONFIG_USB_GL860 is not set +# CONFIG_USB_M5602 is not set +# CONFIG_USB_STV06XX is not set +# CONFIG_USB_PWC is not set +# CONFIG_USB_S2255 is not set +# CONFIG_VIDEO_USBTV is not set +CONFIG_USB_VIDEO_CLASS=m +CONFIG_USB_VIDEO_CLASS_INPUT_EVDEV=y + +# +# Analog TV USB devices +# +# CONFIG_VIDEO_GO7007 is not set +# CONFIG_VIDEO_HDPVR is not set +# CONFIG_VIDEO_PVRUSB2 is not set +# CONFIG_VIDEO_STK1160 is not set + +# +# Analog/digital TV USB devices +# +# CONFIG_VIDEO_AU0828 is not set + +# +# Digital TV USB devices +# +# CONFIG_DVB_AS102 is not set +# CONFIG_DVB_B2C2_FLEXCOP_USB is not set +# CONFIG_DVB_USB_V2 is not set +# CONFIG_SMS_USB_DRV is not set +# CONFIG_DVB_TTUSB_BUDGET is not set +# CONFIG_DVB_TTUSB_DEC is not set + +# +# Webcam, TV (analog/digital) USB devices +# +# CONFIG_VIDEO_EM28XX is not set + +# +# Software defined radio USB devices +# +# CONFIG_USB_AIRSPY is not set +# CONFIG_USB_HACKRF is not set +# CONFIG_MEDIA_PCI_SUPPORT is not set +CONFIG_RADIO_ADAPTERS=m +# CONFIG_RADIO_MAXIRADIO is not set +# CONFIG_RADIO_SAA7706H is not set +# CONFIG_RADIO_SHARK is not set +# CONFIG_RADIO_SHARK2 is not set +# CONFIG_RADIO_SI4713 is not set +# CONFIG_RADIO_TEA5764 is not set +# CONFIG_RADIO_TEF6862 is not set +# CONFIG_RADIO_WL1273 is not set +# CONFIG_USB_DSBR is not set +# CONFIG_USB_KEENE is not set +# CONFIG_USB_MA901 is not set +# CONFIG_USB_MR800 is not set +# CONFIG_USB_RAREMONO is not set +# CONFIG_RADIO_SI470X is not set +CONFIG_MEDIA_PLATFORM_DRIVERS=y +# CONFIG_V4L_PLATFORM_DRIVERS is not set +# CONFIG_SDR_PLATFORM_DRIVERS is not set +# CONFIG_DVB_PLATFORM_DRIVERS is not set +# CONFIG_V4L_MEM2MEM_DRIVERS is not set + +# +# Allegro DVT media platform drivers +# + +# +# Amlogic media platform drivers +# + +# +# Amphion drivers +# + +# +# Aspeed media platform drivers +# + +# +# Atmel media platform drivers +# + +# +# Cadence media platform drivers +# +# CONFIG_VIDEO_CADENCE_CSI2RX is not set +# CONFIG_VIDEO_CADENCE_CSI2TX is not set + +# +# Chips&Media media platform drivers +# + +# +# Intel media platform drivers +# + +# +# Marvell media platform drivers +# + +# +# Mediatek media platform drivers +# + +# +# Microchip Technology, Inc. media platform drivers +# + +# +# NVidia media platform drivers +# + +# +# NXP media platform drivers +# + +# +# Qualcomm media platform drivers +# + +# +# Renesas media platform drivers +# + +# +# Rockchip media platform drivers +# + +# +# Samsung media platform drivers +# + +# +# STMicroelectronics media platform drivers +# + +# +# Sunxi media platform drivers +# + +# +# Texas Instruments drivers +# + +# +# Verisilicon media platform drivers +# + +# +# VIA media platform drivers +# + +# +# Xilinx media platform drivers +# + +# +# MMC/SDIO DVB adapters +# +# CONFIG_SMS_SDIO_DRV is not set +# CONFIG_V4L_TEST_DRIVERS is not set +# CONFIG_DVB_TEST_DRIVERS is not set +CONFIG_UVC_COMMON=m +CONFIG_VIDEOBUF2_CORE=m +CONFIG_VIDEOBUF2_V4L2=m +CONFIG_VIDEOBUF2_MEMOPS=m +CONFIG_VIDEOBUF2_VMALLOC=m +# end of Media drivers + +# +# Media ancillary drivers +# +CONFIG_MEDIA_ATTACH=y +CONFIG_VIDEO_CAMERA_SENSOR=y +# CONFIG_VIDEO_AR0521 is not set +# CONFIG_VIDEO_HI556 is not set +# CONFIG_VIDEO_HI846 is not set +# CONFIG_VIDEO_HI847 is not set +# CONFIG_VIDEO_IMX208 is not set +# CONFIG_VIDEO_IMX214 is not set +# CONFIG_VIDEO_IMX219 is not set +# CONFIG_VIDEO_IMX258 is not set +# CONFIG_VIDEO_IMX274 is not set +# CONFIG_VIDEO_IMX290 is not set +# CONFIG_VIDEO_IMX296 is not set +# CONFIG_VIDEO_IMX319 is not set +# CONFIG_VIDEO_IMX355 is not set +# CONFIG_VIDEO_MT9M001 is not set +# CONFIG_VIDEO_MT9M111 is not set +# CONFIG_VIDEO_MT9P031 is not set +# CONFIG_VIDEO_MT9T112 is not set +# CONFIG_VIDEO_MT9V011 is not set +# CONFIG_VIDEO_MT9V032 is not set +# CONFIG_VIDEO_MT9V111 is not set +# CONFIG_VIDEO_OG01A1B is not set +# CONFIG_VIDEO_OV01A10 is not set +# CONFIG_VIDEO_OV02A10 is not set +# CONFIG_VIDEO_OV08D10 is not set +# CONFIG_VIDEO_OV08X40 is not set +# CONFIG_VIDEO_OV13858 is not set +# CONFIG_VIDEO_OV13B10 is not set +# CONFIG_VIDEO_OV2640 is not set +# CONFIG_VIDEO_OV2659 is not set +# CONFIG_VIDEO_OV2680 is not set +# CONFIG_VIDEO_OV2685 is not set +# CONFIG_VIDEO_OV2740 is not set +# CONFIG_VIDEO_OV4689 is not set +# CONFIG_VIDEO_OV5647 is not set +# CONFIG_VIDEO_OV5648 is not set +# CONFIG_VIDEO_OV5670 is not set +# CONFIG_VIDEO_OV5675 is not set +# CONFIG_VIDEO_OV5693 is not set +# CONFIG_VIDEO_OV5695 is not set +# CONFIG_VIDEO_OV6650 is not set +# CONFIG_VIDEO_OV7251 is not set +# CONFIG_VIDEO_OV7640 is not set +# CONFIG_VIDEO_OV7670 is not set +# CONFIG_VIDEO_OV772X is not set +# CONFIG_VIDEO_OV7740 is not set +# CONFIG_VIDEO_OV8856 is not set +# CONFIG_VIDEO_OV8858 is not set +# CONFIG_VIDEO_OV8865 is not set +# CONFIG_VIDEO_OV9640 is not set +# CONFIG_VIDEO_OV9650 is not set +# CONFIG_VIDEO_OV9734 is not set +# CONFIG_VIDEO_RDACM20 is not set +# CONFIG_VIDEO_RDACM21 is not set +# CONFIG_VIDEO_RJ54N1 is not set +# CONFIG_VIDEO_S5K5BAF is not set +# CONFIG_VIDEO_S5K6A3 is not set +# CONFIG_VIDEO_CCS is not set +# CONFIG_VIDEO_ET8EK8 is not set + +# +# Lens drivers +# +# CONFIG_VIDEO_AD5820 is not set +# CONFIG_VIDEO_AK7375 is not set +# CONFIG_VIDEO_DW9714 is not set +# CONFIG_VIDEO_DW9719 is not set +# CONFIG_VIDEO_DW9768 is not set +# CONFIG_VIDEO_DW9807_VCM is not set +# end of Lens drivers + +# +# Flash devices +# +# CONFIG_VIDEO_ADP1653 is not set +# CONFIG_VIDEO_LM3560 is not set +# CONFIG_VIDEO_LM3646 is not set +# end of Flash devices + +# +# Audio decoders, processors and mixers +# +# CONFIG_VIDEO_CS3308 is not set +# CONFIG_VIDEO_CS5345 is not set +# CONFIG_VIDEO_CS53L32A is not set +# CONFIG_VIDEO_MSP3400 is not set +# CONFIG_VIDEO_SONY_BTF_MPX is not set +# CONFIG_VIDEO_TDA1997X is not set +# CONFIG_VIDEO_TDA7432 is not set +# CONFIG_VIDEO_TDA9840 is not set +# CONFIG_VIDEO_TEA6415C is not set +# CONFIG_VIDEO_TEA6420 is not set +# CONFIG_VIDEO_TLV320AIC23B is not set +# CONFIG_VIDEO_TVAUDIO is not set +# CONFIG_VIDEO_UDA1342 is not set +# CONFIG_VIDEO_VP27SMPX is not set +# CONFIG_VIDEO_WM8739 is not set +# CONFIG_VIDEO_WM8775 is not set +# end of Audio decoders, processors and mixers + +# +# RDS decoders +# +# CONFIG_VIDEO_SAA6588 is not set +# end of RDS decoders + +# +# Video decoders +# +# CONFIG_VIDEO_ADV7180 is not set +# CONFIG_VIDEO_ADV7183 is not set +# CONFIG_VIDEO_ADV7604 is not set +# CONFIG_VIDEO_ADV7842 is not set +# CONFIG_VIDEO_BT819 is not set +# CONFIG_VIDEO_BT856 is not set +# CONFIG_VIDEO_BT866 is not set +# CONFIG_VIDEO_KS0127 is not set +# CONFIG_VIDEO_ML86V7667 is not set +# CONFIG_VIDEO_SAA7110 is not set +# CONFIG_VIDEO_SAA711X is not set +# CONFIG_VIDEO_TC358743 is not set +# CONFIG_VIDEO_TC358746 is not set +# CONFIG_VIDEO_TVP514X is not set +# CONFIG_VIDEO_TVP5150 is not set +# CONFIG_VIDEO_TVP7002 is not set +# CONFIG_VIDEO_TW2804 is not set +# CONFIG_VIDEO_TW9903 is not set +# CONFIG_VIDEO_TW9906 is not set +# CONFIG_VIDEO_TW9910 is not set +# CONFIG_VIDEO_VPX3220 is not set + +# +# Video and audio decoders +# +# CONFIG_VIDEO_SAA717X is not set +# CONFIG_VIDEO_CX25840 is not set +# end of Video decoders + +# +# Video encoders +# +# CONFIG_VIDEO_ADV7170 is not set +# CONFIG_VIDEO_ADV7175 is not set +# CONFIG_VIDEO_ADV7343 is not set +# CONFIG_VIDEO_ADV7393 is not set +# CONFIG_VIDEO_ADV7511 is not set +# CONFIG_VIDEO_AK881X is not set +# CONFIG_VIDEO_SAA7127 is not set +# CONFIG_VIDEO_SAA7185 is not set +# CONFIG_VIDEO_THS8200 is not set +# end of Video encoders + +# +# Video improvement chips +# +# CONFIG_VIDEO_UPD64031A is not set +# CONFIG_VIDEO_UPD64083 is not set +# end of Video improvement chips + +# +# Audio/Video compression chips +# +# CONFIG_VIDEO_SAA6752HS is not set +# end of Audio/Video compression chips + +# +# SDR tuner chips +# +# CONFIG_SDR_MAX2175 is not set +# end of SDR tuner chips + +# +# Miscellaneous helper chips +# +# CONFIG_VIDEO_I2C is not set +# CONFIG_VIDEO_M52790 is not set +# CONFIG_VIDEO_ST_MIPID02 is not set +# CONFIG_VIDEO_THS7303 is not set +# end of Miscellaneous helper chips + +# +# Video serializers and deserializers +# +# end of Video serializers and deserializers + +CONFIG_MEDIA_TUNER=m + +# +# Customize TV tuners +# +CONFIG_MEDIA_TUNER_E4000=m +CONFIG_MEDIA_TUNER_FC0011=m +CONFIG_MEDIA_TUNER_FC0012=m +CONFIG_MEDIA_TUNER_FC0013=m +CONFIG_MEDIA_TUNER_FC2580=m +CONFIG_MEDIA_TUNER_IT913X=m +CONFIG_MEDIA_TUNER_M88RS6000T=m +CONFIG_MEDIA_TUNER_MAX2165=m +CONFIG_MEDIA_TUNER_MC44S803=m +CONFIG_MEDIA_TUNER_MT2060=m +CONFIG_MEDIA_TUNER_MT2063=m +CONFIG_MEDIA_TUNER_MT20XX=m +CONFIG_MEDIA_TUNER_MT2131=m +CONFIG_MEDIA_TUNER_MT2266=m +CONFIG_MEDIA_TUNER_MXL301RF=m +CONFIG_MEDIA_TUNER_MXL5005S=m +CONFIG_MEDIA_TUNER_MXL5007T=m +CONFIG_MEDIA_TUNER_QM1D1B0004=m +CONFIG_MEDIA_TUNER_QM1D1C0042=m +CONFIG_MEDIA_TUNER_QT1010=m +CONFIG_MEDIA_TUNER_R820T=m +CONFIG_MEDIA_TUNER_SI2157=m +CONFIG_MEDIA_TUNER_SIMPLE=m +CONFIG_MEDIA_TUNER_TDA18212=m +CONFIG_MEDIA_TUNER_TDA18218=m +CONFIG_MEDIA_TUNER_TDA18250=m +CONFIG_MEDIA_TUNER_TDA18271=m +CONFIG_MEDIA_TUNER_TDA827X=m +CONFIG_MEDIA_TUNER_TDA8290=m +CONFIG_MEDIA_TUNER_TDA9887=m +CONFIG_MEDIA_TUNER_TEA5761=m +CONFIG_MEDIA_TUNER_TEA5767=m +CONFIG_MEDIA_TUNER_TUA9001=m +CONFIG_MEDIA_TUNER_XC2028=m +CONFIG_MEDIA_TUNER_XC4000=m +CONFIG_MEDIA_TUNER_XC5000=m +# end of Customize TV tuners + +# +# Customise DVB Frontends +# + +# +# Multistandard (satellite) frontends +# +CONFIG_DVB_MXL5XX=m +CONFIG_DVB_STB0899=m +CONFIG_DVB_STB6100=m +CONFIG_DVB_STV090x=m +CONFIG_DVB_STV0910=m +CONFIG_DVB_STV6110x=m +CONFIG_DVB_STV6111=m + +# +# Multistandard (cable + terrestrial) frontends +# +CONFIG_DVB_DRXK=m +CONFIG_DVB_MN88472=m +CONFIG_DVB_MN88473=m +CONFIG_DVB_SI2165=m +CONFIG_DVB_TDA18271C2DD=m + +# +# DVB-S (satellite) frontends +# +CONFIG_DVB_CX24110=m +CONFIG_DVB_CX24116=m +CONFIG_DVB_CX24117=m +CONFIG_DVB_CX24120=m +CONFIG_DVB_CX24123=m +CONFIG_DVB_DS3000=m +CONFIG_DVB_MB86A16=m +CONFIG_DVB_MT312=m +CONFIG_DVB_S5H1420=m +CONFIG_DVB_SI21XX=m +CONFIG_DVB_STB6000=m +CONFIG_DVB_STV0288=m +CONFIG_DVB_STV0299=m +CONFIG_DVB_STV0900=m +CONFIG_DVB_STV6110=m +CONFIG_DVB_TDA10071=m +CONFIG_DVB_TDA10086=m +CONFIG_DVB_TDA8083=m +CONFIG_DVB_TDA8261=m +CONFIG_DVB_TDA826X=m +CONFIG_DVB_TS2020=m +CONFIG_DVB_TUA6100=m +CONFIG_DVB_TUNER_CX24113=m +CONFIG_DVB_TUNER_ITD1000=m +CONFIG_DVB_VES1X93=m +CONFIG_DVB_ZL10036=m +CONFIG_DVB_ZL10039=m + +# +# DVB-T (terrestrial) frontends +# +CONFIG_DVB_CX22700=m +CONFIG_DVB_CX22702=m +CONFIG_DVB_CXD2820R=m +CONFIG_DVB_CXD2841ER=m +CONFIG_DVB_DIB3000MB=m +CONFIG_DVB_DIB3000MC=m +CONFIG_DVB_DIB7000M=m +CONFIG_DVB_DIB7000P=m +CONFIG_DVB_DIB9000=m +CONFIG_DVB_DRXD=m +CONFIG_DVB_EC100=m +CONFIG_DVB_L64781=m +CONFIG_DVB_MT352=m +CONFIG_DVB_NXT6000=m +CONFIG_DVB_S5H1432=m +CONFIG_DVB_SP887X=m +CONFIG_DVB_STV0367=m +CONFIG_DVB_TDA10048=m +CONFIG_DVB_TDA1004X=m +CONFIG_DVB_ZD1301_DEMOD=m +CONFIG_DVB_ZL10353=m + +# +# DVB-C (cable) frontends +# +CONFIG_DVB_STV0297=m +CONFIG_DVB_TDA10021=m +CONFIG_DVB_TDA10023=m +CONFIG_DVB_VES1820=m + +# +# ATSC (North American/Korean Terrestrial/Cable DTV) frontends +# +CONFIG_DVB_AU8522=m +CONFIG_DVB_AU8522_DTV=m +CONFIG_DVB_AU8522_V4L=m +CONFIG_DVB_BCM3510=m +CONFIG_DVB_LG2160=m +CONFIG_DVB_LGDT3305=m +CONFIG_DVB_LGDT330X=m +CONFIG_DVB_MXL692=m +CONFIG_DVB_NXT200X=m +CONFIG_DVB_OR51132=m +CONFIG_DVB_OR51211=m +CONFIG_DVB_S5H1409=m +CONFIG_DVB_S5H1411=m + +# +# ISDB-T (terrestrial) frontends +# +CONFIG_DVB_DIB8000=m +CONFIG_DVB_MB86A20S=m +CONFIG_DVB_S921=m + +# +# ISDB-S (satellite) & ISDB-T (terrestrial) frontends +# +CONFIG_DVB_MN88443X=m +CONFIG_DVB_TC90522=m + +# +# Digital terrestrial only tuners/PLL +# +CONFIG_DVB_PLL=m +CONFIG_DVB_TUNER_DIB0070=m +CONFIG_DVB_TUNER_DIB0090=m + +# +# SEC control devices for DVB-S +# +CONFIG_DVB_A8293=m +CONFIG_DVB_AF9033=m +CONFIG_DVB_ASCOT2E=m +CONFIG_DVB_ATBM8830=m +CONFIG_DVB_HELENE=m +CONFIG_DVB_HORUS3A=m +CONFIG_DVB_ISL6405=m +CONFIG_DVB_ISL6421=m +CONFIG_DVB_ISL6423=m +CONFIG_DVB_IX2505V=m +CONFIG_DVB_LGS8GL5=m +CONFIG_DVB_LGS8GXX=m +CONFIG_DVB_LNBH25=m +CONFIG_DVB_LNBH29=m +CONFIG_DVB_LNBP21=m +CONFIG_DVB_LNBP22=m +CONFIG_DVB_M88RS2000=m +CONFIG_DVB_TDA665x=m +CONFIG_DVB_DRX39XYJ=m + +# +# Common Interface (EN50221) controller drivers +# +CONFIG_DVB_CXD2099=m +CONFIG_DVB_SP2=m +# end of Customise DVB Frontends + +# +# Tools to develop new frontends +# +# CONFIG_DVB_DUMMY_FE is not set +# end of Media ancillary drivers + +# +# Graphics support +# +CONFIG_APERTURE_HELPERS=y +CONFIG_SCREEN_INFO=y +CONFIG_VIDEO_CMDLINE=y +CONFIG_VIDEO_NOMODESET=y +# CONFIG_AUXDISPLAY is not set +CONFIG_AGP=y +# CONFIG_AGP_AMD64 is not set +CONFIG_AGP_INTEL=m +# CONFIG_AGP_SIS is not set +# CONFIG_AGP_VIA is not set +CONFIG_INTEL_GTT=m +# CONFIG_VGA_SWITCHEROO is not set +CONFIG_DRM=m +CONFIG_DRM_MIPI_DSI=y +CONFIG_DRM_KMS_HELPER=m +# CONFIG_DRM_DEBUG_DP_MST_TOPOLOGY_REFS is not set +# CONFIG_DRM_DEBUG_MODESET_LOCK is not set +CONFIG_DRM_FBDEV_EMULATION=y +CONFIG_DRM_FBDEV_OVERALLOC=100 +# CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM is not set +# CONFIG_DRM_LOAD_EDID_FIRMWARE is not set +CONFIG_DRM_DISPLAY_HELPER=m +CONFIG_DRM_DISPLAY_DP_HELPER=y +CONFIG_DRM_DISPLAY_HDCP_HELPER=y +CONFIG_DRM_DISPLAY_HDMI_HELPER=y +# CONFIG_DRM_DP_AUX_CHARDEV is not set +# CONFIG_DRM_DP_CEC is not set +CONFIG_DRM_TTM=m +CONFIG_DRM_EXEC=m +CONFIG_DRM_BUDDY=m +CONFIG_DRM_TTM_HELPER=m +CONFIG_DRM_GEM_SHMEM_HELPER=m +CONFIG_DRM_SUBALLOC_HELPER=m +CONFIG_DRM_SCHED=m + +# +# I2C encoder or helper chips +# +# CONFIG_DRM_I2C_CH7006 is not set +# CONFIG_DRM_I2C_SIL164 is not set +# CONFIG_DRM_I2C_NXP_TDA998X is not set +# CONFIG_DRM_I2C_NXP_TDA9950 is not set +# end of I2C encoder or helper chips + +# +# ARM devices +# +# end of ARM devices + +CONFIG_DRM_RADEON=m +# CONFIG_DRM_RADEON_USERPTR is not set +CONFIG_DRM_AMDGPU=m +CONFIG_DRM_AMDGPU_SI=y +CONFIG_DRM_AMDGPU_CIK=y +CONFIG_DRM_AMDGPU_USERPTR=y +# CONFIG_DRM_AMDGPU_WERROR is not set + +# +# ACP (Audio CoProcessor) Configuration +# +# CONFIG_DRM_AMD_ACP is not set +# end of ACP (Audio CoProcessor) Configuration + +# +# Display Engine Configuration +# +CONFIG_DRM_AMD_DC=y +CONFIG_DRM_AMD_DC_FP=y +# CONFIG_DRM_AMD_DC_SI is not set +# CONFIG_DEBUG_KERNEL_DC is not set +# CONFIG_DRM_AMD_SECURE_DISPLAY is not set +# end of Display Engine Configuration + +# CONFIG_HSA_AMD is not set +CONFIG_DRM_NOUVEAU=m +CONFIG_NOUVEAU_DEBUG=5 +CONFIG_NOUVEAU_DEBUG_DEFAULT=3 +# CONFIG_NOUVEAU_DEBUG_MMU is not set +# CONFIG_NOUVEAU_DEBUG_PUSH is not set +CONFIG_DRM_NOUVEAU_BACKLIGHT=y +CONFIG_DRM_I915=m +CONFIG_DRM_I915_FORCE_PROBE="" +# CONFIG_DRM_I915_CAPTURE_ERROR is not set +CONFIG_DRM_I915_USERPTR=y +# CONFIG_DRM_I915_GVT_KVMGT is not set + +# +# drm/i915 Debugging +# +# CONFIG_DRM_I915_WERROR is not set +# CONFIG_DRM_I915_DEBUG is not set +# CONFIG_DRM_I915_DEBUG_MMIO is not set +# CONFIG_DRM_I915_SW_FENCE_DEBUG_OBJECTS is not set +# CONFIG_DRM_I915_SW_FENCE_CHECK_DAG is not set +# CONFIG_DRM_I915_DEBUG_GUC is not set +# CONFIG_DRM_I915_SELFTEST is not set +# CONFIG_DRM_I915_LOW_LEVEL_TRACEPOINTS is not set +# CONFIG_DRM_I915_DEBUG_VBLANK_EVADE is not set +# CONFIG_DRM_I915_DEBUG_RUNTIME_PM is not set +# end of drm/i915 Debugging + +# +# drm/i915 Profile Guided Optimisation +# +CONFIG_DRM_I915_REQUEST_TIMEOUT=20000 +CONFIG_DRM_I915_FENCE_TIMEOUT=10000 +CONFIG_DRM_I915_USERFAULT_AUTOSUSPEND=250 +CONFIG_DRM_I915_HEARTBEAT_INTERVAL=2500 +CONFIG_DRM_I915_PREEMPT_TIMEOUT=640 +CONFIG_DRM_I915_PREEMPT_TIMEOUT_COMPUTE=7500 +CONFIG_DRM_I915_MAX_REQUEST_BUSYWAIT=8000 +CONFIG_DRM_I915_STOP_TIMEOUT=100 +CONFIG_DRM_I915_TIMESLICE_DURATION=1 +# end of drm/i915 Profile Guided Optimisation + +CONFIG_DRM_VGEM=m +# CONFIG_DRM_VKMS is not set +CONFIG_DRM_VMWGFX=m +# CONFIG_DRM_VMWGFX_MKSSTATS is not set +# CONFIG_DRM_GMA500 is not set +# CONFIG_DRM_UDL is not set +# CONFIG_DRM_AST is not set +# CONFIG_DRM_MGAG200 is not set +# CONFIG_DRM_QXL is not set +# CONFIG_DRM_VIRTIO_GPU is not set +CONFIG_DRM_PANEL=y + +# +# Display Panels +# +# CONFIG_DRM_PANEL_RASPBERRYPI_TOUCHSCREEN is not set +# end of Display Panels + +CONFIG_DRM_BRIDGE=y +CONFIG_DRM_PANEL_BRIDGE=y + +# +# Display Interface Bridges +# +# CONFIG_DRM_ANALOGIX_ANX78XX is not set +# end of Display Interface Bridges + +# CONFIG_DRM_LOONGSON is not set +# CONFIG_DRM_ETNAVIV is not set +# CONFIG_DRM_BOCHS is not set +CONFIG_DRM_CIRRUS_QEMU=m +# CONFIG_DRM_GM12U320 is not set +# CONFIG_DRM_SIMPLEDRM is not set +# CONFIG_DRM_XEN_FRONTEND is not set +# CONFIG_DRM_VBOXVIDEO is not set +# CONFIG_DRM_GUD is not set +# CONFIG_DRM_SSD130X is not set +# CONFIG_DRM_HYPERV is not set +# CONFIG_DRM_LEGACY is not set +CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=y + +# +# Frame buffer Devices +# +CONFIG_FB=y +CONFIG_FB_CIRRUS=m +# CONFIG_FB_PM2 is not set +# CONFIG_FB_CYBER2000 is not set +# CONFIG_FB_ARC is not set +# CONFIG_FB_ASILIANT is not set +# CONFIG_FB_IMSTT is not set +# CONFIG_FB_VGA16 is not set +# CONFIG_FB_UVESA is not set +CONFIG_FB_VESA=y +CONFIG_FB_EFI=y +# CONFIG_FB_N411 is not set +# CONFIG_FB_HGA is not set +# CONFIG_FB_OPENCORES is not set +# CONFIG_FB_S1D13XXX is not set +CONFIG_FB_NVIDIA=m +# CONFIG_FB_NVIDIA_I2C is not set +# CONFIG_FB_NVIDIA_DEBUG is not set +CONFIG_FB_NVIDIA_BACKLIGHT=y +# CONFIG_FB_RIVA is not set +CONFIG_FB_I740=m +# CONFIG_FB_LE80578 is not set +# CONFIG_FB_INTEL is not set +# CONFIG_FB_MATROX is not set +CONFIG_FB_RADEON=m +CONFIG_FB_RADEON_I2C=y +CONFIG_FB_RADEON_BACKLIGHT=y +# CONFIG_FB_RADEON_DEBUG is not set +# CONFIG_FB_ATY128 is not set +# CONFIG_FB_ATY is not set +# CONFIG_FB_S3 is not set +# CONFIG_FB_SAVAGE is not set +# CONFIG_FB_SIS is not set +# CONFIG_FB_VIA is not set +# CONFIG_FB_NEOMAGIC is not set +# CONFIG_FB_KYRO is not set +# CONFIG_FB_3DFX is not set +# CONFIG_FB_VOODOO1 is not set +# CONFIG_FB_VT8623 is not set +# CONFIG_FB_TRIDENT is not set +# CONFIG_FB_ARK is not set +# CONFIG_FB_PM3 is not set +# CONFIG_FB_CARMINE is not set +# CONFIG_FB_SMSCUFX is not set +# CONFIG_FB_UDL is not set +# CONFIG_FB_IBM_GXT4500 is not set +# CONFIG_FB_VIRTUAL is not set +CONFIG_XEN_FBDEV_FRONTEND=m +# CONFIG_FB_METRONOME is not set +# CONFIG_FB_MB862XX is not set +CONFIG_FB_HYPERV=m +# CONFIG_FB_SIMPLE is not set +# CONFIG_FB_SSD1307 is not set +# CONFIG_FB_SM712 is not set +CONFIG_FB_CORE=y +CONFIG_FB_NOTIFY=y +# CONFIG_FIRMWARE_EDID is not set +CONFIG_FB_DEVICE=y +CONFIG_FB_DDC=m +CONFIG_FB_CFB_FILLRECT=y +CONFIG_FB_CFB_COPYAREA=y +CONFIG_FB_CFB_IMAGEBLIT=y +CONFIG_FB_SYS_FILLRECT=y +CONFIG_FB_SYS_COPYAREA=y +CONFIG_FB_SYS_IMAGEBLIT=y +# CONFIG_FB_FOREIGN_ENDIAN is not set +CONFIG_FB_SYS_FOPS=y +CONFIG_FB_DEFERRED_IO=y +CONFIG_FB_IOMEM_FOPS=y +CONFIG_FB_IOMEM_HELPERS=y +CONFIG_FB_SYSMEM_HELPERS=y +CONFIG_FB_SYSMEM_HELPERS_DEFERRED=y +CONFIG_FB_BACKLIGHT=m +CONFIG_FB_MODE_HELPERS=y +# CONFIG_FB_TILEBLITTING is not set +# end of Frame buffer Devices + +# +# Backlight & LCD device support +# +# CONFIG_LCD_CLASS_DEVICE is not set +CONFIG_BACKLIGHT_CLASS_DEVICE=y +# CONFIG_BACKLIGHT_KTD253 is not set +# CONFIG_BACKLIGHT_KTZ8866 is not set +# CONFIG_BACKLIGHT_PWM is not set +# CONFIG_BACKLIGHT_APPLE is not set +# CONFIG_BACKLIGHT_QCOM_WLED is not set +# CONFIG_BACKLIGHT_SAHARA is not set +# CONFIG_BACKLIGHT_ADP8860 is not set +# CONFIG_BACKLIGHT_ADP8870 is not set +# CONFIG_BACKLIGHT_LM3630A is not set +# CONFIG_BACKLIGHT_LM3639 is not set +# CONFIG_BACKLIGHT_LP855X is not set +# CONFIG_BACKLIGHT_GPIO is not set +# CONFIG_BACKLIGHT_LV5207LP is not set +# CONFIG_BACKLIGHT_BD6107 is not set +# CONFIG_BACKLIGHT_ARCXCNN is not set +# end of Backlight & LCD device support + +CONFIG_VGASTATE=m +CONFIG_HDMI=y + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +CONFIG_FRAMEBUFFER_CONSOLE=y +# CONFIG_FRAMEBUFFER_CONSOLE_LEGACY_ACCELERATION is not set +CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y +CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y +# CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set +# end of Console display driver support + +# CONFIG_LOGO is not set +# end of Graphics support + +CONFIG_DRM_ACCEL=y +# CONFIG_DRM_ACCEL_HABANALABS is not set +CONFIG_DRM_ACCEL_IVPU=m +CONFIG_SOUND=m +CONFIG_SND=m +CONFIG_SND_TIMER=m +CONFIG_SND_PCM=m +CONFIG_SND_HWDEP=m +CONFIG_SND_RAWMIDI=m +CONFIG_SND_COMPRESS_OFFLOAD=m +CONFIG_SND_JACK=y +CONFIG_SND_JACK_INPUT_DEV=y +# CONFIG_SND_OSSEMUL is not set +CONFIG_SND_PCM_TIMER=y +# CONFIG_SND_HRTIMER is not set +CONFIG_SND_DYNAMIC_MINORS=y +CONFIG_SND_MAX_CARDS=4 +CONFIG_SND_SUPPORT_OLD_API=y +CONFIG_SND_PROC_FS=y +CONFIG_SND_VERBOSE_PROCFS=y +# CONFIG_SND_VERBOSE_PRINTK is not set +CONFIG_SND_CTL_FAST_LOOKUP=y +# CONFIG_SND_DEBUG is not set +# CONFIG_SND_CTL_INPUT_VALIDATION is not set +CONFIG_SND_VMASTER=y +CONFIG_SND_DMA_SGBUF=y +CONFIG_SND_CTL_LED=m +# CONFIG_SND_SEQUENCER is not set +CONFIG_SND_AC97_CODEC=m +CONFIG_SND_DRIVERS=y +# CONFIG_SND_DUMMY is not set +# CONFIG_SND_ALOOP is not set +# CONFIG_SND_PCMTEST is not set +# CONFIG_SND_MTPAV is not set +# CONFIG_SND_SERIAL_U16550 is not set +# CONFIG_SND_MPU401 is not set +# CONFIG_SND_AC97_POWER_SAVE is not set +CONFIG_SND_PCI=y +# CONFIG_SND_AD1889 is not set +# CONFIG_SND_ALS4000 is not set +# CONFIG_SND_ASIHPI is not set +# CONFIG_SND_ATIIXP is not set +# CONFIG_SND_ATIIXP_MODEM is not set +# CONFIG_SND_AU8810 is not set +# CONFIG_SND_AU8820 is not set +# CONFIG_SND_AU8830 is not set +# CONFIG_SND_AW2 is not set +# CONFIG_SND_BT87X is not set +# CONFIG_SND_CA0106 is not set +# CONFIG_SND_CMIPCI is not set +# CONFIG_SND_OXYGEN is not set +# CONFIG_SND_CS4281 is not set +# CONFIG_SND_CS46XX is not set +# CONFIG_SND_CTXFI is not set +# CONFIG_SND_DARLA20 is not set +# CONFIG_SND_GINA20 is not set +# CONFIG_SND_LAYLA20 is not set +# CONFIG_SND_DARLA24 is not set +# CONFIG_SND_GINA24 is not set +# CONFIG_SND_LAYLA24 is not set +# CONFIG_SND_MONA is not set +# CONFIG_SND_MIA is not set +# CONFIG_SND_ECHO3G is not set +# CONFIG_SND_INDIGO is not set +# CONFIG_SND_INDIGOIO is not set +# CONFIG_SND_INDIGODJ is not set +# CONFIG_SND_INDIGOIOX is not set +# CONFIG_SND_INDIGODJX is not set +# CONFIG_SND_ENS1370 is not set +CONFIG_SND_ENS1371=m +# CONFIG_SND_FM801 is not set +# CONFIG_SND_HDSP is not set +# CONFIG_SND_HDSPM is not set +# CONFIG_SND_ICE1724 is not set +# CONFIG_SND_INTEL8X0 is not set +# CONFIG_SND_INTEL8X0M is not set +# CONFIG_SND_KORG1212 is not set +# CONFIG_SND_LOLA is not set +# CONFIG_SND_LX6464ES is not set +# CONFIG_SND_MIXART is not set +# CONFIG_SND_NM256 is not set +# CONFIG_SND_PCXHR is not set +# CONFIG_SND_RIPTIDE is not set +# CONFIG_SND_RME32 is not set +# CONFIG_SND_RME96 is not set +# CONFIG_SND_RME9652 is not set +# CONFIG_SND_SE6X is not set +# CONFIG_SND_VIA82XX is not set +# CONFIG_SND_VIA82XX_MODEM is not set +# CONFIG_SND_VIRTUOSO is not set +# CONFIG_SND_VX222 is not set +# CONFIG_SND_YMFPCI is not set + +# +# HD-Audio +# +CONFIG_SND_HDA=m +CONFIG_SND_HDA_GENERIC_LEDS=y +CONFIG_SND_HDA_INTEL=m +# CONFIG_SND_HDA_HWDEP is not set +# CONFIG_SND_HDA_RECONFIG is not set +# CONFIG_SND_HDA_INPUT_BEEP is not set +# CONFIG_SND_HDA_PATCH_LOADER is not set +# CONFIG_SND_HDA_SCODEC_CS35L41_I2C is not set +# CONFIG_SND_HDA_SCODEC_CS35L56_I2C is not set +# CONFIG_SND_HDA_SCODEC_TAS2781_I2C is not set +CONFIG_SND_HDA_CODEC_REALTEK=m +# CONFIG_SND_HDA_CODEC_ANALOG is not set +# CONFIG_SND_HDA_CODEC_SIGMATEL is not set +# CONFIG_SND_HDA_CODEC_VIA is not set +CONFIG_SND_HDA_CODEC_HDMI=m +# CONFIG_SND_HDA_CODEC_CIRRUS is not set +# CONFIG_SND_HDA_CODEC_CS8409 is not set +# CONFIG_SND_HDA_CODEC_CONEXANT is not set +# CONFIG_SND_HDA_CODEC_CA0110 is not set +# CONFIG_SND_HDA_CODEC_CA0132 is not set +# CONFIG_SND_HDA_CODEC_CMEDIA is not set +# CONFIG_SND_HDA_CODEC_SI3054 is not set +CONFIG_SND_HDA_GENERIC=m +CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 +# CONFIG_SND_HDA_INTEL_HDMI_SILENT_STREAM is not set +# CONFIG_SND_HDA_CTL_DEV_ID is not set +# end of HD-Audio + +CONFIG_SND_HDA_CORE=m +CONFIG_SND_HDA_DSP_LOADER=y +CONFIG_SND_HDA_COMPONENT=y +CONFIG_SND_HDA_I915=y +CONFIG_SND_HDA_EXT_CORE=m +CONFIG_SND_HDA_PREALLOC_SIZE=0 +CONFIG_SND_INTEL_NHLT=y +CONFIG_SND_INTEL_DSP_CONFIG=m +CONFIG_SND_INTEL_SOUNDWIRE_ACPI=m +CONFIG_SND_USB=y +CONFIG_SND_USB_AUDIO=m +# CONFIG_SND_USB_AUDIO_MIDI_V2 is not set +CONFIG_SND_USB_AUDIO_USE_MEDIA_CONTROLLER=y +# CONFIG_SND_USB_UA101 is not set +# CONFIG_SND_USB_USX2Y is not set +# CONFIG_SND_USB_CAIAQ is not set +# CONFIG_SND_USB_US122L is not set +# CONFIG_SND_USB_6FIRE is not set +# CONFIG_SND_USB_HIFACE is not set +# CONFIG_SND_BCD2000 is not set +# CONFIG_SND_USB_POD is not set +# CONFIG_SND_USB_PODHD is not set +# CONFIG_SND_USB_TONEPORT is not set +# CONFIG_SND_USB_VARIAX is not set +CONFIG_SND_SOC=m +CONFIG_SND_SOC_COMPRESS=y +CONFIG_SND_SOC_TOPOLOGY=y +CONFIG_SND_SOC_ACPI=m +# CONFIG_SND_SOC_ADI is not set +# CONFIG_SND_SOC_AMD_ACP is not set +# CONFIG_SND_SOC_AMD_ACP3x is not set +# CONFIG_SND_SOC_AMD_RENOIR is not set +# CONFIG_SND_SOC_AMD_ACP5x is not set +# CONFIG_SND_SOC_AMD_ACP6x is not set +# CONFIG_SND_AMD_ACP_CONFIG is not set +# CONFIG_SND_SOC_AMD_ACP_COMMON is not set +# CONFIG_SND_SOC_AMD_RPL_ACP6x is not set +# CONFIG_SND_SOC_AMD_PS is not set +# CONFIG_SND_ATMEL_SOC is not set +# CONFIG_SND_BCM63XX_I2S_WHISTLER is not set +# CONFIG_SND_DESIGNWARE_I2S is not set + +# +# SoC Audio for Freescale CPUs +# + +# +# Common SoC Audio options for Freescale CPUs: +# +# CONFIG_SND_SOC_FSL_ASRC is not set +# CONFIG_SND_SOC_FSL_SAI is not set +# CONFIG_SND_SOC_FSL_AUDMIX is not set +# CONFIG_SND_SOC_FSL_SSI is not set +# CONFIG_SND_SOC_FSL_SPDIF is not set +# CONFIG_SND_SOC_FSL_ESAI is not set +# CONFIG_SND_SOC_FSL_MICFIL is not set +# CONFIG_SND_SOC_FSL_XCVR is not set +# CONFIG_SND_SOC_IMX_AUDMUX is not set +# end of SoC Audio for Freescale CPUs + +# CONFIG_SND_SOC_CHV3_I2S is not set +# CONFIG_SND_I2S_HI6210_I2S is not set +# CONFIG_SND_SOC_IMG is not set +CONFIG_SND_SOC_INTEL_SST_TOPLEVEL=y +CONFIG_SND_SOC_INTEL_SST=m +# CONFIG_SND_SOC_INTEL_CATPT is not set +CONFIG_SND_SST_ATOM_HIFI2_PLATFORM=m +# CONFIG_SND_SST_ATOM_HIFI2_PLATFORM_PCI is not set +CONFIG_SND_SST_ATOM_HIFI2_PLATFORM_ACPI=m +CONFIG_SND_SOC_INTEL_SKYLAKE=m +CONFIG_SND_SOC_INTEL_SKL=m +CONFIG_SND_SOC_INTEL_APL=m +CONFIG_SND_SOC_INTEL_KBL=m +CONFIG_SND_SOC_INTEL_GLK=m +CONFIG_SND_SOC_INTEL_CNL=m +CONFIG_SND_SOC_INTEL_CFL=m +# CONFIG_SND_SOC_INTEL_CML_H is not set +# CONFIG_SND_SOC_INTEL_CML_LP is not set +CONFIG_SND_SOC_INTEL_SKYLAKE_FAMILY=m +# CONFIG_SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC is not set +CONFIG_SND_SOC_INTEL_SKYLAKE_COMMON=m +CONFIG_SND_SOC_ACPI_INTEL_MATCH=m +# CONFIG_SND_SOC_INTEL_AVS is not set +CONFIG_SND_SOC_INTEL_MACH=y +# CONFIG_SND_SOC_INTEL_USER_FRIENDLY_LONG_NAMES is not set +# CONFIG_SND_SOC_INTEL_BYTCR_RT5640_MACH is not set +# CONFIG_SND_SOC_INTEL_BYTCR_RT5651_MACH is not set +# CONFIG_SND_SOC_INTEL_CHT_BSW_RT5672_MACH is not set +# CONFIG_SND_SOC_INTEL_CHT_BSW_RT5645_MACH is not set +# CONFIG_SND_SOC_INTEL_CHT_BSW_MAX98090_TI_MACH is not set +# CONFIG_SND_SOC_INTEL_CHT_BSW_NAU8824_MACH is not set +# CONFIG_SND_SOC_INTEL_BYT_CHT_CX2072X_MACH is not set +# CONFIG_SND_SOC_INTEL_BYT_CHT_DA7213_MACH is not set +# CONFIG_SND_SOC_INTEL_BYT_CHT_ES8316_MACH is not set +# CONFIG_SND_SOC_INTEL_BYT_CHT_NOCODEC_MACH is not set +# CONFIG_SND_SOC_INTEL_SKL_RT286_MACH is not set +# CONFIG_SND_SOC_INTEL_SKL_NAU88L25_SSM4567_MACH is not set +# CONFIG_SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH is not set +# CONFIG_SND_SOC_INTEL_BXT_DA7219_MAX98357A_MACH is not set +# CONFIG_SND_SOC_INTEL_BXT_RT298_MACH is not set +# CONFIG_SND_SOC_INTEL_KBL_RT5663_MAX98927_MACH is not set +# CONFIG_SND_SOC_INTEL_KBL_DA7219_MAX98357A_MACH is not set +# CONFIG_SND_SOC_INTEL_KBL_DA7219_MAX98927_MACH is not set +# CONFIG_SND_SOC_INTEL_KBL_RT5660_MACH is not set +# CONFIG_SND_SOC_MTK_BTCVSD is not set +# CONFIG_SND_SOC_SOF_TOPLEVEL is not set + +# +# STMicroelectronics STM32 SOC audio support +# +# end of STMicroelectronics STM32 SOC audio support + +# CONFIG_SND_SOC_XILINX_I2S is not set +# CONFIG_SND_SOC_XILINX_AUDIO_FORMATTER is not set +# CONFIG_SND_SOC_XILINX_SPDIF is not set +# CONFIG_SND_SOC_XTFPGA_I2S is not set +CONFIG_SND_SOC_I2C_AND_SPI=m + +# +# CODEC drivers +# +# CONFIG_SND_SOC_AC97_CODEC is not set +# CONFIG_SND_SOC_ADAU1372_I2C is not set +# CONFIG_SND_SOC_ADAU1701 is not set +# CONFIG_SND_SOC_ADAU1761_I2C is not set +# CONFIG_SND_SOC_ADAU7002 is not set +# CONFIG_SND_SOC_ADAU7118_HW is not set +# CONFIG_SND_SOC_ADAU7118_I2C is not set +# CONFIG_SND_SOC_AK4118 is not set +# CONFIG_SND_SOC_AK4375 is not set +# CONFIG_SND_SOC_AK4458 is not set +# CONFIG_SND_SOC_AK4554 is not set +# CONFIG_SND_SOC_AK4613 is not set +# CONFIG_SND_SOC_AK4642 is not set +# CONFIG_SND_SOC_AK5386 is not set +# CONFIG_SND_SOC_AK5558 is not set +# CONFIG_SND_SOC_ALC5623 is not set +# CONFIG_SND_SOC_AUDIO_IIO_AUX is not set +# CONFIG_SND_SOC_AW8738 is not set +# CONFIG_SND_SOC_AW88395 is not set +# CONFIG_SND_SOC_AW88261 is not set +# CONFIG_SND_SOC_BD28623 is not set +# CONFIG_SND_SOC_BT_SCO is not set +# CONFIG_SND_SOC_CHV3_CODEC is not set +# CONFIG_SND_SOC_CS35L32 is not set +# CONFIG_SND_SOC_CS35L33 is not set +# CONFIG_SND_SOC_CS35L34 is not set +# CONFIG_SND_SOC_CS35L35 is not set +# CONFIG_SND_SOC_CS35L36 is not set +# CONFIG_SND_SOC_CS35L41_I2C is not set +# CONFIG_SND_SOC_CS35L45_I2C is not set +# CONFIG_SND_SOC_CS35L56_I2C is not set +# CONFIG_SND_SOC_CS42L42 is not set +# CONFIG_SND_SOC_CS42L51_I2C is not set +# CONFIG_SND_SOC_CS42L52 is not set +# CONFIG_SND_SOC_CS42L56 is not set +# CONFIG_SND_SOC_CS42L73 is not set +# CONFIG_SND_SOC_CS42L83 is not set +# CONFIG_SND_SOC_CS4234 is not set +# CONFIG_SND_SOC_CS4265 is not set +# CONFIG_SND_SOC_CS4270 is not set +# CONFIG_SND_SOC_CS4271_I2C is not set +# CONFIG_SND_SOC_CS42XX8_I2C is not set +# CONFIG_SND_SOC_CS43130 is not set +# CONFIG_SND_SOC_CS4341 is not set +# CONFIG_SND_SOC_CS4349 is not set +# CONFIG_SND_SOC_CS53L30 is not set +# CONFIG_SND_SOC_CX2072X is not set +# CONFIG_SND_SOC_DA7213 is not set +# CONFIG_SND_SOC_DMIC is not set +# CONFIG_SND_SOC_ES7134 is not set +# CONFIG_SND_SOC_ES7241 is not set +# CONFIG_SND_SOC_ES8316 is not set +# CONFIG_SND_SOC_ES8326 is not set +# CONFIG_SND_SOC_ES8328_I2C is not set +# CONFIG_SND_SOC_GTM601 is not set +CONFIG_SND_SOC_HDAC_HDA=m +# CONFIG_SND_SOC_HDA is not set +# CONFIG_SND_SOC_ICS43432 is not set +# CONFIG_SND_SOC_INNO_RK3036 is not set +# CONFIG_SND_SOC_MAX98088 is not set +# CONFIG_SND_SOC_MAX98090 is not set +# CONFIG_SND_SOC_MAX98357A is not set +# CONFIG_SND_SOC_MAX98504 is not set +# CONFIG_SND_SOC_MAX9867 is not set +# CONFIG_SND_SOC_MAX98927 is not set +# CONFIG_SND_SOC_MAX98520 is not set +# CONFIG_SND_SOC_MAX98373_I2C is not set +# CONFIG_SND_SOC_MAX98388 is not set +# CONFIG_SND_SOC_MAX98390 is not set +# CONFIG_SND_SOC_MAX98396 is not set +# CONFIG_SND_SOC_MAX9860 is not set +# CONFIG_SND_SOC_MSM8916_WCD_DIGITAL is not set +# CONFIG_SND_SOC_PCM1681 is not set +# CONFIG_SND_SOC_PCM1789_I2C is not set +# CONFIG_SND_SOC_PCM179X_I2C is not set +# CONFIG_SND_SOC_PCM186X_I2C is not set +# CONFIG_SND_SOC_PCM3060_I2C is not set +# CONFIG_SND_SOC_PCM3168A_I2C is not set +# CONFIG_SND_SOC_PCM5102A is not set +# CONFIG_SND_SOC_PCM512x_I2C is not set +# CONFIG_SND_SOC_RK3328 is not set +# CONFIG_SND_SOC_RT5616 is not set +# CONFIG_SND_SOC_RT5631 is not set +# CONFIG_SND_SOC_RT5640 is not set +# CONFIG_SND_SOC_RT5659 is not set +# CONFIG_SND_SOC_RT9120 is not set +# CONFIG_SND_SOC_SGTL5000 is not set +# CONFIG_SND_SOC_SIMPLE_AMPLIFIER is not set +# CONFIG_SND_SOC_SIMPLE_MUX is not set +# CONFIG_SND_SOC_SMA1303 is not set +# CONFIG_SND_SOC_SPDIF is not set +# CONFIG_SND_SOC_SRC4XXX_I2C is not set +# CONFIG_SND_SOC_SSM2305 is not set +# CONFIG_SND_SOC_SSM2518 is not set +# CONFIG_SND_SOC_SSM2602_I2C is not set +# CONFIG_SND_SOC_SSM4567 is not set +# CONFIG_SND_SOC_STA32X is not set +# CONFIG_SND_SOC_STA350 is not set +# CONFIG_SND_SOC_STI_SAS is not set +# CONFIG_SND_SOC_TAS2552 is not set +# CONFIG_SND_SOC_TAS2562 is not set +# CONFIG_SND_SOC_TAS2764 is not set +# CONFIG_SND_SOC_TAS2770 is not set +# CONFIG_SND_SOC_TAS2780 is not set +# CONFIG_SND_SOC_TAS2781_I2C is not set +# CONFIG_SND_SOC_TAS5086 is not set +# CONFIG_SND_SOC_TAS571X is not set +# CONFIG_SND_SOC_TAS5720 is not set +# CONFIG_SND_SOC_TAS5805M is not set +# CONFIG_SND_SOC_TAS6424 is not set +# CONFIG_SND_SOC_TDA7419 is not set +# CONFIG_SND_SOC_TFA9879 is not set +# CONFIG_SND_SOC_TFA989X is not set +# CONFIG_SND_SOC_TLV320ADC3XXX is not set +# CONFIG_SND_SOC_TLV320AIC23_I2C is not set +# CONFIG_SND_SOC_TLV320AIC31XX is not set +# CONFIG_SND_SOC_TLV320AIC32X4_I2C is not set +# CONFIG_SND_SOC_TLV320AIC3X_I2C is not set +# CONFIG_SND_SOC_TLV320ADCX140 is not set +# CONFIG_SND_SOC_TS3A227E is not set +# CONFIG_SND_SOC_TSCS42XX is not set +# CONFIG_SND_SOC_TSCS454 is not set +# CONFIG_SND_SOC_UDA1334 is not set +# CONFIG_SND_SOC_WM8510 is not set +# CONFIG_SND_SOC_WM8523 is not set +# CONFIG_SND_SOC_WM8524 is not set +# CONFIG_SND_SOC_WM8580 is not set +# CONFIG_SND_SOC_WM8711 is not set +# CONFIG_SND_SOC_WM8728 is not set +# CONFIG_SND_SOC_WM8731_I2C is not set +# CONFIG_SND_SOC_WM8737 is not set +# CONFIG_SND_SOC_WM8741 is not set +# CONFIG_SND_SOC_WM8750 is not set +# CONFIG_SND_SOC_WM8753 is not set +# CONFIG_SND_SOC_WM8776 is not set +# CONFIG_SND_SOC_WM8782 is not set +# CONFIG_SND_SOC_WM8804_I2C is not set +# CONFIG_SND_SOC_WM8903 is not set +# CONFIG_SND_SOC_WM8904 is not set +# CONFIG_SND_SOC_WM8940 is not set +# CONFIG_SND_SOC_WM8960 is not set +# CONFIG_SND_SOC_WM8961 is not set +# CONFIG_SND_SOC_WM8962 is not set +# CONFIG_SND_SOC_WM8974 is not set +# CONFIG_SND_SOC_WM8978 is not set +# CONFIG_SND_SOC_WM8985 is not set +# CONFIG_SND_SOC_MAX9759 is not set +# CONFIG_SND_SOC_MT6351 is not set +# CONFIG_SND_SOC_MT6358 is not set +# CONFIG_SND_SOC_MT6660 is not set +# CONFIG_SND_SOC_NAU8315 is not set +# CONFIG_SND_SOC_NAU8540 is not set +# CONFIG_SND_SOC_NAU8810 is not set +# CONFIG_SND_SOC_NAU8821 is not set +# CONFIG_SND_SOC_NAU8822 is not set +# CONFIG_SND_SOC_NAU8824 is not set +# CONFIG_SND_SOC_TPA6130A2 is not set +# CONFIG_SND_SOC_LPASS_WSA_MACRO is not set +# CONFIG_SND_SOC_LPASS_VA_MACRO is not set +# CONFIG_SND_SOC_LPASS_RX_MACRO is not set +# CONFIG_SND_SOC_LPASS_TX_MACRO is not set +# end of CODEC drivers + +# CONFIG_SND_SIMPLE_CARD is not set +# CONFIG_SND_X86 is not set +# CONFIG_SND_XEN_FRONTEND is not set +# CONFIG_SND_VIRTIO is not set +CONFIG_AC97_BUS=m +CONFIG_HID_SUPPORT=y +CONFIG_HID=m +# CONFIG_HID_BATTERY_STRENGTH is not set +# CONFIG_HIDRAW is not set +# CONFIG_UHID is not set +CONFIG_HID_GENERIC=m + +# +# Special HID drivers +# +CONFIG_HID_A4TECH=m +# CONFIG_HID_ACCUTOUCH is not set +# CONFIG_HID_ACRUX is not set +CONFIG_HID_APPLE=m +# CONFIG_HID_APPLEIR is not set +# CONFIG_HID_ASUS is not set +# CONFIG_HID_AUREAL is not set +CONFIG_HID_BELKIN=m +# CONFIG_HID_BETOP_FF is not set +# CONFIG_HID_BIGBEN_FF is not set +CONFIG_HID_CHERRY=m +# CONFIG_HID_CHICONY is not set +# CONFIG_HID_CORSAIR is not set +# CONFIG_HID_COUGAR is not set +# CONFIG_HID_MACALLY is not set +# CONFIG_HID_PRODIKEYS is not set +# CONFIG_HID_CMEDIA is not set +# CONFIG_HID_CREATIVE_SB0540 is not set +# CONFIG_HID_CYPRESS is not set +# CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_EMS_FF is not set +# CONFIG_HID_ELAN is not set +# CONFIG_HID_ELECOM is not set +# CONFIG_HID_ELO is not set +# CONFIG_HID_EVISION is not set +CONFIG_HID_EZKEY=m +# CONFIG_HID_GEMBIRD is not set +# CONFIG_HID_GFRM is not set +# CONFIG_HID_GLORIOUS is not set +# CONFIG_HID_HOLTEK is not set +# CONFIG_HID_GOOGLE_STADIA_FF is not set +# CONFIG_HID_VIVALDI is not set +# CONFIG_HID_GT683R is not set +# CONFIG_HID_KEYTOUCH is not set +# CONFIG_HID_KYE is not set +# CONFIG_HID_UCLOGIC is not set +# CONFIG_HID_WALTOP is not set +# CONFIG_HID_VIEWSONIC is not set +# CONFIG_HID_VRC2 is not set +# CONFIG_HID_XIAOMI is not set +# CONFIG_HID_GYRATION is not set +# CONFIG_HID_ICADE is not set +# CONFIG_HID_ITE is not set +# CONFIG_HID_JABRA is not set +# CONFIG_HID_TWINHAN is not set +# CONFIG_HID_KENSINGTON is not set +# CONFIG_HID_LCPOWER is not set +# CONFIG_HID_LED is not set +# CONFIG_HID_LENOVO is not set +# CONFIG_HID_LETSKETCH is not set +CONFIG_HID_LOGITECH=m +# CONFIG_HID_LOGITECH_HIDPP is not set +# CONFIG_LOGITECH_FF is not set +# CONFIG_LOGIRUMBLEPAD2_FF is not set +# CONFIG_LOGIG940_FF is not set +# CONFIG_LOGIWHEELS_FF is not set +# CONFIG_HID_MAGICMOUSE is not set +# CONFIG_HID_MALTRON is not set +# CONFIG_HID_MAYFLASH is not set +# CONFIG_HID_MEGAWORLD_FF is not set +# CONFIG_HID_REDRAGON is not set +CONFIG_HID_MICROSOFT=m +CONFIG_HID_MONTEREY=m +# CONFIG_HID_MULTITOUCH is not set +# CONFIG_HID_NINTENDO is not set +# CONFIG_HID_NTI is not set +# CONFIG_HID_NTRIG is not set +# CONFIG_HID_NVIDIA_SHIELD is not set +# CONFIG_HID_ORTEK is not set +# CONFIG_HID_PANTHERLORD is not set +# CONFIG_HID_PENMOUNT is not set +# CONFIG_HID_PETALYNX is not set +# CONFIG_HID_PICOLCD is not set +# CONFIG_HID_PLANTRONICS is not set +# CONFIG_HID_PXRC is not set +# CONFIG_HID_RAZER is not set +# CONFIG_HID_PRIMAX is not set +# CONFIG_HID_RETRODE is not set +# CONFIG_HID_ROCCAT is not set +# CONFIG_HID_SAITEK is not set +# CONFIG_HID_SAMSUNG is not set +# CONFIG_HID_SEMITEK is not set +# CONFIG_HID_SIGMAMICRO is not set +# CONFIG_HID_SONY is not set +# CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEAM is not set +# CONFIG_HID_STEELSERIES is not set +# CONFIG_HID_SUNPLUS is not set +# CONFIG_HID_RMI is not set +# CONFIG_HID_GREENASIA is not set +CONFIG_HID_HYPERV_MOUSE=m +# CONFIG_HID_SMARTJOYPLUS is not set +# CONFIG_HID_TIVO is not set +# CONFIG_HID_TOPSEED is not set +# CONFIG_HID_TOPRE is not set +# CONFIG_HID_THINGM is not set +# CONFIG_HID_THRUSTMASTER is not set +# CONFIG_HID_UDRAW_PS3 is not set +# CONFIG_HID_U2FZERO is not set +# CONFIG_HID_WACOM is not set +# CONFIG_HID_WIIMOTE is not set +# CONFIG_HID_XINMO is not set +# CONFIG_HID_ZEROPLUS is not set +# CONFIG_HID_ZYDACRON is not set +# CONFIG_HID_SENSOR_HUB is not set +# CONFIG_HID_ALPS is not set +# CONFIG_HID_MCP2200 is not set +# CONFIG_HID_MCP2221 is not set +# end of Special HID drivers + +# +# HID-BPF support +# +# end of HID-BPF support + +# +# USB HID support +# +CONFIG_USB_HID=m +# CONFIG_HID_PID is not set +CONFIG_USB_HIDDEV=y + +# +# USB HID Boot Protocol drivers +# +# CONFIG_USB_KBD is not set +# CONFIG_USB_MOUSE is not set +# end of USB HID Boot Protocol drivers +# end of USB HID support + +CONFIG_I2C_HID=m +# CONFIG_I2C_HID_ACPI is not set +# CONFIG_I2C_HID_OF is not set + +# +# Intel ISH HID support +# +# CONFIG_INTEL_ISH_HID is not set +# end of Intel ISH HID support + +# +# AMD SFH HID Support +# +# CONFIG_AMD_SFH_HID is not set +# end of AMD SFH HID Support + +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +CONFIG_USB_SUPPORT=y +CONFIG_USB_COMMON=m +# CONFIG_USB_LED_TRIG is not set +# CONFIG_USB_ULPI_BUS is not set +# CONFIG_USB_CONN_GPIO is not set +CONFIG_USB_ARCH_HAS_HCD=y +CONFIG_USB=m +CONFIG_USB_PCI=y +# CONFIG_USB_ANNOUNCE_NEW_DEVICES is not set + +# +# Miscellaneous USB options +# +CONFIG_USB_DEFAULT_PERSIST=y +# CONFIG_USB_FEW_INIT_RETRIES is not set +# CONFIG_USB_DYNAMIC_MINORS is not set +# CONFIG_USB_OTG is not set +# CONFIG_USB_OTG_PRODUCTLIST is not set +# CONFIG_USB_OTG_DISABLE_EXTERNAL_HUB is not set +# CONFIG_USB_LEDS_TRIGGER_USBPORT is not set +CONFIG_USB_AUTOSUSPEND_DELAY=2 +# CONFIG_USB_MON is not set + +# +# USB Host Controller Drivers +# +# CONFIG_USB_C67X00_HCD is not set +CONFIG_USB_XHCI_HCD=m +# CONFIG_USB_XHCI_DBGCAP is not set +CONFIG_USB_XHCI_PCI=m +# CONFIG_USB_XHCI_PCI_RENESAS is not set +# CONFIG_USB_XHCI_PLATFORM is not set +CONFIG_USB_EHCI_HCD=m +# CONFIG_USB_EHCI_ROOT_HUB_TT is not set +CONFIG_USB_EHCI_TT_NEWSCHED=y +CONFIG_USB_EHCI_PCI=m +# CONFIG_USB_EHCI_FSL is not set +CONFIG_USB_EHCI_HCD_PLATFORM=m +# CONFIG_USB_OXU210HP_HCD is not set +# CONFIG_USB_ISP116X_HCD is not set +CONFIG_USB_OHCI_HCD=m +CONFIG_USB_OHCI_HCD_PCI=m +CONFIG_USB_OHCI_HCD_SSB=y +CONFIG_USB_OHCI_HCD_PLATFORM=m +CONFIG_USB_UHCI_HCD=m +# CONFIG_USB_SL811_HCD is not set +# CONFIG_USB_R8A66597_HCD is not set +CONFIG_USB_HCD_SSB=m +# CONFIG_USB_HCD_TEST_MODE is not set +# CONFIG_USB_XEN_HCD is not set + +# +# USB Device Class drivers +# +CONFIG_USB_ACM=m +# CONFIG_USB_PRINTER is not set +CONFIG_USB_WDM=m +CONFIG_USB_TMC=m + +# +# NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may +# + +# +# also be needed; see USB_STORAGE Help for more info +# +CONFIG_USB_STORAGE=m +# CONFIG_USB_STORAGE_DEBUG is not set +# CONFIG_USB_STORAGE_REALTEK is not set +# CONFIG_USB_STORAGE_DATAFAB is not set +# CONFIG_USB_STORAGE_FREECOM is not set +# CONFIG_USB_STORAGE_ISD200 is not set +# CONFIG_USB_STORAGE_USBAT is not set +# CONFIG_USB_STORAGE_SDDR09 is not set +# CONFIG_USB_STORAGE_SDDR55 is not set +# CONFIG_USB_STORAGE_JUMPSHOT is not set +# CONFIG_USB_STORAGE_ALAUDA is not set +# CONFIG_USB_STORAGE_ONETOUCH is not set +# CONFIG_USB_STORAGE_KARMA is not set +# CONFIG_USB_STORAGE_CYPRESS_ATACB is not set +# CONFIG_USB_STORAGE_ENE_UB6250 is not set +CONFIG_USB_UAS=m + +# +# USB Imaging devices +# +# CONFIG_USB_MDC800 is not set +# CONFIG_USB_MICROTEK is not set +CONFIG_USBIP_CORE=m +CONFIG_USBIP_VHCI_HCD=m +CONFIG_USBIP_VHCI_HC_PORTS=8 +CONFIG_USBIP_VHCI_NR_HCS=1 +CONFIG_USBIP_HOST=m +# CONFIG_USBIP_DEBUG is not set + +# +# USB dual-mode controller drivers +# +# CONFIG_USB_CDNS_SUPPORT is not set +# CONFIG_USB_MUSB_HDRC is not set +# CONFIG_USB_DWC3 is not set +# CONFIG_USB_DWC2 is not set +# CONFIG_USB_CHIPIDEA is not set +# CONFIG_USB_ISP1760 is not set + +# +# USB port drivers +# +CONFIG_USB_SERIAL=m +CONFIG_USB_SERIAL_GENERIC=y +# CONFIG_USB_SERIAL_SIMPLE is not set +# CONFIG_USB_SERIAL_AIRCABLE is not set +# CONFIG_USB_SERIAL_ARK3116 is not set +# CONFIG_USB_SERIAL_BELKIN is not set +CONFIG_USB_SERIAL_CH341=m +# CONFIG_USB_SERIAL_WHITEHEAT is not set +# CONFIG_USB_SERIAL_DIGI_ACCELEPORT is not set +CONFIG_USB_SERIAL_CP210X=m +# CONFIG_USB_SERIAL_CYPRESS_M8 is not set +# CONFIG_USB_SERIAL_EMPEG is not set +CONFIG_USB_SERIAL_FTDI_SIO=m +# CONFIG_USB_SERIAL_VISOR is not set +# CONFIG_USB_SERIAL_IPAQ is not set +# CONFIG_USB_SERIAL_IR is not set +# CONFIG_USB_SERIAL_EDGEPORT is not set +# CONFIG_USB_SERIAL_EDGEPORT_TI is not set +# CONFIG_USB_SERIAL_F81232 is not set +# CONFIG_USB_SERIAL_F8153X is not set +# CONFIG_USB_SERIAL_GARMIN is not set +# CONFIG_USB_SERIAL_IPW is not set +# CONFIG_USB_SERIAL_IUU is not set +# CONFIG_USB_SERIAL_KEYSPAN_PDA is not set +# CONFIG_USB_SERIAL_KEYSPAN is not set +# CONFIG_USB_SERIAL_KLSI is not set +# CONFIG_USB_SERIAL_KOBIL_SCT is not set +# CONFIG_USB_SERIAL_MCT_U232 is not set +# CONFIG_USB_SERIAL_METRO is not set +# CONFIG_USB_SERIAL_MOS7720 is not set +# CONFIG_USB_SERIAL_MOS7840 is not set +# CONFIG_USB_SERIAL_MXUPORT is not set +# CONFIG_USB_SERIAL_NAVMAN is not set +CONFIG_USB_SERIAL_PL2303=m +# CONFIG_USB_SERIAL_OTI6858 is not set +# CONFIG_USB_SERIAL_QCAUX is not set +CONFIG_USB_SERIAL_QUALCOMM=m +# CONFIG_USB_SERIAL_SPCP8X5 is not set +# CONFIG_USB_SERIAL_SAFE is not set +# CONFIG_USB_SERIAL_SIERRAWIRELESS is not set +# CONFIG_USB_SERIAL_SYMBOL is not set +# CONFIG_USB_SERIAL_TI is not set +# CONFIG_USB_SERIAL_CYBERJACK is not set +CONFIG_USB_SERIAL_WWAN=m +CONFIG_USB_SERIAL_OPTION=m +# CONFIG_USB_SERIAL_OMNINET is not set +# CONFIG_USB_SERIAL_OPTICON is not set +# CONFIG_USB_SERIAL_XSENS_MT is not set +# CONFIG_USB_SERIAL_WISHBONE is not set +# CONFIG_USB_SERIAL_SSU100 is not set +# CONFIG_USB_SERIAL_QT2 is not set +# CONFIG_USB_SERIAL_UPD78F0730 is not set +# CONFIG_USB_SERIAL_XR is not set +# CONFIG_USB_SERIAL_DEBUG is not set + +# +# USB Miscellaneous drivers +# +# CONFIG_USB_EMI62 is not set +# CONFIG_USB_EMI26 is not set +# CONFIG_USB_ADUTUX is not set +# CONFIG_USB_SEVSEG is not set +# CONFIG_USB_LEGOTOWER is not set +# CONFIG_USB_LCD is not set +# CONFIG_USB_CYPRESS_CY7C63 is not set +# CONFIG_USB_CYTHERM is not set +# CONFIG_USB_IDMOUSE is not set +# CONFIG_USB_APPLEDISPLAY is not set +# CONFIG_APPLE_MFI_FASTCHARGE is not set +# CONFIG_USB_SISUSBVGA is not set +# CONFIG_USB_LD is not set +# CONFIG_USB_TRANCEVIBRATOR is not set +# CONFIG_USB_IOWARRIOR is not set +# CONFIG_USB_TEST is not set +# CONFIG_USB_EHSET_TEST_FIXTURE is not set +# CONFIG_USB_ISIGHTFW is not set +# CONFIG_USB_YUREX is not set +# CONFIG_USB_EZUSB_FX2 is not set +# CONFIG_USB_HUB_USB251XB is not set +# CONFIG_USB_HSIC_USB3503 is not set +# CONFIG_USB_HSIC_USB4604 is not set +# CONFIG_USB_LINK_LAYER_TEST is not set +# CONFIG_USB_CHAOSKEY is not set + +# +# USB Physical Layer drivers +# +# CONFIG_NOP_USB_XCEIV is not set +# CONFIG_USB_GPIO_VBUS is not set +# CONFIG_USB_ISP1301 is not set +# end of USB Physical Layer drivers + +# CONFIG_USB_GADGET is not set +# CONFIG_TYPEC is not set +# CONFIG_USB_ROLE_SWITCH is not set +CONFIG_MMC=m +CONFIG_MMC_BLOCK=m +CONFIG_MMC_BLOCK_MINORS=16 +# CONFIG_SDIO_UART is not set +# CONFIG_MMC_TEST is not set + +# +# MMC/SD/SDIO Host Controller Drivers +# +# CONFIG_MMC_DEBUG is not set +CONFIG_MMC_SDHCI=m +CONFIG_MMC_SDHCI_IO_ACCESSORS=y +CONFIG_MMC_SDHCI_PCI=m +# CONFIG_MMC_RICOH_MMC is not set +CONFIG_MMC_SDHCI_ACPI=m +# CONFIG_MMC_SDHCI_PLTFM is not set +# CONFIG_MMC_WBSD is not set +# CONFIG_MMC_TIFM_SD is not set +# CONFIG_MMC_CB710 is not set +# CONFIG_MMC_VIA_SDMMC is not set +# CONFIG_MMC_VUB300 is not set +# CONFIG_MMC_USHC is not set +# CONFIG_MMC_USDHI6ROL0 is not set +CONFIG_MMC_CQHCI=m +# CONFIG_MMC_HSQ is not set +# CONFIG_MMC_TOSHIBA_PCI is not set +# CONFIG_MMC_MTK is not set +CONFIG_SCSI_UFSHCD=m +# CONFIG_SCSI_UFS_BSG is not set +# CONFIG_SCSI_UFS_HWMON is not set +CONFIG_SCSI_UFSHCD_PCI=m +# CONFIG_SCSI_UFS_DWC_TC_PCI is not set +CONFIG_SCSI_UFSHCD_PLATFORM=m +# CONFIG_SCSI_UFS_CDNS_PLATFORM is not set +# CONFIG_MEMSTICK is not set +CONFIG_NEW_LEDS=y +CONFIG_LEDS_CLASS=m +# CONFIG_LEDS_CLASS_FLASH is not set +# CONFIG_LEDS_CLASS_MULTICOLOR is not set +# CONFIG_LEDS_BRIGHTNESS_HW_CHANGED is not set + +# +# LED drivers +# +# CONFIG_LEDS_APU is not set +# CONFIG_LEDS_AW200XX is not set +# CONFIG_LEDS_LM3530 is not set +# CONFIG_LEDS_LM3532 is not set +# CONFIG_LEDS_LM3642 is not set +# CONFIG_LEDS_PCA9532 is not set +# CONFIG_LEDS_GPIO is not set +# CONFIG_LEDS_LP3944 is not set +# CONFIG_LEDS_LP3952 is not set +# CONFIG_LEDS_LP50XX is not set +# CONFIG_LEDS_PCA955X is not set +# CONFIG_LEDS_PCA963X is not set +# CONFIG_LEDS_PCA995X is not set +# CONFIG_LEDS_PWM is not set +# CONFIG_LEDS_BD2606MVV is not set +# CONFIG_LEDS_BD2802 is not set +# CONFIG_LEDS_INTEL_SS4200 is not set +# CONFIG_LEDS_LT3593 is not set +# CONFIG_LEDS_TCA6507 is not set +# CONFIG_LEDS_TLC591XX is not set +# CONFIG_LEDS_LM355x is not set +# CONFIG_LEDS_IS31FL319X is not set + +# +# LED driver for blink(1) USB RGB LED is under Special HID drivers (HID_THINGM) +# +# CONFIG_LEDS_BLINKM is not set +# CONFIG_LEDS_MLXCPLD is not set +# CONFIG_LEDS_MLXREG is not set +# CONFIG_LEDS_USER is not set +# CONFIG_LEDS_NIC78BX is not set + +# +# Flash and Torch LED drivers +# + +# +# RGB LED drivers +# + +# +# LED Triggers +# +CONFIG_LEDS_TRIGGERS=y +# CONFIG_LEDS_TRIGGER_TIMER is not set +# CONFIG_LEDS_TRIGGER_ONESHOT is not set +# CONFIG_LEDS_TRIGGER_DISK is not set +# CONFIG_LEDS_TRIGGER_HEARTBEAT is not set +# CONFIG_LEDS_TRIGGER_BACKLIGHT is not set +# CONFIG_LEDS_TRIGGER_CPU is not set +# CONFIG_LEDS_TRIGGER_ACTIVITY is not set +# CONFIG_LEDS_TRIGGER_DEFAULT_ON is not set + +# +# iptables trigger is under Netfilter config (LED target) +# +# CONFIG_LEDS_TRIGGER_TRANSIENT is not set +# CONFIG_LEDS_TRIGGER_CAMERA is not set +# CONFIG_LEDS_TRIGGER_PANIC is not set +# CONFIG_LEDS_TRIGGER_NETDEV is not set +# CONFIG_LEDS_TRIGGER_PATTERN is not set +CONFIG_LEDS_TRIGGER_AUDIO=m +# CONFIG_LEDS_TRIGGER_TTY is not set + +# +# Simple LED drivers +# +CONFIG_ACCESSIBILITY=y +# CONFIG_A11Y_BRAILLE_CONSOLE is not set + +# +# Speakup console speech +# +CONFIG_SPEAKUP=m +# CONFIG_SPEAKUP_SYNTH_ACNTSA is not set +# CONFIG_SPEAKUP_SYNTH_APOLLO is not set +# CONFIG_SPEAKUP_SYNTH_AUDPTR is not set +# CONFIG_SPEAKUP_SYNTH_BNS is not set +# CONFIG_SPEAKUP_SYNTH_DECTLK is not set +# CONFIG_SPEAKUP_SYNTH_DECEXT is not set +# CONFIG_SPEAKUP_SYNTH_LTLK is not set +CONFIG_SPEAKUP_SYNTH_SOFT=m +# CONFIG_SPEAKUP_SYNTH_SPKOUT is not set +# CONFIG_SPEAKUP_SYNTH_TXPRT is not set +# CONFIG_SPEAKUP_SYNTH_DUMMY is not set +# end of Speakup console speech + +CONFIG_INFINIBAND=m +CONFIG_INFINIBAND_USER_MAD=m +CONFIG_INFINIBAND_USER_ACCESS=m +CONFIG_INFINIBAND_USER_MEM=y +CONFIG_INFINIBAND_ON_DEMAND_PAGING=y +CONFIG_INFINIBAND_ADDR_TRANS=y +CONFIG_INFINIBAND_ADDR_TRANS_CONFIGFS=y +CONFIG_INFINIBAND_VIRT_DMA=y +CONFIG_INFINIBAND_BNXT_RE=m +# CONFIG_INFINIBAND_CXGB4 is not set +# CONFIG_INFINIBAND_EFA is not set +# CONFIG_INFINIBAND_ERDMA is not set +# CONFIG_INFINIBAND_IRDMA is not set +# CONFIG_MANA_INFINIBAND is not set +CONFIG_MLX4_INFINIBAND=m +CONFIG_MLX5_INFINIBAND=m +# CONFIG_INFINIBAND_MTHCA is not set +# CONFIG_INFINIBAND_OCRDMA is not set +# CONFIG_INFINIBAND_QEDR is not set +# CONFIG_INFINIBAND_USNIC is not set +# CONFIG_INFINIBAND_VMWARE_PVRDMA is not set +# CONFIG_INFINIBAND_RDMAVT is not set +# CONFIG_RDMA_RXE is not set +# CONFIG_RDMA_SIW is not set +CONFIG_INFINIBAND_IPOIB=m +# CONFIG_INFINIBAND_IPOIB_CM is not set +CONFIG_INFINIBAND_IPOIB_DEBUG=y +# CONFIG_INFINIBAND_IPOIB_DEBUG_DATA is not set +# CONFIG_INFINIBAND_SRP is not set +# CONFIG_INFINIBAND_SRPT is not set +# CONFIG_INFINIBAND_ISER is not set +# CONFIG_INFINIBAND_ISERT is not set +# CONFIG_INFINIBAND_RTRS_CLIENT is not set +# CONFIG_INFINIBAND_RTRS_SERVER is not set +# CONFIG_INFINIBAND_OPA_VNIC is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +CONFIG_EDAC=y +# CONFIG_EDAC_LEGACY_SYSFS is not set +# CONFIG_EDAC_DEBUG is not set +CONFIG_EDAC_DECODE_MCE=m +# CONFIG_EDAC_GHES is not set +CONFIG_EDAC_AMD64=m +CONFIG_EDAC_E752X=m +CONFIG_EDAC_I82975X=m +CONFIG_EDAC_I3000=m +CONFIG_EDAC_I3200=m +# CONFIG_EDAC_IE31200 is not set +CONFIG_EDAC_X38=m +CONFIG_EDAC_I5400=m +CONFIG_EDAC_I7CORE=m +CONFIG_EDAC_I5100=m +CONFIG_EDAC_I7300=m +CONFIG_EDAC_SBRIDGE=m +CONFIG_EDAC_SKX=m +# CONFIG_EDAC_I10NM is not set +# CONFIG_EDAC_PND2 is not set +# CONFIG_EDAC_IGEN6 is not set +CONFIG_RTC_LIB=y +CONFIG_RTC_MC146818_LIB=y +CONFIG_RTC_CLASS=y +CONFIG_RTC_HCTOSYS=y +CONFIG_RTC_HCTOSYS_DEVICE="rtc0" +CONFIG_RTC_SYSTOHC=y +CONFIG_RTC_SYSTOHC_DEVICE="rtc0" +# CONFIG_RTC_DEBUG is not set +CONFIG_RTC_NVMEM=y + +# +# RTC interfaces +# +CONFIG_RTC_INTF_SYSFS=y +CONFIG_RTC_INTF_PROC=y +CONFIG_RTC_INTF_DEV=y +# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set +# CONFIG_RTC_DRV_TEST is not set + +# +# I2C RTC drivers +# +# CONFIG_RTC_DRV_ABB5ZES3 is not set +# CONFIG_RTC_DRV_ABEOZ9 is not set +# CONFIG_RTC_DRV_ABX80X is not set +# CONFIG_RTC_DRV_DS1307 is not set +# CONFIG_RTC_DRV_DS1374 is not set +# CONFIG_RTC_DRV_DS1672 is not set +# CONFIG_RTC_DRV_MAX6900 is not set +# CONFIG_RTC_DRV_RS5C372 is not set +# CONFIG_RTC_DRV_ISL1208 is not set +# CONFIG_RTC_DRV_ISL12022 is not set +# CONFIG_RTC_DRV_X1205 is not set +# CONFIG_RTC_DRV_PCF8523 is not set +# CONFIG_RTC_DRV_PCF85063 is not set +# CONFIG_RTC_DRV_PCF85363 is not set +# CONFIG_RTC_DRV_PCF8563 is not set +# CONFIG_RTC_DRV_PCF8583 is not set +# CONFIG_RTC_DRV_M41T80 is not set +# CONFIG_RTC_DRV_BQ32K is not set +# CONFIG_RTC_DRV_S35390A is not set +# CONFIG_RTC_DRV_FM3130 is not set +# CONFIG_RTC_DRV_RX8010 is not set +# CONFIG_RTC_DRV_RX8581 is not set +# CONFIG_RTC_DRV_RX8025 is not set +# CONFIG_RTC_DRV_EM3027 is not set +# CONFIG_RTC_DRV_RV3028 is not set +# CONFIG_RTC_DRV_RV3032 is not set +# CONFIG_RTC_DRV_RV8803 is not set +# CONFIG_RTC_DRV_SD3078 is not set + +# +# SPI RTC drivers +# +CONFIG_RTC_I2C_AND_SPI=y + +# +# SPI and I2C RTC drivers +# +# CONFIG_RTC_DRV_DS3232 is not set +# CONFIG_RTC_DRV_PCF2127 is not set +# CONFIG_RTC_DRV_RV3029C2 is not set +# CONFIG_RTC_DRV_RX6110 is not set + +# +# Platform RTC drivers +# +CONFIG_RTC_DRV_CMOS=y +# CONFIG_RTC_DRV_DS1286 is not set +# CONFIG_RTC_DRV_DS1511 is not set +# CONFIG_RTC_DRV_DS1553 is not set +# CONFIG_RTC_DRV_DS1685_FAMILY is not set +# CONFIG_RTC_DRV_DS1742 is not set +# CONFIG_RTC_DRV_DS2404 is not set +# CONFIG_RTC_DRV_STK17TA8 is not set +# CONFIG_RTC_DRV_M48T86 is not set +# CONFIG_RTC_DRV_M48T35 is not set +# CONFIG_RTC_DRV_M48T59 is not set +# CONFIG_RTC_DRV_MSM6242 is not set +# CONFIG_RTC_DRV_RP5C01 is not set + +# +# on-CPU RTC drivers +# +# CONFIG_RTC_DRV_FTRTC010 is not set + +# +# HID Sensor RTC drivers +# +# CONFIG_RTC_DRV_GOLDFISH is not set +CONFIG_DMADEVICES=y +# CONFIG_DMADEVICES_DEBUG is not set + +# +# DMA Devices +# +CONFIG_DMA_ENGINE=y +CONFIG_DMA_VIRTUAL_CHANNELS=m +CONFIG_DMA_ACPI=y +# CONFIG_ALTERA_MSGDMA is not set +CONFIG_INTEL_IDMA64=m +# CONFIG_INTEL_IDXD is not set +# CONFIG_INTEL_IDXD_COMPAT is not set +CONFIG_INTEL_IOATDMA=y +# CONFIG_PLX_DMA is not set +# CONFIG_XILINX_DMA is not set +# CONFIG_XILINX_XDMA is not set +# CONFIG_AMD_PTDMA is not set +# CONFIG_QCOM_HIDMA_MGMT is not set +# CONFIG_QCOM_HIDMA is not set +CONFIG_DW_DMAC_CORE=y +# CONFIG_DW_DMAC is not set +CONFIG_DW_DMAC_PCI=y +# CONFIG_DW_EDMA is not set +CONFIG_HSU_DMA=m +CONFIG_HSU_DMA_PCI=m +# CONFIG_SF_PDMA is not set +# CONFIG_INTEL_LDMA is not set + +# +# DMA Clients +# +# CONFIG_ASYNC_TX_DMA is not set +# CONFIG_DMATEST is not set +CONFIG_DMA_ENGINE_RAID=y + +# +# DMABUF options +# +CONFIG_SYNC_FILE=y +# CONFIG_SW_SYNC is not set +# CONFIG_UDMABUF is not set +# CONFIG_DMABUF_MOVE_NOTIFY is not set +# CONFIG_DMABUF_DEBUG is not set +# CONFIG_DMABUF_SELFTESTS is not set +# CONFIG_DMABUF_HEAPS is not set +# CONFIG_DMABUF_SYSFS_STATS is not set +# end of DMABUF options + +CONFIG_DCA=y +CONFIG_UIO=m +# CONFIG_UIO_CIF is not set +# CONFIG_UIO_PDRV_GENIRQ is not set +# CONFIG_UIO_DMEM_GENIRQ is not set +# CONFIG_UIO_AEC is not set +# CONFIG_UIO_SERCOS3 is not set +CONFIG_UIO_PCI_GENERIC=m +# CONFIG_UIO_NETX is not set +# CONFIG_UIO_PRUSS is not set +# CONFIG_UIO_MF624 is not set +CONFIG_UIO_HV_GENERIC=m +CONFIG_VFIO=m +CONFIG_VFIO_GROUP=y +CONFIG_VFIO_CONTAINER=y +CONFIG_VFIO_IOMMU_TYPE1=m +CONFIG_VFIO_NOIOMMU=y +CONFIG_VFIO_VIRQFD=y + +# +# VFIO support for PCI devices +# +CONFIG_VFIO_PCI_CORE=m +CONFIG_VFIO_PCI_MMAP=y +CONFIG_VFIO_PCI_INTX=y +CONFIG_VFIO_PCI=m +CONFIG_VFIO_PCI_VGA=y +CONFIG_VFIO_PCI_IGD=y +# CONFIG_MLX5_VFIO_PCI is not set +# end of VFIO support for PCI devices + +CONFIG_IRQ_BYPASS_MANAGER=m +CONFIG_VIRT_DRIVERS=y +CONFIG_VMGENID=y +# CONFIG_VBOXGUEST is not set +# CONFIG_NITRO_ENCLAVES is not set +# CONFIG_EFI_SECRET is not set +CONFIG_SEV_GUEST=y +CONFIG_TDX_GUEST_DRIVER=m +CONFIG_VIRTIO_ANCHOR=y +CONFIG_VIRTIO=y +CONFIG_VIRTIO_PCI_LIB=y +CONFIG_VIRTIO_PCI_LIB_LEGACY=y +CONFIG_VIRTIO_MENU=y +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +# CONFIG_VIRTIO_PMEM is not set +CONFIG_VIRTIO_BALLOON=y +CONFIG_VIRTIO_MEM=m +# CONFIG_VIRTIO_INPUT is not set +CONFIG_VIRTIO_MMIO=y +# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set +# CONFIG_VDPA is not set +CONFIG_VHOST_IOTLB=m +CONFIG_VHOST_TASK=y +CONFIG_VHOST=m +CONFIG_VHOST_MENU=y +CONFIG_VHOST_NET=m +# CONFIG_VHOST_SCSI is not set +CONFIG_VHOST_VSOCK=m +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set + +# +# Microsoft Hyper-V guest support +# +CONFIG_HYPERV=y +# CONFIG_HYPERV_VTL_MODE is not set +CONFIG_HYPERV_VSM=y +# CONFIG_HYPERV_VSM_DISABLE_IMG_VERIFY is not set +CONFIG_HYPERV_TIMER=y +CONFIG_HYPERV_UTILS=y +CONFIG_HYPERV_BALLOON=y +# CONFIG_DXGKRNL is not set +# end of Microsoft Hyper-V guest support + +# +# Xen driver support +# +CONFIG_XEN_BALLOON=y +CONFIG_XEN_BALLOON_MEMORY_HOTPLUG=y +CONFIG_XEN_MEMORY_HOTPLUG_LIMIT=512 +CONFIG_XEN_SCRUB_PAGES_DEFAULT=y +CONFIG_XEN_DEV_EVTCHN=m +CONFIG_XEN_BACKEND=y +CONFIG_XENFS=m +CONFIG_XEN_COMPAT_XENFS=y +CONFIG_XEN_SYS_HYPERVISOR=y +CONFIG_XEN_XENBUS_FRONTEND=y +CONFIG_XEN_GNTDEV=m +CONFIG_XEN_GRANT_DEV_ALLOC=m +# CONFIG_XEN_GRANT_DMA_ALLOC is not set +CONFIG_SWIOTLB_XEN=y +CONFIG_XEN_PCI_STUB=y +CONFIG_XEN_PCIDEV_BACKEND=m +# CONFIG_XEN_PVCALLS_FRONTEND is not set +# CONFIG_XEN_PVCALLS_BACKEND is not set +# CONFIG_XEN_SCSI_BACKEND is not set +CONFIG_XEN_PRIVCMD=m +CONFIG_XEN_ACPI_PROCESSOR=m +CONFIG_XEN_MCE_LOG=y +CONFIG_XEN_HAVE_PVMMU=y +CONFIG_XEN_EFI=y +CONFIG_XEN_AUTO_XLATE=y +CONFIG_XEN_ACPI=y +# CONFIG_XEN_SYMS is not set +CONFIG_XEN_HAVE_VPMU=y +CONFIG_XEN_UNPOPULATED_ALLOC=y +# CONFIG_XEN_VIRTIO is not set +# end of Xen driver support + +# CONFIG_GREYBUS is not set +# CONFIG_COMEDI is not set +# CONFIG_STAGING is not set +# CONFIG_CHROME_PLATFORMS is not set +# CONFIG_MELLANOX_PLATFORM is not set +CONFIG_SURFACE_PLATFORMS=y +# CONFIG_SURFACE_3_POWER_OPREGION is not set +# CONFIG_SURFACE_GPE is not set +# CONFIG_SURFACE_HOTPLUG is not set +# CONFIG_SURFACE_PRO3_BUTTON is not set +# CONFIG_SURFACE_AGGREGATOR is not set +CONFIG_X86_PLATFORM_DEVICES=y +CONFIG_ACPI_WMI=m +CONFIG_WMI_BMOF=m +# CONFIG_HUAWEI_WMI is not set +CONFIG_MXM_WMI=m +# CONFIG_NVIDIA_WMI_EC_BACKLIGHT is not set +# CONFIG_XIAOMI_WMI is not set +# CONFIG_GIGABYTE_WMI is not set +# CONFIG_YOGABOOK is not set +# CONFIG_ACERHDF is not set +# CONFIG_ACER_WIRELESS is not set +# CONFIG_ACER_WMI is not set +# CONFIG_AMD_PMF is not set +# CONFIG_AMD_PMC is not set +# CONFIG_AMD_HSMP is not set +# CONFIG_ADV_SWBUTTON is not set +# CONFIG_APPLE_GMUX is not set +# CONFIG_ASUS_LAPTOP is not set +# CONFIG_ASUS_WIRELESS is not set +# CONFIG_ASUS_WMI is not set +# CONFIG_ASUS_TF103C_DOCK is not set +# CONFIG_MERAKI_MX100 is not set +# CONFIG_EEEPC_LAPTOP is not set +CONFIG_X86_PLATFORM_DRIVERS_DELL=y +# CONFIG_ALIENWARE_WMI is not set +CONFIG_DCDBAS=m +# CONFIG_DELL_LAPTOP is not set +CONFIG_DELL_RBU=m +CONFIG_DELL_SMBIOS=m +CONFIG_DELL_SMBIOS_WMI=y +CONFIG_DELL_SMBIOS_SMM=y +CONFIG_DELL_SMO8800=m +CONFIG_DELL_WMI=m +CONFIG_DELL_WMI_PRIVACY=y +CONFIG_DELL_WMI_AIO=m +CONFIG_DELL_WMI_DESCRIPTOR=m +CONFIG_DELL_WMI_DDV=m +CONFIG_DELL_WMI_LED=m +CONFIG_DELL_WMI_SYSMAN=m +# CONFIG_FUJITSU_LAPTOP is not set +# CONFIG_FUJITSU_TABLET is not set +# CONFIG_GPD_POCKET_FAN is not set +# CONFIG_X86_PLATFORM_DRIVERS_HP is not set +# CONFIG_WIRELESS_HOTKEY is not set +# CONFIG_IBM_RTL is not set +# CONFIG_LENOVO_YMC is not set +# CONFIG_SENSORS_HDAPS is not set +# CONFIG_THINKPAD_ACPI is not set +# CONFIG_THINKPAD_LMI is not set +# CONFIG_INTEL_ATOMISP2_PM is not set +CONFIG_INTEL_IFS=m +# CONFIG_INTEL_SAR_INT1092 is not set +# CONFIG_INTEL_PMC_CORE is not set + +# +# Intel Speed Select Technology interface support +# +# CONFIG_INTEL_SPEED_SELECT_INTERFACE is not set +# end of Intel Speed Select Technology interface support + +# CONFIG_INTEL_WMI_SBL_FW_UPDATE is not set +# CONFIG_INTEL_WMI_THUNDERBOLT is not set + +# +# Intel Uncore Frequency Control +# +# CONFIG_INTEL_UNCORE_FREQ_CONTROL is not set +# end of Intel Uncore Frequency Control + +# CONFIG_INTEL_HID_EVENT is not set +# CONFIG_INTEL_VBTN is not set +# CONFIG_INTEL_INT0002_VGPIO is not set +CONFIG_INTEL_PUNIT_IPC=m +# CONFIG_INTEL_RST is not set +# CONFIG_INTEL_SMARTCONNECT is not set +# CONFIG_INTEL_TURBO_MAX_3 is not set +# CONFIG_INTEL_VSEC is not set +# CONFIG_MSI_EC is not set +# CONFIG_MSI_WMI is not set +# CONFIG_PCENGINES_APU2 is not set +# CONFIG_BARCO_P50_GPIO is not set +# CONFIG_SAMSUNG_LAPTOP is not set +# CONFIG_SAMSUNG_Q10 is not set +# CONFIG_ACPI_TOSHIBA is not set +# CONFIG_TOSHIBA_BT_RFKILL is not set +# CONFIG_TOSHIBA_HAPS is not set +# CONFIG_TOSHIBA_WMI is not set +# CONFIG_ACPI_CMPC is not set +# CONFIG_LG_LAPTOP is not set +# CONFIG_PANASONIC_LAPTOP is not set +# CONFIG_SYSTEM76_ACPI is not set +# CONFIG_TOPSTAR_LAPTOP is not set +CONFIG_MLX_PLATFORM=m +CONFIG_FW_ATTR_CLASS=m +# CONFIG_INTEL_IPS is not set +CONFIG_INTEL_SCU_IPC=y +CONFIG_INTEL_SCU=y +CONFIG_INTEL_SCU_PCI=y +# CONFIG_INTEL_SCU_PLATFORM is not set +CONFIG_INTEL_SCU_IPC_UTIL=y +# CONFIG_SIEMENS_SIMATIC_IPC is not set +# CONFIG_WINMATE_FM07_KEYS is not set +# CONFIG_SEL3350_PLATFORM is not set +CONFIG_P2SB=y +CONFIG_HAVE_CLK=y +CONFIG_HAVE_CLK_PREPARE=y +CONFIG_COMMON_CLK=y +# CONFIG_COMMON_CLK_MAX9485 is not set +# CONFIG_COMMON_CLK_SI5341 is not set +# CONFIG_COMMON_CLK_SI5351 is not set +# CONFIG_COMMON_CLK_SI544 is not set +# CONFIG_COMMON_CLK_CDCE706 is not set +# CONFIG_COMMON_CLK_CS2000_CP is not set +# CONFIG_COMMON_CLK_PWM is not set +# CONFIG_XILINX_VCU is not set +# CONFIG_HWSPINLOCK is not set + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_CLKBLD_I8253=y +CONFIG_DW_APB_TIMER=y +# end of Clock Source drivers + +CONFIG_MAILBOX=y +CONFIG_PCC=y +# CONFIG_ALTERA_MBOX is not set +CONFIG_IOMMU_IOVA=y +CONFIG_IOMMU_API=y +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +CONFIG_IOMMU_IO_PGTABLE=y +# end of Generic IOMMU Pagetable Support + +# CONFIG_IOMMU_DEBUGFS is not set +# CONFIG_IOMMU_DEFAULT_DMA_STRICT is not set +CONFIG_IOMMU_DEFAULT_DMA_LAZY=y +# CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set +CONFIG_IOMMU_DMA=y +CONFIG_IOMMU_SVA=y +CONFIG_AMD_IOMMU=y +CONFIG_AMD_IOMMU_V2=y +CONFIG_DMAR_TABLE=y +CONFIG_INTEL_IOMMU=y +CONFIG_INTEL_IOMMU_SVM=y +CONFIG_INTEL_IOMMU_DEFAULT_ON=y +CONFIG_INTEL_IOMMU_FLOPPY_WA=y +# CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON is not set +CONFIG_INTEL_IOMMU_PERF_EVENTS=y +# CONFIG_IOMMUFD is not set +CONFIG_IRQ_REMAP=y +CONFIG_HYPERV_IOMMU=y +# CONFIG_VIRTIO_IOMMU is not set + +# +# Remoteproc drivers +# +# CONFIG_REMOTEPROC is not set +# end of Remoteproc drivers + +# +# Rpmsg drivers +# +# CONFIG_RPMSG_QCOM_GLINK_RPM is not set +# CONFIG_RPMSG_VIRTIO is not set +# end of Rpmsg drivers + +# CONFIG_SOUNDWIRE is not set + +# +# SOC (System On Chip) specific Drivers +# + +# +# Amlogic SoC drivers +# +# end of Amlogic SoC drivers + +# +# Broadcom SoC drivers +# +# end of Broadcom SoC drivers + +# +# NXP/Freescale QorIQ SoC drivers +# +# end of NXP/Freescale QorIQ SoC drivers + +# +# fujitsu SoC drivers +# +# end of fujitsu SoC drivers + +# +# i.MX SoC drivers +# +# end of i.MX SoC drivers + +# +# Enable LiteX SoC Builder specific drivers +# +# end of Enable LiteX SoC Builder specific drivers + +# CONFIG_WPCM450_SOC is not set + +# +# Qualcomm SoC drivers +# +# end of Qualcomm SoC drivers + +# CONFIG_SOC_TI is not set + +# +# Xilinx SoC drivers +# +# end of Xilinx SoC drivers +# end of SOC (System On Chip) specific Drivers + +CONFIG_PM_DEVFREQ=y + +# +# DEVFREQ Governors +# +CONFIG_DEVFREQ_GOV_SIMPLE_ONDEMAND=m +# CONFIG_DEVFREQ_GOV_PERFORMANCE is not set +# CONFIG_DEVFREQ_GOV_POWERSAVE is not set +# CONFIG_DEVFREQ_GOV_USERSPACE is not set +# CONFIG_DEVFREQ_GOV_PASSIVE is not set + +# +# DEVFREQ Drivers +# +# CONFIG_PM_DEVFREQ_EVENT is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +CONFIG_IIO=m +CONFIG_IIO_BUFFER=y +CONFIG_IIO_BUFFER_CB=m +# CONFIG_IIO_BUFFER_DMA is not set +# CONFIG_IIO_BUFFER_DMAENGINE is not set +# CONFIG_IIO_BUFFER_HW_CONSUMER is not set +CONFIG_IIO_KFIFO_BUF=m +CONFIG_IIO_TRIGGERED_BUFFER=m +# CONFIG_IIO_CONFIGFS is not set +CONFIG_IIO_TRIGGER=y +CONFIG_IIO_CONSUMERS_PER_TRIGGER=2 +# CONFIG_IIO_SW_DEVICE is not set +# CONFIG_IIO_SW_TRIGGER is not set +# CONFIG_IIO_TRIGGERED_EVENT is not set + +# +# Accelerometers +# +# CONFIG_ADXL313_I2C is not set +# CONFIG_ADXL345_I2C is not set +# CONFIG_ADXL355_I2C is not set +# CONFIG_ADXL367_I2C is not set +# CONFIG_ADXL372_I2C is not set +# CONFIG_BMA180 is not set +# CONFIG_BMA400 is not set +# CONFIG_BMC150_ACCEL is not set +# CONFIG_DA280 is not set +# CONFIG_DA311 is not set +# CONFIG_DMARD06 is not set +# CONFIG_DMARD09 is not set +# CONFIG_DMARD10 is not set +# CONFIG_FXLS8962AF_I2C is not set +CONFIG_IIO_ST_ACCEL_3AXIS=m +CONFIG_IIO_ST_ACCEL_I2C_3AXIS=m +# CONFIG_IIO_KX022A_I2C is not set +# CONFIG_KXSD9 is not set +# CONFIG_KXCJK1013 is not set +# CONFIG_MC3230 is not set +# CONFIG_MMA7455_I2C is not set +# CONFIG_MMA7660 is not set +# CONFIG_MMA8452 is not set +# CONFIG_MMA9551 is not set +# CONFIG_MMA9553 is not set +# CONFIG_MSA311 is not set +# CONFIG_MXC4005 is not set +# CONFIG_MXC6255 is not set +# CONFIG_STK8312 is not set +# CONFIG_STK8BA50 is not set +# end of Accelerometers + +# +# Analog to digital converters +# +# CONFIG_AD7091R5 is not set +# CONFIG_AD7291 is not set +# CONFIG_AD7606_IFACE_PARALLEL is not set +# CONFIG_AD799X is not set +# CONFIG_ADI_AXI_ADC is not set +# CONFIG_ENVELOPE_DETECTOR is not set +# CONFIG_HX711 is not set +# CONFIG_INA2XX_ADC is not set +# CONFIG_LTC2471 is not set +# CONFIG_LTC2485 is not set +# CONFIG_LTC2497 is not set +# CONFIG_MAX1363 is not set +# CONFIG_MAX9611 is not set +# CONFIG_MCP3422 is not set +# CONFIG_NAU7802 is not set +# CONFIG_RICHTEK_RTQ6056 is not set +# CONFIG_SD_ADC_MODULATOR is not set +# CONFIG_TI_ADC081C is not set +# CONFIG_TI_ADS1015 is not set +# CONFIG_TI_ADS7924 is not set +# CONFIG_TI_ADS1100 is not set +# CONFIG_VF610_ADC is not set +# CONFIG_XILINX_XADC is not set +# end of Analog to digital converters + +# +# Analog to digital and digital to analog converters +# +# CONFIG_STX104 is not set +# end of Analog to digital and digital to analog converters + +# +# Analog Front Ends +# +# CONFIG_IIO_RESCALE is not set +# end of Analog Front Ends + +# +# Amplifiers +# +# CONFIG_HMC425 is not set +# end of Amplifiers + +# +# Capacitance to digital converters +# +# CONFIG_AD7150 is not set +# CONFIG_AD7746 is not set +# end of Capacitance to digital converters + +# +# Chemical Sensors +# +# CONFIG_ATLAS_PH_SENSOR is not set +# CONFIG_ATLAS_EZO_SENSOR is not set +# CONFIG_BME680 is not set +# CONFIG_CCS811 is not set +# CONFIG_IAQCORE is not set +# CONFIG_PMS7003 is not set +# CONFIG_SCD30_CORE is not set +# CONFIG_SCD4X is not set +# CONFIG_SENSIRION_SGP30 is not set +# CONFIG_SENSIRION_SGP40 is not set +# CONFIG_SPS30_I2C is not set +# CONFIG_SPS30_SERIAL is not set +# CONFIG_SENSEAIR_SUNRISE_CO2 is not set +# CONFIG_VZ89X is not set +# end of Chemical Sensors + +# +# Hid Sensor IIO Common +# +# end of Hid Sensor IIO Common + +# +# IIO SCMI Sensors +# +# end of IIO SCMI Sensors + +# +# SSP Sensor Common +# +# end of SSP Sensor Common + +CONFIG_IIO_ST_SENSORS_I2C=m +CONFIG_IIO_ST_SENSORS_CORE=m + +# +# Digital to analog converters +# +# CONFIG_AD5064 is not set +# CONFIG_AD5380 is not set +# CONFIG_AD5446 is not set +# CONFIG_AD5593R is not set +# CONFIG_AD5696_I2C is not set +# CONFIG_CIO_DAC is not set +# CONFIG_DPOT_DAC is not set +# CONFIG_DS4424 is not set +# CONFIG_M62332 is not set +# CONFIG_MAX517 is not set +# CONFIG_MAX5821 is not set +# CONFIG_MCP4725 is not set +# CONFIG_MCP4728 is not set +# CONFIG_TI_DAC5571 is not set +# CONFIG_VF610_DAC is not set +# end of Digital to analog converters + +# +# IIO dummy driver +# +# end of IIO dummy driver + +# +# Filters +# +# end of Filters + +# +# Frequency Synthesizers DDS/PLL +# + +# +# Clock Generator/Distribution +# +# end of Clock Generator/Distribution + +# +# Phase-Locked Loop (PLL) frequency synthesizers +# +# end of Phase-Locked Loop (PLL) frequency synthesizers +# end of Frequency Synthesizers DDS/PLL + +# +# Digital gyroscope sensors +# +# CONFIG_BMG160 is not set +# CONFIG_FXAS21002C is not set +# CONFIG_MPU3050_I2C is not set +# CONFIG_IIO_ST_GYRO_3AXIS is not set +# CONFIG_ITG3200 is not set +# end of Digital gyroscope sensors + +# +# Health Sensors +# + +# +# Heart Rate Monitors +# +# CONFIG_AFE4404 is not set +# CONFIG_MAX30100 is not set +# CONFIG_MAX30102 is not set +# end of Heart Rate Monitors +# end of Health Sensors + +# +# Humidity sensors +# +# CONFIG_AM2315 is not set +# CONFIG_DHT11 is not set +# CONFIG_HDC100X is not set +# CONFIG_HDC2010 is not set +CONFIG_HTS221=m +CONFIG_HTS221_I2C=m +# CONFIG_HTU21 is not set +# CONFIG_SI7005 is not set +# CONFIG_SI7020 is not set +# end of Humidity sensors + +# +# Inertial measurement units +# +# CONFIG_BMI160_I2C is not set +# CONFIG_BOSCH_BNO055_SERIAL is not set +# CONFIG_BOSCH_BNO055_I2C is not set +# CONFIG_FXOS8700_I2C is not set +# CONFIG_KMX61 is not set +# CONFIG_INV_ICM42600_I2C is not set +# CONFIG_INV_MPU6050_I2C is not set +# CONFIG_IIO_ST_LSM6DSX is not set +# CONFIG_IIO_ST_LSM9DS0 is not set +# end of Inertial measurement units + +# +# Light sensors +# +# CONFIG_ACPI_ALS is not set +# CONFIG_ADJD_S311 is not set +# CONFIG_ADUX1020 is not set +# CONFIG_AL3010 is not set +# CONFIG_AL3320A is not set +# CONFIG_APDS9300 is not set +# CONFIG_APDS9960 is not set +# CONFIG_AS73211 is not set +# CONFIG_BH1750 is not set +# CONFIG_BH1780 is not set +# CONFIG_CM32181 is not set +# CONFIG_CM3232 is not set +# CONFIG_CM3323 is not set +# CONFIG_CM3605 is not set +# CONFIG_CM36651 is not set +# CONFIG_GP2AP002 is not set +# CONFIG_GP2AP020A00F is not set +# CONFIG_SENSORS_ISL29018 is not set +# CONFIG_SENSORS_ISL29028 is not set +# CONFIG_ISL29125 is not set +# CONFIG_JSA1212 is not set +# CONFIG_ROHM_BU27008 is not set +# CONFIG_ROHM_BU27034 is not set +# CONFIG_RPR0521 is not set +# CONFIG_LTR501 is not set +# CONFIG_LTRF216A is not set +# CONFIG_LV0104CS is not set +# CONFIG_MAX44000 is not set +# CONFIG_MAX44009 is not set +# CONFIG_NOA1305 is not set +# CONFIG_OPT3001 is not set +# CONFIG_OPT4001 is not set +# CONFIG_PA12203001 is not set +# CONFIG_SI1133 is not set +# CONFIG_SI1145 is not set +# CONFIG_STK3310 is not set +# CONFIG_ST_UVIS25 is not set +# CONFIG_TCS3414 is not set +# CONFIG_TCS3472 is not set +# CONFIG_SENSORS_TSL2563 is not set +# CONFIG_TSL2583 is not set +# CONFIG_TSL2591 is not set +# CONFIG_TSL2772 is not set +# CONFIG_TSL4531 is not set +# CONFIG_US5182D is not set +# CONFIG_VCNL4000 is not set +# CONFIG_VCNL4035 is not set +# CONFIG_VEML6030 is not set +# CONFIG_VEML6070 is not set +# CONFIG_VL6180 is not set +# CONFIG_ZOPT2201 is not set +# end of Light sensors + +# +# Magnetometer sensors +# +# CONFIG_AK8974 is not set +# CONFIG_AK8975 is not set +# CONFIG_AK09911 is not set +# CONFIG_BMC150_MAGN_I2C is not set +# CONFIG_MAG3110 is not set +# CONFIG_MMC35240 is not set +# CONFIG_IIO_ST_MAGN_3AXIS is not set +# CONFIG_SENSORS_HMC5843_I2C is not set +# CONFIG_SENSORS_RM3100_I2C is not set +# CONFIG_TI_TMAG5273 is not set +# CONFIG_YAMAHA_YAS530 is not set +# end of Magnetometer sensors + +# +# Multiplexers +# +# CONFIG_IIO_MUX is not set +# end of Multiplexers + +# +# Inclinometer sensors +# +# end of Inclinometer sensors + +# +# Triggers - standalone +# +# CONFIG_IIO_INTERRUPT_TRIGGER is not set +# CONFIG_IIO_SYSFS_TRIGGER is not set +# end of Triggers - standalone + +# +# Linear and angular position sensors +# +# end of Linear and angular position sensors + +# +# Digital potentiometers +# +# CONFIG_AD5110 is not set +# CONFIG_AD5272 is not set +# CONFIG_DS1803 is not set +# CONFIG_MAX5432 is not set +# CONFIG_MCP4018 is not set +# CONFIG_MCP4531 is not set +# CONFIG_TPL0102 is not set +# end of Digital potentiometers + +# +# Digital potentiostats +# +# CONFIG_LMP91000 is not set +# end of Digital potentiostats + +# +# Pressure sensors +# +# CONFIG_ABP060MG is not set +# CONFIG_BMP280 is not set +# CONFIG_DLHL60D is not set +# CONFIG_DPS310 is not set +# CONFIG_HP03 is not set +# CONFIG_ICP10100 is not set +# CONFIG_MPL115_I2C is not set +# CONFIG_MPL3115 is not set +# CONFIG_MPRLS0025PA is not set +# CONFIG_MS5611 is not set +# CONFIG_MS5637 is not set +CONFIG_IIO_ST_PRESS=m +CONFIG_IIO_ST_PRESS_I2C=m +# CONFIG_T5403 is not set +# CONFIG_HP206C is not set +# CONFIG_ZPA2326 is not set +# end of Pressure sensors + +# +# Lightning sensors +# +# end of Lightning sensors + +# +# Proximity and distance sensors +# +# CONFIG_IRSD200 is not set +# CONFIG_ISL29501 is not set +# CONFIG_LIDAR_LITE_V2 is not set +# CONFIG_MB1232 is not set +# CONFIG_PING is not set +# CONFIG_RFD77402 is not set +# CONFIG_SRF04 is not set +# CONFIG_SX9310 is not set +# CONFIG_SX9324 is not set +# CONFIG_SX9360 is not set +# CONFIG_SX9500 is not set +# CONFIG_SRF08 is not set +# CONFIG_VCNL3020 is not set +# CONFIG_VL53L0X_I2C is not set +# end of Proximity and distance sensors + +# +# Resolver to digital converters +# +# end of Resolver to digital converters + +# +# Temperature sensors +# +# CONFIG_MLX90614 is not set +# CONFIG_MLX90632 is not set +# CONFIG_TMP006 is not set +# CONFIG_TMP007 is not set +# CONFIG_TMP117 is not set +# CONFIG_TSYS01 is not set +# CONFIG_TSYS02D is not set +# CONFIG_MAX30208 is not set +# end of Temperature sensors + +# CONFIG_NTB is not set +CONFIG_PWM=y +CONFIG_PWM_SYSFS=y +# CONFIG_PWM_DEBUG is not set +# CONFIG_PWM_CLK is not set +# CONFIG_PWM_DWC is not set +CONFIG_PWM_LPSS=m +CONFIG_PWM_LPSS_PCI=m +CONFIG_PWM_LPSS_PLATFORM=m +# CONFIG_PWM_PCA9685 is not set + +# +# IRQ chip support +# +# end of IRQ chip support + +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set + +# +# PHY Subsystem +# +CONFIG_GENERIC_PHY=y +# CONFIG_USB_LGM_PHY is not set +# CONFIG_PHY_CAN_TRANSCEIVER is not set + +# +# PHY drivers for Broadcom platforms +# +# CONFIG_BCM_KONA_USB2_PHY is not set +# end of PHY drivers for Broadcom platforms + +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_PHY_CPCAP_USB is not set +# CONFIG_PHY_INTEL_LGM_EMMC is not set +# end of PHY Subsystem + +CONFIG_POWERCAP=y +CONFIG_INTEL_RAPL_CORE=m +CONFIG_INTEL_RAPL=m +# CONFIG_IDLE_INJECT is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# end of Performance monitor support + +CONFIG_RAS=y +CONFIG_RAS_CEC=y +# CONFIG_RAS_CEC_DEBUG is not set +# CONFIG_USB4 is not set + +# +# Android +# +# CONFIG_ANDROID_BINDER_IPC is not set +# end of Android + +CONFIG_LIBNVDIMM=y +CONFIG_BLK_DEV_PMEM=y +CONFIG_ND_CLAIM=y +CONFIG_ND_BTT=y +CONFIG_BTT=y +CONFIG_ND_PFN=y +CONFIG_NVDIMM_PFN=y +CONFIG_NVDIMM_DAX=y +CONFIG_NVDIMM_KEYS=y +# CONFIG_NVDIMM_SECURITY_TEST is not set +CONFIG_DAX=y +CONFIG_DEV_DAX=m +CONFIG_DEV_DAX_PMEM=m +CONFIG_DEV_DAX_KMEM=m +CONFIG_NVMEM=y +CONFIG_NVMEM_SYSFS=y + +# +# Layout Types +# +# CONFIG_NVMEM_LAYOUT_SL28_VPD is not set +# CONFIG_NVMEM_LAYOUT_ONIE_TLV is not set +# end of Layout Types + +# CONFIG_NVMEM_RMEM is not set + +# +# HW tracing support +# +# CONFIG_STM is not set +# CONFIG_INTEL_TH is not set +# end of HW tracing support + +# CONFIG_FPGA is not set +# CONFIG_TEE is not set +CONFIG_PM_OPP=y +# CONFIG_SIOX is not set +# CONFIG_SLIMBUS is not set +# CONFIG_INTERCONNECT is not set +# CONFIG_COUNTER is not set +# CONFIG_MOST is not set +# CONFIG_PECI is not set +# CONFIG_HTE is not set +# end of Device Drivers + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +# CONFIG_VALIDATE_FS_PARSER is not set +CONFIG_FS_IOMAP=y +CONFIG_BUFFER_HEAD=y +CONFIG_LEGACY_DIRECT_IO=y +CONFIG_EXT2_FS=y +# CONFIG_EXT2_FS_XATTR is not set +# CONFIG_EXT3_FS is not set +CONFIG_EXT4_FS=y +CONFIG_EXT4_FS_POSIX_ACL=y +CONFIG_EXT4_FS_SECURITY=y +# CONFIG_EXT4_DEBUG is not set +CONFIG_JBD2=y +# CONFIG_JBD2_DEBUG is not set +CONFIG_FS_MBCACHE=y +# CONFIG_REISERFS_FS is not set +# CONFIG_JFS_FS is not set +CONFIG_XFS_FS=y +# CONFIG_XFS_SUPPORT_V4 is not set +CONFIG_XFS_SUPPORT_ASCII_CI=y +CONFIG_XFS_QUOTA=y +CONFIG_XFS_POSIX_ACL=y +CONFIG_XFS_RT=y +# CONFIG_XFS_ONLINE_SCRUB is not set +CONFIG_XFS_WARN=y +# CONFIG_XFS_DEBUG is not set +# CONFIG_GFS2_FS is not set +# CONFIG_OCFS2_FS is not set +CONFIG_BTRFS_FS=m +CONFIG_BTRFS_FS_POSIX_ACL=y +# CONFIG_BTRFS_FS_CHECK_INTEGRITY is not set +# CONFIG_BTRFS_FS_RUN_SANITY_TESTS is not set +# CONFIG_BTRFS_DEBUG is not set +# CONFIG_BTRFS_ASSERT is not set +# CONFIG_BTRFS_FS_REF_VERIFY is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +# CONFIG_ZONEFS_FS is not set +CONFIG_FS_DAX=y +CONFIG_FS_DAX_PMD=y +CONFIG_FS_POSIX_ACL=y +CONFIG_EXPORTFS=y +CONFIG_EXPORTFS_BLOCK_OPS=y +CONFIG_FILE_LOCKING=y +# CONFIG_FS_ENCRYPTION is not set +CONFIG_FS_VERITY=y +CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +CONFIG_FANOTIFY=y +CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y +CONFIG_QUOTA=y +CONFIG_QUOTA_NETLINK_INTERFACE=y +# CONFIG_QUOTA_DEBUG is not set +CONFIG_QUOTA_TREE=m +# CONFIG_QFMT_V1 is not set +CONFIG_QFMT_V2=m +CONFIG_QUOTACTL=y +CONFIG_AUTOFS_FS=m +CONFIG_FUSE_FS=m +CONFIG_CUSE=m +CONFIG_VIRTIO_FS=m +CONFIG_FUSE_DAX=y +CONFIG_OVERLAY_FS=y +# CONFIG_OVERLAY_FS_REDIRECT_DIR is not set +CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y +# CONFIG_OVERLAY_FS_INDEX is not set +# CONFIG_OVERLAY_FS_XINO_AUTO is not set +# CONFIG_OVERLAY_FS_METACOPY is not set +# CONFIG_OVERLAY_FS_DEBUG is not set + +# +# Caches +# +CONFIG_NETFS_SUPPORT=m +# CONFIG_NETFS_STATS is not set +CONFIG_FSCACHE=m +# CONFIG_FSCACHE_STATS is not set +# CONFIG_FSCACHE_DEBUG is not set +# CONFIG_CACHEFILES is not set +# end of Caches + +# +# CD-ROM/DVD Filesystems +# +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +CONFIG_ZISOFS=y +CONFIG_UDF_FS=y +# end of CD-ROM/DVD Filesystems + +# +# DOS/FAT/EXFAT/NT Filesystems +# +CONFIG_FAT_FS=y +CONFIG_MSDOS_FS=m +CONFIG_VFAT_FS=y +CONFIG_FAT_DEFAULT_CODEPAGE=437 +CONFIG_FAT_DEFAULT_IOCHARSET="ascii" +# CONFIG_FAT_DEFAULT_UTF8 is not set +# CONFIG_EXFAT_FS is not set +# CONFIG_NTFS_FS is not set +# CONFIG_NTFS3_FS is not set +# end of DOS/FAT/EXFAT/NT Filesystems + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +CONFIG_PROC_KCORE=y +CONFIG_PROC_VMCORE=y +CONFIG_PROC_VMCORE_DEVICE_DUMP=y +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +CONFIG_PROC_CHILDREN=y +CONFIG_PROC_PID_ARCH_STATUS=y +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +CONFIG_TMPFS_POSIX_ACL=y +CONFIG_TMPFS_XATTR=y +# CONFIG_TMPFS_INODE64 is not set +# CONFIG_TMPFS_QUOTA is not set +CONFIG_HUGETLBFS=y +# CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON is not set +CONFIG_HUGETLB_PAGE=y +CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y +CONFIG_ARCH_HAS_GIGANTIC_PAGE=y +CONFIG_CONFIGFS_FS=m +CONFIG_EFIVAR_FS=y +# end of Pseudo filesystems + +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_ORANGEFS_FS is not set +# CONFIG_ADFS_FS is not set +# CONFIG_AFFS_FS is not set +# CONFIG_ECRYPT_FS is not set +# CONFIG_HFS_FS is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_EFS_FS is not set +CONFIG_CRAMFS=m +CONFIG_CRAMFS_BLOCKDEV=y +CONFIG_SQUASHFS=y +# CONFIG_SQUASHFS_FILE_CACHE is not set +CONFIG_SQUASHFS_FILE_DIRECT=y +CONFIG_SQUASHFS_DECOMP_SINGLE=y +# CONFIG_SQUASHFS_CHOICE_DECOMP_BY_MOUNT is not set +CONFIG_SQUASHFS_COMPILE_DECOMP_SINGLE=y +# CONFIG_SQUASHFS_COMPILE_DECOMP_MULTI is not set +# CONFIG_SQUASHFS_COMPILE_DECOMP_MULTI_PERCPU is not set +CONFIG_SQUASHFS_XATTR=y +CONFIG_SQUASHFS_ZLIB=y +CONFIG_SQUASHFS_LZ4=y +CONFIG_SQUASHFS_LZO=y +CONFIG_SQUASHFS_XZ=y +# CONFIG_SQUASHFS_ZSTD is not set +# CONFIG_SQUASHFS_4K_DEVBLK_SIZE is not set +# CONFIG_SQUASHFS_EMBEDDED is not set +CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3 +# CONFIG_VXFS_FS is not set +# CONFIG_MINIX_FS is not set +# CONFIG_OMFS_FS is not set +# CONFIG_HPFS_FS is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_ROMFS_FS is not set +CONFIG_PSTORE=y +CONFIG_PSTORE_DEFAULT_KMSG_BYTES=10240 +CONFIG_PSTORE_COMPRESS=y +# CONFIG_PSTORE_CONSOLE is not set +# CONFIG_PSTORE_PMSG is not set +# CONFIG_PSTORE_RAM is not set +# CONFIG_PSTORE_BLK is not set +# CONFIG_SYSV_FS is not set +# CONFIG_UFS_FS is not set +CONFIG_EROFS_FS=m +# CONFIG_EROFS_FS_DEBUG is not set +CONFIG_EROFS_FS_XATTR=y +CONFIG_EROFS_FS_POSIX_ACL=y +CONFIG_EROFS_FS_SECURITY=y +CONFIG_EROFS_FS_ZIP=y +# CONFIG_EROFS_FS_ZIP_LZMA is not set +# CONFIG_EROFS_FS_ZIP_DEFLATE is not set +# CONFIG_EROFS_FS_PCPU_KTHREAD is not set +CONFIG_NETWORK_FILESYSTEMS=y +CONFIG_NFS_FS=m +CONFIG_NFS_V2=m +CONFIG_NFS_V3=m +CONFIG_NFS_V3_ACL=y +CONFIG_NFS_V4=m +# CONFIG_NFS_SWAP is not set +CONFIG_NFS_V4_1=y +CONFIG_NFS_V4_2=y +CONFIG_PNFS_FILE_LAYOUT=m +CONFIG_PNFS_BLOCK=m +CONFIG_PNFS_FLEXFILE_LAYOUT=m +CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" +# CONFIG_NFS_V4_1_MIGRATION is not set +CONFIG_NFS_V4_SECURITY_LABEL=y +CONFIG_NFS_FSCACHE=y +# CONFIG_NFS_USE_LEGACY_DNS is not set +CONFIG_NFS_USE_KERNEL_DNS=y +CONFIG_NFS_DEBUG=y +CONFIG_NFS_DISABLE_UDP_SUPPORT=y +# CONFIG_NFS_V4_2_READ_PLUS is not set +CONFIG_NFSD=m +# CONFIG_NFSD_V2 is not set +CONFIG_NFSD_V3_ACL=y +CONFIG_NFSD_V4=y +CONFIG_NFSD_PNFS=y +CONFIG_NFSD_BLOCKLAYOUT=y +CONFIG_NFSD_SCSILAYOUT=y +CONFIG_NFSD_FLEXFILELAYOUT=y +# CONFIG_NFSD_V4_2_INTER_SSC is not set +CONFIG_NFSD_V4_SECURITY_LABEL=y +CONFIG_GRACE_PERIOD=m +CONFIG_LOCKD=m +CONFIG_LOCKD_V4=y +CONFIG_NFS_ACL_SUPPORT=m +CONFIG_NFS_COMMON=y +CONFIG_NFS_V4_2_SSC_HELPER=y +CONFIG_SUNRPC=m +CONFIG_SUNRPC_GSS=m +CONFIG_SUNRPC_BACKCHANNEL=y +CONFIG_RPCSEC_GSS_KRB5=m +CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1=y +# CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2 is not set +CONFIG_SUNRPC_DEBUG=y +CONFIG_SUNRPC_XPRT_RDMA=m +CONFIG_CEPH_FS=m +CONFIG_CEPH_FSCACHE=y +CONFIG_CEPH_FS_POSIX_ACL=y +# CONFIG_CEPH_FS_SECURITY_LABEL is not set +CONFIG_CIFS=m +CONFIG_CIFS_STATS2=y +# CONFIG_CIFS_ALLOW_INSECURE_LEGACY is not set +CONFIG_CIFS_UPCALL=y +CONFIG_CIFS_XATTR=y +CONFIG_CIFS_DEBUG=y +# CONFIG_CIFS_DEBUG2 is not set +# CONFIG_CIFS_DEBUG_DUMP_KEYS is not set +CONFIG_CIFS_DFS_UPCALL=y +# CONFIG_CIFS_SWN_UPCALL is not set +# CONFIG_CIFS_SMB_DIRECT is not set +# CONFIG_CIFS_FSCACHE is not set +# CONFIG_SMB_SERVER is not set +CONFIG_SMBFS=m +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_9P_FS=m +# CONFIG_9P_FSCACHE is not set +CONFIG_9P_FS_POSIX_ACL=y +CONFIG_9P_FS_SECURITY=y +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="utf8" +CONFIG_NLS_CODEPAGE_437=y +# CONFIG_NLS_CODEPAGE_737 is not set +# CONFIG_NLS_CODEPAGE_775 is not set +# CONFIG_NLS_CODEPAGE_850 is not set +# CONFIG_NLS_CODEPAGE_852 is not set +# CONFIG_NLS_CODEPAGE_855 is not set +# CONFIG_NLS_CODEPAGE_857 is not set +# CONFIG_NLS_CODEPAGE_860 is not set +# CONFIG_NLS_CODEPAGE_861 is not set +# CONFIG_NLS_CODEPAGE_862 is not set +# CONFIG_NLS_CODEPAGE_863 is not set +# CONFIG_NLS_CODEPAGE_864 is not set +# CONFIG_NLS_CODEPAGE_865 is not set +# CONFIG_NLS_CODEPAGE_866 is not set +# CONFIG_NLS_CODEPAGE_869 is not set +# CONFIG_NLS_CODEPAGE_936 is not set +# CONFIG_NLS_CODEPAGE_950 is not set +# CONFIG_NLS_CODEPAGE_932 is not set +# CONFIG_NLS_CODEPAGE_949 is not set +# CONFIG_NLS_CODEPAGE_874 is not set +# CONFIG_NLS_ISO8859_8 is not set +# CONFIG_NLS_CODEPAGE_1250 is not set +# CONFIG_NLS_CODEPAGE_1251 is not set +CONFIG_NLS_ASCII=y +CONFIG_NLS_ISO8859_1=y +CONFIG_NLS_ISO8859_2=y +CONFIG_NLS_ISO8859_3=y +CONFIG_NLS_ISO8859_4=y +CONFIG_NLS_ISO8859_5=y +CONFIG_NLS_ISO8859_6=y +CONFIG_NLS_ISO8859_7=y +CONFIG_NLS_ISO8859_9=y +CONFIG_NLS_ISO8859_13=y +CONFIG_NLS_ISO8859_14=y +CONFIG_NLS_ISO8859_15=y +CONFIG_NLS_KOI8_R=y +CONFIG_NLS_KOI8_U=y +# CONFIG_NLS_MAC_ROMAN is not set +# CONFIG_NLS_MAC_CELTIC is not set +# CONFIG_NLS_MAC_CENTEURO is not set +# CONFIG_NLS_MAC_CROATIAN is not set +# CONFIG_NLS_MAC_CYRILLIC is not set +# CONFIG_NLS_MAC_GAELIC is not set +# CONFIG_NLS_MAC_GREEK is not set +# CONFIG_NLS_MAC_ICELAND is not set +# CONFIG_NLS_MAC_INUIT is not set +# CONFIG_NLS_MAC_ROMANIAN is not set +# CONFIG_NLS_MAC_TURKISH is not set +CONFIG_NLS_UTF8=y +CONFIG_NLS_UCS2_UTILS=m +CONFIG_DLM=m +# CONFIG_DLM_DEBUG is not set +# CONFIG_UNICODE is not set +CONFIG_IO_WQ=y +# end of File systems + +# +# Security options +# +CONFIG_KEYS=y +# CONFIG_KEYS_REQUEST_CACHE is not set +# CONFIG_PERSISTENT_KEYRINGS is not set +CONFIG_TRUSTED_KEYS=m +CONFIG_TRUSTED_KEYS_TPM=y +CONFIG_ENCRYPTED_KEYS=y +# CONFIG_USER_DECRYPTED_DATA is not set +# CONFIG_KEY_DH_OPERATIONS is not set +CONFIG_SECURITY_DMESG_RESTRICT=y +CONFIG_PROC_MEM_ALWAYS_FORCE=y +# CONFIG_PROC_MEM_FORCE_PTRACE is not set +# CONFIG_PROC_MEM_NO_FORCE is not set +CONFIG_SECURITY=y +CONFIG_SECURITYFS=y +CONFIG_SECURITY_NETWORK=y +CONFIG_SECURITY_INFINIBAND=y +CONFIG_SECURITY_NETWORK_XFRM=y +CONFIG_SECURITY_PATH=y +CONFIG_INTEL_TXT=y +CONFIG_LSM_MMAP_MIN_ADDR=65536 +CONFIG_HARDENED_USERCOPY=y +CONFIG_FORTIFY_SOURCE=y +# CONFIG_STATIC_USERMODEHELPER is not set +CONFIG_SECURITY_SELINUX=y +CONFIG_SECURITY_SELINUX_BOOTPARAM=y +CONFIG_SECURITY_SELINUX_DEVELOP=y +CONFIG_SECURITY_SELINUX_AVC_STATS=y +CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 +CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 +# CONFIG_SECURITY_SELINUX_DEBUG is not set +# CONFIG_SECURITY_SMACK is not set +# CONFIG_SECURITY_TOMOYO is not set +CONFIG_SECURITY_APPARMOR=y +# CONFIG_SECURITY_APPARMOR_DEBUG is not set +CONFIG_SECURITY_APPARMOR_INTROSPECT_POLICY=y +CONFIG_SECURITY_APPARMOR_HASH=y +CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y +CONFIG_SECURITY_APPARMOR_EXPORT_BINARY=y +CONFIG_SECURITY_APPARMOR_PARANOID_LOAD=y +# CONFIG_SECURITY_LOADPIN is not set +CONFIG_SECURITY_YAMA=y +CONFIG_SECURITY_SAFESETID=y +CONFIG_SECURITY_LOCKDOWN_LSM=y +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y +CONFIG_SECURITY_LANDLOCK=y +CONFIG_SECURITY_IPE=y +CONFIG_IPE_BOOT_POLICY="" +CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING=y +CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING=y + +# +# IPE Trust Providers +# +CONFIG_IPE_PROP_DM_VERITY=y +CONFIG_IPE_PROP_DM_VERITY_SIGNATURE=y +CONFIG_IPE_PROP_FS_VERITY=y +CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG=y +# end of IPE Trust Providers + +CONFIG_INTEGRITY=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y +CONFIG_INTEGRITY_PLATFORM_KEYRING=y +CONFIG_INTEGRITY_MACHINE_KEYRING=y +# CONFIG_INTEGRITY_CA_MACHINE_KEYRING is not set +CONFIG_LOAD_UEFI_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +# CONFIG_IMA is not set +# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set +CONFIG_EVM=y +CONFIG_EVM_ATTR_FSUUID=y +# CONFIG_EVM_ADD_XATTRS is not set +# CONFIG_EVM_LOAD_X509 is not set +CONFIG_DEFAULT_SECURITY_SELINUX=y +# CONFIG_DEFAULT_SECURITY_APPARMOR is not set +# CONFIG_DEFAULT_SECURITY_DAC is not set +CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,selinux,apparmor,tomoyo,ipe" + +# +# Kernel hardening options +# + +# +# Memory initialization +# +CONFIG_CC_HAS_AUTO_VAR_INIT_PATTERN=y +CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO_BARE=y +CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y +CONFIG_INIT_STACK_NONE=y +# CONFIG_INIT_STACK_ALL_PATTERN is not set +# CONFIG_INIT_STACK_ALL_ZERO is not set +# CONFIG_GCC_PLUGIN_STACKLEAK is not set +CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y +# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set +CONFIG_CC_HAS_ZERO_CALL_USED_REGS=y +# CONFIG_ZERO_CALL_USED_REGS is not set +# end of Memory initialization + +# +# Hardening of kernel data structures +# +CONFIG_LIST_HARDENED=y +CONFIG_BUG_ON_DATA_CORRUPTION=y +# end of Hardening of kernel data structures + +CONFIG_RANDSTRUCT_NONE=y +# CONFIG_RANDSTRUCT_FULL is not set +# CONFIG_RANDSTRUCT_PERFORMANCE is not set +# end of Kernel hardening options +# end of Security options + +CONFIG_XOR_BLOCKS=m +CONFIG_ASYNC_CORE=m +CONFIG_ASYNC_MEMCPY=m +CONFIG_ASYNC_XOR=m +CONFIG_ASYNC_PQ=m +CONFIG_ASYNC_RAID6_RECOV=m +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_FIPS=y +CONFIG_CRYPTO_FIPS_NAME="Linux Kernel Cryptographic API" +# CONFIG_CRYPTO_FIPS_CUSTOM_VERSION is not set +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_SIG=y +CONFIG_CRYPTO_SIG2=y +CONFIG_CRYPTO_SKCIPHER=y +CONFIG_CRYPTO_SKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_RNG_DEFAULT=y +CONFIG_CRYPTO_AKCIPHER2=y +CONFIG_CRYPTO_AKCIPHER=y +CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_KPP=m +CONFIG_CRYPTO_ACOMP2=y +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +CONFIG_CRYPTO_USER=m +# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set +# CONFIG_CRYPTO_MANAGER_EXTRA_TESTS is not set +CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y +# CONFIG_CRYPTO_PCRYPT is not set +CONFIG_CRYPTO_CRYPTD=y +CONFIG_CRYPTO_AUTHENC=m +CONFIG_CRYPTO_TEST=m +CONFIG_CRYPTO_SIMD=y +CONFIG_CRYPTO_ENGINE=m +# end of Crypto core or helper + +# +# Public-key cryptography +# +CONFIG_CRYPTO_RSA=y +CONFIG_CRYPTO_DH=m +# CONFIG_CRYPTO_DH_RFC7919_GROUPS is not set +CONFIG_CRYPTO_ECC=m +CONFIG_CRYPTO_ECDH=m +# CONFIG_CRYPTO_ECDSA is not set +# CONFIG_CRYPTO_ECRDSA is not set +# CONFIG_CRYPTO_SM2 is not set +# CONFIG_CRYPTO_CURVE25519 is not set +# end of Public-key cryptography + +# +# Block ciphers +# +CONFIG_CRYPTO_AES=y +# CONFIG_CRYPTO_AES_TI is not set +# CONFIG_CRYPTO_ANUBIS is not set +# CONFIG_CRYPTO_ARIA is not set +# CONFIG_CRYPTO_BLOWFISH is not set +# CONFIG_CRYPTO_CAMELLIA is not set +# CONFIG_CRYPTO_CAST5 is not set +# CONFIG_CRYPTO_CAST6 is not set +CONFIG_CRYPTO_DES=m +# CONFIG_CRYPTO_FCRYPT is not set +# CONFIG_CRYPTO_KHAZAD is not set +# CONFIG_CRYPTO_SEED is not set +# CONFIG_CRYPTO_SERPENT is not set +# CONFIG_CRYPTO_SM4_GENERIC is not set +# CONFIG_CRYPTO_TEA is not set +# CONFIG_CRYPTO_TWOFISH is not set +# end of Block ciphers + +# +# Length-preserving ciphers and modes +# +# CONFIG_CRYPTO_ADIANTUM is not set +CONFIG_CRYPTO_ARC4=m +# CONFIG_CRYPTO_CHACHA20 is not set +CONFIG_CRYPTO_CBC=y +CONFIG_CRYPTO_CFB=y +CONFIG_CRYPTO_CTR=y +CONFIG_CRYPTO_CTS=y +CONFIG_CRYPTO_ECB=y +# CONFIG_CRYPTO_HCTR2 is not set +# CONFIG_CRYPTO_KEYWRAP is not set +CONFIG_CRYPTO_LRW=m +CONFIG_CRYPTO_OFB=y +# CONFIG_CRYPTO_PCBC is not set +CONFIG_CRYPTO_XTS=y +# end of Length-preserving ciphers and modes + +# +# AEAD (authenticated encryption with associated data) ciphers +# +# CONFIG_CRYPTO_AEGIS128 is not set +# CONFIG_CRYPTO_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_CCM=m +CONFIG_CRYPTO_GCM=y +CONFIG_CRYPTO_GENIV=y +CONFIG_CRYPTO_SEQIV=y +CONFIG_CRYPTO_ECHAINIV=m +CONFIG_CRYPTO_ESSIV=m +# end of AEAD (authenticated encryption with associated data) ciphers + +# +# Hashes, digests, and MACs +# +CONFIG_CRYPTO_BLAKE2B=m +CONFIG_CRYPTO_CMAC=m +CONFIG_CRYPTO_GHASH=y +CONFIG_CRYPTO_HMAC=y +CONFIG_CRYPTO_MD4=m +CONFIG_CRYPTO_MD5=y +# CONFIG_CRYPTO_MICHAEL_MIC is not set +# CONFIG_CRYPTO_POLY1305 is not set +# CONFIG_CRYPTO_RMD160 is not set +CONFIG_CRYPTO_SHA1=y +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA512=y +CONFIG_CRYPTO_SHA3=y +# CONFIG_CRYPTO_SM3_GENERIC is not set +# CONFIG_CRYPTO_STREEBOG is not set +# CONFIG_CRYPTO_VMAC is not set +# CONFIG_CRYPTO_WP512 is not set +# CONFIG_CRYPTO_XCBC is not set +CONFIG_CRYPTO_XXHASH=m +# end of Hashes, digests, and MACs + +# +# CRCs (cyclic redundancy checks) +# +CONFIG_CRYPTO_CRC32C=y +# CONFIG_CRYPTO_CRC32 is not set +CONFIG_CRYPTO_CRCT10DIF=y +CONFIG_CRYPTO_CRC64_ROCKSOFT=y +# end of CRCs (cyclic redundancy checks) + +# +# Compression +# +CONFIG_CRYPTO_DEFLATE=y +CONFIG_CRYPTO_LZO=m +# CONFIG_CRYPTO_842 is not set +# CONFIG_CRYPTO_LZ4 is not set +# CONFIG_CRYPTO_LZ4HC is not set +# CONFIG_CRYPTO_ZSTD is not set +# end of Compression + +# +# Random number generation +# +CONFIG_CRYPTO_ANSI_CPRNG=m +CONFIG_CRYPTO_DRBG_MENU=y +CONFIG_CRYPTO_DRBG_HMAC=y +CONFIG_CRYPTO_DRBG_HASH=y +CONFIG_CRYPTO_DRBG_CTR=y +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y +CONFIG_CRYPTO_JITTERENTROPY_MEMSIZE_2=y +# CONFIG_CRYPTO_JITTERENTROPY_MEMSIZE_128 is not set +# CONFIG_CRYPTO_JITTERENTROPY_MEMSIZE_1024 is not set +# CONFIG_CRYPTO_JITTERENTROPY_MEMSIZE_8192 is not set +CONFIG_CRYPTO_JITTERENTROPY_MEMORY_BLOCKS=64 +CONFIG_CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE=32 +CONFIG_CRYPTO_JITTERENTROPY_OSR=3 +# CONFIG_CRYPTO_JITTERENTROPY_TESTINTERFACE is not set +# end of Random number generation + +# +# Userspace interface +# +CONFIG_CRYPTO_USER_API=m +CONFIG_CRYPTO_USER_API_HASH=m +CONFIG_CRYPTO_USER_API_SKCIPHER=m +CONFIG_CRYPTO_USER_API_RNG=m +# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set +CONFIG_CRYPTO_USER_API_AEAD=m +CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE=y +# CONFIG_CRYPTO_STATS is not set +# end of Userspace interface + +CONFIG_CRYPTO_HASH_INFO=y + +# +# Accelerated Cryptographic Algorithms for CPU (x86) +# +CONFIG_CRYPTO_CURVE25519_X86=m +CONFIG_CRYPTO_AES_NI_INTEL=y +# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_CAST5_AVX_X86_64 is not set +# CONFIG_CRYPTO_CAST6_AVX_X86_64 is not set +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_TWOFISH_X86_64 is not set +# CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set +# CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set +# CONFIG_CRYPTO_ARIA_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_ARIA_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_ARIA_GFNI_AVX512_X86_64 is not set +CONFIG_CRYPTO_CHACHA20_X86_64=m +# CONFIG_CRYPTO_AEGIS128_AESNI_SSE2 is not set +# CONFIG_CRYPTO_NHPOLY1305_SSE2 is not set +# CONFIG_CRYPTO_NHPOLY1305_AVX2 is not set +CONFIG_CRYPTO_BLAKE2S_X86=y +# CONFIG_CRYPTO_POLYVAL_CLMUL_NI is not set +CONFIG_CRYPTO_POLY1305_X86_64=m +# CONFIG_CRYPTO_SHA1_SSSE3 is not set +# CONFIG_CRYPTO_SHA256_SSSE3 is not set +# CONFIG_CRYPTO_SHA512_SSSE3 is not set +# CONFIG_CRYPTO_SM3_AVX_X86_64 is not set +# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set +CONFIG_CRYPTO_CRC32C_INTEL=m +# CONFIG_CRYPTO_CRC32_PCLMUL is not set +# CONFIG_CRYPTO_CRCT10DIF_PCLMUL is not set +# end of Accelerated Cryptographic Algorithms for CPU (x86) + +CONFIG_CRYPTO_HW=y +# CONFIG_CRYPTO_DEV_PADLOCK is not set +# CONFIG_CRYPTO_DEV_ATMEL_ECC is not set +# CONFIG_CRYPTO_DEV_ATMEL_SHA204A is not set +# CONFIG_CRYPTO_DEV_CCP is not set +# CONFIG_CRYPTO_DEV_NITROX_CNN55XX is not set +# CONFIG_CRYPTO_DEV_QAT_DH895xCC is not set +# CONFIG_CRYPTO_DEV_QAT_C3XXX is not set +# CONFIG_CRYPTO_DEV_QAT_C62X is not set +# CONFIG_CRYPTO_DEV_QAT_4XXX is not set +# CONFIG_CRYPTO_DEV_QAT_DH895xCCVF is not set +# CONFIG_CRYPTO_DEV_QAT_C3XXXVF is not set +# CONFIG_CRYPTO_DEV_QAT_C62XVF is not set +# CONFIG_CRYPTO_DEV_CHELSIO is not set +CONFIG_CRYPTO_DEV_VIRTIO=m +# CONFIG_CRYPTO_DEV_SAFEXCEL is not set +# CONFIG_CRYPTO_DEV_AMLOGIC_GXL is not set +CONFIG_ASYMMETRIC_KEY_TYPE=y +CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y +CONFIG_X509_CERTIFICATE_PARSER=y +# CONFIG_PKCS8_PRIVATE_KEY_PARSER is not set +CONFIG_PKCS7_MESSAGE_PARSER=y +# CONFIG_PKCS7_TEST_KEY is not set +CONFIG_SIGNED_PE_FILE_VERIFICATION=y +# CONFIG_FIPS_SIGNATURE_SELFTEST is not set + +# +# Certificates for signature checking +# +CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" +CONFIG_MODULE_SIG_KEY_TYPE_RSA=y +# CONFIG_MODULE_SIG_KEY_TYPE_ECDSA is not set +CONFIG_SYSTEM_TRUSTED_KEYRING=y +CONFIG_SYSTEM_TRUSTED_KEYS="" +# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SECONDARY_TRUSTED_KEYRING=y +CONFIG_SYSTEM_BLACKLIST_KEYRING=y +CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" +# CONFIG_SYSTEM_REVOCATION_LIST is not set +# CONFIG_SYSTEM_BLACKLIST_AUTH_UPDATE is not set +# end of Certificates for signature checking + +CONFIG_BINARY_PRINTF=y + +# +# Library routines +# +CONFIG_RAID6_PQ=m +CONFIG_RAID6_PQ_BENCHMARK=y +# CONFIG_PACKING is not set +CONFIG_BITREVERSE=y +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +# CONFIG_CORDIC is not set +# CONFIG_PRIME_NUMBERS is not set +CONFIG_RATIONAL=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_ARCH_USE_SYM_ANNOTATIONS=y + +# +# Crypto library routines +# +CONFIG_CRYPTO_LIB_UTILS=y +CONFIG_CRYPTO_LIB_AES=y +CONFIG_CRYPTO_LIB_ARC4=m +CONFIG_CRYPTO_LIB_GF128MUL=y +CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S=y +CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y +CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA=m +CONFIG_CRYPTO_LIB_CHACHA_GENERIC=m +CONFIG_CRYPTO_LIB_CHACHA=m +CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519=m +CONFIG_CRYPTO_LIB_CURVE25519_GENERIC=m +CONFIG_CRYPTO_LIB_CURVE25519=m +CONFIG_CRYPTO_LIB_DES=m +CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 +CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305=m +CONFIG_CRYPTO_LIB_POLY1305_GENERIC=m +CONFIG_CRYPTO_LIB_POLY1305=m +CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m +CONFIG_CRYPTO_LIB_SHA1=y +CONFIG_CRYPTO_LIB_SHA256=y +# end of Crypto library routines + +CONFIG_CRC_CCITT=y +CONFIG_CRC16=y +CONFIG_CRC_T10DIF=y +CONFIG_CRC64_ROCKSOFT=y +CONFIG_CRC_ITU_T=y +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +CONFIG_CRC64=y +# CONFIG_CRC4 is not set +# CONFIG_CRC7 is not set +CONFIG_LIBCRC32C=y +CONFIG_CRC8=m +CONFIG_XXHASH=y +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_ZLIB_INFLATE=y +CONFIG_ZLIB_DEFLATE=y +CONFIG_LZO_COMPRESS=y +CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_DECOMPRESS=y +CONFIG_ZSTD_COMMON=y +CONFIG_ZSTD_COMPRESS=y +CONFIG_ZSTD_DECOMPRESS=y +CONFIG_XZ_DEC=y +CONFIG_XZ_DEC_X86=y +CONFIG_XZ_DEC_POWERPC=y +CONFIG_XZ_DEC_IA64=y +CONFIG_XZ_DEC_ARM=y +CONFIG_XZ_DEC_ARMTHUMB=y +CONFIG_XZ_DEC_SPARC=y +# CONFIG_XZ_DEC_MICROLZMA is not set +CONFIG_XZ_DEC_BCJ=y +# CONFIG_XZ_DEC_TEST is not set +CONFIG_DECOMPRESS_GZIP=y +CONFIG_DECOMPRESS_BZIP2=y +CONFIG_DECOMPRESS_LZMA=y +CONFIG_DECOMPRESS_XZ=y +CONFIG_DECOMPRESS_LZO=y +CONFIG_DECOMPRESS_LZ4=y +CONFIG_DECOMPRESS_ZSTD=y +CONFIG_GENERIC_ALLOCATOR=y +CONFIG_REED_SOLOMON=m +CONFIG_REED_SOLOMON_DEC8=y +CONFIG_TEXTSEARCH=y +CONFIG_TEXTSEARCH_KMP=m +CONFIG_TEXTSEARCH_BM=m +CONFIG_TEXTSEARCH_FSM=m +CONFIG_BTREE=y +CONFIG_INTERVAL_TREE=y +CONFIG_XARRAY_MULTI=y +CONFIG_ASSOCIATIVE_ARRAY=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_DMA_OPS=y +CONFIG_NEED_SG_DMA_FLAGS=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_ARCH_HAS_FORCE_DMA_UNENCRYPTED=y +CONFIG_SWIOTLB=y +# CONFIG_SWIOTLB_DYNAMIC is not set +CONFIG_DMA_COHERENT_POOL=y +# CONFIG_DMA_API_DEBUG is not set +# CONFIG_DMA_MAP_BENCHMARK is not set +CONFIG_SGL_ALLOC=y +CONFIG_IOMMU_HELPER=y +CONFIG_CHECK_SIGNATURE=y +CONFIG_CPUMASK_OFFSTACK=y +CONFIG_CPU_RMAP=y +CONFIG_DQL=y +CONFIG_GLOB=y +# CONFIG_GLOB_SELFTEST is not set +CONFIG_NLATTR=y +CONFIG_CLZ_TAB=y +CONFIG_IRQ_POLL=y +CONFIG_MPILIB=y +CONFIG_SIGNATURE=y +CONFIG_DIMLIB=y +CONFIG_OID_REGISTRY=y +CONFIG_UCS2_STRING=y +CONFIG_HAVE_GENERIC_VDSO=y +CONFIG_GENERIC_GETTIMEOFDAY=y +CONFIG_GENERIC_VDSO_TIME_NS=y +CONFIG_FONT_SUPPORT=y +# CONFIG_FONTS is not set +CONFIG_FONT_8x8=y +CONFIG_FONT_8x16=y +CONFIG_SG_POOL=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_MEMREGION=y +CONFIG_ARCH_HAS_CPU_CACHE_INVALIDATE_MEMREGION=y +CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y +CONFIG_ARCH_HAS_COPY_MC=y +CONFIG_ARCH_STACKWALK=y +CONFIG_STACKDEPOT=y +CONFIG_SBITMAP=y +CONFIG_PARMAN=m +CONFIG_OBJAGG=m +# end of Library routines + +CONFIG_PLDMFW=y +CONFIG_ASN1_ENCODER=m + +# +# Kernel hacking +# + +# +# printk and dmesg options +# +CONFIG_PRINTK_TIME=y +# CONFIG_PRINTK_CALLER is not set +# CONFIG_STACKTRACE_BUILD_ID is not set +CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 +CONFIG_CONSOLE_LOGLEVEL_QUIET=4 +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set +# CONFIG_DYNAMIC_DEBUG is not set +# CONFIG_DYNAMIC_DEBUG_CORE is not set +CONFIG_SYMBOLIC_ERRNAME=y +CONFIG_DEBUG_BUGVERBOSE=y +# end of printk and dmesg options + +CONFIG_DEBUG_KERNEL=y +CONFIG_DEBUG_MISC=y + +# +# Compile-time checks and compiler options +# +CONFIG_DEBUG_INFO=y +CONFIG_AS_HAS_NON_CONST_LEB128=y +# CONFIG_DEBUG_INFO_NONE is not set +CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_DEBUG_INFO_DWARF5 is not set +# CONFIG_DEBUG_INFO_REDUCED is not set +CONFIG_DEBUG_INFO_COMPRESSED_NONE=y +# CONFIG_DEBUG_INFO_COMPRESSED_ZLIB is not set +# CONFIG_DEBUG_INFO_COMPRESSED_ZSTD is not set +# CONFIG_DEBUG_INFO_SPLIT is not set +CONFIG_DEBUG_INFO_BTF=y +CONFIG_PAHOLE_HAS_SPLIT_BTF=y +CONFIG_PAHOLE_HAS_LANG_EXCLUDE=y +# CONFIG_DEBUG_INFO_BTF_MODULES is not set +# CONFIG_GDB_SCRIPTS is not set +CONFIG_FRAME_WARN=2048 +CONFIG_STRIP_ASM_SYMS=y +# CONFIG_READABLE_ASM is not set +# CONFIG_HEADERS_INSTALL is not set +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +# CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_64B is not set +CONFIG_ARCH_WANT_FRAME_POINTERS=y +CONFIG_FRAME_POINTER=y +CONFIG_OBJTOOL=y +CONFIG_STACK_VALIDATION=y +# CONFIG_VMLINUX_MAP is not set +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +# end of Compile-time checks and compiler options + +# +# Generic Kernel Debugging Instruments +# +CONFIG_MAGIC_SYSRQ=y +CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0 +# CONFIG_MAGIC_SYSRQ_SERIAL is not set +CONFIG_DEBUG_FS=y +CONFIG_DEBUG_FS_ALLOW_ALL=y +# CONFIG_DEBUG_FS_DISALLOW_MOUNT is not set +# CONFIG_DEBUG_FS_ALLOW_NONE is not set +CONFIG_HAVE_ARCH_KGDB=y +CONFIG_KGDB=y +CONFIG_KGDB_SERIAL_CONSOLE=y +# CONFIG_KGDB_TESTS is not set +# CONFIG_KGDB_LOW_LEVEL_TRAP is not set +CONFIG_KGDB_KDB=y +CONFIG_KDB_DEFAULT_ENABLE=0x1 +# CONFIG_KDB_KEYBOARD is not set +CONFIG_KDB_CONTINUE_CATASTROPHIC=0 +CONFIG_ARCH_HAS_EARLY_DEBUG=y +CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y +# CONFIG_UBSAN is not set +CONFIG_HAVE_ARCH_KCSAN=y +CONFIG_HAVE_KCSAN_COMPILER=y +# CONFIG_KCSAN is not set +# end of Generic Kernel Debugging Instruments + +# +# Networking Debugging +# +# CONFIG_NET_DEV_REFCNT_TRACKER is not set +# CONFIG_NET_NS_REFCNT_TRACKER is not set +# CONFIG_DEBUG_NET is not set +# end of Networking Debugging + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +CONFIG_SLUB_DEBUG=y +# CONFIG_SLUB_DEBUG_ON is not set +# CONFIG_PAGE_OWNER is not set +# CONFIG_PAGE_TABLE_CHECK is not set +CONFIG_PAGE_POISONING=y +# CONFIG_DEBUG_RODATA_TEST is not set +CONFIG_ARCH_HAS_DEBUG_WX=y +CONFIG_DEBUG_WX=y +CONFIG_GENERIC_PTDUMP=y +CONFIG_PTDUMP_CORE=y +# CONFIG_PTDUMP_DEBUGFS is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_PER_VMA_LOCK_STATS is not set +# CONFIG_DEBUG_OBJECTS is not set +# CONFIG_SHRINKER_DEBUG is not set +# CONFIG_DEBUG_STACK_USAGE is not set +CONFIG_SCHED_STACK_END_CHECK=y +CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y +# CONFIG_DEBUG_VM is not set +# CONFIG_DEBUG_VM_PGTABLE is not set +CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y +# CONFIG_DEBUG_VIRTUAL is not set +# CONFIG_DEBUG_MEMORY_INIT is not set +# CONFIG_DEBUG_PER_CPU_MAPS is not set +CONFIG_HAVE_ARCH_KASAN=y +CONFIG_HAVE_ARCH_KASAN_VMALLOC=y +CONFIG_CC_HAS_KASAN_GENERIC=y +CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y +# CONFIG_KASAN is not set +CONFIG_HAVE_ARCH_KFENCE=y +# CONFIG_KFENCE is not set +CONFIG_HAVE_ARCH_KMSAN=y +# end of Memory Debugging + +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Oops, Lockups and Hangs +# +CONFIG_PANIC_ON_OOPS=y +CONFIG_PANIC_ON_OOPS_VALUE=1 +CONFIG_PANIC_TIMEOUT=-1 +CONFIG_LOCKUP_DETECTOR=y +CONFIG_SOFTLOCKUP_DETECTOR=y +# CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC is not set +CONFIG_HAVE_HARDLOCKUP_DETECTOR_BUDDY=y +CONFIG_HARDLOCKUP_DETECTOR=y +# CONFIG_HARDLOCKUP_DETECTOR_PREFER_BUDDY is not set +CONFIG_HARDLOCKUP_DETECTOR_PERF=y +# CONFIG_HARDLOCKUP_DETECTOR_BUDDY is not set +# CONFIG_HARDLOCKUP_DETECTOR_ARCH is not set +CONFIG_HARDLOCKUP_DETECTOR_COUNTS_HRTIMER=y +CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y +CONFIG_BOOTPARAM_HARDLOCKUP_PANIC=y +CONFIG_DETECT_HUNG_TASK=y +CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=0 +# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set +# CONFIG_WQ_WATCHDOG is not set +# CONFIG_WQ_CPU_INTENSIVE_REPORT is not set +# CONFIG_TEST_LOCKUP is not set +# end of Debug Oops, Lockups and Hangs + +# +# Scheduler Debugging +# +CONFIG_SCHED_DEBUG=y +CONFIG_SCHED_INFO=y +CONFIG_SCHEDSTATS=y +# end of Scheduler Debugging + +# CONFIG_DEBUG_TIMEKEEPING is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +CONFIG_LOCK_DEBUGGING_SUPPORT=y +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_RWSEMS is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_WW_MUTEX_SELFTEST is not set +# CONFIG_SCF_TORTURE_TEST is not set +# CONFIG_CSD_LOCK_WAIT_DEBUG is not set +# end of Lock Debugging (spinlocks, mutexes, etc...) + +# CONFIG_NMI_CHECK_CPU is not set +# CONFIG_DEBUG_IRQFLAGS is not set +CONFIG_STACKTRACE=y +# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set +# CONFIG_DEBUG_KOBJECT is not set + +# +# Debug kernel data structures +# +CONFIG_DEBUG_LIST=y +# CONFIG_DEBUG_PLIST is not set +CONFIG_DEBUG_SG=y +CONFIG_DEBUG_NOTIFIERS=y +# CONFIG_DEBUG_MAPLE_TREE is not set +# end of Debug kernel data structures + +# +# RCU Debugging +# +# CONFIG_RCU_SCALE_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_REF_SCALE_TEST is not set +CONFIG_RCU_CPU_STALL_TIMEOUT=60 +CONFIG_RCU_EXP_CPU_STALL_TIMEOUT=0 +# CONFIG_RCU_CPU_STALL_CPUTIME is not set +# CONFIG_RCU_TRACE is not set +# CONFIG_RCU_EQS_DEBUG is not set +# end of RCU Debugging + +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set +CONFIG_LATENCYTOP=y +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_HAVE_RETHOOK=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_OBJTOOL_MCOUNT=y +CONFIG_HAVE_OBJTOOL_NOP_MCOUNT=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_HAVE_BUILDTIME_MCOUNT_SORT=y +CONFIG_TRACING_SUPPORT=y +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_SAMPLES is not set +CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y +CONFIG_STRICT_DEVMEM=y +CONFIG_IO_STRICT_DEVMEM=y + +# +# x86 Debugging +# +# CONFIG_X86_VERBOSE_BOOTUP is not set +CONFIG_EARLY_PRINTK=y +# CONFIG_EARLY_PRINTK_DBGP is not set +# CONFIG_EARLY_PRINTK_USB_XDBC is not set +# CONFIG_EFI_PGT_DUMP is not set +# CONFIG_DEBUG_TLBFLUSH is not set +# CONFIG_IOMMU_DEBUG is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +# CONFIG_X86_DECODER_SELFTEST is not set +CONFIG_IO_DELAY_0X80=y +# CONFIG_IO_DELAY_0XED is not set +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +# CONFIG_DEBUG_BOOT_PARAMS is not set +# CONFIG_CPA_DEBUG is not set +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +# CONFIG_X86_DEBUG_FPU is not set +# CONFIG_PUNIT_ATOM_DEBUG is not set +# CONFIG_UNWINDER_ORC is not set +CONFIG_UNWINDER_FRAME_POINTER=y +# end of x86 Debugging + +# +# Kernel Testing and Coverage +# +# CONFIG_KUNIT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +CONFIG_ARCH_HAS_KCOV=y +CONFIG_CC_HAS_SANCOV_TRACE_PC=y +# CONFIG_KCOV is not set +CONFIG_RUNTIME_TESTING_MENU=y +# CONFIG_TEST_DHRY is not set +# CONFIG_LKDTM is not set +# CONFIG_TEST_MIN_HEAP is not set +# CONFIG_TEST_DIV64 is not set +# CONFIG_BACKTRACE_SELF_TEST is not set +# CONFIG_TEST_REF_TRACKER is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_REED_SOLOMON_TEST is not set +# CONFIG_INTERVAL_TREE_TEST is not set +# CONFIG_PERCPU_TEST is not set +# CONFIG_ATOMIC64_SELFTEST is not set +# CONFIG_ASYNC_RAID6_TEST is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_STRING_SELFTEST is not set +# CONFIG_TEST_STRING_HELPERS is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_PRINTF is not set +# CONFIG_TEST_SCANF is not set +# CONFIG_TEST_BITMAP is not set +# CONFIG_TEST_UUID is not set +# CONFIG_TEST_XARRAY is not set +# CONFIG_TEST_MAPLE_TREE is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_TEST_IDA is not set +# CONFIG_TEST_PARMAN is not set +# CONFIG_TEST_LKM is not set +# CONFIG_TEST_BITOPS is not set +# CONFIG_TEST_VMALLOC is not set +# CONFIG_TEST_USER_COPY is not set +# CONFIG_TEST_BPF is not set +# CONFIG_TEST_BLACKHOLE_DEV is not set +# CONFIG_FIND_BIT_BENCHMARK is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_SYSCTL is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_TEST_STATIC_KEYS is not set +# CONFIG_TEST_KMOD is not set +# CONFIG_TEST_MEMCAT_P is not set +# CONFIG_TEST_OBJAGG is not set +# CONFIG_TEST_MEMINIT is not set +# CONFIG_TEST_HMM is not set +# CONFIG_TEST_FREE_PAGES is not set +# CONFIG_TEST_FPU is not set +# CONFIG_TEST_CLOCKSOURCE_WATCHDOG is not set +CONFIG_ARCH_USE_MEMTEST=y +CONFIG_MEMTEST=y +# CONFIG_HYPERV_TESTING is not set +# end of Kernel Testing and Coverage + +# +# Rust hacking +# +# end of Rust hacking +# end of Kernel hacking + +CONFIG_HEKI_MENU=y +CONFIG_HEKI=y diff --git a/SPECS-EXTENDED/kernel-lpg-innovate/kernel-lpg-innovate.secure.config b/SPECS-EXTENDED/kernel-lpg-innovate/kernel-lpg-innovate.secure.config new file mode 100644 index 0000000000..cfbe106cde --- /dev/null +++ b/SPECS-EXTENDED/kernel-lpg-innovate/kernel-lpg-innovate.secure.config @@ -0,0 +1,2087 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86_64 6.6.85.1 Kernel Configuration +# +CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0" +CONFIG_CC_IS_GCC=y +CONFIG_GCC_VERSION=130200 +CONFIG_CLANG_VERSION=0 +CONFIG_AS_IS_GNU=y +CONFIG_AS_VERSION=24100 +CONFIG_LD_IS_BFD=y +CONFIG_LD_VERSION=24100 +CONFIG_LLD_VERSION=0 +CONFIG_CC_CAN_LINK=y +CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y +CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y +CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND=y +CONFIG_TOOLS_SUPPORT_RELR=y +CONFIG_CC_HAS_ASM_INLINE=y +CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y +CONFIG_PAHOLE_VERSION=125 +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_TABLE_SORT=y +CONFIG_THREAD_INFO_IN_TASK=y + +# +# General setup +# +CONFIG_INIT_ENV_ARG_LIMIT=32 +# CONFIG_COMPILE_TEST is not set +# CONFIG_WERROR is not set +CONFIG_LOCALVERSION="-microsoft-vtl1-secure-kernel" +# CONFIG_LOCALVERSION_AUTO is not set +CONFIG_BUILD_SALT="" +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +CONFIG_HAVE_KERNEL_ZSTD=y +CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +# CONFIG_KERNEL_XZ is not set +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +# CONFIG_KERNEL_ZSTD is not set +CONFIG_DEFAULT_INIT="" +CONFIG_DEFAULT_HOSTNAME="HCL" +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +# CONFIG_WATCH_QUEUE is not set +# CONFIG_CROSS_MEMORY_ATTACH is not set +# CONFIG_USELIB is not set +CONFIG_HAVE_ARCH_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_GENERIC_IRQ_EFFECTIVE_AFF_MASK=y +CONFIG_GENERIC_PENDING_IRQ=y +CONFIG_GENERIC_IRQ_MIGRATION=y +CONFIG_HARDIRQS_SW_RESEND=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y +CONFIG_GENERIC_IRQ_RESERVATION_MODE=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +# end of IRQ subsystem + +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_INIT=y +CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y +CONFIG_HAVE_POSIX_CPU_TIMERS_TASK_WORK=y +CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y +CONFIG_CONTEXT_TRACKING=y +CONFIG_CONTEXT_TRACKING_IDLE=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +# CONFIG_NO_HZ_FULL is not set +CONFIG_CONTEXT_TRACKING_USER=y +CONFIG_CONTEXT_TRACKING_USER_FORCE=y +CONFIG_NO_HZ=y +# CONFIG_HIGH_RES_TIMERS is not set +CONFIG_CLOCKSOURCE_WATCHDOG_MAX_SKEW_US=125 +# end of Timers subsystem + +CONFIG_HAVE_EBPF_JIT=y +CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y + +# +# BPF subsystem +# +# CONFIG_BPF_SYSCALL is not set +# end of BPF subsystem + +CONFIG_PREEMPT_BUILD=y +CONFIG_PREEMPT_NONE=y +# CONFIG_PREEMPT_VOLUNTARY is not set +# CONFIG_PREEMPT is not set +CONFIG_PREEMPT_COUNT=y +CONFIG_PREEMPTION=y +CONFIG_PREEMPT_DYNAMIC=y +# CONFIG_SCHED_CORE is not set + +# +# CPU/Task time and stats accounting +# +CONFIG_VIRT_CPU_ACCOUNTING=y +# CONFIG_TICK_CPU_ACCOUNTING is not set +CONFIG_VIRT_CPU_ACCOUNTING_GEN=y +# CONFIG_IRQ_TIME_ACCOUNTING is not set +# CONFIG_BSD_PROCESS_ACCT is not set +# CONFIG_PSI is not set +# end of CPU/Task time and stats accounting + +CONFIG_CPU_ISOLATION=y + +# +# RCU Subsystem +# +CONFIG_TREE_RCU=y +CONFIG_PREEMPT_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_TREE_SRCU=y +CONFIG_RCU_STALL_COMMON=y +CONFIG_RCU_NEED_SEGCBLIST=y +# end of RCU Subsystem + +# CONFIG_IKCONFIG is not set +# CONFIG_IKHEADERS is not set +CONFIG_LOG_BUF_SHIFT=14 +CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y + +# +# Scheduler features +# +# end of Scheduler features + +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y +CONFIG_CC_HAS_INT128=y +CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" +CONFIG_GCC10_NO_ARRAY_BOUNDS=y +CONFIG_CC_NO_ARRAY_BOUNDS=y +CONFIG_ARCH_SUPPORTS_INT128=y +CONFIG_NUMA_BALANCING=y +CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y +# CONFIG_CGROUPS is not set +# CONFIG_NAMESPACES is not set +# CONFIG_CHECKPOINT_RESTORE is not set +# CONFIG_SCHED_AUTOGROUP is not set +# CONFIG_RELAY is not set +CONFIG_BLK_DEV_INITRD=y +CONFIG_INITRAMFS_SOURCE="./Microsoft/initrd-sk.cpio" +CONFIG_INITRAMFS_ROOT_UID=0 +CONFIG_INITRAMFS_ROOT_GID=0 +# CONFIG_RD_GZIP is not set +# CONFIG_RD_BZIP2 is not set +# CONFIG_RD_LZMA is not set +# CONFIG_RD_XZ is not set +# CONFIG_RD_LZO is not set +# CONFIG_RD_LZ4 is not set +# CONFIG_RD_ZSTD is not set +CONFIG_INITRAMFS_COMPRESSION_NONE=y +# CONFIG_BOOT_CONFIG is not set +CONFIG_INITRAMFS_PRESERVE_MTIME=y +CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y +# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set +CONFIG_LD_ORPHAN_WARN=y +CONFIG_LD_ORPHAN_WARN_LEVEL="warn" +CONFIG_SYSCTL=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +CONFIG_EXPERT=y +CONFIG_MULTIUSER=y +# CONFIG_SGETMASK_SYSCALL is not set +# CONFIG_SYSFS_SYSCALL is not set +# CONFIG_FHANDLE is not set +CONFIG_POSIX_TIMERS=y +CONFIG_PRINTK=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +# CONFIG_PCSPKR_PLATFORM is not set +# CONFIG_BASE_FULL is not set +CONFIG_FUTEX=y +CONFIG_FUTEX_PI=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_IO_URING=y +# CONFIG_ADVISE_SYSCALLS is not set +CONFIG_MEMBARRIER=y +CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_SELFTEST is not set +CONFIG_KALLSYMS_ALL=y +CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y +CONFIG_KALLSYMS_BASE_RELATIVE=y +CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y +# CONFIG_KCMP is not set +# CONFIG_RSEQ is not set +CONFIG_CACHESTAT_SYSCALL=y +CONFIG_HAVE_PERF_EVENTS=y +CONFIG_GUEST_PERF_EVENTS=y +# CONFIG_PC104 is not set + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +# end of Kernel Performance Events And Counters + +CONFIG_SYSTEM_DATA_VERIFICATION=y +# CONFIG_PROFILING is not set + +# +# Kexec and crash features +# +CONFIG_CRASH_CORE=y +CONFIG_KEXEC_CORE=y +# CONFIG_KEXEC is not set +CONFIG_KEXEC_FILE=y +CONFIG_KEXEC_SIG=y +# CONFIG_KEXEC_SIG_FORCE is not set +CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y +# CONFIG_CRASH_DUMP is not set +# end of Kexec and crash features +# end of General setup + +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_MMU=y +CONFIG_ARCH_MMAP_RND_BITS_MIN=28 +CONFIG_ARCH_MMAP_RND_BITS_MAX=32 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_AUDIT_ARCH=y +CONFIG_X86_64_SMP=y +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_PGTABLE_LEVELS=4 +CONFIG_CC_HAS_SANE_STACKPROTECTOR=y + +# +# Processor type and features +# +CONFIG_SMP=y +CONFIG_X86_X2APIC=y +CONFIG_X86_MPPARSE=y +# CONFIG_GOLDFISH is not set +# CONFIG_X86_CPU_RESCTRL is not set +# CONFIG_X86_EXTENDED_PLATFORM is not set +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set +CONFIG_SCHED_OMIT_FRAME_POINTER=y +CONFIG_HYPERVISOR_GUEST=y +CONFIG_PARAVIRT=y +CONFIG_PARAVIRT_XXL=y +# CONFIG_PARAVIRT_DEBUG is not set +CONFIG_PARAVIRT_SPINLOCKS=y +CONFIG_X86_HV_CALLBACK_VECTOR=y +CONFIG_XEN=y +CONFIG_XEN_PV=y +CONFIG_XEN_512GB=y +CONFIG_XEN_PV_SMP=y +CONFIG_XEN_PVHVM=y +CONFIG_XEN_PVHVM_SMP=y +CONFIG_XEN_SAVE_RESTORE=y +# CONFIG_XEN_PVH is not set +CONFIG_XEN_PV_MSR_SAFE=y +# CONFIG_KVM_GUEST is not set +CONFIG_ARCH_CPUIDLE_HALTPOLL=y +# CONFIG_PVH is not set +# CONFIG_PARAVIRT_TIME_ACCOUNTING is not set +CONFIG_PARAVIRT_CLOCK=y +# CONFIG_ACRN_GUEST is not set +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +# CONFIG_MCORE2 is not set +# CONFIG_MATOM is not set +CONFIG_GENERIC_CPU=y +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_TSC=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_IA32_FEAT_CTL=y +CONFIG_X86_VMX_FEATURE_NAMES=y +# CONFIG_PROCESSOR_SELECT is not set +CONFIG_CPU_SUP_INTEL=y +CONFIG_CPU_SUP_AMD=y +CONFIG_CPU_SUP_HYGON=y +CONFIG_CPU_SUP_CENTAUR=y +CONFIG_CPU_SUP_ZHAOXIN=y +CONFIG_HPET_TIMER=y +# CONFIG_DMI is not set +# CONFIG_MAXSMP is not set +CONFIG_NR_CPUS_RANGE_BEGIN=2 +CONFIG_NR_CPUS_RANGE_END=512 +CONFIG_NR_CPUS_DEFAULT=64 +CONFIG_NR_CPUS=512 +CONFIG_SCHED_CLUSTER=y +CONFIG_SCHED_SMT=y +# CONFIG_SCHED_MC is not set +CONFIG_X86_LOCAL_APIC=y +CONFIG_X86_IO_APIC=y +# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set +# CONFIG_X86_MCE is not set + +# +# Performance monitoring +# +# CONFIG_PERF_EVENTS_AMD_POWER is not set +# CONFIG_PERF_EVENTS_AMD_UNCORE is not set +# CONFIG_PERF_EVENTS_AMD_BRS is not set +# end of Performance monitoring + +# CONFIG_X86_VSYSCALL_EMULATION is not set +CONFIG_X86_IOPL_IOPERM=y +CONFIG_MICROCODE=y +# CONFIG_MICROCODE_LATE_LOADING is not set +# CONFIG_X86_MSR is not set +# CONFIG_X86_CPUID is not set +# CONFIG_X86_5LEVEL is not set +CONFIG_X86_DIRECT_GBPAGES=y +CONFIG_NUMA=y +# CONFIG_NUMA_EMU is not set +CONFIG_NODES_SHIFT=10 +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +# CONFIG_ARCH_MEMORY_PROBE is not set +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set +# CONFIG_MTRR is not set +CONFIG_X86_UMIP=y +CONFIG_CC_HAS_IBT=y +CONFIG_X86_CET=y +CONFIG_X86_KERNEL_IBT=y +# CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS is not set +CONFIG_X86_INTEL_TSX_MODE_OFF=y +# CONFIG_X86_INTEL_TSX_MODE_ON is not set +# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set +# CONFIG_X86_SGX is not set +# CONFIG_X86_USER_SHADOW_STACK is not set +# CONFIG_EFI is not set +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +CONFIG_ARCH_SUPPORTS_KEXEC=y +CONFIG_ARCH_SUPPORTS_KEXEC_FILE=y +CONFIG_ARCH_SELECTS_KEXEC_FILE=y +CONFIG_ARCH_SUPPORTS_KEXEC_PURGATORY=y +CONFIG_ARCH_SUPPORTS_KEXEC_SIG=y +CONFIG_ARCH_SUPPORTS_KEXEC_SIG_FORCE=y +CONFIG_ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG=y +CONFIG_ARCH_SUPPORTS_KEXEC_JUMP=y +CONFIG_ARCH_SUPPORTS_CRASH_DUMP=y +CONFIG_ARCH_SUPPORTS_CRASH_HOTPLUG=y +CONFIG_PHYSICAL_START=0x8200000 +CONFIG_RELOCATABLE=y +# CONFIG_RANDOMIZE_BASE is not set +CONFIG_PHYSICAL_ALIGN=0x200000 +CONFIG_HOTPLUG_CPU=y +# CONFIG_LEGACY_VSYSCALL_XONLY is not set +CONFIG_LEGACY_VSYSCALL_NONE=y +# CONFIG_CMDLINE_BOOL is not set +# CONFIG_MODIFY_LDT_SYSCALL is not set +# CONFIG_STRICT_SIGALTSTACK_SIZE is not set +CONFIG_HAVE_LIVEPATCH=y +# end of Processor type and features + +CONFIG_CC_HAS_SLS=y +CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_CC_HAS_ENTRY_PADDING=y +CONFIG_FUNCTION_PADDING_CFI=11 +CONFIG_FUNCTION_PADDING_BYTES=16 +CONFIG_CPU_MITIGATIONS=y +# CONFIG_PAGE_TABLE_ISOLATION is not set +CONFIG_RETPOLINE=y +# CONFIG_RETHUNK is not set +CONFIG_CPU_IBPB_ENTRY=y +CONFIG_CPU_IBRS_ENTRY=y +# CONFIG_SLS is not set +# CONFIG_GDS_FORCE_MITIGATION is not set +CONFIG_MITIGATION_RFDS=y +CONFIG_MITIGATION_SPECTRE_BHI=y +CONFIG_ARCH_HAS_ADD_PAGES=y + +# +# Power management and ACPI options +# +# CONFIG_SUSPEND is not set +CONFIG_HIBERNATE_CALLBACKS=y +CONFIG_PM_SLEEP=y +CONFIG_PM_SLEEP_SMP=y +# CONFIG_PM_AUTOSLEEP is not set +# CONFIG_PM_USERSPACE_AUTOSLEEP is not set +# CONFIG_PM_WAKELOCKS is not set +CONFIG_PM=y +# CONFIG_PM_DEBUG is not set +CONFIG_PM_CLK=y +# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set +CONFIG_ARCH_SUPPORTS_ACPI=y +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set +CONFIG_ACPI_SPCR_TABLE=y +# CONFIG_ACPI_FPDT is not set +CONFIG_ACPI_LPIT=y +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +# CONFIG_ACPI_AC is not set +# CONFIG_ACPI_BATTERY is not set +# CONFIG_ACPI_TINY_POWER_BUTTON is not set +# CONFIG_ACPI_TAD is not set +# CONFIG_ACPI_DOCK is not set +# CONFIG_ACPI_PROCESSOR is not set +CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y +CONFIG_ACPI_TABLE_UPGRADE=y +# CONFIG_ACPI_TABLE_OVERRIDE_VIA_BUILTIN_INITRD is not set +# CONFIG_ACPI_DEBUG is not set +# CONFIG_ACPI_CONTAINER is not set +# CONFIG_ACPI_HOTPLUG_MEMORY is not set +# CONFIG_ACPI_SBS is not set +# CONFIG_ACPI_HED is not set +# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set +CONFIG_ACPI_NUMA=y +# CONFIG_ACPI_HMAT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_ACPI_DPTF is not set +# CONFIG_ACPI_CONFIGFS is not set +# CONFIG_ACPI_PFRUT is not set +# CONFIG_ACPI_FFH is not set +# CONFIG_PMIC_OPREGION is not set +CONFIG_X86_PM_TIMER=y + +# +# CPU Frequency scaling +# +# CONFIG_CPU_FREQ is not set +# end of CPU Frequency scaling + +# +# CPU Idle +# +# CONFIG_CPU_IDLE is not set +# end of CPU Idle +# end of Power management and ACPI options + +# +# Bus options (PCI etc.) +# +# CONFIG_ISA_BUS is not set +# CONFIG_ISA_DMA_API is not set +# end of Bus options (PCI etc.) + +# +# Binary Emulations +# +# CONFIG_IA32_EMULATION is not set +# CONFIG_X86_X32_ABI is not set +# end of Binary Emulations + +CONFIG_HAVE_KVM=y +# CONFIG_VIRTUALIZATION is not set +CONFIG_AS_AVX512=y +CONFIG_AS_SHA1_NI=y +CONFIG_AS_SHA256_NI=y +CONFIG_AS_TPAUSE=y +CONFIG_AS_GFNI=y +CONFIG_AS_WRUSS=y +CONFIG_ARCH_CONFIGURES_CPU_MITIGATIONS=y + +# +# General architecture-dependent options +# +CONFIG_HOTPLUG_SMT=y +CONFIG_HOTPLUG_CORE_SYNC=y +CONFIG_HOTPLUG_CORE_SYNC_DEAD=y +CONFIG_HOTPLUG_CORE_SYNC_FULL=y +CONFIG_HOTPLUG_SPLIT_STARTUP=y +CONFIG_HOTPLUG_PARALLEL=y +CONFIG_GENERIC_ENTRY=y +# CONFIG_KPROBES is not set +# CONFIG_JUMP_LABEL is not set +# CONFIG_STATIC_CALL_SELFTEST is not set +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_ARCH_CORRECT_STACKTRACE_ON_KRETPROBE=y +CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y +CONFIG_HAVE_NMI=y +CONFIG_TRACE_IRQFLAGS_SUPPORT=y +CONFIG_TRACE_IRQFLAGS_NMI_SUPPORT=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_HAS_FORTIFY_SOURCE=y +CONFIG_ARCH_HAS_SET_MEMORY=y +CONFIG_ARCH_HAS_SET_DIRECT_MAP=y +CONFIG_ARCH_HAS_CPU_FINALIZE_INIT=y +CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_ARCH_WANTS_NO_INSTR=y +CONFIG_HAVE_ASM_MODVERSIONS=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_RSEQ=y +CONFIG_HAVE_RUST=y +CONFIG_HAVE_FUNCTION_ARG_ACCESS_API=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_HAVE_ARCH_JUMP_LABEL_RELATIVE=y +CONFIG_MMU_GATHER_TABLE_FREE=y +CONFIG_MMU_GATHER_RCU_TABLE_FREE=y +CONFIG_MMU_GATHER_MERGE_VMAS=y +CONFIG_MMU_LAZY_TLB_REFCOUNT=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_ARCH_HAS_NMI_SAFE_THIS_CPU_OPS=y +CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_HAVE_ARCH_SECCOMP=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +# CONFIG_SECCOMP is not set +CONFIG_HAVE_ARCH_STACKLEAK=y +CONFIG_HAVE_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR_STRONG=y +CONFIG_ARCH_SUPPORTS_LTO_CLANG=y +CONFIG_ARCH_SUPPORTS_LTO_CLANG_THIN=y +CONFIG_LTO_NONE=y +CONFIG_ARCH_SUPPORTS_CFI_CLANG=y +CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y +CONFIG_HAVE_CONTEXT_TRACKING_USER=y +CONFIG_HAVE_CONTEXT_TRACKING_USER_OFFSTACK=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_MOVE_PUD=y +CONFIG_HAVE_MOVE_PMD=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_HUGE_VMALLOC=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_ARCH_WANT_PMD_MKWRITE=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_HAVE_MOD_ARCH_SPECIFIC=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_HAVE_SOFTIRQ_ON_OWN_STACK=y +CONFIG_SOFTIRQ_ON_OWN_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_HAVE_EXIT_THREAD=y +CONFIG_ARCH_MMAP_RND_BITS=28 +CONFIG_PAGE_SIZE_LESS_THAN_64KB=y +CONFIG_PAGE_SIZE_LESS_THAN_256KB=y +CONFIG_HAVE_OBJTOOL=y +CONFIG_HAVE_JUMP_LABEL_HACK=y +CONFIG_HAVE_NOINSTR_HACK=y +CONFIG_HAVE_NOINSTR_VALIDATION=y +CONFIG_HAVE_UACCESS_VALIDATION=y +CONFIG_HAVE_STACK_VALIDATION=y +CONFIG_HAVE_RELIABLE_STACKTRACE=y +# CONFIG_COMPAT_32BIT_TIME is not set +CONFIG_HAVE_ARCH_VMAP_STACK=y +# CONFIG_VMAP_STACK is not set +CONFIG_HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET=y +CONFIG_RANDOMIZE_KSTACK_OFFSET=y +# CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is not set +CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y +CONFIG_STRICT_KERNEL_RWX=y +CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y +CONFIG_STRICT_MODULE_RWX=y +CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y +CONFIG_ARCH_HAS_MEM_ENCRYPT=y +CONFIG_HAVE_STATIC_CALL=y +CONFIG_HAVE_PREEMPT_DYNAMIC=y +CONFIG_HAVE_PREEMPT_DYNAMIC_CALL=y +CONFIG_ARCH_WANT_LD_ORPHAN_WARN=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_SUPPORTS_PAGE_TABLE_CHECK=y +CONFIG_ARCH_HAS_ELFCORE_COMPAT=y +CONFIG_ARCH_HAS_PARANOID_L1D_FLUSH=y +CONFIG_DYNAMIC_SIGFRAME=y +CONFIG_ARCH_HAS_NONLEAF_PMD_YOUNG=y + +# +# GCOV-based kernel profiling +# +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# end of GCOV-based kernel profiling + +CONFIG_HAVE_GCC_PLUGINS=y +CONFIG_GCC_PLUGINS=y +# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set +CONFIG_FUNCTION_ALIGNMENT_4B=y +CONFIG_FUNCTION_ALIGNMENT_16B=y +CONFIG_FUNCTION_ALIGNMENT=16 +# end of General architecture-dependent options + +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=1 +CONFIG_MODULE_SIG_FORMAT=y +CONFIG_MODULES=y +# CONFIG_MODULE_FORCE_LOAD is not set +CONFIG_MODULE_UNLOAD=y +# CONFIG_MODULE_FORCE_UNLOAD is not set +# CONFIG_MODULE_UNLOAD_TAINT_TRACKING is not set +# CONFIG_MODVERSIONS is not set +# CONFIG_MODULE_SRCVERSION_ALL is not set +CONFIG_MODULE_SIG=y +CONFIG_MODULE_SIG_FORCE=y +CONFIG_MODULE_SIG_ALL=y +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +# CONFIG_MODULE_SIG_SHA256 is not set +# CONFIG_MODULE_SIG_SHA384 is not set +CONFIG_MODULE_SIG_SHA512=y +CONFIG_MODULE_SIG_HASH="sha512" +CONFIG_MODULE_COMPRESS_NONE=y +# CONFIG_MODULE_COMPRESS_GZIP is not set +# CONFIG_MODULE_COMPRESS_XZ is not set +# CONFIG_MODULE_COMPRESS_ZSTD is not set +# CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is not set +CONFIG_MODPROBE_PATH="/sbin/modprobe" +# CONFIG_TRIM_UNUSED_KSYMS is not set +CONFIG_MODULES_TREE_LOOKUP=y +# CONFIG_BLOCK is not set +CONFIG_ASN1=y +CONFIG_UNINLINE_SPIN_UNLOCK=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_MUTEX_SPIN_ON_OWNER=y +CONFIG_RWSEM_SPIN_ON_OWNER=y +CONFIG_LOCK_SPIN_ON_OWNER=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_QUEUED_RWLOCKS=y +CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE=y +CONFIG_ARCH_HAS_SYNC_CORE_BEFORE_USERMODE=y +CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y +CONFIG_FREEZER=y + +# +# Executable file formats +# +CONFIG_BINFMT_ELF=y +CONFIG_ELFCORE=y +CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y +# CONFIG_BINFMT_SCRIPT is not set +# CONFIG_BINFMT_MISC is not set +CONFIG_COREDUMP=y +# end of Executable file formats + +# +# Memory Management options +# + +# +# SLAB allocator options +# +# CONFIG_SLAB_DEPRECATED is not set +CONFIG_SLUB=y +# CONFIG_SLUB_TINY is not set +# CONFIG_SLAB_MERGE_DEFAULT is not set +# CONFIG_SLAB_FREELIST_RANDOM is not set +# CONFIG_SLAB_FREELIST_HARDENED is not set +# CONFIG_SLUB_STATS is not set +# CONFIG_SLUB_CPU_PARTIAL is not set +# CONFIG_RANDOM_KMALLOC_CACHES is not set +# end of SLAB allocator options + +# CONFIG_SHUFFLE_PAGE_ALLOCATOR is not set +# CONFIG_COMPAT_BRK is not set +CONFIG_SPARSEMEM=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_ARCH_WANT_OPTIMIZE_DAX_VMEMMAP=y +CONFIG_ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP=y +CONFIG_HAVE_FAST_GUP=y +CONFIG_NUMA_KEEP_MEMINFO=y +CONFIG_MEMORY_ISOLATION=y +CONFIG_HAVE_BOOTMEM_INFO_NODE=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y +CONFIG_MEMORY_HOTPLUG=y +CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE=y +CONFIG_MEMORY_HOTREMOVE=y +CONFIG_MHP_MEMMAP_ON_MEMORY=y +CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_COMPACTION=y +CONFIG_COMPACT_UNEVICTABLE_DEFAULT=1 +# CONFIG_PAGE_REPORTING is not set +CONFIG_MIGRATION=y +CONFIG_DEVICE_MIGRATION=y +CONFIG_ARCH_ENABLE_THP_MIGRATION=y +CONFIG_CONTIG_ALLOC=y +CONFIG_PCP_BATCH_SCALE_MAX=5 +CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_MMU_NOTIFIER=y +# CONFIG_KSM is not set +CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_ARCH_WANTS_THP_SWAP=y +CONFIG_TRANSPARENT_HUGEPAGE=y +# CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS is not set +CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y +# CONFIG_READ_ONLY_THP_FOR_FS is not set +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_USE_PERCPU_NUMA_NODE_ID=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +# CONFIG_CMA is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set +# CONFIG_IDLE_PAGE_TRACKING is not set +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_ARCH_HAS_CURRENT_STACK_POINTER=y +CONFIG_ARCH_HAS_PTE_DEVMAP=y +CONFIG_ARCH_HAS_ZONE_DMA_SET=y +CONFIG_ZONE_DMA=y +CONFIG_ZONE_DMA32=y +CONFIG_ZONE_DEVICE=y +CONFIG_GET_FREE_REGION=y +CONFIG_DEVICE_PRIVATE=y +# CONFIG_VM_EVENT_COUNTERS is not set +# CONFIG_PERCPU_STATS is not set + +# +# GUP_TEST needs to have DEBUG_FS enabled +# +# CONFIG_DMAPOOL_TEST is not set +CONFIG_ARCH_HAS_PTE_SPECIAL=y +CONFIG_MEMFD_CREATE=y +CONFIG_SECRETMEM=y +CONFIG_USERFAULTFD=y +CONFIG_HAVE_ARCH_USERFAULTFD_WP=y +CONFIG_HAVE_ARCH_USERFAULTFD_MINOR=y +CONFIG_PTE_MARKER_UFFD_WP=y +# CONFIG_LRU_GEN is not set +CONFIG_ARCH_SUPPORTS_PER_VMA_LOCK=y +CONFIG_PER_VMA_LOCK=y +CONFIG_LOCK_MM_AND_FIND_VMA=y + +# +# Data Access Monitoring +# +# CONFIG_DAMON is not set +# end of Data Access Monitoring +# end of Memory Management options + +# CONFIG_NET is not set + +# +# Device Drivers +# +CONFIG_HAVE_EISA=y +# CONFIG_EISA is not set +CONFIG_HAVE_PCI=y +# CONFIG_PCI is not set +# CONFIG_PCCARD is not set + +# +# Generic Driver Options +# +# CONFIG_UEVENT_HELPER is not set +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +# CONFIG_DEVTMPFS_SAFE is not set +CONFIG_STANDALONE=y +CONFIG_PREVENT_FIRMWARE_BUILD=y + +# +# Firmware loader +# +# CONFIG_FW_LOADER is not set +# end of Firmware loader + +# CONFIG_ALLOW_DEV_COREDUMP is not set +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set +# CONFIG_TEST_ASYNC_DRIVER_PROBE is not set +CONFIG_SYS_HYPERVISOR=y +CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y +# CONFIG_FW_DEVLINK_SYNC_STATE_TIMEOUT is not set +# end of Generic Driver Options + +# +# Bus devices +# +# CONFIG_MHI_BUS is not set +# CONFIG_MHI_BUS_EP is not set +# end of Bus devices + +# +# Cache Drivers +# +# end of Cache Drivers + +# +# Firmware Drivers +# + +# +# ARM System Control and Management Interface Protocol +# +# end of ARM System Control and Management Interface Protocol + +# CONFIG_EDD is not set +# CONFIG_FIRMWARE_MEMMAP is not set +# CONFIG_FW_CFG_SYSFS is not set +# CONFIG_SYSFB_SIMPLEFB is not set +# CONFIG_GOOGLE_FIRMWARE is not set + +# +# Tegra firmware driver +# +# end of Tegra firmware driver +# end of Firmware Drivers + +# CONFIG_GNSS is not set +# CONFIG_MTD is not set +CONFIG_DTC=y +CONFIG_OF=y +# CONFIG_OF_UNITTEST is not set +CONFIG_OF_FLATTREE=y +CONFIG_OF_EARLY_FLATTREE=y +CONFIG_OF_KOBJ=y +CONFIG_OF_ADDRESS=y +CONFIG_OF_IRQ=y +CONFIG_OF_RESERVED_MEM=y +# CONFIG_OF_OVERLAY is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +# CONFIG_PNP_DEBUG_MESSAGES is not set + +# +# Protocols +# +CONFIG_PNPACPI=y + +# +# NVME Support +# +# end of NVME Support + +# +# Misc devices +# +# CONFIG_DUMMY_IRQ is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_SRAM is not set +# CONFIG_XILINX_SDFEC is not set +# CONFIG_OPEN_DICE is not set +# CONFIG_VCPU_STALL_DETECTOR is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_93CX6 is not set +# end of EEPROM support + +# +# Texas Instruments shared transport line discipline +# +# end of Texas Instruments shared transport line discipline + +# +# Altera FPGA firmware download module (requires I2C) +# +# CONFIG_ECHO is not set +# CONFIG_PVPANIC is not set +# end of Misc devices + +# +# SCSI device support +# +# end of SCSI device support + +# CONFIG_MACINTOSH_DRIVERS is not set + +# +# Input device support +# +# CONFIG_INPUT is not set + +# +# Hardware I/O ports +# +# CONFIG_SERIO is not set +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +# CONFIG_GAMEPORT is not set +# end of Hardware I/O ports +# end of Input device support + +# +# Character devices +# +CONFIG_TTY=y +# CONFIG_VT is not set +CONFIG_UNIX98_PTYS=y +# CONFIG_LEGACY_PTYS is not set +CONFIG_LEGACY_TIOCSTI=y +CONFIG_LDISC_AUTOLOAD=y + +# +# Serial drivers +# +CONFIG_SERIAL_EARLYCON=y +CONFIG_SERIAL_8250=y +CONFIG_SERIAL_8250_DEPRECATED_OPTIONS=y +# CONFIG_SERIAL_8250_PNP is not set +CONFIG_SERIAL_8250_16550A_VARIANTS=y +# CONFIG_SERIAL_8250_FINTEK is not set +CONFIG_SERIAL_8250_CONSOLE=y +CONFIG_SERIAL_8250_NR_UARTS=4 +CONFIG_SERIAL_8250_RUNTIME_UARTS=4 +CONFIG_SERIAL_8250_EXTENDED=y +# CONFIG_SERIAL_8250_MANY_PORTS is not set +CONFIG_SERIAL_8250_SHARE_IRQ=y +# CONFIG_SERIAL_8250_DETECT_IRQ is not set +# CONFIG_SERIAL_8250_RSA is not set +# CONFIG_SERIAL_8250_DW is not set +# CONFIG_SERIAL_8250_RT288X is not set +# CONFIG_SERIAL_OF_PLATFORM is not set + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_UARTLITE is not set +CONFIG_SERIAL_CORE=y +CONFIG_SERIAL_CORE_CONSOLE=y +# CONFIG_SERIAL_SIFIVE is not set +# CONFIG_SERIAL_LANTIQ is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_XILINX_PS_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_FSL_LPUART is not set +# CONFIG_SERIAL_FSL_LINFLEXUART is not set +# CONFIG_SERIAL_CONEXANT_DIGICOLOR is not set +# CONFIG_SERIAL_SPRD is not set +# end of Serial drivers + +CONFIG_SERIAL_NONSTANDARD=y +# CONFIG_N_HDLC is not set +CONFIG_NULL_TTY=y +CONFIG_HVC_DRIVER=y +CONFIG_HVC_IRQ=y +CONFIG_HVC_XEN=y +CONFIG_HVC_XEN_FRONTEND=y +# CONFIG_SERIAL_DEV_BUS is not set +CONFIG_TTY_PRINTK=y +CONFIG_TTY_PRINTK_LEVEL=6 +# CONFIG_VIRTIO_CONSOLE is not set +# CONFIG_IPMI_HANDLER is not set +CONFIG_HW_RANDOM=y +# CONFIG_HW_RANDOM_TIMERIOMEM is not set +# CONFIG_HW_RANDOM_BA431 is not set +# CONFIG_HW_RANDOM_VIA is not set +# CONFIG_HW_RANDOM_CCTRNG is not set +# CONFIG_HW_RANDOM_XIPHERA is not set +# CONFIG_MWAVE is not set +CONFIG_DEVMEM=y +# CONFIG_NVRAM is not set +# CONFIG_DEVPORT is not set +# CONFIG_HPET is not set +# CONFIG_HANGCHECK_TIMER is not set +# CONFIG_TCG_TPM is not set +# CONFIG_TELCLOCK is not set +# CONFIG_XILLYBUS is not set +# end of Character devices + +# +# I2C support +# +# CONFIG_I2C is not set +# end of I2C support + +# CONFIG_I3C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set +# CONFIG_PPS is not set + +# +# PTP clock support +# +CONFIG_PTP_1588_CLOCK_OPTIONAL=y + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +# end of PTP clock support + +# CONFIG_PINCTRL is not set +# CONFIG_GPIOLIB is not set +# CONFIG_W1 is not set +# CONFIG_POWER_RESET is not set +# CONFIG_POWER_SUPPLY is not set +# CONFIG_HWMON is not set +# CONFIG_THERMAL is not set +# CONFIG_WATCHDOG is not set +CONFIG_SSB_POSSIBLE=y +# CONFIG_SSB is not set +CONFIG_BCMA_POSSIBLE=y +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_ATMEL_FLEXCOM is not set +# CONFIG_MFD_ATMEL_HLCDC is not set +# CONFIG_MFD_MADERA is not set +# CONFIG_MFD_HI6421_PMIC is not set +# CONFIG_MFD_INTEL_LPSS_ACPI is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_TQMX86 is not set +# end of Multifunction device drivers + +# CONFIG_REGULATOR is not set + +# +# CEC support +# +# CONFIG_MEDIA_CEC_SUPPORT is not set +# end of CEC support + +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +# CONFIG_AUXDISPLAY is not set +# CONFIG_DRM is not set +# CONFIG_DRM_DEBUG_MODESET_LOCK is not set + +# +# Frame buffer Devices +# +# CONFIG_FB is not set +# end of Frame buffer Devices + +# +# Backlight & LCD device support +# +# CONFIG_LCD_CLASS_DEVICE is not set +# CONFIG_BACKLIGHT_CLASS_DEVICE is not set +# end of Backlight & LCD device support +# end of Graphics support + +# CONFIG_SOUND is not set +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +# CONFIG_USB_SUPPORT is not set +# CONFIG_MMC is not set +# CONFIG_MEMSTICK is not set +# CONFIG_NEW_LEDS is not set +# CONFIG_ACCESSIBILITY is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +CONFIG_RTC_LIB=y +CONFIG_RTC_MC146818_LIB=y +# CONFIG_RTC_CLASS is not set +# CONFIG_DMADEVICES is not set + +# +# DMABUF options +# +# CONFIG_SYNC_FILE is not set +# CONFIG_DMABUF_HEAPS is not set +# end of DMABUF options + +# CONFIG_UIO is not set +# CONFIG_VFIO is not set +# CONFIG_VIRT_DRIVERS is not set +# CONFIG_VIRTIO_MENU is not set +# CONFIG_VHOST_MENU is not set + +# +# Microsoft Hyper-V guest support +# +CONFIG_HYPERV=y +CONFIG_HYPERV_VTL_MODE=y +CONFIG_HV_SECURE_VTL=y +# CONFIG_HYPERV_VSM is not set +CONFIG_HYPERV_TIMER=y +# CONFIG_HYPERV_BALLOON is not set +# CONFIG_DXGKRNL is not set +# end of Microsoft Hyper-V guest support + +# +# Xen driver support +# +CONFIG_XEN_BALLOON=y +CONFIG_XEN_BALLOON_MEMORY_HOTPLUG=y +CONFIG_XEN_MEMORY_HOTPLUG_LIMIT=512 +CONFIG_XEN_SCRUB_PAGES_DEFAULT=y +CONFIG_XEN_DEV_EVTCHN=y +CONFIG_XEN_BACKEND=y +CONFIG_XENFS=y +CONFIG_XEN_COMPAT_XENFS=y +CONFIG_XEN_SYS_HYPERVISOR=y +CONFIG_XEN_XENBUS_FRONTEND=y +CONFIG_XEN_GNTDEV=m +CONFIG_XEN_GRANT_DEV_ALLOC=m +# CONFIG_XEN_GRANT_DMA_ALLOC is not set +CONFIG_SWIOTLB_XEN=y +CONFIG_XEN_PRIVCMD=y +CONFIG_XEN_HAVE_PVMMU=y +CONFIG_XEN_AUTO_XLATE=y +CONFIG_XEN_ACPI=y +CONFIG_XEN_HAVE_VPMU=y +CONFIG_XEN_UNPOPULATED_ALLOC=y +# end of Xen driver support + +# CONFIG_GREYBUS is not set +# CONFIG_COMEDI is not set +# CONFIG_STAGING is not set +# CONFIG_CHROME_PLATFORMS is not set +# CONFIG_MELLANOX_PLATFORM is not set +CONFIG_SURFACE_PLATFORMS=y +# CONFIG_X86_PLATFORM_DEVICES is not set +CONFIG_HAVE_CLK=y +CONFIG_HAVE_CLK_PREPARE=y +CONFIG_COMMON_CLK=y +# CONFIG_COMMON_CLK_AXI_CLKGEN is not set +# CONFIG_COMMON_CLK_FIXED_MMIO is not set +# CONFIG_CLK_LGM_CGU is not set +# CONFIG_XILINX_VCU is not set +# CONFIG_COMMON_CLK_XLNX_CLKWZRD is not set +# CONFIG_HWSPINLOCK is not set + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_CLKBLD_I8253=y +# end of Clock Source drivers + +# CONFIG_MAILBOX is not set +# CONFIG_IOMMU_SUPPORT is not set + +# +# Remoteproc drivers +# +# CONFIG_REMOTEPROC is not set +# end of Remoteproc drivers + +# +# Rpmsg drivers +# +# CONFIG_RPMSG_VIRTIO is not set +# end of Rpmsg drivers + +# CONFIG_SOUNDWIRE is not set + +# +# SOC (System On Chip) specific Drivers +# + +# +# Amlogic SoC drivers +# +# end of Amlogic SoC drivers + +# +# Broadcom SoC drivers +# +# end of Broadcom SoC drivers + +# +# NXP/Freescale QorIQ SoC drivers +# +# end of NXP/Freescale QorIQ SoC drivers + +# +# fujitsu SoC drivers +# +# end of fujitsu SoC drivers + +# +# i.MX SoC drivers +# +# end of i.MX SoC drivers + +# +# Enable LiteX SoC Builder specific drivers +# +# CONFIG_LITEX_SOC_CONTROLLER is not set +# end of Enable LiteX SoC Builder specific drivers + +# CONFIG_WPCM450_SOC is not set + +# +# Qualcomm SoC drivers +# +# end of Qualcomm SoC drivers + +# CONFIG_SOC_TI is not set + +# +# Xilinx SoC drivers +# +# end of Xilinx SoC drivers +# end of SOC (System On Chip) specific Drivers + +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_PWM is not set + +# +# IRQ chip support +# +CONFIG_IRQCHIP=y +# CONFIG_AL_FIC is not set +# CONFIG_XILINX_INTC is not set +# end of IRQ chip support + +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set + +# +# PHY Subsystem +# +# CONFIG_GENERIC_PHY is not set +# CONFIG_PHY_CAN_TRANSCEIVER is not set + +# +# PHY drivers for Broadcom platforms +# +# CONFIG_BCM_KONA_USB2_PHY is not set +# end of PHY drivers for Broadcom platforms + +# CONFIG_PHY_CADENCE_TORRENT is not set +# CONFIG_PHY_CADENCE_DPHY is not set +# CONFIG_PHY_CADENCE_DPHY_RX is not set +# CONFIG_PHY_CADENCE_SALVO is not set +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_PHY_INTEL_LGM_COMBO is not set +# CONFIG_PHY_INTEL_LGM_EMMC is not set +# end of PHY Subsystem + +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# end of Performance monitor support + +# CONFIG_RAS is not set + +# +# Android +# +# CONFIG_ANDROID_BINDER_IPC is not set +# end of Android + +CONFIG_DAX=y +# CONFIG_DEV_DAX is not set +# CONFIG_NVMEM is not set + +# +# HW tracing support +# +# CONFIG_STM is not set +# CONFIG_INTEL_TH is not set +# end of HW tracing support + +# CONFIG_FPGA is not set +# CONFIG_FSI is not set +# CONFIG_TEE is not set +# CONFIG_SIOX is not set +# CONFIG_SLIMBUS is not set +# CONFIG_INTERCONNECT is not set +# CONFIG_COUNTER is not set +# CONFIG_MOST is not set +# CONFIG_PECI is not set +# CONFIG_HTE is not set +# end of Device Drivers + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +# CONFIG_VALIDATE_FS_PARSER is not set +# CONFIG_FS_DAX is not set +# CONFIG_EXPORTFS_BLOCK_OPS is not set +# CONFIG_FILE_LOCKING is not set +# CONFIG_FS_ENCRYPTION is not set +# CONFIG_FS_VERITY is not set +# CONFIG_DNOTIFY is not set +# CONFIG_INOTIFY_USER is not set +# CONFIG_FANOTIFY is not set +# CONFIG_QUOTA is not set +# CONFIG_AUTOFS_FS is not set +# CONFIG_FUSE_FS is not set +# CONFIG_OVERLAY_FS is not set + +# +# Caches +# +# CONFIG_FSCACHE is not set +# end of Caches + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +# CONFIG_PROC_KCORE is not set +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +# CONFIG_PROC_CHILDREN is not set +CONFIG_PROC_PID_ARCH_STATUS=y +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +# CONFIG_TMPFS_POSIX_ACL is not set +# CONFIG_TMPFS_XATTR is not set +# CONFIG_TMPFS_INODE64 is not set +# CONFIG_TMPFS_QUOTA is not set +# CONFIG_HUGETLBFS is not set +CONFIG_ARCH_HAS_GIGANTIC_PAGE=y +CONFIG_CONFIGFS_FS=y +# end of Pseudo filesystems + +# CONFIG_MISC_FILESYSTEMS is not set +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="iso8859-1" +CONFIG_NLS_CODEPAGE_437=y +# CONFIG_NLS_CODEPAGE_737 is not set +# CONFIG_NLS_CODEPAGE_775 is not set +# CONFIG_NLS_CODEPAGE_850 is not set +# CONFIG_NLS_CODEPAGE_852 is not set +# CONFIG_NLS_CODEPAGE_855 is not set +# CONFIG_NLS_CODEPAGE_857 is not set +# CONFIG_NLS_CODEPAGE_860 is not set +# CONFIG_NLS_CODEPAGE_861 is not set +# CONFIG_NLS_CODEPAGE_862 is not set +# CONFIG_NLS_CODEPAGE_863 is not set +# CONFIG_NLS_CODEPAGE_864 is not set +# CONFIG_NLS_CODEPAGE_865 is not set +# CONFIG_NLS_CODEPAGE_866 is not set +# CONFIG_NLS_CODEPAGE_869 is not set +# CONFIG_NLS_CODEPAGE_936 is not set +# CONFIG_NLS_CODEPAGE_950 is not set +# CONFIG_NLS_CODEPAGE_932 is not set +# CONFIG_NLS_CODEPAGE_949 is not set +# CONFIG_NLS_CODEPAGE_874 is not set +# CONFIG_NLS_ISO8859_8 is not set +# CONFIG_NLS_CODEPAGE_1250 is not set +# CONFIG_NLS_CODEPAGE_1251 is not set +# CONFIG_NLS_ASCII is not set +CONFIG_NLS_ISO8859_1=y +# CONFIG_NLS_ISO8859_2 is not set +# CONFIG_NLS_ISO8859_3 is not set +# CONFIG_NLS_ISO8859_4 is not set +# CONFIG_NLS_ISO8859_5 is not set +# CONFIG_NLS_ISO8859_6 is not set +# CONFIG_NLS_ISO8859_7 is not set +# CONFIG_NLS_ISO8859_9 is not set +# CONFIG_NLS_ISO8859_13 is not set +# CONFIG_NLS_ISO8859_14 is not set +# CONFIG_NLS_ISO8859_15 is not set +# CONFIG_NLS_KOI8_R is not set +# CONFIG_NLS_KOI8_U is not set +# CONFIG_NLS_MAC_ROMAN is not set +# CONFIG_NLS_MAC_CELTIC is not set +# CONFIG_NLS_MAC_CENTEURO is not set +# CONFIG_NLS_MAC_CROATIAN is not set +# CONFIG_NLS_MAC_CYRILLIC is not set +# CONFIG_NLS_MAC_GAELIC is not set +# CONFIG_NLS_MAC_GREEK is not set +# CONFIG_NLS_MAC_ICELAND is not set +# CONFIG_NLS_MAC_INUIT is not set +# CONFIG_NLS_MAC_ROMANIAN is not set +# CONFIG_NLS_MAC_TURKISH is not set +# CONFIG_NLS_UTF8 is not set +# CONFIG_UNICODE is not set +CONFIG_IO_WQ=y +# end of File systems + +# +# Security options +# +CONFIG_KEYS=y +# CONFIG_KEYS_REQUEST_CACHE is not set +# CONFIG_PERSISTENT_KEYRINGS is not set +# CONFIG_TRUSTED_KEYS is not set +# CONFIG_ENCRYPTED_KEYS is not set +# CONFIG_KEY_DH_OPERATIONS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +CONFIG_PROC_MEM_ALWAYS_FORCE=y +# CONFIG_PROC_MEM_FORCE_PTRACE is not set +# CONFIG_PROC_MEM_NO_FORCE is not set +CONFIG_SECURITY=y +# CONFIG_SECURITYFS is not set +# CONFIG_SECURITY_NETWORK is not set +# CONFIG_SECURITY_PATH is not set +# CONFIG_HARDENED_USERCOPY is not set +# CONFIG_FORTIFY_SOURCE is not set +# CONFIG_STATIC_USERMODEHELPER is not set +# CONFIG_SECURITY_YAMA is not set +# CONFIG_SECURITY_SAFESETID is not set +# CONFIG_SECURITY_LOCKDOWN_LSM is not set +# CONFIG_SECURITY_LANDLOCK is not set +CONFIG_INTEGRITY=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y +# CONFIG_INTEGRITY_PLATFORM_KEYRING is not set +# CONFIG_IMA is not set +# CONFIG_EVM is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity" + +# +# Kernel hardening options +# + +# +# Memory initialization +# +CONFIG_CC_HAS_AUTO_VAR_INIT_PATTERN=y +CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO_BARE=y +CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y +CONFIG_INIT_STACK_NONE=y +# CONFIG_INIT_STACK_ALL_PATTERN is not set +# CONFIG_INIT_STACK_ALL_ZERO is not set +# CONFIG_GCC_PLUGIN_STACKLEAK is not set +# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set +# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set +CONFIG_CC_HAS_ZERO_CALL_USED_REGS=y +# CONFIG_ZERO_CALL_USED_REGS is not set +# end of Memory initialization + +# +# Hardening of kernel data structures +# +# CONFIG_LIST_HARDENED is not set +# CONFIG_BUG_ON_DATA_CORRUPTION is not set +# end of Hardening of kernel data structures + +CONFIG_RANDSTRUCT_NONE=y +# CONFIG_RANDSTRUCT_FULL is not set +# CONFIG_RANDSTRUCT_PERFORMANCE is not set +# end of Kernel hardening options +# end of Security options + +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_SIG=y +CONFIG_CRYPTO_SIG2=y +CONFIG_CRYPTO_SKCIPHER=y +CONFIG_CRYPTO_SKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_RNG_DEFAULT=y +CONFIG_CRYPTO_AKCIPHER2=y +CONFIG_CRYPTO_AKCIPHER=y +CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_KPP=y +CONFIG_CRYPTO_ACOMP2=y +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y +# CONFIG_CRYPTO_NULL is not set +# CONFIG_CRYPTO_PCRYPT is not set +CONFIG_CRYPTO_CRYPTD=y +# CONFIG_CRYPTO_AUTHENC is not set +# CONFIG_CRYPTO_TEST is not set +# end of Crypto core or helper + +# +# Public-key cryptography +# +CONFIG_CRYPTO_RSA=y +CONFIG_CRYPTO_DH=y +# CONFIG_CRYPTO_DH_RFC7919_GROUPS is not set +CONFIG_CRYPTO_ECC=y +CONFIG_CRYPTO_ECDH=y +CONFIG_CRYPTO_ECDSA=y +CONFIG_CRYPTO_ECRDSA=y +CONFIG_CRYPTO_SM2=y +CONFIG_CRYPTO_CURVE25519=y +# end of Public-key cryptography + +# +# Block ciphers +# +# CONFIG_CRYPTO_AES is not set +# CONFIG_CRYPTO_AES_TI is not set +# CONFIG_CRYPTO_ARIA is not set +# CONFIG_CRYPTO_BLOWFISH is not set +# CONFIG_CRYPTO_CAMELLIA is not set +# CONFIG_CRYPTO_CAST5 is not set +# CONFIG_CRYPTO_CAST6 is not set +# CONFIG_CRYPTO_DES is not set +# CONFIG_CRYPTO_FCRYPT is not set +# CONFIG_CRYPTO_SERPENT is not set +# CONFIG_CRYPTO_SM4_GENERIC is not set +# CONFIG_CRYPTO_TWOFISH is not set +# end of Block ciphers + +# +# Length-preserving ciphers and modes +# +# CONFIG_CRYPTO_ADIANTUM is not set +# CONFIG_CRYPTO_CHACHA20 is not set +# CONFIG_CRYPTO_CBC is not set +# CONFIG_CRYPTO_CFB is not set +# CONFIG_CRYPTO_CTR is not set +# CONFIG_CRYPTO_CTS is not set +# CONFIG_CRYPTO_ECB is not set +# CONFIG_CRYPTO_HCTR2 is not set +# CONFIG_CRYPTO_KEYWRAP is not set +# CONFIG_CRYPTO_LRW is not set +# CONFIG_CRYPTO_OFB is not set +# CONFIG_CRYPTO_PCBC is not set +# CONFIG_CRYPTO_XTS is not set +# end of Length-preserving ciphers and modes + +# +# AEAD (authenticated encryption with associated data) ciphers +# +# CONFIG_CRYPTO_AEGIS128 is not set +# CONFIG_CRYPTO_CHACHA20POLY1305 is not set +# CONFIG_CRYPTO_CCM is not set +# CONFIG_CRYPTO_GCM is not set +# CONFIG_CRYPTO_SEQIV is not set +# CONFIG_CRYPTO_ECHAINIV is not set +# CONFIG_CRYPTO_ESSIV is not set +# end of AEAD (authenticated encryption with associated data) ciphers + +# +# Hashes, digests, and MACs +# +CONFIG_CRYPTO_BLAKE2B=y +CONFIG_CRYPTO_CMAC=y +CONFIG_CRYPTO_GHASH=y +CONFIG_CRYPTO_HMAC=y +CONFIG_CRYPTO_MD4=y +CONFIG_CRYPTO_MD5=y +CONFIG_CRYPTO_MICHAEL_MIC=y +CONFIG_CRYPTO_POLY1305=y +CONFIG_CRYPTO_RMD160=y +CONFIG_CRYPTO_SHA1=y +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA512=y +CONFIG_CRYPTO_SHA3=y +CONFIG_CRYPTO_SM3=y +# CONFIG_CRYPTO_SM3_GENERIC is not set +CONFIG_CRYPTO_STREEBOG=y +CONFIG_CRYPTO_VMAC=y +CONFIG_CRYPTO_WP512=y +CONFIG_CRYPTO_XCBC=y +CONFIG_CRYPTO_XXHASH=y +# end of Hashes, digests, and MACs + +# +# CRCs (cyclic redundancy checks) +# +CONFIG_CRYPTO_CRC32C=y +CONFIG_CRYPTO_CRC32=y +CONFIG_CRYPTO_CRCT10DIF=y +CONFIG_CRYPTO_CRC64_ROCKSOFT=y +# end of CRCs (cyclic redundancy checks) + +# +# Compression +# +# CONFIG_CRYPTO_DEFLATE is not set +# CONFIG_CRYPTO_LZO is not set +# CONFIG_CRYPTO_842 is not set +# CONFIG_CRYPTO_LZ4 is not set +# CONFIG_CRYPTO_LZ4HC is not set +# CONFIG_CRYPTO_ZSTD is not set +# end of Compression + +# +# Random number generation +# +# CONFIG_CRYPTO_ANSI_CPRNG is not set +CONFIG_CRYPTO_DRBG_MENU=y +CONFIG_CRYPTO_DRBG_HMAC=y +# CONFIG_CRYPTO_DRBG_HASH is not set +# CONFIG_CRYPTO_DRBG_CTR is not set +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y +CONFIG_CRYPTO_JITTERENTROPY_MEMSIZE_2=y +# CONFIG_CRYPTO_JITTERENTROPY_MEMSIZE_128 is not set +# CONFIG_CRYPTO_JITTERENTROPY_MEMSIZE_1024 is not set +# CONFIG_CRYPTO_JITTERENTROPY_MEMSIZE_8192 is not set +CONFIG_CRYPTO_JITTERENTROPY_MEMORY_BLOCKS=64 +CONFIG_CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE=32 +CONFIG_CRYPTO_JITTERENTROPY_OSR=3 +# CONFIG_CRYPTO_JITTERENTROPY_TESTINTERFACE is not set +# end of Random number generation + +# +# Userspace interface +# +# end of Userspace interface + +CONFIG_CRYPTO_HASH_INFO=y + +# +# Accelerated Cryptographic Algorithms for CPU (x86) +# +CONFIG_CRYPTO_CURVE25519_X86=y +# CONFIG_CRYPTO_AES_NI_INTEL is not set +# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_CAST5_AVX_X86_64 is not set +# CONFIG_CRYPTO_CAST6_AVX_X86_64 is not set +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_TWOFISH_X86_64 is not set +# CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set +# CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set +# CONFIG_CRYPTO_ARIA_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_ARIA_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_ARIA_GFNI_AVX512_X86_64 is not set +# CONFIG_CRYPTO_CHACHA20_X86_64 is not set +# CONFIG_CRYPTO_AEGIS128_AESNI_SSE2 is not set +# CONFIG_CRYPTO_NHPOLY1305_SSE2 is not set +# CONFIG_CRYPTO_NHPOLY1305_AVX2 is not set +CONFIG_CRYPTO_BLAKE2S_X86=y +# CONFIG_CRYPTO_POLYVAL_CLMUL_NI is not set +CONFIG_CRYPTO_POLY1305_X86_64=y +CONFIG_CRYPTO_SHA1_SSSE3=y +CONFIG_CRYPTO_SHA256_SSSE3=y +CONFIG_CRYPTO_SHA512_SSSE3=y +# CONFIG_CRYPTO_SM3_AVX_X86_64 is not set +CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=y +CONFIG_CRYPTO_CRC32C_INTEL=y +CONFIG_CRYPTO_CRC32_PCLMUL=y +CONFIG_CRYPTO_CRCT10DIF_PCLMUL=y +# end of Accelerated Cryptographic Algorithms for CPU (x86) + +# CONFIG_CRYPTO_HW is not set +CONFIG_ASYMMETRIC_KEY_TYPE=y +CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y +CONFIG_X509_CERTIFICATE_PARSER=y +CONFIG_PKCS8_PRIVATE_KEY_PARSER=y +CONFIG_PKCS7_MESSAGE_PARSER=y +CONFIG_PKCS7_TEST_KEY=y +CONFIG_SIGNED_PE_FILE_VERIFICATION=y +# CONFIG_FIPS_SIGNATURE_SELFTEST is not set + +# +# Certificates for signature checking +# +CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" +CONFIG_MODULE_SIG_KEY_TYPE_RSA=y +# CONFIG_MODULE_SIG_KEY_TYPE_ECDSA is not set +CONFIG_SYSTEM_TRUSTED_KEYRING=y +CONFIG_SYSTEM_TRUSTED_KEYS="" +# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +# CONFIG_SECONDARY_TRUSTED_KEYRING is not set +CONFIG_SYSTEM_BLACKLIST_KEYRING=y +CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" +CONFIG_SYSTEM_REVOCATION_LIST=y +CONFIG_SYSTEM_REVOCATION_KEYS="" +# CONFIG_SYSTEM_BLACKLIST_AUTH_UPDATE is not set +# end of Certificates for signature checking + +# +# Library routines +# +# CONFIG_PACKING is not set +CONFIG_BITREVERSE=y +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +# CONFIG_CORDIC is not set +# CONFIG_PRIME_NUMBERS is not set +CONFIG_RATIONAL=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_ARCH_USE_SYM_ANNOTATIONS=y + +# +# Crypto library routines +# +CONFIG_CRYPTO_LIB_UTILS=y +CONFIG_CRYPTO_LIB_GF128MUL=y +CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S=y +CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y +# CONFIG_CRYPTO_LIB_CHACHA is not set +CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519=y +CONFIG_CRYPTO_LIB_CURVE25519_GENERIC=y +# CONFIG_CRYPTO_LIB_CURVE25519 is not set +CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 +CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305=y +CONFIG_CRYPTO_LIB_POLY1305_GENERIC=y +# CONFIG_CRYPTO_LIB_POLY1305 is not set +# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_LIB_SHA1=y +CONFIG_CRYPTO_LIB_SHA256=y +# end of Crypto library routines + +# CONFIG_CRC_CCITT is not set +# CONFIG_CRC16 is not set +CONFIG_CRC_T10DIF=y +CONFIG_CRC64_ROCKSOFT=y +# CONFIG_CRC_ITU_T is not set +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +CONFIG_CRC64=y +# CONFIG_CRC4 is not set +# CONFIG_CRC7 is not set +# CONFIG_LIBCRC32C is not set +# CONFIG_CRC8 is not set +CONFIG_XXHASH=y +# CONFIG_RANDOM32_SELFTEST is not set +# CONFIG_XZ_DEC is not set +CONFIG_INTERVAL_TREE=y +CONFIG_XARRAY_MULTI=y +CONFIG_ASSOCIATIVE_ARRAY=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_DMA_OPS=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_DMA_DECLARE_COHERENT=y +CONFIG_SWIOTLB=y +# CONFIG_SWIOTLB_DYNAMIC is not set +# CONFIG_DMA_RESTRICTED_POOL is not set +# CONFIG_DMA_API_DEBUG is not set +CONFIG_SGL_ALLOC=y +CONFIG_CLZ_TAB=y +# CONFIG_IRQ_POLL is not set +CONFIG_MPILIB=y +CONFIG_SIGNATURE=y +CONFIG_LIBFDT=y +CONFIG_OID_REGISTRY=y +CONFIG_HAVE_GENERIC_VDSO=y +CONFIG_GENERIC_GETTIMEOFDAY=y +CONFIG_GENERIC_VDSO_TIME_NS=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_ARCH_HAS_CPU_CACHE_INVALIDATE_MEMREGION=y +CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y +CONFIG_ARCH_HAS_COPY_MC=y +CONFIG_ARCH_STACKWALK=y +# end of Library routines + +# +# Kernel hacking +# + +# +# printk and dmesg options +# +# CONFIG_PRINTK_TIME is not set +# CONFIG_PRINTK_CALLER is not set +# CONFIG_STACKTRACE_BUILD_ID is not set +CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 +CONFIG_CONSOLE_LOGLEVEL_QUIET=4 +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set +# CONFIG_DYNAMIC_DEBUG is not set +# CONFIG_DYNAMIC_DEBUG_CORE is not set +CONFIG_SYMBOLIC_ERRNAME=y +# CONFIG_DEBUG_BUGVERBOSE is not set +# end of printk and dmesg options + +CONFIG_DEBUG_KERNEL=y +# CONFIG_DEBUG_MISC is not set + +# +# Compile-time checks and compiler options +# +CONFIG_DEBUG_INFO=y +CONFIG_AS_HAS_NON_CONST_LEB128=y +# CONFIG_DEBUG_INFO_NONE is not set +CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_DEBUG_INFO_DWARF5 is not set +# CONFIG_DEBUG_INFO_REDUCED is not set +CONFIG_DEBUG_INFO_COMPRESSED_NONE=y +# CONFIG_DEBUG_INFO_COMPRESSED_ZLIB is not set +# CONFIG_DEBUG_INFO_COMPRESSED_ZSTD is not set +# CONFIG_DEBUG_INFO_SPLIT is not set +CONFIG_PAHOLE_HAS_SPLIT_BTF=y +CONFIG_PAHOLE_HAS_LANG_EXCLUDE=y +CONFIG_GDB_SCRIPTS=y +CONFIG_FRAME_WARN=2048 +# CONFIG_STRIP_ASM_SYMS is not set +CONFIG_READABLE_ASM=y +# CONFIG_HEADERS_INSTALL is not set +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +# CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_64B is not set +CONFIG_ARCH_WANT_FRAME_POINTERS=y +CONFIG_FRAME_POINTER=y +CONFIG_OBJTOOL=y +CONFIG_STACK_VALIDATION=y +# CONFIG_VMLINUX_MAP is not set +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +# end of Compile-time checks and compiler options + +# +# Generic Kernel Debugging Instruments +# +# CONFIG_MAGIC_SYSRQ is not set +# CONFIG_DEBUG_FS is not set +CONFIG_HAVE_ARCH_KGDB=y +# CONFIG_KGDB is not set +CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y +# CONFIG_UBSAN is not set +CONFIG_HAVE_ARCH_KCSAN=y +CONFIG_HAVE_KCSAN_COMPILER=y +# CONFIG_KCSAN is not set +# end of Generic Kernel Debugging Instruments + +# +# Networking Debugging +# +# end of Networking Debugging + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +# CONFIG_SLUB_DEBUG is not set +# CONFIG_PAGE_OWNER is not set +# CONFIG_PAGE_POISONING is not set +# CONFIG_DEBUG_RODATA_TEST is not set +CONFIG_ARCH_HAS_DEBUG_WX=y +# CONFIG_DEBUG_WX is not set +CONFIG_GENERIC_PTDUMP=y +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_PER_VMA_LOCK_STATS is not set +# CONFIG_DEBUG_OBJECTS is not set +# CONFIG_DEBUG_STACK_USAGE is not set +# CONFIG_SCHED_STACK_END_CHECK is not set +CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y +# CONFIG_DEBUG_VM is not set +# CONFIG_DEBUG_VM_PGTABLE is not set +CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y +# CONFIG_DEBUG_VIRTUAL is not set +# CONFIG_DEBUG_MEMORY_INIT is not set +# CONFIG_DEBUG_PER_CPU_MAPS is not set +CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y +# CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP is not set +CONFIG_HAVE_ARCH_KASAN=y +CONFIG_HAVE_ARCH_KASAN_VMALLOC=y +CONFIG_CC_HAS_KASAN_GENERIC=y +CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y +# CONFIG_KASAN is not set +CONFIG_HAVE_ARCH_KFENCE=y +# CONFIG_KFENCE is not set +CONFIG_HAVE_ARCH_KMSAN=y +# end of Memory Debugging + +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Oops, Lockups and Hangs +# +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +# CONFIG_SOFTLOCKUP_DETECTOR is not set +CONFIG_HAVE_HARDLOCKUP_DETECTOR_BUDDY=y +# CONFIG_HARDLOCKUP_DETECTOR is not set +CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y +# CONFIG_DETECT_HUNG_TASK is not set +# CONFIG_WQ_WATCHDOG is not set +# CONFIG_WQ_CPU_INTENSIVE_REPORT is not set +# CONFIG_TEST_LOCKUP is not set +# end of Debug Oops, Lockups and Hangs + +# +# Scheduler Debugging +# +# CONFIG_SCHEDSTATS is not set +# end of Scheduler Debugging + +# CONFIG_DEBUG_TIMEKEEPING is not set +# CONFIG_DEBUG_PREEMPT is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +CONFIG_LOCK_DEBUGGING_SUPPORT=y +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_RWSEMS is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_WW_MUTEX_SELFTEST is not set +# CONFIG_SCF_TORTURE_TEST is not set +# CONFIG_CSD_LOCK_WAIT_DEBUG is not set +# end of Lock Debugging (spinlocks, mutexes, etc...) + +# CONFIG_NMI_CHECK_CPU is not set +# CONFIG_DEBUG_IRQFLAGS is not set +CONFIG_STACKTRACE=y +# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set +# CONFIG_DEBUG_KOBJECT is not set + +# +# Debug kernel data structures +# +# CONFIG_DEBUG_LIST is not set +# CONFIG_DEBUG_PLIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set +# CONFIG_DEBUG_MAPLE_TREE is not set +# end of Debug kernel data structures + +# +# RCU Debugging +# +# CONFIG_RCU_SCALE_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_REF_SCALE_TEST is not set +CONFIG_RCU_CPU_STALL_TIMEOUT=21 +CONFIG_RCU_EXP_CPU_STALL_TIMEOUT=0 +# CONFIG_RCU_CPU_STALL_CPUTIME is not set +# CONFIG_RCU_TRACE is not set +# CONFIG_RCU_EQS_DEBUG is not set +# end of RCU Debugging + +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set +# CONFIG_LATENCYTOP is not set +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_HAVE_RETHOOK=y +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_ARGS=y +CONFIG_HAVE_DYNAMIC_FTRACE_NO_PATCHABLE=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_OBJTOOL_MCOUNT=y +CONFIG_HAVE_OBJTOOL_NOP_MCOUNT=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_HAVE_BUILDTIME_MCOUNT_SORT=y +CONFIG_TRACING_SUPPORT=y +# CONFIG_FTRACE is not set +# CONFIG_SAMPLES is not set +CONFIG_HAVE_SAMPLE_FTRACE_DIRECT=y +CONFIG_HAVE_SAMPLE_FTRACE_DIRECT_MULTI=y +CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y +# CONFIG_STRICT_DEVMEM is not set + +# +# x86 Debugging +# +# CONFIG_X86_VERBOSE_BOOTUP is not set +CONFIG_EARLY_PRINTK=y +# CONFIG_DEBUG_TLBFLUSH is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +# CONFIG_X86_DECODER_SELFTEST is not set +CONFIG_IO_DELAY_0X80=y +# CONFIG_IO_DELAY_0XED is not set +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +# CONFIG_CPA_DEBUG is not set +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +# CONFIG_X86_DEBUG_FPU is not set +# CONFIG_UNWINDER_ORC is not set +CONFIG_UNWINDER_FRAME_POINTER=y +# CONFIG_UNWINDER_GUESS is not set +# end of x86 Debugging + +# +# Kernel Testing and Coverage +# +# CONFIG_KUNIT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +CONFIG_ARCH_HAS_KCOV=y +CONFIG_CC_HAS_SANCOV_TRACE_PC=y +# CONFIG_KCOV is not set +# CONFIG_RUNTIME_TESTING_MENU is not set +CONFIG_ARCH_USE_MEMTEST=y +# CONFIG_MEMTEST is not set +# end of Kernel Testing and Coverage + +# +# Rust hacking +# +# end of Rust hacking +# end of Kernel hacking + +# CONFIG_HEKI_MENU is not set diff --git a/SPECS-EXTENDED/kernel-lpg-innovate/kernel-lpg-innovate.signatures.json b/SPECS-EXTENDED/kernel-lpg-innovate/kernel-lpg-innovate.signatures.json new file mode 100644 index 0000000000..8c9e7e2b79 --- /dev/null +++ b/SPECS-EXTENDED/kernel-lpg-innovate/kernel-lpg-innovate.signatures.json @@ -0,0 +1,11 @@ +{ + "Signatures": { + "azurelinux-ca-20230216.pem": "d545401163c75878319f01470455e6bc18a5968e39dd964323225e3fe308849b", + "cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985", + "cpupower.service": "b057fe9e5d0e8c36f485818286b80e3eba8ff66ff44797940e99b1fd5361bb98", + "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f", + "kernel-lpg-innovate-6.6.85.1.tar.gz": "aeb96805bda3f87246a3e2a29641b79a64c55ecd80761e2e17832fffb95823cd", + "kernel-lpg-innovate.normal.config": "fd17d1b88a0d75416b76db0fd02a2d15e002e544ae996d52085e65a34789e53e", + "kernel-lpg-innovate.secure.config": "07b6cc37bd78031ff2962beecda23ae38e624be49220f4434661757ef63d42f1" + } +} diff --git a/SPECS-EXTENDED/kernel-lpg-innovate/kernel-lpg-innovate.spec b/SPECS-EXTENDED/kernel-lpg-innovate/kernel-lpg-innovate.spec new file mode 100644 index 0000000000..bd712ec534 --- /dev/null +++ b/SPECS-EXTENDED/kernel-lpg-innovate/kernel-lpg-innovate.spec @@ -0,0 +1,1963 @@ +%global security_hardening none +%global sha512hmac bash %{_sourcedir}/sha512hmac-openssl.sh +%global mstflintver 4.28.0 +%define uname_r %{version}-%{release} +%define mariner_version 3 +%define short_name lpg-innovate + +# find_debuginfo.sh arguments are set by default in rpm's macros. +# The default arguments regenerate the build-id for vmlinux in the +# debuginfo package causing a mismatch with the build-id for vmlinuz in +# the kernel package. Therefore, explicilty set the relevant default +# settings to prevent this behavior. +%undefine _unique_build_ids +%undefine _unique_debug_names +%global _missing_build_ids_terminate_build 1 +%global _no_recompute_build_ids 1 + +%ifarch x86_64 +%define arch x86_64 +%define archdir x86 +%endif + +%ifarch aarch64 +%global __provides_exclude_from %{_libdir}/debug/.build-id/ +%define arch arm64 +%define archdir arm64 +%endif + +Summary: Linux Kernel +Name: kernel-lpg-innovate +Version: 6.6.85.1 +Release: 1001%{?dist} +License: GPLv2 +Vendor: Microsoft Corporation +Distribution: Azure Linux +Group: System Environment/Kernel +URL: https://github.com/microsoft/CBL-Mariner-Linux-Kernel +Source0: https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/lpg-innovate/%{version}.tar.gz#/%{name}-%{version}.tar.gz +Source1: kernel-lpg-innovate.normal.config +Source2: kernel-lpg-innovate.secure.config +Source3: sha512hmac-openssl.sh +Source4: azurelinux-ca-20230216.pem +Source5: cpupower +Source6: cpupower.service +BuildRequires: audit-devel +BuildRequires: bash +BuildRequires: bc +BuildRequires: build-essential +BuildRequires: cpio +BuildRequires: diffutils +BuildRequires: dwarves +BuildRequires: elfutils-libelf-devel +BuildRequires: flex +BuildRequires: gettext +BuildRequires: glib-devel +BuildRequires: grub2-rpm-macros +BuildRequires: kbd +BuildRequires: kmod-devel +BuildRequires: libcap-devel +BuildRequires: libdnet-devel +BuildRequires: libmspack-devel +BuildRequires: libtraceevent-devel +BuildRequires: openssl +BuildRequires: openssl-devel +BuildRequires: pam-devel +BuildRequires: procps-ng-devel +BuildRequires: python3-devel +BuildRequires: sed +BuildRequires: slang-devel +BuildRequires: systemd-bootstrap-rpm-macros +%ifarch x86_64 +BuildRequires: pciutils-devel +%endif +Requires: filesystem +Requires: kmod +Requires: %{name}-grub +Requires(post): coreutils +Requires(postun): coreutils +%{?grub2_configuration_requires} +# When updating the config files it is important to sanitize them. +# Steps for updating a config file: +# 1. Extract the linux sources into a folder +# 2. Add the current config file to the folder +# 3. Run `make menuconfig` to edit the file (Manually editing is not recommended) +# 4. Save the config file +# 5. Copy the config file back into the kernel spec folder +# 6. Revert any undesired changes (GCC related changes, etc) +# 8. Build the kernel package +# 9. Apply the changes listed in the log file (if any) to the config file +# 10. Verify the rest of the config file looks ok +# If there are significant changes to the config file, disable the config check and build the +# kernel rpm. The final config file is included in /boot in the rpm. + +# LPG-INNOVATE is x86_64 only, for now +ExclusiveArch: x86_64 + +%description +The kernel package contains the Linux kernel. + +%package devel +Summary: Kernel Dev +Group: System Environment/Kernel +Requires: %{name} = %{version}-%{release} +Requires: gawk +Requires: python3 +Obsoletes: linux-dev + +%description devel +This package contains the Linux kernel dev files + +%package drivers-accessibility +Summary: Kernel accessibility modules +Group: System Environment/Kernel +Requires: %{name} = %{version}-%{release} + +%description drivers-accessibility +This package contains the Linux kernel accessibility support + +%package drivers-gpu +Summary: Kernel gpu modules +Group: System Environment/Kernel +Requires: %{name} = %{version}-%{release} + +%description drivers-gpu +This package contains the Linux kernel gpu support + +%package drivers-intree-amdgpu +Summary: Kernel amdgpu modules +Group: System Environment/Kernel +Requires: %{name} = %{version}-%{release} +Requires: %{name}-drivers-gpu = %{version}-%{release} + +%description drivers-intree-amdgpu +This package contains the Linux kernel in-tree AMD gpu support + +%package drivers-sound +Summary: Kernel Sound modules +Group: System Environment/Kernel +Requires: %{name} = %{version}-%{release} + +%description drivers-sound +This package contains the Linux kernel sound support + +%package docs +Summary: Kernel docs +Group: System Environment/Kernel +Requires: python3 + +%description docs +This package contains the Linux kernel doc files + +%package tools +Summary: This package contains the 'perf' performance analysis tools for Linux kernel +Group: System/Tools +Requires: %{name} = %{version}-%{release} +Requires: audit + +%description tools +This package contains the 'perf' performance analysis tools for Linux kernel. + +%package grub +Summary: Grub configuration for LPG-Innovate kernel +Group: System Environment/Kernel +BuildArch: noarch + +%description grub +This package contains a grub config file to add required LPG-Innovate parameters to the kernel cmdline. + +%package -n python3-perf-%{short_name} +Summary: Python 3 extension for perf tools +Requires: python3 + +%description -n python3-perf-%{short_name} +This package contains the Python 3 extension for the 'perf' performance analysis tools for Linux kernel. + +%package -n bpftool-%{short_name} +Summary: Inspection and simple manipulation of eBPF programs and maps + +%description -n bpftool-%{short_name} +This package contains the bpftool, which allows inspection and simple +manipulation of eBPF programs and maps. + +%prep +%autosetup -p1 -n CBL-Mariner-Linux-Kernel-rolling-lts-lpg-innovate-%{version} + +CheckConfig() { + local CONFIG_FILE=$1 + + export KBUILD_OUTPUT=$2 + + make mrproper + + cp $CONFIG_FILE $KBUILD_OUTPUT/.config + make ARCH=%{arch} olddefconfig + + pushd $KBUILD_OUTPUT + if test -f .config.old && ! diff -u .config.old .config; then + echo "ERROR: Config $CONFIG_FILE is missing required config options shown above." + return 1 + fi + popd + + unset KBUILD_OUTPUT +} + +CheckConfig %{SOURCE1} build_normal +CheckConfig %{SOURCE2} build_secure + +# Add CBL-Mariner cert into kernel's trusted keyring +cp %{SOURCE4} certs/mariner.pem +sed -i 's,CONFIG_SYSTEM_TRUSTED_KEYS="",CONFIG_SYSTEM_TRUSTED_KEYS="certs/mariner.pem",' build_normal/.config + +sed -i 's/CONFIG_LOCALVERSION=""/CONFIG_LOCALVERSION="-%{release}"/' build_normal/.config + +%build +export KBUILD_OUTPUT=build_normal +make VERBOSE=1 KBUILD_BUILD_VERSION="1" KBUILD_BUILD_HOST="CBL-Mariner" ARCH=%{arch} %{?_smp_mflags} + +# Compile perf, python3-perf +make -C tools/perf PYTHON=%{python3} all + +%ifarch x86_64 +make -C tools turbostat cpupower +%endif + +#Compile bpftool +make -C tools/bpf/bpftool + +%define __modules_install_post \ +for MODULE in `find %{buildroot}/lib/modules/%{uname_r} -name *.ko` ; do \ + $KBUILD_OUTPUT/scripts/sign-file sha512 $KBUILD_OUTPUT/certs/signing_key.pem $KBUILD_OUTPUT/certs/signing_key.x509 $MODULE \ + rm -f $MODULE.{sig,dig} \ + xz $MODULE \ + done \ +%{nil} + +# We want to compress modules after stripping. Extra step is added to +# the default __spec_install_post. +%define __spec_install_post\ + %{?__debug_package:%{__debug_install_post}}\ + %{__arch_install_post}\ + %{__os_install_post}\ + %{__modules_install_post}\ +%{nil} + +make O=build_secure VERBOSE=1 KBUILD_BUILD_VERSION="1" KBUILD_BUILD_HOST="CBL-Mariner" ARCH=%{arch} %{?_smp_mflags} vmlinux +objcopy -R .note -R .comment -S build_secure/vmlinux +build_normal/scripts/sign-file -dp sha512 build_normal/certs/signing_key.pem build_normal/certs/signing_key.x509 build_secure/vmlinux + +%install +export KBUILD_OUTPUT=build_normal + +install -vdm 755 %{buildroot}%{_sysconfdir} +install -vdm 700 %{buildroot}/boot +install -vdm 755 %{buildroot}%{_defaultdocdir}/linux-%{uname_r} +install -vdm 755 %{buildroot}%{_prefix}/src/linux-headers-%{uname_r} +install -vdm 755 %{buildroot}%{_libdir}/debug/lib/modules/%{uname_r} + +install -d -m 755 %{buildroot}%{_sysconfdir}/sysconfig +install -c -m 644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/sysconfig/cpupower +install -d -m 755 %{buildroot}%{_unitdir} +install -c -m 644 %{SOURCE6} %{buildroot}%{_unitdir}/cpupower.service + +make INSTALL_MOD_PATH=%{buildroot} modules_install + +%ifarch x86_64 +install -vm 600 $KBUILD_OUTPUT/arch/x86/boot/bzImage %{buildroot}/boot/vmlinuz-%{uname_r} +%endif + +%ifarch aarch64 +install -vm 600 $KBUILD_OUTPUT/arch/arm64/boot/Image %{buildroot}/boot/vmlinuz-%{uname_r} +%endif + +# Restrict the permission on System.map-X file +install -vm 400 $KBUILD_OUTPUT/System.map %{buildroot}/boot/System.map-%{uname_r} +install -vm 600 $KBUILD_OUTPUT/.config %{buildroot}/boot/config-%{uname_r} +cp -r Documentation/* %{buildroot}%{_defaultdocdir}/linux-%{uname_r} +install -vm 744 $KBUILD_OUTPUT/vmlinux %{buildroot}%{_libdir}/debug/lib/modules/%{uname_r}/vmlinux-%{uname_r} +# `perf test vmlinux` needs it +ln -s vmlinux-%{uname_r} %{buildroot}%{_libdir}/debug/lib/modules/%{uname_r}/vmlinux + +# hmac sign the kernel for FIPS +%{sha512hmac} %{buildroot}/boot/vmlinuz-%{uname_r} | sed -e "s,$RPM_BUILD_ROOT,," > %{buildroot}/boot/.vmlinuz-%{uname_r}.hmac +cp %{buildroot}/boot/.vmlinuz-%{uname_r}.hmac %{buildroot}/lib/modules/%{uname_r}/.vmlinuz.hmac + +# Symlink /lib/modules/uname/vmlinuz to boot partition +ln -s /boot/vmlinuz-%{uname_r} %{buildroot}/lib/modules/%{uname_r}/vmlinuz + +# Cleanup dangling symlinks +rm -rf %{buildroot}/lib/modules/%{uname_r}/source +rm -rf %{buildroot}/lib/modules/%{uname_r}/build + +find . -name Makefile* -o -name Kconfig* -o -name *.pl | xargs sh -c 'cp --parents "$@" %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}' copy +find arch/%{archdir}/include include scripts -type f | xargs sh -c 'cp --parents "$@" %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}' copy +find $(find arch/%{archdir} -name include -o -name scripts -type d) -type f | xargs sh -c 'cp --parents "$@" %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}' copy +find arch/%{archdir}/include Module.symvers include scripts -type f | xargs sh -c 'cp --parents "$@" %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}' copy +%ifarch x86_64 +# CONFIG_STACK_VALIDATION=y requires objtool to build external modules +install -vsm 755 $KBUILD_OUTPUT/tools/objtool/objtool %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}/tools/objtool/ +install -vsm 755 $KBUILD_OUTPUT/tools/objtool/fixdep %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}/tools/objtool/ +%endif + +cp $KBUILD_OUTPUT/.config %{buildroot}%{_prefix}/src/linux-headers-%{uname_r} # copy .config manually to be where it's expected to be +ln -sf "%{_prefix}/src/linux-headers-%{uname_r}" "%{buildroot}/lib/modules/%{uname_r}/build" +find %{buildroot}/lib/modules -name '*.ko' -print0 | xargs -0 chmod u+x + +%ifarch aarch64 +cp $KBUILD_OUTPUT/scripts/module.lds %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}/scripts/module.lds +%endif + +# disable (JOBS=1) parallel build to fix this issue: +# fixdep: error opening depfile: ./.plugin_cfg80211.o.d: No such file or directory +# Linux version that was affected is 4.4.26 +make -C tools JOBS=1 DESTDIR=%{buildroot} prefix=%{_prefix} perf_install + +# Install python3-perf +make -C tools/perf DESTDIR=%{buildroot} prefix=%{_prefix} install-python_ext + +# Install bpftool +make -C tools/bpf/bpftool DESTDIR=%{buildroot} prefix=%{_prefix} bash_compdir=%{_sysconfdir}/bash_completion.d/ mandir=%{_mandir} install + +%ifarch x86_64 +# Install turbostat cpupower +make -C tools DESTDIR=%{buildroot} prefix=%{_prefix} bash_compdir=%{_sysconfdir}/bash_completion.d/ mandir=%{_mandir} turbostat_install cpupower_install +%endif + +# Remove trace (symlink to perf). This file causes duplicate identical debug symbols +rm -vf %{buildroot}%{_bindir}/trace + +install -vdm 755 %{buildroot}/lib/modules/%{uname_r}/secure +install -vm 755 build_secure/vmlinux build_secure/vmlinux.p7s %{buildroot}/lib/modules/%{uname_r}/secure + +install -vdm 755 %{buildroot}/etc/dracut.conf.d +echo 'install_optional_items+=" /lib/modules/%{uname_r}/secure/vmlinux /lib/modules/%{uname_r}/secure/vmlinux.p7s "' > %{buildroot}/etc/dracut.conf.d/10-lpg-innovate-%{uname_r}.conf + +install -vdm 755 %{buildroot}/etc/default/grub.d +echo 'GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX securekernel=128M"' > %{buildroot}/etc/default/grub.d/10-lpg-innovate.cfg + +%triggerin -- initramfs +mkdir -p %{_localstatedir}/lib/rpm-state/initramfs/pending +touch %{_localstatedir}/lib/rpm-state/initramfs/pending/%{uname_r} +echo "initrd generation of kernel %{uname_r} will be triggered later" >&2 + +%triggerun -- initramfs +rm -rf %{_localstatedir}/lib/rpm-state/initramfs/pending/%{uname_r} +rm -rf /boot/initramfs-%{uname_r}.img +echo "initrd of kernel %{uname_r} removed" >&2 + +%preun tools +%systemd_preun cpupower.service + +%postun +%grub2_postun + +%postun tools +%systemd_postun cpupower.service + +%post +/sbin/depmod -a %{uname_r} +%grub2_post + +%post drivers-accessibility +/sbin/depmod -a %{uname_r} + +%post drivers-gpu +/sbin/depmod -a %{uname_r} + +%post drivers-intree-amdgpu +/sbin/depmod -a %{uname_r} + +%post drivers-sound +/sbin/depmod -a %{uname_r} + +%post tools +%systemd_post cpupower.service + +%files +%defattr(-,root,root) +%license COPYING +%exclude %dir /usr/lib/debug +/boot/System.map-%{uname_r} +/boot/config-%{uname_r} +/boot/vmlinuz-%{uname_r} +/boot/.vmlinuz-%{uname_r}.hmac +%defattr(0644,root,root) +/lib/modules/%{uname_r}/* +/lib/modules/%{uname_r}/.vmlinuz.hmac +/etc/dracut.conf.d/10-lpg-innovate-%{uname_r}.conf +%exclude /lib/modules/%{uname_r}/build +%exclude /lib/modules/%{uname_r}/kernel/drivers/accessibility +%exclude /lib/modules/%{uname_r}/kernel/drivers/gpu +%exclude /lib/modules/%{uname_r}/kernel/drivers/accel +%exclude /lib/modules/%{uname_r}/kernel/sound + +%files docs +%defattr(-,root,root) +%{_defaultdocdir}/linux-%{uname_r}/* + +%files devel +%defattr(-,root,root) +/lib/modules/%{uname_r}/build +%{_prefix}/src/linux-headers-%{uname_r} + +%files drivers-accessibility +%defattr(-,root,root) +/lib/modules/%{uname_r}/kernel/drivers/accessibility + +%files drivers-gpu +%defattr(-,root,root) +/lib/modules/%{uname_r}/kernel/drivers/gpu +%ifarch x86_64 +/lib/modules/%{uname_r}/kernel/drivers/accel +%endif +%exclude /lib/modules/%{uname_r}/kernel/drivers/gpu/drm/amd + +%files drivers-intree-amdgpu +%defattr(-,root,root) +/lib/modules/%{uname_r}/kernel/drivers/gpu/drm/amd + +%files drivers-sound +%defattr(-,root,root) +/lib/modules/%{uname_r}/kernel/sound + +%files tools +%defattr(-,root,root) +%{_libexecdir} +%exclude %dir %{_libdir}/debug +%ifarch x86_64 +%{_sbindir}/cpufreq-bench +%{_lib64dir}/libperf-jvmti.so +%{_lib64dir}/libcpupower.so* +%{_sysconfdir}/cpufreq-bench.conf +%{_includedir}/cpuidle.h +%{_includedir}/cpufreq.h +%{_includedir}/powercap.h +%{_mandir}/man1/cpupower*.gz +%{_mandir}/man8/turbostat*.gz +%{_datadir}/locale/*/LC_MESSAGES/cpupower.mo +%{_datadir}/bash-completion/completions/cpupower +%endif +%ifarch aarch64 +%{_libdir}/libperf-jvmti.so +%endif +%{_bindir} +%{_sysconfdir}/bash_completion.d/* +%{_datadir}/perf-core/strace/groups/file +%{_datadir}/perf-core/strace/groups/string +%{_docdir}/* +%{_includedir}/perf/perf_dlfilter.h +%{_unitdir}/cpupower.service +%config(noreplace) %{_sysconfdir}/sysconfig/cpupower + +%files grub +/etc/default/grub.d/10-lpg-innovate.cfg + +%files -n python3-perf-%{short_name} +%{python3_sitearch}/* + +%files -n bpftool-%{short_name} +%{_sbindir}/bpftool +%{_sysconfdir}/bash_completion.d/bpftool + +%changelog +* Thu Apr 17 2025 Dan Streetman - 6.6.85.1-1001 +- update to 6.6.85.1 + +* Tue Mar 18 2025 Dan Streetman - 6.6.82.1-1001 +- adjust release to 1000 + release number to avoid conflicting with + real kernel package content + +* Tue Mar 18 2025 Dan Streetman - 6.6.82.1-1 +- Update to kernel-lpg-innovate source + +* Fri Mar 14 2025 CBL-Mariner Servicing Account - 6.6.82.1-1 +- Auto-upgrade to 6.6.82.1 + +* Tue Mar 11 2025 CBL-Mariner Servicing Account - 6.6.79.1-1 +- Auto-upgrade to 6.6.79.1 +- Remove jitterentropy patch as it is included in the source + +* Mon Mar 10 2025 Chris Co - 6.6.78.1-3 +- Add patch to revert UART change that breaks IPMI SEL panic message + +* Mon Mar 03 2025 Andy Zaugg - 6.6.78.1-2 +- Add slang as BuildRequires, enabling tui on perf + +* Mon Mar 03 2025 CBL-Mariner Servicing Account - 6.6.78.1-1 +- Auto-upgrade to 6.6.78.1 + +* Wed Feb 19 2025 Chris Co - 6.6.76.1-2 +- Bump release to match kernel-64k + +* Mon Feb 10 2025 CBL-Mariner Servicing Account - 6.6.76.1-1 +- Auto-upgrade to 6.6.76.1 + +* Wed Feb 05 2025 Tobias Brick - 6.6.64.2-9 +- Apply upstream patches to fix kernel panic in jitterentropy initialization on + ARM64 FIPS boot + +* Tue Feb 04 2025 Alberto David Perez Guevara - 6.6.64.2-8 +- Revert ZONE_DMA option to avoid memory ussage overuse + +* Fri Jan 31 2025 Alberto David Perez Guevara - 6.6.64.2-7 +- Enable NUMA Balancing and UCLAMP task + +* Fri Jan 31 2025 Alberto David Perez Guevara - 6.6.64.2-6 +- Performance improvements enabled via kernel configuration options + +* Thu Jan 30 2025 Rachel Menge - 6.6.64.2-5 +- Bump to match kernel-64k + +* Sat Jan 18 2025 Rachel Menge - 6.6.64.2-4 +- Build PCI_HYPERV as builtin + +* Thu Jan 16 2025 Rachel Menge - 6.6.64.2-3 +- Disable DEBUG_PREEMPT + +* Fri Jan 10 2025 Rachel Menge - 6.6.64.2-2 +- Enable Intel VPU + +* Thu Jan 09 2025 CBL-Mariner Servicing Account - 6.6.64.2-1 +- Auto-upgrade to 6.6.64.2 + +* Wed Jan 08 2025 Tobias Brick - 6.6.57.1-8 +- Enable dh kernel module (CONFIG_CRYPTO_DH) in aarch64 + +* Sun Dec 22 2024 Ankita Pareek - 6.6.57.1-7 +- Enable CONFIG_INTEL_TDX_GUEST and CONFIG_TDX_GUEST_DRIVER + +* Wed Dec 18 2024 Rachel Menge - 6.6.57.1-6 +- Bump release to match kernel-64k + +* Mon Nov 25 2024 Chris Co - 6.6.57.1-5 +- Enable ICE ethernet driver + +* Wed Nov 06 2024 Suresh Babu Chalamalasetty - 6.6.57.1-4 +- Make CONFIG_DRM and its dependency KConfigs as loadable modules +- Create sub-package for AMD GPU in-tree modules to avoid conflicts with out-of-tree modules + +* Tue Nov 05 2024 Chris Co - 6.6.57.1-3 +- Enable kexec signature verification +- Introduce new azurelinux-ca-20230216.pem + +* Wed Oct 30 2024 Thien Trung Vuong - 6.6.57.1-2 +- UKI: remove noxsaves parameter from cmdline + +* Tue Oct 29 2024 CBL-Mariner Servicing Account - 6.6.57.1-1 +- Auto-upgrade to 6.6.57.1 + +* Thu Oct 24 2024 Rachel Menge - 6.6.56.1-5 +- Enable Arm FF-A Support + +* Wed Oct 23 2024 Rachel Menge - 6.6.56.1-4 +- Remove Amateur Radio X.25 PLP Rose for CVE-2022-2961 + +* Wed Oct 23 2024 Rachel Menge - 6.6.56.1-3 +- Enable Intel IFS + +* Tue Oct 22 2024 Rachel Menge - 6.6.56.1-2 +- Enable CONFIG_X86_AMD_PLATFORM_DEVICE built-in + +* Thu Oct 17 2024 CBL-Mariner Servicing Account - 6.6.56.1-1 +- Auto-upgrade to 6.6.56.1 + +* Thu Oct 03 2024 Rachel Menge - 6.6.51.1-5 +- Make e1000 drivers modules instead of built-in +- Enable virtio console by default + +* Wed Oct 02 2024 Rachel Menge - 6.6.51.1-4 +- Enable nfsd v4 security label + +* Tue Sep 24 2024 Jo Zzsi - 6.6.51.1-3 +- UKI: remove dbus from initrd + +* Fri Sep 20 2024 Chris Co - 6.6.51.1-2 +- Enable MLX5 TC offload + +* Wed Sep 18 2024 CBL-Mariner Servicing Account - 6.6.51.1-1 +- Auto-upgrade to 6.6.51.1 + +* Fri Sep 13 2024 Thien Trung Vuong - 6.6.47.1-7 +- UKI: Install binary to ESP + +* Fri Sep 13 2024 Rachel Menge - 6.6.47.1-6 +- Disable xen debugfs and I2C Baytrail configs + +* Thu Sep 12 2024 Rachel Menge - 6.6.47.1-5 +- Build mpt2sas and mpt3sas drivers as modules +- Build pata_legacy as module + +* Thu Sep 12 2024 Rachel Menge - 6.6.47.1-4 +- Enable paravirt spinlocks +- Enable CET and IBT + +* Wed Sep 04 2024 Rachel Menge - 6.6.47.1-3 +- Enable usb hiddev and serial ch341 + +* Thu Aug 29 2024 Jo Zzsi - 6.6.47.1-2 +- UKI: remove usrmount from initrd + +* Thu Aug 22 2024 CBL-Mariner Servicing Account - 6.6.47.1-1 +- Auto-upgrade to 6.6.47.1 + +* Wed Aug 14 2024 CBL-Mariner Servicing Account - 6.6.44.1-1 +- Auto-upgrade to 6.6.44.1 + +* Sat Aug 10 2024 Thien Trung Vuong - 6.6.43.1-7 +- Include systemd-cryptsetup in UKI + +* Wed Aug 07 2024 Thien Trung Vuong - 6.6.43.1-6 +- Rebuild UKI with new initrd + +* Tue Aug 06 2024 Chris Co - 6.6.43.1-5 +- Enable USB_TMC + +* Sat Aug 03 2024 Chris Co - 6.6.43.1-4 +- Enable MPTCP + +* Thu Aug 01 2024 Rachel Menge - 6.6.43.1-3 +- Enable EVM + +* Wed Jul 31 2024 Chris Co - 6.6.43.1-2 +- Enable FS_VERITY +- Enable IPE LSM + +* Tue Jul 30 2024 CBL-Mariner Servicing Account - 6.6.43.1-1 +- Auto-upgrade to 6.6.43.1 + +* Tue Jul 30 2024 Chris Co - 6.6.39.1-2 +- Enable DMI_SYSFS as module +- Enable EROFS_FS as module +- Enable DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING +- Enable IMA_ARCH_POLICY +- Enable INTEGRITY_MACHINE_KEYRING + +* Fri Jul 26 2024 CBL-Mariner Servicing Account - 6.6.39.1-1 +- Auto-upgrade to 6.6.39.1 + +* Tue Jul 16 2024 Kelsey Steele - 6.6.35.1-6 +- config_aarch64: Convert selected configs to modules + +* Wed Jul 10 2024 Thien Trung Vuong - 6.6.35.1-5 +- Bump release to match kernel-uki + +* Fri Jul 05 2024 Gary Swalling - 6.6.35.1-4 +- Enable SECONDARY_TRUSTED_KEYRING + +* Mon Jul 01 2024 Rachel Menge - 6.6.35.1-3 +- disable KEXEC and LEGACY_TIOCSTI + +* Fri Jun 28 2024 Rachel Menge - 6.6.35.1-2 +- Enable LCOW boot and POD creation configs + +* Tue Jun 25 2024 CBL-Mariner Servicing Account - 6.6.35.1-1 +- Auto-upgrade to 6.6.35.1 + +* Wed Jun 12 2024 Dan Streetman - 6.6.29.1-6 +- include i18n (kbd package) in UKI, to provide loadkeys binary so + systemd-vconsole-setup works + +* Tue Jun 11 2024 Juan Camposeco - 6.6.29.1-5 +- Add patch to enable mstflint kernel driver 4.28.0-1 + +* Fri May 31 2024 Thien Trung Vuong - 6.6.29.1-4 +- Enable CONFIG_AMD_MEM_ENCRYPT, CONFIG_SEV_GUEST + +* Fri May 03 2024 Rachel Menge - 6.6.29.1-3 +- Enable CONFIG_IGC module + +* Fri May 03 2024 Rachel Menge - 6.6.29.1-2 +- Remove XFS v4 + +* Wed May 01 2024 CBL-Mariner Servicing Account - 6.6.29.1-1 +- Auto-upgrade to 6.6.29.1 + +* Mon Apr 29 2024 Sriram Nambakam - 6.6.22.1-3 +- Remove CONFIG_NF_CONNTRACK_PROCFS +- Remove CONFIG_TRACE_IRQFLAGS +- Remove CONFIG_TRACE_IRQFLAGS_NMI +- Remove CONFIG_IRQSOFF_TRACER +- Remove CONFIG_PREEMPTIRQ_TRACEPOINTS + +* Wed Mar 27 2024 Cameron Baird - 6.6.22.1-2 +- Change aarch64 config to produce hv, xen, virtio as modules +- to support dracut initramfs generation on arm64 VM systems + +* Mon Mar 25 2024 CBL-Mariner Servicing Account - 6.6.22.1-1 +- Auto-upgrade to 6.6.22.1 + +* Tue Mar 19 2024 Dan Streetman - 6.6.14.1-5 +- remove unnecessary 10_kernel.cfg grub config file + +* Wed Mar 06 2024 Chris Gunn - 6.6.14.1-4 +- Remove /var/lib/initramfs/kernel files. + +* Fri Feb 23 2024 Chris Gunn - 6.6.14.1-3 +- Call dracut instead of mkinitrd +- Rename initrd.img- to initramfs-.img + +* Tue Feb 20 2024 Cameron Baird - 6.6.14.1-2 +- Remove legacy /boot/mariner.cfg +- Introduce /etc/default/grub.d/10_kernel.cfg + +* Fri Feb 09 2024 CBL-Mariner Servicing Account - 6.6.14.1-1 +- Auto-upgrade to 6.6.14.1 +- Enable support for latency based cgroup IO protection +- Enable ZRAM module +- Enable Broadcom MPI3 Storage Controller Device Driver module + +* Thu Feb 01 2024 Vince Perri - 6.6.12.1-3 +- Config changes to converge kernel-hci config with kernel +- Remove no-vmw-sta kernel argument inherited from Photon OS + +* Sat Jan 27 11:07:05 EST 2024 Dan Streetman - 6.6.12.1-2 +- use "bootstrap" systemd macros + +* Fri Jan 26 2024 Rachel Menge - 6.6.12.1-1 +- Upgrade to 6.6.12.1 + +* Wed Jan 17 2024 Pawel Winogrodzki - 6.6.2.1-3 +- Bump release to match kernel-headers. + +* Thu Dec 14 2023 Rachel Menge - 6.6.2.1-2 +- Add cpupower.service to kernel-tools +- Enable user-based event tracing +- Enable CONFIG_BPF_LSM (Thien Trung Vuong ) +- Enable CUSE module (Juan Camposeco ) +- Add IOMMU configs for aarch64 (David Daney ) +- Set selinux as default LSM +- Enable CONFIG_X86_IOPL_IOPERM + +* Wed Dec 13 2023 Rachel Menge - 6.6.2.1-1 +- Upgrade to 6.6.2.1 +- Add libtraceevent-devel to BuildRequires + +* Thu Dec 07 2023 Rachel Menge - 6.1.58.1-3 +- Update 6.1 to have parity with ARM configs for 5.15 + +* Fri Dec 01 2023 Cameron Baird - 6.1.58.1-2 +- Remove loglevel=3, causing kernel to boot with the config-defined value, + CONSOLE_LOGLEVEL_DEFAULT. + +* Fri Oct 27 2023 Rachel Menge - 6.1.58.1-1 +- Upgrade to 6.1.58.1 +- Remove support for imx8 dtb subpackage +- Add patch for perf_bpf_test_add_nonnull_argument +- Add cpio BuildRequires +- Ensure parity with 2.0 kernel configs + +* Mon Oct 23 2023 Rachel Menge - 5.15.135.1-2 +- Enable CONFIG_BINFMT_MISC + +* Tue Oct 17 2023 CBL-Mariner Servicing Account - 5.15.135.1-1 +- Auto-upgrade to 5.15.135.1 + +* Tue Sep 26 2023 CBL-Mariner Servicing Account - 5.15.133.1-1 +- Auto-upgrade to 5.15.133.1 +- Remove CONFIG_NET_CLS_RSVP and CONFIG_NET_CLS_RSVP6 that don't apply to the new version + +* Thu Sep 21 2023 Cameron Baird - 5.15.131.1-3 +- Call grub2-mkconfig to regenerate configs only if the user has + previously used grub2-mkconfig for boot configuration. + +* Wed Sep 20 2023 Jon Slobodzian - 5.15.131.1-2 +- Recompile with stack-protection fixed gcc version (CVE-2023-4039) + +* Fri Sep 08 2023 CBL-Mariner Servicing Account - 5.15.131.1-1 +- Auto-upgrade to 5.15.131.1 + +* Mon Aug 14 2023 CBL-Mariner Servicing Account - 5.15.126.1-1 +- Auto-upgrade to 5.15.126.1 + +* Thu Aug 10 2023 Rachel Menge - 5.15.125.1-2 +- Enable CONFIG_BLK_DEV_NBD module + +* Wed Aug 09 2023 CBL-Mariner Servicing Account - 5.15.125.1-1 +- Auto-upgrade to 5.15.125.1 + +* Tue Aug 01 2023 CBL-Mariner Servicing Account - 5.15.123.1-1 +- Auto-upgrade to 5.15.123.1 + +* Fri Jul 28 2023 Juan Camposeco - 5.15.122.1-2 +- Enable Mellanox DPU drivers and configurations, ARM64 only + +* Wed Jul 26 2023 CBL-Mariner Servicing Account - 5.15.122.1-1 +- Auto-upgrade to 5.15.122.1 + +* Wed Jun 28 2023 CBL-Mariner Servicing Account - 5.15.118.1-1 +- Auto-upgrade to 5.15.118.1 + +* Tue Jun 20 2023 Rachel Menge - 5.15.116.1-2 +- Enable CONFIG_IP_VS_MH module + +* Tue Jun 13 2023 CBL-Mariner Servicing Account - 5.15.116.1-1 +- Auto-upgrade to 5.15.116.1 + +* Wed May 24 2023 Rachel Menge - 5.15.112.1-2 +- Enable CONFIG_NVME_MULTIPATH with patch to set default to off + +* Tue May 23 2023 CBL-Mariner Servicing Account - 5.15.112.1-1 +- Auto-upgrade to 5.15.112.1 + +* Mon May 15 2023 CBL-Mariner Servicing Account - 5.15.111.1-1 +- Auto-upgrade to 5.15.111.1 + +* Mon May 15 2023 Rachel Menge - 5.15.110.1-5 +- Revert CONFIG_NVME_MULTIPATH + +* Tue May 09 2023 Rachel Menge - 5.15.110.1-4 +- Enable CONFIG_EDAC_SKX + +* Thu May 04 2023 Rachel Menge - 5.15.110.1-3 +- Enable HWMON support, RAS_CEC, and BLK_DEV_IO_TRACE + +* Wed May 03 2023 Rachel Menge - 5.15.110.1-2 +- Enable CONFIG_NVME_MULTIPATH + +* Mon May 01 2023 CBL-Mariner Servicing Account - 5.15.110.1-1 +- Auto-upgrade to 5.15.110.1 + +* Thu Apr 27 2023 Rachel Menge - 5.15.107.1-4 +- Enable DRM_AMDGPU module + +* Wed Apr 26 2023 Rachel Menge - 5.15.107.1-3 +- Enable Dell drivers and supporting config options +- Enable TLS + +* Wed Apr 19 2023 Rachel Menge - 5.15.107.1-2 +- Disable rpm's debuginfo defaults which regenerate build-ids + +* Tue Apr 18 2023 CBL-Mariner Servicing Account - 5.15.107.1-1 +- Auto-upgrade to 5.15.107.1 + +* Tue Apr 11 2023 Rachel Menge - 5.15.102.1-5 +- Enable CONFIG_HIST_TRIGGERS + +* Wed Mar 29 2023 Kanika Nema - 5.15.102.1-4 +- Enable nvme-tcp and nvme-rdma modules + +* Wed Mar 29 2023 Rachel Menge - 5.15.102.1-3 +- Enable CONFIG_NET_CLS_FLOWER module + +* Wed Mar 22 2023 Thien Trung Vuong - 5.15.102.1-2 +- Enable Wireguard module + +* Tue Mar 14 2023 CBL-Mariner Servicing Account - 5.15.102.1-1 +- Auto-upgrade to 5.15.102.1 + +* Mon Mar 06 2023 CBL-Mariner Servicing Account - 5.15.98.1-1 +- Auto-upgrade to 5.15.98.1 + +* Sat Feb 25 2023 CBL-Mariner Servicing Account - 5.15.95.1-1 +- Auto-upgrade to 5.15.95.1 + +* Wed Feb 22 2023 CBL-Mariner Servicing Account - 5.15.94.1-1 +- Auto-upgrade to 5.15.94.1 + +* Wed Feb 15 2023 Rachel Menge - 5.15.92.1-3 +- Install vmlinux as root executable for debuginfo + +* Thu Feb 09 2023 Minghe Ren - 5.15.92.1-2 +- Disable CONFIG_INIT_ON_FREE_DEFAULT_ON + +* Mon Feb 06 2023 CBL-Mariner Servicing Account - 5.15.92.1-1 +- Auto-upgrade to 5.15.92.1 + +* Wed Jan 25 2023 CBL-Mariner Servicing Account - 5.15.90.1-1 +- Auto-upgrade to 5.15.90.1 + +* Sat Jan 14 2023 CBL-Mariner Servicing Account - 5.15.87.1-1 +- Auto-upgrade to 5.15.87.1 + +* Sat Jan 07 2023 nick black - 5.15.86.1-2 +- Add several missing BuildRequires (w/ Rachel Menge) + +* Tue Jan 03 2023 CBL-Mariner Servicing Account - 5.15.86.1-1 +- Auto-upgrade to 5.15.86.1 + +* Fri Dec 23 2022 CBL-Mariner Servicing Account - 5.15.85.1-1 +- Auto-upgrade to 5.15.85.1 + +* Mon Dec 19 2022 Betty Lakes - 5.15.82.1-2 +- Turn on Generic Target Core Mod + +* Tue Dec 13 2022 CBL-Mariner Servicing Account - 5.15.82.1-1 +- Auto-upgrade to 5.15.82.1 + +* Wed Dec 07 2022 CBL-Mariner Servicing Account - 5.15.81.1-1 +- Auto-upgrade to 5.15.81.1 + +* Mon Dec 05 2022 Betty Lakes - 5.15.80.1-2 +- Turn on hibernation and its dependencies + +* Tue Nov 29 2022 CBL-Mariner Servicing Account - 5.15.80.1-1 +- Auto-upgrade to 5.15.80.1 + +* Fri Nov 18 2022 CBL-Mariner Servicing Account - 5.15.79.1-1 +- Auto-upgrade to 5.15.79.1 + +* Tue Nov 08 2022 CBL-Mariner Servicing Account - 5.15.77.1-1 +- Auto-upgrade to 5.15.77.1 + +* Wed Oct 26 2022 Rachel Menge - 5.15.74.1-3 +- Turn on Configs for different TCP algorithms + +* Mon Oct 24 2022 Cameron Baird - 5.15.74.1-2 +- Package gpu kernel modules in new package kernel-drivers-gpu + +* Wed Oct 19 2022 CBL-Mariner Servicing Account - 5.15.74.1-1 +- Upgrade to 5.15.74.1 + +* Fri Oct 07 2022 CBL-Mariner Servicing Account - 5.15.72.1-1 +- Upgrade to 5.15.72.1 + +* Tue Sep 27 2022 CBL-Mariner Servicing Account - 5.15.70.1-1 +- Upgrade to 5.15.70.1 + +* Mon Sep 26 2022 CBL-Mariner Servicing Account - 5.15.69.1-1 +- Upgrade to 5.15.69.1 + +* Thu Sep 22 2022 Chris Co - 5.15.67.1-4 +- Enable SCSI logging facility + +* Tue Sep 20 2022 Chris Co - 5.15.67.1-3 +- Enable 32-bit time syscall support + +* Fri Sep 16 2022 Cameron Baird - 5.15.67.1-2 +- Enable CONFIG_NETFILTER_XT_TARGET_TRACE as a module + +* Thu Sep 15 2022 CBL-Mariner Servicing Account - 5.15.67.1-1 +- Upgrade to 5.15.67.1 + +* Thu Sep 15 2022 Adit Jha - 5.15.63.1-4 +- Setting vfat module in kernel config to Y to be baked in + +* Tue Sep 13 2022 Saul Paredes - 5.15.63.1-3 +- Adjust crashkernel param to crash, dump memory to a file, and recover correctly + +* Tue Sep 06 2022 Nikola Bojanic - 5.15.63.1-2 +- Enable CRIU support: https://criu.org/Linux_kernel + +* Mon Aug 29 2022 CBL-Mariner Servicing Account - 5.15.63.1-1 +- Upgrade to 5.15.63.1 + +* Wed Aug 17 2022 Cameron Baird - 5.15.60.2-1 +- Upgrade to 5.15.60.2 to fix arm64 builds + +* Tue Aug 02 2022 Rachel Menge - 5.15.57.1-3 +- Turn on CONFIG_SECURITY_LANDLOCK + +* Mon Aug 01 2022 Rachel Menge - 5.15.57.1-2 +- Turn on CONFIG_BLK_DEV_ZONED + +* Tue Jul 26 2022 CBL-Mariner Servicing Account - 5.15.57.1-1 +- Upgrade to 5.15.57.1 + +* Fri Jul 22 2022 CBL-Mariner Servicing Account - 5.15.55.1-1 +- Upgrade to 5.15.55.1 + +* Thu Jul 21 2022 Henry Li - 5.15.48.1-6 +- Add turbostat and cpupower to kernel-tools + +* Fri Jul 08 2022 Francis Laniel - 5.15.48.1-5 +- Add back CONFIG_FTRACE_SYSCALLS to enable eBPF CO-RE syscalls tracers. +- Add CONFIG_IKHEADERS=m to enable eBPF standard tracers. + +* Mon Jun 27 2022 Neha Agarwal - 5.15.48.1-4 +- Remove 'quiet' from commandline to enable verbose log + +* Mon Jun 27 2022 Henry Beberman - 5.15.48.1-3 +- Enable CONFIG_VIRTIO_FS=m and CONFIG_FUSE_DAX=y +- Symlink /lib/modules/uname/vmlinuz to /boot/vmlinuz-uname to improve compat with scripts seeking the kernel. + +* Wed Jun 22 2022 Max Brodeur-Urbas - 5.15.48.1-2 +- Enabling Vgem driver in config. + +* Fri Jun 17 2022 Neha Agarwal - 5.15.48.1-1 +- Update source to 5.15.48.1 + +* Tue Jun 14 2022 Pawel Winogrodzki - 5.15.45.1-2 +- Moving ".config" update and check steps into the %%prep section. + +* Thu Jun 09 2022 Cameron Baird - 5.15.45.1-1 +- Update source to 5.15.45.1 +- Address CVE-2022-32250 with a nopatch + +* Mon Jun 06 2022 Max Brodeur-Urbas - 5.15.41.1-4 +- Compiling ptp_kvm driver as a module + +* Wed Jun 01 2022 Pawel Winogrodzki - 5.15.41.1-3 +- Enabling "LIVEPATCH" config option. + +* Thu May 26 2022 Minghe Ren - 5.15.41.1-2 +- Disable SMACK kernel configuration + +* Tue May 24 2022 Cameron Baird - 5.15.41.1-1 +- Update source to 5.15.41.1 +- Nopatch CVE-2020-35501, CVE-2022-28893, CVE-2022-29581 + +* Mon May 23 2022 Neha Agarwal - 5.15.37.1-3 +- Fix configs to bring down initrd boot time + +* Mon May 16 2022 Neha Agarwal - 5.15.37.1-2 +- Fix cdrom, hyperv-mouse, kexec and crash-on-demand config in aarch64 + +* Mon May 09 2022 Neha Agarwal - 5.15.37.1-1 +- Update source to 5.15.37.1 +- Nopatch CVE-2021-4095, CVE-2022-0500, CVE-2022-0998, CVE-2022-28796, CVE-2022-29582, + CVE-2022-1048, CVE-2022-1195, CVE-2022-1353, CVE-2022-29968, CVE-2022-1015 +- Enable IFB config + +* Tue Apr 19 2022 Cameron Baird - 5.15.34.1-1 +- Update source to 5.15.34.1 +- Clean up nopatches in Patch list, no longer needed for CVE automation +- Nopatch CVE-2022-28390, CVE-2022-28389, CVE-2022-28388, CVE-2022-28356, CVE-2022-0435, + CVE-2021-4202, CVE-2022-27950, CVE-2022-0433, CVE-2022-0494, CVE-2022-0330, CVE-2022-0854, + CVE-2021-4197, CVE-2022-29156 + +* Tue Apr 19 2022 Max Brodeur-Urbas - 5.15.32.1-3 +- Remove kernel lockdown config from grub envblock + +* Tue Apr 12 2022 Andrew Phelps - 5.15.32.1-2 +- Remove trace symlink from _bindir +- Exclude files and directories under the debug folder from kernel and kernel-tools packages +- Remove BR for xerces-c-devel + +* Fri Apr 08 2022 Neha Agarwal - 5.15.32.1-1 +- Update source to 5.15.32.1 +- Address CVES: 2022-0516, 2022-26878, 2022-27223, 2022-24958, 2022-0742, + 2022-1011, 2022-26490, 2021-4002 +- Enable MANA driver config +- Address CVEs 2022-0995, 2022-1055, 2022-27666 + +* Tue Apr 05 2022 Henry Li - 5.15.26.1-4 +- Add Dell devices support + +* Mon Mar 28 2022 Rachel Menge - 5.15.26.1-3 +- Remove hardcoded mariner.pem from configs and instead insert during + the build phase + +* Mon Mar 14 2022 Vince Perri - 5.15.26.1-2 +- Add support for compressed firmware + +* Tue Mar 08 2022 cameronbaird - 5.15.26.1-1 +- Update source to 5.15.26.1 +- Address CVES: 2022-0617, 2022-25375, 2022-25258, 2021-4090, 2022-25265, + 2021-45402, 2022-0382, 2022-0185, 2021-44879, 2022-24959, 2022-0264, + 2022-24448, 2022-24122, 2021-20194, 2022-0847, 1999-0524, 2008-4609, + 2010-0298, 2010-4563, 2011-0640, 2022-0492, 2021-3743, 2022-26966 + +* Mon Mar 07 2022 George Mileka - 5.15.18.1-5 +- Enabled vfio noiommu. + +* Fri Feb 25 2022 Henry Li - 5.15.18.1-4 +- Enable CONFIG_DEVMEM, CONFIG_STRICT_DEVMEM and CONFIG_IO_STRICT_DEVMEM + +* Thu Feb 24 2022 Cameron Baird - 5.15.18.1-3 +- CONFIG_BPF_UNPRIV_DEFAULT_OFF=y + +* Thu Feb 24 2022 Suresh Babu Chalamalasetty - 5.15.18.1-2 +- Add usbip required kernel configs CONFIG_USBIP_CORE CONFIG_USBIP_VHCI_HCD + +* Mon Feb 07 2022 Cameron Baird - 5.15.18.1-1 +- Update source to 5.15.18.1 +- Address CVE-2010-0309, CVE-2018-1000026, CVE-2018-16880, CVE-2019-3016, + CVE-2019-3819, CVE-2019-3887, CVE-2020-25672, CVE-2021-3564, CVE-2021-45095, + CVE-2021-45469, CVE-2021-45480 + +* Thu Feb 03 2022 Henry Li - 5.15.2.1-5 +- Enable CONFIG_X86_SGX and CONFIG_X86_SGX_KVM + +* Wed Feb 02 2022 Rachel Menge - 5.15.2.1-4 +- Add libperf-jvmti.so to tools package + +* Thu Jan 27 2022 Daniel Mihai - 5.15.2.1-3 +- Enable kdb frontend for kgdb + +* Sun Jan 23 2022 Chris Co - 5.15.2.1-2 +- Rotate Mariner cert + +* Thu Jan 06 2022 Rachel Menge - 5.15.2.1-1 +- Update source to 5.15.2.1 + +* Tue Jan 04 2022 Suresh Babu Chalamalasetty - 5.10.78.1-3 +- Add provides exclude for debug build-id for aarch64 to generate debuginfo rpm +- Fix missing brackets for __os_install_post. + +* Tue Dec 28 2021 Suresh Babu Chalamalasetty - 5.10.78.1-2 +- Enable CONFIG_COMPAT kernel configs + +* Tue Nov 23 2021 Rachel Menge - 5.10.78.1-1 +- Update source to 5.10.78.1 +- Address CVE-2021-43267, CVE-2021-42739, CVE-2021-42327, CVE-2021-43389 +- Add patch to fix SPDX-License-Identifier in headers + +* Mon Nov 15 2021 Thomas Crain - 5.10.74.1-4 +- Add python3-perf subpackage and add python3-devel to build-time requirements +- Exclude accessibility modules from main package to avoid subpackage conflict +- Remove redundant License tag from bpftool subpackage + +* Thu Nov 04 2021 Andrew Phelps - 5.10.74.1-3 +- Update configs for gcc 11.2.0 and binutils 2.37 updates + +* Tue Oct 26 2021 Rachel Menge - 5.10.74.1-2 +- Update configs for eBPF support +- Add dwarves Build-requires + +* Tue Oct 19 2021 Rachel Menge - 5.10.74.1-1 +- Update source to 5.10.74.1 +- Address CVE-2021-41864, CVE-2021-42252 +- License verified + +* Thu Oct 07 2021 Rachel Menge - 5.10.69.1-1 +- Update source to 5.10.69.1 +- Address CVE-2021-38300, CVE-2021-41073, CVE-2021-3653, CVE-2021-42008 + +* Wed Sep 22 2021 Rachel Menge - 5.10.64.1-2 +- Enable CONFIG_NET_VRF +- Add vrf to drivers argument for dracut + +* Mon Sep 20 2021 Rachel Menge - 5.10.64.1-1 +- Update source to 5.10.64.1 + +* Fri Sep 17 2021 Rachel Menge - 5.10.60.1-1 +- Remove cn from dracut drivers argument +- Update source to 5.10.60.1 +- Address CVE-2021-38166, CVE-2021-38205, CVE-2021-3573 + CVE-2021-37576, CVE-2021-34556, CVE-2021-35477, CVE-2021-28691, + CVE-2021-3564, CVE-2020-25639, CVE-2021-29657, CVE-2021-38199, + CVE-2021-38201, CVE-2021-38202, CVE-2021-38207, CVE-2021-38204, + CVE-2021-38206, CVE-2021-38208, CVE-2021-38200, CVE-2021-38203, + CVE-2021-38160, CVE-2021-3679, CVE-2021-38198, CVE-2021-38209, + CVE-2021-3655 +- Add patch to fix VDSO in HyperV + +* Thu Sep 09 2021 Muhammad Falak - 5.10.52.1-2 +- Export `bpftool` subpackage + +* Tue Jul 20 2021 Rachel Menge - 5.10.52.1-1 +- Update source to 5.10.52.1 +- Address CVE-2021-35039, CVE-2021-33909 + +* Mon Jul 19 2021 Chris Co - 5.10.47.1-2 +- Enable CONFIG_CONNECTOR and CONFIG_PROC_EVENTS + +* Tue Jul 06 2021 Rachel Menge - 5.10.47.1-1 +- Update source to 5.10.47.1 +- Address CVE-2021-34693, CVE-2021-33624 + +* Wed Jun 30 2021 Chris Co - 5.10.42.1-4 +- Enable legacy mcelog config + +* Tue Jun 22 2021 Suresh Babu Chalamalasetty - 5.10.42.1-3 +- Enable CONFIG_IOSCHED_BFQ and CONFIG_BFQ_GROUP_IOSCHED configs + +* Wed Jun 16 2021 Chris Co - 5.10.42.1-2 +- Enable CONFIG_CROSS_MEMORY_ATTACH + +* Tue Jun 08 2021 Rachel Menge - 5.10.42.1-1 +- Update source to 5.10.42.1 +- Address CVE-2021-33200 + +* Thu Jun 03 2021 Rachel Menge - 5.10.37.1-2 +- Address CVE-2020-25672 + +* Fri May 28 2021 Rachel Menge - 5.10.37.1-1 +- Update source to 5.10.37.1 +- Address CVE-2021-23134, CVE-2021-29155, CVE-2021-31829, CVE-2021-31916, + CVE-2021-32399, CVE-2021-33033, CVE-2021-33034, CVE-2021-3483 + CVE-2021-3501, CVE-2021-3506 + +* Thu May 27 2021 Chris Co - 5.10.32.1-7 +- Set lockdown=integrity by default + +* Wed May 26 2021 Chris Co - 5.10.32.1-6 +- Add Mariner cert into the trusted kernel keyring + +* Tue May 25 2021 Daniel Mihai - 5.10.32.1-5 +- Enable kernel debugger + +* Thu May 20 2021 Nicolas Ontiveros - 5.10.32.1-4 +- Bump release number to match kernel-signed update + +* Mon May 17 2021 Andrew Phelps - 5.10.32.1-3 +- Update CONFIG_LD_VERSION for binutils 2.36.1 +- Remove build-id match check + +* Thu May 13 2021 Rachel Menge - 5.10.32.1-2 +- Add CONFIG_AS_HAS_LSE_ATOMICS=y + +* Mon May 03 2021 Rachel Menge - 5.10.32.1-1 +- Update source to 5.10.32.1 +- Address CVE-2021-23133, CVE-2021-29154, CVE-2021-30178 + +* Thu Apr 22 2021 Chris Co - 5.10.28.1-4 +- Disable CONFIG_EFI_DISABLE_PCI_DMA. It can cause boot issues on some hardware. + +* Mon Apr 19 2021 Chris Co - 5.10.28.1-3 +- Bump release number to match kernel-signed update + +* Thu Apr 15 2021 Rachel Menge - 5.10.28.1-2 +- Address CVE-2021-29648 + +* Thu Apr 08 2021 Chris Co - 5.10.28.1-1 +- Update source to 5.10.28.1 +- Update uname_r define to match the new value derived from the source +- Address CVE-2020-27170, CVE-2020-27171, CVE-2021-28375, CVE-2021-28660, + CVE-2021-28950, CVE-2021-28951, CVE-2021-28952, CVE-2021-28971, + CVE-2021-28972, CVE-2021-29266, CVE-2021-28964, CVE-2020-35508, + CVE-2020-16120, CVE-2021-29264, CVE-2021-29265, CVE-2021-29646, + CVE-2021-29647, CVE-2021-29649, CVE-2021-29650, CVE-2021-30002 + +* Fri Mar 26 2021 Daniel Mihai - 5.10.21.1-4 +- Enable CONFIG_CRYPTO_DRBG_HASH, CONFIG_CRYPTO_DRBG_CTR + +* Thu Mar 18 2021 Chris Co - 5.10.21.1-3 +- Address CVE-2021-27365, CVE-2021-27364, CVE-2021-27363 +- Enable CONFIG_FANOTIFY_ACCESS_PERMISSIONS + +* Wed Mar 17 2021 Nicolas Ontiveros - 5.10.21.1-2 +- Disable QAT kernel configs + +* Thu Mar 11 2021 Chris Co - 5.10.21.1-1 +- Update source to 5.10.21.1 +- Add virtio drivers to be installed into initrd +- Address CVE-2021-26930, CVE-2020-35499, CVE-2021-26931, CVE-2021-26932 + +* Fri Mar 05 2021 Chris Co - 5.10.13.1-4 +- Enable kernel lockdown config + +* Thu Mar 04 2021 Suresh Babu Chalamalasetty - 5.10.13.1-3 +- Add configs for CONFIG_BNXT bnxt_en and MSR drivers + +* Mon Feb 22 2021 Thomas Crain - 5.10.13.1-2 +- Add configs for speakup and uinput drivers +- Add kernel-drivers-accessibility subpackage + +* Thu Feb 18 2021 Chris Co - 5.10.13.1-1 +- Update source to 5.10.13.1 +- Remove patch to publish efi tpm event log on ARM. Present in updated source. +- Remove patch for arm64 hyperv support. Present in updated source. +- Account for new module.lds location on aarch64 +- Remove CONFIG_GCC_PLUGIN_RANDSTRUCT +- Add CONFIG_SCSI_SMARTPQI=y + +* Thu Feb 11 2021 Nicolas Ontiveros - 5.4.91-5 +- Add configs to enable tcrypt in FIPS mode + +* Tue Feb 09 2021 Nicolas Ontiveros - 5.4.91-4 +- Use OpenSSL to perform HMAC calc + +* Thu Jan 28 2021 Nicolas Ontiveros - 5.4.91-3 +- Add configs for userspace crypto support +- HMAC calc the kernel for FIPS + +* Wed Jan 27 2021 Daniel McIlvaney - 5.4.91-2 +- Enable dm-verity boot support with FEC + +* Wed Jan 20 2021 Chris Co - 5.4.91-1 +- Update source to 5.4.91 +- Address CVE-2020-29569, CVE-2020-28374, CVE-2020-36158 +- Remove patch to fix GUI installer crash. Fixed in updated source. + +* Tue Jan 12 2021 Rachel Menge - 5.4.83-4 +- Add imx8mq support + +* Sat Jan 09 2021 Andrew Phelps - 5.4.83-3 +- Add patch to fix GUI installer crash + +* Mon Dec 28 2020 Nicolas Ontiveros - 5.4.83-2 +- Address CVE-2020-27777 + +* Tue Dec 15 2020 Henry Beberman - 5.4.83-1 +- Update source to 5.4.83 +- Address CVE-2020-14351, CVE-2020-14381, CVE-2020-25656, CVE-2020-25704, + CVE-2020-29534, CVE-2020-29660, CVE-2020-29661 + +* Fri Dec 04 2020 Chris Co - 5.4.81-1 +- Update source to 5.4.81 +- Remove patch for kexec in HyperV. Integrated in 5.4.81. +- Address CVE-2020-25705, CVE-2020-15436, CVE-2020-28974, CVE-2020-29368, + CVE-2020-29369, CVE-2020-29370, CVE-2020-29374, CVE-2020-29373, CVE-2020-28915, + CVE-2020-28941, CVE-2020-27675, CVE-2020-15437, CVE-2020-29371, CVE-2020-29372, + CVE-2020-27194, CVE-2020-27152 + +* Wed Nov 25 2020 Chris Co - 5.4.72-5 +- Add patch to publish efi tpm event log on ARM + +* Mon Nov 23 2020 Chris Co - 5.4.72-4 +- Apply patch to fix kexec in HyperV + +* Mon Nov 16 2020 Suresh Babu Chalamalasetty - 5.4.72-3 +- Disable kernel config SLUB_DEBUG_ON due to tcp throughput perf impact + +* Tue Nov 10 2020 Suresh Babu Chalamalasetty - 5.4.72-2 +- Enable kernel configs for Arm64 HyperV, Ampere and Cavium SoCs support + +* Mon Oct 26 2020 Chris Co - 5.4.72-1 +- Update source to 5.4.72 +- Remove patch to support CometLake e1000e ethernet. Integrated in 5.4.72. +- Add license file +- Lint spec +- Address CVE-2018-1000026, CVE-2018-16880, CVE-2020-12464, CVE-2020-12465, + CVE-2020-12659, CVE-2020-15780, CVE-2020-14356, CVE-2020-14386, CVE-2020-25645, + CVE-2020-25643, CVE-2020-25211, CVE-2020-25212, CVE-2008-4609, CVE-2020-14331, + CVE-2010-0298, CVE-2020-10690, CVE-2020-25285, CVE-2020-10711, CVE-2019-3887, + CVE-2020-14390, CVE-2019-19338, CVE-2019-20810, CVE-2020-10766, CVE-2020-10767, + CVE-2020-10768, CVE-2020-10781, CVE-2020-12768, CVE-2020-14314, CVE-2020-14385, + CVE-2020-25641, CVE-2020-26088, CVE-2020-10942, CVE-2020-12826, CVE-2019-3016, + CVE-2019-3819, CVE-2020-16166, CVE-2020-11608, CVE-2020-11609, CVE-2020-25284, + CVE-2020-12888, CVE-2017-8244, CVE-2017-8245, CVE-2017-8246, CVE-2009-4484, + CVE-2015-5738, CVE-2007-4998, CVE-2010-0309, CVE-2011-0640, CVE-2020-12656, + CVE-2011-2519, CVE-1999-0656, CVE-2010-4563, CVE-2019-20794, CVE-1999-0524 + +* Fri Oct 16 2020 Suresh Babu Chalamalasetty - 5.4.51-11 +- Enable QAT kernel configs + +* Fri Oct 02 2020 Chris Co - 5.4.51-10 +- Address CVE-2020-10757, CVE-2020-12653, CVE-2020-12657, CVE-2010-3865, + CVE-2020-11668, CVE-2020-12654, CVE-2020-24394, CVE-2020-8428 + +* Fri Oct 02 2020 Chris Co - 5.4.51-9 +- Fix aarch64 build error + +* Wed Sep 30 2020 Emre Girgin - 5.4.51-8 +- Update postun script to deal with removal in case of another installed kernel. + +* Fri Sep 25 2020 Suresh Babu Chalamalasetty - 5.4.51-7 +- Enable Mellanox kernel configs + +* Wed Sep 23 2020 Daniel McIlvaney - 5.4.51-6 +- Enable CONFIG_IMA (measurement only) and associated configs + +* Thu Sep 03 2020 Daniel McIlvaney - 5.4.51-5 +- Add code to check for missing config flags in the checked in configs + +* Thu Sep 03 2020 Chris Co - 5.4.51-4 +- Apply additional kernel hardening configs + +* Thu Sep 03 2020 Chris Co - 5.4.51-3 +- Bump release number due to kernel-signed- package update +- Minor aarch64 config and changelog cleanup + +* Tue Sep 01 2020 Chris Co - 5.4.51-2 +- Update source hash + +* Wed Aug 19 2020 Chris Co - 5.4.51-1 +- Update source to 5.4.51 +- Enable DXGKRNL config +- Address CVE-2020-11494, CVE-2020-11565, CVE-2020-12655, CVE-2020-12771, + CVE-2020-13974, CVE-2020-15393, CVE-2020-8647, CVE-2020-8648, CVE-2020-8649, + CVE-2020-9383, CVE-2020-11725 + +* Wed Aug 19 2020 Chris Co - 5.4.42-12 +- Remove the signed package depends + +* Tue Aug 18 2020 Chris Co - 5.4.42-11 +- Remove signed subpackage + +* Mon Aug 17 2020 Chris Co - 5.4.42-10 +- Enable BPF, PC104, userfaultfd, SLUB sysfs, SMC, XDP sockets monitoring configs + +* Fri Aug 07 2020 Mateusz Malisz - 5.4.42-9 +- Add crashkernel=128M to the kernel cmdline +- Update config to support kexec and kexec_file_load + +* Tue Aug 04 2020 Pawel Winogrodzki - 5.4.42-8 +- Updating "KBUILD_BUILD_VERSION" and "KBUILD_BUILD_HOST" with correct + distribution name. + +* Wed Jul 22 2020 Chris Co - 5.4.42-7 +- Address CVE-2020-8992, CVE-2020-12770, CVE-2020-13143, CVE-2020-11884 + +* Fri Jul 17 2020 Suresh Babu Chalamalasetty - 5.4.42-6 +- Enable CONFIG_MLX5_CORE_IPOIB and CONFIG_INFINIBAND_IPOIB config flags + +* Fri Jul 17 2020 Suresh Babu Chalamalasetty - 5.4.42-5 +- Adding XDP config flag + +* Thu Jul 09 2020 Anand Muthurajan - 5.4.42-4 +- Enable CONFIG_QED, CONFIG_QEDE, CONFIG_QED_SRIOV and CONFIG_QEDE_VXLAN flags + +* Wed Jun 24 2020 Chris Co - 5.4.42-3 +- Regenerate input config files + +* Fri Jun 19 2020 Chris Co - 5.4.42-2 +- Add kernel-secure subpackage and macros for adding offline signed kernels + +* Fri Jun 12 2020 Chris Co - 5.4.42-1 +- Update source to 5.4.42 + +* Thu Jun 11 2020 Chris Co - 5.4.23-17 +- Enable PAGE_POISONING configs +- Disable PROC_KCORE config +- Enable RANDOM_TRUST_CPU config for x86_64 + +* Fri Jun 05 2020 Suresh Babu Chalamalasetty - 5.4.23-16 +- Adding BPF config flags + +* Thu Jun 04 2020 Chris Co - 5.4.23-15 +- Add config support for USB video class devices + +* Wed Jun 03 2020 Nicolas Ontiveros - 5.4.23-14 +- Add CONFIG_CRYPTO_XTS=y to config. + +* Wed Jun 03 2020 Chris Co - 5.4.23-13 +- Add patch to support CometLake e1000e ethernet +- Remove drivers-gpu subpackage +- Inline the initramfs trigger and postun source files +- Remove rpi3 dtb and ls1012 dtb subpackages + +* Wed May 27 2020 Chris Co - 5.4.23-12 +- Update arm64 security configs +- Disable devmem in x86_64 config + +* Tue May 26 2020 Daniel Mihai - 5.4.23-11 +- Disabled Reliable Datagram Sockets protocol (CONFIG_RDS). + +* Fri May 22 2020 Emre Girgin - 5.4.23-10 +- Change /boot directory permissions to 600. + +* Thu May 21 2020 Chris Co - 5.4.23-9 +- Update x86_64 security configs + +* Wed May 20 2020 Suresh Babu Chalamalasetty - 5.4.23-8 +- Adding InfiniBand config flags + +* Mon May 11 2020 Anand Muthurajan - 5.4.23-7 +- Adding PPP config flags + +* Tue Apr 28 2020 Emre Girgin - 5.4.23-6 +- Renaming Linux-PAM to pam + +* Tue Apr 28 2020 Emre Girgin - 5.4.23-5 +- Renaming linux to kernel + +* Tue Apr 14 2020 Emre Girgin - 5.4.23-4 +- Remove linux-aws and linux-esx references. +- Remove kat_build usage. +- Remove ENA module. + +* Fri Apr 10 2020 Emre Girgin - 5.4.23-3 +- Remove xml-security-c dependency. + +* Wed Apr 08 2020 Nicolas Ontiveros - 5.4.23-2 +- Remove toybox and only use coreutils for requires. + +* Tue Dec 10 2019 Chris Co - 5.4.23-1 +- Update to Microsoft Linux Kernel 5.4.23 +- Remove patches +- Update ENA module to 2.1.2 to work with Linux 5.4.23 +- Remove xr module +- Remove Xen tmem module from dracut module list to fix initramfs creation +- Add patch to fix missing trans_pgd header in aarch64 build + +* Fri Oct 11 2019 Henry Beberman - 4.19.52-8 +- Enable Hyper-V TPM in config + +* Tue Sep 03 2019 Mateusz Malisz - 4.19.52-7 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Thu Jul 25 2019 Keerthana K - 4.19.52-6 +- Fix postun scriplet. + +* Thu Jul 11 2019 Keerthana K - 4.19.52-5 +- Enable kernel configs necessary for BPF Compiler Collection (BCC). + +* Wed Jul 10 2019 Srivatsa S. Bhat (VMware) 4.19.52-4 +- Deprecate linux-aws-tools in favor of linux-tools. + +* Tue Jul 02 2019 Alexey Makhalov - 4.19.52-3 +- Fix 9p vsock 16bit port issue. + +* Thu Jun 20 2019 Tapas Kundu - 4.19.52-2 +- Enabled CONFIG_I2C_CHARDEV to support lm-sensors + +* Mon Jun 17 2019 Srivatsa S. Bhat (VMware) 4.19.52-1 +- Update to version 4.19.52 +- Fix CVE-2019-12456, CVE-2019-12379, CVE-2019-12380, CVE-2019-12381, +- CVE-2019-12382, CVE-2019-12378, CVE-2019-12455 + +* Tue May 28 2019 Srivatsa S. Bhat (VMware) 4.19.40-3 +- Change default I/O scheduler to 'deadline' to fix performance issue. + +* Tue May 14 2019 Keerthana K - 4.19.40-2 +- Fix to parse through /boot folder and update symlink (/boot/photon.cfg) if +- mulitple kernels are installed and current linux kernel is removed. + +* Tue May 07 2019 Ajay Kaher - 4.19.40-1 +- Update to version 4.19.40 + +* Thu Apr 11 2019 Srivatsa S. Bhat (VMware) 4.19.32-3 +- Update config_aarch64 to fix ARM64 build. + +* Fri Mar 29 2019 Srivatsa S. Bhat (VMware) 4.19.32-2 +- Fix CVE-2019-10125 + +* Wed Mar 27 2019 Srivatsa S. Bhat (VMware) 4.19.32-1 +- Update to version 4.19.32 + +* Thu Mar 14 2019 Srivatsa S. Bhat (VMware) 4.19.29-1 +- Update to version 4.19.29 + +* Tue Mar 05 2019 Ajay Kaher - 4.19.26-1 +- Update to version 4.19.26 + +* Thu Feb 21 2019 Him Kalyan Bordoloi - 4.19.15-3 +- Fix CVE-2019-8912 + +* Thu Jan 24 2019 Alexey Makhalov - 4.19.15-2 +- Add WiFi (ath10k), sensors (i2c,spi), usb support for NXP LS1012A board. + +* Tue Jan 15 2019 Srivatsa S. Bhat (VMware) 4.19.15-1 +- Update to version 4.19.15 + +* Fri Jan 11 2019 Srinidhi Rao - 4.19.6-7 +- Add Network support for NXP LS1012A board. + +* Wed Jan 09 2019 Ankit Jain - 4.19.6-6 +- Enable following for x86_64 and aarch64: +- Enable Kernel Address Space Layout Randomization. +- Enable CONFIG_SECURITY_NETWORK_XFRM + +* Fri Jan 04 2019 Srivatsa S. Bhat (VMware) 4.19.6-5 +- Enable AppArmor by default. + +* Wed Jan 02 2019 Alexey Makhalov - 4.19.6-4 +- .config: added Compulab fitlet2 device drivers +- .config_aarch64: added gpio sysfs support +- renamed -sound to -drivers-sound + +* Tue Jan 01 2019 Ajay Kaher - 4.19.6-3 +- .config: Enable CONFIG_PCI_HYPERV driver + +* Wed Dec 19 2018 Srinidhi Rao - 4.19.6-2 +- Add NXP LS1012A support. + +* Mon Dec 10 2018 Srivatsa S. Bhat (VMware) 4.19.6-1 +- Update to version 4.19.6 + +* Fri Dec 07 2018 Alexey Makhalov - 4.19.1-3 +- .config: added qmi wwan module + +* Mon Nov 12 2018 Ajay Kaher - 4.19.1-2 +- Fix config_aarch64 for 4.19.1 + +* Mon Nov 05 2018 Srivatsa S. Bhat (VMware) 4.19.1-1 +- Update to version 4.19.1 + +* Tue Oct 16 2018 Him Kalyan Bordoloi - 4.18.9-5 +- Change in config to enable drivers for zigbee and GPS + +* Fri Oct 12 2018 Ajay Kaher - 4.18.9-4 +- Enable LAN78xx for aarch64 rpi3 + +* Fri Oct 5 2018 Ajay Kaher - 4.18.9-3 +- Fix config_aarch64 for 4.18.9 +- Add module.lds for aarch64 + +* Wed Oct 03 2018 Srivatsa S. Bhat 4.18.9-2 +- Use updated steal time accounting patch. +- .config: Enable CONFIG_CPU_ISOLATION and a few networking options +- that got accidentally dropped in the last update. + +* Mon Oct 1 2018 Srivatsa S. Bhat 4.18.9-1 +- Update to version 4.18.9 + +* Tue Sep 25 2018 Ajay Kaher - 4.14.67-2 +- Build hang (at make oldconfig) fix in config_aarch64 + +* Wed Sep 19 2018 Srivatsa S. Bhat 4.14.67-1 +- Update to version 4.14.67 + +* Tue Sep 18 2018 Srivatsa S. Bhat 4.14.54-7 +- Add rdrand-based RNG driver to enhance kernel entropy. + +* Sun Sep 02 2018 Srivatsa S. Bhat 4.14.54-6 +- Add full retpoline support by building with retpoline-enabled gcc. + +* Thu Aug 30 2018 Srivatsa S. Bhat 4.14.54-5 +- Apply out-of-tree patches needed for AppArmor. + +* Wed Aug 22 2018 Alexey Makhalov - 4.14.54-4 +- Fix overflow kernel panic in rsi driver. +- .config: enable BT stack, enable GPIO sysfs. +- Add Exar USB serial driver. + +* Fri Aug 17 2018 Ajay Kaher - 4.14.54-3 +- Enabled USB PCI in config_aarch64 +- Build hang (at make oldconfig) fix in config_aarch64 + +* Thu Jul 19 2018 Alexey Makhalov - 4.14.54-2 +- .config: usb_serial_pl2303=m,wlan=y,can=m,gpio=y,pinctrl=y,iio=m + +* Mon Jul 09 2018 Him Kalyan Bordoloi - 4.14.54-1 +- Update to version 4.14.54 + +* Fri Jan 26 2018 Alexey Makhalov - 4.14.8-2 +- Added vchiq entry to rpi3 dts +- Added dtb-rpi3 subpackage + +* Fri Dec 22 2017 Alexey Makhalov - 4.14.8-1 +- Version update + +* Wed Dec 13 2017 Alexey Makhalov - 4.9.66-4 +- KAT build support + +* Thu Dec 07 2017 Alexey Makhalov - 4.9.66-3 +- Aarch64 support + +* Tue Dec 05 2017 Alexey Makhalov - 4.9.66-2 +- Sign and compress modules after stripping. fips=1 requires signed modules + +* Mon Dec 04 2017 Srivatsa S. Bhat 4.9.66-1 +- Version update + +* Tue Nov 21 2017 Srivatsa S. Bhat 4.9.64-1 +- Version update + +* Mon Nov 06 2017 Srivatsa S. Bhat 4.9.60-1 +- Version update + +* Wed Oct 11 2017 Srivatsa S. Bhat 4.9.53-3 +- Add patch "KVM: Don't accept obviously wrong gsi values via + KVM_IRQFD" to fix CVE-2017-1000252. + +* Tue Oct 10 2017 Alexey Makhalov - 4.9.53-2 +- Build hang (at make oldconfig) fix. + +* Thu Oct 05 2017 Srivatsa S. Bhat 4.9.53-1 +- Version update + +* Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-3 +- Allow privileged CLONE_NEWUSER from nested user namespaces. + +* Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-2 +- Fix CVE-2017-11472 (ACPICA: Namespace: fix operand cache leak) + +* Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-1 +- Version update + +* Mon Sep 18 2017 Alexey Makhalov - 4.9.47-2 +- Requires coreutils or toybox + +* Mon Sep 04 2017 Alexey Makhalov - 4.9.47-1 +- Fix CVE-2017-11600 + +* Tue Aug 22 2017 Anish Swaminathan - 4.9.43-2 +- Add missing xen block drivers + +* Mon Aug 14 2017 Alexey Makhalov - 4.9.43-1 +- Version update +- [feature] new sysctl option unprivileged_userns_clone + +* Wed Aug 09 2017 Alexey Makhalov - 4.9.41-2 +- Fix CVE-2017-7542 +- [bugfix] Added ccm,gcm,ghash,lzo crypto modules to avoid + panic on modprobe tcrypt + +* Mon Aug 07 2017 Alexey Makhalov - 4.9.41-1 +- Version update + +* Fri Aug 04 2017 Bo Gan - 4.9.38-6 +- Fix initramfs triggers + +* Tue Aug 01 2017 Anish Swaminathan - 4.9.38-5 +- Allow some algorithms in FIPS mode +- Reverts 284a0f6e87b0721e1be8bca419893902d9cf577a and backports +- bcf741cb779283081db47853264cc94854e7ad83 in the kernel tree +- Enable additional NF features + +* Fri Jul 21 2017 Anish Swaminathan - 4.9.38-4 +- Add patches in Hyperv codebase + +* Fri Jul 21 2017 Anish Swaminathan - 4.9.38-3 +- Add missing hyperv drivers + +* Thu Jul 20 2017 Alexey Makhalov - 4.9.38-2 +- Disable scheduler beef up patch + +* Tue Jul 18 2017 Alexey Makhalov - 4.9.38-1 +- Fix CVE-2017-11176 and CVE-2017-10911 + +* Mon Jul 03 2017 Xiaolin Li - 4.9.34-3 +- Add libdnet-devel, kmod-devel and libmspack-devel to BuildRequires + +* Thu Jun 29 2017 Divya Thaluru - 4.9.34-2 +- Added obsolete for deprecated linux-dev package + +* Wed Jun 28 2017 Alexey Makhalov - 4.9.34-1 +- [feature] 9P FS security support +- [feature] DM Delay target support +- Fix CVE-2017-1000364 ("stack clash") and CVE-2017-9605 + +* Thu Jun 8 2017 Alexey Makhalov - 4.9.31-1 +- Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076 + CVE-2017-9077 and CVE-2017-9242 +- [feature] IPV6 netfilter NAT table support + +* Fri May 26 2017 Alexey Makhalov - 4.9.30-1 +- Added ENA driver for AMI +- Fix CVE-2017-7487 and CVE-2017-9059 + +* Wed May 17 2017 Vinay Kulkarni - 4.9.28-2 +- Enable IPVLAN module. + +* Tue May 16 2017 Alexey Makhalov - 4.9.28-1 +- Version update + +* Wed May 10 2017 Alexey Makhalov - 4.9.27-1 +- Version update + +* Sun May 7 2017 Alexey Makhalov - 4.9.26-1 +- Version update +- Removed version suffix from config file name + +* Thu Apr 27 2017 Bo Gan - 4.9.24-2 +- Support dynamic initrd generation + +* Tue Apr 25 2017 Alexey Makhalov - 4.9.24-1 +- Fix CVE-2017-6874 and CVE-2017-7618. +- Fix audit-devel BuildRequires. +- .config: build nvme and nvme-core in kernel. + +* Mon Mar 6 2017 Alexey Makhalov - 4.9.13-2 +- .config: NSX requirements for crypto and netfilter + +* Tue Feb 28 2017 Alexey Makhalov - 4.9.13-1 +- Update to linux-4.9.13 to fix CVE-2017-5986 and CVE-2017-6074 + +* Thu Feb 09 2017 Alexey Makhalov - 4.9.9-1 +- Update to linux-4.9.9 to fix CVE-2016-10153, CVE-2017-5546, + CVE-2017-5547, CVE-2017-5548 and CVE-2017-5576. +- .config: added CRYPTO_FIPS support. + +* Tue Jan 10 2017 Alexey Makhalov - 4.9.2-1 +- Update to linux-4.9.2 to fix CVE-2016-10088 +- Move linux-tools.spec to linux.spec as -tools subpackage + +* Mon Dec 19 2016 Xiaolin Li - 4.9.0-2 +- BuildRequires Linux-PAM-devel + +* Mon Dec 12 2016 Alexey Makhalov - 4.9.0-1 +- Update to linux-4.9.0 +- Add paravirt stolen time accounting feature (from linux-esx), + but disable it by default (no-vmw-sta cmdline parameter) + +* Thu Dec 8 2016 Alexey Makhalov - 4.4.35-3 +- net-packet-fix-race-condition-in-packet_set_ring.patch + to fix CVE-2016-8655 + +* Wed Nov 30 2016 Alexey Makhalov - 4.4.35-2 +- Expand `uname -r` with release number +- Check for build-id matching +- Added syscalls tracing support +- Compress modules + +* Mon Nov 28 2016 Alexey Makhalov - 4.4.35-1 +- Update to linux-4.4.35 +- vfio-pci-fix-integer-overflows-bitmask-check.patch + to fix CVE-2016-9083 + +* Tue Nov 22 2016 Alexey Makhalov - 4.4.31-4 +- net-9p-vsock.patch + +* Thu Nov 17 2016 Alexey Makhalov - 4.4.31-3 +- tty-prevent-ldisc-drivers-from-re-using-stale-tty-fields.patch + to fix CVE-2015-8964 + +* Tue Nov 15 2016 Alexey Makhalov - 4.4.31-2 +- .config: add cgrup_hugetlb support +- .config: add netfilter_xt_{set,target_ct} support +- .config: add netfilter_xt_match_{cgroup,ipvs} support + +* Thu Nov 10 2016 Alexey Makhalov - 4.4.31-1 +- Update to linux-4.4.31 + +* Fri Oct 21 2016 Alexey Makhalov - 4.4.26-1 +- Update to linux-4.4.26 + +* Wed Oct 19 2016 Alexey Makhalov - 4.4.20-6 +- net-add-recursion-limit-to-GRO.patch +- scsi-arcmsr-buffer-overflow-in-arcmsr_iop_message_xfer.patch + +* Tue Oct 18 2016 Alexey Makhalov - 4.4.20-5 +- ipip-properly-mark-ipip-GRO-packets-as-encapsulated.patch +- tunnels-dont-apply-GRO-to-multiple-layers-of-encapsulation.patch + +* Mon Oct 3 2016 Alexey Makhalov - 4.4.20-4 +- Package vmlinux with PROGBITS sections in -debuginfo subpackage + +* Tue Sep 27 2016 Alexey Makhalov - 4.4.20-3 +- .config: CONFIG_IP_SET_HASH_{IPMARK,MAC}=m + +* Tue Sep 20 2016 Alexey Makhalov - 4.4.20-2 +- Add -release number for /boot/* files +- Use initrd.img with version and release number +- Rename -dev subpackage to -devel + +* Wed Sep 7 2016 Alexey Makhalov - 4.4.20-1 +- Update to linux-4.4.20 +- apparmor-fix-oops-validate-buffer-size-in-apparmor_setprocattr.patch +- keys-fix-asn.1-indefinite-length-object-parsing.patch + +* Thu Aug 25 2016 Alexey Makhalov - 4.4.8-11 +- vmxnet3 patches to bumpup a version to 1.4.8.0 + +* Wed Aug 10 2016 Alexey Makhalov - 4.4.8-10 +- Added VSOCK-Detach-QP-check-should-filter-out-non-matching-QPs.patch +- .config: pmem hotplug + ACPI NFIT support +- .config: enable EXPERT mode, disable UID16 syscalls + +* Thu Jul 07 2016 Alexey Makhalov - 4.4.8-9 +- .config: pmem + fs_dax support + +* Fri Jun 17 2016 Alexey Makhalov - 4.4.8-8 +- patch: e1000e-prevent-div-by-zero-if-TIMINCA-is-zero.patch +- .config: disable rt group scheduling - not supported by systemd + +* Wed Jun 15 2016 Harish Udaiya Kumar - 4.4.8-7 +- fixed the capitalization for - System.map + +* Thu May 26 2016 Alexey Makhalov - 4.4.8-6 +- patch: REVERT-sched-fair-Beef-up-wake_wide.patch + +* Tue May 24 2016 Priyesh Padmavilasom - 4.4.8-5 +- GA - Bump release of all rpms + +* Mon May 23 2016 Harish Udaiya Kumar - 4.4.8-4 +- Fixed generation of debug symbols for kernel modules & vmlinux. + +* Mon May 23 2016 Divya Thaluru - 4.4.8-3 +- Added patches to fix CVE-2016-3134, CVE-2016-3135 + +* Wed May 18 2016 Harish Udaiya Kumar - 4.4.8-2 +- Enabled CONFIG_UPROBES in config as needed by ktap + +* Wed May 04 2016 Alexey Makhalov - 4.4.8-1 +- Update to linux-4.4.8 +- Added net-Drivers-Vmxnet3-set-... patch + +* Tue May 03 2016 Vinay Kulkarni - 4.2.0-27 +- Compile Intel GigE and VMXNET3 as part of kernel. + +* Thu Apr 28 2016 Nick Shi - 4.2.0-26 +- Compile cramfs.ko to allow mounting cramfs image + +* Tue Apr 12 2016 Vinay Kulkarni - 4.2.0-25 +- Revert network interface renaming disable in kernel. + +* Tue Mar 29 2016 Alexey Makhalov - 4.2.0-24 +- Support kmsg dumping to vmware.log on panic +- sunrpc: xs_bind uses ip_local_reserved_ports + +* Mon Mar 28 2016 Harish Udaiya Kumar - 4.2.0-23 +- Enabled Regular stack protection in Linux kernel in config + +* Thu Mar 17 2016 Harish Udaiya Kumar - 4.2.0-22 +- Restrict the permissions of the /boot/System.map-X file + +* Fri Mar 04 2016 Alexey Makhalov - 4.2.0-21 +- Patch: SUNRPC: Do not reuse srcport for TIME_WAIT socket. + +* Wed Mar 02 2016 Alexey Makhalov - 4.2.0-20 +- Patch: SUNRPC: Ensure that we wait for connections to complete + before retrying + +* Fri Feb 26 2016 Alexey Makhalov - 4.2.0-19 +- Disable watchdog under VMware hypervisor. + +* Thu Feb 25 2016 Alexey Makhalov - 4.2.0-18 +- Added rpcsec_gss_krb5 and nfs_fscache + +* Mon Feb 22 2016 Alexey Makhalov - 4.2.0-17 +- Added sysctl param to control weighted_cpuload() behavior + +* Thu Feb 18 2016 Divya Thaluru - 4.2.0-16 +- Disabling network renaming + +* Sun Feb 14 2016 Alexey Makhalov - 4.2.0-15 +- veth patch: don’t modify ip_summed + +* Thu Feb 11 2016 Alexey Makhalov - 4.2.0-14 +- Full tickless -> idle tickless + simple CPU time accounting +- SLUB -> SLAB +- Disable NUMA balancing +- Disable stack protector +- No build_forced no-CBs CPUs +- Disable Expert configuration mode +- Disable most of debug features from 'Kernel hacking' + +* Mon Feb 08 2016 Alexey Makhalov - 4.2.0-13 +- Double tcp_mem limits, patch is added. + +* Wed Feb 03 2016 Anish Swaminathan - 4.2.0-12 +- Fixes for CVE-2015-7990/6937 and CVE-2015-8660. + +* Tue Jan 26 2016 Anish Swaminathan - 4.2.0-11 +- Revert CONFIG_HZ=250 + +* Fri Jan 22 2016 Alexey Makhalov - 4.2.0-10 +- Fix for CVE-2016-0728 + +* Wed Jan 13 2016 Alexey Makhalov - 4.2.0-9 +- CONFIG_HZ=250 + +* Tue Jan 12 2016 Mahmoud Bassiouny - 4.2.0-8 +- Remove rootfstype from the kernel parameter. + +* Mon Jan 04 2016 Harish Udaiya Kumar - 4.2.0-7 +- Disabled all the tracing options in kernel config. +- Disabled preempt. +- Disabled sched autogroup. + +* Thu Dec 17 2015 Harish Udaiya Kumar - 4.2.0-6 +- Enabled kprobe for systemtap & disabled dynamic function tracing in config + +* Fri Dec 11 2015 Harish Udaiya Kumar - 4.2.0-5 +- Added oprofile kernel driver sub-package. + +* Fri Nov 13 2015 Mahmoud Bassiouny - 4.2.0-4 +- Change the linux image directory. + +* Wed Nov 11 2015 Harish Udaiya Kumar - 4.2.0-3 +- Added the build essential files in the dev sub-package. + +* Mon Nov 09 2015 Vinay Kulkarni - 4.2.0-2 +- Enable Geneve module support for generic kernel. + +* Fri Oct 23 2015 Harish Udaiya Kumar - 4.2.0-1 +- Upgraded the generic linux kernel to version 4.2.0 & and updated timer handling to full tickless mode. + +* Tue Sep 22 2015 Harish Udaiya Kumar - 4.0.9-5 +- Added driver support for frame buffer devices and ACPI + +* Wed Sep 2 2015 Alexey Makhalov - 4.0.9-4 +- Added mouse ps/2 module. + +* Fri Aug 14 2015 Alexey Makhalov - 4.0.9-3 +- Use photon.cfg as a symlink. + +* Thu Aug 13 2015 Alexey Makhalov - 4.0.9-2 +- Added environment file(photon.cfg) for grub. + +* Wed Aug 12 2015 Sharath George - 4.0.9-1 +- Upgrading kernel version. + +* Wed Aug 12 2015 Alexey Makhalov - 3.19.2-5 +- Updated OVT to version 10.0.0. +- Rename -gpu-drivers to -drivers-gpu in accordance to directory structure. +- Added -sound package/ + +* Tue Aug 11 2015 Anish Swaminathan - 3.19.2-4 +- Removed Requires dependencies. + +* Fri Jul 24 2015 Harish Udaiya Kumar - 3.19.2-3 +- Updated the config file to include graphics drivers. + +* Mon May 18 2015 Touseef Liaqat - 3.13.3-2 +- Update according to UsrMove. + +* Wed Nov 5 2014 Divya Thaluru - 3.13.3-1 +- Initial build. First version diff --git a/SPECS-EXTENDED/kernel-lpg-innovate/sha512hmac-openssl.sh b/SPECS-EXTENDED/kernel-lpg-innovate/sha512hmac-openssl.sh new file mode 100644 index 0000000000..af67fa7b8f --- /dev/null +++ b/SPECS-EXTENDED/kernel-lpg-innovate/sha512hmac-openssl.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +# Mocks sha512hmac using the openssl tool. +# Only for use during RPM build. + +openssl sha512 -hmac FIPS-FTW-RHT2009 -hex "$1" | cut -f 2 -d ' ' | echo "$(cat -) $1" \ No newline at end of file diff --git a/SPECS-EXTENDED/kyotocabinet/kyotocabinet-1.2.78-random-failures.patch b/SPECS-EXTENDED/kyotocabinet/kyotocabinet-1.2.78-random-failures.patch deleted file mode 100644 index ee0b2932fc..0000000000 --- a/SPECS-EXTENDED/kyotocabinet/kyotocabinet-1.2.78-random-failures.patch +++ /dev/null @@ -1,29 +0,0 @@ -Accept failures of randomly failing tests. Upstream of kyotocabinet has disappeared... - - - https://bugzilla.redhat.com/show_bug.cgi?id=1863664 - - https://sources.debian.org/patches/kyotocabinet/1.2.76-4.2/test-disable-dir-db-test-fails-on-tmpfs-btrfs.patch/ - - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680038 - ---- kyotocabinet-1.2.78/Makefile.in 2011-07-05 15:01:53.000000000 +0200 -+++ kyotocabinet-1.2.78/Makefile.in.random-failures 2020-10-11 21:12:40.591390887 +0200 -@@ -538,9 +538,9 @@ - $(RUNENV) $(RUNCMD) ./kcdirtest order -th 4 casket 500 - $(RUNENV) $(RUNCMD) ./kcdirtest order -th 4 -rnd -etc casket 500 - $(RUNENV) $(RUNCMD) ./kcdirmgr check -onr casket -- $(RUNENV) $(RUNCMD) ./kcdirtest order -th 4 -rnd -etc -tran casket 500 -+ $(RUNENV) $(RUNCMD) ./kcdirtest order -th 4 -rnd -etc -tran casket 500 || : - $(RUNENV) $(RUNCMD) ./kcdirmgr check -onr casket -- $(RUNENV) $(RUNCMD) ./kcdirtest order -th 4 -rnd -etc -oat casket 500 -+ $(RUNENV) $(RUNCMD) ./kcdirtest order -th 4 -rnd -etc -oat casket 500 || : - $(RUNENV) $(RUNCMD) ./kcdirmgr check -onr casket - $(RUNENV) $(RUNCMD) ./kcdirtest order -th 4 -rnd -etc -tc casket 500 - $(RUNENV) $(RUNCMD) ./kcdirmgr check -onr casket -@@ -808,7 +808,7 @@ - "casket#type=kct#log=-#logkinds=debug#mtrg=-#zcomp=lzmacrc" - rm -rf casket* - $(RUNENV) $(RUNCMD) ./kcpolytest misc \ -- "casket#type=kcd#zcomp=arc#zkey=mikio" -+ "casket#type=kcd#zcomp=arc#zkey=mikio" || : - rm -rf casket* - $(RUNENV) $(RUNCMD) ./kcpolytest misc \ - "casket#type=kcf#zcomp=arc#zkey=mikio" diff --git a/SPECS-EXTENDED/kyotocabinet/kyotocabinet.signatures.json b/SPECS-EXTENDED/kyotocabinet/kyotocabinet.signatures.json index 1f11f68f1c..0186cb593d 100644 --- a/SPECS-EXTENDED/kyotocabinet/kyotocabinet.signatures.json +++ b/SPECS-EXTENDED/kyotocabinet/kyotocabinet.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "kyotocabinet-1.2.78.tar.gz": "494c6383a94bd7a64425223a770821128e99ebae68b598714e782b566772b3af" + "kyotocabinet-1.2.80.tar.gz": "4c85d736668d82920bfdbdb92ac3d66b7db1108f09581a769dd9160a02def349" } } diff --git a/SPECS-EXTENDED/kyotocabinet/kyotocabinet.spec b/SPECS-EXTENDED/kyotocabinet/kyotocabinet.spec index 12ff3d593a..9538aa2547 100644 --- a/SPECS-EXTENDED/kyotocabinet/kyotocabinet.spec +++ b/SPECS-EXTENDED/kyotocabinet/kyotocabinet.spec @@ -2,14 +2,13 @@ Vendor: Microsoft Corporation Distribution: Azure Linux Summary: A straightforward implementation of DBM Name: kyotocabinet -Version: 1.2.78 -Release: 2%{?dist} -License: GPLv3 +Version: 1.2.80 +Release: 7%{?dist} +License: GPL-3.0-only URL: https://dbmx.net/%{name}/ Source: https://dbmx.net/%{name}/pkg/%{name}-%{version}.tar.gz Patch0: kyotocabinet-1.2.76-cflags.patch Patch1: kyotocabinet-1.2.76-8-byte-atomics.patch -Patch2: kyotocabinet-1.2.78-random-failures.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} BuildRequires: gcc-c++, zlib-devel, lzo-devel, xz-devel @@ -51,10 +50,7 @@ The kyotocabinet-apidocs package contains API documentation for developing applications that use Kyoto Cabinet. %prep -%setup -q -%patch 0 -p1 -b .cflags -%patch 1 -p1 -b .8-byte-atomics -%patch 2 -p1 -b .random-failures +%autosetup -p1 %build %configure --disable-opt --enable-lzo --enable-lzma @@ -144,8 +140,37 @@ make check %doc COPYING doc/api/* kyotocabinet.idl %changelog -* Fri Oct 15 2021 Pawel Winogrodzki - 1.2.78-2 -- Initial CBL-Mariner import from Fedora 33 (license: MIT). +* Mon Apr 07 2025 Aninda Pradhan - 1.2.80-7 +- Initial Azure Linux import from Fedora 41 (license: MIT) +- License Verified + +* Thu Jul 18 2024 Fedora Release Engineering - 1.2.80-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Thu Jan 25 2024 Fedora Release Engineering - 1.2.80-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Fedora Release Engineering - 1.2.80-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Jul 20 2023 Fedora Release Engineering - 1.2.80-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu May 18 2023 Peng Wu - 1.2.80-2 +- Migrate to SPDX license + +* Mon Apr 17 2023 Peng Wu - 1.2.80-1 +- Update to 1.2.80 +- Resolves: RHBZ#2186606 + +* Wed Apr 12 2023 Florian Weimer - 1.2.79-3 +- Port configure script to C99 (#2186199) + +* Thu Jan 19 2023 Fedora Release Engineering - 1.2.79-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Tue Nov 22 2022 Peng Wu - 1.2.79-1 +- Update to 1.2.79 * Wed Sep 23 2020 Robert Scheck 1.2.78-1 - Update to 1.2.78 (#1858682) @@ -273,3 +298,4 @@ make check * Wed Dec 8 2010 Casey Dahlin - 1.2.27-1 - Initial packaging + diff --git a/SPECS-EXTENDED/libXScrnSaver/libXScrnSaver.signatures.json b/SPECS-EXTENDED/libXScrnSaver/libXScrnSaver.signatures.json index 0df25c4330..04d8e3cdb5 100644 --- a/SPECS-EXTENDED/libXScrnSaver/libXScrnSaver.signatures.json +++ b/SPECS-EXTENDED/libXScrnSaver/libXScrnSaver.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "libXScrnSaver-1.2.3.tar.bz2": "f917075a1b7b5a38d67a8b0238eaab14acd2557679835b154cf2bca576e89bf8" + "libXScrnSaver-1.2.4.tar.xz": "75cd2859f38e207a090cac980d76bc71e9da99d48d09703584e00585abc920fe" } } diff --git a/SPECS-EXTENDED/libXScrnSaver/libXScrnSaver.spec b/SPECS-EXTENDED/libXScrnSaver/libXScrnSaver.spec index e1fc5985db..d204802de1 100644 --- a/SPECS-EXTENDED/libXScrnSaver/libXScrnSaver.spec +++ b/SPECS-EXTENDED/libXScrnSaver/libXScrnSaver.spec @@ -2,13 +2,14 @@ Vendor: Microsoft Corporation Distribution: Azure Linux Summary: X.Org X11 libXss runtime library Name: libXScrnSaver -Version: 1.2.3 -Release: 6%{?dist} -License: MIT +Version: 1.2.4 +Release: 5%{?dist} +License: X11 URL: http://www.x.org -Source0: https://www.x.org/pub/individual/lib/%{name}-%{version}.tar.bz2 +Source0: https://www.x.org/pub/individual/lib/%{name}-%{version}.tar.xz +BuildRequires: make BuildRequires: xorg-x11-util-macros BuildRequires: autoconf automake libtool BuildRequires: pkgconfig @@ -44,7 +45,7 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' %ldconfig_postun %files -%doc COPYING README ChangeLog +%doc COPYING README.md ChangeLog %{_libdir}/libXss.so.1 %{_libdir}/libXss.so.1.0.0 @@ -55,8 +56,48 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' %{_includedir}/X11/extensions/scrnsaver.h %changelog -* Fri Oct 15 2021 Pawel Winogrodzki - 1.2.3-6 -- Initial CBL-Mariner import from Fedora 32 (license: MIT). +* Mon Dec 09 2024 Aninda Pradhan - 1.2.4-5 +- Initial Azure Linux import from Fedora 41 (license: MIT) +- License Verified. + +* Thu Jul 18 2024 Fedora Release Engineering - 1.2.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Thu Jan 25 2024 Fedora Release Engineering - 1.2.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Fedora Release Engineering - 1.2.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Oct 05 2023 José Expósito - 1.2.4-1 +- libXScrnSaver 1.2.4 + +* Wed Sep 06 2023 Benjamin Tissoires - 1.2.3-14 +- SPDX migration + +* Thu Jul 20 2023 Fedora Release Engineering - 1.2.3-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Jan 19 2023 Fedora Release Engineering - 1.2.3-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Jul 21 2022 Fedora Release Engineering - 1.2.3-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Thu Jan 20 2022 Fedora Release Engineering - 1.2.3-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Jul 22 2021 Fedora Release Engineering - 1.2.3-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Jan 26 2021 Fedora Release Engineering - 1.2.3-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Nov 5 12:26:52 AEST 2020 Peter Hutterer - 1.2.3-7 +- Add BuildRequires for make + +* Tue Jul 28 2020 Fedora Release Engineering - 1.2.3-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Jan 29 2020 Fedora Release Engineering - 1.2.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild diff --git a/SPECS-EXTENDED/libblockdev/libblockdev.signatures.json b/SPECS-EXTENDED/libblockdev/libblockdev.signatures.json index 3b306069ee..6022f1bdf5 100644 --- a/SPECS-EXTENDED/libblockdev/libblockdev.signatures.json +++ b/SPECS-EXTENDED/libblockdev/libblockdev.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "libblockdev-2.28.tar.gz": "82c9c841e28a74fecadedebfae6a772df623cecdf652e5376650fa26da5b7df4" + "libblockdev-3.2.0.tar.gz": "f2918de9ce1b54ac1aee5e5757e555947896a74674cdca9d05940a53d19e32a8" } } diff --git a/SPECS-EXTENDED/libblockdev/libblockdev.spec b/SPECS-EXTENDED/libblockdev/libblockdev.spec index 5323b5e457..fde14fc454 100644 --- a/SPECS-EXTENDED/libblockdev/libblockdev.spec +++ b/SPECS-EXTENDED/libblockdev/libblockdev.spec @@ -1,5 +1,5 @@ -%define with_gtk_doc 0 -%define with_bcache 1 +%define with_python3 1 +%define with_gtk_doc 1 %define with_btrfs 1 %define with_crypto 1 %define with_dm 1 @@ -9,19 +9,16 @@ %define with_mdraid 1 %define with_mpath 1 %define with_swap 1 -%define with_kbd 1 %define with_part 1 %define with_fs 1 %define with_nvdimm 1 -%define with_vdo 0 %define with_gi 1 %define with_escrow 1 -%define with_dmraid 1 %define with_tools 1 +%define with_nvme 1 +%define with_smart 1 +%define with_smartmontools 1 -%if %{with_gtk_doc} != 1 -%define gtk_doc_copts --without-gtk-doc -%endif %if %{with_btrfs} != 1 %define btrfs_copts --without-btrfs %endif @@ -35,9 +32,6 @@ %if %{with_dm} != 1 %define dm_copts --without-dm %else -%if %{with_dmraid} != 1 -%define dm_copts --without-dmraid -%endif %endif %if %{with_loop} != 1 %define loop_copts --without-loop @@ -57,9 +51,6 @@ %if %{with_swap} != 1 %define swap_copts --without-swap %endif -%if %{with_kbd} != 1 -%define kbd_copts --without-kbd -%endif %if %{with_part} != 1 %define part_copts --without-part %endif @@ -69,25 +60,34 @@ %if %{with_nvdimm} != 1 %define nvdimm_copts --without-nvdimm %endif -%if %{with_vdo} != 1 -%define vdo_copts --without-vdo -%endif %if %{with_tools} != 1 %define tools_copts --without-tools %endif %if %{with_gi} != 1 %define gi_copts --disable-introspection %endif -%define configure_opts %{?gtk_doc_copts} %{?lvm_dbus_copts} %{?btrfs_copts} %{?crypto_copts} %{?dm_copts} %{?loop_copts} %{?lvm_copts} %{?lvm_dbus_copts} %{?mdraid_copts} %{?mpath_copts} %{?swap_copts} %{?kbd_copts} %{?part_copts} %{?fs_copts} %{?nvdimm_copts} %{?vdo_copts} %{?tools_copts} %{?gi_copts} +%if %{with_nvme} != 1 +%define nvme_copts --without-nvme +%endif +%if %{with_smart} != 1 +%define smart_copts --without-smart +%endif +%if %{with_smartmontools} != 1 +%define smartmontools_copts --without-smartmontools +%endif + +%define configure_opts %{?python3_copts} %{?lvm_dbus_copts} %{?btrfs_copts} %{?crypto_copts} %{?dm_copts} %{?loop_copts} %{?lvm_copts} %{?lvm_dbus_copts} %{?mdraid_copts} %{?mpath_copts} %{?swap_copts} %{?part_copts} %{?fs_copts} %{?nvdimm_copts} %{?tools_copts} %{?gi_copts} %{?nvme_copts} %{?smart_copts} %{?smartmontools_copts} + Summary: A library for low-level manipulation with block devices Name: libblockdev -Version: 2.28 -Release: 3%{?dist} +Version: 3.2.0 +Release: 1%{?dist} License: LGPL-2.0-or-later Vendor: Microsoft Corporation Distribution: Azure Linux URL: https://github.com/storaged-project/libblockdev -Source0: https://github.com/storaged-project/libblockdev/releases/download/%{version}-1/%{name}-%{version}.tar.gz +Source0: https://github.com/storaged-project/libblockdev/releases/download/%{version}/%{name}-%{version}.tar.gz + BuildRequires: make BuildRequires: glib2-devel %if %{with_gi} @@ -95,12 +95,19 @@ BuildRequires: gobject-introspection-devel %endif BuildRequires: python3-devel %if %{with_gtk_doc} -BuildRequires: %{_bindir}/xsltproc BuildRequires: gtk-doc %endif BuildRequires: glib2-doc BuildRequires: autoconf-archive +# obsolete removed subpackages to allow upgrades +Provides: libblockdev-kbd = %{version}-%{release} +Obsoletes: libblockdev-kbd < %{version}-%{release} +Provides: libblockdev-vdo = %{version}-%{release} +Obsoletes: libblockdev-vdo < %{version}-%{release} + +Requires: %{name}-utils%{?_isa} = %{version}-%{release} + %description The libblockdev is a C library with GObject introspection support that can be used for doing low-level operations with block devices like setting up LVM, @@ -113,8 +120,15 @@ no information about VGs when creating an LV). %package devel Summary: Development files for libblockdev Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}-utils-devel%{?_isa} = %{version}-%{release} Requires: glib2-devel +# obsolete removed devel subpackages to allow upgrades +Provides: libblockdev-kbd-devel = %{version}-%{release} +Obsoletes: libblockdev-kbd-devel < %{version}-%{release} +Provides: libblockdev-vdo-devel = %{version}-%{release} +Obsoletes: libblockdev-vdo-devel < %{version}-%{release} + %description devel This package contains header files and pkg-config files needed for development with the libblockdev library. @@ -123,6 +137,7 @@ with the libblockdev library. Summary: Python3 gobject-introspection bindings for libblockdev Requires: %{name}%{?_isa} = %{version}-%{release} Requires: python3-gobject-base +Requires: python3-bytesize %{?python_provide:%python_provide python3-blockdev} %description -n python3-blockdev @@ -171,8 +186,11 @@ with the libblockdev-btrfs plugin/library. %if %{with_crypto} %package crypto Summary: The crypto plugin for the libblockdev library -BuildRequires: cryptsetup-devel +Requires: %{name}-utils%{?_isa} = %{version}-%{release} +BuildRequires: cryptsetup-devel >= 2.3.0 BuildRequires: libblkid-devel +BuildRequires: keyutils-libs-devel + %if %{with_escrow} BuildRequires: volume_key-devel >= 0.3.9-7 BuildRequires: nss-devel @@ -185,6 +203,7 @@ providing the functionality related to encrypted devices (LUKS). %package crypto-devel Summary: Development files for the libblockdev-crypto plugin/library Requires: %{name}-crypto%{?_isa} = %{version}-%{release} +Requires: %{name}-utils-devel%{?_isa} = %{version}-%{release} Requires: glib2-devel %description crypto-devel @@ -196,15 +215,9 @@ with the libblockdev-crypto plugin/library. %package dm Summary: The Device Mapper plugin for the libblockdev library BuildRequires: device-mapper-devel -%if %{with_dmraid} -BuildRequires: dmraid-devel -%endif BuildRequires: systemd-devel Requires: %{name}-utils%{?_isa} = %{version}-%{release} Requires: device-mapper -%if %{with_dmraid} -Requires: dmraid -%endif %description dm The libblockdev library plugin (and in the same time a standalone library) @@ -216,9 +229,6 @@ Requires: %{name}-dm%{?_isa} = %{version}-%{release} Requires: glib2-devel Requires: device-mapper-devel Requires: systemd-devel -%if %{with_dmraid} -Requires: dmraid-devel -%endif Requires: %{name}-utils-devel%{?_isa} = %{version}-%{release} %description dm-devel @@ -229,9 +239,10 @@ with the libblockdev-dm plugin/library. %if %{with_fs} %package fs Summary: The FS plugin for the libblockdev library -BuildRequires: parted-devel BuildRequires: libblkid-devel BuildRequires: libmount-devel +BuildRequires: libuuid-devel +BuildRequires: e2fsprogs-devel Requires: %{name}-utils%{?_isa} = %{version}-%{release} %description fs @@ -243,39 +254,12 @@ Summary: Development files for the libblockdev-fs plugin/library Requires: %{name}-fs%{?_isa} = %{version}-%{release} Requires: %{name}-utils-devel%{?_isa} = %{version}-%{release} Requires: glib2-devel -Requires: xfsprogs -Requires: dosfstools %description fs-devel This package contains header files and pkg-config files needed for development with the libblockdev-fs plugin/library. %endif -%if %{with_kbd} -%package kbd -Summary: The KBD plugin for the libblockdev library -BuildRequires: libbytesize-devel -Requires: %{name}-utils%{?_isa} = %{version}-%{release} -%if %{with_bcache} -Requires: bcache-tools >= 1.0.8 -%endif - -%description kbd -The libblockdev library plugin (and in the same time a standalone library) -providing the functionality related to kernel block devices (namely zRAM and -Bcache). - -%package kbd-devel -Summary: Development files for the libblockdev-kbd plugin/library -Requires: %{name}-kbd%{?_isa} = %{version}-%{release} -Requires: %{name}-utils-devel%{?_isa} = %{version}-%{release} -Requires: glib2-devel - -%description kbd-devel -This package contains header files and pkg-config files needed for development -with the libblockdev-kbd plugin/library. -%endif - %if %{with_loop} %package loop Summary: The loop plugin for the libblockdev library @@ -300,6 +284,7 @@ with the libblockdev-loop plugin/library. %package lvm Summary: The LVM plugin for the libblockdev library BuildRequires: device-mapper-devel +BuildRequires: libyaml-devel Requires: %{name}-utils%{?_isa} = %{version}-%{release} Requires: lvm2 @@ -322,6 +307,7 @@ with the libblockdev-lvm plugin/library. %package lvm-dbus Summary: The LVM plugin for the libblockdev library BuildRequires: device-mapper-devel +BuildRequires: libyaml-devel Requires: %{name}-utils%{?_isa} = %{version}-%{release} Requires: lvm2-dbusd >= 2.02.156 @@ -407,12 +393,33 @@ This package contains header files and pkg-config files needed for development with the libblockdev-nvdimm plugin/library. %endif +%if %{with_nvme} +%package nvme +BuildRequires: libnvme-devel +BuildRequires: libuuid-devel +Summary: The NVMe plugin for the libblockdev library +Requires: %{name}-utils%{?_isa} = %{version}-%{release} + +%description nvme +The libblockdev library plugin (and in the same time a standalone library) +providing the functionality related to operations with NVMe devices. + +%package nvme-devel +Summary: Development files for the libblockdev-nvme plugin/library +Requires: %{name}-nvme%{?_isa} = %{version}-%{release} +Requires: %{name}-utils-devel%{?_isa} = %{version}-%{release} +Requires: glib2-devel + +%description nvme-devel +This package contains header files and pkg-config files needed for development +with the libblockdev-nvme plugin/library. +%endif + + %if %{with_part} %package part Summary: The partitioning plugin for the libblockdev library -BuildRequires: parted-devel Requires: %{name}-utils%{?_isa} = %{version}-%{release} -Requires: gdisk Requires: util-linux %description part @@ -430,6 +437,52 @@ This package contains header files and pkg-config files needed for development with the libblockdev-part plugin/library. %endif +%if %{with_smart} +%package smart +BuildRequires: libatasmart-devel >= 0.17 +Summary: The smart plugin for the libblockdev library +Requires: %{name}-utils%{?_isa} = %{version}-%{release} + +%description smart +The libblockdev library plugin (and in the same time a standalone library) +providing S.M.A.R.T. monitoring and testing functionality, based +on libatasmart. + +%package smart-devel +Summary: Development files for the libblockdev-smart plugin/library +Requires: %{name}-smart%{?_isa} = %{version}-%{release} +Requires: %{name}-utils-devel%{?_isa} = %{version}-%{release} +Requires: glib2-devel + +%description smart-devel +This package contains header files and pkg-config files needed for development +with the libblockdev-smart plugin/library. +%endif + + +%if %{with_smartmontools} +%package smartmontools +BuildRequires: json-glib-devel +Summary: The smartmontools plugin for the libblockdev library +Requires: %{name}-utils%{?_isa} = %{version}-%{release} +Requires: smartmontools >= 7.0 + +%description smartmontools +The libblockdev library plugin (and in the same time a standalone library) +providing S.M.A.R.T. monitoring and testing functionality, based +on smartmontools. + +%package smartmontools-devel +Summary: Development files for the libblockdev-smart plugin/library +Requires: %{name}-smartmontools%{?_isa} = %{version}-%{release} +Requires: %{name}-utils-devel%{?_isa} = %{version}-%{release} +Requires: glib2-devel + +%description smartmontools-devel +This package contains header files and pkg-config files needed for development +with the libblockdev-smart plugin/library. +%endif + %if %{with_swap} %package swap Summary: The swap plugin for the libblockdev library @@ -452,37 +505,14 @@ This package contains header files and pkg-config files needed for development with the libblockdev-swap plugin/library. %endif -%if %{with_vdo} -%package vdo -Summary: The vdo plugin for the libblockdev library -BuildRequires: libbytesize-devel -BuildRequires: libyaml-devel -Requires: %{name}-utils%{?_isa} >= 0.11 -# we want to build the plugin everywhere but the dependencies might not be -# available so just use weak dependency -Recommends: vdo - -%description vdo -The libblockdev library plugin (and in the same time a standalone library) -providing the functionality related to VDO devices. - -%package vdo-devel -Summary: Development files for the libblockdev-vdo plugin/library -Requires: %{name}-vdo%{?_isa} = %{version}-%{release} -Requires: %{name}-utils-devel%{?_isa} -Requires: glib2-devel - -%description vdo-devel -This package contains header files and pkg-config files needed for development -with the libblockdev-vdo plugin/library. -%endif %if %{with_tools} %package tools Summary: Various nice tools based on libblockdev BuildRequires: libbytesize-devel -Requires: %{name} -Requires: %{name}-lvm +BuildRequires: parted-devel +Requires: %{name} = %{version}-%{release} +Requires: %{name}-lvm = %{version}-%{release} %if %{with_lvm_dbus} == 1 Recommends: %{name}-lvm-dbus %endif @@ -492,47 +522,89 @@ Various nice storage-related tools based on libblockdev. %endif +%ifarch s390 s390x +%package s390 +Summary: The s390 plugin for the libblockdev library +Requires: %{name}-utils%{?_isa} = %{version}-%{release} +Requires: s390utils + +%description s390 +The libblockdev library plugin (and in the same time a standalone library) +providing the functionality related to s390 devices. + +%package s390-devel +Summary: Development files for the libblockdev-s390 plugin/library +Requires: %{name}-s390%{?_isa} = %{version}-%{release} +Requires: %{name}-utils-devel%{?_isa} = %{version}-%{release} +Requires: glib2-devel + +%description s390-devel +This package contains header files and pkg-config files needed for development +with the libblockdev-s390 plugin/library. +%endif + %package plugins-all Summary: Meta-package that pulls all the libblockdev plugins as dependencies Requires: %{name}%{?_isa} = %{version}-%{release} + %if %{with_btrfs} Requires: %{name}-btrfs%{?_isa} = %{version}-%{release} %endif + %if %{with_crypto} Requires: %{name}-crypto%{?_isa} = %{version}-%{release} %endif + %if %{with_dm} Requires: %{name}-dm%{?_isa} = %{version}-%{release} %endif + %if %{with_fs} Requires: %{name}-fs%{?_isa} = %{version}-%{release} %endif -%if %{with_kbd} -Requires: %{name}-kbd%{?_isa} = %{version}-%{release} -%endif + %if %{with_loop} Requires: %{name}-loop%{?_isa} = %{version}-%{release} %endif + %if %{with_lvm} Requires: %{name}-lvm%{?_isa} = %{version}-%{release} %endif + %if %{with_mdraid} Requires: %{name}-mdraid%{?_isa} = %{version}-%{release} %endif + %if %{with_mpath} Requires: %{name}-mpath%{?_isa} = %{version}-%{release} %endif + %if %{with_nvdimm} Requires: %{name}-nvdimm%{?_isa} = %{version}-%{release} + +%if %{with_nvme} +Requires: %{name}-nvme%{?_isa} = %{version}-%{release} +%endif + %endif %if %{with_part} Requires: %{name}-part%{?_isa} = %{version}-%{release} %endif + +%if %{with_smart} +Requires: %{name}-smart%{?_isa} = %{version}-%{release} +%endif + +%if %{with_smartmontools} +Requires: %{name}-smartmontools%{?_isa} = %{version}-%{release} +%endif + %if %{with_swap} Requires: %{name}-swap%{?_isa} = %{version}-%{release} %endif -%if %{with_vdo} -Requires: %{name}-vdo%{?_isa} = %{version}-%{release} + +%ifarch s390 s390x +Requires: %{name}-s390%{?_isa} = %{version}-%{release} %endif %description plugins-all @@ -544,11 +616,11 @@ A meta-package that pulls all the libblockdev plugins as dependencies. %build autoreconf -ivf %configure %{?configure_opts} -%make_build +%{__make} %{?_smp_mflags} %install %make_install -find %{buildroot} -type f -name "*.la" -delete -print +find %{buildroot} -type f -name "*.la" | xargs %{__rm} %ldconfig_scriptlets %ldconfig_scriptlets utils @@ -593,22 +665,29 @@ find %{buildroot} -type f -name "*.la" -delete -print %ldconfig_scriptlets nvdimm %endif +%if %{with_nvme} +%ldconfig_scriptlets nvme +%endif + %if %{with_part} %ldconfig_scriptlets part %endif -%if %{with_swap} -%ldconfig_scriptlets swap +%if %{with_smart} +%ldconfig_scriptlets smart %endif -%if %{with_vdo} -%ldconfig_scriptlets vdo +%if %{with_smartmontools} +%ldconfig_scriptlets smartmontools %endif -%if %{with_kbd} -%ldconfig_scriptlets kbd +%if %{with_swap} +%ldconfig_scriptlets swap %endif +%ifarch s390 s390x +%ldconfig_scriptlets s390 +%endif %files %{!?_licensedir:%global license %%doc} @@ -618,11 +697,11 @@ find %{buildroot} -type f -name "*.la" -delete -print %{_libdir}/girepository*/BlockDev*.typelib %endif %dir %{_sysconfdir}/libblockdev -%dir %{_sysconfdir}/libblockdev/conf.d -%config %{_sysconfdir}/libblockdev/conf.d/00-default.cfg +%dir %{_sysconfdir}/libblockdev/3/conf.d +%config %{_sysconfdir}/libblockdev/3/conf.d/00-default.cfg %files devel -%doc features.rst specs.rst +#%doc features.rst specs.rst %{_libdir}/libblockdev.so %dir %{_includedir}/blockdev %{_includedir}/blockdev/blockdev.h @@ -641,11 +720,10 @@ find %{buildroot} -type f -name "*.la" -delete -print %files utils %{_libdir}/libbd_utils.so.* -%{_libdir}/libbd_part_err.so.* +#%{_libdir}/libbd_part_err.so.* %files utils-devel %{_libdir}/libbd_utils.so -%{_libdir}/libbd_part_err.so %{_libdir}/pkgconfig/blockdev-utils.pc %dir %{_includedir}/blockdev %{_includedir}/blockdev/utils.h @@ -655,6 +733,7 @@ find %{buildroot} -type f -name "*.la" -delete -print %{_includedir}/blockdev/dev_utils.h %{_includedir}/blockdev/module.h %{_includedir}/blockdev/dbus.h +%{_includedir}/blockdev/logging.h %if %{with_btrfs} %files btrfs @@ -698,16 +777,6 @@ find %{buildroot} -type f -name "*.la" -delete -print %{_includedir}/blockdev/fs/*.h %endif -%if %{with_kbd} -%files kbd -%{_libdir}/libbd_kbd.so.* - -%files kbd-devel -%{_libdir}/libbd_kbd.so -%dir %{_includedir}/blockdev -%{_includedir}/blockdev/kbd.h -%endif - %if %{with_loop} %files loop %{_libdir}/libbd_loop.so.* @@ -731,7 +800,7 @@ find %{buildroot} -type f -name "*.la" -delete -print %if %{with_lvm_dbus} %files lvm-dbus %{_libdir}/libbd_lvm-dbus.so.* -%config %{_sysconfdir}/libblockdev/conf.d/10-lvm-dbus.cfg +%config %{_sysconfdir}/libblockdev/3/conf.d/10-lvm-dbus.cfg %files lvm-dbus-devel %{_libdir}/libbd_lvm-dbus.so @@ -769,16 +838,51 @@ find %{buildroot} -type f -name "*.la" -delete -print %{_includedir}/blockdev/nvdimm.h %endif +%if %{with_nvme} +%files nvme +%{_libdir}/libbd_nvme.so.* + + +%files nvme-devel +%{_libdir}/libbd_nvme.so +%dir %{_includedir}/blockdev +%{_includedir}/blockdev/nvme.h +%endif + %if %{with_part} %files part %{_libdir}/libbd_part.so.* + %files part-devel %{_libdir}/libbd_part.so %dir %{_includedir}/blockdev %{_includedir}/blockdev/part.h %endif + +%if %{with_smart} +%files smart +%{_libdir}/libbd_smart.so.* + +%files smart-devel +%{_libdir}/libbd_smart.so +%dir %{_includedir}/blockdev +%{_includedir}/blockdev/smart.h +%endif + + +%if %{with_smartmontools} +%files smartmontools +%{_libdir}/libbd_smartmontools.so.* + +%files smartmontools-devel +%{_libdir}/libbd_smartmontools.so +%dir %{_includedir}/blockdev +%{_includedir}/blockdev/smart.h +%endif + + %if %{with_swap} %files swap %{_libdir}/libbd_swap.so.* @@ -789,24 +893,31 @@ find %{buildroot} -type f -name "*.la" -delete -print %{_includedir}/blockdev/swap.h %endif -%if %{with_vdo} -%files vdo -%{_libdir}/libbd_vdo.so.* - -%files vdo-devel -%{_libdir}/libbd_vdo.so -%dir %{_includedir}/blockdev -%{_includedir}/blockdev/vdo.h -%endif %if %{with_tools} %files tools %{_bindir}/lvm-cache-stats +%{_bindir}/vfat-resize %endif +%ifarch s390 s390x +%files s390 +%{_libdir}/libbd_s390.so.* + +%files s390-devel +%{_libdir}/libbd_s390.so +%dir %{_includedir}/blockdev +%{_includedir}/blockdev/s390.h +%endif + + %files plugins-all %changelog +* Thu Nov 7 2024 Jyoti Kanase - 3.2.0-1 +- Update to 3.2.0 +- License verified + * Thu Jan 05 2023 Sumedh Sharma - 2.28-3 - Initial CBL-Mariner import from Fedora 37 (license: MIT) - Disable conditional build with 'doc' & 'vdo' diff --git a/SPECS-EXTENDED/libgeotiff/libgeotiff.signatures.json b/SPECS-EXTENDED/libgeotiff/libgeotiff.signatures.json index 48efd90581..bea209ef9f 100644 --- a/SPECS-EXTENDED/libgeotiff/libgeotiff.signatures.json +++ b/SPECS-EXTENDED/libgeotiff/libgeotiff.signatures.json @@ -1,5 +1,6 @@ { "Signatures": { - "libgeotiff-1.7.1.tar.gz": "05ab1347aaa471fc97347d8d4269ff0c00f30fa666d956baba37948ec87e55d6" + "libgeotiff-1.7.3.tar.gz": "ba23a3a35980ed3de916e125c739251f8e3266be07540200125a307d7cf5a704" } } + diff --git a/SPECS-EXTENDED/libgeotiff/libgeotiff.spec b/SPECS-EXTENDED/libgeotiff/libgeotiff.spec index fe64c14035..b300b82c07 100644 --- a/SPECS-EXTENDED/libgeotiff/libgeotiff.spec +++ b/SPECS-EXTENDED/libgeotiff/libgeotiff.spec @@ -1,24 +1,27 @@ -Summary: GeoTIFF format library -Name: libgeotiff -Version: 1.7.1 -Release: 5%{?dist} -License: MIT Vendor: Microsoft Corporation Distribution: Azure Linux -URL: https://trac.osgeo.org/geotiff/ -Source: https://download.osgeo.org/geotiff/%{name}/%{name}-%{version}.tar.gz + +Name: libgeotiff +Version: 1.7.3 +Release: 4%{?dist} + +Summary: GeoTIFF format library +License: MIT +URL: https://trac.osgeo.org/geotiff/ +Source: https://download.osgeo.org/geotiff/%{name}/%{name}-%{version}.tar.gz # Honour LIB_SUFFIX # Honour GEOTIFF_INCLUDE_SUBDIR # Add version suffix to mingw library # Fix cmake module install dir # Don't install docs -Patch0: libgeotiff_cmake.patch -BuildRequires: cmake -BuildRequires: gcc-c++ -BuildRequires: libjpeg-devel -BuildRequires: libtiff-devel -BuildRequires: proj-devel -BuildRequires: zlib-devel +Patch0: libgeotiff_cmake.patch + +BuildRequires: cmake +BuildRequires: gcc-c++ +BuildRequires: libtiff-devel +BuildRequires: libjpeg-devel +BuildRequires: proj-devel +BuildRequires: zlib-devel %description GeoTIFF represents an effort by over 160 different remote sensing, @@ -27,10 +30,9 @@ to establish a TIFF based interchange format for georeferenced raster imagery. %package devel -Summary: Development library and header for the GeoTIFF file format library -Requires: %{name}%{?_isa} = %{version}-%{release} -Requires: libtiff-devel -Requires: pkgconfig +Summary: Development library and header for the GeoTIFF file format library +Requires: pkgconfig libtiff-devel +Requires: %{name}%{?_isa} = %{version}-%{release} %description devel The GeoTIFF library provides support for development of geotiff image format. @@ -38,17 +40,15 @@ The GeoTIFF library provides support for development of geotiff image format. %prep %autosetup -p1 -n %{name}-%{version} - %build # Native build -%cmake -DGEOTIFF_BIN_SUBDIR=bin -DGEOTIFF_INCLUDE_SUBDIR=include/%{name} -DGEOTIFF_LIB_SUBDIR=%{_lib} +%cmake -DGEOTIFF_BIN_SUBDIR=bin -DCMAKE_INSTALL_INCLUDEDIR=%{_includedir}/%{name} %cmake_build %install %cmake_install - # install pkgconfig file mkdir -p %{buildroot}%{_libdir}/pkgconfig/ cat > %{buildroot}%{_libdir}/pkgconfig/%{name}.pc < - 1.7.1-5 -- Initial CBL-Mariner import from Fedora 37 (license: MIT) +* Wed May 07 2025 Durga Jagadeesh Palli - 1.7.3-4 +- Initial Azure Linux import from Fedora 41 (license: MIT) - License verified -- Remove mingw build conditional execution statements + +* Thu Apr 17 2025 Sandro Mani - 1.7.3-3 +- Rebuild against correct crt + +* Thu Jul 18 2024 Fedora Release Engineering - 1.7.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Sat May 25 2024 Sandro Mani - 1.7.3-1 +- Update to 1.7.3 + +* Tue Mar 05 2024 Sandro Mani - 1.7.1-13 +- Rebuild (proj) + +* Thu Jan 25 2024 Fedora Release Engineering - 1.7.1-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Fedora Release Engineering - 1.7.1-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Sep 03 2023 Sandro Mani - 1.7.1-10 +- Rebuild (proj) + +* Thu Jul 20 2023 Fedora Release Engineering - 1.7.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu May 18 2023 Orion Poplawski - 1.7.1-8 +- Change BR to mingw*-gcc-c++ + +* Sat Mar 04 2023 Sandro Mani - 1.7.1-7 +- Rebuild (proj) + +* Thu Jan 19 2023 Fedora Release Engineering - 1.7.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Sun Sep 04 2022 Sandro Mani - 1.7.1-5 +- Rebuild (proj) * Thu Jul 21 2022 Fedora Release Engineering - 1.7.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild diff --git a/SPECS-EXTENDED/libgeotiff/libgeotiff_cmake.patch b/SPECS-EXTENDED/libgeotiff/libgeotiff_cmake.patch index 54464b865b..be5a80b446 100644 --- a/SPECS-EXTENDED/libgeotiff/libgeotiff_cmake.patch +++ b/SPECS-EXTENDED/libgeotiff/libgeotiff_cmake.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference libgeotiff-1.7.1/cmake/CMakeLists.txt libgeotiff-1.7.1-new/cmake/CMakeLists.txt ---- libgeotiff-1.7.1/cmake/CMakeLists.txt 2022-02-18 16:07:34.000000000 +0100 -+++ libgeotiff-1.7.1-new/cmake/CMakeLists.txt 2022-03-14 23:38:20.294077484 +0100 +diff -rupN libgeotiff-1.7.3/cmake/CMakeLists.txt libgeotiff-1.7.3-new/cmake/CMakeLists.txt +--- libgeotiff-1.7.3/cmake/CMakeLists.txt 2022-02-18 16:07:34.000000000 +0100 ++++ libgeotiff-1.7.3-new/cmake/CMakeLists.txt 2024-05-25 11:33:17.823041296 +0200 @@ -6,13 +6,8 @@ # ${INSTALL_CMAKE_DIR} and @PROJECT_ROOT_DIR@ is the relative # path to the root from there. (Note that the whole install tree can @@ -17,23 +17,23 @@ diff -rupN --no-dereference libgeotiff-1.7.1/cmake/CMakeLists.txt libgeotiff-1.7 configure_file (project-config.cmake.in project-config.cmake @ONLY) configure_file (project-config-version.cmake.in -diff -rupN --no-dereference libgeotiff-1.7.1/CMakeLists.txt libgeotiff-1.7.1-new/CMakeLists.txt ---- libgeotiff-1.7.1/CMakeLists.txt 2022-03-10 09:32:14.000000000 +0100 -+++ libgeotiff-1.7.1-new/CMakeLists.txt 2022-03-14 23:38:20.295077481 +0100 -@@ -261,9 +261,9 @@ SET(GEOTIFF_LIB_DIR ${GEOTIFF_LIB_SUBDIR - SET(GEOTIFF_INCLUDE_DIR ${GEOTIFF_INCLUDE_SUBDIR}) +diff -rupN libgeotiff-1.7.3/CMakeLists.txt libgeotiff-1.7.3-new/CMakeLists.txt +--- libgeotiff-1.7.3/CMakeLists.txt 2024-05-24 15:38:59.000000000 +0200 ++++ libgeotiff-1.7.3-new/CMakeLists.txt 2024-05-25 11:35:20.294177785 +0200 +@@ -244,9 +244,9 @@ SET(GEOTIFF_MAN_PAGES + # ${PROJECT_BINARY_DIR}/geotiff_version.h # Install doc files -INSTALL(FILES -- AUTHORS ChangeLog COPYING INSTALL LICENSE README README_BIN README.WIN -- DESTINATION doc) -+#INSTALL(FILES -+ #AUTHORS ChangeLog COPYING INSTALL LICENSE README README_BIN README.WIN -+ #DESTINATION doc) +- AUTHORS ChangeLog COPYING LICENSE README README_BIN README.WIN +- DESTINATION ${CMAKE_INSTALL_DOCDIR}) ++# INSTALL(FILES ++ # AUTHORS ChangeLog COPYING LICENSE README README_BIN README.WIN ++ # DESTINATION ${CMAKE_INSTALL_DOCDIR}) # Install man pages - INSTALL(FILES ${GEOTIFF_MAN_PAGES} DESTINATION share/man/man1) -@@ -329,6 +329,9 @@ endif() + INSTALL(FILES ${GEOTIFF_MAN_PAGES} DESTINATION ${CMAKE_INSTALL_MANDIR}/man1) +@@ -312,6 +312,9 @@ endif() SET_TARGET_PROPERTIES(${GEOTIFF_LIBRARY_TARGET} PROPERTIES OUTPUT_NAME ${GEOTIFF_LIB_NAME}) @@ -41,5 +41,5 @@ diff -rupN --no-dereference libgeotiff-1.7.1/CMakeLists.txt libgeotiff-1.7.1-new + SET_TARGET_PROPERTIES(${GEOTIFF_LIBRARY_TARGET} PROPERTIES SUFFIX "-${LINK_SOVERSION}${CMAKE_SHARED_LIBRARY_SUFFIX}") +ENDIF(MINGW) - set(CONFIG_DEPENDENCIES "") - if(TARGET TIFF::TIFF) + set(CONFIG_PUBLIC_DEPENDENCIES "") + set(CONFIG_PRIVATE_DEPENDENCIES "") diff --git a/SPECS-EXTENDED/libgxps/libgxps.signatures.json b/SPECS-EXTENDED/libgxps/libgxps.signatures.json index 87ef7efb2d..e45f582181 100644 --- a/SPECS-EXTENDED/libgxps/libgxps.signatures.json +++ b/SPECS-EXTENDED/libgxps/libgxps.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "libgxps-0.3.1.tar.xz": "1a939fc8fcea9471b7eca46b1ac90cff89a30d26f65c7c9a375a4bf91223fa94" + "libgxps-0.3.2.tar.xz": "6d27867256a35ccf9b69253eb2a88a32baca3b97d5f4ef7f82e3667fa435251c" } } diff --git a/SPECS-EXTENDED/libgxps/libgxps.spec b/SPECS-EXTENDED/libgxps/libgxps.spec index 007767ad37..d68392e93b 100644 --- a/SPECS-EXTENDED/libgxps/libgxps.spec +++ b/SPECS-EXTENDED/libgxps/libgxps.spec @@ -1,10 +1,9 @@ Vendor: Microsoft Corporation Distribution: Azure Linux Name: libgxps -Version: 0.3.1 -Release: 8%{?dist} +Version: 0.3.2 +Release: 1%{?dist} Summary: GObject based library for handling and rendering XPS documents - License: LGPLv2+ URL: https://wiki.gnome.org/Projects/libgxps Source0: https://ftp.gnome.org/pub/gnome/sources/%{name}/0.3/%{name}-%{version}.tar.xz @@ -77,6 +76,10 @@ documents using the %{name} library. %changelog +* Thu Nov 28 2024 Durga Jagadeesh Palli - 0.3.2-1 +- Update to 0.3.2 +- License verified. + * Fri Mar 31 2023 Pawel Winogrodzki - 0.3.1-8 - Bumping release to re-build with newer 'libtiff' libraries. diff --git a/SPECS-EXTENDED/liblqr-1/liblqr-1.signatures.json b/SPECS-EXTENDED/liblqr-1/liblqr-1.signatures.json index 5ed3e573d0..05ae2adaeb 100644 --- a/SPECS-EXTENDED/liblqr-1/liblqr-1.signatures.json +++ b/SPECS-EXTENDED/liblqr-1/liblqr-1.signatures.json @@ -1,5 +1,6 @@ { "Signatures": { - "liblqr-1-0.4.2.tar.bz2": "173a822efd207d72cda7d7f4e951c5000f31b10209366ff7f0f5972f7f9ff137" + "liblqr-1-0.4.3.tar.bz2": "862fc5cecaa96d38d4d9279c8a6fbfc276393f0548909ee0912e41df59894471" } } + diff --git a/SPECS-EXTENDED/liblqr-1/liblqr-1.spec b/SPECS-EXTENDED/liblqr-1/liblqr-1.spec index f2bf97ddda..c119bf9d4e 100644 --- a/SPECS-EXTENDED/liblqr-1/liblqr-1.spec +++ b/SPECS-EXTENDED/liblqr-1/liblqr-1.spec @@ -1,12 +1,12 @@ Vendor: Microsoft Corporation Distribution: Azure Linux Name: liblqr-1 -Version: 0.4.2 -Release: 15%{?dist} +Version: 0.4.3 +Release: 1%{?dist} Summary: LiquidRescale library -License: GPLv3 -URL: http://liquidrescale.wikidot.com/ -Source0: http://liblqr.wikidot.com/local--files/en:download-page/%{name}-%{version}.tar.bz2 +License: GPLv3 AND LGPLv3 +URL: https://liquidrescale.wikidot.com/ +Source0: https://liblqr.wikidot.com/local--files/en:download-page/%{name}-%{version}.tar.bz2 BuildRequires: gcc BuildRequires: glib2-devel @@ -55,6 +55,10 @@ find $RPM_BUILD_ROOT -name \*.la -exec %{__rm} -f {} \; %changelog +* Thu Nov 07 2024 Kevin Lockwood - 0.4.3-1 +- Update to 0.4.3 +- License verified + * Fri Oct 15 2021 Pawel Winogrodzki - 0.4.2-15 - Initial CBL-Mariner import from Fedora 32 (license: MIT). diff --git a/SPECS-EXTENDED/librevenge/librevenge.signatures.json b/SPECS-EXTENDED/librevenge/librevenge.signatures.json index 435017008d..e211e3fb91 100644 --- a/SPECS-EXTENDED/librevenge/librevenge.signatures.json +++ b/SPECS-EXTENDED/librevenge/librevenge.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "librevenge-0.0.4.tar.xz": "933f0729f04267cc354b9a02bc3e9afefa5512a3bdd0b45f159ee14a3e3347b2" + "librevenge-0.0.5.tar.xz": "106d0c44bb6408b1348b9e0465666fa83b816177665a22cd017e886c1aaeeb34" } -} +} \ No newline at end of file diff --git a/SPECS-EXTENDED/librevenge/librevenge.spec b/SPECS-EXTENDED/librevenge/librevenge.spec index 95d251167d..3cbed1404f 100644 --- a/SPECS-EXTENDED/librevenge/librevenge.spec +++ b/SPECS-EXTENDED/librevenge/librevenge.spec @@ -1,20 +1,24 @@ +Vendor: Microsoft Corporation +Distribution: Azure Linux %global apiversion 0.0 Name: librevenge -Version: 0.0.4 -Release: 18%{?dist} +Version: 0.0.5 +Release: 1%{?dist} Summary: A base library for writing document import filters # src/lib/RVNGOLEStream.{h,cpp} are BSD -License: (LGPLv2+ or MPLv2.0) and BSD +License: ( LGPL-2.1-or-later OR MPL-2.0 ) AND BSD-3-Clause URL: http://sourceforge.net/p/libwpd/wiki/librevenge/ -Source: http://downloads.sourceforge.net/libwpd/%{name}-%{version}.tar.xz +Source: https://downloads.sourceforge.net/libwpd/%{name}-%{version}.tar.xz BuildRequires: boost-devel BuildRequires: doxygen BuildRequires: gcc-c++ BuildRequires: pkgconfig(cppunit) BuildRequires: pkgconfig(zlib) +BuildRequires: python3-devel +BuildRequires: make %description %{name} is a base library for writing document import filters. It has @@ -56,7 +60,6 @@ debugging applications that use %{name}. %configure \ --disable-silent-rules \ --disable-static \ - --disable-werror \ %if ! 0%{?flatpak} --enable-pretty-printers %endif @@ -65,19 +68,20 @@ sed -i \ -e 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' \ -e 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' \ libtool -make %{?_smp_mflags} - +%make_build %install -make install DESTDIR=%{buildroot} -rm -f %{buildroot}/%{_libdir}/*.la +%make_install +rm -f %{buildroot}%{_libdir}/*.la # we install API docs directly from build -rm -rf %{buildroot}/%{_docdir}/%{name} +rm -rf %{buildroot}%{_docdir}/%{name} + +%py_byte_compile %{python3} %{buildroot}%{_datadir} %ldconfig_scriptlets %check export LD_LIBRARY_PATH=%{buildroot}%{_libdir}${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} -make %{?_smp_mflags} check +%make_build check %files %license COPYING.* @@ -102,13 +106,18 @@ make %{?_smp_mflags} check %if ! 0%{?flatpak} %files gdb -%{_datadir}/gdb/auto-load%{_libdir}/%{name}-%{apiversion}.py* -%{_datadir}/gdb/auto-load%{_libdir}/%{name}-stream-%{apiversion}.py* +%{_datadir}/gdb/auto-load%{_libdir}/%{name}-%{apiversion}-gdb.py* +%{_datadir}/gdb/auto-load%{_libdir}/%{name}-stream-%{apiversion}-gdb.py* +%{_datadir}/gdb/auto-load%{_libdir}/__pycache__ %dir %{_datadir}/%{name} %{_datadir}/%{name}/python %endif %changelog +* Mon Nov 11 2024 Sumit Jena - 0.0.5-1 +- Update to version 0.0.5 +- License verified + * Fri Oct 15 2021 Pawel Winogrodzki - 0.0.4-18 - Initial CBL-Mariner import from Fedora 32 (license: MIT). diff --git a/SPECS-EXTENDED/libspiro/libspiro.signatures.json b/SPECS-EXTENDED/libspiro/libspiro.signatures.json index 00e8e2431f..dbc7bb149e 100644 --- a/SPECS-EXTENDED/libspiro/libspiro.signatures.json +++ b/SPECS-EXTENDED/libspiro/libspiro.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "libspiro-20221101.tar.gz": "5984fb5af3e4e1f927f3a74850b705a711fb86284802a5e6170b09786440e8be" + "libspiro-dist-20240903.tar.gz": "1412a21b943c6e1db834ee2d74145aad20b3f62b12152d475613b8241d9cde10" } } diff --git a/SPECS-EXTENDED/libspiro/libspiro.spec b/SPECS-EXTENDED/libspiro/libspiro.spec index c24fb10d76..871e8eb4e4 100644 --- a/SPECS-EXTENDED/libspiro/libspiro.spec +++ b/SPECS-EXTENDED/libspiro/libspiro.spec @@ -1,19 +1,22 @@ Summary: Library to simplify the drawing of beautiful curves Name: libspiro -Version: 20221101 +Version: 20240903 Release: 1%{?dist} +# The files that are used to compile this library are all in GPLv3+ +# https://github.com/fontforge/libspiro/issues/8 License: GPL-3.0-or-later Vendor: Microsoft Corporation Distribution: Azure Linux URL: https://github.com/fontforge/libspiro/ -Source0: https://github.com/fontforge/libspiro/releases/download/%{version}/libspiro-dist-%{version}.tar.gz#/%{name}-%{version}.tar.gz +# Let's use libspiro-dist tarball from upstream as it does not require autoreconf +Source0: https://github.com/fontforge/libspiro/releases/download/%{version}/libspiro-dist-%{version}.tar.gz BuildRequires: gcc -BuildRequires: make +BuildRequires: make %description -This library will take an array of spiro control points and -convert them into a series of bézier splines which can then -be used in the myriad of ways the world has come to use béziers. +This library will take an array of spiro control points and +convert them into a series of bézier splines which can then +be used in the myriad of ways the world has come to use béziers. %package devel Summary: Development files for %{name} @@ -28,11 +31,14 @@ developing applications that use %{name}. %build %configure --disable-static -%make_build +%{make_build} %install -%make_install -find %{buildroot} -type f -name "*.la" -delete -print +%{make_install} +find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' + +%check +make check %files %doc README* ChangeLog AUTHORS @@ -46,6 +52,9 @@ find %{buildroot} -type f -name "*.la" -delete -print %{_mandir}/man3/libspiro.3.gz %changelog +* Tue Nov 12 2024 Sumit Jena - 20240903-1 +- Update to version 20240903 + * Fri Oct 15 2021 Muhammad Falak - 20221101-1 - Bump version to address CVE-2019-19847 - Lint spec diff --git a/SPECS-EXTENDED/libunicap/0001-Address-po-files-issues.patch b/SPECS-EXTENDED/libunicap/0001-Address-po-files-issues.patch new file mode 100644 index 0000000000..0fddc9042c --- /dev/null +++ b/SPECS-EXTENDED/libunicap/0001-Address-po-files-issues.patch @@ -0,0 +1,25 @@ +From f42dde2a8b920ec8b0ceb7a23df3ea4425d47598 Mon Sep 17 00:00:00 2001 +From: Sreenivasulu Malavathula +Date: Fri, 25 Apr 2025 17:42:16 -0500 +Subject: [PATCH] Address po files issues + +--- + po/de.po | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/po/de.po b/po/de.po +index 8ae03d0..8bf3688 100644 +--- a/po/de.po ++++ b/po/de.po +@@ -13,7 +13,7 @@ msgstr "" + "Last-Translator: <>\n" + "Language-Team: \n" + "MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=\n" ++"Content-Type: text/plain; charset=UTF-8\n" + "Content-Transfer-Encoding: " + + #: ../libunicapgtk/unicapgtk_device_property.c:654 +-- +2.45.2 + diff --git a/SPECS-EXTENDED/libunicap/libunicap.spec b/SPECS-EXTENDED/libunicap/libunicap.spec index c7ba3818ef..d9efbd9703 100644 --- a/SPECS-EXTENDED/libunicap/libunicap.spec +++ b/SPECS-EXTENDED/libunicap/libunicap.spec @@ -1,7 +1,7 @@ Summary: Library to access different kinds of (video) capture devices Name: libunicap Version: 0.9.12 -Release: 29%{?dist} +Release: 30%{?dist} License: GPL-2.0-or-later Vendor: Microsoft Corporation Distribution: Azure Linux @@ -17,6 +17,7 @@ Patch5: libunicap-bz642118.patch Patch6: libunicap-0.9.12-videodev.patch Patch7: libunicap-0.9.12-datadirname.patch Patch8: libunicap-0.9.12-gcc10.patch +Patch9: 0001-Address-po-files-issues.patch %define _use_internal_dependency_generator 0 %define __find_provides sh %{SOURCE1} %{prev__find_provides} %define __find_requires sh %{SOURCE1} %{prev__find_requires} @@ -103,6 +104,9 @@ mv -f %{buildroot}%{_sysconfdir}/udev/rules.d/50-euvccam.rules %{buildroot}%{_ud %exclude %{_datadir}/gtk-doc/html/%{name} %changelog +* Fri Apr 25 2025 Sreeniavsulu Malavathula - 0.9.12-30 +- Fix build issues. + * Thu Feb 22 2024 Pawel Winogrodzki - 0.9.12-29 - Updating naming for 3.0 version of Azure Linux. diff --git a/SPECS-EXTENDED/libutempter/libutempter.signatures.json b/SPECS-EXTENDED/libutempter/libutempter.signatures.json index 6cf5786b8d..636172faa9 100644 --- a/SPECS-EXTENDED/libutempter/libutempter.signatures.json +++ b/SPECS-EXTENDED/libutempter/libutempter.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "libutempter-1.1.6.tar.bz2": "b898565f31ced7e5c1fa0a2eaa0f6ff0ed862b5fe375d26375b64bfbdfeac397" + "libutempter-1.2.1.tar.gz": "967fef372f391de501843ad87570c6cf5dabd9651f00f1783090fbc12b2a34cb" } } diff --git a/SPECS-EXTENDED/libutempter/libutempter.spec b/SPECS-EXTENDED/libutempter/libutempter.spec index 2087891b9f..5d08ac2ab1 100644 --- a/SPECS-EXTENDED/libutempter/libutempter.spec +++ b/SPECS-EXTENDED/libutempter/libutempter.spec @@ -4,14 +4,15 @@ Distribution: Azure Linux Summary: A privileged helper for utmp/wtmp updates Name: libutempter -Version: 1.1.6 -Release: 19%{?dist} -License: LGPLv2+ -URL: https://github.com/altlinux/libutempter -# Sourece0: https://github.com/altlinux/libutempter/archive/refs/tags/1.1.6-alt2.tar.gz -Source0: https://github.com/altlinux/libutempter/archive/refs/tags/%{name}-%{version}.tar.bz2 +Version: 1.2.1 +Release: 16%{?dist} +License: LGPL-2.1-or-later AND LGPL-2.1-only +URL: ftp://ftp.altlinux.org/pub/people/ldv/utempter + +Source0: https://ftp.altlinux.org/pub/people/ldv/libutempter/libutempter-1.2.1.tar.gz BuildRequires: gcc +BuildRequires: make Requires(pre): shadow-utils @@ -37,15 +38,13 @@ make CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS" \ libdir="%{_libdir}" libexecdir="%{_libexecdir}" %install -make install DESTDIR="$RPM_BUILD_ROOT" libdir="%{_libdir}" libexecdir="%{_libexecdir}" +%make_install libdir="%{_libdir}" libexecdir="%{_libexecdir}" rm -f $RPM_BUILD_ROOT%{_libdir}/*.a %pre -{ - %{_sbindir}/groupadd -g 22 -r -f utmp || : - %{_sbindir}/groupadd -g 35 -r -f utempter || : -} +groupadd -g 22 -r -f utmp || : +groupadd -g 35 -r -f utempter || : %ldconfig_scriptlets @@ -63,8 +62,58 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.a %{_mandir}/man3/* %changelog -* Fri Oct 15 2021 Pawel Winogrodzki - 1.1.6-19 -- Initial CBL-Mariner import from Fedora 32 (license: MIT). +* Mon Nov 18 2024 Sreenivasulu Malavathula - 1.2.1-16 +- Initial Azure Linux import from Fedora 41 (license: MIT) +- License verified + +* Thu Jul 18 2024 Fedora Release Engineering - 1.2.1-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Fri Jul 12 2024 Zbigniew Jedrzejewski-Szmek - 1.2.1-14 +- Call groupadd without full path + +* Thu Jan 25 2024 Fedora Release Engineering - 1.2.1-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Fedora Release Engineering - 1.2.1-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Tue Oct 31 2023 Tomas Korbar - 1.2.1-11 +- Add additional SPDX licenses found by scancode tool + +* Thu Jul 20 2023 Fedora Release Engineering - 1.2.1-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Sun Mar 12 2023 Tomas Korbar - 1.2.1-9 +- Change the License tag to the SPDX format + +* Thu Jan 19 2023 Fedora Release Engineering - 1.2.1-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Jul 21 2022 Fedora Release Engineering - 1.2.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Thu Jan 20 2022 Fedora Release Engineering - 1.2.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Jul 22 2021 Fedora Release Engineering - 1.2.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Jan 26 2021 Fedora Release Engineering - 1.2.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Aug 13 2020 Tomas Korbar - 1.2.1-3 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Tue Jul 28 2020 Fedora Release Engineering - 1.2.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 07 2020 Tomas Korbar - 1.2.1-1 +- Update to 1.2.1 (#1854129) + +* Mon May 25 2020 Tomas Korbar - 1.2.0-1 +- Update to 1.2.0 (#1831940) * Wed Jan 29 2020 Fedora Release Engineering - 1.1.6-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild diff --git a/SPECS-EXTENDED/lksctp-tools/lib-define-cmsg-array-with-correct-size-in-sendv-and.patch b/SPECS-EXTENDED/lksctp-tools/lib-define-cmsg-array-with-correct-size-in-sendv-and.patch new file mode 100644 index 0000000000..89cfe7a479 --- /dev/null +++ b/SPECS-EXTENDED/lksctp-tools/lib-define-cmsg-array-with-correct-size-in-sendv-and.patch @@ -0,0 +1,63 @@ +From f6d64dc3fdcba8f7ced61ea26270ebc0c38b5312 Mon Sep 17 00:00:00 2001 +From: Xin Long +Date: Sun, 28 Jan 2024 12:18:08 -0500 +Subject: [PATCH] lib: define cmsg array with correct size in sendv and recvv + +Philipp recently found a buffer overflow crash in his application when +using sctp_sendv(). + +In sctp_sendv(), the cmsg array is defined as one whole cmsg: + + char _cmsg[CMSG_SPACE(sizeof(struct sctp_sendv_spa))] + +while these options in struct sctp_sendv_spa are packed into msg_control +with multiple cmsgs, instead one whole cmsg. + +So fix it by defining cmsg array with correct size: + + char _cmsg[CMSG_SPACE(sizeof(struct sctp_sndinfo)) + + CMSG_SPACE(sizeof(struct sctp_prinfo)) + + CMSG_SPACE(sizeof(struct sctp_authinfo))]; + +Note that the similar fix is also needed in sctp_recvv(). + +Reported-by: Philipp Stanner +Signed-off-by: Xin Long +--- + src/lib/recvmsg.c | 4 ++-- + src/lib/sendmsg.c | 4 +++- + 2 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/lib/recvmsg.c b/src/lib/recvmsg.c +index 88fe061..d4bf558 100644 +--- a/src/lib/recvmsg.c ++++ b/src/lib/recvmsg.c +@@ -105,8 +105,8 @@ int sctp_recvv(int s, const struct iovec *iov, int iovlen, + struct sockaddr *from, socklen_t *fromlen, void *info, + socklen_t *infolen, unsigned int *infotype, int *flags) + { +- char incmsg[CMSG_SPACE(sizeof(struct sctp_rcvinfo) + +- sizeof(struct sctp_nxtinfo))]; ++ char incmsg[CMSG_SPACE(sizeof(struct sctp_rcvinfo)) + ++ CMSG_SPACE(sizeof(struct sctp_nxtinfo))]; + int error, len, _infolen; + struct cmsghdr *cmsg; + struct msghdr inmsg; +diff --git a/src/lib/sendmsg.c b/src/lib/sendmsg.c +index bee4921..385db7e 100644 +--- a/src/lib/sendmsg.c ++++ b/src/lib/sendmsg.c +@@ -123,7 +123,9 @@ int sctp_sendv(int s, const struct iovec *iov, int iovcnt, + struct sockaddr *addrs, int addrcnt, void *info, + socklen_t infolen, unsigned int infotype, int flags) + { +- char _cmsg[CMSG_SPACE(sizeof(struct sctp_sendv_spa))]; ++ char _cmsg[CMSG_SPACE(sizeof(struct sctp_sndinfo)) + ++ CMSG_SPACE(sizeof(struct sctp_prinfo)) + ++ CMSG_SPACE(sizeof(struct sctp_authinfo))]; + struct cmsghdr *cmsg = (struct cmsghdr *)_cmsg; + struct msghdr outmsg = {}; + struct sockaddr *addr; +-- +2.39.1 + diff --git a/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.16-libdir.patch b/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.16-libdir.patch deleted file mode 100644 index c90356d6d7..0000000000 --- a/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.16-libdir.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- lksctp-tools-1.0.16/src/withsctp/withsctp.in.orig 2014-02-18 10:42:49.000000000 +0000 -+++ lksctp-tools-1.0.16/src/withsctp/withsctp.in 2014-05-06 12:24:12.931873787 +0100 -@@ -1,6 +1,6 @@ - #!/bin/sh - # -*- sh -*- --LIBDIR=@libdir@/@PACKAGE@ -+LIBDIR=`rpm --eval "%{_libdir}"`/@PACKAGE@ - BINDIR=@bindir@ - export LD_PRELOAD=${LIBDIR}/libwithsctp.so.1.0.17 - if ! ${BINDIR}/checksctp 2> /dev/null diff --git a/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-autoconf_2_70.patch b/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-autoconf_2_70.patch deleted file mode 100644 index fa7b4195d9..0000000000 --- a/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-autoconf_2_70.patch +++ /dev/null @@ -1,82 +0,0 @@ -From d6d7130f0a2e3b81880fca29966e42c1b2be40a7 Mon Sep 17 00:00:00 2001 -From: Sergei Trofimovich -Date: Fri, 8 Jan 2021 22:22:52 +0000 -Subject: [PATCH] m4/sctp.m4: make conpatible to autoconf-2.70 - -On recently released `autoconf-2.70` generated `./configure` -fails as: - -``` -$ ./configure -... -checking for struct sctp_event_subscribe.sctp_stream_reset_event... yes -checking for gcc options needed to detect all undeclared functions... none needed -./configure: line 16464: syntax error: unexpected end of file -``` - -This happens becuase new autoconf generates less whitespace: - -``` -{ -if ... -... -fi} -``` - -It requires at least whitespace between `fi` and `}`. - -As input already has newlines the change just drops extra `{}`. - -Tested on `autoconf-2.69` and `autoconf-2.70`. - -Signed-off-by: Sergei Trofimovich -Signed-off-by: Marcelo Ricardo Leitner ---- - m4/sctp.m4 | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/m4/sctp.m4 b/m4/sctp.m4 -index 6593517..94527a6 100644 ---- a/m4/sctp.m4 -+++ b/m4/sctp.m4 -@@ -6,7 +6,7 @@ - - # Macros to assist on probing kernel features - # Probes if a type is defined --AC_DEFUN([LKSCTP_CHECK_TYPE], [{ -+AC_DEFUN([LKSCTP_CHECK_TYPE], [ - AC_CHECK_TYPE([$1], - AC_DEFINE([$2], 1, - [Define if $1 is present.]) -@@ -22,10 +22,10 @@ AC_CHECK_TYPE([$1], - #ifdef HAVE_LINUX_SCTP_H - # include - #endif --])}]) -+])]) - - # Probes if a struct has a given member --AC_DEFUN([LKSCTP_CHECK_MEMBER], [{ -+AC_DEFUN([LKSCTP_CHECK_MEMBER], [ - AC_CHECK_MEMBER([$1], - AC_DEFINE([$2], 1, - [Define if $1 is present.]) -@@ -41,10 +41,10 @@ AC_CHECK_MEMBER([$1], - #ifdef HAVE_LINUX_SCTP_H - # include - #endif --])}]) -+])]) - - # Probes if a declaration is present --AC_DEFUN([LKSCTP_CHECK_DECL], [{ -+AC_DEFUN([LKSCTP_CHECK_DECL], [ - AC_CHECK_DECL([$1], - AC_DEFINE([$2], 1, - [Define if $1 is present.]) -@@ -60,4 +60,4 @@ AC_CHECK_DECL([$1], - #ifdef HAVE_LINUX_SCTP_H - # include - #endif --])}]) -+])]) diff --git a/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-build-0b0dce7a36fb-actually-belongs-to-v4.19.patch b/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-build-0b0dce7a36fb-actually-belongs-to-v4.19.patch deleted file mode 100644 index d824fcd9ef..0000000000 --- a/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-build-0b0dce7a36fb-actually-belongs-to-v4.19.patch +++ /dev/null @@ -1,31 +0,0 @@ -From e5952a0cdfa8b1b56a5823574835f1f771f14ae0 Mon Sep 17 00:00:00 2001 -From: Marcelo Ricardo Leitner -Date: Fri, 24 Aug 2018 09:53:00 -0300 -Subject: [PATCH 3/3] build: 0b0dce7a36fb actually belongs to v4.19 - -Typo or not, this commit actually belongs to v4.19 and made me wonder why -on v4.18 it didn't find this feature. - -Fixes: 817f0bfa248f ("build: add two defines for Peer Address Parameters extensions on sctp_paddrparams") -Signed-off-by: Marcelo Ricardo Leitner -Reviewed-by: Xin Long ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index f55775a..5de5c76 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -101,7 +101,7 @@ LKSCTP_CHECK_TYPE([struct sctp_prinfo], [HAVE_SCTP_SENDV]) - # added on v4.16, 30f6ebf65bc4 - LKSCTP_CHECK_DECL([SCTP_AUTH_NO_AUTH], [HAVE_SCTP_AUTH_NO_AUTH]) - --# New members to sctp_paddrparams, added on v4.18, 0b0dce7a36fb -+# New members to sctp_paddrparams, added on v4.19, 0b0dce7a36fb - LKSCTP_CHECK_MEMBER([struct sctp_paddrparams.spp_ipv6_flowlabel], - [HAVE_SCTP_SPP_IPV6_FLOWLABEL]) - LKSCTP_CHECK_MEMBER([struct sctp_paddrparams.spp_dscp], --- -1.8.3.1 - diff --git a/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-build-fix-netinet-sctp.h-not-to-be-installed.patch b/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-build-fix-netinet-sctp.h-not-to-be-installed.patch deleted file mode 100644 index 48c61dbb3e..0000000000 --- a/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-build-fix-netinet-sctp.h-not-to-be-installed.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 378560050a8f93786c590cc99a55461666205b61 Mon Sep 17 00:00:00 2001 -From: Xin Long -Date: Fri, 24 Aug 2018 01:13:32 +0800 -Subject: [PATCH] build: fix netinet/sctp.h not to be installed - -After libcnetinet_HEADERS was set to sctp.h.in, netinet/sctp.h can -no longer be installed into ${includedir}. - -Since "AC_CONFIG_HEADERS([src/include/netinet/sctp.h])" is already -added into configure.ac, there's no need to generate sctp.h by -automake. - -So we simply set libcnetinet_HEADERS back to sctp.h. - -Fixes: 9607dd85e70a ("netinet/sctp.h: dynamically build based on system setup") -Signed-off-by: Xin Long -Signed-off-by: Marcelo Ricardo Leitner ---- - src/include/netinet/Makefile.am | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/src/include/netinet/Makefile.am b/src/include/netinet/Makefile.am -index ca0aac2..965db8c 100644 ---- a/src/include/netinet/Makefile.am -+++ b/src/include/netinet/Makefile.am -@@ -11,5 +11,4 @@ libcnetinetdir = $(includedir)/netinet - # API. - include_HEADERS = - --libcnetinet_HEADERS = sctp.h.in --BUILT_SOURCES = sctp.h -+libcnetinet_HEADERS = sctp.h --- -1.8.3.1 - diff --git a/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-build-fix-probing-for-HAVE_SCTP_SENDV.patch b/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-build-fix-probing-for-HAVE_SCTP_SENDV.patch deleted file mode 100644 index c1f7180bff..0000000000 --- a/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-build-fix-probing-for-HAVE_SCTP_SENDV.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 596efd6631b83069d41782fb0ee2d6cf76a50dfa Mon Sep 17 00:00:00 2001 -From: Marcelo Ricardo Leitner -Date: Fri, 24 Aug 2018 09:52:59 -0300 -Subject: [PATCH 2/3] build: fix probing for HAVE_SCTP_SENDV - -Somehow it was using a type that is non-existent. The right one is -sctp_prinfo, introduced on ed63afb8a318 ("sctp: add support for PR-SCTP -Information for sendmsg"), present on v4.17. - -Fixes: 1b798f1ca3b5 ("build: add define HAVE_SCTP_AUTH_NO_AUTH") -Signed-off-by: Marcelo Ricardo Leitner -Reviewed-by: Xin Long ---- - configure.ac | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/configure.ac b/configure.ac -index dad658c..f55775a 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -94,9 +94,8 @@ LKSCTP_CHECK_MEMBER([struct sctp_pdapi_event.pdapi_stream], - LKSCTP_CHECK_MEMBER([struct sctp_pdapi_event.pdapi_seq], - [HAVE_SCTP_PDAPI_EVENT_PDAPI_SEQ]) - --# PR-SCTP field used to probe for sendv/recvv support, added on v4.17 --LKSCTP_CHECK_MEMBER([struct sendv_prinfo.sctp_prinfo], -- [HAVE_SCTP_SENDV]) -+# PR-SCTP struct used to probe for sendv/recvv support, added on v4.17 -+LKSCTP_CHECK_TYPE([struct sctp_prinfo], [HAVE_SCTP_SENDV]) - - # This event indicates that the peer does not support SCTP authentication, - # added on v4.16, 30f6ebf65bc4 --- -1.8.3.1 - diff --git a/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-build-remove-v4.12-secondary-defines-in-favor-of-HAV.patch b/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-build-remove-v4.12-secondary-defines-in-favor-of-HAV.patch deleted file mode 100644 index 3246cb8e74..0000000000 --- a/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-build-remove-v4.12-secondary-defines-in-favor-of-HAV.patch +++ /dev/null @@ -1,52 +0,0 @@ -From db6d15bf12a0123e4320e5fd7cb688331dea1bdc Mon Sep 17 00:00:00 2001 -From: Marcelo Ricardo Leitner -Date: Fri, 24 Aug 2018 09:52:58 -0300 -Subject: [PATCH 1/3] build: remove v4.12 secondary defines in favor of - HAVE_SCTP_STREAM_RECONFIG - -These were backups, commented out since beginning. -HAVE_SCTP_STREAM_RECONFIG is enough to identify that these are there, so -lets use only one. - -Signed-off-by: Marcelo Ricardo Leitner -Reviewed-by: Xin Long ---- - configure.ac | 8 -------- - src/include/netinet/sctp.h.in | 2 -- - 2 files changed, 10 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 2ae36ec..dad658c 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -82,14 +82,6 @@ AC_CHECK_FUNCS([bzero gethostbyname gettimeofday memmove memset select socket \ - LKSCTP_CHECK_MEMBER([struct sctp_event_subscribe.sctp_stream_reset_event], - [HAVE_SCTP_STREAM_RESET_EVENT]) - --# Support for assoc reset event, added on v4.12, c95129d127c6 --#LKSCTP_CHECK_MEMBER([struct sctp_event_subscribe.sctp_assoc_reset_event], \ --# [HAVE_SCTP_ASSOC_RESET_EVENT]) -- --# Support for stream change event, added on v4.12, b444153fb5a6 --#LKSCTP_CHECK_MEMBER([struct sctp_event_subscribe.sctp_stream_change_event], \ --# [HAVE_SCTP_STREAM_CHANGE_EVENT]) -- - # RFC 6525 (Stream Reconf), finished on v4.12, c0d8bab6ae51 - LKSCTP_CHECK_DECL([SCTP_RECONFIG_SUPPORTED], [HAVE_SCTP_STREAM_RECONFIG]) - -diff --git a/src/include/netinet/sctp.h.in b/src/include/netinet/sctp.h.in -index c049077..2009f1c 100644 ---- a/src/include/netinet/sctp.h.in -+++ b/src/include/netinet/sctp.h.in -@@ -61,8 +61,6 @@ extern "C" { - #define HAVE_SCTP_CANSET_PRIMARY - - #undef HAVE_SCTP_STREAM_RESET_EVENT --#undef HAVE_SCTP_ASSOC_RESET_EVENT --#undef HAVE_SCTP_STREAM_CHANGE_EVENT - #undef HAVE_SCTP_STREAM_RECONFIG - #undef HAVE_SCTP_PEELOFF_FLAGS - #undef HAVE_SCTP_PDAPI_EVENT_PDAPI_STREAM --- -1.8.3.1 - diff --git a/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-configure.ac-add-CURRENT-REVISION-and-AGE-for-libsct.patch b/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-configure.ac-add-CURRENT-REVISION-and-AGE-for-libsct.patch deleted file mode 100644 index 2b2c645dc6..0000000000 --- a/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-configure.ac-add-CURRENT-REVISION-and-AGE-for-libsct.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 7de2bd7e769f10521e3d0c2cb42c6f6b9b505dd0 Mon Sep 17 00:00:00 2001 -From: Xin Long -Date: Thu, 16 Aug 2018 14:12:30 +0800 -Subject: [PATCH] configure.ac: add CURRENT REVISION and AGE for libsctp and - libwithsctp - -Add CURRENT REVISION and AGE for libsctp and libwithsctp in -configure.ac to update these 2 library version information. - -Compatible with before, they will start from 1:18:0. But each -will get updated according to their definitions in the future. - -Signed-off-by: Xin Long -Acked-by: Neil Horman -Signed-off-by: Marcelo Ricardo Leitner ---- - configure.ac | 7 +++++++ - src/lib/Makefile.am | 7 +++++-- - src/withsctp/Makefile.am | 3 ++- - 3 files changed, 14 insertions(+), 3 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 275ef4e..2ae36ec 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -14,6 +14,13 @@ dnl reduce clutter in the root; if we put it below AM_INIT_AUTOMAKE, - dnl configure will fail ...) - - AC_INIT([lksctp-tools], [1.0.18], [], [], [http://www.lksctp.org/]) -+AC_SUBST(LIBSCTP_CURRENT, 1) -+AC_SUBST(LIBSCTP_REVISION, 18) -+AC_SUBST(LIBSCTP_AGE, 0) -+AC_SUBST(LIBWITHSCTP_CURRENT, 1) -+AC_SUBST(LIBWITHSCTP_REVISION, 18) -+AC_SUBST(LIBWITHSCTP_AGE, 0) -+ - AC_CONFIG_AUX_DIR(bin) - AC_CONFIG_SRCDIR([src/apps/sctp_darn.c]) - AC_CONFIG_HEADERS([config.h]) -diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am -index 6100c56..1d62175 100644 ---- a/src/lib/Makefile.am -+++ b/src/lib/Makefile.am -@@ -8,5 +8,8 @@ AM_CPPFLAGS = -I$(top_srcdir)/src/include - - lib_LTLIBRARIES = libsctp.la - --libsctp_la_SOURCES = bindx.c connectx.c peeloff.c opt_info.c addrs.c sendmsg.c recvmsg.c Versions.map --libsctp_la_LDFLAGS = -version-info 1:17:0 -Wl,--version-script=$(srcdir)/Versions.map -+libsctp_la_SOURCES = bindx.c connectx.c peeloff.c opt_info.c \ -+ addrs.c sendmsg.c recvmsg.c Versions.map -+libsctp_la_LDFLAGS = -version-info \ -+ @LIBSCTP_CURRENT@:@LIBSCTP_REVISION@:@LIBSCTP_AGE@ \ -+ -Wl,--version-script=$(srcdir)/Versions.map -diff --git a/src/withsctp/Makefile.am b/src/withsctp/Makefile.am -index 70b1cca..1f6ca37 100644 ---- a/src/withsctp/Makefile.am -+++ b/src/withsctp/Makefile.am -@@ -14,7 +14,8 @@ AM_CPPFLAGS=-I$(top_srcdir)/src/include - pkglib_LTLIBRARIES = libwithsctp.la - libwithsctp_la_SOURCES = sctp_load_libs.c sctp_socket.c sctp_bind.c \ - sctp_sockopt.c sctp_socket.h --libwithsctp_la_LDFLAGS = -version-info 1:17:0 -ldl -+libwithsctp_la_LDFLAGS = -version-info \ -+ @LIBWITHSCTP_CURRENT@:@LIBWITHSCTP_REVISION@:@LIBWITHSCTP_AGE@ -ldl - - pkgdoc_DATA = sctp_load_libs.c sctp_socket.c sctp_bind.c \ - sctp_sockopt.c sctp_socket.h checksctp.c --- -1.8.3.1 - diff --git a/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-withsctp-use-PACKAGE_VERSION-in-withsctp.h.patch b/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-withsctp-use-PACKAGE_VERSION-in-withsctp.h.patch deleted file mode 100644 index 002ab436c5..0000000000 --- a/SPECS-EXTENDED/lksctp-tools/lksctp-tools-1.0.18-withsctp-use-PACKAGE_VERSION-in-withsctp.h.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 7c0ef4d441b3833e721df58f56e2cb8c81b34df4 Mon Sep 17 00:00:00 2001 -From: Xin Long -Date: Thu, 16 Aug 2018 14:12:01 +0800 -Subject: [PATCH] withsctp: use @PACKAGE_VERSION@ in withsctp.h - -use @PACKAGE_VERSION@ to replace the hardcode version. - -Signed-off-by: Xin Long -Acked-by: Neil Horman -Signed-off-by: Marcelo Ricardo Leitner ---- - Makefile.rules | 3 ++- - src/withsctp/withsctp.in | 3 ++- - 2 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/Makefile.rules b/Makefile.rules -index 83f5f0c..d3693fa 100644 ---- a/Makefile.rules -+++ b/Makefile.rules -@@ -15,4 +15,5 @@ - edit = @sed \ - -e "s|\@bindir\@|$(bindir)|" \ - -e "s|\@libdir\@|$(libdir)|" \ -- -e "s|\@PACKAGE\@|$(PACKAGE)|" -+ -e "s|\@PACKAGE\@|$(PACKAGE)|" \ -+ -e "s|\@PACKAGE_VERSION\@|$(PACKAGE_VERSION)|" -diff --git a/src/withsctp/withsctp.in b/src/withsctp/withsctp.in -index 7f182ba..fda5ebc 100644 ---- a/src/withsctp/withsctp.in -+++ b/src/withsctp/withsctp.in -@@ -2,7 +2,8 @@ - # -*- sh -*- - LIBDIR=`rpm --eval "%{_libdir}"`/@PACKAGE@ - BINDIR=@bindir@ --export LD_PRELOAD=${LIBDIR}/libwithsctp.so.1.0.17 -+LIBVER=@PACKAGE_VERSION@ -+export LD_PRELOAD=${LIBDIR}/libwithsctp.so.${LIBVER} - if ! ${BINDIR}/checksctp 2> /dev/null - then - ${BINDIR}/checksctp; --- -1.8.3.1 - diff --git a/SPECS-EXTENDED/lksctp-tools/lksctp-tools-symver.patch b/SPECS-EXTENDED/lksctp-tools/lksctp-tools-symver.patch deleted file mode 100644 index 25ead689d5..0000000000 --- a/SPECS-EXTENDED/lksctp-tools/lksctp-tools-symver.patch +++ /dev/null @@ -1,85 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 5de5c76..d3e31c3 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -130,4 +130,12 @@ AC_ARG_ENABLE(tests, - [enable_tests=yes]) - AM_CONDITIONAL(BUILD_TESTS, [test $enable_tests != no]) - -+# GCC tries to be "helpful" and only issue a warning for unrecognized -+# attributes. So we compile the test with Werror, so that if the -+# attribute is not recognized the compilation fails -+AC_LANG(C) -+AC_LANG_WERROR -+AC_COMPILE_IFELSE([AC_LANG_SOURCE([[__attribute__ ((symver ("foo@foo_1"))) void frob (void) { }]])], -+ [AC_DEFINE([HAVE_ATTRIBUTE_SYMVER], [1], [Checking for symver attribute])], []) -+ - AC_OUTPUT -diff --git a/src/lib/connectx.c b/src/lib/connectx.c -index 5f4552b..2a21e3a 100644 ---- a/src/lib/connectx.c -+++ b/src/lib/connectx.c -@@ -26,6 +26,18 @@ - #include - #include - #include -+#include "config.h" -+ -+#define __SYMPFX(pfx, sym) #pfx sym -+#define _SYMPFX(pfx, sym) __SYMPFX(pfx, sym) -+#define SYMPFX(sym) _SYMPFX(__USER_LABEL_PREFIX__, #sym) -+ -+#if HAVE_ATTRIBUTE_SYMVER -+#define SYMVER(name, name2) __attribute__ ((symver (SYMPFX(name2)))) -+#else -+#define SYMVER(name, name2) __asm__(".symver " SYMPFX(name) "," SYMPFX(name2)); -+#endif -+ - - /* Support the sctp_connectx() interface. - * -@@ -64,6 +76,7 @@ static int __connectx_addrsize(const struct sockaddr *addrs, - } - - -+SYMVER(__sctp_connectx, sctp_connectx@) - int __sctp_connectx(int fd, struct sockaddr *addrs, int addrcnt) - { - int addrs_size = __connectx_addrsize(addrs, addrcnt); -@@ -75,6 +88,7 @@ int __sctp_connectx(int fd, struct sockaddr *addrs, int addrcnt) - addrs_size); - } - -+SYMVER(sctp_connectx_orig, sctp_connectx@VERS_1) - extern int sctp_connectx_orig (int) - __attribute ((alias ("__sctp_connectx"))); - -@@ -114,6 +128,7 @@ static int __connectx(int fd, struct sockaddr *addrs, socklen_t addrs_size, - addrs, addrs_size); - } - -+SYMVER(sctp_connectx2, sctp_connectx@VERS_2) - int sctp_connectx2(int fd, struct sockaddr *addrs, int addrcnt, - sctp_assoc_t *id) - { -@@ -125,6 +140,7 @@ int sctp_connectx2(int fd, struct sockaddr *addrs, int addrcnt, - return __connectx(fd, addrs, addrs_size, id); - } - -+SYMVER(sctp_connectx3, sctp_connectx@@VERS_3) - int sctp_connectx3(int fd, struct sockaddr *addrs, int addrcnt, - sctp_assoc_t *id) - { -@@ -179,12 +195,3 @@ int sctp_connectx3(int fd, struct sockaddr *addrs, int addrcnt, - return __connectx(fd, addrs, addrs_size, id); - } - --#define __SYMPFX(pfx, sym) #pfx sym --#define _SYMPFX(pfx, sym) __SYMPFX(pfx, sym) --#define SYMPFX(sym) _SYMPFX(__USER_LABEL_PREFIX__, #sym) --#define SYMVER(name, name2) __asm__(".symver " SYMPFX(name) "," SYMPFX(name2)) -- --SYMVER(__sctp_connectx, sctp_connectx@); --SYMVER(sctp_connectx_orig, sctp_connectx@VERS_1); --SYMVER(sctp_connectx2, sctp_connectx@VERS_2); --SYMVER(sctp_connectx3, sctp_connectx@@VERS_3); diff --git a/SPECS-EXTENDED/lksctp-tools/lksctp-tools.signatures.json b/SPECS-EXTENDED/lksctp-tools/lksctp-tools.signatures.json index 0012a37f50..9b7caefd96 100644 --- a/SPECS-EXTENDED/lksctp-tools/lksctp-tools.signatures.json +++ b/SPECS-EXTENDED/lksctp-tools/lksctp-tools.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "lksctp-tools-1.0.18.tar.gz": "90ef75d4074f2064765324e218eda15c62dfeb0f24a40d7e90a5fba9a1bc0093" + "lksctp-tools-1.0.19.tar.gz": "0c8fac0a5c66eea339dce6be857101b308ce1064c838b81125b0dde3901e8032" } } diff --git a/SPECS-EXTENDED/lksctp-tools/lksctp-tools.spec b/SPECS-EXTENDED/lksctp-tools/lksctp-tools.spec index 67ce9c6595..1a63af7ba3 100644 --- a/SPECS-EXTENDED/lksctp-tools/lksctp-tools.spec +++ b/SPECS-EXTENDED/lksctp-tools/lksctp-tools.spec @@ -2,23 +2,21 @@ Vendor: Microsoft Corporation Distribution: Azure Linux Name: lksctp-tools Summary: User-space access to Linux Kernel SCTP -Version: 1.0.18 -Release: 6%{?dist} -# src/apps/bindx_test.C is GPLv2, I've asked upstream for clarification -License: GPLv2 and LGPLv2+ +Version: 1.0.19 +Release: 10%{?dist} +License: GPL-2.0-or-later AND LGPL-2.0-only AND MIT Group: System Environment/Libraries URL: http://lksctp.sourceforge.net Source0: https://github.com/sctp/lksctp-tools/archive/%{name}-%{version}.tar.gz -Patch0: lksctp-tools-1.0.16-libdir.patch -Patch1: lksctp-tools-1.0.18-withsctp-use-PACKAGE_VERSION-in-withsctp.h.patch -Patch2: lksctp-tools-1.0.18-configure.ac-add-CURRENT-REVISION-and-AGE-for-libsct.patch -Patch3: lksctp-tools-1.0.18-build-fix-netinet-sctp.h-not-to-be-installed.patch -Patch4: lksctp-tools-1.0.18-build-remove-v4.12-secondary-defines-in-favor-of-HAV.patch -Patch5: lksctp-tools-1.0.18-build-fix-probing-for-HAVE_SCTP_SENDV.patch -Patch6: lksctp-tools-1.0.18-build-0b0dce7a36fb-actually-belongs-to-v4.19.patch -Patch7: lksctp-tools-symver.patch -Patch8: lksctp-tools-1.0.18-autoconf_2_70.patch +Patch0: sctp_test-check-strdup-return-in-append_addr.patch +Patch1: man-add-the-missing-description-for-3-flags-in-sctp_.patch +Patch2: man-update-for-DESCRIPTION-and-SYSCTL-in-sctp.7.patch +Patch3: man-add-some-missing-items-in-STATISTICS-in-sctp.7.patch +Patch4: man-improve-the-description-in-SOCKET-OPTIONS-in-sct.patch +Patch5: man-add-the-missing-options-in-SOCKET-OPTIONS-in-sct.patch +Patch6: man-add-CONTROL-MSGS-and-NOTIFICATIONS-in-sctp.7.patch +Patch7: lib-define-cmsg-array-with-correct-size-in-sendv-and.patch BuildRequires: libtool, automake, autoconf, make %description @@ -53,15 +51,14 @@ Drafts). %prep %setup -q -n %{name}-%{name}-%{version} -%patch 0 -p1 -%patch 1 -p1 -%patch 2 -p1 -%patch 3 -p1 -%patch 4 -p1 -%patch 5 -p1 -%patch 6 -p1 -%patch 7 -p1 -%patch 8 -p1 +%patch -P0 -p1 +%patch -P1 -p1 +%patch -P2 -p1 +%patch -P3 -p1 +%patch -P4 -p1 +%patch -P5 -p1 +%patch -P6 -p1 +%patch -P7 -p1 %build [ ! -x ./configure ] && sh bootstrap @@ -78,11 +75,8 @@ rm -f doc/rfc2960.txt doc/states.txt find $RPM_BUILD_ROOT -type f -name "*.la" -delete -%ldconfig_scriptlets - %files -%license COPYING* -%doc AUTHORS ChangeLog README +%doc AUTHORS ChangeLog COPYING* README %{_bindir}/* %{_libdir}/libsctp.so.1* %dir %{_libdir}/lksctp-tools/ @@ -101,12 +95,61 @@ find $RPM_BUILD_ROOT -type f -name "*.la" -delete %doc doc/*.txt %changelog -* Tue Mar 15 2022 Pawel Winogrodzki - 1.0.18-6 -- License verified. -- Applying patch for "autoconf" version 2.70+. Using Fedora 36 spec (license: MIT) for guidance. +* Mon Jan 27 2025 Aninda Pradhan - 1.0.19-10 +- Initial Azure Linux import from Fedora 41 (license: MIT) +- License Verified. + +* Thu Jul 18 2024 Fedora Release Engineering - 1.0.19-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Mon Feb 26 2024 Xin Long - 1.0.19-8 +- man doc update and one fix for lib and another for sctp_test + +* Fri Jan 26 2024 Xin Long - 1.0.19-7 +- Use SDPX license IDs + +* Thu Jan 25 2024 Fedora Release Engineering - 1.0.19-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Fedora Release Engineering - 1.0.19-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Jul 20 2023 Fedora Release Engineering - 1.0.19-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Jan 19 2023 Fedora Release Engineering - 1.0.19-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Jul 21 2022 Fedora Release Engineering - 1.0.19-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Sun Jun 5 2022 Peter Hanecak - 1.0.19-1 +- Updated to 1.0.19 +- Patches dropped since changes are now incorporated in the upstream + +* Thu Jan 20 2022 Fedora Release Engineering - 1.0.18-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Jul 22 2021 Fedora Release Engineering - 1.0.18-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Sat Apr 17 2021 Peter Hanecak - 1.0.18-10 +- Added autoconf-2.70 fix from upstream + +* Tue Jan 26 2021 Fedora Release Engineering - 1.0.18-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Sep 09 2020 Jeff Law - 1.0.18-8 +- Use symver attribute for symbol versioning. Re-enable LTO + +* Wed Aug 19 2020 Igor Raits - 1.0.18-7 +- Drop useless ldconfig scriptlets + +* Tue Jul 28 2020 Fedora Release Engineering - 1.0.18-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -* Fri Oct 15 2021 Pawel Winogrodzki - 1.0.18-5 -- Initial CBL-Mariner import from Fedora 32 (license: MIT). +* Wed Jul 01 2020 Jeff Law - 1.0.18-5 +- Disable LTO * Wed Jan 29 2020 Fedora Release Engineering - 1.0.18-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild diff --git a/SPECS-EXTENDED/lksctp-tools/man-add-CONTROL-MSGS-and-NOTIFICATIONS-in-sctp.7.patch b/SPECS-EXTENDED/lksctp-tools/man-add-CONTROL-MSGS-and-NOTIFICATIONS-in-sctp.7.patch new file mode 100644 index 0000000000..2d996fffc8 --- /dev/null +++ b/SPECS-EXTENDED/lksctp-tools/man-add-CONTROL-MSGS-and-NOTIFICATIONS-in-sctp.7.patch @@ -0,0 +1,150 @@ +From 2a3a4bc0ba94656c007ebaae52e50b42b95ded32 Mon Sep 17 00:00:00 2001 +From: Xin Long +Date: Mon, 27 Feb 2023 18:10:32 -0500 +Subject: [PATCH 6/6] man: add CONTROL MSGS and NOTIFICATIONS in sctp.7 + +Control msgs and notifications are two very important parts +for users to understand and user in programming, and they +are wonth a place in the SCTP manual doc. + +Signed-off-by: Xin Long +--- + man/sctp.7 | 122 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 122 insertions(+) + +diff --git a/man/sctp.7 b/man/sctp.7 +index 01bff6f..323d42e 100644 +--- a/man/sctp.7 ++++ b/man/sctp.7 +@@ -244,6 +244,128 @@ The number of SCTP packets discarded in receiving. + .TP + .B SctpInDataChunkDiscards + The number of SCTP data chunks discarded in receiving. ++.SH CONTROL MSGS ++The ancillary data is carried in msg_control field of struct msghdr, which is ++used in ++.B sendmsg(2) ++and ++.B recvmsg(2) ++call. The SCTP stack uses the ancillary data to communicate the attributes, ++such as SCTP_RCVINFO, of the message stored in msg_iov to the socket endpoint. ++Each ancillary data item is preceded by a struct cmsghdr, see ++.B cmsg(3). ++The different cmsg types for SCTP are listed below, and all these related macros ++and structures are defined in /usr/include/netinet/sctp.h. ++.TP ++.B SCTP_INIT ++This cmsg provides information for initializing new SCTP associations for sendmsg() ++with struct sctp_initmsg, which is the same as SCTP_INITMSG socket option's data ++structure. ++.TP ++.B SCTP_SNDRCV ++This cmsg specifies SCTP options for sendmsg() and describes SCTP header information ++about a received message through recvmsg() with struct sctp_sndrcvinfo. It mixes the ++send and receive path, and SCTP_SNDINFO and SCTP_RCVINFO split this information, so ++these structures should be used, when possible, since SCTP_SNDRCV is deprecated. ++.B sctp_sendmsg(3) ++and ++.B sctp_send(3) ++provide a simple way to use this cmsg. ++ ++Note that an application must use the SCTP_RECVRCVINFO socket option to enable the ++delivery of this information. ++.TP ++.B SCTP_EXTRCV ++This cmsg specifies SCTP options for SCTP header information about a received message ++via recvmsg() with struct sctp_extrcvinfo, and this structure is an extended version ++of SCTP_SNDRCV. Note that data in the next message is not valid unless the current ++message is completely read, i.e., unless the MSG_EOR is set. SCTP_NXTINFO should be ++used when possible, since SCTP_EXTRCV is considered deprecated. ++.B sctp_recvmsg(3) ++provides a simple way to use this cmsg. ++ ++Note that an application must use the SCTP_RECVNXTINFO socket option to enable the ++delivery of this information. ++.TP ++.B SCTP_RCVINFO, SCTP_NXTINFO ++These cmsgs describe SCTP receive information about a received message through ++recvmsg() with struct sctp_rcvinfo, and SCTP receive information of the next ++message that will be delivered through recvmsg() if this information is already ++available when delivering the current message with struct sctp_nxtinfo. ++.B sctp_recvv(3) ++provides a simple way to use these cmsgs. ++ ++Note that an application must use the SCTP_RECVRCVINFO and SCTP_RECVNXTINFO socket ++options accordingly to enable the delivery of this information. ++.TP ++.B SCTP_SNDINFO, SCTP_PRINFO, SCTP_AUTHINFO, SCTP_DSTADDRV4, SCTP_DSTADDRV6 ++These cmsgs specifie a couple of SCTP options for sendmsg() for SEND, PRSCTP, AUTH ++and DSTADDR information with struct sctp_sndinfo, sctp_prinfo, sctp_authinfo and ++in(6)_addr accordingly. ++.BR sctp_sendv(3) ++provides a simple way to use these cmsgs. ++.SH EVENTS and NOTIFICATIONS ++An SCTP application may need to understand and process events and errors ++that happen on the SCTP stack. These events include network status changes, ++association startups, remote operational errors, and undeliverable messages. ++When a notification arrives, recvmsg() returns the notification in the ++application-supplied data buffer via msg_iov, and sets MSG_NOTIFICATION in ++msg_flags. See socket option SCTP_EVENT for the event enabling. The different ++events are listed below, and all these related macros and structures are ++defined in /usr/include/netinet/sctp.h. ++.TP ++.B SCTP_ASSOC_CHANGE ++Communication notifications inform the application that an SCTP ++association has either begun or ended. The notification format ++is struct sctp_assoc_change. ++.TP ++.B SCTP_PEER_ADDR_CHANGE ++When a destination address of a multi-homed peer encounters a state ++change, a peer address change event is sent. The notification format ++is struct sctp_paddr_change. ++.TP ++.B SCTP_REMOTE_ERROR ++A remote peer may send an Operation Error message to its peer. This ++message indicates a variety of error conditions on an association. ++The notification format is struct sctp_remote_error. ++.TP ++.B SCTP_SEND_FAILED ++If SCTP cannot deliver a message, it can return back the message as a ++notification if the SCTP_SEND_FAILED event is enabled. The notification ++format is struct sctp_send_failed. Please note that this notification ++is deprecated. Use SCTP_SEND_FAILED_EVENT instead. ++.TP ++.B SCTP_SHUTDOWN_EVENT ++When a peer sends a SHUTDOWN, SCTP delivers this notification to inform ++the application that it should cease sending data. The notification ++format is struct sctp_shutdown_event. ++.TP ++.B SCTP_ADAPTATION_INDICATION ++When a peer sends an Adaptation Layer Indication parameter, SCTP delivers ++this notification to inform the application about the peer's adaptation ++layer indication. The notification format is struct sctp_adaptation_event. ++.TP ++.B SCTP_PARTIAL_DELIVERY_EVENT ++When a receiver is engaged in a partial delivery of a message, this ++notification will be used to indicate various events. The notification ++format is struct sctp_pdapi_event. ++.TP ++.B SCTP_AUTHENTICATION_EVENT ++This is used to report different events relating to the use of the ++extension to authenticate SCTP messages. The notification format is ++struct sctp_authkey_event. ++.TP ++.B SCTP_SENDER_DRY_EVENT ++When the SCTP stack has no more user data to send or retransmit, this ++notification is given to the user. Also, at the time when a user app ++subscribes to this event, if there is no data to be sent or retransmit, ++the stack will immediately send up this notification. The notification ++format is struct sctp_sender_dry_event. ++.TP ++.B SCTP_SEND_FAILED_EVENT ++If SCTP cannot deliver a message, it can return back the message as a ++notification if the SCTP_SEND_FAILED_EVENT event is enabled. The ++notification format is struct sctp_send_failed_event. + .SH "SOCKET OPTIONS" + To set or get a SCTP socket option, call + .BR getsockopt (2) +-- +2.39.1 + diff --git a/SPECS-EXTENDED/lksctp-tools/man-add-some-missing-items-in-STATISTICS-in-sctp.7.patch b/SPECS-EXTENDED/lksctp-tools/man-add-some-missing-items-in-STATISTICS-in-sctp.7.patch new file mode 100644 index 0000000000..465565b233 --- /dev/null +++ b/SPECS-EXTENDED/lksctp-tools/man-add-some-missing-items-in-STATISTICS-in-sctp.7.patch @@ -0,0 +1,85 @@ +From f128c927f7d4f5eb0fc80b857ff74660fb61d0d6 Mon Sep 17 00:00:00 2001 +From: Xin Long +Date: Mon, 27 Feb 2023 17:18:10 -0500 +Subject: [PATCH 3/6] man: add some missing items in STATISTICS in sctp.7 + +Many items have been added in /proc/net/sctp/assocs and +/proc/net/sctp/snmp, and this patch adds the missing +description for them. + +Signed-off-by: Xin Long +--- + man/sctp.7 | 50 +++++++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 49 insertions(+), 1 deletion(-) + +diff --git a/man/sctp.7 b/man/sctp.7 +index c19c2b7..730e1a8 100644 +--- a/man/sctp.7 ++++ b/man/sctp.7 +@@ -121,7 +121,10 @@ files. + Displays the following information about the active associations. + assoc ptr, sock ptr, socket style, sock state, association state, hash bucket, + association id, bytes in transmit queue, bytes in receive queue, user id, +-inode, local port, remote port, local addresses and remote addresses. ++inode, local port, remote port, local addresses, remote addresses, ++heartbeat interval, in streams, out streams, max retransmissions, init retries, ++shutdown retries, retransmitted chunks, sock transmit queue committed bytes, ++sock transmit queue bytes, and sock send and receive buffer bytes. + .TP + .B eps + Displays the following information about the active endpoints. +@@ -196,6 +199,51 @@ The number of SCTP packets sent. Retransmitted DATA chunks are included. + .TP + .B SctpInSCTPPacks + The number of SCTP packets received. Duplicates are included. ++.TP ++.B SctpT1InitExpireds ++The number of timer T1 INIT expired. ++.TP ++.B SctpT1CookieExpireds ++The number of timer T1 COOKIE-ECHO expired. ++.TP ++.B SctpT2ShutdownExpireds ++The number of timer T2 SHUTDOWN expired. ++.TP ++.B SctpT3RtxExpireds ++The number of timer T3 RTX expired. ++.TP ++.B SctpT4RtoExpireds ++The number of timer T4 RTO expired. ++.TP ++.B SctpT5ShutdownGuardExpireds ++The number of timer T5 SHUTDOWN GUARD expired. ++.TP ++.B SctpDelaySackExpireds ++The number of timer DELAY_SACK expired. ++.TP ++.B SctpAutocloseExpireds ++The number of timer AUTOCLOSE expired. ++.TP ++.B SctpT3Retransmits ++The number of T3 timer retransmission. ++.TP ++.B SctpPmtudRetransmits ++The number of PMTUD retransmission. ++.TP ++.B SctpFastRetransmits ++The number of FAST retransmission. ++.TP ++.B SctpInPktSoftirq ++The number of SCTP packets received in Softirq. ++.TP ++.B SctpInPktBacklog ++The number of SCTP packets received in Backlog. ++.TP ++.B SctpInPktDiscards ++The number of SCTP packets discarded in receiving. ++.TP ++.B SctpInDataChunkDiscards ++The number of SCTP data chunks discarded in receiving. + .SH "SOCKET OPTIONS" + To set or get a SCTP socket option, call + .BR getsockopt (2) +-- +2.39.1 + diff --git a/SPECS-EXTENDED/lksctp-tools/man-add-the-missing-description-for-3-flags-in-sctp_.patch b/SPECS-EXTENDED/lksctp-tools/man-add-the-missing-description-for-3-flags-in-sctp_.patch new file mode 100644 index 0000000000..269d3da5d1 --- /dev/null +++ b/SPECS-EXTENDED/lksctp-tools/man-add-the-missing-description-for-3-flags-in-sctp_.patch @@ -0,0 +1,52 @@ +From d680721b59b5533f776705ad10f1265302f70103 Mon Sep 17 00:00:00 2001 +From: Xin Long +Date: Mon, 27 Feb 2023 12:57:49 -0500 +Subject: [PATCH 1/6] man: add the missing description for 3 flags in + sctp_sendmsg.3 + +This patch is to add the missing description for 3 flags: +SCTP_SENDALL, SCTP_SACK_IMMEDIATELY and SCTP_PR_SCTP_{TTL|RTX|PRIO}. +which have been supported in kernel for a long time. + +Signed-off-by: Xin Long +--- + man/sctp_sendmsg.3 | 19 ++++++++++++++++++- + 1 file changed, 18 insertions(+), 1 deletion(-) + +diff --git a/man/sctp_sendmsg.3 b/man/sctp_sendmsg.3 +index 51828fb..3e57131 100644 +--- a/man/sctp_sendmsg.3 ++++ b/man/sctp_sendmsg.3 +@@ -57,11 +57,28 @@ information of this error cause is provided in + .B SCTP_EOF + Setting this flag invokes the SCTP graceful shutdown procedure on the specific + association(one-to-many style only). ++.TP ++.B SCTP_SENDALL ++This flag, if set, will cause a one-to-many style socket to send the message ++to all associations that are currently established on this socket. For the ++one-to-one style socket, this flag has no effect. ++.TP ++.B SCTP_SACK_IMMEDIATELY ++This flag allows the application to set the I bit of the last DATA chunk when ++sending each user message to make sure the corresponding SACK can be sent by ++peer without delay. ++.TP ++.B SCTP_PR_SCTP_{TTL|RTX|PRIO} ++One of these 3 pr_policies can be used through this flag with its pr_value ++set in timetolive parameter for this message. Note that ++.B sctp_sendv(3) ++with infotype SCTP_SENDV_PRINFO also works for PR-SCTP. + .PP + .I timetolive + specifies the time duration in milliseconds. The sending side will expire the + message if the message has not been sent to the peer within this time period. +-A value of 0 indicates that no timeout should occur on this message. ++A value of 0 indicates that no timeout should occur on this message. It also ++works as the pr_value if flags parameter is set to pr_policy. + .I ppid + is an opaque unsigned value that is passed to the remote end along with the + message. +-- +2.39.1 + diff --git a/SPECS-EXTENDED/lksctp-tools/man-add-the-missing-options-in-SOCKET-OPTIONS-in-sct.patch b/SPECS-EXTENDED/lksctp-tools/man-add-the-missing-options-in-SOCKET-OPTIONS-in-sct.patch new file mode 100644 index 0000000000..1b9b2f4868 --- /dev/null +++ b/SPECS-EXTENDED/lksctp-tools/man-add-the-missing-options-in-SOCKET-OPTIONS-in-sct.patch @@ -0,0 +1,535 @@ +From df0cd18b5d81a7f8c661e6e565e5e35e00fbb9d8 Mon Sep 17 00:00:00 2001 +From: Xin Long +Date: Mon, 27 Feb 2023 17:57:20 -0500 +Subject: [PATCH 5/6] man: add the missing options in SOCKET OPTIONS in sctp.7 + +There are a lot of options missing in in SOCKET OPTIONS in sctp.7, +and this patch adds them all. + +Signed-off-by: Xin Long +--- + man/sctp.7 | 508 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 508 insertions(+) + +diff --git a/man/sctp.7 b/man/sctp.7 +index 7756dda..01bff6f 100644 +--- a/man/sctp.7 ++++ b/man/sctp.7 +@@ -431,6 +431,514 @@ SACKs sent and received, SCTP packets sent and received. + + The parameter type is struct sctp_assoc_stats, for reading only. + sas_assoc_id is a specified assoc_id. ++.TP ++.B SCTP_DELAYED_ACK, SCTP_DELAYED_ACK_TIME, SCTP_DELAYED_SACK ++These options will affect the way delayed SACKs are performed. They allow ++the application to get or set the delayed SACK time, in milliseconds, and ++also allow changing the delayed SACK frequency. Changing the frequency ++to 1 disables the delayed SACK algorithm. Note that if sack_delay or ++sack_freq is 0 when setting this option, the current values will remain ++unchanged. ++ ++The parameter type is struct sctp_sack_info. For reading, sack_assoc_id is ++a specified assoc_id or SCTP_FUTURE_ASSOC. For writing, sack_assoc_id is a ++specified assoc_id or SCTP_{FUTURE|CURRENT|ALL}_ASSOC. ++ ++Default: sackdelay=sysctl_net.sctp.sack_timeout,sackfreq=2. ++.TP ++.B SCTP_CONTEXT ++This option allows the setting, on an association basis, of a default ++context that will be received on reading messages from the peer. ++This is especially helpful for an application when using one-to-many ++style sockets to keep some reference to an internal state machine that ++is processing messages on the association. Note that the setting of ++this value only affects received messages from the peer and does not ++affect the value that is saved with outbound messages. ++ ++The parameter type is struct sctp_assoc_value. For reading, assoc_id ++is a specified assoc_id or SCTP_FUTURE_ASSOC. For writing, assoc_id ++is a specified assoc_id or SCTP_{FUTURE|CURRENT|ALL}_ASSOC. ++ ++Default: 0. ++.TP ++.B SCTP_FRAGMENT_INTERLEAVE ++Fragmented interleave controls how the presentation of messages ++occurs for the message receiver. There are three levels of fragment ++interleave defined: level 0: SCTP_FRAGMENT_INTERLEAVE = 0; level 1: ++SCTP_FRAGMENT_INTERLEAVE = 1; level 2: SCTP_FRAGMENT_INTERLEAVE = 1 ++& SCTP_INTERLEAVING_SUPPORTED = 1. ++ ++The parameter type is int boolean, for reading and writing. ++ ++Default: 0. ++.TP ++.B SCTP_PARTIAL_DELIVERY_POINT ++This option will set or get the SCTP partial delivery point. This ++point is the size of a message where the partial delivery API will be ++invoked to help free up rwnd space for the peer. Setting this to a ++lower value will cause partial deliveries to happen more often. This ++option expects an integer that sets or gets the partial delivery ++point in bytes. Note also that the call will fail if the user ++attempts to set this value larger than the socket receive buffer ++size. Note that any single message having a length smaller than or equal ++to the SCTP partial delivery point will be delivered in a single read ++call as long as the user-provided buffer is large enough to hold the ++message. ++ ++The parameter type is uint32_t, for reading and writing. ++ ++Default: 0. ++.TP ++.B SCTP_MAX_BURST ++This option will allow a user to change the maximum burst of packets ++that can be emitted by this association. ++ ++The parameter type is struct sctp_assoc_value. For reading, assoc_id ++is a specified assoc_id or SCTP_FUTURE_ASSOC. For writing, assoc_id ++is a specified assoc_id or SCTP_{FUTURE|CURRENT|ALL}_ASSOC. ++ ++Default: sysctl_net.sctp.max_burst. ++.TP ++.B SCTP_AUTH_CHUNK ++This option adds a chunk type that the user is requesting to be received ++only in an authenticated way, and it only affects the future associations. ++ ++The parameter type is struct sauth_chunk, for writing only. ++ ++Default: no chunks. ++Require: SCTP_AUTH_SUPPORTED. ++RFC: RFC4895. ++.TP ++.B SCTP_HMAC_IDENT ++This option gets or sets the list of Hashed Message Authentication ++Code (HMAC) algorithms that the local endpoint requires the peer ++to use. ++ ++The parameter type is struct sctp_hmacalgo, for reading and writing. ++shmac_idents can include SCTP_AUTH_HMAC_ID_{SHA1|SHA256}. ++ ++Default: SCTP_AUTH_HMAC_ID_SHA1. ++Require: SCTP_AUTH_SUPPORTED. ++.TP ++.B SCTP_AUTH_KEY ++This option will set a shared secret key that is used to build an ++association shared key. ++ ++The parameter type is struct sctp_authkey, for writing only. sca_assoc_id ++is a specified assoc_id or SCTP_{FUTURE|CURRENT|ALL}_ASSOC. ++ ++Default: null_key. ++Require: SCTP_AUTH_SUPPORTED. ++.TP ++.B SCTP_AUTH_ACTIVE_KEY ++This option will get or set the active shared key to be used to build ++the association shared key. ++ ++The parameter type is struct sctp_authkeyid, for writing only. ++scact_assoc_id is a specified assoc_id or ++SCTP_{FUTURE|CURRENT|ALL}_ASSOC. ++ ++Default: 0. ++Require: SCTP_AUTH_SUPPORTED. ++.TP ++.B SCTP_AUTH_DEACTIVATE_KEY ++This set option indicates that the application will no longer send ++user messages using the indicated key identifier. ++ ++The parameter type is struct sctp_authkeyid, for writing only. ++scact_assoc_id is a specified assoc_id or ++SCTP_{FUTURE|CURRENT|ALL}_ASSOC. ++ ++Require: SCTP_AUTH_SUPPORTED. ++.TP ++.B SCTP_AUTH_DELETE_KEY ++This set option will delete an SCTP association's shared secret key ++that has been deactivated. ++ ++The parameter type is struct sctp_authkeyid, for writing only. ++scact_assoc_id is a specified assoc_id or ++SCTP_{FUTURE|CURRENT|ALL}_ASSOC. ++ ++Require: SCTP_AUTH_SUPPORTED. ++.TP ++.B SCTP_PEER_AUTH_CHUNKS ++This option gets a list of chunk types for a specified association ++that the peer requires to be received authenticated only. ++ ++The parameter type is struct sctp_authchunks, for reading only. ++gauth_assoc_id is a specified assoc_id. ++ ++Require: SCTP_AUTH_SUPPORTED. ++.TP ++.B SCTP_LOCAL_AUTH_CHUNKS ++This option gets a list of chunk types for a specified association that ++the local endpoint requires to be received authenticated only. ++ ++The parameter type is struct sctp_authchunks, for reading only. ++gauth_assoc_id is a specified assoc_id or SCTP_FUTURE_ASSOC. ++ ++Require: SCTP_AUTH_SUPPORTED. ++.TP ++.B SCTP_GET_ASSOC_NUMBER ++This option gets the current number of associations that are attached ++to a one-to-many style socket. Note that this number is only a snapshot. ++This means that the number of associations may have changed when the ++caller gets back the option result. ++ ++The parameter type is uint32_t, for reading only. ++.TP ++.B SCTP_GET_ASSOC_ID_LIST ++This option gets the current list of SCTP association identifiers of ++the SCTP associations handled by a one-to-many style socket. It uses ++struct sctp_assoc_ids and must provide a large enough buffer to hold ++all association identifiers. If the buffer is too small, an error must ++be returned. The user can use the SCTP_GET_ASSOC_NUMBER socket option ++to get an idea of how large the buffer has to be. ++ ++The parameter type is struct sctp_assoc_ids, for reading only. ++.TP ++.B SCTP_EXPOSE_POTENTIALLY_FAILED_STATE, SCTP_EXPOSE_PF_STATE ++Applications can control the exposure of the PF path state in the ++SCTP_PEER_ADDR_CHANGE event, and if pf_expose is not 'enabled', no ++notification will be sent for a transport state change to SCTP_PF. ++It also affects the SCTP_GET_PEER_ADDR_INFO socket option, and if ++pf_expose is 'disabled', users can not access the transport info via ++SCTP_GET_PEER_ADDR_INFO option. ++ ++The parameter type is struct sctp_assoc_value, for reading and writing. ++assoc_id is a specified assoc_id or SCTP_FUTURE_ASSOC. ++ ++Default: sysctl_net.sctp.pf_expose. ++.TP ++.B SCTP_PEER_ADDR_THLDS ++Applications can control the SCTP-PF behavior by getting or setting ++the number of consecutive timeouts before a peer address is ++considered PF or unreachable.. ++ ++The parameter type is struct sctp_paddrthlds, for reading and writing. ++spt_address is a specified transport address or 0, spt_assoc_id ++is a specified assoc_id or SCTP_FUTURE_ASSOC. ++ ++Default: pathmaxrxt=sysctl_net.sctp.path_max_retrans, ++ps_retrans=sysctl_net.sctp.ps_retrans. ++.TP ++.B SCTP_PEER_ADDR_THLDS_V2 ++Similar to SCTP_PEER_ADDR_THLDS, but it can also be used by applications ++to set and get the number of timeouts before the primary path is changed ++automatically by the Primary Path Switchover function. ++ ++The parameter type is struct sctp_paddrthlds_v2, for reading and writing. ++spt_address is a specified transport address or 0, spt_assoc_id is a ++specified assoc_id or SCTP_FUTURE_ASSOC. ++ ++Default: pathmaxrxt=sysctl_net.sctp.path_max_retrans, ++ps_retrans=sysctl_net.sctp.ps_retrans, pf_retrans=sysctl_net.sctp.pf_retrans. ++.TP ++.B SCTP_RECVRCVINFO ++Setting this option specifies that SCTP_RCVINFO (SCTP receive information ++about a received message) is returned as ancillary data by recvmsg(). See ++.B CONTROL MSGS ++for more details. ++ ++The parameter type is int, for reading and writing. ++ ++Default: 0. ++.TP ++.B SCTP_RECVNXTINFO ++Setting this option specifies that SCTP_NXTINFO (SCTP receive information ++of the next message) is returned as ancillary data by recvmsg(). See ++.B CONTROL MSGS ++for details. ++ ++The parameter type is int, for reading and writing. ++ ++Default: 0. ++.TP ++.B SCTP_DEFAULT_SNDINFO ++This option obsoletes SCTP_DEFAULT_SEND_PARAM. ++ ++The parameter type is struct sctp_sndinfo. For reading, snd_assoc_id is ++a specified assoc_id or SCTP_FUTURE_ASSOC. For writing, snd_assoc_id is ++a specified assoc_id or SCTP_{FUTURE|CURRENT|ALL}_ASSOC. ++ ++Default: default_stream=0, default_flags=0, default_ppid=0, default_context=0. ++.TP ++.B SCTP_REUSE_PORT ++This option is similar to the socket level option SO_REUSEADDR, besides ++only supports one-to-one style SCTP sockets and must not be used after ++calling bind() or sctp_bindx(). ++ ++The parameter type is int, for reading and writing. ++ ++Default: 0. ++.TP ++.B SCTP_SOCKOPT_BINDX_ADD ++This option allows the user to bind a specific subset of addresses or, ++if the SCTP extension ASCONF is supported (see SCTP_ASCONF_SUPPORTED), ++add specific addresses. The API sctp_bindx() is based on this. ++ ++The parameter type is struct sockaddr[], for writing only. ++.TP ++.B SCTP_SOCKOPT_BINDX_REM ++Similar to SCTP_SOCKOPT_BINDX_ADD, but delete specific addresses. The API ++sctp_bindx() is based on this. ++ ++The parameter type is struct sockaddr[], for writing only. ++.TP ++.B SCTP_SOCKOPT_PEELOFF ++This option branches off an UDP type association into a separate socket ++returned back to users. The API sctp_peeloff() is based on this option. ++ ++The parameter type is sctp_peeloff_arg_t, for reading only. associd is a ++specified assoc_id. ++.TP ++.B SCTP_SOCKOPT_PEELOFF_FLAGS ++Peel off an UDP type association from a socket similar to SCTP_SOCKOPT_PEELOFF ++option, but it allows the flags like O_CLOEXEC and O_NONBLOCK to be used when ++creating the new socket. The API sctp_peeloff_flags() is based on this option. ++ ++The parameter type is sctp_peeloff_flags_arg_t, for reading only. associd ++is a specified assoc_id. ++.TP ++.B SCTP_SOCKOPT_CONNECTX_OLD ++This option allows a user to specify multiple addresses at which a peer can ++be reached, and the kernel stack will use the list of addresses to set up ++the association. The API sctp_connectx() is based on this option. ++ ++The parameter type is struct sockaddr[], for writing only. ++.TP ++.B SCTP_SOCKOPT_CONNECTX ++Similar to SCTP_SOCKOPT_CONNECTX_OLD, but it returns the new assoc's id. ++The API sctp_connectx2() is based on this option. ++ ++The parameter type is struct sockaddr[], for writing only. The new assoc's ++id is passed to users by the return value. ++.TP ++.B SCTP_SOCKOPT_CONNECTX3 ++Similar to SCTP_SOCKOPT_CONNECTX, but it uses different type parameter. The ++API sctp_connectx3() is based on this option. ++ ++The parameter type is struct sctp_getaddrs_old, for reading only. assoc_id ++is set to the new assoc's id by kernel and passed to users. ++.TP ++.B SCTP_GET_PEER_ADDRS ++This option is used to gets all peer addresses in an association. The API ++sctp_getpaddrs() is based on this option. ++ ++The parameter type is struct sctp_getaddrs, for reading only. assoc_id ++is a specified assoc_id. ++.TP ++.B SCTP_GET_LOCAL_ADDRS ++This option is used to get all local addresses in an association. The API ++sctp_getladdrs() is based on this option. ++ ++The parameter type is struct sctp_getaddrs, for reading only. assoc_id ++is a specified assoc_id or SCTP_FUTURE_ASSOC. ++.TP ++.B SCTP_ADAPTATION_LAYER ++This option requests that the local endpoint set the specified ++Adaptation Layer Indication parameter for all future INIT and ++INIT-ACK exchanges. ++ ++The parameter type is struct sctp_setadaptation, for reading and writing. ++ ++Default: 0. ++.TP ++.B SCTP_EVENT ++This option obsoletes SCTP_EVENTS socket option, and it can set or get ++one specific type of event for a specified association. ++ ++The parameter type is struct sctp_event. For reading, se_assoc_id is ++a specified assoc_id or SCTP_FUTURE_ASSOC. For writing, se_assoc_id ++is a specified assoc_id or SCTP_{FUTURE|CURRENT|ALL}_ASSOC. se_type ++can be one of enum sctp_sn_type. ++ ++Default: 0. ++.TP ++.B SCTP_PR_SUPPORTED ++This socket option allows the enabling or disabling of the negotiation of ++PR-SCTP support for future associations. ++ ++The parameter type is struct sctp_assoc_value. For reading, assoc_id ++is a specified assoc_id or SCTP_FUTURE_ASSOC. For writing, assoc_id ++is SCTP_FUTURE_ASSOC. ++ ++Default: sysctl_net.sctp.prsctp_enable. ++RFC: RFC7496. ++.TP ++.B SCTP_DEFAULT_PRINFO ++This option sets and gets the default parameters for PR-SCTP. ++ ++The parameter type is struct sctp_default_prinfo. For reading, pr_assoc_id ++is a specified assoc_id or SCTP_FUTURE_ASSOC. For writing, pr_assoc_id is ++a specified assoc_id or SCTP_{FUTURE|CURRENT|ALL}_ASSOC. pr_policy can be ++SCTP_PR_SCTP_{NONE|TTL|RTX|PRIO}. ++ ++Default: SCTP_PR_SCTP_NONE. ++Require: SCTP_DEFAULT_PRINFO. ++.TP ++.B SCTP_PR_ASSOC_STATUS ++This option is used to get Association-Specific PR-SCTP Status. ++ ++The parameter type is struct sctp_prstatus, for reading only. ++sprstat_assoc_id is a specified assoc_id, sprstat_policy ++can be SCTP_PR_SCTP_{TTL|RTX|PRIO|ALL}. ++.TP ++.B SCTP_PR_STREAM_STATUS ++This option is used to get Stream-Specific PR-SCTP Status. ++ ++The parameter type is struct sctp_prstatus, for reading only. ++sprstat_assoc_id is a specified assoc_id, sprstat_policy ++can be SCTP_PR_SCTP_{TTL|RTX|PRIO|ALL}. ++.TP ++.B SCTP_RECONFIG_SUPPORTED ++Enable the Stream Reconfiguration(RECONF) for the future associations. ++For different type of requests enabling, see SCTP_ENABLE_STREAM_RESET ++option. ++ ++The parameter type is struct sctp_assoc_value. For reading, assoc_id ++is a specified assoc_id or SCTP_FUTURE_ASSOC. For writing, assoc_id ++is SCTP_FUTURE_ASSOC. ++ ++Default: sysctl_net.sctp.reconf_enable. ++RFC: RFC6525. ++.TP ++.B SCTP_ENABLE_STREAM_RESET ++This option allows a user to control whether the kernel processes or denies ++incoming requests in RECONF chunks. ++ ++The parameter type is struct sctp_assoc_value. For reading, assoc_id is ++a specified assoc_id or SCTP_FUTURE_ASSOC. For writing, assoc_id is ++a specified assoc_id or SCTP_{FUTURE|CURRENT|ALL}_ASSOC. assoc_value ++can be SCTP_ENABLE_{RESET_STREAM_REQ|RESET_ASSOC_REQ|CHANGE_ASSOC_REQ}. ++ ++Default: 0. ++Require: SCTP_RECONFIG_SUPPORTED. ++.TP ++.B SCTP_RESET_STREAMS ++This option allows the user to request the reset of incoming and/or ++outgoing streams. ++ ++The parameter type is struct sctp_reset_streams, for writing only. ++srs_assoc_id is a specified assoc_id. ++ ++Require: SCTP_ENABLE_STREAM_RESET. ++.TP ++.B SCTP_RESET_ASSOC ++This option allows a user to request the reset of the SSN/TSN. ++ ++The parameter type is sctp_assoc_t, for writing only. It is a specified ++assoc_id. ++ ++Require: SCTP_ENABLE_STREAM_RESET. ++.TP ++.B SCTP_ADD_STREAMS ++This option allows a user to request the addition of a number of incoming ++and/or outgoing streams. ++ ++The parameter type is struct sctp_add_streams, for writing only. ++sas_assoc_id is a specified assoc_id. ++ ++Require: SCTP_ENABLE_STREAM_RESET. ++.TP ++.B SCTP_STREAM_SCHEDULER ++This option is used to select a stream scheduler for data sending. ++ ++The parameter type is struct sctp_assoc_value. For reading, assoc_id is ++a specified assoc_id or SCTP_FUTURE_ASSOC. For writing, assoc_id is a ++specified assoc_id or SCTP_{FUTURE|CURRENT|ALL}_ASSOC. assoc_value can ++be SCTP_SS_{FCFS|PRIO|RR|FC|WFQ}. ++ ++Default: SCTP_SS_FCFS. ++RFC: RFC8260. ++.TP ++.B SCTP_STREAM_SCHEDULER_VALUE ++Some stream schedulers require additional information to be set for ++individual streams. ++ ++The parameter type is struct sctp_assoc_value. For reading, assoc_id is ++a specified assoc_id. For writing, assoc_id is a specified assoc_id or ++SCTP_CURRENT_ASSOC. ++ ++Require: SCTP_STREAM_SCHEDULER. ++.TP ++.B SCTP_INTERLEAVING_SUPPORTED ++This socket option allows the enabling or disabling of the negotiation of ++user message interleaving support for future associations. ++ ++The parameter type is struct sctp_assoc_value. For reading, assoc_id ++is a specified assoc_id or SCTP_FUTURE_ASSOC. For writing, assoc_id ++is SCTP_FUTURE_ASSOC. ++ ++Default: sysctl_net.sctp.intl_enable. ++Require: SCTP_FRAGMENT_INTERLEAVE. ++RFC: RFC8260. ++.TP ++.B SCTP_ASCONF_SUPPORTED ++Enable the Dynamic Address Reconfiguration(ASCONF) for the future ++associations. ++ ++The parameter type is struct sctp_assoc_value. For reading, assoc_id ++is a specified assoc_id or SCTP_FUTURE_ASSOC. For writing, assoc_id ++is SCTP_FUTURE_ASSOC. ++ ++Default: sysctl_net.sctp.addip_enable. ++RFC: RFC5061. ++.TP ++.B SCTP_AUTO_ASCONF ++This option will enable or disable the use of the automatic generation of ++ASCONF chunks to add and delete addresses to an existing association. ++Note that this option has two caveats, namely a) it only affects sockets ++that are bound to all addresses available to the SCTP stack, and b) the ++system administrator may have an overriding control that turns the ASCONF ++feature off no matter what setting the socket option may have. ++ ++The parameter type is int boolean, for reading and writing. ++ ++Default: sysctl_net.sctp.default_auto_asconf. ++.TP ++.B SCTP_AUTH_SUPPORTED ++Enable AUTH for the future associations. ++ ++The parameter type is struct sctp_assoc_value. For reading, assoc_id ++is a specified assoc_id or SCTP_FUTURE_ASSOC. For writing, ssoc_id ++is SCTP_FUTURE_ASSOC. ++ ++Default: sysctl_net.sctp.auth_enable. ++RFC: RFC4895. ++.TP ++.B SCTP_ECN_SUPPORTED ++Enable ECN for the future associations. ++ ++The parameter type is struct sctp_assoc_value. For reading, assoc_id ++is a specified assoc_id or SCTP_FUTURE_ASSOC. For writing, assoc_id ++is SCTP_FUTURE_ASSOC. ++ ++Default: sysctl_net.sctp.ecn_enable. ++.TP ++.B SCTP_REMOTE_UDP_ENCAPS_PORT ++This option is used to set the encapsulation port(a remote listening or ++dest port) for SCTP over UDP, which allows SCTP traffic to pass through ++legacy NATs that do not provide native SCTP support. ++ ++The parameter type is struct sctp_udpencaps, for reading and writing. ++sue_address is a specified transport address or 0, sue_assoc_id ++is a specified assoc_id or SCTP_FUTURE_ASSOC. ++ ++Default: sysctl_net.sctp.encap_port. ++RFC: RFC6951. ++.TP ++.B SCTP_PLPMTUD_PROBE_INTERVAL ++This option is used to configure the PROBE_INTERVAL for the Packetization ++Layer Path MTU Discovery(PLPMTUD). It can be set to a value >= 5000 or ++0(disabled). ++ ++The parameter type is struct sctp_probeinterval, for reading and writing. ++spi_address is a specified transport address or 0, spi_assoc_id is ++a specified assoc_id or SCTP_FUTURE_ASSOC. ++ ++Default: 0(disabled). ++RFC: RFC8899. + .SH AUTHORS + Sridhar Samudrala + .SH "SEE ALSO" +-- +2.39.1 + diff --git a/SPECS-EXTENDED/lksctp-tools/man-improve-the-description-in-SOCKET-OPTIONS-in-sct.patch b/SPECS-EXTENDED/lksctp-tools/man-improve-the-description-in-SOCKET-OPTIONS-in-sct.patch new file mode 100644 index 0000000000..2bfaa1ea80 --- /dev/null +++ b/SPECS-EXTENDED/lksctp-tools/man-improve-the-description-in-SOCKET-OPTIONS-in-sct.patch @@ -0,0 +1,273 @@ +From 1bf06687ff8b0db8b3ac38b0206eea8a7b6f4632 Mon Sep 17 00:00:00 2001 +From: Xin Long +Date: Mon, 27 Feb 2023 17:37:19 -0500 +Subject: [PATCH 4/6] man: improve the description in SOCKET OPTIONS in sctp.7 + +SCTP_{FUTURE|CURRENT|ALL}_ASSOC have been introduced for some options to +make set/get more effectively, we should mention it in the description +of these options. Also, it's better to give users more information like: +the structure it uses as parameter, the default value, the dependence on +other options if any, write or read permissions etc. + +Signed-off-by: Xin Long +--- + man/sctp.7 | 186 +++++++++++++++++++++++++++++++++++------------------ + 1 file changed, 123 insertions(+), 63 deletions(-) + +diff --git a/man/sctp.7 b/man/sctp.7 +index 730e1a8..7756dda 100644 +--- a/man/sctp.7 ++++ b/man/sctp.7 +@@ -251,95 +251,148 @@ to read or + .BR setsockopt (2) + to write the option with the option level argument set to + .BR SOL_SCTP. ++Note that all these macros and structures described for parameters are defined ++in /usr/include/netinet/sctp.h, and for one-to-one style sockets a specified ++assoc_id works the same as SCTP_FUTURE_ASSOC. + .TP + .BR SCTP_RTOINFO. + This option is used to get or set the protocol parameters used to +-initialize and bound retransmission timeout(RTO). The structure sctp_rtoinfo +-defined in /usr/include/netinet/sctp.h is used to access and modify these +-parameters. ++initialize and bound retransmission timeout(RTO). ++ ++The parameter type is struct sctp_rtoinfo, for reading and writing. ++srto_assoc_id is a specified assoc_id or SCTP_FUTURE_ASSOC. ++ ++Default: srto_max=sysctl_net.sctp.rto_max, srto_min=sysctl_net.sctp.rto_min, ++srto_initial=sysctl_net.sctp.rto_initial. + .TP + .B SCTP_ASSOCINFO + This option is used to both examine and set various association and endpoint +-parameters. The structure sctp_assocparams defined in +-/usr/include/netinet/sctp.h is used to access and modify these parameters. ++parameters. ++ ++The parameter type is struct sctp_assocparams, for reading and writing. ++sasoc_assoc_id is a specified assoc_id or SCTP_FUTURE_ASSOC. Note that ++some fields of this structure are for reading only: ++ ++ struct sctp_assocparams { ++ sctp_assoc_t sasoc_assoc_id; ++ __u16 sasoc_asocmaxrxt; (RW) ++ __u16 sasoc_number_peer_destinations; (R) ++ __u32 sasoc_peer_rwnd; (R) ++ __u32 sasoc_local_rwnd; (R) ++ __u32 sasoc_cookie_life; (RW) ++ }; ++ ++Default: sasoc_asocmaxrxt=sysctl_net.sctp.association_max_retrans, ++sasoc_cookie_life=sysctl_net.sctp.valid_cookie_life. + .TP + .B SCTP_INITMSG + This option is used to get or set the protocol parameters for the default +-association initialization. The structure sctp_initmsg defined in +-/usr/include/netinet/sctp.h is used to access and modify these parameters. ++association initialization. ++ ++The parameter type is struct sctp_initmsg, for reading and writing. + +-Setting initialization parameters is effective only on an unconnected +-socket (for one-to-many style sockets only future associations are +-effected by the change). With one-to-one style sockets, this option +-is inherited by sockets derived from a listener socket. ++Default: sinit_num_ostreams=10, sinit_max_instreams=10, ++sinit_max_attempts=sysctl_net.sctp.max_init_retransmits, ++sinit_max_init_timeo=sysctl_net.sctp.rto_max. + .TP + .B SCTP_NODELAY + Turn on/off any Nagle-like algorithm. This means that packets are generally +-sent as soon as possible and no unnecessary delays are introduced, at the cost +-of more packets in the network. Expects an integer boolean flag. ++sent as soon as possible and no unnecessary delays are introduced, at the ++cost of more packets in the network. ++ ++The parameter type is int boolean, for reading and writing. ++ ++Default: 0. + .TP + .B SCTP_AUTOCLOSE +-This socket option is applicable to the one-to-many style socket +-only. When set it will cause associations that are idle for more than +-the specified number of seconds to automatically close. An +-association being idle is defined an association that has NOT sent or +-received user data. The special value of 0 indicates that no +-automatic close of any associations should be performed. The option +-expects an integer defining the number of seconds of idle time before +-an association is closed. ++This socket option is applicable to the one-to-many style socket only. ++When set it will cause associations that are idle for more than the ++specified number of seconds to automatically close. An association ++being idle is defined an association that has NOT sent or received ++user data within a period. ++ ++The parameter type is int(seconds), for reading and writing. 0 indicates ++that no automatic close of any associations should be performed. ++ ++Default: sysctl_net.sctp.max_autoclose. + .TP + .B SCTP_SET_PEER_PRIMARY_ADDR + Requests that the peer mark the enclosed address as the association + primary. The enclosed address must be one of the association's +-locally bound addresses. The structure sctp_setpeerprim defined in +-/usr/include/netinet/sctp.h is used to make a set peer primary request. ++locally bound addresses. ++ ++The parameter type is struct sctp_setpeerprim, for writing only. ++sspp_assoc_id is a specified assoc_id. ++ ++Default: the 1st local address added. ++Require: SCTP_ASCONF_SUPPORTED. + .TP + .B SCTP_PRIMARY_ADDR + Requests that the local SCTP stack use the enclosed peer address as + the association primary. The enclosed address must be one of the +-association peer's addresses. The structure sctp_prim defined in +-/usr/include/netinet/sctp.h is used to make a get/set primary request. ++association peer's addresses. ++ ++The parameter type is struct sctp_prim, for writing only. ssp_assoc_id ++is a specified assoc_id. ++ ++Default: the 1st peer address added. ++Require: SCTP_ASCONF_SUPPORTED. + .TP + .B SCTP_DISABLE_FRAGMENTS +-This option is a on/off flag and is passed an integer where a non-zero is on +-and a zero is off. If enabled no SCTP message fragmentation will be performed. +-Instead if a message being sent exceeds the current PMTU size, the message will +-NOT be sent and an error will be indicated to the user. ++If enabled no SCTP message fragmentation will be performed. Instead if a ++message being sent exceeds the current PMTU size, the message will NOT ++be sent and an error will be indicated to the user. ++ ++The parameter type is int boolean, for reading and writing. ++ ++Default: 0. + .TP + .B SCTP_PEER_ADDR_PARAMS + Using this option, applications can enable or disable heartbeats for any peer + address of an association, modify an address's heartbeat interval, force a + heartbeat to be sent immediately, and adjust the address's maximum number of +-retransmissions sent before an address is considered unreachable. The structure +-sctp_paddrparams defined in /usr/include/netinet/sctp.h is used to +-access and modify an address's parameters. ++retransmissions sent before an address is considered unreachable. ++ ++The parameter type is struct sctp_paddrparams, for reading and writing. ++spp_address is a specified transport address or 0, spp_assoc_id is ++a specified assoc_id or SCTP_FUTURE_ASSOC. ++ ++Default: hbinterval=sysctl_net.sctp.hb_interval, ++pathmaxrxt=sysctl_net.sctp.path_max_retrans, ++pathmtu=dev/route's, sackdelay=sysctl_net.sctp.sack_timeout, ++param_flags=HB_ENABLE|PMTUD_ENABLE|SACKDELAY_ENABLE, flowlabel=0, dscp=0. + .TP + .B SCTP_DEFAULT_SEND_PARAM + Applications that wish to use the sendto() system call may wish to specify + a default set of parameters that would normally be supplied through the +-inclusion of ancillary data. This socket option allows such an application to +-set the default sctp_sndrcvinfo structure. The application that wishes to use +-this socket option simply passes in to this call the sctp_sndrcvinfo structure +-defined in /usr/include/netinet/sctp.h. The input parameters accepted by this +-call include sinfo_stream, sinfo_flags, sinfo_ppid, sinfo_context, +-sinfo_timetolive. The user must set the sinfo_assoc_id field to identify the +-association to affect if the caller is using the one-to-many style. ++inclusion of ancillary data. This option has been obsoleted by ++SCTP_DEFAULT_SNDINFO. ++ ++The parameter type is struct sctp_sndrcvinfo. For reading, sinfo_assoc_id is ++a specified assoc_id or SCTP_FUTURE_ASSOC. For writing, sinfo_assoc_id is a ++specified assoc_id or SCTP_{FUTURE|CURRENT|ALL}_ASSOC. ++ ++Default: default_stream=0, default_flags=0, default_ppid=0, default_context=0, ++default_timetolive=0. + .TP + .B SCTP_EVENTS + This socket option is used to specify various notifications and ancillary data +-the user wishes to receive. The structure sctp_event_subscribe defined in +-/usr/include/netinet/sctp.h is used to access or modify the events of interest +-to the user. ++the user wishes to receive. This option has been obsoleted by SCTP_EVENT. ++ ++The parameter type is struct sctp_event_subscribe, for reading and writing. ++ ++Default: 0. + .TP + .B SCTP_I_WANT_MAPPED_V4_ADDR +-This socket option is a boolean flag which turns on or off mapped V4 +-addresses. If this option is turned on and the socket is type PF_INET6, +-then IPv4 addresses will be mapped to V6 representation. If this option is +-turned off, then no mapping will be done of V4 addresses and a user will +-receive both PF_INET6 and PF_INET type addresses on the socket. ++This socket option is used to turn on or off mapped V4 addresses. If this ++option is turned on and the socket is type PF_INET6, then IPv4 addresses ++will be mapped to V6 representation. If this option is turned off, then ++no mapping will be done of V4 addresses and a user will receive both ++PF_INET6 and PF_INET type addresses on the socket. + +-By default this option is turned on and expects an integer to be passed where +-non-zero turns on the option and zero turns off the option. ++The parameter type is int boolean, for reading and writing. ++ ++Default: 1. + .TP + .B SCTP_MAXSEG + This socket option specifies the maximum size to put in any outgoing +@@ -347,30 +400,37 @@ SCTP DATA chunk. If a message is larger than this size it will be + fragmented by SCTP into the specified size. Note that the underlying + SCTP implementation may fragment into smaller sized chunks when the + PMTU of the underlying association is smaller than the value set by +-the user. The option expects an integer. ++the user. 0 indicates the user is NOT limiting fragmentation and only ++the PMTU will effect SCTP's choice of DATA chunk size. ++ ++The parameter type is struct sctp_assoc_value, for reading and writing. ++assoc_id is a specified assoc_id or SCTP_FUTURE_ASSOC. + +-The default value for this option is 0 which indicates the user is +-NOT limiting fragmentation and only the PMTU will effect SCTP's +-choice of DATA chunk size. ++Default: 0(no limit). + .TP + .B SCTP_STATUS + Applications can retrieve current status information about an association, + including association state, peer receiver window size, number of unacked +-data chunks, and number of data chunks pending receipt. This information is +-read-only. The structure sctp_status defined in /usr/include/netinet/sctp.h +-is used to access this information. ++data chunks, and number of data chunks pending receipt. ++ ++The parameter type is struct sctp_status, for reading only. sstat_assoc_id ++is a specified assoc_id. + .TP + .B SCTP_GET_PEER_ADDR_INFO +-Applications can retrieve information about a specific peer address +-of an association, including its reachability state, congestion window, +-and retransmission timer values. This information is read-only. The structure +-sctp_paddrinfo defined in /usr/include/netinet/sctp.h is used to access this +-information. ++Applications can retrieve information about a specific peer address of ++an association, including its reachability state, congestion window, ++and retransmission timer values. ++ ++The parameter type is struct sctp_paddrinfo, for reading only. spinfo_address ++is a specified transport address, sas_assoc_id is a specified assoc_id ++or SCTP_FUTURE_ASSOC. + .TP + .B SCTP_GET_ASSOC_STATS + Applications can retrieve current statistics about an association, including +-SACKs sent and received, SCTP packets sent and received. The complete list can +-be found in /usr/include/netinet/sctp.h in struct sctp_assoc_stats. ++SACKs sent and received, SCTP packets sent and received. ++ ++The parameter type is struct sctp_assoc_stats, for reading only. ++sas_assoc_id is a specified assoc_id. + .SH AUTHORS + Sridhar Samudrala + .SH "SEE ALSO" +-- +2.39.1 + diff --git a/SPECS-EXTENDED/lksctp-tools/man-update-for-DESCRIPTION-and-SYSCTL-in-sctp.7.patch b/SPECS-EXTENDED/lksctp-tools/man-update-for-DESCRIPTION-and-SYSCTL-in-sctp.7.patch new file mode 100644 index 0000000000..8a829a06ae --- /dev/null +++ b/SPECS-EXTENDED/lksctp-tools/man-update-for-DESCRIPTION-and-SYSCTL-in-sctp.7.patch @@ -0,0 +1,53 @@ +From 90ef63cd633388b0b0487fee11885f4d2a6bcc8f Mon Sep 17 00:00:00 2001 +From: Xin Long +Date: Wed, 22 Feb 2023 20:24:59 -0500 +Subject: [PATCH 2/6] man: update for DESCRIPTION and SYSCTL in sctp.7 + +Update some out-of-date infomation in DESCRIPTION and SYSCTL +parts in sctp.7. + +Signed-off-by: Xin Long +--- + man/sctp.7 | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/man/sctp.7 b/man/sctp.7 +index 50b551e..c19c2b7 100644 +--- a/man/sctp.7 ++++ b/man/sctp.7 +@@ -18,9 +18,9 @@ sctp \- SCTP protocol. + .B sctp_socket = socket(PF_INET, SOCK_SEQPACKET, IPPROTO_SCTP); + .fi + .SH DESCRIPTION +-This is an implementation of the SCTP protocol as defined in RFC2960 and +-RFC3309. It is a message oriented, reliable transport protocol with direct +-support for multihoming that runs on top of ++This is an implementation of the SCTP protocol as defined in RFC4960. It is ++a message oriented, reliable transport protocol with direct support for ++multihoming that runs on top of + .BR ip (7), + and supports both v4 and v6 versions. + .PP +@@ -32,8 +32,8 @@ data is achieved by using checksums and sequence numbers. A selective + retransmission mechanism is applied to correct loss or corruption of data. + .PP + This implementation supports a mapping of SCTP into sockets API as defined +-in the draft-ietf-tsvwg-sctpsocket-10.txt(Sockets API extensions for SCTP). +-Two styles of interfaces are supported. ++in the RFC6458(Sockets API extensions for SCTP). Two styles of interfaces ++are supported. + .PP + A + .B one-to-many +@@ -111,7 +111,7 @@ files or with the + interface. In addition, most IP sysctls also apply to SCTP. See + .BR ip (7). + .TP +-Please check kernel documentation for this, at Documentation/networking/ip-sysctl.txt. ++Please check kernel documentation for this, at Documentation/networking/ip-sysctl.rst. + .SH "STATISTICS" + These variables can be accessed by the + .B /proc/net/sctp/* +-- +2.39.1 + diff --git a/SPECS-EXTENDED/lksctp-tools/sctp_test-check-strdup-return-in-append_addr.patch b/SPECS-EXTENDED/lksctp-tools/sctp_test-check-strdup-return-in-append_addr.patch new file mode 100644 index 0000000000..e2d50e3472 --- /dev/null +++ b/SPECS-EXTENDED/lksctp-tools/sctp_test-check-strdup-return-in-append_addr.patch @@ -0,0 +1,31 @@ +From 97970af0e414f480afca2914279f51616ff688bb Mon Sep 17 00:00:00 2001 +From: Xin Long +Date: Wed, 24 Nov 2021 10:55:24 -0500 +Subject: [PATCH] sctp_test: check strdup return in append_addr + +strdup() may return NULL in append_addr(), and we should do the +check for its return value before operating it. + +Signed-off-by: Xin Long +Signed-off-by: Marcelo Ricardo Leitner +--- + src/apps/sctp_test.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/apps/sctp_test.c b/src/apps/sctp_test.c +index e382804..59fd4ad 100644 +--- a/src/apps/sctp_test.c ++++ b/src/apps/sctp_test.c +@@ -499,6 +499,9 @@ append_addr(const char *parm, struct sockaddr *addrs, int *ret_count) + char *ifname; + int ifindex = 0; + ++ if (!ipaddr) ++ return NULL; ++ + /* check the interface. */ + ifname = strchr(ipaddr,'%'); + if (ifname) { +-- +2.39.1 + diff --git a/SPECS-EXTENDED/lua-json/48.patch b/SPECS-EXTENDED/lua-json/48.patch new file mode 100644 index 0000000000..3044e16ff9 --- /dev/null +++ b/SPECS-EXTENDED/lua-json/48.patch @@ -0,0 +1,37 @@ +From 473d61d262a1c86a69ad9b4882352d122e42f3fa Mon Sep 17 00:00:00 2001 +From: Josh +Date: Thu, 20 Jul 2023 15:49:33 -0400 +Subject: [PATCH] feat: support lpeg 1.1 + +This changeset adds support for lpeg 1.1 which updated the lpeg.version from a function to a string. + +Therefore we have to check the type of the value. + +Refs: #47 +--- + lua/json/decode/util.lua | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/lua/json/decode/util.lua b/lua/json/decode/util.lua +index 2493bf3..8b23751 100644 +--- a/lua/json/decode/util.lua ++++ b/lua/json/decode/util.lua +@@ -17,6 +17,8 @@ local table_concat = require("table").concat + + local merge = require("json.util").merge + ++local type = type ++ + local _ENV = nil + + local function get_invalid_character_info(input, index) +@@ -94,7 +96,8 @@ local unicode_ignored = (unicode_space + comment)^0 + + -- Parse the lpeg version skipping patch-values + -- LPEG <= 0.7 have no version value... so 0.7 is value +-local DecimalLpegVersion = lpeg.version and tonumber(lpeg.version():match("^(%d+%.%d+)")) or 0.7 ++-- LPEG >= 1.1 uses a string for the version instead of function ++local DecimalLpegVersion = lpeg.version and tonumber((type(lpeg.version) == "string" and lpeg.version or lpeg.version()):match("^(%d+%.%d+)")) or 0.7 + + local function setObjectKeyForceNumber(t, key, value) + key = tonumber(key) or key diff --git a/SPECS-EXTENDED/lua-json/lua-json.signatures.json b/SPECS-EXTENDED/lua-json/lua-json.signatures.json index 03590b5c61..897a6039e1 100644 --- a/SPECS-EXTENDED/lua-json/lua-json.signatures.json +++ b/SPECS-EXTENDED/lua-json/lua-json.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "luajson-1.3.2-7a86bc2.tar.gz": "474e073d8842de1f92faf15a79b90341c03e6b140747453ce738554db6d46972" + "luajson-1.3.4.tar.gz": "aff67d64027f747b4611646fd0421802eda60397da9076e3f7fb17227e542e99" } } diff --git a/SPECS-EXTENDED/lua-json/lua-json.spec b/SPECS-EXTENDED/lua-json/lua-json.spec index 892f098587..418496af4b 100644 --- a/SPECS-EXTENDED/lua-json/lua-json.spec +++ b/SPECS-EXTENDED/lua-json/lua-json.spec @@ -6,16 +6,18 @@ Distribution: Azure Linux %global shortcommit %(c=%{commit}; echo ${c:0:7}) Name: lua-json -Version: 1.3.2 -Release: 16%{?dist} +Version: 1.3.4 +Release: 9%{?dist} Summary: JSON Parser/Constructor for Lua License: MIT URL: https://github.com/harningt/luajson -Source0: https://github.com/harningt/luajson/archive/%{commit}/luajson-%{version}-%{shortcommit}.tar.gz -Patch0: luajson-lua-5.2.patch +Source0: https://github.com/harningt/luajson/archive/%{version}/luajson-%{version}.tar.gz +# Support for lpeg 1.1.0 +Patch0: https://github.com/harningt/luajson/pull/48.patch BuildRequires: lua >= %{luaver}, lua-lpeg >= 0.8.1 # for checks BuildRequires: lua-filesystem >= 1.4.1, lua-lunit >= 0.4 +BuildRequires: make Requires: lua(abi) >= %{luaver}, lua-lpeg >= 0.8.1 BuildArch: noarch @@ -23,8 +25,7 @@ BuildArch: noarch LuaJSON is a customizable JSON decoder/encoder, using LPEG for parsing. %prep -%setup -q -n luajson-%{commit} -%patch 0 -p1 -b .lua-52 +%autosetup -p1 -n luajson-%{version} %build @@ -39,17 +40,52 @@ make check-regression # grep -q "0 failed, 0 errors" testlog.txt %files -%license LICENSE -%doc docs/LuaJSON.txt docs/ReleaseNotes-1.0.txt +%doc LICENSE docs/LuaJSON.txt docs/ReleaseNotes-1.0.txt %{luapkgdir}/* %changelog -* Mon Feb 28 2022 Pawel Winogrodzki - 1.3.2-16 -- Fixing run-time dependencies. -- License verified. +* Tue Apr 08 2025 Aninda Pradhan - 1.3.4-9 +- Initial Azure Linux import from Fedora 41 (license: MIT) +- License Verified -* Fri Oct 15 2021 Pawel Winogrodzki - 1.3.2-15 -- Initial CBL-Mariner import from Fedora 32 (license: MIT). +* Thu Aug 01 2024 Orion Poplawski - 1.3.4-8 +- Add upstream patch to support lua lpeg 1.1.0 (bz#2302036) + +* Thu Jul 18 2024 Fedora Release Engineering - 1.3.4-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Thu Jan 25 2024 Fedora Release Engineering - 1.3.4-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Fedora Release Engineering - 1.3.4-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Jul 20 2023 Fedora Release Engineering - 1.3.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Jan 19 2023 Fedora Release Engineering - 1.3.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Jul 21 2022 Fedora Release Engineering - 1.3.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Sat May 28 2022 Orion Poplawski - 1.3.4-1 +- Update to 1.3.4 + +* Thu Jan 20 2022 Fedora Release Engineering - 1.3.2-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Jul 22 2021 Fedora Release Engineering - 1.3.2-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Jan 26 2021 Fedora Release Engineering - 1.3.2-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 1.3.2-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jun 30 2020 Miro Hrončok - 1.3.2-15 +- Rebuilt for Lua 5.4 * Wed Jan 29 2020 Fedora Release Engineering - 1.3.2-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild @@ -110,3 +146,4 @@ make check-regression * Thu Sep 10 2009 Michel Salim - 1.0-1 - Initial package + diff --git a/SPECS-EXTENDED/lua-json/luajson-lua-5.2.patch b/SPECS-EXTENDED/lua-json/luajson-lua-5.2.patch deleted file mode 100644 index 75966c1069..0000000000 --- a/SPECS-EXTENDED/lua-json/luajson-lua-5.2.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up luajson-7a86bc22066858afeb23845a191a6ab680b46233/lua/json/decode/state.lua.lua-52 luajson-7a86bc22066858afeb23845a191a6ab680b46233/lua/json/decode/state.lua ---- luajson-7a86bc22066858afeb23845a191a6ab680b46233/lua/json/decode/state.lua.lua-52 2013-05-10 16:32:47.277329679 -0400 -+++ luajson-7a86bc22066858afeb23845a191a6ab680b46233/lua/json/decode/state.lua 2013-05-10 16:33:19.301328534 -0400 -@@ -8,7 +8,7 @@ local jsonutil = require("json.util") - local assert = assert - local type = type - local next = next --local unpack = unpack -+local unpack = table.unpack - - local _ENV = nil - -diff -up luajson-7a86bc22066858afeb23845a191a6ab680b46233/tests/lunit-encoderfunc.lua.lua-52 luajson-7a86bc22066858afeb23845a191a6ab680b46233/tests/lunit-encoderfunc.lua ---- luajson-7a86bc22066858afeb23845a191a6ab680b46233/tests/lunit-encoderfunc.lua.lua-52 2013-05-10 16:31:50.764331699 -0400 -+++ luajson-7a86bc22066858afeb23845a191a6ab680b46233/tests/lunit-encoderfunc.lua 2013-05-10 16:32:00.788331341 -0400 -@@ -8,7 +8,7 @@ local setmetatable = setmetatable - module("lunit-encoderfunc", lunit.testcase, package.seeall) - - local function build_call(name, parameters) -- return json.util.buildCall(name, unpack(parameters, parameters.n)) -+ return json.util.buildCall(name, table.unpack(parameters, parameters.n)) - end - - function test_param_counts() diff --git a/SPECS-EXTENDED/lua-lunit/lua-lunit.signatures.json b/SPECS-EXTENDED/lua-lunit/lua-lunit.signatures.json deleted file mode 100644 index ad785068f9..0000000000 --- a/SPECS-EXTENDED/lua-lunit/lua-lunit.signatures.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "Signatures": { - "lunit-0.5.tar.gz": "36abb8c4f8a3602c7c2b043d5b3612c2836a637ad504b58041acac1ddccb1852" - } -} diff --git a/SPECS-EXTENDED/lua-lunit/lua-lunit.spec b/SPECS-EXTENDED/lua-lunit/lua-lunit.spec deleted file mode 100644 index 55365793ee..0000000000 --- a/SPECS-EXTENDED/lua-lunit/lua-lunit.spec +++ /dev/null @@ -1,119 +0,0 @@ -%define luaver 5.2 -%define luapkgdir %{_datadir}/lua/%{luaver} - -Name: lua-lunit -Version: 0.5 -Release: 18%{?dist} -Summary: Unit testing framework for Lua - -License: MIT -Vendor: Microsoft Corporation -Distribution: Azure Linux -URL: https://github.com/mrothNET/lunit -# Source0: https://github.com/mrothNET/lunit/archive/refs/tags/v0.5.tar.gz -Source0: https://github.com/mrothNET/lunit/archive/refs/tags/lunit-%{version}.tar.gz - -# for running tests -BuildRequires: lua >= %{luaver} -Requires: lua >= %{luaver} - -BuildArch: noarch - -%description -Lunit is a unit testing framework for lua, written in lua. - -Lunit provides 26 assert functions, and a few misc functions for usage -in an easy unit testing framework. - -Lunit comes with a test suite to test itself. The testsuite consists -of approximately 710 assertions. - - -%prep -%setup -q -n lunit-%{version} - - -%build - - -%install -rm -rf $RPM_BUILD_ROOT -mkdir -p $RPM_BUILD_ROOT%{_bindir} -cp -p lunit $RPM_BUILD_ROOT%{_bindir} - -mkdir -p $RPM_BUILD_ROOT%{luapkgdir} -cp -pr lunit{,-console}.lua $RPM_BUILD_ROOT%{luapkgdir} - - -%check -./lunit lunit-tests.lua | tee testlog.txt -grep -q "0 failed, 0 errors" testlog.txt - - - -%files -%doc LICENSE ANNOUNCE CHANGES DOCUMENTATION README* example.lua -%{_bindir}/lunit -%{luapkgdir}/* - - -%changelog -* Fri Oct 15 2021 Pawel Winogrodzki - 0.5-18 -- Initial CBL-Mariner import from Fedora 32 (license: MIT). - -* Wed Jan 29 2020 Fedora Release Engineering - 0.5-17 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Thu Jul 25 2019 Fedora Release Engineering - 0.5-16 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Fri Feb 01 2019 Fedora Release Engineering - 0.5-15 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Fri Jul 13 2018 Fedora Release Engineering - 0.5-14 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Thu Feb 08 2018 Fedora Release Engineering - 0.5-13 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Wed Jul 26 2017 Fedora Release Engineering - 0.5-12 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Fri Feb 10 2017 Fedora Release Engineering - 0.5-11 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Thu Feb 04 2016 Fedora Release Engineering - 0.5-10 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Wed Jun 17 2015 Fedora Release Engineering - 0.5-9 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Sat Jun 07 2014 Fedora Release Engineering - 0.5-8 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Sat Aug 03 2013 Fedora Release Engineering - 0.5-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Fri May 10 2013 Tom Callaway - 0.5-6 -- rebuild for lua 5.2 - -* Thu Feb 14 2013 Fedora Release Engineering - 0.5-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild - -* Thu Jul 19 2012 Fedora Release Engineering - 0.5-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Fri Jan 13 2012 Fedora Release Engineering - 0.5-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild - -* Tue Feb 08 2011 Fedora Release Engineering - 0.5-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Thu Nov 5 2009 Michel Salim - 0.5-1 -- Update to 0.5 - -* Mon Oct 19 2009 Michel Salim - 0.4-2 -- Patch out the use of non-existent myerror fn - -* Thu Sep 10 2009 Michel Salim - 0.4-1 -- Initial package diff --git a/SPECS-EXTENDED/lua-lunitx/lua-lunitx.signatures.json b/SPECS-EXTENDED/lua-lunitx/lua-lunitx.signatures.json new file mode 100644 index 0000000000..08c85ccdaa --- /dev/null +++ b/SPECS-EXTENDED/lua-lunitx/lua-lunitx.signatures.json @@ -0,0 +1,5 @@ +{ + "Signatures": { + "lunitx-0.8.1.tar.gz": "e571ff01cb8f8f77dceeb098359bc5d7f5b4b696023e3b9d5ee1b4c3d986ac32" + } +} \ No newline at end of file diff --git a/SPECS-EXTENDED/lua-lunitx/lua-lunitx.spec b/SPECS-EXTENDED/lua-lunitx/lua-lunitx.spec new file mode 100644 index 0000000000..8df10b7fc3 --- /dev/null +++ b/SPECS-EXTENDED/lua-lunitx/lua-lunitx.spec @@ -0,0 +1,84 @@ +Name: lua-lunitx +Version: 0.8.1 +Release: 12%{?dist} +Summary: Unit testing framework for Lua + +License: MIT +Vendor: Microsoft Corporation +Distribution: Azure Linux +URL: https://github.com/dcurrie/lunit/ +Source0: https://github.com/dcurrie/lunit/archive/%{version}.tar.gz#/lunitx-%{version}.tar.gz + +# for running tests +# also, macros are in lua-devel +BuildRequires: lua-devel >= 5.2 + +BuildArch: noarch + +Provides: lua-lunit = %{version}-%{release} +Obsoletes: lua-lunit < %{version}-%{release} + +%description +This is lunitx Version 0.8.1, an extended version of Lunit +for Lua 5.2, 5.3, and 5.4. + +Lunit is a unit testing framework for lua. + +%prep +%autosetup -n lunit-%{version} + +%install +mkdir -p %{buildroot}%{_bindir} +cp -p extra/lunit.sh %{buildroot}%{_bindir}/lunit + +mkdir -p %{buildroot}%{lua_pkgdir} +cp -pr lua/* %{buildroot}%{lua_pkgdir} + +%check +# for self test, without --dontforce lunit will try to load its launcher which is a shell script +LUA_PATH='%{buildroot}%{lua_pkgdir}/?.lua;;' %{buildroot}%{_bindir}/lunit --dontforce test/selftest.lua + +%files +%license LICENSE +%doc ANNOUNCE CHANGES DOCUMENTATION examples README* +%{_bindir}/lunit +%{lua_pkgdir}/* + +%changelog +* Mon Apr 29 2025 Aninda Pradhan - 0.8.1-12 +- Initial Azure Linux import from Fedora 41 (license: MIT) +- License Verified + +* Thu Jul 18 2024 Fedora Release Engineering - 0.8.1-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Thu Jan 25 2024 Fedora Release Engineering - 0.8.1-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Fedora Release Engineering - 0.8.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Jul 20 2023 Fedora Release Engineering - 0.8.1-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Jan 19 2023 Fedora Release Engineering - 0.8.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Jul 21 2022 Fedora Release Engineering - 0.8.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Thu Jan 20 2022 Fedora Release Engineering - 0.8.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Jul 22 2021 Fedora Release Engineering - 0.8.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Jan 26 2021 Fedora Release Engineering - 0.8.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Aug 27 2020 Michel Alexandre Salim - 0.8.1-2 +- Use standard Lua macros + +* Tue Aug 25 2020 Michel Alexandre Salim - 0.8.1-1 +- Initial Fedora package (replacing lua-lunit) + diff --git a/SPECS-EXTENDED/marisa/marisa.signatures.json b/SPECS-EXTENDED/marisa/marisa.signatures.json index 642541d434..652bdef4c3 100644 --- a/SPECS-EXTENDED/marisa/marisa.signatures.json +++ b/SPECS-EXTENDED/marisa/marisa.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "marisa-0.2.4.tar.gz": "67a7a4f70d3cc7b0a85eb08f10bc3eaf6763419f0c031f278c1f919121729fb3" + "marisa-0.2.6.tar.gz": "1063a27c789e75afa2ee6f1716cc6a5486631dcfcb7f4d56d6485d2462e566de" } } diff --git a/SPECS-EXTENDED/marisa/marisa.spec b/SPECS-EXTENDED/marisa/marisa.spec index fed1cfd599..a8a395a99a 100644 --- a/SPECS-EXTENDED/marisa/marisa.spec +++ b/SPECS-EXTENDED/marisa/marisa.spec @@ -1,22 +1,21 @@ -Vendor: Microsoft Corporation -Distribution: Azure Linux - # disable python2 by default %bcond_with python2 Name: marisa -Version: 0.2.4 -Release: 45%{?dist} +Version: 0.2.6 +Release: 12%{?dist} +Vendor: Microsoft Corporation +Distribution: Azure Linux Summary: Static and spece-efficient trie data structure library -License: BSD or LGPLv2+ -URL: https://code.google.com/p/marisa-trie -# Currently the working URL is -# https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/marisa-trie/%%{name}-%%{version}.tar.gz -Source0: https://marisa-trie.googlecode.com/files/%{name}-%{version}.tar.gz +License: BSD-2-Clause OR LGPL-2.1-or-later +URL: https://github.com/s-yata/marisa-trie +Source0: https://github.com/s-yata/marisa-trie/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz -BuildRequires: gcc -BuildRequires: gcc-c++ +BuildRequires: autoconf, automake, libtool +BuildRequires: make +BuildRequires: gcc +BuildRequires: gcc-c++ BuildRequires: swig BuildRequires: perl-devel BuildRequires: perl-generators @@ -24,6 +23,7 @@ BuildRequires: perl-generators BuildRequires: python2-devel %endif BuildRequires: python3-devel +BuildRequires: python3-setuptools BuildRequires: ruby-devel %description @@ -97,46 +97,47 @@ Ruby language binding for groonga %prep -%autosetup +%autosetup -n %{name}-trie-%{version} %build %set_build_flags +autoreconf -i %configure --disable-static sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool -make %{?_smp_mflags} +%{make_build} # build Perl bindings pushd bindings/perl -%{__perl} Makefile.PL INC="-I%{_builddir}/%{name}-%{version}/lib" LIBS="-L%{_builddir}/%{name}-%{version}/lib/.libs -lmarisa" INSTALLDIRS=vendor -make %{?_smp_mflags} +%{__perl} Makefile.PL INC="-I%{_builddir}/%{name}-trie-%{version}/include" LIBS="-L%{_builddir}/%{name}-trie-%{version}/lib/%{name}/.libs -lmarisa" INSTALLDIRS=vendor +%{make_build} popd # build Python bindings # Regenerate Python bindings -make --directory=bindings swig-python +%{make_build} --directory=bindings swig-python pushd bindings/python %if %{with python2} -%{__python2} setup.py build_ext --include-dirs="%{_builddir}/%{name}-%{version}/lib" --library-dirs="%{_builddir}/%{name}-%{version}/lib/.libs" +%{__python2} setup.py build_ext --include-dirs="%{_builddir}/%{name}-trie-%{version}/include" --library-dirs="%{_builddir}/%{name}-trie-%{version}/lib/%{name}/.libs" %py2_build %endif -%{__python3} setup.py build_ext --include-dirs="%{_builddir}/%{name}-%{version}/lib" --library-dirs="%{_builddir}/%{name}-%{version}/lib/.libs" +%{__python3} setup.py build_ext --include-dirs="%{_builddir}/%{name}-trie-%{version}/include" --library-dirs="%{_builddir}/%{name}-trie-%{version}/lib/%{name}/.libs" %py3_build popd # build Ruby bindings # Regenerate ruby bindings pushd bindings -make swig-ruby +%{make_build} swig-ruby popd pushd bindings/ruby -ruby extconf.rb --with-opt-include="%{_builddir}/%{name}-%{version}/lib" --with-opt-lib="%{_builddir}/%{name}-%{version}/lib/.libs" --vendor -make +ruby extconf.rb --with-opt-include="%{_builddir}/%{name}-trie-%{version}/include" --with-opt-lib="%{_builddir}/%{name}-trie-%{version}/lib/%{name}/.libs" --vendor +%{make_build} popd %install @@ -156,6 +157,7 @@ pushd bindings/python %py2_install %endif %py3_install +rm -rf %{buildroot}/%{python3_sitearch}/marisa-0.0.0-py%{python3_version}.egg-info popd # install Ruby bindings @@ -172,9 +174,9 @@ rm -f $RPM_BUILD_ROOT%{perl_vendorarch}/sample.pl %files -%doc docs/style.css AUTHORS README docs/readme.en.html +%doc docs/style.css AUTHORS README.md docs/readme.en.html %lang(ja) %doc docs/readme.ja.html -%license COPYING +%license COPYING.md %{_libdir}/libmarisa.so.* %files devel @@ -194,6 +196,7 @@ rm -f $RPM_BUILD_ROOT%{perl_vendorarch}/sample.pl %files perl %{perl_vendorarch}/marisa.pm %{perl_vendorarch}/auto/marisa +%{perl_vendorarch}/benchmark.pl %if %{with python2} %files -n python2-%{name} @@ -206,15 +209,101 @@ rm -f $RPM_BUILD_ROOT%{perl_vendorarch}/sample.pl %{python3_sitearch}/__pycache__/marisa* %{python3_sitearch}/_marisa*.so %{python3_sitearch}/marisa.py -%{python3_sitearch}/marisa-0.0.0-py3.?.egg-info %files ruby %{ruby_vendorarchdir}/marisa.so %changelog -* Mon Mar 15 2021 Henry Li - 0.2.4-45 -- Initial CBL-Mariner import from Fedora 32 (license: MIT). -- Fix distro condition checking +* Mon Apr 28 2025 Archana Shettigar - 0.2.6-12 +- Initial Azure Linux import from Fedora 41 (license: MIT). +- License verified + +* Thu Jul 18 2024 Fedora Release Engineering - 0.2.6-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Wed Jun 12 2024 Jitka Plesnikova - 0.2.6-10 +- Perl 5.40 rebuild + +* Fri Jun 07 2024 Python Maint - 0.2.6-9 +- Rebuilt for Python 3.13 + +* Thu Jan 25 2024 Fedora Release Engineering - 0.2.6-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Fedora Release Engineering - 0.2.6-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Jan 03 2024 Mamoru TASAKA - 0.2.6-6 +- Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_3.3 + +* Thu Jul 20 2023 Fedora Release Engineering - 0.2.6-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Tue Jul 11 2023 Jitka Plesnikova - 0.2.6-4 +- Perl 5.38 rebuild + +* Mon Jun 26 2023 Python Maint - 0.2.6-3 +- Rebuilt for Python 3.12 + +* Tue Jun 20 2023 Peng Wu - 0.2.6-2 +- Migrate to SPDX license + +* Mon Jun 19 2023 Peng Wu - 0.2.6-1 +- Update to 0.2.6 +- Resolves: RHBZ#2215688 + +* Tue Jun 13 2023 Python Maint - 0.2.4-61 +- Rebuilt for Python 3.12 + +* Thu Jun 8 2023 Peng Wu - 0.2.4-60 +- Add BuildRequires python3-setuptools +- Use make_build macro instead of just make +- Resolves: RHBZ#2048094, RHBZ#2155002 + +* Thu Jan 19 2023 Fedora Release Engineering - 0.2.4-59 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Wed Jan 04 2023 Mamoru TASAKA - 0.2.4-58 +- Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_3.2 + +* Thu Jul 21 2022 Fedora Release Engineering - 0.2.4-57 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Mon Jun 13 2022 Python Maint - 0.2.4-56 +- Rebuilt for Python 3.11 + +* Mon May 30 2022 Jitka Plesnikova - 0.2.4-55 +- Perl 5.36 rebuild + +* Thu Jan 27 2022 Mamoru TASAKA - 0.2.4-54 +- F-36: rebuild against ruby31 + +* Thu Jan 20 2022 Fedora Release Engineering - 0.2.4-53 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Jul 22 2021 Fedora Release Engineering - 0.2.4-52 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Fri Jun 04 2021 Python Maint - 0.2.4-51 +- Rebuilt for Python 3.10 + +* Fri May 21 2021 Jitka Plesnikova - 0.2.4-50 +- Perl 5.34 rebuild + +* Tue Jan 26 2021 Fedora Release Engineering - 0.2.4-49 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jan 06 2021 Mamoru TASAKA - 0.2.4-48 +- F-34: rebuild against ruby 3.0 + +* Tue Jul 28 2020 Fedora Release Engineering - 0.2.4-47 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jun 22 2020 Jitka Plesnikova - 0.2.4-46 +- Perl 5.32 rebuild + +* Tue May 26 2020 Miro Hrončok - 0.2.4-45 +- Rebuilt for Python 3.9 * Wed Jan 29 2020 Fedora Release Engineering - 0.2.4-44 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild diff --git a/SPECS-EXTENDED/mdds/mdds.signatures.json b/SPECS-EXTENDED/mdds/mdds.signatures.json index 74e45084ff..495c318e09 100644 --- a/SPECS-EXTENDED/mdds/mdds.signatures.json +++ b/SPECS-EXTENDED/mdds/mdds.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "mdds-1.5.0.tar.bz2": "144d6debd7be32726f332eac14ef9f17e2d3cf89cb3250eb31a7127e0789680d" + "mdds-2.1.1.tar.bz2": "8a3767f0a60c53261b5ebbaa717381446813aef8cf28fe9d0ea1371123bbe3f1" } } diff --git a/SPECS-EXTENDED/mdds/mdds.spec b/SPECS-EXTENDED/mdds/mdds.spec index 002fe1de08..7d229fb2cd 100644 --- a/SPECS-EXTENDED/mdds/mdds.spec +++ b/SPECS-EXTENDED/mdds/mdds.spec @@ -3,17 +3,18 @@ Distribution: Azure Linux # header-only library %global debug_package %{nil} -%global apiversion 1.5 +%global apiversion 2.1 Name: mdds -Version: 1.5.0 -Release: 3%{?dist} +Version: 2.1.1 +Release: 6%{?dist} Summary: A collection of multi-dimensional data structures and indexing algorithms License: MIT URL: https://gitlab.com/mdds/mdds -Source0: http://kohei.us/files/%{name}/src/%{name}-%{version}.tar.bz2 +Source0: https://kohei.us/files/%{name}/src/%{name}-%{version}.tar.bz2 +BuildRequires: make BuildRequires: boost-devel BuildRequires: gcc-c++ BuildRequires: autoconf @@ -63,8 +64,60 @@ make check %{?_smp_mflags} %license LICENSE %changelog -* Fri Oct 15 2021 Pawel Winogrodzki - 1.5.0-3 -- Initial CBL-Mariner import from Fedora 32 (license: MIT). +* Tue Dec 31 2024 Aninda Pradhan - 2.1.1-6 +- Initial Azure Linux import from Fedora 41 (license: MIT) +- License Verified. + +* Thu Jul 18 2024 Fedora Release Engineering - 2.1.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Thu Jan 25 2024 Fedora Release Engineering - 2.1.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Fedora Release Engineering - 2.1.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Aug 23 2023 Gwyn Ciesla - 2.1.1-2 +- Sources + +* Wed Aug 23 2023 Gwyn Ciesla - 2.1.1-1 +- 2.1.1 + +* Thu Jul 20 2023 Fedora Release Engineering - 2.0.3-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Jan 19 2023 Fedora Release Engineering - 2.0.3-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Mon Nov 21 2022 David Tardon - 2.0.3-3 +- Convert license to SPDX + +* Thu Jul 21 2022 Fedora Release Engineering - 2.0.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Wed May 11 2022 Caolán McNamara - 2.0.3-1 +- latest release + +* Wed Feb 16 2022 Caolán McNamara - 2.0.2-1 +- latest release + +* Wed Feb 02 2022 Caolán McNamara - 2.0.1-1 +- new upstream release needed for libreoffice 7.3 + +* Thu Jan 20 2022 Fedora Release Engineering - 1.7.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Jul 22 2021 Fedora Release Engineering - 1.7.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Jan 26 2021 Fedora Release Engineering - 1.7.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Sep 21 2020 Caolán McNamara - 1.7.0-1 +- new upstream release + +* Tue Jul 28 2020 Fedora Release Engineering - 1.5.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Jan 29 2020 Fedora Release Engineering - 1.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild diff --git a/SPECS-EXTENDED/mod_http2/mod_http2-1.14.1-buildfix.patch b/SPECS-EXTENDED/mod_http2/mod_http2-1.14.1-buildfix.patch deleted file mode 100644 index 25ff1faf6c..0000000000 --- a/SPECS-EXTENDED/mod_http2/mod_http2-1.14.1-buildfix.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -uap mod_http2-1.14.0/mod_http2/h2_from_h1.c.buildfix mod_http2-1.14.0/mod_http2/h2_from_h1.c ---- mod_http2-1.14.0/mod_http2/h2_from_h1.c.buildfix 2019-02-12 13:30:56.000000000 +0000 -+++ mod_http2-1.14.0/mod_http2/h2_from_h1.c 2019-03-14 10:35:46.365678537 +0000 -@@ -35,6 +35,10 @@ - #include "h2_task.h" - #include "h2_util.h" - -+#ifndef AP_STATUS_IS_HEADER_ONLY -+#define AP_STATUS_IS_HEADER_ONLY(x) ((x) == HTTP_NO_CONTENT || \ -+ (x) == HTTP_NOT_MODIFIED) -+#endif - - /* This routine is called by apr_table_do and merges all instances of - * the passed field values into a single array that will be further diff --git a/SPECS-EXTENDED/mod_http2/mod_http2.signatures.json b/SPECS-EXTENDED/mod_http2/mod_http2.signatures.json index 3a207caad8..8c004a1de5 100644 --- a/SPECS-EXTENDED/mod_http2/mod_http2.signatures.json +++ b/SPECS-EXTENDED/mod_http2/mod_http2.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "mod_http2-1.15.14.tar.gz": "1574fda39d6776841eb11eb1263e584382ce4858d03f252ab5c82852f00836ab" + "mod_http2-2.0.29.tar.gz": "8c4e6219f87f35879fb166a3c08574dea4f454814f3b739b854675a03c6f2d4e" } } diff --git a/SPECS-EXTENDED/mod_http2/mod_http2.spec b/SPECS-EXTENDED/mod_http2/mod_http2.spec index 7c6e57fa40..0d71a6bfda 100644 --- a/SPECS-EXTENDED/mod_http2/mod_http2.spec +++ b/SPECS-EXTENDED/mod_http2/mod_http2.spec @@ -1,35 +1,43 @@ -Vendor: Microsoft Corporation -Distribution: Azure Linux # Module Magic Number %{!?_httpd_mmn: %global _httpd_mmn %(cat %{_includedir}/httpd/.mmn 2>/dev/null || echo 0-0)} Name: mod_http2 -Version: 1.15.14 -Release: 2%{?dist} +Version: 2.0.29 +Release: 3%{?dist} Summary: module implementing HTTP/2 for Apache 2 -License: ASL 2.0 +License: Apache-2.0 +Vendor: Microsoft Corporation +Distribution: Azure Linux URL: https://icing.github.io/mod_h2/ Source0: https://github.com/icing/mod_h2/releases/download/v%{version}/mod_http2-%{version}.tar.gz -Patch1: mod_http2-1.14.1-buildfix.patch +BuildRequires: make BuildRequires: gcc -BuildRequires: pkgconfig, httpd-devel >= 2.4.20, libnghttp2-devel >= 1.7.0, openssl-devel >= 1.0.2 -Requires: httpd-mmn -Conflicts: httpd < 2.4.25-8 +BuildRequires: pkgconfig +BuildRequires: httpd-devel >= 2.4.20 +BuildRequires: libnghttp2-devel >= 1.7.0 +BuildRequires: openssl-devel >= 1.0.2 +BuildRequires: autoconf +BuildRequires: libtool +BuildRequires: /usr/bin/hostname +Requires: httpd-mmn +Conflicts: httpd < 2.4.48 +# https://bugzilla.redhat.com/show_bug.cgi?id=2131458 +Conflicts: libnghttp2 < 1.50.0-1 %description The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. %prep -%setup -q -%patch 1 -p1 -b .buildfix +%autosetup %build -%configure -make %{?_smp_mflags} V=1 +autoreconf -i +%configure --with-apxs=%{_httpd_apxs} +%make_build %install -make DESTDIR=%{buildroot} install +%make_install rm -rf %{buildroot}/etc/httpd/share/doc/ # create configuration @@ -46,8 +54,85 @@ echo "LoadModule proxy_http2_module modules/mod_proxy_http2.so" > %{buildroot}%{ %{_httpd_moddir}/mod_proxy_http2.so %changelog -* Fri Oct 15 2021 Pawel Winogrodzki - 1.15.14-2 -- Initial CBL-Mariner import from Fedora 33 (license: MIT). +* Wed Mar 12 2025 Akhila Guruju - 2.0.29-3 +- Initial Azure Linux import from Fedora 41 (license: MIT). +- License verified + +* Thu Jul 18 2024 Fedora Release Engineering - 2.0.29-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Thu Jul 11 2024 Luboš Uhliarik - 2.0.29-1 +- new version 2.0.29 + +* Fri Apr 5 2024 Joe Orton - 2.0.27-1 +- update to 2.0.27 + +* Thu Jan 25 2024 Fedora Release Engineering - 2.0.26-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Fedora Release Engineering - 2.0.26-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Jan 17 2024 Luboš Uhliarik - 2.0.26-1 +- new version 2.0.26 + +* Sat Oct 21 2023 Luboš Uhliarik - 2.0.25-1 +- new version 2.0.25 + +* Mon Sep 11 2023 Luboš Uhliarik - 2.0.22-1 +- new version 2.0.22 + +* Thu Jul 20 2023 Fedora Release Engineering - 2.0.18-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Jun 01 2023 Luboš Uhliarik - 2.0.18-1 +- new version 2.0.18 +- SPDX migration + +* Wed Apr 12 2023 Luboš Uhliarik - 2.0.14-1 +- new version 2.0.14 + +* Thu Jan 19 2023 Fedora Release Engineering - 2.0.11-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Tue Dec 20 2022 Joe Orton - 2.0.11-1 +- update to 2.0.11 +- fix conflict with older libnghttp2 + +* Thu Oct 6 2022 Joe Orton - 2.0.9-1 +- update to 2.0.9 + +* Fri Sep 23 2022 Joe Orton - 2.0.7-1 +- update to 2.0.7 + +* Thu Jul 21 2022 Fedora Release Engineering - 1.15.24-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Thu Jan 20 2022 Fedora Release Engineering - 1.15.24-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Fri Sep 17 2021 Joe Orton - 1.15.24-1 +- update to 1.15.24 + +* Tue Sep 14 2021 Sahana Prasad - 1.15.23-2 +- Rebuilt with OpenSSL 3.0.0 + +* Fri Aug 6 2021 Joe Orton - 1.15.23-1 +- update to 1.15.23 + +* Thu Jul 22 2021 Fedora Release Engineering - 1.15.19-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Fri Jun 11 2021 Luboš Uhliarik - 1.15.19-1 +- new version 1.15.19 +- Resolves: #1968014 - CVE-2021-31618 httpd: NULL pointer dereference on + specially crafted HTTP/2 request + +* Tue Jan 26 2021 Fedora Release Engineering - 1.15.14-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Aug 27 2020 Joe Orton - 1.15.14-2 +- use apxs via _httpd_apxs macro * Mon Aug 17 2020 Joe Orton - 1.15.14-1 - update to 1.15.14 diff --git a/SPECS-EXTENDED/nvmetcli/nvmetcli.signatures.json b/SPECS-EXTENDED/nvmetcli/nvmetcli.signatures.json deleted file mode 100644 index 24fe911cf0..0000000000 --- a/SPECS-EXTENDED/nvmetcli/nvmetcli.signatures.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "Signatures": { - "nvmetcli-0.4.tar.gz": "afaa1246369bd38a317890f1cd52afb318194611a1e73e5dd1ec1e1efff18433" - } -} diff --git a/SPECS-EXTENDED/nvmetcli/nvmetcli.spec b/SPECS-EXTENDED/nvmetcli/nvmetcli.spec deleted file mode 100644 index f822726504..0000000000 --- a/SPECS-EXTENDED/nvmetcli/nvmetcli.spec +++ /dev/null @@ -1,96 +0,0 @@ -Name: nvmetcli -License: ASL 2.0 -Summary: An adminstration shell for NVMe storage targets -Version: 0.4 -Release: 11%{?dist} -Vendor: Microsoft Corporation -Distribution: Azure Linux -URL: ftp://ftp.infradead.org/pub/nvmetcli/ -Source: ftp://ftp.infradead.org/pub/nvmetcli/%{name}-%{version}.tar.gz -BuildArch: noarch -BuildRequires: python3-devel python3-setuptools systemd-units asciidoc xmlto -Requires: python3-configshell python3-kmod -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd - -%description -This package contains the command line interface to the NVMe over Fabrics -nvmet in the Linux kernel. It allows configuring the nvmet interactively -as well as saving / restoring the configuration to / from a json file. - -%prep -%setup -q - -%build -%{__python3} setup.py build -cd Documentation -make -gzip --stdout nvmetcli.8 > nvmetcli.8.gz - -%install -%{__python3} setup.py install --skip-build --root %{buildroot} -mkdir -p %{buildroot}%{_unitdir} -mkdir -p %{buildroot}%{_sysconfdir}/nvmet -install -m 644 nvmet.service %{buildroot}%{_unitdir}/nvmet.service -mkdir -p %{buildroot}%{_mandir}/man8/ -install -m 644 Documentation/nvmetcli.8.gz %{buildroot}%{_mandir}/man8/ - -%post -%systemd_post nvmet.service - -%preun -%systemd_preun nvmet.service - -%postun -%systemd_postun_with_restart nvmet.service - -%files -%{python3_sitelib}/* -%dir %{_sysconfdir}/nvmet -%{_sbindir}/nvmetcli -%{_unitdir}/nvmet.service -%doc README -%license COPYING -%{_mandir}/man8/nvmetcli.8.gz - -%changelog -* Fri Oct 15 2021 Pawel Winogrodzki - 0.4-11 -- Initial CBL-Mariner import from Fedora 32 (license: MIT). - -* Wed Jan 29 2020 Fedora Release Engineering - 0.4-10 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Thu Oct 03 2019 Miro Hrončok - 0.4-9 -- Rebuilt for Python 3.8.0rc1 (#1748018) - -* Mon Aug 19 2019 Miro Hrončok - 0.4-8 -- Rebuilt for Python 3.8 - -* Thu Jul 25 2019 Fedora Release Engineering - 0.4-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Fri Feb 01 2019 Fedora Release Engineering - 0.4-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Fri Jul 13 2018 Fedora Release Engineering - 0.4-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Tue Jun 19 2018 Miro Hrončok - 0.4-4 -- Rebuilt for Python 3.7 - -* Thu Feb 08 2018 Fedora Release Engineering - 0.4-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Thu Jul 27 2017 Fedora Release Engineering - 0.4-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Tue May 9 2017 Andy Grover - 0.4-1 -- Update for new upstream release -- Remove fix-setup.patch - -* Tue Feb 21 2017 Andy Grover - 0.3-1 -- Update for new upstream release - -* Wed Oct 12 2016 Andy Grover - 0.2-1 -- Initial packaging diff --git a/SPECS-EXTENDED/objenesis/objenesis-javadoc.patch b/SPECS-EXTENDED/objenesis/objenesis-javadoc.patch new file mode 100644 index 0000000000..c6a186319d --- /dev/null +++ b/SPECS-EXTENDED/objenesis/objenesis-javadoc.patch @@ -0,0 +1,11 @@ +--- objenesis-3.1/tck/src/main/java/org/objenesis/tck/TCK.java 2022-03-19 22:06:57.437915731 +0100 ++++ objenesis-3.1/tck/src/main/java/org/objenesis/tck/TCK.java 2022-03-19 22:07:53.950244008 +0100 +@@ -31,7 +31,7 @@ + * This TCK tests Objenesis implementations against a set of candidate classes (class it attempts to instantiate), + * reporting the results to a {@link Reporter}. + * +- *

Example usage

++ *

Example usage

+ * + * 
+  * TextReporter reporter = new TextReporter(System.out, System.err);
diff --git a/SPECS-EXTENDED/objenesis/objenesis.signatures.json b/SPECS-EXTENDED/objenesis/objenesis.signatures.json
index 1c8556d956..f0cbcd95c3 100644
--- a/SPECS-EXTENDED/objenesis/objenesis.signatures.json
+++ b/SPECS-EXTENDED/objenesis/objenesis.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "objenesis-3.1.tar.gz": "2ca9b191e8f16fe7715cfce2d04cc16c32d5e6d0166c615572d6355f24afc6af"
+  "objenesis-3.3.tar.gz": "73d223e32161743826d876f4b962e2dcd3439201fe0eb21b23f5fcd0eb0e0293"
  }
-}
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/objenesis/objenesis.spec b/SPECS-EXTENDED/objenesis/objenesis.spec
index 086f41fa81..7ae9f2d6dc 100644
--- a/SPECS-EXTENDED/objenesis/objenesis.spec
+++ b/SPECS-EXTENDED/objenesis/objenesis.spec
@@ -3,7 +3,7 @@ Distribution:   Azure Linux
 #
 # spec file for package objenesis
 #
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 # Copyright (c) 2000-2009, JPackage Project
 #
 # All modifications and additions to the file contributed by third parties
@@ -19,13 +19,14 @@ Distribution:   Azure Linux
 #
 
 Name:           objenesis
-Version:        3.1
-Release:        3%{?dist}
+Version:        3.3
+Release:        1%{?dist}
 Summary:        A library for instantiating Java objects
 License:        Apache-2.0
 Group:          Development/Libraries/Java
-URL:            http://objenesis.org/
-Source0:        https://github.com/easymock/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+URL:            https://objenesis.org/
+Source0:        https://github.com/easymock/%{name}/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Patch0:         objenesis-javadoc.patch
 BuildRequires:  fdupes
 BuildRequires:  java-devel >= 1.8
 BuildRequires:  javapackages-local-bootstrap
@@ -61,28 +62,23 @@ This package contains the API documentation for %{name}.
 
 %prep
 %setup -q
+%patch -P 0 -p1
 
 # Enable generation of pom.properties (rhbz#1017850)
 %pom_xpath_remove pom:addMavenDescriptor
 
-%pom_remove_plugin :maven-timestamp-plugin
-%pom_xpath_remove "pom:dependency[pom:scope='test']" tck
-
-%pom_xpath_remove pom:build/pom:extensions
-
-for i in main tck; do
-  %pom_remove_parent ${i}
-  %pom_xpath_inject "pom:project" "org.objenesis%{version}" ${i}
-done
-
 %build
 mkdir -p main/build/classes
 javac -d main/build/classes -source 8 -target 8 -encoding utf-8 \
   $(find main/src/main/java -name *.java | xargs)
-jar cf %{name}-%{version}.jar -C main/build/classes .
+jar \
+%if %{?pkg_vcmp:%pkg_vcmp java-devel >= 17}%{!?pkg_vcmp:0}
+    --date="$(date -u -d @${SOURCE_DATE_EPOCH:-$(date +%%s)} +%%Y-%%m-%%dT%%H:%%M:%%SZ)" \
+%endif
+    --create --file=%{name}-%{version}.jar -C main/build/classes .
 
 touch manifest.txt
-echo "Automatic-Module-Name: org.objenesis" >> manifest.txt  
+echo "Automatic-Module-Name: org.objenesis" >> manifest.txt
 echo "Bundle-Description: A library for instantiating Java objects" >> manifest.txt
 echo "Bundle-License: http://www.apache.org/licenses/LICENSE-2.0.txt" >> manifest.txt
 echo "Bundle-Name: Objenesis" >> manifest.txt
@@ -102,15 +98,31 @@ echo "Import-Package: sun.misc;resolution:=optional,\
 COM.newmonics.PercClassloader;resolution:=optional,\
 sun.reflect;resolution:=optional" | sed 's/.\{71\}/&\n /g' >> manifest.txt
 echo "Require-Capability: osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.6))\"" >> manifest.txt
-jar ufm %{name}-%{version}.jar manifest.txt
+jar \
+%if %{?pkg_vcmp:%pkg_vcmp java-devel >= 17}%{!?pkg_vcmp:0}
+    --date="$(date -u -d @${SOURCE_DATE_EPOCH:-$(date +%%s)} +%%Y-%%m-%%dT%%H:%%M:%%SZ)" \
+%endif
+    --update --file=%{name}-%{version}.jar --manifest=manifest.txt
 
 mkdir -p tck/build/classes
 javac -d tck/build/classes -source 8 -target 8 -encoding utf-8 \
   -cp %{name}-%{version}.jar \
   $(find tck/src/main/java -name *.java | xargs)
-jar cf %{name}-tck-%{version}.jar -C tck/build/classes .
-jar uf %{name}-tck-%{version}.jar -C tck/src/main/resources .
-jar ufe %{name}-tck-%{version}.jar org.objenesis.tck.Main
+jar \
+%if %{?pkg_vcmp:%pkg_vcmp java-devel >= 17}%{!?pkg_vcmp:0}
+    --date="$(date -u -d @${SOURCE_DATE_EPOCH:-$(date +%%s)} +%%Y-%%m-%%dT%%H:%%M:%%SZ)" \
+%endif
+    --create --file=%{name}-tck-%{version}.jar -C tck/build/classes .
+jar \
+%if %{?pkg_vcmp:%pkg_vcmp java-devel >= 17}%{!?pkg_vcmp:0}
+    --date="$(date -u -d @${SOURCE_DATE_EPOCH:-$(date +%%s)} +%%Y-%%m-%%dT%%H:%%M:%%SZ)" \
+%endif
+    --update --file=%{name}-tck-%{version}.jar -C tck/src/main/resources .
+jar \
+%if %{?pkg_vcmp:%pkg_vcmp java-devel >= 17}%{!?pkg_vcmp:0}
+    --date="$(date -u -d @${SOURCE_DATE_EPOCH:-$(date +%%s)} +%%Y-%%m-%%dT%%H:%%M:%%SZ)" \
+%endif
+    --update --file=%{name}-tck-%{version}.jar --main-class=org.objenesis.tck.Main
 
 mkdir -p build/apidoc
 javadoc -d build/apidoc -source 8 -encoding utf-8 -notimestamp \
@@ -143,20 +155,28 @@ cp -aL build/apidoc/* %{buildroot}%{_javadocdir}/%{name}
 %{_javadocdir}/%{name}
 
 %changelog
-* Fri Oct 15 2021 Pawel Winogrodzki  - 3.1-3
-- Reverting versioning change to match the upstream's schema.
-
-* Thu Oct 14 2021 Pawel Winogrodzki  - 3.1.0-2
-- Converting the 'Release' tag to the '[number].[distribution]' format.
-
-* Thu Oct 14 2021 Pawel Winogrodzki  - 3.1.0-1.6
-- Switching to always using full version.
-
-* Fri Nov 20 2020 Ruying Chen  - 3.1-1.5
-- Initial CBL-Mariner import from openSUSE Tumbleweed (license: same as "License" tag).
+* Wed May 07 2025 Aninda Pradhan  - 3.3-1
+- Initial Azure Linux import from openSUSE Tumbleweed (license: same as "License" tag).
 - Use javapackages-local-bootstrap to avoid build cycle.
-- Fix line break in sed commands.
-
+- License Verified.
+
+* Tue Sep 24 2024 Fridrich Strba 
+- Use SOURCE_DATE_EPOCH for reproducible jar mtime
+* Wed Feb 21 2024 Fridrich Strba 
+- Use %%patch -P N instead of deprecated %%patchN.
+* Tue Dec  5 2023 Andrea Manzini 
+- update to upstream version 3.3
+  * org.objenesis:objenesis-test missing in Maven Central (#85)
+  * added instructions for running Android TCK for Windows users (#84)
+  * Copyright and Owner is missing in license (#83)
+- update to upstream version 3.2
+  * Add Dependencies Manifest Entry (#81)
+  * Objenesis can't be compiled on Android SDK < 26 (#79)
+  * PercClassLoader misspelled in pom.xml (#76)
+* Sat Mar 19 2022 Fridrich Strba 
+- Added patch:
+  * objenesis-javadoc.patch
+    + fix build with javadoc 17
 * Fri Nov 29 2019 Fridrich Strba 
 - Upgrade to upstream version 3.1
 - Do not force building with java-devel < 9
diff --git a/SPECS-EXTENDED/ocaml-xml-light/ocaml-xml-light.signatures.json b/SPECS-EXTENDED/ocaml-xml-light/ocaml-xml-light.signatures.json
index cc16f70c90..7f386e758f 100644
--- a/SPECS-EXTENDED/ocaml-xml-light/ocaml-xml-light.signatures.json
+++ b/SPECS-EXTENDED/ocaml-xml-light/ocaml-xml-light.signatures.json
@@ -1,6 +1,6 @@
 {
  "Signatures": {
-  "LICENSE.PTR": "f84904cad7e8e037f1c86e5e037d567adb9439bf8f9654be2685d90b6ffc2cf1",
-  "xml-light-234.tar.gz": "223683046b0beb5d0a4e87729a72f4abd4646de7bbbb7a8b3c7b748f6a32eb99"
+  "xml-light-2.5.tar.gz": "69b225564f610492c7c414edcab456967210278a519405a62f43f70469535d7f"
  }
 }
+
diff --git a/SPECS-EXTENDED/ocaml-xml-light/ocaml-xml-light.spec b/SPECS-EXTENDED/ocaml-xml-light/ocaml-xml-light.spec
index c4828c0ca3..20e475a779 100644
--- a/SPECS-EXTENDED/ocaml-xml-light/ocaml-xml-light.spec
+++ b/SPECS-EXTENDED/ocaml-xml-light/ocaml-xml-light.spec
@@ -1,127 +1,182 @@
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
-%global opt %(test -x %{_bindir}/ocamlopt && echo 1 || echo 0)
+
+%ifnarch %{ocaml_native_compiler}
 %global debug_package %{nil}
+%endif
 
-%global svnrev 234
+%global srcname xml-light
+%global forgeurl https://github.com/ncannasse/xml-light
+Version: 2.5
+%forgemeta
 
-Name:           ocaml-xml-light
-Version:        2.3
-Release:        3%{?dist}
+Name:           ocaml-%{srcname}
+Release:        13%{?dist}
 Summary:        Minimal XML parser and printer for OCaml
 
-License:        LGPLv2.1
+License:        LGPL-2.1-or-later WITH OCaml-LGPL-linking-exception
 URL:            http://tech.motion-twin.com/xmllight.html
+Source0:        https://github.com/ncannasse/xml-light/archive/refs/tags/%{version}.tar.gz#/%{srcname}-%{version}.tar.gz
+
+BuildRequires:  ocaml >= 4.03
+BuildRequires:  ocaml-dune >= 2.7
 
-# Upstream does not have releases (or rather, it did up to version 2.2
-# and then they stopped).  Use the SVN repository here:
-# https://code.google.com/p/ocamllibs/source/checkout
-#
-# To prepare a source release:
-# (1) Adjust 'svnrev' above to the latest release.
-# (2) Check out the sources:
-#       svn checkout http://ocamllibs.googlecode.com/svn/trunk/ ocamllibs
-# (3) Create a tarball:
-#       cd ocamllibs/xml-light/
-#       tar -zcf /tmp/xml-light-NNN.tar.gz --xform='s,^\.,xml-light-NNN,' .
-#         (where NNN is the svnrev above)
-Source0:        %{_distro_sources_url}/xml-light-%{svnrev}.tar.gz
-Source1:        LICENSE.PTR
-
-BuildRequires:  ocaml >= 4.00.1
-BuildRequires:  ocaml-findlib-devel >= 1.3.3-3
-BuildRequires:  ocaml-ocamldoc
-BuildRequires:  gawk
 
 %description
 Xml-Light is a minimal XML parser & printer for OCaml. It provides
 functions to parse an XML document into an OCaml data structure, work
-with it, and print it back to an XML document. It support also DTD
-parsing and checking, and is entirely written in OCaml, hence it does
-not require additional C library.
+with it, and print it back to an XML document. It also supports DTD
+parsing and checking, and is entirely written in OCaml; hence it does
+not require a C library.
+
 
 %package        devel
 Summary:        Development files for %{name}
-Requires:       %{name} = %{version}-%{release}
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+
 
 %description    devel
 The %{name}-devel package contains libraries and signature files for
 developing applications that use %{name}.
 
+
 %prep
-%setup -n xml-light-%{svnrev}
-cp %{SOURCE1} .
+%forgesetup
+
 
 %build
-# Build breaks if parallelized.
-unset MAKEFLAGS
-make all
-make doc
-%if %opt
-make opt
-%endif
-sed -e 's/@VERSION@/%{VERSION}/' < META.in > META
+%dune_build
+
 
 %check
-./test.exe <<123/>
+%dune_check
 
-EOF
 
-%if %opt
-./test_opt.exe <<123/>
+%install
+%dune_install -s
 
-EOF
-%endif
 
-%install
-export DESTDIR=$RPM_BUILD_ROOT
-export OCAMLFIND_DESTDIR=$RPM_BUILD_ROOT%{_libdir}/ocaml
-mkdir -p $OCAMLFIND_DESTDIR $OCAMLFIND_DESTDIR/stublibs
-rm -f test.cmi
-ocamlfind install xml-light META *.mli *.cmi *.cma \
-%if %{opt}
-*.a *.cmxa *.cmx
-%endif
+%files -f .ofiles-xml-light
+%license LICENSE
+
+
+%files devel -f .ofiles-xml-light-devel
+%doc README.md
+%license LICENSE
 
-%files
-%doc README
-%{_libdir}/ocaml/xml-light
-%license LICENSE.PTR README
-%if %opt
-%exclude %{_libdir}/ocaml/xml-light/*.a
-%exclude %{_libdir}/ocaml/xml-light/*.cmxa
-%exclude %{_libdir}/ocaml/xml-light/*.cmx
-%endif
-%exclude %{_libdir}/ocaml/xml-light/*.mli
-
-%files devel
-%doc README doc/*
-%license LICENSE.PTR README
-%if %opt
-%{_libdir}/ocaml/xml-light/*.a
-%{_libdir}/ocaml/xml-light/*.cmxa
-%{_libdir}/ocaml/xml-light/*.cmx
-%endif
-%{_libdir}/ocaml/xml-light/*.mli
 
 %changelog
-* Thu Feb 22 2024 Pawel Winogrodzki  - 2.3-3
-- Updating naming for 3.0 version of Azure Linux.
+* Mon Mar 17 2025 Durga Jagadeesh Palli  - 2.5-13
+- Initial Azure Linux import from Fedora 41 (license: MIT)
+- License verified
+
+* Thu Jul 18 2024 Fedora Release Engineering  - 2.5-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Wed Jun 19 2024 Richard W.M. Jones  - 2.5-11
+- OCaml 5.2.0 ppc64le fix
+
+* Wed May 29 2024 Richard W.M. Jones  - 2.5-10
+- OCaml 5.2.0 for Fedora 41
+
+* Thu Jan 25 2024 Fedora Release Engineering  - 2.5-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering  - 2.5-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Dec 18 2023 Richard W.M. Jones  - 2.5-7
+- OCaml 5.1.1 + s390x code gen fix for Fedora 40
+
+* Tue Dec 12 2023 Richard W.M. Jones  - 2.5-6
+- OCaml 5.1.1 rebuild for Fedora 40
+
+* Thu Oct 05 2023 Richard W.M. Jones  - 2.5-5
+- OCaml 5.1 rebuild for Fedora 40
+
+* Thu Jul 20 2023 Fedora Release Engineering  - 2.5-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Tue Jul 11 2023 Richard W.M. Jones  - 2.5-3
+- OCaml 5.0 rebuild for Fedora 39
+
+* Mon Jul 10 2023 Jerry James  - 2.5-2
+- OCaml 5.0.0 rebuild
+- Convert License tag to SPDX
+- Trim BuildRequires
+
+* Wed Feb 22 2023 Richard W.M. Jones  - 2.5-1
+- New upstream version 2.5
+- Use forge macros.
+- Use dune for building.
+- Rename README.
+- Include LICENSE file.
+
+* Tue Jan 24 2023 Richard W.M. Jones  - 2.4-8
+- Bump release and rebuild.
+
+* Tue Jan 24 2023 Richard W.M. Jones  - 2.4-7
+- Rebuild OCaml packages for F38
+
+* Thu Jan 19 2023 Fedora Release Engineering  - 2.4-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Fri Jul 22 2022 Fedora Release Engineering  - 2.4-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Sat Jun 18 2022 Richard W.M. Jones  - 2.4-4
+- OCaml 4.14.0 rebuild
+
+* Fri Feb 04 2022 Richard W.M. Jones  - 2.4-3
+- OCaml 4.13.1 rebuild to remove package notes
+
+* Thu Jan 20 2022 Fedora Release Engineering  - 2.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Mon Dec 27 2021 Jerry James  - 2.4-1
+- Version 2.4
+- New upstream URL
+- Clarify that license includes the OCaml exception
+- Add patch to fix parsing of hex entities
+
+* Mon Oct 04 2021 Richard W.M. Jones  - 2.3-0.56.svn234
+- Bump release and rebuild.
+
+* Mon Oct 04 2021 Richard W.M. Jones  - 2.3-0.55.svn234
+- OCaml 4.13.1 build
+
+* Thu Jul 22 2021 Fedora Release Engineering  - 2.3-0.54.svn234
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Mon Mar  1 13:12:07 GMT 2021 Richard W.M. Jones  - 2.3-0.53.svn234
+- OCaml 4.12.0 build
+
+* Tue Jan 26 2021 Fedora Release Engineering  - 2.3-0.52.svn234
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Sep 01 2020 Richard W.M. Jones  - 2.3-0.51.svn234
+- OCaml 4.11.1 rebuild
+
+* Fri Aug 21 2020 Richard W.M. Jones  - 2.3-0.50.svn234
+- Bump release and rebuild.
+
+* Fri Aug 21 2020 Richard W.M. Jones  - 2.3-0.49.svn234
+- OCaml 4.11.0 rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering  - 2.3-0.48.svn234
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon May 04 2020 Richard W.M. Jones  - 2.3-0.47.svn234
+- OCaml 4.11.0+dev2-2020-04-22 rebuild
 
-* Tue Apr 26 2022 Mandeep Plaha  - 2.3-2
-- Updated source URL.
-- Improved formatting.
-- Added LICENSE.PTR to clarify the package's license.
-- License verified.
+* Tue Apr 21 2020 Richard W.M. Jones  - 2.3-0.46.svn234
+- OCaml 4.11.0 pre-release attempt 2
 
-* Thu Oct 14 2021 Pawel Winogrodzki  - 2.3-1
-- Switching to using full number for the 'Release' tag.
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Fri Apr 17 2020 Richard W.M. Jones  - 2.3-0.45.svn234
+- OCaml 4.11.0 pre-release
 
-* Thu Feb 27 2020 Richard W.M. Jones  - 2.3-0.43.svn234.1
-- OCaml 4.10.0 final (Fedora 32).
+* Thu Apr 02 2020 Richard W.M. Jones  - 2.3-0.44.svn234
+- Update all OCaml dependencies for RPM 4.16.
 
 * Wed Feb 26 2020 Richard W.M. Jones  - 2.3-0.43.svn234
 - OCaml 4.10.0 final.
diff --git a/SPECS-EXTENDED/os-prober/os-prober-arm64-win11.patch b/SPECS-EXTENDED/os-prober/os-prober-arm64-win11.patch
new file mode 100644
index 0000000000..07e5230f3c
--- /dev/null
+++ b/SPECS-EXTENDED/os-prober/os-prober-arm64-win11.patch
@@ -0,0 +1,15 @@
+diff --git a/os-probes/mounted/arm64/20microsoft b/os-probes/mounted/arm64/20microsoft
+index 066918a..b69c2ba 100755
+--- a/os-probes/mounted/arm64/20microsoft
++++ b/os-probes/mounted/arm64/20microsoft
+@@ -31,7 +31,9 @@ if item_in_dir -q bootmgr "$2"; then
+ 	for boot in $(item_in_dir boot "$2"); do
+ 		bcd=$(item_in_dir bcd "$2/$boot")
+ 		if [ -n "$bcd" ]; then
+-			if   grep -aqs "W.i.n.d.o.w.s. .1.0" "$2/$boot/$bcd"; then
++			if   grep -aqs "W.i.n.d.o.w.s. .1.1" "$2/$boot/$bcd"; then
++				long="Windows 11"
++			elif grep -aqs "W.i.n.d.o.w.s. .1.0" "$2/$boot/$bcd"; then
+ 				long="Windows 10"
+ 			elif grep -aqs "W.i.n.d.o.w.s. .8" "$2/$boot/$bcd"; then
+ 				long="Windows 8"
diff --git a/SPECS-EXTENDED/os-prober/os-prober-efi-shell.patch b/SPECS-EXTENDED/os-prober/os-prober-efi-shell.patch
new file mode 100644
index 0000000000..ee186d863e
--- /dev/null
+++ b/SPECS-EXTENDED/os-prober/os-prober-efi-shell.patch
@@ -0,0 +1,30 @@
+diff --git a/os-probes/mounted/common/efi/05shell b/os-probes/mounted/common/efi/05shell
+new file mode 100644
+index 0000000..d4233c0
+--- /dev/null
++++ b/os-probes/mounted/common/efi/05shell
+@@ -0,0 +1,24 @@
++#!/usr/bin/sh
++# Detects a shell.efi bootloader on a EFI System Partition
++
++. /usr/share/os-prober/common.sh
++
++found=
++
++efi_shell=`find $1 -iname "shell.efi"`
++if [ -n "${efi_shell}" ]; then
++	bdir="${efi_shell%/*}"
++	bdir="${efi_shell##*/}"
++	filename=`basename ${efi_shell}`
++	long="EFI firmware management shell"
++	short="EFI_SHELL"
++	path=${bdir}/${filename}
++	found=true
++fi
++
++if [ -n "$found" ]; then
++	label="$(count_next_label "$short")"
++	result "${path}:${long}:${label}"
++fi
++
++exit 0
diff --git a/SPECS-EXTENDED/os-prober/os-prober-gentoo-fix.patch b/SPECS-EXTENDED/os-prober/os-prober-gentoo-fix.patch
deleted file mode 100644
index 8545db25de..0000000000
--- a/SPECS-EXTENDED/os-prober/os-prober-gentoo-fix.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Index: os-prober/linux-boot-probes/mounted/common/90fallback
-===================================================================
---- os-prober.orig/linux-boot-probes/mounted/common/90fallback
-+++ os-prober/linux-boot-probes/mounted/common/90fallback
-@@ -33,7 +33,7 @@ for kernpat in /vmlinuz /vmlinux /boot/v
- 			# Dracut initramfses are named differently again.
- 			initrdname3=$(echo "$kernfile" | sed "s/vmlinu[zx]/initramfs\*/" | sed 's/$/.img/')
- 			# And Gentoo's also
--			initrdname4=$(echo "$kernfile" | sed "s/kernel/initramfs\*/")
-+			initrdname4=$(echo "$kernfile" | sed "s/kernel\|vmlinu[zx]/initramfs\*/")
- 			foundinitrd=0
- 			for initrd in $(eval ls "$initrdname" "$initrdname1" "$initrdname2" "$initrdname3" "$initrdname4" 2>/dev/null); do
- 				if [ "$initrd" != "$kernfile" ] && [ -f "$initrd" ] && [ ! -L "$initrd" ]; then
diff --git a/SPECS-EXTENDED/os-prober/os-prober-grub2-mount-workaround.patch b/SPECS-EXTENDED/os-prober/os-prober-grub2-mount-workaround.patch
index d3b4f89055..5e8a092f3d 100644
--- a/SPECS-EXTENDED/os-prober/os-prober-grub2-mount-workaround.patch
+++ b/SPECS-EXTENDED/os-prober/os-prober-grub2-mount-workaround.patch
@@ -1,5 +1,5 @@
 diff --git a/os-probes/mounted/common/90linux-distro b/os-probes/mounted/common/90linux-distro
-index 9bc5154..541079e 100755
+index b9c24dd..52db3f6 100755
 --- a/os-probes/mounted/common/90linux-distro
 +++ b/os-probes/mounted/common/90linux-distro
 @@ -19,7 +19,7 @@ subvol="$5"
@@ -11,9 +11,9 @@ index 9bc5154..541079e 100755
  	if [ -e "$dir/etc/os-release" ]; then
  		short="$(grep ^NAME= "$dir/etc/os-release" | sed 's/^[^=]*=//; s/^['\''"]\(.*\)['\''"]$/\1/; s/\\\(.\)/\1/g; s/[[:space:]].*//')"
  		long="$(grep ^PRETTY_NAME= "$dir/etc/os-release" | sed 's/^[^=]*=//; s/^['\''"]\(.*\)['\''"]$/\1/; s/\\\(.\)/\1/g')"
-@@ -140,8 +140,9 @@ if (ls "$dir"/lib*/ld*.so* && [ -d "$dir/boot" ] || ls "$dir"/usr/lib*/ld*.so*)
- 		short="Devuan"
- 		long="$(printf "Devuan GNU/Linux (%s)\n" "$(cat "$dir/etc/devuan_version")")"
+@@ -146,8 +146,9 @@ if (ls "$dir"/lib*/ld*.so* && [ -d "$dir/boot" ] || ls "$dir"/usr/lib*/ld*.so*)
+ 		short="Exherbo"
+ 		long="Exherbo Linux"
  	else
 -		short="Linux"
 -		long="unknown Linux distribution"
@@ -23,7 +23,7 @@ index 9bc5154..541079e 100755
  	fi
  	
          label="$(count_next_label "$short")"
-@@ -151,6 +152,6 @@ if (ls "$dir"/lib*/ld*.so* && [ -d "$dir/boot" ] || ls "$dir"/usr/lib*/ld*.so*)
+@@ -157,6 +158,6 @@ if (ls "$dir"/lib*/ld*.so* && [ -d "$dir/boot" ] || ls "$dir"/usr/lib*/ld*.so*)
  		result "$partition:$long:$label:linux"
  	fi
  	exit 0
diff --git a/SPECS-EXTENDED/os-prober/os-prober-grub2-parsefix.patch b/SPECS-EXTENDED/os-prober/os-prober-grub2-parsefix.patch
index 0ef8bdafac..7f85626095 100644
--- a/SPECS-EXTENDED/os-prober/os-prober-grub2-parsefix.patch
+++ b/SPECS-EXTENDED/os-prober/os-prober-grub2-parsefix.patch
@@ -1,7 +1,7 @@
-Index: os-prober-1.58/linux-boot-probes/mounted/common/40grub2
-===================================================================
---- os-prober-1.58.orig/linux-boot-probes/mounted/common/40grub2
-+++ os-prober-1.58/linux-boot-probes/mounted/common/40grub2
+diff --git a/linux-boot-probes/mounted/common/40grub2 b/linux-boot-probes/mounted/common/40grub2
+index 664505f..5895e45 100755
+--- a/linux-boot-probes/mounted/common/40grub2
++++ b/linux-boot-probes/mounted/common/40grub2
 @@ -77,7 +77,7 @@ parse_grub_menu () {
  					ignore_item=1
  				fi
@@ -17,6 +17,6 @@ Index: os-prober-1.58/linux-boot-probes/mounted/common/40grub2
  			;;
 -			initrd)
 +			initrd*)
- 				initrd="$(echo "$2" | sed 's/(.*)//')"
- 				# Initrd same.
- 				if [ "$partition" != "$bootpart" ]; then
+ 				shift
+ 				initrd=""
+ 				for initrd_path in "$@"; do
diff --git a/SPECS-EXTENDED/os-prober/os-prober-trap_unmount.patch b/SPECS-EXTENDED/os-prober/os-prober-trap_unmount.patch
new file mode 100644
index 0000000000..b6e8b52504
--- /dev/null
+++ b/SPECS-EXTENDED/os-prober/os-prober-trap_unmount.patch
@@ -0,0 +1,35 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Leo Sandoval 
+Date: Thu, 13 Jun 2024 17:05:44 -0600
+Subject: [PATCH] 50mounted-tests: trap do_unmount function on errors
+
+Although previous commit unmounts a (grub2-mounted)
+partition in case of error, script continues executing
+instead of exiting, resulting in a wrong behavior when called on
+behalf of grub2-mkconfig (grub2-mkconfig -> 30_os-prober ->
+linux-boot-prober ->50mounted-tests), including extra non-bootable menu
+entries.
+
+The propose change effectively reverts previous change and traps the
+do_unmount function on error, unmounting any previous
+partition in case of error and not letting the partition to be included
+as boot entry when called on behalf of grub2-mkconfig.
+
+Signed-off-by: Leo Sandoval 
+---
+ linux-boot-probes/common/50mounted-tests | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/linux-boot-probes/common/50mounted-tests b/linux-boot-probes/common/50mounted-tests
+index ad68874..63b2174 100755
+--- a/linux-boot-probes/common/50mounted-tests
++++ b/linux-boot-probes/common/50mounted-tests
+@@ -13,6 +13,8 @@ do_unmount() {
+ 	rmdir "$tmpmnt" || true
+ }
+ 
++trap do_unmount ERR
++
+ partition="$1"
+ 
+ types="$(fs_type "$partition")"
diff --git a/SPECS-EXTENDED/os-prober/os-prober-umount-fix.patch b/SPECS-EXTENDED/os-prober/os-prober-umount-fix.patch
index 6e7937c161..9ab0580dff 100644
--- a/SPECS-EXTENDED/os-prober/os-prober-umount-fix.patch
+++ b/SPECS-EXTENDED/os-prober/os-prober-umount-fix.patch
@@ -2,17 +2,16 @@ Index: os-prober/common.sh
 ===================================================================
 --- os-prober.orig/common.sh
 +++ os-prober/common.sh
-@@ -336,3 +336,13 @@ linux_mount_boot () {
+@@ -336,3 +336,12 @@ linux_mount_boot () {
  
  	mountboot="$bootpart $mounted"
  }
 +
-+umount_exec=$(which umount)
 +umount() {
-+	if ! $umount_exec $@ 2> /dev/null; then
++	if ! command umount $@ 2> /dev/null; then
 +		error "umount error, retrying after 1 sec"
 +		sleep 1
-+		$umount_exec $@
++		command umount $@
 +	fi
 +}
 +
diff --git a/SPECS-EXTENDED/os-prober/os-prober.signatures.json b/SPECS-EXTENDED/os-prober/os-prober.signatures.json
index a796988244..3ce9f08736 100644
--- a/SPECS-EXTENDED/os-prober/os-prober.signatures.json
+++ b/SPECS-EXTENDED/os-prober/os-prober.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "os-prober_1.77.tar.xz": "8d8ea4afbe1aeef3c8b73f74a0fb37b06185e21a6abc78f80fc2160009cf705f"
+  "os-prober_1.81.tar.xz": "2fd928ec86538227711e2adf49cfd6a1ef74f6bb3555c5dad4e0425ccd978883"
  }
 }
diff --git a/SPECS-EXTENDED/os-prober/os-prober.spec b/SPECS-EXTENDED/os-prober/os-prober.spec
index 837bf1657a..31c4119c47 100644
--- a/SPECS-EXTENDED/os-prober/os-prober.spec
+++ b/SPECS-EXTENDED/os-prober/os-prober.spec
@@ -1,14 +1,15 @@
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
 Name:           os-prober
-Version:        1.77
-Release:        7%{?dist}
+Version:        1.81
+Release:        9%{?dist}
 Summary:        Probes disks on the system for installed operating systems
 
 # For more information about licensing, see copyright file.
-License:        GPLv2+ and GPL+
-URL:            http://kitenet.net/~joey/code/os-prober/
-Source0:        http://ftp.us.debian.org/debian/pool/main/o/os-prober/%{name}_%{version}.tar.xz
+License:        GPL-2.0-or-later AND GPL-1.0-or-later
+Vendor:         Microsoft Corporation                                    
+Distribution:   Azure Linux
+URL:            https://kitenet.net/~joey/code/os-prober/
+Source0:        https://deb.debian.org/debian/pool/main/o/os-prober/%{name}_%{version}.tar.xz
+
 Patch0:         os-prober-no-dummy-mach-kernel.patch
 # Sent upstream
 Patch1:         os-prober-mdraidfix.patch
@@ -21,13 +22,16 @@ Patch6:         os-prober-factored-logger-efi-fix.patch
 Patch7:         os-prober-umount-fix.patch
 Patch8:         os-prober-grub2-parsefix.patch
 Patch9:         os-prober-grepfix.patch
-Patch10:        os-prober-gentoo-fix.patch
-Patch11:        os-prober-grub2-mount-workaround.patch
+Patch10:        os-prober-grub2-mount-workaround.patch
+Patch11:        os-prober-arm64-win11.patch
+Patch12:        os-prober-efi-shell.patch
+Patch13:        os-prober-trap_unmount.patch
 
 Requires:       udev coreutils util-linux
 Requires:       grep /bin/sed /sbin/modprobe
 Requires:       grub2-tools-minimal
 
+BuildRequires: make
 BuildRequires:  gcc git
 
 %description
@@ -46,7 +50,7 @@ sed -i -e 's|grub-mount|grub2-mount|g' os-probes/common/50mounted-tests \
 
 %build
 %set_build_flags
-%make_build LDFLAGS="$LDFLAGS -fPIC"
+%make_build LDFLAGS="$LDFLAGS -fPIC" CFLAGS="$CFLAGS" CPPFLAGS="$CPPFLAGS"
 
 %install
 install -m 0755 -d %{buildroot}%{_bindir}
@@ -91,8 +95,54 @@ fi
 %{_var}/lib/%{name}
 
 %changelog
-* Fri Oct 15 2021 Pawel Winogrodzki  - 1.77-7
-- Initial CBL-Mariner import from Fedora 33 (license: MIT).
+* Tue Dec 17 2024 Jyoti kanase  - 1.81-9
+- Initial Azure Linux import from Fedora 41 (license: MIT).
+- License verified.
+
+* Thu Jul 18 2024 Fedora Release Engineering  - 1.81-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Thu Jun 20 2024 Leo Sandoval  - 1.81-7
+- 50mounted-tests: trap do_unmount function on errors
+- Related: RHEL-36343
+
+* Thu Jan 25 2024 Fedora Release Engineering  - 1.81-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering  - 1.81-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Dec 21 2023 Nicolas Frayer 
+- Migrate to SPDX license
+- Please refer to https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_2
+
+* Thu Jul 20 2023 Fedora Release Engineering  - 1.81-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Jan 19 2023 Fedora Release Engineering  - 1.81-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Tue Jan 10 2023 Robbie Harwood  - 1.81-2
+- Fix inheritance of environment build flags
+
+* Sat Aug 06 2022 Hedayat Vatankhah  - 1.81-1
+- Update to latest upstream version with better support for latest OSes,
+  closes rhbz#2090942
+- Remove 'which' dependency, closes rhbz#2111531
+- Add support for detecting EFI shell binary (shell.efi), closes rhbz#2101953
+- Add support for Win 11 on ARM 64 systems
+
+* Fri Jul 22 2022 Fedora Release Engineering  - 1.77-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Jan 20 2022 Fedora Release Engineering  - 1.77-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Jul 22 2021 Fedora Release Engineering  - 1.77-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Jan 26 2021 Fedora Release Engineering  - 1.77-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 
 * Sat Oct 10 2020 Hedayat Vatankhah  - 1.77-6
 - Workaround for grub2-mount slow wildcard file matching, fixes #1770599
diff --git a/SPECS-EXTENDED/osinfo-db-tools/osinfo-db-tools.signatures.json b/SPECS-EXTENDED/osinfo-db-tools/osinfo-db-tools.signatures.json
index 1c2505d417..79f95bd71b 100644
--- a/SPECS-EXTENDED/osinfo-db-tools/osinfo-db-tools.signatures.json
+++ b/SPECS-EXTENDED/osinfo-db-tools/osinfo-db-tools.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "osinfo-db-tools-1.10.0.tar.xz": "802cdd53b416706ea5844f046ddcfb658c1b4906b9f940c79ac7abc50981ca68"
+  "osinfo-db-tools-1.12.0.tar.xz": "f3315f675d18770f25dea8ed04b20b8fc80efb00f60c37ee5e815f9c3776e7f3"
  }
 }
diff --git a/SPECS-EXTENDED/osinfo-db-tools/osinfo-db-tools.spec b/SPECS-EXTENDED/osinfo-db-tools/osinfo-db-tools.spec
index e70f803d75..b26be14095 100644
--- a/SPECS-EXTENDED/osinfo-db-tools/osinfo-db-tools.spec
+++ b/SPECS-EXTENDED/osinfo-db-tools/osinfo-db-tools.spec
@@ -1,30 +1,34 @@
-Summary:        Tools for managing the osinfo database
-Name:           osinfo-db-tools
-Version:        1.10.0
-Release:        2%{?dist}
-License:        GPL-2.0-or-later
+Summary:       Tools for managing the osinfo database
+Name:          osinfo-db-tools
+Version:       1.12.0
+Release:       1%{?dist}
+License:       GPL-2.0-or-later
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
-URL:            https://libosinfo.org/
-Source:         https://releases.pagure.org/libosinfo/%{name}-1.10.0.tar.xz
-BuildRequires:  %{_bindir}/pod2man
-BuildRequires:  gcc
-BuildRequires:  gettext-devel
-BuildRequires:  git
-BuildRequires:  glib2-devel
-BuildRequires:  json-glib-devel
-BuildRequires:  libarchive-devel
-BuildRequires:  libsoup-devel
-BuildRequires:  libxml2-devel >= 2.6.0
-BuildRequires:  libxslt-devel >= 1.0.0
-BuildRequires:  meson
-BuildRequires:  python3
-BuildRequires:  python3-pytest
-BuildRequires:  python3-requests
+URL:		https://libosinfo.org
+Source: 	https://releases.pagure.org/libosinfo/%{name}-%{version}.tar.xz
+
+BuildRequires: meson
+BuildRequires: gcc
+BuildRequires: gettext-devel
+BuildRequires: git
+BuildRequires: glib2-devel
+BuildRequires: libxml2-devel >= 2.6.0
+BuildRequires: libxslt-devel >= 1.0.0
+BuildRequires: libsoup-devel
+BuildRequires: libarchive-devel
+BuildRequires: json-glib-devel
+BuildRequires: perl-podlators
+
+#Required for testing purposes
+BuildRequires: python3
+BuildRequires: python3-pytest
+BuildRequires: python3-requests
 
 %description
 This package provides tools for managing the osinfo database of
-information about operating systems for use with virtualization
+information about operating systems for use with virtualization.
+
 
 %prep
 %autosetup -S git
@@ -54,6 +58,10 @@ information about operating systems for use with virtualization
 %{_mandir}/man1/osinfo-db-validate.1*
 
 %changelog
+* Tue Dec 17 2024 Jyoti kanase  -  1.12.0-1
+- Upgrade version to 1.12.0
+- License verified.
+
 * Wed Dec 28 2022 Muhammad Falak  - 1.10.0-2
 - Initial CBL-Mariner import from Fedora 36 (license: MIT).
 - License verified
diff --git a/SPECS-EXTENDED/osinfo-db/osinfo-db-20221130.tar.xz.asc b/SPECS-EXTENDED/osinfo-db/osinfo-db-20221130.tar.xz.asc
deleted file mode 100644
index dc123d30d4..0000000000
--- a/SPECS-EXTENDED/osinfo-db/osinfo-db-20221130.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEIG07NS9WbzsOZXLpl9kSPeN6SE8FAmOHMNQACgkQl9kSPeN6
-SE9V/A/5AZ8TsHOX68X2BAwt6O6LieWQmzBn6PVqeGSdvaahfzyBjRZ4zPCLtkzB
-Js9JARw3twe8gckRotCFJLVb6gC4cJRC0tXYroLJBXDLz4ySThXaEBRIN9voL1Z2
-IzC5NN/pry8+iV912e5pShPzjuhHI95nu/DSottsgQNHIW2t0UNkZbLhSbvzz+XD
-BiPo/ivdYO4wN4yoNCDs+uQD+icoZULBB7Re8l4wRyoSh0p9eYo8h+iaL340e/dv
-0DKIsHTSvCmC7a6LgovYK9GlTk4H5CnzmfXyEYtO5HhTguST7jRh/ah6Vngpyrs1
-4sZHYGfnePSit6/IJB8mdBtZ8F8I8I6/mihYnEeCSCdFZAFGl0k7hjjzULuB/lU7
-GjFYjwpEMeT5bICDnVxYVEX8Lvd6f1hs2ByIqTh4o418BVDtDgy2by3SzmVMaBST
-xqIodAbrMH24EX2tQrwNS38UX/CwrWcIwYqpLzIa7iKpm9lqzXMBpICDOCdsOpqe
-xVhxH/ORNSYSIqVuP4FQu9uO//EouIaaBXcSGZGqe2zQXHEBRtvM+Mq0mkAMsQ+q
-LmiUXP39Cp46QMYg6fl1XNZjdAc70co/NENVViEv/cOwVV3P6kfVJzFfPbnkvNjK
-hES62WQ+p2ZldWhAdotjys8KN23KvDE06aPnXUyqduXyg71fusg=
-=DW/D
------END PGP SIGNATURE-----
diff --git a/SPECS-EXTENDED/osinfo-db/osinfo-db-20240701.tar.xz.asc b/SPECS-EXTENDED/osinfo-db/osinfo-db-20240701.tar.xz.asc
new file mode 100644
index 0000000000..79bcf5c1ff
--- /dev/null
+++ b/SPECS-EXTENDED/osinfo-db/osinfo-db-20240701.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEIG07NS9WbzsOZXLpl9kSPeN6SE8FAmaCy9kACgkQl9kSPeN6
+SE9RBQ//fvv3bA8iSnzOivi63lf+xsJlR2E+aMYxQrcXbtUHHLRvViVB4BUoqID9
+rD/+I0uhf9KCG50TQlsfUsRJ9SiCZJ4UQODBzigsaZStuMvC/9nBGfajDA+sH66A
+03P0ERO7wiWXorYISCu18TrJ85mdat/04C8317PMYLuaQUkmEaBAEnGeMBqVAKxK
+172OhizLB6NSZA4ATOx2qIk2IvH7v0dA8ugfEd5Ou3BWyIWJfPD0nmVJUgjmX0mO
+LbUAxeWilH7ROls/EPoJjED8Ne6xfw4u+vFKZo1Jp45h1F2obCtsre1xmXr5uiNV
+eh5pQnc45xFI/KLpZLMwcrGT5f8EJzvErtod1ypeRcSGFFD4dsWS0+KH9FLZv7ei
+iXAQTqs9OmP98V6LRI6PXiiURApzA4YF8cBLeSNk6Uzyft2vt1+C2UOXE6K+zu8n
+dwszQI+pu/AVBjir5Cp9YtNP0OS5J3+hYJ7Oz8UJkmt9WNU1VTIXTemzHDB4Nuxa
+srZ+M6RVRtDYMHMM9nM/cYDSMUgrUDKcxAwMdWAMMT2wk1lkPU/45pi3KiiziGrj
+nrnPDVXkY1vBaKXBaYGt0XHN0DYofcDauIvdlk1VG5XL3Lsek5WgWj64ltXnAyJM
+ls9t5GKESjrH13+qDdE4c2yNmWuz4uzRWzH8QuKOpr/79YZCMW4=
+=oWKM
+-----END PGP SIGNATURE-----
diff --git a/SPECS-EXTENDED/osinfo-db/osinfo-db.signatures.json b/SPECS-EXTENDED/osinfo-db/osinfo-db.signatures.json
index 8476319b9a..b1c716dbdb 100644
--- a/SPECS-EXTENDED/osinfo-db/osinfo-db.signatures.json
+++ b/SPECS-EXTENDED/osinfo-db/osinfo-db.signatures.json
@@ -1,5 +1,6 @@
 {
  "Signatures": {
-  "osinfo-db-20221130.tar.xz": "a2954cad7a1bef2679949987c63888f1e081b09e11fb725054372f037ec7717f"
+  "osinfo-db-20240701.tar.xz": "1d7381a72f0c45f473befa4a92fa010a37fc4f7b2bb5d1f68e06da440ef6905d",
+  "osinfo-db-20240701.tar.xz.asc": "1c5380d65a53bf183d8d5e72a82003139ccaf1d395f95198455578bf2778e957"
  }
-}
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/osinfo-db/osinfo-db.spec b/SPECS-EXTENDED/osinfo-db/osinfo-db.spec
index 50e250c23c..a8b6f530f9 100644
--- a/SPECS-EXTENDED/osinfo-db/osinfo-db.spec
+++ b/SPECS-EXTENDED/osinfo-db/osinfo-db.spec
@@ -1,24 +1,29 @@
-Summary:        osinfo database files
-Name:           osinfo-db
-Version:        20221130
-Release:        2%{?dist}
-License:        LGPL-2.1-or-later
+Summary: 	osinfo database files
+Name: 		osinfo-db
+Version: 	20240701
+Release: 	3%{?dist}
+License: 	GPL-2.0-or-later
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
-URL:            https://libosinfo.org/
-Source0:        https://releases.pagure.org/libosinfo/%{name}-%{version}.tar.xz
-BuildRequires:  intltool
-BuildRequires:  osinfo-db-tools
-Requires:       hwdata
-BuildArch:      noarch
+Source0: 	https://releases.pagure.org/libosinfo/%{name}-%{version}.tar.xz
+Source1: 	https://releases.pagure.org/libosinfo/%{name}-%{version}.tar.xz.asc
+URL: 		https://libosinfo.org/
+BuildRequires: 	intltool
+BuildRequires: 	osinfo-db-tools
+BuildArch: 	noarch
+Requires: 	hwdata
+
 
 %description
 The osinfo database provides information about operating systems and
 hypervisor platforms to facilitate the automated configuration and
 provisioning of new virtual machines
 
+
 %install
 osinfo-db-import --root %{buildroot} --dir %{_datadir}/osinfo %{SOURCE0}
+# Remove the upstream virtio-win / spice-guest-tools drivers
+find %{buildroot}/%{_datadir}/osinfo/os/microsoft.com/ -name "win-*.d" -type d -exec rm -rf {} +
 
 %files
 %dir %{_datadir}/osinfo/
@@ -32,9 +37,48 @@ osinfo-db-import --root %{buildroot} --dir %{_datadir}/osinfo %{SOURCE0}
 %{_datadir}/osinfo/schema
 
 %changelog
-* Wed Dec 28 2022 Muhammad Falak  - 20221130-2
-- Initial CBL-Mariner import from Fedora 36 (license: MIT).
-- License verified
+* Tue Dec 17 2024 Jyoti kanase  - 20240701-3
+- Initial Azure Linux import from Fedora 41 (license: MIT).
+- License verified.
+
+* Thu Jul 18 2024 Fedora Release Engineering  - 20240701-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Mon Jul 01 2024 Victor Toso  - 20240701-1
+- Update to v20240701
+
+* Thu May 23 2024 Victor Toso  - 20240523-1
+- Update to v20240523
+
+* Fri May 10 2024 Victor Toso  - 20240510-1
+- Update to v20240510
+
+* Thu Jan 25 2024 Fedora Release Engineering  - 20231215-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering  - 20231215-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Dec 15 2023 Victor Toso  - 20231215-1
+- Update to v20231215
+
+* Fri Oct 27 2023 Victor Toso  - 20231027-1
+- Update to release v20231027
+
+* Thu Jul 20 2023 Fedora Release Engineering  - 20230719-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Wed Jul 19 2023 Victor Toso  - 20230719-1
+- Update to v20230719
+
+* Thu May 18 2023 Victor Toso  - 20230518-1
+- Update to release v20230518
+
+* Wed Mar 08 2023 Victor Toso  - 20230308-1
+- Update to new release (v20230308)
+
+* Thu Jan 19 2023 Fedora Release Engineering  - 20221130-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 
 * Wed Nov 30 2022 Victor Toso  - 20221130-1
 - Update to new release (v20221130)
@@ -45,13 +89,19 @@ osinfo-db-import --root %{buildroot} --dir %{_datadir}/osinfo %{SOURCE0}
 * Tue Aug 30 2022 Victor Toso  - 20220830-1
 - Update to new release (v20220830)
 
-* Fri Aug 26 2022 Victor Toso  - 20220727-2
+* Fri Aug 26 2022 Victor Toso  - 20220727-3
 - Switch images/pxeboot in Fedora
   https://bugzilla.redhat.com/show_bug.cgi?id=2103835
 
+* Tue Aug 23 2022 Daniel P. Berrangé  - 20220727-2
+- Pull in mingw sub-packages
+
 * Wed Jul 27 2022 Victor Toso  - 20220727-1
 - Update to new release (v20220727)
 
+* Fri Jul 22 2022 Fedora Release Engineering  - 20220516-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
 * Mon May 16 2022 Victor Toso  - 20220516-1
 - Update to new release (v20220516)
 
@@ -101,177 +151,4 @@ osinfo-db-import --root %{buildroot} --dir %{_datadir}/osinfo %{SOURCE0}
 * Tue Jan 26 2021 Fedora Release Engineering  - 20201218-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 
-* Fri Dec 18 2020 Fabiano Fidêncio  - 20201218-1
-- Update to new release (v20201218)
-
-* Thu Nov 19 2020 Fabiano Fidêncio  - 20201119-1
-- Update to new release (v20201119)
-
-* Thu Oct 15 2020 Fabiano Fidêncio  - 20201015-1
-- Update to new release (v20201015)
-
-* Sun Oct 11 2020 Fabiano Fidêncio  - 20201011-1
-- Update to new release (v20201011)
-
-* Thu Aug 13 2020 Fabiano Fidêncio  - 20200813-1
-- Update to new release (v20200813)
-
-* Tue Aug 04 2020 Fabiano Fidêncio  - 20200804-1
-- Update to new release (V20200804)
-
-* Tue Jul 28 2020 Fedora Release Engineering  - 20200529-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Sat May 30 2020 Fabiano Fidêncio  - 20200529-1
-- Update to new release (v20200529)
-
-* Fri May 15 2020 Fabiano Fidêncio  - 20200515-1
-- Update to new release (v20200515)
-
-* Wed Mar 25 2020 Fabiano Fidêncio  - 20200325-1
-- Update to new release (v20200325)
-
-* Mon Feb 03 2020 Fabiano Fidêncio  - 20200203-1
-- Update to new release (v20200203)
-
-* Wed Jan 29 2020 Fedora Release Engineering  - 20191125-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Mon Nov 25 2019 Fabiano Fidêncio  - 20191125-1
-- Update to new release (v20191125)
-
-* Fri Nov 08 2019 Fabiano Fidêncio  - 20191108-1
-- Update to new release (v20191108)
-
-* Fri Sep 20 2019 Fabiano Fidêncio  - 20190920-1
-- Update to new release (v20190920)
-
-* Thu Sep 05 2019 Fabiano Fidêncio  - 20190905-1
-- Update to new release
-- Resolves: rhbz#1746028 - libosinfo missing rhel7.7 in database
-
-* Mon Aug 05 2019 Fabiano Fidêncio  - 20190805-1
-- Update to new release
-
-* Fri Jul 26 2019 Fabiano Fidêncio  - 20190627-1
-- Update to new release
-
-* Thu Jul 25 2019 Fedora Release Engineering  - 20190611-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Tue Jun 11 2019 Fabiano Fidêncio  - 20190611-1
-- Update to new release
-
-* Sat May 04 2019 Fabiano Fidêncio  - 20190504-1
-- Update to new release
-
-* Tue Mar 19 2019 Fabiano Fidêncio  - 20190319-1
-- Update to new release
-
-* Mon Mar 04 2019 Fabiano Fidêncio  - 20190304-1
-- Update to new release
-
-* Fri Mar 01 2019 Fabiano Fidêncio  - 20190301-1
-- Update to new release
-
-* Mon Feb 18 2019 Fabiano Fidêncio  - 20190218-1
-- Update to new release
-
-* Fri Feb 01 2019 Fedora Release Engineering  - 20190120-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Sun Jan 20 2019 Fabiano Fidêncio  - 20190120-1
-- Update to new release
-
-* Fri Dec 14 2018 Fabiano Fidêncio  - 20181214-1
-- Update to new release
-
-* Mon Dec 03 2018 Fabiano Fidêncio  - 20181203-1
-- Update to new release
-
-* Mon Nov 19 2018 Fabiano Fidêncio  - 20181116-1
-- Update to new release
-
-* Thu Nov 01 2018 Fabiano Fidêncio  - 20181101-1
-- Update to new release
-
-* Thu Oct 11 2018 Fabiano Fidêncio  - 20181011-1
-- Update to new release
-
-* Thu Sep 20 2018 Fabiano Fidêncio  - 20180920-1
-- Update to new release
-
-* Mon Sep 03 2018 Fabiano Fidêncio  - 20180903-1
-- Update to new release
-
-* Fri Jul 20 2018 Fabiano Fidêncio  - 20180720-1
-- Update to new release
-
-* Fri Jul 13 2018 Fedora Release Engineering  - 20180612-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Tue Jun 12 2018 Fabiano Fidêncio  - 20180612-1
-- Update to new release
-
-* Thu May 31 2018 Fabiano Fidêncio  - 20180531-1
-- Update to new release
-
-* Mon May 14 2018 Fabiano Fidêncio  - 20180514-1
-- Update to new release
-
-* Wed May 02 2018 Fabiano Fidêncio  - 20180502-1
-- Update to new release
-
-* Mon Apr 16 2018 Fabiano Fidêncio  - 20180416-1
-- Update to new release
-
-* Sun Mar 25 2018 Fabiano Fidêncio  - 20180325-1
-- Update to new release
-
-* Sun Mar 18 2018 Fabiano Fidêncio  - 20180318-1
-- Update to new release
-
-* Sun Mar 11 2018 Fabiano Fidêncio  - 20180311-1
-- Update to new release
-
-* Thu Feb 08 2018 Fedora Release Engineering  - 20170813-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Sun Aug 13 2017 Fabiano Fidêncio  - 20170813-1
-- Update to new release
-
-* Thu Jul 27 2017 Fedora Release Engineering  - 20170423-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Sun Apr 23 2017 Fabiano Fidêncio  - 20170423-1
-- Update to new release
-
-* Sun Mar 26 2017 Fabiano Fidêncio  - 20170326-1
-- Update to new release
-
-* Sat Feb 25 2017 Fabiano Fidêncio  - 20170225-1
-- Update to new release
-
-* Sat Feb 11 2017 Fabiano Fidêncio  - 20170211-1
-- Update to new release
-
-* Sat Feb 11 2017 Fedora Release Engineering  - 20170121-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Sat Jan 21 2017 Fabiano Fidêncio  - 20170121-2
-- 20170121-1 used an incorrect tarball
-
-* Sat Jan 21 2017 Fabiano Fidêncio  - 20170121-1
-- Update to new release
-
-* Sat Jan 14 2017 Fabiano Fidêncio  - 20170114-1
-- Update to new release
-
-* Sat Jan 07 2017 Fabiano Fidêncio  - 20170107-1
-- Update to new release
-
-* Wed Oct 26 2016 Daniel P. Berrange  - 20161026-1
-- Update to new release
-
-* Fri Jul 29 2016 Daniel P. Berrange  - 20160728-1
-- Initial package after split from libosinfo (rhbz #1361596)
+## END: Generated by rpmautospec
diff --git a/SPECS-EXTENDED/perl-Alien-pkgconf/Alien-pkgconf-0.19-Accept-pkgconf-1.9.patch b/SPECS-EXTENDED/perl-Alien-pkgconf/Alien-pkgconf-0.19-Accept-pkgconf-1.9.patch
new file mode 100644
index 0000000000..d149b9a9d6
--- /dev/null
+++ b/SPECS-EXTENDED/perl-Alien-pkgconf/Alien-pkgconf-0.19-Accept-pkgconf-1.9.patch
@@ -0,0 +1,31 @@
+From 07715ec6cab4e23498bbe1acd852b2f92ce696a8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= 
+Date: Fri, 3 Mar 2023 13:26:32 +0100
+Subject: [PATCH] Accept pkgconf-1.9
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+https://github.com/PerlAlien/PkgConfig-LibPkgConf/issues/15
+Signed-off-by: Petr Písař 
+---
+ t/xs.t | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/t/xs.t b/t/xs.t
+index 372e802..8439b35 100644
+--- a/t/xs.t
++++ b/t/xs.t
+@@ -15,9 +15,6 @@ xs_ok $xs, with_subtest {
+ 
+   cmp_ok( Foo::pkgconf_version(), ">", 10502, "pkgconf is at least 1.5.2" );
+   note "version = @{[ Foo::pkgconf_version() ]}";
+-
+-  # For now 1.9.x is unfortunately not supported 
+-  cmp_ok( Foo::pkgconf_version(), "<", 10900, "pkgconf is not 1.9.x or 2.x" );
+ };
+ 
+ done_testing;
+-- 
+2.39.2
+
diff --git a/SPECS-EXTENDED/perl-Alien-pkgconf/perl-Alien-pkgconf.signatures.json b/SPECS-EXTENDED/perl-Alien-pkgconf/perl-Alien-pkgconf.signatures.json
index 903c3d7e41..5c7ddab055 100644
--- a/SPECS-EXTENDED/perl-Alien-pkgconf/perl-Alien-pkgconf.signatures.json
+++ b/SPECS-EXTENDED/perl-Alien-pkgconf/perl-Alien-pkgconf.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "perl-Alien-pkgconf-0.17.tar.gz": "d41be11b81fcdd8027b8135a120ded06cba0a78429c683c3658e012a13adcc04"
+  "perl-Alien-pkgconf-0.20.tar.gz": "93ac0adcaccfa5ca3151bc9a4a3cc5e9d0591696b6ee059a3311f1e1cb49410d"
  }
-}
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/perl-Alien-pkgconf/perl-Alien-pkgconf.spec b/SPECS-EXTENDED/perl-Alien-pkgconf/perl-Alien-pkgconf.spec
index 901f21f310..0b7eea0900 100644
--- a/SPECS-EXTENDED/perl-Alien-pkgconf/perl-Alien-pkgconf.spec
+++ b/SPECS-EXTENDED/perl-Alien-pkgconf/perl-Alien-pkgconf.spec
@@ -1,8 +1,8 @@
 Name:           perl-Alien-pkgconf
-Version:        0.17
-Release:        2%{?dist}
+Version:        0.20
+Release:        1%{?dist}
 Summary:        Discover pkgconf and libpkgconf
-# Other files:              GPL+ or Artistic
+# Other files:  GPL+ or Artistic
 ## Not used
 # pkgconf-1.3.9/aclocal.m4: GPLv3+ with exceptions
 License:        GPL+ or Artistic
@@ -10,6 +10,7 @@ Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://metacpan.org/release/Alien-pkgconf
 Source0:        https://cpan.metacpan.org/authors/id/P/PL/PLICEASE/Alien-pkgconf-%{version}.tar.gz#/perl-Alien-pkgconf-%{version}.tar.gz
+Patch0:         Alien-pkgconf-0.19-Accept-pkgconf-1.9.patch
 # This is a full-arch package because it stores data about arch-specific
 # libpkgconf.so library and it stores them into arch-specific directory.
 # But it does not install any ELF, therefore disable debuginfo generation.
@@ -76,6 +77,10 @@ perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 NO_PERLLOCAL=1
 %{_mandir}/man3/*
 
 %changelog
+* Fri Mar 14 2025 Jyoti Kanase  - 0.20-1
+- Upgrade to 0.20
+- License verified
+
 * Wed Nov 04 2020 Joe Schmitt  - 0.17-2
 - Initial CBL-Mariner import from Fedora 32 (license: MIT).
 - Disable tests to avoid Alien circular dependency.
diff --git a/SPECS-EXTENDED/perl-Archive-Extract/perl-Archive-Extract.signatures.json b/SPECS-EXTENDED/perl-Archive-Extract/perl-Archive-Extract.signatures.json
index 1090a121b8..162f2fe461 100644
--- a/SPECS-EXTENDED/perl-Archive-Extract/perl-Archive-Extract.signatures.json
+++ b/SPECS-EXTENDED/perl-Archive-Extract/perl-Archive-Extract.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "perl-Archive-Extract-0.86.tar.gz": "9acd09cdb8e8cf0b6d08210a3b80342300c89a359855319bf6b00c14c4aab687"
+  "perl-Archive-Extract-0.88.tar.gz": "cffcf135cd0622287d3b02154f7d6716495449fcaed03966621948e25ea5f742"
  }
-}
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/perl-Archive-Extract/perl-Archive-Extract.spec b/SPECS-EXTENDED/perl-Archive-Extract/perl-Archive-Extract.spec
index 7cb64defea..0c5566a489 100644
--- a/SPECS-EXTENDED/perl-Archive-Extract/perl-Archive-Extract.spec
+++ b/SPECS-EXTENDED/perl-Archive-Extract/perl-Archive-Extract.spec
@@ -1,5 +1,3 @@
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
 # Enable LZMA and XZ support via pure-Perl implementation
 %if 0%{?rhel}
 %bcond_with perl_Archive_Extract_enables_perl_xz
@@ -8,10 +6,13 @@ Distribution:   Azure Linux
 %endif
 
 Name:           perl-Archive-Extract
-Version:        0.86
-Release:        4%{?dist}
+# Epoch to compete with core module from perl.spec
+Version:        0.88
+Release:        13%{?dist}
 Summary:        Generic archive extracting mechanism
-License:        GPL+ or Artistic
+License:        GPL-1.0-or-later OR Artistic-1.0-Perl
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
 URL:            https://metacpan.org/release/Archive-Extract
 Source0:        https://cpan.metacpan.org/authors/id/B/BI/BINGOS/Archive-Extract-%{version}.tar.gz#/perl-Archive-Extract-%{version}.tar.gz
 BuildArch:      noarch
@@ -43,6 +44,7 @@ BuildRequires:  perl(File::Spec::Unix)
 BuildRequires:  perl(lib)
 BuildRequires:  perl(Test::More)
 Requires:       perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
+
 Requires:       perl(deprecate)
 # Prefer Archive::Tar to suppress warnings, bug #1217352, CPAN RT#104121
 Requires:       perl(Archive::Tar)
@@ -133,8 +135,8 @@ Obsoletes:  perl-Archive-Extract-lzma-Compress-unLZMA < 1:0.80-8
 # Compress::unLZMA not yet packaged
 #%%package lzma-Compress-unLZMA
 #Summary:    Lzma decompressor for %%{name} via Compress::unLZMA
-#Provides:   %%{name}-lzma = %%%{version}-%%{release}
-#Requires:   %%{name} = %%%{version}-%%{release}
+#Provides:   %%{name}-lzma = %%{version}-%%{release}
+#Requires:   %%{name} = %%{version}-%%{release}
 #Requires:   perl(Compress::unLZMA)
 #%%description lzma-Compress-unLZMA
 #%%{summary}.
@@ -332,11 +334,54 @@ make test
 %endif
 
 %changelog
-* Mon Nov 01 2021 Muhammad Falak  - 0.86-4
-- Remove epoch
+* Fri Dec 20 2024 Jyoti kanase  -  0.88 - 13
+- Initial Azure Linux import from Fedora 41 (license: MIT).
+- License verified.
+
+* Thu Jul 18 2024 Fedora Release Engineering  - 1:0.88-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Thu Jan 25 2024 Fedora Release Engineering  - 1:0.88-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering  - 1:0.88-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Jul 20 2023 Fedora Release Engineering  - 1:0.88-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Jan 19 2023 Fedora Release Engineering  - 1:0.88-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Tue Oct 25 2022 Michal Josef Špaček  - 1:0.88-7
+- Update license to SPDX
+
+* Fri Jul 22 2022 Fedora Release Engineering  - 1:0.88-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Mon May 30 2022 Jitka Plesnikova  - 1:0.88-5
+- Perl 5.36 rebuild
+
+* Thu Jan 20 2022 Fedora Release Engineering  - 1:0.88-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Jul 22 2021 Fedora Release Engineering  - 1:0.88-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri May 21 2021 Jitka Plesnikova  - 1:0.88-2
+- Perl 5.34 rebuild
+
+* Thu May 06 2021 Michal Josef Špaček  - 1:0.88-1
+- 0.88 bump
+
+* Tue Jan 26 2021 Fedora Release Engineering  - 1:0.86-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering  - 1:0.86-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 
-* Fri Oct 15 2021 Pawel Winogrodzki  - 1:0.86-3
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Mon Jun 22 2020 Jitka Plesnikova  - 1:0.86-3
+- Perl 5.32 rebuild
 
 * Wed Jan 29 2020 Fedora Release Engineering  - 1:0.86-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
diff --git a/SPECS-EXTENDED/perl-Class-Data-Inheritable/perl-Class-Data-Inheritable.signatures.json b/SPECS-EXTENDED/perl-Class-Data-Inheritable/perl-Class-Data-Inheritable.signatures.json
index ea7aa3cae0..efa5c10764 100644
--- a/SPECS-EXTENDED/perl-Class-Data-Inheritable/perl-Class-Data-Inheritable.signatures.json
+++ b/SPECS-EXTENDED/perl-Class-Data-Inheritable/perl-Class-Data-Inheritable.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "Class-Data-Inheritable-0.08-clean.tar.gz": "febb2cc54e84fc79226e276544e7256d62cb0606ffbaef04977fa9cf42ecd5d6"
+  "perl-Class-Data-Inheritable-0.09.tar.gz": "44088d6e90712e187b8a5b050ca5b1c70efe2baa32ae123e9bd8f59f29f06e4d"
  }
 }
diff --git a/SPECS-EXTENDED/perl-Class-Data-Inheritable/perl-Class-Data-Inheritable.spec b/SPECS-EXTENDED/perl-Class-Data-Inheritable/perl-Class-Data-Inheritable.spec
index bf109eef1b..178c9d4db2 100644
--- a/SPECS-EXTENDED/perl-Class-Data-Inheritable/perl-Class-Data-Inheritable.spec
+++ b/SPECS-EXTENDED/perl-Class-Data-Inheritable/perl-Class-Data-Inheritable.spec
@@ -6,28 +6,30 @@
 %endif
 
 Name:           perl-Class-Data-Inheritable
-Version:        0.08
-Release:        37%{?dist}
+Version:        0.09
+Release:        10%{?dist}
 Summary:        Inheritable, overridable class data
-License:        GPL+ or Artistic
+License:        GPL-1.0-or-later OR Artistic-1.0-Perl
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://metacpan.org/release/Class-Data-Inheritable
 # has non-free and outdated jp docs
 # rm -rf doc
-# Source0:      https://cpan.metacpan.org/authors/id/T/TM/TMTM/Class-Data-Inheritable-%%{version}.tar.gz
-Source0:        %{_distro_sources_url}/Class-Data-Inheritable-%{version}-clean.tar.gz
+Source0:       https://cpan.metacpan.org/authors/id/R/RS/RSHERER/Class-Data-Inheritable-%{version}.tar.gz#/%{name}-%{version}.tar.gz
 BuildArch:      noarch
+
 BuildRequires:  coreutils
 BuildRequires:  findutils
 BuildRequires:  make
 BuildRequires:  perl-generators
 BuildRequires:  perl-interpreter
 BuildRequires:  perl(ExtUtils::MakeMaker)
+
 # Run-time:
 BuildRequires:  perl(Carp)
 BuildRequires:  perl(strict)
 BuildRequires:  perl(vars)
+
 # Tests:
 BuildRequires:  perl(base)
 BuildRequires:  perl(Test::More)
@@ -36,7 +38,6 @@ BuildRequires:  perl(Test::More)
 BuildRequires:  perl(Test::Pod) >= 1.00
 BuildRequires:  perl(Test::Pod::Coverage) >= 1.00
 %endif
-Requires:       perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
 Requires:       perl(Carp)
 
 %description
@@ -53,28 +54,66 @@ perl Makefile.PL INSTALLDIRS=vendor
 make
 
 %install
-rm -rf %{buildroot}
 make pure_install DESTDIR=%{buildroot}
 find %{buildroot} -type f -name .packlist -delete
-%{_fixperms} %{buildroot}
+%{_fixperms} -c %{buildroot}
 
 %check
 make test
 
 %files
 %{perl_vendorlib}/Class/
-%{_mandir}/man3/Class::Data::Inheritable.3pm*
+%{_mandir}/man3/Class::Data::Inheritable.3*
 
 %changelog
-* Thu Feb 22 2024 Pawel Winogrodzki  - 0.08-37
-- Updating naming for 3.0 version of Azure Linux.
-
-* Tue Apr 26 2022 Mandeep Plaha  - 0.08-36
-- Updated source URL.
+* Thu Dec 19 2024 Jyoti kanase  -  0.09-10
+- Initial Azure Linux import from Fedora 41 (license: MIT).
 - License verified.
 
-* Fri Oct 15 2021 Pawel Winogrodzki  - 0.08-35
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Thu Jul 18 2024 Fedora Release Engineering  - 0.09-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Thu Jan 25 2024 Fedora Release Engineering  - 0.09-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering  - 0.09-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Jul 20 2023 Fedora Release Engineering  - 0.09-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Fri Jan 20 2023 Fedora Release Engineering  - 0.09-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Fri Jul 22 2022 Fedora Release Engineering  - 0.09-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Tue May 31 2022 Jitka Plesnikova  - 0.09-3
+- Perl 5.36 rebuild
+
+* Fri Jan 21 2022 Fedora Release Engineering  - 0.09-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Sat Jul 31 2021 Paul Howarth  - 0.09-1
+- Update to 0.09
+  - Update spelling errors to resolve CPAN RT#83824 and CPAN RT#86563
+- Drop redundant buildroot cleaning in %%install section
+- Fix permissions verbosely
+
+* Thu Jul 22 2021 Fedora Release Engineering  - 0.08-39
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri May 21 2021 Jitka Plesnikova  - 0.08-38
+- Perl 5.34 rebuild
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 0.08-37
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering  - 0.08-36
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jun 23 2020 Jitka Plesnikova  - 0.08-35
+- Perl 5.32 rebuild
 
 * Wed Jan 29 2020 Fedora Release Engineering  - 0.08-34
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
diff --git a/SPECS-EXTENDED/perl-Class-Tiny/perl-Class-Tiny.signatures.json b/SPECS-EXTENDED/perl-Class-Tiny/perl-Class-Tiny.signatures.json
index eab2820508..b407ae293b 100644
--- a/SPECS-EXTENDED/perl-Class-Tiny/perl-Class-Tiny.signatures.json
+++ b/SPECS-EXTENDED/perl-Class-Tiny/perl-Class-Tiny.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "perl-Class-Tiny-1.006.tar.gz": "2efcbd31528be51d3022c616768558b78c6172df5f03c5dc698939f65488cb4e"
+  "perl-Class-Tiny-1.008.tar.gz": "ee058a63912fa1fcb9a72498f56ca421a2056dc7f9f4b67837446d6421815615"
  }
 }
diff --git a/SPECS-EXTENDED/perl-Class-Tiny/perl-Class-Tiny.spec b/SPECS-EXTENDED/perl-Class-Tiny/perl-Class-Tiny.spec
index d701b6027f..9c180b4e04 100644
--- a/SPECS-EXTENDED/perl-Class-Tiny/perl-Class-Tiny.spec
+++ b/SPECS-EXTENDED/perl-Class-Tiny/perl-Class-Tiny.spec
@@ -6,15 +6,16 @@
 %endif
 
 Name:           perl-Class-Tiny
-Version:        1.006
-Release:        13%{?dist}
+Version:        1.008
+Release:        1%{?dist}
 Summary:        Minimalist class construction
-License:        ASL 2.0
+License:        Apache-2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://metacpan.org/release/Class-Tiny
 Source0:        https://cpan.metacpan.org/authors/id/D/DA/DAGOLDEN/Class-Tiny-%{version}.tar.gz#/perl-Class-Tiny-%{version}.tar.gz
 BuildArch:      noarch
+BuildRequires:  coreutils
 BuildRequires:  make
 BuildRequires:  perl-generators
 BuildRequires:  perl-interpreter
@@ -39,7 +40,6 @@ BuildRequires:  perl(Test::More) >= 0.96
 # Optional test
 BuildRequires:  perl(Test::FailWarnings)
 %endif
-Requires:       perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
 # Devel::GlobalDestruction not needed on Perl >= 5.14
 # mro on Perl >= 5.10
 Requires:       perl(mro)
@@ -68,11 +68,11 @@ of code. Here is a list of features:
 %setup -q -n Class-Tiny-%{version}
 
 %build
-perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1
-make %{?_smp_mflags}
+perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 NO_PERLLOCAL=1
+%{make_build}
 
 %install
-make pure_install DESTDIR=$RPM_BUILD_ROOT
+%{make_install}
 %{_fixperms} $RPM_BUILD_ROOT/*
 
 %check
@@ -85,6 +85,10 @@ make test
 %{_mandir}/man3/*
 
 %changelog
+* Mon Feb 27 2025 Sumit Jena  - 1.008-1
+- Update to version 1.008
+- License verified
+
 * Fri Oct 15 2021 Pawel Winogrodzki  - 1.006-13
 - Initial CBL-Mariner import from Fedora 32 (license: MIT).
 
diff --git a/SPECS-EXTENDED/perl-Config-AutoConf/perl-Config-AutoConf.signatures.json b/SPECS-EXTENDED/perl-Config-AutoConf/perl-Config-AutoConf.signatures.json
index 4ba787dc39..03c8abbf82 100644
--- a/SPECS-EXTENDED/perl-Config-AutoConf/perl-Config-AutoConf.signatures.json
+++ b/SPECS-EXTENDED/perl-Config-AutoConf/perl-Config-AutoConf.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "perl-Config-AutoConf-0.318.tar.gz": "33c930feec3003de251ca222abe8bbeb74610ad07f65fc16f27d74d195eeab34"
+  "perl-Config-AutoConf-0.320.tar.gz": "bb57a958ef49d3f7162276dae14a7bd5af43fd1d8513231af35d665459454023"
  }
 }
diff --git a/SPECS-EXTENDED/perl-Config-AutoConf/perl-Config-AutoConf.spec b/SPECS-EXTENDED/perl-Config-AutoConf/perl-Config-AutoConf.spec
index ececfe0ea6..072023f8bd 100644
--- a/SPECS-EXTENDED/perl-Config-AutoConf/perl-Config-AutoConf.spec
+++ b/SPECS-EXTENDED/perl-Config-AutoConf/perl-Config-AutoConf.spec
@@ -1,15 +1,21 @@
+# Use File::Slurper for reading file content
+%bcond_without perl_Config_AutoConf_enables_File_Slurper
+# Use Scalar::Util for detecting numbers
+%bcond_without perl_Config_AutoConf_enables_Scalar_Util
+
 Name:           perl-Config-AutoConf
-Version:        0.318
-Release:        3%{?dist}
+Version:        0.320
+Release:        1%{?dist}
 Summary:        A module to implement some of AutoConf macros in pure Perl
-License:        GPL+ or Artistic
+License:        GPL-1.0-or-later OR Artistic-1.0-Perl
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://metacpan.org/release/Config-AutoConf
-Source0:        https://cpan.metacpan.org/authors/id/R/RE/REHSACK/Config-AutoConf-%{version}.tar.gz#/perl-Config-AutoConf-%{version}.tar.gz
+Source0:        https://cpan.metacpan.org/authors/id/A/AM/AMBS/Config-AutoConf-%{version}.tar.gz#/perl-Config-AutoConf-%{version}.tar.gz
 BuildArch:      noarch
 # Build
 BuildRequires:  gcc
+BuildRequires:  make
 BuildRequires:  perl-interpreter
 BuildRequires:  perl-generators
 BuildRequires:  perl(ExtUtils::MakeMaker) >= 6.76
@@ -23,16 +29,26 @@ BuildRequires:  perl(Config)
 BuildRequires:  perl(constant)
 BuildRequires:  perl(Exporter)
 BuildRequires:  perl(File::Basename)
+%if %{with perl_Config_AutoConf_enables_File_Slurper}
 BuildRequires:  perl(File::Slurper)
+%endif
 BuildRequires:  perl(File::Spec)
 BuildRequires:  perl(File::Temp)
+%if %{with perl_Config_AutoConf_enables_Scalar_Util}
+BuildRequires:  perl(Scalar::Util) >= 1.18
+%endif
 BuildRequires:  perl(Text::ParseWords)
 # Tests only
 BuildRequires:  perl(Cwd)
 BuildRequires:  perl(ExtUtils::CBuilder)
 # Unused BuildRequires:  perl(IO::String)
 BuildRequires:  perl(Test::More)
-Requires:       perl(:MODULE_COMPAT_%(eval "$(/usr/bin/perl -V:version)"; echo $version))
+%if %{with perl_Config_AutoConf_enables_File_Slurper}
+Suggests:       perl(File::Slurper)
+%endif
+%if %{with perl_Config_AutoConf_enables_Scalar_Util}
+Suggests:       perl(Scalar::Util) >= 1.18
+%endif
 
 %description
 This module simulates some of the tasks autoconf macros do.  To detect
@@ -58,6 +74,10 @@ a command, a library and similar.
 %{_mandir}/man3/*
 
 %changelog
+* Mon Feb 27 2025 Sumit Jena  - 0.320-1
+- Update to version 0.320
+- License verified
+
 * Fri Oct 15 2021 Pawel Winogrodzki  - 0.318-3
 - Initial CBL-Mariner import from Fedora 32 (license: MIT).
 
diff --git a/SPECS-EXTENDED/perl-Date-Manip/perl-Date-Manip.signatures.json b/SPECS-EXTENDED/perl-Date-Manip/perl-Date-Manip.signatures.json
index e5979c18af..2ed7fc52eb 100644
--- a/SPECS-EXTENDED/perl-Date-Manip/perl-Date-Manip.signatures.json
+++ b/SPECS-EXTENDED/perl-Date-Manip/perl-Date-Manip.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "perl-Date-Manip-6.82.tar.gz": "fa96bcf94c6b4b7d3333f073f5d0faad59f546e5aec13ac01718f2e6ef14672a"
+  "perl-Date-Manip-6.95.tar.gz": "92383832311f22083f55d03c8dae8f4bcc387cd902624e5ef9ac680f144cbd4c"
  }
-}
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/perl-Date-Manip/perl-Date-Manip.spec b/SPECS-EXTENDED/perl-Date-Manip/perl-Date-Manip.spec
index 10d13aca3b..3d7176aea4 100644
--- a/SPECS-EXTENDED/perl-Date-Manip/perl-Date-Manip.spec
+++ b/SPECS-EXTENDED/perl-Date-Manip/perl-Date-Manip.spec
@@ -1,40 +1,46 @@
 Name:           perl-Date-Manip
-Version:        6.82
-Release:        2%{?dist}
+Version:        6.95
+Release:        3%{?dist}
 Summary:        Date manipulation routines
-License:        GPL+ or Artistic
+License:        GPL-1.0-or-later OR Artistic-1.0-Perl
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://metacpan.org/release/Date-Manip
 Source0:        https://cpan.metacpan.org/authors/id/S/SB/SBECK/Date-Manip-%{version}.tar.gz#/perl-Date-Manip-%{version}.tar.gz
+
 BuildArch:      noarch
 # Build
+BuildRequires:  coreutils
 BuildRequires:  make
-BuildRequires:  perl-interpreter
 BuildRequires:  perl-generators
+BuildRequires:  perl-interpreter
+BuildRequires:  perl(Config)
 BuildRequires:  perl(ExtUtils::MakeMaker) >= 6.76
 BuildRequires:  perl(strict)
 BuildRequires:  perl(warnings)
 # Runtime
+BuildRequires:  perl(:VERSION) >= 5.10.0
 BuildRequires:  perl(Carp)
-# XXX: BuildRequires:  perl(Cwd)
-# XXX: BuildRequires:  perl(Data::Dumper)
+# Cwd not used at tests
+BuildRequires:  perl(Data::Dumper)
 BuildRequires:  perl(Encode)
 BuildRequires:  perl(Exporter)
-# XXX: BuildRequires:  perl(File::Find)
-# XXX: BuildRequires:  perl(File::Spec)
-BuildRequires:  perl(File::Basename)
-BuildRequires:  perl(File::Find::Rule)
+# File::Find not used at tests
+# File::Spec not used at tests
 BuildRequires:  perl(integer)
 BuildRequires:  perl(IO::File)
 BuildRequires:  perl(Storable)
 BuildRequires:  perl(utf8)
+# Win32::TieRegistry not used
 # Tests only
+# File::Basename not used
+# File::Find::Rule not used
+# lib not used
 BuildRequires:  perl(Test::Inter) >= 1.09
-BuildRequires:  perl(Test::Pod) >= 1.00
-BuildRequires:  perl(Test::Pod::Coverage) >= 1.00
 BuildRequires:  perl(Test::More)
 Requires:       perl(:MODULE_COMPAT_%(eval "$(perl -V:version)"; echo $version))
+# Test::Pod 1.00 not used
+# Test::Pod::Coverage 1.00 not used
 Requires:       perl(Cwd)
 Requires:       perl(File::Find)
 Requires:       perl(File::Spec)
@@ -45,38 +51,179 @@ Obsoletes: perl-DateManip < 5.48-1
 
 %{?perl_default_filter}
 
+# Filter modules bundled for tests
+%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(tests.pl\\)
+
 %description
 Date::Manip is a series of modules designed to make any common date/time
-operation easy to do. Operations such as comparing two times, determining a
-data a given amount of time from another, or parsing international times
+operation easy to do. Operations such as comparing two times, determining
+a data a given amount of time from another, or parsing international times
 are all easily done. It deals with time as it is used in the Gregorian
 calendar (the one currently in use) with full support for time changes due
 to daylight saving time.
 
+%package tests
+Summary:        Tests for %{name}
+Requires:       %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
+Requires:       perl-Test-Harness
+
+%description tests
+Tests from %{name}. Execute them
+with "%{_libexecdir}/%{name}/test".
+
 %prep
 %setup -q -n Date-Manip-%{version}
 
+# Help generators to recognize Perl scripts
+for F in t/*.t t/*.pl; do
+    perl -i -MConfig -ple 'print $Config{startperl} if $. == 1 && !s{\A#!.*perl\b}{$Config{startperl}}' "$F"
+    chmod +x "$F"
+done
+
 %build
-perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1
-make %{?_smp_mflags}
+perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 NO_PERLLOCAL=1
+%{make_build}
 
 %install
-make pure_install DESTDIR=%{buildroot}
+%{make_install}
 %{_fixperms} %{buildroot}/*
 
+# Install tests
+mkdir -p %{buildroot}%{_libexecdir}/%{name}
+cp -a t %{buildroot}%{_libexecdir}/%{name}
+# Remove release tests
+rm -f %{buildroot}%{_libexecdir}/%{name}/t/_pod*
+rm -f %{buildroot}%{_libexecdir}/%{name}/t/_version.t
+cat > %{buildroot}%{_libexecdir}/%{name}/test << 'EOF'
+#!/bin/sh
+unset DATE_MANIP DATE_MANIP_DEBUG DATE_MANIP_DEBUG_ABBREVS \
+    DATE_MANIP_DEBUG_ZONES Date_Manip_RELEASE_TESTING DATE_MANIP_TEST_DM5 \
+    OS MULTINET_TIMEZONE 'SYS$TIMEZONE_DIFFERENTIAL' 'SYS$TIMEZONE_NAME' \
+    'SYS$TIMEZONE_RULE' 'TCPIP$TZ' 'UCX$TZ'
+cd %{_libexecdir}/%{name} && exec prove -I . -j "$(getconf _NPROCESSORS_ONLN)"
+EOF
+chmod +x %{buildroot}%{_libexecdir}/%{name}/test
+
 %check
+unset DATE_MANIP DATE_MANIP_DEBUG DATE_MANIP_DEBUG_ABBREVS \
+    DATE_MANIP_DEBUG_ZONES Date_Manip_RELEASE_TESTING DATE_MANIP_TEST_DM5 \
+    OS MULTINET_TIMEZONE 'SYS$TIMEZONE_DIFFERENTIAL' 'SYS$TIMEZONE_NAME' \
+    'SYS$TIMEZONE_RULE' 'TCPIP$TZ' 'UCX$TZ'
+export HARNESS_OPTIONS=j$(perl -e 'if ($ARGV[0] =~ /.*-j([0-9][0-9]*).*/) {print $1} else {print 1}' -- '%{?_smp_mflags}')
 make test
 
 %files
 %license LICENSE
 %doc README README.first
-%{perl_vendorlib}/Date/
-%{_mandir}/man[13]/*.[13]*
+%dir %{perl_vendorlib}/Date
+%{perl_vendorlib}/Date/Manip
+%{perl_vendorlib}/Date/Manip.{pm,pod}
+%{_mandir}/man1/dm_*.1*
+%{_mandir}/man3/Date::Manip.3*
+%{_mandir}/man3/Date::Manip::*.3*
 %{_bindir}/dm_*
 
+%files tests
+%{_libexecdir}/%{name}
+
 %changelog
-* Fri Oct 15 2021 Pawel Winogrodzki  - 6.82-2
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Wed Dec 18 2024 Jyoti kanase  -  6.95 -3
+- Initial Azure Linux import from Fedora 41 (license: MIT).
+- License verified.
+
+* Thu Jul 18 2024 Fedora Release Engineering  - 6.95-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Mar 01 2024 Packit  - 6.95-1
+- Release: v6.95 (Sullivan Beck)
+- Checkpoint: v6.95 (Sullivan Beck)
+- Added POSIX handling (Sullivan Beck)
+- Initial checkin of next release cycle: 6.95 (Sullivan Beck)
+- Resolves rhbz#2267329
+
+* Thu Jan 25 2024 Fedora Release Engineering  - 6.94-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering  - 6.94-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Wed Jan 10 2024 Jitka Plesnikova  - 6.94-1
+- 6.94 bump (rhbz#2257491)
+- Package tests
+
+* Wed Jan 03 2024 Petr Pisar  - 6.93-2
+- Adapt test envinronment guard to changes in 6.93
+- List files explicitly
+- Run tests in parallel
+
+* Sun Dec 03 2023 Packit  - 6.93-1
+- Release: v6.93 (Sullivan Beck)
+- Checkpoint: v6.93 (Sullivan Beck)
+- Remove Travis (Sullivan Beck)
+- Initial checkin of next release cycle: 6.93 (Sullivan Beck)
+
+* Thu Jul 20 2023 Fedora Release Engineering  - 6.92-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Wed Jun 14 2023 Jan Pazdziora  - 6.92-1
+- 2213282 - Rebase to upstream version 6.92.
+
+* Wed Mar 08 2023 Jan Pazdziora  - 6.91-1
+- 2174484 - Rebase to upstream version 6.91.
+
+* Fri Mar 03 2023 Michal Josef Špaček  - 6.90-3
+- Update license to SPDX format
+
+* Fri Jan 20 2023 Fedora Release Engineering  - 6.90-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Sat Dec 10 2022 Jan Pazdziora  - 6.90-1
+- 2150409 - Rebase to upstream version 6.90.
+
+* Wed Sep 21 2022 Jan Pazdziora  - 6.89-1
+- 2123418 - Rebase to upstream version 6.89.
+
+* Fri Jul 22 2022 Fedora Release Engineering  - 6.88-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Mon Jun 06 2022 Jitka Plesnikova  - 6.88-2
+- Perl 5.36 re-rebuild updated packages
+
+* Mon Jun 06 2022 Jan Pazdziora  - 6.88-1
+- 2093024 - Rebase to upstream version 6.88.
+
+* Tue May 31 2022 Jitka Plesnikova  - 6.86-3
+- Perl 5.36 rebuild
+
+* Fri Jan 21 2022 Fedora Release Engineering  - 6.86-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Tue Nov 23 2021 Jan Pazdziora  - 6.86-1
+- 2023516 - Rebase to upstream version 6.86.
+
+* Thu Jul 22 2021 Fedora Release Engineering  - 6.85-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri May 21 2021 Jitka Plesnikova  - 6.85-2
+- Perl 5.34 rebuild
+
+* Wed Mar 03 2021 Jan Pazdziora  - 6.85-1
+- 1933868 - Rebase to upstream version 6.85.
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 6.83-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Fri Jan 15 2021 Petr Pisar  - 6.83-2
+- Specify all dependendencies
+
+* Tue Dec 15 2020 Jan Pazdziora  - 6.83-1
+- 1902872 - Rebase to upstream version 6.83.
+
+* Tue Jul 28 2020 Fedora Release Engineering  - 6.82-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jun 23 2020 Jitka Plesnikova  - 6.82-2
+- Perl 5.32 rebuild
 
 * Mon Jun 08 2020 Jan Pazdziora  - 6.82-1
 - 1842524 - Rebase to upstream version 6.82.
diff --git a/SPECS-EXTENDED/perl-File-DesktopEntry/perl-File-DesktopEntry.spec b/SPECS-EXTENDED/perl-File-DesktopEntry/perl-File-DesktopEntry.spec
index d174ab5900..6bbc69775b 100644
--- a/SPECS-EXTENDED/perl-File-DesktopEntry/perl-File-DesktopEntry.spec
+++ b/SPECS-EXTENDED/perl-File-DesktopEntry/perl-File-DesktopEntry.spec
@@ -7,7 +7,7 @@
 
 Name:           perl-File-DesktopEntry
 Version:        0.22
-Release:        14%{?dist}
+Release:        15%{?dist}
 Summary:        Object to handle .desktop files
 License:        GPL+ or Artistic
 Vendor:         Microsoft Corporation
@@ -35,7 +35,6 @@ BuildRequires:  perl(Test::More)
 BuildRequires:  perl(utf8)
 %if %{with perl_File_DesktopEntry_enables_optional_test}
 # Optional tests
-BuildRequires:  perl(Test::CPAN::Changes)
 BuildRequires:  perl(Test::Pod) >= 1.00
 BuildRequires:  perl(Test::Pod::Coverage) >= 1.00
 %endif
@@ -65,11 +64,16 @@ make pure_install DESTDIR=$RPM_BUILD_ROOT
 make test
 
 %files
+%license README.md
 %doc Changes
 %{perl_vendorlib}/*
 %{_mandir}/man3/*
 
 %changelog
+* Fri Apr 18 2025 Aninda Pradhan  - 0.22-15
+- removed perl(Test::CPAN::Changes) from BR
+- License verified
+
 * Fri Oct 15 2021 Pawel Winogrodzki  - 0.22-14
 - Initial CBL-Mariner import from Fedora 32 (license: MIT).
 
diff --git a/SPECS-EXTENDED/perl-File-TreeCreate/perl-File-TreeCreate.signatures.json b/SPECS-EXTENDED/perl-File-TreeCreate/perl-File-TreeCreate.signatures.json
new file mode 100644
index 0000000000..6eacca8d1a
--- /dev/null
+++ b/SPECS-EXTENDED/perl-File-TreeCreate/perl-File-TreeCreate.signatures.json
@@ -0,0 +1,5 @@
+{
+ "Signatures": {
+  "perl-File-TreeCreate-0.0.1.tar.gz": "57686f10843be81affad185ae4131790ba0c4af36d2104d6fb69126528055267"
+ }
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/perl-File-TreeCreate/perl-File-TreeCreate.spec b/SPECS-EXTENDED/perl-File-TreeCreate/perl-File-TreeCreate.spec
new file mode 100644
index 0000000000..d59bd98e57
--- /dev/null
+++ b/SPECS-EXTENDED/perl-File-TreeCreate/perl-File-TreeCreate.spec
@@ -0,0 +1,88 @@
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+Name:		perl-File-TreeCreate
+Version:	0.0.1
+Release:	11%{?dist}
+Summary:	Recursively create a directory tree
+License:	MIT
+URL:		https://metacpan.org/release/File-TreeCreate
+Source0:	https://cpan.metacpan.org/modules/by-module/File/File-TreeCreate-%{version}.tar.gz#/%{name}-%{version}.tar.gz
+BuildArch:	noarch
+
+# Module Build
+BuildRequires:	coreutils
+BuildRequires:	perl-generators
+BuildRequires:	perl-interpreter
+BuildRequires:	perl(Module::Build) >= 0.28
+# Module Runtime
+BuildRequires:	perl(autodie)
+BuildRequires:	perl(Carp)
+BuildRequires:	perl(File::Spec)
+BuildRequires:	perl(strict)
+BuildRequires:	perl(warnings)
+# Test Suite
+BuildRequires:	perl(blib)
+BuildRequires:	perl(File::Path)
+BuildRequires:	perl(IO::Handle)
+BuildRequires:	perl(IPC::Open3)
+BuildRequires:	perl(Test::More) >= 0.88
+# Dependencies
+# (none)
+
+%description
+Recursively create a directory tree.
+
+%prep
+%autosetup -n File-TreeCreate-%{version}
+
+%build
+perl Build.PL --installdirs=vendor
+./Build
+
+%install
+./Build install --destdir=%{buildroot} --create_packlist=0
+%{_fixperms} -c %{buildroot}
+
+%check
+./Build test
+
+%files
+%license LICENSE
+%doc Changes README
+%{perl_vendorlib}/File/
+%{_mandir}/man3/File::TreeCreate.3*
+
+%changelog
+* Wed Apr 09 2025 Archana Shettigar  - 0.0.1-11
+- Initial Azure Linux import from Fedora 41 (license: MIT).
+- License verified
+
+* Fri Jul 19 2024 Fedora Release Engineering  - 0.0.1-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Thu Jan 25 2024 Fedora Release Engineering  - 0.0.1-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering  - 0.0.1-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Jul 20 2023 Fedora Release Engineering  - 0.0.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Apr 20 2023 Paul Howarth  - 0.0.1-6
+- SPDX migration
+
+* Fri Jan 20 2023 Fedora Release Engineering  - 0.0.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Fri Jul 22 2022 Fedora Release Engineering  - 0.0.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Tue May 31 2022 Jitka Plesnikova  - 0.0.1-3
+- Perl 5.36 rebuild
+
+* Fri Jan 21 2022 Fedora Release Engineering  - 0.0.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Aug 27 2021 Paul Howarth  - 0.0.1-1
+- Initial RPM version
diff --git a/SPECS-EXTENDED/perl-JSON-MaybeXS/perl-JSON-MaybeXS.signatures.json b/SPECS-EXTENDED/perl-JSON-MaybeXS/perl-JSON-MaybeXS.signatures.json
index 7241b5aec5..6b0f47a8e2 100644
--- a/SPECS-EXTENDED/perl-JSON-MaybeXS/perl-JSON-MaybeXS.signatures.json
+++ b/SPECS-EXTENDED/perl-JSON-MaybeXS/perl-JSON-MaybeXS.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "JSON-MaybeXS-1.004003.tar.gz": "5bee3b17ff9dcffd6e99ab8cf7f35747650bfce1dc622e3ad10b85a194462fbf"
+  "JSON-MaybeXS-1.004008.tar.gz": "cd3937afa78831f80a2ad5abab6c51b9e82fca4c31e5856ea208d598db5dc867"
  }
-}
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/perl-JSON-MaybeXS/perl-JSON-MaybeXS.spec b/SPECS-EXTENDED/perl-JSON-MaybeXS/perl-JSON-MaybeXS.spec
index b8ab0eb9b3..5816bb2600 100644
--- a/SPECS-EXTENDED/perl-JSON-MaybeXS/perl-JSON-MaybeXS.spec
+++ b/SPECS-EXTENDED/perl-JSON-MaybeXS/perl-JSON-MaybeXS.spec
@@ -5,53 +5,52 @@
 # involve modifications to the back-end packages, but it also makes for
 # consistent results as we're always using the same, most-tested
 # back-end.
-Summary:        Use Cpanel::JSON::XS with a fallback to JSON::XS and JSON::PP
-Name:           perl-JSON-MaybeXS
-Version:        1.004003
-Release:        5%{?dist}
-License:        GPL+ OR Artistic
+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
-URL:            https://metacpan.org/release/JSON-MaybeXS
-Source0:        https://cpan.metacpan.org/modules/by-module/JSON/JSON-MaybeXS-%{version}.tar.gz
-
-BuildArch:      noarch
-
+Name:		perl-JSON-MaybeXS
+Summary:	Use Cpanel::JSON::XS with a fallback to JSON::XS and JSON::PP
+Version:	1.004008
+Release:	3%{?dist}
+License:	GPL-1.0-or-later OR Artistic-1.0-Perl
+URL:		https://metacpan.org/release/JSON-MaybeXS
+Source0:	https://cpan.metacpan.org/modules/by-module/JSON/JSON-MaybeXS-%{version}.tar.gz
+BuildArch:	noarch
 # Module Build
-BuildRequires:  coreutils
-BuildRequires:  make
-BuildRequires:  perl-generators
-BuildRequires:  perl-interpreter
-BuildRequires:  perl(Carp)
+BuildRequires:	coreutils
+BuildRequires:	make
+BuildRequires:	perl-generators
+BuildRequires:	perl-interpreter
+BuildRequires:	perl(ExtUtils::MakeMaker) >= 6.76
+BuildRequires:	perl(lib)
+BuildRequires:	perl(Text::ParseWords)
 # Dependencies of bundled ExtUtils::HasCompiler
-BuildRequires:  perl(Config)
-BuildRequires:  perl(Cpanel::JSON::XS) >= 2.3310
-BuildRequires:  perl(DynaLoader)
-BuildRequires:  perl(Exporter)
-BuildRequires:  perl(ExtUtils::MakeMaker) >= 6.76
-BuildRequires:  perl(ExtUtils::Mksymlists)
-BuildRequires:  perl(File::Basename)
-BuildRequires:  perl(File::Spec::Functions)
-BuildRequires:  perl(File::Temp)
-BuildRequires:  perl(Scalar::Util)
-BuildRequires:  perl(Text::ParseWords)
+BuildRequires:	perl(Config)
+BuildRequires:	perl(DynaLoader)
+BuildRequires:	perl(ExtUtils::Mksymlists)
+BuildRequires:	perl(File::Basename)
+BuildRequires:	perl(File::Spec::Functions)
+BuildRequires:	perl(File::Temp)
 # Module Runtime
-BuildRequires:  perl(base)
-BuildRequires:  perl(lib)
-BuildRequires:  perl(strict)
-BuildRequires:  perl(warnings)
-
-%if 0%{?with_check}
-BuildRequires:  perl(JSON::PP) >= 2.27300
-BuildRequires:  perl(JSON::XS) >= 3.0
-BuildRequires:  perl(Test::More) >= 0.88
-BuildRequires:  perl(Test::Needs) >= 0.002006
-BuildRequires:  perl(if)
-%endif
-
-# Runtime
-Requires:       perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
-Requires:       perl(Cpanel::JSON::XS) >= 2.3310
+BuildRequires:	perl(base)
+BuildRequires:	perl(Carp)
+BuildRequires:	perl(constant)
+
+BuildRequires:	perl(Cpanel::JSON::XS) >= 2.3310
+
+BuildRequires:	perl(Exporter)
+BuildRequires:	perl(if)
+BuildRequires:	perl(Scalar::Util)
+BuildRequires:	perl(strict)
+BuildRequires:	perl(warnings)
+# Test Suite
+BuildRequires:	perl(JSON::PP) >= 2.27300
+BuildRequires:	perl(JSON::XS) >= 3.0
+BuildRequires:	perl(Test::More) >= 0.88
+BuildRequires:	perl(Test::Needs) >= 0.002006
+# Dependencies
+
+Requires:	perl(Cpanel::JSON::XS) >= 2.3310
 
 %description
 This module first checks to see if either Cpanel::JSON::XS or JSON::XS
@@ -72,10 +71,10 @@ mutators, so we provide our own "new" method that supports that.
 
 %build
 perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 NO_PERLLOCAL=1
-%make_build
+%{make_build}
 
 %install
-%make_install
+%{make_install}
 %{_fixperms} -c %{buildroot}
 
 %check
@@ -88,9 +87,54 @@ make test
 %{_mandir}/man3/JSON::MaybeXS.3*
 
 %changelog
-* Wed Jan 26 2022 Pawel Winogrodzki  - 1.004003-5
-- Initial CBL-Mariner import from Fedora 36 (license: MIT).
-- License verified.
+* Tue May 06 2025 Durga Jagadeesh Palli  - 1.004008-3
+- Initial Azure Linux import from Fedora 41 (license: MIT)
+- License verified
+
+* Tue Aug 13 2024 Paul Howarth  - 1.004008-2
+- Fix runtime dependency on Cpanel::JSON::XS 4.38 (rhbz#2304277)
+
+* Sun Aug 11 2024 Paul Howarth  - 1.004008-1
+- Update to 1.004008
+  - Improved boolean testing
+
+* Sun Aug  4 2024 Paul Howarth  - 1.004007-1
+- Update to 1.004007
+  - is_bool() now recognizes core booleans (perl 5.36+); note that JSON::PP
+   4.11 and Cpanel::JSON::XS 4.38 are required to properly encode them
+
+* Fri Jul 19 2024 Fedora Release Engineering  - 1.004005-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Thu Jan 25 2024 Fedora Release Engineering  - 1.004005-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering  - 1.004005-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Jul 20 2023 Fedora Release Engineering  - 1.004005-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Sun Apr 30 2023 Paul Howarth  - 1.004005-1
+- Update to 1.004005
+  - to_json and from_json are now documented (GH#2)
+
+* Fri Jan 20 2023 Fedora Release Engineering  - 1.004004-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Tue Sep 20 2022 Paul Howarth  - 1.004004-1
+- Update to 1.004004
+  - Slight speed optimization for is_bool()
+- Use SPDX-format license tag
+
+* Fri Jul 22 2022 Fedora Release Engineering  - 1.004003-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Tue May 31 2022 Jitka Plesnikova  - 1.004003-6
+- Perl 5.36 rebuild
+
+* Fri Jan 21 2022 Fedora Release Engineering  - 1.004003-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 
 * Thu Jul 22 2021 Fedora Release Engineering  - 1.004003-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
diff --git a/SPECS-EXTENDED/perl-Module-Build-Tiny/perl-Module-Build-Tiny.signatures.json b/SPECS-EXTENDED/perl-Module-Build-Tiny/perl-Module-Build-Tiny.signatures.json
index 7ff69ea820..dc6dd92daf 100644
--- a/SPECS-EXTENDED/perl-Module-Build-Tiny/perl-Module-Build-Tiny.signatures.json
+++ b/SPECS-EXTENDED/perl-Module-Build-Tiny/perl-Module-Build-Tiny.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "perl-Module-Build-Tiny-0.039.tar.gz": "7d580ff6ace0cbe555bf36b86dc8ea232581530cbeaaea09bccb57b55797f11c"
+  "perl-Module-Build-Tiny-0.051.tar.gz": "74fdce35e8cd4d787bc2d4fc1d43a291b7bbced4e94dc5fc592bd81ca93a98e9"
  }
-}
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/perl-Module-Build-Tiny/perl-Module-Build-Tiny.spec b/SPECS-EXTENDED/perl-Module-Build-Tiny/perl-Module-Build-Tiny.spec
index ddf49d9d9d..a6a14136a3 100644
--- a/SPECS-EXTENDED/perl-Module-Build-Tiny/perl-Module-Build-Tiny.spec
+++ b/SPECS-EXTENDED/perl-Module-Build-Tiny/perl-Module-Build-Tiny.spec
@@ -1,7 +1,7 @@
 Summary:	A tiny replacement for Module::Build
 Name:		perl-Module-Build-Tiny
-Version:	0.039
-Release:	17%{?dist}
+Version:	0.051
+Release:	1%{?dist}
 License:	GPL+ or Artistic
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -36,19 +36,18 @@ BuildRequires:	perl(File::ShareDir)
 BuildRequires:	perl(File::Spec)
 BuildRequires:	perl(File::Temp)
 BuildRequires:	perl(IO::File)
-BuildRequires:	perl(IO::Handle)
 BuildRequires:	perl(IPC::Open2)
 BuildRequires:	perl(IPC::Open3)
-BuildRequires:	perl(Test::More)
+BuildRequires:	perl(Test::More) >= 0.88
 BuildRequires:	perl(Test::Pod) >= 1.41
 BuildRequires:	perl(XSLoader)
 # Runtime
-Requires:	perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
 Requires:	perl(DynaLoader)
 Requires:	perl(ExtUtils::CBuilder)
 Requires:	perl(ExtUtils::ParseXS)
 Requires:	perl(Pod::Man)
 Requires:	perl(TAP::Harness::Env)
+Requires:	perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
 
 # ExtUtils::CBuilder in EL-8 has no dependency on gcc or c++ (#1547165)
 # so pull them in ourselves
@@ -75,9 +74,10 @@ perl Build.PL --installdirs=vendor
 
 %install
 ./Build install --destdir=%{buildroot} --create_packlist=0
+%{_fixperms} -c %{buildroot}
 
 %check
-AUTHOR_TESTING=1 RELEASE_TESTING=1 ./Build test
+./Build test --verbose
 
 %files
 %license LICENSE
@@ -86,6 +86,10 @@ AUTHOR_TESTING=1 RELEASE_TESTING=1 ./Build test
 %{_mandir}/man3/Module::Build::Tiny.3*
 
 %changelog
+* Mon Dec 16 2024 Jyoti Kanase  - 0.051-1
+- Upgrade to 0.051 
+- License verified
+
 * Fri Oct 15 2021 Pawel Winogrodzki  - 0.039-17
 - Initial CBL-Mariner import from Fedora 32 (license: MIT).
 
diff --git a/SPECS-EXTENDED/perl-Term-Table/perl-Term-Table.signatures.json b/SPECS-EXTENDED/perl-Term-Table/perl-Term-Table.signatures.json
index 783e33235d..7fd2cf9555 100644
--- a/SPECS-EXTENDED/perl-Term-Table/perl-Term-Table.signatures.json
+++ b/SPECS-EXTENDED/perl-Term-Table/perl-Term-Table.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "perl-Term-Table-0.015.tar.gz": "d8a18b2801f91f0e5d747147ce786964a76f91d18568652908a3dc06a9b948d5"
+  "perl-Term-Table-0.024.tar.gz": "52288538c3b0514bcd2b61f645686c256619e56a421ae992e2b76d31927c4ece"
  }
 }
diff --git a/SPECS-EXTENDED/perl-Term-Table/perl-Term-Table.spec b/SPECS-EXTENDED/perl-Term-Table/perl-Term-Table.spec
index ab96a6ffe2..830c4b0a38 100644
--- a/SPECS-EXTENDED/perl-Term-Table/perl-Term-Table.spec
+++ b/SPECS-EXTENDED/perl-Term-Table/perl-Term-Table.spec
@@ -4,16 +4,14 @@
 %bcond_without perl_Term_Table_enables_unicode
 
 Name:           perl-Term-Table
-Version:        0.015
-Release:        4%{?dist}
+Version:        0.024
+Release:        1%{?dist}
 Summary:        Format a header and rows into a table
-License:        GPL+ or Artistic
+License:        GPL-1.0-or-later OR Artistic-1.0-Perl
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://metacpan.org/release/Term-Table
 Source0:        https://cpan.metacpan.org/authors/id/E/EX/EXODIST/Term-Table-%{version}.tar.gz#/perl-Term-Table-%{version}.tar.gz
-# Unbundle Object::HashBase
-Patch0:         Term-Table-0.015-Use-system-Object-HashBase.patch
 BuildArch:      noarch
 BuildRequires:  make
 BuildRequires:  perl-generators
@@ -25,9 +23,7 @@ BuildRequires:  perl(warnings)
 # Run-time:
 BuildRequires:  perl(Carp)
 BuildRequires:  perl(Config)
-BuildRequires:  perl(Importer) >= 0.024
 BuildRequires:  perl(List::Util)
-BuildRequires:  perl(Object::HashBase) >= 0.008
 BuildRequires:  perl(Scalar::Util)
 # Optional run-time:
 %if %{with perl_Term_Table_enables_terminal}
@@ -42,10 +38,7 @@ BuildRequires:  perl(Unicode::GCString) >= 2013.10
 BuildRequires:  perl(base)
 BuildRequires:  perl(Test2::API)
 BuildRequires:  perl(Test2::Tools::Tiny) >= 1.302097
-BuildRequires:  perl(Test::More)
 BuildRequires:  perl(utf8)
-Requires:       perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
-Requires:       perl(Importer) >= 0.024
 %if %{with perl_Term_Table_enables_terminal}
 Suggests:       perl(Term::ReadKey) >= 2.32
 # Prefer Term::Size::Any over Term::ReadKey
@@ -55,19 +48,28 @@ Recommends:     perl(Term::Size::Any) >= 0.002
 Recommends:     perl(Unicode::GCString) >= 2013.10
 %endif
 
-# Remove under-specified dependencies
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(Importer\\)$
+# Remove private test modules
+%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(main::HBase|main::HBase::Wrapped\\)$
 
 %description
 This Perl module is able to format rows of data into tables.
 
+%package tests
+Summary:        Tests for %{name}
+Requires:       %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
+Requires:       perl-Test-Harness
+
+%description tests
+Tests from %{name}. Execute them
+with "%{_libexecdir}/%{name}/test".
+
 %prep
 %setup -q -n Term-Table-%{version}
-%patch 0 -p1
-# Delete bundled Object::HashBase
-for F in lib/Term/Table/HashBase.pm t/HashBase.t; do
-    perl -e 'unlink $ARGV[0] or die $!' "$F"
-    perl -i -s -ne 'print $_ unless m{\A\Q$file\E\b}' -- -file="$F" MANIFEST
+# XXX Don't unbundle Term::Table::HashBase, the module is in Perl Core.
+# Help generators to recognize Perl scripts
+for F in t/*.t t/Table/*.t; do
+    perl -i -MConfig -ple 'print $Config{startperl} if $. == 1 && !s{\A#!\s*perl}{$Config{startperl}}' "$F"
+    chmod +x "$F"
 done
 
 %build
@@ -76,7 +78,15 @@ perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 NO_PERLLOCAL=1
 
 %install
 %{make_install}
-%{_fixperms} $RPM_BUILD_ROOT/*
+# Install tests
+mkdir -p %{buildroot}%{_libexecdir}/%{name}
+cp -a t %{buildroot}%{_libexecdir}/%{name}
+cat > %{buildroot}%{_libexecdir}/%{name}/test << 'EOF'
+#!/bin/sh
+cd %{_libexecdir}/%{name} && exec prove -r -I . -j "$(getconf _NPROCESSORS_ONLN)"
+EOF
+chmod +x %{buildroot}%{_libexecdir}/%{name}/test
+%{_fixperms} %{buildroot}/*
 
 %check
 unset TABLE_TERM_SIZE
@@ -88,7 +98,14 @@ make test
 %{perl_vendorlib}/*
 %{_mandir}/man3/*
 
+%files tests
+%{_libexecdir}/%{name}
+
 %changelog
+* Mon Mar 17 2025 Sumit Jena  - 0.024-1
+- Update to version 0.024
+- License verified
+
 * Fri Oct 15 2021 Pawel Winogrodzki  - 0.015-4
 - Initial CBL-Mariner import from Fedora 32 (license: MIT).
 
diff --git a/SPECS-EXTENDED/perl-Test-Simple/Test-Simple-1.302200-add_perl.patch b/SPECS-EXTENDED/perl-Test-Simple/Test-Simple-1.302200-add_perl.patch
new file mode 100755
index 0000000000..13bf4f2f1f
--- /dev/null
+++ b/SPECS-EXTENDED/perl-Test-Simple/Test-Simple-1.302200-add_perl.patch
@@ -0,0 +1,629 @@
+--- Test-Simple-1.302200/t/acceptance/Workflow-Acceptance.t
++++ Test-Simple-1.302200/t/acceptance/Workflow-Acceptance.t
+@@ -172,7 +172,7 @@ is(
+             call effective_pass => 1;
+ 
+             prop file => match qr{\QAcceptance.t\E$};
+-            prop line => 77;
++            prop line => 78;
+ 
+             call subevents => array {
+                 event Ok => sub {
+@@ -181,7 +181,7 @@ is(
+                     call effective_pass => 1;
+ 
+                     prop file => match qr{\QAcceptance.t\E$};
+-                    prop line => 12;
++                    prop line => 13;
+                 };
+ 
+                 event Ok => sub {
+@@ -190,7 +190,7 @@ is(
+                     call effective_pass => 1;
+ 
+                     prop file => match qr{\QAcceptance.t\E$};
+-                    prop line => 16;
++                    prop line => 17;
+                 };
+ 
+                 event Subtest => sub {
+@@ -199,7 +199,7 @@ is(
+                     call effective_pass => 1;
+ 
+                     prop file => match qr{\QAcceptance.t\E$};
+-                    prop line => 34;
++                    prop line => 35;
+ 
+                     call subevents => array {
+                         event Ok => sub {
+@@ -208,7 +208,7 @@ is(
+                             call effective_pass => 1;
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 37;
++                            prop line => 38;
+                         };
+ 
+                         event Ok => sub {
+@@ -217,7 +217,7 @@ is(
+                             call effective_pass => 1;
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 40;
++                            prop line => 41;
+                         };
+ 
+                         event Ok => sub {
+@@ -226,7 +226,7 @@ is(
+                             call effective_pass => 1;
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 34;
++                            prop line => 35;
+                         };
+ 
+                         event Skip => sub {
+@@ -236,7 +236,7 @@ is(
+                             call reason         => 'No isolation method available';
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 48;
++                            prop line => 49;
+                         };
+ 
+                         event Subtest => sub {
+@@ -245,7 +245,7 @@ is(
+                             call effective_pass => 1;
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 52;
++                            prop line => 53;
+ 
+                             call subevents => array {
+                                 event Ok => sub {
+@@ -254,7 +254,7 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 23;
++                                    prop line => 24;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -263,7 +263,7 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 27;
++                                    prop line => 28;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -272,7 +272,7 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 51;
++                                    prop line => 52;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -281,7 +281,7 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 29;
++                                    prop line => 30;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -290,14 +290,14 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 32;
++                                    prop line => 33;
+                                 };
+ 
+                                 event Plan => sub {
+                                     call max => 5;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 52;
++                                    prop line => 53;
+                                 };
+                                 end();
+                             };
+@@ -309,7 +309,7 @@ is(
+                             call effective_pass => 1;
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 57;
++                            prop line => 58;
+ 
+                             call subevents => array {
+                                 event Ok => sub {
+@@ -318,7 +318,7 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 23;
++                                    prop line => 24;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -327,7 +327,7 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 27;
++                                    prop line => 28;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -337,14 +337,14 @@ is(
+                                     call todo           => 'foo todo';
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 56;
++                                    prop line => 57;
+                                 };
+ 
+                                 event Note => sub {
+                                     call message => match qr{^\n?Failed test};
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 56;
++                                    prop line => 57;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -353,7 +353,7 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 29;
++                                    prop line => 30;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -362,14 +362,14 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 32;
++                                    prop line => 33;
+                                 };
+ 
+                                 event Plan => sub {
+                                     call max => 5;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 57;
++                                    prop line => 58;
+                                 };
+                                 end();
+                             };
+@@ -381,7 +381,7 @@ is(
+                             call effective_pass => 1;
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 61;
++                            prop line => 62;
+ 
+                             call subevents => array {
+                                 event Ok => sub {
+@@ -390,7 +390,7 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 23;
++                                    prop line => 24;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -399,7 +399,7 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 27;
++                                    prop line => 28;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -408,14 +408,14 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 60;
++                                    prop line => 61;
+                                 };
+ 
+                                 event Note => sub {
+                                     call message => match qr{^\n?Failed test};
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 60;
++                                    prop line => 61;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -424,7 +424,7 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 29;
++                                    prop line => 30;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -433,14 +433,14 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 32;
++                                    prop line => 33;
+                                 };
+ 
+                                 event Plan => sub {
+                                     call max => 5;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 61;
++                                    prop line => 62;
+                                 };
+                                 end();
+                             };
+@@ -462,7 +462,7 @@ is(
+                             call reason         => 'No isolation method available';
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 76;
++                            prop line => 77;
+                         };
+ 
+                         event Ok => sub {
+@@ -471,7 +471,7 @@ is(
+                             call effective_pass => 1;
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 42;
++                            prop line => 43;
+                         };
+ 
+                         event Ok => sub {
+@@ -480,14 +480,14 @@ is(
+                             call effective_pass => 1;
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 44;
++                            prop line => 45;
+                         };
+ 
+                         event Plan => sub {
+                             call max => 11;
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 34;
++                            prop line => 35;
+                         };
+                         end();
+                     };
+@@ -499,7 +499,7 @@ is(
+                     call effective_pass => 1;
+ 
+                     prop file => match qr{\QAcceptance.t\E$};
+-                    prop line => 35;
++                    prop line => 36;
+ 
+                     call subevents => array {
+                         event Ok => sub {
+@@ -508,7 +508,7 @@ is(
+                             call effective_pass => 1;
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 37;
++                            prop line => 38;
+                         };
+ 
+                         event Ok => sub {
+@@ -517,7 +517,7 @@ is(
+                             call effective_pass => 1;
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 40;
++                            prop line => 41;
+                         };
+ 
+                         event Ok => sub {
+@@ -526,7 +526,7 @@ is(
+                             call effective_pass => 1;
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 35;
++                            prop line => 36;
+                         };
+ 
+                         event Skip => sub {
+@@ -536,7 +536,7 @@ is(
+                             call reason         => 'No isolation method available';
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 48;
++                            prop line => 49;
+                         };
+ 
+                         event Subtest => sub {
+@@ -545,7 +545,7 @@ is(
+                             call effective_pass => 1;
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 52;
++                            prop line => 53;
+ 
+                             call subevents => array {
+                                 event Ok => sub {
+@@ -554,7 +554,7 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 23;
++                                    prop line => 24;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -563,7 +563,7 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 27;
++                                    prop line => 28;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -572,7 +572,7 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 51;
++                                    prop line => 52;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -581,7 +581,7 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 29;
++                                    prop line => 30;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -590,14 +590,14 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 32;
++                                    prop line => 33;
+                                 };
+ 
+                                 event Plan => sub {
+                                     call max => 5;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 52;
++                                    prop line => 53;
+                                 };
+                                 end();
+                             };
+@@ -609,7 +609,7 @@ is(
+                             call effective_pass => 1;
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 57;
++                            prop line => 58;
+ 
+                             call subevents => array {
+                                 event Ok => sub {
+@@ -618,7 +618,7 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 23;
++                                    prop line => 24;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -627,7 +627,7 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 27;
++                                    prop line => 28;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -637,14 +637,14 @@ is(
+                                     call todo           => 'foo todo';
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 56;
++                                    prop line => 57;
+                                 };
+ 
+                                 event Note => sub {
+                                     call message => match qr{^\n?Failed test};
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 56;
++                                    prop line => 57;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -653,7 +653,7 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 29;
++                                    prop line => 30;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -662,14 +662,14 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 32;
++                                    prop line => 33;
+                                 };
+ 
+                                 event Plan => sub {
+                                     call max => 5;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 57;
++                                    prop line => 58;
+                                 };
+                                 end();
+                             };
+@@ -681,7 +681,7 @@ is(
+                             call effective_pass => 1;
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 61;
++                            prop line => 62;
+ 
+                             call subevents => array {
+                                 event Ok => sub {
+@@ -690,7 +690,7 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 23;
++                                    prop line => 24;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -699,7 +699,7 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 27;
++                                    prop line => 28;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -708,14 +708,14 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 60;
++                                    prop line => 61;
+                                 };
+ 
+                                 event Note => sub {
+                                     call message => match qr{^\n?Failed test};
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 60;
++                                    prop line => 61;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -724,7 +724,7 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 29;
++                                    prop line => 30;
+                                 };
+ 
+                                 event Ok => sub {
+@@ -733,14 +733,14 @@ is(
+                                     call effective_pass => 1;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 32;
++                                    prop line => 33;
+                                 };
+ 
+                                 event Plan => sub {
+                                     call max => 5;
+ 
+                                     prop file => match qr{\QAcceptance.t\E$};
+-                                    prop line => 61;
++                                    prop line => 62;
+                                 };
+                                 end();
+                             };
+@@ -762,7 +762,7 @@ is(
+                             call reason         => 'No isolation method available';
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 76;
++                            prop line => 77;
+                         };
+ 
+                         event Ok => sub {
+@@ -771,7 +771,7 @@ is(
+                             call effective_pass => 1;
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 42;
++                            prop line => 43;
+                         };
+ 
+                         event Ok => sub {
+@@ -780,14 +780,14 @@ is(
+                             call effective_pass => 1;
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 44;
++                            prop line => 45;
+                         };
+ 
+                         event Plan => sub {
+                             call max => 11;
+ 
+                             prop file => match qr{\QAcceptance.t\E$};
+-                            prop line => 35;
++                            prop line => 36;
+                         };
+                         end();
+                     };
+@@ -799,7 +799,7 @@ is(
+                     call effective_pass => 1;
+ 
+                     prop file => match qr{\QAcceptance.t\E$};
+-                    prop line => 18;
++                    prop line => 19;
+                 };
+ 
+                 event Ok => sub {
+@@ -808,14 +808,14 @@ is(
+                     call effective_pass => 1;
+ 
+                     prop file => match qr{\QAcceptance.t\E$};
+-                    prop line => 21;
++                    prop line => 22;
+                 };
+ 
+                 event Plan => sub {
+                     call max => 6;
+ 
+                     prop file => match qr{\QAcceptance.t\E$};
+-                    prop line => 77;
++                    prop line => 78;
+                 };
+                 end();
+             };
+--- Test-Simple-1.302200/t/Legacy_And_Test2/diag_event_on_ok.t
++++ Test-Simple-1.302200/t/Legacy_And_Test2/diag_event_on_ok.t
+@@ -17,6 +17,6 @@ is($ok->pass, 0, "'ok' test failed");
+ is($ok->name, 'name', "got 'ok' name");
+ 
+ ok($diag->isa('Test2::Event::Diag'), "got 'ok' result");
+-is($diag->message, "  Failed test 'name'\n  at $0 line 9.\n", "got all diag message in one diag event");
++is($diag->message, "  Failed test 'name'\n  at $0 line 10.\n", "got all diag message in one diag event");
+ 
+ done_testing;
diff --git a/SPECS-EXTENDED/perl-Test-Simple/perl-Test-Simple.signatures.json b/SPECS-EXTENDED/perl-Test-Simple/perl-Test-Simple.signatures.json
index 609c2c1d8c..f52201e593 100644
--- a/SPECS-EXTENDED/perl-Test-Simple/perl-Test-Simple.signatures.json
+++ b/SPECS-EXTENDED/perl-Test-Simple/perl-Test-Simple.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "perl-Test-Simple-1.302174.tar.gz": "b89ccbb82fca2aa359a99650fba91384fa0f75d0236ff5e6a546ac9a013907ba"
+  "perl-Test-Simple-1.302204.tar.gz": "03749d1027a7817ca7f11e420ef72951f20a849ea65af2eb595f34df47d1226e"
  }
 }
diff --git a/SPECS-EXTENDED/perl-Test-Simple/perl-Test-Simple.spec b/SPECS-EXTENDED/perl-Test-Simple/perl-Test-Simple.spec
old mode 100644
new mode 100755
index 8b24a57e6b..4b1591dd88
--- a/SPECS-EXTENDED/perl-Test-Simple/perl-Test-Simple.spec
+++ b/SPECS-EXTENDED/perl-Test-Simple/perl-Test-Simple.spec
@@ -1,70 +1,126 @@
-%bcond_without perl_Test_Simple_enables_optional_test
+%bcond_with perl_Test_Simple_enables_Module_Pluggable
+%bcond_with perl_Test_Simple_enables_optional_test
+%bcond_with perl_Test_Simple_enables_unicode
 
-Summary:        Basic utilities for writing tests
 Name:           perl-Test-Simple
-Version:        1.302174
-Release:        4%{?dist}
-License:        (GPL+ OR Artistic) AND CC0 AND Public Domain
+Summary:        Basic utilities for writing tests
+Version:        1.302204
+Release:        2%{?dist}
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
+# CC0-1.0: lib/ok.pm
+# Public Domain: lib/Test/Tutorial.pod
+# GPL-1.0-or-later OR Artistic-1.0-Perl: the rest of the distribution
+License:        (GPL-1.0-or-later OR Artistic-1.0-Perl) AND CC0-1.0 AND LicenseRef-Fedora-Public-Domain
 URL:            https://metacpan.org/release/Test-Simple
 Source0:        https://cpan.metacpan.org/modules/by-module/Test/Test-Simple-%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Patch0:         Test-Simple-1.302200-add_perl.patch
+BuildArch:      noarch
+# Module Build
 BuildRequires:  coreutils
 BuildRequires:  make
 BuildRequires:  perl-generators
 BuildRequires:  perl-interpreter
-BuildRequires:  perl(CPAN::Meta)
-BuildRequires:  perl(CPAN::Meta::Requirements) >= 2.120920
+BuildRequires:  perl(ExtUtils::MakeMaker) >= 6.76
+# Module Runtime
+BuildRequires:  perl(B)
+BuildRequires:  perl(base)
 BuildRequires:  perl(Carp)
 BuildRequires:  perl(Config)
-BuildRequires:  perl(Cwd)
+BuildRequires:  perl(constant)
 BuildRequires:  perl(Data::Dumper)
 BuildRequires:  perl(Exporter)
-BuildRequires:  perl(ExtUtils::MakeMaker) >= 6.76
-BuildRequires:  perl(File::Basename)
 BuildRequires:  perl(File::Spec)
 BuildRequires:  perl(File::Temp)
 BuildRequires:  perl(IO::Handle)
-BuildRequires:  perl(IO::Pipe)
-BuildRequires:  perl(IPC::Open3)
 BuildRequires:  perl(JSON::PP)
 BuildRequires:  perl(List::Util)
-BuildRequires:  perl(Module::Metadata)
-BuildRequires:  perl(POSIX)
+%if %{with perl_Test_Simple_enables_Module_Pluggable} && !%{defined perl_bootstrap}
+BuildRequires:  perl(Module::Pluggable) >= 2.7
+%endif
+# mro used since Perl 5.010
+BuildRequires:  perl(mro)
+BuildRequires:  perl(overload)
 BuildRequires:  perl(PerlIO) >= 1.02
+BuildRequires:  perl(POSIX)
 BuildRequires:  perl(Scalar::Util) >= 1.13
 BuildRequires:  perl(Storable)
+BuildRequires:  perl(strict)
+BuildRequires:  perl(Sub::Util)
 BuildRequires:  perl(Symbol)
 BuildRequires:  perl(Term::ANSIColor)
-BuildRequires:  perl(Test::Harness) >= 2.03
-BuildRequires:  perl(base)
-BuildRequires:  perl(lib)
-BuildRequires:  perl(mro)
-BuildRequires:  perl(overload)
-BuildRequires:  perl(strict)
-BuildRequires:  perl(threads)
+BuildRequires:  perl(Term::Table) >= 0.013
+BuildRequires:  perl(Term::Table::Cell)
+BuildRequires:  perl(Term::Table::LineBreak)
+BuildRequires:  perl(Term::Table::Util)
+BuildRequires:  perl(Time::HiRes)
 BuildRequires:  perl(vars)
 BuildRequires:  perl(warnings)
-Requires:       perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
-Requires:       perl(Data::Dumper)
-Requires:       perl(JSON::PP)
-Requires:       perl(Term::ANSIColor)
-Requires:       perl(mro)
-BuildArch:      noarch
-%{?perl_default_filter}
-%if !%{defined perl_bootstrap}
-BuildRequires:  perl(Term::Table)
-%endif
+# Test Suite
+BuildRequires:  perl(Cwd)
+BuildRequires:  perl(File::Basename)
+BuildRequires:  perl(if)
+BuildRequires:  perl(IO::Pipe)
+BuildRequires:  perl(lib)
+BuildRequires:  perl(threads)
+# Optional Tests
+BuildRequires:  perl(CPAN::Meta)
+BuildRequires:  perl(CPAN::Meta::Requirements) >= 2.120920
+BuildRequires:  perl(IPC::Open3)
+BuildRequires:  perl(Module::Metadata)
+BuildRequires:  perl(Test::Harness) >= 2.03
 %if !%{defined perl_bootstrap}
 %if %{with perl_Test_Simple_enables_optional_test}
+BuildRequires:       perl(JSON::MaybeXS)
 BuildRequires:  perl(Test::Class)
 BuildRequires:  perl(Test::Pod) >= 0.95
 BuildRequires:  perl(Test::Script)
 %endif
 %endif
-%if !%{defined perl_bootstrap}
-Requires:       perl(Term::Table)
+%if %{with perl_Test_Simple_enables_unicode}
+BuildRequires:  perl(Unicode::GCString)
+%endif
+BuildRequires:  perl(utf8)
+# Dependencies
+Requires:       perl(Data::Dumper)
+Requires:       perl(JSON::PP)
+%if %{with perl_Test_Simple_enables_Module_Pluggable} && !%{defined perl_bootstrap}
+Recommends:     perl(Module::Pluggable) >= 2.7
+%endif
+# mro used since Perl 5.010
+Requires:       perl(mro)
+Requires:       perl(PerlIO) >= 1.02
+Requires:       perl(Sub::Util)
+Requires:       perl(Term::ANSIColor)
+Requires:       perl(Term::Table) >= 0.013
+Requires:       perl(threads)
+%if %{with perl_Test_Simple_enables_unicode}
+Recommends:     perl(Unicode::GCString)
 %endif
+Requires:       perl(utf8)
+# perl-Test2-Suite-0.000163-4.fc41 merged
+Obsoletes:      perl-Test2-Suite < 0.000163-5
+Provides:       perl-Test2-Suite = %{version}-%{release}
+# 3 inlined modules for future Perl Core
+Provides:       bundled(Importer) = 0.026
+Provides:       bundled(Scope::Guard) = 0.21
+Provides:       bundled(Sub::Info) = 0.002
+
+# Remove under-specified dependencies
+%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(Term::Table\\)$
+
+# Remove private modules
+%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(Dev::Null\\)$
+%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(main::HBase\\)$
+%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(main::HBase::Wrapped\\)$
+%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(MyOverload\\)$
+%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(MyTest\\)$
+%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(MyTest::Target\\)$
+%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(SmallTest\\)$
+%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(Test::Builder::NoOutput\\)$
+%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(Test::Simple::Catch\\)$
+%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(TieOut\\)$
+%global __provides_exclude_from %{?__provides_exclude_from:%__provides_exclude_from|}^%{_libexecdir}
 
 %description
 This package provides the bulk of the core testing facilities. For more
@@ -72,23 +128,65 @@ information, see perldoc for Test::Simple, Test::More, etc.
 
 This package is the CPAN component of the dual-lifed core package Test-Simple.
 
+%package tests
+Summary:        Tests for %{name}
+Requires:       %{name} = %{version}-%{release}
+Requires:       perl-Test-Harness
+Requires:       perl(CPAN::Meta)
+Requires:       perl(CPAN::Meta::Requirements) >= 2.120920
+Requires:       perl(JSON::MaybeXS)
+Requires:       perl(Module::Metadata)
+Requires:       perl(Test::Pod) >= 0.95
+# perl-Test2-Suite-0.000163-4.fc41 merged
+Obsoletes:      perl-Test2-Suite-tests < 0.000163-5
+Provides:       perl-Test2-Suite-tests = %{version}-%{release}
+
+%description tests
+Tests from %{name}. Execute them
+with "%{_libexecdir}/%{name}/test".
+
 %prep
-%autosetup -n Test-Simple-%{version}
+%setup -q -n Test-Simple-%{version}
+
+# Help generators to recognize Perl scripts
+for F in `find . -type f -name '*.t'`; do
+    perl -i -MConfig -ple 'print $Config{startperl} if $. == 1 && !s{\A#!\s*(/usr/bin/)?perl}{$Config{startperl}}' "$F"
+    chmod +x "$F"
+done
+
+# Fix tests to work with added shellbangs
+%patch -P0 -p1
 
 %build
 perl Makefile.PL INSTALLDIRS=vendor NO_PERLLOCAL=1 NO_PACKLIST=1
-%make_build
+%{make_build}
 
 %install
-%make_install
+%{make_install}
 %{_fixperms} -c %{buildroot}
 
+# Install tests
+mkdir -p %{buildroot}%{_libexecdir}/%{name}
+cp -a t %{buildroot}%{_libexecdir}/%{name}
+cat > %{buildroot}%{_libexecdir}/%{name}/test << 'EOF'
+#!/bin/bash
+set -e
+# Some tests write into temporary files/directories
+DIR=$(mktemp -d)
+pushd "$DIR"
+cp -a %{_libexecdir}/%{name}/* ./
+prove -r -I . -j "$(getconf _NPROCESSORS_ONLN)" t/
+popd
+rm -rf "$DIR"
+EOF
+chmod +x %{buildroot}%{_libexecdir}/%{name}/test
+
 %check
 make test %{!?perl_bootstrap:AUTHOR_TESTING=1}
 
 %files
 %license LICENSE
-%doc Changes README examples/ t/
+%doc Changes README examples/
 %dir %{perl_vendorlib}/Test/
 %{perl_vendorlib}/ok.pm
 %{perl_vendorlib}/Test/Builder.pm
@@ -121,7 +219,45 @@ make test %{!?perl_bootstrap:AUTHOR_TESTING=1}
 %{_mandir}/man3/Test2::API::Breakage.3*
 %{_mandir}/man3/Test2::API::Context.3*
 %{_mandir}/man3/Test2::API::Instance.3*
+%{_mandir}/man3/Test2::API::InterceptResult.3*
+%{_mandir}/man3/Test2::API::InterceptResult::Event.3*
+%{_mandir}/man3/Test2::API::InterceptResult::Hub.3*
+%{_mandir}/man3/Test2::API::InterceptResult::Squasher.3*
 %{_mandir}/man3/Test2::API::Stack.3*
+%{_mandir}/man3/Test2::AsyncSubtest.3*
+%{_mandir}/man3/Test2::AsyncSubtest::Event::Attach.3*
+%{_mandir}/man3/Test2::AsyncSubtest::Event::Detach.3*
+%{_mandir}/man3/Test2::AsyncSubtest::Hub.3*
+%{_mandir}/man3/Test2::Bundle.3*
+%{_mandir}/man3/Test2::Bundle::Extended.3*
+%{_mandir}/man3/Test2::Bundle::More.3*
+%{_mandir}/man3/Test2::Bundle::Simple.3*
+%{_mandir}/man3/Test2::Compare.3*
+%{_mandir}/man3/Test2::Compare::Array.3*
+%{_mandir}/man3/Test2::Compare::Bag.3*
+%{_mandir}/man3/Test2::Compare::Base.3*
+%{_mandir}/man3/Test2::Compare::Bool.3*
+%{_mandir}/man3/Test2::Compare::Custom.3*
+%{_mandir}/man3/Test2::Compare::DeepRef.3*
+%{_mandir}/man3/Test2::Compare::Delta.3*
+%{_mandir}/man3/Test2::Compare::Event.3*
+%{_mandir}/man3/Test2::Compare::EventMeta.3*
+%{_mandir}/man3/Test2::Compare::Float.3*
+%{_mandir}/man3/Test2::Compare::Hash.3*
+%{_mandir}/man3/Test2::Compare::Isa.3*
+%{_mandir}/man3/Test2::Compare::Meta.3*
+%{_mandir}/man3/Test2::Compare::Negatable.3*
+%{_mandir}/man3/Test2::Compare::Number.3*
+%{_mandir}/man3/Test2::Compare::Object.3*
+%{_mandir}/man3/Test2::Compare::OrderedSubset.3*
+%{_mandir}/man3/Test2::Compare::Pattern.3*
+%{_mandir}/man3/Test2::Compare::Ref.3*
+%{_mandir}/man3/Test2::Compare::Regex.3*
+%{_mandir}/man3/Test2::Compare::Scalar.3*
+%{_mandir}/man3/Test2::Compare::Set.3*
+%{_mandir}/man3/Test2::Compare::String.3*
+%{_mandir}/man3/Test2::Compare::Undef.3*
+%{_mandir}/man3/Test2::Compare::Wildcard.3*
 %{_mandir}/man3/Test2::Event.3*
 %{_mandir}/man3/Test2::Event::Bail.3*
 %{_mandir}/man3/Test2::Event::Diag.3*
@@ -161,23 +297,303 @@ make test %{!?perl_bootstrap:AUTHOR_TESTING=1}
 %{_mandir}/man3/Test2::IPC.3*
 %{_mandir}/man3/Test2::IPC::Driver.3*
 %{_mandir}/man3/Test2::IPC::Driver::Files.3*
+%{_mandir}/man3/Test2::Manual.3*
+%{_mandir}/man3/Test2::Manual::Anatomy.3*
+%{_mandir}/man3/Test2::Manual::Anatomy::API.3*
+%{_mandir}/man3/Test2::Manual::Anatomy::Context.3*
+%{_mandir}/man3/Test2::Manual::Anatomy::EndToEnd.3*
+%{_mandir}/man3/Test2::Manual::Anatomy::Event.3*
+%{_mandir}/man3/Test2::Manual::Anatomy::Hubs.3*
+%{_mandir}/man3/Test2::Manual::Anatomy::IPC.3*
+%{_mandir}/man3/Test2::Manual::Anatomy::Utilities.3*
+%{_mandir}/man3/Test2::Manual::Concurrency.3*
+%{_mandir}/man3/Test2::Manual::Contributing.3*
+%{_mandir}/man3/Test2::Manual::Testing.3*
+%{_mandir}/man3/Test2::Manual::Testing::Introduction.3*
+%{_mandir}/man3/Test2::Manual::Testing::Migrating.3*
+%{_mandir}/man3/Test2::Manual::Testing::Planning.3*
+%{_mandir}/man3/Test2::Manual::Testing::Todo.3*
+%{_mandir}/man3/Test2::Manual::Tooling.3*
+%{_mandir}/man3/Test2::Manual::Tooling::FirstTool.3*
+%{_mandir}/man3/Test2::Manual::Tooling::Formatter.3*
+%{_mandir}/man3/Test2::Manual::Tooling::Nesting.3*
+%{_mandir}/man3/Test2::Manual::Tooling::Plugin::TestExit.3*
+%{_mandir}/man3/Test2::Manual::Tooling::Plugin::TestingDone.3*
+%{_mandir}/man3/Test2::Manual::Tooling::Plugin::ToolCompletes.3*
+%{_mandir}/man3/Test2::Manual::Tooling::Plugin::ToolStarts.3*
+%{_mandir}/man3/Test2::Manual::Tooling::Subtest.3*
+%{_mandir}/man3/Test2::Manual::Tooling::TestBuilder.3*
+%{_mandir}/man3/Test2::Manual::Tooling::Testing.3*
+%{_mandir}/man3/Test2::Mock.3*
+%{_mandir}/man3/Test2::Plugin.3*
+%{_mandir}/man3/Test2::Plugin::BailOnFail.3*
+%{_mandir}/man3/Test2::Plugin::DieOnFail.3*
+%{_mandir}/man3/Test2::Plugin::ExitSummary.3*
+%{_mandir}/man3/Test2::Plugin::SRand.3*
+%{_mandir}/man3/Test2::Plugin::Times.3*
+%{_mandir}/man3/Test2::Plugin::UTF8.3*
+%{_mandir}/man3/Test2::Require.3*
+%{_mandir}/man3/Test2::Require::AuthorTesting.3*
+%{_mandir}/man3/Test2::Require::AutomatedTesting.3*
+%{_mandir}/man3/Test2::Require::EnvVar.3*
+%{_mandir}/man3/Test2::Require::ExtendedTesting.3*
+%{_mandir}/man3/Test2::Require::Fork.3*
+%{_mandir}/man3/Test2::Require::Module.3*
+%{_mandir}/man3/Test2::Require::NonInteractiveTesting.3*
+%{_mandir}/man3/Test2::Require::Perl.3*
+%{_mandir}/man3/Test2::Require::RealFork.3*
+%{_mandir}/man3/Test2::Require::ReleaseTesting.3*
+%{_mandir}/man3/Test2::Require::Threads.3*
+%{_mandir}/man3/Test2::Suite.3*
+%{_mandir}/man3/Test2::Todo.3*
+%{_mandir}/man3/Test2::Tools.3*
+%{_mandir}/man3/Test2::Tools::AsyncSubtest.3*
+%{_mandir}/man3/Test2::Tools::Basic.3*
+%{_mandir}/man3/Test2::Tools::Class.3*
+%{_mandir}/man3/Test2::Tools::ClassicCompare.3*
+%{_mandir}/man3/Test2::Tools::Compare.3*
+%{_mandir}/man3/Test2::Tools::Defer.3*
+%{_mandir}/man3/Test2::Tools::Encoding.3*
+%{_mandir}/man3/Test2::Tools::Event.3*
+%{_mandir}/man3/Test2::Tools::Exception.3*
+%{_mandir}/man3/Test2::Tools::Exports.3*
+%{_mandir}/man3/Test2::Tools::GenTemp.3*
+%{_mandir}/man3/Test2::Tools::Grab.3*
+%{_mandir}/man3/Test2::Tools::Mock.3*
+%{_mandir}/man3/Test2::Tools::Ref.3*
+%{_mandir}/man3/Test2::Tools::Refcount.3*
+%{_mandir}/man3/Test2::Tools::Spec.3*
+%{_mandir}/man3/Test2::Tools::Subtest.3*
+%{_mandir}/man3/Test2::Tools::Target.3*
+%{_mandir}/man3/Test2::Tools::Tester.3*
 %{_mandir}/man3/Test2::Tools::Tiny.3*
+%{_mandir}/man3/Test2::Tools::Warnings.3*
 %{_mandir}/man3/Test2::Transition.3*
 %{_mandir}/man3/Test2::Util.3*
 %{_mandir}/man3/Test2::Util::ExternalMeta.3*
 %{_mandir}/man3/Test2::Util::Facets2Legacy.3*
+%{_mandir}/man3/Test2::Util::Grabber.3*
+%{_mandir}/man3/Test2::Util::Guard.3*
 %{_mandir}/man3/Test2::Util::HashBase.3*
+%{_mandir}/man3/Test2::Util::Importer.3*
+%{_mandir}/man3/Test2::Util::Ref.3*
+%{_mandir}/man3/Test2::Util::Stash.3*
+%{_mandir}/man3/Test2::Util::Sub.3*
+%{_mandir}/man3/Test2::Util::Table.3*
+%{_mandir}/man3/Test2::Util::Table::LineBreak.3*
+%{_mandir}/man3/Test2::Util::Times.3*
 %{_mandir}/man3/Test2::Util::Trace.3*
+%{_mandir}/man3/Test2::V0.3*
+%{_mandir}/man3/Test2::Workflow.3*
+%{_mandir}/man3/Test2::Workflow::BlockBase.3*
+%{_mandir}/man3/Test2::Workflow::Build.3*
+%{_mandir}/man3/Test2::Workflow::Runner.3*
+%{_mandir}/man3/Test2::Workflow::Task.3*
+%{_mandir}/man3/Test2::Workflow::Task::Action.3*
+%{_mandir}/man3/Test2::Workflow::Task::Group.3*
+
+%files tests
+%{_libexecdir}/%{name}
 
 %changelog
-* Tue Mar 07 2023 Muhammad Falak  - 1.302174-4
-- License verified
+* Fri Mar 14 2025 Jyoti kanase  - 1.302204-2
+- Initial Azure Linux import from Fedora 41 (license: MIT).
+- License verified.
+
+* Sun Sep 15 2024 Paul Howarth  - 3:1.302204-1
+- Update to 1.302204
+  - Add pending diagnostics functionality
+  - Show warnings/exceptions for no_warnings() and lives()
+
+* Thu Sep  5 2024 Paul Howarth  - 3:1.302203-1
+- Update to 1.302203
+  - Fix some tests when run on Windows (GH#1002, GH#1003)
+
+* Wed Sep  4 2024 Paul Howarth  - 3:1.302202-1
+- Update to 1.302202
+  - Add comment on how to make tables bigger (GH#931)
+
+* Mon Sep  2 2024 Paul Howarth  - 3:1.302201-2
+- Term::Table required when bootstrapping (rhbz#2308981)
+
+* Wed Aug 14 2024 Paul Howarth  - 3:1.302201-1
+- Update to 1.302201
+  - Fix bug found by new warnings in blead
+
+* Wed Aug  7 2024 Paul Howarth  - 3:1.302200-1
+- Update to 1.302200
+  - Merge Test2-Suite into Test-Simple
+  - Some documentation updates
+  - Some test fixes
+- Package tests
+
+* Fri Jul 19 2024 Fedora Release Engineering  - 3:1.302199-512
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Wed Jun 12 2024 Jitka Plesnikova  - 3:1.302199-511
+- Perl 5.40 re-rebuild of bootstrapped packages
+
+* Mon Jun 10 2024 Jitka Plesnikova  - 3:1.302199-510
+- Increase release to favour standalone package
+
+* Fri Apr 26 2024 Paul Howarth  - 3:1.302199-1
+- Update to 1.302199
+  - Minor fixes
+
+* Thu Jan 25 2024 Fedora Release Engineering  - 3:1.302198-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering  - 3:1.302198-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Dec  1 2023 Paul Howarth  - 3:1.302198-1
+- Update to 1.302198
+  - Remove use of defined-or operator
+
+* Wed Nov 29 2023 Paul Howarth  - 3:1.302197-1
+- Update to 1.302197
+  - Add ability to attach timestamps to trace objects via API or environment
+    variable
+
+* Wed Oct 25 2023 Paul Howarth  - 3:1.302196-1
+- Update to 1.302196
+  - Raise error on missing Hub ID, which should never happen (GH#882)
+  - Fix handling of VSTRING and LVALUE refs in is_deeply() (GH#918)
+  - Merge several documentation fixes (GH#910, GH#911, GH#912)
+
+* Fri Jul 21 2023 Fedora Release Engineering  - 3:1.302195-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Wed Jul 12 2023 Jitka Plesnikova  - 3:1.302195-4
+- Perl 5.38 re-rebuild of bootstrapped packages
+
+* Tue Jul 11 2023 Jitka Plesnikova  - 3:1.302195-3
+- Perl 5.38 rebuild
+
+* Thu May 25 2023 Paul Howarth  - 3:1.302195-2
+- Use SPDX-format license tag
+
+* Fri Apr 28 2023 Paul Howarth  - 3:1.302195-1
+- Update to 1.302195
+  - Fix done_testing(0) producing 2 plans and an incorrect message
 
-* Mon Nov 01 2021 Muhammad Falak  - 1.302174-3
-- Remove epoch
+* Wed Mar 15 2023 Paul Howarth  - 3:1.302194-1
+- Update to 1.302194
+  - Fix failing test on 5.10
+
+* Mon Mar  6 2023 Paul Howarth  - 3:1.302193-1
+- Update to 1.302193
+  - Deprecate isn't()
+
+* Thu Feb  2 2023 Paul Howarth  - 3:1.302192-1
+- Update to 1.302192
+  - Silence deprecation warning when testing smartmatch
+
+* Fri Jan 20 2023 Fedora Release Engineering  - 3:1.302191-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Fri Jul 22 2022 Fedora Release Engineering  - 3:1.302191-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Mon Jul 11 2022 Paul Howarth  - 3:1.302191-1
+- Update to 1.302191
+  - CI fixes
+  - Avoid failing when printing diagnostic info comparing partial overload
+    objects
+
+* Fri Jun 03 2022 Jitka Plesnikova  - 3:1.302190-489
+- Perl 5.36 re-rebuild of bootstrapped packages
+
+* Mon May 30 2022 Jitka Plesnikova  - 3:1.302190-488
+- Increase release to favour standalone package
+
+* Sat Mar  5 2022 Paul Howarth  - 3:1.302190-1
+- Update to 1.302190
+  - Fix subtest times to be hi-res
+
+* Fri Feb 25 2022 Paul Howarth  - 3:1.302189-1
+- Update to 1.302189
+  - GH#890, GH#891: Methods used in overload should always be invoked with 3
+    parameters
+
+* Fri Jan 21 2022 Fedora Release Engineering  - 3:1.302188-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Wed Sep 29 2021 Paul Howarth  - 3:1.302188-1
+- Update to 1.302188
+  - Fix for non-gcc compilers on 5.10.0
+
+* Sat Sep 18 2021 Paul Howarth  - 3:1.302187-1
+- Update to 1.302187
+  - Fix tests for core boolean support
+
+* Tue Jul 27 2021 Paul Howarth  - 3:1.302186-1
+- Update to 1.302186
+  - Add start/stop timestamps to subtests
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 3:1.302185-479
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Mon May 24 2021 Jitka Plesnikova  - 3:1.302185-478
+- Perl 5.34 re-rebuild of bootstrapped packages
+
+* Fri May 21 2021 Jitka Plesnikova  - 3:1.302185-477
+- Increase release to favour standalone package
+
+* Thu May 20 2021 Paul Howarth  - 3:1.302185-1
+- Update to 1.302185
+  - Fix Test::Builder->skip to stringify arguments
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 3:1.302183-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Thu Oct 22 2020 Paul Howarth  - 3:1.302183-1
+- Update to 1.302183
+  - Avoid closing over scalar in BEGIN block in cmp_ok eval
+
+* Thu Oct 15 2020 Petr Pisar  - 3:1.302182-2
+- Demote Module::Pluggable hard dependency to Suggests level
+
+* Tue Oct  6 2020 Paul Howarth  - 3:1.302182-1
+- Update to 1.302182
+  - Fix 5.6 support
+  - Fix fragile %%INC handling in a test
+
+* Mon Sep 14 2020 Paul Howarth  - 3:1.302181-1
+- Update to 1.302181
+  - Put try_sig_mask back where it goes (and add test to prevent this in the
+    future)
+  - Drop new List::Util requirement back down
+
+* Mon Sep 14 2020 Paul Howarth  - 3:1.302180-1
+- Update to 1.302180
+  - Move try_sig_mask to the only module that uses it
+  - Inherit warnings bitmask in cmp_ok string eval
+  - Update copyright date
+  - Improved API for intercept {} and what it returns
+  - Bump minimum List::Util version (for uniq)
+
+* Fri Aug 07 2020 Petr Pisar  - 3:1.302177-1
+- Update to 1.302177
+  - Minor fix to author downstream test
+  - No significant changes since the last trial
+  - Fix Test::More's $TODO inside intercept (#862)
+
+* Tue Jul 28 2020 Fedora Release Engineering  - 3:1.302175-458
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Fri Jun 26 2020 Jitka Plesnikova  - 3:1.302175-457
+- Perl 5.32 re-rebuild of bootstrapped packages
+
+* Mon Jun 22 2020 Jitka Plesnikova  - 3:1.302175-456
+- Increase release to favour standalone package
 
-* Fri Oct 15 2021 Pawel Winogrodzki  - 3:1.302174-2
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Tue Apr 14 2020 Paul Howarth  - 3:1.302175-1
+- Update to 1.302175
+  - Fix typos in POD
+  - Fix incorrect Test2::Hub documentation
+  - Fix test that needed . in @INC on Windows
+  - Fix Breakage test to show more info
 
 * Tue Mar 31 2020 Paul Howarth  - 3:1.302174-1
 - Update to 1.302174
diff --git a/SPECS-EXTENDED/perl-Test2-Tools-Explain/perl-Test2-Tools-Explain.spec b/SPECS-EXTENDED/perl-Test2-Tools-Explain/perl-Test2-Tools-Explain.spec
index c2e123376c..b4d95e4965 100644
--- a/SPECS-EXTENDED/perl-Test2-Tools-Explain/perl-Test2-Tools-Explain.spec
+++ b/SPECS-EXTENDED/perl-Test2-Tools-Explain/perl-Test2-Tools-Explain.spec
@@ -1,6 +1,6 @@
 Name:		perl-Test2-Tools-Explain
 Version:	0.02
-Release:	4%{?dist}
+Release:	5%{?dist}
 Summary:	Explain tools for the Perl Test2 framework
 License:	Artistic 2.0
 Vendor:         Microsoft Corporation
@@ -23,7 +23,6 @@ BuildRequires:	perl(strict)
 BuildRequires:	perl(warnings)
 # Test Suite
 BuildRequires:	perl(Test2::Bundle::Extended)
-BuildRequires:	perl(Test::More)
 # Dependencies
 Requires:	perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
 Requires:	perl(Data::Dumper)
@@ -52,6 +51,10 @@ make test
 %{_mandir}/man3/Test2::Tools::Explain.3*
 
 %changelog
+* Tue Mar 25 2025 Akhila Guruju  - 0.02-5
+- Removed `BuildRequires: perl(Test::More)` to fix build.
+- License verified.
+
 * Fri Oct 15 2021 Pawel Winogrodzki  - 0.02-4
 - Initial CBL-Mariner import from Fedora 32 (license: MIT).
 
diff --git a/SPECS-EXTENDED/podman/podman.spec b/SPECS-EXTENDED/podman/podman.spec
index 5d5a3b431f..c108b24bed 100644
--- a/SPECS-EXTENDED/podman/podman.spec
+++ b/SPECS-EXTENDED/podman/podman.spec
@@ -35,7 +35,7 @@
 
 Name:           podman
 Version:        4.1.1
-Release:        27%{?dist}
+Release:        28%{?dist}
 License:        ASL 2.0 and BSD and ISC and MIT and MPLv2.0
 Summary:        Manage Pods, Containers and Container Images
 Vendor:         Microsoft Corporation
@@ -50,7 +50,7 @@ BuildRequires:  go-md2man
 BuildRequires:  golang
 BuildRequires:  gcc
 BuildRequires:  glib2-devel
-BuildRequires:  glibc-static >= 2.38-9%{?dist}
+BuildRequires:  glibc-static >= 2.38-10%{?dist}
 BuildRequires:  git
 BuildRequires:  go-rpm-macros
 BuildRequires:  gpgme-devel
@@ -386,6 +386,9 @@ cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/
 
 # rhcontainerbot account currently managed by lsm5
 %changelog
+* Mon May 12 2025 Andrew Phelps  - 4.1.1-28
+- Bump to rebuild with updated glibc
+
 * Tue Feb 25 2025 Chris Co  - 4.1.1-27
 - Bump to rebuild with updated glibc
 
diff --git a/SPECS-EXTENDED/powertop/powertop.signatures.json b/SPECS-EXTENDED/powertop/powertop.signatures.json
index eca8394660..a5e1098827 100644
--- a/SPECS-EXTENDED/powertop/powertop.signatures.json
+++ b/SPECS-EXTENDED/powertop/powertop.signatures.json
@@ -1,6 +1,6 @@
 {
  "Signatures": {
-  "powertop-2.13.tar.gz": "e490c82dbfa87c98430c16151081fbe86e6f45d8be3dd8c48b89e8868dda85a1",
+  "powertop-2.15.tar.gz": "e58ab3fd7b8ff5f4dd0d17f11848817e7d83c0a6918145ac81de03b5dccf8f49",
   "powertop.service": "8bf360244bac769f41f37006b06fdf67224c9c7199045817fe5c5912a8868873"
  }
-}
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/powertop/powertop.spec b/SPECS-EXTENDED/powertop/powertop.spec
index d4e2d47eb1..2c188fb2db 100644
--- a/SPECS-EXTENDED/powertop/powertop.spec
+++ b/SPECS-EXTENDED/powertop/powertop.spec
@@ -1,24 +1,34 @@
 Name:             powertop
-Version:          2.13
-Release:          3%{?dist}
+Version:          2.15
+Release:          10%{?dist}
 Summary:          Power consumption monitor
 
-License:          GPLv2
+License:          gpl-2.0-only AND lgpl-2.1-only AND isc
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:              http://01.org/powertop/
-Source0:          http://github.com/fenrus75/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
+Source0:          https://github.com/fenrus75/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
 Source1:          powertop.service
 
 # Sent upstream
 Patch0:           powertop-2.7-always-create-params.patch
-Patch1:           0001-ncurses.patch
-BuildRequires:    gettext-devel, ncurses-devel, pciutils-devel, zlib-devel, libnl3-devel
-BuildRequires:    automake, libtool, systemd, autoconf-archive
-BuildRequires:    gcc, gcc-c++
+BuildRequires:    make
+BuildRequires:    gettext-devel
+BuildRequires:    ncurses-devel
+BuildRequires:    pciutils-devel
+BuildRequires:    zlib-devel
+BuildRequires:    libnl3-devel
+BuildRequires:    automake
+BuildRequires:    libtool
+BuildRequires:    systemd
+BuildRequires:    autoconf-archive
+BuildRequires:    gcc
+BuildRequires:    gcc-c++
 Requires(post):   systemd, coreutils
 Requires(preun):  systemd
 Requires(postun): systemd
+# For "xset dpms force off" during calibration
+Recommends:       xset
 Provides:         bundled(kernel-event-lib)
 
 %description
@@ -26,9 +36,7 @@ PowerTOP is a tool that finds the software component(s) that make your
 computer use more power than necessary while it is idle.
 
 %prep
-%setup -q
-%patch 0 -p1 -b .always-create-params
-%patch 1 -p1
+%autosetup -p1
 
 echo "v%{version}" > version-long
 echo '"v%{version}"' > version-short
@@ -37,7 +45,7 @@ echo '"v%{version}"' > version-short
 # workaround for rhbz#1826935
 autoreconf -fi || autoreconf -fi
 %configure
-make %{?_smp_mflags} CFLAGS="%{optflags}"
+make %{?_smp_mflags} CFLAGS="%{optflags}" V=1
 
 %install
 rm -rf %{buildroot}
@@ -71,12 +79,66 @@ touch %{_localstatedir}/cache/powertop/{saved_parameters.powertop,saved_results.
 %{_datadir}/bash-completion/completions/powertop
 
 %changelog
-* Thu Jun 23 2022 Ahmed Badawi  - 2.13-3
-- Added patch to fix compilation with ncurses 6.3
-- License verified
+* Wed Dec 18 2024 Sumit Jena  - 2.15-10
+- Initial Azure Linux import from Fedora 41 (license: MIT).
+- License verified.
 
-* Fri Oct 15 2021 Pawel Winogrodzki  - 2.13-2
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Fri Jul 19 2024 Fedora Release Engineering  - 2.15-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Thu Jun 06 2024 Dominik Mierzejewski  2.15-8
+- Made xset requirement weak
+  Resolves: rhbz#2290742
+
+* Thu May  2 2024 Jaroslav Škarvada  - 2.15-7
+- Added xset requirement
+  Resolves: rhbz#2278086
+
+* Fri Jan 26 2024 Fedora Release Engineering  - 2.15-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering  - 2.15-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Tue Dec 12 2023 Jaroslav Škarvada  - 2.15-4
+- Converted license to SPDX
+
+* Fri Jul 21 2023 Fedora Release Engineering  - 2.15-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Fri Jan 20 2023 Fedora Release Engineering  - 2.15-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Tue Oct  4 2022 Jaroslav Škarvada  - 2.15-1
+- New version
+  Resolves: rhbz#2131251
+
+* Thu Aug  4 2022 Jaroslav Škarvada  - 2.14-5
+- Fixed FTBFS
+  Resolves: rhbz#2113602
+
+* Fri Jul 22 2022 Fedora Release Engineering  - 2.14-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Fri Jan 21 2022 Fedora Release Engineering  - 2.14-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 2.14-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue May 11 2021 Jaroslav Škarvada  - 2.14-1
+- New version
+  Resolves: rhbz#1950154
+
+* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek  - 2.13-4
+- Rebuilt for updated systemd-rpm-macros
+  See https://pagure.io/fesco/issue/2583.
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 2.13-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering  - 2.13-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 
 * Mon Jun 15 2020 Jaroslav Škarvada  - 2.13-1
 - New version
diff --git a/SPECS-EXTENDED/pyparted/keyring.gpg b/SPECS-EXTENDED/pyparted/keyring.gpg
new file mode 100644
index 0000000000..10fab63c2a
Binary files /dev/null and b/SPECS-EXTENDED/pyparted/keyring.gpg differ
diff --git a/SPECS-EXTENDED/pyparted/pyparted-3.13.0.tar.gz.asc b/SPECS-EXTENDED/pyparted/pyparted-3.13.0.tar.gz.asc
new file mode 100644
index 0000000000..2cf7eac42a
--- /dev/null
+++ b/SPECS-EXTENDED/pyparted/pyparted-3.13.0.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEECPfIs8YhlQwTj3ZhYpd7uchBuWUFAmSTMCwACgkQYpd7uchB
+uWUcOBAAgASbpACsIET1xcvHEkPl38xJTYG92KvhzyWdcgNbONRfp0VSKt8SuByb
+ysQkiJ7bg/oneogrr8hy/W018YHxY3ZvtHp3+y9GlaF4UAN6b8PMoqAICKU6GDBo
+hJlkpZDZFqCiLnRM/ShswqrQguI3XzN/gvUKBkr7kSx0p50tyQnMNnusvYJtPAvK
+TnyrkwCkyGhn/3Bd8jvDnuA6T5WLtVSWKDEbk4P9mvu+YFdfTeK+08+ltCru5gUH
+kcNU3f0CdMItunTKl4xqrFTYuUfPHjtEzJo95usO4mOrXoh67qWY0VQGcXrlgw83
+eHmn6d+W7E8Xjn7NH2vq9I+xIKyiFAh3sUOKQ7Kw7qGuhQu0B5kEaCUYQk/UC2CF
+LbDnOElNVbzMiYom196PLr7bpp8JRhH3jp7MDCC7W2jN9TtUR79dZnbyATdT/Ilj
+eqFn81bO+O+JZ7bebmfcp4nOcOH4154OH1mhSgCN0PEy+cECYeMaW08lqhgX+3yj
+Fjm8DVgJN76yL/DAIwoGZN7nzJdCvSjO0dBk5qaqMT/iSvoZPjavlVjfmnIhM0qc
+GNSjyrHVc+dAyooNX2hoL60B64OIoSMxc5z2daf2HM3YtgugWcE3kqdEEfZhqi1U
++x3bPbAc4298JO8Pd5w7c9Zz5hXcS4z+n/VXLxwG8sWB2raDsXs=
+=f59d
+-----END PGP SIGNATURE-----
diff --git a/SPECS-EXTENDED/pyparted/pyparted.signatures.json b/SPECS-EXTENDED/pyparted/pyparted.signatures.json
index 53610cae42..5fd27ebcfb 100644
--- a/SPECS-EXTENDED/pyparted/pyparted.signatures.json
+++ b/SPECS-EXTENDED/pyparted/pyparted.signatures.json
@@ -1,8 +1,8 @@
 {
  "Signatures": {
   "keyring.gpg": "f3523e7f78a16339d0aa5020e53a6f02b9d79b56d9d2750adf70cc5fea1f8268",
-  "pyparted-3.11.4.tar.gz": "553a84155512bb5bd1382151bd689002bf7ceeacf86436b5fb2446d47ec55e98",
-  "pyparted-3.11.4.tar.gz.asc": "2b45e5e5e15f9d5cf117a28bb411e11a99e19d9016b6c347e24a57b44445133b",
+  "pyparted-3.13.0.tar.gz": "8fc6758abd16c7b0429fd4c07b6a7672678d493bfe1811040cd77d45e04964ea",
+  "pyparted-3.13.0.tar.gz.asc": "5d23cced3ced5ed45276b48cf53f4250d28028cc23279c9c347ffb48fb0e5c9d",
   "trustdb.gpg": "6724142955dd6c759195cbc66b4ac11613849123a50f4a5ca7b08dc1008bdd96"
  }
 }
diff --git a/SPECS-EXTENDED/pyparted/pyparted.spec b/SPECS-EXTENDED/pyparted/pyparted.spec
index 62282124cd..1cb5aa3297 100644
--- a/SPECS-EXTENDED/pyparted/pyparted.spec
+++ b/SPECS-EXTENDED/pyparted/pyparted.spec
@@ -1,139 +1,152 @@
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
-
-%bcond_without python3
-
-%bcond_with python2
-
-Summary: Python module for GNU parted
-Name:    pyparted
-Version: 3.11.4
-Release: 4%{?dist}
-License: GPLv2+
-URL:     https://github.com/dcantrell/pyparted
-
-Source0: https://github.com/dcantrell/pyparted/releases/download/v%{version}/%{name}-%{version}.tar.gz
-Source1: https://github.com/dcantrell/pyparted/releases/download/v%{version}/%{name}-%{version}.tar.gz.asc
-Source2: keyring.gpg
-Source3: trustdb.gpg
-
+Summary:       Python module for GNU parted
+Name:          pyparted
+Version:       3.13.0
+Release:       8%{?dist}
+License:       GPL-2.0-or-later
+URL:           https://github.com/dcantrell/pyparted
+
+Source0:       https://github.com/dcantrell/pyparted/releases/download/v%{version}/%{name}-%{version}.tar.gz
+Source1:       https://github.com/dcantrell/pyparted/releases/download/v%{version}/%{name}-%{version}.tar.gz.asc
+Source2:       keyring.gpg
+Source3:       trustdb.gpg
+
+BuildRequires: make
 BuildRequires: gcc
-BuildRequires: parted-devel >= 3.2-18
+BuildRequires: parted-devel >= 3.4
 BuildRequires: pkgconfig
 BuildRequires: e2fsprogs
 BuildRequires: gnupg2
-
-%if %{with python3}
 BuildRequires: python3-devel
 BuildRequires: python3-six
-%endif
-
-%if %{with python2}
-BuildRequires: python2-devel
-BuildRequires: python2-six
-%endif
+BuildRequires: python3-setuptools
 
-%global _description\
-Python module for the parted library.  It is used for manipulating\
+%description
+Python module for the parted library.  It is used for manipulating
 partition tables.
 
-%description %_description
-
-%if %{with python2}
-%package -n python2-pyparted
-Summary: %summary
-%{?python_provide:%python_provide python2-pyparted}
-# Remove before F30
-Provides: pyparted = %{version}-%{release}
-Provides: pyparted%{?_isa} = %{version}-%{release}
-Obsoletes: pyparted < %{version}-%{release}
-
-%description -n python2-pyparted %_description
-%endif
-
-%if %{with python3}
 %package -n python3-pyparted
 Summary: Python 3 module for GNU parted
 
 %description -n python3-pyparted
 Python module for the parted library.  It is used for manipulating
 partition tables. This package provides Python 3 bindings for parted.
-%endif
 
 %prep
 # Verify source archive signature
-# Remove "use-keyboxd" from gnupg configuration; if present, since it will wait forever if the service is not running
-sed -i '/use-keyboxd/d' ~/.gnupg/common.conf
 gpg --no-default-keyring --keyring %{SOURCE2} --trustdb-name %{SOURCE3} --verify %{SOURCE1} %{SOURCE0} || exit 1
 
-%setup -q
-
-%if %{with python3}
-everything=$(ls)
-mkdir -p py3dir
-cp -a $everything py3dir
-%endif
+%autosetup
 
 %build
-%if %{with python2}
-PYTHON=python2 make %{?_smp_mflags} CFLAGS="%{optflags} -fcommon"
-%endif
-
-%if %{with python3}
-pushd py3dir
-PYTHON=python3 make %{?_smp_mflags} CFLAGS="%{optflags} -fcommon"
-popd
-%endif
+%make_build CFLAGS="%{optflags} -fcommon"
 
 %check
-%if %{with python2}
-PYTHON=python2 make test
-%endif
-
-%if %{with python3}
-pushd py3dir
-PYTHON=python3 make test
-popd
-%endif
+make test
 
 %install
-%if %{with python2}
-PYTHON=python2 make install DESTDIR=%{buildroot}
-%endif
-
-%if %{with python3}
-pushd py3dir
-PYTHON=python3 make install DESTDIR=%{buildroot}
-popd
-%endif
-
-%if %{with python2}
-%files -n python2-pyparted
-%doc AUTHORS COPYING NEWS README TODO
-%{python2_sitearch}/_ped.so
-%{python2_sitearch}/parted
-%{python2_sitearch}/%{name}-%{version}-*.egg-info
-%endif
-
-%if %{with python3}
+%make_install
+
 %files -n python3-pyparted
-%doc AUTHORS COPYING NEWS README TODO
+%doc AUTHORS HACKING NEWS README.md RELEASE TODO
+%license LICENSE
 %{python3_sitearch}/_ped.*.so
 %{python3_sitearch}/parted
 %{python3_sitearch}/%{name}-%{version}-*.egg-info
-%endif
 
 %changelog
-* Mon Dec 04 2023 Andrew Phelps  - 3.11.4-4
-- Fix build issue with gpg keyboxd
+* Wed Dec 18 2024 Sumit Jena  - 3.13.0-8
+- Initial Azure Linux import from Fedora 41 (license: MIT).
 - License verified.
 
-* Mon Nov 01 2021 Muhammad Falak  - 3.11.4-3
-- Remove epoch
+* Fri Jul 19 2024 Fedora Release Engineering  - 1:3.13.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Jun 07 2024 Python Maint  - 1:3.13.0-6
+- Rebuilt for Python 3.13
+
+* Fri Jan 26 2024 Fedora Release Engineering  - 1:3.13.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering  - 1:3.13.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jul 21 2023 Fedora Release Engineering  - 1:3.13.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Jun 22 2023 Python Maint  - 1:3.13.0-2
+- Rebuilt for Python 3.12
+
+* Wed Jun 21 2023 David Cantrell  - 1:3.13.0-1
+- Upgrade to pyparted-3.13.0
+
+* Thu Jun 15 2023 Python Maint  - 1:3.12.0-11
+- Rebuilt for Python 3.12
+
+* Wed Jun 14 2023 David Cantrell  - 1:3.12.0-10
+- Use non-deprecated syntax for the %%patch macros
+
+* Tue Jun 13 2023 Python Maint  - 1:3.12.0-9
+- Rebuilt for Python 3.12
+
+* Thu Mar 02 2023 David Cantrell  - 1:3.12.0-8
+- Fix FTBFS with _ped.disktype test case for gpt (#2171656)
+- Update License tag to SPDX expression
+
+* Fri Jan 20 2023 Fedora Release Engineering  - 1:3.12.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Fri Jul 22 2022 Fedora Release Engineering  - 1:3.12.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Tue Jun 21 2022 David Cantrell  - 1:3.12.0-5
+- Patch pyparted to handle PED_DISK_TYPE_PARTITION_TYPE_ID for the
+  msdos disk type and PED_DISK_TYPE_PARTITION_TYPE_UUID for the gpt
+  label (#2098792)
+
+* Mon Jun 20 2022 Adam Williamson  - 1:3.12.0-4
+- Backport PR #92 to fix tests with parted 3.5 (#2098792)
+
+* Mon Jun 13 2022 Python Maint  - 1:3.12.0-3
+- Rebuilt for Python 3.11
+
+* Mon Mar 07 2022 David Cantrell  - 3.12.0-2
+- BR python3-setuptools
+
+* Mon Mar 07 2022 David Cantrell  - 3.12.0-1
+- Upgrade to pyparted-3.12.0
+
+* Fri Jan 21 2022 Fedora Release Engineering  - 1:3.11.7-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 1:3.11.7-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Thu Jun 03 2021 Python Maint  - 1:3.11.7-3
+- Rebuilt for Python 3.10
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 1:3.11.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Fri Oct 23 2020 David Cantrell  - 1:3.11.7-1
+- Upgrade to pyparted-3.11.7 (BZ#1890443)
+- Set PY_SSIZE_T_CLEAN for the build (bcl)
+- add nvme support
+- Update RELEASE file to make last step be "make pypi" (dcantrell)
+
+* Tue Jul 14 2020 Tom Stellard  - 1:3.11.5-3
+- Use make macros
+- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+
+* Sat May 23 2020 Miro Hrončok  - 1:3.11.5-2
+- Rebuilt for Python 3.9
 
-* Mon Mar 01 2021 Henry Li  - 1:3.11.4-2
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
-- Disable python2 build and enable python3 build only
+* Mon Mar 09 2020 David Cantrell  - 1:3.11.5-1
+- Require at least libparted 3.3 and python 3.7 (dcantrell)
+- pedmodule.c: Fix partition enum flag handling (bcl)
+- Add support for chromeos_kernel and bls_boot partition flags (bcl)
+- Move exception declarations to _pedmodule.c (dcantrell)
 
 * Tue Feb 11 2020 David Cantrell  - 1:3.11.4-1
 - Use Decimal for Device.getSize() operations, return a
diff --git a/SPECS-EXTENDED/pyparted/trustdb.gpg b/SPECS-EXTENDED/pyparted/trustdb.gpg
new file mode 100644
index 0000000000..cf09ce7b3a
Binary files /dev/null and b/SPECS-EXTENDED/pyparted/trustdb.gpg differ
diff --git a/SPECS-EXTENDED/python-IPy/python-IPy.signatures.json b/SPECS-EXTENDED/python-IPy/python-IPy.signatures.json
index 05dcf6e6c9..c2c45b589e 100644
--- a/SPECS-EXTENDED/python-IPy/python-IPy.signatures.json
+++ b/SPECS-EXTENDED/python-IPy/python-IPy.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "python-IPy-0.81.tar.gz": "4bc17a9b5e72e893a034e77193b82c2bc321ddf8d8c345281f2bb81bb007b939"
+  "python-IPy-1.01.tar.gz": "edeca741dea2d54aca568fa23740288c3fe86c0f3ea700344571e9ef14a7cc1a"
  }
 }
diff --git a/SPECS-EXTENDED/python-IPy/python-IPy.spec b/SPECS-EXTENDED/python-IPy/python-IPy.spec
index 13d621aeb0..72d6384ba8 100644
--- a/SPECS-EXTENDED/python-IPy/python-IPy.spec
+++ b/SPECS-EXTENDED/python-IPy/python-IPy.spec
@@ -3,12 +3,13 @@ Distribution:   Azure Linux
 %define oname IPy
 Summary:        Python module for handling IPv4 and IPv6 Addresses and Networks
 Name:           python-%{oname}
-Version:        0.81
-Release:        30%{?dist}
+Version:        1.01
+Release:        13%{?dist}
 URL:            https://github.com/haypo/python-ipy
 Source0:        https://files.pythonhosted.org/packages/source/I/IPy/IPy-%{version}.tar.gz#/python-IPy-%{version}.tar.gz
 License:        BSD
 BuildRequires:  python3-devel
+BuildRequires:  python3-setuptools
 BuildArch:      noarch
 
 %description
@@ -24,10 +25,6 @@ and IPv6 Addresses and Networks.
 Summary: Python 3 module for handling IPv4 and IPv6 Addresses and Networks
 %{?python_provide:%python_provide python3-%{oname}}
 
-# The following is juts for backwards compatibility (can be removed in F30):
-Provides: %{name}-python3 = %{version}-%{release}
-Obsoletes: %{name}-python3 < 0.81-19
-
 %description -n python3-%{oname}
 IPy is a Python 3 module for handling IPv4 and IPv6 Addresses and Networks 
 in a fashion similar to perl's Net::IP and friends. The IP class allows 
@@ -37,7 +34,7 @@ and IPv6 Addresses and Networks.
 
 
 %prep
-%setup -q -n %{oname}-%{version}
+%autosetup -n %{oname}-%{version} -p1
 
 
 %build
@@ -55,14 +52,67 @@ PYTHONPATH=$PWD %{__python3} test/test_IPy.py
 
 %files -n python3-%{oname}
 %license COPYING
-%doc AUTHORS ChangeLog README
+%doc AUTHORS ChangeLog README.rst
 %{python3_sitelib}/%{oname}*
 %{python3_sitelib}/__pycache__/%{oname}*
 
 
 %changelog
-* Fri Oct 15 2021 Pawel Winogrodzki  - 0.81-30
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Wed Dec 18 2024 Sumit Jena  - 1.01-13
+- Initial Azure Linux import from Fedora 41 (license: MIT).
+- License verified.
+
+* Fri Jul 19 2024 Fedora Release Engineering  - 1.01-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Jun 07 2024 Python Maint  - 1.01-11
+- Rebuilt for Python 3.13
+
+* Fri Jan 26 2024 Fedora Release Engineering  - 1.01-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering  - 1.01-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jul 21 2023 Fedora Release Engineering  - 1.01-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Tue Jun 13 2023 Python Maint  - 1.01-7
+- Rebuilt for Python 3.12
+
+* Fri Jan 20 2023 Fedora Release Engineering  - 1.01-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Fri Jul 22 2022 Fedora Release Engineering  - 1.01-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Mon Jun 13 2022 Python Maint  - 1.01-4
+- Rebuilt for Python 3.11
+
+* Fri Jan 21 2022 Fedora Release Engineering  - 1.01-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 1.01-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Sat Jun 19 2021 Kevin Fenzi  - 1.01-1
+- Update to 1.0.1. Fixes rhbz#1926615
+
+* Fri Jun 04 2021 Python Maint  - 1.00-4
+- Rebuilt for Python 3.10
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 1.00-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering  - 1.00-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jun 02 2020 Adam Williamson  - 1.00-1
+- Update to 1.00
+- Backport PR #69 to fix for Python 3.9
+
+* Tue May 26 2020 Miro Hrončok  - 0.81-30
+- Rebuilt for Python 3.9
 
 * Thu Jan 30 2020 Fedora Release Engineering  - 0.81-29
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
diff --git a/SPECS-EXTENDED/python-beautifulsoup4/python-beautifulsoup4.signatures.json b/SPECS-EXTENDED/python-beautifulsoup4/python-beautifulsoup4.signatures.json
index e2ea772e4a..7dab3ff291 100644
--- a/SPECS-EXTENDED/python-beautifulsoup4/python-beautifulsoup4.signatures.json
+++ b/SPECS-EXTENDED/python-beautifulsoup4/python-beautifulsoup4.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "python-beautifulsoup4-4.11.2.tar.gz": "bc4bdda6717de5a2987436fb8d72f45dc90dd856bdfd512a1314ce90349a0106"
+  "python-beautifulsoup4-4.12.3.tar.gz": "74e3d1928edc070d21748185c46e3fb33490f22f52a3addee9aee0f4f7781051"
  }
 }
diff --git a/SPECS-EXTENDED/python-beautifulsoup4/python-beautifulsoup4.spec b/SPECS-EXTENDED/python-beautifulsoup4/python-beautifulsoup4.spec
index f43e464ede..1ffea13301 100644
--- a/SPECS-EXTENDED/python-beautifulsoup4/python-beautifulsoup4.spec
+++ b/SPECS-EXTENDED/python-beautifulsoup4/python-beautifulsoup4.spec
@@ -1,40 +1,65 @@
-%global srcname beautifulsoup4
-%global _description %{expand:
-Beautiful Soup is a Python HTML/XML parser designed for quick
-turnaround projects like screen-scraping. Three features make it
-powerful:
-Beautiful Soup won't choke if you give it bad markup.
-Beautiful Soup provides a few simple methods and Pythonic idioms for
-Beautiful Soup automatically converts incoming documents to Unicode
-and outgoing documents to UTF-8.
-Beautiful Soup parses anything you give it.
-Valuable data that was once locked up in poorly-designed websites is
-now within your reach. Projects that would have taken hours take only
-minutes with Beautiful Soup.}
-
 # Ciruclar dependency with soupsieve which must be disabled at times
-%bcond_without  soupsieve
+%bcond soupsieve 1
+%bcond tests 1
+
+Name:           python-beautifulsoup4
+Version:        4.12.3
+Release:        8%{?dist}
 Summary:        HTML/XML parser for quick-turnaround applications like screen-scraping
-Name:           python-%{srcname}
-Version:        4.11.2
-Release:        2%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://www.crummy.com/software/BeautifulSoup/
-Source0:        https://files.pythonhosted.org/packages/source/b/%{srcname}/%{srcname}-%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source0:        https://files.pythonhosted.org/packages/source/b/beautifulsoup4/beautifulsoup4-%{version}.tar.gz#/%{name}-%{version}.tar.gz
+# https://git.launchpad.net/beautifulsoup/commit/?id=9786a62726de5a8caba10021c4d4a58c8a3e9e3f
+
+Patch0:         soupsieve26.patch
+
 BuildArch:      noarch
+# html5lib BR just for test coverage
+%if %{with tests}
+BuildRequires:  python3-html5lib
+BuildRequires:  python3-lxml
+%endif
 BuildRequires:  python3-devel
 BuildRequires:  python3-setuptools
-%if %{with soupsieve}
+BuildRequires:  python3-pip
 BuildRequires:  python3-pytest
+BuildRequires:  python3-wheel
+BuildRequires:  python3-hatchling
+BuildRequires:  python3-pathspec
+BuildRequires:  python3-trove-classifiers
+BuildRequires:  python3-tox
+BuildRequires:  python-filelock
+BuildRequires:  python3-toml
+BuildRequires:  python3-virtualenv
+BuildRequires:  python3-colorama
+BuildRequires:  python3-chardet
+BuildRequires:  python-cachetools
+BuildRequires:  python3-pyproject-api
+%if %{with soupsieve}
+BuildRequires:  python3-packaging
 BuildRequires:  python3-soupsieve
 %endif
-BuildRequires:  python3-lxml
-# html5lib BR just for test coverage
-%if 0%{?with_check}
-BuildRequires:  python3-html5lib
-%endif
+
+%global _description %{expand:
+Beautiful Soup is a Python HTML/XML parser designed for quick
+turnaround projects like screen-scraping. Three features make it
+powerful:
+
+Beautiful Soup won't choke if you give it bad markup.
+
+Beautiful Soup provides a few simple methods and Pythonic idioms for
+navigating, searching, and modifying a parse tree.
+
+Beautiful Soup automatically converts incoming documents to Unicode
+and outgoing documents to UTF-8.
+
+Beautiful Soup parses anything you give it.
+
+Valuable data that was once locked up in poorly-designed websites is
+now within your reach. Projects that would have taken hours take only
+minutes with Beautiful Soup.}
 
 %description %_description
 
@@ -50,32 +75,75 @@ Obsoletes:      python3-BeautifulSoup < 1:3.2.1-2
 %description -n python3-beautifulsoup4 %_description
 
 %prep
-%autosetup -n %{srcname}-%{version}
-rm -rf %{py3dir} && cp -a . %{py3dir}
+%autosetup -p1 -n beautifulsoup4-%{version}
+# Fix compatibility with lxml 5.3.0
+# Reported upstream: https://bugs.launchpad.net/beautifulsoup/+bug/2076897
+sed -i "s/strip_cdata=False,//" bs4/builder/_lxml.py
+
+%generate_buildrequires
+%pyproject_buildrequires %{?with_tests: -t}
 
 %build
-pushd %{py3dir}
-%py3_build
+%pyproject_wheel
 
 %install
-pushd %{py3dir}
-%py3_install
+%pyproject_install
+%pyproject_save_files bs4
 
+%if %{with tests}
 %check
-%py3_check_import bs4
-pushd %{py3dir}
-python3 -m unittest discover -s bs4 || :
+python3 -m tox -q --recreate -e py312
+%endif
 
 %files -n python3-beautifulsoup4
 %license LICENSE
-%doc NEWS.txt
-%{python3_sitelib}/beautifulsoup4-%{version}*.egg-info
+%doc NEWS.txt CHANGELOG
+%{python3_sitelib}/beautifulsoup4-%{version}.dist-info/
 %{python3_sitelib}/bs4
 
 %changelog
-* Wed Mar 08 2023 Sumedh Sharma  - 4.11.2-2
-- Initial CBL-Mariner import from Fedora 38 (license: MIT)
-- license verified
+* Fri Mar 21 2025 Jyoti kanase  -  4.12.3-8
+- Initial Azure Linux import from Fedora 41 (license: MIT).
+- License verified.
+
+* Tue Aug 13 2024 Lumír Balhar  - 4.12.3-7
+- Fix compatibility with lxml 5.3.0
+
+* Fri Jul 19 2024 Fedora Release Engineering  - 4.12.3-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Jun 07 2024 Python Maint  - 4.12.3-5
+- Rebuilt for Python 3.13
+
+* Fri Jun 07 2024 Python Maint  - 4.12.3-4
+- Bootstrap for Python 3.13
+
+* Fri Jan 26 2024 Fedora Release Engineering  - 4.12.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering  - 4.12.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Wed Jan 17 2024 Terje Rosten  - 4.12.3-1
+- 4.12.3
+
+* Sat Dec 16 2023 Terje Rosten  - 4.12.2-5
+- Add patch from upstream to fix test issue with libxml2 2.12.1 (bz#2251911)
+
+* Fri Jul 21 2023 Fedora Release Engineering  - 4.12.2-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Fri Jun 16 2023 Python Maint  - 4.12.2-3
+- Rebuilt for Python 3.12
+
+* Tue Jun 13 2023 Python Maint  - 4.12.2-2
+- Bootstrap for Python 3.12
+
+* Thu Apr 13 2023 Terje Rosten  - 4.12.2-1
+- 4.12.2
+
+* Mon Mar 20 2023 Terje Rosten  - 4.12.0-1
+- 4.12.0
 
 * Thu Feb 02 2023 Terje Rosten  - 4.11.2-1
 - 4.11.2
@@ -285,3 +353,4 @@ python3 -m unittest discover -s bs4 || :
 
 * Sat Mar 24 2012 Terje Rosten  - 4.0.1-1
 - initial package based on python-BeautifulSoup.
+
diff --git a/SPECS-EXTENDED/python-beautifulsoup4/soupsieve26.patch b/SPECS-EXTENDED/python-beautifulsoup4/soupsieve26.patch
new file mode 100644
index 0000000000..96c8eb4066
--- /dev/null
+++ b/SPECS-EXTENDED/python-beautifulsoup4/soupsieve26.patch
@@ -0,0 +1,48 @@
+From 9786a62726de5a8caba10021c4d4a58c8a3e9e3f Mon Sep 17 00:00:00 2001
+From: Leonard Richardson 
+Date: Wed, 21 Aug 2024 20:18:33 -0400
+Subject: * Changes to make tests work whether tests are run under soupsieve
+ 2.6   or an earlier version. Based on a patch by Stefano Rivera.
+
+---
+ bs4/tests/test_css.py | 13 +++++++++++--
+ 1 files changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/bs4/tests/test_css.py b/bs4/tests/test_css.py
+index 359dbcd..3c2318b 100644
+--- a/bs4/tests/test_css.py
++++ b/bs4/tests/test_css.py
+@@ -8,14 +8,23 @@ from bs4 import (
+     ResultSet,
+ )
+ 
++from packaging.version import Version
++
+ from . import (
+     SoupTest,
+     SOUP_SIEVE_PRESENT,
+ )
+ 
+ if SOUP_SIEVE_PRESENT:
+-    from soupsieve import SelectorSyntaxError
++    from soupsieve import __version__, SelectorSyntaxError
+ 
++    # Some behavior changes in soupsieve 2.6 that affects one of our
++    # tests.  For the test to run under all versions of Python
++    # supported by Beautiful Soup (which includes versions of Python
++    # not supported by soupsieve 2.6) we need to check both behaviors.
++    SOUPSIEVE_EXCEPTION_ON_UNSUPPORTED_PSEUDOCLASS = SelectorSyntaxError
++    if Version(__version__) < Version("2.6"):
++        SOUPSIEVE_EXCEPTION_ON_UNSUPPORTED_PSEUDOCLASS = NotImplementedError
+ 
+ @pytest.mark.skipif(not SOUP_SIEVE_PRESENT, reason="Soup Sieve not installed")
+ class TestCSSSelectors(SoupTest):
+@@ -332,7 +341,7 @@ class TestCSSSelectors(SoupTest):
+         assert "yes" == chosen.string
+ 
+     def test_unsupported_pseudoclass(self):
+-        with pytest.raises(NotImplementedError):
++        with pytest.raises(SOUPSIEVE_EXCEPTION_ON_UNSUPPORTED_PSEUDOCLASS):
+             self.soup.select("a:no-such-pseudoclass")
+ 
+         with pytest.raises(SelectorSyntaxError):
diff --git a/SPECS-EXTENDED/python-blinker/python-blinker.signatures.json b/SPECS-EXTENDED/python-blinker/python-blinker.signatures.json
deleted file mode 100644
index c203f718f2..0000000000
--- a/SPECS-EXTENDED/python-blinker/python-blinker.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "Signatures": {
-  "blinker-1.4.tar.gz": "471aee25f3992bd325afa3772f1063dbdbbca947a041b8b89466dc00d606f8b6"
- }
-}
diff --git a/SPECS-EXTENDED/python-cheetah/cheetah3-3.2.6.post1-framelocalsproxy.patch b/SPECS-EXTENDED/python-cheetah/cheetah3-3.2.6.post1-framelocalsproxy.patch
new file mode 100644
index 0000000000..2c6754adbc
--- /dev/null
+++ b/SPECS-EXTENDED/python-cheetah/cheetah3-3.2.6.post1-framelocalsproxy.patch
@@ -0,0 +1,43 @@
+diff -ur cheetah3-3.2.6.post1.orig/Cheetah/NameMapper.py cheetah3-3.2.6.post1/Cheetah/NameMapper.py
+--- cheetah3-3.2.6.post1.orig/Cheetah/NameMapper.py	2024-10-30 14:53:31.879049340 -0700
++++ cheetah3-3.2.6.post1/Cheetah/NameMapper.py	2024-10-30 14:54:48.896711953 -0700
+@@ -140,6 +140,7 @@
+ """
+ 
+ import inspect
++import sys
+ from pprint import pformat
+ 
+ from Cheetah.compat import PY2
+@@ -147,6 +148,8 @@
+     from collections import Mapping
+ else:
+     from collections.abc import Mapping
++    if sys.version_info[:2] >= (3, 13):
++        from collections.abc import MutableMapping
+ 
+ _INCLUDE_NAMESPACE_REPR_IN_NOTFOUND_EXCEPTIONS = False
+ _ALLOW_WRAPPING_OF_NOTFOUND_EXCEPTIONS = True
+@@ -315,6 +318,10 @@
+         try:
+             if not frame:
+                 frame = inspect.stack()[1][0]
++            if sys.version_info[:2] >= (3, 13):
++                FrameLocalsProxy = frame.f_locals
++                if not isinstance(FrameLocalsProxy, Mapping):
++                    MutableMapping.register(type(FrameLocalsProxy))
+             key = name.split('.')[0]
+             for namespace in _namespaces(frame, searchList):
+                 if hasKey(namespace, key):
+diff -ur cheetah3-3.2.6.post1.orig/docs/news.rst cheetah3-3.2.6.post1/docs/news.rst
+--- cheetah3-3.2.6.post1.orig/docs/news.rst	2024-10-30 14:53:31.872049370 -0700
++++ cheetah3-3.2.6.post1/docs/news.rst	2024-10-30 14:54:36.807764910 -0700
+@@ -11,6 +11,8 @@
+    - Fixed ``_namemapper.c``: Silent an inadvertent ``TypeError`` exception
+      in ``PyMapping_HasKeyString`` under Python 3.13+
+      caused by ``_namemapper`` looking up a key in a non-dictionary.
++   - Fixed mapping test in ``NameMapper.py``:
++     Python 3.13 brough a new mapping type ``FrameLocalsProxy``.
+ 
+ 3.2.6.post1 (2021-02-22)
+ ------------------------
diff --git a/SPECS-EXTENDED/python-cheetah/cheetah3-3.2.6.post1-loadTestsFromModule.patch b/SPECS-EXTENDED/python-cheetah/cheetah3-3.2.6.post1-loadTestsFromModule.patch
new file mode 100644
index 0000000000..a572c3b463
--- /dev/null
+++ b/SPECS-EXTENDED/python-cheetah/cheetah3-3.2.6.post1-loadTestsFromModule.patch
@@ -0,0 +1,55 @@
+diff -ur cheetah3-3.2.6.post1.orig/Cheetah/Tests/Test.py cheetah3-3.2.6.post1/Cheetah/Tests/Test.py
+--- cheetah3-3.2.6.post1.orig/Cheetah/Tests/Test.py	2024-10-30 07:25:43.621206329 -0700
++++ cheetah3-3.2.6.post1/Cheetah/Tests/Test.py	2024-10-30 09:48:51.480330619 -0700
+@@ -31,23 +31,24 @@
+ SyntaxAndOutput.install_eols()
+ 
+ suites = [
+-    unittest.findTestCases(Analyzer),
+-    unittest.findTestCases(Filters),
+-    unittest.findTestCases(ImportHooks),
+-    unittest.findTestCases(LoadTemplate),
+-    unittest.findTestCases(Misc),
+-    unittest.findTestCases(NameMapper),
+-    unittest.findTestCases(Parser),
+-    unittest.findTestCases(Regressions),
+-    unittest.findTestCases(SyntaxAndOutput),
+-    unittest.findTestCases(Template),
+-    unittest.findTestCases(TemplateCmdLineIface),
+-    unittest.findTestCases(Unicode),
+-    unittest.findTestCases(NameMapper_pure),
++    unittest.defaultTestLoader.loadTestsFromModule(Analyzer),
++    unittest.defaultTestLoader.loadTestsFromModule(Filters),
++    unittest.defaultTestLoader.loadTestsFromModule(ImportHooks),
++    unittest.defaultTestLoader.loadTestsFromModule(LoadTemplate),
++    unittest.defaultTestLoader.loadTestsFromModule(Misc),
++    unittest.defaultTestLoader.loadTestsFromModule(NameMapper),
++    unittest.defaultTestLoader.loadTestsFromModule(Parser),
++    unittest.defaultTestLoader.loadTestsFromModule(Regressions),
++    unittest.defaultTestLoader.loadTestsFromModule(SyntaxAndOutput),
++    unittest.defaultTestLoader.loadTestsFromModule(Template),
++    unittest.defaultTestLoader.loadTestsFromModule(TemplateCmdLineIface),
++    unittest.defaultTestLoader.loadTestsFromModule(Unicode),
++    unittest.defaultTestLoader.loadTestsFromModule(NameMapper_pure),
+ ]
+ 
+ if not sys.platform.startswith('java'):
+-    suites.append(unittest.findTestCases(CheetahWrapper))
++    suites.append(
++        unittest.defaultTestLoader.loadTestsFromModule(CheetahWrapper))
+ 
+ if __name__ == '__main__':
+     if 'xml' in sys.argv:
+Only in cheetah3-3.2.6.post1/Cheetah/Tests: Test.py.orig
+diff -ur cheetah3-3.2.6.post1.orig/docs/news.rst cheetah3-3.2.6.post1/docs/news.rst
+--- cheetah3-3.2.6.post1.orig/docs/news.rst	2024-10-30 07:37:07.891109768 -0700
++++ cheetah3-3.2.6.post1/docs/news.rst	2024-10-30 09:50:52.787837501 -0700
+@@ -6,6 +6,8 @@
+ 2024-10-30:
+ 
+    - Protect ``import cgi`` in preparation to Python 3.13.
++   - Fix DeprecationWarning: ``unittest.findTestCases()`` is deprecated. Use
++     ``unittest.TestLoader.loadTestsFromModule()`` instead.
+ 
+ 3.2.6.post1 (2021-02-22)
+ ------------------------
diff --git a/SPECS-EXTENDED/python-cheetah/cheetah3-3.2.6.post1-parse_qs.patch b/SPECS-EXTENDED/python-cheetah/cheetah3-3.2.6.post1-parse_qs.patch
new file mode 100644
index 0000000000..a72b1cfbe0
--- /dev/null
+++ b/SPECS-EXTENDED/python-cheetah/cheetah3-3.2.6.post1-parse_qs.patch
@@ -0,0 +1,45 @@
+diff -ur cheetah3-3.2.6.post1.orig/Cheetah/Template.py cheetah3-3.2.6.post1/Cheetah/Template.py
+--- cheetah3-3.2.6.post1.orig/Cheetah/Template.py	2024-10-30 22:02:27.084580240 -0700
++++ cheetah3-3.2.6.post1/Cheetah/Template.py	2024-10-30 22:06:23.575516652 -0700
+@@ -24,6 +24,7 @@
+ try:
+     import cgi  # Used by .webInput() if the template is a CGI script.
+ except ImportError:  # Python 3.13+
++    from urllib.parse import parse_qs
+     cgi = None
+ import types
+ 
+@@ -1919,11 +1920,17 @@
+         """
+         src = src.lower()
+         isCgi = not self._CHEETAH__isControlledByWebKit
+-        if isCgi and (cgi is not None) and src in ('f', 'v'):
++        if isCgi and src in ('f', 'v'):
+             global _formUsedByWebInput
+-            if _formUsedByWebInput is None:
+-                _formUsedByWebInput = cgi.FieldStorage()
+-            source, func = 'field', _formUsedByWebInput.getvalue
++            if cgi is None:
++                if _formUsedByWebInput is None:
++                    _formUsedByWebInput = \
++                        parse_qs(os.environ.get('QUERY_STRING', ''))
++                source, func = 'field', _formUsedByWebInput.get
++            else:
++                if _formUsedByWebInput is None:
++                    _formUsedByWebInput = cgi.FieldStorage()
++                source, func = 'field', _formUsedByWebInput.getvalue
+         elif isCgi and src == 'c':
+             raise RuntimeError("can't get cookies from a CGI script")
+         elif isCgi and src == 's':
+diff -ur cheetah3-3.2.6.post1.orig/docs/news.rst cheetah3-3.2.6.post1/docs/news.rst
+--- cheetah3-3.2.6.post1.orig/docs/news.rst	2024-10-30 22:02:27.064580330 -0700
++++ cheetah3-3.2.6.post1/docs/news.rst	2024-10-30 22:07:00.025352723 -0700
+@@ -13,6 +13,8 @@
+      caused by ``_namemapper`` looking up a key in a non-dictionary.
+    - Fixed mapping test in ``NameMapper.py``:
+      Python 3.13 brough a new mapping type ``FrameLocalsProxy``.
++   - Fixed ``Template.webInput``: Use ``urllib.parse.parse_qs``
++     instead of ``cgi.FieldStorage``; Python 3.13 dropped ``cgi``.
+ 
+ 3.2.6.post1 (2021-02-22)
+ ------------------------
diff --git a/SPECS-EXTENDED/python-cheetah/cheetah3-3.2.6.post1-protect-cgi.patch b/SPECS-EXTENDED/python-cheetah/cheetah3-3.2.6.post1-protect-cgi.patch
new file mode 100644
index 0000000000..68aa53fa66
--- /dev/null
+++ b/SPECS-EXTENDED/python-cheetah/cheetah3-3.2.6.post1-protect-cgi.patch
@@ -0,0 +1,40 @@
+diff -ur cheetah3-3.2.6.post1.orig/Cheetah/Template.py cheetah3-3.2.6.post1/Cheetah/Template.py
+--- cheetah3-3.2.6.post1.orig/Cheetah/Template.py	2024-10-30 07:25:43.621206329 -0700
++++ cheetah3-3.2.6.post1/Cheetah/Template.py	2024-10-30 07:28:32.723440631 -0700
+@@ -21,7 +21,10 @@
+     from io import StringIO
+ import traceback
+ import pprint
+-import cgi  # Used by .webInput() if the template is a CGI script.
++try:
++    import cgi  # Used by .webInput() if the template is a CGI script.
++except ImportError:  # Python 3.13+
++    cgi = None
+ import types
+ 
+ from Cheetah import ErrorCatchers              # for placeholder tags
+@@ -1916,7 +1919,7 @@
+         """
+         src = src.lower()
+         isCgi = not self._CHEETAH__isControlledByWebKit
+-        if isCgi and src in ('f', 'v'):
++        if isCgi and (cgi is not None) and src in ('f', 'v'):
+             global _formUsedByWebInput
+             if _formUsedByWebInput is None:
+                 _formUsedByWebInput = cgi.FieldStorage()
+diff -ur cheetah3-3.2.6.post1.orig/docs/news.rst cheetah3-3.2.6.post1/docs/news.rst
+--- cheetah3-3.2.6.post1.orig/docs/news.rst	2021-02-22 02:22:54.000000000 -0800
++++ cheetah3-3.2.6.post1/docs/news.rst	2024-10-30 07:37:07.891109768 -0700
+@@ -1,6 +1,12 @@
+ News
+ ====
+ 
++Backports
++---------
++2024-10-30:
++
++   - Protect ``import cgi`` in preparation to Python 3.13.
++
+ 3.2.6.post1 (2021-02-22)
+ ------------------------
+ 
diff --git a/SPECS-EXTENDED/python-cheetah/cheetah3-3.2.6.post1-typeerror.patch b/SPECS-EXTENDED/python-cheetah/cheetah3-3.2.6.post1-typeerror.patch
new file mode 100644
index 0000000000..a568ee3a5b
--- /dev/null
+++ b/SPECS-EXTENDED/python-cheetah/cheetah3-3.2.6.post1-typeerror.patch
@@ -0,0 +1,45 @@
+diff -ur cheetah3-3.2.6.post1.orig/Cheetah/c/_namemapper.c cheetah3-3.2.6.post1/Cheetah/c/_namemapper.c
+--- cheetah3-3.2.6.post1.orig/Cheetah/c/_namemapper.c	2021-02-22 02:22:54.000000000 -0800
++++ cheetah3-3.2.6.post1/Cheetah/c/_namemapper.c	2024-10-30 12:41:44.371896758 -0700
+@@ -179,11 +179,26 @@
+             return NULL;
+         }
+ 
++        #if PY_VERSION_HEX >= 0x030d0000
++        /* Python 3.13+: this is to silent error from PyMapping_HasKeyString */
++        if (PyMapping_Check(currentVal) && PyMapping_GetOptionalItemString(currentVal, currentKey, &nextVal)
++                && (!PyErr_Occurred())
++           ) {
++        #else
+         if (PyMapping_Check(currentVal) && PyMapping_HasKeyString(currentVal, currentKey)) {
+             nextVal = PyMapping_GetItemString(currentVal, currentKey);
+-        }
++        #endif
+ 
+-        else {
++        } else {
++        #if PY_VERSION_HEX >= 0x030d0000
++            if ((PyErr_Occurred() != NULL) &&
++                   (PyErr_ExceptionMatches(PyExc_TypeError))) {
++                /* Python 3.13+ don't like testing 'str1'['str2'].
++                   The error must be silenced to continue testing
++                   getattr('str1', 'str2'). */
++                PyErr_Clear();
++            }
++        #endif
+             PyObject *exc;
+             nextVal = PyObject_GetAttrString(currentVal, currentKey);
+             exc = PyErr_Occurred();
+diff -ur cheetah3-3.2.6.post1.orig/docs/news.rst cheetah3-3.2.6.post1/docs/news.rst
+--- cheetah3-3.2.6.post1.orig/docs/news.rst	2024-10-30 09:54:36.896932574 -0700
++++ cheetah3-3.2.6.post1/docs/news.rst	2024-10-30 12:42:50.772613341 -0700
+@@ -8,6 +8,9 @@
+    - Protect ``import cgi`` in preparation to Python 3.13.
+    - Fix DeprecationWarning: ``unittest.findTestCases()`` is deprecated. Use
+      ``unittest.TestLoader.loadTestsFromModule()`` instead.
++   - Fixed ``_namemapper.c``: Silent an inadvertent ``TypeError`` exception
++     in ``PyMapping_HasKeyString`` under Python 3.13+
++     caused by ``_namemapper`` looking up a key in a non-dictionary.
+ 
+ 3.2.6.post1 (2021-02-22)
+ ------------------------
diff --git a/SPECS-EXTENDED/python-cheetah/python-cheetah.signatures.json b/SPECS-EXTENDED/python-cheetah/python-cheetah.signatures.json
index 51e5a67906..156eb74a25 100644
--- a/SPECS-EXTENDED/python-cheetah/python-cheetah.signatures.json
+++ b/SPECS-EXTENDED/python-cheetah/python-cheetah.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "python-cheetah-3.2.4.tar.gz": "32780a2729b7acf1ab4df9b9325b33e4a1aaf7dcae8c2c66e6e83c70499db863"
+  "python-cheetah-3.2.6.post1.tar.gz": "ef923bd4feca0cb17e8dc5f726a41a07d8bab26a15246630f206e9b6401ce4b6"
  }
 }
diff --git a/SPECS-EXTENDED/python-cheetah/python-cheetah.spec b/SPECS-EXTENDED/python-cheetah/python-cheetah.spec
index e26b4e3533..14dc0f4ae6 100644
--- a/SPECS-EXTENDED/python-cheetah/python-cheetah.spec
+++ b/SPECS-EXTENDED/python-cheetah/python-cheetah.spec
@@ -1,109 +1,145 @@
-%bcond_with python2
-
 Name:           python-cheetah
-Version:        3.2.4
-Release:        4%{?dist}
+Version:        3.2.6.post1
+Release:        12%{?dist}
 Summary:        Template engine and code generator
 
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://cheetahtemplate.org/
-Source:         https://github.com/CheetahTemplate3/cheetah3/archive/%{version}/%{name}-%{version}.tar.gz
+Source:         https://github.com/CheetahTemplate3/cheetah3/archive/%{version}/Cheetah3-%{version}.tar.gz#/%{name}-%{version}.tar.gz
+
+# Instead of playing Whac-A-Mole and adding more and more basepythons,
+# e.g. in https://github.com/CheetahTemplate3/cheetah3/commit/6be6bc10a4,
+# we let tox do the right thing by not setting any:
+Patch:          tox-no-basepython.patch
+Patch1:         cheetah3-3.2.6.post1-protect-cgi.patch
+Patch2:         cheetah3-3.2.6.post1-loadTestsFromModule.patch
+Patch3:         cheetah3-3.2.6.post1-typeerror.patch
+Patch4:         cheetah3-3.2.6.post1-framelocalsproxy.patch
+Patch5:         cheetah3-3.2.6.post1-parse_qs.patch
+
 BuildRequires:  gcc
+BuildRequires:  python3-devel
+BuildRequires:  python3-pip
+BuildRequires:  python3-wheel
+
+BuildRequires:  python3-tox
+BuildRequires:  python3-toml
+
+# for tests
+%if 0%{?with_check}
+BuildRequires:  python3-pluggy
+BuildRequires:  python3-py
+BuildRequires:  python3-filelock
+BuildRequires:  python3-six
+BuildRequires:  python3-tox-current-env
+%endif
 
-%global _description\
-Cheetah is an open source template engine and code generation tool,\
-written in Python. It can be used standalone or combined with other\
-tools and frameworks. Web development is its principal use, but\
-Cheetah is very flexible and is also being used to generate C++ code,\
-Java, SQL, form emails and even Python code.
+%global _description %{expand:
+Cheetah3 is a free and open source template engine and code generation tool.
+It can be used standalone or combined with other tools and frameworks.  Web
+development is its principle use, but Cheetah is very flexible and is also
+being used to generate C++ game code, Java, SQL, form emails and even Python
+code.}
 
 %description %{_description}
 
-%if %{with python2}
-%package -n python2-cheetah
-Summary: %summary
-%{?python_provide:%python_provide python2-cheetah}
+%package -n python3-cheetah
+Summary:        %{summary}
 
-BuildRequires: python2-devel
-BuildRequires: python2-setuptools
+%description -n python3-cheetah %{_description}
 
+%prep
+%autosetup -p1 -n cheetah3-%{version}
 
-BuildRequires: python2-pygments
+# remove upper bound on markdown test dependency
+sed -e 's|, < 3.2||' -i tox.ini
 
-%description -n python2-cheetah %_description
+# remove unnecessary shebang lines to silence rpmlint
+find Cheetah -type f -name '*.py' -print0 | xargs -0 sed -i -e '1 {/^#!/d}'
 
-%endif
+%generate_buildrequires
+%pyproject_buildrequires -t
 
-%package -n python3-cheetah
-Summary: %summary
-%{?python_provide:%python_provide python3-cheetah}
+%build
+%pyproject_wheel
 
-BuildRequires: python3-devel
-BuildRequires: python3-setuptools
-BuildRequires: python3-markdown
-BuildRequires: python3-pygments
+%install
+%pyproject_install
+%pyproject_save_files Cheetah
 
-%description -n python3-cheetah %_description
+%check
+# changing this in %%prep would cause an rpmlint error (rpm-buildroot-usage),
+# so do it here instead
+sed -e 's|{envsitepackagesdir}|%{buildroot}%{python3_sitearch}|' -i tox.ini
+%tox
 
+%files -n python3-cheetah -f %{pyproject_files}
+%doc ANNOUNCE.rst README.rst TODO BUGS
+%{_bindir}/cheetah*
 
-%prep
-%autosetup -p1 -n cheetah3-%{version}
+%changelog
+* Thu Feb 13 2025 Aninda Pradhan  - 3.2.6.post1-12
+- Initial Azure Linux import from Fedora 41 (license: MIT)
+- License Verified
+- Added additional dependencies for successful build and test
 
-# remove unnecessary shebang lines to silence rpmlint
-%{__sed} -i -e '/^#!/,1d' Cheetah/Tests/*.py \
-    Cheetah/CheetahWrapper.py Cheetah/DirectiveAnalyzer.py \
-    Cheetah/Filters.py Cheetah/NameMapper.py Cheetah/Servlet.py \
-    Cheetah/Templates/SkeletonPage.py Cheetah/Tools/SiteHierarchy.py \
-    Cheetah/Version.py
+* Wed Oct 30 2024 Mike Bonnet  - 3.2.6.post1-11
+- Backport fix from upstream to support Python 3.13+ (protect import of cgi module)
+- Backport fix for running tests under Python 3.13+ (use unittest.defaultTestLoader.loadTestsFromModule)
+- Backport fix that silences a TypeError
+- Backport fix for a mapping test
+- Backport fix to remove use of dropped cgi module
 
-%build
-%if %{with python2}
-%py2_build
-%endif
+* Fri Jul 19 2024 Fedora Release Engineering  - 3.2.6.post1-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
 
-%py3_build
+* Fri Jun 07 2024 Python Maint  - 3.2.6.post1-9
+- Rebuilt for Python 3.13
 
-%install
-%if %{with python2}
-%py2_install
+* Fri Jan 26 2024 Fedora Release Engineering  - 3.2.6.post1-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
-EGG_INFO=(%{buildroot}/%{python2_sitearch}/Cheetah*.egg-info)
-cp -r $EGG_INFO ${EGG_INFO//Cheetah3/Cheetah}
-sed -i "s/Name: Cheetah3/Name: Cheetah/" ${EGG_INFO//Cheetah3/Cheetah}/PKG-INFO
-rm %{buildroot}%{_bindir}/*
-%endif
+* Mon Jan 22 2024 Fedora Release Engineering  - 3.2.6.post1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
-%py3_install
+* Fri Jul 21 2023 Fedora Release Engineering  - 3.2.6.post1-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 
+* Wed Jun 14 2023 Python Maint  - 3.2.6.post1-5
+- Rebuilt for Python 3.12
 
-%check
-export PATH="%{buildroot}/%{_bindir}:$PATH"
-export PYTHONPATH="%{buildroot}/%{python3_sitearch}"
-%{buildroot}/%{_bindir}/cheetah test
+* Fri Jan 20 2023 Fedora Release Engineering  - 3.2.6.post1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 
-%if %{with python2}
-%files -n python2-cheetah
-%license LICENSE
-%doc ANNOUNCE.rst README.rst TODO BUGS
+* Fri Jul 22 2022 Fedora Release Engineering  - 3.2.6.post1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 
-%{python2_sitearch}/Cheetah
-%{python2_sitearch}/Cheetah*.egg-info
-%endif
+* Mon Jun 13 2022 Python Maint  - 3.2.6.post1-2
+- Rebuilt for Python 3.11
 
-%files -n python3-cheetah
-%license LICENSE
-%doc ANNOUNCE.rst README.rst TODO BUGS
+* Thu Apr 07 2022 Carl George  - 3.2.6.post1-1
+- Update to 3.2.6.post1
+- Convert to pyproject macros
 
-%{_bindir}/cheetah*
+* Fri Jan 21 2022 Fedora Release Engineering  - 3.2.4-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 
-%{python3_sitearch}/Cheetah
-%{python3_sitearch}/Cheetah*.egg-info
+* Fri Jul 23 2021 Fedora Release Engineering  - 3.2.4-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 
-%changelog
-* Fri Oct 15 2021 Pawel Winogrodzki  - 3.2.4-4
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Fri Jun 04 2021 Python Maint  - 3.2.4-7
+- Rebuilt for Python 3.10
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 3.2.4-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering  - 3.2.4-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue May 26 2020 Miro Hrončok  - 3.2.4-4
+- Rebuilt for Python 3.9
 
 * Thu Jan 30 2020 Fedora Release Engineering  - 3.2.4-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
diff --git a/SPECS-EXTENDED/python-cheetah/tox-no-basepython.patch b/SPECS-EXTENDED/python-cheetah/tox-no-basepython.patch
new file mode 100644
index 0000000000..9030b0c509
--- /dev/null
+++ b/SPECS-EXTENDED/python-cheetah/tox-no-basepython.patch
@@ -0,0 +1,20 @@
+diff --git a/tox.ini b/tox.ini
+index 6d72c6e..b54f815 100644
+--- a/tox.ini
++++ b/tox.ini
+@@ -8,15 +8,6 @@ minversion = 3.15
+ envlist = py27,py3{4,5,6,7,8,9},pypy,py{27,38,39}-flake8
+ 
+ [testenv]
+-basepython =
+-    py27: {env:TOXPYTHON:python2.7}
+-    py34: {env:TOXPYTHON:python3.4}
+-    py35: {env:TOXPYTHON:python3.5}
+-    py36: {env:TOXPYTHON:python3.6}
+-    py37: {env:TOXPYTHON:python3.7}
+-    py38: {env:TOXPYTHON:python3.8}
+-    py39: {env:TOXPYTHON:python3.9}
+-    pypy: {env:TOXPYTHON:pypy}
+ commands =
+     {envpython} --version
+     {envpython} -c "import struct; print(struct.calcsize('P') * 8)"
diff --git a/SPECS-EXTENDED/python-colorama/python-colorama.signatures.json b/SPECS-EXTENDED/python-colorama/python-colorama.signatures.json
index 00af4318a7..704828e55c 100644
--- a/SPECS-EXTENDED/python-colorama/python-colorama.signatures.json
+++ b/SPECS-EXTENDED/python-colorama/python-colorama.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "python-colorama-0.4.1.tar.gz": "05eed71e2e327246ad6b38c540c4a3117230b19679b875190486ddd2d721422d"
+  "python-colorama-0.4.6.tar.gz": "08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44"
  }
-}
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/python-colorama/python-colorama.spec b/SPECS-EXTENDED/python-colorama/python-colorama.spec
index 807bb60a6c..18bd613e86 100644
--- a/SPECS-EXTENDED/python-colorama/python-colorama.spec
+++ b/SPECS-EXTENDED/python-colorama/python-colorama.spec
@@ -1,41 +1,29 @@
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
-%global pypi_name colorama
 
-%bcond_with python2
-%bcond_without python3
+%global pypi_name colorama
 
 Name:           python-%{pypi_name}
-Version:        0.4.1
-Release:        6%{?dist}
+Version:        0.4.6
+Release:        10%{?dist}
 Summary:        Cross-platform colored terminal text
 
-License:        BSD
-URL:            http://pypi.python.org/pypi/colorama
-Source0:        https://files.pythonhosted.org/packages/source/c/%{pypi_name}/%{pypi_name}-%{version}.tar.gz#/python-%{pypi_name}-%{version}.tar.gz
+License:        BSD-3-Clause
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+URL:            https://github.com/tartley/colorama
+Source0:        https://files.pythonhosted.org/packages/d8/53/6f443c9a4a8358a93a6792e2acffb9d9d5cb0a5cfd8802644b7b1c9a02e4/colorama-0.4.6.tar.gz#/%{name}-%{version}.tar.gz
 BuildArch:      noarch
- 
-%description
-Makes ANSI escape character sequences, for producing colored
-terminal text and cursor positioning, work under MS Windows.
 
-ANSI escape character sequences have long been used to produce colored terminal
-text and cursor positioning on Unix and Macs. Colorama makes this work on
-Windows, too.
-It also provides some shortcuts to help generate ANSI sequences, and works fine
-in conjunction with any other ANSI sequence generation library, such as
-Termcolor.
+BuildRequires:  python3-devel
+BuildRequires: 	python3-pip
+BuildRequires: 	python3-wheel
+BuildRequires: 	python3-trove-classifiers
+BuildRequires: 	python3-hatchling
+BuildRequires: 	python3-pathspec
 
-%if %{with python2}
-%package -n python2-%{pypi_name}
-Summary:        Cross-platform colored terminal text
-BuildRequires:  python2-devel
-%{?el6:BuildRequires:  python-setuptools}
-%{!?el6:BuildRequires:  python2-setuptools}
-%{?el6:Provides: python-%{pypi_name}}
-%{?python_provide:%python_provide python2-%{pypi_name}}
+# for check
+BuildRequires:  python3dist(pytest)
 
-%description -n python2-%{pypi_name}
+%description
 Makes ANSI escape character sequences, for producing colored
 terminal text and cursor positioning, work under MS Windows.
 
@@ -46,15 +34,8 @@ It also provides some shortcuts to help generate ANSI sequences, and works fine
 in conjunction with any other ANSI sequence generation library, such as
 Termcolor.
 
-Python 2 version.
-%endif
-
-%if %{with python3}
 %package -n python3-%{pypi_name}
 Summary:        Cross-platform colored terminal text
-%{?python_provide:%python_provide python3-%{pypi_name}}
-BuildRequires:  python3-devel
-BuildRequires:  python3-setuptools
 
 %description -n python3-%{pypi_name}
 Makes ANSI escape character sequences, for producing colored
@@ -67,49 +48,97 @@ It also provides some shortcuts to help generate ANSI sequences, and works fine
 in conjunction with any other ANSI sequence generation library, such as
 Termcolor.
 
-Python 3 version.
-%endif
-
 %prep
 %autosetup -n %{pypi_name}-%{version}
-rm -rf *.egg-info
+
+%generate_buildrequires
+%pyproject_buildrequires -r
 
 %build
-%if %{with python2}
-%py2_build
-%endif
-%if %{with python3}
-%py3_build
-%endif
+%pyproject_wheel
 
 %install
-%if %{with python2}
-%py2_install
-%endif
-%if %{with python3}
-%py3_install
-%endif
-
-%if %{with python2}
-%files -n python2-%{pypi_name}
-%doc README.rst
-%license LICENSE.txt
-%{python2_sitelib}/%{pypi_name}/
-%{python2_sitelib}/%{pypi_name}-%{version}-*.egg-info/
-%endif
-
-%if %{with python3}
-%files -n python3-%{pypi_name}
-%doc README.rst
-%license LICENSE.txt
-%{python3_sitelib}/%{pypi_name}/
-%{python3_sitelib}/%{pypi_name}-%{version}-*.egg-info/
-%endif
+%pyproject_install
+%pyproject_save_files colorama
+
+%check
+%pytest
+
+%files -n python3-%{pypi_name} -f %{pyproject_files}
+%doc CHANGELOG.rst README.rst
+%license %{python3_sitelib}/%{pypi_name}-*.dist-info/licenses/LICENSE.txt
 
 %changelog
-* Fri Mar 05 2021 Henry Li  - 0.4.1-6
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
-- Fix distro check to enable python3 build and disable python2 build
+* Wed Feb 26 2025 Akhila Guruju  - 0.4.6-10
+- Initial Azure Linux import from Fedora 41 (license: MIT).
+- License verified
+- Added `BuildRequires: python3-trove-classifiers python3-hatchling python3-pathspec` to fix build.
+
+* Fri Jul 19 2024 Fedora Release Engineering  - 0.4.6-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Jun 07 2024 Python Maint  - 0.4.6-8
+- Rebuilt for Python 3.13
+
+* Fri Jan 26 2024 Fedora Release Engineering  - 0.4.6-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Jan 22 2024 Fedora Release Engineering  - 0.4.6-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Oct 22 2023 Miroslav Suchý  - 0.4.6-5
+- Migrate to SPDX license
+
+* Fri Jul 21 2023 Fedora Release Engineering  - 0.4.6-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Tue Jun 13 2023 Python Maint  - 0.4.6-3
+- Rebuilt for Python 3.12
+
+* Fri Jan 20 2023 Fedora Release Engineering  - 0.4.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Tue Nov 01 2022 Mikel Olasagasti Uranga  - 0.4.6-1
+- Update to 0.4.6 - Closes rhz#2136298
+
+* Tue Aug 09 2022 Mikel Olasagasti Uranga  - 0.4.5-1
+- Update to 0.4.5 - Closes rhbz#2097423
+
+* Fri Jul 22 2022 Fedora Release Engineering  - 0.4.4-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Mon Jun 13 2022 Python Maint  - 0.4.4-14
+- Rebuilt for Python 3.11
+
+* Fri Jan 21 2022 Fedora Release Engineering  - 0.4.4-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jan 14 2022 Mikel Olasagasti Uranga  - 0.4.4-12
+- Clean up spec
+- Remove all python2 bits
+- Adopt pyproject-rpm-macros
+- Switch to GitHub tarball for tests and enable check
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 0.4.4-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Wed Jun 02 2021 Python Maint  - 0.4.4-3
+- Rebuilt for Python 3.10
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 0.4.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Thu Nov 19 2020 Joel Capitao  - 0.4.4-1
+- Update to 0.4.4 (rhbz#1887630)
+
+* Wed Jul 29 2020 Fedora Release Engineering  - 0.4.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue May 26 2020 Miro Hrončok  - 0.4.3-2
+- Rebuilt for Python 3.9
+
+* Sun May 03 2020 Fabio Alessandro Locati  - 0.4.3-1
+* Update to 0.4.3
 
 * Thu Jan 30 2020 Fedora Release Engineering  - 0.4.1-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
@@ -206,3 +235,4 @@ rm -rf *.egg-info
 
 * Tue Sep 11 2012 Matthias Runge  - 0.2.4-1
 - Initial package.
+
diff --git a/SPECS-EXTENDED/python-curio/python-curio.signatures.json b/SPECS-EXTENDED/python-curio/python-curio.signatures.json
index ea7d5ccf8c..9d21e1d224 100644
--- a/SPECS-EXTENDED/python-curio/python-curio.signatures.json
+++ b/SPECS-EXTENDED/python-curio/python-curio.signatures.json
@@ -1,5 +1,5 @@
 {
-    "Signatures": {
-        "python-curio-1.4.tar.gz": "57edce81c837f3c2cf42fbb346dee26e537d1659e6605269fb13bd179e068744"
-    }
+ "Signatures": {
+  "python-curio-1.6^1.1484546.tar.gz": "f27a8cc1d9938c2c89015ed6224fcd77b30088a748e2a99af5d17b4ccc5cd72a"
+ }
 }
diff --git a/SPECS-EXTENDED/python-curio/python-curio.spec b/SPECS-EXTENDED/python-curio/python-curio.spec
index c74750e79d..e05295f409 100644
--- a/SPECS-EXTENDED/python-curio/python-curio.spec
+++ b/SPECS-EXTENDED/python-curio/python-curio.spec
@@ -1,74 +1,63 @@
-%{!?python3_sitelib: %define python3_sitelib %(python3 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")}
-%{!?python3_version: %define python3_version %(python3 -c "import sys; sys.stdout.write(sys.version[:3])")}
-%{!?__python3: %global __python3 /usr/bin/python3}
-
-# what it's called on pypi
-%global srcname curio
-# what it's imported as
-%global libname curio
-# name of egg info directory
-%global eggname curio
-# package name fragment
-%global pkgname curio
-
-%global _description \
-Curio is a library of building blocks for performing concurrent I/O and common\
-system programming tasks such as launching subprocesses, working with files,\
-and farming work out to thread and process pools.  It uses Python coroutines\
-and the explicit async/await syntax introduced in Python 3.5.  Its programming\
-model is based on cooperative multitasking and existing programming\
-abstractions such as threads, sockets, files, subprocesses, locks, and queues.\
-You'll find it to be small, fast, and fun.  Curio has no third-party\
-dependencies and does not use the standard asyncio module.  Most users will\
-probably find it to be a bit too-low level--it's probably best to think of it\
-as a library for building libraries.  Although you might not use it directly,\
-many of its ideas have influenced other libraries with similar functionality.
-
-
+# Upstream doesn't plan to make any more releases.  Unless they change their
+# mind, we'll need to stick with git snapshots going forward.
+# https://github.com/dabeaz/curio/commit/45ada857189de0e6b3b81f50e93496fc710889ca
+%global commit      148454621f9bd8dd843f591e87715415431f6979
+%global shortcommit %{lua:print(macros.commit:sub(1,7))}
+
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+Name:           python-curio
+Version:        1.6^1.%{shortcommit}
+Release:        1%{?dist}
 Summary:        Building blocks for performing concurrent I/O
-Name:           python-%{pkgname}
-Version:        1.4
-Release:        5%{?dist}
-License:        BSD
+License:        BSD-3-Clause
 URL:            https://github.com/dabeaz/curio
-Source0:        https://files.pythonhosted.org/packages/source/c/%{pkgname}/%{pkgname}-%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source:         %{url}/archive/%{commit}/curio-%{shortcommit}.tar.gz#/%{name}-%{version}.tar.gz
 BuildArch:      noarch
 
-%description %{_description}
+%global common_description %{expand:
+Curio is a coroutine-based library for concurrent Python systems programming
+using async/await. It provides standard programming abstractions such as tasks,
+sockets, files, locks, and queues as well as some advanced features such as
+support for structured concurrency. It works on Unix and Windows and has zero
+dependencies. You will find it to be familiar, small, fast, and fun.}
+
+
+%description %{common_description}
 
-%package -n python3-%{pkgname}
+
+%package -n python3-curio
 Summary:        %{summary}
 BuildRequires:  python3-devel
-BuildRequires:  python3-setuptools
-%if 0%{?with_check}
+BuildRequires:  %{py3_dist pytest}
 BuildRequires:  python3-pip
-%endif
-%{?python_provide:%python_provide python3-%{pkgname}}
-
-%description -n python3-%{pkgname} %{_description}
+BuildRequires:  python3dist(wheel)
+%description -n python3-curio %{common_description}
 
 %prep
-%autosetup -n %{srcname}-%{version} -p 1
-rm -rf %{eggname}.egg-info
+%autosetup -n curio-%{commit}
+
+%generate_buildrequires
+%pyproject_buildrequires
 
 %build
-%py3_build
+%pyproject_wheel
 
 %install
-%py3_install
+%pyproject_install
+%pyproject_save_files curio
 
 %check
-pip3 install pytest
-pip3 install .
-py.test --verbose -m 'not internet'
+%pytest --verbose -m 'not internet'
 
-%files -n python3-%{pkgname}
-%license LICENSE
+%files -n python3-curio -f %{pyproject_files}
 %doc README.rst
-%{python3_sitelib}/%{libname}
-%{python3_sitelib}/%{eggname}-%{version}-py%{python3_version}.egg-info
 
 %changelog
+* Mon Mar 19 2025 Sumit Jena  - 1.6^1.1484546-1
+- Update to version 1.6^1.1484546
+- License verified
+
 * Thu Apr 28 2022 Muhammad Falak  - 1.4-5
 - Drop BR on pytest & pip install latest deps
 - Use py.test instead of py.test-3 to enable ptest
diff --git a/SPECS-EXTENDED/python-dmidecode/python-dmidecode-rhbz2154949.patch b/SPECS-EXTENDED/python-dmidecode/python-dmidecode-rhbz2154949.patch
new file mode 100644
index 0000000000..c26a2abe9d
--- /dev/null
+++ b/SPECS-EXTENDED/python-dmidecode/python-dmidecode-rhbz2154949.patch
@@ -0,0 +1,125 @@
+From 2d6530941682595b26067a8b679ec2eb3aceae54 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= 
+Date: Tue, 17 May 2022 16:00:47 +0200
+Subject: [PATCH 1/3] Make the code future-proof against removal of distutils
+ module.
+
+---
+ src/setup_common.py | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/src/setup_common.py b/src/setup_common.py
+index aec1f9b..3fb9086 100644
+--- a/src/setup_common.py
++++ b/src/setup_common.py
+@@ -30,7 +30,12 @@
+ if sys.version_info[0] < 3:
+     import commands as subprocess
+ from os import path as os_path
+-from distutils.sysconfig import get_python_lib
++try:
++    from distutils.sysconfig import get_python_lib, get_config_var
++    __python_lib = get_python_lib(1)
++except ImportError:
++    from sysconfig import get_config_var, get_path
++    __python_lib = get_path('platlib')
+ 
+ # libxml2 - C flags
+ def libxml2_include(incdir):
+@@ -50,7 +55,7 @@ def libxml2_include(incdir):
+ 
+ # libxml2 - library flags
+ def libxml2_lib(libdir, libs):
+-    libdir.append(get_python_lib(1))
++    libdir.append(__python_lib)
+     if os_path.exists("/etc/debian_version"): #. XXX: Debian Workaround...
+         libdir.append("/usr/lib/pymodules/python%d.%d"%sys.version_info[0:2])
+ 
+From 7c0788b5c5ed7d1c79f70a74047abab161dca13a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= 
+Date: Mon, 17 Oct 2022 19:59:52 +0200
+Subject: [PATCH 2/3] Don't be too complicated.
+
+There is actually no reason to use distutils.sysconfig at all,
+plain sysconfig works even on 2.7.
+---
+ Makefile            | 3 ++-
+ src/setup_common.py | 9 ++-------
+ 2 files changed, 4 insertions(+), 8 deletions(-)
+
+diff --git a/src/setup_common.py b/src/setup_common.py
+index 3fb9086..97ece95 100644
+--- a/src/setup_common.py
++++ b/src/setup_common.py
+@@ -30,12 +30,7 @@
+ if sys.version_info[0] < 3:
+     import commands as subprocess
+ from os import path as os_path
+-try:
+-    from distutils.sysconfig import get_python_lib, get_config_var
+-    __python_lib = get_python_lib(1)
+-except ImportError:
+-    from sysconfig import get_config_var, get_path
+-    __python_lib = get_path('platlib')
++from sysconfig import get_config_var, get_path
+ 
+ # libxml2 - C flags
+ def libxml2_include(incdir):
+@@ -55,7 +50,7 @@ def libxml2_include(incdir):
+ 
+ # libxml2 - library flags
+ def libxml2_lib(libdir, libs):
+-    libdir.append(__python_lib)
++    libdir.append(get_path('platlib'))
+     if os_path.exists("/etc/debian_version"): #. XXX: Debian Workaround...
+         libdir.append("/usr/lib/pymodules/python%d.%d"%sys.version_info[0:2])
+ 
+
+From 860c730309366d6062c410ee975a2fc159452dc6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= 
+Date: Wed, 26 Oct 2022 17:39:47 +0200
+Subject: [PATCH 3/3] Make the discovery of the build .so file more robust.
+
+Different versions of Python apparently generate different
+directory names, there doesn't seem to be any more reliable
+method of the .so file discovery than brutal force of the shell
+find command.
+---
+ Makefile | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+--- a/Makefile.backup	2022-11-17 06:51:28.000000000 +0100
++++ b/Makefile	2023-05-20 12:56:07.590575539 +0200
+@@ -44,12 +44,11 @@
+ PY_VER  := $(shell $(PY_BIN) -c 'import sys; print("%d.%d"%sys.version_info[0:2])')
+ PY_MV   := $(shell echo $(PY_VER) | cut -b 1)
+ PY      := python$(PY_VER)
+-SO_PATH := build/lib.linux-$(shell uname -m)-$(PY_VER)
+ ifeq ($(PY_MV),2)
+-	SO  := $(SO_PATH)/dmidecodemod.so
++	SOLIB  := dmidecodemod.so
+ else
+ 	SOABI := $(shell $(PY_BIN) -c 'import sysconfig; print(sysconfig.get_config_var("SOABI"))')
+-	SO  := $(SO_PATH)/dmidecodemod.$(SOABI).so
++	SOLIB  := dmidecodemod.$(SOABI).so
+ endif
+ SHELL	:= /bin/bash
+ 
+@@ -59,13 +58,13 @@
+ all : build dmidump
+ 
+ build: $(PY)-dmidecodemod.so
+-$(PY)-dmidecodemod.so: $(SO)
+-	cp $< $@
+-$(SO):
++
++$(PY)-dmidecodemod.so:
+ 	$(PY) src/setup.py build
++	cp $$(find build -name $(SOLIB)) $@
+ 
+ dmidump : src/util.o src/efi.o src/dmilog.o
+-	$(CC) -o $@ src/dmidump.c $^ -g -Wall -D_DMIDUMP_MAIN_
++	$(CC) -o $@ src/dmidump.c $^ ${CFLAGS} -D_DMIDUMP_MAIN_
+ 
+ install:
+ 	$(PY) src/setup.py install
diff --git a/SPECS-EXTENDED/python-dmidecode/python-dmidecode.signatures.json b/SPECS-EXTENDED/python-dmidecode/python-dmidecode.signatures.json
index c15defc148..0872c33b63 100644
--- a/SPECS-EXTENDED/python-dmidecode/python-dmidecode.signatures.json
+++ b/SPECS-EXTENDED/python-dmidecode/python-dmidecode.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "python-dmidecode-3.12.2.tar.gz": "22ea8c96de989cf2072f942d9fb0fa028087602bfee6e5eb860b8047cc6fe7d5"
+  "python-dmidecode-3.12.3.tar.gz": "44d45d7d8344290c259c989d3af3f614c7837cbd85052d486adfa46a1c777164"
  }
-}
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/python-dmidecode/python-dmidecode.spec b/SPECS-EXTENDED/python-dmidecode/python-dmidecode.spec
index c0cbf015a4..af26cfece2 100644
--- a/SPECS-EXTENDED/python-dmidecode/python-dmidecode.spec
+++ b/SPECS-EXTENDED/python-dmidecode/python-dmidecode.spec
@@ -1,19 +1,21 @@
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
 Name: python-dmidecode
 Summary: Python module to access DMI data
-Version: 3.12.2
-Release: 20%{?dist}
-License: GPLv2
+Version: 3.12.3
+Release: 10%{?dist}
+License: GPL-2.0-only
+Vendor: Microsoft Corporation
+Distribution: Azure Linux
 URL: https://github.com/nima/python-dmidecode
-# source0: https://github.com/nima/python-dmidecode/archive/refs/tags/v3.12.2.tar.gz
-Source0: https://github.com/nima/python-dmidecode/archive/refs/tags/%{name}-%{version}.tar.gz
+Source0: https://github.com/nima/%{name}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 
-BuildRequires:  gcc
-BuildRequires: libxml2-devel
+Patch0: python-dmidecode-rhbz2154949.patch
 
+BuildRequires: make
+BuildRequires: gcc
+BuildRequires: libxml2-devel
 BuildRequires: python3-devel
 BuildRequires: libxml2-python3
+BuildRequires: python3-setuptools
 
 %global _description\
 python-dmidecode is a python extension module that uses the\
@@ -21,7 +23,6 @@ code-base of the 'dmidecode' utility, and presents the data\
 as python data structures or as XML data using libxml2.\
 \
 
-
 %description %_description
 
 %package -n python3-dmidecode
@@ -32,37 +33,97 @@ Requires: libxml2-python3
 
 
 %prep
-%setup -q
-sed -i 's/python2/python3/g' Makefile unit-tests/Makefile
-
+%autosetup -p1 -n %{name}-%{version}
 
 %build
-# Not to get undefined symbol: dmixml_GetContent
-export CFLAGS="${CFLAGS-} -std=gnu89"
-make build
+# -std=gnu89 is there to avoid `undefined symbol: dmixml_GetContent`
+export PYTHON_BIN=%{__python3}
+export CFLAGS="%{build_cflags} -std=gnu89"
+export CXXFLAGS="%{build_cxxflags} -std=gnu89"
+export CC=gcc
+export CXX=g++
+%make_build
 
 %install
 %{__python3} src/setup.py install --root %{buildroot} --prefix=%{_prefix}
 
-
 %check
 pushd unit-tests
 make
 popd
 
-
 %files -n python3-dmidecode
-%license doc/LICENSE doc/AUTHORS doc/AUTHORS.upstream
-%doc README doc/README.upstream
+%license doc/LICENSE
+%doc README doc/AUTHORS doc/AUTHORS.upstream
 %{python3_sitearch}/dmidecodemod.cpython-%{python3_version_nodots}*.so
-%{python3_sitearch}/__pycache__/dmidecode.cpython-%{python3_version_nodots}*.py[co]
-%{python3_sitearch}/dmidecode.py
+%pycached %{python3_sitearch}/dmidecode.py
 %{python3_sitearch}/*.egg-info
-%{_datadir}/python-dmidecode/
+%{_datadir}/%{name}/
 
 %changelog
-* Fri Oct 15 2021 Pawel Winogrodzki  - 3.12.2-20
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Wed Apr 23 2025 Akhila Guruju  - 3.12.3-10
+- Initial Azure Linux import from Fedora 41 (license: MIT).
+- License verified
+
+* Fri Jul 19 2024 Fedora Release Engineering  - 3.12.3-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Jun 07 2024 Python Maint  - 3.12.3-8
+- Rebuilt for Python 3.13
+
+* Mon Jan 22 2024 Fedora Release Engineering  - 3.12.3-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Aug 10 2023 Lichen Liu  - 3.12.3-6
+- Use SPDX identifiers for license
+
+* Fri Jul 21 2023 Fedora Release Engineering  - 3.12.3-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Tue Jun 13 2023 Python Maint  - 3.12.3-4
+- Rebuilt for Python 3.12
+
+* Sat May 20 2023 Antonio Trande  - 3.12.3-3
+- Fix BuildRequires packages for Python-3.12
+
+* Fri Jan 20 2023 Fedora Release Engineering  - 3.12.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Sun Dec 25 2022 Antonio Trande  - 3.12.3-1
+- Release 3.12.3
+- Temporary fix for rhbz#2154949
+
+* Fri Jul 22 2022 Fedora Release Engineering  - 3.12.2-29.20210630gitf0a089a1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Mon Jun 13 2022 Python Maint  - 3.12.2-28.20210630gitf0a089a1
+- Rebuilt for Python 3.11
+
+* Sun Apr 24 2022 Antonio Trande  - 3.12.2-27.20210630gitf0a089a1
+- Build commit #f0a089a1 (include covscan error fixes)
+
+* Fri Jan 21 2022 Fedora Release Engineering  - 3.12.2-26
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Tue Jul 27 2021 Fedora Release Engineering  - 3.12.2-25
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri Jun 04 2021 Python Maint  - 3.12.2-24
+- Rebuilt for Python 3.10
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 3.12.2-23
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Thu Nov 26 2020 Antonio Trande  - 3.12.2-22
+- Refresh SPEC file
+- Fixed for Python-3.10 (rhbz#1898981)
+
+* Wed Jul 29 2020 Fedora Release Engineering  - 3.12.2-21
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue May 26 2020 Miro Hrončok  - 3.12.2-20
+- Rebuilt for Python 3.9
 
 * Thu Jan 30 2020 Fedora Release Engineering  - 3.12.2-19
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
diff --git a/SPECS-EXTENDED/python-kdcproxy/Drop-coverage-from-tests.patch b/SPECS-EXTENDED/python-kdcproxy/Drop-coverage-from-tests.patch
new file mode 100644
index 0000000000..f3c5c290f2
--- /dev/null
+++ b/SPECS-EXTENDED/python-kdcproxy/Drop-coverage-from-tests.patch
@@ -0,0 +1,100 @@
+From 7b7aee01d72be5a310678cdad189cb7382f28549 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood 
+Date: Tue, 19 Jan 2021 11:41:40 -0500
+Subject: [PATCH] Drop coverage from tests
+
+To my knowledge, we've never looked at or done anything with this
+output.  Test coverage is a noble goal, but this project is mostly
+complete, so we don't expect heavy development soon.
+
+Requested-by: Petr Viktorin 
+Signed-off-by: Robbie Harwood 
+(cherry picked from commit 86c3da13d5d6cdb5822d194f2b820da1fd31dddb)
+[rharwood@redhat.com: .gitignore]
+---
+ .coveragerc | 23 -----------------------
+ MANIFEST.in |  1 -
+ setup.py    |  2 +-
+ tox.ini     | 12 ++----------
+ 4 files changed, 3 insertions(+), 35 deletions(-)
+ delete mode 100644 .coveragerc
+
+diff --git a/.coveragerc b/.coveragerc
+deleted file mode 100644
+index 4038562..0000000
+--- a/.coveragerc
++++ /dev/null
+@@ -1,23 +0,0 @@
+-[run]
+-branch = True
+-source =
+-    kdcproxy
+-    tests.py
+-
+-[paths]
+-source =
+-   kdcproxy
+-   .tox/*/lib/python*/site-packages/kdcproxy
+-
+-[report]
+-ignore_errors = False
+-precision = 1
+-exclude_lines =
+-    pragma: no cover
+-    raise AssertionError
+-    raise NotImplementedError
+-    if 0:
+-    if False:
+-    if __name__ == .__main__.:
+-    if PY3
+-    if not PY3
+diff --git a/MANIFEST.in b/MANIFEST.in
+index 362f840..ff6b9a7 100644
+--- a/MANIFEST.in
++++ b/MANIFEST.in
+@@ -2,4 +2,3 @@ include README COPYING
+ include tox.ini
+ include setup.cfg
+ include tests.py tests.krb5.conf
+-include .coveragerc
+diff --git a/setup.py b/setup.py
+index 20b335e..4b34fcc 100644
+--- a/setup.py
++++ b/setup.py
+@@ -29,7 +29,7 @@ install_requires = [
+ ]
+ 
+ extras_require = {
+-    "tests": ["pytest", "coverage", "WebTest"],
++    "tests": ["pytest", "WebTest"],
+     "test_pep8": ['flake8', 'flake8-import-order', 'pep8-naming']
+ }
+ 
+diff --git a/tox.ini b/tox.ini
+index 038d996..9672cee 100644
+--- a/tox.ini
++++ b/tox.ini
+@@ -1,21 +1,13 @@
+ [tox]
+ minversion = 2.3.1
+-envlist = py36,py37,py38,py39,pep8,py3pep8,doc,coverage-report
++envlist = py36,py37,py38,py39,pep8,py3pep8,doc
+ skip_missing_interpreters = true
+ 
+ [testenv]
+ deps =
+     .[tests]
+ commands =
+-    {envpython} -m coverage run --parallel \
+-        -m pytest --capture=no --strict {posargs}
+-
+-[testenv:coverage-report]
+-deps = coverage
+-skip_install = true
+-commands =
+-    {envpython} -m coverage combine
+-    {envpython} -m coverage report --show-missing
++    {envpython} -m pytest --capture=no --strict {posargs}
+ 
+ [testenv:pep8]
+ basepython = python3
diff --git a/SPECS-EXTENDED/python-kdcproxy/python-kdcproxy.signatures.json b/SPECS-EXTENDED/python-kdcproxy/python-kdcproxy.signatures.json
index 445b1c328e..05f52c31f2 100644
--- a/SPECS-EXTENDED/python-kdcproxy/python-kdcproxy.signatures.json
+++ b/SPECS-EXTENDED/python-kdcproxy/python-kdcproxy.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "python-kdcproxy-0.4.2.tar.gz": "9c8f6949c5b0f28861b0a24a6f12c2f0dca52780826ab1211136037f5dc0e4f7"
+  "python-kdcproxy-1.0.0.tar.gz": "064386498125794dddbf710fc33fdc4d75a10b5ebe322f8dd8fd1c3e5edab2cb"
  }
 }
diff --git a/SPECS-EXTENDED/python-kdcproxy/python-kdcproxy.spec b/SPECS-EXTENDED/python-kdcproxy/python-kdcproxy.spec
index 653a7828fc..96ef48622f 100644
--- a/SPECS-EXTENDED/python-kdcproxy/python-kdcproxy.spec
+++ b/SPECS-EXTENDED/python-kdcproxy/python-kdcproxy.spec
@@ -1,28 +1,26 @@
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
 %global realname kdcproxy
 
 Name:           python-%{realname}
-Version:        0.4.2
-Release:        5%{?dist}
+Version:        1.0.0
+Release:        18%{?dist}
 Summary:        MS-KKDCP (kerberos proxy) WSGI module
 
 License:        MIT
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
 URL:            https://github.com/latchset/%{realname}
-Source0:        https://github.com/latchset/%{realname}/releases/download/v%{version}/%{realname}-%{version}.tar.gz#/python-%{realname}-%{version}.tar.gz
+Source0:        https://github.com/latchset/%{realname}/releases/download/v%{version}/%{realname}-%{version}.tar.gz#/%{name}-%{version}.tar.gz
+
+Patch0: 	Drop-coverage-from-tests.patch
 
 BuildArch:      noarch
 BuildRequires:  git
 
-BuildRequires:  python3-asn1crypto
 BuildRequires:  python3-devel
 BuildRequires:  python3-dns
-%if 0%{?with_check}
-BuildRequires:  python3-coverage
-BuildRequires:  python3-mock
-BuildRequires:  python3-pip
-%endif
-
+BuildRequires:  python3-pyasn1
+BuildRequires:  python3-pytest
+BuildRequires:  python3-setuptools
 
 %description
 This package contains a Python WSGI module for proxying KDC requests over
@@ -32,7 +30,7 @@ minimal configuration.
 %package -n python3-%{realname}
 Summary:        MS-KKDCP (kerberos proxy) WSGI module
 Requires:       python3-dns
-Requires:       python3-asn1crypto
+Requires:       python3-pyasn1
 
 %{?python_provide:%python_provide python3-%{realname}}
 
@@ -51,8 +49,7 @@ minimal configuration.
 %py3_install
 
 %check
-%{__python3} -m pip install pytest==7.1.2
-KDCPROXY_ASN1MOD=asn1crypto %{__python3} -m pytest
+%{__python3} -m pytest
 
 %files -n python3-%{realname}
 %doc README
@@ -61,12 +58,72 @@ KDCPROXY_ASN1MOD=asn1crypto %{__python3} -m pytest
 %{python3_sitelib}/%{realname}-%{version}-*.egg-info
 
 %changelog
-* Tue Aug 30 2022 Muhammad Falak  - 0.4.2-5
-- Add BR on python-pip and drop BR on pytest to enable ptest
+* Fri Mar 14 2025 Akhila Guruju  - 1.0.0-18
+-  Initial Azure Linux import from Fedora 41 (license: MIT).
 - License verified
 
-* Fri Oct 15 2021 Pawel Winogrodzki  - 0.4.2-4
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Fri Jul 19 2024 Fedora Release Engineering  - 1.0.0-17
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Jun 07 2024 Python Maint  - 1.0.0-16
+- Rebuilt for Python 3.13
+
+* Fri Jan 26 2024 Fedora Release Engineering  - 1.0.0-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Jan 22 2024 Fedora Release Engineering  - 1.0.0-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jul 21 2023 Fedora Release Engineering  - 1.0.0-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Jun 15 2023 Python Maint  - 1.0.0-12
+- Rebuilt for Python 3.12
+
+* Fri Jan 20 2023 Fedora Release Engineering  - 1.0.0-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Fri Jul 22 2022 Fedora Release Engineering  - 1.0.0-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Tue Jun 14 2022 Python Maint  - 1.0.0-9
+- Rebuilt for Python 3.11
+
+* Fri Jan 21 2022 Fedora Release Engineering  - 1.0.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 1.0.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri Jun 04 2021 Python Maint  - 1.0.0-6
+- Rebuilt for Python 3.10
+
+* Thu Apr 08 2021 Robbie Harwood  - 1.0.0-5
+- Actually drop coverage dependency
+
+* Fri Jan 29 2021 Robbie Harwood  - 1.0.0-4
+- Drop unused dependency on python3-mock
+- Resolves: #1922344
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 1.0.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Jan 20 2021 Robbie Harwood  - 1.0.0-2
+- Drop coverage from tests
+- Resolves: #1916739
+
+* Tue Dec 08 2020 Robbie Harwood  - 1.0.0-1
+- New upstream version (1.0.0)
+- Drop asn1crypto in favor of pyasn1
+
+* Wed Jul 29 2020 Fedora Release Engineering  - 0.4.2-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Thu Jun 25 2020 Robbie Harwood  - 0.4.2-5
+- Explicitly depend on python3-setuptools
+
+* Tue May 26 2020 Miro Hrončok  - 0.4.2-4
+- Rebuilt for Python 3.9
 
 * Thu Jan 30 2020 Fedora Release Engineering  - 0.4.2-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
diff --git a/SPECS-EXTENDED/python-lazy-object-proxy/python-lazy-object-proxy.signatures.json b/SPECS-EXTENDED/python-lazy-object-proxy/python-lazy-object-proxy.signatures.json
index 7c7888d88c..dc0777a82c 100644
--- a/SPECS-EXTENDED/python-lazy-object-proxy/python-lazy-object-proxy.signatures.json
+++ b/SPECS-EXTENDED/python-lazy-object-proxy/python-lazy-object-proxy.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "python-lazy-object-proxy-1.4.3.tar.gz": "ce4c9872869331d509ff2b7be19fdddb1dc4b922d14aa62675770e3caebd92e2"
+  "python-lazy-object-proxy-1.10.0.tar.gz": "bf9b2d8dbc0021dec2c61de7cd88a154a8ed3bc935503f07dcff9b1d83ddc42b"
  }
 }
diff --git a/SPECS-EXTENDED/python-lazy-object-proxy/python-lazy-object-proxy.spec b/SPECS-EXTENDED/python-lazy-object-proxy/python-lazy-object-proxy.spec
index 4b911f76a3..c9285d192e 100644
--- a/SPECS-EXTENDED/python-lazy-object-proxy/python-lazy-object-proxy.spec
+++ b/SPECS-EXTENDED/python-lazy-object-proxy/python-lazy-object-proxy.spec
@@ -1,22 +1,31 @@
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
 %global srcname lazy-object-proxy
 %global sum A fast and thorough lazy object proxy
 
 Name:           python-%{srcname}
-Version:        1.4.3
-Release:        4%{?dist}
+Version:        1.10.0
+Release:        6%{?dist}
 Summary:        %{sum}
 
-License:        BSD
+License:        BSD-2-Clause
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
 Url:            https://github.com/ionelmc/python-%{srcname}
-Source0:        https://github.com/ionelmc/python-%{srcname}/archive/v%{version}/%{srcname}-%{version}.tar.gz#/python-%{srcname}-%{version}.tar.gz
-Patch0:         scm-deversion.patch
+Source0:        https://github.com/ionelmc/python-%{srcname}/archive/v%{version}/%{srcname}-%{version}.tar.gz#/%{name}-%{version}.tar.gz
 
 BuildRequires:  gcc
 BuildRequires:  python%{python3_pkgversion}-devel
 BuildRequires:  python%{python3_pkgversion}-setuptools
 BuildRequires:  python%{python3_pkgversion}-setuptools_scm
+BuildRequires:  python%{python3_pkgversion}-tox-current-env
+BuildRequires:  python%{python3_pkgversion}-wheel
+BuildRequires:  python%{python3_pkgversion}-pip
+#for tests
+BuildRequires: 	python%{python3_pkgversion}-tox
+BuildRequires:  python%{python3_pkgversion}-pluggy
+BuildRequires: 	python%{python3_pkgversion}-py
+BuildRequires: 	python%{python3_pkgversion}-filelock
+BuildRequires: 	python%{python3_pkgversion}-toml
+BuildRequires: 	python%{python3_pkgversion}-six
 
 %description
 A fast and thorough lazy object proxy.
@@ -32,14 +41,17 @@ A fast and thorough lazy object proxy.
 %prep
 %autosetup -n python-%{srcname}-%{version} -p0
 
+#%%generate_buildrequires
+#%%pyproject_buildrequires -t
+
 %build
-%py3_build
+%pyproject_wheel
 
 %install
-%py3_install
+%pyproject_install
 
 %check
-%{__python3} setup.py test
+%tox
 
 # Note that there is no %%files section for the unversioned python module if we are building for several python runtimes
 %files -n python%{python3_pkgversion}-%{srcname}
@@ -50,8 +62,91 @@ A fast and thorough lazy object proxy.
 %exclude %{python3_sitearch}/lazy_object_proxy/cext.c
 
 %changelog
-* Fri Oct 15 2021 Pawel Winogrodzki  - 1.4.3-4
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Fri Mar 14 2025 Akhila Guruju  - 1.10.0-6
+-  Initial Azure Linux import from Fedora 41 (license: MIT).
+- License verified
+
+* Fri Jul 19 2024 Fedora Release Engineering  - 1.10.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Jun 07 2024 Python Maint  - 1.10.0-4
+- Rebuilt for Python 3.13
+
+* Fri Jan 26 2024 Fedora Release Engineering  - 1.10.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Jan 22 2024 Fedora Release Engineering  - 1.10.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Dec 18 2023 Gwyn Ciesla  - 1.10.0-1
+- 1.10.0
+
+* Fri Jul 21 2023 Fedora Release Engineering  - 1.9.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Tue Jun 13 2023 Python Maint  - 1.9.0-4
+- Rebuilt for Python 3.12
+
+* Wed Mar 01 2023 Gwyn Ciesla  - 1.9.0-3
+- migrated to SPDX license
+
+* Fri Jan 20 2023 Fedora Release Engineering  - 1.9.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Fri Jan 06 2023 Gwyn Ciesla  - 1.9.0-1
+- 1.9.0
+
+* Wed Oct 26 2022 Gwyn Ciesla  - 1.8.0-1
+- 1.8.0
+
+* Fri Jul 22 2022 Fedora Release Engineering  - 1.7.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Mon Jun 13 2022 Python Maint  - 1.7.1-3
+- Rebuilt for Python 3.11
+
+* Fri Jan 21 2022 Fedora Release Engineering  - 1.7.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Dec 17 2021 Gwyn Ciesla  - 1.7.1-1
+- 1.7.1
+
+* Wed Dec 15 2021 Gwyn Ciesla  - 1.7.0-1
+- 1.7.0
+- scmver patch upstreamed.
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 1.6.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Thu Jun 03 2021 Python Maint  - 1.6.0-3
+- Rebuilt for Python 3.10
+
+* Wed Mar 24 2021 Gwyn Ciesla  - 1.6.0-2
+- Patch for setuptools-scm >=6.0
+
+* Mon Mar 22 2021 Gwyn Ciesla  - 1.6.0-1
+- 1.6.0
+
+* Tue Feb 16 2021 Gwyn Ciesla  - 1.5.2-3
+- Drop scm-deversion patch
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 1.5.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Nov 30 2020 Gwyn Ciesla  - 1.5.2-1
+- 1.5.2
+
+* Wed Jul 29 2020 Fedora Release Engineering  - 1.5.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jul 22 2020 Gwyn Ciesla  - 1.5.1-1
+- 1.5.1
+
+* Fri Jun 05 2020 Gwyn Ciesla  - 1.5.0-1
+- 1.5.0
+
+* Sat May 23 2020 Miro Hrončok  - 1.4.3-4
+- Rebuilt for Python 3.9
 
 * Thu Jan 30 2020 Fedora Release Engineering  - 1.4.3-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
diff --git a/SPECS-EXTENDED/python-pymongo/SOURCES/0001-Use-ssl.match_hostname-from-the-Python-stdlib.patch b/SPECS-EXTENDED/python-pymongo/SOURCES/0001-Use-ssl.match_hostname-from-the-Python-stdlib.patch
deleted file mode 100644
index 9de0fdf1b1..0000000000
--- a/SPECS-EXTENDED/python-pymongo/SOURCES/0001-Use-ssl.match_hostname-from-the-Python-stdlib.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff --git a/pymongo/pool.py b/pymongo/pool.py
-index 859d0e0..f55fd8e 100644
---- a/pymongo/pool.py
-+++ b/pymongo/pool.py
-@@ -49,8 +49,7 @@ from pymongo.network import (command,
-                              SocketChecker)
- from pymongo.read_preferences import ReadPreference
- from pymongo.server_type import SERVER_TYPE
--# Always use our backport so we always have support for IP address matching
--from pymongo.ssl_match_hostname import match_hostname, CertificateError
-+from ssl import match_hostname, CertificateError
- 
- # For SNI support. According to RFC6066, section 3, IPv4 and IPv6 literals are
- # not permitted for SNI hostname.
diff --git a/SPECS-EXTENDED/python-pymongo/python-pymongo.signatures.json b/SPECS-EXTENDED/python-pymongo/python-pymongo.signatures.json
index 0353f3916a..62b1251885 100644
--- a/SPECS-EXTENDED/python-pymongo/python-pymongo.signatures.json
+++ b/SPECS-EXTENDED/python-pymongo/python-pymongo.signatures.json
@@ -1,5 +1,5 @@
 {
-    "Signatures": {
-        "pymongo-3.10.1.tar.gz": "24dc5aa6f379de44ce5299b610d72e92a401a2b4fdac3516dfed536cc5b080fe"
-    }
-}
+ "Signatures": {
+  "python-pymongo-4.2.0.tar.gz": "efd44e18a6f16156f8495d7786afbdc3952d1d09cfe9ad022bee3b86a6535e3f"
+ }
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/python-pymongo/python-pymongo.spec b/SPECS-EXTENDED/python-pymongo/python-pymongo.spec
index 96b485df4e..3831365801 100644
--- a/SPECS-EXTENDED/python-pymongo/python-pymongo.spec
+++ b/SPECS-EXTENDED/python-pymongo/python-pymongo.spec
@@ -1,34 +1,22 @@
 %global bootstrap 0
 
-%{!?python3_sitearch: %define python3_sitearch %(python3 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")}
-%{!?__python3: %global __python3 /usr/bin/python3}
-%{!?py3_build: %define py3_build CFLAGS="%{optflags}" %{__python3} setup.py build}
-%{!?py3_install: %define py3_install %{__python3} setup.py install --skip-build --root %{buildroot}}
-
 Name:           python-pymongo
-Version:        3.10.1
-Release:        6%{?dist}
-# All code is ASL 2.0 except for:
-# - bson/time64*.{c,h} - MIT,
-# - encoding_helpers.c - Unicode with a "Portions Copyright 2001 Unicode, Inc." header,
-# - ssl_match_hostname.py - Python-2.0
-License:        ASL 2.0 and MIT and Python-2.0 and Unicode
-Summary:        Python driver for MongoDB
-URL:            https://github.com/mongodb/mongo-python-driver
+Version:        4.2.0
+Release:        9%{?dist}
+# All code is ASL 2.0 except bson/time64*.{c,h} which is MIT
+License:        ASL 2.0 and MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
-Source0:        https://github.com/mongodb/mongo-python-driver/archive/%{version}/pymongo-%{version}.tar.gz
-# This patch removes the bundled ssl.match_hostname library as it was vulnerable to CVE-2013-7440
-# and CVE-2013-2099, and wasn't needed anyway since Fedora >= 22 has the needed module in the Python
-# standard library. It also adjusts imports so that they exclusively use the code from Python.
-Patch01:        0001-Use-ssl.match_hostname-from-the-Python-stdlib.patch
+Summary:        Python driver for MongoDB
+URL:            https://pymongo.readthedocs.io/en/stable/
+Source0:        https://github.com/mongodb/mongo-python-driver/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 BuildRequires:  gcc
+BuildRequires:  make
 %if 0%{!?bootstrap:1}
 BuildRequires:  python3-sphinx
 %endif
 BuildRequires:  python3-devel
 BuildRequires:  python3-setuptools
-BuildRequires:  python3-xml
 
 %description
 The Python driver for MongoDB.
@@ -69,20 +57,14 @@ GridFS is a storage specification for large objects in MongoDB.  This package
 contains the python3 version of this module.
 
 %prep
-%setup -q -n mongo-python-driver-%{version}
-%patch 01 -p1 -b .ssl
-
-# Remove the bundled ssl.match_hostname library as it was vulnerable to CVE-2013-7440
-# and CVE-2013-2099, and isn't needed anyway since Fedora >= 22 has the needed module in the Python
-# standard library.
-rm pymongo/ssl_match_hostname.py
+%autosetup -n mongo-python-driver-%{version}
 
 %build
 %py3_build
 
 %if 0%{!?bootstrap:1}
 pushd doc
-make %{?_smp_mflags} html
+%make_build html
 popd
 %endif
 
@@ -93,34 +75,73 @@ chmod 755 %{buildroot}%{python3_sitearch}/bson/*.so
 chmod 755 %{buildroot}%{python3_sitearch}/pymongo/*.so
 
 %files doc
-%license LICENSE THIRD-PARTY-NOTICES
+%license LICENSE
 %if 0%{!?bootstrap:1}
 %doc doc/_build/html/*
 %endif
 
 %files -n python3-bson
-%license LICENSE THIRD-PARTY-NOTICES
+%license LICENSE
 %doc README.rst
 %{python3_sitearch}/bson
 
 %files -n python3-pymongo
-%license LICENSE THIRD-PARTY-NOTICES
+%license LICENSE
 %doc README.rst
 %{python3_sitearch}/pymongo
 %{python3_sitearch}/pymongo-%{version}-*.egg-info
 
 %files -n python3-pymongo-gridfs
-%license LICENSE THIRD-PARTY-NOTICES
+%license LICENSE
 %doc README.rst
 %{python3_sitearch}/gridfs
 
 %changelog
-* Tue Sep 03 2024 Pawel Winogrodzki  - 3.10.1-6
-- Release bump to fix package information.
+* Mon Dec 23 2024 Akhila Guruju  - 4.2.0-9
+- Initial Azure Linux import from Fedora 41 (license: MIT).
 - License verified.
 
-* Mon Oct 19 2020 Steve Laughman  - 3.10.1-5
-- Initial CBL-Mariner import from Fedora 33 (license: MIT)
+* Fri Jul 19 2024 Fedora Release Engineering  - 4.2.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Jun 07 2024 Python Maint  - 4.2.0-7
+- Rebuilt for Python 3.13
+
+* Fri Jan 26 2024 Fedora Release Engineering  - 4.2.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Jan 22 2024 Fedora Release Engineering  - 4.2.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jul 21 2023 Fedora Release Engineering  - 4.2.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Tue Jun 13 2023 Python Maint  - 4.2.0-3
+- Rebuilt for Python 3.12
+
+* Fri Jan 20 2023 Fedora Release Engineering  - 4.2.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Sat Aug 27 2022 Orion Poplawski  - 4.2.0-1
+- Update to 4.2.0
+
+* Fri Jul 22 2022 Fedora Release Engineering  - 3.10.1-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Mon Jun 13 2022 Python Maint  - 3.10.1-9
+- Rebuilt for Python 3.11
+
+* Fri Jan 21 2022 Fedora Release Engineering  - 3.10.1-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 3.10.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri Jun 04 2021 Python Maint  - 3.10.1-6
+- Rebuilt for Python 3.10
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 3.10.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 
 * Wed Jul 29 2020 Fedora Release Engineering  - 3.10.1-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
diff --git a/SPECS-EXTENDED/python-requests-toolbelt/SOURCES/python-requests-toolbelt-fix-unhandled-exception-from-tests.patch b/SPECS-EXTENDED/python-requests-toolbelt/SOURCES/python-requests-toolbelt-fix-unhandled-exception-from-tests.patch
deleted file mode 100644
index 832e0e29a7..0000000000
--- a/SPECS-EXTENDED/python-requests-toolbelt/SOURCES/python-requests-toolbelt-fix-unhandled-exception-from-tests.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-From c4f918572751151eb3bfc7dfa94580b3e2867a9e Mon Sep 17 00:00:00 2001
-From: Jon Dufresne 
-Date: Sun, 3 Feb 2019 09:02:24 -0800
-Subject: [PATCH] Fix unhandled exceptions from threads during tests
-
-A queue.Queue() object was not always passed to SessionThread. In this
-case, SessionThread._make_request() would raise an exception trying to
-call methods on the expected object. Now, always pass a usable object to
-SessionThread.
-
-Previously appeared as:
-
-    Traceback (most recent call last):
-      File "/usr/lib64/python3.7/threading.py", line 917, in _bootstrap_inner
-        self.run()
-      File "/usr/lib64/python3.7/threading.py", line 865, in run
-        self._target(*self._args, **self._kwargs)
-      File "toolbelt/requests_toolbelt/threaded/thread.py", line 41, in _make_request
-        kwargs = self._jobs.get_nowait()
-    AttributeError: 'NoneType' object has no attribute 'get_nowait'
-
-    Exception in thread cd08fad6-d21d-41b0-921e-737a149b12be:
-    Traceback (most recent call last):
-      File "/usr/lib64/python3.7/threading.py", line 917, in _bootstrap_inner
-        self.run()
-      File "/usr/lib64/python3.7/threading.py", line 865, in run
-        self._target(*self._args, **self._kwargs)
-      File "toolbelt/requests_toolbelt/threaded/thread.py", line 41, in _make_request
-        kwargs = self._jobs.get_nowait()
-    AttributeError: 'NoneType' object has no attribute 'get_nowait'
-
-    Exception in thread 4fb72f0d-ba1c-4a78-97a2-4a7283ea01fe:
-    Traceback (most recent call last):
-      File "/usr/lib64/python3.7/threading.py", line 917, in _bootstrap_inner
-        self.run()
-      File "/usr/lib64/python3.7/threading.py", line 865, in run
-        self._target(*self._args, **self._kwargs)
-      File "toolbelt/requests_toolbelt/threaded/thread.py", line 41, in _make_request
-        kwargs = self._jobs.get_nowait()
-    AttributeError: 'NoneType' object has no attribute 'get_nowait'
-
-    Exception in thread 5f3711af-0c01-4821-9e25-8074bbbf769b:
-    Traceback (most recent call last):
-      File "/usr/lib64/python3.7/threading.py", line 917, in _bootstrap_inner
-        self.run()
-      File "/usr/lib64/python3.7/threading.py", line 865, in run
-        self._target(*self._args, **self._kwargs)
-      File "toolbelt/requests_toolbelt/threaded/thread.py", line 41, in _make_request
-        kwargs = self._jobs.get_nowait()
-    AttributeError: 'NoneType' object has no attribute 'get_nowait'
-
-https://github.com/requests/toolbelt/commit/c4f918572751151eb3bfc7dfa94580b3e2867a9e
----
- tests/threaded/test_pool.py   | 15 ++++++++++-----
- tests/threaded/test_thread.py |  5 ++++-
- 2 files changed, 14 insertions(+), 6 deletions(-)
-
-diff --git a/tests/threaded/test_pool.py b/tests/threaded/test_pool.py
-index b0653bb..b949dd8 100644
---- a/tests/threaded/test_pool.py
-+++ b/tests/threaded/test_pool.py
-@@ -26,32 +26,37 @@ def test_requires_positive_number_of_processes(self):
- 
-     def test_number_of_processes_can_be_arbitrary(self):
-         """Show that the number of processes can be set."""
--        p = pool.Pool(None, num_processes=100)
-+        job_queue = queue.Queue()
-+        p = pool.Pool(job_queue, num_processes=100)
-         assert p._processes == 100
-         assert len(p._pool) == 100
- 
--        p = pool.Pool(None, num_processes=1)
-+        job_queue = queue.Queue()
-+        p = pool.Pool(job_queue, num_processes=1)
-         assert p._processes == 1
-         assert len(p._pool) == 1
- 
-     def test_initializer_is_called(self):
-         """Ensure that the initializer function is called."""
-+        job_queue = queue.Queue()
-         initializer = mock.MagicMock()
--        pool.Pool(None, num_processes=1, initializer=initializer)
-+        pool.Pool(job_queue, num_processes=1, initializer=initializer)
-         assert initializer.called is True
-         initializer.assert_called_once_with(mock.ANY)
- 
-     def test_auth_generator_is_called(self):
-         """Ensure that the auth_generator function is called."""
-+        job_queue = queue.Queue()
-         auth_generator = mock.MagicMock()
--        pool.Pool(None, num_processes=1, auth_generator=auth_generator)
-+        pool.Pool(job_queue, num_processes=1, auth_generator=auth_generator)
-         assert auth_generator.called is True
-         auth_generator.assert_called_once_with(mock.ANY)
- 
-     def test_session_is_called(self):
-         """Ensure that the session function is called."""
-+        job_queue = queue.Queue()
-         session = mock.MagicMock()
--        pool.Pool(None, num_processes=1, session=session)
-+        pool.Pool(job_queue, num_processes=1, session=session)
-         assert session.called is True
-         session.assert_called_once_with()
- 
-diff --git a/tests/threaded/test_thread.py b/tests/threaded/test_thread.py
-index bb92f7f..fd7e96b 100644
---- a/tests/threaded/test_thread.py
-+++ b/tests/threaded/test_thread.py
-@@ -19,6 +19,8 @@ def _make_mocks():
- 
- def _initialize_a_session_thread(session=None, job_queue=None,
-                                  response_queue=None, exception_queue=None):
-+    if job_queue is None:
-+        job_queue = queue.Queue()
-     with mock.patch.object(threading, 'Thread') as Thread:
-         thread_instance = mock.MagicMock()
-         Thread.return_value = thread_instance
-@@ -52,10 +54,11 @@ def test_thread_initialization(self):
- 
-     def test_is_alive_proxies_to_worker(self):
-         """Test that we proxy the is_alive method to the Thread."""
-+        job_queue = queue.Queue()
-         with mock.patch.object(threading, 'Thread') as Thread:
-             thread_instance = mock.MagicMock()
-             Thread.return_value = thread_instance
--            st = thread.SessionThread(None, None, None, None)
-+            st = thread.SessionThread(None, job_queue, None, None)
- 
-         st.is_alive()
-         thread_instance.is_alive.assert_called_once_with()
diff --git a/SPECS-EXTENDED/python-requests-toolbelt/SOURCES/python-requests-toolbelt-pass-session-into-tests.patch b/SPECS-EXTENDED/python-requests-toolbelt/SOURCES/python-requests-toolbelt-pass-session-into-tests.patch
deleted file mode 100644
index 57927a61af..0000000000
--- a/SPECS-EXTENDED/python-requests-toolbelt/SOURCES/python-requests-toolbelt-pass-session-into-tests.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 1314a8ea82f4dcfb23e670f17d1b40c23ba230c4 Mon Sep 17 00:00:00 2001
-From: Alexander Mangin 
-Date: Wed, 3 Apr 2019 12:57:40 +0500
-Subject: [PATCH] Pass session into some tests
-
----
- ...ream_response_without_content_length_to_file.json |  1 +
- tests/test_multipart_encoder.py                      | 12 ++++++------
- 2 files changed, 7 insertions(+), 6 deletions(-)
- create mode 100644 tests/cassettes/stream_response_without_content_length_to_file.json
-
-diff --git a/tests/cassettes/stream_response_without_content_length_to_file.json b/tests/cassettes/stream_response_without_content_length_to_file.json
-new file mode 100644
-index 0000000..f2bf898
---- /dev/null
-+++ b/tests/cassettes/stream_response_without_content_length_to_file.json
-@@ -0,0 +1 @@
-+{"recorded_with": "betamax/0.4.1", "http_interactions": [{"request": {"uri": "https://api.github.com/repos/sigmavirus24/github3.py/releases/assets/37944", "method": "GET", "headers": {"Accept": ["application/octet-stream"], "Accept-Encoding": ["gzip, deflate"], "Connection": ["keep-alive"], "User-Agent": ["python-requests/2.5.3 CPython/2.7.9 Darwin/14.1.0"]}, "body": {"base64_string": "", "encoding": "utf-8"}}, "response": {"status": {"code": 302, "message": "Found"}, "url": "https://api.github.com/repos/sigmavirus24/github3.py/releases/assets/37944", "headers": {"access-control-allow-credentials": ["true"], "x-xss-protection": ["1; mode=block"], "vary": ["Accept-Encoding"], "location": ["https://s3.amazonaws.com/github-cloud/releases/3710711/365425c2-4e46-11e3-86fb-bb0d50a886e7.whl?response-content-disposition=attachment%3B%20filename%3Dgithub3.py-0.7.1-py2.py3-none-any.whl&response-content-type=application/octet-stream&AWSAccessKeyId=AKIAISTNZFOVBIJMK3TQ&Expires=1426166613&Signature=78anFgNgXLm3TIbo%2FbTEEk7m%2F34%3D"], "x-content-type-options": ["nosniff"], "content-security-policy": ["default-src 'none'"], "x-ratelimit-limit": ["60"], "status": ["302 Found"], "x-frame-options": ["deny"], "x-served-by": ["8dd185e423974a7e13abbbe6e060031e"], "server": ["GitHub.com"], "access-control-allow-origin": ["*"], "strict-transport-security": ["max-age=31536000; includeSubdomains; preload"], "x-github-request-id": ["48A0C951:54E7:48B5311:55019319"], "date": ["Thu, 12 Mar 2015 13:22:33 GMT"], "access-control-expose-headers": ["ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval"], "x-ratelimit-remaining": ["58"], "content-type": ["text/html;charset=utf-8"], "x-ratelimit-reset": ["1426170017"]}, "body": {"base64_string": "", "encoding": "utf-8"}}, "recorded_at": "2015-03-12T13:22:33"}, {"request": {"uri": "https://s3.amazonaws.com/github-cloud/releases/3710711/365425c2-4e46-11e3-86fb-bb0d50a886e7.whl?response-content-disposition=attachment%3B%20filename%3Dgithub3.py-0.7.1-py2.py3-none-any.whl&response-content-type=application/octet-stream&AWSAccessKeyId=AKIAISTNZFOVBIJMK3TQ&Expires=1426166613&Signature=78anFgNgXLm3TIbo%2FbTEEk7m%2F34%3D", "method": "GET", "headers": {"Accept": ["application/octet-stream"], "Accept-Encoding": ["gzip, deflate"], "Connection": ["keep-alive"], "User-Agent": ["python-requests/2.5.3 CPython/2.7.9 Darwin/14.1.0"]}, "body": {"base64_string": "", "encoding": "utf-8"}}, "response": {"status": {"code": 200, "message": "OK"}, "url": "https://s3.amazonaws.com/github-cloud/releases/3710711/365425c2-4e46-11e3-86fb-bb0d50a886e7.whl?response-content-disposition=attachment%3B%20filename%3Dgithub3.py-0.7.1-py2.py3-none-any.whl&response-content-type=application/octet-stream&AWSAccessKeyId=AKIAISTNZFOVBIJMK3TQ&Expires=1426166613&Signature=78anFgNgXLm3TIbo%2FbTEEk7m%2F34%3D", "headers": {"accept-ranges": ["bytes"], "content-disposition": ["attachment; filename=github3.py-0.7.1-py2.py3-none-any.whl"], "x-amz-id-2": ["9+TuHhbd7y2BUJaEV+mFpaDgjl1g9uSAPiZxwc6b2cYydhlhZSyKSuB7PQyiPBPD"], "x-amz-meta-surrogate-key": ["repository-3710711 user-240830"], "x-amz-request-id": ["4B4BFE6BF5135B8D"], "last-modified": ["Fri, 15 Nov 2013 22:35:23 GMT"], "x-amz-meta-surrogate-control": ["max-age=31557600"], "etag": ["\"6550854f02f7bf10b944070b84f38313\""], "date": ["Thu, 12 Mar 2015 13:22:35 GMT"], "cache-control": ["max-age=31557600"], "content-type": ["application/octet-stream"], "server": ["AmazonS3"]}, "body": {"base64_string": "", "encoding": null}}, "recorded_at": "2015-03-12T13:22:34"}]}
-diff --git a/tests/test_multipart_encoder.py b/tests/test_multipart_encoder.py
-index 575f54c..2d143ae 100644
---- a/tests/test_multipart_encoder.py
-+++ b/tests/test_multipart_encoder.py
-@@ -91,14 +91,14 @@ def test_accepts_encoded_strings_with_unicode(self):
- 
- class TestFileFromURLWrapper(unittest.TestCase):
-     def setUp(self):
--        s = requests.Session()
--        self.recorder = get_betamax(s)
-+        self.session = requests.Session()
-+        self.recorder = get_betamax(self.session)
- 
-     def test_read_file(self):
-         url = ('https://stxnext.com/static/img/logo.830ebe551641.svg')
-         with self.recorder.use_cassette(
-                 'file_for_download', **preserve_bytes):
--            self.instance = FileFromURLWrapper(url)
-+            self.instance = FileFromURLWrapper(url, session=self.session)
-             assert self.instance.len == 5177
-             chunk = self.instance.read(20)
-             assert chunk == b' - 0.9.1-13
-- Drop BR on pytest and pip install latest deps to enable ptest
+* Fri Mar 14 2025 Akhila Guruju  - 1.0.0-8
+- Initial Azure Linux import from Fedora 41 (license: MIT).
 - License verified
 
-* Wed Dec 09 2020 Steve Laughman  - 0.9.1-12
-- Initial CBL-Mariner import from Fedora 33 (license: MIT)
+* Fri Jul 19 2024 Fedora Release Engineering  - 1.0.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Jun 07 2024 Python Maint  - 1.0.0-6
+- Rebuilt for Python 3.13
+
+* Fri Jan 26 2024 Fedora Release Engineering  - 1.0.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Jan 22 2024 Fedora Release Engineering  - 1.0.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jul 21 2023 Fedora Release Engineering  - 1.0.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Wed Jun 14 2023 Python Maint  - 1.0.0-2
+- Rebuilt for Python 3.12
+
+* Mon May 08 2023 Parag Nemade  - 1.0.0-1
+- Update to 1.0.0 version (#2192400)
+
+* Fri Jan 20 2023 Fedora Release Engineering  - 0.10.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Mon Dec 05 2022 Parag Nemade  - 0.10.1-2
+- Update license tag to SPDX format
+
+* Wed Oct 26 2022 Parag Nemade  - 0.10.1-1
+- Update to 0.10.1 version (#2137927)
+
+* Tue Oct 11 2022 Parag Nemade  - 0.10.0-1
+- Update to 0.10.0 version (#2133011)
+
+* Fri Jul 22 2022 Fedora Release Engineering  - 0.9.1-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Tue Jun 14 2022 Python Maint  - 0.9.1-18
+- Rebuilt for Python 3.11
+
+* Fri Jan 21 2022 Fedora Release Engineering  - 0.9.1-17
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Jan 06 2022 Miro Hrončok  - 0.9.1-16
+- Drop build dependency on deprecated python3-mock
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 0.9.1-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri Jun 04 2021 Python Maint  - 0.9.1-14
+- Rebuilt for Python 3.10
+
+* Sat May 15 2021 Parag Nemade  - 0.9.1-13
+- Disable some tests for Python 3.10 bootstrap process
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 0.9.1-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 
 * Sun Oct 18 2020 Parag Nemade  - 0.9.1-11
 - Ignore failing tests (rh#1863713)
@@ -78,6 +132,7 @@ py.test -v --ignore=tests/test_x509_adapter.py
 * Sat Aug 01 2020 Fedora Release Engineering  - 0.9.1-10
 - Second attempt - Rebuilt for
   https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
 * Wed Jul 29 2020 Fedora Release Engineering  - 0.9.1-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 
@@ -170,3 +225,4 @@ py.test -v --ignore=tests/test_x509_adapter.py
 
 * Mon Feb 02 2015 Parag Nemade  - 0.3.1-1
 - Initial packaging
+
diff --git a/SPECS-EXTENDED/regexp/regexp.spec b/SPECS-EXTENDED/regexp/regexp.spec
index 7ff0246ca2..3107b196ff 100644
--- a/SPECS-EXTENDED/regexp/regexp.spec
+++ b/SPECS-EXTENDED/regexp/regexp.spec
@@ -23,12 +23,12 @@ Distribution:   Azure Linux
 %define section         free
 Name:           regexp
 Version:        1.5
-Release:        23%{?dist}
+Release:        24%{?dist}
 Summary:        Simple regular expressions API
 License:        Apache-2.0
 Group:          Development/Libraries/Java
-Url:            http://jakarta.apache.org/%{name}/
-Source0:        http://www.apache.org/dist/jakarta/regexp/jakarta-regexp-%{version}.tar.gz
+Url:            https://jakarta.apache.org/%{name}/
+Source0:        https://archive.apache.org/dist/jakarta/regexp/source/jakarta-regexp-%{version}.tar.gz
 Source1:        regexp-%{version}.pom
 BuildRequires:  ant
 BuildRequires:  ant >= 1.6
@@ -58,7 +58,7 @@ find . -type f -name "*.jar" | xargs -t rm
 export OPT_JAR_LIST=:
 export CLASSPATH=
 mkdir lib
-ant -Djakarta-site2.dir=. -Dant.build.javac.source=1.6 -Dant.build.javac.target=1.6  jar
+ant -Djakarta-site2.dir=. -Dant.build.javac.source=1.7 -Dant.build.javac.target=1.7  jar
 
 %install
 # jars
@@ -79,6 +79,10 @@ install -p -m 0644 %{SOURCE1} %{buildroot}%{_mavenpomdir}/JPP-%{name}.pom
 %{_datadir}/maven-metadata/%{name}.xml*
 
 %changelog
+* Fri Mar 21 2025 Aninda Pradhan  - 1.5-24
+- Fixed build failure caused by javac source & target version 6 not being supported.
+- License Verified
+
 * Thu Oct 14 2021 Pawel Winogrodzki  - 1.5-23
 - Converting the 'Release' tag to the '[number].[distribution]' format.
 
diff --git a/SPECS-EXTENDED/ripgrep/ripgrep.spec b/SPECS-EXTENDED/ripgrep/ripgrep.spec
index 544c2c754f..6c4a739656 100644
--- a/SPECS-EXTENDED/ripgrep/ripgrep.spec
+++ b/SPECS-EXTENDED/ripgrep/ripgrep.spec
@@ -20,7 +20,7 @@
 
 Name:           ripgrep
 Version:        13.0.0
-Release:        5%{?dist}
+Release:        6%{?dist}
 Summary:        A search tool that combines ag with grep
 License:        MIT AND Unlicense
 Vendor:         Microsoft Corporation
@@ -31,7 +31,7 @@ Source0:        %{url}/archive/%{version}/%{name}-%{version}.tar.gz
 Source1:        %{name}-%{version}-vendor.tar.xz
 Source2:        cargo_config
 BuildRequires:  cargo
-BuildRequires:  rust >= 1.31
+BuildRequires:  rust
 BuildRequires:  rubygem(asciidoctor)
 
 %description
@@ -104,6 +104,9 @@ install -Dm 644 complete/_rg %{buildroot}%{_datadir}/zsh/site-functions/_rg
 %{_datadir}/zsh
 
 %changelog
+* Mon Apr 21 2025 Kavya Sree Kaitepalli  - 13.0.0-6
+- Bump release to build with rust 1.85.0
+
 * Thu Sep 07 2023 Daniel McIlvaney  - 13.0.0-5
 - Bump package to rebuild with rust 1.72.0
 
diff --git a/SPECS-EXTENDED/rp-pppoe/pppoe-connect b/SPECS-EXTENDED/rp-pppoe/pppoe-connect
deleted file mode 100755
index 0e40ad6187..0000000000
--- a/SPECS-EXTENDED/rp-pppoe/pppoe-connect
+++ /dev/null
@@ -1,398 +0,0 @@
-#! /bin/bash
-# Generated automatically from pppoe-connect.in by configure.
-#***********************************************************************
-#
-# pppoe-connect
-#
-# Shell script to connect to an PPPoE provider using PPPoE
-#
-# Copyright (C) 2000 Roaring Penguin Software Inc.
-#
-# $Id$
-#
-# This file may be distributed under the terms of the GNU General
-# Public License.
-#
-# Usage: pppoe-connect [config_file]
-#        pppoe-connect interface user [config_file]
-# Second form overrides USER and ETH from config file.
-# If config_file is omitted, defaults to /etc/ppp/pppoe.conf
-#
-#***********************************************************************
-
-# From AUTOCONF
-prefix=/usr
-exec_prefix=/usr
-localstatedir=/var
-
-# Paths to programs
-IP=/usr/sbin/ip
-PPPD=/usr/sbin/pppd
-SETSID=/usr/bin/setsid
-PPPOE=/usr/sbin/pppoe
-BR2684CTL=/usr/sbin/br2684ctl
-LOGGER="/usr/bin/logger -t `basename $0`"
-NETWORKDIR=/etc/sysconfig/network-scripts
-LS=/usr/bin/ls
-
-get_device() {
-    if [ ! -d $NETWORKDIR ] ; then
-        $ECHO "** $NETWORKDIR not found"
-        $ECHO "** Quitting"
-        exit 1
-    fi
-
-    cd $NETWORKDIR
-    interfaces=$($LS ifcfg-ppp* 2>/dev/null | egrep -v '(~|\.bak)$' | \
-                 egrep -v '(rpmsave|rpmorig|rpmnew)' | sed 's/^ifcfg-//g')
-
-    for i in $interfaces ; do
-        test -f ifcfg-$i && . ifcfg-$i 2>/dev/null
-        if [ "$TYPE" = "xDSL" ] ; then
-            CONFIG=$NETWORKDIR/ifcfg-$i
-            break
-        fi
-    done
-}
-
-# Set to "C" locale so we can parse messages from commands
-LANG=C
-export LANG
-
-# Must be root
-if test "`/usr/bin/id -u`" != 0 ; then
-    echo "$0: You must be root to run this script" >& 2
-    exit 1
-fi
-
-if test "$SETSID" != "" -a ! -x "$SETSID"; then
-    SETSID=""
-fi
-
-USER=""
-ETH=""
-
-# Sort out command-line arguments
-case "$#" in
-    1)
-	CONFIG="$1"
-	;;
-    3)
-	CONFIG="$3"
-	;;
-esac
-
-if [ -z "$CONFIG" ] ; then
-    get_device
-    [ -z "$CONFIG" ] && CONFIG=/etc/ppp/pppoe.conf
-fi
-
-if test ! -f "$CONFIG" -o ! -r "$CONFIG" ; then
-    echo "$0: Cannot read configuration file '$CONFIG'" >& 2
-    exit 1
-fi
-
-export CONFIG
-. $CONFIG
-
-DEVNAME="$DEVICE"
-PPPOE_PIDFILE="$PIDFILE.pppoe"
-PPPD_PIDFILE="$PIDFILE.pppd"
-
-if [ "$CONFIG" != "/etc/ppp/pppoe.conf" ] ; then
-   DEVNAME=`basename $CONFIG | sed 's/^ifcfg-//g'`
-fi
-
-if [ -n "$BR2684DEV" ]; then
-	[ -z "$ETH" ] && ETH="nas$BR2684DEV"
-	modprobe br2684 > /dev/null 2>&1
-fi
-
-# Check for command-line overriding of ETH and USER
-case "$#" in
-    2|3)
-	ETH="$1"
-	USER="$2"
-	;;
-esac
-
-# Check that config file is sane
-if test "$USER" = "" ; then
-    echo "$0: Check '$CONFIG' -- no setting for USER" >& 2
-    exit 1
-fi
-if test "`basename \"$LINUX_PLUGIN\"`" = "pppoatm.so" ; then
-    if test "$VCI" = "" ; then
-	echo "$0: Check '$CONFIG' -- no setting for VCI" >& 2
-	exit 1
-    fi
-    if test "$VPI" = "" ; then
-	echo "$0: Check '$CONFIG' -- no setting for VPI" >& 2
-	exit 1
-    fi
-else
-    if test "$ETH" = "" ; then
-	echo "$0: Check '$CONFIG' -- no setting for ETH" >& 2
-	exit 1
-    fi
-fi
-
-PPPD_PID=0
-
-# Catch common error
-if test "$DEBUG" = "1" ; then
-    echo "*** If you want to use DEBUG, invoke pppoe-start, not pppoe-connect."
-    exit 1
-fi
-
-if test "$DEBUG" != "" ; then
-    if test "$LINUX_PLUGIN" != "" ; then
-	echo "Cannot use DEBUG mode and LINUX_PLUGIN at the same time."
-	echo "Kernel-mode PPPoE is experimental and unsupported."
-	exit 1
-    fi
-    echo "* The following section identifies your Ethernet interface" >> $DEBUG
-    echo "* and user name.  Some ISP's need 'username'; others" >> $DEBUG
-    echo "* need 'username@isp.com'.  Try both" >> $DEBUG
-    echo "ETH=$ETH; USER=$USER" >> $DEBUG
-    echo "---------------------------------------------" >> $DEBUG
-fi
-
-# MTU of Ethernet card attached to modem MUST be 1500.  This apparently
-# fails on some *BSD's, so we'll only do it under Linux
-
-if test `uname -s` = Linux ; then
-    $IP link set $ETH up mtu 1500 
-    # For 2.4 kernels.  Will fail on 2.2.x, but who cares?
-    modprobe ppp_generic > /dev/null 2>&1
-    modprobe ppp_async > /dev/null 2>&1
-    modprobe ppp_synctty > /dev/null 2>&1
-    if test -n "$LINUX_PLUGIN" ; then
-	modprobe pppox > /dev/null 2>&1
-	modprobe pppoe > /dev/null 2>&1
-    fi
-fi
-
-if test "$SYNCHRONOUS" = "yes" ; then
-	PPPOE_SYNC=-s
-	PPPD_SYNC=sync
-	# Increase the chances of it working on Linux...
-	if test `uname -s` = Linux ; then
-	    modprobe n_hdlc > /dev/null 2>&1
-	fi
-else
-	PPPOE_SYNC=""
-	PPPD_SYNC=""
-fi
-
-if test -n "$ACNAME" ; then
-    ACNAME="-C $ACNAME"
-fi
-
-if test -n "$SERVICENAME" ; then
-    SERVICENAMEOPT="-S $SERVICENAME"
-else
-    SERVICENAMEOPT=""
-fi
-
-if test "$CLAMPMSS" = "no" ; then
-	CLAMPMSS=""
-else
-	CLAMPMSS="-m $CLAMPMSS"
-fi
-
-# If DNSTYPE is SERVER, we must use "usepeerdns" option to pppd.
-if test "$DNSTYPE" = "SERVER" ; then
-	PEERDNS=yes
-   USEPEERDNS=yes
-fi
-
-if test "$PEERDNS" = "yes" ; then
-	PEERDNS="usepeerdns"
-else
-	PEERDNS=""
-fi
-
-# Backward config file compatibility -- PEERDNS used to be USEPEERDNS
-if test "$USEPEERDNS" = "yes" ; then
-    PEERDNS="usepeerdns"
-fi
-if test "$USEPEERDNS" = "no" ; then
-    PEERDNS=""
-fi
-
-if [ -z "$DEVICE" ] ; then
-    IPPARAM=""
-    LINKNAME=""
-else
-    IPPARAM="ipparam ${DEVNAME}"
-    LINKNAME="linkname ${DEVICE}"
-fi
-
-[ -z "$MTU" ] && MTU="1492"
-[ -z "$MRU" ] && MRU="1492"
-
-# Backward config file compatibility
-if test "$DEMAND" = "" ; then
-	DEMAND=no
-fi
-
-if test "$DEMAND" = "no" ; then
-	DEMAND=""
-else
-	[ -z "$IPADDR" ] && IPADDR=10.112.112.112
-	[ -z "$REMIP" ]  && REMIP=10.112.112.113
-
-	DEMAND="demand persist idle $CONNECT_TIMEOUT $IPADDR:$REMIP ipcp-accept-remote ipcp-accept-local noipdefault ktune"
-	# The plugin doesn't need (and may not _accept_) the 'connect' option
-	if [ -z "$LINUX_PLUGIN" ]; then
-		DEMAND="$DEMAND connect true"
-	fi
-fi
-
-case "$FIREWALL" in
-    STANDALONE)
-	. /etc/ppp/firewall-standalone
-	;;
-    MASQUERADE)
-	. /etc/ppp/firewall-masq
-	;;
-esac
-
-# If we're using kernel-mode PPPoE on Linux...
-if test "`basename \"$LINUX_PLUGIN\"`" = "rp-pppoe.so" ; then
-    PLUGIN_OPTS="plugin $LINUX_PLUGIN nic-$ETH"
-    if test -n "$SERVICENAME" ; then
-       PLUGIN_OPTS="$PLUGIN_OPTS rp_pppoe_service $SERVICENAME"
-    fi
-    modprobe pppoe > /dev/null 2>&1
-fi
-# If we're using kernel-mode PPPoATM on Linux...
-if test "`basename \"$LINUX_PLUGIN\"`" = "pppoatm.so" ; then
-    PLUGIN_OPTS="plugin $LINUX_PLUGIN"
-
-    # Interface name MUST BE LAST!!
-    PLUGIN_OPTS="$PLUGIN_OPTS $VPI.$VCI"
-    modprobe pppoatm > /dev/null 2>&1
-fi
-if test "$DEFROUTE" != "no" ; then
-    DEFAULTROUTE="defaultroute"
-    # pppd will no longer delete an existing default route
-    # so we have to help it out a little here.
-    DEFRT=$(ip route list match 0/0)
-    [ -n "${DEFRT}" ] && echo "$DEFRT" > /etc/default-routes
-    echo "$DEFRT" | while read spec; do
-        $IP route del $spec;
-    done
-else
-    DEFAULTROUTE=""
-fi
-
-# Standard PPP options we always use
-PPP_STD_OPTIONS="$IPPARAM $LINKNAME $PLUGIN_OPTS noipdefault noauth default-asyncmap $DEFAULTROUTE hide-password nodetach $PEERDNS mtu $MTU mru $MRU noaccomp nodeflate nopcomp novj novjccomp user $USER lcp-echo-interval $LCP_INTERVAL lcp-echo-failure $LCP_FAILURE $PPPD_EXTRA"
-
-# PPPoE invocation
-PPPOE_CMD="$PPPOE -p $PPPOE_PIDFILE -I $ETH -T $PPPOE_TIMEOUT -U $PPPOE_SYNC $CLAMPMSS $ACNAME $SERVICENAMEOPT $PPPOE_EXTRA"
-if test "$DEBUG" != "" ; then
-    if test "$DEMAND" != "" ; then
-	echo "(Turning off DEMAND for debugging purposes)"
-	DEMAND=""
-    fi
-    echo "* The following section shows the pppd command we will invoke" >> $DEBUG
-    echo "pppd invocation" >> $DEBUG
-    echo "$SETSID $PPPD pty '$PPPOE_CMD' $PPP_STD_OPTIONS $PPPD_SYNC debug" >> $DEBUG
-    echo "---------------------------------------------" >> $DEBUG
-    $SETSID $PPPD pty "$PPPOE_CMD -D $DEBUG-0" \
-	$PPP_STD_OPTIONS \
-	$PPPD_SYNC \
-	debug >> $DEBUG 2>&1
-    echo "---------------------------------------------" >> $DEBUG
-    echo "* The following section is an extract from your log." >> $DEBUG
-    echo "* Look for error messages from pppd, such as" >> $DEBUG
-    echo "* a lack of kernel support for PPP, authentication failure" >> $DEBUG
-    echo "* etc." >> $DEBUG
-    if test -f "/var/log/messages" ; then
-	echo "Extract from /var/log/messages" >> $DEBUG
-	grep 'ppp' /var/log/messages | tail -150 >> $DEBUG
-    elif test -f "/var/adm/messages"; then
-	echo "Extract from /var/adm/messages" >> $DEBUG
-	grep 'ppp' /var/adm/messages | tail -150 >> $DEBUG
-    else
-        echo "Can't find messages file (looked for /var/{log,adm}/messages" >> $DEBUG
-    fi
-    date >> $DEBUG
-    echo "---------------------------------------------" >> $DEBUG
-    echo "* The following section is a dump of the packets" >> $DEBUG
-    echo "* sent and received by rp-pppoe.  If you don't see" >> $DEBUG
-    echo "* any output, it's an Ethernet driver problem.  If you only" >> $DEBUG
-    echo "* see three PADI packets and nothing else, check your cables" >> $DEBUG
-    echo "* and modem.  Make sure the modem lights flash when you try" >> $DEBUG
-    echo "* to connect.  Check that your Ethernet card is in" >> $DEBUG
-    echo "* half-duplex, 10Mb/s mode.  If all else fails," >> $DEBUG
-    echo "* try using pppoe-sniff." >> $DEBUG
-    echo "rp-pppoe debugging dump" >> $DEBUG
-    cat $DEBUG-0 >> $DEBUG
-    rm -f $DEBUG-0
-    for i in 1 2 3 4 5 6 7 8 9 10 ; do
-    echo ""
-    echo ""
-    echo ""
-    done
-    echo "*** Finished debugging run.  Please review the file"
-    echo "*** '$DEBUG' and try to"
-    echo "*** figure out what is going on."
-    echo "***"
-    echo "*** Unfortunately, we can NO LONGER accept debugging"
-    echo "*** output for analysis.  Please do not send this to"
-    echo "*** Roaring Penguin; it is too time-consuming for"
-    echo "*** us to deal with all the analyses we have been sent."
-    exit 0
-fi
-
-echo $$ > $PIDFILE
-
-while [ true ] ; do
-    if [ "${DEFROUTE}" != "no" ] ; then
-        DEFRT=$(ip route list match 0/0)
-        [ -n "${DEFRT}" ] && echo "$DEFRT" > /etc/default-routes
-        echo "$DEFRT" | while read spec; do
-            $IP route del $spec;
-        done
-    fi
-
-    if test "$BR2684DEV" != ""; then
-        $BR2684CTL -b -c $BR2684DEV -a $VPI.$VCI
-        $IP link set $ETH up
-    fi
-    if test "$OVERRIDE_PPPD_COMMAND" != "" ; then
-       $SETSID $OVERRIDE_PPPD_COMMAND &
-       echo "$!" > $PPPD_PIDFILE
-    elif test "$LINUX_PLUGIN" != "" ; then
-        $SETSID $PPPD $PPP_STD_OPTIONS $DEMAND &
-        echo "$!" > $PPPD_PIDFILE
-    else
-        $SETSID $PPPD pty "$PPPOE_CMD" \
-        $PPP_STD_OPTIONS \
-        $DEMAND \
-        $PPPD_SYNC &
-        echo "$!" > $PPPD_PIDFILE
-    fi
-    wait
-    if test "$BR2684DEV" != ""; then
-        kill `cat /var/run/nas$BR2684DEV.pid`
-        rm /var/run/nas$BR2684DEV.pid
-    fi
-
-    if test "$RETRY_ON_FAILURE" = "no" ; then
-       exit
-    fi
-
-    # Run /etc/ppp/adsl-lost if it exists
-    test -x /etc/ppp/adsl-lost && /etc/ppp/adsl-lost
-
-    # Re-establish the connection
-    $LOGGER -p daemon.notice "PPPoE connection lost; attempting re-connection."
-
-    # Wait a bit in case a problem causes tons of log messages :-)
-    sleep 5
-done
diff --git a/SPECS-EXTENDED/rp-pppoe/pppoe-server.service b/SPECS-EXTENDED/rp-pppoe/pppoe-server.service
deleted file mode 100644
index 53f8a55629..0000000000
--- a/SPECS-EXTENDED/rp-pppoe/pppoe-server.service
+++ /dev/null
@@ -1,9 +0,0 @@
-[Unit]
-Description=PPPoE Server.
-After=syslog.target
-
-[Service]
-ExecStart=/sbin/pppoe-server
-
-[Install]
-WantedBy=multi-user.target
diff --git a/SPECS-EXTENDED/rp-pppoe/pppoe-setup b/SPECS-EXTENDED/rp-pppoe/pppoe-setup
deleted file mode 100755
index 44c9ffa63c..0000000000
--- a/SPECS-EXTENDED/rp-pppoe/pppoe-setup
+++ /dev/null
@@ -1,492 +0,0 @@
-#! /bin/bash
-#***********************************************************************
-#
-# pppoe-setup
-#
-# All-purpose slicing/dicing shell script to configure rp-pppoe.
-#
-# Copyright (C) 2000 Roaring Penguin Software Inc.
-#
-# $Id$
-#***********************************************************************
-
-# Paths to programs and config files
-IP=/usr/sbin/ip
-PPPD=/usr/sbin/pppd
-PPPOE=/sbin/pppoe
-ECHO=/usr/bin/echo
-LS=/usr/bin/ls
-ID=/usr/bin/id
-NETWORKDIR=/etc/sysconfig/network-scripts
-PAPFILE=/etc/ppp/chap-secrets
-CHAPFILE=/etc/ppp/pap-secrets
-RESOLVFILE=/etc/resolv.conf
-
-# Set to "C" locale so we can parse messages from commands
-LANG=C
-export LANG
-
-# Protect created files
-umask 077
-
-copy() {
-    cp $1 $2
-    if [ "$?" != 0 ] ; then
-	$ECHO "*** Error copying $1 to $2"
-	$ECHO "*** Quitting."
-	exit 1
-    fi
-}
-
-get_device() {
-    if [ ! -d $NETWORKDIR ] ; then
-        $ECHO "** $NETWORKDIR not found"
-        $ECHO "** Quitting"
-        exit 1
-    fi
-
-    cd $NETWORKDIR
-    interfaces=$($LS ifcfg-ppp* 2>/dev/null | egrep -v '(~|\.bak)$' | \
-                 egrep -v '(rpmsave|rpmorig|rpmnew)' | sed 's/^ifcfg-//g')
-
-    for i in $interfaces ; do
-        test -f ifcfg-$i && . ifcfg-$i 2>/dev/null
-        if [ "$TYPE" = "xDSL" ] ; then
-            device_count=$[$device_count+1]
-            devices="$devices $DEVICE"
-        fi
-    done
-}
-
-clear_env() {
-    unset USERCTL BOOTPROTO NAME DEVICE TYPE ONBOOT FIREWALL PING \
-          PPPOE_TIMEOUT LCP_FAILURE LCP_INTERVAL CLAMPMSS CONNECT_POLL \
-	  CONNECT_TIMEOUT DEFROUTE SYNCHRONOUS ETH PROVIDER USER PEERDNS \
-	  DNS1 DNS2
-}
-
-
-clear
-
-$ECHO "Welcome to the PPPoE client setup.  First, I will run some checks on"
-$ECHO "your system to make sure the PPPoE client is installed properly..."
-$ECHO ""
-
-# Must be root
-if [ "`$ID -u`" != 0 ] ; then
-    $ECHO "$0: Sorry, you must be root to run this script"
-    exit 1
-fi
-
-# Must have pppd
-if [ ! -x $PPPD ] ; then
-    $ECHO "Oops, I can't execute the program '$PPPD'.  You"
-    $ECHO "must install the PPP software suite, version 2.3.10 or later."
-    exit 1
-fi
-
-# get the DSL config files in /etc/sysconfig/network-scripts
-devices=""
-device_count=0
-get_device
-
-if [ $device_count -gt 0 ] ; then
-    $ECHO "The following DSL config was found on your system:"
-    $ECHO ""
-    $ECHO "  Device:      Name:"
-
-    for i in $devices ; do
-	. $NETWORKDIR/ifcfg-$i
-	$ECHO "  $i         $NAME"
-    done
-
-    $ECHO ""
-
-    for i in $devices ; do
-	default_device=$i
-	break
-    done
-
-    clear_env
-
-    while [ true ] ; do
-	$ECHO "Please enter the device if you want to configure the present DSL config"
-	$ECHO -n "(default $default_device) or enter 'n' if you want to create a new one: "
-
-	read dev
-
-	if [ "$dev" = "n" ] ; then
-	    i=0
-	    while true; do
-		found=0
-		for j in $interfaces ; do
-		    if [ "$j" = "ppp$i" ] ; then
-			found=1
-			break
-		    fi
-		done
-		if [ $found -eq 0 ] ; then
-		    dsl_device="ppp$i"
-		    break
-		fi
-		i=$[$i+1]
-	    done
-            if [ -z "$dsl_device" ]; then
-                dev=0
-                while [ -e $NETWORKDIR/ifcfg-ppp$dev ]; do
-                    dev=`expr $dev + 1`
-                done
-                dsl_device="ppp$dev"
-            fi
-	    break
-	else
-	    if [ -n "$default_device" ] ; then
-		if [ -n "$dev" ] ; then
-		    dsl_device="$dev"
-		else
-		    dsl_device="$default_device"
-		fi
-	    fi
-	    for i in $devices ; do
-		[ "$dsl_device" = "$i" ] && break
-	    done
-	    if [ "$dsl_device" = "$i" ] ; then
-		break
-	    fi
-	    $ECHO "Device '$dsl_device' is not found in the list, please choose the correct one"
-	fi
-    done
-else
-    dev=0
-    while [ -e $NETWORKDIR/ifcfg-ppp$dev ]; do
-        dev=`expr $dev + 1`
-    done
-    dsl_device="ppp$dev"
-fi
-
-CONFIG="$NETWORKDIR/ifcfg-$dsl_device"
-DEVICE=$dsl_device
-export CONFIG
-
-[ "$dev" = "n" ] || . $CONFIG 2>/dev/null
-[ "$DEMAND" = "" ] &&  DEMAND=no
-
-while [ true ] ; do
-    $ECHO ""
-    $ECHO "LOGIN NAME"
-    $ECHO ""
-    if [ -z "$USER" ] ; then
-	$ECHO -n "Enter your Login Name: "
-    else
-	$ECHO -n "Enter your Login Name (default $USER): "
-    fi
-
-    read U
-
-    if [ -z "$U" ] ; then
-	if [ -z "$USER" ] ; then
-	    continue
-	fi
-    else
-	USER="$U"
-    fi
-
-
-    # Under Linux, "fix" the default interface if eth1 is not available
-    [ -n "$ETH" ] || ETH=eth0
-    if test `uname -s` = "Linux" ; then
-       $IP link show $ETH > /dev/null 2>&1 || ETH=eth0
-    fi
-    $ECHO ""
-    $ECHO "INTERFACE"
-    $ECHO ""
-    $ECHO "Enter the Ethernet interface connected to the PPPoE modem"
-    $ECHO "For Solaris, this is likely to be something like /dev/hme0."
-    $ECHO "For Linux, it will be ethX, where 'X' is a number."
-    $ECHO -n "(default $ETH): "
-    read E
-
-    if [ -n "$E" ] ; then
-	ETH="$E"
-    fi
-
-    $ECHO ""
-    $ECHO "Do you want the link to come up on demand, or stay up continuously?"
-    $ECHO "If you want it to come up on demand, enter the idle time in seconds"
-    $ECHO "after which the link should be dropped.  If you want the link to"
-    $ECHO "stay up permanently, enter 'no' (two letters, lower-case.)"
-    $ECHO "NOTE: Demand-activated links do not interact well with dynamic IP"
-    $ECHO "addresses.  You may have some problems with demand-activated links."
-    $ECHO -n "Enter the demand value (default $DEMAND): "
-    read D
-    if [ -n "$D" ] ; then
-	DEMAND="$D"
-    fi
-
-    $ECHO ""
-    $ECHO "DNS"
-    $ECHO ""
-    $ECHO "Please enter the IP address of your ISP's primary DNS server."
-    $ECHO "If your ISP claims that 'the server will provide dynamic DNS addresses',"
-    $ECHO "enter 'server' (all lower-case) here."
-    $ECHO "If you just press enter, I will assume you know what you are"
-    $ECHO "doing and not modify your DNS setup."
-    $ECHO -n "Enter the DNS information here: "
-
-    read DNS1
-
-
-    if [ -n "$DNS1" ] ; then
-        if [ "$DNS1" != "server" ] ; then
-	    $ECHO "Please enter the IP address of your ISP's secondary DNS server."
-	    $ECHO "If you just press enter, I will assume there is only one DNS server."
-	    $ECHO -n "Enter the secondary DNS server address here: "
-	    read DNS2
-	fi
-    fi
-
-    while [ true ] ; do
-	$ECHO ""
-	$ECHO "PASSWORD"
-	$ECHO ""
-	stty -echo
-	$ECHO -n "Please enter your Password: "
-	read PWD1
-	$ECHO ""
-	$ECHO -n "Please re-enter your Password: "
-	read PWD2
-	$ECHO ""
-	stty echo
-	if [ "$PWD1" = "$PWD2" ] ; then
-	    break
-	fi
-
-	$ECHO -n "Sorry, the passwords do not match.  Try again? (y/n)"
-	read ANS
-	case "$ANS" in
-	    N|No|NO|Non|n|no|non)
-		$ECHO "OK, quitting.  Bye."
-		exit 1
-	esac
-    done
-
-    # Usercontrol
-    $ECHO ""
-    $ECHO "USERCTRL"
-    $ECHO
-    $ECHO "Please enter 'yes' (three letters, lower-case.) if you want to allow"
-    $ECHO -n "normal user to start or stop DSL connection (default yes): "
-
-    read USERCTL
-
-    if [ -z "$USERCTL" ] ; then
-	USERCTL="yes"
-    fi
-
-    # Firewalling
-    $ECHO ""
-    $ECHO "FIREWALLING"
-    $ECHO ""
-    if test `uname -s` != "Linux" ; then
-	$ECHO "Sorry, firewalling is only supported under Linux.  Consult"
-	$ECHO "your operating system manuals for details on setting up"
-	$ECHO "packet filters for your system."
-	FIREWALL=NONE
-    else
-	$ECHO "Please choose the firewall rules to use.  Note that these rules are"
-	$ECHO "very basic.  You are strongly encouraged to use a more sophisticated"
-	$ECHO "firewall setup; however, these will provide basic security.  If you"
-	$ECHO "are running any servers on your machine, you must choose 'NONE' and"
-	$ECHO "set up firewalling yourself.  Otherwise, the firewall rules will deny"
-	$ECHO "access to all standard servers like Web, e-mail, ftp, etc.  If you"
-	$ECHO "are using SSH, the rules will block outgoing SSH connections which"
-	$ECHO "allocate a privileged source port."
-	$ECHO ""
-	while [ true ] ; do
-	    $ECHO "The firewall choices are:"
-	    $ECHO "0 - NONE: This script will not set any firewall rules.  You are responsible"
-	    $ECHO "          for ensuring the security of your machine.  You are STRONGLY"
-	    $ECHO "          recommended to use some kind of firewall rules."
-	    $ECHO "1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation"
-	    $ECHO "2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway"
-	    $ECHO "                for a LAN"
-	    $ECHO -n "Choose a type of firewall (0-2): "
-	    read a
-	    if [ "$a" = 0 -o "$a" = 1 -o "$a" = 2 ] ; then
-		break
-	    fi
-	    $ECHO "Please enter a number from 0 to 2"
-	done
-
-	case "$a" in
-	    0)
-		FIREWALL=NONE
-		;;
-	    1)
-		FIREWALL=STANDALONE
-		;;
-	    2)
-		FIREWALL=MASQUERADE
-		;;
-	esac
-    fi
-
-    $ECHO ""
-    $ECHO "Start this connection at boot time"
-    $ECHO ""
-    $ECHO "Do you want to start this connection at boot time?"
-    $ECHO -n "Please enter no or yes (default no):"
-    read boot
-    case "$boot" in
-      yes|YES) ONBOOT="yes";;
-      *) ONBOOT="no";;
-    esac
-
-    $ECHO ""
-    $ECHO "** Summary of what you entered **"
-    $ECHO ""
-    $ECHO "Ethernet Interface: $ETH"
-    $ECHO "User name:          $USER"
-    if [ "$DEMAND" = "no" ] ; then
-	$ECHO "Activate-on-demand: No"
-    else
-	$ECHO "Activate-on-demand: Yes; idle timeout = $DEMAND seconds"
-    fi
-
-    if [ -n "$DNS1" ] ; then
-        if [ "$DNS1" = "server" ] ; then
-	    $ECHO "DNS addresses:      Supplied by ISP's server"
-        else
-	    $ECHO "Primary DNS:        $DNS1"
-	    if [ -n "$DNS2" ] ; then
-		$ECHO "Secondary DNS:      $DNS2"
-	    fi
-        fi
-    else
-	$ECHO "DNS:                Do not adjust"
-    fi
-    $ECHO "Firewalling:        $FIREWALL"
-    $ECHO "User Control:       $USERCTL"
-    while [ true ] ; do
-        $ECHO -n 'Accept these settings and adjust configuration files (y/n)? '
-        read ANS
-	case "ANS" in
-	    Y|y|yes|Yes|oui|Oui)
-		ANS=y
-		;;
-            N|n|no|No|non|Non)
-		ANS=n
-		;;
-	esac
-	if [ "$ANS" = "y" -o "$ANS" = "n" ] ; then
-	    break
-        fi
-    done
-    if [ "$ANS" = "y" ] ; then
-	break
-    fi
-done
-
-# Adjust configuration files.  First to $CONFIG
-
-$ECHO "Adjusting $CONFIG"
-
-test -f $CONFIG && copy $CONFIG $CONFIG.bak
-if [ "$DNS1" = "server" ] ; then
-    DNS1=""
-    DNS2=""
-    PEERDNS=yes
-else
-    PEERDNS=no
-fi
-
-# Where is pppd likely to put its pid?
-if [ -d /var/run ] ; then
-    VARRUN=/var/run
-else
-    VARRUN=/etc/ppp
-fi
-
-$ECHO "USERCTL=$USERCTL" >$CONFIG
-$ECHO "BOOTPROTO=dialup" >>$CONFIG
-[ -z "$NAME" ] && NAME="DSL$DEVICE"
-$ECHO "NAME=DSL$DEVICE" >>$CONFIG
-$ECHO "DEVICE=$DEVICE" >>$CONFIG
-$ECHO "TYPE=xDSL" >>$CONFIG
-$ECHO "ONBOOT=$ONBOOT" >>$CONFIG
-$ECHO "PIDFILE=/var/run/pppoe-adsl.pid" >>$CONFIG
-$ECHO "FIREWALL=$FIREWALL" >>$CONFIG
-[ -z "$PING" ] && PING="."
-$ECHO "PING=$PING" >>$CONFIG
-[ -z "$PPPOE_TIMEOUT" ] && PPPOE_TIMEOUT=80
-$ECHO "PPPOE_TIMEOUT=$PPPOE_TIMEOUT" >>$CONFIG
-[ -z "$LCP_FAILURE" ] && LCP_FAILURE=3
-$ECHO "LCP_FAILURE=$LCP_FAILURE" >>$CONFIG
-[ -z "$LCP_INTERVAL" ] && LCP_INTERVAL=20
-$ECHO "LCP_INTERVAL=$LCP_INTERVAL" >>$CONFIG
-[ -z "$CLAMPMSS" ] && CLAMPMSS=1412
-$ECHO "CLAMPMSS=$CLAMPMSS" >>$CONFIG
-[ -z "$CONNECT_POLL" ] && CONNECT_POLL=6
-$ECHO "CONNECT_POLL=$CONNECT_POLL" >>$CONFIG
-[ -z "$CONNECT_TIMEOUT" ] && CONNECT_TIMEOUT=60
-$ECHO "CONNECT_TIMEOUT=$CONNECT_TIMEOUT" >>$CONFIG
-[ -z "$DEFROUTE" ] && DEFROUTE=yes
-$ECHO "DEFROUTE=$DEFROUTE" >>$CONFIG
-[ -z "$SYNCHRONOUS" ] && SYNCHRONOUS=no
-$ECHO "SYNCHRONOUS=$SYNCHRONOUS" >>$CONFIG
-$ECHO "ETH=$ETH" >> $CONFIG
-[ -z "$PROVIDER" ] && PROVIDER="$NAME"
-$ECHO "PROVIDER=$PROVIDER" >>$CONFIG
-$ECHO "USER=$USER" >>$CONFIG
-$ECHO "PEERDNS=$PEERDNS" >>$CONFIG
-$ECHO "DEMAND=$DEMAND" >>$CONFIG
-
-if [ -n "$DNS1" ] ; then
-    if [ "$DNS1" != "server" ] ; then
-	$ECHO "Adjusting $RESOLVFILE"
-	if [ -r $RESOLVFILE ] ; then
-	    grep -s "MADE-BY-RP-PPPOE" $RESOLVFILE > /dev/null 2>&1
-	    if [ "$?" != 0 ] ; then
-		$ECHO "  (But first backing it up to $RESOLVFILE.bak)"
-		test -f $$RESOLVFILE && copy $RESOLVFILE $RESOLVFILE.bak
-	    fi
-	fi
-	$ECHO "# MADE-BY-RP-PPPOE" > $RESOLVFILE
-	$ECHO "nameserver $DNS1" >> $RESOLVFILE
-	if [ -n "$DNS2" ] ; then
-	    $ECHO "nameserver $DNS2" >> $RESOLVFILE
-	fi
-    fi
-fi
-
-$ECHO "Adjusting $PAPFILE and $CHAPFILE"
-if [ -r $PAPFILE ] ; then
-    $ECHO "  (But first backing it up to $PAPFILE.bak)"
-    test -f $PAPFILE && copy $PAPFILE $PAPFILE.bak
-else
-    cp /dev/null $PAPFILE.bak
-fi
-if [ -r $CHAPFILE ] ; then
-    $ECHO "  (But first backing it up to $CHAPFILE.bak)"
-    test -f $CHAPFILE && copy $CHAPFILE $CHAPFILE.bak
-else
-    cp /dev/null $CHAPFILE.bak
-fi
-
-egrep -v "^$USER|^\"$USER\"" $PAPFILE.bak > $PAPFILE
-$ECHO "\"$USER\"	*	\"$PWD1\"" >> $PAPFILE
-egrep -v "^$USER|^\"$USER\"" $CHAPFILE.bak > $CHAPFILE
-$ECHO "\"$USER\"	*	\"$PWD1\"" >> $CHAPFILE
-
-$ECHO ""
-$ECHO ""
-$ECHO ""
-$ECHO "Congratulations, it should be all set up!"
-$ECHO ""
-$ECHO "Type '/sbin/ifup $dsl_device' to bring up your xDSL link and '/sbin/ifdown $dsl_device'"
-$ECHO "to bring it down."
-$ECHO "Type '/sbin/pppoe-status $NETWORKDIR/ifcfg-$dsl_device'"
-$ECHO "to see the link status."
-$ECHO ""
-
-exit 0
diff --git a/SPECS-EXTENDED/rp-pppoe/pppoe-start b/SPECS-EXTENDED/rp-pppoe/pppoe-start
deleted file mode 100755
index b68817045c..0000000000
--- a/SPECS-EXTENDED/rp-pppoe/pppoe-start
+++ /dev/null
@@ -1,228 +0,0 @@
-#! /bin/bash
-# Generated automatically from pppoe-start.in by configure.
-#***********************************************************************
-#
-# pppoe-start
-#
-# Shell script to bring up an PPPoE connection
-#
-# Copyright (C) 2000 Roaring Penguin Software Inc.
-#
-# $Id$
-#
-# This file may be distributed under the terms of the GNU General
-# Public License.
-#
-# Usage: pppoe-start [config_file]
-#        pppoe-start interface user [config_file]
-# Second form overrides USER and ETH from config file.
-# If config_file is omitted, defaults to /etc/ppp/pppoe.conf
-#
-#***********************************************************************
-
-# From AUTOCONF
-prefix=/usr
-exec_prefix=/usr
-
-# Paths to programs
-CONNECT=/usr/sbin/pppoe-connect
-ECHO=/usr/bin/echo
-IP=/usr/sbin/ip
-LS=/usr/bin/ls
-NETWORKDIR=/etc/sysconfig/network-scripts
-
-get_device() {
-    if [ ! -d $NETWORKDIR ] ; then
-        $ECHO "** $NETWORKDIR not found"
-        $ECHO "** Quitting"
-        exit 1
-    fi
-
-    cd $NETWORKDIR
-    interfaces=$($LS ifcfg-ppp* 2>/dev/null | egrep -v '(~|\.bak)$' | \
-                 egrep -v '(rpmsave|rpmorig|rpmnew)' | sed 's/^ifcfg-//g')
-
-    for i in $interfaces ; do
-        test -f ifcfg-$i && . ifcfg-$i 2>/dev/null
-        if [ "$TYPE" = "xDSL" ] ; then
-            CONFIG=$NETWORKDIR/ifcfg-$i
-            break
-        fi
-    done
-}
-
-# Set to "C" locale so we can parse messages from commands
-LANG=C
-export LANG
-
-# Defaults
-USER=""
-ETH=""
-ME=`basename $0`
-
-# Must be root
-if [ "`/usr/bin/id -u`" != 0 ] ; then
-    [ "$DEBUG" = "1" ] && $ECHO "$ME: You must be root to run this script" >& 2
-    exit 1
-fi
-
-# Debugging
-if [ "$DEBUG" = "1" ] ; then
-    $ECHO "*** Running in debug mode... please be patient..."
-    DEBUG=`mktemp -d /tmp/pppoe-debug-XXXXXXXX`
-    if [ $? -ne 0 ] ; then
-	$ECHO "Could not create directory $DEBUG... exiting"
-	exit 1
-    fi
-    export DEBUG
-    DEBUG=$DEBUG/pppoe-debug.txt
-
-    # Initial debug output
-    $ECHO "---------------------------------------------" > $DEBUG
-    $ECHO "* The following section contains information about your system" >> $DEBUG
-    date >> $DEBUG
-    $ECHO "Output of uname -a" >> $DEBUG
-    uname -a >> $DEBUG
-    $ECHO "---------------------------------------------" >> $DEBUG
-    $ECHO "* The following section contains information about your network" >> $DEBUG
-    $ECHO "* interfaces.  The one you chose for PPPoE should contain the words:" >> $DEBUG
-    $ECHO "* 'UP' and 'RUNNING'.  If it does not, you probably have an Ethernet" >> $DEBUG
-    $ECHO "* driver problem." >> $DEBUG
-    $ECHO "Output of ip addr show" >> $DEBUG
-    $IP addr show >> $DEBUG
-    $ECHO "---------------------------------------------" >> $DEBUG
-    if [ "`uname -s`" = "Linux" ] ; then
-        $ECHO "* The following section contains information about kernel modules" >> $DEBUG
-	$ECHO "* If the module for your Ethernet card is 'tulip', you might" >> $DEBUG
-	$ECHO "* want to look for an updated version at http://www.scyld.com" >> $DEBUG
-	$ECHO "Output of lsmod" >> $DEBUG
-	lsmod >> $DEBUG
-	$ECHO "---------------------------------------------" >> $DEBUG
-    fi
-    $ECHO "* The following section lists your routing table." >> $DEBUG
-    $ECHO "* If you have an entry which starts with '0.0.0.0', you probably" >> $DEBUG
-    $ECHO "* have defined a default route and gateway, and pppd will" >> $DEBUG
-    $ECHO "* not create a default route using your ISP.  Try getting" >> $DEBUG
-    $ECHO "* rid of this route." >> $DEBUG
-    $ECHO "Output of ip route" >> $DEBUG
-    $IP route >> $DEBUG
-    $ECHO "---------------------------------------------" >> $DEBUG
-    $ECHO "Contents of /etc/resolv.conf" >> $DEBUG
-    $ECHO "* The following section lists DNS setup." >> $DEBUG
-    $ECHO "* If you can browse by IP address, but not name, suspect" >> $DEBUG
-    $ECHO "* a DNS problem." >> $DEBUG
-    cat /etc/resolv.conf >> $DEBUG
-    $ECHO "---------------------------------------------" >> $DEBUG
-    $ECHO "* The following section lists /etc/ppp/options." >> $DEBUG
-    $ECHO "* You should have NOTHING in that file." >> $DEBUG
-    $ECHO "Contents of /etc/ppp/options" >> $DEBUG
-    cat /etc/ppp/options >> $DEBUG 2>/dev/null
-    $ECHO "---------------------------------------------" >> $DEBUG
-    DEBUG="1"
-fi
-
-# Sort out command-line arguments
-case "$#" in
-    1)
-	CONFIG="$1"
-	;;
-    3)
-	CONFIG="$3"
-	;;
-esac
-
-if [ -z "$CONFIG" ] ; then
-    get_device
-    [ -z "$CONFIG" ] && CONFIG=/etc/ppp/pppoe.conf
-fi
-
-if [ ! -f "$CONFIG" -o ! -r "$CONFIG" ] ; then
-    [ "$DEBUG" = "1" ] && $ECHO "$ME: Cannot read configuration file '$CONFIG'" >& 2
-    exit 1
-fi
-
-export CONFIG
-. $CONFIG
-
-# Check for command-line overriding of ETH and USER
-case "$#" in
-    2|3)
-	ETH="$1"
-	USER="$2"
-	;;
-esac
-
-# Check for pidfile
-if [ -r "$PIDFILE" ] ; then
-    PID=`cat "$PIDFILE"`
-    # Check if still running
-    kill -0 $PID > /dev/null 2>&1
-    if [ $? = 0 ] ; then
-	[ "$DEBUG" = "1" ] && $ECHO "$ME: There already seems to be an PPPoE connection up (PID $PID)" >& 2
-	exit 1
-    fi
-    # Delete bogus PIDFILE
-    rm -f "$PIDFILE" "$PIDFILE.pppd" "$PIDFILE.pppoe" "$PIDFILE.start"
-fi
-
-echo $$ > $PIDFILE.start
-
-# Start the connection in the background unless we're debugging
-if [ "$DEBUG" != "" ] ; then
-    $CONNECT "$@"
-    exit 0
-fi
-
-$CONNECT "$@" > /dev/null 2>&1 &
-CONNECT_PID=$!
-
-if [ "$CONNECT_TIMEOUT" = "" -o "$CONNECT_TIMEOUT" = 0 ] ; then
-    exit 0
-fi
-
-# Don't monitor connection if dial-on-demand
-if [ "$DEMAND" != "" -a "$DEMAND" != "no" ] ; then
-    exit 0
-fi
-
-# Monitor connection
-TIME=0
-while [ true ] ; do
-    /sbin/pppoe-status $CONFIG > /dev/null 2>&1
-
-    # Looks like the interface came up
-    if [ $? = 0 ] ; then
-	# Print newline if standard input is a TTY
-	[ "$DEBUG" = "1" ] && tty -s && $ECHO " Connected!"
-	exit 0
-    fi
-
-    if test -n "$FORCEPING" ; then
-	[ "$DEBUG" = "1" ] && $ECHO -n "$FORCEPING"
-    else
-	[ "$DEBUG" = "1" ] && tty -s && $ECHO -n "$PING"
-    fi
-    sleep $CONNECT_POLL
-    TIME=`expr $TIME + $CONNECT_POLL`
-    if [ $TIME -gt $CONNECT_TIMEOUT ] ; then
-	break
-    fi
-done
-
-[ "$DEBUG" = "1" ] && $ECHO "TIMED OUT" >& 2
-# Timed out!  Kill the pppoe-connect process and quit
-kill $CONNECT_PID > /dev/null 2>&1
-
-# Clean up PIDFILE(s)
-rm -f "$PIDFILE" "$PIDFILE.pppd" "$PIDFILE.pppoe" "$PIDFILE.start"
-
-# add old default gw back
-if [ -s /etc/default-routes ] ; then
-    while read spec; do
-        $IP route add $spec
-    done < /etc/default-routes
-    rm -f /etc/default-routes
-fi
-
-exit 1
-
diff --git a/SPECS-EXTENDED/rp-pppoe/pppoe-status b/SPECS-EXTENDED/rp-pppoe/pppoe-status
deleted file mode 100755
index 798132a43d..0000000000
--- a/SPECS-EXTENDED/rp-pppoe/pppoe-status
+++ /dev/null
@@ -1,105 +0,0 @@
-#! /bin/bash
-#***********************************************************************
-#
-# pppoe-status
-#
-# Shell script to report on status of PPPoE connection
-#
-# Copyright (C) 2000-2001 Roaring Penguin Software Inc.
-#
-# $Id$
-#
-# This file may be distributed under the terms of the GNU General
-# Public License.
-#
-# LIC: GPL
-#
-# Usage: pppoe-status [config_file]
-# If config_file is omitted, defaults to /etc/ppp/pppoe.conf
-#
-#***********************************************************************
-
-# Defaults
-LS=/usr/bin/ls
-IP=/usr/sbin/ip
-NETWORKDIR=/etc/sysconfig/network-scripts
-
-get_device() {
-    if [ ! -d $NETWORKDIR ] ; then
-        $ECHO "** $NETWORKDIR not found"
-        $ECHO "** Quitting"
-        exit 1
-    fi
-
-    cd $NETWORKDIR
-    interfaces=$($LS ifcfg-ppp* 2>/dev/null | egrep -v '(~|\.bak)$' | \
-                 egrep -v '(rpmsave|rpmorig|rpmnew)' | sed 's/^ifcfg-//g')
-
-    for i in $interfaces ; do
-        test -f ifcfg-$i && . ifcfg-$i 2>/dev/null
-        if [ "$TYPE" = "xDSL" ] ; then
-            CONFIG=$NETWORKDIR/ifcfg-$i
-            break
-        fi
-    done
-}
-
-CONFIG="$1"
-if [ -z "$CONFIG" ] ; then
-    get_device
-    [ -z "$CONFIG" ] && CONFIG=/etc/ppp/pppoe.conf
-fi
-
-if [ ! -f "$CONFIG" -o ! -r "$CONFIG" ] ; then
-    echo "$0: Cannot read configuration file '$CONFIG'" >& 2
-    exit 1
-fi
-
-. $CONFIG
-
-PPPOE_PIDFILE="$PIDFILE.pppoe"
-PPPD_PIDFILE="$PIDFILE.pppd"
-
-if [ "$DEMAND" != "no" ] ; then
-    echo "Note: You have enabled demand-connection; pppoe-status may be inaccurate."
-fi
-
-# If no PPPOE_PIDFILE, connection is down, unless we're using the Linux plugin
-if [ "$LINUX_PLUGIN" = "" ] ; then
-    if [ ! -r "$PPPOE_PIDFILE" ] ; then
-	echo "pppoe-status: Link is down (can't read pppoe PID file $PPPOE_PIDFILE)"
-	exit 1
-    fi
-fi
-
-# If no PPPD_PIDFILE, something fishy!
-if [ ! -r "$PPPD_PIDFILE" ] ; then
-    echo "pppoe-status: Link is down (can't read pppd PID file $PPPD_PIDFILE)"
-    exit 1
-fi
-
-PPPD_PID=`cat "$PPPD_PIDFILE"`
-
-# Sigh.  Some versions of pppd put PID files in /var/run; others put them
-# in /etc/ppp.  Since it's too messy to figure out what pppd does, we
-# try both locations.
-for i in /etc/ppp/ppp*.pid /var/run/ppp*.pid ; do
-    if [ -r $i ] ; then
-	PID=`cat $i`
-	if [ "$PID" = "$PPPD_PID" ] ; then
-	    IF=`basename $i .pid`
-	    $IP route | grep "dev ${IF}\s" > /dev/null
-	    if [ "$?" != "0" ] ; then
-		echo "pppoe-status: Link is attached to $IF, but $IF is down"
-		exit 1
-	    fi
-	    echo "pppoe-status: Link is up and running on interface $IF"
-	    $IP addr show $IF
-	    exit 0
-	fi
-    fi
-done
-
-echo "ppppoe-status: Link is down -- could not find interface corresponding to"
-echo "pppd pid $PPPD_PID"
-exit 1
diff --git a/SPECS-EXTENDED/rp-pppoe/pppoe-stop b/SPECS-EXTENDED/rp-pppoe/pppoe-stop
deleted file mode 100755
index 65776df20d..0000000000
--- a/SPECS-EXTENDED/rp-pppoe/pppoe-stop
+++ /dev/null
@@ -1,143 +0,0 @@
-#! /bin/bash
-# Generated automatically from pppoe-stop.in by configure.
-#***********************************************************************
-#
-# pppoe-stop
-#
-# Shell script to bring down an PPPoE connection
-#
-# Copyright (C) 2000 Roaring Penguin Software Inc.
-#
-# $Id$
-#
-# This file may be distributed under the terms of the GNU General
-# Public License.
-#
-# LIC: GPL
-#
-# Usage: pppoe-stop [config_file]
-# If config_file is omitted, defaults to /etc/ppp/pppoe.conf
-#
-#***********************************************************************
-
-export PATH=/sbin:/bin:/usr/sbin:/usr/bin
-
-IP=/usr/sbin/ip
-LS=/bin/ls
-NETWORKDIR=/etc/sysconfig/network-scripts
-
-# Set to "C" locale so we can parse messages from commands
-LANG=C
-export LANG
-
-get_device() {
-    if [ ! -d $NETWORKDIR ] ; then
-        $ECHO "** $NETWORKDIR not found"
-        $ECHO "** Quitting"
-        exit 1
-    fi
-
-    cd $NETWORKDIR
-    interfaces=$($LS ifcfg-ppp* 2>/dev/null | egrep -v '(~|\.bak)$' | \
-                 egrep -v '(rpmsave|rpmorig|rpmnew)' | sed 's/^ifcfg-//g')
-
-    for i in $interfaces ; do
-        test -f ifcfg-$i && . ifcfg-$i 2>/dev/null
-        if [ "$TYPE" = "xDSL" ] ; then
-            CONFIG=$NETWORKDIR/ifcfg-$i
-            break
-        fi
-    done
-}
-
-ME="`basename $0`"
-LOGGER="/usr/bin/logger -t $ME"
-CONFIG="$1"
-if [ -z "$CONFIG" ] ; then
-    get_device
-    [ -z "$CONFIG" ] && CONFIG=/etc/ppp/pppoe.conf
-fi
-
-if [ ! -f "$CONFIG" -o ! -r "$CONFIG" ] ; then
-    [ "$DEBUG" = "1" ] && echo "$ME: Cannot read configuration file '$CONFIG'" >& 2
-    exit 1
-fi
-
-export CONFIG
-. $CONFIG
-
-PPPOE_PIDFILE="$PIDFILE.pppoe"
-PPPD_PIDFILE="$PIDFILE.pppd"
-STARTPID="$PIDFILE.start"
-
-# Backward config file compatibility
-if test "$DEMAND" = "" ; then
-	DEMAND=no
-fi
-
-# Ignore SIGTERM
-trap "" 15
-
-# Check for pidfile
-if [ -r "$PIDFILE" ] ; then
-    PID=`cat $PIDFILE`
-
-    # Check if still running
-    kill -0 $PID > /dev/null 2>&1
-    if [ $? != 0 ] ; then
-        [ "$DEBUG" = "1" ] && echo "$ME: The pppoe-connect script (PID $PID) appears to have died" >& 2
-    fi
-
-    # Kill pppd, which should in turn kill pppoe
-    if [ -r "$PPPD_PIDFILE" ] ; then
-        PPPD_PID=`cat "$PPPD_PIDFILE"`
-        $LOGGER -p daemon.notice "Killing pppd"
-        [ "$DEBUG" = "1" ] && echo "Killing pppd ($PPPD_PID)"
-        kill $PPPD_PID > /dev/null 2>&1
-    fi
-
-    # Kill pppoe-start
-    PIDS=`cat $STARTPID`
-    kill -0 $PIDS > /dev/null 2>&1
-    if [ $? = 0 ] ; then
-        $LOGGER -p daemon.notice "Killing pppoe-connect"
-        kill $PIDS > /dev/null 2>&1
-    fi
-
-    # Kill pppoe-connect
-    $LOGGER -p daemon.notice "Killing pppoe-connect"
-    [ "$DEBUG" = "1" ] && echo "Killing pppoe-connect ($PID)"
-    kill $PID > /dev/null 2>&1
-
-    # Kill pppd again, in case it's still hanging around
-    if [ -r "$PPPD_PIDFILE" ] ; then
-       PPPD_PID=`cat "$PPPD_PIDFILE"`
-       kill -9 $PPPD_PID > /dev/null 2>&1 || exit 1
-    fi
-
-    # Kill br2684ctl if necessary
-    if [ -n "$BR2684DEV" -a -r /var/run/nas$BR2684DEV.pid ]; then
-	PIDS=`cat /var/run/nas$BR2684DEV.pid`
-	kill -0 $PIDS > /dev/null 2>&1
-	if [ $? = 0 ]; then
-	    $LOGGER -p daemon.notice "Killing br2684ctl for nas$BR2684DEV"
-	    kill $PIDS > /dev/null 2>&1
-	fi
-	rm -f /var/run/nas$BR2684DEV.pid
-    fi
-
-    rm -f "$PIDFILE" "$PPPD_PIDFILE" "$PPPOE_PIDFILE" "$STARTPID"
-else
-    [ "$DEBUG" = "1" ] && echo "$ME: No PPPoE connection appears to be running" >&2
-    exit 1
-fi
-
-# add old default gw back
-if [ -s /etc/default-routes ] ; then
-    while read spec; do
-        $IP route add $spec
-    done < /etc/default-routes
-    rm -f /etc/default-routes
-fi
-
-exit 0
diff --git a/SPECS-EXTENDED/rp-pppoe/rp-pppoe-3.12-bz#1469960-new-kernel-header.patch b/SPECS-EXTENDED/rp-pppoe/rp-pppoe-3.12-bz#1469960-new-kernel-header.patch
deleted file mode 100644
index 2b26edac78..0000000000
--- a/SPECS-EXTENDED/rp-pppoe/rp-pppoe-3.12-bz#1469960-new-kernel-header.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-diff -up rp-pppoe-3.12/src/if.c.than rp-pppoe-3.12/src/if.c
---- rp-pppoe-3.12/src/if.c.than	2017-07-25 11:04:53.780466912 +0200
-+++ rp-pppoe-3.12/src/if.c	2017-07-25 11:05:35.951885962 +0200
-@@ -20,6 +20,12 @@ static char const RCSID[] =
- 
- #include "pppoe.h"
- 
-+#if defined(HAVE_LINUX_IF_H)
-+#include 
-+#elif defined(HAVE_NET_IF_H)
-+#include 
-+#endif
-+
- #ifdef HAVE_UNISTD_H
- #include 
- #endif
-diff -up rp-pppoe-3.12/src/plugin.c.than rp-pppoe-3.12/src/plugin.c
---- rp-pppoe-3.12/src/plugin.c.than	2017-07-25 11:05:50.145353868 +0200
-+++ rp-pppoe-3.12/src/plugin.c	2017-07-25 11:07:00.068732535 +0200
-@@ -49,6 +49,11 @@ static char const RCSID[] =
- #include 
- #include 
- #include 
-+#if defined(HAVE_LINUX_IF_H)
-+#include 
-+#elif defined(HAVE_NET_IF_H)
-+#include 
-+#endif
- #include 
- #include 
- #include 
-diff -up rp-pppoe-3.12/src/pppoe.h.than rp-pppoe-3.12/src/pppoe.h
---- rp-pppoe-3.12/src/pppoe.h.than	2017-07-25 11:07:38.141305245 +0200
-+++ rp-pppoe-3.12/src/pppoe.h	2017-07-25 11:08:34.409195838 +0200
-@@ -51,13 +51,6 @@ extern int IsSetID;
- #include 
- #endif
- 
--/* Ugly header files on some Linux boxes... */
--#if defined(HAVE_LINUX_IF_H)
--#include 
--#elif defined(HAVE_NET_IF_H)
--#include 
--#endif
--
- #ifdef HAVE_NET_IF_TYPES_H
- #include 
- #endif
-@@ -136,9 +129,6 @@ typedef unsigned long UINT32_t;
- #ifdef HAVE_NETINET_IF_ETHER_H
- #include 
- 
--#ifdef HAVE_SYS_SOCKET_H
--#include 
--#endif
- #ifndef HAVE_SYS_DLPI_H
- #include 
- #endif
-diff -up rp-pppoe-3.12/src/pppoe-server.c.than rp-pppoe-3.12/src/pppoe-server.c
---- rp-pppoe-3.12/src/pppoe-server.c.than	2017-07-25 11:08:51.505554918 +0200
-+++ rp-pppoe-3.12/src/pppoe-server.c	2017-07-25 11:09:59.230016098 +0200
-@@ -26,6 +26,13 @@ static char const RCSID[] =
- 
- #define _BSD_SOURCE 1 /* for gethostname */
- 
-+#include 
-+#if defined(HAVE_LINUX_IF_H)
-+#include 
-+#elif defined(HAVE_NET_IF_H)
-+#include 
-+#endif
-+
- #include "pppoe-server.h"
- #include "md5.h"
- 
-diff -up rp-pppoe-3.12/src/relay.c.than rp-pppoe-3.12/src/relay.c
---- rp-pppoe-3.12/src/relay.c.than	2017-07-25 11:10:13.863467871 +0200
-+++ rp-pppoe-3.12/src/relay.c	2017-07-25 11:11:17.747074537 +0200
-@@ -18,11 +18,19 @@ static char const RCSID[] =
- "$Id$";
- 
- #define _GNU_SOURCE 1 /* For SA_RESTART */
--
--#include "relay.h"
-+#include "config.h"
- 
- #include 
- 
-+#include 
-+#if defined(HAVE_LINUX_IF_H)
-+#include 
-+#elif defined(HAVE_NET_IF_H)
-+#include 
-+#endif
-+
-+#include "relay.h"
-+
- #ifdef HAVE_SYSLOG_H
- #include 
- #endif
diff --git a/SPECS-EXTENDED/rp-pppoe/rp-pppoe-3.12-doc.patch b/SPECS-EXTENDED/rp-pppoe/rp-pppoe-3.12-doc.patch
deleted file mode 100644
index e6e1b117d6..0000000000
--- a/SPECS-EXTENDED/rp-pppoe/rp-pppoe-3.12-doc.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-diff -up rp-pppoe-3.12/src/Makefile.in.than rp-pppoe-3.12/src/Makefile.in
---- rp-pppoe-3.12/src/Makefile.in.than	2015-11-16 17:25:40.566618656 +0100
-+++ rp-pppoe-3.12/src/Makefile.in	2015-11-16 17:25:57.749517019 +0100
-@@ -165,14 +165,6 @@ install: all
- 	$(install) -m 755 ../scripts/pppoe-status $(DESTDIR)$(sbindir)
- 	$(install) -m 755 ../scripts/pppoe-stop $(DESTDIR)$(sbindir)
- 	$(install) -m 755 ../scripts/pppoe-setup $(DESTDIR)$(sbindir)
--	-mkdir -p $(DESTDIR)$(docdir)
--	$(install) -m 644 ../doc/CHANGES $(DESTDIR)$(docdir)
--	$(install) -m 644 ../doc/KERNEL-MODE-PPPOE $(DESTDIR)$(docdir)
--	$(install) -m 644 ../doc/HOW-TO-CONNECT $(DESTDIR)$(docdir)
--	$(install) -m 644 ../doc/LICENSE $(DESTDIR)$(docdir)
--	$(install) -m 644 ../README $(DESTDIR)$(docdir)
--	$(install) -m 644 ../SERVPOET $(DESTDIR)$(docdir)
--	$(install) -m 644 ../configs/pap-secrets $(DESTDIR)$(docdir)
- 	-mkdir -p $(DESTDIR)$(mandir)/man8
- 	for i in $(TARGETS) ; do \
- 		if test -f ../man/$$i.8 ; then \
diff --git a/SPECS-EXTENDED/rp-pppoe/rp-pppoe-3.12-ip-allocation.patch b/SPECS-EXTENDED/rp-pppoe/rp-pppoe-3.12-ip-allocation.patch
deleted file mode 100644
index 512913745f..0000000000
--- a/SPECS-EXTENDED/rp-pppoe/rp-pppoe-3.12-ip-allocation.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-diff -up rp-pppoe-3.12/man/pppoe-server.8.ip-allocation rp-pppoe-3.12/man/pppoe-server.8
---- rp-pppoe-3.12/man/pppoe-server.8.ip-allocation	2015-11-11 16:10:01.000000000 +0100
-+++ rp-pppoe-3.12/man/pppoe-server.8	2015-11-16 16:48:52.457927211 +0100
-@@ -96,6 +96,11 @@ valid remote IP address to \fBpppd\fR.
- of 10.67.15.1 is used.
- 
- .TP
-+.B \-D
-+Delegate the allocation of IP addresses to \fBpppd\fR.  If specified, no
-+local and remote addresses passed to pppd.
-+
-+.TP
- .B \-N \fInum\fR
- Allows at most \fInum\fR concurrent PPPoE sessions.  If not specified,
- the default is 64.
-diff -up rp-pppoe-3.12/src/pppoe-server.c.ip-allocation rp-pppoe-3.12/src/pppoe-server.c
---- rp-pppoe-3.12/src/pppoe-server.c.ip-allocation	2015-11-11 16:10:04.000000000 +0100
-+++ rp-pppoe-3.12/src/pppoe-server.c	2015-11-16 16:50:53.209195100 +0100
-@@ -176,6 +176,9 @@ char PppoeOptions[SMALLBUF] = "";
- unsigned char LocalIP[IPV4ALEN] = {10, 0, 0, 1}; /* Counter optionally STARTS here */
- unsigned char RemoteIP[IPV4ALEN] = {10, 67, 15, 1}; /* Counter STARTS here */
- 
-+/* Delegates the allocation of IP addresses to pppd (as the pptpd doing) */
-+int DelegateIPAllocation = 0;
-+
- /* Do we increment local IP for each connection? */
- int IncrLocalIP = 0;
- 
-@@ -241,8 +244,8 @@ childHandler(pid_t pid, int status, void
- 
-     memset(&conn, 0, sizeof(conn));
-     conn.hostUniq = NULL;
--
--    syslog(LOG_INFO,
-+    if (!DelegateIPAllocation) {
-+     syslog(LOG_INFO,
- 	   "Session %u closed for client "
- 	   "%02x:%02x:%02x:%02x:%02x:%02x (%d.%d.%d.%d) on %s",
- 	   (unsigned int) ntohs(session->sess),
-@@ -251,6 +254,15 @@ childHandler(pid_t pid, int status, void
- 	   (int) session->realpeerip[0], (int) session->realpeerip[1],
- 	   (int) session->realpeerip[2], (int) session->realpeerip[3],
- 	   session->ethif->name);
-+    } else {
-+		syslog(LOG_INFO,
-+      "Session %u closed for client "
-+      "%02x:%02x:%02x:%02x:%02x:%02x on %s",
-+      (unsigned int) ntohs(session->sess),
-+      session->eth[0], session->eth[1], session->eth[2],
-+      session->eth[3], session->eth[4], session->eth[5],
-+      session->ethif->name);
-+    }
-     memcpy(conn.myEth, session->ethif->mac, ETH_ALEN);
-     conn.discoverySocket = session->ethif->sock;
-     conn.session = session->sess;
-@@ -1134,6 +1146,7 @@ usage(char const *argv0)
-     fprintf(stderr, "   -L ip          -- Set local IP address.\n");
-     fprintf(stderr, "   -l             -- Increment local IP address for each session.\n");
-     fprintf(stderr, "   -R ip          -- Set start address of remote IP pool.\n");
-+    fprintf(stderr, "   -D             -- Delegates the allocation of IP addresses to pppd.\n");
-     fprintf(stderr, "   -S name        -- Advertise specified service-name.\n");
-     fprintf(stderr, "   -O fname       -- Use PPPD options from specified file\n");
-     fprintf(stderr, "                     (default %s).\n", PPPOE_SERVER_OPTIONS);
-@@ -1200,9 +1213,9 @@ main(int argc, char **argv)
- #endif
- 
- #ifndef HAVE_LINUX_KERNEL_PPPOE
--    char *options = "X:ix:hI:C:L:R:T:m:FN:f:O:o:sp:lrudPc:S:1q:Q:";
-+    char *options = "X:ix:hI:C:L:R:DT:m:FN:f:O:o:sp:lrudPc:S:1q:Q:";
- #else
--    char *options = "X:ix:hI:C:L:R:T:m:FN:f:O:o:skp:lrudPc:S:1q:Q:";
-+    char *options = "X:ix:hI:C:L:R:DT:m:FN:f:O:o:skp:lrudPc:S:1q:Q:";
- #endif
- 
-     if (getuid() != geteuid() ||
-@@ -1401,6 +1414,10 @@ main(int argc, char **argv)
- 	    }
- 	    break;
- 
-+	case 'D':
-+	    DelegateIPAllocation = 1;
-+	    break;
-+
- 	case 'T':
- 	case 'm':
- 	    /* These just get passed to pppoe */
-@@ -1915,6 +1932,7 @@ startPPPDUserMode(ClientSession *session
-     argv[c++] = "file";
-     argv[c++] = pppoptfile;
- 
-+    if (!DelegateIPAllocation) {
-     snprintf(buffer, SMALLBUF, "%d.%d.%d.%d:%d.%d.%d.%d",
- 	    (int) session->myip[0], (int) session->myip[1],
- 	    (int) session->myip[2], (int) session->myip[3],
-@@ -1930,6 +1948,16 @@ startPPPDUserMode(ClientSession *session
- 	   session->ethif->name,
- 	   session->serviceName);
-     argv[c++] = strdup(buffer);
-+    } else {
-+	syslog(LOG_INFO,
-+	    "Session %u created for client %02x:%02x:%02x:%02x:%02x:%02x on %s using Service-Name '%s'",
-+	    (unsigned int) ntohs(session->sess),
-+	    session->eth[0], session->eth[1], session->eth[2],
-+	    session->eth[3], session->eth[4], session->eth[5],
-+	    session->ethif->name,
-+	    session->serviceName);
-+    }
-+    
-     if (!argv[c-1]) {
- 	/* TODO: Send a PADT */
- 	exit(EXIT_FAILURE);
diff --git a/SPECS-EXTENDED/rp-pppoe/rp-pppoe-3.12-man.patch b/SPECS-EXTENDED/rp-pppoe/rp-pppoe-3.12-man.patch
deleted file mode 100644
index 319b64024d..0000000000
--- a/SPECS-EXTENDED/rp-pppoe/rp-pppoe-3.12-man.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-diff -up rp-pppoe-3.12/man/pppoe.conf.5.config rp-pppoe-3.12/man/pppoe.conf.5
---- rp-pppoe-3.12/man/pppoe.conf.5.config	2015-11-11 16:10:02.000000000 +0100
-+++ rp-pppoe-3.12/man/pppoe.conf.5	2015-11-16 16:40:18.061006832 +0100
-@@ -2,16 +2,16 @@
- .TH PPPOE.CONF 5 "21 February 2000"
- .UC 4
- .SH NAME
--pppoe.conf \- Configuration file used by \fBpppoe-start\fR(8),
-+ifcfg-ppp0 \- Configuration file used by \fBpppoe-start\fR(8),
- \fBpppoe-stop\fR(8), \fBpppoe-status(8)\fR and \fBpppoe-connect\fR(8).
- 
- .SH DESCRIPTION
--\fB/etc/ppp/pppoe.conf\fR is a shell script which contains configuration
-+\fB/etc/sysconfig/network-scripts/ifcfg-ppp0\fR is a shell script which contains configuration
- information for Roaring Penguin's PPPoE scripts.  Note that \fBpppoe.conf\fR
- is used only by the various pppoe-* shell scripts, not by \fBpppoe\fR
- itself.
- 
--\fBpppoe.conf\fR consists of a sequence of shell variable assignments.
-+\fBifcfg-ppp0\fR consists of a sequence of shell variable assignments.
- The variables and their meanings are:
- 
- .TP
-@@ -54,11 +54,10 @@ from /etc/resolv.conf to /etc/ppp/resolv
- IP addresses of DNS servers if you use DNSTYPE=SPECIFY.
- 
- .TP
--.B NONROOT
--If the line \fBNONROOT=OK\fR (exactly like that; no whitespace or comments)
--appears in the configuration file, then \fBpppoe-wrapper\fR will allow
--non-root users to bring the conneciton up or down.  The wrapper is installed
--only if you installed the rp-pppoe-gui package.
-+.B USERCTL
-+If the line \fBUSERCTL=yes\fR (exactly like that; no whitespace or comments)
-+appears in the configuration file, then \fB/sbin/ifup\fR will allow
-+non-root users to bring the conneciton up or down.
- 
- .TP
- .B USEPEERDNS
-diff -up rp-pppoe-3.12/man/pppoe-connect.8.config rp-pppoe-3.12/man/pppoe-connect.8
---- rp-pppoe-3.12/man/pppoe-connect.8.config	2015-11-11 16:10:01.000000000 +0100
-+++ rp-pppoe-3.12/man/pppoe-connect.8	2015-11-16 16:40:18.061006832 +0100
-@@ -13,7 +13,8 @@ pppoe-connect \- Shell script to manage
- .SH DESCRIPTION
- \fBpppoe-connect\fR is a shell script which manages a PPPoE connection
- using the Roaring Penguin user-space PPPoE client.  If you omit
--\fIconfig_file\fR, the default file \fB/etc/ppp/pppoe.conf\fR is used.
-+\fIconfig_file\fR, the default file
-+\fB/etc/sysconfig/network-scripts/ifcfg-ppp0\fR is used.
- If you supply \fIinterface\fR and \fIuser\fR, then they override the
- Ethernet interface and user-name settings in the configuration file.
- .P
-diff -up rp-pppoe-3.12/man/pppoe-setup.8.config rp-pppoe-3.12/man/pppoe-setup.8
---- rp-pppoe-3.12/man/pppoe-setup.8.config	2015-11-16 16:40:18.061006832 +0100
-+++ rp-pppoe-3.12/man/pppoe-setup.8	2015-11-16 16:42:49.148104863 +0100
-@@ -8,7 +8,7 @@ pppoe-setup \- Shell script to configure
- 
- .SH DESCRIPTION
- \fBpppoe-setup\fR is a shell script which prompts you for various pieces
--of information and sets up an /etc/ppp/pppoe.conf configuration script
-+of information and sets up an /etc/sysconfig/network-scripts/ifcfg-ppp0 configuration script
- for the \fBpppoe-start\fR, \fBpppoe-stop\fR and \fBpppoe-connect\fR scripts.
- 
- .SH AUTHOR
-diff -up rp-pppoe-3.12/man/pppoe-start.8.config rp-pppoe-3.12/man/pppoe-start.8
---- rp-pppoe-3.12/man/pppoe-start.8.config	2015-11-11 16:10:01.000000000 +0100
-+++ rp-pppoe-3.12/man/pppoe-start.8	2015-11-16 16:40:18.061006832 +0100
-@@ -11,7 +11,7 @@ pppoe-start \- Shell script to bring up
- .SH DESCRIPTION
- \fBpppoe-start\fR is a shell script which starts the Roaring Penguin
- user-space PPPoE client.  If you omit \fIconfig_file\fR, the default
--file \fB/etc/ppp/pppoe.conf\fR is used.  If you supply
-+file \fB/etc/sysconfig/network-scripts/ifcfg-ppp0\fR is used.  If you supply
- \fIinterface\fR and \fIuser\fR, then they override the Ethernet interface
- and user-name settings in the configuration file.
- 
-diff -up rp-pppoe-3.12/man/pppoe-status.8.config rp-pppoe-3.12/man/pppoe-status.8
-diff -up rp-pppoe-3.12/man/pppoe-stop.8.config rp-pppoe-3.12/man/pppoe-stop.8
---- rp-pppoe-3.12/man/pppoe-stop.8.config	2015-11-16 16:40:18.061006832 +0100
-+++ rp-pppoe-3.12/man/pppoe-stop.8	2015-11-16 16:43:23.050902476 +0100
-@@ -9,7 +9,7 @@ pppoe-stop \- Shell script to shut down
- .SH DESCRIPTION
- \fBpppoe-stop\fR is a shell script which stops the Roaring Penguin
- user-space PPPoE client.  If you omit \fIconfig_file\fR, the default
--file \fB/etc/ppp/pppoe.conf\fR is used.
-+file \fB/etc/sysconfig/network-scripts/ifcfg-ppp0\fR is used.
- 
- .SH AUTHOR
- \fBpppoe-stop\fR was written by Dianne Skoll .
diff --git a/SPECS-EXTENDED/rp-pppoe/rp-pppoe-3.12-plugin.patch b/SPECS-EXTENDED/rp-pppoe/rp-pppoe-3.12-plugin.patch
deleted file mode 100644
index 5b7671724a..0000000000
--- a/SPECS-EXTENDED/rp-pppoe/rp-pppoe-3.12-plugin.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up rp-pppoe-3.12/src/configure.in.than rp-pppoe-3.12/src/configure.in
---- rp-pppoe-3.12/src/configure.in.than	2015-12-11 16:19:38.700092797 +0100
-+++ rp-pppoe-3.12/src/configure.in	2015-12-11 16:20:15.670875690 +0100
-@@ -26,6 +26,7 @@ AC_CHECK_HEADERS(linux/if_pppox.h, [], [
- #include
- #include
- #include
-+#include
- ])
- 
- dnl Checks for typedefs, structures, and compiler characteristics.
-diff -up rp-pppoe-3.12/src/configure.than rp-pppoe-3.12/src/configure
diff --git a/SPECS-EXTENDED/rp-pppoe/rp-pppoe-3.12-pluginpath.patch b/SPECS-EXTENDED/rp-pppoe/rp-pppoe-3.12-pluginpath.patch
deleted file mode 100644
index c322b00a3f..0000000000
--- a/SPECS-EXTENDED/rp-pppoe/rp-pppoe-3.12-pluginpath.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up rp-pppoe-3.12/src/pppoe-server.c.than rp-pppoe-3.12/src/pppoe-server.c
---- rp-pppoe-3.12/src/pppoe-server.c.than	2015-12-17 11:17:30.257775608 +0100
-+++ rp-pppoe-3.12/src/pppoe-server.c	2015-12-17 11:18:44.276951643 +0100
-@@ -2014,7 +2014,7 @@ startPPPDLinuxKernelMode(ClientSession *
- 
-     argv[c++] = "pppd";
-     argv[c++] = "plugin";
--    argv[c++] = PLUGIN_PATH;
-+    argv[c++] = "rp-pppoe.so";
- 
-     /* Add "nic-" to interface name */
-     snprintf(buffer, SMALLBUF, "nic-%s", session->ethif->name);
diff --git a/SPECS-EXTENDED/rp-pppoe/rp-pppoe-manpages.patch b/SPECS-EXTENDED/rp-pppoe/rp-pppoe-manpages.patch
deleted file mode 100644
index fd0f24009e..0000000000
--- a/SPECS-EXTENDED/rp-pppoe/rp-pppoe-manpages.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-diff -up rp-pppoe-3.12/man/pppoe.8.than rp-pppoe-3.12/man/pppoe.8
---- rp-pppoe-3.12/man/pppoe.8.than	2015-11-11 16:10:01.000000000 +0100
-+++ rp-pppoe-3.12/man/pppoe.8	2016-06-03 17:24:49.649336285 +0200
-@@ -32,6 +32,10 @@ triggered.  The best way to do this is t
- PPPoE timeout to be about four times the LCP echo interval.
- 
- .TP
-+.B \-t \fItimeout\fR
-+The \fB\-t\fR option sets the initial timeout for discovery packets in seconds.
-+
-+.TP
- .B \-D \fIfile_name\fR
- The \fB\-D\fR option causes every packet to be dumped to the specified
- \fIfile_name\fR.  This is intended for debugging only; it produces huge
-@@ -147,6 +151,10 @@ the peer you are dealing with uses non-s
- ISP uses non-standard frame types, complain!
- 
- .TP
-+.B \-F numfloods
-+The \fB\-F\fR option sets the discovery flood, only used for stress-testing.
-+
-+.TP
- .B \-h
- The \fB\-h\fR option causes \fBpppoe\fR to print usage information and
- exit.
-diff -up rp-pppoe-3.12/man/pppoe-server.8.than rp-pppoe-3.12/man/pppoe-server.8
---- rp-pppoe-3.12/man/pppoe-server.8.than	2016-06-03 17:24:49.641336586 +0200
-+++ rp-pppoe-3.12/man/pppoe-server.8	2016-06-03 17:24:49.650336248 +0200
-@@ -77,12 +77,20 @@ PADI and PADR packets are ignored.  If y
- then no limit is imposed on the number of sessions per peer MAC address.
- 
- .TP
-+.B \-P
-+Check pool file for correctness and exit.
-+
-+.TP
- .B \-s
- This option is passed directly to \fBpppoe\fR; see \fBpppoe\fR(8) for
- details.  In addition, it causes \fBpppd\fR to be invoked with the
- \fIsync\fR option.
- 
- .TP
-+.B \-l
-+Increment local IP address for each session.
-+
-+.TP
- .B \-L \fIip\fR
- Sets the local IP address.  This is passed to spawned \fBpppd\fR processes.
- If not specified, the default is 10.0.0.1.
-@@ -147,6 +155,10 @@ handing out sessions in order, the sessi
- unpredictable order.
- 
- .TP
-+.B \-d
-+Debug session creation.
-+
-+.TP
- .B \-u
- Tells the server to invoke \fBpppd\fR with the \fIunit\fR option.  Note
- that this option only works for \fBpppd\fR version 2.4.0 or newer.
-diff -up rp-pppoe-3.12/src/pppoe.c.than rp-pppoe-3.12/src/pppoe.c
---- rp-pppoe-3.12/src/pppoe.c.than	2016-06-03 17:24:49.650336248 +0200
-+++ rp-pppoe-3.12/src/pppoe.c	2016-06-03 17:27:40.888903213 +0200
-@@ -380,6 +380,7 @@ usage(char const *argv0)
- 	    "   -k             -- Kill a session with PADT (requires -e)\n"
- 	    "   -d             -- Perform discovery, print session info and exit.\n"
- 	    "   -f disc:sess   -- Set Ethernet frame types (hex).\n"
-+       "   -F numfloods   -- Set the discovery flood, only used for stress-testing.\n"
- 	    "   -h             -- Print usage information.\n\n"
- 	    "PPPoE Version %s, Copyright (C) 2001-2015 Roaring Penguin Software Inc.\n"
- 	    "PPPoE comes with ABSOLUTELY NO WARRANTY.\n"
diff --git a/SPECS-EXTENDED/rp-pppoe/rp-pppoe.signatures.json b/SPECS-EXTENDED/rp-pppoe/rp-pppoe.signatures.json
index b9bc331c68..011838b275 100644
--- a/SPECS-EXTENDED/rp-pppoe/rp-pppoe.signatures.json
+++ b/SPECS-EXTENDED/rp-pppoe/rp-pppoe.signatures.json
@@ -1,11 +1,5 @@
 {
  "Signatures": {
-  "pppoe-connect": "5ec49da5dd0c37ef8d44f9a5e936d7da8962fdda82e0f6911beb7f7eee55bffa",
-  "pppoe-server.service": "b0c7d3794d86c4831a8a86b10a9e93de5fc74ec0ad1dad69c765d7b6dabe2911",
-  "pppoe-setup": "ebde9256a43f7aa830fd592042e52109f5bbcf65c0375b43104224b3b8a3ccc7",
-  "pppoe-start": "62024fa05daee6c79d7b1d90c4c2043421e06b1b35dc4aa9c3384cf7c241dbb4",
-  "pppoe-status": "348f7ec2c76ab6d64022291b3c0228c6289c03eee91487dc42e59b2ceca50248",
-  "pppoe-stop": "ba52014d97c686eec8a2799698a831f6425b3895692816a0455c44edc48c6e80",
-  "rp-pppoe-3.12.tar.gz": "00794e04031546b0e9b8cf286f2a6d1ccfc4a621b2a3abb2d7ef2a7ab7cc86c2"
+  "rp-pppoe-4.0.tar.gz": "41ac34e5db4482f7a558780d3b897bdbb21fae3fef4645d2852c3c0c19d81cea"
  }
 }
diff --git a/SPECS-EXTENDED/rp-pppoe/rp-pppoe.spec b/SPECS-EXTENDED/rp-pppoe/rp-pppoe.spec
index 022e93ee75..7708331184 100644
--- a/SPECS-EXTENDED/rp-pppoe/rp-pppoe.spec
+++ b/SPECS-EXTENDED/rp-pppoe/rp-pppoe.spec
@@ -1,28 +1,15 @@
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Name: rp-pppoe
-Version: 3.12
-Release: 16%{?dist}
+Version: 4.0
+Release: 6%{?dist}
 Summary: A PPP over Ethernet client (for xDSL support).
-License: GPLv2+
-Url: https://dianne.skoll.ca/projects/rp-pppoe
-
-Source: https://dianne.skoll.ca/projects/rp-pppoe/download/OLD/rp-pppoe-%{version}.tar.gz
-Source1: pppoe-connect
-Source2: pppoe-setup
-Source3: pppoe-start
-Source4: pppoe-status
-Source5: pppoe-stop
-Source6: pppoe-server.service
-
-Patch0: rp-pppoe-3.12-man.patch
-Patch1: rp-pppoe-3.12-ip-allocation.patch
-Patch2: rp-pppoe-3.12-doc.patch
-Patch3: rp-pppoe-3.12-plugin.patch
-Patch4: rp-pppoe-3.12-pluginpath.patch
-Patch5: rp-pppoe-manpages.patch
-Patch6: rp-pppoe-3.12-bz#1469960-new-kernel-header.patch
+License: GPL-2.0-or-later
+Url: https://dianne.skoll.ca/projects/rp-pppoe/
 
+Source: https://downloads.uls.co.za/rp-pppoe/rp-pppoe-%{version}.tar.gz
+
+BuildRequires: make
 BuildRequires: libtool
 BuildRequires: autoconf
 BuildRequires: automake
@@ -46,66 +33,79 @@ require any kernel modifications. It is fully compliant with RFC 2516,
 the official PPPoE specification.
 
 %prep
-%setup -q
-%patch 0 -p1 -b .config
-%patch 1 -p1 -b .ip-allocation
-%patch 2 -p1
-%patch 3 -p1
-%patch 4 -p1 -b .pluginpath
-%patch 5 -p1 -b .manpages
-%patch 6 -p1 -b .bz#1469960-new-kernel-header
+%autosetup -p1
 
 %build
 cd src
-autoconf
-export CFLAGS="%{optflags} -D_GNU_SOURCE -fno-strict-aliasing"
-%configure --docdir=%{_pkgdocdir} --enable-plugin
+%configure #--docdir=%{_pkgdocdir}
 make
 
 %install
 mkdir -p %{buildroot}%{_sbindir} %{buildroot}%{_unitdir}
 
 make -C src install DESTDIR=%{buildroot}
+rm -rf %{buildroot}/etc/ppp/plugins
 
-install -m 0755 %{SOURCE1} %{buildroot}%{_sbindir}
-install -m 0755 %{SOURCE2} %{buildroot}%{_sbindir}
-install -m 0755 %{SOURCE3} %{buildroot}%{_sbindir}
-install -m 0755 %{SOURCE4} %{buildroot}%{_sbindir}
-install -m 0755 %{SOURCE5} %{buildroot}%{_sbindir}
-install -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/pppoe-server.service
+%files
+%config(noreplace) %{_sysconfdir}/ppp/pppoe-server-options
+%{_sbindir}/*
+%{_mandir}/man?/*
+%doc %{_docdir}/*
 
-ln -sf pppoe-stop %{buildroot}%{_sbindir}/adsl-stop
-ln -sf pppoe-start %{buildroot}%{_sbindir}/adsl-start
-ln -fs pppoe-start.8 %{buildroot}%{_mandir}/man8/adsl-start.8
-ln -fs pppoe-stop.8 %{buildroot}%{_mandir}/man8/adsl-stop.8
+%changelog
+* Mon Mar 17 2025 Aninda Pradhan  - 4.0-6
+- Initial Azure Linux import from Fedora 41 (license: MIT)
+- License Verified
 
-rm -rf %{buildroot}/etc/ppp/pppoe.conf \
-       %{buildroot}/etc/rc.d/init.d/pppoe \
-       %{buildroot}/%{_sysconfdir}/ppp/plugins
+* Fri Jul 19 2024 Fedora Release Engineering  - 4.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
 
-%post
-%systemd_post pppoe-server.service
+* Fri Jan 26 2024 Fedora Release Engineering  - 4.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
-%preun
-%systemd_preun pppoe-server.service
+* Mon Jan 22 2024 Fedora Release Engineering  - 4.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
-%postun
-%systemd_postun_with_restart pppoe-server.service
+* Fri Jul 21 2023 Fedora Release Engineering  - 4.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 
-%files
-%license doc/LICENSE
-%doc scripts/pppoe-connect scripts/pppoe-setup scripts/pppoe-init
-%doc scripts/pppoe-start scripts/pppoe-status scripts/pppoe-stop
-%doc SERVPOET README configs doc
-%config(noreplace) %{_sysconfdir}/ppp/pppoe-server-options
-%config(noreplace) %{_sysconfdir}/ppp/firewall*
-%{_unitdir}/pppoe-server.service
-%{_sbindir}/*
-%{_mandir}/man?/*
+* Thu Apr 27 2023 Than Ngo  - 4.0-1
+- fix #2190023, update to 4.0
 
-%changelog
-* Fri Oct 15 2021 Pawel Winogrodzki  - 3.12-16
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Fri Jan 20 2023 Fedora Release Engineering  - 3.15-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Sat Jul 23 2022 Fedora Release Engineering  - 3.15-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Fri Jan 21 2022 Fedora Release Engineering  - 3.15-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 3.15-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri May 07 2021 Than Ngo  - 3.15-1
+- fix bz#1958237, Rebase to 3.15
+
+* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek  - 3.14-5
+- Rebuilt for updated systemd-rpm-macros
+  See https://pagure.io/fesco/issue/2583.
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 3.14-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Sat Aug 01 2020 Fedora Release Engineering  - 3.14-3
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering  - 3.14-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jun 03 2020 Than Ngo  - 3.14-1
+- update to 3.14
+
+* Wed Apr 08 2020 Than Ngo  - 3.13-1
+- update to 3.13
 
 * Thu Jan 30 2020 Fedora Release Engineering  - 3.12-15
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
diff --git a/SPECS-EXTENDED/rubygem-flexmock/flexmock-create-missing-test-files.sh b/SPECS-EXTENDED/rubygem-flexmock/flexmock-create-missing-test-files.sh
deleted file mode 100644
index d161658ef5..0000000000
--- a/SPECS-EXTENDED/rubygem-flexmock/flexmock-create-missing-test-files.sh
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/bash
-
-usage() {
-	echo "$0 "
-}
-
-set -e
-set -x
-
-if [ $# -lt 1 ] ; then
-	usage
-	exit 1
-fi
-
-VERSION=$1
-
-TMPDIR=$(mktemp -d /var/tmp/flexmock-XXXXXX)
-CURDIR=$(pwd)
-
-pushd $TMPDIR
-
-git clone https://github.com/doudou/flexmock.git
-
-cd flexmock
-git reset --hard $VERSION
-cd ..
-
-tar czf $CURDIR/flexmock-${VERSION}-test-missing-files.tar.gz flexmock/test/
-
-popd
-rm -rf $TMPDIR
-
diff --git a/SPECS-EXTENDED/rubygem-flexmock/rubygem-flexmock.signatures.json b/SPECS-EXTENDED/rubygem-flexmock/rubygem-flexmock.signatures.json
index ff9c4077e0..56b0d60c0b 100644
--- a/SPECS-EXTENDED/rubygem-flexmock/rubygem-flexmock.signatures.json
+++ b/SPECS-EXTENDED/rubygem-flexmock/rubygem-flexmock.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "rubygem-flexmock-2.3.6.tar.gz": "f52c6858a761ed035080a767c5ac91b65852092eacd1455425ad4c35897178fc"
+  "rubygem-flexmock-3.0.1.tar.gz": "6a151b5ddd1d7b88976c54ae6dc268511265c0a576e239368f869072f23a9e56"
  }
-}
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/rubygem-flexmock/rubygem-flexmock.spec b/SPECS-EXTENDED/rubygem-flexmock/rubygem-flexmock.spec
index edab1f7b9a..e05e9c2a63 100644
--- a/SPECS-EXTENDED/rubygem-flexmock/rubygem-flexmock.spec
+++ b/SPECS-EXTENDED/rubygem-flexmock/rubygem-flexmock.spec
@@ -1,21 +1,21 @@
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
 %global	gem_name	flexmock
 
 Summary:	Mock object library for ruby
 Name:		rubygem-%{gem_name}
-Version:	2.3.6
-Release:	8%{?dist}
+Version:	3.0.1
+Release:	2%{?dist}
 License:	MIT
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
 URL:		https://github.com/doudou/flexmock
-Source0:	https://github.com/doudou/%{gem_name}/archive/refs/tags/v%{version}.tar.gz#/rubygem-%{gem_name}-%{version}.tar.gz
+Source0:	https://github.com/doudou/%{gem_name}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 
 Requires:	ruby(release)
 BuildRequires:	ruby(release)
-BuildRequires:	git
 BuildRequires:	rubygems-devel
 BuildRequires:	rubygem(minitest) >= 5
 BuildRequires:	rubygem(rspec) >= 3
+BuildRequires:	git
 Requires:	ruby(rubygems)
 Provides:	rubygem(%{gem_name}) = %{version}-%{release}
 BuildArch:	noarch
@@ -45,15 +45,37 @@ cp -a .%{gem_dir}/* %{buildroot}%{gem_dir}/
 pushd %{buildroot}%{gem_instdir}
 rm -rf \
 	.autotest .gitignore .togglerc .travis.yml .yardopts \
+	.github \
 	Gemfile \
 	Rakefile \
 	flexmock.blurb \
 	flexmock.gemspec \
-	install.rb
+	install.rb \
+	test/ \
+	%{nil}
 popd
 
+rm -f %{buildroot}%{gem_cache}
+
+%check
+cp -a flexmock/test .%{gem_instdir}
+pushd .%{gem_instdir}
+
+export RUBYOPT=-W:deprecated
+export RUBYLIB=$(pwd)/lib:$(pwd):$(pwd)/test
+ruby \
+	-e 'Dir.glob("test/*_test.rb").each {|f| require f}'
+
+# Note: exclude failing tests for now
+rspec test/rspec_integration/ \
+	--exclude-pattern 'test/rspec_integration/spy_example_spec.rb' \
+	%{nil}
+popd
+
+
 %files
 %dir	%{gem_instdir}
+%license	%{gem_instdir}/LICENSE.txt
 %doc	%{gem_instdir}/[A-Z]*
 
 %{gem_libdir}
@@ -67,12 +89,57 @@ popd
 %{gem_docdir}/
 
 %changelog
-* Mon Nov 28 2022 Muhammad Falak  - 2.3.6-8
-- Switch to building tar.gz instead of .gem
-- License verified
+* Thu Dec 19 2024 Akhila Guruju  - 3.0.1-2
+- Initial Azure Linux import from Fedora 41 (license: MIT).
+- License verified.
+
+* Wed Sep 11 2024 Mamoru TASAKA  - 3.0.1-1
+- 3.0.1
+
+* Tue Sep 03 2024 Mamoru TASAKA  - 3.0.0-1
+- 3.0.0
+
+* Fri Jul 19 2024 Fedora Release Engineering  - 2.3.8-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Jan 26 2024 Fedora Release Engineering  - 2.3.8-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Jan 22 2024 Fedora Release Engineering  - 2.3.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Aug 14 2023 Mamoru TASAKA  - 2.3.8-1
+- 2.3.8
+
+* Tue Aug 08 2023 Mamoru TASAKA  - 2.3.6-15
+- Handle MiniTest 5.19+
+
+* Fri Jul 21 2023 Fedora Release Engineering  - 2.3.6-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Fri Jan 20 2023 Fedora Release Engineering  - 2.3.6-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Sat Jul 23 2022 Fedora Release Engineering  - 2.3.6-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Fri Jan 21 2022 Fedora Release Engineering  - 2.3.6-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 2.3.6-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 2.3.6-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Sun Jan 24 2021 Mamoru TASAKA  - 2.3.6-8
+- Patch to support ruby 3.0
+  - Use binding.source_location for test
+  - Properly accept argument and keywords
+  - Relax error message on test a bit
 
-* Fri Oct 15 2021 Pawel Winogrodzki  - 2.3.6-7
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Wed Jul 29 2020 Fedora Release Engineering  - 2.3.6-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 
 * Thu Jan 30 2020 Fedora Release Engineering  - 2.3.6-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
diff --git a/SPECS-EXTENDED/rubygem-pkg-config/rubygem-pkg-config.signatures.json b/SPECS-EXTENDED/rubygem-pkg-config/rubygem-pkg-config.signatures.json
index e4c74f6621..5c8503080c 100644
--- a/SPECS-EXTENDED/rubygem-pkg-config/rubygem-pkg-config.signatures.json
+++ b/SPECS-EXTENDED/rubygem-pkg-config/rubygem-pkg-config.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "pkg-config-1.4.5.tar.gz": "83b92b6e10d38faaede39fa815cc407400ae852e2badfc5b81d318b73861328b"
+  "rubygem-pkg-config-1.5.7.tar.gz": "06fbbe133becb56bb440123792235d2558123ffb181745bc651c306d6b5edb42"
  }
-}
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/rubygem-pkg-config/rubygem-pkg-config.spec b/SPECS-EXTENDED/rubygem-pkg-config/rubygem-pkg-config.spec
index 07360a3b11..838f7dc9f3 100644
--- a/SPECS-EXTENDED/rubygem-pkg-config/rubygem-pkg-config.spec
+++ b/SPECS-EXTENDED/rubygem-pkg-config/rubygem-pkg-config.spec
@@ -1,31 +1,32 @@
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
+# Generated from pkg-config-1.0.3.gem by gem2rpm -*- rpm-spec -*-
 %global	gem_name	pkg-config
 
-%undefine        _changelog_trimtime
-%undefine __brp_mangle_shebangs
+%undefine	__brp_mangle_shebangs
+
+Summary:	A pkg-config implementation by Ruby
+Name:		rubygem-%{gem_name}
+Version:	1.5.7
+Release:	2%{?dist}
+# SPDX confirmed
+License:	LGPL-2.0-or-later
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+URL:		https://github.com/rcairo/pkg-config
 
-Summary:  A pkg-config implementation by Ruby
-Name:     rubygem-%{gem_name}
-Version:  1.4.5
-Release:  4%{?dist}
-License:  LGPLv2+
-URL:      https://github.com/rcairo/pkg-config
-Source0:  https://github.com/ruby-gnome/pkg-config/archive/refs/tags/%{version}.tar.gz#/%{gem_name}-%{version}.tar.gz
+Source0:	https://github.com/ruby-gnome/%{gem_name}/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 # Observe test failure on test_cflags test_cflags_only_I
 # with pkgconf 1.4.2
-Patch0:   rubygem-pkg-config-1.4.4-cflags-result-sort.patch
+Patch0:		rubygem-pkg-config-1.4.4-cflags-result-sort.patch
 
 Requires:	ruby(release)
 BuildRequires:	ruby(release)
 BuildRequires:	rubygems-devel
-%if 0%{?with_check}
+# For %%check
 BuildRequires:	rubygem(test-unit)
+# mkmf.rb requires ruby-devel
 BuildRequires:	ruby-devel
 BuildRequires:	cairo-devel
-%endif
 Requires:	rubygems
-
 BuildArch:	noarch
 Provides:	rubygem(%{gem_name}) = %{version}-%{release}
 
@@ -40,60 +41,97 @@ Requires:	%{name} = %{version}-%{release}
 This package contains documentation for %{name}.
 
 %prep
-%setup -q -n %{gem_name}-%{version}
+%autosetup -p1 -n %{gem_name}-%{version}
 
 %build
 gem build %{gem_name}
 %gem_install
 
 %install
-gem install %{gem_name}-%{version}.gem
+rm -rf %{buildroot}
 
 mkdir -p %{buildroot}%{gem_dir}
 cp -a .%{gem_dir}/* \
 	%{buildroot}/%{gem_dir}/
 
-# Kill unneeded file
-rm -f %{buildroot}%{gem_instdir}/extconf.rb
+pushd %{buildroot}%{gem_instdir}
+rm -rf \
+	Gemfile \
+	Rakefile \
+	test/ \
+	%{nil}
+popd
+rm -f %{buildroot}%{gem_cache}
 
 %check
 pushd .%{gem_instdir}
-#rake test --verbose --trace
-#ruby -Ilib -rubygems test/run-test.rb
-cat > test.rb < - 1.4.5-4
-- Build from .tar.gz source.
-
-* Thu Feb 24 2022 Pawel Winogrodzki  - 1.4.5-3
+* Fri Dec 20 2024 Akhila Guruju  - 1.5.7-2
+- Initial Azure Linux import from Fedora 41 (license: MIT).
 - License verified.
 
-* Fri Oct 15 2021 Pawel Winogrodzki  - 1.4.5-2
-- Initial CBL-Mariner import from Fedora 34 (license: MIT).
+* Fri Oct 25 2024 Mamoru TASAKA  - 1.5.7-1
+- 1.5.7
+
+* Fri Jul 19 2024 Fedora Release Engineering  - 1.5.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Jan 26 2024 Fedora Release Engineering  - 1.5.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Nov 19 2023 Mamoru TASAKA  - 1.5.6-1
+- 1.5.6
+
+* Tue Sep  5 2023 Mamoru TASAKA  - 1.5.5-1
+- 1.5.5
+
+* Thu Aug 31 2023 Mamoru TASAKA  - 1.5.3-1
+- 1.5.3
+
+* Fri Jul 21 2023 Fedora Release Engineering  - 1.5.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Fri Jun 16 2023 Mamoru TASAKA  - 1.5.2-1
+- 1.5.2
+
+* Fri Jan 20 2023 Fedora Release Engineering  - 1.5.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Wed Nov 30 2022 Mamoru TASAKA  - 1.5.1-1
+- 1.5.1
+
+* Sun Jul 31 2022 Mamoru TASAKA  - 1.4.9-1
+- 1.4.9
+
+* Sat Jul 23 2022 Fedora Release Engineering  - 1.4.7-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Fri Jan 21 2022 Fedora Release Engineering  - 1.4.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Mon Jan 17 2022 Mamoru TASAKA  - 1.4.7-1
+- 1.4.7
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 1.4.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Mon Apr 19 2021 Mamoru TASAKA  - 1.4.6-1
+- 1.4.6
 
 * Fri Feb  5 2021 Mamoru TASAKA  - 1.4.5-1
 - 1.4.5
diff --git a/SPECS-EXTENDED/rubygem-sys-filesystem/rubygem-sys-filesystem.signatures.json b/SPECS-EXTENDED/rubygem-sys-filesystem/rubygem-sys-filesystem.signatures.json
new file mode 100644
index 0000000000..8a4f3a9547
--- /dev/null
+++ b/SPECS-EXTENDED/rubygem-sys-filesystem/rubygem-sys-filesystem.signatures.json
@@ -0,0 +1,5 @@
+{
+ "Signatures": {
+  "rubygem-sys-filesystem-1.4.3.tar.gz": "7aa13399be42dc8b7d6ff2bd23dcf932e5feea7b77bbc025ea6f1d26b02be8b2"
+ }
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/rubygem-sys-filesystem/rubygem-sys-filesystem.spec b/SPECS-EXTENDED/rubygem-sys-filesystem/rubygem-sys-filesystem.spec
new file mode 100644
index 0000000000..3532018b08
--- /dev/null
+++ b/SPECS-EXTENDED/rubygem-sys-filesystem/rubygem-sys-filesystem.spec
@@ -0,0 +1,73 @@
+%global gem_name sys-filesystem
+
+Name:           rubygem-%{gem_name}
+Version:        1.4.3
+Release:        6%{?dist}
+Summary:        Interface for gathering filesystem information
+
+License:        Apache-2.0
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+URL:            https://rubygems.org/gems/sys-filesystem
+Source:         https://github.com/djberg96/sys-filesystem/archive/refs/tags/sys-filesystem-1.4.3.tar.gz#/rubygem-sys-filesystem-1.4.3.tar.gz
+
+BuildRequires:  rubygems-devel
+
+BuildArch:      noarch
+
+%description
+%{summary}.
+
+%package doc
+Summary:        Documentation for %{name}
+Requires:       %{name} = %{version}-%{release}
+BuildArch:      noarch
+
+%description doc
+%{summary}.
+
+%prep
+%autosetup -n %{gem_name}-%{gem_name}-%{version}
+ 
+%build
+gem build %{gem_name}.gemspec
+%gem_install
+
+%install
+mkdir -p %{buildroot}%{gem_dir}
+cp -a ./%{gem_dir}/* %{buildroot}%{gem_dir}/
+
+rm -vr %{buildroot}%{gem_instdir}/{certs,spec}
+rm -v %{buildroot}%{gem_cache}
+
+%files
+%license %{gem_instdir}/LICENSE
+%dir %{gem_instdir}
+
+%{gem_libdir}
+%{gem_spec}
+
+%files doc
+%doc %{gem_docdir}
+%doc %{gem_instdir}/{{README,CHANGES,MANIFEST}.md,examples}
+%{gem_instdir}/{Gemfile,Rakefile,%{gem_name}.gemspec}
+
+%changelog
+* Wed Oct 30 2024 Jyoti Kanase  - 1.4.3-6
+- Initial Azure Linux import from Fedora 41 (license: MIT).
+- License verified.
+
+* Fri Jul 19 2024 Fedora Release Engineering  - 1.4.3-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Jan 26 2024 Fedora Release Engineering  - 1.4.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jul 21 2023 Fedora Release Engineering  - 1.4.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Fri Mar 03 2023 Igor Raits  - 1.4.3-2
+- fixup! Initial import
+
+* Fri Mar 03 2023 Igor Raits  - 1.4.3-1
+- Initial import
diff --git a/SPECS-EXTENDED/rust-cbindgen/rust-cbindgen.spec b/SPECS-EXTENDED/rust-cbindgen/rust-cbindgen.spec
index a896e1191f..2764b2fe0d 100644
--- a/SPECS-EXTENDED/rust-cbindgen/rust-cbindgen.spec
+++ b/SPECS-EXTENDED/rust-cbindgen/rust-cbindgen.spec
@@ -2,7 +2,7 @@
 Summary:        Tool for generating C bindings to Rust code
 Name:           rust-cbindgen
 Version:        0.24.3
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -20,8 +20,8 @@ Source2:        cargo_config
 %global rustflags '-Clink-arg=-Wl,-z,relro,-z,now'
 %global _description %{expand:
 A tool for generating C bindings to Rust code.}
-BuildRequires:  cargo >= 1.45
-BuildRequires:  rust >= 1.45
+BuildRequires:  cargo
+BuildRequires:  rust
 
 %description %{_description}
 
@@ -96,6 +96,9 @@ RUSTFLAGS=%{rustflags} cargo test --release
 %endif
 
 %changelog
+* Mon Apr 21 2025 Kavya Sree Kaitepalli  - 0.24.3-2
+- Bump release to build with rust 1.85.0
+
 * Mon Sep 25 2023 Shweta Bindal  - 0.24.3-1
 - Initial CBL-Mariner import from Fedora 38 (license: MIT).
 - License verified
diff --git a/SPECS-EXTENDED/s-nail/s-nail-14.9.25-test-sha256.patch b/SPECS-EXTENDED/s-nail/s-nail-14.9.25-test-sha256.patch
new file mode 100644
index 0000000000..69d7c574e7
--- /dev/null
+++ b/SPECS-EXTENDED/s-nail/s-nail-14.9.25-test-sha256.patch
@@ -0,0 +1,46 @@
+commit 2336b1c31d16dcb24b8390f2166e25ef51fd6b05
+Author: Tomas Korbar 
+Date:   Thu Aug 1 14:10:09 2024 +0200
+
+    Change hash algorithm in testing to sha256
+
+diff --git a/mx-test.sh b/mx-test.sh
+index 119dbcd..239659c 100755
+--- a/mx-test.sh
++++ b/mx-test.sh
+@@ -10025,7 +10025,7 @@ t_s_mime() {
+       # Sign/verify
+       echo bla | ${MAILX} ${ARGS} \
+          -Ssmime-sign -Ssmime-sign-cert=./.tpair.pem -Sfrom=test@localhost \
+-         -Ssmime-sign-digest=sha1 \
++         -Ssmime-sign-digest=sha256 \
+          -S password-test@localhost.smime-cert-key=${_pass} \
+          -s 'S/MIME test' ./.VERIFY >>${ERR} 2>&1
+       check_ex0 ${_z}-estat
+@@ -10036,7 +10036,7 @@ t_s_mime() {
+          { if(!skip) print }
+       ' \
+          < ./.VERIFY > "${MBOX}"
+-      check ${_z} - "${MBOX}" '335634014 644'
++      check ${_z} - "${MBOX}" '374578409 646'
+       _z=`add ${_z} 1`
+ 
+       printf 'verify\nx\n' |
+@@ -10054,7 +10054,7 @@ t_s_mime() {
+       ${MAILX} ${ARGS} \
+          -Smta=test://./.ENCRYPT \
+          -Ssmime-force-encryption -Ssmime-encrypt-recei@ver.com=./.tpair.pem \
+-         -Ssmime-sign-digest=sha1 \
++         -Ssmime-sign-digest=sha256 \
+          -Ssmime-sign -Ssmime-sign-cert=./.tpair.pem -Sfrom=test@localhost \
+          -S password-test@localhost.smime-cert-key=${_pass} \
+          -s 'S/MIME test' recei@ver.com >>${ERR} 2>&1
+@@ -10079,7 +10079,7 @@ t_s_mime() {
+          { if(!skip) print }
+       ' \
+          < ./.DECRYPT > "${MBOX}"
+-      check ${_z} - "${MBOX}" '2602978204 940'
++      check ${_z} - "${MBOX}" '101680387 942'
+       _z=`add ${_z} 1`
+ 
+       (openssl smime -decrypt ${_ossl} -inkey ./.tkey.pem -in ./.ENCRYPT |
diff --git a/SPECS-EXTENDED/s-nail/s-nail-14.9.25.tar.xz.asc b/SPECS-EXTENDED/s-nail/s-nail-14.9.25.tar.xz.asc
new file mode 100644
index 0000000000..d495ce69c7
--- /dev/null
+++ b/SPECS-EXTENDED/s-nail/s-nail-14.9.25.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJmfcS2AAoJEN8IL2ruyML/k08P/0nfqvMnGtPKmr0NhCAC4/A7
+gqI9t7UzSKO+nuTPyqWC2DMPzPhZnv5MvwX3I4frXqlIiEYL3JTelCsZJ5VvMst1
+BP+hUqk8m9NM3mWjxwIHJY6khh1kySq7N8+yBbodRLI0ErjEQ2l2sxUacpoFaD+i
+ntQbgjYocZOw2g7LZFzQGzW6ks4GtozqGRPzEXVQE01uT6VKYXk4xAnqkQKI2rOB
+CPNmIWKIAAIguw1tllPsGgYOg3mmOT/T9RvLr6RYKT61FDpo9d0uNRR+rNOo5aQq
+8RSk7U0edqLzeNt7tZNJS3i1bSQKOvoc8ETh97BF84lb9+2yFqOBIkb9wHlCv8JK
+Os0/WvHNCR8ojTyBSYypSKFA8Bdn2+2pdVT+81fSOMoZyeg6VUNO5ncJcSOLcCt+
+na7Fz2Zsa268SPHIUKDC4N7M5Dsor+Hdg08R8usRnWXdg5JDrOoPMMAdgc9wjFuN
+QXOb1+mhSvN8N92HV3hoMYpP2zoTP9PXPWAZm9UwT8mgyeyIS3o7Nqd/JbC7X+Uc
+M+TmhFCNfMLNM6lYguFzhwhEM6FWOKrOzwS4BVi0/LZB6it9assep14RdbROWb9r
+RvGuz1IlM+bhSKcXc3jfbh+AZwoFeoglgUqLZY5HXxnte+7rcafkD6u7u5+upBcF
+Ex9Fv4UvWeVwkQPIm0A5
+=UW6j
+-----END PGP SIGNATURE-----
diff --git a/SPECS-EXTENDED/s-nail/s-nail-makeflags.patch b/SPECS-EXTENDED/s-nail/s-nail-makeflags.patch
new file mode 100644
index 0000000000..8f63477f0a
--- /dev/null
+++ b/SPECS-EXTENDED/s-nail/s-nail-makeflags.patch
@@ -0,0 +1,21 @@
+commit 6b2c08bcd0e1c34db4b1bf9946a201f03595e36d
+Author: Tomas Korbar 
+Date:   Thu Apr 13 10:20:08 2023 +0200
+
+    Remove sync-mutex from MAKEFLAGS
+
+diff --git a/mk/make-config.sh b/mk/make-config.sh
+index 2d7c619..c12d317 100644
+--- a/mk/make-config.sh
++++ b/mk/make-config.sh
+@@ -1555,6 +1555,10 @@ if feat_yes DOTLOCK; then
+    printf "#real below OPTIONAL_PS_DOTLOCK = \$(VAL_PS_DOTLOCK)\n" >> ${newmk}
+ fi
+ 
++
++# remove sync-mutex option
++MAKEFLAGS=$(printf %b "${MAKEFLAGS}" | ${sed} -e "s#--sync-mutex=[a-zA-Z0-9:/]*##")
++
+ for i in \
+    CWDDIR TOPDIR OBJDIR INCDIR SRCDIR \
+          MX_CWDDIR MX_INCDIR MX_SRCDIR \
diff --git a/SPECS-EXTENDED/s-nail/s-nail.signatures.json b/SPECS-EXTENDED/s-nail/s-nail.signatures.json
new file mode 100644
index 0000000000..8b3da7bcec
--- /dev/null
+++ b/SPECS-EXTENDED/s-nail/s-nail.signatures.json
@@ -0,0 +1,7 @@
+{
+ "Signatures": {
+  "s-nail-14.9.25.tar.xz": "20ff055be9829b69d46ebc400dfe516a40d287d7ce810c74355d6bdc1a28d8a9",
+  "s-nail-14.9.25.tar.xz.asc": "a90c84f46469234f7bb508c644a69cdb9429d6831be2a4c74c7fc1794f35961b",
+  "steffen.asc": "feadd015059dde7c06d971288e8d3ce7cc8087007696ebca2d1232a6e87f0d1a"
+ }
+}
diff --git a/SPECS-EXTENDED/s-nail/s-nail.spec b/SPECS-EXTENDED/s-nail/s-nail.spec
new file mode 100644
index 0000000000..6db8355627
--- /dev/null
+++ b/SPECS-EXTENDED/s-nail/s-nail.spec
@@ -0,0 +1,220 @@
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+Name:           s-nail
+Version:        14.9.25
+Release:        2%{?dist}
+Summary:        Environment for sending and receiving mail, providing functionality of POSIX mailx
+
+# Everything is ISC except parts coming from the original Heirloom mailx which are BSD
+License:        ISC AND BSD-4-Clause-UC AND BSD-3-Clause AND HPND-sell-variant
+URL:            https://www.sdaoden.eu/code.html#s-nail
+Source0:        https://www.sdaoden.eu/downloads/%{name}-%{version}.tar.xz
+Source1:        https://www.sdaoden.eu/downloads/%{name}-%{version}.tar.xz.asc
+# https://ftp.sdaoden.eu/steffen.asc
+Source2:        steffen.asc
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=2171723
+Patch0:		s-nail-makeflags.patch
+Patch1:		s-nail-14.9.25-test-sha256.patch
+
+BuildRequires:  make
+BuildRequires:  gnupg2
+BuildRequires:  gcc
+BuildRequires:  openssl
+BuildRequires:  openssl-devel
+BuildRequires:  krb5-devel
+BuildRequires:  libidn2-devel
+BuildRequires:  ncurses-devel
+
+Requires(pre):  %{_sbindir}/update-alternatives
+
+Provides:       mailx = %{version}-%{release}
+Obsoletes:      mailx < 12.6
+
+# For backwards compatibility
+Provides: /bin/mail
+Provides: /bin/mailx
+
+
+%description
+S-nail provides a simple and friendly environment for sending
+and receiving mail. It is intended to provide the functionality
+of the POSIX mailx(1) command, but is MIME capable and optionally offers
+extensions for line editing, S/MIME, SMTP and POP3, among others.
+S-nail divides incoming mail into its constituent messages and allows
+the user to deal with them in any order. It offers many commands
+and internal variables for manipulating messages and sending mail.
+It provides the user simple editing capabilities to ease the composition
+of outgoing messages, and increasingly powerful and reliable
+non-interactive scripting capabilities.
+
+
+%prep
+%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
+
+%autosetup -p1
+
+cat <>nail.rc
+
+# Fedora-specific defaults
+set bsdcompat
+set noemptystart
+set prompt='& '
+EOF
+
+
+%build
+%make_build \
+    CFLAGS="%{build_cflags}" \
+    LDFLAGS="%{build_ldflags}" \
+    OPT_AUTOCC=no \
+    OPT_DEBUG=yes \
+    OPT_NOMEMDBG=yes \
+    OPT_DOTLOCK=no \
+    VAL_PREFIX=%{_prefix} \
+    VAL_SYSCONFDIR=%{_sysconfdir} \
+    VAL_MAIL=%{_localstatedir}/mail \
+    config
+
+%make_build build
+
+
+%install
+%make_install
+
+# s-nail binary is installed with 0555 permissions, fix that
+chmod 0755 %{buildroot}%{_bindir}/%{name}
+
+# compatibility symlinks
+for f in Mail mail mailx nail; do
+    ln -s %{_bindir}/%{name} %{buildroot}%{_bindir}/$f
+    ln -s %{_mandir}/man1/%{name}.1 %{buildroot}%{_mandir}/man1/$f.1
+done
+
+
+%check
+%if %{defined rhel}
+# SHA-1 is disabled as insecure by RHEL default policies, but used in tests
+export OPENSSL_ENABLE_SHA1_SIGNATURES=yes
+%endif
+make test
+
+
+%pre
+%{_sbindir}/update-alternatives --remove-all mailx >/dev/null 2>&1 || :
+
+
+%files
+%license COPYING
+%doc README
+%{_bindir}/Mail
+%{_bindir}/mail
+%{_bindir}/nail
+%{_bindir}/mailx
+%{_bindir}/%{name}
+%config(noreplace) %{_sysconfdir}/%{name}.rc
+%{_mandir}/man1/Mail.1*
+%{_mandir}/man1/mail.1*
+%{_mandir}/man1/nail.1*
+%{_mandir}/man1/mailx.1*
+%{_mandir}/man1/%{name}.1*
+
+
+%changelog
+* Tue Apr 29 2025 Archana Shettigar  - 14.9.25-2
+- Initial Azure Linux import from Fedora 41 (license: MIT).
+- License verified
+
+* Thu Aug 01 2024 Tomas Korbar  - 14.9.25-1
+- Rebase to 14.9.25
+- Resolves: rhbz#2301265
+- Resolves: rhbz#2295570
+
+* Sat Jul 20 2024 Fedora Release Engineering  - 14.9.24-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Tue Jun 04 2024 Tomas Korbar  - 14.9.24-10
+- Remove RSA-MD from License tag
+
+* Sat Jan 27 2024 Fedora Release Engineering  - 14.9.24-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Dec 11 2023 Nikola Forró  - 14.9.24-8
+- Replace and obsolete mailx
+
+* Wed Nov 01 2023 Tomas Korbar  - 14.9.24-7
+- Add licenses to fully conform to SPDX
+
+* Sat Jul 22 2023 Fedora Release Engineering  - 14.9.24-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Fri Apr 21 2023 Tomas Korbar  - 14.9.24-5
+- Fix s-nail installation without docs
+- Resolves: rhbz#2188620
+
+* Thu Apr 13 2023 Tomas Korbar  - 14.9.24-4
+- Fix s-nail makeflags
+- Resolves: rhbz#2171723
+
+* Sat Jan 21 2023 Fedora Release Engineering  - 14.9.24-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Sat Jul 23 2022 Fedora Release Engineering  - 14.9.24-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Sun Mar 27 2022 Nikola Forró  - 14.9.24-1
+- New upstream release 14.9.24
+  resolves: #2068768
+
+* Sat Jan 22 2022 Fedora Release Engineering  - 14.9.23-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Nov 12 2021 Nikola Forró  - 14.9.23-1
+- New upstream release 14.9.23
+  resolves: #2022552
+
+* Tue Sep 14 2021 Sahana Prasad  - 14.9.22-6
+- Rebuilt with OpenSSL 3.0.0
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 14.9.22-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri May 07 2021 Nikola Forró  - 14.9.22-4
+- Provide /bin/mail{,x} for backwards compatibility
+
+* Wed Apr 14 2021 Nikola Forró  - 14.9.22-3
+- Remove globs in %%files
+
+* Tue Mar 16 2021 Nikola Forró  - 14.9.22-2
+- Fix alternatives
+  related: #1897928
+
+* Wed Feb 24 2021 Nikola Forró  - 14.9.22-1
+- New upstream release 14.9.22
+  resolves: #1932122
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 14.9.21-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Fri Jan 22 2021 Nikola Forró  - 14.9.21-1
+- New upstream release 14.9.21
+  resolves: #1919030
+
+* Mon Dec 14 2020 Nikola Forró  - 14.9.20-1
+- New upstream release 14.9.20
+  resolves: #1907112
+
+* Wed Jul 29 2020 Fedora Release Engineering  - 14.9.19-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Apr 27 2020 Nikola Forró  - 14.9.19-1
+- New upstream release 14.9.19
+- Adjust default configuration to be closer to Heirloom mailx
+- Provide alternativized binaries and man pages
+  resolves: #1827969
+
+* Thu Apr 23 2020 Nikola Forró  - 14.9.18-1
+- Update to the latest upstream release
+
+* Thu Apr 09 2020 Nikola Forró  - 14.9.17-1
+- Initial package
diff --git a/SPECS-EXTENDED/s-nail/steffen.asc b/SPECS-EXTENDED/s-nail/steffen.asc
new file mode 100644
index 0000000000..e78fc8ba47
--- /dev/null
+++ b/SPECS-EXTENDED/s-nail/steffen.asc
@@ -0,0 +1,62 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFogZb4BEADX1RCLsdnBq0IZiNb5HZFsp2G8BnWVM2NJJFbQFI5g+aPhO+5a
+gWM2vgqn/a8zpr2OyP5/rliqMY7sxmOFEYoND0OnekXU7rVbUWpY87uK0qBxO5lo
+ErQfs8sjhjH3RNKsgXyUZVN3a4HCXL2ortS8EJvcQ/2NMAEMAHEG+V4HK+nFNB4u
+OpYa+QHLmTHOuOlhbDIw/dRCWP8o2+e60Juf6KXonA00dSoaMv6lL2UU3znvLHuF
+zYBG4fjm2Rt5gDfehCHzeWWpc/zSTDAQf4oaFfn2JXd3gd1s5k8nKn60azONjBQ7
+3dcpxcmltCYnHVohjJ/oFYSSvWG281P2Ayj67PPdekhuHhifLSut9eKVLVeUsrXo
+wc8GDULIGbsy5BMI9UyHPElB+8UnRQNe3USRCQ6Hr+SYsllLLxpL0O5MrT4ELSFF
+0u6naJzm7+Tq4AqgXcJ0x4siW5ipOwmZYWMbA1dtrgk7cFiUhLl2GWxf54ZvUA60
+D7RfajqAyFXBEGcv37JItj0pbY8R5lqn8jDPOtcdMWBKSVg9lETt+oO30bOFSQok
+QiCJc9r3bimmk+BpxK4PN3pIKKkF7Og8nggIiYzPBWVLtpGcRHOOKSYL9S6mLJPw
+dt2eU6JCNunBuT0DCgJQCsc2a0V2SA/NSPcWBqozq74QFnXxG2Qr21U7IwARAQAB
+tCVTdGVmZmVuIE51cnBtZXNvIDxzdGVmZmVuQHNkYW9kZW4uZXU+iQI9BBMBAgAn
+AhsDBgsJCAcDAgYVCAIJCgsDFgIBAh4BAheABQJbExa9BQkkqYNmAAoJEDCJZLUY
+g6DdIjoQANSSnoG7E4VRbQ/jt6k2zKi2JDnz1J0r5DCmMOI9GfGC7mzTewbarbyo
+rKsOucC+SBBW7YNvUG/p24NK55ig2iXDqmFgKSP1iZ6HrrQrcJOcqdysxk6Mh/Vb
+RroNKXYDnW6xtSrgEgHzxv2Py/4hI8p6G/bkRMZH3LIVsUS11cedOMrxyZbHZIc/
+6VOfxNvt1cd1hZGACzX7sNSjZP8vdxK2zJwKTxsQn6tHJ4RY5qdvbfxxhl1d+JLb
+rZoDjXS0DbHCNPGLyFgTfF66FqceqlprIxpXNspChaJRPkclKLp8PXPdzpGmsN54
+8xNp3Ly+cXKw+ddvi76KHNndUP4FJefSiTvk4Sopzp9JQcYk4nSu0Slu+Oy0+34g
+u7foKla0rgWNLzcLXzptkJ7/kqzi+OcZa0XKG3vTXT2MHr2/emK+675jz5e5RD4c
+vKC3v4bxDj9Wktdq15mGHIPkVXpxe7JsHM2WWBTOGzPg+CO5Svh25rnnS6SBf2bH
+/DbSPn6dfUQ98bCWTEBGDidjk1NjkRYFsJAmyw9tDk8b8orhbEBp3cSSw2bhD2Sv
+CzCwr0A9OuqQdFmbT4hEHQiCliJTdAMxc/C3EKA+MRo8dvZBWvOw43zhDVHGnrrG
+9YE0JZghAuZ1QEBBKvBFNmi3leCTltrHLaODutuHHqRPnolFBo+cuQINBFsSq/cB
+EAC0RPc7uMOo/9Mc/oIgxTjSLn68bioste9qJtO0iKJqu+5xd0FFAdlP1JzL4+r2
+nAl3qIev1EVIVx9hUeB5eLtZWR+OADmESSacdvYuPaDdLfIhqBI1kLH0jMS+lPHN
+o3bsjjGmn2av511JEB4twyMib1Isl46L14hmvbt0vPXoE8+x8EogUkg7H2pdhN4Q
+nz5j2WT0iVoMXnqG7ADeyjTOHKcJdnbmGQbdDaBBFKTE6QoYLSKX7SBb5DCmqHfo
+uN69lL/GeeHr/c9/XSy62yl/IUWvHE6TDXdGgdR/WjrYS9q5WZq0wXtoEWKGHWBD
+ewsfqvwn+K10v/ZWEjSMeFnFbEtf9ddRH7nYrrduL7G/YNXC1Pb0l8+WsVyAONBl
+urj5RXQLHdGICY0nyFH9LNY9OKnGBPIR2aRva0xU0xvpvUanxFC5s4zfvBL7on02
+cTRwOZ8W6/uiIFS6Cog3BLMjVBfg7E6ofMgTeOdfGXM63kl+tP8Mykn554fqhucw
+GwK28/jCQFTkk8zbZ9TmbD+zJEn2H4TXr92g3wzuIWEENgwhDCFa38ZpNH4t1nfK
+xh+2nK/iLBagtFH7/ljkBYoT9GEVMtyvEijpPx1mh1+CKOseI1ZPYNvjSgOBpcIH
+2xwtGjp8g9040QBpCNABBjcgy8XHvJgu6KpOZjp6vyDX0wARAQABiQQ+BBgBAgAJ
+BQJbEqv3AhsCAikJEDCJZLUYg6DdwV0gBBkBAgAGBQJbEqv3AAoJEN8IL2ruyML/
+RckP/0MYILZhSJgDz/TkrU8whK0B4EeqSI9C0k3ofjLf8VyYmWztOLPcygQmH0UO
+OqaG60T+RJlg7AjOI5AS5OoDS94VL1MQW1M41lHZO9CkV4Ww6QB0ukHHZuiOe18b
+kgS/mgySn66ALWD3gO3bZBESCKtK3JnPNo6xhR+4WUTOZy1bxRk275FFfkXPOEnf
+e3Q8iafQOtiGca16PcL8ehe7PW2RMUG0GcFIdh/L1L7I1DAmhaHzSnMUc1UVmU/q
+F/OxE6f5ZjrFCaRUxpu2jzKneGIJa/JSKKlrgZmZOjs3hZuWL6PgOFWuHeyjTHgs
+dLGXTrcFIwr3S0lc1OqsuufokmEHbSMGVfZqNtNoJUabj5DAw3e8vhKu7mQIoEZ2
+i9/CH+AWZfGmsxZIUmHXbpJAdwtqdSxbsR+rONwvy1eZMycDdC18yKE2KSoxfyti
+XN2aeMpy6CLfpcxuh/9MoACUs/O3Yft2602zs1KQaHHlrWnrhOMi/8drnh8N6K1o
+kZTc+OImBHnBBuAOsPxx478tMvU5LUW3Plw25bzNv4clZalLKQKza09Unj8HYAkh
+YeT3/usyTYfCUI6+JfcxFJ8/l4kYb0buv21ofREzpNIEEBaoS9avTk3LE7SXFjuA
+ElR3XjY0US5DXWdjt9RUyPN1j6hTn9GxJ/dRl8XOWFQ1RzahrwgP/308SgiP7mzG
+t4tRUdcQCBB3pbmBXJV7wACmawOfQddc+rbLtL+akh7VkrmPcmSMZ9chdbMUuqNE
+Auw67+YzjZJNYHlA/cHQ6PYCHxTahMFhMBOM6TIvBcuzT7iIbqF2EjXLfiESslAT
+vit7n3R/ActSu7pabcRE2Ep7UzUY28+xGkfdFOrm9X/65tGo39F2UELes4EjMvNh
+jWfR0Y7grjIF9SK3o+QgN7niM6lEvXRDXwh+RLpG4MAisJsFYbMvX6v/27HmCVEK
+ZLVOdXxPDTBmK2ap6qnIct8otCNSTB3VauSd4p/IIksP2gynWjvdzIO5p+O0M/pi
+xzvvK3OknRt2S02ShCHm8nIkGzElRhUQahSMCfT1NhWpn5IUpkpepo2WH3m0OTlA
+zbpvtn+ZmsgzCf8Ap8SmXgLR/XGQSYnYuwqA0M3tp6DM1zM9D1xtu/2/m3tsLusW
++NwJ97yZ50yoOUKd2hmKWmPH2JAea4ZtKwIE15Cq2u/1wDAqVoAKLnM5cd6yI7+B
+tbTgqI+dojGKYirC/Z5RqyvwQfmzNCcoYQLjY1g9mY7ACkBKK10tmkJ1K3SMLrwY
+kmQ2QWxpdN2N68BJ7A4GxZrT4yICuJlbXshKw3QrbAUD9CUSO7MtJFkoaIjIoHZ5
+V0T07f+MbJVGC4WaNX+cCT/V7vyMm2ue
+=GCaq
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/SPECS-EXTENDED/stunnel/stunnel-5.56-coverity.patch b/SPECS-EXTENDED/stunnel/stunnel-5.56-coverity.patch
deleted file mode 100644
index 0fc8c98922..0000000000
--- a/SPECS-EXTENDED/stunnel/stunnel-5.56-coverity.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From c705c47f486cff5b6d79ca3183a6faec015f3ac1 Mon Sep 17 00:00:00 2001
-From: Sahana Prasad 
-Date: Mon, 12 Sep 2022 11:07:38 +0200
-Subject: [PATCH 4/8] Apply patch stunnel-5.56-coverity.patch
-
-Patch-name: stunnel-5.56-coverity.patch
-Patch-id: 4
-From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
----
- src/str.c     | 1 +
- src/stunnel.c | 1 -
- 2 files changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/str.c b/src/str.c
-index b9eca81..fd62db8 100644
---- a/src/str.c
-+++ b/src/str.c
-@@ -165,6 +165,7 @@ char *str_vprintf(const char *format, va_list start_ap) {
-     for(;;) {
-         va_copy(ap, start_ap);
-         n=vsnprintf(p, size, format, ap);
-+        va_end(ap);
-         if(n>-1 && n<(int)size)
-             return p;
-         if(n>-1)                /* glibc 2.1 */
-diff --git a/src/stunnel.c b/src/stunnel.c
-index 4ce906b..31115ea 100644
---- a/src/stunnel.c
-+++ b/src/stunnel.c
-@@ -445,7 +445,6 @@ NOEXPORT int accept_connection(SERVICE_OPTIONS *opt, unsigned i) {
- #endif
-     if(create_client(fd, s, alloc_client_session(opt, s, s))) {
-         s_log(LOG_ERR, "Connection rejected: create_client failed");
--        closesocket(s);
- #ifndef USE_FORK
-         service_free(opt);
- #endif
--- 
-2.37.3
-
diff --git a/SPECS-EXTENDED/stunnel/stunnel-5.62-disabled-curves.patch b/SPECS-EXTENDED/stunnel/stunnel-5.62-disabled-curves.patch
deleted file mode 100644
index 4f0e5a8a33..0000000000
--- a/SPECS-EXTENDED/stunnel/stunnel-5.62-disabled-curves.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 2043ed7c27e14310bec49e1df6348af3882db7bb Mon Sep 17 00:00:00 2001
-From: Clemens Lang 
-Date: Mon, 12 Sep 2022 11:07:38 +0200
-Subject: [PATCH 8/8] Limit curves defaults in FIPS mode
-
-Our copy of OpenSSL disables the X25519 and X448 curves in FIPS mode,
-but stunnel defaults to enabling them and then fails to do so.
-
-Patch-name: stunnel-5.62-disabled-curves.patch
-Patch-status: Limit curves defaults in FIPS mode
-Patch-id: 8
-From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
----
- src/options.c | 23 +++++++++++++++++++++--
- 1 file changed, 21 insertions(+), 2 deletions(-)
-
-diff --git a/src/options.c b/src/options.c
-index 09d02bd..fe4e776 100644
---- a/src/options.c
-+++ b/src/options.c
-@@ -39,8 +39,10 @@
- 
- #if OPENSSL_VERSION_NUMBER >= 0x10101000L
- #define DEFAULT_CURVES "X25519:P-256:X448:P-521:P-384"
-+#define DEFAULT_CURVES_FIPS "P-256:P-521:P-384"
- #else /* OpenSSL version < 1.1.1 */
- #define DEFAULT_CURVES "prime256v1"
-+#define DEFAULT_CURVES_FIPS "prime256v1"
- #endif /* OpenSSL version >= 1.1.1 */
- 
- #if defined(_WIN32_WCE) && !defined(CONFDIR)
-@@ -1847,7 +1849,7 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
-     /* curves */
-     switch(cmd) {
-     case CMD_SET_DEFAULTS:
--        section->curves=str_dup_detached(DEFAULT_CURVES);
-+        section->curves = NULL;
-         break;
-     case CMD_SET_COPY:
-         section->curves=str_dup_detached(new_service_options.curves);
-@@ -1862,9 +1864,26 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
-         section->curves=str_dup_detached(arg);
-         return NULL; /* OK */
-     case CMD_INITIALIZE:
-+        if(!section->curves) {
-+            /* this is only executed for global options, because
-+             * section->curves is no longer NULL in sections */
-+#ifdef USE_FIPS
-+            if(new_global_options.option.fips)
-+                section->curves=str_dup_detached(DEFAULT_CURVES_FIPS);
-+            else
-+#endif /* USE_FIPS */
-+                section->curves=str_dup_detached(DEFAULT_CURVES);
-+        }
-         break;
-     case CMD_PRINT_DEFAULTS:
--        s_log(LOG_NOTICE, "%-22s = %s", "curves", DEFAULT_CURVES);
-+        if(fips_available()) {
-+            s_log(LOG_NOTICE, "%-22s = %s %s", "curves",
-+                DEFAULT_CURVES_FIPS, "(with \"fips = yes\")");
-+            s_log(LOG_NOTICE, "%-22s = %s %s", "curves",
-+                DEFAULT_CURVES, "(with \"fips = no\")");
-+        } else {
-+            s_log(LOG_NOTICE, "%-22s = %s", "curves", DEFAULT_CURVES);
-+        }
-         break;
-     case CMD_PRINT_HELP:
-         s_log(LOG_NOTICE, "%-22s = ECDH curve names", "curves");
--- 
-2.37.3
-
diff --git a/SPECS-EXTENDED/tk/tk-8.6.12-conf.patch b/SPECS-EXTENDED/tk/tk-8.6.12-conf.patch
new file mode 100644
index 0000000000..42c4353ffc
--- /dev/null
+++ b/SPECS-EXTENDED/tk/tk-8.6.12-conf.patch
@@ -0,0 +1,22 @@
+diff --git a/unix/tcl.m4 b/unix/tcl.m4
+index f3d08ec..1a8d6b6 100644
+--- a/unix/tcl.m4
++++ b/unix/tcl.m4
+@@ -1382,7 +1382,7 @@ AC_DEFUN([SC_CONFIG_CFLAGS], [
+ 	    # get rid of the warnings.
+ 	    #CFLAGS_OPTIMIZE="${CFLAGS_OPTIMIZE} -D__NO_STRING_INLINES -D__NO_MATH_INLINES"
+ 
+-	    SHLIB_LD='${CC} ${CFLAGS} ${LDFLAGS} -shared'
++	    SHLIB_LD='${CC} ${CFLAGS} ${LDFLAGS} -shared -Wl,-soname,${@}'
+ 	    DL_OBJS="tclLoadDl.o"
+ 	    DL_LIBS="-ldl"
+ 	    LDFLAGS="$LDFLAGS -Wl,--export-dynamic"
+@@ -1398,7 +1398,7 @@ AC_DEFUN([SC_CONFIG_CFLAGS], [
+             esac
+ 
+ 	    AS_IF([test $doRpath = yes], [
+-		CC_SEARCH_FLAGS='"-Wl,-rpath,${LIB_RUNTIME_DIR}"'])
++		CC_SEARCH_FLAGS=''])
+ 	    LD_SEARCH_FLAGS=${CC_SEARCH_FLAGS}
+ 	    AS_IF([test "`uname -m`" = "alpha"], [CFLAGS="$CFLAGS -mieee"])
+ 	    AS_IF([test $do64bit = yes], [
diff --git a/SPECS-EXTENDED/tk/tk-8.6.12-make.patch b/SPECS-EXTENDED/tk/tk-8.6.12-make.patch
new file mode 100644
index 0000000000..8a167229e1
--- /dev/null
+++ b/SPECS-EXTENDED/tk/tk-8.6.12-make.patch
@@ -0,0 +1,13 @@
+diff --git a/unix/Makefile.in b/unix/Makefile.in
+index 010ba48..2372d57 100644
+--- a/unix/Makefile.in
++++ b/unix/Makefile.in
+@@ -745,7 +745,7 @@ install-binaries: $(TK_STUB_LIB_FILE) $(TK_LIB_FILE) ${WISH_EXE}
+ 	    fi
+ 	@echo "Installing $(LIB_FILE) to $(DLL_INSTALL_DIR)/"
+ 	@@INSTALL_LIB@
+-	@chmod 555 "$(DLL_INSTALL_DIR)/$(LIB_FILE)"
++	@chmod 755 "$(DLL_INSTALL_DIR)/$(LIB_FILE)"
+ 	@if test -f "tk${MAJOR_VERSION}${MINOR_VERSION}.dll"; then \
+ 	    $(INSTALL_LIBRARY) "tk${MAJOR_VERSION}${MINOR_VERSION}.dll" "$(DLL_INSTALL_DIR)";\
+ 	    chmod 555 "$(DLL_INSTALL_DIR)/tk${MAJOR_VERSION}${MINOR_VERSION}.dll";\
diff --git a/SPECS-EXTENDED/tk/tk.signatures.json b/SPECS-EXTENDED/tk/tk.signatures.json
index eb5e1d5db2..ded7e3efdc 100644
--- a/SPECS-EXTENDED/tk/tk.signatures.json
+++ b/SPECS-EXTENDED/tk/tk.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "tk8.6.10-src.tar.gz": "63df418a859d0a463347f95ded5cd88a3dd3aaa1ceecaeee362194bc30f3e386"
+  "tk8.6.13-src.tar.gz": "2e65fa069a23365440a3c56c556b8673b5e32a283800d8d9b257e3f584ce0675"
  }
 }
diff --git a/SPECS-EXTENDED/tk/tk.spec b/SPECS-EXTENDED/tk/tk.spec
index 0f9899c2a1..1ebe95f909 100644
--- a/SPECS-EXTENDED/tk/tk.spec
+++ b/SPECS-EXTENDED/tk/tk.spec
@@ -1,40 +1,39 @@
 %define majorver 8.6
-%define vers %{majorver}.10
-Summary:        The graphical toolkit for the Tcl scripting language
-Name:           tk
-Version:        %{vers}
-Release:        6%{?dist}
-License:        TCL
+%define vers %{majorver}.13
+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
-URL:            https://tcl.sourceforge.net
-Source0:        https://download.sourceforge.net/sourceforge/tcl/%{name}%{version}-src.tar.gz
-Patch0:         tk-8.6.10-make.patch
-Patch1:         tk-8.6.10-conf.patch
-Patch2:         tk-8.6.7-no-fonts-fix.patch
-# https://core.tcl-lang.org/tk/tktview/dccd82bdc70dc25bb6709a6c14880a92104dda43
-Patch3:         tk-8.6.10-font-sizes-fix.patch
-BuildRequires:  autoconf
-BuildRequires:  gcc
-BuildRequires:  libX11-devel
-BuildRequires:  libXft-devel
-BuildRequires:  tcl-devel >= %{vers}
-Requires:       tcl >= %{vers}
+Summary: The graphical toolkit for the Tcl scripting language
+Name: tk
+Version: %{vers}
+Release: 4%{?dist}
+License: TCL AND HPND-Pbmplus AND CC-BY-SA-3.0 AND MIT-open-group AND MIT
+URL: https://tcl.sourceforge.net
+Source0: https://download.sourceforge.net/sourceforge/tcl/%{name}%{version}-src.tar.gz
+Requires: tcl = %{vers}
+BuildRequires: make
+BuildRequires: gcc
+BuildRequires: tcl-devel = %{vers}, autoconf
+BuildRequires: libX11-devel
+BuildRequires: libXft-devel
 # panedwindow.n from itcl conflicts
-Conflicts:      itcl <= 3.2
-Obsoletes:      tile <= 0.8.2
-Provides:       tile = 0.8.2
+Conflicts: itcl <= 3.2
+Obsoletes: tile <= 0.8.2
+Provides: tile = 0.8.2
+Patch1: tk-8.6.12-make.patch
+Patch2: tk-8.6.12-conf.patch
+# https://core.tcl-lang.org/tk/tktview/dccd82bdc70dc25bb6709a6c14880a92104dda43
+Patch3: tk-8.6.10-font-sizes-fix.patch
 
 %description
 When paired with the Tcl scripting language, Tk provides a fast and powerful
 way to create cross-platform GUI applications.
 
 %package devel
-Summary:        Tk graphical toolkit development files
-Requires:       %{name} = %{version}-%{release}
-Requires:       libX11-devel
-Requires:       libXft-devel
-Requires:       tcl-devel >= %{vers}
+Summary: Tk graphical toolkit development files
+Requires: %{name} = %{version}-%{release}
+Requires: tcl-devel = %{vers}
+Requires: libX11-devel libXft-devel
 
 %description devel
 When paired with the Tcl scripting language, Tk provides a fast and powerful
@@ -49,7 +48,7 @@ The package contains the development files and man pages for tk.
 cd unix
 autoconf
 %configure --enable-threads
-make %{?_smp_mflags} CFLAGS="%{optflags}" TK_LIBRARY=%{_datadir}/%{name}%{majorver}
+%make_build CFLAGS="%{optflags}" TK_LIBRARY=%{_datadir}/%{name}%{majorver}
 
 %check
 # do not run "make test" by default since it requires an X display
@@ -92,8 +91,7 @@ sed -i -e "s|$PWD/unix|%{_libdir}|; s|$PWD|%{_includedir}/%{name}-private|" %{bu
 %{_libdir}/%{name}%{majorver}
 %{_mandir}/man1/*
 %{_mandir}/mann/*
-%license license.terms
-%doc README.md changes
+%doc README.md changes license.terms
 
 %files devel
 %{_includedir}/*
@@ -105,15 +103,48 @@ sed -i -e "s|$PWD/unix|%{_libdir}|; s|$PWD|%{_includedir}/%{name}-private|" %{bu
 %{_datadir}/%{name}%{majorver}/tkAppInit.c
 
 %changelog
-* Tue Jan 03 2023 Sumedh Sharma  - 8.6.10-6
-- Fix Requires on tcl/tcl-devel with version contraints
-- License verified
+* Wed Jan 15 2025 Archana Shettigar  - 1:8.6.13-4
+- Initial Azure Linux import from Fedora 40 (license: MIT).
+- License Verified
+
+* Sat Jan 27 2024 Fedora Release Engineering  - 1:8.6.13-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Tue Dec 12 2023 Jaroslav Škarvada  - 1:8.6.13-2
+- Converted license to SPDX
+
+* Tue Aug 29 2023 Jaroslav Škarvada  - 1:8.6.13-1
+- New version
+  Related: rhbz#2231272
+
+* Sat Jul 22 2023 Fedora Release Engineering  - 1:8.6.12-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Sat Jan 21 2023 Fedora Release Engineering  - 1:8.6.12-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Sat Jul 23 2022 Fedora Release Engineering  - 1:8.6.12-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Sat Jan 22 2022 Fedora Release Engineering  - 1:8.6.12-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Tue Nov 23 2021 Jaroslav Škarvada  - 1:8.6.12-1
+- New version
+  Related: rhbz#1488695
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 1:8.6.10-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 1:8.6.10-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 
-* Thu Oct 28 2021 Muhammad Falak  - 8.6.10-5
-- Remove epoch
+* Wed Jul 29 2020 Fedora Release Engineering  - 1:8.6.10-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 
-* Fri Oct 15 2021 Pawel Winogrodzki  - 1:8.6.10-4
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Wed Jul 22 2020 Tom Stellard  - 1:8.6.10-4
+- Use make macros
+- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
 
 * Fri Jan 31 2020 Fedora Release Engineering  - 1:8.6.10-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
diff --git a/SPECS-EXTENDED/uglify-js/uglify-js-esfuzz.patch b/SPECS-EXTENDED/uglify-js/uglify-js-esfuzz.patch
deleted file mode 100644
index cb06e287df..0000000000
--- a/SPECS-EXTENDED/uglify-js/uglify-js-esfuzz.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-commit 2c6570391beeda550f86500e3f7c6eaa992a05b7
-Author: Tom Hughes 
-Date:   Wed Feb 10 18:16:53 2016 +0000
-
-    Patch out tests that require esfuzz
-
-diff --git a/test/run-tests.js b/test/run-tests.js
-index 3ec04fd..96c0613 100755
---- a/test/run-tests.js
-+++ b/test/run-tests.js
-@@ -19,12 +19,6 @@ if (failures) {
- var run_sourcemaps_tests = require('./sourcemaps');
- run_sourcemaps_tests();
- 
--var run_ast_conversion_tests = require("./mozilla-ast");
--
--run_ast_conversion_tests({
--    iterations: 1000
--});
--
- /* -----[ utils ]----- */
- 
- function tmpl() {
diff --git a/SPECS-EXTENDED/uglify-js/uglify-js.signatures.json b/SPECS-EXTENDED/uglify-js/uglify-js.signatures.json
index 51aca709cf..c3b071d3ed 100644
--- a/SPECS-EXTENDED/uglify-js/uglify-js.signatures.json
+++ b/SPECS-EXTENDED/uglify-js/uglify-js.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "uglify-js-2.8.22.tar.gz": "b9db9cf85240acdedac766bc53b3400c683205069bf8f77aded4efc7854da180"
+  "uglify-js-3.19.3.tgz": "744d9f31fe424514dd44728daa3e562a703fca53b6627ddeb655f77c2aa88ab4"
  }
 }
diff --git a/SPECS-EXTENDED/uglify-js/uglify-js.spec b/SPECS-EXTENDED/uglify-js/uglify-js.spec
index fa8326e88b..6c03fdc6ef 100644
--- a/SPECS-EXTENDED/uglify-js/uglify-js.spec
+++ b/SPECS-EXTENDED/uglify-js/uglify-js.spec
@@ -4,33 +4,35 @@
 %bcond_with tests
 
 Name:           uglify-js
-Version:        2.8.22
-Release:        10%{?dist}
+Version:        3.19.3
+Release:        11%{?dist}
 Summary:        JavaScript parser, mangler/compressor and beautifier toolkit
-License:        BSD
+License:        BSD-2-Clause
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
-URL:            https://github.com/mishoo/UglifyJS2
-Source0:        https://github.com/mishoo/UglifyJS2/archive/v%{version}/uglify-js-%{version}.tar.gz
-Patch0:         uglify-js-esfuzz.patch
+URL:            https://github.com/mishoo/UglifyJS
+Source0:        https://registry.npmjs.org/%{name}/-/%{name}-%{version}.tgz
 
 BuildArch:      noarch
 ExclusiveArch:  %{nodejs_arches} noarch
 
 Provides:       nodejs-uglify-js = %{version}-%{release}
 
+Provides:       uglify-js3 = %{version}-%{release}
+Obsoletes:      uglify-js3 < 3.14.5-2
+
+Provides:       nodejs-uglify-js3 = %{version}-%{release}
+
+BuildRequires:  nodejs
 BuildRequires:  nodejs-packaging
 BuildRequires:  web-assets-devel
 
 %if %{with tests}
 BuildRequires:  npm(acorn)
-BuildRequires:  npm(async)
-BuildRequires:  npm(mocha)
-BuildRequires:  npm(optimist)
-BuildRequires:  npm(source-map)
+BuildRequires:  npm(semver)
 %endif
 
-Requires: js-uglify = %{version}-%{release}
+Requires:       js-uglify = %{version}-%{release}
 
 %description
 JavaScript parser, mangler/compressor and beautifier toolkit.
@@ -39,12 +41,15 @@ This package ships the uglifyjs command-line tool and a library suitable for
 use within Node.js.
 
 %package -n js-uglify
-Summary: JavaScript parser, mangler/compressor and beautifier toolkit - core library
+Summary:        JavaScript parser, mangler/compressor and beautifier toolkit - core library
+
+Provides:       js-uglify3 = %{version}-%{release}
+Obsoletes:      js-uglify3 < 3.14.5-2
 
-Obsoletes: uglify-js-common < 2.2.5-4
-Provides: uglify-js-common = %{version}-%{release}
-Requires: web-assets-filesystem
+Provides:       uglify-js-common = %{version}-%{release}
+Obsoletes:      uglify-js-common < 2.2.5-4
 
+Requires:       web-assets-filesystem
 
 %description -n js-uglify
 JavaScript parser, mangler/compressor and beautifier toolkit.
@@ -53,40 +58,40 @@ This package ships a JavaScript library suitable for use by any JavaScript
 runtime.
 
 %prep
-%autosetup -p 1 -n UglifyJS2-%{version}
-
-%nodejs_fixdep async "^1.5.0"
-%nodejs_fixdep yargs "^3.2.1"
+%autosetup -n package
 
+chmod 0755 bin/uglifyjs
 
 %build
 #nothing to do
 
 
 %install
-rm -rf %buildroot
-
-mkdir -p %{buildroot}%{_jsdir}/%{name}-2
-cp -pr lib/* %{buildroot}%{_jsdir}/%{name}-2
-ln -sf %{name}-2 %{buildroot}%{_jsdir}/%{name}
+mkdir -p %{buildroot}%{_jsdir}/%{name}-3
+cp -pr lib/* %{buildroot}%{_jsdir}/%{name}-3
+ln -s %{name}-3 %{buildroot}%{_jsdir}/%{name}
 
 #compat symlink
 mkdir -p %{buildroot}%{_datadir}
-ln -sf javascript/%{name} %{buildroot}%{_datadir}/%{name}
+ln -rs %{buildroot}%{_jsdir}/%{name} %{buildroot}%{_datadir}/%{name}
 
-mkdir -p %{buildroot}%{nodejs_sitelib}/uglify-js@2
-cp -pr bin tools package.json %{buildroot}%{nodejs_sitelib}/uglify-js@2
-ln -sf %{_jsdir}/%{name} %{buildroot}%{nodejs_sitelib}/uglify-js@2/lib
+mkdir -p %{buildroot}%{nodejs_sitelib}/uglify-js@3
+cp -pr bin tools package.json %{buildroot}%{nodejs_sitelib}/uglify-js@3
+ln -rs %{buildroot}%{_jsdir}/%{name}-3 \
+       %{buildroot}%{nodejs_sitelib}/uglify-js@3/lib
 # Fix for rpmlint.
 sed -i -e 's|^#! */usr/bin/env node|#!/usr/bin/node|' \
-  %{buildroot}%{nodejs_sitelib}/uglify-js@2/bin/*
+  %{buildroot}%{nodejs_sitelib}/uglify-js@3/bin/uglifyjs
+chmod 755 %{buildroot}%{nodejs_sitelib}/uglify-js@3/bin/uglifyjs
 
 mkdir -p %{buildroot}%{_bindir}
-ln -sf ../lib/node_modules/uglify-js@2/bin/uglifyjs %{buildroot}%{_bindir}/uglifyjs
+ln -rs %{buildroot}%{nodejs_sitelib}/uglify-js@3/bin/uglifyjs \
+       %{buildroot}%{_bindir}/uglifyjs-3
+ln -s uglifyjs-3 %{buildroot}%{_bindir}/uglifyjs
 
 %nodejs_symlink_deps
 
-ln -sf uglify-js@2 %{buildroot}%{nodejs_sitelib}/uglify-js
+ln -s uglify-js@3 %{buildroot}%{nodejs_sitelib}/uglify-js
 
 
 %check
@@ -117,12 +122,13 @@ end
 
 %files
 %{nodejs_sitelib}/uglify-js
-%{nodejs_sitelib}/uglify-js@2
+%{nodejs_sitelib}/uglify-js@3
+%{_bindir}/uglifyjs-3
 %{_bindir}/uglifyjs
 
 
 %files -n js-uglify
-%{_jsdir}/%{name}-2
+%{_jsdir}/%{name}-3
 %{_jsdir}/%{name}
 %{_datadir}/%{name}
 %doc README.md
@@ -130,9 +136,96 @@ end
 
 
 %changelog
-* Wed Jan 13 2021 Joe Schmitt  - 2.8.22-10
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Mon Mar 17 2025 Archana Shettigar  - 3.19.3-2
+- Initial Azure Linux import from Fedora 41 (license: MIT).
 - Turn off tests
+- License verified
+
+* Tue Sep 10 2024 Mattias Ellert  - 3.19.3-1
+- Update to 3.19.3
+
+* Mon Aug 12 2024 Mattias Ellert  - 3.19.2-1
+- Update to 3.19.2
+
+* Sun Aug 04 2024 Mattias Ellert  - 3.19.1-1
+- Update to 3.19.1
+
+* Thu Jul 18 2024 Mattias Ellert  - 3.19.0-1
+- Update to 3.19.0
+
+* Mon Jun 10 2024 Mattias Ellert  - 3.18.0-1
+- Update to 3.18.0
+
+* Sat Jan 27 2024 Fedora Release Engineering  - 3.17.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sat Jul 22 2023 Fedora Release Engineering  - 3.17.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Wed Mar 15 2023 Mattias Ellert  - 3.17.4-1
+- Update to 3.17.4
+- Rebuilt for updated rpm macros (Fedora 37+)
+
+* Sat Jan 21 2023 Fedora Release Engineering  - 3.17.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Tue Sep 20 2022 Mattias Ellert  - 3.17.1-1
+- Update to 3.17.1
+
+* Sat Jul 23 2022 Fedora Release Engineering  - 3.16.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Fri Jun 17 2022 Mattias Ellert  - 3.16.1-1
+- Update to 3.16.1
+
+* Wed Apr 20 2022 Mattias Ellert  - 3.15.4-1
+- Update to 3.15.4
+
+* Sun Mar 20 2022 Mattias Ellert  - 3.15.3-1
+- Update to 3.15.3
+
+* Mon Feb 28 2022 Mattias Ellert  - 3.15.2-1
+- Update to 3.15.2
+
+* Mon Feb 07 2022 Mattias Ellert  - 3.15.1-1
+- Update to 3.15.1
+
+* Wed Jan 26 2022 Mattias Ellert  - 3.15.0-1
+- Update to 3.15.0
+
+* Sat Jan 22 2022 Fedora Release Engineering  - 3.14.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Wed Jan 19 2022 Mattias Ellert  - 3.14.5-2
+- Update uglify-js for EPEL 7 to version 3
+- Provide/Obsolete uglify-js3
+
+* Thu Dec 16 2021 Mattias Ellert  - 3.14.5-1
+- Update to 3.14.5
+
+* Wed Dec 01 2021 Mattias Ellert  - 3.14.4-1
+- Update to 3.14.4
+
+* Tue Nov 02 2021 Mattias Ellert  - 3.14.3-1
+- Update to 3.14.3
+
+* Thu Oct 14 2021 Mattias Ellert  - 3.14.2-1
+- Update to 3.14.2
+
+* Fri Aug 13 2021 Sérgio Basto  - 3.14.1-1
+- Update to 3.14.1
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 3.10.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 3.10.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Fri Sep 18 2020 Troy Dawson  - 3.10.4-1
+- Update to 3.10.4
+
+* Wed Jul 29 2020 Fedora Release Engineering  - 2.8.22-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 
 * Fri Jan 31 2020 Fedora Release Engineering  - 2.8.22-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
diff --git a/SPECS-EXTENDED/xcb-util-wm/xcb-util-wm.signatures.json b/SPECS-EXTENDED/xcb-util-wm/xcb-util-wm.signatures.json
index 6068cd2fff..4263ed1836 100644
--- a/SPECS-EXTENDED/xcb-util-wm/xcb-util-wm.signatures.json
+++ b/SPECS-EXTENDED/xcb-util-wm/xcb-util-wm.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "xcb-util-wm-0.4.1.tar.bz2": "28bf8179640eaa89276d2b0f1ce4285103d136be6c98262b6151aaee1d3c2a3f"
+  "xcb-util-wm-0.4.2.tar.xz": "62c34e21d06264687faea7edbf63632c9f04d55e72114aa4a57bb95e4f888a0b"
  }
 }
diff --git a/SPECS-EXTENDED/xcb-util-wm/xcb-util-wm.spec b/SPECS-EXTENDED/xcb-util-wm/xcb-util-wm.spec
index e1bf435bb1..e36b9e8258 100644
--- a/SPECS-EXTENDED/xcb-util-wm/xcb-util-wm.spec
+++ b/SPECS-EXTENDED/xcb-util-wm/xcb-util-wm.spec
@@ -1,13 +1,14 @@
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Name:		xcb-util-wm
-Version:	0.4.1
-Release:	18%{?dist}
+Version:	0.4.2
+Release:	7%{?dist}
 Summary:	Client and window-manager helper library on top of libxcb
 License:	MIT
-URL:		http://xcb.freedesktop.org
-Source0:	http://xcb.freedesktop.org/dist/%{name}-%{version}.tar.bz2
-BuildRequires:  gcc
+URL:		https://xcb.freedesktop.org
+Source0:	https://xcb.freedesktop.org/dist/%{name}-%{version}.tar.xz
+BuildRequires:	make
+BuildRequires:	gcc
 BuildRequires:	pkgconfig(xcb-util) >= 0.3.8
 BuildRequires:	m4
 
@@ -17,59 +18,87 @@ XCB util-wm module provides the following libraries:
   - ewmh: Both client and window-manager helpers for EWMH.
   - icccm: Both client and window-manager helpers for ICCCM.
 
-
-%package 	devel
+%package	devel
 Summary:	Development and header files for xcb-util-vm
 Requires:	%{name}%{?_isa} = %{version}-%{release}
 
 %description	devel
 Development files for xcb-util-wm.
 
-
 %prep
 %setup -q
 
-
 %build
 %configure --with-pic --disable-static --disable-silent-rules
-make %{?_smp_mflags}
-
+%make_build
 
 %check
 make check
 
-
 %install
-make install DESTDIR=%{buildroot} INSTALL="install -p"
+%make_install
 rm %{buildroot}%{_libdir}/*.la
 
-
 %ldconfig_post
 
-
 %ldconfig_postun
 
-
 %files
-%doc README
+%doc README.md
 %if 0%{?_licensedir:1}
 %license COPYING
 %else
 %doc COPYING
-%endif # licensedir
+%endif
 %{_libdir}/*.so.*
 
-
 %files devel
 %doc NEWS
 %{_libdir}/pkgconfig/*.pc
 %{_libdir}/*.so
 %{_includedir}/xcb/*.h
 
-
 %changelog
-* Fri Oct 15 2021 Pawel Winogrodzki  - 0.4.1-18
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Thu Dec 26 2024 Aninda Pradhan  - 0.4.2-7
+- Initial Azure Linux import from Fedora 41 (license: MIT)
+- License Verified
+
+* Sat Jul 20 2024 Fedora Release Engineering  - 0.4.2-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Sat Jan 27 2024 Fedora Release Engineering  - 0.4.2-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Sep 07 2023 José Expósito  - 0.4.2-4
+- SPDX Migration
+
+* Sat Jul 22 2023 Fedora Release Engineering  - 0.4.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Sat Jan 21 2023 Fedora Release Engineering  - 0.4.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Thu Dec  1 2022 Thomas Moschny  - 0.4.2-1
+- Update to 0.4.2.
+
+* Sat Jul 23 2022 Fedora Release Engineering  - 0.4.1-23
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Sat Jan 22 2022 Fedora Release Engineering  - 0.4.1-22
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 0.4.1-21
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 0.4.1-20
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering  - 0.4.1-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jul 14 2020 Tom Stellard  - 0.4.1-18
+- Use make macros
+- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
 
 * Fri Jan 31 2020 Fedora Release Engineering  - 0.4.1-17
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
@@ -141,4 +170,3 @@ rm %{buildroot}%{_libdir}/*.la
 
 * Mon Dec  5 2011 Thomas Moschny  - 0.3.8-1
 - New package.
-
diff --git a/SPECS-EXTENDED/xdg-dbus-proxy/xdg-dbus-proxy.signatures.json b/SPECS-EXTENDED/xdg-dbus-proxy/xdg-dbus-proxy.signatures.json
index 776da4552a..6d4ad48cbb 100644
--- a/SPECS-EXTENDED/xdg-dbus-proxy/xdg-dbus-proxy.signatures.json
+++ b/SPECS-EXTENDED/xdg-dbus-proxy/xdg-dbus-proxy.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "xdg-dbus-proxy-0.1.2.tar.xz": "1749d6f9f46dcc9edc87725641cf56cf91dcad1b01707891ea0850c1000c520f"
+  "xdg-dbus-proxy-0.1.6.tar.xz": "131bf59fce7c7ee7ecbc5d9106d6750f4f597bfe609966573240f7e4952973a1"
  }
 }
diff --git a/SPECS-EXTENDED/xdg-dbus-proxy/xdg-dbus-proxy.spec b/SPECS-EXTENDED/xdg-dbus-proxy/xdg-dbus-proxy.spec
index a0cab3eb81..71df00bbef 100644
--- a/SPECS-EXTENDED/xdg-dbus-proxy/xdg-dbus-proxy.spec
+++ b/SPECS-EXTENDED/xdg-dbus-proxy/xdg-dbus-proxy.spec
@@ -1,14 +1,15 @@
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Name:           xdg-dbus-proxy
-Version:        0.1.2
-Release:        3%{?dist}
+Version:        0.1.6
+Release:        2%{?dist}
 Summary:        Filtering proxy for D-Bus connections
 
-License:        LGPLv2+
+License:        LGPL-2.1-or-later
 URL:            https://github.com/flatpak/xdg-dbus-proxy/
 Source0:        https://github.com/flatpak/xdg-dbus-proxy/releases/download/%{version}/%{name}-%{version}.tar.xz
 
+BuildRequires:  meson
 BuildRequires:  docbook-style-xsl
 BuildRequires:  gcc
 BuildRequires:  pkgconfig(gio-2.0)
@@ -27,20 +28,61 @@ to facilitate using it in other contexts.
 %autosetup -p1
 
 %build
-%configure
-%make_build
+%meson
+%meson_build
 
 %install
-%make_install
+%meson_install
 
 %files
+%doc NEWS README.md
 %license COPYING
 %{_bindir}/xdg-dbus-proxy
 %{_mandir}/man1/xdg-dbus-proxy.1*
 
 %changelog
-* Fri Oct 15 2021 Pawel Winogrodzki  - 0.1.2-3
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Thu Dec 26 2024 Aninda Pradhan  - 0.1.6-2
+- Initial Azure Linux import from Fedora 41 (license: MIT)
+- License Verified
+
+* Fri Oct 11 2024 David King  - 0.1.6-1
+- Update to 0.1.6 (#2307503)
+
+* Sat Jul 20 2024 Fedora Release Engineering  - 0.1.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Sat Jan 27 2024 Fedora Release Engineering  - 0.1.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Aug 07 2023 Kalev Lember  - 0.1.5-1
+- Update to 0.1.5 (rhbz#2229713)
+
+* Wed Jul 19 2023 Bastien Nocera  - 0.1.4-2
+- Fix D-Bus disconnection when an object path was overly long
+
+* Wed Jul 19 2023 Bastien Nocera  - 0.1.4-1
+- Update to 0.1.4
+
+* Sat Jan 21 2023 Fedora Release Engineering  - 0.1.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Sat Jul 23 2022 Fedora Release Engineering  - 0.1.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Wed Mar 02 2022 Debarshi Ray  - 0.1.3-1
+- Update to 0.1.3
+
+* Sat Jan 22 2022 Fedora Release Engineering  - 0.1.2-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 0.1.2-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 0.1.2-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering  - 0.1.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 
 * Fri Jan 31 2020 Fedora Release Engineering  - 0.1.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
diff --git a/SPECS-EXTENDED/xfconf/xfconf.signatures.json b/SPECS-EXTENDED/xfconf/xfconf.signatures.json
index a7fd11f15f..af0b135926 100644
--- a/SPECS-EXTENDED/xfconf/xfconf.signatures.json
+++ b/SPECS-EXTENDED/xfconf/xfconf.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "xfconf-4.14.4.tar.bz2": "cc37622eece51ed8905dfaad6f77b3c24662f41881545eb0142110f347ba5f73"
+  "xfconf-4.18.3.tar.bz2": "c56cc69056f6947b2c60b165ec1e4c2b0acf26a778da5f86c89ffce24d5ebd98"
  }
 }
diff --git a/SPECS-EXTENDED/xfconf/xfconf.spec b/SPECS-EXTENDED/xfconf/xfconf.spec
index cdb598a886..4bf76810dc 100644
--- a/SPECS-EXTENDED/xfconf/xfconf.spec
+++ b/SPECS-EXTENDED/xfconf/xfconf.spec
@@ -1,18 +1,19 @@
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
-%global xfceversion 4.14
+%global xfceversion 4.18
 %bcond_with perl
 
 Name:           xfconf
-Version:        4.14.4
+Version:        4.18.3
 Release:        4%{?dist}
 Summary:        Hierarchical configuration system for Xfce
 
 License:        GPLv2
-URL:            http://www.xfce.org/
+URL:            https://www.xfce.org/
 #VCS git:git://git.xfce.org/xfce/xfconf
-Source0:        http://archive.xfce.org/src/xfce/%{name}/%{xfceversion}/%{name}-%{version}.tar.bz2
+Source0:        https://archive.xfce.org/src/xfce/%{name}/%{xfceversion}/%{name}-%{version}.tar.bz2
 
+BuildRequires:  make
 BuildRequires:  glib2-devel
 BuildRequires:  perl(File::Find)
 BuildRequires:  pkgconfig(libxfce4util-1.0) >= %{xfceversion}
@@ -33,7 +34,7 @@ BuildRequires:  gcc-c++
 BuildRequires:  gobject-introspection-devel
 BuildRequires:  vala
 
-Requires:       dbus-x11
+Requires:       dbus
 
 Obsoletes:      libxfce4mcs < 4.4.3-3
 Obsoletes:      xfconf-perl < 4.13.8
@@ -69,14 +70,9 @@ interact with xfconf using perl.
 %endif
 
 %prep
-%setup -q
+%autosetup
 
 %build
-# gobject introspection does not work with LTO.  There is an effort to fix this
-# in the appropriate project upstreams, so hopefully LTO can be enabled someday
-# Disable LTO.
-%define _lto_cflags %{nil}
-
 %configure --disable-static --with-perl-options=INSTALLDIRS="vendor"
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
 sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
@@ -111,7 +107,7 @@ find %{buildroot} -type f -name *.la -exec rm -f {} \;
 
 %files -f %{name}.lang
 %license COPYING
-%doc AUTHORS ChangeLog NEWS TODO
+%doc AUTHORS NEWS TODO
 %{_libdir}/lib*.so.*
 %{_bindir}/xfconf-query
 %{_libdir}/xfce4/xfconf/
@@ -120,12 +116,15 @@ find %{buildroot} -type f -name *.la -exec rm -f {} \;
 %{_datadir}/vala/vapi/libxfconf-0.vapi
 %{_datadir}/dbus-1/services/org.xfce.Xfconf.service
 %{_datadir}/gir-1.0/Xfconf-0.gir
+%{_datadir}/bash-completion/completions/xfconf-query
 
 %files devel
 %doc %{_datadir}/gtk-doc
 %{_libdir}/lib*.so
 %{_libdir}/pkgconfig/*.pc
 %{_includedir}/xfce4/xfconf-0
+%{_libdir}/gio/modules/libxfconfgsettingsbackend.so
+%{_datadir}/gtk-doc/html/%{name}/*
 
 %if %{with perl}
 %files perl
@@ -135,15 +134,56 @@ find %{buildroot} -type f -name *.la -exec rm -f {} \;
 %endif
 
 %changelog
-* Wed Feb 16 2022 Pawel Winogrodzki  - 4.14.4-4
+* Mon Mar 17 2025 Archana Shettigar  - 4.18.3-4
+- Initial Azure Linux import from Fedora 41 (license: MIT).
+- Adding missing BRs on Perl modules.
+- Unconditionally use "%%bcond_with perl"
 - License verified.
 
-* Tue Feb 15 2022 Pawel Winogrodzki  - 4.14.4-3
-- Adding missing BRs on Perl modules.
+* Sat Jul 20 2024 Fedora Release Engineering  - 4.18.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
 
-* Thu May 27 2021 Thomas Crain  - 4.14.4-2
-- Initial CBL-Mariner import from Fedora 33 (license: MIT).
-- Unconditionally use "%%bcond_with perl"
+* Sat Jan 27 2024 Fedora Release Engineering  - 4.18.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Nov 16 2023 Mukundan Ragavan  - 4.18.3-1
+- Update to v4.18.3
+
+* Sat Jul 22 2023 Fedora Release Engineering  - 4.18.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Fri Apr 21 2023 Mukundan Ragavan  - 4.18.1-1
+- Update to v4.18.1
+
+* Sat Jan 21 2023 Fedora Release Engineering  - 4.18.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Mon Jan 16 2023 Mukundan Ragavan  - 4.18.0-1
+- Update to v4.18.0 (Xfce 4.18)
+
+* Sat Jul 23 2022 Fedora Release Engineering  - 4.16.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Fri May 13 2022 Mukundan Ragavan  - 4.16.0-7
+- Remove all perl conditionals
+
+* Sat Jan 22 2022 Fedora Release Engineering  - 4.16.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Sun Sep 19 2021 Mukundan Ragavan  - 4.16.0-5
+- Replace dbus-x11 with dbus in requires (fixes bz#1975572)
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 4.16.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Sun May 09 2021 Jeff Law  - 4.16.0-3
+- Re-enable LTO now that gobject-introspection has been fixed.
+
+* Thu Jan 28 2021 Fedora Release Engineering  - 4.16.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Dec 23 2020 Mukundan Ragavan  - 4.16.0-1
+- Update to 4.16.0
 
 * Tue Nov 10 2020 Mukundan Ragavan  - 4.14.4-1
 - Update to 4.14.4
@@ -156,7 +196,7 @@ find %{buildroot} -type f -name *.la -exec rm -f {} \;
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 
 * Tue Jun 30 2020 Jeff Law  - 4.14.3-2
-Disable LTO
+- Disable LTO
 
 * Wed May 06 2020 Mukundan Ragavan  - 4.14.3-1
 - Update to 4.14.3
diff --git a/SPECS-EXTENDED/xfsdump/13F703E6C11CF6F0.asc b/SPECS-EXTENDED/xfsdump/13F703E6C11CF6F0.asc
new file mode 100755
index 0000000000..c911e1f403
--- /dev/null
+++ b/SPECS-EXTENDED/xfsdump/13F703E6C11CF6F0.asc
@@ -0,0 +1,174 @@
+pub   ed25519 2022-05-27 [C]
+      4020459E58C1A52511F5399113F703E6C11CF6F0
+uid                      Carlos Eduardo Maiolino 
+uid                      Carlos Eduardo Maiolino 
+uid                      Carlos Eduardo Maiolino 
+sub   ed25519 2022-05-27 [A]
+      36C5DFE1ECA79D1D444FDD904E5621A566959599
+sub   ed25519 2022-05-27 [S]
+      FA406E206AFF7873897C6864B45618C36A24FD23
+sub   cv25519 2022-05-27 [E]
+      5AE98D09B21AFBDE62EE571EE01E05EA81B10D5C
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEYpDWzRYJKwYBBAHaRw8BAQdALRUYJSJQyHn8o9318h7Pj4KYIOPF6a+6Z13A
+bBReh6C0LENhcmxvcyBFZHVhcmRvIE1haW9saW5vIDxjYXJsb3NAbWFpb2xpbm8u
+bWU+iJYEExYKAD4FCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4ACGQEWIQRAIEWe
+WMGlJRH1OZET9wPmwRz28AUCYpERyAIbAQAKCRAT9wPmwRz28PBCAQDsBVWWrXVJ
+CUVfRDPkjN3zIGqDI4lZO9gXztG88NODvAD/bicVG0GsxDsq1VOzSXz0NbwnrVmO
+Z92IQcuqQcB3rAGJAjMEEgEIAB0WIQQrgYWRno0kiYGGne0grhaS4T3e4AUCYqDM
+MAAKCRAgrhaS4T3e4EOXD/9x84x/fajZ1jCd9jB3CBGrfmchHDTpKmsgEaPh+px/
+U/JGmU2ni/3mOtLH9XjBTwZ0etnF7qy+h1c01kIzxjX7J81RjneSD/t8cl0sxIlC
+xGvAGFNGAAKYhNOY2qffZ2BcWkq2qlyFQxr9wG66Ir1nC6O4Mtl+8qRhLMiNlpMU
+XOurcb7/SLtnvpIqCv2t/myMhJbDnxtRjdBtWElLrEB45C3CWE2AuXJ8RANogPV5
+iTgbu/GQ/IPnyloYx9SUapLLK7qXzyVd/r3fCbVyX4tGxykPy0w5vkRVVXmNrdxE
+kyTvjYp9MTPREiNrbSh+7V77b+VKWWth+Zd9JbKq/6+shBR6w7wEULttsToFB/dh
+HjaiFp8USJHii2/NATaCREF1K5rVGJy3+xAfqZ7/GdZilpCtU7DedBwGSWmiqWt9
+82XrTZIqCL66c7DfWqlvGWRFWsC6PNnaAYqboIg42lxvFmPNdEFqvu8KI5aUxBmS
+v/irbVWd5bgmD4LimJRdpunnHlfu+6GUyDEXl+4VbUn9WJ0dGgdq4I71sVabznp7
+4Oo7TQ8OtidSb60Z2/RRRVR2Lq8d0IM+jrXnkgSN9/i993/d5CbQ2j0w1wR1pPem
+L0rSolRztOKxJ0BLzV5OrxqOVup1HoHMaspWiCO/27KpJjblzH0xbn8da62XMX7f
+q4kCMwQSAQoAHRYhBFM2gMaDHkKuptozFfh/dxk0SrTrBQJioMvmAAoJEPh/dxk0
+SrTrv8sP/2fyl6Ceq0RJuU/TJCfaJjCHqrnY5ilIb+Zk86wKfmN/OWO6M7iquMCH
+iKzDOIkUe9H0uUD1CvZrGYRRmc8F7YtoQEXaw3DDpZeahqOj8hOGocurl9c80jkS
+UUptHPjFghbTFL93eXmAw7qGNDQ1eAN1L1/7u0qytuDDhbcc+NHW1bHeOvvMLQlS
+6Q4rOjDEnaayVH51tXHrMhd/wFgV7CCzd5YM/AdkSciuoewHugWAz0CcHp7uLg+f
+oXGtAaBAAY8x8HRaJ180tnsLje4Oh2zmHPM2BprjDP61QOYH1S6rijgrrf/bROqU
+M5YGgKbI/20b5/X7++1dgvYtbjTyj45r51dlkPCBXeoHQmqEaqh/MRcs743peY+G
+EUnxO42Rkt7AgnWTzWRaYqE/eW6hWYPoYCKRW9u+RFMtayV7oF3I6/1AgtLHM0s6
+Kk2GG0WPwFL/Wr1p8hUJVuBFH9xtlbpi/GruF+jB+YBwLdY8NK9GDJv0xCH3AiR4
+Pou1RPXcI2gbGypJmSgVuwY3bAs8qB8qSPzj2+wEakdHl6Nmjtp/k1QewuX2IcFu
+UfkLN3FY5fj64z+MU5CpScTrjpcgVT8B00SvDIvJxEq2X1CNnT2yKGX/tlb0I0ix
+vzvxQ0qdW4PD2VMPktOgVMwF5IvoA0QC4hPgWWrSM+7ykdIkyit/iQIyBBABCAAd
+FiEEqG5UsNXhtOCrfGQP+7dXa6fLC2sFAmKh0akACgkQ+7dXa6fLC2vrMg/3a0TK
+iXo0ZL4Sr+VvwX9IHZjZiylCjklIm3b4luYKsQNwgIZcalj4tRR0O3o061rOdvnc
+/8YUDZE7Tt/3PgJUGqLnZHlZZo7cCMtmEOXX405UgdWJyyDietfwMsJj7tLd4zoW
+nfMVxgi5DNPAklw88FLUWhfETBACJ3KG5rrn76hZ9jqzPK/BdkItDNvB73GTKRkV
+Ph7Mw36/dNiDTMumPKGBfYq2yU1+t2kR1yk8SZtA9UsUr0WFXxJ6gGJrG9XwVtxg
+LTTIM2hwHs85Nlyc4wvH9ehh2OHeK0QbfgUhhCRuI9LD6DxMzuBGkRHcqTTtTxU2
+DHX1MyuRoobI5myl1/K4bWhXquVOklYnWR97UPepl5rGsvuyYIkE8WRhNEX1qfoT
+6ZXiJ1V29xC2GKilioFsWGhmAU94ZKgkZSqvfTrXpoiqCYPA5SkcZVqQ8Genj5Pu
+LQ54Ul7wsAjwGrlr2T9z15bffCwHyWU/au4VVWUXmpfUiFzNuD5LWL+oEoc5xxCE
+VqvhD0/9KDC+v8D6HuAFaIG4dWa2r/ovcjjE5SWXCYMrhqZ3lR0M0AmYjiJ2vc2b
+Dl21W64PcwUCC+mxeWSMJrBlBob+JpBNtpjmZxgxcrits5bVHtOuPDPxHSX/WAVk
+Y23Nql6nsaQDP6t7OfoqSc8IX7zRZWolhhKR8IkCMwQSAQgAHRYhBEvA17JEcbKh
+hOr10wAOaEEZVoIVBQJiodrNAAoJEAAOaEEZVoIVO+0QAIHzndQhQH/k5J4Qu5st
+MYrVgKNN8dZdEHEIetT/x/jd2NUESosKTrmSLx/l3HAz0a9EuWDz7vtQQoDUa/jd
+9citadZ4mPCddi8CNYbFwTuJiPi+r5e2GthOxEiSKSNEjSb+j2Sr2RV84r5EQckr
+CTad/I0po/6ewokrNwky2+SSA5sYg8qYchVhhkSYPYCxgt35mrTFl4gXFmccWn7I
+PzwD+khTZI2eYmmw9+qsC3dx4kCYbBQTOpsPfV+waXHYYUXG3C/z0SqEyTIHuJUp
+273BLButjmmm76TliR5UgrIocqCPw7vZYAr8htzNRyL2owFcz0j4SE6AY8cCasOO
+fgGO4wS7fTkN1SsOj6gUEQJBVjCgWjXcu76cVixsGKl9i8pYkXLBE3u6yyN7oJiU
+IANW9WvFQIXJpnQqDOVoaQBuTZo/eGOBf9nx+tz+akLjI//RGXh99L250JB0otus
+nT+Rciy+Buf5VXpv8EZxwPmi5qLMo+lRoa5kRXGmJlP60tgXHSKcXw1MhN8WHBNi
+MyKuQlnInPggY7hdMFVIVYvO8sQmGb8NqmCWdR70EEv74DOU2WlvnGMFet6De/f7
+YmLV4dA4ksz8rk5sWBVE5EmaewDyw6EhkVc80xEdPtlD4V7vdbJ6L5Qba/mfRIhs
+nEOlhv8sEakSDGvPfF6kyALViQIzBBMBCAAdFiEEJZs3krPW0xkhLMTc1b+f6wMT
+ZToFAmKh7fwACgkQ1b+f6wMTZTrVqw//XAGNKanjoylppZRv8S5x9mGryWuTUh2C
+1LEPcusOwi+o2Q5vIgkUwn/zRtmpHexi9gnUtVEf0A1Vk+39ao8Swu5Xlze8CmRV
+suh0KAeF2i/CGh30FC0EYj/UoATP1k76r6vmWeXZpNZ4rOIXecXLMV5x4R7NSqk4
+YJvo0hTiXou/O/CaXxcC3J/I2k2Qtt5zub6oVu+zCF6cOU4f5Q/aAN/tHUnqhcDY
+d3OP9hO/VliQ1xrVDnx9kQ4SRTdrXKFBJLMkO1h+CA5ad9OUTFsuq87R7+qspt/z
+jngY6X41HDm5jLRxgZMId5k+XHEqfbiMg6Z7uiKXbXsgCd8AP8vcizAPn8JnSa2n
+erL7bz4UAQhZ7JBqEnKSIFiO+Gba0h8lwsvNKPPLFiNXZNCL78q05jk4q28HMZn3
+m0qWCcJq7bZy6wmPchUFsy0uDbLYnYbyqP53UgZGUZSY+XAIgLa8rgkceGMm8jhc
+qjd22c6yNSZ1z11Vzbu5rtVAK91/7iisBKHbnLWYozYxlApo4zASv7XsL9cms8Ey
+94Gm4UKdCTzjtgqsKpBZkerCkZTRdC5Um/SROKsUcFh2/xZoypUJMMTvCMyzJHKs
+7iTXCqlivKMR2etHTOJllMLLErTCi7iKs9HtTC+bu1hanzEHaC5DmtvZkOdZQPGT
+oZKn1eB+P9SJATMEEAEIAB0WIQQl9ZRfhSpnjHU7bCLFI/EKLZ0DWgUCYqNERAAK
+CRDFI/EKLZ0DWtaIB/9qt9xa7q3zJl6d71kuBU1UuJgrTk6VcX81UzI5UJ/3QMEg
+CdGHqhzmggEiFnkpWsxgvgCAUrG0U7xBv3i1ZRHRJ+LqYaDOxNKEQ6cuxZpQKCFw
+ECt6063qCzoViSK85rwdnBgfAGZTiwnyhy+05rlwPVof8omZx0wu+CXUFhAWYfxx
+IYeHCCMa/0oMret8Se/kwHhwULClxese2CDtCrZYjG23W+NXuGtehZUaP+MAFz6c
+dfqFhHU6YBKwS4kA0SrnwPvUplQ59Cybt2ZnGE+E2mFrDmWxSU0XjyqtcN20e9Qi
+I1YEUzaqnM3795rQ2M0ojCSCyMe9fCU/JW7PEUletC5DYXJsb3MgRWR1YXJkbyBN
+YWlvbGlubyA8Y21haW9saW5vQHJlZGhhdC5jb20+iJMEExYKADsCGwMFCwkIBwIC
+IgIGFQoJCAsCBBYCAwECHgcCF4AWIQRAIEWeWMGlJRH1OZET9wPmwRz28AUCYpEQ
+cwAKCRAT9wPmwRz28MxzAP48BnMnktHxFcO4KMe6mjjwNuGV0Nfz2w5qs5KUzc0i
+zAD/c1zW1wOIes86mZZU8oPtCeRRjtcPKqOQ2d61uAM55ACJAjMEEgEIAB0WIQQr
+gYWRno0kiYGGne0grhaS4T3e4AUCYqDMMAAKCRAgrhaS4T3e4NjzEACZA7iziscG
+HRTQkviyyd4hqpWaUXNG7S+6NAWfmbTXQYHQNN9LnMjKZ7S3xAilOdtNDR4pQsU+
+fj+++mbZ5cD41ey0/bAatdExgg2DwJ0LE89aWd6yIrayBs+fCWg/AAtuL94plORk
+/yjziM1Qn9eUiXO8+ttxbMinKevbdPuTp7dmXUuzVe2vZANp7qfssGJR32wMrZHG
+40p6YVqyw5CHd1ObU+uAXHJ7KSjx2D658jMvneoo6Zd2h5GmfnCYjyhAGuOzq9UC
+4JhzBQWRuf1j3YkzR2I0K5jLC/LsVAfp7F6llhHckH2GPM0urjWQXUgmyLWQJ1NM
+u/Je8vmXK7Pb4j+K8jWO4qrfIFISqCw2qXV0Txz+LcjMu6wLxvdnSbp5LzZGMw52
+rGF6UFAhibiaFO+Ydpp/rC/cyZPI9QK0Gt7IIclKUFL6kDE9pFa1HyBlY2X36lfa
+WCjnKF/grssL76XNOEQO9VVmlp1Gf24FYkLgGkmh6/EwyIu+CBSdUtz9TGEwPcn8
+mJK4fdjo0dHz//+nBIlhmkApnSiCVFVEAiuygK1qUTyzOnK1gcELzzwiscsWinxL
+yiiTYatQhAeOMCZRWDvtd+aPruyv0Tj6sPlbwbJrwXgWm2kskLsbJ7lxw+MpyX47
+oG4l4E+lzDwQNKSzEA3TLmnbecWjT9AzOIkCMgQSAQoAHRYhBFM2gMaDHkKuptoz
+Ffh/dxk0SrTrBQJioMvmAAoJEPh/dxk0SrTrPOUP+ItH661bW7yY7qiZcPq+X59m
+77ML5l2po52yhDIvxwNFx3DUBeeADXEHgbd1qcUTULvWq6j/974UzsjXejfiIDNC
+g0RFJUMIBAE2XKUNXUWgS1O5fpuz+A47NqFPGV0rFGgJwSCmxYDY8bmtMK2OtS2r
+GKixzfqm8SRPsqFY5sIwv4f7Ml2XlH3BA3ppIYnVz4TdTd3XPSMe2vOnsYrHA62M
+zELnog1UMU/Y6T6OwBnHRZm2gxkBEzJqFrvCAnjPkj7mlZtRK+w0MnSstoVhY520
+am+Zld7ZJ9FgPaAfPg+dNlDj0beHo7T8avbjoUwoZKgjVE5lgWyS0IoXE5Pln+iZ
+y3GSHIV2c9D9BNUw/whCvt2PUBD9zJDI0J+h32L3J+qomrm/k2jEjNoX4YWL3y00
+/mK0lDpig54/w41743lYSjKEcS/F/i64XFwlT01XujQzM+cihW/a76CR1EwHsVRy
+UAm3C4XmFpol2i2Vyjq6XXTGzuRjZRwG7lGVdAAjppzkMbc7zj46o3D6t+OsGw0R
+yMDedW51gTE8M6KteODuADYHrceHRLfczht54m+4W+g42/Oy/GG/rrSM2EZ+peQU
+rAYaZmI/V1cj1dYSu8vJw4Umj2TiP20+SBhjF5GXmAbfsOkKhLOA3IDKL5krScYU
+6D7Mr3uUVCFheFppX4eJAjMEEAEIAB0WIQSoblSw1eG04Kt8ZA/7t1drp8sLawUC
+YqHRsgAKCRD7t1drp8sLa2deD/4q6oIrUKAyZqPeuRqNqvpWynBkoGA7zF7cDd4z
+CANSdVXAMXEz92yqan1QKoxHaoyom7G33o0gJci2yoHU2NxZuIvLs/o1ejIh4xE8
+kfncRT/OvJIlBCm13SEG8oFjkz1xwZfbrpckYX9IRO/4Zcwc7C1NipDYgbK11bT4
+pF5mIQGkYA7M4lOLlqWfkBaJ+t+cOHpbL0KWvnw6GV67Pbn0P2SInNs71iKWjrWM
+OIPmxi3YfLR0BcNiz7CD8hCsRrOnOlKsm/FNkuKFt0H78nNvXPOjw9e8j8Mu7ByN
+D6ZGsYUfmK8wzIPN5DQ5gar4GxbTKU0WoZgdLgXTegCnAnDAf7aGyIXTvPgMzcwP
+hOaeZCFU6eC7McuLLGFL8QWR6P/JgfT53Zr1a5j7haQBPBNhoZTOvZE58cDF4AEq
+SGZwtvnTs993DswGfQqUH9jNzZv0IK3y4heOOC7sCqPoFowVVxPHYX20jjUdTERc
+cv+q2axQrF1Jp/XGk+J7g/uFCN+vlcymqr6reLuoJqp8VJIYkIRinq74m2s/K7SP
+KxCAkaWgC5zvP1PZo73BbaRBiJR6B+wEKaRZLCuzlyCjqpl4Xyo9voJRFjVbRGSJ
+pcwdiZKLrP45jwIfsK2OxoyxbwHjoqTwSpa6w+U87c/v2j6HorBbZnfSVQE9d1WL
+83GrJIkCMwQSAQgAHRYhBEvA17JEcbKhhOr10wAOaEEZVoIVBQJiodrUAAoJEAAO
+aEEZVoIVpXkQAIlc/NZPYlSc6yyof7rpYW8vuhekphszYut48dwr4rcyxkQX3oRP
+9mNOT5NiO+O7Yfzr2ZC1v48RhjIz4jXbxHMEraH6W+/+Yh+F3bt8HBZIeLNm47R8
+dqji8I6koveJoIcC2ljVmPg5nIo1drUy1WGUgHy5tIW7YcF+eQpg+PPUjQPKTJdD
+3aC40L4jBM78BnhAZ9+RocjRP+O7XN3FVlnfQdjbGV4l/HuWhf6kmq7MlPkptDBe
+Q7QsVa33sv+GQf714FOxPH7/+N1pCn9OcH4Vew7FaWw45lvPX6GVWiXmBUDmGlLt
+jmNSRx85AFFSid8Si9tOQaKt8kzUCBQZMxoqOkrPwgEqmjJORl8WVlsCgKqX6AzZ
+8fiE/H7TIgg3PYGp7VwH3R5AfW45Ign1yP0Re5ehC8LJjOyMxybCzINWqP5BL4oP
+DZNxmWJcLj5KELRVE4yoslGJG2ZCckksCH550sgZlCbslWg2pgc9Oy88Mkt/6JBx
+FL4TGuVa/LXhUkiRCNMLf1hPpqV6/gyImYVw0geozGoK6L1W33DGlCxyQuJQly5D
+9etWvcfiOrptjnlee8h5jCTyAq2BNVXNVOQj+dZtf0c4MpZehrQfypClX99bG0I6
+jNWr7n7UzRXbNqTjewNA9AcvM1exHwCE9LN4j4XryewVogAcCu/rEsPNiQIzBBMB
+CAAdFiEEJZs3krPW0xkhLMTc1b+f6wMTZToFAmKh7f0ACgkQ1b+f6wMTZTqn5BAA
+v5MgSuJxK8Im8sFWihJmeacpeVFQxYwL5CCmLPhM6VgLk5T5Bj5HnNydP9iPjqFo
+sMWvoHZ8AuSJ84X8xHohq7VSBjtfI+j7cLiQc8RCE5J/gTNsz3Hio5vZy0Glh0/V
+WR7rpEMdUVsttBSWSicsYXy5lJTFoxxp5w8tzehFiQStlIngdp7EDe71o+1UPM5X
+WH/TOisRaJu3ezYIHxzS3aXAAQIFiyJrhn4IG8XZr/LqPgZEAqtjd53qr0QHf3fT
+SyPToGNJEPSajibhSzP9ILuH0sTPg1JS0WGjjeOubDrNKx+v8558wlVs4LPPcjBk
+vn8zJwnY28CFYvumbVGJooQ5b7WkAE8eLEEuJtXifyK4RBEFIYgLtVEPhWSykAnQ
+NI3YFcbiVUm9CK7cTUJZseLHqA3zjOcFLPA3Ovng/PIumiBh+HMGiTDsGP1FgeAC
+TjGFYbQiSbmUS5Ywe4kwhfHx5hC4bPtRIiRu8vQcahXRLOb/M9UBFV1TL+l51jy9
+8xjhSMeXjXWJQ+74sn1H0bQYgU07hKk1OzNRJKKxGbp3lcUuW3FG8d8xamsjbuhh
+YAym9mqMbQ6zie1uLyrl5AnjwmwSHO8Dw0ySlDJwdVB3WMSJEOQEiFanHd+ch+mV
+AUnYac/917Qtl2CXL2j7kignxHV0g5C7MeCubKrAujSJATMEEAEIAB0WIQQl9ZRf
+hSpnjHU7bCLFI/EKLZ0DWgUCYqNERQAKCRDFI/EKLZ0DWoGuB/9HuNS6hoqrJ1p1
+pQFFpILirDXPKWadvDT2M/QmNq0dsDja1OT7AW5wDhOz4lROlE4L4JxxfBkWh4kr
+NaChnGr9rkqt0fKpxDtHGwtzNM0UJcrYZtVpF2k+wdp0KFVo9Acjlb18lJR+jkwo
+m3b3+uIfkF6TMU4hzz/TAnzjq0pwK6uHPFyc48XffXtk5xaINzcFMpdkOED86dfj
+Av1vbBDLqD3k2CiLpJOOZ677pRnoTHxDv0VwHu32q4IQck+gU+q3xJXFPtJ9++M8
+LHPL7Bj5c0AEsgxXIa1kLZXbuHcgxx3bJ1R1IGf7SUTwoe1IRe8MED3oDlqxH9n3
+rMm5dpT5tChDYXJsb3MgRWR1YXJkbyBNYWlvbGlubyA8Y2VtQGtlcm5lbC5vcmc+
+iJMEExYKADsWIQRAIEWeWMGlJRH1OZET9wPmwRz28AUCYqh7RQIbAQULCQgHAgIi
+AgYVCgkICwIEFgIDAQIeBwIXgAAKCRAT9wPmwRz28IFHAP9VLxxFNn2qyEbli9lf
+vOpACRPt5l8Go+ESjcY95NSx+wEA7WSeImb3zxdbuY7/RwHtpvbI9irRkRuagkzN
+ZHRr1gm4MwRikOWbFgkrBgEEAdpHDwEBB0BSjwUNPerAlVvTQrWyCpizN5rM/XcO
+djbJQ93oGMOr8oh4BBgWCgAgFiEEQCBFnljBpSUR9TmRE/cD5sEc9vAFAmKQ5ZsC
+GyAACgkQE/cD5sEc9vAaZAEAkmjdywpS4+NumIgelWw297pBIs3d2A9zz1vMQAX6
+lNsA/jah5B7M8eVpze4weTuoDp5bagM+PCTiGZ1REPQlZ+oJuDMEYpDloxYJKwYB
+BAHaRw8BAQdAzioYD3NyX1Tpdd33vXEI+G8KQWrxVqfkAgKKB/aAKPKI7wQYFgoA
+IBYhBEAgRZ5YwaUlEfU5kRP3A+bBHPbwBQJikOWjAhsCAIEJEBP3A+bBHPbwdiAE
+GRYKAB0WIQT6QG4gav94c4l8aGS0VhjDaiT9IwUCYpDlowAKCRC0VhjDaiT9I9Ck
+AQDaUcr2BDm7wheWX8bJ98Er92zJr03/i3xmJW/87th18gEAvsO0OhK3D2p+Kq0g
+2vV2mgyRxK8loYs8o/00NYSbsQla6gEA4rnkGRQR3v4MByijGhq1ljaPMTQbILiT
+PbUqA3k1tssBAIDzUC7pDWJaWiJ2yDTVhBBvM+y+MnoJV5DqTt/L+KMHuDgEYpDm
+YBIKKwYBBAGXVQEFAQEHQNoBmGzRsHk6qWKBPtnr6vlO7ABo/HvkeoLUUZU2r/Q9
+AwEIB4h4BBgWCgAgFiEEQCBFnljBpSUR9TmRE/cD5sEc9vAFAmKQ5mACGwwACgkQ
+E/cD5sEc9vC+xAD/fgk/sVQrkfgur7ZvjsovfrjHbHC4tWeg3V8YVHIOdcoA/1Qt
+oTLMZzwt7Ckd+vFGfqSSs5D1FMmwaE4Z/WVoqPkD
+=n3Wp
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/SPECS-EXTENDED/xfsdump/xfsdump-3.1.12.tar.sign b/SPECS-EXTENDED/xfsdump/xfsdump-3.1.12.tar.sign
new file mode 100755
index 0000000000..5e08180548
--- /dev/null
+++ b/SPECS-EXTENDED/xfsdump/xfsdump-3.1.12.tar.sign
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+
+iIUEABYIAC0WIQT6QG4gav94c4l8aGS0VhjDaiT9IwUCY5xOnw8cY2VtQGtlcm5l
+bC5vcmcACgkQtFYYw2ok/SPdWgD/d0baJ+/kZ5vnbeIBzr85KIyckRW+N3S71RRU
+zYUADv8BAO8YSt8MH3vdCfSLC7Zp6E1UCwFgiiXApjI3nHCobsoO
+=R/Bu
+-----END PGP SIGNATURE-----
diff --git a/SPECS-EXTENDED/xfsdump/xfsdump.signatures.json b/SPECS-EXTENDED/xfsdump/xfsdump.signatures.json
index 4a03533203..8ae236d835 100644
--- a/SPECS-EXTENDED/xfsdump/xfsdump.signatures.json
+++ b/SPECS-EXTENDED/xfsdump/xfsdump.signatures.json
@@ -1,5 +1,7 @@
 {
  "Signatures": {
-  "xfsdump-3.1.9.tar.xz": "55aeede6232ddce6c9e79e2af88d6f808534df1552eb2bfaf7fb85b92add6dd1"
+  "13F703E6C11CF6F0.asc": "04d66154090ae73ae48f5b6acfa605fe30de03c166d6da9d024c8e8784da6e93",
+  "xfsdump-3.1.12.tar.sign": "11e781f437cf4e46c47222549508691fc5b8eac59c039d165380525805f53830",
+  "xfsdump-3.1.12.tar.xz": "f39c4c1b306b2dd7ec979c0e94d60fe69083d2ecf9af051cac5ef3bed772c74a"
  }
 }
diff --git a/SPECS-EXTENDED/xfsdump/xfsdump.spec b/SPECS-EXTENDED/xfsdump/xfsdump.spec
index 159d414694..291353bc6d 100644
--- a/SPECS-EXTENDED/xfsdump/xfsdump.spec
+++ b/SPECS-EXTENDED/xfsdump/xfsdump.spec
@@ -1,18 +1,21 @@
-Summary: Administrative utilities for the XFS filesystem
-Name: xfsdump
-Version: 3.1.9
-Release: 2%{?dist}
-# Licensing based on generic "GNU GENERAL PUBLIC LICENSE"
-# in source, with no mention of version.
-License: GPL+
+Summary:	Backup and restore utilities for the XFS filesystem
+Name:		xfsdump
+Version:	3.1.12
+Release:	6%{?dist}
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
-URL: https://git.kernel.org/pub/scm/fs/xfs/xfsdump-dev.git/about
-Source0: https://kernel.org/pub/linux/utils/fs/xfs/%{name}/%{name}-%{version}.tar.xz
-BuildRequires: gcc
-BuildRequires: libtool, gettext, gawk
-BuildRequires: xfsprogs-devel, libuuid-devel, libattr-devel ncurses-devel
-Requires: xfsprogs >= 2.6.30, attr >= 2.0.0
+# Licensing based on generic "GNU GENERAL PUBLIC LICENSE"
+# in source, with no mention of version.
+License:	GPL-1.0-or-later
+Source0:	https://kernel.org/pub/linux/utils/fs/xfs/%{name}/%{name}-%{version}.tar.xz
+Source1:	https://kernel.org/pub/linux/utils/fs/xfs/%{name}/%{name}-%{version}.tar.sign
+Source2:	https://git.kernel.org/pub/scm/docs/kernel/pgpkeys.git/plain/keys/13F703E6C11CF6F0.asc
+BuildRequires:	make
+BuildRequires:	gcc
+BuildRequires:	libtool, gettext, gawk
+BuildRequires:	xfsprogs-devel, libuuid-devel, libattr-devel ncurses-devel
+BuildRequires:	gnupg2, xz
+Requires:	xfsprogs >= 2.6.30, attr >= 2.0.0
 
 %description
 The xfsdump package contains xfsdump, xfsrestore and a number of
@@ -32,6 +35,7 @@ be layered on top of the full backup.  Single files and directory
 subtrees may be restored from full or partial backups.
 
 %prep
+xzcat '%{SOURCE0}' | %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data=-
 %setup -q
 
 %build
@@ -61,10 +65,55 @@ mkdir -p $RPM_BUILD_ROOT/%{_sharedstatedir}/xfsdump/inventory
 %{_sharedstatedir}/xfsdump/inventory
 
 %changelog
-* Fri Oct 15 2021 Pawel Winogrodzki  - 3.1.9-2
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Fri Mar 14 2025 Jyoti kanase  - 3.1.12-6
+- Initial Azure Linux import from Fedora 41 (license: MIT).
+- License verified.
+
+* Sat Jul 20 2024 Fedora Release Engineering  - 3.1.12-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Sat Jan 27 2024 Fedora Release Engineering  - 3.1.12-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Tue Oct 03 2023 Pavel Reichl  - 3.1.12-3
+- Convert License tag to SPDX format
+
+* Sat Jul 22 2023 Fedora Release Engineering  - 3.1.12-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Wed May 17 2023 Pavel Reichl  - 3.1.12-1
+- New upstream release (#2154255)
+
+* Sat Jan 21 2023 Fedora Release Engineering  - 3.1.11-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Fri Aug 26 2022 Eric Sandeen  - 3.1.11-1
+- New upstream release
+- Fix FTBFS with newer xfsprogs (#2113765)
+
+* Sat Jul 23 2022 Fedora Release Engineering  - 3.1.10-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Fri Feb 11 2022 Eric Sandeen  - 3.1.10-1
+- New upstream release
+
+* Sat Jan 22 2022 Fedora Release Engineering  - 3.1.9-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 3.1.9-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Thu Jan 28 2021 Fedora Release Engineering  - 3.1.9-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Sat Aug 01 2020 Fedora Release Engineering  - 3.1.9-3
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering  - 3.1.9-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 
-* Fri Jan 31 2020 Eric Sandeen  3.1.9-1
+* Fri Jan 31 2020 Eric Sandeen  - 3.1.9-1
 - New upstream release
 
 * Fri Jan 31 2020 Fedora Release Engineering  - 3.1.8-7
@@ -79,13 +128,13 @@ mkdir -p $RPM_BUILD_ROOT/%{_sharedstatedir}/xfsdump/inventory
 * Sat Jul 14 2018 Fedora Release Engineering  - 3.1.8-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
-* Mon Feb 26 2018 Eric Sandeen  3.1.8-3
+* Mon Feb 26 2018 Eric Sandeen  - 3.1.8-3
 - BuildRequires: gcc
 
 * Fri Feb 09 2018 Fedora Release Engineering  - 3.1.8-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 
-* Thu Sep 21 2017 Eric Sandeen  3.1.8-1
+* Thu Sep 21 2017 Eric Sandeen  - 3.1.8-1
 - New upstream release
 
 * Thu Aug 03 2017 Fedora Release Engineering  - 3.1.6-6
@@ -94,7 +143,7 @@ mkdir -p $RPM_BUILD_ROOT/%{_sharedstatedir}/xfsdump/inventory
 * Thu Jul 27 2017 Fedora Release Engineering  - 3.1.6-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
 
-* Thu Jun 08 2017 Eric Sandeen  3.1.6-4
+* Thu Jun 08 2017 Eric Sandeen  - 3.1.6-4
 - Build with largefile support on 32-bit platforms
 
 * Sat Feb 11 2017 Fedora Release Engineering  - 3.1.6-3
@@ -103,7 +152,7 @@ mkdir -p $RPM_BUILD_ROOT/%{_sharedstatedir}/xfsdump/inventory
 * Fri Feb 05 2016 Fedora Release Engineering  - 3.1.6-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
 
-* Tue Nov 10 2015 Eric Sandeen  3.1.6-1
+* Tue Nov 10 2015 Eric Sandeen  - 3.1.6-1
 - New upstream release
 
 * Fri Jun 19 2015 Fedora Release Engineering  - 3.1.4-3
@@ -112,55 +161,55 @@ mkdir -p $RPM_BUILD_ROOT/%{_sharedstatedir}/xfsdump/inventory
 * Mon Aug 18 2014 Fedora Release Engineering  - 3.1.4-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
 
-* Thu Jul 17 2014 Eric Sandeen  3.1.4-1
+* Thu Jul 17 2014 Eric Sandeen  - 3.1.4-1
 - New upstream release
 
-* Mon Jun 16 2014 Eric Sandeen  3.1.3-5
+* Mon Jun 16 2014 Eric Sandeen  - 3.1.3-5
 - Fix aarch64 build (#926800)
 
 * Sun Jun 08 2014 Fedora Release Engineering  - 3.1.3-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
 
-* Mon Jan 20 2014 Eric Sandeen  3.1.3-3
+* Mon Jan 20 2014 Eric Sandeen  - 3.1.3-3
 - Add /var/lib/xfsdump/inventory to file list (was created runtime)
 
 * Sun Aug 04 2013 Fedora Release Engineering  - 3.1.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
 
-* Wed May 08 2013 Eric Sandeen  3.1.3-1
+* Wed May 08 2013 Eric Sandeen  - 3.1.3-1
 - New upstream release
 
 * Fri Feb 15 2013 Fedora Release Engineering  - 3.1.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
 
-* Thu Dec 13 2012 Eric Sandeen  3.1.2-1
+* Thu Dec 13 2012 Eric Sandeen  - 3.1.2-1
 - New upstream release, with non-broken tarball
 
-* Thu Dec 13 2012 Eric Sandeen  3.1.1-1
+* Thu Dec 13 2012 Eric Sandeen  - 3.1.1-1
 - New upstream release
 
 * Sun Jul 22 2012 Fedora Release Engineering  - 3.1.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
 
-* Wed Mar 28 2012 Eric Sandeen  3.1.0-2
+* Wed Mar 28 2012 Eric Sandeen  - 3.1.0-2
 - Move files out of /sbin to /usr/sbin
 
-* Fri Mar 23 2012 Eric Sandeen  3.1.0-1
+* Fri Mar 23 2012 Eric Sandeen  - 3.1.0-1
 - New upstream release
 
 * Sat Jan 14 2012 Fedora Release Engineering  - 3.0.6-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
 
-* Mon Oct 17 2011 Eric Sandeen  3.0.6-1
+* Mon Oct 17 2011 Eric Sandeen  - 3.0.6-1
 - New upstream release
 
-* Thu Mar 31 2011 Eric Sandeen  3.0.5-1
+* Thu Mar 31 2011 Eric Sandeen  - 3.0.5-1
 - New upstream release
 
 * Mon Feb 07 2011 Fedora Release Engineering  - 3.0.4-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
 
-* Wed Jan 13 2010 Eric Sandeen  3.0.4-1
+* Wed Jan 13 2010 Eric Sandeen  - 3.0.4-1
 - New upstream release
 
 * Mon Nov 30 2009 Dennis Gregorovic  - 3.0.1-3.1
@@ -169,19 +218,19 @@ mkdir -p $RPM_BUILD_ROOT/%{_sharedstatedir}/xfsdump/inventory
 * Mon Jul 27 2009 Fedora Release Engineering  - 3.0.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
 
-* Tue Jun 30 2009 Eric Sandeen  3.0.1-2
+* Tue Jun 30 2009 Eric Sandeen  - 3.0.1-2
 - Fix up build-requires after e2fsprogs splitup
 
-* Tue May 05 2009 Eric Sandeen  3.0.1-1
+* Tue May 05 2009 Eric Sandeen  - 3.0.1-1
 - New upstream release
 
 * Thu Feb 26 2009 Fedora Release Engineering  - 3.0.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
 
-* Wed Feb 04 2009 Eric Sandeen  3.0.0-1
+* Wed Feb 04 2009 Eric Sandeen  - 3.0.0-1
 - New upstream release
 
-* Wed Nov 12 2008 Eric Sandeen  2.2.48-2
+* Wed Nov 12 2008 Eric Sandeen  - 2.2.48-2
 - Enable parallel builds
 
 * Sun Feb 10 2008 Eric Sandeen  - 2.2.48-1
diff --git a/SPECS-EXTENDED/xrestop/xrestop.signatures.json b/SPECS-EXTENDED/xrestop/xrestop.signatures.json
index ac03ac76ca..2e4f96fc23 100644
--- a/SPECS-EXTENDED/xrestop/xrestop.signatures.json
+++ b/SPECS-EXTENDED/xrestop/xrestop.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "xrestop-0.4.tar.gz": "67c2fc94a7ecedbaae0d1837e82e93d1d98f4a6d759828860e552119af3ce257"
+  "xrestop-0.6.tar.gz": "c4a212808be703b4929b01fa57efc46e6b662b958dc33c044efeab38065cd5dd"
  }
 }
diff --git a/SPECS-EXTENDED/xrestop/xrestop.spec b/SPECS-EXTENDED/xrestop/xrestop.spec
index 391bd1c72a..7dd6b8b816 100644
--- a/SPECS-EXTENDED/xrestop/xrestop.spec
+++ b/SPECS-EXTENDED/xrestop/xrestop.spec
@@ -1,17 +1,18 @@
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
 Summary:        X Resource Monitor
 Name:           xrestop
-Version:        0.4
-Release:        27%{?dist}
-License:        GPLv2+
-URL:            http://www.freedesktop.org/Software/xrestop
-Source0:        http://downloads.yoctoproject.org/releases/%{name}/%{name}-%{version}.tar.gz
-
-BuildRequires: gcc
-BuildRequires: ncurses-devel
-BuildRequires: libXres-devel
-BuildRequires: libXext-devel
+Version:        0.6
+Release:        5%{?dist}
+License:        GPL-2.0-or-later
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+URL:            https://www.freedesktop.org/Software/xrestop
+Source0:        https://xorg.freedesktop.org/archive/individual/app/%{name}-%{version}.tar.gz
+
+BuildRequires: make
+BuildRequires:  gcc
+BuildRequires: ncurses-devel 
+BuildRequires: libXres-devel 
+BuildRequires: libXext-devel 
 BuildRequires: libX11-devel
 BuildRequires: libXau-devel
 
@@ -26,25 +27,56 @@ for tracking down application X resource usage leaks.
 %build
 %configure
 make
+# SUBDIRS=
 
 %install
 rm -rf "$RPM_BUILD_ROOT"
 make DESTDIR="$RPM_BUILD_ROOT" install
+#SUBDIRS=
 
 %files
 %license COPYING
-%doc AUTHORS NEWS README
+%doc AUTHORS NEWS README.md
 %{_bindir}/xrestop
 %{_mandir}/man1/xrestop.1*
 
 %changelog
-* Mon Apr 25 2022 Mateusz Malisz  - 0.4-27
-- Update Source0
-- Improve formatting
+* Fri Mar 14 2025 Jyoti kanase  - 0.6-5
+- Initial Azure Linux import from Fedora 41 (license: MIT).
 - License verified.
 
-* Fri Oct 15 2021 Pawel Winogrodzki  - 0.4-26
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Sat Jul 20 2024 Fedora Release Engineering  - 0.6-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Sat Jan 27 2024 Fedora Release Engineering  - 0.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Sep 11 2023 Olivier Fourdan  - 0.6-2
+- migrated to SPDX license
+
+* Mon Sep 11 2023 Olivier Fourdan  - 0.6-1
+- xrestop 0.6
+
+* Sat Jul 22 2023 Fedora Release Engineering  - 0.4-32
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Sat Jan 21 2023 Fedora Release Engineering  - 0.4-31
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Sat Jul 23 2022 Fedora Release Engineering  - 0.4-30
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Sat Jan 22 2022 Fedora Release Engineering  - 0.4-29
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 0.4-28
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Thu Jan 28 2021 Fedora Release Engineering  - 0.4-27
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering  - 0.4-26
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 
 * Fri Jan 31 2020 Fedora Release Engineering  - 0.4-25
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
@@ -151,3 +183,5 @@ make DESTDIR="$RPM_BUILD_ROOT" install
 
 * Tue Mar  9 2004 Mike A. Harris  0.2-1
 - Initial Red Hat RPM package.
+
+
diff --git a/SPECS-EXTENDED/ypserv/rpc.yppasswdd.env b/SPECS-EXTENDED/ypserv/rpc.yppasswdd.env
old mode 100644
new mode 100755
diff --git a/SPECS-EXTENDED/ypserv/yppasswdd-pre-setdomain b/SPECS-EXTENDED/ypserv/yppasswdd-pre-setdomain
old mode 100644
new mode 100755
diff --git a/SPECS-EXTENDED/ypserv/yppasswdd.service b/SPECS-EXTENDED/ypserv/yppasswdd.service
old mode 100644
new mode 100755
diff --git a/SPECS-EXTENDED/ypserv/ypserv-2.13-nonedomain.patch b/SPECS-EXTENDED/ypserv/ypserv-2.13-nonedomain.patch
old mode 100644
new mode 100755
diff --git a/SPECS-EXTENDED/ypserv/ypserv-2.13-ypxfr-zeroresp.patch b/SPECS-EXTENDED/ypserv/ypserv-2.13-ypxfr-zeroresp.patch
old mode 100644
new mode 100755
diff --git a/SPECS-EXTENDED/ypserv/ypserv-2.19-slp-warning.patch b/SPECS-EXTENDED/ypserv/ypserv-2.19-slp-warning.patch
old mode 100644
new mode 100755
diff --git a/SPECS-EXTENDED/ypserv/ypserv-2.24-aliases.patch b/SPECS-EXTENDED/ypserv/ypserv-2.24-aliases.patch
old mode 100644
new mode 100755
diff --git a/SPECS-EXTENDED/ypserv/ypserv-2.27-confpost.patch b/SPECS-EXTENDED/ypserv/ypserv-2.27-confpost.patch
old mode 100644
new mode 100755
diff --git a/SPECS-EXTENDED/ypserv/ypserv-2.31-netgrprecur.patch b/SPECS-EXTENDED/ypserv/ypserv-2.31-netgrprecur.patch
old mode 100644
new mode 100755
diff --git a/SPECS-EXTENDED/ypserv/ypserv-2.5-nfsnobody2.patch b/SPECS-EXTENDED/ypserv/ypserv-2.5-nfsnobody2.patch
old mode 100644
new mode 100755
diff --git a/SPECS-EXTENDED/ypserv/ypserv-2.5-redhat.patch b/SPECS-EXTENDED/ypserv/ypserv-2.5-redhat.patch
old mode 100644
new mode 100755
diff --git a/SPECS-EXTENDED/ypserv/ypserv-4.0-headers.patch b/SPECS-EXTENDED/ypserv/ypserv-4.0-headers.patch
old mode 100644
new mode 100755
index 320558d729..499af393fc
--- a/SPECS-EXTENDED/ypserv/ypserv-4.0-headers.patch
+++ b/SPECS-EXTENDED/ypserv/ypserv-4.0-headers.patch
@@ -1,5 +1,5 @@
---- makedbm/makedbm.c.headers	2017-02-21 13:57:23.933293831 +0100
-+++ makedbm/makedbm.c	2017-02-21 13:57:48.141286207 +0100
+--- ypserv-4.2/makedbm/makedbm.c.headers	2017-02-21 13:57:23.933293831 +0100
++++ ypserv-4.2/makedbm/makedbm.c	2017-02-21 13:57:48.141286207 +0100
 @@ -30,6 +30,7 @@
  #include 
  #include 
diff --git a/SPECS-EXTENDED/ypserv/ypserv-4.0-manfix.patch b/SPECS-EXTENDED/ypserv/ypserv-4.0-manfix.patch
old mode 100644
new mode 100755
diff --git a/SPECS-EXTENDED/ypserv/ypserv-4.0-selinux-context.patch b/SPECS-EXTENDED/ypserv/ypserv-4.0-selinux-context.patch
old mode 100644
new mode 100755
diff --git a/SPECS-EXTENDED/ypserv/ypserv-4.2-implicit-int.patch b/SPECS-EXTENDED/ypserv/ypserv-4.2-implicit-int.patch
new file mode 100755
index 0000000000..42c9a106df
--- /dev/null
+++ b/SPECS-EXTENDED/ypserv/ypserv-4.2-implicit-int.patch
@@ -0,0 +1,12 @@
+diff -ruN ypserv-4.2/configure.ac ypserv-4.2.orig/configure.ac
+--- ypserv-4.2/configure.ac	2022-12-01 13:22:38.493164313 +0100
++++ ypserv-4.2.orig/configure.ac	2022-12-01 13:13:06.411943797 +0100
+@@ -99,7 +99,7 @@
+ AC_CACHE_CHECK(for -fpie, libc_cv_fpie, [dnl
+   cat > conftest.c < - 4.1-4
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Fri Mar 14 2025 Jyoti kanase  - 4.2-12
+- Initial Azure Linux import from Fedora 41 (license: MIT).
+- License verified.
+
+* Sat Jul 20 2024 Fedora Release Engineering  - 4.2-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Tue Jan 30 2024 Ondrej Sloup  - 4.2-10
+- Don't hard code _FORTIFY_SOURCE=2
+- Update license tag to the SPDX format (GPL-2.0-only)
+
+* Sat Jan 27 2024 Fedora Release Engineering  - 4.2-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sat Jul 22 2023 Fedora Release Engineering  - 4.2-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Sat Jan 21 2023 Fedora Release Engineering  - 4.2-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Thu Dec 01 2022 Timm Bäder  - 4.2-6
+- Get rid of an implicit int during configure time
+- See https://fedoraproject.org/wiki/Changes/PortingToModernC
+
+* Sat Jul 23 2022 Fedora Release Engineering  - 4.2-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Tue Feb 01 2022 Marek Kulik  - 4.2-4
+- Fix gcc12 compilation issues
+- Resolves: #2047138
+
+* Sat Jan 22 2022 Fedora Release Engineering  - 4.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Nov 12 2021 Björn Esser  - 4.2-2
+- Rebuild(libnsl2)
+
+* Tue Sep 28 2021 Marek Kulik  - 4.2-1
+- Update to new upstream version 4.2
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 4.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek  - 4.1-6
+- Rebuilt for updated systemd-rpm-macros
+  See https://pagure.io/fesco/issue/2583.
+
+* Thu Jan 28 2021 Fedora Release Engineering  - 4.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering  - 4.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 
 * Fri Jan 31 2020 Fedora Release Engineering  - 4.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
diff --git a/SPECS-EXTENDED/ypserv/ypxfrd.service b/SPECS-EXTENDED/ypserv/ypxfrd.service
old mode 100644
new mode 100755
diff --git a/SPECS-EXTENDED/yq/yq.signatures.json b/SPECS-EXTENDED/yq/yq.signatures.json
new file mode 100644
index 0000000000..f18dea7991
--- /dev/null
+++ b/SPECS-EXTENDED/yq/yq.signatures.json
@@ -0,0 +1,6 @@
+{
+ "Signatures": {
+  "yq-4.45.1-vendor.tar.gz": "4c065b57dab5cf28aacc0b063f048c05b23cdfe506ce3eb4178fbd2577dae14f",
+  "yq-4.45.1.tar.gz": "074a21a002c32a1db3850064ad1fc420083d037951c8102adecfea6c5fd96427"
+ }
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/yq/yq.spec b/SPECS-EXTENDED/yq/yq.spec
new file mode 100644
index 0000000000..90fad61ff1
--- /dev/null
+++ b/SPECS-EXTENDED/yq/yq.spec
@@ -0,0 +1,45 @@
+Summary:        Yq is a portable command-line YAML, JSON, XML, CSV, TOML  and properties processor
+Name:           yq
+Version:        4.45.1
+Release:        1%{?dist}
+License:        MIT
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+URL:            https://github.com/mikefarah/yq
+Source:         https://github.com/mikefarah/yq/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source1:        %{name}-%{version}-vendor.tar.gz
+BuildRequires:  golang
+%global debug_package %{nil}
+%define our_gopath %{_topdir}/.gopath
+ 
+%description
+yq is a lightweight and portable command-line YAML, JSON and XML processor. yq uses jq like syntax but works with yaml files as well as json, xml, properties, csv and tsv. It doesn't yet support everything jq does - but it does support the most common operations and functions, and more is being added continuously.
+
+%prep
+%autosetup -p1 -n %{name}-%{version} -a1
+
+%build
+export GOPATH=%{our_gopath}
+# No mod download use vendor cache locally
+export GOFLAGS="-buildmode=pie -trimpath -mod=vendor -modcacherw"
+go build -o bin/ --ldflags "-X main.GitCommit= -X main.GitDescribe= -w -s"
+
+%install
+install -m 0755 -vd %{buildroot}%{_bindir}
+install -m 0755 -vp bin/* %{buildroot}%{_bindir}/
+
+%check
+cp bin/yq .
+bash ./scripts/acceptance.sh
+
+%files
+%license LICENSE
+%doc examples CODE_OF_CONDUCT.md how-it-works.md project-words.txt
+%doc release_instructions.txt CONTRIBUTING.md README.md release_notes.txt
+%{_bindir}/yq
+
+%changelog
+* Mon Mar 17 2025 Sandeep Karambelkar  - 4.45.1-1
+- Initial Azure Linux import from Fedora 42 (license: MIT).
+- Upgraded version from 4.43 to 4.45.1
+- License verified
diff --git a/SPECS-EXTENDED/zenity/zenity.signatures.json b/SPECS-EXTENDED/zenity/zenity.signatures.json
index d158bdef87..1c4192a6d4 100644
--- a/SPECS-EXTENDED/zenity/zenity.signatures.json
+++ b/SPECS-EXTENDED/zenity/zenity.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "zenity-3.32.0.tar.xz": "e786e733569c97372c3ef1776e71be7e7599ebe87e11e8ad67dcc2e63a82cd95"
+  "zenity-3.44.1.tar.xz": "d65400aec965411f4c0b3d8e0e0dac54be55d807a29279697537da2dfee93eaa"
  }
 }
diff --git a/SPECS-EXTENDED/zenity/zenity.spec b/SPECS-EXTENDED/zenity/zenity.spec
index 52aca8936c..840824d1e4 100644
--- a/SPECS-EXTENDED/zenity/zenity.spec
+++ b/SPECS-EXTENDED/zenity/zenity.spec
@@ -1,21 +1,21 @@
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Name:          zenity
-Version:       3.32.0
-Release:       4%{?dist}
+Version:       3.44.1
+Release:       2%{?dist}
 Summary:       Display dialog boxes from shell scripts
 
 License:       LGPLv2+
 URL:           https://wiki.gnome.org/Projects/Zenity
-Source:        https://download.gnome.org/sources/%{name}/3.32/%{name}-%{version}.tar.xz
+Source:        https://download.gnome.org/sources/%{name}/3.44/%{name}-%{version}.tar.xz
 
-BuildRequires:  gcc
-BuildRequires: pkgconfig(gtk+-3.0) >= 3.0.0
+BuildRequires: pkgconfig(gtk+-3.0) >= 3.16.0
 BuildRequires: pkgconfig(libnotify) >= 0.6.1
-BuildRequires: which
+BuildRequires: gcc
 BuildRequires: gettext
-BuildRequires: intltool
 BuildRequires: itstool
+BuildRequires: meson
+BuildRequires: which
 
 %description
 Zenity lets you display Gtk+ dialog boxes from the command line and through
@@ -23,34 +23,79 @@ shell scripts. It is similar to gdialog, but is intended to be saner. It comes
 from the same family as dialog, Xdialog, and cdialog.
 
 %prep
-%setup -q
+%autosetup -p1
 
 
 %build
-%configure --disable-webkitgtk
-make V=1 %{?_smp_mflags}
+%meson -Dlibnotify=true
+%meson_build
 
 
 %install
-%make_install
+%meson_install
 
 # we don't want a perl dependency just for this
-rm $RPM_BUILD_ROOT%{_bindir}/gdialog
+rm -f $RPM_BUILD_ROOT%{_bindir}/gdialog
 
 %find_lang zenity --with-gnome
 
 
 %files -f zenity.lang
 %license COPYING
-%doc AUTHORS NEWS THANKS README
+%doc AUTHORS NEWS THANKS README.md
 %{_bindir}/zenity
-%{_datadir}/zenity
+%{_datadir}/zenity/
 %{_mandir}/man1/zenity.1*
 
 
 %changelog
-* Fri Oct 15 2021 Pawel Winogrodzki  - 3.32.0-4
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Wed May 07 2025 Archana Shettigar  - 3.44.1-2
+- Initial Azure Linux import from Fedora 37 (license: MIT).
+- License verified
+
+* Wed May 03 2023 David King  - 3.44.1-1
+- Update to 3.44.1
+
+* Thu Mar 16 2023 David King  - 3.44.0-1
+- Update to 3.44.0
+
+* Sat Jul 23 2022 Fedora Release Engineering  - 3.43.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Sun Jul 17 2022 Honore Doktorr  - 3.43.0-2
+- Add missing BuildRequires for pkgconfig(libnotify)
+- enable libnotify option for meson build
+
+* Thu Jul 07 2022 David King  - 3.43.0-1
+- Update to 3.43.0
+
+* Wed Apr 27 2022 David King  - 3.42.1-1
+- Update to 3.42.1
+
+* Fri Apr 01 2022 David King  - 3.42.0-1
+- Update to 3.42.0
+
+* Sat Jan 22 2022 Fedora Release Engineering  - 3.41.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Wed Oct 06 2021 Kalev Lember  - 3.41.0-2
+- Fix eln build
+
+* Mon Aug 23 2021 Kalev Lember  - 3.41.0-1
+- Update to 3.41.0
+- Switch to meson build system
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 3.32.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Thu Mar 04 2021 David King  - 3.32.0-6
+- Use make macros
+
+* Thu Jan 28 2021 Fedora Release Engineering  - 3.32.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering  - 3.32.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 
 * Fri Jan 31 2020 Fedora Release Engineering  - 3.32.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
diff --git a/SPECS-EXTENDED/zziplib/zziplib.signatures.json b/SPECS-EXTENDED/zziplib/zziplib.signatures.json
index 43022ee3f6..332481f924 100644
--- a/SPECS-EXTENDED/zziplib/zziplib.signatures.json
+++ b/SPECS-EXTENDED/zziplib/zziplib.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "zziplib-0.13.72.tar.gz": "93ef44bf1f1ea24fc66080426a469df82fa631d13ca3b2e4abaeab89538518dc"
+  "zziplib-0.13.74.tar.gz": "319093aa98d39453f3ea2486a86d8a2fab2d5632f6633a2665318723a908eecf"
  }
-}
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/zziplib/zziplib.spec b/SPECS-EXTENDED/zziplib/zziplib.spec
index 4fff3f57f6..d593475bdb 100644
--- a/SPECS-EXTENDED/zziplib/zziplib.spec
+++ b/SPECS-EXTENDED/zziplib/zziplib.spec
@@ -1,12 +1,13 @@
 Summary:        Lightweight library to easily extract data from zip files
 Name:           zziplib
-Version:        0.13.72
-Release:        3%{?dist}
+Version:        0.13.74
+Release:        1%{?dist}
 License:        LGPLv2+ OR MPLv1.1
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://zziplib.sourceforge.net/
-Source:         https://github.com/gdraheim/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source:         https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+
 BuildRequires:  SDL-devel
 BuildRequires:  cmake
 BuildRequires:  gcc
@@ -14,6 +15,7 @@ BuildRequires:  make
 BuildRequires:  perl-interpreter
 BuildRequires:  pkgconfig
 BuildRequires:  python3
+BuildRequires:  SDL-devel
 BuildRequires:  python3-rpm-macros
 BuildRequires:  xmlto
 BuildRequires:  zip
@@ -76,6 +78,7 @@ make test -C "%{_vpath_builddir}"
 %license docs/COPYING*
 %doc ChangeLog README TODO
 %{_libdir}/*.so.*
+%exclude %{_datadir}/zziplib/*.cmake
 
 %files utils
 %{_bindir}/*
@@ -90,6 +93,10 @@ make test -C "%{_vpath_builddir}"
 %{_mandir}/man3/*
 
 %changelog
+* Tue Mar 04 2025 Jyoti Kanase  - 1.13.74
+- Upgrade to 0.13.74
+- License Verified
+
 * Wed Dec 14 2022 Sumedh Sharma  - 0.13.72-3
 - Initial CBL-Mariner import from Fedora 37 (license: MIT)
 - License Verified
diff --git a/SPECS-SIGNED/edk2-hvloader-signed/edk2-hvloader-signed.spec b/SPECS-SIGNED/edk2-hvloader-signed/edk2-hvloader-signed.spec
index 949e24c7d7..8c82f580f7 100644
--- a/SPECS-SIGNED/edk2-hvloader-signed/edk2-hvloader-signed.spec
+++ b/SPECS-SIGNED/edk2-hvloader-signed/edk2-hvloader-signed.spec
@@ -11,7 +11,7 @@
 Summary:        Signed HvLoader.efi for %{buildarch} systems
 Name:           edk2-hvloader-signed-%{buildarch}
 Version:        %{GITDATE}git%{GITCOMMIT}
-Release:        5%{?dist}
+Release:        8%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -74,6 +74,15 @@ popd
 /boot/efi/HvLoader.efi
 
 %changelog
+* Thu Apr 24 2025 Jyoti Kanase  - 20240524git3e722403cd16-8
+- Bump release for consistency with edk2 spec.
+
+* Wed Apr 23 2025 Archana Choudhary  - 20240524git3e722403cd16-7
+- Bump release for consistency with edk2 spec.
+
+* Tue Apr 15 2025 Tobias Brick  - 20240524git3e722403cd16-6
+- Bump release for consistency with edk2 spec.
+
 * Wed Mar 26 2025 Tobias Brick  - 20240524git3e722403cd16-5
 - Bump release for consistency with edk2 spec.
 
diff --git a/SPECS-SIGNED/fwctl-signed/fwctl-signed.spec b/SPECS-SIGNED/fwctl-signed/fwctl-signed.spec
index 0d8d3543e9..65cddce0e0 100644
--- a/SPECS-SIGNED/fwctl-signed/fwctl-signed.spec
+++ b/SPECS-SIGNED/fwctl-signed/fwctl-signed.spec
@@ -43,9 +43,9 @@
 %{!?_name: %define _name fwctl}
 
 Summary:	 %{_name} Driver
-Name:		 %{_name}
+Name:		 %{_name}-signed
 Version:	 24.10
-Release:	 13%{?dist}
+Release:	 18%{?dist}
 License:	 GPLv2
 Url:		 http://nvidia.com
 Group:		 System Environment/Base
@@ -57,7 +57,7 @@ Group:		 System Environment/Base
 #   3. Place the unsigned package and signed binary in this spec's folder
 #   4. Build this spec
 
-Source0:        %{name}-%{version}-%{release}.%{_arch}.rpm
+Source0:        %{_name}-%{version}-%{release}.%{_arch}.rpm
 Source1:        fwctl.ko
 Source2:        mlx5_fwctl.ko
 
@@ -65,13 +65,18 @@ Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 ExclusiveArch:  x86_64
 
+%description
+fwctl signed kernel modules
+
+%package -n %{_name}
+Summary:        %{summary}
 Requires:       mlnx-ofa_kernel = %{version}
 Requires:       mlnx-ofa_kernel-modules  = %{version}
 Requires:       kernel = %{target_kernel_version_full}
 Requires:       kmod
 
-%description
-fwctl signed kernel modules
+%description -n %{_name}
+%{description}
 
 %prep
 
@@ -95,23 +100,38 @@ cp -rp ./. %{buildroot}/
 
 popd
 
-%post
+%post -n %{_name}
 if [ $1 -ge 1 ]; then # 1 : This package is being installed or reinstalled
   /sbin/depmod %{KVERSION}
 fi # 1 : closed
 # END of post
 
-%postun
+%postun -n %{_name}
 /sbin/depmod %{KVERSION}
 
-%files
+%files -n %{_name}
 %defattr(-,root,root,-)
-%license %{_datadir}/licenses/%{name}/copyright
+%license %{_datadir}/licenses/%{_name}/copyright
 /lib/modules/%{KVERSION}/updates/
-%config(noreplace) %{_sysconfdir}/depmod.d/zz02-%{name}-*.conf
+%config(noreplace) %{_sysconfdir}/depmod.d/zz02-%{_name}-*.conf
 
 
 %changelog
+* Tue May 13 2025 Siddharth Chintamaneni  - 24.10-18
+- Bump release to rebuild for new kernel release
+
+* Tue Apr 29 2025 Siddharth Chintamaneni  - 24.10-17
+- Bump release to rebuild for new kernel release
+
+* Fri Apr 25 2025 Chris Co  - 24.10-16
+- Bump release to rebuild for new kernel release
+
+* Tue Apr 08 2025 Pawel Winogrodzki  - 24.10-15
+- Re-naming the package to de-duplicate the SRPM name.
+
+* Sat Apr 05 2025 CBL-Mariner Servicing Account  - 24.10-14
+- Bump release to rebuild for new kernel release
+
 * Fri Mar 14 2025 CBL-Mariner Servicing Account  - 24.10-13
 - Bump release to rebuild for new kernel release
 
diff --git a/SPECS-SIGNED/grub2-efi-binary-signed/grub2-efi-binary-signed.spec b/SPECS-SIGNED/grub2-efi-binary-signed/grub2-efi-binary-signed.spec
index 5a2211f6cc..5aeebf0080 100644
--- a/SPECS-SIGNED/grub2-efi-binary-signed/grub2-efi-binary-signed.spec
+++ b/SPECS-SIGNED/grub2-efi-binary-signed/grub2-efi-binary-signed.spec
@@ -13,7 +13,7 @@
 Summary:        Signed GRand Unified Bootloader for %{buildarch} systems
 Name:           grub2-efi-binary-signed-%{buildarch}
 Version:        2.06
-Release:        22%{?dist}
+Release:        23%{?dist}
 License:        GPLv3+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -84,6 +84,9 @@ cp %{SOURCE3} %{buildroot}/boot/efi/EFI/%{efidir}/%{grubpxeefiname}
 /boot/efi/EFI/%{efidir}/%{grubpxeefiname}
 
 %changelog
+* Thu Apr 17 2025 Kavya Sree Kaitepalli  - 2.06-23
+- Bump release number to match grb release
+
 * Sun Nov 10 2024 Chris Co  - 2.06-22
 - Set efidir location to BOOT for eventual use in changing to "azurelinux"
 
diff --git a/SPECS-SIGNED/iser-signed/iser-signed.spec b/SPECS-SIGNED/iser-signed/iser-signed.spec
index 502ad5a285..dc7f8eadf7 100644
--- a/SPECS-SIGNED/iser-signed/iser-signed.spec
+++ b/SPECS-SIGNED/iser-signed/iser-signed.spec
@@ -39,9 +39,9 @@
 %{!?_name: %define _name iser}
 
 Summary:	 %{_name} Driver
-Name:		 %{_name}
+Name:		 %{_name}-signed
 Version:	 24.10
-Release:	 13%{?dist}
+Release:	 18%{?dist}
 License:	 GPLv2
 Url:		 http://www.mellanox.com
 Group:		 System Environment/Base
@@ -53,20 +53,25 @@ Group:		 System Environment/Base
 #   3. Place the unsigned package and signed binary in this spec's folder
 #   4. Build this spec
 
-Source0:	 %{name}-%{version}-%{release}.%{_arch}.rpm
+Source0:	 %{_name}-%{version}-%{release}.%{_arch}.rpm
 Source1:         ib_iser.ko
 
 Vendor:          Microsoft Corporation
 Distribution:    Azure Linux
 ExclusiveArch:   x86_64
 
+%description
+iser signed kernel modules
+
+%package -n %{_name}
+Summary:        %{summary}
 Requires:       mlnx-ofa_kernel = %{version}
 Requires:       mlnx-ofa_kernel-modules  = %{version}
 Requires:       kernel = %{target_kernel_version_full}
 Requires:       kmod
 
-%description
-iser signed kernel modules
+%description -n %{_name}
+%{description}
 
 %prep
 
@@ -87,22 +92,37 @@ cp -rp ./. %{buildroot}/
 popd
 
 
-%post
+%post -n %{_name}
 if [ $1 -ge 1 ]; then # 1 : This package is being installed or reinstalled
   /sbin/depmod %{KVERSION}
 fi # 1 : closed
 # END of post
 
-%postun
+%postun -n %{_name}
 /sbin/depmod %{KVERSION}
 
-%files
+%files -n %{_name}
 %defattr(-,root,root,-)
-%license %{_datadir}/licenses/%{name}/copyright
+%license %{_datadir}/licenses/%{_name}/copyright
 /lib/modules/%{KVERSION}/updates/
-%config(noreplace) %{_sysconfdir}/depmod.d/zz02-%{name}-*.conf
+%config(noreplace) %{_sysconfdir}/depmod.d/zz02-%{_name}-*.conf
 
 %changelog
+* Tue May 13 2025 Siddharth Chintamaneni  - 24.10-18
+- Bump release to rebuild for new kernel release
+
+* Tue Apr 29 2025 Siddharth Chintamaneni  - 24.10-17
+- Bump release to rebuild for new kernel release
+
+* Fri Apr 25 2025 Chris Co  - 24.10-16
+- Bump release to rebuild for new kernel release
+
+* Tue Apr 08 2025 Pawel Winogrodzki  - 24.10-15
+- Re-naming the package to de-duplicate the SRPM name.
+
+* Sat Apr 05 2025 CBL-Mariner Servicing Account  - 24.10-14
+- Bump release to rebuild for new kernel release
+
 * Fri Mar 14 2025 CBL-Mariner Servicing Account  - 24.10-13
 - Bump release to rebuild for new kernel release
 
diff --git a/SPECS-SIGNED/isert-signed/isert-signed.spec b/SPECS-SIGNED/isert-signed/isert-signed.spec
index a920948eaf..3846afdc04 100644
--- a/SPECS-SIGNED/isert-signed/isert-signed.spec
+++ b/SPECS-SIGNED/isert-signed/isert-signed.spec
@@ -39,9 +39,9 @@
 %{!?_name: %define _name isert}
 
 Summary:	 %{_name} Driver
-Name:		 %{_name}
+Name:		 %{_name}-signed
 Version:	 24.10
-Release:	 13%{?dist}
+Release:	 18%{?dist}
 License:	 GPLv2
 Url:		 http://www.mellanox.com
 Group:		 System Environment/Base
@@ -53,20 +53,25 @@ Group:		 System Environment/Base
 #   3. Place the unsigned package and signed binary in this spec's folder
 #   4. Build this spec
 
-Source0:	 %{name}-%{version}-%{release}.%{_arch}.rpm
+Source0:	 %{_name}-%{version}-%{release}.%{_arch}.rpm
 Source1:         ib_isert.ko
 
 Vendor:          Microsoft Corporation
 Distribution:    Azure Linux
 ExclusiveArch:   x86_64
 
+%description
+isert signed kernel modules
+
+%package -n %{_name}
+Summary:        %{summary}
 Requires:       mlnx-ofa_kernel = %{version}
 Requires:       mlnx-ofa_kernel-modules  = %{version}
 Requires:       kernel = %{target_kernel_version_full}
 Requires:       kmod
 
-%description
-isert signed kernel modules
+%description -n %{_name}
+%{description}
 
 %prep
 
@@ -86,22 +91,37 @@ cp -rp ./. %{buildroot}/
 
 popd
 
-%post
+%post -n %{_name}
 if [ $1 -ge 1 ]; then # 1 : This package is being installed or reinstalled
   /sbin/depmod %{KVERSION}
 fi # 1 : closed
 # END of post
 
-%postun
+%postun -n %{_name}
 /sbin/depmod %{KVERSION}
 
-%files
+%files -n %{_name}
 %defattr(-,root,root,-)
-%license %{_datadir}/licenses/%{name}/copyright
+%license %{_datadir}/licenses/%{_name}/copyright
 /lib/modules/%{KVERSION}/updates/
-%config(noreplace) %{_sysconfdir}/depmod.d/zz02-%{name}-*.conf
+%config(noreplace) %{_sysconfdir}/depmod.d/zz02-%{_name}-*.conf
 
 %changelog
+* Tue May 13 2025 Siddharth Chintamaneni  - 24.10-18
+- Bump release to rebuild for new kernel release
+
+* Tue Apr 29 2025 Siddharth Chintamaneni  - 24.10-17
+- Bump release to rebuild for new kernel release
+
+* Fri Apr 25 2025 Chris Co  - 24.10-16
+- Bump release to rebuild for new kernel release
+
+* Tue Apr 08 2025 Pawel Winogrodzki  - 24.10-15
+- Re-naming the package to de-duplicate the SRPM name.
+
+* Sat Apr 05 2025 CBL-Mariner Servicing Account  - 24.10-14
+- Bump release to rebuild for new kernel release
+
 * Fri Mar 14 2025 CBL-Mariner Servicing Account  - 24.10-13
 - Bump release to rebuild for new kernel release
 
diff --git a/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec b/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec
index b5f55f78d8..965c04c9ea 100644
--- a/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec
+++ b/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec
@@ -6,8 +6,8 @@
 %define uname_r %{version}-%{release}
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-64k-signed-%{buildarch}
-Version:        6.6.82.1
-Release:        1%{?dist}
+Version:        6.6.85.1
+Release:        4%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -105,6 +105,18 @@ echo "initrd of kernel %{uname_r} removed" >&2
 %exclude /module_info.ld
 
 %changelog
+* Tue May 13 2025 Siddharth Chintamaneni  - 6.6.85.1-4
+- Bump release to match kernel
+
+* Tue Apr 29 2025 Siddharth Chintamaneni  - 6.6.85.1-3
+- Bump release to match kernel
+
+* Fri Apr 25 2025 Chris Co  - 6.6.85.1-2
+- Bump release to rebuild for new kernel release
+
+* Sat Apr 05 2025 CBL-Mariner Servicing Account  - 6.6.85.1-1
+- Auto-upgrade to 6.6.85.1
+
 * Fri Mar 14 2025 CBL-Mariner Servicing Account  - 6.6.82.1-1
 - Auto-upgrade to 6.6.82.1
 
diff --git a/SPECS-SIGNED/kernel-mshv-signed/kernel-mshv-signed.spec b/SPECS-SIGNED/kernel-mshv-signed/kernel-mshv-signed.spec
index d8eb4ec6e6..60cae7bfbc 100644
--- a/SPECS-SIGNED/kernel-mshv-signed/kernel-mshv-signed.spec
+++ b/SPECS-SIGNED/kernel-mshv-signed/kernel-mshv-signed.spec
@@ -6,8 +6,8 @@
 %define uname_r %{version}-%{release}
 Summary:        Signed MSHV-enabled Linux Kernel for %{buildarch} systems
 Name:           kernel-mshv-signed-%{buildarch}
-Version:        5.15.157.mshv1
-Release:        3%{?dist}
+Version:        6.6.57.mshv4
+Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -136,6 +136,9 @@ echo "initrd of kernel %{uname_r} removed" >&2
 %exclude /lib/modules/%{uname_r}/build
 
 %changelog
+* Tue May 06 2025 Manuel Huber  - 6.6.57.mshv4-1
+- Upgrade to 6.6.57.mshv4
+
 * Fri Jan 24 2025 Cameron Baird  - 5.15.157.mshv1-3
 - Original version for Azure Linux.
 - license: MIT
diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec
index 540edeee2d..8b13c3885a 100644
--- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec
+++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec
@@ -9,8 +9,8 @@
 %define uname_r %{version}-%{release}
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-signed-%{buildarch}
-Version:        6.6.82.1
-Release:        1%{?dist}
+Version:        6.6.85.1
+Release:        4%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -145,6 +145,18 @@ echo "initrd of kernel %{uname_r} removed" >&2
 %exclude /module_info.ld
 
 %changelog
+* Tue May 13 2025 Siddharth Chintamaneni  - 6.6.85.1-4
+- Bump release to match kernel
+
+* Tue Apr 29 2025 Siddharth Chintamaneni  - 6.6.85.1-3
+- Bump release to match kernel
+
+* Fri Apr 25 2025 Chris Co  - 6.6.85.1-2
+- Bump release to rebuild for new kernel release
+
+* Sat Apr 05 2025 CBL-Mariner Servicing Account  - 6.6.85.1-1
+- Auto-upgrade to 6.6.85.1
+
 * Fri Mar 14 2025 CBL-Mariner Servicing Account  - 6.6.82.1-1
 - Auto-upgrade to 6.6.82.1
 
diff --git a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec
index 1132633fab..e2cd3fc97a 100644
--- a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec
+++ b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec
@@ -5,8 +5,8 @@
 %define kernelver %{version}-%{release}
 Summary:        Signed Unified Kernel Image for %{buildarch} systems
 Name:           kernel-uki-signed-%{buildarch}
-Version:        6.6.82.1
-Release:        1%{?dist}
+Version:        6.6.85.1
+Release:        4%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -68,6 +68,18 @@ popd
 /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi
 
 %changelog
+* Tue May 13 2025 Siddharth Chintamaneni  - 6.6.85.1-4
+- Bump release to match kernel
+
+* Tue Apr 29 2025 Siddharth Chintamaneni  - 6.6.85.1-3
+- Bump release to match kernel
+
+* Fri Apr 25 2025 Chris Co  - 6.6.85.1-2
+- Bump release to rebuild for new kernel release
+
+* Sat Apr 05 2025 CBL-Mariner Servicing Account  - 6.6.85.1-1
+- Auto-upgrade to 6.6.85.1
+
 * Fri Mar 14 2025 CBL-Mariner Servicing Account  - 6.6.82.1-1
 - Auto-upgrade to 6.6.82.1
 
diff --git a/SPECS-SIGNED/knem-modules-signed/knem-modules-signed.spec b/SPECS-SIGNED/knem-modules-signed/knem-modules-signed.spec
index 5e07e4880d..52bddcd8a8 100644
--- a/SPECS-SIGNED/knem-modules-signed/knem-modules-signed.spec
+++ b/SPECS-SIGNED/knem-modules-signed/knem-modules-signed.spec
@@ -34,16 +34,15 @@
 %global KVERSION %{target_kernel_version_full}
 
 # set package name
-%{!?_name: %global _name knem}
-%global non_kmp_pname %{_name}-modules
+%{!?_name: %global _name knem-modules}
 
 # knem-modules is a sub-package in SPECS/knem. We are making that into a
 # main package for signing.
 
 Summary:	 KNEM: High-Performance Intra-Node MPI Communication
-Name:		 %{_name}-modules
+Name:		 %{_name}-signed
 Version:	 1.1.4.90mlnx3
-Release:	 13%{?dist}
+Release:	 18%{?dist}
 Provides:	 knem-mlnx = %{version}-%{release}
 Obsoletes:	 knem-mlnx < %{version}-%{release}
 License:	 BSD and GPLv2
@@ -59,17 +58,22 @@ ExclusiveArch:   x86_64
 #   3. Place the unsigned package and signed binary in this spec's folder
 #   4. Build this spec
 
-Source0:         %{name}-%{version}-%{release}.%{_arch}.rpm
+Source0:         %{_name}-%{version}-%{release}.%{_arch}.rpm
 Source1:         knem.ko
-BuildRoot:       /var/tmp/%{name}-%{version}-build
-
-Requires:       kernel = %{target_kernel_version_full}
-Requires:       kmod
+BuildRoot:       /var/tmp/%{_name}-%{version}-build
 
 %description
 KNEM is a Linux kernel module enabling high-performance intra-node MPI communication for large messages. KNEM offers support for asynchronous and vectorial data transfers as well as offloading memory copies on to Intel I/OAT hardware.
 See http://knem.gitlabpages.inria.fr for details.
 
+%package -n %{_name}
+Summary:        KNEM: High-Performance Intra-Node MPI Communication
+Requires:       kernel = %{target_kernel_version_full}
+Requires:       kmod
+
+%description -n %{_name}
+%{description}
+
 %prep
 
 %build
@@ -90,19 +94,35 @@ cp -rp ./. %{buildroot}/
 popd
 
 
-%post
+%post -n %{_name}
 depmod %{KVERSION} -a
 
-%postun
+%postun -n %{_name}
 if [ $1 = 0 ]; then  # 1 : Erase, not upgrade
     depmod %{KVERSION} -a
 fi
 
-%files
+%files -n %{_name}
 %{_datadir}/licenses
 /lib/modules/
 
 %changelog
+* Tue May 13 2025 Siddharth Chintamaneni  - 1.1.4.90mlnx3-18
+- Bump release to rebuild for new kernel release
+
+* Tue Apr 29 2025 Siddharth Chintamaneni  - 1.1.4.90mlnx3-17
+- Bump release to rebuild for new kernel release
+
+* Fri Apr 25 2025 Chris Co  - 1.1.4.90mlnx3-16
+- Bump release to rebuild for new kernel release
+
+* Wed Apr 09 2025 Pawel Winogrodzki  - 1.1.4.90mlnx3-15
+- Bump release to match updates from 'unsigned' spec
+- Re-name the package to knem-modules-signed.
+
+* Sat Apr 05 2025 CBL-Mariner Servicing Account  - 1.1.4.90mlnx3-14
+- Bump release to rebuild for new kernel release
+
 * Fri Mar 14 2025 CBL-Mariner Servicing Account  - 1.1.4.90mlnx3-13
 - Bump release to rebuild for new kernel release
 
diff --git a/SPECS-SIGNED/mlnx-nfsrdma-signed/mlnx-nfsrdma-signed.spec b/SPECS-SIGNED/mlnx-nfsrdma-signed/mlnx-nfsrdma-signed.spec
index a66603597f..be42c285a3 100644
--- a/SPECS-SIGNED/mlnx-nfsrdma-signed/mlnx-nfsrdma-signed.spec
+++ b/SPECS-SIGNED/mlnx-nfsrdma-signed/mlnx-nfsrdma-signed.spec
@@ -41,9 +41,9 @@
 %{!?_name: %define _name mlnx-nfsrdma}
 
 Summary:	 %{_name} Driver
-Name:		 %{_name}
+Name:		 %{_name}-signed
 Version:	 24.10
-Release:	 13%{?dist}
+Release:	 18%{?dist}
 License:	 GPLv2
 Url:		 http://www.mellanox.com
 Group:		 System Environment/Base
@@ -55,7 +55,7 @@ Group:		 System Environment/Base
 #   3. Place the unsigned package and signed binary in this spec's folder
 #   4. Build this spec
 
-Source0:        %{name}-%{version}-%{release}.%{_arch}.rpm
+Source0:        %{_name}-%{version}-%{release}.%{_arch}.rpm
 Source1:        rpcrdma.ko
 Source2:        svcrdma.ko
 Source3:        xprtrdma.ko
@@ -64,13 +64,18 @@ Vendor:          Microsoft Corporation
 Distribution:    Azure Linux
 ExclusiveArch:   x86_64
 
+%description
+mellanox rdma signed kernel modules
+
+%package -n %{_name}
+Summary:        %{summary}
 Requires:       mlnx-ofa_kernel = %{mlnx_version}
 Requires:       mlnx-ofa_kernel-modules  = %{mlnx_version}
 Requires:       kernel = %{target_kernel_version_full}
 Requires:       kmod
 
-%description
-mellanox rdma signed kernel modules
+%description -n %{_name}
+%{description}
 
 %prep
 
@@ -95,22 +100,37 @@ cp -rp ./. %{buildroot}/
 popd
 
 
-%post
+%post -n %{_name}
 if [ $1 -ge 1 ]; then # This package is being installed or reinstalled
   /sbin/depmod %{KVERSION}
 fi
 # END of post
 
-%postun
+%postun -n %{_name}
 /sbin/depmod %{KVERSION}
 
-%files
+%files -n %{_name}
 %defattr(-,root,root,-)
-%license %{_datadir}/licenses/%{name}/copyright
+%license %{_datadir}/licenses/%{_name}/copyright
 /lib/modules/%{KVERSION}/updates/
-%config(noreplace) %{_sysconfdir}/depmod.d/zz02-%{name}-*.conf
+%config(noreplace) %{_sysconfdir}/depmod.d/zz02-%{_name}-*.conf
 
 %changelog
+* Tue May 13 2025 Siddharth Chintamaneni  - 24.10-18
+- Bump release to rebuild for new kernel release
+
+* Tue Apr 29 2025 Siddharth Chintamaneni  - 24.10-17
+- Bump release to rebuild for new kernel release
+
+* Fri Apr 25 2025 Chris Co  - 24.10-16
+- Bump release to rebuild for new kernel release
+
+* Tue Apr 08 2025 Pawel Winogrodzki  - 24.10-15
+- Re-naming the package to de-duplicate the SRPM name.
+
+* Sat Apr 05 2025 CBL-Mariner Servicing Account  - 24.10-14
+- Bump release to rebuild for new kernel release
+
 * Fri Mar 14 2025 CBL-Mariner Servicing Account  - 24.10-13
 - Bump release to rebuild for new kernel release
 
diff --git a/SPECS-SIGNED/srp-signed/srp-signed.spec b/SPECS-SIGNED/srp-signed/srp-signed.spec
index 2168451c26..9fcd30e241 100644
--- a/SPECS-SIGNED/srp-signed/srp-signed.spec
+++ b/SPECS-SIGNED/srp-signed/srp-signed.spec
@@ -38,10 +38,12 @@
 
 %global KVERSION %{target_kernel_version_full}
 
+%define _name srp
+
 Summary:	 srp driver
-Name:		 srp
+Name:		 %{_name}-signed
 Version:	 24.10
-Release:	 13%{?dist}
+Release:	 18%{?dist}
 License:	 GPLv2
 Url:		 http://www.mellanox.com
 Group:		 System Environment/Base
@@ -53,7 +55,7 @@ Group:		 System Environment/Base
 #   3. Place the unsigned package and signed binary in this spec's folder
 #   4. Build this spec
 
-Source0:         %{name}-%{version}-%{release}.%{_arch}.rpm
+Source0:         %{_name}-%{version}-%{release}.%{_arch}.rpm
 Source1:         ib_srp.ko
 Source2:         scsi_transport_srp.ko
 
@@ -61,13 +63,18 @@ Vendor:          Microsoft Corporation
 Distribution:    Azure Linux
 ExclusiveArch:   x86_64
 
+%description
+srp kernel modules
+
+%package -n %{_name}
+Summary:        %{summary}
 Requires:       mlnx-ofa_kernel = %{version}
 Requires:       mlnx-ofa_kernel-modules  = %{version}
 Requires:       kernel = %{target_kernel_version_full}
 Requires:       kmod
 
-%description
-srp kernel modules
+%description -n %{_name}
+%{description}
 
 %prep
 
@@ -91,14 +98,29 @@ cp -rp ./. %{buildroot}/
 
 popd
 
-%files
+%files -n %{_name}
 %defattr(-,root,root,-)
 /lib/modules/%{KVERSION}/updates/srp/ib_srp.ko
 /lib/modules/%{KVERSION}/updates/srp/scsi/scsi_transport_srp.ko
-%config(noreplace) %{_sysconfdir}/depmod.d/zz02-%{name}-*.conf
-%license %{_datadir}/licenses/%{name}/copyright
+%config(noreplace) %{_sysconfdir}/depmod.d/zz02-%{_name}-*.conf
+%license %{_datadir}/licenses/%{_name}/copyright
 
 %changelog
+* Tue May 13 2025 Siddharth Chintamaneni  - 24.10-18
+- Bump release to rebuild for new kernel release
+
+* Tue Apr 29 2025 Siddharth Chintamaneni  - 24.10-17
+- Bump release to rebuild for new kernel release
+
+* Fri Apr 25 2025 Chris Co  - 24.10-16
+- Bump release to rebuild for new kernel release
+
+* Tue Apr 08 2025 Pawel Winogrodzki  - 24.10-15
+- Re-naming the package to de-duplicate the SRPM name.
+
+* Sat Apr 05 2025 CBL-Mariner Servicing Account  - 24.10-14
+- Bump release to rebuild for new kernel release
+
 * Fri Mar 14 2025 CBL-Mariner Servicing Account  - 24.10-13
 - Bump release to rebuild for new kernel release
 
diff --git a/SPECS-SIGNED/systemd-boot-signed/systemd-boot-signed.spec b/SPECS-SIGNED/systemd-boot-signed/systemd-boot-signed.spec
index ed68c99a95..b844dc142e 100644
--- a/SPECS-SIGNED/systemd-boot-signed/systemd-boot-signed.spec
+++ b/SPECS-SIGNED/systemd-boot-signed/systemd-boot-signed.spec
@@ -7,14 +7,14 @@
 # See README.build-in-place
 %bcond inplace 0
 Summary:        Signed systemd-boot for %{buildarch} systems
-Name:           systemd-boot-%{buildarch}
+Name:           systemd-boot-signed-%{buildarch}
 %if %{without inplace}
 Version:        255
 %else
 # determine the build information from local checkout
 Version:        %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
 %endif
-Release:        20%{?dist}
+Release:        21%{?dist}
 License:        LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -93,6 +93,9 @@ popd
 /boot/efi/EFI/BOOT/grubx64.efi
 
 %changelog
+* Mon Apr 14 2025 Pawel Winogrodzki  - 255-21
+- Updating SRPM name to systemd-boot-signed-%%{buildarch}.
+
 * Fri Jan 10 2024 Aditya Dubey  - 255-20
 - Updating to version 255-19
 - Includes patch for enhancing DNSSEC signature validation integrity
diff --git a/SPECS-SIGNED/xpmem-modules-signed/xpmem-modules-signed.spec b/SPECS-SIGNED/xpmem-modules-signed/xpmem-modules-signed.spec
index 2a23387ee7..1438f66430 100644
--- a/SPECS-SIGNED/xpmem-modules-signed/xpmem-modules-signed.spec
+++ b/SPECS-SIGNED/xpmem-modules-signed/xpmem-modules-signed.spec
@@ -10,13 +10,15 @@
 
 %global KVERSION %{target_kernel_version_full}
 
+%define _name xpmem-modules
+
 # xpmem-modules is a sub-package in SPECS/xpmem.
 # We are making that into a main package for signing.
 
 Summary:	 Cross-partition memory
-Name:		 xpmem-modules
+Name:		 %{_name}-signed
 Version:	 2.7.4
-Release:	 13%{?dist}
+Release:	 18%{?dist}
 License:	 GPLv2 and LGPLv2.1
 Group:		 System Environment/Libraries
 Vendor:          Microsoft Corporation
@@ -32,14 +34,9 @@ ExclusiveArch:   x86_64
 #   3. Place the unsigned package and signed binary in this spec's folder
 #   4. Build this spec
 
-Source0:        %{name}-%{version}-%{release}.%{_arch}.rpm
+Source0:        %{_name}-%{version}-%{release}.%{_arch}.rpm
 Source1:        xpmem.ko
 
-Requires:       mlnx-ofa_kernel
-Requires:       mlnx-ofa_kernel-modules
-Requires:       kernel = %{target_kernel_version_full}
-Requires:       kmod
-
 %description
 XPMEM is a Linux kernel module that enables a process to map the
 memory of another process into its virtual address space. Source code
@@ -48,6 +45,16 @@ repository or by downloading a tarball from the link above.
 
 This package includes the kernel module.
 
+%package -n %{_name}
+Summary:        %{summary}
+Requires:       mlnx-ofa_kernel
+Requires:       mlnx-ofa_kernel-modules
+Requires:       kernel = %{target_kernel_version_full}
+Requires:       kmod
+
+%description -n %{_name}
+%{description}
+
 %prep
 
 %build
@@ -70,12 +77,28 @@ cp -rp ./. %{buildroot}/
 
 popd
 
-%files
+%files -n %{_name}
 /lib/modules/%{KVERSION}/updates/xpmem.ko
 %{_datadir}/licenses
 
 
 %changelog
+* Tue May 13 2025 Siddharth Chintamaneni  - 2.7.4-18
+- Bump release to rebuild for new kernel release
+
+* Tue Apr 29 2025 Siddharth Chintamaneni  - 2.7.4-17
+- Bump release to rebuild for new kernel release
+
+* Fri Apr 25 2025 Chris Co  - 2.7.4-16
+- Bump release to rebuild for new kernel release
+
+* Wed Apr 09 2025 Pawel Winogrodzki  - 2.7.4-15
+- Bump release to match updates from 'unsigned' spec
+- Re-name the package to xpmem-modules-signed.
+
+* Sat Apr 05 2025 CBL-Mariner Servicing Account  - 2.7.4-14
+- Bump release to rebuild for new kernel release
+
 * Fri Mar 14 2025 CBL-Mariner Servicing Account  - 2.7.4-13
 - Bump release to rebuild for new kernel release
 
diff --git a/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.signatures.json b/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.signatures.json
index d08b329a56..b810fb5319 100644
--- a/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.signatures.json
+++ b/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.signatures.json
@@ -1,5 +1,5 @@
 {
   "Signatures": {
-    "SymCrypt-OpenSSL-1.7.0.tar.gz": "5c89fdea6d1b9523856ebf875a973eb5f0e598aa95ad8b7fbfc819b5cc5161df"
+    "SymCrypt-OpenSSL-1.8.1.tar.gz": "292d9eb2e9874abd250aff2715623ccaa1bd51c470a7c5af1bbd7678383372df"
   }
 }
diff --git a/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec b/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec
index b6be5eaf7e..0d64666d92 100644
--- a/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec
+++ b/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec
@@ -1,6 +1,6 @@
 Summary:        The SymCrypt engine for OpenSSL (SCOSSL) allows the use of OpenSSL with SymCrypt as the provider for core cryptographic operations
 Name:           SymCrypt-OpenSSL
-Version:        1.7.0
+Version:        1.8.1
 Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
@@ -49,6 +49,7 @@ mkdir -p %{buildroot}%{_libdir}/engines-3/
 mkdir -p %{buildroot}%{_libdir}/ossl-modules/
 mkdir -p %{buildroot}%{_includedir}
 mkdir -p %{buildroot}%{_sysconfdir}/pki/tls/
+mkdir -p %{buildroot}%{_localstatedir}/log/keysinuse/
 
 # We still install the engine for backwards compatibility with legacy applications. Callers must
 # explicitly load the engine to use it. It will be removed in a future release.
@@ -67,7 +68,27 @@ install SymCryptProvider/symcrypt_prov.cnf %{buildroot}%{_sysconfdir}/pki/tls/sy
 %{_includedir}/e_scossl.h
 %{_sysconfdir}/pki/tls/symcrypt_prov.cnf
 
+# The log directory for certsinuse logging has permissions set to 1733.
+# These permissions are a result of a security review to mitigate potential risks:
+# - Group and others are denied read access to prevent user-level code from inferring
+#   details about other running applications and their certsinuse usage.
+# - All users have write and execute permissions to create new log files and to 
+#   check file attributes (e.g., to ensure a log file hasn't been tampered with or 
+#   replaced by a symlink).
+# - The sticky bit is set to prevent malicious users from deleting the log files
+#   and interfering with certsinuse alerting mechanisms.
+%dir %attr(1733, root, root) %{_localstatedir}/log/keysinuse/
+
 %changelog
+* Tue May 13 2025 Tobias Brick  - 1.8.1-1
+- Upgrade to SymCrypt-OpenSSL 1.8.1 with minor bugfixes.
+
+* Thu May 08 2025 Tobias Brick  - 1.8.0-2
+- Update mechanism for creating keysinuse logging directory.
+
+* Thu Mar 27 2025 Maxwell Moyer-McKee  - 1.8.0-1
+- Upgrade to SymCrypt-OpenSSL 1.8.0 with PBKDF2 and minor bugfixes
+
 * Fri Jan 31 2025 Tobias Brick  - 1.7.0-1
 - Add optional debug logging instead of writing some errors to stderr
 - Add optional KeysInUse feature, which can be turned on by config
diff --git a/SPECS/augeas/CVE-2025-2588.patch b/SPECS/augeas/CVE-2025-2588.patch
new file mode 100644
index 0000000000..a999081f7d
--- /dev/null
+++ b/SPECS/augeas/CVE-2025-2588.patch
@@ -0,0 +1,80 @@
+From 42632cb7d0103fbf871fb698e7648ba925eec254 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy 
+Date: Mon, 24 Mar 2025 09:48:19 +0200
+Subject: [PATCH] CVE-2025-2588: return _REG_ENOSYS if no specific error was
+ set yet parse_regexp failed
+
+parse_regexp() supposed to set an error on the parser state in case of a
+failure. If no specific error was set, return _REG_ENOSYS to indicate a
+generic failure.
+
+Fixes: https://github.com/hercules-team/augeas/issues/671
+Fixes: https://github.com/hercules-team/augeas/issues/778
+Fixes: https://github.com/hercules-team/augeas/issues/852
+
+Signed-off-by: Alexander Bokovoy 
+---
+ src/fa.c       | 3 +++
+ src/fa.h       | 3 ++-
+ tests/fatest.c | 6 ++++++
+ 3 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/src/fa.c b/src/fa.c
+index 66ac70784..14f2472ad 100644
+--- a/src/fa.c
++++ b/src/fa.c
+@@ -32,6 +32,7 @@
+ #include 
+ #include 
+ #include 
++#include 
+ #include 
+ 
+ #include "internal.h"
+@@ -3550,6 +3551,8 @@ static struct re *parse_regexp(struct re_parse *parse) {
+     return re;
+ 
+  error:
++    if (re == NULL && parse->error == REG_NOERROR)
++        parse->error = _REG_ENOSYS;
+     re_unref(re);
+     return NULL;
+ }
+diff --git a/src/fa.h b/src/fa.h
+index 1fd754ad0..89c9b17e9 100644
+--- a/src/fa.h
++++ b/src/fa.h
+@@ -81,7 +81,8 @@ extern int fa_minimization_algorithm;
+  *
+  * On success, FA points to the newly allocated automaton constructed for
+  * RE, and the function returns REG_NOERROR. Otherwise, FA is NULL, and the
+- * return value indicates the error.
++ * return value indicates the error. Special value _REG_ENOSYS indicates
++ * fa_compile() couldn't identify the syntax issue with regexp.
+  *
+  * The FA is case sensitive. Call FA_NOCASE to switch it to
+  * case-insensitive.
+diff --git a/tests/fatest.c b/tests/fatest.c
+index 0c9ca7696..6717af8f4 100644
+--- a/tests/fatest.c
++++ b/tests/fatest.c
+@@ -589,6 +589,7 @@ static void testExpandNoCase(CuTest *tc) {
+     const char *p1 = "aB";
+     const char *p2 = "[a-cUV]";
+     const char *p3 = "[^a-z]";
++    const char *wrong_regexp = "{&.{";
+     char *s;
+     size_t len;
+     int r;
+@@ -607,6 +608,11 @@ static void testExpandNoCase(CuTest *tc) {
+     CuAssertIntEquals(tc, 0, r);
+     CuAssertStrEquals(tc, "[^A-Za-z]", s);
+     free(s);
++
++    /* Test that fa_expand_nocase does return _REG_ENOSYS */
++    r = fa_expand_nocase(wrong_regexp, strlen(wrong_regexp), &s, &len);
++    CuAssertIntEquals(tc, _REG_ENOSYS, r);
++    free(s);
+ }
+ 
+ static void testNoCaseComplement(CuTest *tc) {
diff --git a/SPECS/augeas/augeas.spec b/SPECS/augeas/augeas.spec
index 8ce8d00cb7..3870b6d9a7 100644
--- a/SPECS/augeas/augeas.spec
+++ b/SPECS/augeas/augeas.spec
@@ -1,13 +1,15 @@
 Summary:        A library for changing configuration files
 Name:           augeas
 Version:        1.12.0
-Release:        5%{?dist}
+Release:        6%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://augeas.net/
 Source0:        http://download.augeas.net/%{name}-%{version}.tar.gz
 
+Patch0:         CVE-2025-2588.patch
+
 BuildRequires:  gcc
 BuildRequires:  libselinux-devel
 BuildRequires:  libxml2-devel
@@ -50,6 +52,7 @@ read files.
 
 %prep
 %setup -q
+%autopatch -p1
 
 %build
 %configure \
@@ -106,6 +109,9 @@ rm -f %{buildroot}%{_bindir}/dump
 %{_libdir}/pkgconfig/augeas.pc
 
 %changelog
+* Sun Mar 30 2025 Kshitiz Godara  - 1.12.0-6
+- Fix CVE-2025-2588 with an upstream patch
+
 * Wed Sep 20 2023 Jon Slobodzian  - 1.12.0-5
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)
 
diff --git a/SPECS/azcopy/CVE-2024-51744.patch b/SPECS/azcopy/CVE-2024-51744.patch
new file mode 100644
index 0000000000..1979410696
--- /dev/null
+++ b/SPECS/azcopy/CVE-2024-51744.patch
@@ -0,0 +1,93 @@
+From 20e147bb207d101d62acbd38642590e5808afd9d Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Mon, 17 Mar 2025 11:12:02 -0500
+Subject: [PATCH] Addressing CVE-2024-51744
+Upstream Patch Reference: https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c
+
+---
+ vendor/github.com/golang-jwt/jwt/v4/parser.go | 41 +++++++++----------
+ 1 file changed, 20 insertions(+), 21 deletions(-)
+
+diff --git a/vendor/github.com/golang-jwt/jwt/v4/parser.go b/vendor/github.com/golang-jwt/jwt/v4/parser.go
+index c0a6f69..9dd36e5 100644
+--- a/vendor/github.com/golang-jwt/jwt/v4/parser.go
++++ b/vendor/github.com/golang-jwt/jwt/v4/parser.go
+@@ -36,19 +36,21 @@ func NewParser(options ...ParserOption) *Parser {
+ 	return p
+ }
+ 
+-// Parse parses, validates, verifies the signature and returns the parsed token.
+-// keyFunc will receive the parsed token and should return the key for validating.
++// Parse parses, validates, verifies the signature and returns the parsed token. keyFunc will
++// receive the parsed token and should return the key for validating.
+ func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
+ 	return p.ParseWithClaims(tokenString, MapClaims{}, keyFunc)
+ }
+ 
+-// ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object implementing the Claims
+-// interface. This provides default values which can be overridden and allows a caller to use their own type, rather
+-// than the default MapClaims implementation of Claims.
++// ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object
++// implementing the Claims interface. This provides default values which can be overridden and
++// allows a caller to use their own type, rather than the default MapClaims implementation of
++// Claims.
+ //
+-// Note: If you provide a custom claim implementation that embeds one of the standard claims (such as RegisteredClaims),
+-// make sure that a) you either embed a non-pointer version of the claims or b) if you are using a pointer, allocate the
+-// proper memory for it before passing in the overall claims, otherwise you might run into a panic.
++// Note: If you provide a custom claim implementation that embeds one of the standard claims (such
++// as RegisteredClaims), make sure that a) you either embed a non-pointer version of the claims or
++// b) if you are using a pointer, allocate the proper memory for it before passing in the overall
++// claims, otherwise you might run into a panic.
+ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) {
+ 	token, parts, err := p.ParseUnverified(tokenString, claims)
+ 	if err != nil {
+@@ -85,12 +87,17 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ 		return token, &ValidationError{Inner: err, Errors: ValidationErrorUnverifiable}
+ 	}
+ 
++	// Perform validation
++	token.Signature = parts[2]
++	if err := token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
++		return token, &ValidationError{Inner: err, Errors: ValidationErrorSignatureInvalid}
++	}
++
+ 	vErr := &ValidationError{}
+ 
+ 	// Validate Claims
+ 	if !p.SkipClaimsValidation {
+ 		if err := token.Claims.Valid(); err != nil {
+-
+ 			// If the Claims Valid returned an error, check if it is a validation error,
+ 			// If it was another error type, create a ValidationError with a generic ClaimsInvalid flag set
+ 			if e, ok := err.(*ValidationError); !ok {
+@@ -98,22 +105,14 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ 			} else {
+ 				vErr = e
+ 			}
++			return token, vErr
+ 		}
+ 	}
+ 
+-	// Perform validation
+-	token.Signature = parts[2]
+-	if err = token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
+-		vErr.Inner = err
+-		vErr.Errors |= ValidationErrorSignatureInvalid
+-	}
+-
+-	if vErr.valid() {
+-		token.Valid = true
+-		return token, nil
+-	}
++	// No errors so far, token is valid.
++	token.Valid = true
+ 
+-	return token, vErr
++	return token, nil
+ }
+ 
+ // ParseUnverified parses the token but doesn't validate the signature.
+-- 
+2.45.2
+
diff --git a/SPECS/azcopy/CVE-2025-22870.patch b/SPECS/azcopy/CVE-2025-22870.patch
new file mode 100644
index 0000000000..abe01c7b92
--- /dev/null
+++ b/SPECS/azcopy/CVE-2025-22870.patch
@@ -0,0 +1,48 @@
+From 00fc79d4c9b2996f895fd0d5b1908463e7e69f69 Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Sun, 16 Mar 2025 22:19:38 -0500
+Subject: [PATCH] Addressing CVE-2025-22870
+Upstream Patch Reference: https://github.com/golang/go/commit/25177ecde0922c50753c043579d17828b7ee88e7
+
+---
+ vendor/golang.org/x/net/http/httpproxy/proxy.go | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/http/httpproxy/proxy.go b/vendor/golang.org/x/net/http/httpproxy/proxy.go
+index 6404aaf..d89c257 100644
+--- a/vendor/golang.org/x/net/http/httpproxy/proxy.go
++++ b/vendor/golang.org/x/net/http/httpproxy/proxy.go
+@@ -14,6 +14,7 @@ import (
+ 	"errors"
+ 	"fmt"
+ 	"net"
++	"net/netip"
+ 	"net/url"
+ 	"os"
+ 	"strings"
+@@ -177,8 +178,10 @@ func (cfg *config) useProxy(addr string) bool {
+ 	if host == "localhost" {
+ 		return false
+ 	}
+-	ip := net.ParseIP(host)
+-	if ip != nil {
++	nip, err := netip.ParseAddr(host)
++	var ip net.IP
++	if err == nil {
++		ip = net.IP(nip.AsSlice())
+ 		if ip.IsLoopback() {
+ 			return false
+ 		}
+@@ -360,6 +363,9 @@ type domainMatch struct {
+ }
+ 
+ func (m domainMatch) match(host, port string, ip net.IP) bool {
++	if ip != nil {
++		return false
++	}
+ 	if strings.HasSuffix(host, m.host) || (m.matchHost && host == m.host[1:]) {
+ 		return m.port == "" || m.port == port
+ 	}
+-- 
+2.45.2
+
diff --git a/SPECS/azcopy/azcopy.spec b/SPECS/azcopy/azcopy.spec
index b8aa090009..0c8a67067f 100644
--- a/SPECS/azcopy/azcopy.spec
+++ b/SPECS/azcopy/azcopy.spec
@@ -1,7 +1,7 @@
 Summary:        The new Azure Storage data transfer utility - AzCopy v10
 Name:           azcopy
 Version:        10.25.1
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -29,6 +29,8 @@ Source0:        https://github.com/Azure/azure-storage-azcopy/archive/refs/tags/
 Source1:        azure-storage-%{name}-%{version}-vendor.tar.gz
 Patch0:         CVE-2025-22868.patch
 Patch1:         CVE-2025-30204.patch
+Patch2:         CVE-2025-22870.patch
+Patch3:         CVE-2024-51744.patch
 
 BuildRequires:  golang >= 1.17.9
 BuildRequires:  git
@@ -65,6 +67,10 @@ go test -mod=vendor
 %{_bindir}/azcopy
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 10.25.1-5
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-22870, CVE-2024-51744
+
 * Fri Apr 28 2025 Ranjan Dutta  - 10.25.1-4
 - merge from Azure Linux 3.0.20250423.
 - Patch CVE-2025-30204
diff --git a/SPECS/bcc/CVE-2024-2314.patch b/SPECS/bcc/CVE-2024-2314.patch
new file mode 100644
index 0000000000..884bb33dcd
--- /dev/null
+++ b/SPECS/bcc/CVE-2024-2314.patch
@@ -0,0 +1,52 @@
+From c37738cf804c1b72858d32591f99cfce3d26729c Mon Sep 17 00:00:00 2001
+From: jykanase 
+Date: Mon, 17 Mar 2025 13:27:51 +0000
+Subject: [PATCH] CVE-2024-2314
+
+Source Link: https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342
+---
+ src/cc/frontends/clang/kbuild_helper.cc | 15 +++++++++++----
+ 1 file changed, 11 insertions(+), 4 deletions(-)
+
+diff --git a/src/cc/frontends/clang/kbuild_helper.cc b/src/cc/frontends/clang/kbuild_helper.cc
+index 50e2da9..d4b9d3e 100644
+--- a/src/cc/frontends/clang/kbuild_helper.cc
++++ b/src/cc/frontends/clang/kbuild_helper.cc
+@@ -140,15 +140,22 @@ int KBuildHelper::get_flags(const char *uname_machine, vector *cflags) {
+   return 0;
+ }
+ 
+-static inline int file_exists(const char *f)
++static inline int file_exists_and_ownedby(const char *f, uid_t uid)
+ {
+   struct stat buffer;
+-  return (stat(f, &buffer) == 0);
++  int ret;
++  if ((ret = stat(f, &buffer)) == 0) {
++    if (buffer.st_uid != uid) {
++      std::cout << "ERROR: header file ownership unexpected: " << std::string(f) << "\n";
++      return -1;
++    }
++  }
++  return ret;
+ }
+ 
+ static inline int proc_kheaders_exists(void)
+ {
+-  return file_exists(PROC_KHEADERS_PATH);
++  return file_exists_and_ownedby(PROC_KHEADERS_PATH, 0);
+ }
+ 
+ static inline const char *get_tmp_dir() {
+@@ -224,7 +231,7 @@ int get_proc_kheaders(std::string &dirpath)
+            uname_data.release);
+   dirpath = std::string(dirpath_tmp);
+ 
+-  if (file_exists(dirpath_tmp))
++  if (file_exists_and_ownedby(dirpath_tmp, 0))
+     return 0;
+ 
+   // First time so extract it
+-- 
+2.45.2
+
diff --git a/SPECS/bcc/CVE-2025-29481.patch b/SPECS/bcc/CVE-2025-29481.patch
new file mode 100644
index 0000000000..3799b0f683
--- /dev/null
+++ b/SPECS/bcc/CVE-2025-29481.patch
@@ -0,0 +1,40 @@
+From bdf29d4b10368cb895961356c09262c16f10d4cf Mon Sep 17 00:00:00 2001
+From: jykanase 
+Date: Mon, 14 Apr 2025 12:42:44 +0000
+Subject: [PATCH] CVE
+
+Upstream patch reference: https://lore.kernel.org/bpf/20250410073407.131211-1-vmalik@redhat.com/
+---
+ libbpf-tools/bpftool/libbpf/src/libbpf.c | 2 +-
+ src/cc/libbpf/src/libbpf.c               | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libbpf-tools/bpftool/libbpf/src/libbpf.c b/libbpf-tools/bpftool/libbpf/src/libbpf.c
+index 3ad1392..4d8da50 100644
+--- a/libbpf-tools/bpftool/libbpf/src/libbpf.c
++++ b/libbpf-tools/bpftool/libbpf/src/libbpf.c
+@@ -816,7 +816,7 @@ bpf_object__add_programs(struct bpf_object *obj, Elf_Data *sec_data,
+ 			return -LIBBPF_ERRNO__FORMAT;
+ 		}
+ 
+-		if (sec_off + prog_sz > sec_sz) {
++		if (sec_off >= sec_sz || sec_off + prog_sz > sec_sz) {
+ 			pr_warn("sec '%s': program at offset %zu crosses section boundary\n",
+ 				sec_name, sec_off);
+ 			return -LIBBPF_ERRNO__FORMAT;
+diff --git a/src/cc/libbpf/src/libbpf.c b/src/cc/libbpf/src/libbpf.c
+index 2600d83..40d791a 100644
+--- a/src/cc/libbpf/src/libbpf.c
++++ b/src/cc/libbpf/src/libbpf.c
+@@ -826,7 +826,7 @@ bpf_object__add_programs(struct bpf_object *obj, Elf_Data *sec_data,
+ 			return -LIBBPF_ERRNO__FORMAT;
+ 		}
+ 
+-		if (sec_off + prog_sz > sec_sz) {
++		if (sec_off >= sec_sz || sec_off + prog_sz > sec_sz) {
+ 			pr_warn("sec '%s': program at offset %zu crosses section boundary\n",
+ 				sec_name, sec_off);
+ 			return -LIBBPF_ERRNO__FORMAT;
+-- 
+2.45.2
+
diff --git a/SPECS/bcc/bcc.spec b/SPECS/bcc/bcc.spec
index 14cf3ee383..873e492c5b 100644
--- a/SPECS/bcc/bcc.spec
+++ b/SPECS/bcc/bcc.spec
@@ -2,7 +2,7 @@
 Summary:        BPF Compiler Collection (BCC)
 Name:           bcc
 Version:        0.29.1
-Release:        1%{?dist}
+Release:        3%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -10,6 +10,8 @@ Group:          Development/Languages
 URL:            https://github.com/iovisor/bcc
 # Upstream now provides a release with the git submodule embedded in it
 Source0:        https://github.com/iovisor/bcc/releases/download/v%{version}/%{name}-src-with-submodule.tar.gz#/%{name}-%{version}.tar.gz
+Patch0:         CVE-2024-2314.patch
+Patch1:         CVE-2025-29481.patch
 BuildRequires:  bison
 BuildRequires:  clang-devel
 BuildRequires:  cmake >= 2.8.7
@@ -63,7 +65,7 @@ Requires:       python3-%{name} = %{version}-%{release}
 Command line tools for BPF Compiler Collection (BCC)
 
 %prep
-%setup -q -n %{name}
+%autosetup -p1 -n %{name}
 
 %build
 mkdir build
@@ -122,6 +124,12 @@ find %{buildroot}%{_lib64dir} -name '*.a' -delete
 %{_datadir}/%{name}/man/*
 
 %changelog
+* Mon Apr 14 2025 Jyoti Kanase  - 0.29.1-3
+- Patch CVE-2025-29481
+
+* Tue Mar 18 2025 Jyoti Kanase  - 0.29.1-2
+- Fix CVE-2024-2314
+
 * Wed Dec 20 2023 Muhammad Falak  - 0.29.1-1
 - Bump version to 0.29.1
 
diff --git a/SPECS/blobfuse2/CVE-2025-30204.patch b/SPECS/blobfuse2/CVE-2025-30204.patch
new file mode 100644
index 0000000000..f744195603
--- /dev/null
+++ b/SPECS/blobfuse2/CVE-2025-30204.patch
@@ -0,0 +1,75 @@
+From 14906e31f0685520eb4028c916bf82e811cfcd20 Mon Sep 17 00:00:00 2001
+From: Kanishk-Bansal 
+Date: Wed, 26 Mar 2025 19:20:10 +0000
+Subject: [PATCH] CVE-2025-30204 
+
+Upstream Reference : https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3
+
+---
+ vendor/github.com/golang-jwt/jwt/v5/parser.go | 36 +++++++++++++++++++++++---
+ 1 file changed, 33 insertions(+), 3 deletions(-)
+
+diff --git a/vendor/github.com/golang-jwt/jwt/v5/parser.go b/vendor/github.com/golang-jwt/jwt/v5/parser.go
+index ecf99af..054c7eb 100644
+--- a/vendor/github.com/golang-jwt/jwt/v5/parser.go
++++ b/vendor/github.com/golang-jwt/jwt/v5/parser.go
+@@ -8,6 +8,8 @@ import (
+ 	"strings"
+ )
+ 
++const tokenDelimiter = "."
++
+ type Parser struct {
+ 	// If populated, only these methods will be considered valid.
+ 	validMethods []string
+@@ -136,9 +138,10 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ // It's only ever useful in cases where you know the signature is valid (since it has already
+ // been or will be checked elsewhere in the stack) and you want to extract values from it.
+ func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Token, parts []string, err error) {
+-	parts = strings.Split(tokenString, ".")
+-	if len(parts) != 3 {
+-		return nil, parts, newError("token contains an invalid number of segments", ErrTokenMalformed)
++	var ok bool
++	parts, ok = splitToken(tokenString)
++	if !ok {
++		return nil, nil, newError("token contains an invalid number of segments", ErrTokenMalformed)
+ 	}
+ 
+ 	token = &Token{Raw: tokenString}
+@@ -196,6 +199,33 @@ func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Toke
+ 	return token, parts, nil
+ }
+ 
++// splitToken splits a token string into three parts: header, claims, and signature. It will only
++// return true if the token contains exactly two delimiters and three parts. In all other cases, it
++// will return nil parts and false.
++func splitToken(token string) ([]string, bool) {
++	parts := make([]string, 3)
++	header, remain, ok := strings.Cut(token, tokenDelimiter)
++	if !ok {
++		return nil, false
++	}
++	parts[0] = header
++	claims, remain, ok := strings.Cut(remain, tokenDelimiter)
++	if !ok {
++		return nil, false
++	}
++	parts[1] = claims
++	// One more cut to ensure the signature is the last part of the token and there are no more
++	// delimiters. This avoids an issue where malicious input could contain additional delimiters
++	// causing unecessary overhead parsing tokens.
++	signature, _, unexpected := strings.Cut(remain, tokenDelimiter)
++	if unexpected {
++		return nil, false
++	}
++	parts[2] = signature
++
++	return parts, true
++}
++
+ // DecodeSegment decodes a JWT specific base64url encoding. This function will
+ // take into account whether the [Parser] is configured with additional options,
+ // such as [WithStrictDecoding] or [WithPaddingAllowed].
+-- 
+2.45.2
+
diff --git a/SPECS/blobfuse2/blobfuse2.spec b/SPECS/blobfuse2/blobfuse2.spec
index 55bd037a31..475e75efed 100644
--- a/SPECS/blobfuse2/blobfuse2.spec
+++ b/SPECS/blobfuse2/blobfuse2.spec
@@ -6,7 +6,7 @@
 Summary:        FUSE adapter - Azure Storage
 Name:           blobfuse2
 Version:        2.3.2
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -15,6 +15,7 @@ URL:            https://github.com/Azure/azure-storage-fuse/
 Source0:        https://github.com/Azure/azure-storage-fuse/archive/%{name}-%{version}.tar.gz#/%{name}-%{version}.tar.gz
 # Leverage the `generate_source_tarball.sh` to create the vendor sources.
 Source1:        %{name}-%{version}-vendor.tar.gz
+Patch0:         CVE-2025-30204.patch
 BuildRequires:  cmake
 BuildRequires:  fuse3-devel
 BuildRequires:  gcc
@@ -48,7 +49,8 @@ install -D -m 0644 ./setup/blobfuse2-logrotate %{buildroot}%{_sysconfdir}/logrot
 %files
 %defattr(-,root,root,-)
 %license LICENSE
-%doc NOTICE README.md
+%license NOTICE
+%doc README.md
 %{_bindir}/blobfuse2
 %{_bindir}/%{blobfuse2_health_monitor}
 %{_datadir}/blobfuse2/baseConfig.yaml
@@ -59,6 +61,10 @@ install -D -m 0644 ./setup/blobfuse2-logrotate %{buildroot}%{_sysconfdir}/logrot
 %{_sysconfdir}/logrotate.d/blobfuse2
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 2.3.2-3
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-30204
+
 * Fri Mar 21 2025 Anuj Mittal  - 2.3.2-2
 - Bump Release to rebuild
 
diff --git a/SPECS/bmake/bmake.spec b/SPECS/bmake/bmake.spec
index 39ac720c9c..6c24d8b6b6 100644
--- a/SPECS/bmake/bmake.spec
+++ b/SPECS/bmake/bmake.spec
@@ -1,12 +1,13 @@
 Summary:       The NetBSD make(1) tool
 Name:          bmake
 Version:       20230723
-Release:       1%{?dist}
+Release:       2%{?dist}
 License:       BSD
 Vendor:        Microsoft Corporation
 Distribution:   Azure Linux
 URL:           https://ftp.netbsd.org/pub/NetBSD/misc/sjg/
 Source0:       %{url}/bmake-%{version}.tar.gz
+Patch0:        do-not-run-tests-on-install.patch
 BuildRequires: gcc
 BuildRequires: sed
 BuildRequires: util-linux
@@ -44,6 +45,9 @@ sh ./make-bootstrap.sh
 ./bmake -m mk install DESTDIR=%{buildroot} INSTALL='install -p' STRIP_FLAG=''
 chmod a-x %{buildroot}%{_datadir}/mk/mkopt.sh
 
+%check
+./bmake -m mk test
+
 %files
 %doc ChangeLog README
 %license LICENSE
@@ -56,6 +60,9 @@ chmod a-x %{buildroot}%{_datadir}/mk/mkopt.sh
 %{_datadir}/mk
 
 %changelog
+* Thu May 15 2025 Andrew Phelps  - 20230723-2
+- Move unit tests to check section
+
 * Fri Dec 08 2023 Andrew Phelps  - 20230723-1
 - Upgrade to version 20230723
 
diff --git a/SPECS/bmake/do-not-run-tests-on-install.patch b/SPECS/bmake/do-not-run-tests-on-install.patch
new file mode 100644
index 0000000000..720af181f1
--- /dev/null
+++ b/SPECS/bmake/do-not-run-tests-on-install.patch
@@ -0,0 +1,11 @@
+diff -urN a/boot-strap b/boot-strap
+--- a/boot-strap	2025-05-16 06:04:26.984623406 +0000
++++ b/boot-strap	2025-05-16 06:04:44.596770493 +0000
+@@ -461,7 +461,6 @@
+ }
+ 
+ op_install() {
+-	op_test
+ 	case "$INSTALL_PREFIX,$INSTALL_BIN,$prefix" in
+ 	,$HOST_TARGET/bin,*/$HOST_TARGET)
+ 		INSTALL_PREFIX=`dirname $prefix`
diff --git a/SPECS/boost/boost-1.81-phoenix-multiple-defn.patch b/SPECS/boost/boost-1.81-phoenix-multiple-defn.patch
new file mode 100644
index 0000000000..6deaa40307
--- /dev/null
+++ b/SPECS/boost/boost-1.81-phoenix-multiple-defn.patch
@@ -0,0 +1,20 @@
+--- boost_1_81_0/boost/phoenix/stl/tuple.hpp~	2023-03-15 09:31:59.327721489 +0000
++++ boost_1_81_0/boost/phoenix/stl/tuple.hpp	2023-03-15 09:32:02.787722445 +0000
+@@ -106,14 +106,16 @@
+         tuple_detail::idx_wrap(), t);
+     }
+ 
++#ifndef BOOST_PHOENIX_NO_PREDEFINED_TERMINALS
+     // Make unpacked argument placeholders
+     namespace placeholders {
+         #define BOOST_PP_LOCAL_LIMITS (1, BOOST_PHOENIX_ARG_LIMIT)
+         #define BOOST_PP_LOCAL_MACRO(N)                                                \
+-            auto uarg##N =                                                             \
++            const auto uarg##N =                                                             \
+             boost::phoenix::get_<(N)-1>(boost::phoenix::placeholders::arg1);
+         #include BOOST_PP_LOCAL_ITERATE()
+     }
++#endif
+ }} // namespace boost::phoenix
+ 
+ #endif // C++ 14
diff --git a/SPECS/boost/boost.spec b/SPECS/boost/boost.spec
index b6c0eb7129..caaea6504e 100644
--- a/SPECS/boost/boost.spec
+++ b/SPECS/boost/boost.spec
@@ -2,7 +2,7 @@
 Summary:        Boost
 Name:           boost
 Version:        1.83.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        Boost
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -12,6 +12,11 @@ Source0:        https://downloads.sourceforge.net/boost/%{name}_%{underscore_ver
 BuildRequires:  bzip2-devel
 BuildRequires:  libbacktrace-static
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=2178210
+# https://github.com/boostorg/phoenix/issues/111
+# https://github.com/boostorg/phoenix/issues/115
+Patch0: boost-1.81-phoenix-multiple-defn.patch
+
 %global sonamever %{version}
 
 %description
@@ -67,7 +72,7 @@ developers to obtain (name, value) pairs from the user, via
 conventional methods such as command-line and configuration file.
 
 %prep
-%autosetup -n %{name}_%{underscore_version}
+%autosetup -n %{name}_%{underscore_version} -p1
 
 %build
 ./bootstrap.sh --prefix=%{buildroot}%{_prefix}
@@ -110,6 +115,9 @@ rm -rf %{buildroot}%{_libdir}/cmake
 %{_libdir}/libboost_system.so.%{sonamever}
 
 %changelog
+* Mon Apr 28 2025 Aninda Pradhan  - 1.83.0-2
+- Adds boost-1.81-phoenix-multiple-defn.patch
+
 * Wed Mar 13 2024 Himaja Kesari  
 - Add filesystem, random, system, program-options packages 
 
diff --git a/SPECS/busybox/CVE-2023-39810.patch b/SPECS/busybox/CVE-2023-39810.patch
new file mode 100644
index 0000000000..6bd2222865
--- /dev/null
+++ b/SPECS/busybox/CVE-2023-39810.patch
@@ -0,0 +1,135 @@
+From 9a8796436b9b0641e13480811902ea2ac57881d3 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko 
+Date: Wed, 2 Oct 2024 10:12:05 +0200
+Subject: archival: disallow path traversals (CVE-2023-39810)
+
+Create new configure option for archival/libarchive based extractions to
+disallow path traversals.
+As this is a paranoid option and might introduce backward
+incompatibility, default it to no.
+
+Fixes: CVE-2023-39810
+
+Based on the patch by Peter Kaestle 
+
+function                                             old     new   delta
+data_extract_all                                     921     945     +24
+strip_unsafe_prefix                                  101     102      +1
+------------------------------------------------------------------------------
+(add/remove: 0/0 grow/shrink: 2/0 up/down: 25/0)               Total: 25 bytes
+
+Signed-off-by: Denys Vlasenko 
+---
+ archival/Config.src                        | 11 +++++++++++
+ archival/libarchive/data_extract_all.c     |  8 ++++++++
+ archival/libarchive/unsafe_prefix.c        |  6 +++++-
+ scripts/kconfig/lxdialog/check-lxdialog.sh |  2 +-
+ testsuite/cpio.tests                       | 23 +++++++++++++++++++++++
+ 5 files changed, 48 insertions(+), 2 deletions(-)
+
+diff --git a/archival/Config.src b/archival/Config.src
+index 6f4f30c43..cbcd7217c 100644
+--- a/archival/Config.src
++++ b/archival/Config.src
+@@ -35,4 +35,15 @@ config FEATURE_LZMA_FAST
+ 	This option reduces decompression time by about 25% at the cost of
+ 	a 1K bigger binary.
+ 
++config FEATURE_PATH_TRAVERSAL_PROTECTION
++	bool "Prevent extraction of filenames with /../ path component"
++	default n
++	help
++	busybox tar and unzip remove "PREFIX/../" (if it exists)
++	from extracted names.
++	This option enables this behavior for all other unpacking applets,
++	such as cpio, ar, rpm.
++	GNU cpio 2.15 has NO such sanity check.
++# try other archivers and document their behavior?
++
+ endmenu
+diff --git a/archival/libarchive/data_extract_all.c b/archival/libarchive/data_extract_all.c
+index 049c2c156..8a69711c1 100644
+--- a/archival/libarchive/data_extract_all.c
++++ b/archival/libarchive/data_extract_all.c
+@@ -65,6 +65,14 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle)
+ 		} while (--n != 0);
+ 	}
+ #endif
++#if ENABLE_FEATURE_PATH_TRAVERSAL_PROTECTION
++	/* Strip leading "/" and up to last "/../" path component */
++	dst_name = (char *)strip_unsafe_prefix(dst_name);
++#endif
++// ^^^ This may be a problem if some applets do need to extract absolute names.
++// (Probably will need to invent ARCHIVE_ALLOW_UNSAFE_NAME flag).
++// You might think that rpm needs it, but in my tests rpm's internal cpio
++// archive has names like "./usr/bin/FOO", not "/usr/bin/FOO".
+ 
+ 	if (archive_handle->ah_flags & ARCHIVE_CREATE_LEADING_DIRS) {
+ 		char *slash = strrchr(dst_name, '/');
+diff --git a/archival/libarchive/unsafe_prefix.c b/archival/libarchive/unsafe_prefix.c
+index 33e487bf9..667081195 100644
+--- a/archival/libarchive/unsafe_prefix.c
++++ b/archival/libarchive/unsafe_prefix.c
+@@ -14,7 +14,11 @@ const char* FAST_FUNC strip_unsafe_prefix(const char *str)
+ 			cp++;
+ 			continue;
+ 		}
+-		if (is_prefixed_with(cp, "/../"+1)) {
++		/* We are called lots of times.
++		 * is_prefixed_with(cp, "../") is slower than open-coding it,
++		 * with minimal code growth (~few bytes).
++		 */
++		if (cp[0] == '.' && cp[1] == '.' && cp[2] == '/') {
+ 			cp += 3;
+ 			continue;
+ 		}
+diff --git a/scripts/kconfig/lxdialog/check-lxdialog.sh b/scripts/kconfig/lxdialog/check-lxdialog.sh
+index 5075ebf2d..910ca1f7c 100755
+--- a/scripts/kconfig/lxdialog/check-lxdialog.sh
++++ b/scripts/kconfig/lxdialog/check-lxdialog.sh
+@@ -47,7 +47,7 @@ trap "rm -f $tmp" 0 1 2 3 15
+ check() {
+         $cc -x c - -o $tmp 2>/dev/null <<'EOF'
+ #include CURSES_LOC
+-main() {}
++int main() { return 0; }
+ EOF
+ 	if [ $? != 0 ]; then
+ 	    echo " *** Unable to find the ncurses libraries or the"       1>&2
+diff --git a/testsuite/cpio.tests b/testsuite/cpio.tests
+index 85e746589..a4462c53e 100755
+--- a/testsuite/cpio.tests
++++ b/testsuite/cpio.tests
+@@ -154,6 +154,29 @@ testing "cpio -R with extract" \
+ " "" ""
+ SKIP=
+ 
++# Create an archive containing a file with "../dont_write" filename.
++# See that it will not be allowed to unpack.
++# NB: GNU cpio 2.15 DOES NOT do such checks.
++optional FEATURE_PATH_TRAVERSAL_PROTECTION
++rm -rf cpio.testdir
++mkdir -p cpio.testdir/prepare/inner
++echo "file outside of destination was written" > cpio.testdir/prepare/dont_write
++echo "data" > cpio.testdir/prepare/inner/to_extract
++mkdir -p cpio.testdir/extract
++testing "cpio extract file outside of destination" "\
++(cd cpio.testdir/prepare/inner && echo -e '../dont_write\nto_extract' | cpio -o -H newc) | (cd cpio.testdir/extract && cpio -vi 2>&1)
++echo \$?
++ls cpio.testdir/dont_write 2>&1" \
++"\
++cpio: removing leading '../' from member names
++../dont_write
++to_extract
++1 blocks
++0
++ls: cpio.testdir/dont_write: No such file or directory
++" "" ""
++SKIP=
++
+ # Clean up
+ rm -rf cpio.testdir cpio.testdir2 2>/dev/null
+ 
+-- 
+cgit v1.2.3
+
diff --git a/SPECS/busybox/busybox.spec b/SPECS/busybox/busybox.spec
index a6644be78b..cfd118805e 100644
--- a/SPECS/busybox/busybox.spec
+++ b/SPECS/busybox/busybox.spec
@@ -1,7 +1,7 @@
 Summary:        Statically linked binary providing simplified versions of system commands
 Name:           busybox
 Version:        1.36.1
-Release:        11%{?dist}
+Release:        12%{?dist}
 License:        GPLv2
 Vendor:         Intel Corporation
 Distribution:   Edge Microvisor Toolkit
@@ -17,8 +17,9 @@ Patch3:         CVE-2023-42363.patch
 Patch4:         CVE-2023-42365.patch
 Patch5:         CVE-2023-42366.patch
 Patch6:         no-cbq.patch
+Patch7:         CVE-2023-39810.patch
 BuildRequires:  gcc
-BuildRequires:  glibc-static >= 2.38-9%{?dist}
+BuildRequires:  glibc-static >= 2.38-10%{?dist}
 BuildRequires:  libselinux-devel >= 1.27.7-2
 BuildRequires:  libsepol-devel
 %if 0%{?with_check}
@@ -105,6 +106,11 @@ SKIP_KNOWN_BUGS=1 ./runtest
 %{_mandir}/man1/busybox.petitboot.1.gz
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 1.36.1-12
+- merge from Azure Linux 3.0.20250521-3.0
+- Bump to rebuild with updated glibc
+- Added patch for CVE-2023-39810
+
 * Tue Mar 18 2025 Ranjan Dutta  - 1.36.1-11
 - Bump version for merge AZL tag: 3.0.20250311-3.0
 - Bump to rebuild with updated glibc
diff --git a/SPECS/ceph/CVE-2020-14378.patch b/SPECS/ceph/CVE-2020-14378.patch
new file mode 100644
index 0000000000..05e4529564
--- /dev/null
+++ b/SPECS/ceph/CVE-2020-14378.patch
@@ -0,0 +1,55 @@
+From a70de0405b30f576c7c947098775b07bcdcbbce2 Mon Sep 17 00:00:00 2001
+From: archana25-ms 
+Date: Wed, 26 Mar 2025 07:08:51 +0000
+Subject: [PATCH] Address CVE-2020-14378
+
+Upstream Patch Reference: https://git.dpdk.org/dpdk-stable/commit/?id=7a5af91f8bf46f121cc1a7873045ef37f63d56c2
+
+---
+ src/seastar/dpdk/lib/librte_vhost/vhost_crypto.c | 3 ++-
+ src/spdk/dpdk/lib/librte_vhost/vhost_crypto.c    | 3 ++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/seastar/dpdk/lib/librte_vhost/vhost_crypto.c b/src/seastar/dpdk/lib/librte_vhost/vhost_crypto.c
+index 9d569fcc5..28969297a 100644
+--- a/src/seastar/dpdk/lib/librte_vhost/vhost_crypto.c
++++ b/src/seastar/dpdk/lib/librte_vhost/vhost_crypto.c
+@@ -540,13 +540,14 @@ move_desc(struct vring_desc *head, struct vring_desc **cur_desc,
+ 	int left = size - desc->len;
+ 
+ 	while ((desc->flags & VRING_DESC_F_NEXT) && left > 0) {
+-		(*nb_descs)--;
+ 		if (unlikely(*nb_descs == 0 || desc->next >= vq_size))
+ 			return -1;
+ 
+ 		desc = &head[desc->next];
+ 		rte_prefetch0(&head[desc->next]);
+ 		left -= desc->len;
++		if (left > 0)
++			(*nb_descs)--;
+ 	}
+ 
+ 	if (unlikely(left > 0))
+diff --git a/src/spdk/dpdk/lib/librte_vhost/vhost_crypto.c b/src/spdk/dpdk/lib/librte_vhost/vhost_crypto.c
+index 0f9df4059..86747dd5f 100644
+--- a/src/spdk/dpdk/lib/librte_vhost/vhost_crypto.c
++++ b/src/spdk/dpdk/lib/librte_vhost/vhost_crypto.c
+@@ -530,13 +530,14 @@ move_desc(struct vring_desc *head, struct vring_desc **cur_desc,
+ 	int left = size - desc->len;
+ 
+ 	while ((desc->flags & VRING_DESC_F_NEXT) && left > 0) {
+-		(*nb_descs)--;
+ 		if (unlikely(*nb_descs == 0 || desc->next >= vq_size))
+ 			return -1;
+ 
+ 		desc = &head[desc->next];
+ 		rte_prefetch0(&head[desc->next]);
+ 		left -= desc->len;
++		if (left > 0)
++			(*nb_descs)--;
+ 	}
+ 
+ 	if (unlikely(left > 0))
+-- 
+2.45.3
+
diff --git a/SPECS/ceph/CVE-2021-28361.patch b/SPECS/ceph/CVE-2021-28361.patch
new file mode 100644
index 0000000000..ec47ec5c1c
--- /dev/null
+++ b/SPECS/ceph/CVE-2021-28361.patch
@@ -0,0 +1,111 @@
+From 139916fc7627a052e87da4644b34e07db626ce50 Mon Sep 17 00:00:00 2001
+From: Kanishk-Bansal 
+Date: Thu, 10 Apr 2025 06:10:22 +0000
+Subject: [PATCH] CVE-2021-28361
+
+Upstream Patch Reference : https://github.com/spdk/spdk/commit/f3fd56fc3c73ee7595bbe7c69cf8048fe2577e1a.patch
+---
+ src/spdk/lib/iscsi/param.c                    | 10 +++++
+ .../test/unit/lib/iscsi/iscsi.c/iscsi_ut.c    | 38 +++++++++++++++++++
+ .../test/unit/lib/iscsi/param.c/param_ut.c    |  8 ++++
+ 3 files changed, 56 insertions(+)
+
+diff --git a/src/spdk/lib/iscsi/param.c b/src/spdk/lib/iscsi/param.c
+index 18f579359..d18e912e0 100644
+--- a/src/spdk/lib/iscsi/param.c
++++ b/src/spdk/lib/iscsi/param.c
+@@ -315,6 +315,16 @@ iscsi_parse_params(struct iscsi_param **params, const uint8_t *data,
+ 	char *p;
+ 	int i;
+ 
++	/* Spec does not disallow TEXT PDUs with zero length, just return
++	 * immediately in that case, since there is no param data to parse
++	 * and any existing partial parameter would remain as-is.
++	 */
++	if (len == 0) {
++		return 0;
++	}
++
++	assert(data != NULL);
++
+ 	/* strip the partial text parameters if previous PDU have C enabled */
+ 	if (partial_parameter && *partial_parameter) {
+ 		for (i = 0; i < len && data[i] != '\0'; i++) {
+diff --git a/src/spdk/test/unit/lib/iscsi/iscsi.c/iscsi_ut.c b/src/spdk/test/unit/lib/iscsi/iscsi.c/iscsi_ut.c
+index f96afd999..06f684a2a 100644
+--- a/src/spdk/test/unit/lib/iscsi/iscsi.c/iscsi_ut.c
++++ b/src/spdk/test/unit/lib/iscsi/iscsi.c/iscsi_ut.c
+@@ -1984,6 +1984,43 @@ pdu_hdr_op_data_test(void)
+ 	g_task_pool_is_empty = false;
+ }
+ 
++/* Test an ISCSI_OP_TEXT PDU with CONTINUE bit set but
++ * no data.
++ */
++static void
++empty_text_with_cbit_test(void)
++{
++	struct spdk_iscsi_sess sess = {};
++	struct spdk_iscsi_conn conn = {};
++	struct spdk_scsi_dev dev = {};
++	struct spdk_iscsi_pdu *req_pdu;
++	int rc;
++
++	req_pdu = iscsi_get_pdu(&conn);
++
++	sess.ExpCmdSN = 0;
++	sess.MaxCmdSN = 64;
++	sess.session_type = SESSION_TYPE_NORMAL;
++	sess.MaxBurstLength = 1024;
++
++	conn.full_feature = 1;
++	conn.sess = &sess;
++	conn.dev = &dev;
++	conn.state = ISCSI_CONN_STATE_RUNNING;
++
++	memset(&req_pdu->bhs, 0, sizeof(req_pdu->bhs));
++	req_pdu->bhs.opcode = ISCSI_OP_TEXT;
++	req_pdu->bhs.flags = ISCSI_TEXT_CONTINUE;
++
++	rc = iscsi_pdu_hdr_handle(&conn, req_pdu);
++	CU_ASSERT(rc == 0);
++	CU_ASSERT(!req_pdu->is_rejected);
++	rc = iscsi_pdu_payload_handle(&conn, req_pdu);
++	CU_ASSERT(rc == 0);
++
++	iscsi_put_pdu(req_pdu);
++}
++
+ int
+ main(int argc, char **argv)
+ {
+@@ -2015,6 +2052,7 @@ main(int argc, char **argv)
+ 	CU_ADD_TEST(suite, pdu_hdr_op_task_mgmt_test);
+ 	CU_ADD_TEST(suite, pdu_hdr_op_nopout_test);
+ 	CU_ADD_TEST(suite, pdu_hdr_op_data_test);
++	CU_ADD_TEST(suite, empty_text_with_cbit_test);
+ 
+ 	CU_basic_set_mode(CU_BRM_VERBOSE);
+ 	CU_basic_run_tests();
+diff --git a/src/spdk/test/unit/lib/iscsi/param.c/param_ut.c b/src/spdk/test/unit/lib/iscsi/param.c/param_ut.c
+index ccf62643f..9b3e8201f 100644
+--- a/src/spdk/test/unit/lib/iscsi/param.c/param_ut.c
++++ b/src/spdk/test/unit/lib/iscsi/param.c/param_ut.c
+@@ -264,6 +264,14 @@ parse_valid_test(void)
+ 	EXPECT_VAL("F", "IIII");
+ 	CU_ASSERT_PTR_NULL(partial_parameter);
+ 
++	/* partial parameter: NULL data */
++	/* It is technically allowed to have a TEXT PDU with no data, yet
++	 * CONTINUE bit is enabled - make sure we handle that case correctly.
++	 */
++	rc = iscsi_parse_params(¶ms, NULL, 0, true, &partial_parameter);
++	CU_ASSERT(rc == 0);
++	CU_ASSERT_PTR_NULL(partial_parameter);
++
+ 	/* Second partial parameter is the only parameter */
+ 	PARSE("OOOO", true, &partial_parameter);
+ 	CU_ASSERT_STRING_EQUAL(partial_parameter, "OOOO");
+-- 
+2.45.2
+
diff --git a/SPECS/ceph/ceph.spec b/SPECS/ceph/ceph.spec
index 26934b138c..3bbb2947ac 100644
--- a/SPECS/ceph/ceph.spec
+++ b/SPECS/ceph/ceph.spec
@@ -5,7 +5,7 @@
 Summary:        User space components of the Ceph file system
 Name:           ceph
 Version:        18.2.2
-Release:        6%{?dist}
+Release:        8%{?dist}
 License:        LGPLv2 and LGPLv3 and CC-BY-SA and GPLv2 and Boost and BSD and MIT and Public Domain and GPLv3 and ASL-2.0
 URL:            https://ceph.io/
 Vendor:         Microsoft Corporation
@@ -25,7 +25,9 @@ Patch10:        CVE-2020-10722.patch
 Patch11:        CVE-2024-25629.patch
 Patch12:        CVE-2021-24032.patch
 Patch13:        CVE-2020-10724.patch
-Patch14:	CVE-2025-1744.patch
+Patch14:        CVE-2025-1744.patch
+Patch15:        CVE-2021-28361.patch
+Patch16:        CVE-2020-14378.patch
 #
 # Copyright (C) 2004-2019 The Ceph Project Developers. See COPYING file
 # at the top-level directory of this distribution and at
@@ -52,6 +54,7 @@ Patch14:	CVE-2025-1744.patch
 %bcond_with make_check
 %bcond_with mgr_diskprediction
 %bcond_with ocf
+# WITH_SEASTAR is explicitly disabled to prevent numerous vendored CVEs
 %bcond_with seastar
 %bcond_with selinux
 %bcond_without tcmalloc
@@ -989,6 +992,7 @@ ${CMAKE} .. \
     -DWITH_FMT_HEADER_ONLY=ON \
     -Dthrift_HOME=%{_includedir} \
     -DSYSTEM_BOOST=OFF \
+    -DWITH_SEASTAR=OFF \
 %if 0%{without mgr_diskprediction}
     -DMGR_DISABLED_MODULES=diskprediction_local\
 %endif
@@ -1234,7 +1238,7 @@ exit 0
 %files common
 %dir %{_docdir}/ceph
 %doc %{_docdir}/ceph/sample.ceph.conf
-%license %{_docdir}/ceph/COPYING
+%license COPYING
 %{_bindir}/ceph
 %{_bindir}/ceph-authtool
 %{_bindir}/ceph-conf
@@ -2014,6 +2018,13 @@ exit 0
 %config %{_sysconfdir}/prometheus/ceph/ceph_default_alerts.yml
 
 %changelog
+* Wed 16 Apr 2025 Archana Shettigar  - 18.2.2-8
+- Patch CVE-2020-14378
+
+* Thu Apr 10 2025 Kanishk Bansal  - 18.2.2-7
+- Patch CVE-2021-28361
+- Explicitly disable seastar to ensure disputed uncompiled CVEs don't get enabled.
+
 * Tue 11 Mar 2025 Kavya Sree Kaitepalli  - 18.2.2-6
 - Patch CVE-2025-1744
 
diff --git a/SPECS/cf-cli/CVE-2025-22872.patch b/SPECS/cf-cli/CVE-2025-22872.patch
new file mode 100644
index 0000000000..c86baa1694
--- /dev/null
+++ b/SPECS/cf-cli/CVE-2025-22872.patch
@@ -0,0 +1,42 @@
+From c87c77a12e5554d376945bd488e56d4fc5b9e5ac Mon Sep 17 00:00:00 2001
+From: archana25-ms 
+Date: Tue, 22 Apr 2025 06:32:35 +0000
+Subject: [PATCH] Address CVE-2025-22872
+Upstream Patch Reference: https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9
+
+---
+ vendor/golang.org/x/net/html/token.go | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go
+index 3c57880..6598c1f 100644
+--- a/vendor/golang.org/x/net/html/token.go
++++ b/vendor/golang.org/x/net/html/token.go
+@@ -839,8 +839,22 @@ func (z *Tokenizer) readStartTag() TokenType {
+ 	if raw {
+ 		z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end]))
+ 	}
+-	// Look for a self-closing token like "
".
+-	if z.err == nil && z.buf[z.raw.end-2] == '/' {
++	// Look for a self-closing token (e.g. 
).
++	//
++	// Originally, we did this by just checking that the last character of the
++	// tag (ignoring the closing bracket) was a solidus (/) character, but this
++	// is not always accurate.
++	//
++	// We need to be careful that we don't misinterpret a non-self-closing tag
++	// as self-closing, as can happen if the tag contains unquoted attribute
++	// values (i.e. 
).
++	//
++	// To avoid this, we check that the last non-bracket character of the tag
++	// (z.raw.end-2) isn't the same character as the last non-quote character of
++	// the last attribute of the tag (z.pendingAttr[1].end-1), if the tag has
++	// attributes.
++	nAttrs := len(z.attr)
++	if z.err == nil && z.buf[z.raw.end-2] == '/' && (nAttrs == 0 || z.raw.end-2 != z.attr[nAttrs-1][1].end-1) {
+ 		return SelfClosingTagToken
+ 	}
+ 	return StartTagToken
+-- 
+2.45.3
+
diff --git a/SPECS/cf-cli/cf-cli.spec b/SPECS/cf-cli/cf-cli.spec
index e623d38756..574a72c6ab 100644
--- a/SPECS/cf-cli/cf-cli.spec
+++ b/SPECS/cf-cli/cf-cli.spec
@@ -5,7 +5,7 @@ Summary:        The official command line client for Cloud Foundry.
 Name:           cf-cli
 # Note: Upgrading the package also warrants an upgrade in the CF_BUILD_SHA
 Version:        8.7.11
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        Apache-2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -35,6 +35,7 @@ Source1:        cli-%{version}-vendor.tar.gz
 Patch0:         CVE-2024-45337.patch
 Patch1:         CVE-2024-45338.patch
 Patch2:         CVE-2025-22869.patch
+Patch3:         CVE-2025-22872.patch
 
 BuildRequires:  golang >= 1.18.3
 %global debug_package %{nil}
@@ -68,6 +69,10 @@ install -p -m 755 -t %{buildroot}%{_bindir} ./out/cf
 %{_bindir}/cf
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 8.7.11-4
+- merge from Azure Linux 3.0.20250521-3.0
+- Fix CVE-2025-22872 with an upstream patch
+
 * Fri Mar 21 2025 Anuj Mittal  - 8.7.11-3
 - Bump Release to rebuild
 
diff --git a/SPECS/clamav/clamav.spec b/SPECS/clamav/clamav.spec
index 649d34afa5..40fbf28ccf 100644
--- a/SPECS/clamav/clamav.spec
+++ b/SPECS/clamav/clamav.spec
@@ -1,7 +1,7 @@
 Summary:        Open source antivirus engine
 Name:           clamav
 Version:        1.0.7
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        ASL 2.0 AND BSD AND bzip2-1.0.4 AND GPLv2 AND LGPLv2+ AND MIT AND Public Domain AND UnRar
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -31,7 +31,7 @@ BuildRequires:  pcre2-devel
 BuildRequires:  python3
 BuildRequires:  python3-pip
 BuildRequires:  python3-pytest
-BuildRequires:  rust
+BuildRequires:  rust < 1.85.0
 BuildRequires:  systemd
 BuildRequires:  systemd-devel
 BuildRequires:  systemd-rpm-macros
@@ -136,6 +136,9 @@ fi
 %dir %attr(-,clamav,clamav) %{_sharedstatedir}/clamav
 
 %changelog
+* Mon Apr 21 2025 Kavya Sree Kaitepalli  - 1.0.7-2
+- Pin rust version
+
 * Fri Oct 18 2024 Archana Choudhary  - 1.0.7-1
 - Upgrade to version 1.0.7
 - Fixes CVE-2024-20506, CVE-2024-20505
diff --git a/SPECS/clang/CVE-2024-7883.patch b/SPECS/clang/CVE-2024-7883.patch
new file mode 100644
index 0000000000..9725cff9dd
--- /dev/null
+++ b/SPECS/clang/CVE-2024-7883.patch
@@ -0,0 +1,88 @@
+From ce9ce3b2b01d62d68e69a7982363d1027f713db1 Mon Sep 17 00:00:00 2001
+From: jykanase 
+Date: Wed, 9 Apr 2025 10:30:04 +0000
+Subject: [PATCH] CVE-2024-7883
+
+Upstream patch reference: https://github.com/llvm/llvm-project/pull/114433
+---
+ llvm/lib/Target/ARM/ARMExpandPseudoInsts.cpp | 44 ++++++++++++++++++--
+ 1 file changed, 41 insertions(+), 3 deletions(-)
+
+diff --git a/llvm/lib/Target/ARM/ARMExpandPseudoInsts.cpp b/llvm/lib/Target/ARM/ARMExpandPseudoInsts.cpp
+index 2f9236bb9..d5bda6a05 100644
+--- a/llvm/lib/Target/ARM/ARMExpandPseudoInsts.cpp
++++ b/llvm/lib/Target/ARM/ARMExpandPseudoInsts.cpp
+@@ -1429,6 +1429,7 @@ void ARMExpandPseudo::CMSESaveClearFPRegsV8(
+   // Use ScratchRegs to store the fp regs
+   std::vector> ClearedFPRegs;
+   std::vector NonclearedFPRegs;
++  bool ReturnsFPReg = false;
+   for (const MachineOperand &Op : MBBI->operands()) {
+     if (Op.isReg() && Op.isUse()) {
+       Register Reg = Op.getReg();
+@@ -1463,14 +1464,51 @@ void ARMExpandPseudo::CMSESaveClearFPRegsV8(
+           NonclearedFPRegs.push_back(Reg);
+         }
+       }
++     } else if (Op.isReg() && Op.isDef()) {
++       Register Reg = Op.getReg();
++       if (ARM::SPRRegClass.contains(Reg) || ARM::DPRRegClass.contains(Reg) ||
++           ARM::QPRRegClass.contains(Reg))
++        ReturnsFPReg = true;
+     }
+   }
+ 
+-  bool passesFPReg = (!NonclearedFPRegs.empty() || !ClearedFPRegs.empty());
++  bool PassesFPReg = (!NonclearedFPRegs.empty() || !ClearedFPRegs.empty());
+ 
+-  if (passesFPReg)
++  if (PassesFPReg || ReturnsFPReg)
+     assert(STI->hasFPRegs() && "Subtarget needs fpregs");
+ 
++  // CVE-2024-7883
++  //
++  // The VLLDM/VLSTM instructions set up lazy state preservation, but they
++  // execute as NOPs if the FP register file is not considered to contain
++  // secure data, represented by the CONTROL_S.SFPA bit. This means that the
++  // state of CONTROL_S.SFPA must be the same when these two instructions are
++  // executed. That might not be the case if we haven't used any FP
++  // instructions before the VLSTM, so CONTROL_S.SFPA is clear, but do have one
++  // before the VLLDM, which sets it..
++  //
++  // If we can't prove that SFPA will be the same for the VLSTM and VLLDM, we
++  // execute a "vmov s0, s0" instruction before the VLSTM to ensure that
++  // CONTROL_S.SFPA is set for both.
++  //
++  // That can only happen for callees which take no FP arguments (or we'd have
++  // inserted a VMOV above) and which return values in FP regs (so that we need
++  // to use a VMOV to back-up the return value before the VLLDM). It also can't
++  // happen if the call is dominated by other existing floating-point
++  // instructions, but we don't currently check for that case.
++  //
++  // These conditions mean that we only emit this instruction when using the
++  // hard-float ABI, which means we can assume that FP instructions are
++  // available, and don't need to make it conditional like we do for the
++  // CVE-2021-35465 workaround.
++  if (ReturnsFPReg && !PassesFPReg) {
++    bool S0Dead = !LiveRegs.contains(ARM::S0);
++    BuildMI(MBB, MBBI, DL, TII->get(ARM::VMOVS))
++        .addReg(ARM::S0, RegState::Define | getDeadRegState(S0Dead))
++        .addReg(ARM::S0, getUndefRegState(S0Dead))
++        .add(predOps(ARMCC::AL));
++  }
++
+   // Lazy store all fp registers to the stack.
+   // This executes as NOP in the absence of floating-point support.
+   MachineInstrBuilder VLSTM = BuildMI(MBB, MBBI, DL, TII->get(ARM::VLSTM))
+@@ -1525,7 +1563,7 @@ void ARMExpandPseudo::CMSESaveClearFPRegsV8(
+   }
+   // restore FPSCR from stack and clear bits 0-4, 7, 28-31
+   // The other bits are program global according to the AAPCS
+-  if (passesFPReg) {
++  if (PassesFPReg) {
+     BuildMI(MBB, MBBI, DL, TII->get(ARM::tLDRspi), SpareReg)
+         .addReg(ARM::SP)
+         .addImm(0x10)
+-- 
+2.45.2
+
diff --git a/SPECS/clang/clang.spec b/SPECS/clang/clang.spec
index 6d0a977f66..f971fa185c 100644
--- a/SPECS/clang/clang.spec
+++ b/SPECS/clang/clang.spec
@@ -5,13 +5,14 @@
 Summary:        C, C++, Objective C and Objective C++ front-end for the LLVM compiler.
 Name:           clang
 Version:        18.1.2
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        NCSA
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          Development/Tools
 URL:            https://clang.llvm.org
 Source0:        https://github.com/llvm/llvm-project/archive/refs/tags/llvmorg-%{version}.tar.gz
+Patch1:         CVE-2024-7883.patch
 BuildRequires:  cmake
 BuildRequires:  libxml2-devel
 BuildRequires:  llvm-devel = %{version}
@@ -89,7 +90,7 @@ Requires: %{name}-tools-extra = %{version}-%{release}
 Development header files for clang tools.
 
 %prep
-%setup -q -n %{clang_srcdir}
+%autosetup -p1 -n %{clang_srcdir}
 
 %py3_shebang_fix \
     clang-tools-extra/clang-tidy/tool/ \
@@ -244,6 +245,9 @@ make clang-check
 %{_includedir}/clang-tidy/
 
 %changelog
+* Thu Apr 10 2025 Jyoti Kanase  - 18.1.2-4
+- Fix CVE-2024-7883
+
 * Tue Sep 03 2024 Andrew Phelps  - 18.1.2-3
 - Define LLVM_DIR
 
diff --git a/SPECS/cloud-hypervisor-cvm/CVE-2024-12797.patch b/SPECS/cloud-hypervisor-cvm/CVE-2024-12797.patch
deleted file mode 100644
index b890548e06..0000000000
--- a/SPECS/cloud-hypervisor-cvm/CVE-2024-12797.patch
+++ /dev/null
@@ -1,176 +0,0 @@
-From 87ebd203feffcf92ad5889df92f90bb0ee10a699 Mon Sep 17 00:00:00 2001
-From: Viktor Dukhovni 
-Date: Fri, 20 Dec 2024 04:25:15 +1100
-Subject: [PATCH] With SSL_VERIFY_PEER client RPK should abort on X509 error
-
-While RPK performs X.509 checks correctly, at the SSL layer the
-SSL_VERIFY_PEER flag was not honoured and connections were allowed to
-complete even when the server was not verified.  The client can of
-course determine this by calling SSL_get_verify_result(), but some
-may not know to do this.
-
-Added tests to make sure this does not regress.
-
-Fixes CVE-2024-12797
-
-Reviewed-by: Tomas Mraz 
-Reviewed-by: Matt Caswell 
-Reviewed-by: Neil Horman 
-(cherry picked from commit 6ae8e947d8e3f3f03eeb7d9ad993e341791900bc)
----
- openssl-src/openssl/ssl/statem/statem_clnt.c | 15 +++++++++++--
- openssl-src/openssl/test/rpktest.c           | 48 ++++++++++++++++++++++++++++++++++------
- 2 files changed, 54 insertions(+), 9 deletions(-)
-
-diff --git vendor/openssl-src/openssl/ssl/statem/statem_clnt.c vendor/openssl-src/openssl/ssl/statem/statem_clnt.c
-index ccfea5d3a116f..00bf4d5afc0bb 100644
---- vendor/openssl-src/openssl/ssl/statem/statem_clnt.c
-+++ vendor/openssl-src/openssl/ssl/statem/statem_clnt.c
-@@ -1909,6 +1909,7 @@ static WORK_STATE tls_post_process_server_rpk(SSL_CONNECTION *sc,
- {
-     size_t certidx;
-     const SSL_CERT_LOOKUP *clu;
-+    int v_ok;
- 
-     if (sc->session->peer_rpk == NULL) {
-         SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER,
-@@ -1918,9 +1919,19 @@ static WORK_STATE tls_post_process_server_rpk(SSL_CONNECTION *sc,
- 
-     if (sc->rwstate == SSL_RETRY_VERIFY)
-         sc->rwstate = SSL_NOTHING;
--    if (ssl_verify_rpk(sc, sc->session->peer_rpk) > 0
--            && sc->rwstate == SSL_RETRY_VERIFY)
-+
-+    ERR_set_mark();
-+    v_ok = ssl_verify_rpk(sc, sc->session->peer_rpk);
-+    if (v_ok <= 0 && sc->verify_mode != SSL_VERIFY_NONE) {
-+        ERR_clear_last_mark();
-+        SSLfatal(sc, ssl_x509err2alert(sc->verify_result),
-+                 SSL_R_CERTIFICATE_VERIFY_FAILED);
-+        return WORK_ERROR;
-+    }
-+    ERR_pop_to_mark();      /* but we keep s->verify_result */
-+    if (v_ok > 0 && sc->rwstate == SSL_RETRY_VERIFY) {
-         return WORK_MORE_A;
-+    }
- 
-     if ((clu = ssl_cert_lookup_by_pkey(sc->session->peer_rpk, &certidx,
-                                        SSL_CONNECTION_GET_CTX(sc))) == NULL) {
-diff --git vendor/openssl-src/openssl/test/rpktest.c vendor/openssl-src/openssl/test/rpktest.c
-index ac824798f1c66..0be8461f77b53 100644
---- vendor/openssl-src/openssl/test/rpktest.c
-+++ vendor/openssl-src/openssl/test/rpktest.c
-@@ -89,12 +89,14 @@ static int rpk_verify_server_cb(int ok, X509_STORE_CTX *ctx)
-  * idx = 13 - resumption with client authentication
-  * idx = 14 - resumption with client authentication, no ticket
-  * idx = 15 - like 0, but use non-default libctx
-+ * idx = 16 - like 7, but with SSL_VERIFY_PEER connection should fail
-+ * idx = 17 - like 8, but with SSL_VERIFY_PEER connection should fail
-  *
-- * 16 * 2 * 4 * 2 * 2 * 2 * 2 = 2048 tests
-+ * 18 * 2 * 4 * 2 * 2 * 2 * 2 = 2048 tests
-  */
- static int test_rpk(int idx)
- {
--# define RPK_TESTS 16
-+# define RPK_TESTS 18
- # define RPK_DIMS (2 * 4 * 2 * 2 * 2 * 2)
-     SSL_CTX *cctx = NULL, *sctx = NULL;
-     SSL *clientssl = NULL, *serverssl = NULL;
-@@ -114,6 +116,7 @@ static int test_rpk(int idx)
-     int idx_cert, idx_prot;
-     int client_auth = 0;
-     int resumption = 0;
-+    int want_error = SSL_ERROR_NONE;
-     long server_verify_result = 0;
-     long client_verify_result = 0;
-     OSSL_LIB_CTX *test_libctx = NULL;
-@@ -188,7 +191,7 @@ static int test_rpk(int idx)
- #ifdef OPENSSL_NO_ECDSA
-     /* Can't get other_key if it's ECDSA */
-     if (other_pkey == NULL && idx_cert == 0
--            && (idx == 4 || idx == 6 || idx == 7)) {
-+        && (idx == 4 || idx == 6 || idx == 7 || idx == 16)) {
-         testresult = TEST_skip("EDCSA disabled");
-         goto end;
-     }
-@@ -266,8 +269,10 @@ static int test_rpk(int idx)
-         goto end;
-     /* Only a private key */
-     if (idx == 1) {
--        if (idx_server_server_rpk == 0 || idx_client_server_rpk == 0)
-+        if (idx_server_server_rpk == 0 || idx_client_server_rpk == 0) {
-             expected = 0;
-+            want_error = SSL_ERROR_SSL;
-+        }
-     } else {
-         /* Add certificate */
-         if (!TEST_int_eq(SSL_use_certificate_file(serverssl, cert_file, SSL_FILETYPE_PEM), 1))
-@@ -333,12 +338,14 @@ static int test_rpk(int idx)
-             client_expected = -1;
-         if (!TEST_true(SSL_add_expected_rpk(clientssl, other_pkey)))
-             goto end;
-+        SSL_set_verify(clientssl, SSL_VERIFY_NONE, rpk_verify_client_cb);
-         client_verify_result = X509_V_ERR_DANE_NO_MATCH;
-         break;
-     case 8:
-         if (idx_server_server_rpk == 1 && idx_client_server_rpk == 1)
-             client_expected = -1;
-         /* no peer keys */
-+        SSL_set_verify(clientssl, SSL_VERIFY_NONE, rpk_verify_client_cb);
-         client_verify_result = X509_V_ERR_RPK_UNTRUSTED;
-         break;
-     case 9:
-@@ -370,9 +377,13 @@ static int test_rpk(int idx)
-         if (!TEST_int_eq(SSL_use_PrivateKey_file(clientssl, privkey_file, SSL_FILETYPE_PEM), 1))
-             goto end;
-         /* Since there's no cert, this is expected to fail without RPK support */
--        if (!idx_server_client_rpk || !idx_client_client_rpk)
-+        if (!idx_server_client_rpk || !idx_client_client_rpk) {
-             expected = 0;
--        SSL_set_verify(serverssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, rpk_verify_server_cb);
-+            want_error = SSL_ERROR_SSL;
-+            SSL_set_verify(serverssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
-+        } else {
-+            SSL_set_verify(serverssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, rpk_verify_server_cb);
-+        }
-         client_auth = 1;
-         break;
-     case 11:
-@@ -449,12 +460,35 @@ static int test_rpk(int idx)
-         if (!TEST_true(SSL_add_expected_rpk(clientssl, pkey)))
-             goto end;
-         break;
-+    case 16:
-+        if (idx_server_server_rpk == 1 && idx_client_server_rpk == 1) {
-+            /* wrong expected server key */
-+            expected = 0;
-+            want_error = SSL_ERROR_SSL;
-+            SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL);
-+        }
-+        if (!TEST_true(SSL_add_expected_rpk(clientssl, other_pkey)))
-+            goto end;
-+        break;
-+    case 17:
-+        if (idx_server_server_rpk == 1 && idx_client_server_rpk == 1) {
-+            /* no expected server keys */
-+            expected = 0;
-+            want_error = SSL_ERROR_SSL;
-+            SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL);
-+        }
-+        break;
-     }
- 
--    ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE);
-+    ret = create_ssl_connection(serverssl, clientssl, want_error);
-     if (!TEST_int_eq(expected, ret))
-         goto end;
- 
-+    if (expected <= 0) {
-+        testresult = 1;
-+        goto end;
-+    }
-+
-     /* Make sure client gets RPK or certificate as configured */
-     if (expected == 1) {
-         if (idx_server_server_rpk && idx_client_server_rpk) {
diff --git a/SPECS/cloud-hypervisor-cvm/cloud-hypervisor-cvm.signatures.json b/SPECS/cloud-hypervisor-cvm/cloud-hypervisor-cvm.signatures.json
index 9efe9c1910..a2859a2b18 100644
--- a/SPECS/cloud-hypervisor-cvm/cloud-hypervisor-cvm.signatures.json
+++ b/SPECS/cloud-hypervisor-cvm/cloud-hypervisor-cvm.signatures.json
@@ -1,7 +1,7 @@
 {
- "Signatures": {
-  "cloud-hypervisor-cvm-38.0.72.2-2-cargo.tar.gz": "68d1dc8f2a70fddad934e9131ccad7ce2c96323869433419e2f488062396bcc8",
-  "cloud-hypervisor-cvm-38.0.72.2.tar.gz": "1a357a0805f7b6d90993d5ae246c2dedff88cf98c9c0eab0903dc8071be0dae2",
-  "config.toml": "74c28b7520c157109b8990b325fe8f13504e56561a9bac51499d4c6bf4a66e52"
- }
-}
\ No newline at end of file
+  "Signatures": {
+    "config.toml": "06c9c9ca116704e883748cbed6fc4f080f68f649af8d759ecfbf3c36375c58d4",
+    "cloud-hypervisor-cvm-41.0.79.tar.gz": "d7b63ed05863ed24c2ed5c141d405347d41718abc47b1eda80f61f065cb58f40",
+    "cloud-hypervisor-cvm-41.0.79-vendor.tar.gz": "7c38df4bbf44a128a460fe380a6335ddf1b3ec77ed521078dfda851c988f5302"
+  }
+}
diff --git a/SPECS/cloud-hypervisor-cvm/cloud-hypervisor-cvm.spec b/SPECS/cloud-hypervisor-cvm/cloud-hypervisor-cvm.spec
index 1190f0b651..9918d922bf 100644
--- a/SPECS/cloud-hypervisor-cvm/cloud-hypervisor-cvm.spec
+++ b/SPECS/cloud-hypervisor-cvm/cloud-hypervisor-cvm.spec
@@ -4,8 +4,8 @@
 
 Name:           cloud-hypervisor-cvm
 Summary:        Cloud Hypervisor CVM is an open source Virtual Machine Monitor (VMM) that enables running SEV SNP enabled VMs on top of MSHV using the IGVM file format as payload.
-Version:        38.0.72.2
-Release:        3%{?dist}
+Version:        41.0.79
+Release:        1%{?dist}
 License:        ASL 2.0 OR BSD-3-clause
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -13,25 +13,15 @@ Group:          Applications/System
 URL:            https://github.com/microsoft/cloud-hypervisor
 Source0:        https://github.com/microsoft/cloud-hypervisor/archive/refs/tags/msft/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 %if 0%{?using_vendored_crates}
-# Note: the %%{name}-%%{version}-cargo.tar.gz file contains a cache created by capturing the contents downloaded into $CARGO_HOME.
+# Note: the %%{name}-%%{version}-vendor.tar.gz file contains a cache created by capturing the contents downloaded into $CARGO_HOME.
 # To update the cache and config.toml run:
 #   tar -xf %%{name}-%%{version}.tar.gz
 #   cd %%{name}-%%{version}
-#   patch -u -p0 < ../upgrade-openssl-to-3.3.2-to-address-CVE-2024-6119.patch
 #   cargo vendor > config.toml
-#   tar -czf %%{name}-%%{version}-cargo.tar.gz vendor/
-# rename the tarball to %%{name}-%%{version}-2-cargo.tar.gz when updating version
-# (feel free to drop -2 and this comment on version change)
-Source1:        %{name}-%{version}-2-cargo.tar.gz
+#   tar -czf %%{name}-%%{version}-vendor.tar.gz vendor/
+Source1:        %{name}-%{version}-vendor.tar.gz
 Source2:        config.toml
 %endif
-# Generated using:
-#   tar -xf %%{name}-%%{version}.tar.gz
-#   cd %%{name}-%%{version}
-#   cargo update -p openssl-src --precise 300.3.2+3.3.2
-#   diff -u ../cloud-hypervisor-msft-v38.0.72.2.backup/Cargo.lock Cargo.lock > ../upgrade-openssl-to-3.3.2-to-address-CVE-2024-6119.patch
-Patch0:         upgrade-openssl-to-3.3.2-to-address-CVE-2024-6119.patch
-Patch1:         CVE-2024-12797.patch
 
 BuildRequires:  binutils
 BuildRequires:  gcc
@@ -40,8 +30,8 @@ BuildRequires:  glibc-devel
 BuildRequires:  openssl-devel
 
 %if ! 0%{?using_rustup}
-BuildRequires:  rust >= 1.62.0
-BuildRequires:  cargo >= 1.62.0
+BuildRequires:  rust >= 1.85.0
+BuildRequires:  cargo >= 1.85.0
 %endif
 
 Requires: bash
@@ -78,15 +68,12 @@ Cloud Hypervisor is an open source Virtual Machine Monitor (VMM) that runs on to
 
 %prep
 
-%setup -q -n cloud-hypervisor-msft-v%{version}
+%setup -q -n cloud-hypervisor-%{version}
 %if 0%{?using_vendored_crates}
 tar xf %{SOURCE1}
 mkdir -p .cargo
 cp %{SOURCE2} .cargo/
 %endif
-# The vendored archive has been populated based on the patch, so we need to
-# repatch here as well in order to use the same versions
-%autopatch -p0
 
 %install
 install -d %{buildroot}%{_bindir}
@@ -144,10 +131,17 @@ cargo build --release --target=%{rust_musl_target} %{cargo_pkg_feature_opts} %{c
 %{_libdir}/cloud-hypervisor/static/ch-remote
 %caps(cap_net_admim=ep) %{_libdir}/cloud-hypervisor/static/cloud-hypervisor
 %endif
-%license LICENSE-APACHE
-%license LICENSE-BSD-3-Clause
+%license LICENSES/Apache-2.0.txt
+%license LICENSES/BSD-3-Clause.txt
+%license LICENSES/CC-BY-4.0.txt
 
 %changelog
+* Mon Apr 28 2025 CBL-Mariner Servicing Account  - 41.0.79-1
+- Auto-upgrade to 41.0.79
+
+* Mon Apr 21 2025 Kavya Sree Kaitepalli  - 38.0.72.2-4
+- Pin rust version
+
 * Sun Feb 16 2025 Kanishk Bansal  - 38.0.72.2-3
 - Patch CVE-2024-12797
 
diff --git a/SPECS/cloud-hypervisor-cvm/config.toml b/SPECS/cloud-hypervisor-cvm/config.toml
index 28e2cc3014..dc469e4feb 100644
--- a/SPECS/cloud-hypervisor-cvm/config.toml
+++ b/SPECS/cloud-hypervisor-cvm/config.toml
@@ -1,14 +1,9 @@
 [source.crates-io]
 replace-with = "vendored-sources"
 
-[source."git+https://github.com/cloud-hypervisor/kvm-bindings?branch=ch-v0.7.0"]
-git = "https://github.com/cloud-hypervisor/kvm-bindings"
-branch = "ch-v0.7.0"
-replace-with = "vendored-sources"
-
-[source."git+https://github.com/cloud-hypervisor/versionize_derive?branch=ch-0.1.6"]
-git = "https://github.com/cloud-hypervisor/versionize_derive"
-branch = "ch-0.1.6"
+[source."git+https://github.com/NunoDasNeves/vfio?branch=nudasnev/mshv-ioctls-v0.3.0"]
+git = "https://github.com/NunoDasNeves/vfio"
+branch = "nudasnev/mshv-ioctls-v0.3.0"
 replace-with = "vendored-sources"
 
 [source."git+https://github.com/firecracker-microvm/micro-http?branch=main"]
@@ -16,19 +11,14 @@ git = "https://github.com/firecracker-microvm/micro-http"
 branch = "main"
 replace-with = "vendored-sources"
 
-[source."git+https://github.com/microsoft/igvm?branch=main"]
-git = "https://github.com/microsoft/igvm"
-branch = "main"
-replace-with = "vendored-sources"
-
 [source."git+https://github.com/rust-vmm/acpi_tables?branch=main"]
 git = "https://github.com/rust-vmm/acpi_tables"
 branch = "main"
 replace-with = "vendored-sources"
 
-[source."git+https://github.com/rust-vmm/mshv?branch=main"]
+[source."git+https://github.com/rust-vmm/mshv?tag=v0.3.0"]
 git = "https://github.com/rust-vmm/mshv"
-branch = "main"
+tag = "v0.3.0"
 replace-with = "vendored-sources"
 
 [source."git+https://github.com/rust-vmm/vfio-user?branch=main"]
@@ -36,11 +26,6 @@ git = "https://github.com/rust-vmm/vfio-user"
 branch = "main"
 replace-with = "vendored-sources"
 
-[source."git+https://github.com/rust-vmm/vfio?branch=main"]
-git = "https://github.com/rust-vmm/vfio"
-branch = "main"
-replace-with = "vendored-sources"
-
 [source."git+https://github.com/rust-vmm/vm-fdt?branch=main"]
 git = "https://github.com/rust-vmm/vm-fdt"
 branch = "main"
diff --git a/SPECS/cloud-hypervisor-cvm/upgrade-openssl-to-3.3.2-to-address-CVE-2024-6119.patch b/SPECS/cloud-hypervisor-cvm/upgrade-openssl-to-3.3.2-to-address-CVE-2024-6119.patch
deleted file mode 100644
index c2ae8b4734..0000000000
--- a/SPECS/cloud-hypervisor-cvm/upgrade-openssl-to-3.3.2-to-address-CVE-2024-6119.patch
+++ /dev/null
@@ -1,14 +0,0 @@
---- ../cloud-hypervisor-msft-v38.0.72.2.backup/Cargo.lock	2024-09-17 12:55:41.269905595 -0700
-+++ Cargo.lock	2024-09-17 13:49:15.579003678 -0700
-@@ -1421,9 +1421,9 @@
- 
- [[package]]
- name = "openssl-src"
--version = "300.3.1+3.3.1"
-+version = "300.3.2+3.3.2"
- source = "registry+https://github.com/rust-lang/crates.io-index"
--checksum = "7259953d42a81bf137fbbd73bd30a8e1914d6dce43c2b90ed575783a22608b91"
-+checksum = "a211a18d945ef7e648cc6e0058f4c548ee46aab922ea203e0d30e966ea23647b"
- dependencies = [
-  "cc",
- ]
diff --git a/SPECS/cloud-provider-kubevirt/cloud-provider-kubevirt.signatures.json b/SPECS/cloud-provider-kubevirt/cloud-provider-kubevirt.signatures.json
new file mode 100644
index 0000000000..8aaf05fca0
--- /dev/null
+++ b/SPECS/cloud-provider-kubevirt/cloud-provider-kubevirt.signatures.json
@@ -0,0 +1,6 @@
+{
+    "Signatures": {
+     "cloud-provider-kubevirt-0.5.1.tar.gz": "5dc721b8f0fd663dd70bf8848ce7cb38fd5a4dea514307859a5b92edafaee04d",
+     "cloud-provider-kubevirt-0.5.1-vendor.tar.gz": "1a72812fb8cc3044c55eacf165ab039865fe29b1eaa4426ff47c721994ca9947"
+    }
+}
\ No newline at end of file
diff --git a/SPECS/cloud-provider-kubevirt/cloud-provider-kubevirt.spec b/SPECS/cloud-provider-kubevirt/cloud-provider-kubevirt.spec
new file mode 100644
index 0000000000..f2a1694c6e
--- /dev/null
+++ b/SPECS/cloud-provider-kubevirt/cloud-provider-kubevirt.spec
@@ -0,0 +1,74 @@
+Summary:        Package to create the cloud-provider-kubevirt binary.
+Name:           cloud-provider-kubevirt
+Version:        0.5.1
+Release:        1%{?dist}
+License:        ASL 2.0
+URL:            https://github.com/kubevirt/cloud-provider-kubevirt/
+Group:          System/Management
+# The Group has been set to System/Management to mimic SPEC file of Kubevirt
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+Source0:        https://github.com/kubevirt/cloud-provider-kubevirt/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+# Below is a manually created tarball, no download link.
+# We're using pre-populated Go modules from this tarball, since network is disabled during build time.
+# We can use the generate-source-tarball.sh script in the given folder along with the package version to build the tarball automatically.
+# In case we need to re-build this file manually:
+#   1. wget https://github.com/kubevirt/cloud-provider-kubevirt/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz -O %%{name}-%%{version}.tar.gz
+#   2. tar -xf %%{name}-%%{version}.tar.gz
+#   3. cd %%{name}-%%{version}
+#   4. Apply golang-version-upgrade.patch
+#   5. go mod vendor
+#   6. tar  --sort=name \
+#           --mtime="2021-04-26 00:00Z" \
+#           --owner=0 --group=0 --numeric-owner \
+#           --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
+#           -cf %%{name}-%%{version}-vendor.tar.gz vendor
+#
+Source1:        %{name}-%{version}-vendor.tar.gz
+Patch0:         initialization-and-configuration-handling.patch
+Patch1:         single-ip-address-for-node.patch
+Patch2:         golang-version-upgrade.patch
+Patch3:         instanceexists-watches-vms-instead-of-vmis.patch
+%global debug_package %{nil}
+BuildRequires:  golang >= 1.23
+
+%define our_gopath %{_topdir}/.gopath
+
+%description
+The KubeVirt cloud-provider allows a Kubernetes cluster running 
+in KubeVirt VMs (tenant cluster) to interact with KubeVirt and 
+Kubernetes (infrastructure cluster) to provision, manage and 
+clean up resources. For example, the cloud-provider ensures that 
+zone and region labels of nodes in the tenant cluster are set 
+based on the zone and region of the KubeVirt VMs in the 
+infrastructure cluster. The cloud-provider also ensures 
+tenant cluster services of type LoadBalancer are properly 
+exposed through services in the UnderKube.
+
+%prep
+%autosetup -N
+rm -rf vendor
+tar -xf %{SOURCE1} --no-same-owner
+%autopatch -p1
+
+%build
+export GOPATH=%{our_gopath}
+export GOFLAGS="-mod=vendor"
+make build
+
+%install
+mkdir -p %{buildroot}%{_bindir}
+
+install -p -m 0755 bin/kubevirt-cloud-controller-manager %{buildroot}%{_bindir}/
+
+%check
+make test
+
+%files
+%defattr(-,root,root)
+%{_bindir}/kubevirt-cloud-controller-manager
+
+%changelog
+* Tue Feb 04 2025 Sharath Srikanth Chellappa  0.5.1-1
+- Original version for Azure Linux.
+- License verified.
diff --git a/SPECS/cloud-provider-kubevirt/generate-source-tarball.sh b/SPECS/cloud-provider-kubevirt/generate-source-tarball.sh
new file mode 100755
index 0000000000..e7d16fe510
--- /dev/null
+++ b/SPECS/cloud-provider-kubevirt/generate-source-tarball.sh
@@ -0,0 +1,96 @@
+#!/bin/bash
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+# Quit on failure
+set -e
+
+PKG_VERSION=""
+OUT_FOLDER="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+# parameters:
+#
+# --outFolder   : folder where to copy the new tarball(s)
+# --pkgVersion  : package version
+#
+PARAMS=""
+while (( "$#" )); do
+    case "$1" in
+        --outFolder)
+        if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then
+            OUT_FOLDER=$2
+            shift 2
+        else
+            echo "Error: Argument for $1 is missing" >&2
+            exit 1
+        fi
+        ;;
+        --pkgVersion)
+        if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then
+            PKG_VERSION=$2
+            shift 2
+        else
+            echo "Error: Argument for $1 is missing" >&2
+            exit 1
+        fi
+        ;;
+        -*|--*=) # unsupported flags
+        echo "Error: Unsupported flag $1" >&2
+        exit 1
+        ;;
+        *) # preserve positional arguments
+        PARAMS="$PARAMS $1"
+        shift
+        ;;
+  esac
+done
+
+echo "--outFolder    -> $OUT_FOLDER"
+echo "--pkgVersion   -> $PKG_VERSION"
+
+if [ -z "$PKG_VERSION" ]; then
+    echo "--pkgVersion parameter cannot be empty"
+    exit 1
+fi
+
+echo "-- create temp folder"
+tmpdir=$(mktemp -d)
+function cleanup {
+    echo "+++ cleanup -> remove $tmpdir"
+    rm -rf $tmpdir
+}
+trap cleanup EXIT
+
+echo "Copying golang-version-upgrade.patch to $tmpdir"
+cp golang-version-upgrade.patch $tmpdir/
+
+pushd $tmpdir > /dev/null
+
+NAME_VER="cloud-provider-kubevirt-$PKG_VERSION"
+VENDOR_TARBALL="$OUT_FOLDER/$NAME_VER-vendor.tar.gz"
+
+echo "Downloading source tarball..."
+wget https://github.com/kubevirt/cloud-provider-kubevirt/archive/refs/tags/v$PKG_VERSION.tar.gz -O $NAME_VER.tar.gz
+
+echo "Unpacking source tarball..."
+tar -xf $NAME_VER.tar.gz
+
+cp golang-version-upgrade.patch $NAME_VER/
+cd "$NAME_VER"
+
+echo "Applying Golang versioning patch"
+git apply golang-version-upgrade.patch
+go mod tidy
+
+echo "Get vendored modules"
+go mod vendor
+
+echo "Tar vendored modules"
+tar  --sort=name \
+     --mtime="2021-04-26 00:00Z" \
+     --owner=0 --group=0 --numeric-owner \
+     --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
+     -cf "$VENDOR_TARBALL" vendor
+
+popd > /dev/null
+echo "cloud-provider-kubevirt vendored modules are available at $VENDOR_TARBALL"
\ No newline at end of file
diff --git a/SPECS/cloud-provider-kubevirt/golang-version-upgrade.patch b/SPECS/cloud-provider-kubevirt/golang-version-upgrade.patch
new file mode 100644
index 0000000000..ab07794cc0
--- /dev/null
+++ b/SPECS/cloud-provider-kubevirt/golang-version-upgrade.patch
@@ -0,0 +1,1254 @@
+From 237a3b759f036dfdbcd8f09e5837118f5d622874 Mon Sep 17 00:00:00 2001
+From: Sharath Srikanth Chellappa 
+Date: Fri, 14 Feb 2025 15:21:17 -0800
+Subject: [PATCH] Modifying Golang version
+
+The provided patch updates the dependencies and the Go version in the `go.mod` and `go.sum` files for the project `kubevirt.io/cloud-provider-kubevirt`.
+
+These changes will potentially be removed as the upstream carries out a new release.
+
+1. **Go Version Update:**
+   - Updated from `go 1.20` to `go 1.23.6`.
+   - **Reason:** To take advantage of new features, bug fixes, and performance improvements in the newer Go version.
+
+2. **Dependencies Updates in `go.mod`:**
+   - Several dependencies have been updated to newer versions.
+   - **Reason:** To incorporate the latest features, improvements, and security fixes provided by these libraries.
+
+3. **Newly Added Dependencies:**
+   - `github.com/pkg/errors v0.9.1`, `github.com/fxamacker/cbor/v2 v2.7.0`, etc.
+
+4. **Changes in `go.sum`:**
+   - The `go.sum` file has been updated to reflect the new checksums of the updated dependencies.
+   - **Reason:** Ensures the integrity and authenticity of the downloaded dependencies corresponding to the updates in `go.mod`.
+
+5. **Replacements and Removals:**
+   - Some `replace` directives have been changed or removed.
+
+---
+ go.mod | 161 +++++++------
+ go.sum | 696 ++++++++++++++++++---------------------------------------
+ 2 files changed, 293 insertions(+), 564 deletions(-)
+
+diff --git a/go.mod b/go.mod
+index d0c86cf6..f41a0b01 100644
+--- a/go.mod
++++ b/go.mod
+@@ -1,19 +1,19 @@
+ module kubevirt.io/cloud-provider-kubevirt
+ 
+-go 1.20
++go 1.23.6
+ 
+ require (
+ 	github.com/golang/mock v1.6.0
+-	github.com/onsi/ginkgo/v2 v2.9.2
+-	github.com/onsi/gomega v1.27.6
++	github.com/onsi/ginkgo/v2 v2.19.0
++	github.com/onsi/gomega v1.33.1
+ 	gopkg.in/yaml.v2 v2.4.0
+-	k8s.io/api v0.27.3
+-	k8s.io/apimachinery v0.27.3
+-	k8s.io/client-go v0.27.3
+-	k8s.io/cloud-provider v0.27.3
+-	k8s.io/component-base v0.27.3
+-	k8s.io/klog/v2 v2.90.1
+-	k8s.io/utils v0.0.0-20230209194617-a36077c30491
++	k8s.io/api v0.31.0
++	k8s.io/apimachinery v0.31.0
++	k8s.io/client-go v0.31.0
++	k8s.io/cloud-provider v0.31.0
++	k8s.io/component-base v0.31.0
++	k8s.io/klog/v2 v2.130.1
++	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
+ 	kubevirt.io/api v0.59.0
+ 	sigs.k8s.io/controller-runtime v0.14.5
+ )
+@@ -21,45 +21,43 @@ require (
+ require (
+ 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
+ 	github.com/NYTimes/gziphandler v1.1.1 // indirect
+-	github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect
++	github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
+ 	github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect
+ 	github.com/beorn7/perks v1.0.1 // indirect
+ 	github.com/blang/semver/v4 v4.0.0 // indirect
+-	github.com/cenkalti/backoff/v4 v4.1.3 // indirect
+-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+-	github.com/coreos/go-semver v0.3.0 // indirect
+-	github.com/coreos/go-systemd/v22 v22.4.0 // indirect
+-	github.com/davecgh/go-spew v1.1.1 // indirect
+-	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
+-	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
++	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
++	github.com/cespare/xxhash/v2 v2.3.0 // indirect
++	github.com/coreos/go-semver v0.3.1 // indirect
++	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
++	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
++	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+ 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
+-	github.com/felixge/httpsnoop v1.0.3 // indirect
+-	github.com/fsnotify/fsnotify v1.6.0 // indirect
+-	github.com/go-logr/logr v1.2.3 // indirect
++	github.com/felixge/httpsnoop v1.0.4 // indirect
++	github.com/fsnotify/fsnotify v1.7.0 // indirect
++	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
++	github.com/go-logr/logr v1.4.2 // indirect
+ 	github.com/go-logr/stdr v1.2.2 // indirect
+ 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+-	github.com/go-openapi/jsonreference v0.20.1 // indirect
+-	github.com/go-openapi/swag v0.22.3 // indirect
+-	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
++	github.com/go-openapi/jsonreference v0.20.2 // indirect
++	github.com/go-openapi/swag v0.22.4 // indirect
++	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
+ 	github.com/gogo/protobuf v1.3.2 // indirect
+ 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+-	github.com/golang/protobuf v1.5.3 // indirect
+-	github.com/google/cel-go v0.12.6 // indirect
+-	github.com/google/gnostic v0.5.7-v3refs // indirect
+-	github.com/google/go-cmp v0.5.9 // indirect
+-	github.com/google/gofuzz v1.1.0 // indirect
+-	github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
+-	github.com/google/uuid v1.3.0 // indirect
++	github.com/golang/protobuf v1.5.4 // indirect
++	github.com/google/cel-go v0.20.1 // indirect
++	github.com/google/gnostic-models v0.6.8 // indirect
++	github.com/google/go-cmp v0.6.0 // indirect
++	github.com/google/gofuzz v1.2.0 // indirect
++	github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af // indirect
++	github.com/google/uuid v1.6.0 // indirect
+ 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
+-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 // indirect
++	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
+ 	github.com/imdario/mergo v0.3.12 // indirect
+-	github.com/inconshreveable/mousetrap v1.0.1 // indirect
++	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+ 	github.com/josharian/intern v1.0.0 // indirect
+ 	github.com/json-iterator/go v1.1.12 // indirect
+ 	github.com/mailru/easyjson v0.7.7 // indirect
+-	github.com/matttproud/golang_protobuf_extensions v1.0.2 // indirect
+-	github.com/mitchellh/mapstructure v1.4.1 // indirect
+-	github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect
++	github.com/moby/term v0.5.0 // indirect
+ 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+ 	github.com/modern-go/reflect2 v1.0.2 // indirect
+ 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+@@ -67,60 +65,59 @@ require (
+ 	github.com/openshift/custom-resource-status v1.1.2 // indirect
+ 	github.com/pborman/uuid v1.2.0 // indirect
+ 	github.com/pkg/errors v0.9.1 // indirect
+-	github.com/prometheus/client_golang v1.14.0 // indirect
+-	github.com/prometheus/client_model v0.3.0 // indirect
+-	github.com/prometheus/common v0.37.0 // indirect
+-	github.com/prometheus/procfs v0.8.0 // indirect
+-	github.com/spf13/cobra v1.6.0 // indirect
++	github.com/prometheus/client_golang v1.19.1 // indirect
++	github.com/prometheus/client_model v0.6.1 // indirect
++	github.com/prometheus/common v0.55.0 // indirect
++	github.com/prometheus/procfs v0.15.1 // indirect
++	github.com/spf13/cobra v1.8.1 // indirect
+ 	github.com/spf13/pflag v1.0.5 // indirect
+ 	github.com/stoewer/go-strcase v1.2.0 // indirect
+-	go.etcd.io/etcd/api/v3 v3.5.7 // indirect
+-	go.etcd.io/etcd/client/pkg/v3 v3.5.7 // indirect
+-	go.etcd.io/etcd/client/v3 v3.5.7 // indirect
+-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0 // indirect
+-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1 // indirect
+-	go.opentelemetry.io/otel v1.10.0 // indirect
+-	go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.10.0 // indirect
+-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.10.0 // indirect
+-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.10.0 // indirect
+-	go.opentelemetry.io/otel/metric v0.31.0 // indirect
+-	go.opentelemetry.io/otel/sdk v1.10.0 // indirect
+-	go.opentelemetry.io/otel/trace v1.10.0 // indirect
+-	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
+-	go.uber.org/atomic v1.7.0 // indirect
+-	go.uber.org/multierr v1.6.0 // indirect
+-	go.uber.org/zap v1.24.0 // indirect
+-	golang.org/x/crypto v0.1.0 // indirect
+-	golang.org/x/net v0.10.0 // indirect
+-	golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect
+-	golang.org/x/sync v0.1.0 // indirect
+-	golang.org/x/sys v0.8.0 // indirect
+-	golang.org/x/term v0.8.0 // indirect
+-	golang.org/x/text v0.9.0 // indirect
++	github.com/x448/float16 v0.8.4 // indirect
++	go.etcd.io/etcd/api/v3 v3.5.14 // indirect
++	go.etcd.io/etcd/client/pkg/v3 v3.5.14 // indirect
++	go.etcd.io/etcd/client/v3 v3.5.14 // indirect
++	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect
++	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
++	go.opentelemetry.io/otel v1.28.0 // indirect
++	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect
++	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect
++	go.opentelemetry.io/otel/metric v1.28.0 // indirect
++	go.opentelemetry.io/otel/sdk v1.28.0 // indirect
++	go.opentelemetry.io/otel/trace v1.28.0 // indirect
++	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
++	go.uber.org/multierr v1.11.0 // indirect
++	go.uber.org/zap v1.26.0 // indirect
++	golang.org/x/crypto v0.35.0 // indirect
++	golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc // indirect
++	golang.org/x/net v0.36.0 // indirect
++	golang.org/x/oauth2 v0.21.0 // indirect
++	golang.org/x/sync v0.11.0 // indirect
++	golang.org/x/sys v0.30.0 // indirect
++	golang.org/x/term v0.29.0 // indirect
++	golang.org/x/text v0.22.0 // indirect
+ 	golang.org/x/time v0.3.0 // indirect
+-	golang.org/x/tools v0.7.0 // indirect
+-	google.golang.org/appengine v1.6.7 // indirect
+-	google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect
+-	google.golang.org/grpc v1.51.0 // indirect
+-	google.golang.org/protobuf v1.28.1 // indirect
++	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
++	google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac // indirect
++	google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 // indirect
++	google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
++	google.golang.org/grpc v1.65.0 // indirect
++	google.golang.org/protobuf v1.34.2 // indirect
++	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
+ 	gopkg.in/inf.v0 v0.9.1 // indirect
+-	gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
++	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
+ 	gopkg.in/yaml.v3 v3.0.1 // indirect
+ 	k8s.io/apiextensions-apiserver v0.26.1 // indirect
+-	k8s.io/apiserver v0.27.3 // indirect
+-	k8s.io/component-helpers v0.27.3 // indirect
+-	k8s.io/controller-manager v0.27.3 // indirect
+-	k8s.io/kms v0.27.3 // indirect
+-	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
++	k8s.io/apiserver v0.31.0 // indirect
++	k8s.io/component-helpers v0.31.0 // indirect
++	k8s.io/controller-manager v0.31.0 // indirect
++	k8s.io/kms v0.31.0 // indirect
++	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
+ 	kubevirt.io/containerized-data-importer-api v1.55.0 // indirect
+ 	kubevirt.io/controller-lifecycle-operator-sdk/api v0.0.0-20220329064328-f3cc58c6ed90 // indirect
+-	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2 // indirect
++	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 // indirect
+ 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+-	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+-	sigs.k8s.io/yaml v1.3.0 // indirect
++	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
++	sigs.k8s.io/yaml v1.4.0 // indirect
+ )
+ 
+-replace (
+-	golang.org/x/net => golang.org/x/net v0.10.0
+-	golang.org/x/sys => golang.org/x/sys v0.8.0
+-)
++replace golang.org/x/sys => golang.org/x/sys v0.8.0
+diff --git a/go.sum b/go.sum
+index 8cfeec00..8d24080b 100644
+--- a/go.sum
++++ b/go.sum
+@@ -1,147 +1,80 @@
+ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
+-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
+-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
+-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
+-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
+-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
+-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
+-cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
+-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
+-cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
+-cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
+-cloud.google.com/go v0.97.0 h1:3DXvAyifywvq64LfkKaMOmkWPS1CikIQdMe2lY9vxU8=
+-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
+-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
+-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
+-cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
+-cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
+-cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
+-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
+-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
+-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
+-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
+-cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
+-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
+-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
+-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
+-cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
+-cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
+-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
+ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
+-github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
+ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+ github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
+ github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
+ github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
+-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
+ github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
+ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
+-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+-github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+-github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
+-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+-github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 h1:yL7+Jz0jTC6yykIK/Wh74gnTJnrGr5AyrNMXuA0gves=
+-github.com/antlr/antlr4/runtime/Go/antlr v1.4.10/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
++github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI=
++github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g=
+ github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA=
+ github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
+-github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
+-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+ github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
+ github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
+-github.com/cenkalti/backoff/v4 v4.1.3 h1:cFAlzYUlVYDysBEH2T5hyJZMh3+5+WCBvSnK6Q8UtC4=
+-github.com/cenkalti/backoff/v4 v4.1.3/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
++github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
++github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+ github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
+-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+-github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
+-github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
++github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
++github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+ github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+-github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
+-github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+-github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+-github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+-github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+-github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+-github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
+-github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
+-github.com/coreos/go-systemd/v22 v22.4.0 h1:y9YHcjnjynCd/DVbg5j9L/33jQM3MxJlbj/zWskzfGU=
+-github.com/coreos/go-systemd/v22 v22.4.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
++github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4=
++github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec=
++github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
++github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
++github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+ github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
++github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
+ github.com/dave/dst v0.26.2/go.mod h1:UMDJuIRPfyUCC78eFuB+SV/WI8oDeyFDvM/JR6NI3IU=
+ github.com/dave/gopackages v0.0.0-20170318123100-46e7023ec56e/go.mod h1:i00+b/gKdIDIxuLDFob7ustLAVqhsZRk2qVZrArELGQ=
+ github.com/dave/jennifer v1.2.0/go.mod h1:fIb+770HOpJ2fmN9EPPKOqm1vMGhB+TwXKMZhrIygKg=
+ github.com/dave/kerr v0.0.0-20170318121727-bc25dd6abe8e/go.mod h1:qZqlPyPvfsDJt+3wHJ1EvSXDuVjFTK0j2p/ca+gtsb8=
+ github.com/dave/rebecca v0.9.1/go.mod h1:N6XYdMD/OKw3lkF3ywh8Z6wPGuwNFDNtWYEMFWEmXBA=
+ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
++github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
++github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
+-github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
++github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
++github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+ github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
+ github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
+ github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
+ github.com/emicklei/go-restful v2.15.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
+-github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE=
+-github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
++github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
++github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+-github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
+-github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
+-github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
+ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+-github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
+ github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+ github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
+ github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
+-github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
+-github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
++github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
++github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+ github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+-github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
+-github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
++github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
++github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
++github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
++github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
+ github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg=
+ github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
+-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+-github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+-github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
+-github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
+-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+-github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
+-github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
+ github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
+ github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
+ github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+ github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+-github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
+-github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
++github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
++github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+ github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+-github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A=
++github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
++github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
+ github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+ github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+ github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
+@@ -149,45 +82,30 @@ github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaL
+ github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
+ github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
+ github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns=
+-github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8=
+-github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
++github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
++github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
+ github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
+ github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
+ github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
+-github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
+ github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
++github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU=
++github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+ github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
+-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
++github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
++github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
+ github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+-github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs=
++github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
++github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+ github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+-github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ=
+-github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
+-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+ github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+ github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+ github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
+-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+-github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
+ github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
+ github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
+ github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+ github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
+ github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+ github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+@@ -195,97 +113,72 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W
+ github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+ github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
++github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
++github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+ github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
+-github.com/google/cel-go v0.12.6 h1:kjeKudqV0OygrAqA9fX6J55S8gj+Jre2tckIm5RoG4M=
+-github.com/google/cel-go v0.12.6/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw=
+-github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54=
+-github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ=
++github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
++github.com/google/cel-go v0.20.1 h1:nDx9r8S3L4pE61eDdt8igGj8rf5kjYR3ILxWIpWNi84=
++github.com/google/cel-go v0.20.1/go.mod h1:kWcIzTsPX0zmQ+H3TirHstLLf9ep5QTsZBN9u4dOYLg=
++github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
++github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
+ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+-github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
++github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
++github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+-github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
+ github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+-github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
++github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
++github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+ github.com/google/pprof v0.0.0-20181127221834-b4f47329b966/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+-github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+ github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+-github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
+-github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
++github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM=
++github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo=
+ github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
+-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
++github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
++github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+ github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
+ github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA=
+ github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
+-github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
+ github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
++github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
++github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+ github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw=
++github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
+ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho=
+ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
+ github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo=
+ github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
+-github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 h1:BZHcxBETFHIdVyhyEfOvn/RdU/QGdLI4y34qQGjGWO0=
+-github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks=
+-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
++github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0=
++github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k=
+ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+ github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+ github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
+ github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
+-github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
+-github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
++github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
++github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+ github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
+ github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ=
++github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
+ github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+ github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+-github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
+ github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+-github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
+-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
+-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+-github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
+ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+-github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+ github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+ github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
++github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
++github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+@@ -295,27 +188,19 @@ github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN
+ github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+ github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+ github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+-github.com/matttproud/golang_protobuf_extensions v1.0.2 h1:hAHbPm5IJGijwng3PWk09JkG9WeqChjprR5s9bBZ+OM=
+-github.com/matttproud/golang_protobuf_extensions v1.0.2/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+-github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxdASFVQag=
+-github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+ github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
+-github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA=
+-github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
++github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
++github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
+ github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+ github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+-github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
+ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
+ github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
+@@ -326,15 +211,15 @@ github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108
+ github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
+ github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
+ github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
+-github.com/onsi/ginkgo/v2 v2.9.2 h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU=
+-github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts=
++github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
++github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
+ github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
+ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
+ github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+ github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
+ github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs=
+-github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
+-github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg=
++github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
++github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
+ github.com/openshift/api v0.0.0-20211217221424-8779abfbd571 h1:+ShYlGoPriGahTTFTjQ0RtNXW0srxDodk2STdc238Rk=
+ github.com/openshift/api v0.0.0-20211217221424-8779abfbd571/go.mod h1:F/eU6jgr6Q2VhMu1mSpMmygxAELd7+BUxs3NHZ25jV4=
+ github.com/openshift/build-machinery-go v0.0.0-20211213093930-7e33a7eb4ce3/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE=
+@@ -342,345 +227,203 @@ github.com/openshift/custom-resource-status v1.1.2 h1:C3DL44LEbvlbItfd8mT5jWrqPf
+ github.com/openshift/custom-resource-status v1.1.2/go.mod h1:DB/Mf2oTeiAmVVX1gN+NEqweonAPY0TKUwADizj8+ZA=
+ github.com/pborman/uuid v1.2.0 h1:J7Q5mO4ysT1dv8hyrUGHb9+ooztCXu1D8MY8DZYsu3g=
+ github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
+-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
+-github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
+-github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
+-github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
+-github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
+-github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
+-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
++github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
++github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
++github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
++github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
+ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+-github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+-github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
+-github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
+-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+-github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
+-github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
+-github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
+-github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
+-github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
+-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+-github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
+-github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+-github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+-github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
+-github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
+-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
+-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+-github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
++github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
++github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
++github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
++github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
++github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
++github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
++github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
++github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+ github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+ github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
+-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+-github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
+-github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
++github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
++github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+ github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js=
+-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
++github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
+ github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
+-github.com/spf13/cobra v1.6.0 h1:42a0n6jwCot1pUmomAp4T7DeMD+20LFv4Q54pxLf2LI=
+-github.com/spf13/cobra v1.6.0/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
++github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
++github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
+ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+ github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU=
+ github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
+ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+ github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
++github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
++github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+ github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE=
++github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk=
++github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
++github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
+ github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8=
+-github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
++github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
+ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+ github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+ github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+ github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+-github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+-go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=
+-go.etcd.io/etcd/api/v3 v3.5.7 h1:sbcmosSVesNrWOJ58ZQFitHMdncusIifYcrBfwrlJSY=
+-go.etcd.io/etcd/api/v3 v3.5.7/go.mod h1:9qew1gCdDDLu+VwmeG+iFpL+QlpHTo7iubavdVDgCAA=
+-go.etcd.io/etcd/client/pkg/v3 v3.5.7 h1:y3kf5Gbp4e4q7egZdn5T7W9TSHUvkClN6u+Rq9mEOmg=
+-go.etcd.io/etcd/client/pkg/v3 v3.5.7/go.mod h1:o0Abi1MK86iad3YrWhgUsbGx1pmTS+hrORWc2CamuhY=
+-go.etcd.io/etcd/client/v2 v2.305.7 h1:AELPkjNR3/igjbO7CjyF1fPuVPjrblliiKj+Y6xSGOU=
+-go.etcd.io/etcd/client/v3 v3.5.7 h1:u/OhpiuCgYY8awOHlhIhmGIGpxfBU/GZBUP3m/3/Iz4=
+-go.etcd.io/etcd/client/v3 v3.5.7/go.mod h1:sOWmj9DZUMyAngS7QQwCyAXXAL6WhgTOPLNS/NabQgw=
+-go.etcd.io/etcd/pkg/v3 v3.5.7 h1:obOzeVwerFwZ9trMWapU/VjDcYUJb5OfgC1zqEGWO/0=
+-go.etcd.io/etcd/raft/v3 v3.5.7 h1:aN79qxLmV3SvIq84aNTliYGmjwsW6NqJSnqmI1HLJKc=
+-go.etcd.io/etcd/server/v3 v3.5.7 h1:BTBD8IJUV7YFgsczZMHhMTS67XuA4KpRquL0MFOJGRk=
+-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
+-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+-go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0 h1:xFSRQBbXF6VvYRf2lqMJXxoB72XI1K/azav8TekHHSw=
+-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0/go.mod h1:h8TWwRAhQpOd0aM5nYsRD8+flnkj+526GEIVlarH7eY=
+-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1 h1:sxoY9kG1s1WpSYNyzm24rlwH4lnRYFXUVVBmKMBfRgw=
+-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1/go.mod h1:9NiG9I2aHTKkcxqCILhjtyNA1QEiCjdBACv4IvrFQ+c=
+-go.opentelemetry.io/otel v1.10.0 h1:Y7DTJMR6zs1xkS/upamJYk0SxxN4C9AqRd77jmZnyY4=
+-go.opentelemetry.io/otel v1.10.0/go.mod h1:NbvWjCthWHKBEUMpf0/v8ZRZlni86PpGFEMA9pnQSnQ=
+-go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.10.0 h1:TaB+1rQhddO1sF71MpZOZAuSPW1klK2M8XxfrBMfK7Y=
+-go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.10.0/go.mod h1:78XhIg8Ht9vR4tbLNUhXsiOnE2HOuSeKAiAcoVQEpOY=
+-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.10.0 h1:pDDYmo0QadUPal5fwXoY1pmMpFcdyhXOmL5drCrI3vU=
+-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.10.0/go.mod h1:Krqnjl22jUJ0HgMzw5eveuCvFDXY4nSYb4F8t5gdrag=
+-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.10.0 h1:KtiUEhQmj/Pa874bVYKGNVdq8NPKiacPbaRRtgXi+t4=
+-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.10.0/go.mod h1:OfUCyyIiDvNXHWpcWgbF+MWvqPZiNa3YDEnivcnYsV0=
+-go.opentelemetry.io/otel/metric v0.31.0 h1:6SiklT+gfWAwWUR0meEMxQBtihpiEs4c+vL9spDTqUs=
+-go.opentelemetry.io/otel/metric v0.31.0/go.mod h1:ohmwj9KTSIeBnDBm/ZwH2PSZxZzoOaG2xZeekTRzL5A=
+-go.opentelemetry.io/otel/sdk v1.10.0 h1:jZ6K7sVn04kk/3DNUdJ4mqRlGDiXAVuIG+MMENpTNdY=
+-go.opentelemetry.io/otel/sdk v1.10.0/go.mod h1:vO06iKzD5baltJz1zarxMCNHFpUlUiOy4s65ECtn6kE=
+-go.opentelemetry.io/otel/trace v1.10.0 h1:npQMbR8o7mum8uF95yFbOEJffhs1sbCOfDh8zAJiH5E=
+-go.opentelemetry.io/otel/trace v1.10.0/go.mod h1:Sij3YYczqAdz+EhmGhE6TpTxUO5/F/AzrK+kxfGqySM=
+-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
+-go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJPI1Nnw=
+-go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
+-go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
+-go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+-go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
+-go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4=
+-go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
+-go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
+-go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
++go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI=
++go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE=
++go.etcd.io/etcd/api/v3 v3.5.14 h1:vHObSCxyB9zlF60w7qzAdTcGaglbJOpSj1Xj9+WGxq0=
++go.etcd.io/etcd/api/v3 v3.5.14/go.mod h1:BmtWcRlQvwa1h3G2jvKYwIQy4PkHlDej5t7uLMUdJUU=
++go.etcd.io/etcd/client/pkg/v3 v3.5.14 h1:SaNH6Y+rVEdxfpA2Jr5wkEvN6Zykme5+YnbCkxvuWxQ=
++go.etcd.io/etcd/client/pkg/v3 v3.5.14/go.mod h1:8uMgAokyG1czCtIdsq+AGyYQMvpIKnSvPjFMunkgeZI=
++go.etcd.io/etcd/client/v2 v2.305.13 h1:RWfV1SX5jTU0lbCvpVQe3iPQeAHETWdOTb6pxhd77C8=
++go.etcd.io/etcd/client/v2 v2.305.13/go.mod h1:iQnL7fepbiomdXMb3om1rHq96htNNGv2sJkEcZGDRRg=
++go.etcd.io/etcd/client/v3 v3.5.14 h1:CWfRs4FDaDoSz81giL7zPpZH2Z35tbOrAJkkjMqOupg=
++go.etcd.io/etcd/client/v3 v3.5.14/go.mod h1:k3XfdV/VIHy/97rqWjoUzrj9tk7GgJGH9J8L4dNXmAk=
++go.etcd.io/etcd/pkg/v3 v3.5.13 h1:st9bDWNsKkBNpP4PR1MvM/9NqUPfvYZx/YXegsYEH8M=
++go.etcd.io/etcd/pkg/v3 v3.5.13/go.mod h1:N+4PLrp7agI/Viy+dUYpX7iRtSPvKq+w8Y14d1vX+m0=
++go.etcd.io/etcd/raft/v3 v3.5.13 h1:7r/NKAOups1YnKcfro2RvGGo2PTuizF/xh26Z2CTAzA=
++go.etcd.io/etcd/raft/v3 v3.5.13/go.mod h1:uUFibGLn2Ksm2URMxN1fICGhk8Wu96EfDQyuLhAcAmw=
++go.etcd.io/etcd/server/v3 v3.5.13 h1:V6KG+yMfMSqWt+lGnhFpP5z5dRUj1BDRJ5k1fQ9DFok=
++go.etcd.io/etcd/server/v3 v3.5.13/go.mod h1:K/8nbsGupHqmr5MkgaZpLlH1QdX1pcNQLAkODy44XcQ=
++go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 h1:9G6E0TXzGFVfTnawRzrPl83iHOAV7L8NJiR8RSGYV1g=
++go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0/go.mod h1:azvtTADFQJA8mX80jIH/akaE7h+dbm/sVuaHqN13w74=
++go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA=
++go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg=
++go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo=
++go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4=
++go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY=
++go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI=
++go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA=
++go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ=
++go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q=
++go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s=
++go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE=
++go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg=
++go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g=
++go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI=
++go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
++go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
++go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
++go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
++go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
++go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
++go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
++go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
+ golang.org/x/arch v0.0.0-20180920145803-b19384d3c130/go.mod h1:cYlCBUl1MsqxdiKgmc4uh7TxZfWSFLOGSRR090WDxt8=
+-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
++golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+-golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
+-golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
++golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
++golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
++golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
+ golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
+-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
+-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
++golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc h1:mCRnTeVUjcrhlRmO0VK8a6k6Rrf6TF9htwo2pJVSjIU=
++golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
+ golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+ golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
+-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
+-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
+-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+ golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
+-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+-golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
+-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
++golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
++golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
++golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
++golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
++golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
++golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
++golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
++golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
++golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
++golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
++golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
++golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
++golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
++golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
++golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
++golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
++golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
++golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
++golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
++golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA=
++golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I=
+ golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+-golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+-golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+-golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b h1:clP8eMhB30EHdc0bd2Twtq6kgU7yl5ub2cQLSdrv1Dg=
+-golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
++golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
++golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+ golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+-golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
+-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
++golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
++golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+ golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
+ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+-golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols=
+-golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
++golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
++golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
++golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
+ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
++golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
+-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
++golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
++golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
+ golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
+ golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+ golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+ golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+ golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+-golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+-golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+-golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+ golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+ golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+-golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+-golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+-golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+-golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+-golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+-golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+ golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+ golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+ golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+ golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM=
+ golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
+-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+-golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4=
+-golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s=
++golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
++golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+ golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+ gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY=
+-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
+-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
+-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+-google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+-google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+-google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+-google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
+-google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
++gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY=
+ google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
+-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
+-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+ google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
+-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+-google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+-google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+-google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+-google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+-google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+-google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
+ google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+-google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
+-google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+-google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+-google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+ google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+-google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+-google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 h1:hrbNEivu7Zn1pxvHk6MBrq9iE22woVILTHqexqBxe6I=
+-google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
++google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac h1:ZL/Teoy/ZGnzyrqK/Optxxp2pmVh+fmJ97slxSRyzUg=
++google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:+Rvu7ElI+aLzyDQhpHMFMMltsD6m7nqpuWDd2CwJw3k=
++google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 h1:7whR9kGa5LUwFtpLm2ArCEejtnxlGeLbAyjFY8sGNFw=
++google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157/go.mod h1:99sLkeliLXfdj2J75X3Ho+rrVCaJze0uwN7zDDkjPVU=
++google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA=
++google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
+ google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+ google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+-google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
+-google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
+-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+-google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
+-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+-google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
+-google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
+-google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
+-google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U=
+-google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww=
++google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc=
++google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ=
+ google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+ google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+ google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+@@ -690,33 +433,29 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2
+ google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
+-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+-google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
+-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
++google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
++google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+ gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
++gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
++gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
+ gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+-gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8=
+-gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
++gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
++gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
+ gopkg.in/src-d/go-billy.v4 v4.3.0/go.mod h1:tm33zBoOwxjYHZIE+OV8bxTWFMJLrconzFMd38aARFk=
+ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+@@ -727,66 +466,58 @@ gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C
+ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+-honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+ k8s.io/api v0.23.0/go.mod h1:8wmDdLBHBNxtOIytwLstXt5E9PddnZb0GaMcqsvDBpg=
+ k8s.io/api v0.23.3/go.mod h1:w258XdGyvCmnBj/vGzQMj6kzdufJZVUwEM1U2fRJwSQ=
+-k8s.io/api v0.27.3 h1:yR6oQXXnUEBWEWcvPWS0jQL575KoAboQPfJAuKNrw5Y=
+-k8s.io/api v0.27.3/go.mod h1:C4BNvZnQOF7JA/0Xed2S+aUyJSfTGkGFxLXz9MnpIpg=
++k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo=
++k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE=
+ k8s.io/apiextensions-apiserver v0.26.1 h1:cB8h1SRk6e/+i3NOrQgSFij1B2S0Y0wDoNl66bn8RMI=
+ k8s.io/apiextensions-apiserver v0.26.1/go.mod h1:AptjOSXDGuE0JICx/Em15PaoO7buLwTs0dGleIHixSM=
+ k8s.io/apimachinery v0.23.0/go.mod h1:fFCTTBKvKcwTPFzjlcxp91uPFZr+JA0FubU4fLzzFYc=
+ k8s.io/apimachinery v0.23.3/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM=
+-k8s.io/apimachinery v0.27.3 h1:Ubye8oBufD04l9QnNtW05idcOe9Z3GQN8+7PqmuVcUM=
+-k8s.io/apimachinery v0.27.3/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E=
+-k8s.io/apiserver v0.27.3 h1:AxLvq9JYtveYWK+D/Dz/uoPCfz8JC9asR5z7+I/bbQ4=
+-k8s.io/apiserver v0.27.3/go.mod h1:Y61+EaBMVWUBJtxD5//cZ48cHZbQD+yIyV/4iEBhhNA=
+-k8s.io/client-go v0.27.3 h1:7dnEGHZEJld3lYwxvLl7WoehK6lAq7GvgjxpA3nv1E8=
+-k8s.io/client-go v0.27.3/go.mod h1:2MBEKuTo6V1lbKy3z1euEGnhPfGZLKTS9tiJ2xodM48=
+-k8s.io/cloud-provider v0.27.3 h1:YylqJpKCB3O2MRnNXshxSVOQTOZE4I0G+cnyOfLwkGA=
+-k8s.io/cloud-provider v0.27.3/go.mod h1:+C4rgsL3O0pxXdjoxRDOjCzNTj4C6jYUmK2OyogK1Jw=
++k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc=
++k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
++k8s.io/apiserver v0.31.0 h1:p+2dgJjy+bk+B1Csz+mc2wl5gHwvNkC9QJV+w55LVrY=
++k8s.io/apiserver v0.31.0/go.mod h1:KI9ox5Yu902iBnnyMmy7ajonhKnkeZYJhTZ/YI+WEMk=
++k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8=
++k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU=
++k8s.io/cloud-provider v0.31.0 h1:qNOs78I2/7zQmyStfDtY2M7EdilUl9fCSYMcqBju/tA=
++k8s.io/cloud-provider v0.31.0/go.mod h1:QgUPqLoL6aXhLlrNg1U4IrJk/PvvxgeOnT2ixkgnqT0=
+ k8s.io/code-generator v0.23.0/go.mod h1:vQvOhDXhuzqiVfM/YHp+dmg10WDZCchJVObc9MvowsE=
+ k8s.io/code-generator v0.23.3/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk=
+-k8s.io/component-base v0.27.3 h1:g078YmdcdTfrCE4fFobt7qmVXwS8J/3cI1XxRi/2+6k=
+-k8s.io/component-base v0.27.3/go.mod h1:JNiKYcGImpQ44iwSYs6dysxzR9SxIIgQalk4HaCNVUY=
+-k8s.io/component-helpers v0.27.3 h1:oK7+AlwBKsSUIIRC5Vv8/4HEtmgzXNQD+zLbsOUwVso=
+-k8s.io/component-helpers v0.27.3/go.mod h1:uxhXqoWHh4eBVcPj+LKWjtQq0V/vP5ihn4xmf5xNZso=
+-k8s.io/controller-manager v0.27.3 h1:tw1zoCi8ylYXoyImThlPkmdo9wQDtyhAojrjWdfBv/E=
+-k8s.io/controller-manager v0.27.3/go.mod h1:dH5WQMqZOTHZdY8sTQRv1RkZRibaaDx7sncvejUUICc=
++k8s.io/component-base v0.31.0 h1:/KIzGM5EvPNQcYgwq5NwoQBaOlVFrghoVGr8lG6vNRs=
++k8s.io/component-base v0.31.0/go.mod h1:TYVuzI1QmN4L5ItVdMSXKvH7/DtvIuas5/mm8YT3rTo=
++k8s.io/component-helpers v0.31.0 h1:jyRUKA+GX+q19o81k4x94imjNICn+e6Gzi6T89va1/A=
++k8s.io/component-helpers v0.31.0/go.mod h1:MrNIvT4iB7wXIseYSWfHUJB/aNUiFvbilp4qDfBQi6s=
++k8s.io/controller-manager v0.31.0 h1:OmM0JfkzMvNXGbKIInj8SOrqIHLW4ymDGaNaa4KqyGc=
++k8s.io/controller-manager v0.31.0/go.mod h1:slaIzbI1ecqVphjSuHwlzJQ2pclSwtjUzTEQ6fYAB8A=
+ k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
+ k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
+ k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
+ k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
+ k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+ k8s.io/klog/v2 v2.40.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+-k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw=
+-k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+-k8s.io/kms v0.27.3 h1:O6mZqi647ZLmxxkEv5Q9jMlmcXOh42CBD+A3MxI6zaQ=
+-k8s.io/kms v0.27.3/go.mod h1:VDfnSIK0dk5J+jasbe+kKpb3CQVwlcDeBLyq59P2KyY=
++k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
++k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
++k8s.io/kms v0.31.0 h1:KchILPfB1ZE+ka7223mpU5zeFNkmb45jl7RHnlImUaI=
++k8s.io/kms v0.31.0/go.mod h1:OZKwl1fan3n3N5FFxnW5C4V3ygrah/3YXeJWS3O6+94=
+ k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk=
+ k8s.io/kube-openapi v0.0.0-20220124234850-424119656bbf/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk=
+-k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg=
+-k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg=
++k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
++k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
+ k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+ k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+ k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+-k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY=
+-k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
++k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
++k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+ kubevirt.io/api v0.59.0 h1:UDsJWklzd0x/w3EQjc48jafZc4p4vVxKUpmBhg2nVRk=
+ kubevirt.io/api v0.59.0/go.mod h1:zts/6mioR8vGgvYmQ17Cb9XsUR9e/WjJcdokmrE38wY=
+ kubevirt.io/containerized-data-importer-api v1.55.0 h1:IQNc8PYVq1cTwKNPEJza5xSlcnXeYVNt76M5kZ8X7xo=
+ kubevirt.io/containerized-data-importer-api v1.55.0/go.mod h1:92HiQEyzPoeMiCbgfG5Qe10JQVbtWMZOXucy56dKdGg=
+ kubevirt.io/controller-lifecycle-operator-sdk/api v0.0.0-20220329064328-f3cc58c6ed90 h1:QMrd0nKP0BGbnxTqakhDZAUhGKxPiPiN5gSDqKUmGGc=
+ kubevirt.io/controller-lifecycle-operator-sdk/api v0.0.0-20220329064328-f3cc58c6ed90/go.mod h1:018lASpFYBsYN6XwmA2TIrPCx6e0gviTd/ZNtSitKgc=
+-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
+-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
+-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2 h1:trsWhjU5jZrx6UvFu4WzQDrN7Pga4a7Qg+zcfcj64PA=
+-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2/go.mod h1:+qG7ISXqCDVVcyO8hLn12AKVYYUjM7ftlqsqmrhMZE0=
++sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 h1:2770sDpzrjjsAtVhSeUFseziht227YAWYHLGNM8QPwY=
++sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw=
+ sigs.k8s.io/controller-runtime v0.14.5 h1:6xaWFqzT5KuAQ9ufgUaj1G/+C4Y1GRkhrxl+BJ9i+5s=
+ sigs.k8s.io/controller-runtime v0.14.5/go.mod h1:WqIdsAY6JBsjfc/CqO0CORmNtoCtE4S6qbPc9s68h+0=
+ sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs=
+@@ -795,8 +526,9 @@ sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h6
+ sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
+ sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
+ sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
+-sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
+-sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
++sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
++sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+ sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
+-sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
+ sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
++sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
++sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
+-- 
+2.48.1
\ No newline at end of file
diff --git a/SPECS/cloud-provider-kubevirt/initialization-and-configuration-handling.patch b/SPECS/cloud-provider-kubevirt/initialization-and-configuration-handling.patch
new file mode 100644
index 0000000000..e172a0791b
--- /dev/null
+++ b/SPECS/cloud-provider-kubevirt/initialization-and-configuration-handling.patch
@@ -0,0 +1,193 @@
+From 18283b69ff8dc71390789ace99aad7dd2e5ce03b Mon Sep 17 00:00:00 2001
+From: Sharath Srikanth Chellappa 
+Date: Fri, 28 Feb 2025 17:32:32 -0800
+Subject: [PATCH] Enhancements for Cloud Controller Manager Initialization and Configuration Handling
+
+Upstream issue: https://github.com/kubevirt/cloud-provider-kubevirt/issues/340
+
+The patches achieve the following:
+1. Locks down the Service Account used to access the fabric cluster
+2. Uses a non-expiring secret for the Service Account (since kubeconfig can expire and original flow uses admin kubeconfig)
+
+The locking down of the service account and using a non-expiring secret go hand in hand and cannot be split up into 2 patches.
+
+### `main.go` Changes
+
+1. **Initialization of `controllerAliases` and Passing to `NewCloudControllerManagerCommand`:**
+   - **Reason:** 
+     - *Controller Aliases:* We are using the k8s.io/cloud-provider version 0.31.0 (from v0.28.3), which makes it a requirement to provide controllerAliases by default.
+	 	This is a change in parameters defined from an older version that is being used upstream
+
+### `cloud.go` Changes
+
+1. **`CloudConfig` Struct Addition (ControlEndpoint Field):**
+   - **Reason:** The addition of the `ControlEndpoint` field allows the cloud configuration to specify an endpoint for control operations.
+	 This parameter is used in `serviceAccountClusterConfig` function.
+
+2. **New Function: `serviceAccountClusterConfig`:**
+   - **Reason:** 
+     - This has been done to use a non-expiring secret and also to lock down access from tenant cluster to the fabric cluster.
+     - This function abstracts the creation of a Kubernetes REST configuration using service account tokens and certificates.
+
+3. **Changes to `kubevirtCloudProviderFactory`:**
+   - **Use of `serviceAccountClusterConfig`:**
+     - **Reason:** This allows the factory to handle in-cluster configurations using the control endpoint and service account information, as opposed to relying solely on provided kubeconfigs.
+   - **Improved Error Handling with `errors.Wrap`:**
+     - **Reason:** Enhances debugging and error tracing by providing more context in error messages, which is useful for identifying the cause of failures.
+
+---
+ cmd/kubevirt-cloud-controller-manager/main.go |  4 +-
+ pkg/provider/cloud.go                         | 82 +++++++++++++------
+ 2 files changed, 58 insertions(+), 28 deletions(-)
+
+diff --git a/cmd/kubevirt-cloud-controller-manager/main.go b/cmd/kubevirt-cloud-controller-manager/main.go
+index 8e2c2467..ad59c16a 100644
+--- a/cmd/kubevirt-cloud-controller-manager/main.go
++++ b/cmd/kubevirt-cloud-controller-manager/main.go
+@@ -34,6 +34,7 @@ import (
+ 	_ "k8s.io/component-base/metrics/prometheus/version"  // for version metric registration
+ 	"k8s.io/klog/v2"
+ 
++	"k8s.io/cloud-provider/names"
+ 	_ "kubevirt.io/cloud-provider-kubevirt/pkg/provider"
+ )
+ 
+@@ -46,7 +47,8 @@ func main() {
+ 	fss := cliflag.NamedFlagSets{}
+ 	controllerInitializers := app.DefaultInitFuncConstructors
+ 
+-	command := app.NewCloudControllerManagerCommand(ccmOptions, cloudInitializer, controllerInitializers, fss, wait.NeverStop)
++	controllerAliases := names.CCMControllerAliases()
++	command := app.NewCloudControllerManagerCommand(ccmOptions, cloudInitializer, controllerInitializers, controllerAliases, fss, wait.NeverStop)
+ 	code := cli.Run(command)
+ 	os.Exit(code)
+ }
+diff --git a/pkg/provider/cloud.go b/pkg/provider/cloud.go
+index fab7da0b..b4f90ea3 100644
+--- a/pkg/provider/cloud.go
++++ b/pkg/provider/cloud.go
+@@ -16,6 +16,9 @@ import (
+ 	"k8s.io/utils/pointer"
+ 	kubevirtv1 "kubevirt.io/api/core/v1"
+ 	"sigs.k8s.io/controller-runtime/pkg/client"
++
++	"github.com/pkg/errors"
++	certutil "k8s.io/client-go/util/cert"
+ )
+ 
+ const (
+@@ -42,11 +45,12 @@ type cloud struct {
+ }
+ 
+ type CloudConfig struct {
+-	Kubeconfig   string             `yaml:"kubeconfig"`
+-	LoadBalancer LoadBalancerConfig `yaml:"loadBalancer"`
+-	InstancesV2  InstancesV2Config  `yaml:"instancesV2"`
+-	Namespace    string             `yaml:"namespace"`
+-	InfraLabels  map[string]string  `yaml:"infraLabels"`
++	Kubeconfig      string             `yaml:"kubeconfig"` // The kubeconfig used to connect to the underkube
++	LoadBalancer    LoadBalancerConfig `yaml:"loadBalancer"`
++	InstancesV2     InstancesV2Config  `yaml:"instancesV2"`
++	ControlEndpoint string             `yaml:"controlEndpoint"`
++	Namespace       string             `yaml:"namespace"`
++	InfraLabels     map[string]string  `yaml:"infraLabels"`
+ }
+ 
+ type LoadBalancerConfig struct {
+@@ -92,6 +96,40 @@ func NewCloudConfigFromBytes(configBytes []byte) (CloudConfig, error) {
+ 	return config, nil
+ }
+ 
++// adopted from client-go InClusterConfig
++func serviceAccountClusterConfig(controlEndpoint string) (*rest.Config, string, error) {
++	var serviceAccountMountPath = os.Getenv("CLUSTER_SERVICE_ACCOUNT_PATH")
++	var tokenFile = serviceAccountMountPath + "/token"
++	var rootCAFile = serviceAccountMountPath + "/ca.crt"
++	var namespaceFile = serviceAccountMountPath + "/namespace"
++
++	token, err := os.ReadFile(tokenFile)
++	if err != nil {
++		return nil, "", errors.Wrapf(err, "Failed to read tokenFile %s", tokenFile)
++	}
++
++	namespace, err := os.ReadFile(namespaceFile)
++	if err != nil {
++		return nil, "", errors.Wrapf(err, "Failed to read namespaceFile %s", namespaceFile)
++	}
++
++	tlsClientConfig := rest.TLSClientConfig{}
++
++	if _, err := certutil.NewPool(rootCAFile); err != nil {
++		klog.Errorf("Expected to load root CA config from %s, but got err: %v", rootCAFile, err)
++		return nil, "", errors.Wrapf(err, "Failed to read and parse rootCAFile %s", rootCAFile)
++	} else {
++		tlsClientConfig.CAFile = rootCAFile
++	}
++
++	return &rest.Config{
++		Host:            controlEndpoint,
++		TLSClientConfig: tlsClientConfig,
++		BearerToken:     string(token),
++		BearerTokenFile: tokenFile,
++	}, string(namespace), nil
++}
++
+ func kubevirtCloudProviderFactory(config io.Reader) (cloudprovider.Interface, error) {
+ 	if config == nil {
+ 		return nil, fmt.Errorf("No %s cloud provider config file given", ProviderName)
+@@ -106,41 +144,31 @@ func kubevirtCloudProviderFactory(config io.Reader) (cloudprovider.Interface, er
+ 	if err != nil {
+ 		return nil, fmt.Errorf("Failed to unmarshal cloud provider config: %v", err)
+ 	}
+-	namespace := cloudConf.Namespace
+-	var restConfig *rest.Config
++	var restConfig *rest.Config = nil
++	var namespace string = ""
+ 	if cloudConf.Kubeconfig == "" {
+-		restConfig, err = rest.InClusterConfig()
++		restConfig, namespace, err = serviceAccountClusterConfig(cloudConf.ControlEndpoint)
+ 		if err != nil {
+ 			return nil, err
+ 		}
+ 	} else {
+-		var infraKubeConfig string
+-		infraKubeConfig, err = getInfraKubeConfig(cloudConf.Kubeconfig)
+-		if err != nil {
+-			return nil, err
+-		}
+-		var clientConfig clientcmd.ClientConfig
+-		clientConfig, err = clientcmd.NewClientConfigFromBytes([]byte(infraKubeConfig))
++		clientConfig, err := clientcmd.NewClientConfigFromBytes([]byte(cloudConf.Kubeconfig))
+ 		if err != nil {
+-			return nil, err
++			return nil, errors.Wrap(err, "Failed to create client config from kubeconfig")
+ 		}
+ 		restConfig, err = clientConfig.ClientConfig()
+ 		if err != nil {
+-			return nil, err
++			return nil, errors.Wrap(err, "Failed to create rest config")
+ 		}
+-		if namespace == "" {
+-			namespace, _, err = clientConfig.Namespace()
+-			if err != nil {
+-				klog.Errorf("Could not find namespace in client config: %v", err)
+-				return nil, err
+-			}
++		namespace, _, err = clientConfig.Namespace()
++		if err != nil {
++			klog.Errorf("Could not find namespace in client config: %v", err)
++			return nil, errors.Wrap(err, "Could not find namespace in client config")
+ 		}
+ 	}
+-	c, err := client.New(restConfig, client.Options{
+-		Scheme: scheme,
+-	})
++	c, err := client.New(restConfig, client.Options{Scheme: scheme})
+ 	if err != nil {
+-		return nil, err
++		return nil, errors.Wrap(err, "Failed to create kube client")
+ 	}
+ 	return &cloud{
+ 		namespace: namespace,
+-- 
+2.45.2
diff --git a/SPECS/cloud-provider-kubevirt/instanceexists-watches-vms-instead-of-vmis.patch b/SPECS/cloud-provider-kubevirt/instanceexists-watches-vms-instead-of-vmis.patch
new file mode 100644
index 0000000000..0430738c06
--- /dev/null
+++ b/SPECS/cloud-provider-kubevirt/instanceexists-watches-vms-instead-of-vmis.patch
@@ -0,0 +1,207 @@
+From ffefe24cc261c6d98282de47c141b02c12dc13b5 Mon Sep 17 00:00:00 2001
+From: Sharath Srikanth Chellappa 
+Date: Thu, 3 Apr 2025 13:09:09 -0700
+Subject: [PATCH] InstanceExists should watch VMs instead of VMIs
+
+Modifies the instances_v2 implementation to locate node Instances
+based on their corresponding VMs rather than VMIs to prevent node
+deletion in cases where the node is intentionally powered off and
+the VMI is not available.
+
+The node-lifecycle-controller does check for cases where an Instance
+is shutdown, but because a VMI will always fail the existence check
+here -
+https://github.com/kubernetes/cloud-provider/blob/277393583629c7382333496c81a6d3e772d851bc/controllers/nodelifecycle/node_lifecycle_controller.go#L154
+the node will be deleted before the shutdown check can happen. This change
+allows a VM to be shutdown while keeping its Node intact
+
+This is a Nexus specific patch useful for Nexus during runtime upgrades.
+
+---
+ pkg/provider/instances_v2.go      | 20 ++++++++++----
+ pkg/provider/instances_v2_test.go | 45 +++++++++----------------------
+ pkg/provider/vm_getter.go         | 28 +++++++++++++++++++
+ 3 files changed, 55 insertions(+), 38 deletions(-)
+ create mode 100644 pkg/provider/vm_getter.go
+
+diff --git a/pkg/provider/instances_v2.go b/pkg/provider/instances_v2.go
+index cde1a325..6a57621d 100644
+--- a/pkg/provider/instances_v2.go
++++ b/pkg/provider/instances_v2.go
+@@ -36,15 +36,24 @@ type instancesV2 struct {
+ 
+ // InstanceExists returns true if the instance for the given node exists according to the cloud provider.
+ func (i *instancesV2) InstanceExists(ctx context.Context, node *corev1.Node) (bool, error) {
+-	instanceID, err := instanceIDFromProviderID(node.Spec.ProviderID)
+-	if err != nil {
+-		return false, err
++	// NOTE: There are cases where a node's infrastructure gets deleted before the providerID has
++	// been set. To avoid orphaned nodes we'll default the instanceID to the node name
++	instanceID := node.Name
++	var err error
++
++	if node.Spec.ProviderID != "" {
++		instanceID, err = instanceIDFromProviderID(node.Spec.ProviderID)
++		if err != nil {
++			return false, err
++		}
+ 	}
+ 
+-	_, err = InstanceByVMIName(instanceID).Get(ctx, i.client, i.namespace)
++	// NOTE: we're checking for a VirtualMachine here to avoid deleting Nodes that have been
++	// powered off and won't have a VirtualMachineInstance
++	_, err = InstanceByVMName(instanceID).Get(ctx, i.client, i.namespace)
+ 	if err != nil {
+ 		if errors.IsNotFound(err) {
+-			klog.Infof("Unable to find virtual machine instance %s", instanceID)
++			klog.Infof("Unable to find virtual machine %s", instanceID)
+ 			return false, nil
+ 		}
+ 		return false, err
+@@ -63,6 +72,7 @@ func (i *instancesV2) InstanceShutdown(ctx context.Context, node *corev1.Node) (
+ 	instance, err := InstanceByVMIName(instanceID).Get(ctx, i.client, i.namespace)
+ 	if err != nil {
+ 		if errors.IsNotFound(err) {
++			klog.Infof("instance %s is shut down", instanceID)
+ 			return true, nil
+ 		}
+ 		return false, err
+diff --git a/pkg/provider/instances_v2_test.go b/pkg/provider/instances_v2_test.go
+index 83ab2a0e..916b78e0 100644
+--- a/pkg/provider/instances_v2_test.go
++++ b/pkg/provider/instances_v2_test.go
+@@ -1272,31 +1272,31 @@ var _ = Describe("Instances V2", func() {
+ 
+ 		Context("With providerID set", func() {
+ 
+-			It("Should return true if VMI exists", func() {
+-				vmi := &kubevirtv1.VirtualMachineInstance{ObjectMeta: metav1.ObjectMeta{
++			It("Should return true if VM exists", func() {
++				vm := &kubevirtv1.VirtualMachine{ObjectMeta: metav1.ObjectMeta{
+ 					Name:      "test",
+ 					Namespace: "cluster-test",
+ 				}}
+ 				node := corev1.Node{
+ 					ObjectMeta: metav1.ObjectMeta{
+-						Name: vmi.Name,
++						Name: vm.Name,
+ 					},
+ 					Spec: corev1.NodeSpec{
+-						ProviderID: getProviderID(vmi.Name),
++						ProviderID: getProviderID(vm.Name),
+ 					},
+ 				}
+ 
+ 				mockClient.EXPECT().
+-					Get(ctx, types.NamespacedName{Name: vmi.Name, Namespace: vmi.Namespace}, &kubevirtv1.VirtualMachineInstance{}).
++					Get(ctx, types.NamespacedName{Name: vm.Name, Namespace: vm.Namespace}, &kubevirtv1.VirtualMachine{}).
+ 					Times(1)
+ 
+-				i := instancesV2{namespace: vmi.Namespace, client: mockClient}
++				i := instancesV2{namespace: vm.Namespace, client: mockClient}
+ 				exists, err := i.InstanceExists(ctx, &node)
+ 				Expect(exists).To(BeTrue())
+ 				Expect(err).ToNot(HaveOccurred())
+ 			})
+ 
+-			It("Should not return an error if VMI does not exist", func() {
++			It("Should not return an error if VM does not exist", func() {
+ 				namespace := "cluster-test"
+ 
+ 				node := corev1.Node{
+@@ -1309,8 +1309,8 @@ var _ = Describe("Instances V2", func() {
+ 				}
+ 
+ 				mockClient.EXPECT().
+-					Get(ctx, types.NamespacedName{Name: node.Name, Namespace: namespace}, &kubevirtv1.VirtualMachineInstance{}).
+-					Return(errors.NewNotFound(schema.GroupResource{Group: "kubevirt.io", Resource: "virtualmachineinstances"}, "missingVMI")).
++					Get(ctx, types.NamespacedName{Name: node.Name, Namespace: namespace}, &kubevirtv1.VirtualMachine{}).
++					Return(errors.NewNotFound(schema.GroupResource{Group: "kubevirt.io", Resource: "virtualmachineinstances"}, "missingVM")).
+ 					Times(1)
+ 
+ 				i := instancesV2{namespace: namespace, client: mockClient}
+@@ -1320,45 +1320,24 @@ var _ = Describe("Instances V2", func() {
+ 			})
+ 
+ 			It("Should return an error if provider id is invalid", func() {
+-				vmi := &kubevirtv1.VirtualMachineInstance{ObjectMeta: metav1.ObjectMeta{
++				vm := &kubevirtv1.VirtualMachine{ObjectMeta: metav1.ObjectMeta{
+ 					Name:      "test",
+ 					Namespace: "cluster-test",
+ 				}}
+ 				node := corev1.Node{
+ 					ObjectMeta: metav1.ObjectMeta{
+-						Name: vmi.Name,
++						Name: vm.Name,
+ 					},
+ 					Spec: corev1.NodeSpec{
+ 						ProviderID: "invalid-provider-id",
+ 					},
+ 				}
+ 
+-				i := instancesV2{namespace: vmi.Namespace, client: mockClient}
+-				exists, err := i.InstanceExists(ctx, &node)
+-				Expect(exists).To(BeFalse())
+-				Expect(err).To(HaveOccurred())
+-			})
+-		})
+-
+-		Context("Without providerID set", func() {
+-
+-			It("Should return an error", func() {
+-				vmi := &kubevirtv1.VirtualMachineInstance{ObjectMeta: metav1.ObjectMeta{
+-					Name:      "test",
+-					Namespace: "cluster-test",
+-				}}
+-				node := corev1.Node{
+-					ObjectMeta: metav1.ObjectMeta{
+-						Name: vmi.Name,
+-					},
+-				}
+-
+-				i := instancesV2{namespace: vmi.Namespace, client: mockClient}
++				i := instancesV2{namespace: vm.Namespace, client: mockClient}
+ 				exists, err := i.InstanceExists(ctx, &node)
+ 				Expect(exists).To(BeFalse())
+ 				Expect(err).To(HaveOccurred())
+ 			})
+-
+ 		})
+ 	})
+ 
+diff --git a/pkg/provider/vm_getter.go b/pkg/provider/vm_getter.go
+new file mode 100644
+index 00000000..31578014
+--- /dev/null
++++ b/pkg/provider/vm_getter.go
+@@ -0,0 +1,28 @@
++package provider
++
++import (
++	"context"
++
++	"k8s.io/apimachinery/pkg/types"
++	kubevirtv1 "kubevirt.io/api/core/v1"
++	"sigs.k8s.io/controller-runtime/pkg/client"
++)
++
++// Getter allows fetching virtual machine with multiple fetching strategies
++type Getter interface {
++	// Get gets a virtual machine
++	Get(ctx context.Context, cli client.Client, namespace string) (*kubevirtv1.VirtualMachine, error)
++}
++
++// InstanceByVMName tries to fetch a vm by its name
++type InstanceByVMName string
++
++func (i InstanceByVMName) Get(ctx context.Context, cli client.Client, namespace string) (*kubevirtv1.VirtualMachine, error) {
++	var instance kubevirtv1.VirtualMachine
++
++	err := cli.Get(ctx, types.NamespacedName{Namespace: namespace, Name: string(i)}, &instance)
++	if err != nil {
++		return nil, err
++	}
++	return &instance, nil
++}
+-- 
+2.48.1
diff --git a/SPECS/cloud-provider-kubevirt/single-ip-address-for-node.patch b/SPECS/cloud-provider-kubevirt/single-ip-address-for-node.patch
new file mode 100644
index 0000000000..a9b98a4162
--- /dev/null
+++ b/SPECS/cloud-provider-kubevirt/single-ip-address-for-node.patch
@@ -0,0 +1,1005 @@
+From 9a0935316fe1b6b3ade39bfd3c4875dbc558f038 Mon Sep 17 00:00:00 2001
+From: Sharath Srikanth Chellappa 
+Date: Fri, 28 Feb 2025 17:42:00 -0800
+Subject: [PATCH] Report single IP address for the node
+
+Upstream Issue: https://github.com/kubevirt/cloud-provider-kubevirt/issues/339
+
+The changes in the patch file `instances_v2.go` and its associated test file `instances_v2_test.go` do the following:
+
+### 1. Improved IPv4 and IPv6 Handling
+#### Why:
+- **Support for IPv6:** The changes include logic to handle both IPv4 and IPv6 addresses, differentiating between standard and EUI-64 IPv6 addresses.
+- **Node Internal IP Handling:** Ensuring that the configured IP addresses for nodes are correctly identified and handled, including avoiding link-local addresses.
+
+### 2. Enhanced Network Interface Parsing and Prioritization
+#### Why:
+- **Default Network Identification:** The changes prioritize interfaces named `"defaultcni"` and `"default"`t.
+- **One Interface per Address Type:** Ensures that only one address of each type (IPv4 and IPv6) is assigned per node.
+
+### 3. New Function `isEUI64IPv6`
+#### Why:
+- **EUI-64 Address Validation:** The introduction of `isEUI64IPv6` adds functionality to detect and handle EUI-64 IPv6 addresses.
+
+### 4. Changes in `getNodeAddresses` Function
+#### Why:
+- **Address Categorization:** The updated function logic selects IPv4 and IPv6 addresses for the node, by filtering out unwanted link-local addresses and chooses appropriate internal IP addresses.
+- **Candidate Address Logic:** Chooses which IP addresses to use amongst a list of IPs for that node.
+
+### 5. Test Enhancements in `instances_v2_test.go`
+#### Why:
+- **Comprehensive Testing:** The tests have been expanded to cover scenarios with different combinations of IPv4 and IPv6 addresses, ensuring that the new logic for address handling and prioritization is correctly implemented.
+
+---
+ pkg/provider/instances_v2.go      | 115 ++++-
+ pkg/provider/instances_v2_test.go | 772 +++++++++++++++++++++++++++++-
+ 2 files changed, 866 insertions(+), 21 deletions(-)
+
+diff --git a/pkg/provider/instances_v2.go b/pkg/provider/instances_v2.go
+index 0e49a708..cde1a325 100644
+--- a/pkg/provider/instances_v2.go
++++ b/pkg/provider/instances_v2.go
+@@ -2,8 +2,12 @@ package provider
+ 
+ import (
+ 	"context"
++	"encoding/hex"
+ 	"fmt"
++	"net"
++	"net/netip"
+ 	"regexp"
++	"strings"
+ 
+ 	corev1 "k8s.io/api/core/v1"
+ 	"k8s.io/apimachinery/pkg/api/errors"
+@@ -17,7 +21,8 @@ import (
+ const (
+ 	// instanceIDLabelKey could be injected by k8s providers to find a corresponding virtual machine instance
+ 	// the value should be a virtual machine name
+-	instanceIDLabelKey = "node.kubernetes.io/instance-id"
++	instanceIDLabelKey        = "node.kubernetes.io/instance-id"
++	aodsDefaultCNINetworkName = "defaultcni"
+ )
+ 
+ // Must match providerIDs built by cloudprovider.GetInstanceProviderID
+@@ -132,21 +137,111 @@ func (i *instancesV2) findInstance(ctx context.Context, fetchers ...InstanceGett
+ 	return instance, nil
+ }
+ 
++func isEUI64IPv6(ip net.IP) bool {
++	// Check if the address is IPv6
++	if ip.To16() == nil {
++		return false
++	}
++
++	// Convert IPv6 address to string and get its expanded versions
++	fullIPv6, _ := netip.ParseAddr(ip.String())
++	ipStr := fullIPv6.StringExpanded()
++
++	// Remove the network prefix portion
++	ipStr = strings.Split(ipStr, "/")[0]
++
++	// Split the address into its parts
++	parts := strings.Split(ipStr, ":")
++
++	// If the address contains less than 8 parts, it's not a valid EUI-64 address
++	if len(parts) < 8 {
++		return false
++	}
++
++	// Convert the last 8 octets to bytes
++	lastOctets := parts[len(parts)-8:]
++	var bytes []byte
++	for _, octet := range lastOctets {
++		octetBytes, err := hex.DecodeString(octet)
++		if err != nil {
++			return false
++		}
++		bytes = append(bytes, octetBytes...)
++	}
++
++	// Check if bytes[11] == 0xff and bytes[12] == 0xfe
++	return bytes[11] == 0xff && bytes[12] == 0xfe
++}
++
+ func (i *instancesV2) getNodeAddresses(ifs []kubevirtv1.VirtualMachineInstanceNetworkInterface, prevAddrs []corev1.NodeAddress) []corev1.NodeAddress {
+-	var addrs []corev1.NodeAddress
++	var addrs []corev1.NodeAddress = nil
+ 
++	// candidateAddr will only hold IPs for a single interface
++	var candidateAddr *corev1.NodeAddress = nil
++
++	// Flags to check if an IPv4 or IPv6 address has been found
++	ipv4 := false
++	ipv6 := false
++
++	// Accumulated IPv4 and IPv6 address. One value for each type
++	ipv4Address := ""
++	ipv6Address := ""
++
++	// Iterate over the interfaces to find the internal IP addresses. Set to true if an internal IP address is found
+ 	foundInternalIP := false
+-	// TODO: detect type of all addresses, right now pick only the default
++
+ 	for _, i := range ifs {
++
+ 		// Only change the IP if it is known, not if it is empty
+-		if i.Name == "default" && i.IP != "" {
+-			v1helper.AddToNodeAddresses(&addrs, corev1.NodeAddress{
+-				Type:    corev1.NodeInternalIP,
+-				Address: i.IP,
+-			})
+-			foundInternalIP = true
+-			break
++		if (i.Name == aodsDefaultCNINetworkName || i.Name == "default") && i.IP != "" {
++			ip := net.ParseIP(i.IP)
++
++			// Check if the IP is valid and not a link-local address
++			if !ip.IsLinkLocalUnicast() && !ip.IsLinkLocalMulticast() {
++
++				// Check if the IP is IPv4 or IPv6
++				if !ipv4 && ip.To4() != nil {
++
++					// If the IP is an IPv4 address, set the flag and the address.
++					// This ensures that there is only one IPv4 address for the node
++					ipv4 = true
++					ipv4Address = i.IP
++				} else if strings.Contains(i.IP, ":") {
++
++					// If an IPv6 address has not occurred earlier
++					if !ipv6 {
++
++						// Check if the address is an EUI-64 address. If not, then set the flag to true to denote that an IPV6 address has been found
++						if !isEUI64IPv6(ip) {
++							ipv6 = true
++						}
++
++						// Set the address as the candidate address irrespective of whether it is EUI-64 or not
++						// In the case it is EUI-64, it may be overwritten by the Link Local IPv6 address.
++						// In the case it is not EUI-64, it will be the only IPv6 address for the node and any future IPv6 address is discarded.
++						ipv6Address = i.IP
++					}
++				}
++			}
++		}
++	}
++
++	// If an IPv4 or IPv6 address has been found, add it to the list of addresses
++	if ipv4 {
++		candidateAddr = &corev1.NodeAddress{
++			Type:    corev1.NodeInternalIP,
++			Address: ipv4Address,
++		}
++		addrs = append(addrs, *candidateAddr)
++		foundInternalIP = true
++	}
++	if ipv6 || (!ipv6 && ipv6Address != "") {
++		candidateAddr = &corev1.NodeAddress{
++			Type:    corev1.NodeInternalIP,
++			Address: ipv6Address,
+ 		}
++		addrs = append(addrs, *candidateAddr)
++		foundInternalIP = true
+ 	}
+ 
+ 	// fall back to the previously known internal IP on the node
+diff --git a/pkg/provider/instances_v2_test.go b/pkg/provider/instances_v2_test.go
+index 8c798fc1..83ab2a0e 100644
+--- a/pkg/provider/instances_v2_test.go
++++ b/pkg/provider/instances_v2_test.go
+@@ -197,9 +197,10 @@ var _ = Describe("Instances V2", func() {
+ 							"Type":    Equal(corev1.NodeInternalIP),
+ 						}),
+ 					}),
+-					"InstanceType": Equal("highPerformance"),
+-					"Region":       Equal("region-a"),
+-					"Zone":         Equal("zone-1"),
++					"InstanceType":     Equal("highPerformance"),
++					"Region":           Equal("region-a"),
++					"Zone":             Equal("zone-1"),
++					"AdditionalLabels": BeNil(),
+ 				}))
+ 			})
+ 
+@@ -237,7 +238,7 @@ var _ = Describe("Instances V2", func() {
+ 						Interfaces: []kubevirtv1.VirtualMachineInstanceNetworkInterface{
+ 							{
+ 								IP:   "10.244.0.1",
+-								Name: "default",
++								Name: "defaultcni",
+ 							},
+ 							{
+ 								IP:   "10.245.0.1",
+@@ -290,9 +291,666 @@ var _ = Describe("Instances V2", func() {
+ 							"Type":    Equal(corev1.NodeInternalIP),
+ 						}),
+ 					}),
+-					"InstanceType": Equal("highPerformance"),
+-					"Region":       Equal("region-a"),
+-					"Zone":         Equal("zone-1"),
++					"InstanceType":     Equal("highPerformance"),
++					"Region":           Equal("region-a"),
++					"Zone":             Equal("zone-1"),
++					"AdditionalLabels": BeNil(),
++				}))
++			})
++
++			It("Should fetch a vmi by node name and return a complete metadata object - defaultcni network defined with IPV4 and IPv6", func() {
++				vmiName := "test-vm"
++				namespace := "cluster-qwedas"
++				i := instancesV2{
++					namespace: namespace,
++					client:    mockClient,
++					config: &InstancesV2Config{
++						Enabled:              true,
++						ZoneAndRegionEnabled: true,
++					},
++				}
++
++				infraNode := corev1.Node{
++					ObjectMeta: metav1.ObjectMeta{
++						Name: "infra-node",
++						Labels: map[string]string{
++							corev1.LabelTopologyRegion: "region-a",
++							corev1.LabelTopologyZone:   "zone-1",
++						},
++					},
++				}
++
++				vmi := kubevirtv1.VirtualMachineInstance{
++					ObjectMeta: metav1.ObjectMeta{
++						Name:      vmiName,
++						Namespace: namespace,
++						Annotations: map[string]string{
++							kubevirtv1.InstancetypeAnnotation: "highPerformance",
++						},
++					},
++					Status: kubevirtv1.VirtualMachineInstanceStatus{
++						Interfaces: []kubevirtv1.VirtualMachineInstanceNetworkInterface{
++							{
++								IP:   "10.244.0.1",
++								Name: "defaultcni",
++							},
++							{
++								IP:   "10.245.0.1",
++								Name: "unknown",
++							},
++							{
++								IP:   "2001:1b77:a00b:482:a8bb:ccff:fe62:161a",
++								Name: "defaultcni",
++							},
++							{
++								IP:   "2001:1b77:a00b:482::8",
++								Name: "defaultcni",
++							},
++							{
++								IP:   "fe80::a8bb:ccff:fe62:161a",
++								Name: "defaultcni",
++							},
++							{
++								IP: "10.246.0.1",
++							},
++						},
++						NodeName: infraNode.Name,
++					},
++				}
++
++				tenantNode := corev1.Node{
++					ObjectMeta: metav1.ObjectMeta{
++						Name: vmiName,
++					},
++					Status: corev1.NodeStatus{
++						Addresses: []corev1.NodeAddress{
++							{
++								Type:    corev1.NodeInternalIP,
++								Address: "10.200.100.1",
++							},
++						},
++					},
++				}
++
++				gomock.InOrder(
++					mockClient.EXPECT().
++						Get(ctx, types.NamespacedName{Name: vmiName, Namespace: namespace}, gomock.AssignableToTypeOf(&kubevirtv1.VirtualMachineInstance{})).
++						SetArg(2, vmi).
++						Times(1),
++					mockClient.EXPECT().
++						Get(ctx, client.ObjectKey{Name: infraNode.Name}, gomock.AssignableToTypeOf(&corev1.Node{})).
++						SetArg(2, infraNode).
++						Times(1),
++				)
++
++				metadata, err := i.InstanceMetadata(ctx, &tenantNode)
++				Expect(err).To(BeNil())
++
++				// Since there is no link-local IP, the IP assigned should be the EUI64 IP
++				idFn := func(index int, element interface{}) string {
++					return strconv.Itoa(index)
++				}
++				Expect(*metadata).To(MatchAllFields(Fields{
++					"ProviderID": Equal("kubevirt://test-vm"),
++					"NodeAddresses": MatchAllElementsWithIndex(idFn, Elements{
++						"0": MatchAllFields(Fields{
++							"Address": Equal("10.244.0.1"),
++							"Type":    Equal(corev1.NodeInternalIP),
++						}),
++						"1": MatchAllFields(Fields{
++							"Address": Equal("2001:1b77:a00b:482::8"),
++							"Type":    Equal(corev1.NodeInternalIP),
++						}),
++					}),
++					"InstanceType":     Equal("highPerformance"),
++					"Region":           Equal("region-a"),
++					"Zone":             Equal("zone-1"),
++					"AdditionalLabels": BeNil(),
++				}))
++			})
++
++			It("Should fetch a vmi by node name and return a complete metadata object - defaultcni network defined with IPV4 and IPv6 but with no link-local IPV6", func() {
++				vmiName := "test-vm"
++				namespace := "cluster-qwedas"
++				i := instancesV2{
++					namespace: namespace,
++					client:    mockClient,
++					config: &InstancesV2Config{
++						Enabled:              true,
++						ZoneAndRegionEnabled: true,
++					},
++				}
++
++				infraNode := corev1.Node{
++					ObjectMeta: metav1.ObjectMeta{
++						Name: "infra-node",
++						Labels: map[string]string{
++							corev1.LabelTopologyRegion: "region-a",
++							corev1.LabelTopologyZone:   "zone-1",
++						},
++					},
++				}
++
++				vmi := kubevirtv1.VirtualMachineInstance{
++					ObjectMeta: metav1.ObjectMeta{
++						Name:      vmiName,
++						Namespace: namespace,
++						Annotations: map[string]string{
++							kubevirtv1.InstancetypeAnnotation: "highPerformance",
++						},
++					},
++					Status: kubevirtv1.VirtualMachineInstanceStatus{
++						Interfaces: []kubevirtv1.VirtualMachineInstanceNetworkInterface{
++							{
++								IP:   "10.244.0.1",
++								Name: "defaultcni",
++							},
++							{
++								IP:   "10.245.0.1",
++								Name: "unknown",
++							},
++							{
++								IP:   "2001:1b77:a00b:482:a8bb:ccff:fe62:161a",
++								Name: "defaultcni",
++							},
++							{
++								IP:   "fe80::a8bb:ccff:fe62:161a",
++								Name: "defaultcni",
++							},
++							{
++								IP: "10.246.0.1",
++							},
++						},
++						NodeName: infraNode.Name,
++					},
++				}
++
++				tenantNode := corev1.Node{
++					ObjectMeta: metav1.ObjectMeta{
++						Name: vmiName,
++					},
++				}
++
++				gomock.InOrder(
++					mockClient.EXPECT().
++						Get(ctx, types.NamespacedName{Name: vmiName, Namespace: namespace}, gomock.AssignableToTypeOf(&kubevirtv1.VirtualMachineInstance{})).
++						SetArg(2, vmi).
++						Times(1),
++					mockClient.EXPECT().
++						Get(ctx, client.ObjectKey{Name: infraNode.Name}, gomock.AssignableToTypeOf(&corev1.Node{})).
++						SetArg(2, infraNode).
++						Times(1),
++				)
++
++				metadata, err := i.InstanceMetadata(ctx, &tenantNode)
++				Expect(err).To(BeNil())
++
++				// Since there is no link-local IP, the IP assigned should be the EUI64 IP
++				idFn := func(index int, element interface{}) string {
++					return strconv.Itoa(index)
++				}
++				Expect(*metadata).To(MatchAllFields(Fields{
++					"ProviderID": Equal("kubevirt://test-vm"),
++					"NodeAddresses": MatchAllElementsWithIndex(idFn, Elements{
++						"0": MatchAllFields(Fields{
++							"Address": Equal("10.244.0.1"),
++							"Type":    Equal(corev1.NodeInternalIP),
++						}),
++						"1": MatchAllFields(Fields{
++							"Address": Equal("2001:1b77:a00b:482:a8bb:ccff:fe62:161a"),
++							"Type":    Equal(corev1.NodeInternalIP),
++						}),
++					}),
++					"InstanceType":     Equal("highPerformance"),
++					"Region":           Equal("region-a"),
++					"Zone":             Equal("zone-1"),
++					"AdditionalLabels": BeNil(),
++				}))
++			})
++
++			It("Should fetch a vmi by node name and return a complete metadata object - defaultcni network defined with only IPv6", func() {
++				vmiName := "test-vm"
++				namespace := "cluster-qwedas"
++				i := instancesV2{
++					namespace: namespace,
++					client:    mockClient,
++					config: &InstancesV2Config{
++						Enabled:              true,
++						ZoneAndRegionEnabled: true,
++					},
++				}
++
++				infraNode := corev1.Node{
++					ObjectMeta: metav1.ObjectMeta{
++						Name: "infra-node",
++						Labels: map[string]string{
++							corev1.LabelTopologyRegion: "region-a",
++							corev1.LabelTopologyZone:   "zone-1",
++						},
++					},
++				}
++
++				vmi := kubevirtv1.VirtualMachineInstance{
++					ObjectMeta: metav1.ObjectMeta{
++						Name:      vmiName,
++						Namespace: namespace,
++						Annotations: map[string]string{
++							kubevirtv1.InstancetypeAnnotation: "highPerformance",
++						},
++					},
++					Status: kubevirtv1.VirtualMachineInstanceStatus{
++						Interfaces: []kubevirtv1.VirtualMachineInstanceNetworkInterface{
++							{
++								IP:   "2001:1b77:a00b:482:a8bb:ccff:fe62:161a",
++								Name: "defaultcni",
++							},
++							{
++								IP:   "2001:1b77:a00b:482::8",
++								Name: "defaultcni",
++							},
++							{
++								IP:   "fe80::a8bb:ccff:fe62:161a",
++								Name: "defaultcni",
++							},
++							{
++								IP: "10.246.0.1",
++							},
++						},
++						NodeName: infraNode.Name,
++					},
++				}
++
++				tenantNode := corev1.Node{
++					ObjectMeta: metav1.ObjectMeta{
++						Name: vmiName,
++					},
++					Status: corev1.NodeStatus{
++						Addresses: []corev1.NodeAddress{
++							{
++								Type:    corev1.NodeInternalIP,
++								Address: "10.200.100.1",
++							},
++						},
++					},
++				}
++
++				gomock.InOrder(
++					mockClient.EXPECT().
++						Get(ctx, types.NamespacedName{Name: vmiName, Namespace: namespace}, gomock.AssignableToTypeOf(&kubevirtv1.VirtualMachineInstance{})).
++						SetArg(2, vmi).
++						Times(1),
++					mockClient.EXPECT().
++						Get(ctx, client.ObjectKey{Name: infraNode.Name}, gomock.AssignableToTypeOf(&corev1.Node{})).
++						SetArg(2, infraNode).
++						Times(1),
++				)
++
++				metadata, err := i.InstanceMetadata(ctx, &tenantNode)
++				Expect(err).To(BeNil())
++
++				// Since there is a link-local IP, that takes precedence over the EUI64 IP
++				idFn := func(index int, element interface{}) string {
++					return strconv.Itoa(index)
++				}
++				Expect(*metadata).To(MatchAllFields(Fields{
++					"ProviderID": Equal("kubevirt://test-vm"),
++					"NodeAddresses": MatchAllElementsWithIndex(idFn, Elements{
++						"0": MatchAllFields(Fields{
++							"Address": Equal("2001:1b77:a00b:482::8"),
++							"Type":    Equal(corev1.NodeInternalIP),
++						}),
++					}),
++					"InstanceType":     Equal("highPerformance"),
++					"Region":           Equal("region-a"),
++					"Zone":             Equal("zone-1"),
++					"AdditionalLabels": BeNil(),
++				}))
++			})
++
++			It("Should fetch a vmi by node name and return a complete metadata object - defaultcni network defined with only IPv6 but with no link-local IP", func() {
++				vmiName := "test-vm"
++				namespace := "cluster-qwedas"
++				i := instancesV2{
++					namespace: namespace,
++					client:    mockClient,
++					config: &InstancesV2Config{
++						Enabled:              true,
++						ZoneAndRegionEnabled: true,
++					},
++				}
++
++				infraNode := corev1.Node{
++					ObjectMeta: metav1.ObjectMeta{
++						Name: "infra-node",
++						Labels: map[string]string{
++							corev1.LabelTopologyRegion: "region-a",
++							corev1.LabelTopologyZone:   "zone-1",
++						},
++					},
++				}
++
++				vmi := kubevirtv1.VirtualMachineInstance{
++					ObjectMeta: metav1.ObjectMeta{
++						Name:      vmiName,
++						Namespace: namespace,
++						Annotations: map[string]string{
++							kubevirtv1.InstancetypeAnnotation: "highPerformance",
++						},
++					},
++					Status: kubevirtv1.VirtualMachineInstanceStatus{
++						Interfaces: []kubevirtv1.VirtualMachineInstanceNetworkInterface{
++							{
++								IP:   "2001:1b77:a00b:482:a8bb:ccff:fe62:161a",
++								Name: "defaultcni",
++							},
++							{
++								IP:   "fe80::a8bb:ccff:fe62:161a",
++								Name: "defaultcni",
++							},
++							{
++								IP: "10.246.0.1",
++							},
++						},
++						NodeName: infraNode.Name,
++					},
++				}
++
++				tenantNode := corev1.Node{
++					ObjectMeta: metav1.ObjectMeta{
++						Name: vmiName,
++					},
++					Status: corev1.NodeStatus{
++						Addresses: []corev1.NodeAddress{
++							{
++								Type:    corev1.NodeInternalIP,
++								Address: "10.200.100.1",
++							},
++						},
++					},
++				}
++
++				gomock.InOrder(
++					mockClient.EXPECT().
++						Get(ctx, types.NamespacedName{Name: vmiName, Namespace: namespace}, gomock.AssignableToTypeOf(&kubevirtv1.VirtualMachineInstance{})).
++						SetArg(2, vmi).
++						Times(1),
++					mockClient.EXPECT().
++						Get(ctx, client.ObjectKey{Name: infraNode.Name}, gomock.AssignableToTypeOf(&corev1.Node{})).
++						SetArg(2, infraNode).
++						Times(1),
++				)
++
++				metadata, err := i.InstanceMetadata(ctx, &tenantNode)
++				Expect(err).To(BeNil())
++
++				// Since there is no link-local IP, the IP assigned should be the EUI64 IP
++				idFn := func(index int, element interface{}) string {
++					return strconv.Itoa(index)
++				}
++				Expect(*metadata).To(MatchAllFields(Fields{
++					"ProviderID": Equal("kubevirt://test-vm"),
++					"NodeAddresses": MatchAllElementsWithIndex(idFn, Elements{
++						"0": MatchAllFields(Fields{
++							"Address": Equal("2001:1b77:a00b:482:a8bb:ccff:fe62:161a"),
++							"Type":    Equal(corev1.NodeInternalIP),
++						}),
++					}),
++					"InstanceType":     Equal("highPerformance"),
++					"Region":           Equal("region-a"),
++					"Zone":             Equal("zone-1"),
++					"AdditionalLabels": BeNil(),
++				}))
++			})
++
++			It("Should fetch a vmi by node name and return a complete metadata object - defaultcni network defined with only IPv6 but with neither link-local nor EUI64 IP", func() {
++				vmiName := "test-vm"
++				namespace := "cluster-qwedas"
++				i := instancesV2{
++					namespace: namespace,
++					client:    mockClient,
++					config: &InstancesV2Config{
++						Enabled:              true,
++						ZoneAndRegionEnabled: true,
++					},
++				}
++
++				infraNode := corev1.Node{
++					ObjectMeta: metav1.ObjectMeta{
++						Name: "infra-node",
++						Labels: map[string]string{
++							corev1.LabelTopologyRegion: "region-a",
++							corev1.LabelTopologyZone:   "zone-1",
++						},
++					},
++				}
++
++				vmi := kubevirtv1.VirtualMachineInstance{
++					ObjectMeta: metav1.ObjectMeta{
++						Name:      vmiName,
++						Namespace: namespace,
++						Annotations: map[string]string{
++							kubevirtv1.InstancetypeAnnotation: "highPerformance",
++						},
++					},
++					Status: kubevirtv1.VirtualMachineInstanceStatus{
++						Interfaces: []kubevirtv1.VirtualMachineInstanceNetworkInterface{
++							{
++								IP:   "fe80::a8bb:ccff:fe62:161a",
++								Name: "defaultcni",
++							},
++							{
++								IP: "10.246.0.1",
++							},
++						},
++						NodeName: infraNode.Name,
++					},
++				}
++
++				tenantNode := corev1.Node{
++					ObjectMeta: metav1.ObjectMeta{
++						Name: vmiName,
++					},
++				}
++
++				gomock.InOrder(
++					mockClient.EXPECT().
++						Get(ctx, types.NamespacedName{Name: vmiName, Namespace: namespace}, gomock.AssignableToTypeOf(&kubevirtv1.VirtualMachineInstance{})).
++						SetArg(2, vmi).
++						Times(1),
++					mockClient.EXPECT().
++						Get(ctx, client.ObjectKey{Name: infraNode.Name}, gomock.AssignableToTypeOf(&corev1.Node{})).
++						SetArg(2, infraNode).
++						Times(1),
++				)
++
++				metadata, err := i.InstanceMetadata(ctx, &tenantNode)
++				Expect(err).To(BeNil())
++
++				idFn := func(index int, element interface{}) string {
++					return strconv.Itoa(index)
++				}
++				Expect(*metadata).To(MatchAllFields(Fields{
++					"ProviderID":       Equal("kubevirt://test-vm"),
++					"NodeAddresses":    MatchAllElementsWithIndex(idFn, Elements{}),
++					"InstanceType":     Equal("highPerformance"),
++					"Region":           Equal("region-a"),
++					"Zone":             Equal("zone-1"),
++					"AdditionalLabels": BeNil(),
++				}))
++			})
++
++			It("Should fetch a vmi by node name and return a complete metadata object - defaultcni network defined with only IPv4", func() {
++				vmiName := "test-vm"
++				namespace := "cluster-qwedas"
++				i := instancesV2{
++					namespace: namespace,
++					client:    mockClient,
++					config: &InstancesV2Config{
++						Enabled:              true,
++						ZoneAndRegionEnabled: true,
++					},
++				}
++
++				infraNode := corev1.Node{
++					ObjectMeta: metav1.ObjectMeta{
++						Name: "infra-node",
++						Labels: map[string]string{
++							corev1.LabelTopologyRegion: "region-a",
++							corev1.LabelTopologyZone:   "zone-1",
++						},
++					},
++				}
++
++				vmi := kubevirtv1.VirtualMachineInstance{
++					ObjectMeta: metav1.ObjectMeta{
++						Name:      vmiName,
++						Namespace: namespace,
++						Annotations: map[string]string{
++							kubevirtv1.InstancetypeAnnotation: "highPerformance",
++						},
++					},
++					Status: kubevirtv1.VirtualMachineInstanceStatus{
++						Interfaces: []kubevirtv1.VirtualMachineInstanceNetworkInterface{
++							{
++								IP:   "10.245.0.1",
++								Name: "defaultcni",
++							},
++							{
++								IP:   "10.247.0.1",
++								Name: "defaultcni",
++							},
++							{
++								IP: "10.246.0.1",
++							},
++						},
++						NodeName: infraNode.Name,
++					},
++				}
++
++				tenantNode := corev1.Node{
++					ObjectMeta: metav1.ObjectMeta{
++						Name: vmiName,
++					},
++					Status: corev1.NodeStatus{
++						Addresses: []corev1.NodeAddress{
++							{
++								Type:    corev1.NodeInternalIP,
++								Address: "10.200.100.1",
++							},
++						},
++					},
++				}
++
++				gomock.InOrder(
++					mockClient.EXPECT().
++						Get(ctx, types.NamespacedName{Name: vmiName, Namespace: namespace}, gomock.AssignableToTypeOf(&kubevirtv1.VirtualMachineInstance{})).
++						SetArg(2, vmi).
++						Times(1),
++					mockClient.EXPECT().
++						Get(ctx, client.ObjectKey{Name: infraNode.Name}, gomock.AssignableToTypeOf(&corev1.Node{})).
++						SetArg(2, infraNode).
++						Times(1),
++				)
++
++				metadata, err := i.InstanceMetadata(ctx, &tenantNode)
++				Expect(err).To(BeNil())
++
++				idFn := func(index int, element interface{}) string {
++					return strconv.Itoa(index)
++				}
++				Expect(*metadata).To(MatchAllFields(Fields{
++					"ProviderID": Equal("kubevirt://test-vm"),
++					"NodeAddresses": MatchAllElementsWithIndex(idFn, Elements{
++						"0": MatchAllFields(Fields{
++							"Address": Equal("10.245.0.1"),
++							"Type":    Equal(corev1.NodeInternalIP),
++						}),
++					}),
++					"InstanceType":     Equal("highPerformance"),
++					"Region":           Equal("region-a"),
++					"Zone":             Equal("zone-1"),
++					"AdditionalLabels": BeNil(),
++				}))
++			})
++
++			It("Should fetch a vmi by node name and return a complete metadata object - neither defaultcni network nor default interface defined", func() {
++				vmiName := "test-vm"
++				namespace := "cluster-qwedas"
++				i := instancesV2{
++					namespace: namespace,
++					client:    mockClient,
++					config: &InstancesV2Config{
++						Enabled:              true,
++						ZoneAndRegionEnabled: true,
++					},
++				}
++
++				infraNode := corev1.Node{
++					ObjectMeta: metav1.ObjectMeta{
++						Name: "infra-node",
++						Labels: map[string]string{
++							corev1.LabelTopologyRegion: "region-a",
++							corev1.LabelTopologyZone:   "zone-1",
++						},
++					},
++				}
++
++				vmi := kubevirtv1.VirtualMachineInstance{
++					ObjectMeta: metav1.ObjectMeta{
++						Name:      vmiName,
++						Namespace: namespace,
++						Annotations: map[string]string{
++							kubevirtv1.InstancetypeAnnotation: "highPerformance",
++						},
++					},
++					Status: kubevirtv1.VirtualMachineInstanceStatus{
++						Interfaces: []kubevirtv1.VirtualMachineInstanceNetworkInterface{
++							{
++								IP:   "10.244.0.1",
++								Name: "nondefault",
++							},
++							{
++								IP:   "10.245.0.1",
++								Name: "nondefaultcni",
++							},
++							{
++								IP: "10.246.0.1",
++							},
++						},
++						NodeName: infraNode.Name,
++					},
++				}
++
++				tenantNode := corev1.Node{
++					ObjectMeta: metav1.ObjectMeta{
++						Name: vmiName,
++					},
++				}
++
++				gomock.InOrder(
++					mockClient.EXPECT().
++						Get(ctx, types.NamespacedName{Name: vmiName, Namespace: namespace}, gomock.AssignableToTypeOf(&kubevirtv1.VirtualMachineInstance{})).
++						SetArg(2, vmi).
++						Times(1),
++					mockClient.EXPECT().
++						Get(ctx, client.ObjectKey{Name: infraNode.Name}, gomock.AssignableToTypeOf(&corev1.Node{})).
++						SetArg(2, infraNode).
++						Times(1),
++				)
++
++				metadata, err := i.InstanceMetadata(ctx, &tenantNode)
++				Expect(err).To(BeNil())
++
++				idFn := func(index int, element interface{}) string {
++					return strconv.Itoa(index)
++				}
++				Expect(*metadata).To(MatchAllFields(Fields{
++					"ProviderID":       Equal("kubevirt://test-vm"),
++					"NodeAddresses":    MatchAllElementsWithIndex(idFn, Elements{}),
++					"InstanceType":     Equal("highPerformance"),
++					"Region":           Equal("region-a"),
++					"Zone":             Equal("zone-1"),
++					"AdditionalLabels": BeNil(),
+ 				}))
+ 			})
+ 
+@@ -330,7 +988,7 @@ var _ = Describe("Instances V2", func() {
+ 						Interfaces: []kubevirtv1.VirtualMachineInstanceNetworkInterface{
+ 							{
+ 								IP:   "10.244.0.1",
+-								Name: "default",
++								Name: "defaultcni",
+ 							},
+ 							{
+ 								IP:   "10.245.0.1",
+@@ -348,6 +1006,14 @@ var _ = Describe("Instances V2", func() {
+ 					ObjectMeta: metav1.ObjectMeta{
+ 						Name: vmiName,
+ 					},
++					Status: corev1.NodeStatus{
++						Addresses: []corev1.NodeAddress{
++							{
++								Type:    corev1.NodeInternalIP,
++								Address: "10.200.100.1",
++							},
++						},
++					},
+ 				}
+ 
+ 				gomock.InOrder(
+@@ -371,9 +1037,93 @@ var _ = Describe("Instances V2", func() {
+ 							"Type":    Equal(corev1.NodeInternalIP),
+ 						}),
+ 					}),
+-					"InstanceType": Equal("highPerformance"),
+-					"Region":       Equal(""),
+-					"Zone":         Equal(""),
++					"InstanceType":     Equal("highPerformance"),
++					"Region":           Equal(""),
++					"Zone":             Equal(""),
++					"AdditionalLabels": BeNil(),
++				}))
++			})
++
++			It("Should fetch a vmi by node name and return a complete metadata object - only defaultcni network defined", func() {
++				vmiName := "test-vm"
++				namespace := "cluster-qwedas"
++				i := instancesV2{
++					namespace: namespace,
++					client:    mockClient,
++					config: &InstancesV2Config{
++						Enabled:              true,
++						ZoneAndRegionEnabled: false,
++					},
++				}
++
++				infraNode := corev1.Node{
++					ObjectMeta: metav1.ObjectMeta{
++						Name: "infra-node",
++						Labels: map[string]string{
++							corev1.LabelTopologyRegion: "region-a",
++							corev1.LabelTopologyZone:   "zone-1",
++						},
++					},
++				}
++
++				vmi := kubevirtv1.VirtualMachineInstance{
++					ObjectMeta: metav1.ObjectMeta{
++						Name:      vmiName,
++						Namespace: namespace,
++						Annotations: map[string]string{
++							kubevirtv1.InstancetypeAnnotation: "highPerformance",
++						},
++					},
++					Status: kubevirtv1.VirtualMachineInstanceStatus{
++						Interfaces: []kubevirtv1.VirtualMachineInstanceNetworkInterface{
++							{
++								IP:   "10.245.0.1",
++								Name: "defaultcni",
++							},
++						},
++						NodeName: infraNode.Name,
++					},
++				}
++
++				tenantNode := corev1.Node{
++					ObjectMeta: metav1.ObjectMeta{
++						Name: vmiName,
++					},
++					Status: corev1.NodeStatus{
++						Addresses: []corev1.NodeAddress{
++							{
++								Type:    corev1.NodeInternalIP,
++								Address: "10.200.100.1",
++							},
++						},
++					},
++				}
++
++				gomock.InOrder(
++					mockClient.EXPECT().
++						Get(ctx, types.NamespacedName{Name: vmiName, Namespace: namespace}, gomock.AssignableToTypeOf(&kubevirtv1.VirtualMachineInstance{})).
++						SetArg(2, vmi).
++						Times(1),
++				)
++
++				metadata, err := i.InstanceMetadata(ctx, &tenantNode)
++				Expect(err).To(BeNil())
++
++				idFn := func(index int, element interface{}) string {
++					return strconv.Itoa(index)
++				}
++				Expect(*metadata).To(MatchAllFields(Fields{
++					"ProviderID": Equal("kubevirt://test-vm"),
++					"NodeAddresses": MatchAllElementsWithIndex(idFn, Elements{
++						"0": MatchAllFields(Fields{
++							"Address": Equal("10.245.0.1"),
++							"Type":    Equal(corev1.NodeInternalIP),
++						}),
++					}),
++					"InstanceType":     Equal("highPerformance"),
++					"Region":           Equal(""),
++					"Zone":             Equal(""),
++					"AdditionalLabels": BeNil(),
+ 				}))
+ 			})
+ 
+-- 
+2.45.2
diff --git a/SPECS/cmake/CVE-2024-48615.patch b/SPECS/cmake/CVE-2024-48615.patch
new file mode 100644
index 0000000000..aed017844e
--- /dev/null
+++ b/SPECS/cmake/CVE-2024-48615.patch
@@ -0,0 +1,80 @@
+From f3e92ec63d76a77b8cbd3a8fd63dd8f308bbd1cb Mon Sep 17 00:00:00 2001
+From: kavyasree 
+Date: Mon, 7 Apr 2025 11:35:22 +0530
+Subject: [PATCH] Error handling for each call of __archive_read_ahead
+
+Reference: https://github.com/libarchive/libarchive/commit/565b5aea491671ae33df1ca63697c10d54c00165
+---
+ .../archive_read_support_format_tar.c           | 17 +++++++----------
+ 1 file changed, 7 insertions(+), 10 deletions(-)
+
+diff --git a/Utilities/cmlibarchive/libarchive/archive_read_support_format_tar.c b/Utilities/cmlibarchive/libarchive/archive_read_support_format_tar.c
+index 93c3fd58..8334559a 100644
+--- a/Utilities/cmlibarchive/libarchive/archive_read_support_format_tar.c
++++ b/Utilities/cmlibarchive/libarchive/archive_read_support_format_tar.c
+@@ -624,8 +624,6 @@ archive_read_format_tar_read_data(struct archive_read *a,
+ 		}
+ 
+ 		*buff = __archive_read_ahead(a, 1, &bytes_read);
+-		if (bytes_read < 0)
+-			return (ARCHIVE_FATAL);
+ 		if (*buff == NULL) {
+ 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+ 			    "Truncated tar archive");
+@@ -710,13 +708,11 @@ tar_read_header(struct archive_read *a, struct tar *tar,
+ 
+ 		/* Read 512-byte header record */
+ 		h = __archive_read_ahead(a, 512, &bytes);
+-		if (bytes < 0)
+-			return ((int)bytes);
+ 		if (bytes == 0) { /* EOF at a block boundary. */
+ 			/* Some writers do omit the block of nulls.  */
+ 			return (ARCHIVE_EOF);
+ 		}
+-		if (bytes < 512) {  /* Short block at EOF; this is bad. */
++		if (h == NULL) {  /* Short block at EOF; this is bad. */
+ 			archive_set_error(&a->archive,
+ 			    ARCHIVE_ERRNO_FILE_FORMAT,
+ 			    "Truncated tar archive");
+@@ -1458,6 +1454,9 @@ read_mac_metadata_blob(struct archive_read *a, struct tar *tar,
+ 	 */
+ 	data = __archive_read_ahead(a, msize, NULL);
+ 	if (data == NULL) {
++		archive_set_error(&a->archive, EINVAL,
++ 		    "Truncated archive"
++ 		    " detected while reading macOS metadata");
+ 		*unconsumed = 0;
+ 		return (ARCHIVE_FATAL);
+ 	}
+@@ -2359,9 +2358,7 @@ gnu_sparse_old_read(struct archive_read *a, struct tar *tar,
+ 	do {
+ 		tar_flush_unconsumed(a, unconsumed);
+ 		data = __archive_read_ahead(a, 512, &bytes_read);
+-		if (bytes_read < 0)
+-			return (ARCHIVE_FATAL);
+-		if (bytes_read < 512) {
++		if (data == NULL) {
+ 			archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
+ 			    "Truncated tar archive "
+ 			    "detected while reading sparse file data");
+@@ -2769,7 +2766,7 @@ readline(struct archive_read *a, struct tar *tar, const char **start,
+ 	tar_flush_unconsumed(a, unconsumed);
+ 
+ 	t = __archive_read_ahead(a, 1, &bytes_read);
+-	if (bytes_read <= 0)
++	if (bytes_read <= 0 || t == NULL)
+ 		return (ARCHIVE_FATAL);
+ 	s = t;  /* Start of line? */
+ 	p = memchr(t, '\n', bytes_read);
+@@ -2810,7 +2807,7 @@ readline(struct archive_read *a, struct tar *tar, const char **start,
+ 		}
+ 		/* Read some more. */
+ 		t = __archive_read_ahead(a, 1, &bytes_read);
+-		if (bytes_read <= 0)
++		if (bytes_read <= 0 || t == NULL)
+ 			return (ARCHIVE_FATAL);
+ 		s = t;  /* Start of line? */
+ 		p = memchr(t, '\n', bytes_read);
+-- 
+2.34.1
+
diff --git a/SPECS/cmake/cmake.spec b/SPECS/cmake/cmake.spec
index 781e636543..ad726a4dc5 100644
--- a/SPECS/cmake/cmake.spec
+++ b/SPECS/cmake/cmake.spec
@@ -2,7 +2,7 @@
 Summary:        Cmake
 Name:           cmake
 Version:        3.30.3
-Release:        5%{?dist}
+Release:        6%{?dist}
 License:        BSD AND LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -24,7 +24,8 @@ Patch7:         CVE-2023-44487.patch
 # nghttp2 v1.52.0 plus some upstream patches. nghttp2 version can be found in
 # Utilities/cmnghttp2/lib/includes/nghttp2/nghttp2ver.h. Manual inspection is
 # required to determine what upstream patches are included.
-Patch8:         CVE-2023-35945.patch  
+Patch8:         CVE-2023-35945.patch
+Patch9:		CVE-2024-48615.patch
 BuildRequires:  bzip2
 BuildRequires:  bzip2-devel
 BuildRequires:  curl
@@ -104,6 +105,9 @@ bin/ctest --force-new-ctest-process --rerun-failed --output-on-failure
 %{_libdir}/rpm/macros.d/macros.cmake
 
 %changelog
+* Mon Apr 07 2025 Kavya Sree Kaitepalli  - 3.30.3-6
+- Backport patch to fix CVE-2024-48615
+
 * Thu Mar 06 2025 corvus-callidus <108946721+corvus-callidus@users.noreply.github.com> - 3.30.3-5
 - Patch vendored nghttp2 to fix CVE-2023-44487 and CVE-2023-35945
 
diff --git a/SPECS/cni-plugins/CVE-2025-22872.patch b/SPECS/cni-plugins/CVE-2025-22872.patch
new file mode 100644
index 0000000000..2d63a81790
--- /dev/null
+++ b/SPECS/cni-plugins/CVE-2025-22872.patch
@@ -0,0 +1,42 @@
+From 1c0308205a333d387cf0ad2ddd9e7bec8d5f21b2 Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Mon, 28 Apr 2025 17:40:01 -0500
+Subject: [PATCH] Address CVE-2025-22872
+Upstream Patch Reference: https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9
+
+---
+ vendor/golang.org/x/net/html/token.go | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go
+index de67f93..9bbdf7d 100644
+--- a/vendor/golang.org/x/net/html/token.go
++++ b/vendor/golang.org/x/net/html/token.go
+@@ -839,8 +839,22 @@ func (z *Tokenizer) readStartTag() TokenType {
+ 	if raw {
+ 		z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end]))
+ 	}
+-	// Look for a self-closing token like "
".
+-	if z.err == nil && z.buf[z.raw.end-2] == '/' {
++	// Look for a self-closing token (e.g. 
).
++	//
++	// Originally, we did this by just checking that the last character of the
++	// tag (ignoring the closing bracket) was a solidus (/) character, but this
++	// is not always accurate.
++	//
++	// We need to be careful that we don't misinterpret a non-self-closing tag
++	// as self-closing, as can happen if the tag contains unquoted attribute
++	// values (i.e. 
).
++	//
++	// To avoid this, we check that the last non-bracket character of the tag
++	// (z.raw.end-2) isn't the same character as the last non-quote character of
++	// the last attribute of the tag (z.pendingAttr[1].end-1), if the tag has
++	// attributes.
++	nAttrs := len(z.attr)
++	if z.err == nil && z.buf[z.raw.end-2] == '/' && (nAttrs == 0 || z.raw.end-2 != z.attr[nAttrs-1][1].end-1) {
+ 		return SelfClosingTagToken
+ 	}
+ 	return StartTagToken
+-- 
+2.45.2
+
diff --git a/SPECS/cni-plugins/cni-plugins.spec b/SPECS/cni-plugins/cni-plugins.spec
index 667a39592a..69de7da7ff 100644
--- a/SPECS/cni-plugins/cni-plugins.spec
+++ b/SPECS/cni-plugins/cni-plugins.spec
@@ -1,7 +1,7 @@
 Summary:        Container Network Interface (CNI) plugins
 Name:           cni-plugins
 Version:        1.4.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -10,7 +10,8 @@ Group:          Development/Tools
 URL:            https://github.com/containernetworking/plugins
 #Source0:       https://github.com/containernetworking/plugins/archive/v%{version}.tar.gz
 Source0:        %{name}-%{version}.tar.gz
-Patch0:		CVE-2024-45338.patch
+Patch0:         CVE-2024-45338.patch
+Patch1:         CVE-2025-22872.patch
 
 %define _default_cni_plugins_dir /opt/cni/bin
 BuildRequires:  golang >= 1.5
@@ -41,6 +42,10 @@ make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck}
 %{_default_cni_plugins_dir}/*
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 1.4.0-4
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-22872
+
 * Fri Mar 21 2025 Anuj Mittal  - 1.4.0-3
 - Bump Release to rebuild
 
diff --git a/SPECS/conda/conda.spec b/SPECS/conda/conda.spec
index 2277d381e6..b709aad792 100644
--- a/SPECS/conda/conda.spec
+++ b/SPECS/conda/conda.spec
@@ -1,7 +1,7 @@
 Summary:        Cross-platform, Python-agnostic binary package manager
 Name:           conda
 Version:        24.3.0
-Release:        1%{?dist}
+Release:        3%{?dist}
 License:        BSD-3-Clause AND Apache-2.0
 # The conda code is BSD-3-Clause
 # adapters/ftp.py is Apache-2.0
@@ -108,6 +108,7 @@ Requires:       python3-conda-package-streaming
 Requires:       python3-jsonpatch
 Requires:       python3-menuinst
 Requires:       python3-platformdirs
+Requires:       python3-pluggy
 
 # Some versions in conda/_vendor/vendor.txt
 Provides:       bundled(python%{python3_pkgversion}-appdirs) = 1.2.0
@@ -302,7 +303,6 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} conda info
     --deselect=tests/cli/test_main_remove.py::test_remove_all_keep_env \
     --deselect=tests/cli/test_main_rename.py \
     --deselect=tests/cli/test_main_run.py \
-    --deselect=tests/cli/test_subcommands.py::test_create[libmamba] \
     --deselect=tests/cli/test_subcommands.py::test_env_create \
     --deselect=tests/cli/test_subcommands.py::test_env_update \
     --deselect=tests/cli/test_subcommands.py::test_init \
@@ -335,8 +335,6 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} conda info
     --deselect=tests/test_plan.py::test_pinned_specs_conda_meta_pinned \
     --deselect=tests/test_plan.py::test_pinned_specs_condarc \
     --deselect=tests/test_plan.py::test_pinned_specs_all \
-    --deselect=tests/cli/test_subcommands.py::test_compare[libmamba] \
-    --deselect=tests/cli/test_subcommands.py::test_package[libmamba] \
     --deselect=tests/cli/test_subcommands.py::test_remove[libmamba-remove] \
     --deselect=tests/cli/test_subcommands.py::test_remove[libmamba-uninstall] \
     --deselect=tests/cli/test_subcommands.py::test_remove_all_json[libmamba-remove] \
@@ -345,8 +343,6 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} conda info
     --deselect=tests/cli/test_subcommands.py::test_remove_all_json[classic-uninstall] \
     --deselect=tests/cli/test_subcommands.py::test_update[classic-update] \
     --deselect=tests/cli/test_subcommands.py::test_update[classic-upgrade] \
-    --deselect=tests/cli/test_subcommands.py::test_env_remove[libmamba] \
-    --deselect=tests/cli/test_subcommands.py::test_env_config_vars[libmamba] \
     --deselect=tests/core/test_subdir_data.py::test_subdir_data_coverage \
     --deselect=tests/models/test_prefix_graph.py::test_prefix_graph_1[libmamba] \
     --deselect=tests/models/test_prefix_graph.py::test_prefix_graph_2[libmamba] \
@@ -366,45 +362,7 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} conda info
 	--deselect=tests/cli/test_compare.py::test_compare_fail \
 	--deselect=tests/cli/test_main_notices.py::test_target_prefix \
 	--deselect=tests/core/test_package_cache_data.py::test_instantiating_package_cache_when_both_tar_bz2_and_conda_exist_read_only \
-	--deselect=tests/core/test_solve.py::test_solve_1[libmamba] \
-	--deselect=tests/core/test_solve.py::test_solve_msgs_exclude_vp[libmamba] \
-	--deselect=tests/core/test_solve.py::test_cuda_1[libmamba] \
-	--deselect=tests/core/test_solve.py::test_cuda_2[libmamba] \
-	--deselect=tests/core/test_solve.py::test_cuda_fail_2[libmamba] \
-	--deselect=tests/core/test_solve.py::test_cuda_constrain_absent[libmamba] \
-	--deselect=tests/core/test_solve.py::test_cuda_glibc_sat[libmamba] \
-	--deselect=tests/core/test_solve.py::test_update_prune_1[libmamba] \
-	--deselect=tests/core/test_solve.py::test_update_prune_4[libmamba] \
 	--deselect=tests/core/test_solve.py::test_update_prune_5[libmamba-True] \
-	--deselect=tests/core/test_solve.py::test_no_deps_1[libmamba] \
-	--deselect=tests/core/test_solve.py::test_only_deps_1[libmamba] \
-	--deselect=tests/core/test_solve.py::test_only_deps_2[libmamba] \
-	--deselect=tests/core/test_solve.py::test_update_all_1[libmamba] \
-	--deselect=tests/core/test_solve.py::test_unfreeze_when_required[libmamba] \
-	--deselect=tests/core/test_solve.py::test_auto_update_conda[libmamba] \
-	--deselect=tests/core/test_solve.py::test_explicit_conda_downgrade[libmamba] \
-	--deselect=tests/core/test_solve.py::test_aggressive_update_packages[libmamba] \
-	--deselect=tests/core/test_solve.py::test_update_deps_1[libmamba] \
-	--deselect=tests/core/test_solve.py::test_no_update_deps_1[libmamba] \
-	--deselect=tests/core/test_solve.py::test_force_reinstall_1[libmamba] \
-	--deselect=tests/core/test_solve.py::test_force_reinstall_2[libmamba] \
-	--deselect=tests/core/test_solve.py::test_channel_priority_churn_minimized[libmamba] \
-	--deselect=tests/core/test_solve.py::test_current_repodata_usage[libmamba] \
-	--deselect=tests/core/test_solve.py::test_current_repodata_fallback[libmamba] \
-	--deselect=tests/core/test_solve.py::test_downgrade_python_prevented_with_sane_message[libmamba] \
-	--deselect=tests/core/test_solve.py::test_packages_in_solution_change_already_newest[libmamba] \
-	--deselect=tests/core/test_solve.py::test_packages_in_solution_change_needs_update[libmamba] \
-	--deselect=tests/core/test_solve.py::test_packages_in_solution_change_constrained[libmamba] \
-	--deselect=tests/core/test_solve.py::test_determine_constricting_specs_conflicts[libmamba] \
-	--deselect=tests/core/test_solve.py::test_determine_constricting_specs_conflicts_upperbound[libmamba] \
-	--deselect=tests/core/test_solve.py::test_determine_constricting_specs_multi_conflicts[libmamba] \
-	--deselect=tests/core/test_solve.py::test_determine_constricting_specs_no_conflicts_upperbound_compound_depends[libmamba] \
-	--deselect=tests/core/test_solve.py::test_determine_constricting_specs_no_conflicts_version_star[libmamba] \
-	--deselect=tests/core/test_solve.py::test_determine_constricting_specs_no_conflicts_free[libmamba] \
-	--deselect=tests/core/test_solve.py::test_determine_constricting_specs_no_conflicts_no_upperbound[libmamba] \
-	--deselect=tests/cli/test_main_notices.py::test_notices_does_not_interrupt_command_on_failure \
-	--deselect=tests/models/test_prefix_graph.py::test_windows_sort_orders_1[libmamba] \
-	--deselect=tests/models/test_prefix_graph.py::test_sort_without_prep[libmamba] \
 	--deselect=tests/gateways/test_subprocess.py::test_subprocess_call_with_capture_output \
 	--deselect=tests/gateways/test_subprocess.py::test_subprocess_call_without_capture_output \
 	--deselect=tests/gateways/disk/test_delete.py::test_remove_file \
@@ -444,6 +402,12 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} conda info
 %{_datadir}/conda/condarc.d/
 
 %changelog
+* Thu May 01 2025 Riken Maharjan  - 24.3.0-3
+- Skip some test cases that are failing in the current version of conda using Fedora (License: MIT)
+
+* Fri April 11 2025 Riken Maharjan  - 24.3.0-2
+- Add missing python3-pluggy package
+
 * Wed Feb 26 2025 Riken Maharjan  - 24.3.0-1
 - Auto-upgrade to 24.3.0 - fixes subprocess_call when stdin is bytes
 - Add missing runtime dependencies archspec, boltons, menuinst, and conda-package-streaming 
diff --git a/SPECS/containerd/CVE-2024-40635.patch b/SPECS/containerd/CVE-2024-40635.patch
new file mode 100644
index 0000000000..91649d0d73
--- /dev/null
+++ b/SPECS/containerd/CVE-2024-40635.patch
@@ -0,0 +1,173 @@
+From 11504c3fc5f45634f2d93d57743a998194430b82 Mon Sep 17 00:00:00 2001
+From: Craig Ingram 
+Date: Fri, 7 Mar 2025 13:29:47 +0000
+Subject: [PATCH] validate uid/gid
+
+---
+ oci/spec_opts.go            | 24 ++++++++--
+ oci/spec_opts_linux_test.go | 92 +++++++++++++++++++++++++++++++++++++
+ 2 files changed, 112 insertions(+), 4 deletions(-)
+
+diff --git a/oci/spec_opts.go b/oci/spec_opts.go
+index f1422d505203..e89d54a8f19a 100644
+--- a/oci/spec_opts.go
++++ b/oci/spec_opts.go
+@@ -22,6 +22,7 @@ import (
+ 	"encoding/json"
+ 	"errors"
+ 	"fmt"
++	"math"
+ 	"os"
+ 	"path/filepath"
+ 	"runtime"
+@@ -594,6 +595,20 @@ func WithUser(userstr string) SpecOpts {
+ 		defer ensureAdditionalGids(s)
+ 		setProcess(s)
+ 		s.Process.User.AdditionalGids = nil
++		// While the Linux kernel allows the max UID to be MaxUint32 - 2,
++                // and the OCI Runtime Spec has no definition about the max UID,
++                // the runc implementation is known to require the UID to be <= MaxInt32.
++                //
++                // containerd follows runc's limitation here.
++                //
++                // In future we may relax this limitation to allow MaxUint32 - 2,
++                // or, amend the OCI Runtime Spec to codify the implementation limitation.
++		const (
++			minUserID  = 0
++			maxUserID  = math.MaxInt32
++			minGroupID = 0
++			maxGroupID = math.MaxInt32
++		)
+ 
+ 		// For LCOW it's a bit harder to confirm that the user actually exists on the host as a rootfs isn't
+ 		// mounted on the host and shared into the guest, but rather the rootfs is constructed entirely in the
+@@ -612,8 +627,8 @@ func WithUser(userstr string) SpecOpts {
+ 		switch len(parts) {
+ 		case 1:
+ 			v, err := strconv.Atoi(parts[0])
+-			if err != nil {
+-				// if we cannot parse as a uint they try to see if it is a username
++			if err != nil || v < minUserID || v > maxUserID {
++				// if we cannot parse as an int32 then try to see if it is a username
+ 				return WithUsername(userstr)(ctx, client, c, s)
+ 			}
+ 			return WithUserID(uint32(v))(ctx, client, c, s)
+@@ -624,12 +639,13 @@ func WithUser(userstr string) SpecOpts {
+ 			)
+ 			var uid, gid uint32
+ 			v, err := strconv.Atoi(parts[0])
+-			if err != nil {
++			if err != nil || v < minUserID || v > maxUserID {
+ 				username = parts[0]
+ 			} else {
+ 				uid = uint32(v)
+ 			}
+-			if v, err = strconv.Atoi(parts[1]); err != nil {
++			v, err = strconv.Atoi(parts[1])
++			if err != nil || v < minGroupID || v > maxGroupID {
+ 				groupname = parts[1]
+ 			} else {
+ 				gid = uint32(v)
+diff --git a/oci/spec_opts_linux_test.go b/oci/spec_opts_linux_test.go
+index 2293a1c874af..b80d01259d90 100644
+--- a/oci/spec_opts_linux_test.go
++++ b/oci/spec_opts_linux_test.go
+@@ -33,6 +33,98 @@ import (
+ 	"golang.org/x/sys/unix"
+ )
+ 
++//nolint:gosec
++func TestWithUser(t *testing.T) {
++	t.Parallel()
++
++	expectedPasswd := `root:x:0:0:root:/root:/bin/ash
++guest:x:405:100:guest:/dev/null:/sbin/nologin
++`
++	expectedGroup := `root:x:0:root
++bin:x:1:root,bin,daemon
++daemon:x:2:root,bin,daemon
++sys:x:3:root,bin,adm
++guest:x:100:guest
++`
++	td := t.TempDir()
++	apply := fstest.Apply(
++		fstest.CreateDir("/etc", 0777),
++		fstest.CreateFile("/etc/passwd", []byte(expectedPasswd), 0777),
++		fstest.CreateFile("/etc/group", []byte(expectedGroup), 0777),
++	)
++	if err := apply.Apply(td); err != nil {
++		t.Fatalf("failed to apply: %v", err)
++	}
++	c := containers.Container{ID: t.Name()}
++	testCases := []struct {
++		user        string
++		expectedUID uint32
++		expectedGID uint32
++		err         string
++	}{
++		{
++			user:        "0",
++			expectedUID: 0,
++			expectedGID: 0,
++		},
++		{
++			user:        "root:root",
++			expectedUID: 0,
++			expectedGID: 0,
++		},
++		{
++			user:        "guest",
++			expectedUID: 405,
++			expectedGID: 100,
++		},
++		{
++			user:        "guest:guest",
++			expectedUID: 405,
++			expectedGID: 100,
++		},
++		{
++			user: "guest:nobody",
++			err:  "no groups found",
++		},
++		{
++			user:        "405:100",
++			expectedUID: 405,
++			expectedGID: 100,
++		},
++		{
++			user: "405:2147483648",
++			err:  "no groups found",
++		},
++		{
++			user: "-1000",
++			err:  "no users found",
++		},
++		{
++			user: "2147483648",
++			err:  "no users found",
++		},
++	}
++	for _, testCase := range testCases {
++		testCase := testCase
++		t.Run(testCase.user, func(t *testing.T) {
++			t.Parallel()
++			s := Spec{
++				Version: specs.Version,
++				Root: &specs.Root{
++					Path: td,
++				},
++				Linux: &specs.Linux{},
++			}
++			err := WithUser(testCase.user)(context.Background(), nil, &c, &s)
++			if err != nil {
++				assert.EqualError(t, err, testCase.err)
++			}
++			assert.Equal(t, testCase.expectedUID, s.Process.User.UID)
++			assert.Equal(t, testCase.expectedGID, s.Process.User.GID)
++		})
++	}
++}
++
+ //nolint:gosec
+ func TestWithUserID(t *testing.T) {
+ 	t.Parallel()
diff --git a/SPECS/containerd/containerd.spec b/SPECS/containerd/containerd.spec
index 62e62238ef..d510700d9e 100644
--- a/SPECS/containerd/containerd.spec
+++ b/SPECS/containerd/containerd.spec
@@ -4,7 +4,7 @@
 Summary: Industry-standard container runtime
 Name: containerd
 Version: 1.7.13
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: ASL 2.0
 Group: Tools/Container
 URL: https://www.containerd.io
@@ -22,6 +22,7 @@ Patch4:  CVE-2024-24786.patch
 Patch5:  CVE-2024-28180.patch
 Patch6:  CVE-2023-45288.patch
 Patch7:  CVE-2025-27144.patch
+Patch8:  CVE-2024-40635.patch
 
 %{?systemd_requires}
 
@@ -91,8 +92,12 @@ fi
 %dir /opt/containerd/lib
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 1.7.13-9
+- merge from Azure Linux 3.0.20250521-3.0
+- Fix CVE-2024-40635
+
 * Fri Apr 28 2025 Ranjan Dutta  - 1.7.13-8
-- merge from Azure Linux 3.0.20250423.
+- merge from Azure Linux 3.0.20250423-3.0
 - Fix CVE-2025-27144
 
 * Fri Mar 21 2025 Anuj Mittal  - 1.7.13-7
diff --git a/SPECS/containerd2/CVE-2024-40635.patch b/SPECS/containerd2/CVE-2024-40635.patch
new file mode 100644
index 0000000000..a7604073e8
--- /dev/null
+++ b/SPECS/containerd2/CVE-2024-40635.patch
@@ -0,0 +1,174 @@
+From 07a0b5419c408e70ed90179ea3e5825d986f80af Mon Sep 17 00:00:00 2001
+From: Craig Ingram 
+Date: Tue, 11 Mar 2025 14:52:44 +0000
+Subject: [PATCH] (cherry picked from commit
+ de1341c201ffb0effebbf51d00376181968c8779)
+
+---
+ pkg/oci/spec_opts.go            | 24 +++++++--
+ pkg/oci/spec_opts_linux_test.go | 92 +++++++++++++++++++++++++++++++++
+ 2 files changed, 112 insertions(+), 4 deletions(-)
+
+diff --git a/pkg/oci/spec_opts.go b/pkg/oci/spec_opts.go
+index 3b85d764ae10..f7b298122957 100644
+--- a/pkg/oci/spec_opts.go
++++ b/pkg/oci/spec_opts.go
+@@ -22,6 +22,7 @@ import (
+ 	"encoding/json"
+ 	"errors"
+ 	"fmt"
++	"math"
+ 	"os"
+ 	"path/filepath"
+ 	"runtime"
+@@ -593,6 +594,20 @@ func WithUser(userstr string) SpecOpts {
+ 		defer ensureAdditionalGids(s)
+ 		setProcess(s)
+ 		s.Process.User.AdditionalGids = nil
++		// While the Linux kernel allows the max UID to be MaxUint32 - 2,
++                // and the OCI Runtime Spec has no definition about the max UID,
++                // the runc implementation is known to require the UID to be <= MaxInt32.
++                //
++                // containerd follows runc's limitation here.
++                //
++                // In future we may relax this limitation to allow MaxUint32 - 2,
++                // or, amend the OCI Runtime Spec to codify the implementation limitation.
++		const (
++			minUserID  = 0
++			maxUserID  = math.MaxInt32
++			minGroupID = 0
++			maxGroupID = math.MaxInt32
++		)
+ 
+ 		// For LCOW it's a bit harder to confirm that the user actually exists on the host as a rootfs isn't
+ 		// mounted on the host and shared into the guest, but rather the rootfs is constructed entirely in the
+@@ -611,8 +626,8 @@ func WithUser(userstr string) SpecOpts {
+ 		switch len(parts) {
+ 		case 1:
+ 			v, err := strconv.Atoi(parts[0])
+-			if err != nil {
+-				// if we cannot parse as a uint they try to see if it is a username
++			if err != nil || v < minUserID || v > maxUserID {
++				// if we cannot parse as an int32 then try to see if it is a username
+ 				return WithUsername(userstr)(ctx, client, c, s)
+ 			}
+ 			return WithUserID(uint32(v))(ctx, client, c, s)
+@@ -623,12 +638,13 @@ func WithUser(userstr string) SpecOpts {
+ 			)
+ 			var uid, gid uint32
+ 			v, err := strconv.Atoi(parts[0])
+-			if err != nil {
++			if err != nil || v < minUserID || v > maxUserID {
+ 				username = parts[0]
+ 			} else {
+ 				uid = uint32(v)
+ 			}
+-			if v, err = strconv.Atoi(parts[1]); err != nil {
++			v, err = strconv.Atoi(parts[1])
++			if err != nil || v < minGroupID || v > maxGroupID {
+ 				groupname = parts[1]
+ 			} else {
+ 				gid = uint32(v)
+diff --git a/pkg/oci/spec_opts_linux_test.go b/pkg/oci/spec_opts_linux_test.go
+index 9299fa1807b6..d34af356b103 100644
+--- a/pkg/oci/spec_opts_linux_test.go
++++ b/pkg/oci/spec_opts_linux_test.go
+@@ -33,6 +33,98 @@ import (
+ 	"golang.org/x/sys/unix"
+ )
+ 
++//nolint:gosec
++func TestWithUser(t *testing.T) {
++	t.Parallel()
++
++	expectedPasswd := `root:x:0:0:root:/root:/bin/ash
++guest:x:405:100:guest:/dev/null:/sbin/nologin
++`
++	expectedGroup := `root:x:0:root
++bin:x:1:root,bin,daemon
++daemon:x:2:root,bin,daemon
++sys:x:3:root,bin,adm
++guest:x:100:guest
++`
++	td := t.TempDir()
++	apply := fstest.Apply(
++		fstest.CreateDir("/etc", 0777),
++		fstest.CreateFile("/etc/passwd", []byte(expectedPasswd), 0777),
++		fstest.CreateFile("/etc/group", []byte(expectedGroup), 0777),
++	)
++	if err := apply.Apply(td); err != nil {
++		t.Fatalf("failed to apply: %v", err)
++	}
++	c := containers.Container{ID: t.Name()}
++	testCases := []struct {
++		user        string
++		expectedUID uint32
++		expectedGID uint32
++		err         string
++	}{
++		{
++			user:        "0",
++			expectedUID: 0,
++			expectedGID: 0,
++		},
++		{
++			user:        "root:root",
++			expectedUID: 0,
++			expectedGID: 0,
++		},
++		{
++			user:        "guest",
++			expectedUID: 405,
++			expectedGID: 100,
++		},
++		{
++			user:        "guest:guest",
++			expectedUID: 405,
++			expectedGID: 100,
++		},
++		{
++			user: "guest:nobody",
++			err:  "no groups found",
++		},
++		{
++			user:        "405:100",
++			expectedUID: 405,
++			expectedGID: 100,
++		},
++		{
++			user: "405:2147483648",
++			err:  "no groups found",
++		},
++		{
++			user: "-1000",
++			err:  "no users found",
++		},
++		{
++			user: "2147483648",
++			err:  "no users found",
++		},
++	}
++	for _, testCase := range testCases {
++		testCase := testCase
++		t.Run(testCase.user, func(t *testing.T) {
++			t.Parallel()
++			s := Spec{
++				Version: specs.Version,
++				Root: &specs.Root{
++					Path: td,
++				},
++				Linux: &specs.Linux{},
++			}
++			err := WithUser(testCase.user)(context.Background(), nil, &c, &s)
++			if err != nil {
++				assert.EqualError(t, err, testCase.err)
++			}
++			assert.Equal(t, testCase.expectedUID, s.Process.User.UID)
++			assert.Equal(t, testCase.expectedGID, s.Process.User.GID)
++		})
++	}
++}
++
+ //nolint:gosec
+ func TestWithUserID(t *testing.T) {
+ 	t.Parallel()
diff --git a/SPECS/containerd2/add-tardev-support.patch b/SPECS/containerd2/add-tardev-support.patch
deleted file mode 100644
index eb29ec934a..0000000000
--- a/SPECS/containerd2/add-tardev-support.patch
+++ /dev/null
@@ -1,302 +0,0 @@
-From b4c672fcfc8faad7d0534d887d72e2a68c112d20 Mon Sep 17 00:00:00 2001
-From: Mitch Zhu 
-Date: Mon, 3 Feb 2025 22:42:14 +0000
-Subject: [PATCH] Enhance snapshot handling and CRI runtime compatibility for
- tardev-snapshotter
-
----
- client/image.go                               |  4 +-
- internal/cri/server/container_status_test.go  |  2 +-
- internal/cri/server/images/image_pull.go      | 37 +++++++++++--------
- internal/cri/server/images/image_pull_test.go |  2 +-
- internal/cri/server/podsandbox/controller.go  |  2 +-
- internal/cri/server/podsandbox/sandbox_run.go | 30 ++++++++-------
- internal/cri/server/service.go                |  2 +-
- internal/cri/store/image/image.go             | 29 ++++++++++++---
- 8 files changed, 69 insertions(+), 39 deletions(-)
-
-diff --git a/client/image.go b/client/image.go
-index 355bcba..791db88 100644
---- a/client/image.go
-+++ b/client/image.go
-@@ -31,6 +31,7 @@ import (
- 	"github.com/containerd/containerd/v2/internal/kmutex"
- 	"github.com/containerd/containerd/v2/pkg/labels"
- 	"github.com/containerd/containerd/v2/pkg/rootfs"
-+	"github.com/containerd/containerd/v2/pkg/snapshotters"
- 	"github.com/containerd/errdefs"
- 	"github.com/containerd/platforms"
- 	"github.com/opencontainers/go-digest"
-@@ -333,7 +334,8 @@ func (i *image) Unpack(ctx context.Context, snapshotterName string, opts ...Unpa
- 	}
- 
- 	for _, layer := range layers {
--		unpacked, err = rootfs.ApplyLayerWithOpts(ctx, layer, chain, sn, a, config.SnapshotOpts, config.ApplyOpts)
-+		snOpts := append(config.SnapshotOpts, snapshots.WithLabels(map[string]string{snapshotters.TargetLayerDigestLabel: layer.Blob.Digest.String()}))
-+		unpacked, err = rootfs.ApplyLayerWithOpts(ctx, layer, chain, sn, a, snOpts, config.ApplyOpts)
- 		if err != nil {
- 			return fmt.Errorf("apply layer error for %q: %w", i.Name(), err)
- 		}
-diff --git a/internal/cri/server/container_status_test.go b/internal/cri/server/container_status_test.go
-index 05b1650..71dcc10 100644
---- a/internal/cri/server/container_status_test.go
-+++ b/internal/cri/server/container_status_test.go
-@@ -302,7 +302,7 @@ func (s *fakeImageService) LocalResolve(refOrID string) (imagestore.Image, error
- 
- func (s *fakeImageService) ImageFSPaths() map[string]string { return make(map[string]string) }
- 
--func (s *fakeImageService) PullImage(context.Context, string, func(string) (string, string, error), *runtime.PodSandboxConfig, string) (string, error) {
-+func (s *fakeImageService) PullImage(context.Context, string, func(string) (string, string, error), *runtime.PodSandboxConfig, string, string) (string, error) {
- 	return "", errors.New("not implemented")
- }
- 
-diff --git a/internal/cri/server/images/image_pull.go b/internal/cri/server/images/image_pull.go
-index e59b88b..f9c90b7 100644
---- a/internal/cri/server/images/image_pull.go
-+++ b/internal/cri/server/images/image_pull.go
-@@ -96,6 +96,15 @@ import (
- 
- // PullImage pulls an image with authentication config.
- func (c *GRPCCRIImageService) PullImage(ctx context.Context, r *runtime.PullImageRequest) (_ *runtime.PullImageResponse, err error) {
-+	imageRef := r.GetImage().GetImage()
-+	snapshotter, err := c.snapshotterFromPodSandboxConfig(ctx, imageRef, r.SandboxConfig, r.GetImage().GetRuntimeHandler())
-+	if err != nil {
-+		return nil, err
-+	}
-+	return c.pullImage(ctx, r, snapshotter)
-+}
-+
-+func (c *GRPCCRIImageService) pullImage(ctx context.Context, r *runtime.PullImageRequest, snapshotter string) (_ *runtime.PullImageResponse, err error) {
- 
- 	imageRef := r.GetImage().GetImage()
- 
-@@ -110,14 +119,14 @@ func (c *GRPCCRIImageService) PullImage(ctx context.Context, r *runtime.PullImag
- 		return ParseAuth(hostauth, host)
- 	}
- 
--	ref, err := c.CRIImageService.PullImage(ctx, imageRef, credentials, r.SandboxConfig, r.GetImage().GetRuntimeHandler())
-+	ref, err := c.CRIImageService.PullImage(ctx, imageRef, credentials, r.SandboxConfig, r.GetImage().GetRuntimeHandler(), snapshotter)
- 	if err != nil {
- 		return nil, err
- 	}
- 	return &runtime.PullImageResponse{ImageRef: ref}, nil
- }
- 
--func (c *CRIImageService) PullImage(ctx context.Context, name string, credentials func(string) (string, string, error), sandboxConfig *runtime.PodSandboxConfig, runtimeHandler string) (_ string, err error) {
-+func (c *CRIImageService) PullImage(ctx context.Context, name string, credentials func(string) (string, string, error), sandboxConfig *runtime.PodSandboxConfig, runtimeHandler string, snapshotter string) (_ string, err error) {
- 	span := tracing.SpanFromContext(ctx)
- 	defer func() {
- 		// TODO: add domain label for imagePulls metrics, and we may need to provide a mechanism
-@@ -167,10 +176,6 @@ func (c *CRIImageService) PullImage(ctx context.Context, name string, credential
- 	)
- 
- 	defer pcancel()
--	snapshotter, err := c.snapshotterFromPodSandboxConfig(ctx, ref, sandboxConfig)
--	if err != nil {
--		return "", err
--	}
- 	log.G(ctx).Debugf("PullImage %q with snapshotter %s", ref, snapshotter)
- 	span.SetAttributes(
- 		tracing.Attribute("image.ref", ref),
-@@ -761,17 +766,19 @@ func (rt *pullRequestReporterRoundTripper) RoundTrip(req *http.Request) (*http.R
- // Once we know the runtime, try to override default snapshotter if it is set for this runtime.
- // See https://github.com/containerd/containerd/issues/6657
- func (c *CRIImageService) snapshotterFromPodSandboxConfig(ctx context.Context, imageRef string,
--	s *runtime.PodSandboxConfig) (string, error) {
-+	s *runtime.PodSandboxConfig, runtimeHandler string) (string, error) {
- 	snapshotter := c.config.Snapshotter
--	if s == nil || s.Annotations == nil {
--		return snapshotter, nil
--	}
- 
--	// TODO(kiashok): honor the new CRI runtime handler field added to v0.29.0
--	// for image pull per runtime class support.
--	runtimeHandler, ok := s.Annotations[annotations.RuntimeHandler]
--	if !ok {
--		return snapshotter, nil
-+	if runtimeHandler == "" {
-+		if s == nil || s.Annotations == nil {
-+			return snapshotter, nil
-+		} else {
-+			ok := false
-+			runtimeHandler, ok = s.Annotations[annotations.RuntimeHandler]
-+			if !ok {
-+				return snapshotter, nil
-+			}
-+		}
- 	}
- 
- 	// TODO: Ensure error is returned if runtime not found?
-diff --git a/internal/cri/server/images/image_pull_test.go b/internal/cri/server/images/image_pull_test.go
-index bc79e35..af6a451 100644
---- a/internal/cri/server/images/image_pull_test.go
-+++ b/internal/cri/server/images/image_pull_test.go
-@@ -429,7 +429,7 @@ func TestSnapshotterFromPodSandboxConfig(t *testing.T) {
- 				Platform:    platforms.DefaultSpec(),
- 				Snapshotter: runtimeSnapshotter,
- 			}
--			snapshotter, err := cri.snapshotterFromPodSandboxConfig(context.Background(), "test-image", tt.podSandboxConfig)
-+			snapshotter, err := cri.snapshotterFromPodSandboxConfig(context.Background(), "test-image", tt.podSandboxConfig, "")
- 			assert.Equal(t, tt.expectedSnapshotter, snapshotter)
- 			if tt.expectedErr {
- 				assert.Error(t, err)
-diff --git a/internal/cri/server/podsandbox/controller.go b/internal/cri/server/podsandbox/controller.go
-index a185a4c..8fd032b 100644
---- a/internal/cri/server/podsandbox/controller.go
-+++ b/internal/cri/server/podsandbox/controller.go
-@@ -110,7 +110,7 @@ type RuntimeService interface {
- type ImageService interface {
- 	LocalResolve(refOrID string) (imagestore.Image, error)
- 	GetImage(id string) (imagestore.Image, error)
--	PullImage(ctx context.Context, name string, creds func(string) (string, string, error), sc *runtime.PodSandboxConfig, runtimeHandler string) (string, error)
-+	PullImage(ctx context.Context, name string, creds func(string) (string, string, error), sc *runtime.PodSandboxConfig, runtimeHandler string, snapshotter string) (string, error)
- 	RuntimeSnapshotter(ctx context.Context, ociRuntime criconfig.Runtime) string
- 	PinnedImage(string) string
- }
-diff --git a/internal/cri/server/podsandbox/sandbox_run.go b/internal/cri/server/podsandbox/sandbox_run.go
-index 53d949f..b296061 100644
---- a/internal/cri/server/podsandbox/sandbox_run.go
-+++ b/internal/cri/server/podsandbox/sandbox_run.go
-@@ -77,23 +77,25 @@ func (c *Controller) Start(ctx context.Context, id string) (cin sandbox.Controll
- 
- 	sandboxImage := c.getSandboxImageName()
- 	// Ensure sandbox container image snapshot.
--	image, err := c.ensureImageExists(ctx, sandboxImage, config, metadata.RuntimeHandler)
-+	ociRuntime, err := c.config.GetSandboxRuntime(config, metadata.RuntimeHandler)
- 	if err != nil {
--		return cin, fmt.Errorf("failed to get sandbox image %q: %w", sandboxImage, err)
-+		return cin, fmt.Errorf("failed to get sandbox runtime: %w", err)
- 	}
-+	log.G(ctx).WithField("podsandboxid", id).Debugf("use OCI runtime %+v", ociRuntime)
- 
--	containerdImage, err := c.toContainerdImage(ctx, *image)
-+	labels["oci_runtime_type"] = ociRuntime.Type
-+
-+	snapshotter := c.imageService.RuntimeSnapshotter(ctx, ociRuntime)
-+
-+	image, err := c.ensureImageExists(ctx, sandboxImage, config, metadata.RuntimeHandler, snapshotter)
- 	if err != nil {
--		return cin, fmt.Errorf("failed to get image from containerd %q: %w", image.ID, err)
-+		return cin, fmt.Errorf("failed to get sandbox image %q: %w", sandboxImage, err)
- 	}
- 
--	ociRuntime, err := c.config.GetSandboxRuntime(config, metadata.RuntimeHandler)
-+	containerdImage, err := c.toContainerdImage(ctx, *image)
- 	if err != nil {
--		return cin, fmt.Errorf("failed to get sandbox runtime: %w", err)
-+		return cin, fmt.Errorf("failed to get image from containerd %q: %w", image.ID, err)
- 	}
--	log.G(ctx).WithField("podsandboxid", id).Debugf("use OCI runtime %+v", ociRuntime)
--
--	labels["oci_runtime_type"] = ociRuntime.Type
- 
- 	// Create sandbox container root directories.
- 	sandboxRootDir := c.getSandboxRootDir(id)
-@@ -173,7 +175,7 @@ func (c *Controller) Start(ctx context.Context, id string) (cin sandbox.Controll
- 	snapshotterOpt = append(snapshotterOpt, extraSOpts...)
- 
- 	opts := []containerd.NewContainerOpts{
--		containerd.WithSnapshotter(c.imageService.RuntimeSnapshotter(ctx, ociRuntime)),
-+		containerd.WithSnapshotter(snapshotter),
- 		customopts.WithNewSnapshot(id, containerdImage, snapshotterOpt...),
- 		containerd.WithSpec(spec, specOpts...),
- 		containerd.WithContainerLabels(sandboxLabels),
-@@ -299,17 +301,19 @@ func (c *Controller) Create(_ctx context.Context, info sandbox.Sandbox, opts ...
- 	return c.store.Save(podSandbox)
- }
- 
--func (c *Controller) ensureImageExists(ctx context.Context, ref string, config *runtime.PodSandboxConfig, runtimeHandler string) (*imagestore.Image, error) {
-+func (c *Controller) ensureImageExists(ctx context.Context, ref string, config *runtime.PodSandboxConfig, runtimeHandler string, snapshotter string) (*imagestore.Image, error) {
- 	image, err := c.imageService.LocalResolve(ref)
- 	if err != nil && !errdefs.IsNotFound(err) {
- 		return nil, fmt.Errorf("failed to get image %q: %w", ref, err)
- 	}
- 	if err == nil {
--		return &image, nil
-+		if _, ok := image.Snapshotters[snapshotter]; ok {
-+			return &image, nil
-+		}
- 	}
- 	// Pull image to ensure the image exists
- 	// TODO: Cleaner interface
--	imageID, err := c.imageService.PullImage(ctx, ref, nil, config, runtimeHandler)
-+	imageID, err := c.imageService.PullImage(ctx, ref, nil, config, runtimeHandler, snapshotter)
- 	if err != nil {
- 		return nil, fmt.Errorf("failed to pull image %q: %w", ref, err)
- 	}
-diff --git a/internal/cri/server/service.go b/internal/cri/server/service.go
-index 37d66f0..5d1546e 100644
---- a/internal/cri/server/service.go
-+++ b/internal/cri/server/service.go
-@@ -97,7 +97,7 @@ type RuntimeService interface {
- type ImageService interface {
- 	RuntimeSnapshotter(ctx context.Context, ociRuntime criconfig.Runtime) string
- 
--	PullImage(ctx context.Context, name string, credentials func(string) (string, string, error), sandboxConfig *runtime.PodSandboxConfig, runtimeHandler string) (string, error)
-+	PullImage(ctx context.Context, name string, credentials func(string) (string, string, error), sandboxConfig *runtime.PodSandboxConfig, runtimeHandler string, snapshotter string) (string, error)
- 	UpdateImage(ctx context.Context, r string) error
- 
- 	CheckImages(ctx context.Context) error
-diff --git a/internal/cri/store/image/image.go b/internal/cri/store/image/image.go
-index 5887e75..43ecf0d 100644
---- a/internal/cri/store/image/image.go
-+++ b/internal/cri/store/image/image.go
-@@ -20,6 +20,7 @@ import (
- 	"context"
- 	"encoding/json"
- 	"fmt"
-+	"strings"
- 	"sync"
- 
- 	"github.com/containerd/containerd/v2/core/content"
-@@ -53,6 +54,8 @@ type Image struct {
- 	ImageSpec imagespec.Image
- 	// Pinned image to prevent it from garbage collection
- 	Pinned bool
-+	// Snapshotters is a map whose keys are snapshotters for which this image has a snapshot.
-+	Snapshotters map[string]struct{}
- }
- 
- // Getter is used to get images but does not make changes
-@@ -170,6 +173,19 @@ func (s *Store) getImage(ctx context.Context, i images.Image) (*Image, error) {
- 		return nil, fmt.Errorf("read image config from content store: %w", err)
- 	}
- 
-+	info, err := s.provider.Info(ctx, desc.Digest)
-+	if err != nil {
-+		return nil, fmt.Errorf("get content store config info: %w", err)
-+	}
-+
-+	snapshotters := make(map[string]struct{})
-+	for label := range info.Labels {
-+		const Prefix = "containerd.io/gc.ref.snapshot."
-+		if strings.HasPrefix(label, Prefix) {
-+			snapshotters[label[len(Prefix):]] = struct{}{}
-+		}
-+	}
-+
- 	var spec imagespec.Image
- 	if err := json.Unmarshal(blob, &spec); err != nil {
- 		return nil, fmt.Errorf("unmarshal image config %s: %w", blob, err)
-@@ -178,12 +194,13 @@ func (s *Store) getImage(ctx context.Context, i images.Image) (*Image, error) {
- 	pinned := i.Labels[labels.PinnedImageLabelKey] == labels.PinnedImageLabelValue
- 
- 	return &Image{
--		ID:         id,
--		References: []string{i.Name},
--		ChainID:    chainID.String(),
--		Size:       size,
--		ImageSpec:  spec,
--		Pinned:     pinned,
-+		ID:           id,
-+		References:   []string{i.Name},
-+		ChainID:      chainID.String(),
-+		Size:         size,
-+		ImageSpec:    spec,
-+		Pinned:       pinned,
-+		Snapshotters: snapshotters,
- 	}, nil
- 
- }
--- 
-2.34.1
\ No newline at end of file
diff --git a/SPECS/containerd2/containerd2.spec b/SPECS/containerd2/containerd2.spec
index 21b9106da6..ea6d2fcb24 100644
--- a/SPECS/containerd2/containerd2.spec
+++ b/SPECS/containerd2/containerd2.spec
@@ -5,7 +5,7 @@
 Summary: Industry-standard container runtime
 Name: %{upstream_name}2
 Version: 2.0.0
-Release: 6%{?dist}
+Release: 8%{?dist}
 License: ASL 2.0
 Group: Tools/Container
 URL: https://www.containerd.io
@@ -15,10 +15,10 @@ Distribution: Azure Linux
 Source0: https://github.com/containerd/containerd/archive/v%{version}.tar.gz#/%{upstream_name}-%{version}.tar.gz
 Source1: containerd.service
 Source2: containerd.toml
-# Added patch to support tardev-snapshotter for Kata CC
+
 Patch0:	CVE-2024-45338.patch
-Patch1:  add-tardev-support.patch
-Patch2:	CVE-2025-27144.patch
+Patch1:	CVE-2025-27144.patch
+Patch2:	CVE-2024-40635.patch
 %{?systemd_requires}
 
 BuildRequires: golang
@@ -90,8 +90,13 @@ fi
 %dir /opt/containerd/lib
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 2.0.0-8
+- merge from Azure Linux 3.0.20250521-3.0
+- Fix CVE-2024-40635
+- Remove the tardev-snapshotter patch for Kata CC support.
+
 * Fri Apr 28 2025 Ranjan Dutta  - 2.0.0-6
-- merge from Azure Linux 3.0.20250423.
+- merge from Azure Linux 3.0.20250423.3.0
 - Fix CVE-2025-27144
 - Add "Provides/Obsoletes:" to shift all installs of containerd and moby-containerd to containerd2
 
diff --git a/SPECS/containerized-data-importer/CVE-2025-22872.patch b/SPECS/containerized-data-importer/CVE-2025-22872.patch
new file mode 100644
index 0000000000..c86baa1694
--- /dev/null
+++ b/SPECS/containerized-data-importer/CVE-2025-22872.patch
@@ -0,0 +1,42 @@
+From c87c77a12e5554d376945bd488e56d4fc5b9e5ac Mon Sep 17 00:00:00 2001
+From: archana25-ms 
+Date: Tue, 22 Apr 2025 06:32:35 +0000
+Subject: [PATCH] Address CVE-2025-22872
+Upstream Patch Reference: https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9
+
+---
+ vendor/golang.org/x/net/html/token.go | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go
+index 3c57880..6598c1f 100644
+--- a/vendor/golang.org/x/net/html/token.go
++++ b/vendor/golang.org/x/net/html/token.go
+@@ -839,8 +839,22 @@ func (z *Tokenizer) readStartTag() TokenType {
+ 	if raw {
+ 		z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end]))
+ 	}
+-	// Look for a self-closing token like "
".
+-	if z.err == nil && z.buf[z.raw.end-2] == '/' {
++	// Look for a self-closing token (e.g. 
).
++	//
++	// Originally, we did this by just checking that the last character of the
++	// tag (ignoring the closing bracket) was a solidus (/) character, but this
++	// is not always accurate.
++	//
++	// We need to be careful that we don't misinterpret a non-self-closing tag
++	// as self-closing, as can happen if the tag contains unquoted attribute
++	// values (i.e. 
).
++	//
++	// To avoid this, we check that the last non-bracket character of the tag
++	// (z.raw.end-2) isn't the same character as the last non-quote character of
++	// the last attribute of the tag (z.pendingAttr[1].end-1), if the tag has
++	// attributes.
++	nAttrs := len(z.attr)
++	if z.err == nil && z.buf[z.raw.end-2] == '/' && (nAttrs == 0 || z.raw.end-2 != z.attr[nAttrs-1][1].end-1) {
+ 		return SelfClosingTagToken
+ 	}
+ 	return StartTagToken
+-- 
+2.45.3
+
diff --git a/SPECS/containerized-data-importer/containerized-data-importer.spec b/SPECS/containerized-data-importer/containerized-data-importer.spec
index a641b94b19..b5b5ccd42d 100644
--- a/SPECS/containerized-data-importer/containerized-data-importer.spec
+++ b/SPECS/containerized-data-importer/containerized-data-importer.spec
@@ -18,7 +18,7 @@
 Summary:        Container native virtualization
 Name:           containerized-data-importer
 Version:        1.57.0
-Release:        14%{?dist}
+Release:        15%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -36,6 +36,7 @@ Patch7:         CVE-2023-45288.patch
 Patch8:         CVE-2023-3978.patch
 Patch9:         CVE-2025-27144.patch
 Patch10:        CVE-2025-22868.patch
+Patch11:        CVE-2025-22872.patch
 BuildRequires:  golang
 BuildRequires:  golang-packaging
 BuildRequires:  libnbd-devel
@@ -230,6 +231,10 @@ install -m 0644 _out/manifests/release/cdi-cr.yaml %{buildroot}%{_datadir}/cdi/m
 %{_datadir}/cdi/manifests
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 1.57.0-15
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-22872
+
 * Fri Mar 21 2025 Anuj Mittal  - 1.57.0-14
 - Bump Release to rebuild
 
diff --git a/SPECS/coredns/CVE-2024-53259.patch b/SPECS/coredns/CVE-2024-53259.patch
new file mode 100644
index 0000000000..d1acd5a934
--- /dev/null
+++ b/SPECS/coredns/CVE-2024-53259.patch
@@ -0,0 +1,27 @@
+From 8e4536dda4bd884bd569a310deaed73b74c705f1 Mon Sep 17 00:00:00 2001
+From: Marten Seemann 
+Date: Mon, 25 Nov 2024 12:54:10 +0800
+Subject: [PATCH] use IP_PMTUDISC_PROBE instead of IP_PMTUDISC_DO on Linux
+
+---
+ github.com/quic-go/quic-go/sys_conn_df_linux.go | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/github.com/quic-go/quic-go/sys_conn_df_linux.go b/vendor/github.com/quic-go/quic-go/sys_conn_df_linux.go
+index f09eaa5..b09a239 100644
+--- a/vendor/github.com/quic-go/quic-go/sys_conn_df_linux.go
++++ b/vendor/github.com/quic-go/quic-go/sys_conn_df_linux.go
+@@ -16,8 +16,8 @@ func setDF(rawConn syscall.RawConn) (bool, error) {
+ 	// and the datagram will not be fragmented
+ 	var errDFIPv4, errDFIPv6 error
+ 	if err := rawConn.Control(func(fd uintptr) {
+-		errDFIPv4 = unix.SetsockoptInt(int(fd), unix.IPPROTO_IP, unix.IP_MTU_DISCOVER, unix.IP_PMTUDISC_DO)
+-		errDFIPv6 = unix.SetsockoptInt(int(fd), unix.IPPROTO_IPV6, unix.IPV6_MTU_DISCOVER, unix.IPV6_PMTUDISC_DO)
++		errDFIPv4 = unix.SetsockoptInt(int(fd), unix.IPPROTO_IP, unix.IP_MTU_DISCOVER, unix.IP_PMTUDISC_PROBE)
++		errDFIPv6 = unix.SetsockoptInt(int(fd), unix.IPPROTO_IPV6, unix.IPV6_MTU_DISCOVER, unix.IPV6_PMTUDISC_PROBE)
+ 	}); err != nil {
+ 		return false, err
+ 	}
+-- 
+2.34.1
+
diff --git a/SPECS/coredns/coredns.spec b/SPECS/coredns/coredns.spec
index 3fa2016ff9..770aeb9a7a 100644
--- a/SPECS/coredns/coredns.spec
+++ b/SPECS/coredns/coredns.spec
@@ -6,7 +6,7 @@
 Summary:        Fast and flexible DNS server
 Name:           coredns
 Version:        1.11.4
-Release:        5%{?dist}
+Release:        7%{?dist}
 License:        Apache License 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -39,6 +39,7 @@ Patch0:         CVE-2025-22868.patch
 Patch1:         coredns-example-net-test.patch
 Patch2:         CVE-2025-29786.patch
 Patch3:         CVE-2025-30204.patch
+Patch4:         CVE-2024-53259.patch
 
 BuildRequires:  golang >= 1.23
 
@@ -83,8 +84,12 @@ go install github.com/fatih/faillint@latest && \
 %{_bindir}/%{name}
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 1.11.4-7
+- merge from Azure Linux 3.0.20250521-3.0
+- Add patch for CVE-2024-53259
+
 * Fri Apr 28 2025 Ranjan Dutta  - 1.11.4-5
-- merge from Azure Linux 3.0.20250423.
+- merge from Azure Linux 3.0.20250423.3.0
 - Patch CVE-2025-30204
 - Fix CVE-2025-29786 with an upstream patch
 
diff --git a/SPECS/crash/crash.signatures.json b/SPECS/crash/crash.signatures.json
index 6d7b5dd2ec..e2ad71e4fe 100644
--- a/SPECS/crash/crash.signatures.json
+++ b/SPECS/crash/crash.signatures.json
@@ -1,6 +1,6 @@
 {
   "Signatures": {
-    "gdb-10.2-2.tar.gz": "76162b994d80718dfb7e9eaf101db3ed8495234756b262916f47359a807a3ac2",
+    "gdb-10.2-3.tar.gz": "0d322f3c3ee75b364eb4f90b394c9ecc17800d2a94d2913a5ea845acead26bd2",
     "crash-8.0.4.tar.gz": "94df600c183301013787cd47112044e358fb37bb8e2b5544f40377dda98ee78f"
   }
 }
diff --git a/SPECS/crash/crash.spec b/SPECS/crash/crash.spec
index 4ce251310f..fbdc53bb1a 100644
--- a/SPECS/crash/crash.spec
+++ b/SPECS/crash/crash.spec
@@ -1,7 +1,7 @@
 %global gdb_version 10.2
 Name:          crash
 Version:       8.0.4
-Release:       3%{?dist}
+Release:       4%{?dist}
 Summary:       kernel crash analysis utility for live systems, netdump, diskdump, kdump, LKCD or mcore dumpfiles
 Group:         Development/Tools
 Vendor:        Microsoft Corporation
@@ -10,7 +10,8 @@ URL:           https://github.com/crash-utility/crash
 Source0:       https://github.com/crash-utility/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 # crash requires gdb tarball for the build. There is no option to use the host gdb. For crash 8.0.1 the newest supported gdb version is 10.2.
 # '-2' version of the tarball contains fix for CVE-2022-37434 which cannot be applied as a .patch because source1 is only untar'ed during crash make
-Source1:       gdb-%{gdb_version}-2.tar.gz
+# '-3' version of the tarball contains fix for CVE-2021-20197, CVE-2022-47673, CVE-2022-47696 which cannot be applied as a .patch because source1 is only untar'ed during crash make
+Source1:       gdb-%{gdb_version}-3.tar.gz
 # lzo patch sourced from https://src.fedoraproject.org/rpms/crash/blob/rawhide/f/lzo_snappy_zstd.patch
 Patch0:        lzo_snappy_zstd.patch
 License:       GPLv3+
@@ -82,7 +83,7 @@ cp -p defs.h %{buildroot}%{_includedir}/crash
 %license COPYING3
 %{_bindir}/crash
 %{_mandir}/man8/crash.8.gz
-%doc COPYING3 README
+%doc README
 
 %files devel
 %defattr(-,root,root)
@@ -96,6 +97,9 @@ cp -p defs.h %{buildroot}%{_includedir}/crash
 %endif
 
 %changelog
+* Mon Apr 21 2025 Kanishk Bansal  - 8.0.4-4
+- Update gdb-10.2-3.tar.gz to address CVE-2021-20197, CVE-2022-47673, CVE-2022-47696
+
 * Tue Jun 18 2024 Andrew Phelps  - 8.0.4-3
 - Add crash-target-arm64 binary to analyze aarch64 dumps on x86_64 machine
 
diff --git a/SPECS/dcos-cli/CVE-2024-51744.patch b/SPECS/dcos-cli/CVE-2024-51744.patch
new file mode 100644
index 0000000000..95d568a692
--- /dev/null
+++ b/SPECS/dcos-cli/CVE-2024-51744.patch
@@ -0,0 +1,88 @@
+From e662e7439936f92a4e57b9ef3167045c406875c1 Mon Sep 17 00:00:00 2001
+From: jykanase 
+Date: Wed, 19 Mar 2025 09:16:08 +0000
+Subject: [PATCH] CVE-2024-51744
+
+Source Link: https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c
+---
+ vendor/github.com/dgrijalva/jwt-go/parser.go | 37 +++++++++++---------
+ 1 file changed, 21 insertions(+), 16 deletions(-)
+
+diff --git a/vendor/github.com/dgrijalva/jwt-go/parser.go b/vendor/github.com/dgrijalva/jwt-go/parser.go
+index d6901d9..7b7d623 100644
+--- a/vendor/github.com/dgrijalva/jwt-go/parser.go
++++ b/vendor/github.com/dgrijalva/jwt-go/parser.go
+@@ -13,13 +13,21 @@ type Parser struct {
+ 	SkipClaimsValidation bool     // Skip claims validation during token parsing
+ }
+ 
+-// Parse, validate, and return a token.
+-// keyFunc will receive the parsed token and should return the key for validating.
+-// If everything is kosher, err will be nil
++// Parse parses, validates, verifies the signature and returns the parsed token. keyFunc will
++// receive the parsed token and should return the key for validating.
+ func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
+ 	return p.ParseWithClaims(tokenString, MapClaims{}, keyFunc)
+ }
+ 
++// ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object
++// implementing the Claims interface. This provides default values which can be overridden and
++// allows a caller to use their own type, rather than the default MapClaims implementation of
++// Claims.
++//
++// Note: If you provide a custom claim implementation that embeds one of the standard claims (such
++// as RegisteredClaims), make sure that a) you either embed a non-pointer version of the claims or
++// b) if you are using a pointer, allocate the proper memory for it before passing in the overall
++// claims, otherwise you might run into a panic.
+ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) {
+ 	token, parts, err := p.ParseUnverified(tokenString, claims)
+ 	if err != nil {
+@@ -56,12 +64,17 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ 		return token, &ValidationError{Inner: err, Errors: ValidationErrorUnverifiable}
+ 	}
+ 
++	// Perform validation
++ 	token.Signature = parts[2]
++ 	if err := token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
++ 		return token, &ValidationError{Inner: err, Errors: ValidationErrorSignatureInvalid}
++ 	}
++
+ 	vErr := &ValidationError{}
+ 
+ 	// Validate Claims
+ 	if !p.SkipClaimsValidation {
+ 		if err := token.Claims.Valid(); err != nil {
+-
+ 			// If the Claims Valid returned an error, check if it is a validation error,
+ 			// If it was another error type, create a ValidationError with a generic ClaimsInvalid flag set
+ 			if e, ok := err.(*ValidationError); !ok {
+@@ -69,22 +82,14 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ 			} else {
+ 				vErr = e
+ 			}
++			return token, vErr
+ 		}
+ 	}
+ 
+-	// Perform validation
+-	token.Signature = parts[2]
+-	if err = token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
+-		vErr.Inner = err
+-		vErr.Errors |= ValidationErrorSignatureInvalid
+-	}
+-
+-	if vErr.valid() {
+-		token.Valid = true
+-		return token, nil
+-	}
++	// No errors so far, token is valid.
++ 	token.Valid = true
+ 
+-	return token, vErr
++	return token, nil
+ }
+ 
+ // WARNING: Don't use this method unless you know what you're doing
+-- 
+2.45.2
+
diff --git a/SPECS/dcos-cli/dcos-cli.spec b/SPECS/dcos-cli/dcos-cli.spec
index db100d90c1..04a202fd16 100644
--- a/SPECS/dcos-cli/dcos-cli.spec
+++ b/SPECS/dcos-cli/dcos-cli.spec
@@ -1,7 +1,7 @@
 Summary:        The command line for DC/OS
 Name:           dcos-cli
 Version:        1.2.0
-Release:        18%{?dist}
+Release:        19%{?dist}
 License:        Apache-2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -11,6 +11,8 @@ Source0:        https://github.com/dcos/dcos-cli/archive/refs/tags/%{version}.ta
 Patch0:         CVE-2020-26160.patch
 Patch1:         CVE-2024-28180.patch
 Patch2:         CVE-2025-27144.patch
+Patch3:         CVE-2024-51744.patch
+
 BuildRequires:  golang >= 1.17.1
 BuildRequires:  git
 %global debug_package %{nil}
@@ -47,8 +49,12 @@ go test -mod=vendor
 %{_bindir}/dcos
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 1.2.0-19
+- merge from Azure Linux 3.0.20250521-3.0
+- Fix CVE-2024-51744
+
 * Fri Apr 28 2025 Ranjan Dutta  - 1.2.0-18
-- merge from Azure Linux 3.0.20250423.
+- merge from Azure Linux 3.0.20250423.3.0
 - Fix CVE-2025-27144 with an upstream patch
 
 * Fri Mar 21 2025 Anuj Mittal  - 1.2.0-17
diff --git a/SPECS/dietlibc/CVE-2015-1473.patch b/SPECS/dietlibc/CVE-2015-1473.patch
new file mode 100644
index 0000000000..10ec9fffa6
--- /dev/null
+++ b/SPECS/dietlibc/CVE-2015-1473.patch
@@ -0,0 +1,56 @@
+From 3e76f9036b2845c988969cfeaefa6b5bd236185f Mon Sep 17 00:00:00 2001
+From: jykanase 
+Date: Mon, 17 Feb 2025 10:11:29 +0000
+Subject: [PATCH] CVE-2015-1473
+
+Source Link: https://sourceware.org/git/?p=glibc.git;a=patch;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06
+---
+ test/stdio/tst-sscanf.c | 32 ++++++++++++++++++++++++++++++++
+ 1 file changed, 32 insertions(+)
+
+diff --git a/test/stdio/tst-sscanf.c b/test/stdio/tst-sscanf.c
+index 3ec5a28..3472ff2 100644
+--- a/test/stdio/tst-sscanf.c
++++ b/test/stdio/tst-sscanf.c
+@@ -118,6 +118,38 @@ main (void)
+       if (! tst_locale)
+ 	break;
+     }
++   
++   /* BZ #16618
++   The test will segfault during SSCANF if the buffer overflow
++   is not fixed. The size of `s` is such that it forces the use
++   of malloc internally and this triggers the incorrect computation.
++   Thus the value for SIZE is arbitrarily high enough that malloc
++   is used. */
++   {
++    #define SIZE 131072
++    CHAR *s = malloc((SIZE + 1) * sizeof(*s));
++    if (s == NULL)
++        abort();
+ 
++    for (size_t i = 0; i < SIZE; i++)
++        s[i] = L('0');
++    s[SIZE] = L('\0');
++
++    int i = 42;
++    /* Scan multi-digit zero into `i`. */
++    if (SSCANF(s, L("%d"), &i) != 1) {
++        printf("FAIL: bug16618: SSCANF did not read one input item.\n");
++        result = 1;
++    }
++    if (i != 0) {
++        printf("FAIL: bug16618: Value of `i` was not zero as expected.\n");
++        result = 1;
++    }
++
++    free(s);
++    if (result != 1)
++        printf("PASS: bug16618: Did not crash.\n");
++    #undef SIZE
++   }
+   return result;
+ }
+-- 
+2.45.2
+
diff --git a/SPECS/dietlibc/dietlibc.spec b/SPECS/dietlibc/dietlibc.spec
index fc73fff924..e71a1fb284 100644
--- a/SPECS/dietlibc/dietlibc.spec
+++ b/SPECS/dietlibc/dietlibc.spec
@@ -11,13 +11,14 @@
 Summary:        Small libc implementation
 Name:           dietlibc
 Version:        0.34
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://www.fefe.de/dietlibc/
 Source0:        https://www.fefe.de/dietlibc/%{name}-%{version}.tar.xz
 Patch1:         dietlibc-insecure-defpath.patch
+Patch2:         CVE-2015-1473.patch
 
 BuildRequires:  gcc
 BuildRequires:  gdb
@@ -62,6 +63,7 @@ This package contains the dynamic libraries for dietlibc.
 %setup -q
 
 %patch 1
+%patch 2 -p1
 
 %if %{without ssp}
 sed -i -e 's!^#define WANT_SSP$!// \0!g;
@@ -127,6 +129,9 @@ ulimit -m $[ 128*1024 ] -v $[ 256*1024 ] -d $[ 128*1024 ] -s 512
 %{pkglibdir}
 
 %changelog
+* Mon Feb 17 2025 Jyoti kanase  - 0.34-7
+- Fix CVE-2015-1473
+
 * Tue Mar 29 2022 Pawel Winogrodzki  - 0.34-6
 - License verified.
 
diff --git a/SPECS/dnf5/CVE-2024-1929.patch b/SPECS/dnf5/CVE-2024-1929.patch
new file mode 100644
index 0000000000..b3b1ece074
--- /dev/null
+++ b/SPECS/dnf5/CVE-2024-1929.patch
@@ -0,0 +1,64 @@
+From 6e51bf2f0d585ab661806076c1e428c6482ddf86 Mon Sep 17 00:00:00 2001
+From: Marek Blaha 
+Date: Tue, 23 Jan 2024 10:08:51 +0100
+Subject: [PATCH] dnfdaemon: Explicitly specify allowed config overrides
+
+Limit main config options overrides for dnfdaemon session only to
+those explicitely allowed.
+---
+ dnf5daemon-server/session.cpp | 35 ++++++++++++++++++++++++++++++++++-
+ 1 file changed, 34 insertions(+), 1 deletion(-)
+
+diff --git a/dnf5daemon-server/session.cpp b/dnf5daemon-server/session.cpp
+index b5f2415b4..5322ddc08 100644
+--- a/dnf5daemon-server/session.cpp
++++ b/dnf5daemon-server/session.cpp
+@@ -37,6 +37,34 @@ along with libdnf.  If not, see .
+ #include 
+ #include 
+ 
++static const std::unordered_set ALLOWED_MAIN_CONF_OVERRIDES = {
++    "allow_downgrade",
++    "allow_vendor_change",
++    "best",
++    "clean_requirements_on_remove",
++    "disable_excludes",
++    "exclude_from_weak",
++    "exclude_from_weak_autodetect",
++    "excludepkgs",
++    "ignorearch",
++    "includepkgs",
++    "installonly_limit",
++    "installonlypkgs",
++    "install_weak_deps",
++    "keepcache",
++    "module_obsoletes",
++    "module_platform_id",
++    "module_stream_switch",
++    "multilib_policy",
++    "obsoletes",
++    "optional_metadata_types",
++    "protect_running_kernel",
++    "reposdir",
++    "skip_broken",
++    "skip_if_unavailable",
++    "skip_unavailable",
++    "strict",
++};
+ 
+ Session::Session(
+     std::vector> && loggers,
+@@ -65,7 +93,12 @@ Session::Session(
+         auto value = opt.second;
+         auto bind = opt_binds.find(key);
+         if (bind != opt_binds.end()) {
+-            bind->second.new_string(libdnf5::Option::Priority::RUNTIME, value);
++            if (ALLOWED_MAIN_CONF_OVERRIDES.find(key) != ALLOWED_MAIN_CONF_OVERRIDES.end()) {
++                bind->second.new_string(libdnf5::Option::Priority::RUNTIME, value);
++            } else {
++                base->get_logger()->warning("Config option {} not allowed.", key);
++                continue;
++            }
+         } else {
+             base->get_logger()->warning("Unknown config option: {}", key);
+         }
diff --git a/SPECS/dnf5/CVE-2024-1930.patch b/SPECS/dnf5/CVE-2024-1930.patch
new file mode 100644
index 0000000000..24a79072b4
--- /dev/null
+++ b/SPECS/dnf5/CVE-2024-1930.patch
@@ -0,0 +1,44 @@
+From c090ffeb79da57b88d51da6ee76f02f6512c7d91 Mon Sep 17 00:00:00 2001
+From: Marek Blaha 
+Date: Mon, 12 Feb 2024 09:40:02 +0100
+Subject: [PATCH] dnfdaemon: Limit number of simultaneously active sessions
+
+---
+ dnf5daemon-server/session_manager.cpp | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/dnf5daemon-server/session_manager.cpp b/dnf5daemon-server/session_manager.cpp
+index a5e1c14f7..b8439cf37 100644
+--- a/dnf5daemon-server/session_manager.cpp
++++ b/dnf5daemon-server/session_manager.cpp
+@@ -26,11 +26,15 @@ along with libdnf.  If not, see .
+ #include 
+ 
+ #include 
++#include 
+ #include 
+ #include 
+ #include 
+ #include 
+ 
++// TODO(mblaha): Make this constant configurable
++const int MAX_SESSIONS = 3;
++
+ SessionManager::SessionManager() {
+     connection = sdbus::createSystemBusConnection(dnfdaemon::DBUS_NAME);
+     dbus_register();
+@@ -98,6 +102,14 @@ sdbus::MethodReply SessionManager::open_session(sdbus::MethodCall & call) {
+     if (!active) {
+         throw sdbus::Error(dnfdaemon::ERROR, "Cannot open new session.");
+     }
++    // limit number of simultaneously opened sessions
++    const int num_sessions = std::accumulate(
++        sessions.begin(), sessions.end(), 0, [](int sum, const auto & sender) { return sum + sender.second.size(); });
++    if (num_sessions >= MAX_SESSIONS) {
++        auto reply = call.createErrorReply(sdbus::Error(
++            dnfdaemon::ERROR, "Cannot open new session - maximal number of simultaneously opened sessions achieved."));
++        return reply;
++    }
+ 
+     auto sender = call.getSender();
+     dnfdaemon::KeyValueMap configuration;
diff --git a/SPECS/dnf5/CVE-2024-2746.patch b/SPECS/dnf5/CVE-2024-2746.patch
new file mode 100644
index 0000000000..929253b2f8
--- /dev/null
+++ b/SPECS/dnf5/CVE-2024-2746.patch
@@ -0,0 +1,23 @@
+From 07c5770482605ca78aaed41f7224d141c5980de4 Mon Sep 17 00:00:00 2001
+From: Marek Blaha 
+Date: Thu, 21 Mar 2024 08:45:15 +0100
+Subject: [PATCH] dnf5daemon: Remove reposdir from allowed config overrides
+
+The option is potentially dangerous and can cause dnf5daemon-server to
+block on malicious reposdir.
+---
+ dnf5daemon-server/session.cpp | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/dnf5daemon-server/session.cpp b/dnf5daemon-server/session.cpp
+index b776c44bb..142abedfb 100644
+--- a/dnf5daemon-server/session.cpp
++++ b/dnf5daemon-server/session.cpp
+@@ -60,7 +60,6 @@ static const std::unordered_set ALLOWED_MAIN_CONF_OVERRIDES = {
+     "obsoletes",
+     "optional_metadata_types",
+     "protect_running_kernel",
+-    "reposdir",
+     "skip_broken",
+     "skip_if_unavailable",
+     "skip_unavailable",
diff --git a/SPECS/dnf5/dnf5-repo-snapshot.patch b/SPECS/dnf5/dnf5-repo-snapshot.patch
new file mode 100644
index 0000000000..b9d5786490
--- /dev/null
+++ b/SPECS/dnf5/dnf5-repo-snapshot.patch
@@ -0,0 +1,710 @@
+From 90fc635807dd23c2015358cc6cf3126e12bdacdc Mon Sep 17 00:00:00 2001
+From: Sam Meluch 
+Date: Tue, 29 Oct 2024 14:08:32 -0700
+Subject: [PATCH] dnf5 repo snapshot
+
+---
+ .../share/dnf5/aliases.d/compatibility.conf   |  12 +
+ dnf5/main.cpp                                 |  29 ++
+ doc/dnf5.8.rst                                |   6 +
+ include/libdnf5/conf/config_main.hpp          |   4 +
+ include/libdnf5/repo/config_repo.hpp          |   4 +
+ libdnf5/CMakeLists.txt                        |   2 +-
+ libdnf5/conf/config_main.cpp                  |  13 +
+ libdnf5/repo/config_repo.cpp                  |  13 +
+ libdnf5/repo/solv_repo.cpp                    | 387 +++++++++++++++++-
+ libdnf5/repo/solv_repo.hpp                    |  23 +-
+ 10 files changed, 484 insertions(+), 9 deletions(-)
+
+diff --git a/dnf5/config/usr/share/dnf5/aliases.d/compatibility.conf b/dnf5/config/usr/share/dnf5/aliases.d/compatibility.conf
+index e0776f29..e746efb8 100644
+--- a/dnf5/config/usr/share/dnf5/aliases.d/compatibility.conf
++++ b/dnf5/config/usr/share/dnf5/aliases.d/compatibility.conf
+@@ -20,6 +20,18 @@ long_name = 'nodocs'
+ source = 'no-docs'
+ group_id = 'options-compatibility-aliases'
+ 
++['snapshottime']
++type = 'cloned_named_arg'
++long_name = 'snapshottime'
++source = 'snapshot-time'
++group_id = 'options-compatibility-aliases'
++
++['snapshotexcluderepos']
++type = 'cloned_named_arg'
++long_name = 'snapshotexcluderepos'
++source = 'snapshot-exclude-repos'
++group_id = 'options-compatibility-aliases'
++
+ ['enablerepo']
+ type = 'cloned_named_arg'
+ long_name = 'enablerepo'
+diff --git a/dnf5/main.cpp b/dnf5/main.cpp
+index ab1b8702..2abd7069 100644
+--- a/dnf5/main.cpp
++++ b/dnf5/main.cpp
+@@ -340,6 +340,35 @@ void RootCommand::set_argument_parser() {
+         global_options_group->register_argument(exclude);
+     }
+ 
++    auto snapshot_repo_time = parser.add_new_named_arg("snapshot-time");
++    snapshot_repo_time->set_long_name("snapshot-time");
++    snapshot_repo_time->set_has_value(true);
++    snapshot_repo_time->set_arg_value_help("posix_time");
++    snapshot_repo_time->set_description(
++        "Posix time to be used for clientside repository snapshot");
++    snapshot_repo_time->link_value(&config.get_snapshot_time_option());
++    global_options_group->register_argument(snapshot_repo_time);
++
++    auto snapshot_repo_exclude = parser.add_new_named_arg("snapshot-exclude-repos");
++    snapshot_repo_exclude->set_long_name("snapshot-exclude-repos");
++    snapshot_repo_exclude->set_has_value(true);
++    snapshot_repo_exclude->set_arg_value_help("REPO_ID,...");
++    snapshot_repo_exclude->set_description(
++        "Repos to exclude from clientside repository snapshot");
++    snapshot_repo_exclude->set_parse_hook_func([&ctx](
++            [[maybe_unused]] ArgumentParser::NamedArg * arg, 
++            [[maybe_unused]] const char * option, 
++            const char * value) {
++            
++            // Store the repositories enablement to vector. Use it later when repositories configuration will be loaded.
++            libdnf5::OptionStringList repoid_patterns(value);
++            for (auto & repoid_pattern : repoid_patterns.get_value()) {
++                ctx.setopts.emplace_back(repoid_pattern + ".snapshot-exclude", "1");
++            }
++            return true;
++        });
++    global_options_group->register_argument(snapshot_repo_exclude);
++
+     auto enable_repo_ids = parser.add_new_named_arg("enable-repo");
+     enable_repo_ids->set_long_name("enable-repo");
+     enable_repo_ids->set_has_value(true);
+diff --git a/doc/dnf5.8.rst b/doc/dnf5.8.rst
+index 005a5cdc..f7d9d5f3 100644
+--- a/doc/dnf5.8.rst
++++ b/doc/dnf5.8.rst
+@@ -272,6 +272,12 @@ Following options are applicable in the general context for any ``dnf5`` command
+ ``--show-new-leaves``
+     | Show newly installed leaf packages and packages that became leaves after a transaction.
+ 
++``--snapshot-time=POSIX_TIME``
++    | POSIX_TIME to be used by ``DNF5`` when creating clientside repository snapshots of each available repo.
++
++``--snapshot-exclude-repos=REPO_ID,...``
++    | Repos which should be specifically excluded from clientside repository snapshots.
++
+ ``-y, --assumeyes``
+     | Automatically answer yes for all questions.
+ 
+diff --git a/include/libdnf5/conf/config_main.hpp b/include/libdnf5/conf/config_main.hpp
+index 0b4f9150..9d3942c6 100644
+--- a/include/libdnf5/conf/config_main.hpp
++++ b/include/libdnf5/conf/config_main.hpp
+@@ -215,6 +215,10 @@ public:
+     OptionBool & get_build_cache_option();
+     const OptionBool & get_build_cache_option() const;
+ 
++    // snapshot time config vars
++    OptionString & get_snapshot_time_option();
++    const OptionString & get_snapshot_time_option() const;
++
+     // Repo main config
+     OptionNumber & get_retries_option();
+     const OptionNumber & get_retries_option() const;
+diff --git a/include/libdnf5/repo/config_repo.hpp b/include/libdnf5/repo/config_repo.hpp
+index 1582c4bc..c6506b28 100644
+--- a/include/libdnf5/repo/config_repo.hpp
++++ b/include/libdnf5/repo/config_repo.hpp
+@@ -136,6 +136,10 @@ public:
+     OptionString & get_enabled_metadata_option();
+     const OptionString & get_enabled_metadata_option() const;
+ 
++    // snapshot exclude option for each repo
++    OptionBool & get_snapshot_exclude_option();
++    const OptionBool & get_snapshot_exclude_option() const;
++
+     OptionChild & get_user_agent_option();
+     const OptionChild & get_user_agent_option() const;
+     OptionChild & get_countme_option();
+diff --git a/libdnf5/CMakeLists.txt b/libdnf5/CMakeLists.txt
+index ddcee4fa..7eaeb83b 100644
+--- a/libdnf5/CMakeLists.txt
++++ b/libdnf5/CMakeLists.txt
+@@ -53,7 +53,7 @@ target_link_libraries(libdnf5 PRIVATE ${LIBMODULEMD_LIBRARIES})
+ 
+ pkg_check_modules(LIBSOLV REQUIRED libsolv>=0.7.25)
+ list(APPEND LIBDNF5_PC_REQUIRES "${LIBSOLV_MODULE_NAME}")
+-target_link_libraries(libdnf5 PRIVATE ${LIBSOLV_LIBRARIES})
++target_link_libraries(libdnf5 PUBLIC ${LIBSOLV_LIBRARIES})
+ 
+ pkg_check_modules(LIBSOLVEXT REQUIRED libsolvext>=0.7.7)
+ list(APPEND LIBDNF5_PC_REQUIRES_PRIVATE "${LIBSOLVEXT_MODULE_NAME}")
+diff --git a/libdnf5/conf/config_main.cpp b/libdnf5/conf/config_main.cpp
+index 379cfe27..f9b2fee1 100644
+--- a/libdnf5/conf/config_main.cpp
++++ b/libdnf5/conf/config_main.cpp
+@@ -220,6 +220,8 @@ class ConfigMain::Impl {
+     OptionString bugtracker_url{BUGTRACKER};
+     OptionBool zchunk{true};
+ 
++    OptionString snapshot_time{""};
++
+     OptionEnum color{"auto", {"auto", "never", "always"}, [](const std::string & value) {
+                                       const std::array always{{"on", "yes", "1", "true"}};
+                                       const std::array never{{"off", "no", "0", "false"}};
+@@ -358,6 +360,9 @@ ConfigMain::Impl::Impl(Config & owner) : owner(owner) {
+     owner.opt_binds().add("pluginconfpath", pluginconfpath);
+     owner.opt_binds().add("persistdir", persistdir);
+ 
++    //snapshot var
++    owner.opt_binds().add("snapshot-time", snapshot_time);
++
+     // Unless transaction_history_dir has been explicitly set, use the system_state_dir as its default
+     owner.opt_binds().add(
+         "system_state_dir",
+@@ -1154,6 +1159,14 @@ const OptionBool & ConfigMain::get_build_cache_option() const {
+     return p_impl->build_cache;
+ }
+ 
++// snapshot time config
++OptionString & ConfigMain::get_snapshot_time_option() {
++    return p_impl->snapshot_time;
++}
++const OptionString & ConfigMain::get_snapshot_time_option() const {
++    return p_impl->snapshot_time;
++}
++
+ // Repo main config
+ OptionNumber & ConfigMain::get_retries_option() {
+     return p_impl->retries;
+diff --git a/libdnf5/repo/config_repo.cpp b/libdnf5/repo/config_repo.cpp
+index 94c1b8c4..5f1396eb 100644
+--- a/libdnf5/repo/config_repo.cpp
++++ b/libdnf5/repo/config_repo.cpp
+@@ -39,6 +39,9 @@ class ConfigRepo::Impl {
+     ConfigMain & main_config;
+     std::string id;
+ 
++    // snapshot var
++    OptionBool snapshot_exclude{false};
++
+     OptionString name{""};
+     OptionChild enabled{main_config.get_enabled_option()};
+     OptionChild basecachedir{main_config.get_cachedir_option()};
+@@ -103,6 +106,9 @@ ConfigRepo::Impl::Impl(Config & owner, ConfigMain & main_config, const std::stri
+     owner.opt_binds().add("mediaid", mediaid);
+     owner.opt_binds().add("gpgkey", gpgkey);
+ 
++    //snapshot var
++    owner.opt_binds().add("snapshot-exclude", snapshot_exclude);
++
+     owner.opt_binds().add(
+         "excludepkgs",
+         excludepkgs,
+@@ -560,6 +566,13 @@ const OptionChild & ConfigRepo::get_build_cache_option() const {
+     return p_impl->build_cache;
+ }
+ 
++OptionBool & ConfigRepo::get_snapshot_exclude_option() {
++    return p_impl->snapshot_exclude;
++}
++const OptionBool & ConfigRepo::get_snapshot_exclude_option() const {
++    return p_impl->snapshot_exclude;
++}
++
+ 
+ std::string ConfigRepo::get_unique_id() const {
+     std::string tmp;
+diff --git a/libdnf5/repo/solv_repo.cpp b/libdnf5/repo/solv_repo.cpp
+index 54dba3eb..20daac3c 100644
+--- a/libdnf5/repo/solv_repo.cpp
++++ b/libdnf5/repo/solv_repo.cpp
+@@ -30,6 +30,7 @@ along with libdnf.  If not, see .
+ 
+ extern "C" {
+ #include 
++#include 
+ #include 
+ #include 
+ #include 
+@@ -38,6 +39,7 @@ extern "C" {
+ #include 
+ #include 
+ #include 
++#include 
+ }
+ 
+ 
+@@ -167,6 +169,354 @@ void checksum_calc(unsigned char * out, fs::File & file) {
+ }
+ 
+ 
++//#### XML FILTER CODE ####
++// Copy the nonXmlFormattedString to a formatted xmlString
++// all '&', '<', and '>' characters will be replaced with the xml escape
++// character versions of each in line.
++std::string escapeForXml(const std::string_view& nonXmlString) {
++    const char * amp = "&";
++    const char * gt = ">";
++    const char * lt = "<";
++
++    std::string xmlString;
++
++    // Loop through string to lint looking for chars in need of escaping
++    for(auto it=nonXmlString.cbegin(); it!=nonXmlString.cend(); ++it) {
++        // check current char for escape character
++        switch (*it) {
++            case '&':
++                xmlString+=amp;
++                break;
++            case '>':
++                xmlString+=gt;
++                break;
++            case '<':
++                xmlString+=lt;
++                break;
++            default:
++                xmlString+=*it;
++
++        }
++    }
++    return xmlString;
++}
++
++// Function to recompose start elements of snapshot repo xml files
++// Adds name and all attributes to the start element being constructed, returns a string
++// containing the xml element
++std::string composeStartElement(const std::string_view& name, const XML_Char **ppAttrs) {
++    std::string element;
++
++    element+="<";
++    element+=name;
++
++    const XML_Char** pCurrAttr = ppAttrs;
++    while (*pCurrAttr != nullptr)
++    {
++        element+=" ";
++        element+=std::string_view( *pCurrAttr );
++        ++pCurrAttr;
++
++        element+="=\"";
++        element+=escapeForXml( *pCurrAttr );
++        element+="\"";
++        ++pCurrAttr;
++    }
++
++    element+=">";
++
++    return element;
++}
++
++// Function to recompose end elements of snapshot repo xml files
++// Adds name to the end element being constructed, returns a string
++// containing the xml element
++std::string composeEndElement(const std::string_view& name) {
++
++    std::string element;
++
++    element+="";
++
++    return element;
++}
++
++// Function to compose and write start elements (with attributes) out to a file directly
++void printElementStartToFile(std::ofstream& outStream, const std::string_view& name, const XML_Char **ppAttrs) {
++
++    std::string startElement = composeStartElement(name, ppAttrs);
++    outStream.write(startElement.c_str(), startElement.length());
++}
++
++// Function to compose and write end elements out to a file directly
++void printElementEndToFile(std::ofstream& outStream, const std::string_view& name) {
++
++    std::string endElement = composeEndElement(name);
++    outStream.write(endElement.c_str(), endElement.length());
++}
++
++// expat callback to process new start elements in reop xmls
++// On a new start element, the time element being used to keep or remove a given
++// package needs to be found and determined if it is within the snapshot. If already found
++// the determinatation is cached on userData, and otherwise the previous elements will be
++// added to a temporary cache until the time element is found.
++void FilterStartCallback(void * userData, const XML_Char *name, const XML_Char **ppAttrs){
++    XMLFilterData * pTracking = static_cast(userData);
++
++    try
++    {
++        std::string newLine;
++        if (pTracking->nPrevElement != 0) {
++            newLine += "\n";
++        }
++
++        // increment depth
++        pTracking->nDepth += 1;
++        pTracking->nPrevElement = 0;
++        std::ofstream & outStream = *(pTracking->pOutStream);
++
++        // new package to parse or currently parsing package info
++        const std::string_view name_sv(name);
++        if (name_sv.compare("package") == 0 || pTracking->nInPackage) {
++            pTracking->nInPackage = 1;
++
++            // already found/checked time
++            if (pTracking->nTimeFound && pTracking->nPrintPackage) {
++                printElementStartToFile(outStream, name_sv, ppAttrs);
++
++            } else {  // still checking for time
++                if (name_sv.compare("time") == 0) {
++                    // time found
++                    // validate file POSIX time
++                    for (int i = 0; ppAttrs[i]; i += 2) {
++                        std::string_view attr(ppAttrs[i]);
++                        if (attr.compare("file") == 0) {
++                            // file time is the time the package is published to the repo
++                            // when this is less than our search time, allow the package to be
++                            // printed to the temp repo file, otherwise the current package
++                            // can be discarded.
++                            errno = 0;
++                            char * pszSnapshotTimeEnd = nullptr;
++                            long nCurrentPackageTime = strtoll(ppAttrs[i + 1], &pszSnapshotTimeEnd, 10);
++                            if (errno || pszSnapshotTimeEnd == ppAttrs[i + 1]) {
++                                //error
++                                return;
++                            }
++                            pTracking->nPrintPackage = (nCurrentPackageTime <= pTracking->nSearchTime);
++                            pTracking->nTimeFound = 1;
++                            break;
++                        }
++                    }
++                    if (pTracking->nPrintPackage) {
++                        // print buffer when time is found
++                        outStream.write(pTracking->elementBuffer.c_str(), pTracking->elementBuffer.length());
++                        printElementStartToFile(outStream, name_sv, ppAttrs);
++                    }
++                } else if (!pTracking->nTimeFound) {
++                    // if we haven't found a time yet, the element must be stored
++                    // add to file buffer
++                    std::string startElement;
++                    startElement = composeStartElement(name_sv, ppAttrs);
++                    pTracking->elementBuffer += startElement;
++                }
++            }
++        } else {  // not in a package or parsing a new package
++            printElementStartToFile(outStream, name_sv, ppAttrs);
++        }
++    }
++    catch(const std::exception& e)
++    {
++        std::cerr << "FilterStartCallback Exception: " << e.what() << '\n';
++        pTracking->bParseError = true;
++    }
++}
++
++// expat end element callback function for repo snapshot parsing
++// userData contains information about the current package. On the end of
++// a package we need to clean up and reset the current package data to blank
++void FilterEndCallback(void * userData, const XML_Char *name) {
++
++    // load tracking data
++    XMLFilterData * pTracking = static_cast(userData);
++
++    try
++    {
++        // decrement depth
++        pTracking->nDepth -= 1;
++        pTracking->nPrevElement = 2;
++
++        std::string_view name_sv(name);
++        if (!pTracking->nInPackage || pTracking->nPrintPackage) {
++            // print end element to file
++            std::ofstream & outStream = *(pTracking->pOutStream);
++            printElementEndToFile(outStream, name_sv);
++
++        } else if (pTracking->nInPackage && !pTracking->nTimeFound) {
++            std::string elementBuffer = composeEndElement(name_sv);
++            pTracking->elementBuffer += elementBuffer;
++
++        }  // else do nothing
++
++        if (name_sv.compare("package") == 0) {  // on end package, reset tracking function
++            // reset userData
++            pTracking->elementBuffer.clear();
++            pTracking->nInPackage = 0;
++            pTracking->nPrintPackage = 0;
++            pTracking->nTimeFound = 0;
++        }
++    }
++    catch(const std::exception& e)
++    {
++        std::cerr << "FilterEndCallback Exception: " << e.what() << '\n';
++        pTracking->bParseError = true;
++    }
++}
++
++// expat character data handler for parsing desciptions and other element content
++// Some elements have data inbetween the start and end such as descriptions. The
++// data needs to have escape characters handled and be cached, output, or discarded
++// depending on the snapshot being applied.
++void FilterCharDataHandler(void * userData, const XML_Char *pContent, int len) {
++    // load tracking data
++    XMLFilterData * pTracking = static_cast(userData);
++    try
++    {
++        pTracking->nPrevElement = 1;
++
++        std::string_view content(pContent, len);
++        std::string xmlFormattedString = escapeForXml(content);
++
++        // check params
++        if (!pTracking->nInPackage || pTracking->nPrintPackage) {
++            // print to file
++            std::ofstream& outStream = *(pTracking->pOutStream);
++            outStream.write(xmlFormattedString.c_str(), xmlFormattedString.length());
++        } else if (pTracking->nInPackage && !pTracking->nTimeFound) {
++            // add to buffer
++            pTracking->elementBuffer += xmlFormattedString;
++        }  // else do nothing (skipped package)
++    }
++    catch(const std::exception& e)
++    {
++         std::cerr << "FilterCharDataHandler Exception: " << e.what() << '\n';
++        pTracking->bParseError = true;
++    }
++}
++
++// setup function for repo snapshot logic
++bool SolvFilterFile(const std::string& inFilePath, const std::string& snapshotTime, std::string& outFilePath) {
++    // vars
++    const int XML_BUFSIZ=16*1024;
++    const int DEFAULT_TIME_FILTER_BUFF_SIZE = 16000;
++
++    std::ofstream outStream;
++    XMLFilterData filterContext;
++    time_t nSnapshotTime;
++    XML_Parser pParser = nullptr;
++    FILE * pbInFile = nullptr;
++    size_t bytes_read=0;
++
++    // convert snapshot string to time for use by the parser and the temp file name
++    errno = 0;
++    char * pszSnapshotTimeEnd = nullptr;
++    nSnapshotTime = strtoll(snapshotTime.c_str(), &pszSnapshotTimeEnd, 10);
++    if (errno || pszSnapshotTimeEnd == snapshotTime.c_str()) {
++        //error
++        return false;
++    }
++
++    std::filesystem::path path(inFilePath);
++
++    outFilePath = path.parent_path();
++    outFilePath += "/";
++    while (path.has_extension()) {
++        path = path.stem();
++    }
++    outFilePath += path.filename();
++    outFilePath += "-";
++    outFilePath += std::to_string(nSnapshotTime);
++    outFilePath += ".xml";
++
++    // init vars, load files
++    pbInFile = solv_xfopen(inFilePath.c_str(), "r");
++    if (!pbInFile) {
++        //error
++        goto cleanup;
++    }
++
++    //create parser
++    pParser = XML_ParserCreate(nullptr);
++    if (!pParser) {
++        //error
++        goto cleanup;
++    }
++
++    outStream.open( outFilePath.c_str(), std::ofstream::out );
++
++    filterContext.elementBuffer.reserve(DEFAULT_TIME_FILTER_BUFF_SIZE);
++    filterContext.nSearchTime = nSnapshotTime;
++    filterContext.nDepth = 0;
++    filterContext.nInPackage = 0;
++    filterContext.nPrintPackage = 0;
++    filterContext.nTimeFound = 0;
++    filterContext.pOutStream = &outStream;
++    filterContext.bParseError = false;
++
++    XML_SetUserData(pParser, &filterContext);
++    XML_SetElementHandler(pParser, FilterStartCallback, FilterEndCallback);
++    XML_SetCharacterDataHandler(pParser, FilterCharDataHandler);
++
++    //parse XML
++    outStream.write("\n", 39);
++
++    do {
++        // Get pointer to expat managed buffer
++        void * pXMLParseBuffer = XML_GetBuffer(pParser, XML_BUFSIZ);
++        if (!pXMLParseBuffer) {
++            std::cerr << "Couldn't allocate memory for buffer\n";
++            filterContext.bParseError = true;
++            break;
++        }
++
++        // Read content into the buffer
++        bytes_read = fread(pXMLParseBuffer, 1, XML_BUFSIZ - 1, pbInFile);
++        if (ferror(pbInFile)) {
++            std::cerr << "Failed reading input file\n";
++            filterContext.bParseError = true;
++            break;
++        }
++
++        // Direct expat to process the buffer
++        if (XML_ParseBuffer(pParser, static_cast(bytes_read), bytes_read == 0) == XML_STATUS_ERROR) {
++            std::cerr   << "Parse error at line "
++                        << XML_GetCurrentLineNumber(pParser)
++                        << "\n"
++                        << XML_ErrorString(XML_GetErrorCode(pParser));
++            filterContext.bParseError = true;
++            break;
++        }
++    } while (bytes_read!=0);
++
++    outStream.write("\n", 1);
++
++cleanup:
++    if (pParser) {
++        XML_ParserFree(pParser);
++        pParser = nullptr;
++    }
++
++    if (pbInFile) {
++        fclose(pbInFile);
++        pbInFile = nullptr;
++    }
++
++    filterContext.pOutStream = nullptr;
++
++    return filterContext.bParseError;
++}
++// #### END XML SNAPSHOT FILTER CODE ####
++
+ static const char * repodata_type_to_name(RepodataType type) {
+     switch (type) {
+         case RepodataType::FILELISTS:
+@@ -236,6 +586,11 @@ SolvRepo::~SolvRepo() {
+ void SolvRepo::load_repo_main(const std::string & repomd_fn, const std::string & primary_fn) {
+     auto & logger = *base->get_logger();
+     auto & pool = get_rpm_pool(base);
++    auto & main_config = config.get_main_config();
++    std::string primary_snapshot_fn;
++    const std::string snapshot_time = main_config.get_snapshot_time_option().get_value();
++    bool isSnapshotRepo = !config.get_snapshot_exclude_option().get_value() && !snapshot_time.empty();
++
+ 
+     fs::File repomd_file(repomd_fn, "r");
+ 
+@@ -243,14 +598,25 @@ void SolvRepo::load_repo_main(const std::string & repomd_fn, const std::string &
+ 
+     int solvables_start = pool->nsolvables;
+ 
+-    if (load_solv_cache(pool, nullptr, 0)) {
+-        main_solvables_start = solvables_start;
+-        main_solvables_end = pool->nsolvables;
+ 
+-        return;
++    if (isSnapshotRepo) {
++        if (SolvFilterFile(primary_fn, snapshot_time, primary_snapshot_fn)) {
++            printf("snapshot filter failure\n");
++        }
++
++    } else {
++        if (load_solv_cache(pool, nullptr, 0)) {
++            main_solvables_start = solvables_start;
++            main_solvables_end = pool->nsolvables;
++
++            return;
++        }
+     }
+ 
+-    fs::File primary_file(primary_fn, "r", true);
++    const std::string & temp_fn = primary_snapshot_fn.empty() ? primary_fn : primary_snapshot_fn;
++
++    printf("primary fn used: %s\n",temp_fn.c_str());
++    fs::File primary_file(temp_fn, "r", true);
+ 
+     logger.debug("Loading repomd and primary for repo \"{}\"", config.get_id());
+     if (repo_add_repomdxml(repo, repomd_file.get(), 0) != 0) {
+@@ -265,14 +631,14 @@ void SolvRepo::load_repo_main(const std::string & repomd_fn, const std::string &
+         throw SolvError(
+             M_("Failed to load primary for repo \"{}\" from \"{}\": {}."),
+             config.get_id(),
+-            primary_fn,
++            temp_fn,
+             std::string(pool_errstr(*pool)));
+     }
+ 
+     main_solvables_start = solvables_start;
+     main_solvables_end = pool->nsolvables;
+ 
+-    if (config.get_build_cache_option().get_value()) {
++    if (!isSnapshotRepo && config.get_build_cache_option().get_value()) {
+         write_main(true);
+     }
+ }
+@@ -533,6 +899,13 @@ void SolvRepo::write_main(bool load_after_write) {
+     auto & logger = *base->get_logger();
+     auto & pool = get_rpm_pool(base);
+ 
++    //add snapshot check to exit here if present and excluded
++    const std::string snapshot_time = config.get_main_config().get_snapshot_time_option().get_value();
++    if (!config.get_snapshot_exclude_option().get_value() && !snapshot_time.empty()) {
++        // intentionally skip when snapshots
++        return;
++    }
++
+     const char * chksum = pool_bin2hex(*pool, checksum, solv_chksum_len(CHKSUM_TYPE));
+ 
+     const auto solvfile_path = solv_file_path();
+diff --git a/libdnf5/repo/solv_repo.hpp b/libdnf5/repo/solv_repo.hpp
+index f3f9b822..1501bab4 100644
+--- a/libdnf5/repo/solv_repo.hpp
++++ b/libdnf5/repo/solv_repo.hpp
+@@ -29,7 +29,9 @@ along with libdnf.  If not, see .
+ #include "libdnf5/repo/config_repo.hpp"
+ #include "libdnf5/utils/fs/file.hpp"
+ 
+-#include 
++#include 
++#include 
++#include 
+ 
+ #include 
+ 
+@@ -54,6 +56,25 @@ namespace libdnf5::repo {
+ using LibsolvRepo = ::Repo;
+ enum class RepodataType { FILELISTS, PRESTO, UPDATEINFO, COMPS, OTHER };
+ 
++typedef struct {
++    // frequently changed values
++    std::string elementBuffer;
++    int nInPackage;
++    int nPrintPackage;
++    int nTimeFound;
++
++    // managed values
++    int nDepth;
++    int nPrevElement; // enum 0 -> start, 1 -> data, 2 -> end
++
++    //set and forget on creation
++    time_t nSearchTime;
++    std::ofstream* pOutStream;
++    bool bParseError;
++} XMLFilterData;
++
++#define MAX_FILTER_INPUT_THRESHOLD 500000000
++
+ 
+ class SolvError : public Error {
+     using Error::Error;
+-- 
+2.34.1
+
diff --git a/SPECS/dnf5/dnf5.spec b/SPECS/dnf5/dnf5.spec
index 79f3bff5fc..35e2c721d5 100644
--- a/SPECS/dnf5/dnf5.spec
+++ b/SPECS/dnf5/dnf5.spec
@@ -38,12 +38,17 @@
 Summary:        Command-line package manager
 Name:           dnf5
 Version:        %{project_version_major}.%{project_version_minor}.%{project_version_patch}
-Release:        1%{?dist}
+Release:        3%{?dist}
 License:        GPL-2.0-or-later
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://github.com/rpm-software-management/dnf5
 Source0:        %{url}/archive/%{version}/dnf5-%{version}.tar.gz
+Patch0:         dnf5-repo-snapshot.patch
+Patch1:         CVE-2024-1929.patch
+Patch2:         CVE-2024-1930.patch
+Patch3:         CVE-2024-2746.patch
+
 # ========== build requires ==========
 BuildRequires:  bash-completion
 BuildRequires:  cmake
@@ -674,6 +679,13 @@ done
 
 
 %changelog
+* Tue May 06 2025 Sam Meluch  - 5.1.11-3
+- Add repo snapshot to dnf5
+- fixup merge conflict
+
+* Wed Apr 30 2025 Kanishk Bansal  - 5.1.11-2
+- Patch CVE-2024-1929, CVE-2024-1930, CVE-2024-2746
+
 * Wed Jan 31 2024 Sam Meluch  - 5.1.11-1
 - Update to version 5.1.11
 - Merge spec from upstream dnf5 repo
diff --git a/SPECS/docker-buildx/CVE-2025-0495.patch b/SPECS/docker-buildx/CVE-2025-0495.patch
new file mode 100644
index 0000000000..2f898153dc
--- /dev/null
+++ b/SPECS/docker-buildx/CVE-2025-0495.patch
@@ -0,0 +1,98 @@
+From 57f85577943734ab47924d1f2595de12a8613fbf Mon Sep 17 00:00:00 2001
+From: Tonis Tiigi 
+Date: Mon, 3 Feb 2025 22:14:55 -0800
+Subject: [PATCH] otel: avoid tracing raw os arguments
+
+User might pass a value that they don't expect to
+be kept in trace storage. For example some cache backends
+allow passing authentication tokens with a flag.
+
+Instead use known primary config values as attributes
+of the root span.
+
+Signed-off-by: Tonis Tiigi 
+Modified patch to apply to AzureLinux
+Modified-by: Sandeep Karambelkar 
+Upstream Patch: https://github.com/docker/buildx/commit/18ccba072076ddbfb0aeedd6746d7719b0729b58
+Upstream PR: https://github.com/docker/buildx/pull/3068
+Only first commit is applicable from https://github.com/docker/buildx/pull/3068/commits
+---
+ commands/bake.go      | 7 ++++++-
+ commands/build.go     | 6 +++++-
+ util/tracing/trace.go | 7 +++----
+ 3 files changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/commands/bake.go b/commands/bake.go
+index cb23066..3fc0b74 100644
+--- a/commands/bake.go
++++ b/commands/bake.go
+@@ -26,6 +26,7 @@ import (
+ 	"github.com/moby/buildkit/util/progress/progressui"
+ 	"github.com/pkg/errors"
+ 	"github.com/spf13/cobra"
++	"go.opentelemetry.io/otel/attribute"
+ )
+ 
+ type bakeOptions struct {
+@@ -42,7 +43,11 @@ type bakeOptions struct {
+ }
+ 
+ func runBake(ctx context.Context, dockerCli command.Cli, targets []string, in bakeOptions, cFlags commonFlags) (err error) {
+-	ctx, end, err := tracing.TraceCurrentCommand(ctx, "bake")
++	ctx, end, err := tracing.TraceCurrentCommand(ctx, append([]string{"bake"}, targets...),
++		attribute.String("builder", in.builder),
++		attribute.StringSlice("targets", targets),
++		attribute.StringSlice("files", in.files),
++	)
+ 	if err != nil {
+ 		return err
+ 	}
+diff --git a/commands/build.go b/commands/build.go
+index 6f151d4..e4d88c4 100644
+--- a/commands/build.go
++++ b/commands/build.go
+@@ -271,7 +271,11 @@ func runBuild(ctx context.Context, dockerCli command.Cli, options buildOptions)
+ 	mp := dockerCli.MeterProvider(ctx)
+ 	defer metricutil.Shutdown(ctx, mp)
+ 
+-	ctx, end, err := tracing.TraceCurrentCommand(ctx, "build")
++	ctx, end, err := tracing.TraceCurrentCommand(ctx, []string{"build", options.contextPath},
++		attribute.String("builder", options.builder),
++		attribute.String("context", options.contextPath),
++		attribute.String("dockerfile", options.dockerfileName),
++	)
+ 	if err != nil {
+ 		return err
+ 	}
+diff --git a/util/tracing/trace.go b/util/tracing/trace.go
+index c95ad5a..13ce349 100644
+--- a/util/tracing/trace.go
++++ b/util/tracing/trace.go
+@@ -2,7 +2,6 @@ package tracing
+ 
+ import (
+ 	"context"
+-	"os"
+ 	"strings"
+ 
+ 	"github.com/moby/buildkit/util/tracing/detect"
+@@ -10,13 +9,13 @@ import (
+ 	"go.opentelemetry.io/otel/trace"
+ )
+ 
+-func TraceCurrentCommand(ctx context.Context, name string) (context.Context, func(error), error) {
++func TraceCurrentCommand(ctx context.Context, args []string, attrs ...attribute.KeyValue) (context.Context, func(error), error) {
+ 	tp, err := detect.TracerProvider()
+ 	if err != nil {
+ 		return context.Background(), nil, err
+ 	}
+-	ctx, span := tp.Tracer("").Start(ctx, name, trace.WithAttributes(
+-		attribute.String("command", strings.Join(os.Args, " ")),
++	ctx, span := tp.Tracer("").Start(ctx, strings.Join(args, " "), trace.WithAttributes(
++		attrs...,
+ 	))
+ 
+ 	return ctx, func(err error) {
+-- 
+2.45.3
+
diff --git a/SPECS/docker-buildx/docker-buildx.spec b/SPECS/docker-buildx/docker-buildx.spec
index 7f8b20970a..2bb4b77ab6 100644
--- a/SPECS/docker-buildx/docker-buildx.spec
+++ b/SPECS/docker-buildx/docker-buildx.spec
@@ -4,7 +4,7 @@ Summary:        A Docker CLI plugin for extended build capabilities with BuildKi
 Name:           docker-buildx
 # update "commit_hash" above when upgrading version
 Version:        0.14.0
-Release:        5%{?dist}
+Release:        6%{?dist}
 License:        ASL 2.0
 Group:          Tools/Container
 Vendor:         Microsoft Corporation
@@ -14,6 +14,7 @@ Source0:        https://github.com/docker/buildx/archive/refs/tags/v%{version}.t
 Patch0:         CVE-2024-45337.patch
 Patch1:         CVE-2024-45338.patch
 Patch2:         CVE-2025-22869.patch
+Patch3:         CVE-2025-0495.patch
 
 BuildRequires: bash
 BuildRequires: golang
@@ -47,6 +48,10 @@ install -m 755 buildx "%{buildroot}%{_libexecdir}/docker/cli-plugins/docker-buil
 %{_libexecdir}/docker/cli-plugins/docker-buildx
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 0.14.0-6
+- merge from Azure Linux 3.0.20250521-3.0
+- Fix CVE-2025-0495 with upstream patch modified to apply for azurelinux package
+
 * Fri Mar 21 2025 Anuj Mittal  - 0.14.0-5
 - Bump Release to rebuild
 
diff --git a/SPECS/docker-compose/CVE-2025-22872.patch b/SPECS/docker-compose/CVE-2025-22872.patch
new file mode 100644
index 0000000000..a9203f2a9a
--- /dev/null
+++ b/SPECS/docker-compose/CVE-2025-22872.patch
@@ -0,0 +1,42 @@
+From 01035da6c5be2080f75765d9ebbb462614d7e81a Mon Sep 17 00:00:00 2001
+From: jykanase 
+Date: Tue, 22 Apr 2025 08:15:38 +0000
+Subject: [PATCH] CVE-2025-22872
+
+Upstream patch reference: https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9
+---
+ vendor/golang.org/x/net/html/token.go | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go
+index 3c57880..6598c1f 100644
+--- a/vendor/golang.org/x/net/html/token.go
++++ b/vendor/golang.org/x/net/html/token.go
+@@ -839,8 +839,22 @@ func (z *Tokenizer) readStartTag() TokenType {
+ 	if raw {
+ 		z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end]))
+ 	}
+-	// Look for a self-closing token like "
".
+-	if z.err == nil && z.buf[z.raw.end-2] == '/' {
++	// Look for a self-closing token (e.g. 
).
++	//
++	// Originally, we did this by just checking that the last character of the
++	// tag (ignoring the closing bracket) was a solidus (/) character, but this
++	// is not always accurate.
++	//
++	// We need to be careful that we don't misinterpret a non-self-closing tag
++	// as self-closing, as can happen if the tag contains unquoted attribute
++	// values (i.e. 
).
++	//
++	// To avoid this, we check that the last non-bracket character of the tag
++	// (z.raw.end-2) isn't the same character as the last non-quote character of
++	// the last attribute of the tag (z.pendingAttr[1].end-1), if the tag has
++	// attributes.
++	nAttrs := len(z.attr)
++	if z.err == nil && z.buf[z.raw.end-2] == '/' && (nAttrs == 0 || z.raw.end-2 != z.attr[nAttrs-1][1].end-1) {
+ 		return SelfClosingTagToken
+ 	}
+ 	return StartTagToken
+-- 
+2.45.2
+
diff --git a/SPECS/docker-compose/docker-compose.spec b/SPECS/docker-compose/docker-compose.spec
index 057df039be..c6c0e53490 100644
--- a/SPECS/docker-compose/docker-compose.spec
+++ b/SPECS/docker-compose/docker-compose.spec
@@ -1,7 +1,7 @@
 Summary:        Define and run multi-container applications with Docker
 Name:           docker-compose
 Version:        2.27.0
-Release:        5%{?dist}
+Release:        6%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -16,6 +16,7 @@ Patch0:         CVE-2024-45337.patch
 Patch1:         CVE-2024-45338.patch
 Patch2:         CVE-2025-22869.patch
 Patch3:         CVE-2024-10846.patch
+Patch4:         CVE-2025-22872.patch
 BuildRequires:  golang
 Requires:       docker-cli
 Obsoletes:      moby-compose < %{version}-%{release}
@@ -48,6 +49,10 @@ install -D -m0755 bin/build/docker-compose %{buildroot}/%{_libexecdir}/docker/cl
 %{_libexecdir}/docker/cli-plugins/docker-compose
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 2.27.0-6
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-22872
+
 * Fri Mar 21 2025 Anuj Mittal  - 2.27.0-5
 - Bump Release to rebuild
 
diff --git a/SPECS/dwarves/0001-btf-Remove-ftrace-filter.patch b/SPECS/dwarves/0001-btf-Remove-ftrace-filter.patch
deleted file mode 100644
index 658399c273..0000000000
--- a/SPECS/dwarves/0001-btf-Remove-ftrace-filter.patch
+++ /dev/null
@@ -1,392 +0,0 @@
-From 58a98f76ac95b1bb11920ff2b58206b2364e6b3b Mon Sep 17 00:00:00 2001
-From: Martin KaFai Lau 
-Date: Thu, 6 May 2021 13:56:22 -0700
-Subject: [PATCH 1/3] btf: Remove ftrace filter
-
-BTF is currently generated for functions that are in ftrace list
-or extern.
-
-A recent use case also needs BTF generated for functions included in
-allowlist.
-
-In particular, the kernel commit:
-
-  e78aea8b2170 ("bpf: tcp: Put some tcp cong functions in allowlist for bpf-tcp-cc")
-
-allows bpf program to directly call a few tcp cc kernel functions. Those
-kernel functions are currently allowed only if CONFIG_DYNAMIC_FTRACE
-is set to ensure they are in the ftrace list but this kconfig dependency
-is unnecessary.
-
-Those kernel functions are specified under an ELF section .BTF_ids.
-There was an earlier attempt [0] to add another filter for the functions in
-the .BTF_ids section.  That discussion concluded that the ftrace filter
-should be removed instead.
-
-This patch is to remove the ftrace filter and its related functions.
-
-Number of BTF FUNC with and without is_ftrace_func():
-My kconfig in x86: 40643 vs 46225
-Jiri reported on arm: 25022 vs 55812
-
-[0]: https://lore.kernel.org/dwarves/20210423213728.3538141-1-kafai@fb.com/
-
-Signed-off-by: Martin KaFai Lau 
-Tested-by: Nathan Chancellor  # build
-Acked-by: Jiri Olsa 
-Acked-by: Jiri Slaby 
-Cc: Andrii Nakryiko 
-Cc: Jiri Olsa 
-Cc: kernel-team@fb.com
-Signed-off-by: Arnaldo Carvalho de Melo 
----
- btf_encoder.c | 285 ++------------------------------------------------
- 1 file changed, 7 insertions(+), 278 deletions(-)
-
-diff --git a/btf_encoder.c b/btf_encoder.c
-index 80e896961d4e0294..c711f124b31e2720 100644
---- a/btf_encoder.c
-+++ b/btf_encoder.c
-@@ -27,17 +27,8 @@
-  */
- #define KSYM_NAME_LEN 128
- 
--struct funcs_layout {
--	unsigned long mcount_start;
--	unsigned long mcount_stop;
--	unsigned long mcount_sec_idx;
--};
--
- struct elf_function {
- 	const char	*name;
--	unsigned long	 addr;
--	unsigned long	 size;
--	unsigned long	 sh_addr;
- 	bool		 generated;
- };
- 
-@@ -64,12 +55,9 @@ static void delete_functions(void)
- #define max(x, y) ((x) < (y) ? (y) : (x))
- #endif
- 
--static int collect_function(struct btf_elf *btfe, GElf_Sym *sym,
--			    size_t sym_sec_idx)
-+static int collect_function(struct btf_elf *btfe, GElf_Sym *sym)
- {
- 	struct elf_function *new;
--	static GElf_Shdr sh;
--	static size_t last_idx;
- 	const char *name;
- 
- 	if (elf_sym__type(sym) != STT_FUNC)
-@@ -91,257 +79,12 @@ static int collect_function(struct btf_elf *btfe, GElf_Sym *sym,
- 		functions = new;
- 	}
- 
--	if (sym_sec_idx != last_idx) {
--		if (!elf_section_by_idx(btfe->elf, &sh, sym_sec_idx))
--			return 0;
--		last_idx = sym_sec_idx;
--	}
--
- 	functions[functions_cnt].name = name;
--	functions[functions_cnt].addr = elf_sym__value(sym);
--	functions[functions_cnt].size = elf_sym__size(sym);
--	functions[functions_cnt].sh_addr = sh.sh_addr;
- 	functions[functions_cnt].generated = false;
- 	functions_cnt++;
- 	return 0;
- }
- 
--static int addrs_cmp(const void *_a, const void *_b)
--{
--	const __u64 *a = _a;
--	const __u64 *b = _b;
--
--	if (*a == *b)
--		return 0;
--	return *a < *b ? -1 : 1;
--}
--
--static int get_vmlinux_addrs(struct btf_elf *btfe, struct funcs_layout *fl,
--			     __u64 **paddrs, __u64 *pcount)
--{
--	__u64 *addrs, count, offset;
--	unsigned int addr_size, i;
--	Elf_Data *data;
--	GElf_Shdr shdr;
--	Elf_Scn *sec;
--
--	/* Initialize for the sake of all error paths below. */
--	*paddrs = NULL;
--	*pcount = 0;
--
--	if (!fl->mcount_start || !fl->mcount_stop)
--		return 0;
--
--	/*
--	 * Find mcount addressed marked by __start_mcount_loc
--	 * and __stop_mcount_loc symbols and load them into
--	 * sorted array.
--	 */
--	sec = elf_getscn(btfe->elf, fl->mcount_sec_idx);
--	if (!sec || !gelf_getshdr(sec, &shdr)) {
--		fprintf(stderr, "Failed to get section(%lu) header.\n",
--			fl->mcount_sec_idx);
--		return -1;
--	}
--
--	/* Get address size from processed file's ELF class. */
--	addr_size = gelf_getclass(btfe->elf) == ELFCLASS32 ? 4 : 8;
--
--	offset = fl->mcount_start - shdr.sh_addr;
--	count  = (fl->mcount_stop - fl->mcount_start) / addr_size;
--
--	data = elf_getdata(sec, 0);
--	if (!data) {
--		fprintf(stderr, "Failed to get section(%lu) data.\n",
--			fl->mcount_sec_idx);
--		return -1;
--	}
--
--	addrs = malloc(count * sizeof(addrs[0]));
--	if (!addrs) {
--		fprintf(stderr, "Failed to allocate memory for ftrace addresses.\n");
--		return -1;
--	}
--
--	if (addr_size == sizeof(__u64)) {
--		memcpy(addrs, data->d_buf + offset, count * addr_size);
--	} else {
--		for (i = 0; i < count; i++)
--			addrs[i] = (__u64) *((__u32 *) (data->d_buf + offset + i * addr_size));
--	}
--
--	*paddrs = addrs;
--	*pcount = count;
--	return 0;
--}
--
--static int
--get_kmod_addrs(struct btf_elf *btfe, __u64 **paddrs, __u64 *pcount)
--{
--	__u64 *addrs, count;
--	unsigned int addr_size, i;
--	GElf_Shdr shdr_mcount;
--	Elf_Data *data;
--	Elf_Scn *sec;
--
--	/* Initialize for the sake of all error paths below. */
--	*paddrs = NULL;
--	*pcount = 0;
--
--	/* get __mcount_loc */
--	sec = elf_section_by_name(btfe->elf, &btfe->ehdr, &shdr_mcount,
--				  "__mcount_loc", NULL);
--	if (!sec) {
--		if (btf_elf__verbose) {
--			printf("%s: '%s' doesn't have __mcount_loc section\n", __func__,
--			       btfe->filename);
--		}
--		return 0;
--	}
--
--	data = elf_getdata(sec, NULL);
--	if (!data) {
--		fprintf(stderr, "Failed to data for __mcount_loc section.\n");
--		return -1;
--	}
--
--	/* Get address size from processed file's ELF class. */
--	addr_size = gelf_getclass(btfe->elf) == ELFCLASS32 ? 4 : 8;
--
--	count = data->d_size / addr_size;
--
--	addrs = malloc(count * sizeof(addrs[0]));
--	if (!addrs) {
--		fprintf(stderr, "Failed to allocate memory for ftrace addresses.\n");
--		return -1;
--	}
--
--	if (addr_size == sizeof(__u64)) {
--		memcpy(addrs, data->d_buf, count * addr_size);
--	} else {
--		for (i = 0; i < count; i++)
--			addrs[i] = (__u64) *((__u32 *) (data->d_buf + i * addr_size));
--	}
--
--	/*
--	 * We get Elf object from dwfl_module_getelf function,
--	 * which performs all possible relocations, including
--	 * __mcount_loc section.
--	 *
--	 * So addrs array now contains relocated values, which
--	 * we need take into account when we compare them to
--	 * functions values, see comment in setup_functions
--	 * function.
--	 */
--	*paddrs = addrs;
--	*pcount = count;
--	return 0;
--}
--
--static int is_ftrace_func(struct elf_function *func, __u64 *addrs, __u64 count)
--{
--	__u64 start = func->addr;
--	__u64 addr, end = func->addr + func->size;
--
--	/*
--	 * The invariant here is addr[r] that is the smallest address
--	 * that is >= than function start addr. Except the corner case
--	 * where there is no such r, but for that we have a final check
--	 * in the return.
--	 */
--	size_t l = 0, r = count - 1, m;
--
--	/* make sure we don't use invalid r */
--	if (count == 0)
--		return false;
--
--	while (l < r) {
--		m = l + (r - l) / 2;
--		addr = addrs[m];
--
--		if (addr >= start) {
--			/* we satisfy invariant, so tighten r */
--			r = m;
--		} else {
--			/* m is not good enough as l, maybe m + 1 will be */
--			l = m + 1;
--		}
--	}
--
--	return start <= addrs[r] && addrs[r] < end;
--}
--
--static int setup_functions(struct btf_elf *btfe, struct funcs_layout *fl)
--{
--	__u64 *addrs, count, i;
--	int functions_valid = 0;
--	bool kmod = false;
--
--	/*
--	 * Check if we are processing vmlinux image and
--	 * get mcount data if it's detected.
--	 */
--	if (get_vmlinux_addrs(btfe, fl, &addrs, &count))
--		return -1;
--
--	/*
--	 * Check if we are processing kernel module and
--	 * get mcount data if it's detected.
--	 */
--	if (!addrs) {
--		if (get_kmod_addrs(btfe, &addrs, &count))
--			return -1;
--		kmod = true;
--	}
--
--	if (!addrs) {
--		if (btf_elf__verbose)
--			printf("ftrace symbols not detected, falling back to DWARF data\n");
--		delete_functions();
--		return 0;
--	}
--
--	qsort(addrs, count, sizeof(addrs[0]), addrs_cmp);
--	qsort(functions, functions_cnt, sizeof(functions[0]), functions_cmp);
--
--	/*
--	 * Let's got through all collected functions and filter
--	 * out those that are not in ftrace.
--	 */
--	for (i = 0; i < functions_cnt; i++) {
--		struct elf_function *func = &functions[i];
--		/*
--		 * For vmlinux image both addrs[x] and functions[x]::addr
--		 * values are final address and are comparable.
--		 *
--		 * For kernel module addrs[x] is final address, but
--		 * functions[x]::addr is relative address within section
--		 * and needs to be relocated by adding sh_addr.
--		 */
--		if (kmod)
--			func->addr += func->sh_addr;
--
--		/* Make sure function is within ftrace addresses. */
--		if (is_ftrace_func(func, addrs, count)) {
--			/*
--			 * We iterate over sorted array, so we can easily skip
--			 * not valid item and move following valid field into
--			 * its place, and still keep the 'new' array sorted.
--			 */
--			if (i != functions_valid)
--				functions[functions_valid] = functions[i];
--			functions_valid++;
--		}
--	}
--
--	functions_cnt = functions_valid;
--	free(addrs);
--
--	if (btf_elf__verbose)
--		printf("Found %d functions!\n", functions_cnt);
--	return 0;
--}
--
- static struct elf_function *find_function(const struct btf_elf *btfe,
- 					  const char *name)
- {
-@@ -620,23 +363,8 @@ static int collect_percpu_var(struct btf_elf *btfe, GElf_Sym *sym,
- 	return 0;
- }
- 
--static void collect_symbol(GElf_Sym *sym, struct funcs_layout *fl,
--			   size_t sym_sec_idx)
--{
--	if (!fl->mcount_start &&
--	    !strcmp("__start_mcount_loc", elf_sym__name(sym, btfe->symtab))) {
--		fl->mcount_start = sym->st_value;
--		fl->mcount_sec_idx = sym_sec_idx;
--	}
--
--	if (!fl->mcount_stop &&
--	    !strcmp("__stop_mcount_loc", elf_sym__name(sym, btfe->symtab)))
--		fl->mcount_stop = sym->st_value;
--}
--
- static int collect_symbols(struct btf_elf *btfe, bool collect_percpu_vars)
- {
--	struct funcs_layout fl = { };
- 	Elf32_Word sym_sec_idx;
- 	uint32_t core_id;
- 	GElf_Sym sym;
-@@ -648,9 +376,8 @@ static int collect_symbols(struct btf_elf *btfe, bool collect_percpu_vars)
- 	elf_symtab__for_each_symbol_index(btfe->symtab, core_id, sym, sym_sec_idx) {
- 		if (collect_percpu_vars && collect_percpu_var(btfe, &sym, sym_sec_idx))
- 			return -1;
--		if (collect_function(btfe, &sym, sym_sec_idx))
-+		if (collect_function(btfe, &sym))
- 			return -1;
--		collect_symbol(&sym, &fl, sym_sec_idx);
- 	}
- 
- 	if (collect_percpu_vars) {
-@@ -661,9 +388,11 @@ static int collect_symbols(struct btf_elf *btfe, bool collect_percpu_vars)
- 			printf("Found %d per-CPU variables!\n", percpu_var_cnt);
- 	}
- 
--	if (functions_cnt && setup_functions(btfe, &fl)) {
--		fprintf(stderr, "Failed to filter DWARF functions\n");
--		return -1;
-+	if (functions_cnt) {
-+		qsort(functions, functions_cnt, sizeof(functions[0]),
-+		      functions_cmp);
-+		if (btf_elf__verbose)
-+			printf("Found %d functions!\n", functions_cnt);
- 	}
- 
- 	return 0;
--- 
-2.26.3
-
diff --git a/SPECS/dwarves/CVE-2025-29481.patch b/SPECS/dwarves/CVE-2025-29481.patch
new file mode 100644
index 0000000000..566d508693
--- /dev/null
+++ b/SPECS/dwarves/CVE-2025-29481.patch
@@ -0,0 +1,26 @@
+From 785d2802a0b0f09e2e41264a670d8cdc03385af0 Mon Sep 17 00:00:00 2001
+From: jykanase 
+Date: Mon, 14 Apr 2025 09:09:42 +0000
+Subject: [PATCH] CVE-2025-29481
+
+Upstream patch reference: https://lore.kernel.org/bpf/20250410073407.131211-1-vmalik@redhat.com/
+---
+ lib/bpf/src/libbpf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/bpf/src/libbpf.c b/lib/bpf/src/libbpf.c
+index a5c67a3..3a4ceda 100644
+--- a/lib/bpf/src/libbpf.c
++++ b/lib/bpf/src/libbpf.c
+@@ -819,7 +819,7 @@ bpf_object__add_programs(struct bpf_object *obj, Elf_Data *sec_data,
+ 			return -LIBBPF_ERRNO__FORMAT;
+ 		}
+ 
+-		if (sec_off + prog_sz > sec_sz) {
++		if (sec_off >= sec_sz || sec_off + prog_sz > sec_sz) {
+ 			pr_warn("sec '%s': program at offset %zu crosses section boundary\n",
+ 				sec_name, sec_off);
+ 			return -LIBBPF_ERRNO__FORMAT;
+-- 
+2.45.2
+
diff --git a/SPECS/dwarves/dwarves.spec b/SPECS/dwarves/dwarves.spec
index e0819bdbd0..498562906b 100644
--- a/SPECS/dwarves/dwarves.spec
+++ b/SPECS/dwarves/dwarves.spec
@@ -3,12 +3,13 @@
 Summary:        Debugging Information Manipulation Tools (pahole & friends)
 Name:           dwarves
 Version:        1.25
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://acmel.wordpress.com
 Source:         https://fedorapeople.org/~acme/dwarves/%{name}-%{version}.tar.xz
+Patch0:         CVE-2025-29481.patch
 BuildRequires:  cmake >= 2.8.12
 BuildRequires:  elfutils-devel >= 0.130
 BuildRequires:  gcc
@@ -132,6 +133,9 @@ rm -Rf %{buildroot}
 %{_libdir}/%{libname}_reorganize.so
 
 %changelog
+* Mon Apr 14 2025 Jyoti Kanase  - 1.25-2
+- Patch for CVE-2025-29481
+
 * Thu Nov 16 2023 Rachel Menge  - 1.25-1
 - Update to version 1.25
 - License verified
diff --git a/SPECS/edk2/CVE-2024-13176.patch b/SPECS/edk2/CVE-2024-13176.patch
new file mode 100644
index 0000000000..2c218aa4ef
--- /dev/null
+++ b/SPECS/edk2/CVE-2024-13176.patch
@@ -0,0 +1,121 @@
+From 07272b05b04836a762b4baa874958af51d513844 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz 
+Date: Wed, 15 Jan 2025 18:27:02 +0100
+Subject: [PATCH] Fix timing side-channel in ECDSA signature computation
+
+There is a timing signal of around 300 nanoseconds when the top word of
+the inverted ECDSA nonce value is zero. This can happen with significant
+probability only for some of the supported elliptic curves. In particular
+the NIST P-521 curve is affected. To be able to measure this leak, the
+attacker process must either be located in the same physical computer or
+must have a very fast network connection with low latency.
+
+Attacks on ECDSA nonce are also known as Minerva attack.
+
+Fixes CVE-2024-13176
+
+Reviewed-by: Tim Hudson 
+Reviewed-by: Neil Horman 
+Reviewed-by: Paul Dale 
+(Merged from https://github.com/openssl/openssl/pull/26429)
+
+(cherry picked from commit 63c40a66c5dc287485705d06122d3a6e74a6a203)
+---
+ CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_exp.c  | 21 +++++++++++++++------
+ CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_lib.c  |  7 ++++---
+ include/CryptoPkg/Library/OpensslLib/openssl/crypto/bn.h |  3 +++
+ 3 files changed, 22 insertions(+), 9 deletions(-)
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_exp.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_exp.c
+index 598a592ca1397..d84c7de18a6b6 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_exp.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_exp.c
+@@ -606,7 +606,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
+  * out by Colin Percival,
+  * http://www.daemonology.net/hyperthreading-considered-harmful/)
+  */
+-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
++int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+                               const BIGNUM *m, BN_CTX *ctx,
+                               BN_MONT_CTX *in_mont)
+ {
+@@ -623,10 +623,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+     unsigned int t4 = 0;
+ #endif
+ 
+-    bn_check_top(a);
+-    bn_check_top(p);
+-    bn_check_top(m);
+-
+     if (!BN_is_odd(m)) {
+         ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS);
+         return 0;
+@@ -1146,7 +1142,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+             goto err;
+     } else
+ #endif
+-    if (!BN_from_montgomery(rr, &tmp, mont, ctx))
++    if (!bn_from_mont_fixed_top(rr, &tmp, mont, ctx))
+         goto err;
+     ret = 1;
+  err:
+@@ -1160,6 +1156,19 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+     return ret;
+ }
+ 
++int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
++                              const BIGNUM *m, BN_CTX *ctx,
++                              BN_MONT_CTX *in_mont)
++{
++    bn_check_top(a);
++    bn_check_top(p);
++    bn_check_top(m);
++    if (!bn_mod_exp_mont_fixed_top(rr, a, p, m, ctx, in_mont))
++        return 0;
++    bn_correct_top(rr);
++    return 1;
++}
++
+ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
+                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+ {
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_lib.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_lib.c
+index b1696d93bd6dd..1f0bf1ec795fa 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_lib.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_lib.c
+@@ -20,6 +20,7 @@
+ #include 
+ #include 
+ #include "crypto/ec.h"
++#include "crypto/bn.h"
+ #include "internal/nelem.h"
+ #include "ec_local.h"
+ 
+@@ -1262,10 +1263,10 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r,
+     if (!BN_sub(e, group->order, e))
+         goto err;
+     /*-
+-     * Exponent e is public.
+-     * No need for scatter-gather or BN_FLG_CONSTTIME.
++     * Although the exponent is public we want the result to be
++     * fixed top.
+      */
+-    if (!BN_mod_exp_mont(r, x, e, group->order, ctx, group->mont_data))
++    if (!bn_mod_exp_mont_fixed_top(r, x, e, group->order, ctx, group->mont_data))
+         goto err;
+ 
+     ret = 1;
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/include/crypto/bn.h b/include/CryptoPkg/Library/OpensslLib/openssl/crypto/bn.h
+index c5f328156d3a9..59a629b9f6288 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/include/crypto/bn.h
++++ b/CryptoPkg/Library/OpensslLib/openssl/include/crypto/bn.h
+@@ -73,6 +73,9 @@ int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words);
+  */
+ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                           BN_MONT_CTX *mont, BN_CTX *ctx);
++int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
++                              const BIGNUM *m, BN_CTX *ctx,
++                              BN_MONT_CTX *in_mont);
+ int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                          BN_CTX *ctx);
+ int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
diff --git a/SPECS/edk2/CVE-2024-2511.patch b/SPECS/edk2/CVE-2024-2511.patch
new file mode 100644
index 0000000000..c7f036c39d
--- /dev/null
+++ b/SPECS/edk2/CVE-2024-2511.patch
@@ -0,0 +1,95 @@
+From dfa811c4173d0b520de4cfb0e7794781ad41289a Mon Sep 17 00:00:00 2001
+From: Archana Choudhary 
+Date: Tue, 29 Apr 2025 09:04:40 +0000
+Subject: [PATCH] Patch for CVE-2024-2511
+
+Ported from https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d
+---
+ .../Library/OpensslLib/openssl/ssl/ssl_lib.c  |  5 ++--
+ .../Library/OpensslLib/openssl/ssl/ssl_sess.c | 28 +++++++++++++++----
+ .../openssl/ssl/statem/statem_srvr.c          |  5 ++--
+ 3 files changed, 27 insertions(+), 11 deletions(-)
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c b/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c
+index 99ce450..158b550 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c
+@@ -3717,9 +3717,10 @@ void ssl_update_cache(SSL *s, int mode)
+ 
+     /*
+      * If the session_id_length is 0, we are not supposed to cache it, and it
+-     * would be rather hard to do anyway :-)
++     * would be rather hard to do anyway :-). Also if the session has already
++     * been marked as not_resumable we should not cache it for later reuse.
+      */
+-    if (s->session->session_id_length == 0)
++    if (s->session->session_id_length == 0 || s->session->not_resumable)
+         return;
+ 
+     /*
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_sess.c b/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_sess.c
+index 68b57a5..c1c7837 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_sess.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_sess.c
+@@ -152,16 +152,11 @@ SSL_SESSION *SSL_SESSION_new(void)
+     return ss;
+ }
+ 
+-SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
+-{
+-    return ssl_session_dup(src, 1);
+-}
+-
+ /*
+  * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
+  * ticket == 0 then no ticket information is duplicated, otherwise it is.
+  */
+-SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
++static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
+ {
+     SSL_SESSION *dest;
+ 
+@@ -281,6 +276,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
+     return NULL;
+ }
+ 
++SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
++{
++    return ssl_session_dup_intern(src, 1);
++}
++
++/*
++ * Used internally when duplicating a session which might be already shared.
++ * We will have resumed the original session. Subsequently we might have marked
++ * it as non-resumable (e.g. in another thread) - but this copy should be ok to
++ * resume from.
++ */
++SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
++{
++    SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
++
++    if (sess != NULL)
++        sess->not_resumable = 0;
++
++    return sess;
++}
++
+ const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
+ {
+     if (len)
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/ssl/statem/statem_srvr.c b/CryptoPkg/Library/OpensslLib/openssl/ssl/statem/statem_srvr.c
+index a9e67f9..6c942e6 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/ssl/statem/statem_srvr.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/ssl/statem/statem_srvr.c
+@@ -2338,9 +2338,8 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
+      * so the following won't overwrite an ID that we're supposed
+      * to send back.
+      */
+-    if (s->session->not_resumable ||
+-        (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
+-         && !s->hit))
++    if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
++            && !s->hit)
+         s->session->session_id_length = 0;
+ 
+     if (usetls13) {
diff --git a/SPECS/edk2/CVE-2024-38796.patch b/SPECS/edk2/CVE-2024-38796.patch
new file mode 100644
index 0000000000..59aa80a6b6
--- /dev/null
+++ b/SPECS/edk2/CVE-2024-38796.patch
@@ -0,0 +1,26 @@
+From a6d8206a22d70dc5e6d7ac8aae8e69b80ace7e61 Mon Sep 17 00:00:00 2001
+From: jykanase 
+Date: Wed, 2 Apr 2025 05:23:55 +0000
+Subject: [PATCH] CVE-2024-38796
+
+Upstream patch reference: https://github.com/tianocore/edk2/commit/c95233b8525ca6828921affd1496146cff262e65
+---
+ MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+index 86ff2e7..128090d 100644
+--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
++++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+@@ -1054,7 +1054,7 @@ PeCoffLoaderRelocateImage (
+     RelocDir = &Hdr.Te->DataDirectory[0];
+   }
+ 
+-  if ((RelocDir != NULL) && (RelocDir->Size > 0)) {
++  if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) {
+     RelocBase    = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
+     RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (
+                                                   ImageContext,
+-- 
+2.45.2
+
diff --git a/SPECS/edk2/CVE-2024-4603.patch b/SPECS/edk2/CVE-2024-4603.patch
new file mode 100644
index 0000000000..7c3ee34ade
--- /dev/null
+++ b/SPECS/edk2/CVE-2024-4603.patch
@@ -0,0 +1,125 @@
+From d2bbe37ccf8857197a4b6c36fc0381ab58bb8b09 Mon Sep 17 00:00:00 2001
+From: Archana Choudhary 
+Date: Tue, 29 Apr 2025 09:12:17 +0000
+Subject: [PATCH] Fix for CVE-2024-4603
+
+Ported from https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397
+---
+ .../Library/OpensslLib/openssl/CHANGES.md     | 17 +++++++
+ .../OpensslLib/openssl/crypto/dsa/dsa_check.c | 45 +++++++++++++++++--
+ 2 files changed, 58 insertions(+), 4 deletions(-)
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/CHANGES.md b/CryptoPkg/Library/OpensslLib/openssl/CHANGES.md
+index 84933a8..34a2e7f 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/CHANGES.md
++++ b/CryptoPkg/Library/OpensslLib/openssl/CHANGES.md
+@@ -30,6 +30,23 @@ breaking changes, and mappings for the large list of deprecated functions.
+ 
+ ### Changes between 3.0.6 and 3.0.7 [1 Nov 2022]
+ 
++ * Fixed an issue where checking excessively long DSA keys or parameters may
++   be very slow.
++
++   Applications that use the functions EVP_PKEY_param_check() or
++   EVP_PKEY_public_check() to check a DSA public key or DSA parameters may
++   experience long delays. Where the key or parameters that are being checked
++   have been obtained from an untrusted source this may lead to a Denial of
++   Service.
++
++   To resolve this issue DSA keys larger than OPENSSL_DSA_MAX_MODULUS_BITS
++   will now fail the check immediately with a DSA_R_MODULUS_TOO_LARGE error
++   reason.
++
++   ([CVE-2024-4603])
++
++   *Tomáš Mráz*
++
+  * Fixed two buffer overflows in punycode decoding functions.
+ 
+    A buffer overrun can be triggered in X.509 certificate verification,
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/dsa/dsa_check.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/dsa/dsa_check.c
+index 7ee914a..a66fe05 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/dsa/dsa_check.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/dsa/dsa_check.c
+@@ -19,8 +19,34 @@
+ #include "dsa_local.h"
+ #include "crypto/dsa.h"
+ 
++static int dsa_precheck_params(const DSA *dsa, int *ret)
++{
++    if (dsa->params.p == NULL || dsa->params.q == NULL) {
++        ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS);
++        *ret = FFC_CHECK_INVALID_PQ;
++        return 0;
++    }
++
++    if (BN_num_bits(dsa->params.p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
++        ERR_raise(ERR_LIB_DSA, DSA_R_MODULUS_TOO_LARGE);
++        *ret = FFC_CHECK_INVALID_PQ;
++        return 0;
++    }
++
++    if (BN_num_bits(dsa->params.q) >= BN_num_bits(dsa->params.p)) {
++        ERR_raise(ERR_LIB_DSA, DSA_R_BAD_Q_VALUE);
++        *ret = FFC_CHECK_INVALID_PQ;
++        return 0;
++    }
++
++    return 1;
++}
++
+ int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
+ {
++    if (!dsa_precheck_params(dsa, ret))
++        return 0;
++
+     if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK)
+         return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params,
+                                                FFC_PARAM_TYPE_DSA, ret);
+@@ -39,6 +65,9 @@ int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
+  */
+ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
+ {
++    if (!dsa_precheck_params(dsa, ret))
++        return 0;
++
+     return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret);
+ }
+ 
+@@ -49,6 +78,10 @@ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
+  */
+ int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret)
+ {
++    
++    if (!dsa_precheck_params(dsa, ret))
++        return 0;
++    
+     return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret);
+ }
+ 
+@@ -56,8 +89,10 @@ int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret)
+ {
+     *ret = 0;
+ 
+-    return (dsa->params.q != NULL
+-            && ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret));
++    if (!dsa_precheck_params(dsa, ret))
++        return 0;
++
++    return ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret);
+ }
+ 
+ /*
+@@ -70,8 +105,10 @@ int ossl_dsa_check_pairwise(const DSA *dsa)
+     BN_CTX *ctx = NULL;
+     BIGNUM *pub_key = NULL;
+ 
+-    if (dsa->params.p == NULL
+-        || dsa->params.g == NULL
++    if (!dsa_precheck_params(dsa, &ret))
++        return 0;
++
++    if (dsa->params.g == NULL
+         || dsa->priv_key == NULL
+         || dsa->pub_key == NULL)
+         return 0;
diff --git a/SPECS/edk2/vendored-openssl-1.1.1-Only-free-the-read-buffers-if-we-re-not-using-them.patch b/SPECS/edk2/CVE-2024-4741.patch
similarity index 82%
rename from SPECS/edk2/vendored-openssl-1.1.1-Only-free-the-read-buffers-if-we-re-not-using-them.patch
rename to SPECS/edk2/CVE-2024-4741.patch
index d64fc4ffc7..133442d130 100644
--- a/SPECS/edk2/vendored-openssl-1.1.1-Only-free-the-read-buffers-if-we-re-not-using-them.patch
+++ b/SPECS/edk2/CVE-2024-4741.patch
@@ -1,4 +1,4 @@
-From f7a045f3143fc6da2ee66bf52d8df04829590dd4 Mon Sep 17 00:00:00 2001
+From b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d Mon Sep 17 00:00:00 2001
 From: Watson Ladd 
 Date: Wed, 24 Apr 2024 11:26:56 +0100
 Subject: [PATCH] Only free the read buffers if we're not using them
@@ -7,9 +7,14 @@ If we're part way through processing a record, or the application has
 not released all the records then we should not free our buffer because
 they are still needed.
 
+CVE-2024-4741
+
 Reviewed-by: Tomas Mraz 
 Reviewed-by: Neil Horman 
 Reviewed-by: Matt Caswell 
+(Merged from https://github.com/openCryptoPkg/Library/OpensslLib/openssl/ssl/openCryptoPkg/Library/OpensslLib/openssl/ssl/pull/24395)
+
+(cherry picked from commit 704f725b96aa373ee45ecfb23f6abfe8be8d9177)
 ---
  CryptoPkg/Library/OpensslLib/openssl/ssl/record/rec_layer_s3.c | 9 +++++++++
  CryptoPkg/Library/OpensslLib/openssl/ssl/record/record.h       | 1 +
@@ -17,7 +22,7 @@ Reviewed-by: Matt Caswell 
  3 files changed, 13 insertions(+)
 
 diff --git a/CryptoPkg/Library/OpensslLib/openssl/ssl/record/rec_layer_s3.c b/CryptoPkg/Library/OpensslLib/openssl/ssl/record/rec_layer_s3.c
-index 1db1712a0..525c3abf4 100644
+index 4bcffcc41e364..1569997bea2d3 100644
 --- a/CryptoPkg/Library/OpensslLib/openssl/ssl/record/rec_layer_s3.c
 +++ b/CryptoPkg/Library/OpensslLib/openssl/ssl/record/rec_layer_s3.c
 @@ -81,6 +81,15 @@ int RECORD_LAYER_read_pending(const RECORD_LAYER *rl)
@@ -37,10 +42,10 @@ index 1db1712a0..525c3abf4 100644
  int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl)
  {
 diff --git a/CryptoPkg/Library/OpensslLib/openssl/ssl/record/record.h b/CryptoPkg/Library/OpensslLib/openssl/ssl/record/record.h
-index af56206e0..513ab3988 100644
+index 234656bf93942..b60f71c8cb23b 100644
 --- a/CryptoPkg/Library/OpensslLib/openssl/ssl/record/record.h
 +++ b/CryptoPkg/Library/OpensslLib/openssl/ssl/record/record.h
-@@ -197,6 +197,7 @@ void RECORD_LAYER_release(RECORD_LAYER *rl);
+@@ -205,6 +205,7 @@ void RECORD_LAYER_release(RECORD_LAYER *rl);
  int RECORD_LAYER_read_pending(const RECORD_LAYER *rl);
  int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl);
  int RECORD_LAYER_write_pending(const RECORD_LAYER *rl);
@@ -49,10 +54,10 @@ index af56206e0..513ab3988 100644
  void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl);
  int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl);
 diff --git a/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c b/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c
-index c01ad8291..356d65cb6 100644
+index eed649c6fdee9..d14c55ae557bc 100644
 --- a/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c
 +++ b/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c
-@@ -5248,6 +5248,9 @@ int SSL_free_buffers(SSL *ssl)
+@@ -5492,6 +5492,9 @@ int SSL_free_buffers(SSL *ssl)
      if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl))
          return 0;
  
@@ -62,6 +67,3 @@ index c01ad8291..356d65cb6 100644
      RECORD_LAYER_release(rl);
      return 1;
  }
--- 
-2.33.8
-
diff --git a/SPECS/edk2/edk2.spec b/SPECS/edk2/edk2.spec
index 2c8498fb1a..ec328e5e29 100644
--- a/SPECS/edk2/edk2.spec
+++ b/SPECS/edk2/edk2.spec
@@ -55,10 +55,10 @@ ExclusiveArch: x86_64
 
 Name:       edk2
 Version:    %{GITDATE}git%{GITCOMMIT}
-Release:    5%{?dist}
+Release:    8%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-Patent AND BSD-3-Clause AND BSD-4-Clause AND ISC AND MIT AND LicenseRef-Fedora-Public-Domain
-URL:        http://www.tianocore.org
+URL:        https://www.tianocore.org
 
 # The source tarball is created using following commands:
 # COMMIT=bb1bba3d7767
@@ -129,11 +129,15 @@ Patch0017: 0017-silence-.-has-a-LOAD-segment-with-RWX-permissions-wa.patch
 %endif
 Patch0018: 0018-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch
 Patch0019: 0019-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch
+Patch0020: CVE-2024-38796.patch
 
 # Patches for the vendored OpenSSL are in the range from 1000 to 1999 (inclusive).
 Patch1000: CVE-2022-3996.patch
 Patch1001: CVE-2024-6119.patch
-Patch1002: vendored-openssl-1.1.1-Only-free-the-read-buffers-if-we-re-not-using-them.patch
+Patch1002: CVE-2024-4741.patch
+Patch1003: CVE-2024-13176.patch
+Patch1004: CVE-2024-2511.patch
+Patch1005: CVE-2024-4603.patch
 
 # python3-devel and libuuid-devel are required for building tools.
 # python3-devel is also needed for varstore template generation and
@@ -795,6 +799,16 @@ done
 /boot/efi/HvLoader.efi
 
 %changelog
+* Thu Apr 24 2025 Jyoti Kanase  - 20240524git3e722403cd16-8
+- Fix CVE-2024-38796
+
+* Wed Apr 23 2025 Archana Choudhary  - 20240524git3e722403cd16-7
+- Add patch for CVE-2024-2511, CVE-2024-4603
+
+* Mon Apr 14 2025 Tobias Brick  - 20240524git3e722403cd16-6
+- Patch CVE-2024-13176.
+- Rename patch for CVE-2024-4741 to standard name format.
+
 * Tue Mar 25 2025 Tobias Brick  - 20240524git3e722403cd16-5
 - Patch vendored openssl to only free read buffers if not in use.
 
diff --git a/SPECS/elfutils/CVE-2025-1372.patch b/SPECS/elfutils/CVE-2025-1372.patch
new file mode 100644
index 0000000000..491b1abee5
--- /dev/null
+++ b/SPECS/elfutils/CVE-2025-1372.patch
@@ -0,0 +1,34 @@
+From e4d9e57a1237f3f0c16dc029108fc2a82d8c7c17 Mon Sep 17 00:00:00 2001
+From: Kanishk-Bansal 
+Date: Thu, 20 Mar 2025 04:19:47 +0000
+Subject: [PATCH] CVE-2025-1372
+Upstream Reference : https://sourceware.org/git/?p=elfutils.git;a=commit;h=73db9d2021cab9e23fd734b0a76a612d52a6f1db
+---
+ src/readelf.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/readelf.c b/src/readelf.c
+index 6950204..8319a47 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -12905,7 +12905,7 @@ dump_data_section (Elf_Scn *scn, const GElf_Shdr *shdr, const char *name)
+ 			_("Couldn't uncompress section"),
+ 			elf_ndxscn (scn));
+ 	    }
+-	  else if (startswith (name, ".zdebug"))
++		else if (name && startswith (name, ".zdebug"))
+ 	    {
+ 	      if (elf_compress_gnu (scn, 0, 0) < 0)
+ 		printf ("WARNING: %s [%zd]\n",
+@@ -12956,7 +12956,7 @@ print_string_section (Elf_Scn *scn, const GElf_Shdr *shdr, const char *name)
+ 			_("Couldn't uncompress section"),
+ 			elf_ndxscn (scn));
+ 	    }
+-	  else if (startswith (name, ".zdebug"))
++	  else if (name && startswith (name, ".zdebug"))
+ 	    {
+ 	      if (elf_compress_gnu (scn, 0, 0) < 0)
+ 		printf ("WARNING: %s [%zd]\n",
+-- 
+2.45.2
+
diff --git a/SPECS/elfutils/CVE-2025-1376.patch b/SPECS/elfutils/CVE-2025-1376.patch
new file mode 100644
index 0000000000..7f76fb1bea
--- /dev/null
+++ b/SPECS/elfutils/CVE-2025-1376.patch
@@ -0,0 +1,51 @@
+From b16f441cca0a4841050e3215a9f120a6d8aea918 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard 
+Date: Thu, 13 Feb 2025 00:02:32 +0100
+Subject: [PATCH] libelf: Handle elf_strptr on section without any data
+
+In the unlikely situation that elf_strptr was called on a section with
+sh_size already set, but that doesn't have any data yet we could crash
+trying to verify the string to return.
+
+This could happen for example when a new section was created with
+elf_newscn, but no data having been added yet.
+
+	* libelf/elf_strptr.c (elf_strptr): Check strscn->rawdata_base
+	is not NULL.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=32672
+
+Signed-off-by: Mark Wielaard 
+---
+ libelf/elf_strptr.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/libelf/elf_strptr.c b/libelf/elf_strptr.c
+index c5a94f82a..7be7f5e8f 100644
+--- a/libelf/elf_strptr.c
++++ b/libelf/elf_strptr.c
+@@ -1,5 +1,6 @@
+ /* Return string pointer from string section.
+    Copyright (C) 1998-2002, 2004, 2008, 2009, 2015 Red Hat, Inc.
++   Copyright (C) 2025 Mark J. Wielaard 
+    This file is part of elfutils.
+    Contributed by Ulrich Drepper , 1998.
+ 
+@@ -183,9 +184,12 @@ elf_strptr (Elf *elf, size_t idx, size_t offset)
+       // initialized yet (when data_read is zero). So we cannot just
+       // look at the rawdata.d.d_size.
+ 
+-      /* Make sure the string is NUL terminated.  Start from the end,
+-	 which very likely is a NUL char.  */
+-      if (likely (validate_str (strscn->rawdata_base, offset, sh_size)))
++      /* First check there actually is any data.  This could be a new
++         section which hasn't had any data set yet.  Then make sure
++         the string is at a valid offset and NUL terminated.  */
++      if (unlikely (strscn->rawdata_base == NULL))
++	__libelf_seterrno (ELF_E_INVALID_SECTION);
++      else if (likely (validate_str (strscn->rawdata_base, offset, sh_size)))
+ 	result = &strscn->rawdata_base[offset];
+       else
+ 	__libelf_seterrno (ELF_E_INVALID_INDEX);
+-- 
+2.43.5
diff --git a/SPECS/elfutils/CVE-2025-1377.patch b/SPECS/elfutils/CVE-2025-1377.patch
new file mode 100644
index 0000000000..223f710c6b
--- /dev/null
+++ b/SPECS/elfutils/CVE-2025-1377.patch
@@ -0,0 +1,62 @@
+From fbf1df9ca286de3323ae541973b08449f8d03aba Mon Sep 17 00:00:00 2001
+From: Mark Wielaard 
+Date: Thu, 13 Feb 2025 14:59:34 +0100
+Subject: [PATCH] strip: Verify symbol table is a real symbol table
+
+We didn't check the symbol table referenced from the relocation table
+was a real symbol table. This could cause a crash if that section
+happened to be an SHT_NOBITS section without any data. Fix this by
+adding an explicit check.
+
+       * src/strip.c (INTERNAL_ERROR_MSG): New macro that takes a
+       message string to display.
+       (INTERNAL_ERROR): Use INTERNAL_ERROR_MSG with elf_errmsg (-1).
+       (remove_debug_relocations): Check the sh_link referenced
+       section is real and isn't a SHT_NOBITS section.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=32673
+
+Signed-off-by: Mark Wielaard 
+---
+ src/strip.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/src/strip.c b/src/strip.c
+index 3812fb17a..8d2bb7a95 100644
+--- a/src/strip.c
++++ b/src/strip.c
+@@ -126,13 +126,14 @@ static char *tmp_debug_fname = NULL;
+ /* Close debug file descriptor, if opened. And remove temporary debug file.  */
+ static void cleanup_debug (void);
+ 
+-#define INTERNAL_ERROR(fname) \
++#define INTERNAL_ERROR_MSG(fname, msg) \
+   do { \
+     cleanup_debug (); \
+     error_exit (0, _("%s: INTERNAL ERROR %d (%s): %s"),			\
+-		fname, __LINE__, PACKAGE_VERSION, elf_errmsg (-1));	\
++		fname, __LINE__, PACKAGE_VERSION, msg);	\
+   } while (0)
+ 
++#define INTERNAL_ERROR(fname) INTERNAL_ERROR_MSG(fname, elf_errmsg (-1))
+ 
+ /* Name of the output file.  */
+ static const char *output_fname;
+@@ -631,7 +632,14 @@ remove_debug_relocations (Ebl *ebl, Elf *elf, GElf_Ehdr *ehdr,
+ 	     resolve relocation symbol indexes.  */
+ 	  Elf64_Word symt = shdr->sh_link;
+ 	  Elf_Data *symdata, *xndxdata;
+-	  Elf_Scn * symscn = elf_getscn (elf, symt);
++	  Elf_Scn *symscn = elf_getscn (elf, symt);
++	  GElf_Shdr symshdr_mem;
++	  GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
++	  if (symshdr == NULL)
++	    INTERNAL_ERROR (fname);
++	  if (symshdr->sh_type == SHT_NOBITS)
++	    INTERNAL_ERROR_MSG (fname, "NOBITS section");
++
+ 	  symdata = elf_getdata (symscn, NULL);
+ 	  xndxdata = get_xndxdata (elf, symscn);
+ 	  if (symdata == NULL)
+-- 
+2.43.5
diff --git a/SPECS/elfutils/elfutils.spec b/SPECS/elfutils/elfutils.spec
index 9411b0aab3..0671db63c3 100644
--- a/SPECS/elfutils/elfutils.spec
+++ b/SPECS/elfutils/elfutils.spec
@@ -4,7 +4,7 @@
 Summary:        A collection of utilities and DSOs to handle compiled objects
 Name:           elfutils
 Version:        0.189
-Release:        5%{?dist}
+Release:        6%{?dist}
 License:        GPLv3+ AND (GPLv2+ OR LGPLv3+)
 Vendor:         Intel Corporation
 Distribution:   Edge Microvisor Toolkit
@@ -13,6 +13,10 @@ URL:            https://sourceware.org/elfutils
 Source0:        https://sourceware.org/elfutils/ftp/%{version}/%{name}-%{version}.tar.bz2
 Source1:        10-ptrace-yama.conf
 
+Patch0:         CVE-2025-1372.patch
+Patch1:         CVE-2025-1376.patch
+Patch2:         CVE-2025-1377.patch
+
 BuildRequires:  bison >= 1.875
 BuildRequires:  bzip2-devel
 BuildRequires:  flex >= 2.5.4a
@@ -144,7 +148,7 @@ Requires:       %{name}-libelf = %{version}-%{release}
 These are the additional language files of elfutils.
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 %configure \
@@ -278,6 +282,10 @@ fi
 %defattr(-,root,root)
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 0.189-6
+- merge from Azure Linux 3.0.20250521-3.0
+- Add patch for CVE-2025-1372, CVE-2025-1376 & CVE-2025-1377
+
 * Thu Dec 19 2024 Mun Chun Yep  - 0.189-5
 - Update vendor and distribution tag.
 
diff --git a/SPECS/erlang/erlang.signatures.json b/SPECS/erlang/erlang.signatures.json
index 321b00866a..43aa474fe0 100644
--- a/SPECS/erlang/erlang.signatures.json
+++ b/SPECS/erlang/erlang.signatures.json
@@ -1,5 +1,5 @@
 {
-  "Signatures": {
-    "erlang-26.2.5.9.tar.gz": "730b937d31c899db5a14567d23452d1cee2f058aea4a42becbb4cb926a286927"
-  }
-}
+ "Signatures": {
+  "erlang-26.2.5.11.tar.gz": "2eef7aac690a6cedfe0e6a20fc2d700db3490b4e4249683c0e5b812ad71304ed"
+ }
+}
\ No newline at end of file
diff --git a/SPECS/erlang/erlang.spec b/SPECS/erlang/erlang.spec
index ee821cf7af..a16365e2ed 100644
--- a/SPECS/erlang/erlang.spec
+++ b/SPECS/erlang/erlang.spec
@@ -1,7 +1,7 @@
 %define  debug_package %{nil}
 Summary:        erlang
 Name:           erlang
-Version:        26.2.5.9
+Version:        26.2.5.11
 Release:        1%{?dist}
 License:        Apache-2.0
 Vendor:         Microsoft Corporation
@@ -53,6 +53,12 @@ export ERL_TOP=`pwd`
 %{_libdir}/erlang/*
 
 %changelog
+* Thu Apr 17 2025 Kshitiz Godara  - 26.2.5.11-1
+- Upgrade to 26.2.5.11 - fix cve CVE-2025-32433.
+
+* Thu Apr 03 2025 Sandeep Karambelkar  - 26.2.5.10-1
+- Upgrade to 26.2.5.10 - fix cve CVE-2025-30211.
+
 * Tue Feb 25 2025 CBL-Mariner Servicing Account  - 26.2.5.9-1
 - Auto-upgrade to 26.2.5.9 - for CVE-2025-26618
 
@@ -96,4 +102,4 @@ export ERL_TOP=`pwd`
 - Updated Version
 
 * Mon Dec 12 2016 Priyesh Padmavilasom  19.1-1
-- Initial.
\ No newline at end of file
+- Initial.
diff --git a/SPECS/espeak-ng/espeak-ng-1.51-CVE-2023-49990-4.patch b/SPECS/espeak-ng/espeak-ng-1.51-CVE-2023-49990-4.patch
deleted file mode 100644
index de77a90464..0000000000
Binary files a/SPECS/espeak-ng/espeak-ng-1.51-CVE-2023-49990-4.patch and /dev/null differ
diff --git a/SPECS/espeak-ng/espeak-ng.signatures.json b/SPECS/espeak-ng/espeak-ng.signatures.json
index 9ebb83d9f6..95ef9a5377 100644
--- a/SPECS/espeak-ng/espeak-ng.signatures.json
+++ b/SPECS/espeak-ng/espeak-ng.signatures.json
@@ -1,5 +1,5 @@
 {
- "Signatures": {
-  "espeak-ng-1.51.1.tgz": "0823df5648659dcb67915baaf99118dcc8853639f47cadaa029c174bdd768d20"
- }
-}
\ No newline at end of file
+  "Signatures": {
+    "espeak-ng-1.52.0.tgz": "bb4338102ff3b49a81423da8a1a158b420124b055b60fa76cfb4b18677130a23"
+  }
+}
diff --git a/SPECS/espeak-ng/espeak-ng.spec b/SPECS/espeak-ng/espeak-ng.spec
index 3f6cf3e103..2dfa2bb57b 100644
--- a/SPECS/espeak-ng/espeak-ng.spec
+++ b/SPECS/espeak-ng/espeak-ng.spec
@@ -1,6 +1,6 @@
 Summary:        Compact text-to-speech synthesizer
 Name:           espeak-ng
-Version:        1.51.1
+Version:        1.52.0
 Release:        1%{?dist}
 # Apache2 license applies only to Android APK code- does not apply here
 # BSD license applies only to Windows code- does not apply here
@@ -8,8 +8,7 @@ License:        GPLv3 AND Unicode
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://github.com/espeak-ng/espeak-ng
-Source0:        https://github.com/%{name}/%{name}/archive/%{version}/%{name}-%{version}.tar.gz#/%{name}-%{version}.tgz
-Patch0:         espeak-ng-1.51-CVE-2023-49990-4.patch
+Source0:        https://github.com/%{name}/%{name}/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tgz
 BuildRequires:  alsa-lib-devel
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -64,8 +63,7 @@ rm -vrf %{buildroot}%{_datadir}/vim/registry
 %check
 %make_build check
 
-%post	-p /sbin/ldconfig
-%postun	-p /sbin/ldconfig
+%ldconfig_scriptlets
 
 %files
 %license COPYING
@@ -73,7 +71,7 @@ rm -vrf %{buildroot}%{_datadir}/vim/registry
 %license COPYING.BSD2
 %license COPYING.UCD
 %doc README.md
-%doc CHANGELOG.md
+%doc ChangeLog.md
 %{_bindir}/speak-ng
 %{_bindir}/espeak-ng
 %{_libdir}/libespeak-ng.so.1
@@ -91,6 +89,10 @@ rm -vrf %{buildroot}%{_datadir}/vim/registry
 %{_datadir}/vim/vimfiles/syntax/espeakrules.vim
 
 %changelog
+* Thu Apr 17 2025 CBL-Mariner Servicing Account  - 1.52.0-1
+- Auto-upgrade to 1.52.0 - remove chrome extension which used unverified function
+- Removing patch file for CVE-2023-49990 as it is fixed in newest version.
+
 * Wed Jan 31 2024 Sumedh Sharma  - 1.51.1-1
 - Bump package version to 1.51.1
 - move vim specific builds to sub-package 'vim'
diff --git a/SPECS/etcd/etcd.signatures.json b/SPECS/etcd/etcd.signatures.json
index 5a4ca8a407..f3e8ce4eef 100644
--- a/SPECS/etcd/etcd.signatures.json
+++ b/SPECS/etcd/etcd.signatures.json
@@ -1,7 +1,7 @@
 {
   "Signatures": {
     "etcd.service": "4550a4967ba35670051cbfd9b4edf1fc57c0f1d7a07e51f88351ac44c76d8066",
-    "etcd-3.5.18.tar.gz": "8c8890b15c1a19263ab4ee2b374698c1d76c2b31e9b55bdeea47193aa48d8025",
-    "etcd-3.5.18-vendor.tar.gz": "c8b9c5dac4466a1cc528801aad1664fbd4cc7967f31f495187afd79e01d716f3"
+    "etcd-3.5.21.tar.gz": "76d7fcafe4fcc957fcd45671226b992c16e5f5e724935dea9df0190ac2b13481",
+    "etcd-3.5.21-vendor.tar.gz": "b4c072080f0ca47c1d447b6547165b943206cb5cb71dbd35a9e68079fdeac5a7"
   }
 }
diff --git a/SPECS/etcd/etcd.spec b/SPECS/etcd/etcd.spec
index a9707598d8..504943df71 100644
--- a/SPECS/etcd/etcd.spec
+++ b/SPECS/etcd/etcd.spec
@@ -2,7 +2,7 @@
 
 Summary:        A highly-available key value store for shared configuration
 Name:           etcd
-Version:        3.5.18
+Version:        3.5.21
 Release:        2%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
@@ -145,6 +145,10 @@ install -vdm755 %{buildroot}%{_sharedstatedir}/etcd
 /%{_docdir}/%{name}-%{version}-tools/*
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 3.5.21-2
+- merge from Azure Linux 3.0.20250521-3.0
+- Auto-upgrade to 3.5.21 - for CVE-2025-30204 [High]
+
 * Fri Mar 21 2025 Anuj Mittal  - 3.5.18-2
 - Bump Release to rebuild
 
diff --git a/SPECS/expat/CVE-2024-50602.patch b/SPECS/expat/CVE-2024-50602.patch
deleted file mode 100644
index 0d908da5fc..0000000000
--- a/SPECS/expat/CVE-2024-50602.patch
+++ /dev/null
@@ -1,156 +0,0 @@
-From 22f1d9704ac38c7102e7a68272b07355cad4925a Mon Sep 17 00:00:00 2001
-From: Sindhu Karri 
-Date: Tue, 29 Oct 2024 10:17:59 +0000
-Subject: [PATCH] CVE-2024-50602
-
----
-From 51c7019069b862e88d94ed228659e70bddd5de09 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping 
-Date: Mon, 21 Oct 2024 01:42:54 +0200
-Subject: [PATCH 1/3] lib: Make XML_StopParser refuse to stop/suspend an
- unstarted parser
-
-
-From 5fb89e7b3afa1c314b34834fe729cd063f65a4d4 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping 
-Date: Mon, 21 Oct 2024 01:46:11 +0200
-Subject: [PATCH 2/3] lib: Be explicit about XML_PARSING in XML_StopParser
-
-From b3836ff534c7cc78128fe7b935aad3d4353814ed Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping 
-Date: Sun, 20 Oct 2024 23:24:27 +0200
-Subject: [PATCH 3/3] tests: Cover XML_StopParser's new handling of status
- XML_INITIALIZED
-
-Prior to the fix to XML_StopParser, test test_misc_resumeparser_not_crashing
-would crash with a NULL pointer dereference in function normal_updatePosition.
-This was the AddressSanitizer output:
-
-> AddressSanitizer:DEADLYSIGNAL
-> =================================================================
-> ==19700==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x5623e07ad85f bp 0x7ffcf40da650 sp 0x7ffcf40da590 T0)
-> ==19700==The signal is caused by a READ memory access.
-> ==19700==Hint: address points to the zero page.
->     #0 0x5623e07ad85f in normal_updatePosition [..]/lib/xmltok_impl.c:1781:13
->     #1 0x5623e07a52ff in initUpdatePosition [..]/lib/xmltok.c:1031:3
->     #2 0x5623e0762760 in XML_ResumeParser [..]/lib/xmlparse.c:2297:3
->     #3 0x5623e074f7c1 in test_misc_resumeparser_not_crashing() misc_tests_cxx.cpp
->     #4 0x5623e074e228 in srunner_run_all ([..]/build_asan_fuzzers/tests/runtests_cxx+0x136228)
->     #5 0x5623e0753d2d in main ([..]/build_asan_fuzzers/tests/runtests_cxx+0x13bd2d)
->     #6 0x7f802a39af79  (/lib64/libc.so.6+0x25f79)
->     #7 0x7f802a39b034 in __libc_start_main (/lib64/libc.so.6+0x26034)
->     #8 0x5623e064f340 in _start ([..]/build_asan_fuzzers/tests/runtests_cxx+0x37340)
->
-> AddressSanitizer can not provide additional info.
-> SUMMARY: AddressSanitizer: SEGV [..]/lib/xmltok_impl.c:1781:13 in normal_updatePosition
-> ==19700==ABORTING
-
-And this the UndefinedBehaviorSanitizer output:
-
-> [..]/lib/xmltok_impl.c:1781:13: runtime error: load of null pointer of type 'const char'                                           > SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior [..]/lib/xmltok_impl.c:1781:13 in
----
- lib/expat.h        |  4 +++-
- lib/xmlparse.c     | 11 ++++++++++-
- tests/misc_tests.c | 24 ++++++++++++++++++++++++
- 3 files changed, 37 insertions(+), 2 deletions(-)
-
-diff --git a/lib/expat.h b/lib/expat.h
-index d0d6015..3ba6130 100644
---- a/lib/expat.h
-+++ b/lib/expat.h
-@@ -130,7 +130,9 @@ enum XML_Error {
-   /* Added in 2.3.0. */
-   XML_ERROR_NO_BUFFER,
-   /* Added in 2.4.0. */
--  XML_ERROR_AMPLIFICATION_LIMIT_BREACH
-+  XML_ERROR_AMPLIFICATION_LIMIT_BREACH,
-+  /* Added in 2.6.4. */
-+  XML_ERROR_NOT_STARTED,
- };
- 
- enum XML_Content_Type {
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index d9285b2..983f6df 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -2234,6 +2234,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) {
-   if (parser == NULL)
-     return XML_STATUS_ERROR;
-   switch (parser->m_parsingStatus.parsing) {
-+  case XML_INITIALIZED:
-+    parser->m_errorCode = XML_ERROR_NOT_STARTED;
-+    return XML_STATUS_ERROR;
-   case XML_SUSPENDED:
-     if (resumable) {
-       parser->m_errorCode = XML_ERROR_SUSPENDED;
-@@ -2244,7 +2247,7 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) {
-   case XML_FINISHED:
-     parser->m_errorCode = XML_ERROR_FINISHED;
-     return XML_STATUS_ERROR;
--  default:
-+  case XML_PARSING:
-     if (resumable) {
- #ifdef XML_DTD
-       if (parser->m_isParamEntity) {
-@@ -2255,6 +2258,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) {
-       parser->m_parsingStatus.parsing = XML_SUSPENDED;
-     } else
-       parser->m_parsingStatus.parsing = XML_FINISHED;
-+    break;
-+  default:
-+    assert(0);
-   }
-   return XML_STATUS_OK;
- }
-@@ -2519,6 +2525,9 @@ XML_ErrorString(enum XML_Error code) {
-   case XML_ERROR_AMPLIFICATION_LIMIT_BREACH:
-     return XML_L(
-         "limit on input amplification factor (from DTD and entities) breached");
-+  /* Added in 2.6.4. */
-+  case XML_ERROR_NOT_STARTED:
-+    return XML_L("parser not started");
-   }
-   return NULL;
- }
-diff --git a/tests/misc_tests.c b/tests/misc_tests.c
-index 2ee9320..1766e41 100644
---- a/tests/misc_tests.c
-+++ b/tests/misc_tests.c
-@@ -496,6 +496,28 @@ START_TEST(test_misc_char_handler_stop_without_leak) {
- }
- END_TEST
- 
-+START_TEST(test_misc_resumeparser_not_crashing) {
-+  XML_Parser parser = XML_ParserCreate(NULL);
-+  XML_GetBuffer(parser, 1);
-+  XML_StopParser(parser, /*resumable=*/XML_TRUE);
-+  XML_ResumeParser(parser); // could crash here, previously
-+  XML_ParserFree(parser);
-+}
-+END_TEST
-+
-+START_TEST(test_misc_stopparser_rejects_unstarted_parser) {
-+  const XML_Bool cases[] = {XML_TRUE, XML_FALSE};
-+  for (size_t i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) {
-+    const XML_Bool resumable = cases[i];
-+    XML_Parser parser = XML_ParserCreate(NULL);
-+    assert_true(XML_GetErrorCode(parser) == XML_ERROR_NONE);
-+    assert_true(XML_StopParser(parser, resumable) == XML_STATUS_ERROR);
-+    assert_true(XML_GetErrorCode(parser) == XML_ERROR_NOT_STARTED);
-+    XML_ParserFree(parser);
-+  }
-+}
-+END_TEST
-+
- void
- make_miscellaneous_test_case(Suite *s) {
-   TCase *tc_misc = tcase_create("miscellaneous tests");
-@@ -520,4 +542,6 @@ make_miscellaneous_test_case(Suite *s) {
-                  test_misc_create_external_entity_parser_with_null_context);
-   tcase_add_test(tc_misc, test_misc_general_entities_support);
-   tcase_add_test(tc_misc, test_misc_char_handler_stop_without_leak);
-+  tcase_add_test(tc_misc, test_misc_resumeparser_not_crashing);
-+  tcase_add_test(tc_misc, test_misc_stopparser_rejects_unstarted_parser);
- }
--- 
-2.33.8
diff --git a/SPECS/expat/CVE-2024-8176.patch b/SPECS/expat/CVE-2024-8176.patch
new file mode 100644
index 0000000000..47f38ef6dd
--- /dev/null
+++ b/SPECS/expat/CVE-2024-8176.patch
@@ -0,0 +1,1398 @@
+From 35a1dea4c07cb0f13f0736d3a8821a696c27f8b1 Mon Sep 17 00:00:00 2001
+From: Kshitiz Godara 
+Date: Thu, 20 Mar 2025 06:36:42 +0000
+Subject: [PATCH] Fix for CVE-2024-8176
+
+Upstream source: https://github.com/libexpat/libexpat/pull/973
+
+Signed-off-by: Kshitiz Godara 
+---
+ Changes             |  30 ++-
+ lib/xmlparse.c      | 566 ++++++++++++++++++++++++++++++++------------
+ tests/alloc_tests.c |  27 +++
+ tests/basic_tests.c | 187 ++++++++++++++-
+ tests/handlers.c    |  15 ++
+ tests/handlers.h    |   5 +
+ tests/misc_tests.c  |  43 ++++
+ 7 files changed, 717 insertions(+), 156 deletions(-)
+
+diff --git a/Changes b/Changes
+index aa19f70..75c62d6 100644
+--- a/Changes
++++ b/Changes
+@@ -11,7 +11,6 @@
+ !! The following topics need *additional skilled C developers* to progress   !!
+ !! in a timely manner or at all (loosely ordered by descending priority):    !!
+ !!                                                                           !!
+-!! - fixing a complex non-public security issue,              !!
+ !! - teaming up on researching and fixing future security reports and        !!
+ !!   ClusterFuzz findings with few-days-max response times in communication  !!
+ !!   in order to (1) have a sound fix ready before the end of a 90 days      !!
+@@ -30,6 +29,35 @@
+ !! THANK YOU!                        Sebastian Pipping -- Berlin, 2024-03-09 !!
+ !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ 
++        Security fixes:
++       #893 #???  CVE-2024-8176 -- Fix crash from chaining a large number
++                    of entities caused by stack overflow by resolving use of
++                    recursion, for all three uses of entities:
++                    - general entities in character data ("&g1;")
++                    - general entities in attribute values ("")
++                    - parameter entities ("%p1;")
++                    Known impact is (reliable and easy) denial of service:
++                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
++                    (Base Score: 7.5, Temporal Score: 7.2)
++                    Please note that a layer of compression around XML can
++                    significantly reduce the minimum attack payload size.
++
++        Special thanks to:
++            Alexander Gieringer
++            Berkay Eren Ürün
++            Jann Horn
++            Mark Brand
++            Sebastian Andrzej Siewior
++            Snild Dolkow
++            Thomas Pröll
++            Tomas Korbar
++            valord577
++                 and
++            Google Project Zero
++            Linutronix
++            Red Hat
++            Siemens
++
+ Release 2.6.4 Wed November 6 2024
+         Security fixes:
+             #915  CVE-2024-50602 -- Fix crash within function XML_ResumeParser
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index a4e091e..473c791 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -39,7 +39,7 @@
+    Copyright (c) 2022      Sean McBride 
+    Copyright (c) 2023      Owain Davies 
+    Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow 
+-   Copyright (c) 2024      Berkay Eren Ürün 
++   Copyright (c) 2024-2025 Berkay Eren Ürün 
+    Copyright (c) 2024      Hanno Böck 
+    Licensed under the MIT license:
+ 
+@@ -325,6 +325,10 @@ typedef struct {
+   const XML_Char *publicId;
+   const XML_Char *notation;
+   XML_Bool open;
++  XML_Bool hasMore; /* true if entity has not been completely processed */
++  /* An entity can be open while being already completely processed (hasMore ==
++    XML_FALSE). The reason is the delayed closing of entities until their inner
++    entities are processed and closed */
+   XML_Bool is_param;
+   XML_Bool is_internal; /* true if declared in internal subset outside PE */
+ } ENTITY;
+@@ -415,6 +419,12 @@ typedef struct {
+   int *scaffIndex;
+ } DTD;
+ 
++enum EntityType {
++  ENTITY_INTERNAL,
++  ENTITY_ATTRIBUTE,
++  ENTITY_VALUE,
++};
++
+ typedef struct open_internal_entity {
+   const char *internalEventPtr;
+   const char *internalEventEndPtr;
+@@ -422,6 +432,7 @@ typedef struct open_internal_entity {
+   ENTITY *entity;
+   int startTagLevel;
+   XML_Bool betweenDecl; /* WFC: PE Between Declarations */
++  enum EntityType type;
+ } OPEN_INTERNAL_ENTITY;
+ 
+ enum XML_Account {
+@@ -481,8 +492,8 @@ static enum XML_Error doProlog(XML_Parser parser, const ENCODING *enc,
+                                const char *next, const char **nextPtr,
+                                XML_Bool haveMore, XML_Bool allowClosingDoctype,
+                                enum XML_Account account);
+-static enum XML_Error processInternalEntity(XML_Parser parser, ENTITY *entity,
+-                                            XML_Bool betweenDecl);
++static enum XML_Error processEntity(XML_Parser parser, ENTITY *entity,
++                                    XML_Bool betweenDecl, enum EntityType type);
+ static enum XML_Error doContent(XML_Parser parser, int startTagLevel,
+                                 const ENCODING *enc, const char *start,
+                                 const char *end, const char **endPtr,
+@@ -513,18 +524,22 @@ static enum XML_Error storeAttributeValue(XML_Parser parser,
+                                           const char *ptr, const char *end,
+                                           STRING_POOL *pool,
+                                           enum XML_Account account);
+-static enum XML_Error appendAttributeValue(XML_Parser parser,
+-                                           const ENCODING *enc,
+-                                           XML_Bool isCdata, const char *ptr,
+-                                           const char *end, STRING_POOL *pool,
+-                                           enum XML_Account account);
++static enum XML_Error
++appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
++                     const char *ptr, const char *end, STRING_POOL *pool,
++                     enum XML_Account account, const char **nextPtr);
+ static ATTRIBUTE_ID *getAttributeId(XML_Parser parser, const ENCODING *enc,
+                                     const char *start, const char *end);
+ static int setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType);
+ #if XML_GE == 1
+ static enum XML_Error storeEntityValue(XML_Parser parser, const ENCODING *enc,
+                                        const char *start, const char *end,
+-                                       enum XML_Account account);
++                                       enum XML_Account account,
++                                       const char **nextPtr);
++static enum XML_Error callStoreEntityValue(XML_Parser parser,
++                                           const ENCODING *enc,
++                                           const char *start, const char *end,
++                                           enum XML_Account account);
+ #else
+ static enum XML_Error storeSelfEntityValue(XML_Parser parser, ENTITY *entity);
+ #endif
+@@ -709,6 +724,10 @@ struct XML_ParserStruct {
+   const char *m_positionPtr;
+   OPEN_INTERNAL_ENTITY *m_openInternalEntities;
+   OPEN_INTERNAL_ENTITY *m_freeInternalEntities;
++  OPEN_INTERNAL_ENTITY *m_openAttributeEntities;
++  OPEN_INTERNAL_ENTITY *m_freeAttributeEntities;
++  OPEN_INTERNAL_ENTITY *m_openValueEntities;
++  OPEN_INTERNAL_ENTITY *m_freeValueEntities;
+   XML_Bool m_defaultExpandInternalEntities;
+   int m_tagLevel;
+   ENTITY *m_declEntity;
+@@ -756,6 +775,7 @@ struct XML_ParserStruct {
+   ACCOUNTING m_accounting;
+   ENTITY_STATS m_entity_stats;
+ #endif
++  XML_Bool m_reenter;
+ };
+ 
+ #define MALLOC(parser, s) (parser->m_mem.malloc_fcn((s)))
+@@ -1028,7 +1048,29 @@ callProcessor(XML_Parser parser, const char *start, const char *end,
+ #if defined(XML_TESTING)
+   g_bytesScanned += (unsigned)have_now;
+ #endif
+-  const enum XML_Error ret = parser->m_processor(parser, start, end, endPtr);
++  // Run in a loop to eliminate dangerous recursion depths
++  enum XML_Error ret;
++  *endPtr = start;
++  while (1) {
++    // Use endPtr as the new start in each iteration, since it will
++    // be set to the next start point by m_processor.
++    ret = parser->m_processor(parser, *endPtr, end, endPtr);
++
++    // Make parsing status (and in particular XML_SUSPENDED) take
++    // precedence over re-enter flag when they disagree
++    if (parser->m_parsingStatus.parsing != XML_PARSING) {
++      parser->m_reenter = XML_FALSE;
++    }
++
++    if (! parser->m_reenter) {
++      break;
++    }
++
++    parser->m_reenter = XML_FALSE;
++    if (ret != XML_ERROR_NONE)
++      return ret;
++  }
++
+   if (ret == XML_ERROR_NONE) {
+     // if we consumed nothing, remember what we had on this parse attempt.
+     if (*endPtr == start) {
+@@ -1139,6 +1181,8 @@ parserCreate(const XML_Char *encodingName,
+   parser->m_freeBindingList = NULL;
+   parser->m_freeTagList = NULL;
+   parser->m_freeInternalEntities = NULL;
++  parser->m_freeAttributeEntities = NULL;
++  parser->m_freeValueEntities = NULL;
+ 
+   parser->m_groupSize = 0;
+   parser->m_groupConnector = NULL;
+@@ -1241,6 +1285,8 @@ parserInit(XML_Parser parser, const XML_Char *encodingName) {
+   parser->m_eventEndPtr = NULL;
+   parser->m_positionPtr = NULL;
+   parser->m_openInternalEntities = NULL;
++  parser->m_openAttributeEntities = NULL;
++  parser->m_openValueEntities = NULL;
+   parser->m_defaultExpandInternalEntities = XML_TRUE;
+   parser->m_tagLevel = 0;
+   parser->m_tagStack = NULL;
+@@ -1251,6 +1297,8 @@ parserInit(XML_Parser parser, const XML_Char *encodingName) {
+   parser->m_unknownEncodingData = NULL;
+   parser->m_parentParser = NULL;
+   parser->m_parsingStatus.parsing = XML_INITIALIZED;
++  // Reentry can only be triggered inside m_processor calls
++  parser->m_reenter = XML_FALSE;
+ #ifdef XML_DTD
+   parser->m_isParamEntity = XML_FALSE;
+   parser->m_useForeignDTD = XML_FALSE;
+@@ -1310,6 +1358,24 @@ XML_ParserReset(XML_Parser parser, const XML_Char *encodingName) {
+     openEntity->next = parser->m_freeInternalEntities;
+     parser->m_freeInternalEntities = openEntity;
+   }
++  /* move m_openAttributeEntities to m_freeAttributeEntities (i.e. same task but
++   * for attributes) */
++  openEntityList = parser->m_openAttributeEntities;
++  while (openEntityList) {
++    OPEN_INTERNAL_ENTITY *openEntity = openEntityList;
++    openEntityList = openEntity->next;
++    openEntity->next = parser->m_freeAttributeEntities;
++    parser->m_freeAttributeEntities = openEntity;
++  }
++  /* move m_openValueEntities to m_freeValueEntities (i.e. same task but
++   * for value entities) */
++  openEntityList = parser->m_openValueEntities;
++  while (openEntityList) {
++    OPEN_INTERNAL_ENTITY *openEntity = openEntityList;
++    openEntityList = openEntity->next;
++    openEntity->next = parser->m_freeValueEntities;
++    parser->m_freeValueEntities = openEntity;
++  }
+   moveToFreeBindingList(parser, parser->m_inheritedBindings);
+   FREE(parser, parser->m_unknownEncodingMem);
+   if (parser->m_unknownEncodingRelease)
+@@ -1323,6 +1389,19 @@ XML_ParserReset(XML_Parser parser, const XML_Char *encodingName) {
+   return XML_TRUE;
+ }
+ 
++static XML_Bool
++parserBusy(XML_Parser parser) {
++  switch (parser->m_parsingStatus.parsing) {
++  case XML_PARSING:
++  case XML_SUSPENDED:
++    return XML_TRUE;
++  case XML_INITIALIZED:
++  case XML_FINISHED:
++  default:
++    return XML_FALSE;
++  }
++}
++
+ enum XML_Status XMLCALL
+ XML_SetEncoding(XML_Parser parser, const XML_Char *encodingName) {
+   if (parser == NULL)
+@@ -1331,8 +1410,7 @@ XML_SetEncoding(XML_Parser parser, const XML_Char *encodingName) {
+      XXX There's no way for the caller to determine which of the
+      XXX possible error cases caused the XML_STATUS_ERROR return.
+   */
+-  if (parser->m_parsingStatus.parsing == XML_PARSING
+-      || parser->m_parsingStatus.parsing == XML_SUSPENDED)
++  if (parserBusy(parser))
+     return XML_STATUS_ERROR;
+ 
+   /* Get rid of any previous encoding name */
+@@ -1569,7 +1647,34 @@ XML_ParserFree(XML_Parser parser) {
+     entityList = entityList->next;
+     FREE(parser, openEntity);
+   }
+-
++  /* free m_openAttributeEntities and m_freeAttributeEntities */
++  entityList = parser->m_openAttributeEntities;
++  for (;;) {
++    OPEN_INTERNAL_ENTITY *openEntity;
++    if (entityList == NULL) {
++      if (parser->m_freeAttributeEntities == NULL)
++        break;
++      entityList = parser->m_freeAttributeEntities;
++      parser->m_freeAttributeEntities = NULL;
++    }
++    openEntity = entityList;
++    entityList = entityList->next;
++    FREE(parser, openEntity);
++  }
++  /* free m_openValueEntities and m_freeValueEntities */
++  entityList = parser->m_openValueEntities;
++  for (;;) {
++    OPEN_INTERNAL_ENTITY *openEntity;
++    if (entityList == NULL) {
++      if (parser->m_freeValueEntities == NULL)
++        break;
++      entityList = parser->m_freeValueEntities;
++      parser->m_freeValueEntities = NULL;
++    }
++    openEntity = entityList;
++    entityList = entityList->next;
++    FREE(parser, openEntity);
++  }
+   destroyBindings(parser->m_freeBindingList, parser);
+   destroyBindings(parser->m_inheritedBindings, parser);
+   poolDestroy(&parser->m_tempPool);
+@@ -1611,8 +1716,7 @@ XML_UseForeignDTD(XML_Parser parser, XML_Bool useDTD) {
+     return XML_ERROR_INVALID_ARGUMENT;
+ #ifdef XML_DTD
+   /* block after XML_Parse()/XML_ParseBuffer() has been called */
+-  if (parser->m_parsingStatus.parsing == XML_PARSING
+-      || parser->m_parsingStatus.parsing == XML_SUSPENDED)
++  if (parserBusy(parser))
+     return XML_ERROR_CANT_CHANGE_FEATURE_ONCE_PARSING;
+   parser->m_useForeignDTD = useDTD;
+   return XML_ERROR_NONE;
+@@ -1627,8 +1731,7 @@ XML_SetReturnNSTriplet(XML_Parser parser, int do_nst) {
+   if (parser == NULL)
+     return;
+   /* block after XML_Parse()/XML_ParseBuffer() has been called */
+-  if (parser->m_parsingStatus.parsing == XML_PARSING
+-      || parser->m_parsingStatus.parsing == XML_SUSPENDED)
++  if (parserBusy(parser))
+     return;
+   parser->m_ns_triplets = do_nst ? XML_TRUE : XML_FALSE;
+ }
+@@ -1897,8 +2000,7 @@ XML_SetParamEntityParsing(XML_Parser parser,
+   if (parser == NULL)
+     return 0;
+   /* block after XML_Parse()/XML_ParseBuffer() has been called */
+-  if (parser->m_parsingStatus.parsing == XML_PARSING
+-      || parser->m_parsingStatus.parsing == XML_SUSPENDED)
++  if (parserBusy(parser))
+     return 0;
+ #ifdef XML_DTD
+   parser->m_paramEntityParsing = peParsing;
+@@ -1915,8 +2017,7 @@ XML_SetHashSalt(XML_Parser parser, unsigned long hash_salt) {
+   if (parser->m_parentParser)
+     return XML_SetHashSalt(parser->m_parentParser, hash_salt);
+   /* block after XML_Parse()/XML_ParseBuffer() has been called */
+-  if (parser->m_parsingStatus.parsing == XML_PARSING
+-      || parser->m_parsingStatus.parsing == XML_SUSPENDED)
++  if (parserBusy(parser))
+     return 0;
+   parser->m_hash_secret_salt = hash_salt;
+   return 1;
+@@ -2230,6 +2331,11 @@ XML_GetBuffer(XML_Parser parser, int len) {
+   return parser->m_bufferEnd;
+ }
+ 
++static void
++triggerReenter(XML_Parser parser) {
++  parser->m_reenter = XML_TRUE;
++}
++
+ enum XML_Status XMLCALL
+ XML_StopParser(XML_Parser parser, XML_Bool resumable) {
+   if (parser == NULL)
+@@ -2704,8 +2810,9 @@ static enum XML_Error PTRCALL
+ contentProcessor(XML_Parser parser, const char *start, const char *end,
+                  const char **endPtr) {
+   enum XML_Error result = doContent(
+-      parser, 0, parser->m_encoding, start, end, endPtr,
+-      (XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_ACCOUNT_DIRECT);
++      parser, parser->m_parentParser ? 1 : 0, parser->m_encoding, start, end,
++      endPtr, (XML_Bool)! parser->m_parsingStatus.finalBuffer,
++      XML_ACCOUNT_DIRECT);
+   if (result == XML_ERROR_NONE) {
+     if (! storeRawNames(parser))
+       return XML_ERROR_NO_MEMORY;
+@@ -2793,6 +2900,11 @@ externalEntityInitProcessor3(XML_Parser parser, const char *start,
+       return XML_ERROR_NONE;
+     case XML_FINISHED:
+       return XML_ERROR_ABORTED;
++    case XML_PARSING:
++      if (parser->m_reenter) {
++        return XML_ERROR_UNEXPECTED_STATE; // LCOV_EXCL_LINE
++      }
++      /* Fall through */
+     default:
+       start = next;
+     }
+@@ -2966,7 +3078,7 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
+             reportDefault(parser, enc, s, next);
+           break;
+         }
+-        result = processInternalEntity(parser, entity, XML_FALSE);
++        result = processEntity(parser, entity, XML_FALSE, ENTITY_INTERNAL);
+         if (result != XML_ERROR_NONE)
+           return result;
+       } else if (parser->m_externalEntityRefHandler) {
+@@ -3092,7 +3204,9 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
+     }
+       if ((parser->m_tagLevel == 0)
+           && (parser->m_parsingStatus.parsing != XML_FINISHED)) {
+-        if (parser->m_parsingStatus.parsing == XML_SUSPENDED)
++        if (parser->m_parsingStatus.parsing == XML_SUSPENDED
++            || (parser->m_parsingStatus.parsing == XML_PARSING
++                && parser->m_reenter))
+           parser->m_processor = epilogProcessor;
+         else
+           return epilogProcessor(parser, next, end, nextPtr);
+@@ -3153,7 +3267,9 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
+         }
+         if ((parser->m_tagLevel == 0)
+             && (parser->m_parsingStatus.parsing != XML_FINISHED)) {
+-          if (parser->m_parsingStatus.parsing == XML_SUSPENDED)
++          if (parser->m_parsingStatus.parsing == XML_SUSPENDED
++              || (parser->m_parsingStatus.parsing == XML_PARSING
++                  && parser->m_reenter))
+             parser->m_processor = epilogProcessor;
+           else
+             return epilogProcessor(parser, next, end, nextPtr);
+@@ -3293,6 +3409,12 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
+       return XML_ERROR_NONE;
+     case XML_FINISHED:
+       return XML_ERROR_ABORTED;
++    case XML_PARSING:
++      if (parser->m_reenter) {
++        *nextPtr = next;
++        return XML_ERROR_NONE;
++      }
++      /* Fall through */
+     default:;
+     }
+   }
+@@ -4217,6 +4339,11 @@ doCdataSection(XML_Parser parser, const ENCODING *enc, const char **startPtr,
+       return XML_ERROR_NONE;
+     case XML_FINISHED:
+       return XML_ERROR_ABORTED;
++    case XML_PARSING:
++      if (parser->m_reenter) {
++        return XML_ERROR_UNEXPECTED_STATE; // LCOV_EXCL_LINE
++      }
++      /* Fall through */
+     default:;
+     }
+   }
+@@ -4549,7 +4676,7 @@ entityValueInitProcessor(XML_Parser parser, const char *s, const char *end,
+       }
+       /* found end of entity value - can store it now */
+       return storeEntityValue(parser, parser->m_encoding, s, end,
+-                              XML_ACCOUNT_DIRECT);
++                              XML_ACCOUNT_DIRECT, NULL);
+     } else if (tok == XML_TOK_XML_DECL) {
+       enum XML_Error result;
+       result = processXmlDecl(parser, 0, start, next);
+@@ -4676,7 +4803,7 @@ entityValueProcessor(XML_Parser parser, const char *s, const char *end,
+         break;
+       }
+       /* found end of entity value - can store it now */
+-      return storeEntityValue(parser, enc, s, end, XML_ACCOUNT_DIRECT);
++      return storeEntityValue(parser, enc, s, end, XML_ACCOUNT_DIRECT, NULL);
+     }
+     start = next;
+   }
+@@ -5119,9 +5246,9 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
+ #if XML_GE == 1
+         // This will store the given replacement text in
+         // parser->m_declEntity->textPtr.
+-        enum XML_Error result
+-            = storeEntityValue(parser, enc, s + enc->minBytesPerChar,
+-                               next - enc->minBytesPerChar, XML_ACCOUNT_NONE);
++        enum XML_Error result = callStoreEntityValue(
++            parser, enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar,
++            XML_ACCOUNT_NONE);
+         if (parser->m_declEntity) {
+           parser->m_declEntity->textPtr = poolStart(&dtd->entityValuePool);
+           parser->m_declEntity->textLen
+@@ -5546,7 +5673,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
+           enum XML_Error result;
+           XML_Bool betweenDecl
+               = (role == XML_ROLE_PARAM_ENTITY_REF ? XML_TRUE : XML_FALSE);
+-          result = processInternalEntity(parser, entity, betweenDecl);
++          result = processEntity(parser, entity, betweenDecl, ENTITY_INTERNAL);
+           if (result != XML_ERROR_NONE)
+             return result;
+           handleDefault = XML_FALSE;
+@@ -5751,6 +5878,12 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
+       return XML_ERROR_NONE;
+     case XML_FINISHED:
+       return XML_ERROR_ABORTED;
++    case XML_PARSING:
++      if (parser->m_reenter) {
++        *nextPtr = next;
++        return XML_ERROR_NONE;
++      }
++    /* Fall through */
+     default:
+       s = next;
+       tok = XmlPrologTok(enc, s, end, &next);
+@@ -5825,21 +5958,49 @@ epilogProcessor(XML_Parser parser, const char *s, const char *end,
+       return XML_ERROR_NONE;
+     case XML_FINISHED:
+       return XML_ERROR_ABORTED;
++    case XML_PARSING:
++      if (parser->m_reenter) {
++        return XML_ERROR_UNEXPECTED_STATE; // LCOV_EXCL_LINE
++      }
++    /* Fall through */
+     default:;
+     }
+   }
+ }
+ 
+ static enum XML_Error
+-processInternalEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl) {
+-  const char *textStart, *textEnd;
+-  const char *next;
+-  enum XML_Error result;
+-  OPEN_INTERNAL_ENTITY *openEntity;
++processEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl,
++              enum EntityType type) {
++  OPEN_INTERNAL_ENTITY *openEntity, **openEntityList, **freeEntityList;
++  switch (type) {
++  case ENTITY_INTERNAL:
++    parser->m_processor = internalEntityProcessor;
++    openEntityList = &parser->m_openInternalEntities;
++    freeEntityList = &parser->m_freeInternalEntities;
++    break;
++  case ENTITY_ATTRIBUTE:
++    openEntityList = &parser->m_openAttributeEntities;
++    freeEntityList = &parser->m_freeAttributeEntities;
++    break;
++  case ENTITY_VALUE:
++    openEntityList = &parser->m_openValueEntities;
++    freeEntityList = &parser->m_freeValueEntities;
++    break;
++    /* default case serves merely as a safety net in case of a
++     * wrong entityType. Therefore we exclude the following lines
++     * from the test coverage.
++     *
++     * LCOV_EXCL_START
++     */
++  default:
++    // Should not reach here
++    assert(0);
++    /* LCOV_EXCL_STOP */
++  }
+ 
+-  if (parser->m_freeInternalEntities) {
+-    openEntity = parser->m_freeInternalEntities;
+-    parser->m_freeInternalEntities = openEntity->next;
++  if (*freeEntityList) {
++    openEntity = *freeEntityList;
++    *freeEntityList = openEntity->next;
+   } else {
+     openEntity
+         = (OPEN_INTERNAL_ENTITY *)MALLOC(parser, sizeof(OPEN_INTERNAL_ENTITY));
+@@ -5847,55 +6008,34 @@ processInternalEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl) {
+       return XML_ERROR_NO_MEMORY;
+   }
+   entity->open = XML_TRUE;
++  entity->hasMore = XML_TRUE;
+ #if XML_GE == 1
+   entityTrackingOnOpen(parser, entity, __LINE__);
+ #endif
+   entity->processed = 0;
+-  openEntity->next = parser->m_openInternalEntities;
+-  parser->m_openInternalEntities = openEntity;
++  openEntity->next = *openEntityList;
++  *openEntityList = openEntity;
+   openEntity->entity = entity;
++  openEntity->type = type;
+   openEntity->startTagLevel = parser->m_tagLevel;
+   openEntity->betweenDecl = betweenDecl;
+   openEntity->internalEventPtr = NULL;
+   openEntity->internalEventEndPtr = NULL;
+-  textStart = (const char *)entity->textPtr;
+-  textEnd = (const char *)(entity->textPtr + entity->textLen);
+-  /* Set a safe default value in case 'next' does not get set */
+-  next = textStart;
+-
+-  if (entity->is_param) {
+-    int tok
+-        = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
+-    result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd,
+-                      tok, next, &next, XML_FALSE, XML_FALSE,
+-                      XML_ACCOUNT_ENTITY_EXPANSION);
+-  } else {
+-    result = doContent(parser, parser->m_tagLevel, parser->m_internalEncoding,
+-                       textStart, textEnd, &next, XML_FALSE,
+-                       XML_ACCOUNT_ENTITY_EXPANSION);
+-  }
+ 
+-  if (result == XML_ERROR_NONE) {
+-    if (textEnd != next && parser->m_parsingStatus.parsing == XML_SUSPENDED) {
+-      entity->processed = (int)(next - textStart);
+-      parser->m_processor = internalEntityProcessor;
+-    } else if (parser->m_openInternalEntities->entity == entity) {
+-#if XML_GE == 1
+-      entityTrackingOnClose(parser, entity, __LINE__);
+-#endif /* XML_GE == 1 */
+-      entity->open = XML_FALSE;
+-      parser->m_openInternalEntities = openEntity->next;
+-      /* put openEntity back in list of free instances */
+-      openEntity->next = parser->m_freeInternalEntities;
+-      parser->m_freeInternalEntities = openEntity;
+-    }
++  // Only internal entities make use of the reenter flag
++  // therefore no need to set it for other entity types
++  if (type == ENTITY_INTERNAL) {
++    triggerReenter(parser);
+   }
+-  return result;
++  return XML_ERROR_NONE;
+ }
+ 
+ static enum XML_Error PTRCALL
+ internalEntityProcessor(XML_Parser parser, const char *s, const char *end,
+                         const char **nextPtr) {
++  UNUSED_P(s);
++  UNUSED_P(end);
++  UNUSED_P(nextPtr);
+   ENTITY *entity;
+   const char *textStart, *textEnd;
+   const char *next;
+@@ -5905,68 +6045,67 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end,
+     return XML_ERROR_UNEXPECTED_STATE;
+ 
+   entity = openEntity->entity;
+-  textStart = ((const char *)entity->textPtr) + entity->processed;
+-  textEnd = (const char *)(entity->textPtr + entity->textLen);
+-  /* Set a safe default value in case 'next' does not get set */
+-  next = textStart;
+-
+-  if (entity->is_param) {
+-    int tok
+-        = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
+-    result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd,
+-                      tok, next, &next, XML_FALSE, XML_TRUE,
+-                      XML_ACCOUNT_ENTITY_EXPANSION);
+-  } else {
+-    result = doContent(parser, openEntity->startTagLevel,
+-                       parser->m_internalEncoding, textStart, textEnd, &next,
+-                       XML_FALSE, XML_ACCOUNT_ENTITY_EXPANSION);
+-  }
+ 
+-  if (result != XML_ERROR_NONE)
+-    return result;
++  // This will return early
++  if (entity->hasMore) {
++    textStart = ((const char *)entity->textPtr) + entity->processed;
++    textEnd = (const char *)(entity->textPtr + entity->textLen);
++    /* Set a safe default value in case 'next' does not get set */
++    next = textStart;
++
++    if (entity->is_param) {
++      int tok
++          = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
++      result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd,
++                        tok, next, &next, XML_FALSE, XML_FALSE,
++                        XML_ACCOUNT_ENTITY_EXPANSION);
++    } else {
++      result = doContent(parser, openEntity->startTagLevel,
++                         parser->m_internalEncoding, textStart, textEnd, &next,
++                         XML_FALSE, XML_ACCOUNT_ENTITY_EXPANSION);
++    }
++
++    if (result != XML_ERROR_NONE)
++      return result;
++    // Check if entity is complete, if not, mark down how much of it is
++    // processed
++    if (textEnd != next
++        && (parser->m_parsingStatus.parsing == XML_SUSPENDED
++            || (parser->m_parsingStatus.parsing == XML_PARSING
++                && parser->m_reenter))) {
++      entity->processed = (int)(next - (const char *)entity->textPtr);
++      return result;
++    }
+ 
+-  if (textEnd != next && parser->m_parsingStatus.parsing == XML_SUSPENDED) {
+-    entity->processed = (int)(next - (const char *)entity->textPtr);
++    // Entity is complete. We cannot close it here since we need to first
++    // process its possible inner entities (which are added to the
++    // m_openInternalEntities during doProlog or doContent calls above)
++    entity->hasMore = XML_FALSE;
++    triggerReenter(parser);
+     return result;
+-  }
++  } // End of entity processing, "if" block will return here
+ 
++  // Remove fully processed openEntity from open entity list.
+ #if XML_GE == 1
+   entityTrackingOnClose(parser, entity, __LINE__);
+ #endif
++  // openEntity is m_openInternalEntities' head, as we set it at the start of
++  // this function and we skipped doProlog and doContent calls with hasMore set
++  // to false. This means we can directly remove the head of
++  // m_openInternalEntities
++  assert(parser->m_openInternalEntities == openEntity);
+   entity->open = XML_FALSE;
+-  parser->m_openInternalEntities = openEntity->next;
++  parser->m_openInternalEntities = parser->m_openInternalEntities->next;
++
+   /* put openEntity back in list of free instances */
+   openEntity->next = parser->m_freeInternalEntities;
+   parser->m_freeInternalEntities = openEntity;
+ 
+-  // If there are more open entities we want to stop right here and have the
+-  // upcoming call to XML_ResumeParser continue with entity content, or it would
+-  // be ignored altogether.
+-  if (parser->m_openInternalEntities != NULL
+-      && parser->m_parsingStatus.parsing == XML_SUSPENDED) {
+-    return XML_ERROR_NONE;
+-  }
+-
+-  if (entity->is_param) {
+-    int tok;
+-    parser->m_processor = prologProcessor;
+-    tok = XmlPrologTok(parser->m_encoding, s, end, &next);
+-    return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr,
+-                    (XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_TRUE,
+-                    XML_ACCOUNT_DIRECT);
+-  } else {
+-    parser->m_processor = contentProcessor;
+-    /* see externalEntityContentProcessor vs contentProcessor */
+-    result = doContent(parser, parser->m_parentParser ? 1 : 0,
+-                       parser->m_encoding, s, end, nextPtr,
+-                       (XML_Bool)! parser->m_parsingStatus.finalBuffer,
+-                       XML_ACCOUNT_DIRECT);
+-    if (result == XML_ERROR_NONE) {
+-      if (! storeRawNames(parser))
+-        return XML_ERROR_NO_MEMORY;
+-    }
+-    return result;
++  if (parser->m_openInternalEntities == NULL) {
++    parser->m_processor = entity->is_param ? prologProcessor : contentProcessor;
+   }
++  triggerReenter(parser);
++  return XML_ERROR_NONE;
+ }
+ 
+ static enum XML_Error PTRCALL
+@@ -5982,8 +6121,70 @@ static enum XML_Error
+ storeAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
+                     const char *ptr, const char *end, STRING_POOL *pool,
+                     enum XML_Account account) {
+-  enum XML_Error result
+-      = appendAttributeValue(parser, enc, isCdata, ptr, end, pool, account);
++  const char *next = ptr;
++  enum XML_Error result = XML_ERROR_NONE;
++
++  while (1) {
++    if (! parser->m_openAttributeEntities) {
++      result = appendAttributeValue(parser, enc, isCdata, next, end, pool,
++                                    account, &next);
++    } else {
++      OPEN_INTERNAL_ENTITY *const openEntity = parser->m_openAttributeEntities;
++      if (! openEntity)
++        return XML_ERROR_UNEXPECTED_STATE;
++
++      ENTITY *const entity = openEntity->entity;
++      const char *const textStart
++          = ((const char *)entity->textPtr) + entity->processed;
++      const char *const textEnd
++          = (const char *)(entity->textPtr + entity->textLen);
++      /* Set a safe default value in case 'next' does not get set */
++      const char *nextInEntity = textStart;
++      if (entity->hasMore) {
++        result = appendAttributeValue(
++            parser, parser->m_internalEncoding, isCdata, textStart, textEnd,
++            pool, XML_ACCOUNT_ENTITY_EXPANSION, &nextInEntity);
++        if (result != XML_ERROR_NONE)
++          break;
++        // Check if entity is complete, if not, mark down how much of it is
++        // processed. A XML_SUSPENDED check here is not required as
++        // appendAttributeValue will never suspend the parser.
++        if (textEnd != nextInEntity) {
++          entity->processed
++              = (int)(nextInEntity - (const char *)entity->textPtr);
++          continue;
++        }
++
++        // Entity is complete. We cannot close it here since we need to first
++        // process its possible inner entities (which are added to the
++        // m_openAttributeEntities during appendAttributeValue)
++        entity->hasMore = XML_FALSE;
++        continue;
++      } // End of entity processing, "if" block skips the rest
++
++      // Remove fully processed openEntity from open entity list.
++#if XML_GE == 1
++      entityTrackingOnClose(parser, entity, __LINE__);
++#endif
++      // openEntity is m_openAttributeEntities' head, since we set it at the
++      // start of this function and because we skipped appendAttributeValue call
++      // with hasMore set to false. This means we can directly remove the head
++      // of m_openAttributeEntities
++      assert(parser->m_openAttributeEntities == openEntity);
++      entity->open = XML_FALSE;
++      parser->m_openAttributeEntities = parser->m_openAttributeEntities->next;
++
++      /* put openEntity back in list of free instances */
++      openEntity->next = parser->m_freeAttributeEntities;
++      parser->m_freeAttributeEntities = openEntity;
++    }
++
++    // Break if an error occurred or there is nothing left to process
++    if (result || (parser->m_openAttributeEntities == NULL && end == next)) {
++      break;
++    }
++  }
++
+   if (result)
+     return result;
+   if (! isCdata && poolLength(pool) && poolLastChar(pool) == 0x20)
+@@ -5996,7 +6197,7 @@ storeAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
+ static enum XML_Error
+ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
+                      const char *ptr, const char *end, STRING_POOL *pool,
+-                     enum XML_Account account) {
++                     enum XML_Account account, const char **nextPtr) {
+   DTD *const dtd = parser->m_dtd; /* save one level of indirection */
+ #ifndef XML_DTD
+   UNUSED_P(account);
+@@ -6014,6 +6215,9 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
+ #endif
+     switch (tok) {
+     case XML_TOK_NONE:
++      if (nextPtr) {
++        *nextPtr = next;
++      }
+       return XML_ERROR_NONE;
+     case XML_TOK_INVALID:
+       if (enc == parser->m_encoding)
+@@ -6154,21 +6358,11 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
+         return XML_ERROR_ATTRIBUTE_EXTERNAL_ENTITY_REF;
+       } else {
+         enum XML_Error result;
+-        const XML_Char *textEnd = entity->textPtr + entity->textLen;
+-        entity->open = XML_TRUE;
+-#if XML_GE == 1
+-        entityTrackingOnOpen(parser, entity, __LINE__);
+-#endif
+-        result = appendAttributeValue(parser, parser->m_internalEncoding,
+-                                      isCdata, (const char *)entity->textPtr,
+-                                      (const char *)textEnd, pool,
+-                                      XML_ACCOUNT_ENTITY_EXPANSION);
+-#if XML_GE == 1
+-        entityTrackingOnClose(parser, entity, __LINE__);
+-#endif
+-        entity->open = XML_FALSE;
+-        if (result)
+-          return result;
++        result = processEntity(parser, entity, XML_FALSE, ENTITY_ATTRIBUTE);
++        if ((result == XML_ERROR_NONE) && (nextPtr != NULL)) {
++          *nextPtr = next;
++        }
++        return result;
+       }
+     } break;
+     default:
+@@ -6197,7 +6391,7 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
+ static enum XML_Error
+ storeEntityValue(XML_Parser parser, const ENCODING *enc,
+                  const char *entityTextPtr, const char *entityTextEnd,
+-                 enum XML_Account account) {
++                 enum XML_Account account, const char **nextPtr) {
+   DTD *const dtd = parser->m_dtd; /* save one level of indirection */
+   STRING_POOL *pool = &(dtd->entityValuePool);
+   enum XML_Error result = XML_ERROR_NONE;
+@@ -6215,8 +6409,9 @@ storeEntityValue(XML_Parser parser, const ENCODING *enc,
+       return XML_ERROR_NO_MEMORY;
+   }
+ 
++  const char *next;
+   for (;;) {
+-    const char *next
++    next
+         = entityTextPtr; /* XmlEntityValueTok doesn't always set the last arg */
+     int tok = XmlEntityValueTok(enc, entityTextPtr, entityTextEnd, &next);
+ 
+@@ -6278,16 +6473,8 @@ storeEntityValue(XML_Parser parser, const ENCODING *enc,
+           } else
+             dtd->keepProcessing = dtd->standalone;
+         } else {
+-          entity->open = XML_TRUE;
+-          entityTrackingOnOpen(parser, entity, __LINE__);
+-          result = storeEntityValue(
+-              parser, parser->m_internalEncoding, (const char *)entity->textPtr,
+-              (const char *)(entity->textPtr + entity->textLen),
+-              XML_ACCOUNT_ENTITY_EXPANSION);
+-          entityTrackingOnClose(parser, entity, __LINE__);
+-          entity->open = XML_FALSE;
+-          if (result)
+-            goto endEntityValue;
++          result = processEntity(parser, entity, XML_FALSE, ENTITY_VALUE);
++          goto endEntityValue;
+         }
+         break;
+       }
+@@ -6375,6 +6562,81 @@ endEntityValue:
+ #  ifdef XML_DTD
+   parser->m_prologState.inEntityValue = oldInEntityValue;
+ #  endif /* XML_DTD */
++  // If 'nextPtr' is given, it should be updated during the processing
++  if (nextPtr != NULL) {
++    *nextPtr = next;
++  }
++  return result;
++}
++
++static enum XML_Error
++callStoreEntityValue(XML_Parser parser, const ENCODING *enc,
++                     const char *entityTextPtr, const char *entityTextEnd,
++                     enum XML_Account account) {
++  const char *next = entityTextPtr;
++  enum XML_Error result = XML_ERROR_NONE;
++  while (1) {
++    if (! parser->m_openValueEntities) {
++      result
++          = storeEntityValue(parser, enc, next, entityTextEnd, account, &next);
++    } else {
++      OPEN_INTERNAL_ENTITY *const openEntity = parser->m_openValueEntities;
++      if (! openEntity)
++        return XML_ERROR_UNEXPECTED_STATE;
++
++      ENTITY *const entity = openEntity->entity;
++      const char *const textStart
++          = ((const char *)entity->textPtr) + entity->processed;
++      const char *const textEnd
++          = (const char *)(entity->textPtr + entity->textLen);
++      /* Set a safe default value in case 'next' does not get set */
++      const char *nextInEntity = textStart;
++      if (entity->hasMore) {
++        result = storeEntityValue(parser, parser->m_internalEncoding, textStart,
++                                  textEnd, XML_ACCOUNT_ENTITY_EXPANSION,
++                                  &nextInEntity);
++        if (result != XML_ERROR_NONE)
++          break;
++        // Check if entity is complete, if not, mark down how much of it is
++        // processed. A XML_SUSPENDED check here is not required as
++        // appendAttributeValue will never suspend the parser.
++        if (textEnd != nextInEntity) {
++          entity->processed
++              = (int)(nextInEntity - (const char *)entity->textPtr);
++          continue;
++        }
++
++        // Entity is complete. We cannot close it here since we need to first
++        // process its possible inner entities (which are added to the
++        // m_openValueEntities during storeEntityValue)
++        entity->hasMore = XML_FALSE;
++        continue;
++      } // End of entity processing, "if" block skips the rest
++
++      // Remove fully processed openEntity from open entity list.
++#  if XML_GE == 1
++      entityTrackingOnClose(parser, entity, __LINE__);
++#  endif
++      // openEntity is m_openValueEntities' head, since we set it at the
++      // start of this function and because we skipped storeEntityValue call
++      // with hasMore set to false. This means we can directly remove the head
++      // of m_openValueEntities
++      assert(parser->m_openValueEntities == openEntity);
++      entity->open = XML_FALSE;
++      parser->m_openValueEntities = parser->m_openValueEntities->next;
++
++      /* put openEntity back in list of free instances */
++      openEntity->next = parser->m_freeValueEntities;
++      parser->m_freeValueEntities = openEntity;
++    }
++
++    // Break if an error occurred or there is nothing left to process
++    if (result
++        || (parser->m_openValueEntities == NULL && entityTextEnd == next)) {
++      break;
++    }
++  }
++
+   return result;
+ }
+ 
+diff --git a/tests/alloc_tests.c b/tests/alloc_tests.c
+index e5d46eb..12ea3b2 100644
+--- a/tests/alloc_tests.c
++++ b/tests/alloc_tests.c
+@@ -19,6 +19,7 @@
+    Copyright (c) 2020      Tim Gates 
+    Copyright (c) 2021      Donghee Na 
+    Copyright (c) 2023      Sony Corporation / Snild Dolkow 
++   Copyright (c) 2025      Berkay Eren Ürün 
+    Licensed under the MIT license:
+ 
+    Permission is  hereby granted,  free of charge,  to any  person obtaining
+@@ -450,6 +451,31 @@ START_TEST(test_alloc_internal_entity) {
+ }
+ END_TEST
+ 
++START_TEST(test_alloc_parameter_entity) {
++  const char *text = "\">"
++                     "%param1;"
++                     "]> &internal;content";
++  int i;
++  const int alloc_test_max_repeats = 30;
++
++  for (i = 0; i < alloc_test_max_repeats; i++) {
++    g_allocation_count = i;
++    XML_SetParamEntityParsing(g_parser, XML_PARAM_ENTITY_PARSING_ALWAYS);
++    if (_XML_Parse_SINGLE_BYTES(g_parser, text, (int)strlen(text), XML_TRUE)
++        != XML_STATUS_ERROR)
++      break;
++    alloc_teardown();
++    alloc_setup();
++  }
++  g_allocation_count = -1;
++  if (i == 0)
++    fail("Parameter entity processed despite duff allocator");
++  if (i == alloc_test_max_repeats)
++    fail("Parameter entity not processed at max allocation count");
++}
++END_TEST
++
+ /* Test the robustness against allocation failure of element handling
+  * Based on test_dtd_default_handling().
+  */
+@@ -2079,6 +2105,7 @@ make_alloc_test_case(Suite *s) {
+   tcase_add_test__ifdef_xml_dtd(tc_alloc, test_alloc_external_entity);
+   tcase_add_test__ifdef_xml_dtd(tc_alloc, test_alloc_ext_entity_set_encoding);
+   tcase_add_test__ifdef_xml_dtd(tc_alloc, test_alloc_internal_entity);
++  tcase_add_test__ifdef_xml_dtd(tc_alloc, test_alloc_parameter_entity);
+   tcase_add_test__ifdef_xml_dtd(tc_alloc, test_alloc_dtd_default_handling);
+   tcase_add_test(tc_alloc, test_alloc_explicit_encoding);
+   tcase_add_test(tc_alloc, test_alloc_set_base);
+diff --git a/tests/basic_tests.c b/tests/basic_tests.c
+index d38b8fd..f0025fc 100644
+--- a/tests/basic_tests.c
++++ b/tests/basic_tests.c
+@@ -10,7 +10,7 @@
+    Copyright (c) 2003      Greg Stein 
+    Copyright (c) 2005-2007 Steven Solie 
+    Copyright (c) 2005-2012 Karl Waclawek 
+-   Copyright (c) 2016-2024 Sebastian Pipping 
++   Copyright (c) 2016-2025 Sebastian Pipping 
+    Copyright (c) 2017-2022 Rhodri James 
+    Copyright (c) 2017      Joe Orton 
+    Copyright (c) 2017      José Gutiérrez de la Concha 
+@@ -19,6 +19,7 @@
+    Copyright (c) 2020      Tim Gates 
+    Copyright (c) 2021      Donghee Na 
+    Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow 
++   Copyright (c) 2024-2025 Berkay Eren Ürün 
+    Licensed under the MIT license:
+ 
+    Permission is  hereby granted,  free of charge,  to any  person obtaining
+@@ -3960,7 +3961,7 @@ START_TEST(test_skipped_null_loaded_ext_entity) {
+       = {"\n"
+          "\n"
+          "%pe2;\n",
+-         external_entity_null_loader};
++         external_entity_null_loader, NULL};
+ 
+   XML_SetUserData(g_parser, &test_data);
+   XML_SetParamEntityParsing(g_parser, XML_PARAM_ENTITY_PARSING_ALWAYS);
+@@ -3978,7 +3979,7 @@ START_TEST(test_skipped_unloaded_ext_entity) {
+       = {"\n"
+          "\n"
+          "%pe2;\n",
+-         NULL};
++         NULL, NULL};
+ 
+   XML_SetUserData(g_parser, &test_data);
+   XML_SetParamEntityParsing(g_parser, XML_PARAM_ENTITY_PARSING_ALWAYS);
+@@ -5278,6 +5279,151 @@ START_TEST(test_pool_integrity_with_unfinished_attr) {
+ }
+ END_TEST
+ 
++/* Test a possible early return location in internalEntityProcessor */
++START_TEST(test_entity_ref_no_elements) {
++  const char *const text = "\n"
++                           "]> &e1;"; // intentionally missing newline
++
++  XML_Parser parser = XML_ParserCreate(NULL);
++  assert_true(_XML_Parse_SINGLE_BYTES(parser, text, (int)strlen(text), XML_TRUE)
++              == XML_STATUS_ERROR);
++  assert_true(XML_GetErrorCode(parser) == XML_ERROR_NO_ELEMENTS);
++  XML_ParserFree(parser);
++}
++END_TEST
++
++/* Tests if chained entity references lead to unbounded recursion */
++START_TEST(test_deep_nested_entity) {
++  const size_t N_LINES = 60000;
++  const size_t SIZE_PER_LINE = 50;
++
++  char *const text = (char *)malloc((N_LINES + 4) * SIZE_PER_LINE);
++  if (text == NULL) {
++    fail("malloc failed");
++  }
++
++  char *textPtr = text;
++
++  // Create the XML
++  textPtr += snprintf(textPtr, SIZE_PER_LINE,
++                      "\n");
++
++  for (size_t i = 1; i < N_LINES; ++i) {
++    textPtr += snprintf(textPtr, SIZE_PER_LINE, "  \n",
++                        (long unsigned)i, (long unsigned)(i - 1));
++  }
++
++  snprintf(textPtr, SIZE_PER_LINE, "]> &s%lu;\n",
++           (long unsigned)(N_LINES - 1));
++
++  const XML_Char *const expected = XCS("deepText");
++
++  CharData storage;
++  CharData_Init(&storage);
++
++  XML_Parser parser = XML_ParserCreate(NULL);
++
++  XML_SetCharacterDataHandler(parser, accumulate_characters);
++  XML_SetUserData(parser, &storage);
++
++  if (_XML_Parse_SINGLE_BYTES(parser, text, (int)strlen(text), XML_TRUE)
++      == XML_STATUS_ERROR)
++    xml_failure(parser);
++
++  CharData_CheckXMLChars(&storage, expected);
++  XML_ParserFree(parser);
++  free(text);
++}
++END_TEST
++
++/* Tests if chained entity references in attributes
++lead to unbounded recursion */
++START_TEST(test_deep_nested_attribute_entity) {
++  const size_t N_LINES = 60000;
++  const size_t SIZE_PER_LINE = 100;
++
++  char *const text = (char *)malloc((N_LINES + 4) * SIZE_PER_LINE);
++  if (text == NULL) {
++    fail("malloc failed");
++  }
++
++  char *textPtr = text;
++
++  // Create the XML
++  textPtr += snprintf(textPtr, SIZE_PER_LINE,
++                      "\n");
++
++  for (size_t i = 1; i < N_LINES; ++i) {
++    textPtr += snprintf(textPtr, SIZE_PER_LINE, "  \n",
++                        (long unsigned)i, (long unsigned)(i - 1));
++  }
++
++  snprintf(textPtr, SIZE_PER_LINE, "]> mainText\n",
++           (long unsigned)(N_LINES - 1));
++
++  AttrInfo doc_info[] = {{XCS("name"), XCS("deepText")}, {NULL, NULL}};
++  ElementInfo info[] = {{XCS("foo"), 1, NULL, NULL}, {NULL, 0, NULL, NULL}};
++  info[0].attributes = doc_info;
++
++  XML_Parser parser = XML_ParserCreate(NULL);
++  ParserAndElementInfo parserPlusElemenInfo = {parser, info};
++
++  XML_SetStartElementHandler(parser, counting_start_element_handler);
++  XML_SetUserData(parser, &parserPlusElemenInfo);
++
++  if (_XML_Parse_SINGLE_BYTES(parser, text, (int)strlen(text), XML_TRUE)
++      == XML_STATUS_ERROR)
++    xml_failure(parser);
++
++  XML_ParserFree(parser);
++  free(text);
++}
++END_TEST
++
++START_TEST(test_deep_nested_entity_delayed_interpretation) {
++  const size_t N_LINES = 70000;
++  const size_t SIZE_PER_LINE = 100;
++
++  char *const text = (char *)malloc((N_LINES + 4) * SIZE_PER_LINE);
++  if (text == NULL) {
++    fail("malloc failed");
++  }
++
++  char *textPtr = text;
++
++  // Create the XML
++  textPtr += snprintf(textPtr, SIZE_PER_LINE,
++                      "\n");
++
++  for (size_t i = 1; i < N_LINES; ++i) {
++    textPtr += snprintf(textPtr, SIZE_PER_LINE,
++                        "  \n", (long unsigned)i,
++                        (long unsigned)(i - 1));
++  }
++
++  snprintf(textPtr, SIZE_PER_LINE,
++           "  \">\n"
++           "  %%define_g;\n"
++           "]>\n"
++           "\n",
++           (long unsigned)(N_LINES - 1));
++
++  XML_Parser parser = XML_ParserCreate(NULL);
++
++  XML_SetParamEntityParsing(parser, XML_PARAM_ENTITY_PARSING_ALWAYS);
++  if (_XML_Parse_SINGLE_BYTES(parser, text, (int)strlen(text), XML_TRUE)
++      == XML_STATUS_ERROR)
++    xml_failure(parser);
++
++  XML_ParserFree(parser);
++  free(text);
++}
++END_TEST
++
+ START_TEST(test_nested_entity_suspend) {
+   const char *const text = "'>\n"
+@@ -5308,6 +5454,35 @@ START_TEST(test_nested_entity_suspend) {
+ }
+ END_TEST
+ 
++START_TEST(test_nested_entity_suspend_2) {
++  const char *const text = "\n"
++                           "  \n"
++                           "  \n"
++                           "]>\n"
++                           "&ge3;";
++  const XML_Char *const expected = XCS("head3") XCS("head2") XCS("head1")
++      XCS("Z") XCS("tail1") XCS("tail2") XCS("tail3");
++  CharData storage;
++  CharData_Init(&storage);
++  XML_Parser parser = XML_ParserCreate(NULL);
++  ParserPlusStorage parserPlusStorage = {parser, &storage};
++
++  XML_SetCharacterDataHandler(parser, accumulate_char_data_and_suspend);
++  XML_SetUserData(parser, &parserPlusStorage);
++
++  enum XML_Status status = XML_Parse(parser, text, (int)strlen(text), XML_TRUE);
++  while (status == XML_STATUS_SUSPENDED) {
++    status = XML_ResumeParser(parser);
++  }
++  if (status != XML_STATUS_OK)
++    xml_failure(parser);
++
++  CharData_CheckXMLChars(&storage, expected);
++  XML_ParserFree(parser);
++}
++END_TEST
++
+ /* Regression test for quadratic parsing on large tokens */
+ START_TEST(test_big_tokens_scale_linearly) {
+   const struct {
+@@ -6147,7 +6322,13 @@ make_basic_test_case(Suite *s) {
+   tcase_add_test(tc_basic, test_empty_element_abort);
+   tcase_add_test__ifdef_xml_dtd(tc_basic,
+                                 test_pool_integrity_with_unfinished_attr);
++  tcase_add_test__if_xml_ge(tc_basic, test_entity_ref_no_elements);
++  tcase_add_test__if_xml_ge(tc_basic, test_deep_nested_entity);
++  tcase_add_test__if_xml_ge(tc_basic, test_deep_nested_attribute_entity);
++  tcase_add_test__if_xml_ge(tc_basic,
++                            test_deep_nested_entity_delayed_interpretation);
+   tcase_add_test__if_xml_ge(tc_basic, test_nested_entity_suspend);
++  tcase_add_test__if_xml_ge(tc_basic, test_nested_entity_suspend_2);
+   tcase_add_test(tc_basic, test_big_tokens_scale_linearly);
+   tcase_add_test(tc_basic, test_set_reparse_deferral);
+   tcase_add_test(tc_basic, test_reparse_deferral_is_inherited);
+diff --git a/tests/handlers.c b/tests/handlers.c
+index 0211985..bdb5b0e 100644
+--- a/tests/handlers.c
++++ b/tests/handlers.c
+@@ -1882,6 +1882,21 @@ accumulate_entity_decl(void *userData, const XML_Char *entityName,
+   CharData_AppendXMLChars(storage, XCS("\n"), 1);
+ }
+ 
++ 
++void XMLCALL
++accumulate_char_data_and_suspend(void *userData, const XML_Char *s, int len) {
++  ParserPlusStorage *const parserPlusStorage = (ParserPlusStorage *)userData;
++
++  CharData_AppendXMLChars(parserPlusStorage->storage, s, len);
++
++  for (int i = 0; i < len; i++) {
++    if (s[i] == 'Z') {
++      XML_StopParser(parserPlusStorage->parser, /*resumable=*/XML_TRUE);
++      break;
++    }
++  }
++}
++
+ void XMLCALL
+ accumulate_start_element(void *userData, const XML_Char *name,
+                          const XML_Char **atts) {
+diff --git a/tests/handlers.h b/tests/handlers.h
+index 8850bb9..4d6a08d 100644
+--- a/tests/handlers.h
++++ b/tests/handlers.h
+@@ -325,6 +325,7 @@ extern int XMLCALL external_entity_devaluer(XML_Parser parser,
+ typedef struct ext_hdlr_data {
+   const char *parse_text;
+   XML_ExternalEntityRefHandler handler;
++  CharData *storage;
+ } ExtHdlrData;
+ 
+ extern int XMLCALL external_entity_oneshot_loader(XML_Parser parser,
+@@ -569,6 +570,10 @@ extern void XMLCALL accumulate_entity_decl(
+     const XML_Char *systemId, const XML_Char *publicId,
+     const XML_Char *notationName);
+ 
++extern void XMLCALL accumulate_char_data_and_suspend(void *userData,
++                                                     const XML_Char *s,
++                                                     int len);
++
+ extern void XMLCALL accumulate_start_element(void *userData,
+                                              const XML_Char *name,
+                                              const XML_Char **atts);
+diff --git a/tests/misc_tests.c b/tests/misc_tests.c
+index 9afe092..f9a78f6 100644
+--- a/tests/misc_tests.c
++++ b/tests/misc_tests.c
+@@ -59,6 +59,9 @@
+ #include "handlers.h"
+ #include "misc_tests.h"
+ 
++void XMLCALL accumulate_characters_ext_handler(void *userData,
++                                               const XML_Char *s, int len);
++
+ /* Test that a failure to allocate the parser structure fails gracefully */
+ START_TEST(test_misc_alloc_create_parser) {
+   XML_Memory_Handling_Suite memsuite = {duff_allocator, realloc, free};
+@@ -519,6 +522,45 @@ START_TEST(test_misc_stopparser_rejects_unstarted_parser) {
+ }
+ END_TEST
+ 
++/* Adaptation of accumulate_characters that takes ExtHdlrData input to work with
++ * test_renter_loop_finite_content below */
++void XMLCALL
++accumulate_characters_ext_handler(void *userData, const XML_Char *s, int len) {
++  ExtHdlrData *const test_data = (ExtHdlrData *)userData;
++  CharData_AppendXMLChars(test_data->storage, s, len);
++}
++
++/* Test that internalEntityProcessor does not re-enter forever;
++ * based on files tests/xmlconf/xmltest/valid/ext-sa/012.{xml,ent} */
++START_TEST(test_renter_loop_finite_content) {
++  CharData storage;
++  CharData_Init(&storage);
++  const char *const text = "\n"
++                           "\n"
++                           "\n"
++                           "\n"
++                           "\n"
++                           "\n"
++                           "]>\n"
++                           "&e1;\n";
++  ExtHdlrData test_data = {"&e4;\n", external_entity_null_loader, &storage};
++  const XML_Char *const expected = XCS("(e5)\n");
++
++  XML_Parser parser = XML_ParserCreate(NULL);
++  assert_true(parser != NULL);
++  XML_SetUserData(parser, &test_data);
++  XML_SetExternalEntityRefHandler(parser, external_entity_oneshot_loader);
++  XML_SetCharacterDataHandler(parser, accumulate_characters_ext_handler);
++  if (_XML_Parse_SINGLE_BYTES(parser, text, (int)strlen(text), XML_TRUE)
++      == XML_STATUS_ERROR)
++    xml_failure(parser);
++
++  CharData_CheckXMLChars(&storage, expected);
++  XML_ParserFree(parser);
++}
++END_TEST
++
+ void
+ make_miscellaneous_test_case(Suite *s) {
+   TCase *tc_misc = tcase_create("miscellaneous tests");
+@@ -545,4 +587,5 @@ make_miscellaneous_test_case(Suite *s) {
+   tcase_add_test(tc_misc, test_misc_char_handler_stop_without_leak);
+   tcase_add_test(tc_misc, test_misc_resumeparser_not_crashing);
+   tcase_add_test(tc_misc, test_misc_stopparser_rejects_unstarted_parser);
++  tcase_add_test__if_xml_ge(tc_misc, test_renter_loop_finite_content);
+ }
+-- 
+2.48.1.431.g5a526e5e18
+
diff --git a/SPECS/expat/expat.signatures.json b/SPECS/expat/expat.signatures.json
index 8464dd011d..faaee12cd6 100644
--- a/SPECS/expat/expat.signatures.json
+++ b/SPECS/expat/expat.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "expat-2.6.3.tar.bz2": "b8baef92f328eebcf731f4d18103951c61fa8c8ec21d5ff4202fb6f2198aeb2d"
+  "expat-2.6.4.tar.bz2": "8dc480b796163d4436e6f1352e71800a774f73dbae213f1860b60607d2a83ada"
  }
-}
+}
\ No newline at end of file
diff --git a/SPECS/expat/expat.spec b/SPECS/expat/expat.spec
index 5bc249efd0..a8565a98a4 100644
--- a/SPECS/expat/expat.spec
+++ b/SPECS/expat/expat.spec
@@ -1,15 +1,15 @@
 %define         underscore_version %(echo %{version} | cut -d. -f1-3 --output-delimiter="_")
 Summary:        An XML parser library
 Name:           expat
-Version:        2.6.3
-Release:        2%{?dist}
+Version:        2.6.4
+Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          System Environment/GeneralLibraries
 URL:            https://libexpat.github.io/
 Source0:        https://github.com/libexpat/libexpat/releases/download/R_%{underscore_version}/%{name}-%{version}.tar.bz2
-Patch0:         CVE-2024-50602.patch
+Patch0:         CVE-2024-8176.patch
 Requires:       %{name}-libs = %{version}-%{release}
 
 %description
@@ -67,10 +67,13 @@ rm -rf %{buildroot}/%{_docdir}/%{name}
 %{_libdir}/libexpat.so.1*
 
 %changelog
+* Thu Mar 20 2025 Kshitiz Godara  - 2.6.4-1
+- Fix CVE-2024-8176 with a patch
+
 * Wed Oct 30 2024 Sindhu Karri  - 2.6.3-2
 - Fix CVE-2024-50602 with a patch
 
-* Tue Sep 04 2024 Gary Swalling  - 2.6.3-1
+* Wed Sep 04 2024 Gary Swalling  - 2.6.3-1
 - Upgrade to 2.6.3 to fix CVE-2024-45490, CVE-2024-45491, CVE-2024-45492
 
 * Wed May 22 2024 Neha Agarwal  - 2.6.2-1
diff --git a/SPECS/expected/expected-1.1.0-version-fix.patch b/SPECS/expected/expected-1.1.0-version-fix.patch
new file mode 100644
index 0000000000..862584f1c2
--- /dev/null
+++ b/SPECS/expected/expected-1.1.0-version-fix.patch
@@ -0,0 +1,22 @@
+From 0a9ee3b58517a961a9b2d313fab4513b3e4909a1 Mon Sep 17 00:00:00 2001
+From: Vitaly Zaitsev 
+Date: Thu, 16 Mar 2023 08:57:09 +0100
+Subject: [PATCH] Fixed version number in exported CMake configs.
+
+---
+ CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index ddab64e..7152b41 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.14)
+ project(tl-expected
+   HOMEPAGE_URL https://tl.tartanllama.xyz
+   DESCRIPTION "C++11/14/17 std::expected with functional-style extensions"
+-  VERSION 1.0.0
++  VERSION 1.1.0
+   LANGUAGES CXX)
+ 
+ include(CMakePackageConfigHelpers)
diff --git a/SPECS/expected/expected.signatures.json b/SPECS/expected/expected.signatures.json
new file mode 100644
index 0000000000..68569dad54
--- /dev/null
+++ b/SPECS/expected/expected.signatures.json
@@ -0,0 +1,6 @@
+{
+    "Signatures": {
+     "expected-1.1.0.tar.gz": "1db357f46dd2b24447156aaf970c4c40a793ef12a8a9c2ad9e096d9801368df6"
+    }
+   }
+   
\ No newline at end of file
diff --git a/SPECS/expected/expected.spec b/SPECS/expected/expected.spec
new file mode 100644
index 0000000000..48b561bdd4
--- /dev/null
+++ b/SPECS/expected/expected.spec
@@ -0,0 +1,101 @@
+Summary:        C++11/14/17 std::expected with functional-style extensions
+Name:           expected
+Version:        1.1.0
+Release:        7%{?dist}
+License:        CC0-1.0
+URL:            https://github.com/TartanLlama/%{name}
+Source0:        %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+BuildArch:      noarch
+# https://github.com/TartanLlama/expected/pull/142
+Patch100:       expected-1.1.0-version-fix.patch
+BuildRequires:  ninja-build
+BuildRequires:  gcc-c++
+BuildRequires:  cmake
+BuildRequires:  gcc
+
+%description
+Header-only %{summary}.
+
+%package devel
+Summary:        Development files for %{name}
+Provides:       %{name}-static = %{?epoch:%{epoch}:}%{version}-%{release}
+Provides:       cmake(tl-expected)
+
+%description devel
+Header-only %{summary}.
+
+std::expected is proposed as the preferred way to represent objec
+which will either have an expected value, or an unexpected value
+giving information about why something failed. Unfortunately,
+chaining together many computations which may fail can be verbose,
+as error-checking code will be mixed in with the actual programming
+logic. This implementation provides a number of utilities to make
+coding with expected cleaner.
+
+%prep
+%autosetup -p1
+
+%build
+%cmake -G Ninja \
+    -DCMAKE_BUILD_TYPE=Release \
+    -DEXPECTED_BUILD_TESTS=OFF \
+    -DEXPECTED_BUILD_PACKAGE=OFF
+%cmake_build
+
+%install
+%cmake_install
+
+%files devel
+%doc README.md
+%license COPYING
+%{_includedir}/tl
+%{_datadir}/cmake/tl-%{name}
+
+%changelog
+* Fri April 11 2025 Riken Maharjan  - 1.1.0-7
+- Initial Azure Linux import from Fedora 42 (license: MIT)
+- License Verified
+
+* Thu Jan 16 2025 Fedora Release Engineering  - 1.1.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
+
+* Wed Jul 17 2024 Fedora Release Engineering  - 1.1.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Wed Jan 24 2024 Fedora Release Engineering  - 1.1.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jan 19 2024 Fedora Release Engineering  - 1.1.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Wed Jul 19 2023 Fedora Release Engineering  - 1.1.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Mar 16 2023 Vitaly Zaitsev  - 1.1.0-1
+- Updated to version 1.1.0.
+
+* Thu Jan 19 2023 Fedora Release Engineering  - 1.0.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Thu Jul 21 2022 Fedora Release Engineering  - 1.0.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Jan 20 2022 Fedora Release Engineering  - 1.0.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Wed Jul 21 2021 Fedora Release Engineering  - 1.0.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Jan 26 2021 Fedora Release Engineering  - 1.0.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Jul 27 2020 Fedora Release Engineering  - 1.0.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jan 28 2020 Fedora Release Engineering  - 1.0.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Jan 06 2020 Vitaly Zaitsev  - 1.0.0-1
+- Initial SPEC release.
diff --git a/SPECS/fcgi/CVE-2012-6687.patch b/SPECS/fcgi/CVE-2012-6687.patch
deleted file mode 100644
index d52a3a9e4c..0000000000
--- a/SPECS/fcgi/CVE-2012-6687.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-diff -rupr a/libfcgi/os_unix.c b/libfcgi/os_unix.c
---- a/libfcgi/os_unix.c	2002-03-05 11:14:49.000000000 -0800
-+++ b/libfcgi/os_unix.c	2017-05-24 17:21:13.852190002 -0700
-@@ -42,6 +42,7 @@ static const char rcsid[] = "$Id: os_uni
- #include 
- #include 
- #include 
-+#include 
- 
- #ifdef HAVE_NETDB_H
- #include 
-@@ -103,6 +104,9 @@ static int volatile maxFd = -1;
- static int shutdownPending = FALSE;
- static int shutdownNow = FALSE;
- 
-+static int libfcgiOsClosePollTimeout = 2000;
-+static int libfcgiIsAfUnixKeeperPollTimeout = 2000;
-+
- void OS_ShutdownPending()
- {
-     shutdownPending = TRUE;
-@@ -168,6 +172,16 @@ int OS_LibInit(int stdioFds[3])
-     if(libInitialized)
-         return 0;
- 
-+    char *libfcgiOsClosePollTimeoutStr = getenv( "LIBFCGI_OS_CLOSE_POLL_TIMEOUT" );
-+    if(libfcgiOsClosePollTimeoutStr) {
-+        libfcgiOsClosePollTimeout = atoi(libfcgiOsClosePollTimeoutStr);
-+    }
-+
-+    char *libfcgiIsAfUnixKeeperPollTimeoutStr = getenv( "LIBFCGI_IS_AF_UNIX_KEEPER_POLL_TIMEOUT" );
-+    if(libfcgiIsAfUnixKeeperPollTimeoutStr) {
-+        libfcgiIsAfUnixKeeperPollTimeout = atoi(libfcgiIsAfUnixKeeperPollTimeoutStr);
-+    }
-+
-     asyncIoTable = (AioInfo *)malloc(asyncIoTableSize * sizeof(AioInfo));
-     if(asyncIoTable == NULL) {
-         errno = ENOMEM;
-@@ -755,19 +769,16 @@ int OS_Close(int fd)
- 
-     if (shutdown(fd, 1) == 0)
-     {
--        struct timeval tv;
--        fd_set rfds;
-+        struct pollfd pfd;
-         int rv;
-         char trash[1024];
- 
--        FD_ZERO(&rfds);
-+        pfd.fd = fd;
-+        pfd.events = POLLIN;
- 
-         do 
-         {
--            FD_SET(fd, &rfds);
--            tv.tv_sec = 2;
--            tv.tv_usec = 0;
--            rv = select(fd + 1, &rfds, NULL, NULL, &tv);
-+            rv = poll(&pfd, 1, libfcgiOsClosePollTimeout);
-         }
-         while (rv > 0 && read(fd, trash, sizeof(trash)) > 0);
-     }
-@@ -1116,13 +1127,11 @@ static int is_reasonable_accept_errno (c
-  */
- static int is_af_unix_keeper(const int fd)
- {
--    struct timeval tval = { READABLE_UNIX_FD_DROP_DEAD_TIMEVAL };
--    fd_set read_fds;
--
--    FD_ZERO(&read_fds);
--    FD_SET(fd, &read_fds);
-+    struct pollfd pfd;
-+    pfd.fd = fd;
-+    pfd.events = POLLIN;
- 
--    return select(fd + 1, &read_fds, NULL, NULL, &tval) >= 0 && FD_ISSET(fd, &read_fds);
-+    return poll(&pfd, 1, libfcgiIsAfUnixKeeperPollTimeout) >= 0 && (pfd.revents & POLLIN);
- }
- 
- /*
diff --git a/SPECS/fcgi/fcgi-EOF.patch b/SPECS/fcgi/fcgi-EOF.patch
deleted file mode 100644
index f70e53c05b..0000000000
--- a/SPECS/fcgi/fcgi-EOF.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -rupr a/libfcgi/fcgio.cpp b/libfcgi/fcgio.cpp
---- a/libfcgi/fcgio.cpp	2002-02-24 20:12:22.000000000 +0000
-+++ b/libfcgi/fcgio.cpp	2016-12-19 07:52:08.208120000 +0000
-@@ -23,6 +23,7 @@
- #endif
- 
- #include 
-+#include 
- #include "fcgio.h"
- 
- using std::streambuf;
diff --git a/SPECS/fcgi/fcgi.signatures.json b/SPECS/fcgi/fcgi.signatures.json
index e33c1d9a22..643778a5dd 100644
--- a/SPECS/fcgi/fcgi.signatures.json
+++ b/SPECS/fcgi/fcgi.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "fcgi-2.4.0.tar.gz": "66fc45c6b36a21bf2fbbb68e90f780cc21a9da1fffbae75e76d2b4402d3f05b9"
+  "fcgi-2.4.5.tar.gz": "92b0111a98d8636e06c128444a3d4d7a720bdd54e6ee4dd0c7b67775b1b0abff"
  }
 }
diff --git a/SPECS/fcgi/fcgi.spec b/SPECS/fcgi/fcgi.spec
index 557afa6aa1..205a049c77 100644
--- a/SPECS/fcgi/fcgi.spec
+++ b/SPECS/fcgi/fcgi.spec
@@ -1,13 +1,11 @@
 Summary:        FastCGI development kit
 Name:           fcgi
-Version:        2.4.0
-Release:        7%{?dist}
+Version:        2.4.5
+Release:        1%{?dist}
 License:        OML
 # NOTE: below is an archive of FastCGI. The original project web page (http://www.fastcgi.com) is no longer online.
 URL:            https://fastcgi-archives.github.io
-Source0:        https://src.fedoraproject.org/lookaside/extras/%{name}/%{name}-%{version}.tar.gz/d15060a813b91383a9f3c66faf84867e/%{name}-%{version}.tar.gz
-Patch0:         fcgi-EOF.patch
-Patch1:         CVE-2012-6687.patch
+Source0:        https://github.com/FastCGI-Archives/fcgi2/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Group:          Development/Libraries/C and C++
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -25,11 +23,10 @@ FastCGI is a language independent, scalable, open extension to CGI that
 provides high performance without the limitations of server specific APIs.
 
 %prep
-%setup -q
-%patch 0 -p1
-%patch 1 -p1
+%autosetup -n %{name}2-%{version} -p1
 
 %build
+./autogen.sh
 %configure \
    --disable-static
 make
@@ -48,28 +45,44 @@ make check
 
 %files
 %defattr(-,root,root)
-%license LICENSE.TERMS
+%license LICENSE
 %{_bindir}/*
 %{_libdir}/libfcgi*.so*
+%doc %{_mandir}/man1/cgi-fcgi.1*
+%doc %{_mandir}/man3/FCGI_Accept.3*
+%doc %{_mandir}/man3/FCGI_Finish.3*
+%doc %{_mandir}/man3/FCGI_SetExitStatus.3*
+%doc %{_mandir}/man3/FCGI_StartFilterData.3*
 
 %files devel
 %defattr(-,root,root)
 %{_includedir}/*
+%{_libdir}/pkgconfig/fcgi*.pc
 
 %changelog
+* Tue Apr 22 2025 Kanishk Bansal  - 2.4.5-1
+- Upgrade to 2.4.5 to fix CVE-2025-23016
+- Remove patch of CVE-2012-6687, fcgi-EOF
+- Added missing man pages and pkgconfig files to package
+
 * Sat May 09 2020 Nick Samson  - 2.4.0-7
 - Added %%license line automatically
 
-*   Mon Apr 27 2020 Pawel Winogrodzki  2.4.0-6
--   Fixed 'Source0' and 'URL' tags.
--   License verified.
-*   Thu Feb 27 2020 Henry Beberman  2.4.0-5
--   Glob to include libfcgi++ as well as libfcgi in RPM
-*   Tue Sep 03 2019 Mateusz Malisz  2.4.0-4
--   Initial CBL-Mariner import from Photon (license: Apache2).
-*   Fri Oct 13 2017 Alexey Makhalov  2.4.0-3
--   Use standard configure macros
-*   Wed May 24 2017 Dheeraj Shetty  2.4.0-2
--   Patch for CVE-2012-6687
-*   Fri Dec 16 2016 Dheeraj Shetty  2.4.0-1
--   Initial build. First version
+* Mon Apr 27 2020 Pawel Winogrodzki  2.4.0-6
+- Fixed 'Source0' and 'URL' tags.
+- License verified.
+
+* Thu Feb 27 2020 Henry Beberman  2.4.0-5
+- Glob to include libfcgi++ as well as libfcgi in RPM
+
+* Tue Sep 03 2019 Mateusz Malisz  2.4.0-4
+- Initial CBL-Mariner import from Photon (license: Apache2).
+
+* Fri Oct 13 2017 Alexey Makhalov  2.4.0-3
+- Use standard configure macros
+
+* Wed May 24 2017 Dheeraj Shetty  2.4.0-2
+- Patch for CVE-2012-6687
+
+* Fri Dec 16 2016 Dheeraj Shetty  2.4.0-1
+- Initial build. First version
diff --git a/SPECS/flannel/CVE-2024-51744.patch b/SPECS/flannel/CVE-2024-51744.patch
new file mode 100644
index 0000000000..57d3c73fe0
--- /dev/null
+++ b/SPECS/flannel/CVE-2024-51744.patch
@@ -0,0 +1,87 @@
+From 4bdd0781a0598fc63e255e17d1bf685014582ec8 Mon Sep 17 00:00:00 2001
+From: jykanase 
+Date: Wed, 19 Mar 2025 13:30:49 +0000
+Subject: [PATCH] CVE-2024-51744
+
+---
+ vendor/github.com/golang-jwt/jwt/v4/parser.go | 36 +++++++++++++++-----------
+ 1 file changed, 21 insertions(+), 15 deletions(-)
+
+diff --git a/vendor/github.com/golang-jwt/jwt/v4/parser.go b/vendor/github.com/golang-jwt/jwt/v4/parser.go
+index 2f61a69..2367289 100644
+--- a/vendor/github.com/golang-jwt/jwt/v4/parser.go
++++ b/vendor/github.com/golang-jwt/jwt/v4/parser.go
+@@ -36,12 +36,21 @@ func NewParser(options ...ParserOption) *Parser {
+ 	return p
+ }
+ 
+-// Parse parses, validates, verifies the signature and returns the parsed token.
+-// keyFunc will receive the parsed token and should return the key for validating.
++// Parse parses, validates, verifies the signature and returns the parsed token. keyFunc will
++// receive the parsed token and should return the key for validating.
+ func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
+ 	return p.ParseWithClaims(tokenString, MapClaims{}, keyFunc)
+ }
+ 
++// ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object
++// implementing the Claims interface. This provides default values which can be overridden and
++// allows a caller to use their own type, rather than the default MapClaims implementation of
++// Claims.
++//
++// Note: If you provide a custom claim implementation that embeds one of the standard claims (such
++// as RegisteredClaims), make sure that a) you either embed a non-pointer version of the claims or
++// b) if you are using a pointer, allocate the proper memory for it before passing in the overall
++// claims, otherwise you might run into a panic.
+ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) {
+ 	token, parts, err := p.ParseUnverified(tokenString, claims)
+ 	if err != nil {
+@@ -77,13 +86,18 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ 		}
+ 		return token, &ValidationError{Inner: err, Errors: ValidationErrorUnverifiable}
+ 	}
++	// Perform validation
++ 	token.Signature = parts[2]
++ 	if err := token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
++ 		return token, &ValidationError{Inner: err, Errors: ValidationErrorSignatureInvalid}
++ 	}
++
+ 
+ 	vErr := &ValidationError{}
+ 
+ 	// Validate Claims
+ 	if !p.SkipClaimsValidation {
+ 		if err := token.Claims.Valid(); err != nil {
+-
+ 			// If the Claims Valid returned an error, check if it is a validation error,
+ 			// If it was another error type, create a ValidationError with a generic ClaimsInvalid flag set
+ 			if e, ok := err.(*ValidationError); !ok {
+@@ -91,22 +105,14 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ 			} else {
+ 				vErr = e
+ 			}
++			return token, vErr
+ 		}
+ 	}
+ 
+-	// Perform validation
+-	token.Signature = parts[2]
+-	if err = token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
+-		vErr.Inner = err
+-		vErr.Errors |= ValidationErrorSignatureInvalid
+-	}
+-
+-	if vErr.valid() {
+-		token.Valid = true
+-		return token, nil
+-	}
++	// No errors so far, token is valid.
++ 	token.Valid = true
+ 
+-	return token, vErr
++	return token, nil
+ }
+ 
+ // ParseUnverified parses the token but doesn't validate the signature.
+-- 
+2.45.2
+
diff --git a/SPECS/flannel/flannel.spec b/SPECS/flannel/flannel.spec
index aff4e72400..99ba96ea73 100644
--- a/SPECS/flannel/flannel.spec
+++ b/SPECS/flannel/flannel.spec
@@ -3,7 +3,7 @@
 Summary:        Simple and easy way to configure a layer 3 network fabric designed for Kubernetes
 Name:           flannel
 Version:        0.24.2
-Release:        13%{?dist}
+Release:        15%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -15,9 +15,10 @@ Patch0:         CVE-2024-24786.patch
 Patch1:         CVE-2023-44487.patch
 Patch2:         CVE-2023-45288.patch
 Patch3:         CVE-2025-30204.patch
+Patch4:         CVE-2024-51744.patch
 BuildRequires:  gcc
 BuildRequires:  glibc-devel
-BuildRequires:  glibc-static >= 2.38-9%{?dist}
+BuildRequires:  glibc-static >= 2.38-10%{?dist}
 BuildRequires:  golang >= 1.20
 BuildRequires:  kernel-headers
 
@@ -51,6 +52,11 @@ install -p -m 755 -t %{buildroot}%{_bindir} ./dist/flanneld
 %{_bindir}/flanneld
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 0.24.2-15
+- merge from Azure Linux 3.0.20250521-3.0
+- Bump to rebuild with updated glibc
+- patch for CVE-2024-51744
+
 * Fri Apr 28 2025 Ranjan Dutta  - 0.24.2-13
 - merge from Azure Linux tag 3.0.20250423-3.0
 - Patch CVE-2025-30204
diff --git a/SPECS/fluent-bit/CVE-2025-31498.patch b/SPECS/fluent-bit/CVE-2025-31498.patch
new file mode 100644
index 0000000000..9016ba76e5
--- /dev/null
+++ b/SPECS/fluent-bit/CVE-2025-31498.patch
@@ -0,0 +1,717 @@
+From 1e22415e5fe183d2d80dbc99b9e44b94138cb689 Mon Sep 17 00:00:00 2001
+From: Ankita Pareek 
+Date: Fri, 11 Apr 2025 11:05:50 +0530
+Subject: [PATCH] fluent-bit: Add patch for addressing CVE-2025-31498
+
+Upstream reference: https://github.com/c-ares/c-ares/compare/69e1ad5..82489f2
+
+Signed-off-by: Ankita Pareek 
+---
+ .../src/lib/ares__close_sockets.c             |   2 +-
+ lib/c-ares-1.33.1/src/lib/ares_cookie.c       |   7 +-
+ lib/c-ares-1.33.1/src/lib/ares_private.h      |   6 +-
+ lib/c-ares-1.33.1/src/lib/ares_process.c      | 139 ++++++++++++++----
+ lib/c-ares-1.33.1/src/lib/dsa/ares__array.c   |  15 ++
+ lib/c-ares-1.33.1/src/lib/dsa/ares__array.h   |  14 ++
+ lib/c-ares-1.33.1/test/ares-test-mock-ai.cc   |  94 ++++++++++++
+ lib/c-ares-1.33.1/test/ares-test-mock.cc      |  60 ++++++++
+ lib/c-ares-1.33.1/test/ares-test.cc           |  27 +++-
+ lib/c-ares-1.33.1/test/ares-test.h            |  22 +++
+ 10 files changed, 354 insertions(+), 32 deletions(-)
+
+diff --git a/lib/c-ares-1.33.1/src/lib/ares__close_sockets.c b/lib/c-ares-1.33.1/src/lib/ares__close_sockets.c
+index 71c7e64..545edb7 100644
+--- a/lib/c-ares-1.33.1/src/lib/ares__close_sockets.c
++++ b/lib/c-ares-1.33.1/src/lib/ares__close_sockets.c
+@@ -37,7 +37,7 @@ static void ares__requeue_queries(ares_conn_t  *conn,
+   ares__tvnow(&now);
+ 
+   while ((query = ares__llist_first_val(conn->queries_to_conn)) != NULL) {
+-    ares__requeue_query(query, &now, requeue_status, ARES_TRUE, NULL);
++    ares__requeue_query(query, &now, requeue_status, ARES_TRUE, NULL, NULL);
+   }
+ }
+ 
+diff --git a/lib/c-ares-1.33.1/src/lib/ares_cookie.c b/lib/c-ares-1.33.1/src/lib/ares_cookie.c
+index bf9d1ba..1915c0b 100644
+--- a/lib/c-ares-1.33.1/src/lib/ares_cookie.c
++++ b/lib/c-ares-1.33.1/src/lib/ares_cookie.c
+@@ -369,7 +369,8 @@ ares_status_t ares_cookie_apply(ares_dns_record_t *dnsrec, ares_conn_t *conn,
+ 
+ ares_status_t ares_cookie_validate(ares_query_t            *query,
+                                    const ares_dns_record_t *dnsresp,
+-                                   ares_conn_t *conn, const ares_timeval_t *now)
++                                   ares_conn_t *conn, const ares_timeval_t *now,
++                                   ares__array_t **requeue)
+ {
+   ares_server_t           *server = conn->server;
+   ares_cookie_t           *cookie = &server->cookie;
+@@ -427,8 +428,8 @@ ares_status_t ares_cookie_validate(ares_query_t            *query,
+     /* Resend the request, hopefully it will work the next time as we should
+      * have recorded a server cookie */
+     ares__requeue_query(query, now, ARES_SUCCESS,
+-                        ARES_FALSE /* Don't increment try count */,
+-                        NULL);
++                        ARES_FALSE /* Don't increment try count */, NULL,
++                        requeue);
+ 
+     /* Parent needs to drop this response */
+     return ARES_EBADRESP;
+diff --git a/lib/c-ares-1.33.1/src/lib/ares_private.h b/lib/c-ares-1.33.1/src/lib/ares_private.h
+index 263c2a6..2605c9e 100644
+--- a/lib/c-ares-1.33.1/src/lib/ares_private.h
++++ b/lib/c-ares-1.33.1/src/lib/ares_private.h
+@@ -466,7 +466,8 @@ ares_status_t ares__requeue_query(ares_query_t            *query,
+                                   const ares_timeval_t    *now,
+                                   ares_status_t            status,
+                                   ares_bool_t              inc_try_count,
+-                                  const ares_dns_record_t *dnsrec);
++                                  const ares_dns_record_t *dnsrec,
++                                  ares__array_t           **requeue);
+ 
+ /*! Count the number of labels (dots+1) in a domain */
+ size_t ares__name_label_cnt(const char *name);
+@@ -782,7 +783,8 @@ ares_status_t ares_cookie_apply(ares_dns_record_t *dnsrec, ares_conn_t *conn,
+ ares_status_t ares_cookie_validate(ares_query_t            *query,
+                                    const ares_dns_record_t *dnsresp,
+                                    ares_conn_t             *conn,
+-                                   const ares_timeval_t    *now);
++                                   const ares_timeval_t    *now,
++                                   ares__array_t           **requeue);
+ 
+ ares_status_t ares__channel_threading_init(ares_channel_t *channel);
+ void          ares__channel_threading_destroy(ares_channel_t *channel);
+diff --git a/lib/c-ares-1.33.1/src/lib/ares_process.c b/lib/c-ares-1.33.1/src/lib/ares_process.c
+index f05f67d..e84c36a 100644
+--- a/lib/c-ares-1.33.1/src/lib/ares_process.c
++++ b/lib/c-ares-1.33.1/src/lib/ares_process.c
+@@ -55,7 +55,8 @@ static void          process_timeouts(ares_channel_t       *channel,
+ static ares_status_t process_answer(ares_channel_t      *channel,
+                                     const unsigned char *abuf, size_t alen,
+                                     ares_conn_t *conn, ares_bool_t tcp,
+-                                    const ares_timeval_t *now);
++                                    const ares_timeval_t *now,
++                                    ares__array_t        **requeue);
+ static void handle_conn_error(ares_conn_t *conn, ares_bool_t critical_failure,
+                               ares_status_t failure_status);
+ 
+@@ -299,6 +300,34 @@ static void write_tcp_data(ares_channel_t *channel, fd_set *write_fds,
+   }
+ }
+ 
++/* Simple data structure to store a query that needs to be requeued with
++ * optional server */
++typedef struct {
++  unsigned short qid;
++  ares_server_t *server; /* optional */
++} ares_requeue_t;
++
++static ares_status_t ares_append_requeue(ares__array_t **requeue,
++                                         ares_query_t *query,
++                                         ares_server_t *server)
++{
++  ares_requeue_t entry;
++
++  if (*requeue == NULL) {
++    *requeue = ares__array_create(sizeof(ares_requeue_t), NULL);
++    if (*requeue == NULL) {
++      return ARES_ENOMEM;
++    }
++  }
++
++  ares__query_disassociate_from_conn(query);
++
++  entry.qid    = query->qid;
++  entry.server = server;
++  return ares__array_insertdata_last(*requeue, &entry);
++}
++
++
+ /* If any TCP socket selects true for reading, read some data,
+  * allocate a buffer if we finish reading the length word, and process
+  * a packet if we finish reading one.
+@@ -306,8 +335,10 @@ static void write_tcp_data(ares_channel_t *channel, fd_set *write_fds,
+ static void read_tcp_data(ares_channel_t *channel, ares_conn_t *conn,
+                           const ares_timeval_t *now)
+ {
+-  ares_ssize_t   count;
+-  ares_server_t *server = conn->server;
++  ares_ssize_t    count;
++  ares_server_t  *server = conn->server;
++  ares_status_t   status;
++  ares__array_t  *requeue = NULL;
+ 
+   /* Fetch buffer to store data we are reading */
+   size_t         ptr_len = 65535;
+@@ -340,7 +371,6 @@ static void read_tcp_data(ares_channel_t *channel, ares_conn_t *conn,
+     unsigned short       dns_len  = 0;
+     const unsigned char *data     = NULL;
+     size_t               data_len = 0;
+-    ares_status_t        status;
+ 
+     /* Tag so we can roll back */
+     ares__buf_tag(server->tcp_parser);
+@@ -369,15 +399,39 @@ static void read_tcp_data(ares_channel_t *channel, ares_conn_t *conn,
+     data_len -= 2;
+ 
+     /* We finished reading this answer; process it */
+-    status = process_answer(channel, data, data_len, conn, ARES_TRUE, now);
++    status = process_answer(channel, data, data_len, conn, ARES_TRUE, now,
++                            &requeue);
+     if (status != ARES_SUCCESS) {
+       handle_conn_error(conn, ARES_TRUE, status);
+-      return;
++      goto cleanup;
+     }
+ 
+     /* Since we processed the answer, clear the tag so space can be reclaimed */
+     ares__buf_tag_clear(server->tcp_parser);
+   }
++
++cleanup:
++
++  /* Flush requeue */
++  while (ares__array_len(requeue) > 0) {
++    ares_query_t  *query;
++    ares_requeue_t entry;
++    ares_status_t  internal_status;
++
++    internal_status = ares__array_claim_at(&entry, sizeof(entry), requeue, 0);
++    if (internal_status != ARES_SUCCESS) {
++      break;
++    }
++
++    /* Query disappeared */
++    query = ares__htable_szvp_get_direct(channel->queries_by_qid, entry.qid);
++    if (query == NULL) {
++      continue;
++    }
++
++    ares__send_query(query, now);
++  }
++  ares__array_destroy(requeue);
+ }
+ 
+ static ares_socket_t *channel_socket_list(const ares_channel_t *channel,
+@@ -423,8 +477,9 @@ static ares_socket_t *channel_socket_list(const ares_channel_t *channel,
+ static void read_udp_packets_fd(ares_channel_t *channel, ares_conn_t *conn,
+                                 const ares_timeval_t *now)
+ {
+-  ares_ssize_t  read_len;
+-  unsigned char buf[MAXENDSSZ + 1];
++  ares_ssize_t   read_len;
++  unsigned char  buf[MAXENDSSZ + 1];
++  ares__array_t *requeue = NULL;
+ 
+ #ifdef HAVE_RECVFROM
+   ares_socklen_t fromlen;
+@@ -464,7 +519,7 @@ static void read_udp_packets_fd(ares_channel_t *channel, ares_conn_t *conn,
+       }
+ 
+       handle_conn_error(conn, ARES_TRUE, ARES_ECONNREFUSED);
+-      return;
++      goto cleanup;
+ #ifdef HAVE_RECVFROM
+     } else if (!same_address(&from.sa, &conn->server->addr)) {
+       /* The address the response comes from does not match the address we
+@@ -474,12 +529,36 @@ static void read_udp_packets_fd(ares_channel_t *channel, ares_conn_t *conn,
+ #endif
+ 
+     } else {
+-      process_answer(channel, buf, (size_t)read_len, conn, ARES_FALSE, now);
++      process_answer(channel, buf, (size_t)read_len, conn, ARES_FALSE, now,
++                     &requeue);
+     }
+ 
+     /* Try to read again only if *we* set up the socket, otherwise it may be
+      * a blocking socket and would cause recvfrom to hang. */
+   } while (read_len >= 0 && channel->sock_funcs == NULL);
++
++cleanup:
++
++  /* Flush requeue */
++  while (ares__array_len(requeue) > 0) {
++    ares_query_t  *query;
++    ares_requeue_t entry;
++    ares_status_t  internal_status;
++
++    internal_status = ares__array_claim_at(&entry, sizeof(entry), requeue, 0);
++    if (internal_status != ARES_SUCCESS) {
++      break;
++    }
++
++    /* Query disappeared */
++    query = ares__htable_szvp_get_direct(channel->queries_by_qid, entry.qid);
++    if (query == NULL) {
++      continue;
++    }
++
++    ares__send_query(query, now);
++  }
++  ares__array_destroy(requeue);
+ }
+ 
+ static void read_packets(ares_channel_t *channel, fd_set *read_fds,
+@@ -571,7 +650,7 @@ static void process_timeouts(ares_channel_t *channel, const ares_timeval_t *now)
+ 
+     conn = query->conn;
+     server_increment_failures(conn->server, query->using_tcp);
+-    ares__requeue_query(query, now, ARES_ETIMEOUT, ARES_TRUE, NULL);
++    ares__requeue_query(query, now, ARES_ETIMEOUT, ARES_TRUE, NULL, NULL);
+   }
+ }
+ 
+@@ -608,7 +687,8 @@ done:
+ static ares_status_t process_answer(ares_channel_t      *channel,
+                                     const unsigned char *abuf, size_t alen,
+                                     ares_conn_t *conn, ares_bool_t tcp,
+-                                    const ares_timeval_t *now)
++                                    const ares_timeval_t *now,
++                                    ares__array_t        **requeue)
+ {
+   ares_query_t      *query;
+   /* Cache these as once ares__send_query() gets called, it may end up
+@@ -647,7 +727,8 @@ static ares_status_t process_answer(ares_channel_t      *channel,
+ 
+   /* Validate DNS cookie in response. This function may need to requeue the
+    * query. */
+-  if (ares_cookie_validate(query, rdnsrec, conn, now) != ARES_SUCCESS) {
++  if (ares_cookie_validate(query, rdnsrec, conn, now, requeue)
++      != ARES_SUCCESS) {
+     /* Drop response and return */
+     status = ARES_SUCCESS;
+     goto cleanup;
+@@ -672,8 +753,8 @@ static ares_status_t process_answer(ares_channel_t      *channel,
+       goto cleanup;
+     }
+ 
+-    ares__send_query(query, now);
+-    status = ARES_SUCCESS;
++    /* Requeue to same server */
++    status = ares_append_requeue(requeue, query, server);
+     goto cleanup;
+   }
+ 
+@@ -684,8 +765,9 @@ static ares_status_t process_answer(ares_channel_t      *channel,
+   if (ares_dns_record_get_flags(rdnsrec) & ARES_FLAG_TC && !tcp &&
+       !(channel->flags & ARES_FLAG_IGNTC)) {
+     query->using_tcp = ARES_TRUE;
+-    ares__send_query(query, now);
+-    status = ARES_SUCCESS; /* Switched to TCP is ok */
++    status = ares_append_requeue(requeue, query, NULL);
++    /* Status will reflect success except on memory error, which is good since
++     * requeuing to TCP is ok */
+     goto cleanup;
+   }
+ 
+@@ -711,11 +793,14 @@ static ares_status_t process_answer(ares_channel_t      *channel,
+       }
+ 
+       server_increment_failures(server, query->using_tcp);
+-      ares__requeue_query(query, now, status, ARES_TRUE, rdnsrec);
++      status = ares__requeue_query(query, now, status, ARES_TRUE, rdnsrec,
++                                   requeue);
+ 
+-      /* Should any of these cause a connection termination?
+-       * Maybe SERVER_FAILURE? */
+-      status = ARES_SUCCESS;
++      if (status != ARES_ENOMEM) {
++        /* Should any of these cause a connection termination?
++         * Maybe SERVER_FAILURE? */
++        status = ARES_SUCCESS;
++      }
+       goto cleanup;
+     }
+   }
+@@ -760,7 +845,8 @@ ares_status_t ares__requeue_query(ares_query_t            *query,
+                                   const ares_timeval_t    *now,
+                                   ares_status_t            status,
+                                   ares_bool_t              inc_try_count,
+-                                  const ares_dns_record_t *dnsrec)
++                                  const ares_dns_record_t *dnsrec,
++                                  ares__array_t           **requeue)
+ {
+   ares_channel_t *channel = query->channel;
+   size_t max_tries        = ares__slist_len(channel->servers) * channel->tries;
+@@ -776,6 +862,9 @@ ares_status_t ares__requeue_query(ares_query_t            *query,
+   }
+ 
+   if (query->try_count < max_tries && !query->no_retries) {
++    if (requeue != NULL) {
++      return ares_append_requeue(requeue, query, NULL);
++    }
+     return ares__send_query(query, now);
+   }
+ 
+@@ -1079,7 +1168,7 @@ ares_status_t ares__send_query(ares_query_t *query, const ares_timeval_t *now)
+       case ARES_ECONNREFUSED:
+       case ARES_EBADFAMILY:
+         server_increment_failures(server, query->using_tcp);
+-        return ares__requeue_query(query, now, status, ARES_TRUE, NULL);
++        return ares__requeue_query(query, now, status, ARES_TRUE, NULL, NULL);
+ 
+       /* Anything else is not retryable, likely ENOMEM */
+       default:
+@@ -1105,7 +1194,7 @@ ares_status_t ares__send_query(ares_query_t *query, const ares_timeval_t *now)
+     case ARES_ECONNREFUSED:
+     case ARES_EBADFAMILY:
+       handle_conn_error(conn, ARES_TRUE, status);
+-      status = ares__requeue_query(query, now, status, ARES_TRUE, NULL);
++      status = ares__requeue_query(query, now, status, ARES_TRUE, NULL, NULL);
+       if (status == ARES_ETIMEOUT) {
+         status = ARES_ECONNREFUSED;
+       }
+@@ -1115,7 +1204,7 @@ ares_status_t ares__send_query(ares_query_t *query, const ares_timeval_t *now)
+      * just requeue to a different server/connection. */
+     default:
+       server_increment_failures(server, query->using_tcp);
+-      status = ares__requeue_query(query, now, status, ARES_TRUE, NULL);
++      status = ares__requeue_query(query, now, status, ARES_TRUE, NULL, NULL);
+       return status;
+   }
+ 
+diff --git a/lib/c-ares-1.33.1/src/lib/dsa/ares__array.c b/lib/c-ares-1.33.1/src/lib/dsa/ares__array.c
+index 0c72424..7568b07 100644
+--- a/lib/c-ares-1.33.1/src/lib/dsa/ares__array.c
++++ b/lib/c-ares-1.33.1/src/lib/dsa/ares__array.c
+@@ -265,6 +265,21 @@ ares_status_t ares__array_insert_first(void **elem_ptr, ares__array_t *arr)
+   return ares__array_insert_at(elem_ptr, arr, 0);
+ }
+ 
++ares_status_t ares__array_insertdata_last(ares__array_t *arr,
++                                          const void   *data_ptr)
++{
++  ares_status_t status;
++  void         *ptr = NULL;
++
++  status = ares__array_insert_last(&ptr, arr);
++  if (status != ARES_SUCCESS) {
++    return status;
++  }
++  memcpy(ptr, data_ptr, arr->member_size);
++  return ARES_SUCCESS;
++}
++
++
+ void *ares__array_first(ares__array_t *arr)
+ {
+   return ares__array_at(arr, 0);
+diff --git a/lib/c-ares-1.33.1/src/lib/dsa/ares__array.h b/lib/c-ares-1.33.1/src/lib/dsa/ares__array.h
+index 6fa1c0e..ab0271d 100644
+--- a/lib/c-ares-1.33.1/src/lib/dsa/ares__array.h
++++ b/lib/c-ares-1.33.1/src/lib/dsa/ares__array.h
+@@ -218,6 +218,20 @@ ares_status_t  ares__array_remove_first(ares__array_t *arr);
+  */
+ ares_status_t  ares__array_remove_last(ares__array_t *arr);
+ 
++/*! Insert a new array member at the end of the array and copy the data pointed
++ *  to by the data pointer into the array.  This will copy member_size bytes
++ *  from the provided pointer, this may not be safe for some data types
++ *  that may have a smaller size than the provided member_size which includes
++ *  padding as discussed in ares_array_create().
++ *
++ *  \param[in]  arr      Initialized array object.
++ *  \param[in]  data_ptr Pointer to data to copy into array.
++ *  \return ARES_SUCCESS on success, ARES_EFORMERR on bad index or null data
++ * ptr, ARES_ENOMEM on out of memory.
++ */
++CARES_EXTERN ares_status_t ares__array_insertdata_last(ares__array_t *arr,
++                                                       const void   *data_ptr);
++
+ /*! @} */
+ 
+ #endif /* __ARES__ARRAY_H */
+diff --git a/lib/c-ares-1.33.1/test/ares-test-mock-ai.cc b/lib/c-ares-1.33.1/test/ares-test-mock-ai.cc
+index b4a4f99..ad61b04 100644
+--- a/lib/c-ares-1.33.1/test/ares-test-mock-ai.cc
++++ b/lib/c-ares-1.33.1/test/ares-test-mock-ai.cc
+@@ -713,6 +713,100 @@ TEST_P(MockChannelTestAI, FamilyUnspecified) {
+   EXPECT_THAT(result.ai_, IncludesV6Address("2121:0000:0000:0000:0000:0000:0000:0303"));
+ }
+ 
++
++TEST_P(MockChannelTestAI, TriggerResendThenConnFailSERVFAIL) {
++  // Set up the server response. The server always returns SERVFAIL.
++  DNSPacket badrsp4;
++  badrsp4.set_response().set_aa().set_rcode(SERVFAIL)
++    .add_question(new DNSQuestion("www.google.com", T_A));
++  DNSPacket goodrsp4;
++  goodrsp4.set_response().set_aa()
++    .add_question(new DNSQuestion("www.google.com", T_A))
++    .add_answer(new DNSARR("www.google.com", 0x0100, {0x01, 0x02, 0x03, 0x04}));
++
++  DNSPacket goodrsp6;
++  goodrsp6.set_response().set_aa()
++    .add_question(new DNSQuestion("www.google.com", T_AAAA))
++    .add_answer(new DNSAaaaRR("www.google.com", 100,
++                              {0x21, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x03}));
++
++  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
++    .WillOnce(SetReplyAndFailSend(&server_, &badrsp4))
++    .WillOnce(SetReply(&server_, &goodrsp4));
++
++  EXPECT_CALL(server_, OnRequest("www.google.com", T_AAAA))
++    .WillRepeatedly(SetReply(&server_, &goodrsp6));
++
++  ares_socket_functions sock_funcs;
++  memset(&sock_funcs, 0, sizeof(sock_funcs));
++
++  sock_funcs.asendv = ares_sendv_fail;
++
++  ares_set_socket_functions(channel_, &sock_funcs, NULL);
++
++  AddrInfoResult result;
++  struct ares_addrinfo_hints hints = {0, 0, 0, 0};
++  hints.ai_family = AF_UNSPEC;
++  hints.ai_flags = ARES_AI_NOSORT;
++  ares_getaddrinfo(channel_, "www.google.com.", NULL, &hints,
++                   AddrInfoCallback, &result);
++
++  Process();
++  EXPECT_TRUE(result.done_);
++  EXPECT_TRUE(result.done_);
++  EXPECT_THAT(result.ai_, IncludesNumAddresses(2));
++  EXPECT_THAT(result.ai_, IncludesV4Address("1.2.3.4"));
++  EXPECT_THAT(result.ai_, IncludesV6Address("2121:0000:0000:0000:0000:0000:0000:0303"));
++}
++
++TEST_P(MockUDPChannelTestAI, TriggerResendThenConnFailEDNS) {
++  // Set up the server response to simulate an EDNS failure
++ DNSPacket badrsp4;
++  badrsp4.set_response().set_aa().set_rcode(FORMERR)
++    .add_question(new DNSQuestion("www.google.com", T_A));
++  DNSPacket goodrsp4;
++  goodrsp4.set_response().set_aa()
++    .add_question(new DNSQuestion("www.google.com", T_A))
++    .add_answer(new DNSARR("www.google.com", 0x0100, {0x01, 0x02, 0x03, 0x04}));
++  DNSPacket goodrsp6;
++  goodrsp6.set_response().set_aa()
++    .add_question(new DNSQuestion("www.google.com", T_AAAA))
++    .add_answer(new DNSAaaaRR("www.google.com", 100,
++                              {0x21, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x03}));
++
++  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
++    .WillOnce(SetReplyAndFailSend(&server_, &badrsp4))
++    .WillOnce(SetReply(&server_, &goodrsp4));
++
++  EXPECT_CALL(server_, OnRequest("www.google.com", T_AAAA))
++    .WillRepeatedly(SetReply(&server_, &goodrsp6));
++
++  ares_socket_functions sock_funcs;
++  memset(&sock_funcs, 0, sizeof(sock_funcs));
++
++  sock_funcs.asendv = ares_sendv_fail;
++
++  ares_set_socket_functions(channel_, &sock_funcs, NULL);
++
++  AddrInfoResult result;
++  struct ares_addrinfo_hints hints = {0, 0, 0, 0};
++  hints.ai_family = AF_UNSPEC;
++  hints.ai_flags = ARES_AI_NOSORT;
++  ares_getaddrinfo(channel_, "www.google.com.", NULL, &hints,
++                   AddrInfoCallback, &result);
++
++  Process();
++  EXPECT_TRUE(result.done_);
++  EXPECT_TRUE(result.done_);
++  EXPECT_THAT(result.ai_, IncludesNumAddresses(2));
++  EXPECT_THAT(result.ai_, IncludesV4Address("1.2.3.4"));
++  EXPECT_THAT(result.ai_, IncludesV6Address("2121:0000:0000:0000:0000:0000:0000:0303"));
++}
++
++
++
+ class MockEDNSChannelTestAI : public MockFlagsChannelOptsTestAI {
+  public:
+   MockEDNSChannelTestAI() : MockFlagsChannelOptsTestAI(ARES_FLAG_EDNS) {}
+diff --git a/lib/c-ares-1.33.1/test/ares-test-mock.cc b/lib/c-ares-1.33.1/test/ares-test-mock.cc
+index 46a5780..920d322 100644
+--- a/lib/c-ares-1.33.1/test/ares-test-mock.cc
++++ b/lib/c-ares-1.33.1/test/ares-test-mock.cc
+@@ -1598,6 +1598,66 @@ TEST_P(MockChannelTest, GetHostByAddrDestroy) {
+   EXPECT_EQ(0, result.timeouts_);
+ }
+ 
++TEST_P(MockChannelTest, TriggerResendThenConnFailSERVFAIL) {
++  // Set up the server response. The server always returns SERVFAIL.
++  DNSPacket badrsp;
++  badrsp.set_response().set_aa().set_rcode(SERVFAIL)
++    .add_question(new DNSQuestion("www.google.com", T_A));
++  DNSPacket goodrsp;
++  goodrsp.set_response().set_aa()
++    .add_question(new DNSQuestion("www.google.com", T_A))
++    .add_answer(new DNSARR("www.google.com", 0x0100, {0x01, 0x02, 0x03, 0x04}));
++  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
++    .WillOnce(SetReplyAndFailSend(&server_, &badrsp))
++    .WillOnce(SetReply(&server_, &goodrsp));
++
++  ares_socket_functions sock_funcs;
++  memset(&sock_funcs, 0, sizeof(sock_funcs));
++
++  sock_funcs.asendv = ares_sendv_fail;
++
++  ares_set_socket_functions(channel_, &sock_funcs, NULL);
++
++  HostResult result;
++  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback,
++                     &result);
++  Process();
++  EXPECT_TRUE(result.done_);
++  std::stringstream ss;
++  ss << result.host_;
++  EXPECT_EQ("{'www.google.com' aliases=[] addrs=[1.2.3.4]}", ss.str());
++}
++
++TEST_P(MockUDPChannelTest, TriggerResendThenConnFailEDNS) {
++  // Set up the server response to simulate an EDNS failure
++  DNSPacket badrsp;
++  badrsp.set_response().set_aa().set_rcode(FORMERR)
++    .add_question(new DNSQuestion("www.google.com", T_A));
++  DNSPacket goodrsp;
++  goodrsp.set_response().set_aa()
++    .add_question(new DNSQuestion("www.google.com", T_A))
++    .add_answer(new DNSARR("www.google.com", 0x0100, {0x01, 0x02, 0x03, 0x04}));
++  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
++    .WillOnce(SetReplyAndFailSend(&server_, &badrsp))
++    .WillOnce(SetReply(&server_, &goodrsp));
++
++  ares_socket_functions sock_funcs;
++  memset(&sock_funcs, 0, sizeof(sock_funcs));
++
++  sock_funcs.asendv = ares_sendv_fail;
++
++  ares_set_socket_functions(channel_, &sock_funcs, NULL);
++
++  HostResult result;
++  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback,
++                     &result);
++  Process();
++  EXPECT_TRUE(result.done_);
++  std::stringstream ss;
++  ss << result.host_;
++  EXPECT_EQ("{'www.google.com' aliases=[] addrs=[1.2.3.4]}", ss.str());
++}
++
+ static const unsigned char *
+   fetch_server_cookie(const ares_dns_record_t *dnsrec, size_t *len)
+ {
+diff --git a/lib/c-ares-1.33.1/test/ares-test.cc b/lib/c-ares-1.33.1/test/ares-test.cc
+index 99ab0a0..12563ee 100644
+--- a/lib/c-ares-1.33.1/test/ares-test.cc
++++ b/lib/c-ares-1.33.1/test/ares-test.cc
+@@ -250,6 +250,7 @@ std::vector> families_modes = both_families_both_modes;
+ unsigned long long LibraryTest::fails_ = 0;
+ std::map LibraryTest::size_fails_;
+ std::mutex            LibraryTest::lock_;
++bool LibraryTest::failsend_ = false;
+ 
+ void ares_sleep_time(unsigned int ms)
+ {
+@@ -340,7 +341,29 @@ void ProcessWork(ares_channel_t *channel,
+ }
+ 
+ 
++void LibraryTest::SetFailSend() {
++  failsend_ = true;
++}
++
+ // static
++ares_ssize_t LibraryTest::ares_sendv_fail(ares_socket_t socket, const struct iovec *vec, int len, void *user_data)
++{
++  (void)user_data;
++
++  if (failsend_) {
++#ifdef USE_WINSOCK
++    WSASetLastError(WSAECONNREFUSED);
++#else
++    errno = ECONNREFUSED;
++#endif
++    failsend_ = false;
++    return -1;
++  }
++
++  return send(socket, (const char *)vec[0].iov_base, vec[0].iov_len, 0);
++}
++
++
+ void LibraryTest::SetAllocFail(int nth) {
+   lock_.lock();
+   assert(nth > 0);
+@@ -684,6 +707,7 @@ void MockServer::ProcessRequest(ares_socket_t fd, struct sockaddr_storage* addr,
+   /* DNS 0x20 will mix case, do case-insensitive matching of name in request */
+   char lower_name[256];
+   int flags = 0;
++
+   arestest_strtolower(lower_name, name, sizeof(lower_name));
+ 
+   // Before processing, let gMock know the request is happening.
+@@ -745,10 +769,11 @@ void MockServer::ProcessRequest(ares_socket_t fd, struct sockaddr_storage* addr,
+ #endif
+ 
+   ares_ssize_t rc = (ares_ssize_t)sendto(fd, BYTE_CAST reply.data(), (SEND_TYPE_ARG3)reply.size(), flags,
+-                  (struct sockaddr *)addr, addrlen);
++                                         (struct sockaddr *)addr, addrlen);
+   if (rc < static_cast(reply.size())) {
+     std::cerr << "Failed to send full reply, rc=" << rc << std::endl;
+   }
++
+ }
+ 
+ // static
+diff --git a/lib/c-ares-1.33.1/test/ares-test.h b/lib/c-ares-1.33.1/test/ares-test.h
+index 7342daa..583c4ea 100644
+--- a/lib/c-ares-1.33.1/test/ares-test.h
++++ b/lib/c-ares-1.33.1/test/ares-test.h
+@@ -51,6 +51,16 @@
+ #include 
+ #include 
+ 
++#ifndef HAVE_WRITEV
++extern "C" {
++/* Structure for scatter/gather I/O. */
++struct iovec {
++  void  *iov_base; /* Pointer to data. */
++  size_t iov_len;  /* Length of data.  */
++};
++};
++#endif
++
+ namespace ares {
+ 
+ typedef unsigned char byte;
+@@ -130,11 +140,17 @@ public:
+   static void *arealloc(void *ptr, size_t size);
+   static void  afree(void *ptr);
+ 
++  static void SetFailSend(void);
++  static ares_ssize_t ares_sendv_fail(ares_socket_t socket, const struct iovec *vec, int len,
++                                      void *user_data);
++
++
+ private:
+   static bool                  ShouldAllocFail(size_t size);
+   static unsigned long long    fails_;
+   static std::map size_fails_;
+   static std::mutex            lock_;
++  static bool                  failsend_;
+ };
+ 
+ // Test fixture that uses a default channel.
+@@ -436,6 +452,12 @@ ACTION_P2(SetReplyData, mockserver, data)
+   mockserver->SetReplyData(data);
+ }
+ 
++ACTION_P2(SetReplyAndFailSend, mockserver, reply)
++{
++  mockserver->SetReply(reply);
++  LibraryTest::SetFailSend();
++}
++
+ ACTION_P2(SetReply, mockserver, reply)
+ {
+   mockserver->SetReply(reply);
+-- 
+2.34.1
+
diff --git a/SPECS/fluent-bit/fluent-bit.spec b/SPECS/fluent-bit/fluent-bit.spec
index 5ce1b0285d..d972e27c6b 100644
--- a/SPECS/fluent-bit/fluent-bit.spec
+++ b/SPECS/fluent-bit/fluent-bit.spec
@@ -1,7 +1,7 @@
 Summary:        Fast and Lightweight Log processor and forwarder for Linux, BSD and OSX
 Name:           fluent-bit
 Version:        3.1.9
-Release:        11%{?dist}
+Release:        12%{?dist}
 License:        Apache-2.0
 Vendor:         Intel Corporation
 Distribution:   Edge Microvisor Toolkit
@@ -14,6 +14,7 @@ Patch1:         CVE-2024-25431.patch
 Patch2:         CVE-2024-27532.patch
 Patch3:         CVE-2024-50608.patch
 Patch4:         CVE-2024-50609.patch
+Patch5:         CVE-2025-31498.patch
 BuildRequires:  bison
 BuildRequires:  cmake
 BuildRequires:  cyrus-sasl-devel
@@ -183,6 +184,10 @@ install -m 644 %{modulename}.pp %{buildroot}%{_datadir}/selinux/packages/%{modul
 %selinux_modules_uninstall -s %{selinuxtype} %{modulename}
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 3.1.9-12
+- merge from Azure Linux 3.0.20250521-3.0
+- Address CVE-2025-31498 with a patch
+
 * Tue Mar 18 2025 Ranjan Dutta  - 3.1.9-11
 - Bump version for merge AZL tag: 3.0.20250311-3.0
 - Address CVE-2024-50608 and CVE-2024-50609
diff --git a/SPECS/flux/0001-libflux-unblock-build-by-allowing-warnings.patch b/SPECS/flux/0001-libflux-unblock-build-by-allowing-warnings.patch
deleted file mode 100644
index df10e4dfee..0000000000
--- a/SPECS/flux/0001-libflux-unblock-build-by-allowing-warnings.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From 714740fafd5876f4239b095a4d7e000249c65c5d Mon Sep 17 00:00:00 2001
-From: Muhammad Falak R Wani 
-Date: Thu, 14 Sep 2023 13:49:14 +0530
-Subject: [PATCH] libflux: unblock build by allowing warnings
-
-Signed-off-by: Muhammad Falak R Wani 
----
- libflux/flux/src/lib.rs | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libflux/flux/src/lib.rs b/libflux/flux/src/lib.rs
-index 3fdf407..ae7153a 100644
---- a/libflux/flux/src/lib.rs
-+++ b/libflux/flux/src/lib.rs
-@@ -1,4 +1,4 @@
--#![cfg_attr(feature = "strict", deny(warnings, missing_docs))]
-+#![cfg_attr(feature = "strict", deny(missing_docs))]
- 
- //! This module provides the public facing API for Flux's Go runtime, including formatting,
- //! parsing, and standard library analysis.
--- 
-2.40.1
-
diff --git a/SPECS/flux/CVE-2024-43806.patch b/SPECS/flux/CVE-2024-43806.patch
new file mode 100644
index 0000000000..2432dcad5a
--- /dev/null
+++ b/SPECS/flux/CVE-2024-43806.patch
@@ -0,0 +1,336 @@
+# Author: Archana Choudhary 
+# Patch generated by diff from https://github.com/bytecodealliance/rustix/commit/df3c3a192cf144af0da8a57417fb4addbdc611f6.patch
+
+diff --color -urN a/libflux/vendor/rustix/.cargo-checksum.json b/libflux/vendor/rustix/.cargo-checksum.json
+--- a/libflux/vendor/rustix/.cargo-checksum.json	2025-01-17 09:41:01.349139462 +0000
++++ b/libflux/vendor/rustix/.cargo-checksum.json	2025-01-17 10:16:23.874182432 +0000
+@@ -1 +1 @@
+-{"files":{"CODE_OF_CONDUCT.md":"f210602311e3f74b32f46237fd55f4ce36d798e85e3db1432ec667f63a7ffc44","CONTRIBUTING.md":"fb570c76cf924cd75b77bed52b0dbe1e87ce224dc3428c48d98301710dcc331e","COPYRIGHT":"377c2e7c53250cc5905c0b0532d35973392af16ffb9596a41d99d202cf3617c9","Cargo.toml":"4d70c1069269a13c8d6fe438c43f109ea73db70d58b707d79f9b81bbf0d0b9e0","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-Apache-2.0_WITH_LLVM-exception":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","ORG_CODE_OF_CONDUCT.md":"a62b69bf86e605ee1bcbb2f0a12ba79e4cebb6983a7b6491949750aecc4f2178","README.md":"158b3959b00e6c1536a767014c0e916a6a063a5b36d693e9e3c93aac901ccd55","SECURITY.md":"4d75afb09dd28eb5982e3a1f768ee398d90204669ceef3240a16b31dcf04148a","benches/mod.rs":"55b71073e5681b309bc4f439435ac05d1e052bba2ea6accf05bca9bf496d4bd0","build.rs":"ca464b414491744dd7b92dab1274029b675bbc05483be0931b7c87bf0ac2906c","src/backend/libc/c.rs":"e91631918772a752429b53fb7674f288e27af0d133a583bd9d50af7af7802328","src/backend/libc/conv.rs":"a94f5937ad41d7c13e4554481ea1d8ac10c2954b22e55ca0ccd93dedaeb6f1d6","src/backend/libc/fs/dir.rs":"96482bacfeef73d7da7d370750e821ce2ed85d61ff47f8d98ac27dc8e54c0e0d","src/backend/libc/fs/inotify.rs":"4a1a3c0504982d2743a9c83e4cea3ec81ba0777d574ddf8ce76af67f29d0b9a4","src/backend/libc/fs/makedev.rs":"06513503ffdd35276eb7c3aed437c2362c32dd224d8c06df589bce28ad2e68b4","src/backend/libc/fs/mod.rs":"d8765bfbbd3c0f02c278a7bfef547607c7085ae14704824cc2fe7eaa64430e8c","src/backend/libc/fs/syscalls.rs":"0d1ad473a6607eca1d92e3a35d10c9c672becb052857aa9fec5a8d3371e97a31","src/backend/libc/fs/types.rs":"8a79b8532009b23aaca78446a48322be092d1bf17e3868e8328853bad6ba2fb6","src/backend/libc/io/epoll.rs":"0e95f0c887938ca2014492f26d282f756c9f2d4111e58b516830cb98bd8d3b1b","src/backend/libc/io/errno.rs":"8c6491590339a21c732b325904ece24ac39b1cd1a2b04728a9ff90ec904c01aa","src/backend/libc/io/io_slice.rs":"34da1bcc17993318fa93b7e71ff36116044ac12a031963710af84c3ed1bc443a","src/backend/libc/io/mod.rs":"a76e0071a887a6bdb1a3edc4887f91889d4beab1426e73417958257467f3c602","src/backend/libc/io/poll_fd.rs":"5ce78059ec307ec6ffbe02f2beb15f889bf652f0258f4531931062d507a3389e","src/backend/libc/io/syscalls.rs":"c85270ed0f7a6cb4258ff85611f86497c3e14ba1de1849b1203f8bcaa48202c7","src/backend/libc/io/types.rs":"fa3d65018b9feba2eef280f1ae739d85753742cdb602643d5920ff4c0f18bff7","src/backend/libc/io/windows_syscalls.rs":"741f524b384d59e703b278739563ab04273dbb48c062349353dd9b7cf9ed2332","src/backend/libc/io_lifetimes.rs":"eebc6adc10593933e9ab14c59d29793f4ec6e4403a00bbcaaf3ee81373ae924d","src/backend/libc/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/io_uring/syscalls.rs":"0f7ffc079f511b200d536e348d6c6945eeb4908db721e5ca0db6cc5fe96eccc4","src/backend/libc/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mm/syscalls.rs":"5141375b2b678c66a165de74a54e01bdb5efae8a81a38891f00da7206e686927","src/backend/libc/mm/types.rs":"bdadba2113f2a88a2b856497d411aa18eb0c7086361f72c2853ea8b09b006841","src/backend/libc/mod.rs":"8aad42f4cc53bfe9952101a314cd89d8c8600c523d699a43de8f64f48f3e4caf","src/backend/libc/net/addr.rs":"93b3f86d737c1c643663acf9f335e822cad5574067f63bda3c58af918dd1e57b","src/backend/libc/net/ext.rs":"99e1b5023b152ab278b281e26006e4ed6916d303f5d9a24d94f02a2195a25243","src/backend/libc/net/mod.rs":"772c788c60141e41044b59c4812c4208f52838da1effe1d476ab1d99304d9f9d","src/backend/libc/net/read_sockaddr.rs":"d7a98c80d2e7b47663db596a7f65980b21983c514eff54b1a8323e14164fe40d","src/backend/libc/net/send_recv.rs":"55f0ce6df7aa93f359aec2131fb3f6946d1b086e7172c096501611d0662da907","src/backend/libc/net/syscalls.rs":"f40e55d8ef9acae7834ba1bc54ff02b08d3f57fe0694bb69b5124b24cbaf1a78","src/backend/libc/net/types.rs":"b7097d3c998eb0bcb31205f69ba1f73d4c2537e706eda6bd8548d564377070af","src/backend/libc/net/write_sockaddr.rs":"33c3d7304713cb63f8fa398f5f7c084fc1d9fbb6907dd19902a90e8ec64ad41f","src/backend/libc/offset.rs":"37056027c114fab9f4054803b95d2efbe3d1c663936def3498df0e671664697a","src/backend/libc/param/auxv.rs":"7d71f224f7d9c547b6b5e1425cad03466328b7b8ad2a62f49d9e29e075061e43","src/backend/libc/param/mod.rs":"5234b8f1bcb886cca6ea003d411d75eaeebe58deedd80e3441354bf46ed85d4d","src/backend/libc/process/cpu_set.rs":"88ba2fc71dea5b8ae3b1bb3d8e64f7b7aa08882d198695e5f95d5478b6e73e75","src/backend/libc/process/mod.rs":"45a9979d6bc7c669ffe212c55ffbf6ea8f4bdb9a711c894b9e93b52a05e611d7","src/backend/libc/process/syscalls.rs":"8d0a63f224cbbd5e8fe816350a6bc50553073b6b59e86a84f89a52112d5f8c70","src/backend/libc/process/types.rs":"58f8eb2d4cda05924e97145006ac16793307182f3c1ffb5484fd4546513e863a","src/backend/libc/process/wait.rs":"36e84c05ae3a27b96da9521678b72ab004fe37a8b0d092a0b6f810015806c4d2","src/backend/libc/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/rand/syscalls.rs":"21aa7aab15de5ff8e9c50c2c2a4d49cc309be3e97feeb17f875a0a9dc6b5cf44","src/backend/libc/rand/types.rs":"85f72babe82857d4e47067ddc11525ab290208050fb8f5e5190975c0fdda9b7c","src/backend/libc/termios/mod.rs":"63a1e559981848581bbacad2adb567e5eb62d17caa2d8f826e977dc053ce26bb","src/backend/libc/termios/syscalls.rs":"026559db31e470a4409f45a0f2bab5a0941c39b458968c5f6fdf224b653e59a0","src/backend/libc/termios/types.rs":"e476c7c5ae409b73d5deca0bb24e8aaee61c88b250d82d30743a3f714c7c40f9","src/backend/libc/thread/mod.rs":"0de5f67a684b9fd7628d3009d2ea5fd51b8770e8b387eed14f59152157844287","src/backend/libc/thread/syscalls.rs":"b016611a1e2fb6af073c485b0a9efa992067b4d2dd6d213d77a731d5108d574f","src/backend/libc/time/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/time/syscalls.rs":"a6668a9005da2e15671d4c917973bc68ef611998c0a584a53343fd5aeadade63","src/backend/libc/time/types.rs":"1ed8de272c573cd9bf10d413be8b47029e3461fe39ee33168f4442cfbf2ae128","src/backend/libc/weak.rs":"cb7dfb5c2ad37d7a5be6a2aa99a28969559493ca5b649753484e0b1fd978e410","src/backend/libc/winsock_c.rs":"addce03c242c70d10411fb9728c743bdc3b635107bd58aabbb360f2379127064","src/backend/linux_raw/arch/inline/aarch64.rs":"67011427b3cecd29ee716113d952e70d63574c96d1d3ea3c75d46250bde9ca44","src/backend/linux_raw/arch/inline/arm.rs":"7760d51aef17a69a797eb96fd61f7fade0d55bc87ec9a3e77fa6bb6aebaecdbb","src/backend/linux_raw/arch/inline/mips.rs":"d00c84cfdb4e37bdee9a2daa0a7b3298afbb4ebe288702203cb43d9c2617012d","src/backend/linux_raw/arch/inline/mips64.rs":"ab5455c9b2511ba6b67a66873cd8b53bf77471249fd2779d6437ebb4934087b5","src/backend/linux_raw/arch/inline/mod.rs":"48e60ed847f1fe7bcf561d3dd04217589698b576649d17094da98bbfcb826e8a","src/backend/linux_raw/arch/inline/powerpc64.rs":"dcd12314184441f5f7705bea6b829103c7abc9062db366ae5584023a38252a36","src/backend/linux_raw/arch/inline/riscv64.rs":"58a58203e9cac2ed21e4a7b26692c5d56d3c2bcddb3f60a648efd18a02129f3c","src/backend/linux_raw/arch/inline/thumb.rs":"82b88c9a3b6837f28a738cc760fc2403e7014abdb2c35d2bdbc8073235ae2863","src/backend/linux_raw/arch/inline/x86.rs":"459cca47f3300418de9945858ba42009e66e4be3c8da268481f30ae4e815b3db","src/backend/linux_raw/arch/inline/x86_64.rs":"7c893ca306b3b8a5980c525dc5fa23187a0526bc9f7ac637204d88a1d596df5d","src/backend/linux_raw/arch/mod.rs":"2f2e26f5742c302bb44f367ad265de573d89494eae0789fa44b5a39248e354e3","src/backend/linux_raw/arch/outline/aarch64.s":"84f066b6fe3cf25ed61c7aa420408c6d5a0b33a7c91b748ed81e47737567975f","src/backend/linux_raw/arch/outline/arm.s":"fa266bf9f4533da1e96c27c4ae5418c86f44074ac0c6afcff0404738e11365da","src/backend/linux_raw/arch/outline/debug/librustix_outline_aarch64.a":"aa3a37d9ad312881968d40c48bd3c960fb3ac0eba232a5f1979cb809d081c340","src/backend/linux_raw/arch/outline/debug/librustix_outline_arm.a":"9991ea0ccd16a175ef4b82916b6cd4b45cf67f4388eb58567b0a6e520bda3740","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips.a":"b14f87994e526c3f5976487223183b284ffa70e3b4322cece3917033635573a2","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips64.a":"a9200542c6de647e31ba2cf3649490a50904ae66716c1b6c50ac123fac83f68e","src/backend/linux_raw/arch/outline/debug/librustix_outline_powerpc64.a":"355db5c83dda1074636c40fa6fee6564c668c492a71e149bcb444ea896e8167e","src/backend/linux_raw/arch/outline/debug/librustix_outline_riscv64.a":"c4fd54d0fcab2e28b1b18df77a7814b145a4c2d13fc04b937a55bf0abf420227","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86.a":"7ae3635dd3fbc2049e09d4218224e1eaaa4dd2ddd78d3901fb444d481abf2a33","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86_64.a":"039c928213bd0b67c899412084a30eb9a51526e64a01e1901cd4905ef8d7cf6d","src/backend/linux_raw/arch/outline/mips.s":"e265e8fa0b9785a9f2779d6ba70ce982b954b802862b0026dc70fd79b12968bb","src/backend/linux_raw/arch/outline/mips64.s":"c79de202f0eb00e2d9cf1fce2b9a2cabfe4ff2f5cc1476bcfd6c3d139570d447","src/backend/linux_raw/arch/outline/mod.rs":"d97b3657e828a40553677469887b1efab0544812ca592ef359a2d4230a0dd621","src/backend/linux_raw/arch/outline/nr_last.rs":"82d92b9ca8307c19d74ced1ae2c0b31f2a7c5db70fa31fdedb55d38a90601455","src/backend/linux_raw/arch/outline/powerpc64.s":"0847fa3f160846ee02771550667913734ba9773e2221f2279c4f296d6f5b7bd4","src/backend/linux_raw/arch/outline/release/librustix_outline_aarch64.a":"fa8d31702cafb24d9799c162d3319c522892e91c58fbbff2b09950a0fa81b46f","src/backend/linux_raw/arch/outline/release/librustix_outline_arm.a":"0f7c8c5c02d5329d884f800da70aaf6b5b67c14000b12afb708f3e4758aa1f7a","src/backend/linux_raw/arch/outline/release/librustix_outline_mips.a":"c9254760fa993e88662c5e1e8911d994f29e203b37a0fc9b550be193125f5031","src/backend/linux_raw/arch/outline/release/librustix_outline_mips64.a":"224f9ac5196833491bee67fd287a53b7e88111731e2eaaa3ebefba31faea373b","src/backend/linux_raw/arch/outline/release/librustix_outline_powerpc64.a":"1f04e44c3d863bac066520c787444c314f2aa2f8d8d3cae38990ecc008b9b6e1","src/backend/linux_raw/arch/outline/release/librustix_outline_riscv64.a":"beb0eb046d36545a04ad7f264ed1173062f9f85ba7f4215bef64a98f30a74dce","src/backend/linux_raw/arch/outline/release/librustix_outline_x86.a":"691d867358475c701c20b816b99bab2a4c90c3796a302ccaa56d5983be1ba8b2","src/backend/linux_raw/arch/outline/release/librustix_outline_x86_64.a":"434a79197510876c5a49f594e7886c95cf4c15e876c3404ed136846c95d6ee30","src/backend/linux_raw/arch/outline/riscv64.s":"ca5303c0c8af6de1f246d658003e270d4e29d6c68dd90c6eee372d045bdf7305","src/backend/linux_raw/arch/outline/x86.rs":"f7e12a0f3fe8e97acb1ade2c9e61d82542f00ad4d8fe684a8dcd9f30fd9ab5d4","src/backend/linux_raw/arch/outline/x86.s":"4604e3b41161802343e2e4c890fd2042098a901d95893ebe4c436f97fd47cad3","src/backend/linux_raw/arch/outline/x86_64.s":"a530084cd42ad8d4b2d36526f4e04f45a6e29ea49882e2c561ac2eeac16272bf","src/backend/linux_raw/c.rs":"cb66dbed604eefdafd8a8efd277ddad51bb5280c4e26ca0608176abcd6309a52","src/backend/linux_raw/conv.rs":"6731a2d06683575d7ce89eb83ef8a1993ce39125c30703ed8a4a69afc1e7559f","src/backend/linux_raw/elf.rs":"a257fbc3f22e4970605cf72a3b301dc2eaee2f5f1b3b0ea434fa192db3c3164e","src/backend/linux_raw/fs/dir.rs":"d54842a373968da54bdae73e10ccab7a8bc19c1bc75b6dca2bb70818c5b275ea","src/backend/linux_raw/fs/inotify.rs":"11c058269bc96972ad7bdeaa3a938a8b51b4264d9f80d7dcf0518ac9314a261d","src/backend/linux_raw/fs/makedev.rs":"c6b4505c4bcbbc2460e80f3097eb15e2c8ef38d6c6e7abd78e39c53c372139e2","src/backend/linux_raw/fs/mod.rs":"e22bf30f312f6a05f1e79f7834c33a3c9821514da05fa4786fc31867203a4c74","src/backend/linux_raw/fs/syscalls.rs":"6900d438f535e586ae8e396aeb52426e1040e4397c942546edada6ff0c121b54","src/backend/linux_raw/fs/types.rs":"a244c59670d65442143b875cccc219bacd0739d35b7f2c1731b15d2c4bf2e900","src/backend/linux_raw/io/epoll.rs":"75de5fe04ed8f85a345ae5b54dc6106268bc05817a4e4abe9cf0bca08e2b1fb3","src/backend/linux_raw/io/errno.rs":"ac32725b1686d42b02d18363c4c44a42ea8c6a20b2422c1fea8f8c39f633f7c4","src/backend/linux_raw/io/io_slice.rs":"5ba992f3fe701184841006588b35f2452156b73e3bef9e07460e4b1f61ac889f","src/backend/linux_raw/io/mod.rs":"6ea805b91d571217c9649364121d0824bbdf4635b36c9150e5968fbeb75c0892","src/backend/linux_raw/io/poll_fd.rs":"9f5a15c80094cc3334acd171c0621d033b44d5d9a987a57acbdcd62cb17d871b","src/backend/linux_raw/io/syscalls.rs":"31bc1a2d74d574923b50aaed3d0d10c2892e7bf6ebf0ccc9bebb42be96b460a0","src/backend/linux_raw/io/types.rs":"11a677499b6b0491f4088f9f87574fe40134bce8042eac0f207b7df905a1f47e","src/backend/linux_raw/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/io_uring/syscalls.rs":"2522327e229d85ce207546b802f63fcad49a0ce41b7b881e13a1c2637fdb6095","src/backend/linux_raw/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mm/syscalls.rs":"647c1846793c386f6babae898686604a4808344ec3e2d1e71071bbfd04079357","src/backend/linux_raw/mm/types.rs":"a5d0ea04a85df5e196d68a8524c4325963c7b2ded3d7d48713c8e855273b60d4","src/backend/linux_raw/mod.rs":"87423ad0e8280081a548e8182139d9e5960258d469951516ca4e8029953daeee","src/backend/linux_raw/net/addr.rs":"9c2b4bc0836618f4b7d997892e5b3980e454bba72fe4d82205d7553ba74ec228","src/backend/linux_raw/net/mod.rs":"4ffd3f6f9cad722e4c29b9bad4912a69f521d737b9e637599a1c60436651d4ae","src/backend/linux_raw/net/read_sockaddr.rs":"0357ae643c384b08578aa0b148ac9b236953da9b36b2e387a40d5b87ae9eccef","src/backend/linux_raw/net/send_recv.rs":"42834cf8148abd02021115a61d57b23bb323dd8ad0d1b9a91d17fb8f7defab01","src/backend/linux_raw/net/syscalls.rs":"aedc536ac96d32bf6e15a9f02f3fe7a1bf48195e9af3afd0a0124636ece8f8b9","src/backend/linux_raw/net/types.rs":"c61b689d7f4b9b68d065935d70926d47b5ac7246b2fbe4f20d144a0c2f417fc2","src/backend/linux_raw/net/write_sockaddr.rs":"ec0bf20a354cb86e2b5646bfc79297a378f11fcdf5641c16e4dd13e305011dc6","src/backend/linux_raw/param/auxv.rs":"9ed73ebd83dd9001dfdecd19b813c6845dad142f79de286993eb520acc7016bc","src/backend/linux_raw/param/libc_auxv.rs":"79fd1b7452f87382fb3a9c8fa892c5adbcc24d3b505bd9ea73e17d37494e749a","src/backend/linux_raw/param/mod.rs":"db21fc1b0ea5568b8649890fa38a878bfcdcf7398f6cf1640176b37bcc6ce990","src/backend/linux_raw/param/mustang_auxv.rs":"016a691236064a9cc28688d4ff5dbd0e37dccfc07b25b943b47762ba1da33b83","src/backend/linux_raw/process/cpu_set.rs":"a333938a4356d117199bf4078688f0a9b876dc65da1bbff7649482f4f0180813","src/backend/linux_raw/process/mod.rs":"fb393c70a9c63ef9a6bf1fb5a2dc94f07d6b0b6987cc5231c15c607015dafd68","src/backend/linux_raw/process/syscalls.rs":"a9c115ae09def33321f266ab3f85cf19fa72fc3b9f425aaa8c517b6da0bce04b","src/backend/linux_raw/process/types.rs":"fba10dc8ca9eaf4d481cb82bd1540cf5c05620533c44f917c09a22ea55ef408c","src/backend/linux_raw/process/wait.rs":"d6c37b9ebca16b447b0bc0d1be4b56486619618e8fc613d10ff9c0ccff13c7ac","src/backend/linux_raw/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/rand/syscalls.rs":"b1d8b2fea0c792bd1e7c24ee59429d178dc0ad442ac817b12c7abcb38d71497b","src/backend/linux_raw/rand/types.rs":"271416d5241d70932b8a17f3b67eefd1b9c360f217f807de3d73192e9b620552","src/backend/linux_raw/reg.rs":"f9ab26b045150894b98c741f9e80ac2734bf7598f5cf166ab080938febe7af20","src/backend/linux_raw/runtime/mod.rs":"b2cae8cce3822c3c92942f06ea0b68464040dcac33c6f0f7ee392c6269993347","src/backend/linux_raw/runtime/syscalls.rs":"6488160051a991e6d385abbf8a08ccd6498acf525906d512b3f89bf3a33fca6a","src/backend/linux_raw/runtime/tls.rs":"2913858a8fe4696f9c3f9a4921f776258a6d1c54b471f813471d57db23fd22ee","src/backend/linux_raw/termios/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/termios/syscalls.rs":"e4476718035ff7520f9014aa0e99954ec741c0dd114ec50ff4900591ee067132","src/backend/linux_raw/termios/types.rs":"5cee3735957db2fdaab341a0c58e438305d6402dc7d23622f4999934d4511b5f","src/backend/linux_raw/thread/futex.rs":"e4ca5be060c52538b97df3781d84e2eb4d8241a7f647b2874412bc0fe6061efa","src/backend/linux_raw/thread/mod.rs":"f7132a68c9db1b4a796781b9e8d0ac268a1ddb713e510bfd43425564ec9b39c4","src/backend/linux_raw/thread/syscalls.rs":"936e0a02027b8f252538781eea7fb9f35bfd23bdd50a1f099172dac2da7d3fde","src/backend/linux_raw/time/mod.rs":"672724f55b7b7be6a7452bb1cc2d28b5f0aaa840a2856fe363acce624e1beefc","src/backend/linux_raw/time/syscalls.rs":"777d22d6e3ab7c5fe1d5921a91644543173bb4f783fd308b5886fca68500f98c","src/backend/linux_raw/time/types.rs":"865d968a6d2903344982f94c69868031cd1fea582318659ca4c69a11d8a53e33","src/backend/linux_raw/vdso.rs":"3305a5f3c2846440161fa69dde3aafb9f36b361ae2ddae1d12cd54503b0657cf","src/backend/linux_raw/vdso_wrappers.rs":"b7e6b75bf25b0143ec471a7e0af3fd4f4125dcbc6d2c9c0957ec29c428d9d9c5","src/backend/linux_raw/weak.rs":"72ddca9849461a725e5ccd6e2190c12fb9e296c8b8a47533acb9c8cd4f9a2b07","src/const_assert.rs":"ff08ab91f11f2ad29883096f4468bd9a65060d5a9e6681e9282bb081f8bdac27","src/cstr.rs":"976027b6c5cf2c82e369ab7ad9e97fa79d7823ded929c1816f37f97134e51fec","src/ffi/mod.rs":"1990dae8190991142bef24220f02b99c96c5bfa7dda2a7974d9dcac265d58945","src/fs/abs.rs":"16798a8a24be20500bb56a01e05ca4eeccd6f3adb0b3a4bbf1a0369a8e546104","src/fs/at.rs":"035238b63a31aa32cfc7e9ff6bb577e7075dfbeb97d22e67430b7a2bf5432e22","src/fs/constants.rs":"9e2f596d004563c4811f43a082d91ac3a8703f281a00f0b263cecbaa68aa0f7e","src/fs/copy_file_range.rs":"d3b644374390d482b2ff749a2459458872b57d0dcf9670368739b7833509a7c2","src/fs/cwd.rs":"b2d7fbb27e23704e3367ede9916cc233f76d912be21c2aee8a635eeca627977f","src/fs/dir.rs":"347a52f4ca9ac6321c52e802e97ec90d1b4c62ec955c8996fc17f8f5aed69966","src/fs/fadvise.rs":"beef66ebe1310fb92628240b2cde68f744c78e50f6ff61bb1404bd4868d9cae8","src/fs/fcntl.rs":"43e191732d72a9513f4fbecfee8cbe45b0b1ed0d0097398681a03a8fe2596495","src/fs/fcntl_apple.rs":"07f07b2ac75dc28bc9e08200f72eb95550a87ff3d69c1204f49ecb63a0c4fd20","src/fs/fcopyfile.rs":"ec95929cbbe02cf49233a785e5238931bb107b7903cc5bc95e4231de960995f2","src/fs/fd.rs":"25296739f1063c0e2b4701ff9ce078949a58f62029f57a93cc415d2ded296100","src/fs/file_type.rs":"fefd865f91011f66126213b0994773d99e373b468c31e866002228c98c64ad85","src/fs/getpath.rs":"28f6970fc1bbc37bb35c84724b59eac436ea7407a4522e18c2bdacb1fdd2edd9","src/fs/makedev.rs":"a56b9fa872e5fbf0f358ca14625b050077f45e8e265ba0c8eaeea22c421e0f92","src/fs/memfd_create.rs":"3f1d809e81fe479a82a454a04ea1219a11969d75d0c8b9ddacb09c630a9af896","src/fs/mod.rs":"6b3d85bf61915b56328beeba35e720453f9825c4e40caa9ab46290e18e3dbf75","src/fs/mount.rs":"8ab26dcb422825bbd2df2e1f68e6b4f7cf08ce11387c688442ee1b4683b33d4f","src/fs/openat2.rs":"4a95c15dab533a41201b5fa25c8a212956b7571d58cad696bdaf45af8aef96db","src/fs/raw_dir.rs":"d32627abded4cdafa083c579d6f4d9c42e41d2a82749a34e70225e55ff76d246","src/fs/sendfile.rs":"ac053f03608656bb675228ba61079b774498c0233d17e5816ac72538bb12b70e","src/fs/statx.rs":"c7b56787aa0579cfcde230952d87b42256e8b6e85c2da68f78cf31f17ddf5514","src/fs/sync.rs":"a3b23543834281f347b0f873bd38154d31d404871188ac08f2b20b9196234cfd","src/io/close.rs":"c59bf90183625da1b1e87975739469440dcddc7b5b2b6ff3a6fd12b2d399a783","src/io/dup.rs":"92e2121d7fcef657a2bce546dafc9635f97c628c53bb971e8ee08255b77eea80","src/io/errno.rs":"733f8e9246a319db137740e8dca29d7b3c7474a715e066568b1dc82f0944f692","src/io/eventfd.rs":"163aebe29b5a0e21dd9d121d39c71e82bc6569a4bb658026cfef8ee61809066b","src/io/fcntl.rs":"fe73d5593c011b6ac851e608e1776c4483924e19a9f82f5fc8759c498a4e483a","src/io/fd/mod.rs":"a1eab9ce9a2c4454053afdfd3f3705e4cb971e94cc453e4f13690f2f0d83dc2c","src/io/fd/owned.rs":"b3d1ac775461b9206f36df62495604a48820c0284276200101fd1847b0e9e756","src/io/fd/raw.rs":"9bcd00be7df3d9f4e6c49ca2d18ef25aee3d6f0ed5ee6b73df5a9beacefb6031","src/io/ioctl.rs":"98f77d30ca4eebc16454c5307ca4afab2dfdb91b8e90e54d9300f79a2f1ac814","src/io/is_read_write.rs":"072b5ea6ddb2339fc6c7e90dfc5a0a5354d926d0f2ac4df06cadafe823425c47","src/io/kqueue.rs":"b92106e4b1cd2582f8fc37a1ec0dd0aa00b320c8f5b1b91cb487e3620485cbc3","src/io/mod.rs":"646b358718353d7380718a09e87312abfce4d1d48accf6b42c941617f60ca5eb","src/io/pipe.rs":"8f8e3c3557edf13a1e4f05a8a9c2aa5e9ee97e393e02eacc8e8bf60e73e32047","src/io/poll.rs":"41dab55365df215739dcf71815bfc4c2344828d8056ab200564f75210dbc56bd","src/io/port.rs":"8be17096cdfd2425bb2f800d129913e2ed2032c02049d45b7dcda8d4189b1af2","src/io/procfs.rs":"d7b21900416ca54b9bbe683257dd4da1857f56edc25dd78a954dbafed4914ab9","src/io/read_write.rs":"263818a606de191320524972f7c9c22b6f79ddc59c5b0a443b4b726853b00b9f","src/io/seek_from.rs":"d7616a45e8a449df28b075ddded4d7c95d6c4575d6fe0cf0ca7b6625e9dc7eeb","src/io/stdio.rs":"6462b94d1ccd8cff38c6fb6b04199fa9decca91aca63287b0136539d73107bd5","src/io_uring.rs":"26048678d3862cee58bb75e43ad2dc8cae0b9bc79adcd8913cda1fa42af77efd","src/lib.rs":"9c86a382f02e2c67a54a82c1ed849aadcc4ac19cd70883b7343b9fb036e1602f","src/mm/madvise.rs":"cdc61b39d8abeea184575ca21e14483c335ce373a86007439fad6e72f58e4e24","src/mm/mmap.rs":"ac25cf39d215c93b539f20a60b107ea15dc8a0faa8d25e0de05d1415e698c742","src/mm/mod.rs":"1a46082151c2ef319667078923df74b01d4a94d25d3777083775179bda8bf3bf","src/mm/msync.rs":"a7f61abe4cb5e96f95ae8229c62b9ecc08382080ed99d76278be7001cfcf82f2","src/mm/userfaultfd.rs":"8073443bd181ff0b3ba4d0b1ae67370b4864035a0c8b4898cd709dc47c518ae7","src/net/addr.rs":"6fce66cd0ccac3bcc2339f32faf2ed1bac94a6d8824acb55bffdfaa43090675a","src/net/ip.rs":"080dd17c44b395b46b0d9e70da76f376540f92ece65f79e3d242c0a272d3b451","src/net/mod.rs":"03e600b3890f94e06f10120ca8dc9251920eec4aabe7d983d24e800faa079aa7","src/net/send_recv.rs":"f1fb0b9be750b1949b54054b3195904123cfb96f2ee0ebcedef86fc7175c63e9","src/net/socket.rs":"c510a2b619b8c91c9ee15b1a9b29d6fe89a97e83143a38bea017af7522b7e8b9","src/net/socket_addr_any.rs":"d95c7002972fa98d4133e10ad6c404399494374d568816217edcb9f4fd93aad8","src/net/socketpair.rs":"b005b019f8ae0f022fd0e730dafb258606f1f537e4448078175fc192d002dc81","src/net/sockopt.rs":"dde47b9d5d6de9749bdddb1498920f2f592582b11b508389bf78d0d5f0c4af00","src/net/wsa.rs":"6e546b42f50a851fc833c57cda76cfb347203ed4b0dea574a3d325bf5a2ebf80","src/param/auxv.rs":"988872f9bec2e12f35765ae8963cbb9535d4acaedd4c9a4d07ced6feb70e0aaa","src/param/init.rs":"671d8974f0d9b82e79076d1f4deabe0273a874a329f74b8aad26e07b86791ba3","src/param/mod.rs":"959d6bd6c7abb85e042f86047fb902891c5deb74c550ce21dac96fb9a9f16d36","src/path/arg.rs":"eb45cea7b5b21af36fef130cc02cbbf7fcceb965815b66c95c46979e0cbe2875","src/path/dec_int.rs":"a512618714fc3309253f65de605121c2aa056a780f9ab1de55f5a86469895295","src/path/mod.rs":"513fea21b1ba0226c3c5da769ded06a7cd7abe9f49cec9d165bc62a15da126a8","src/process/chdir.rs":"4c63c351e207b1bbefdd7c001e85fed383d5ac2147894d5a09fbd8b302d7c728","src/process/exit.rs":"79f6c0dd45dca0a2bea919ac920c4a56cea23608a345961e4d027aee6624783c","src/process/id.rs":"f04877bfd49fb8eda89e12ca44f271dfe92c1661f97b304c2dd234671cfbaabc","src/process/kill.rs":"e4b4dcc7e5b2a1e3e68ce03ce9a5dde43108dae4ddbc443488c464194738d06f","src/process/membarrier.rs":"19f42cb66f211e8b23f4586bf29fdfa29c29e4e9169a06f3cc7b54aad4ef94e6","src/process/mod.rs":"17abc24217e8b48d623d02b1a2955e6b62aab496362ba312122caf90500576a1","src/process/pidfd.rs":"88517949097414b77540b1c0801bdd034c28667b9386c0676cdaa1b637129ffa","src/process/prctl.rs":"7f4f2870eddcb19829b29ba139492d0f8b5006a42047f4e733e105b82afaef8b","src/process/priority.rs":"ddfdeda52acbca8566dd3517f167f7e29e3daa7e71c3ebae4183f8cf4f309b0a","src/process/procctl.rs":"4d48638f4d39a20aa073798778f431bbb944ed184777960ef1f80bebbc7fc72b","src/process/rlimit.rs":"97c1e41533c74b5b71e471d1ed0a83a847b804da9e53be76c50f0187ac5d3eec","src/process/sched.rs":"ea8b20942ef09dbcd7a54d8218435129dfece427e4960055bcdf81c997e80f5f","src/process/sched_yield.rs":"6565faa3928b66ddc74a65e893e15edfa4b9be4f7e5f5f68527501a7f6bc3350","src/process/umask.rs":"f664e46dc6990a550d5ead5e394bfd90767bcb875c53722a5fb92823e15d8882","src/process/uname.rs":"3bcc278449d6b83aa8747bfde85d696293c50a3fa60d88c4a5570b38ef8af25b","src/process/wait.rs":"2f8716a58594df9c8cfd5a712d68f7dc9b3131fefdf80e868a4360336954e2e5","src/rand/getrandom.rs":"7ad1be6a5b0dc25030bb2434bdc00f3a0c410b7ebc24c136b9839410bf6c5a97","src/rand/mod.rs":"bd6839924ebfb7092f27f2ad42323768f39f76df157e7b8aa42f5bc17f700c9c","src/runtime.rs":"7c60353f240f1bda8b0fbfb7c570b7577cc5076a0d2f74083d8d878a2d69bf2d","src/termios/cf.rs":"cb13ee88cba541cbd683c7a5da034a126fd9e09dc6b5f25c9f32382f8318ffc0","src/termios/constants.rs":"7855cebd1e2169a2a760c6752138b3de1be00fd3b907b049d32ad5d6bdb0426e","src/termios/mod.rs":"b4d28ebeeae6782b4060d3e6f0156ed63bafa155d1bbdae9e28d06e574d69cb7","src/termios/tc.rs":"ae5d8799123747950c7f20ca3abaa3ec1918462ed95d1e78d07bcb491aedcccf","src/termios/tty.rs":"409ddcc795ed1e644d302cdcfdffff8713657bf8777548e628f0b1149acb18af","src/thread/clock.rs":"4e3f54aa5b50443bf502a81ee4814b3522e928e3b06241d24f924a6f69953662","src/thread/futex.rs":"4e78c84589b535ca9ca633633696ef212393a98f2890b181acaa8f908fbc5ae2","src/thread/id.rs":"708ee7701a0811586717de147365ed2f496e1aad3fd6208fe08edacc63a40c78","src/thread/libcap.rs":"43a05e127ae57ecd8b93752571d1cac3359bebe265c964f1825eefe1cee25a42","src/thread/mod.rs":"a3839e32f920fa4be0812f6d40b677968cb3d9e99aa0af65c87ceb8ce015fdc9","src/thread/prctl.rs":"32d9b6c8854547ba5d509af39e3f690588d761f254875a8054827aa815750b3c","src/thread/setns.rs":"5e08f98300e2ca8fc99272cf5408f0b27cb4c8ece54d76b92ede656982f11e69","src/time/clock.rs":"fcaa5a68d31d1cb1cee20c9ffc2c223f16036810b45234da97716d7f0e34f773","src/time/mod.rs":"b8b7c5d2bdba60a69e8a557ce7017e4251a41f5633aec928da059c49bc080cfa","src/time/timerfd.rs":"f17092b84553741aa2d2b44c6992b5d2c8c96cc2c2007fc9a2c6b2064485e53f","src/utils.rs":"6ed86e62ac05d6279b664a97fd62878a4c1811ab66a1a2920b169eb74c0c1fcd"},"package":"2aae838e49b3d63e9274e1c01833cc8139d3fec468c3b84688c628f44b1ae11d"}
+\ No newline at end of file
++{"files":{"CODE_OF_CONDUCT.md":"f210602311e3f74b32f46237fd55f4ce36d798e85e3db1432ec667f63a7ffc44","CONTRIBUTING.md":"fb570c76cf924cd75b77bed52b0dbe1e87ce224dc3428c48d98301710dcc331e","COPYRIGHT":"377c2e7c53250cc5905c0b0532d35973392af16ffb9596a41d99d202cf3617c9","Cargo.toml":"4d70c1069269a13c8d6fe438c43f109ea73db70d58b707d79f9b81bbf0d0b9e0","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-Apache-2.0_WITH_LLVM-exception":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","ORG_CODE_OF_CONDUCT.md":"a62b69bf86e605ee1bcbb2f0a12ba79e4cebb6983a7b6491949750aecc4f2178","README.md":"158b3959b00e6c1536a767014c0e916a6a063a5b36d693e9e3c93aac901ccd55","SECURITY.md":"4d75afb09dd28eb5982e3a1f768ee398d90204669ceef3240a16b31dcf04148a","benches/mod.rs":"55b71073e5681b309bc4f439435ac05d1e052bba2ea6accf05bca9bf496d4bd0","build.rs":"ca464b414491744dd7b92dab1274029b675bbc05483be0931b7c87bf0ac2906c","src/backend/libc/c.rs":"e91631918772a752429b53fb7674f288e27af0d133a583bd9d50af7af7802328","src/backend/libc/conv.rs":"a94f5937ad41d7c13e4554481ea1d8ac10c2954b22e55ca0ccd93dedaeb6f1d6","src/backend/libc/fs/dir.rs":"4ff31e75f5df4890b668b21c1937ca5132828ecb92294d7b154c4683cc4ddc79","src/backend/libc/fs/inotify.rs":"4a1a3c0504982d2743a9c83e4cea3ec81ba0777d574ddf8ce76af67f29d0b9a4","src/backend/libc/fs/makedev.rs":"06513503ffdd35276eb7c3aed437c2362c32dd224d8c06df589bce28ad2e68b4","src/backend/libc/fs/mod.rs":"d8765bfbbd3c0f02c278a7bfef547607c7085ae14704824cc2fe7eaa64430e8c","src/backend/libc/fs/syscalls.rs":"0d1ad473a6607eca1d92e3a35d10c9c672becb052857aa9fec5a8d3371e97a31","src/backend/libc/fs/types.rs":"8a79b8532009b23aaca78446a48322be092d1bf17e3868e8328853bad6ba2fb6","src/backend/libc/io/epoll.rs":"0e95f0c887938ca2014492f26d282f756c9f2d4111e58b516830cb98bd8d3b1b","src/backend/libc/io/errno.rs":"8c6491590339a21c732b325904ece24ac39b1cd1a2b04728a9ff90ec904c01aa","src/backend/libc/io/io_slice.rs":"34da1bcc17993318fa93b7e71ff36116044ac12a031963710af84c3ed1bc443a","src/backend/libc/io/mod.rs":"a76e0071a887a6bdb1a3edc4887f91889d4beab1426e73417958257467f3c602","src/backend/libc/io/poll_fd.rs":"5ce78059ec307ec6ffbe02f2beb15f889bf652f0258f4531931062d507a3389e","src/backend/libc/io/syscalls.rs":"c85270ed0f7a6cb4258ff85611f86497c3e14ba1de1849b1203f8bcaa48202c7","src/backend/libc/io/types.rs":"fa3d65018b9feba2eef280f1ae739d85753742cdb602643d5920ff4c0f18bff7","src/backend/libc/io/windows_syscalls.rs":"741f524b384d59e703b278739563ab04273dbb48c062349353dd9b7cf9ed2332","src/backend/libc/io_lifetimes.rs":"eebc6adc10593933e9ab14c59d29793f4ec6e4403a00bbcaaf3ee81373ae924d","src/backend/libc/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/io_uring/syscalls.rs":"0f7ffc079f511b200d536e348d6c6945eeb4908db721e5ca0db6cc5fe96eccc4","src/backend/libc/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mm/syscalls.rs":"5141375b2b678c66a165de74a54e01bdb5efae8a81a38891f00da7206e686927","src/backend/libc/mm/types.rs":"bdadba2113f2a88a2b856497d411aa18eb0c7086361f72c2853ea8b09b006841","src/backend/libc/mod.rs":"8aad42f4cc53bfe9952101a314cd89d8c8600c523d699a43de8f64f48f3e4caf","src/backend/libc/net/addr.rs":"93b3f86d737c1c643663acf9f335e822cad5574067f63bda3c58af918dd1e57b","src/backend/libc/net/ext.rs":"99e1b5023b152ab278b281e26006e4ed6916d303f5d9a24d94f02a2195a25243","src/backend/libc/net/mod.rs":"772c788c60141e41044b59c4812c4208f52838da1effe1d476ab1d99304d9f9d","src/backend/libc/net/read_sockaddr.rs":"d7a98c80d2e7b47663db596a7f65980b21983c514eff54b1a8323e14164fe40d","src/backend/libc/net/send_recv.rs":"55f0ce6df7aa93f359aec2131fb3f6946d1b086e7172c096501611d0662da907","src/backend/libc/net/syscalls.rs":"f40e55d8ef9acae7834ba1bc54ff02b08d3f57fe0694bb69b5124b24cbaf1a78","src/backend/libc/net/types.rs":"b7097d3c998eb0bcb31205f69ba1f73d4c2537e706eda6bd8548d564377070af","src/backend/libc/net/write_sockaddr.rs":"33c3d7304713cb63f8fa398f5f7c084fc1d9fbb6907dd19902a90e8ec64ad41f","src/backend/libc/offset.rs":"37056027c114fab9f4054803b95d2efbe3d1c663936def3498df0e671664697a","src/backend/libc/param/auxv.rs":"7d71f224f7d9c547b6b5e1425cad03466328b7b8ad2a62f49d9e29e075061e43","src/backend/libc/param/mod.rs":"5234b8f1bcb886cca6ea003d411d75eaeebe58deedd80e3441354bf46ed85d4d","src/backend/libc/process/cpu_set.rs":"88ba2fc71dea5b8ae3b1bb3d8e64f7b7aa08882d198695e5f95d5478b6e73e75","src/backend/libc/process/mod.rs":"45a9979d6bc7c669ffe212c55ffbf6ea8f4bdb9a711c894b9e93b52a05e611d7","src/backend/libc/process/syscalls.rs":"8d0a63f224cbbd5e8fe816350a6bc50553073b6b59e86a84f89a52112d5f8c70","src/backend/libc/process/types.rs":"58f8eb2d4cda05924e97145006ac16793307182f3c1ffb5484fd4546513e863a","src/backend/libc/process/wait.rs":"36e84c05ae3a27b96da9521678b72ab004fe37a8b0d092a0b6f810015806c4d2","src/backend/libc/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/rand/syscalls.rs":"21aa7aab15de5ff8e9c50c2c2a4d49cc309be3e97feeb17f875a0a9dc6b5cf44","src/backend/libc/rand/types.rs":"85f72babe82857d4e47067ddc11525ab290208050fb8f5e5190975c0fdda9b7c","src/backend/libc/termios/mod.rs":"63a1e559981848581bbacad2adb567e5eb62d17caa2d8f826e977dc053ce26bb","src/backend/libc/termios/syscalls.rs":"026559db31e470a4409f45a0f2bab5a0941c39b458968c5f6fdf224b653e59a0","src/backend/libc/termios/types.rs":"e476c7c5ae409b73d5deca0bb24e8aaee61c88b250d82d30743a3f714c7c40f9","src/backend/libc/thread/mod.rs":"0de5f67a684b9fd7628d3009d2ea5fd51b8770e8b387eed14f59152157844287","src/backend/libc/thread/syscalls.rs":"b016611a1e2fb6af073c485b0a9efa992067b4d2dd6d213d77a731d5108d574f","src/backend/libc/time/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/time/syscalls.rs":"a6668a9005da2e15671d4c917973bc68ef611998c0a584a53343fd5aeadade63","src/backend/libc/time/types.rs":"1ed8de272c573cd9bf10d413be8b47029e3461fe39ee33168f4442cfbf2ae128","src/backend/libc/weak.rs":"cb7dfb5c2ad37d7a5be6a2aa99a28969559493ca5b649753484e0b1fd978e410","src/backend/libc/winsock_c.rs":"addce03c242c70d10411fb9728c743bdc3b635107bd58aabbb360f2379127064","src/backend/linux_raw/arch/inline/aarch64.rs":"67011427b3cecd29ee716113d952e70d63574c96d1d3ea3c75d46250bde9ca44","src/backend/linux_raw/arch/inline/arm.rs":"7760d51aef17a69a797eb96fd61f7fade0d55bc87ec9a3e77fa6bb6aebaecdbb","src/backend/linux_raw/arch/inline/mips.rs":"d00c84cfdb4e37bdee9a2daa0a7b3298afbb4ebe288702203cb43d9c2617012d","src/backend/linux_raw/arch/inline/mips64.rs":"ab5455c9b2511ba6b67a66873cd8b53bf77471249fd2779d6437ebb4934087b5","src/backend/linux_raw/arch/inline/mod.rs":"48e60ed847f1fe7bcf561d3dd04217589698b576649d17094da98bbfcb826e8a","src/backend/linux_raw/arch/inline/powerpc64.rs":"dcd12314184441f5f7705bea6b829103c7abc9062db366ae5584023a38252a36","src/backend/linux_raw/arch/inline/riscv64.rs":"58a58203e9cac2ed21e4a7b26692c5d56d3c2bcddb3f60a648efd18a02129f3c","src/backend/linux_raw/arch/inline/thumb.rs":"82b88c9a3b6837f28a738cc760fc2403e7014abdb2c35d2bdbc8073235ae2863","src/backend/linux_raw/arch/inline/x86.rs":"459cca47f3300418de9945858ba42009e66e4be3c8da268481f30ae4e815b3db","src/backend/linux_raw/arch/inline/x86_64.rs":"7c893ca306b3b8a5980c525dc5fa23187a0526bc9f7ac637204d88a1d596df5d","src/backend/linux_raw/arch/mod.rs":"2f2e26f5742c302bb44f367ad265de573d89494eae0789fa44b5a39248e354e3","src/backend/linux_raw/arch/outline/aarch64.s":"84f066b6fe3cf25ed61c7aa420408c6d5a0b33a7c91b748ed81e47737567975f","src/backend/linux_raw/arch/outline/arm.s":"fa266bf9f4533da1e96c27c4ae5418c86f44074ac0c6afcff0404738e11365da","src/backend/linux_raw/arch/outline/debug/librustix_outline_aarch64.a":"aa3a37d9ad312881968d40c48bd3c960fb3ac0eba232a5f1979cb809d081c340","src/backend/linux_raw/arch/outline/debug/librustix_outline_arm.a":"9991ea0ccd16a175ef4b82916b6cd4b45cf67f4388eb58567b0a6e520bda3740","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips.a":"b14f87994e526c3f5976487223183b284ffa70e3b4322cece3917033635573a2","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips64.a":"a9200542c6de647e31ba2cf3649490a50904ae66716c1b6c50ac123fac83f68e","src/backend/linux_raw/arch/outline/debug/librustix_outline_powerpc64.a":"355db5c83dda1074636c40fa6fee6564c668c492a71e149bcb444ea896e8167e","src/backend/linux_raw/arch/outline/debug/librustix_outline_riscv64.a":"c4fd54d0fcab2e28b1b18df77a7814b145a4c2d13fc04b937a55bf0abf420227","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86.a":"7ae3635dd3fbc2049e09d4218224e1eaaa4dd2ddd78d3901fb444d481abf2a33","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86_64.a":"039c928213bd0b67c899412084a30eb9a51526e64a01e1901cd4905ef8d7cf6d","src/backend/linux_raw/arch/outline/mips.s":"e265e8fa0b9785a9f2779d6ba70ce982b954b802862b0026dc70fd79b12968bb","src/backend/linux_raw/arch/outline/mips64.s":"c79de202f0eb00e2d9cf1fce2b9a2cabfe4ff2f5cc1476bcfd6c3d139570d447","src/backend/linux_raw/arch/outline/mod.rs":"d97b3657e828a40553677469887b1efab0544812ca592ef359a2d4230a0dd621","src/backend/linux_raw/arch/outline/nr_last.rs":"82d92b9ca8307c19d74ced1ae2c0b31f2a7c5db70fa31fdedb55d38a90601455","src/backend/linux_raw/arch/outline/powerpc64.s":"0847fa3f160846ee02771550667913734ba9773e2221f2279c4f296d6f5b7bd4","src/backend/linux_raw/arch/outline/release/librustix_outline_aarch64.a":"fa8d31702cafb24d9799c162d3319c522892e91c58fbbff2b09950a0fa81b46f","src/backend/linux_raw/arch/outline/release/librustix_outline_arm.a":"0f7c8c5c02d5329d884f800da70aaf6b5b67c14000b12afb708f3e4758aa1f7a","src/backend/linux_raw/arch/outline/release/librustix_outline_mips.a":"c9254760fa993e88662c5e1e8911d994f29e203b37a0fc9b550be193125f5031","src/backend/linux_raw/arch/outline/release/librustix_outline_mips64.a":"224f9ac5196833491bee67fd287a53b7e88111731e2eaaa3ebefba31faea373b","src/backend/linux_raw/arch/outline/release/librustix_outline_powerpc64.a":"1f04e44c3d863bac066520c787444c314f2aa2f8d8d3cae38990ecc008b9b6e1","src/backend/linux_raw/arch/outline/release/librustix_outline_riscv64.a":"beb0eb046d36545a04ad7f264ed1173062f9f85ba7f4215bef64a98f30a74dce","src/backend/linux_raw/arch/outline/release/librustix_outline_x86.a":"691d867358475c701c20b816b99bab2a4c90c3796a302ccaa56d5983be1ba8b2","src/backend/linux_raw/arch/outline/release/librustix_outline_x86_64.a":"434a79197510876c5a49f594e7886c95cf4c15e876c3404ed136846c95d6ee30","src/backend/linux_raw/arch/outline/riscv64.s":"ca5303c0c8af6de1f246d658003e270d4e29d6c68dd90c6eee372d045bdf7305","src/backend/linux_raw/arch/outline/x86.rs":"f7e12a0f3fe8e97acb1ade2c9e61d82542f00ad4d8fe684a8dcd9f30fd9ab5d4","src/backend/linux_raw/arch/outline/x86.s":"4604e3b41161802343e2e4c890fd2042098a901d95893ebe4c436f97fd47cad3","src/backend/linux_raw/arch/outline/x86_64.s":"a530084cd42ad8d4b2d36526f4e04f45a6e29ea49882e2c561ac2eeac16272bf","src/backend/linux_raw/c.rs":"cb66dbed604eefdafd8a8efd277ddad51bb5280c4e26ca0608176abcd6309a52","src/backend/linux_raw/conv.rs":"6731a2d06683575d7ce89eb83ef8a1993ce39125c30703ed8a4a69afc1e7559f","src/backend/linux_raw/elf.rs":"a257fbc3f22e4970605cf72a3b301dc2eaee2f5f1b3b0ea434fa192db3c3164e","src/backend/linux_raw/fs/dir.rs":"965ca4d97feeb0a4d4e90b62f820818c99bd5bb2acf1b85fd9f0b7ae30dd3439","src/backend/linux_raw/fs/inotify.rs":"11c058269bc96972ad7bdeaa3a938a8b51b4264d9f80d7dcf0518ac9314a261d","src/backend/linux_raw/fs/makedev.rs":"c6b4505c4bcbbc2460e80f3097eb15e2c8ef38d6c6e7abd78e39c53c372139e2","src/backend/linux_raw/fs/mod.rs":"e22bf30f312f6a05f1e79f7834c33a3c9821514da05fa4786fc31867203a4c74","src/backend/linux_raw/fs/syscalls.rs":"6900d438f535e586ae8e396aeb52426e1040e4397c942546edada6ff0c121b54","src/backend/linux_raw/fs/types.rs":"a244c59670d65442143b875cccc219bacd0739d35b7f2c1731b15d2c4bf2e900","src/backend/linux_raw/io/epoll.rs":"75de5fe04ed8f85a345ae5b54dc6106268bc05817a4e4abe9cf0bca08e2b1fb3","src/backend/linux_raw/io/errno.rs":"ac32725b1686d42b02d18363c4c44a42ea8c6a20b2422c1fea8f8c39f633f7c4","src/backend/linux_raw/io/io_slice.rs":"5ba992f3fe701184841006588b35f2452156b73e3bef9e07460e4b1f61ac889f","src/backend/linux_raw/io/mod.rs":"6ea805b91d571217c9649364121d0824bbdf4635b36c9150e5968fbeb75c0892","src/backend/linux_raw/io/poll_fd.rs":"9f5a15c80094cc3334acd171c0621d033b44d5d9a987a57acbdcd62cb17d871b","src/backend/linux_raw/io/syscalls.rs":"31bc1a2d74d574923b50aaed3d0d10c2892e7bf6ebf0ccc9bebb42be96b460a0","src/backend/linux_raw/io/types.rs":"11a677499b6b0491f4088f9f87574fe40134bce8042eac0f207b7df905a1f47e","src/backend/linux_raw/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/io_uring/syscalls.rs":"2522327e229d85ce207546b802f63fcad49a0ce41b7b881e13a1c2637fdb6095","src/backend/linux_raw/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mm/syscalls.rs":"647c1846793c386f6babae898686604a4808344ec3e2d1e71071bbfd04079357","src/backend/linux_raw/mm/types.rs":"a5d0ea04a85df5e196d68a8524c4325963c7b2ded3d7d48713c8e855273b60d4","src/backend/linux_raw/mod.rs":"87423ad0e8280081a548e8182139d9e5960258d469951516ca4e8029953daeee","src/backend/linux_raw/net/addr.rs":"9c2b4bc0836618f4b7d997892e5b3980e454bba72fe4d82205d7553ba74ec228","src/backend/linux_raw/net/mod.rs":"4ffd3f6f9cad722e4c29b9bad4912a69f521d737b9e637599a1c60436651d4ae","src/backend/linux_raw/net/read_sockaddr.rs":"0357ae643c384b08578aa0b148ac9b236953da9b36b2e387a40d5b87ae9eccef","src/backend/linux_raw/net/send_recv.rs":"42834cf8148abd02021115a61d57b23bb323dd8ad0d1b9a91d17fb8f7defab01","src/backend/linux_raw/net/syscalls.rs":"aedc536ac96d32bf6e15a9f02f3fe7a1bf48195e9af3afd0a0124636ece8f8b9","src/backend/linux_raw/net/types.rs":"c61b689d7f4b9b68d065935d70926d47b5ac7246b2fbe4f20d144a0c2f417fc2","src/backend/linux_raw/net/write_sockaddr.rs":"ec0bf20a354cb86e2b5646bfc79297a378f11fcdf5641c16e4dd13e305011dc6","src/backend/linux_raw/param/auxv.rs":"9ed73ebd83dd9001dfdecd19b813c6845dad142f79de286993eb520acc7016bc","src/backend/linux_raw/param/libc_auxv.rs":"79fd1b7452f87382fb3a9c8fa892c5adbcc24d3b505bd9ea73e17d37494e749a","src/backend/linux_raw/param/mod.rs":"db21fc1b0ea5568b8649890fa38a878bfcdcf7398f6cf1640176b37bcc6ce990","src/backend/linux_raw/param/mustang_auxv.rs":"016a691236064a9cc28688d4ff5dbd0e37dccfc07b25b943b47762ba1da33b83","src/backend/linux_raw/process/cpu_set.rs":"a333938a4356d117199bf4078688f0a9b876dc65da1bbff7649482f4f0180813","src/backend/linux_raw/process/mod.rs":"fb393c70a9c63ef9a6bf1fb5a2dc94f07d6b0b6987cc5231c15c607015dafd68","src/backend/linux_raw/process/syscalls.rs":"a9c115ae09def33321f266ab3f85cf19fa72fc3b9f425aaa8c517b6da0bce04b","src/backend/linux_raw/process/types.rs":"fba10dc8ca9eaf4d481cb82bd1540cf5c05620533c44f917c09a22ea55ef408c","src/backend/linux_raw/process/wait.rs":"d6c37b9ebca16b447b0bc0d1be4b56486619618e8fc613d10ff9c0ccff13c7ac","src/backend/linux_raw/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/rand/syscalls.rs":"b1d8b2fea0c792bd1e7c24ee59429d178dc0ad442ac817b12c7abcb38d71497b","src/backend/linux_raw/rand/types.rs":"271416d5241d70932b8a17f3b67eefd1b9c360f217f807de3d73192e9b620552","src/backend/linux_raw/reg.rs":"f9ab26b045150894b98c741f9e80ac2734bf7598f5cf166ab080938febe7af20","src/backend/linux_raw/runtime/mod.rs":"b2cae8cce3822c3c92942f06ea0b68464040dcac33c6f0f7ee392c6269993347","src/backend/linux_raw/runtime/syscalls.rs":"6488160051a991e6d385abbf8a08ccd6498acf525906d512b3f89bf3a33fca6a","src/backend/linux_raw/runtime/tls.rs":"2913858a8fe4696f9c3f9a4921f776258a6d1c54b471f813471d57db23fd22ee","src/backend/linux_raw/termios/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/termios/syscalls.rs":"e4476718035ff7520f9014aa0e99954ec741c0dd114ec50ff4900591ee067132","src/backend/linux_raw/termios/types.rs":"5cee3735957db2fdaab341a0c58e438305d6402dc7d23622f4999934d4511b5f","src/backend/linux_raw/thread/futex.rs":"e4ca5be060c52538b97df3781d84e2eb4d8241a7f647b2874412bc0fe6061efa","src/backend/linux_raw/thread/mod.rs":"f7132a68c9db1b4a796781b9e8d0ac268a1ddb713e510bfd43425564ec9b39c4","src/backend/linux_raw/thread/syscalls.rs":"936e0a02027b8f252538781eea7fb9f35bfd23bdd50a1f099172dac2da7d3fde","src/backend/linux_raw/time/mod.rs":"672724f55b7b7be6a7452bb1cc2d28b5f0aaa840a2856fe363acce624e1beefc","src/backend/linux_raw/time/syscalls.rs":"777d22d6e3ab7c5fe1d5921a91644543173bb4f783fd308b5886fca68500f98c","src/backend/linux_raw/time/types.rs":"865d968a6d2903344982f94c69868031cd1fea582318659ca4c69a11d8a53e33","src/backend/linux_raw/vdso.rs":"3305a5f3c2846440161fa69dde3aafb9f36b361ae2ddae1d12cd54503b0657cf","src/backend/linux_raw/vdso_wrappers.rs":"b7e6b75bf25b0143ec471a7e0af3fd4f4125dcbc6d2c9c0957ec29c428d9d9c5","src/backend/linux_raw/weak.rs":"72ddca9849461a725e5ccd6e2190c12fb9e296c8b8a47533acb9c8cd4f9a2b07","src/const_assert.rs":"ff08ab91f11f2ad29883096f4468bd9a65060d5a9e6681e9282bb081f8bdac27","src/cstr.rs":"976027b6c5cf2c82e369ab7ad9e97fa79d7823ded929c1816f37f97134e51fec","src/ffi/mod.rs":"1990dae8190991142bef24220f02b99c96c5bfa7dda2a7974d9dcac265d58945","src/fs/abs.rs":"16798a8a24be20500bb56a01e05ca4eeccd6f3adb0b3a4bbf1a0369a8e546104","src/fs/at.rs":"035238b63a31aa32cfc7e9ff6bb577e7075dfbeb97d22e67430b7a2bf5432e22","src/fs/constants.rs":"9e2f596d004563c4811f43a082d91ac3a8703f281a00f0b263cecbaa68aa0f7e","src/fs/copy_file_range.rs":"d3b644374390d482b2ff749a2459458872b57d0dcf9670368739b7833509a7c2","src/fs/cwd.rs":"b2d7fbb27e23704e3367ede9916cc233f76d912be21c2aee8a635eeca627977f","src/fs/dir.rs":"347a52f4ca9ac6321c52e802e97ec90d1b4c62ec955c8996fc17f8f5aed69966","src/fs/fadvise.rs":"beef66ebe1310fb92628240b2cde68f744c78e50f6ff61bb1404bd4868d9cae8","src/fs/fcntl.rs":"43e191732d72a9513f4fbecfee8cbe45b0b1ed0d0097398681a03a8fe2596495","src/fs/fcntl_apple.rs":"07f07b2ac75dc28bc9e08200f72eb95550a87ff3d69c1204f49ecb63a0c4fd20","src/fs/fcopyfile.rs":"ec95929cbbe02cf49233a785e5238931bb107b7903cc5bc95e4231de960995f2","src/fs/fd.rs":"25296739f1063c0e2b4701ff9ce078949a58f62029f57a93cc415d2ded296100","src/fs/file_type.rs":"fefd865f91011f66126213b0994773d99e373b468c31e866002228c98c64ad85","src/fs/getpath.rs":"28f6970fc1bbc37bb35c84724b59eac436ea7407a4522e18c2bdacb1fdd2edd9","src/fs/makedev.rs":"a56b9fa872e5fbf0f358ca14625b050077f45e8e265ba0c8eaeea22c421e0f92","src/fs/memfd_create.rs":"3f1d809e81fe479a82a454a04ea1219a11969d75d0c8b9ddacb09c630a9af896","src/fs/mod.rs":"6b3d85bf61915b56328beeba35e720453f9825c4e40caa9ab46290e18e3dbf75","src/fs/mount.rs":"8ab26dcb422825bbd2df2e1f68e6b4f7cf08ce11387c688442ee1b4683b33d4f","src/fs/openat2.rs":"4a95c15dab533a41201b5fa25c8a212956b7571d58cad696bdaf45af8aef96db","src/fs/raw_dir.rs":"d32627abded4cdafa083c579d6f4d9c42e41d2a82749a34e70225e55ff76d246","src/fs/sendfile.rs":"ac053f03608656bb675228ba61079b774498c0233d17e5816ac72538bb12b70e","src/fs/statx.rs":"c7b56787aa0579cfcde230952d87b42256e8b6e85c2da68f78cf31f17ddf5514","src/fs/sync.rs":"a3b23543834281f347b0f873bd38154d31d404871188ac08f2b20b9196234cfd","src/io/close.rs":"c59bf90183625da1b1e87975739469440dcddc7b5b2b6ff3a6fd12b2d399a783","src/io/dup.rs":"92e2121d7fcef657a2bce546dafc9635f97c628c53bb971e8ee08255b77eea80","src/io/errno.rs":"733f8e9246a319db137740e8dca29d7b3c7474a715e066568b1dc82f0944f692","src/io/eventfd.rs":"163aebe29b5a0e21dd9d121d39c71e82bc6569a4bb658026cfef8ee61809066b","src/io/fcntl.rs":"fe73d5593c011b6ac851e608e1776c4483924e19a9f82f5fc8759c498a4e483a","src/io/fd/mod.rs":"a1eab9ce9a2c4454053afdfd3f3705e4cb971e94cc453e4f13690f2f0d83dc2c","src/io/fd/owned.rs":"b3d1ac775461b9206f36df62495604a48820c0284276200101fd1847b0e9e756","src/io/fd/raw.rs":"9bcd00be7df3d9f4e6c49ca2d18ef25aee3d6f0ed5ee6b73df5a9beacefb6031","src/io/ioctl.rs":"98f77d30ca4eebc16454c5307ca4afab2dfdb91b8e90e54d9300f79a2f1ac814","src/io/is_read_write.rs":"072b5ea6ddb2339fc6c7e90dfc5a0a5354d926d0f2ac4df06cadafe823425c47","src/io/kqueue.rs":"b92106e4b1cd2582f8fc37a1ec0dd0aa00b320c8f5b1b91cb487e3620485cbc3","src/io/mod.rs":"646b358718353d7380718a09e87312abfce4d1d48accf6b42c941617f60ca5eb","src/io/pipe.rs":"8f8e3c3557edf13a1e4f05a8a9c2aa5e9ee97e393e02eacc8e8bf60e73e32047","src/io/poll.rs":"41dab55365df215739dcf71815bfc4c2344828d8056ab200564f75210dbc56bd","src/io/port.rs":"8be17096cdfd2425bb2f800d129913e2ed2032c02049d45b7dcda8d4189b1af2","src/io/procfs.rs":"d7b21900416ca54b9bbe683257dd4da1857f56edc25dd78a954dbafed4914ab9","src/io/read_write.rs":"263818a606de191320524972f7c9c22b6f79ddc59c5b0a443b4b726853b00b9f","src/io/seek_from.rs":"d7616a45e8a449df28b075ddded4d7c95d6c4575d6fe0cf0ca7b6625e9dc7eeb","src/io/stdio.rs":"6462b94d1ccd8cff38c6fb6b04199fa9decca91aca63287b0136539d73107bd5","src/io_uring.rs":"26048678d3862cee58bb75e43ad2dc8cae0b9bc79adcd8913cda1fa42af77efd","src/lib.rs":"9c86a382f02e2c67a54a82c1ed849aadcc4ac19cd70883b7343b9fb036e1602f","src/mm/madvise.rs":"cdc61b39d8abeea184575ca21e14483c335ce373a86007439fad6e72f58e4e24","src/mm/mmap.rs":"ac25cf39d215c93b539f20a60b107ea15dc8a0faa8d25e0de05d1415e698c742","src/mm/mod.rs":"1a46082151c2ef319667078923df74b01d4a94d25d3777083775179bda8bf3bf","src/mm/msync.rs":"a7f61abe4cb5e96f95ae8229c62b9ecc08382080ed99d76278be7001cfcf82f2","src/mm/userfaultfd.rs":"8073443bd181ff0b3ba4d0b1ae67370b4864035a0c8b4898cd709dc47c518ae7","src/net/addr.rs":"6fce66cd0ccac3bcc2339f32faf2ed1bac94a6d8824acb55bffdfaa43090675a","src/net/ip.rs":"080dd17c44b395b46b0d9e70da76f376540f92ece65f79e3d242c0a272d3b451","src/net/mod.rs":"03e600b3890f94e06f10120ca8dc9251920eec4aabe7d983d24e800faa079aa7","src/net/send_recv.rs":"f1fb0b9be750b1949b54054b3195904123cfb96f2ee0ebcedef86fc7175c63e9","src/net/socket.rs":"c510a2b619b8c91c9ee15b1a9b29d6fe89a97e83143a38bea017af7522b7e8b9","src/net/socket_addr_any.rs":"d95c7002972fa98d4133e10ad6c404399494374d568816217edcb9f4fd93aad8","src/net/socketpair.rs":"b005b019f8ae0f022fd0e730dafb258606f1f537e4448078175fc192d002dc81","src/net/sockopt.rs":"dde47b9d5d6de9749bdddb1498920f2f592582b11b508389bf78d0d5f0c4af00","src/net/wsa.rs":"6e546b42f50a851fc833c57cda76cfb347203ed4b0dea574a3d325bf5a2ebf80","src/param/auxv.rs":"988872f9bec2e12f35765ae8963cbb9535d4acaedd4c9a4d07ced6feb70e0aaa","src/param/init.rs":"671d8974f0d9b82e79076d1f4deabe0273a874a329f74b8aad26e07b86791ba3","src/param/mod.rs":"959d6bd6c7abb85e042f86047fb902891c5deb74c550ce21dac96fb9a9f16d36","src/path/arg.rs":"eb45cea7b5b21af36fef130cc02cbbf7fcceb965815b66c95c46979e0cbe2875","src/path/dec_int.rs":"a512618714fc3309253f65de605121c2aa056a780f9ab1de55f5a86469895295","src/path/mod.rs":"513fea21b1ba0226c3c5da769ded06a7cd7abe9f49cec9d165bc62a15da126a8","src/process/chdir.rs":"4c63c351e207b1bbefdd7c001e85fed383d5ac2147894d5a09fbd8b302d7c728","src/process/exit.rs":"79f6c0dd45dca0a2bea919ac920c4a56cea23608a345961e4d027aee6624783c","src/process/id.rs":"f04877bfd49fb8eda89e12ca44f271dfe92c1661f97b304c2dd234671cfbaabc","src/process/kill.rs":"e4b4dcc7e5b2a1e3e68ce03ce9a5dde43108dae4ddbc443488c464194738d06f","src/process/membarrier.rs":"19f42cb66f211e8b23f4586bf29fdfa29c29e4e9169a06f3cc7b54aad4ef94e6","src/process/mod.rs":"17abc24217e8b48d623d02b1a2955e6b62aab496362ba312122caf90500576a1","src/process/pidfd.rs":"88517949097414b77540b1c0801bdd034c28667b9386c0676cdaa1b637129ffa","src/process/prctl.rs":"7f4f2870eddcb19829b29ba139492d0f8b5006a42047f4e733e105b82afaef8b","src/process/priority.rs":"ddfdeda52acbca8566dd3517f167f7e29e3daa7e71c3ebae4183f8cf4f309b0a","src/process/procctl.rs":"4d48638f4d39a20aa073798778f431bbb944ed184777960ef1f80bebbc7fc72b","src/process/rlimit.rs":"97c1e41533c74b5b71e471d1ed0a83a847b804da9e53be76c50f0187ac5d3eec","src/process/sched.rs":"ea8b20942ef09dbcd7a54d8218435129dfece427e4960055bcdf81c997e80f5f","src/process/sched_yield.rs":"6565faa3928b66ddc74a65e893e15edfa4b9be4f7e5f5f68527501a7f6bc3350","src/process/umask.rs":"f664e46dc6990a550d5ead5e394bfd90767bcb875c53722a5fb92823e15d8882","src/process/uname.rs":"3bcc278449d6b83aa8747bfde85d696293c50a3fa60d88c4a5570b38ef8af25b","src/process/wait.rs":"2f8716a58594df9c8cfd5a712d68f7dc9b3131fefdf80e868a4360336954e2e5","src/rand/getrandom.rs":"7ad1be6a5b0dc25030bb2434bdc00f3a0c410b7ebc24c136b9839410bf6c5a97","src/rand/mod.rs":"bd6839924ebfb7092f27f2ad42323768f39f76df157e7b8aa42f5bc17f700c9c","src/runtime.rs":"7c60353f240f1bda8b0fbfb7c570b7577cc5076a0d2f74083d8d878a2d69bf2d","src/termios/cf.rs":"cb13ee88cba541cbd683c7a5da034a126fd9e09dc6b5f25c9f32382f8318ffc0","src/termios/constants.rs":"7855cebd1e2169a2a760c6752138b3de1be00fd3b907b049d32ad5d6bdb0426e","src/termios/mod.rs":"b4d28ebeeae6782b4060d3e6f0156ed63bafa155d1bbdae9e28d06e574d69cb7","src/termios/tc.rs":"ae5d8799123747950c7f20ca3abaa3ec1918462ed95d1e78d07bcb491aedcccf","src/termios/tty.rs":"409ddcc795ed1e644d302cdcfdffff8713657bf8777548e628f0b1149acb18af","src/thread/clock.rs":"4e3f54aa5b50443bf502a81ee4814b3522e928e3b06241d24f924a6f69953662","src/thread/futex.rs":"4e78c84589b535ca9ca633633696ef212393a98f2890b181acaa8f908fbc5ae2","src/thread/id.rs":"708ee7701a0811586717de147365ed2f496e1aad3fd6208fe08edacc63a40c78","src/thread/libcap.rs":"43a05e127ae57ecd8b93752571d1cac3359bebe265c964f1825eefe1cee25a42","src/thread/mod.rs":"a3839e32f920fa4be0812f6d40b677968cb3d9e99aa0af65c87ceb8ce015fdc9","src/thread/prctl.rs":"32d9b6c8854547ba5d509af39e3f690588d761f254875a8054827aa815750b3c","src/thread/setns.rs":"5e08f98300e2ca8fc99272cf5408f0b27cb4c8ece54d76b92ede656982f11e69","src/time/clock.rs":"fcaa5a68d31d1cb1cee20c9ffc2c223f16036810b45234da97716d7f0e34f773","src/time/mod.rs":"b8b7c5d2bdba60a69e8a557ce7017e4251a41f5633aec928da059c49bc080cfa","src/time/timerfd.rs":"f17092b84553741aa2d2b44c6992b5d2c8c96cc2c2007fc9a2c6b2064485e53f","src/utils.rs":"6ed86e62ac05d6279b664a97fd62878a4c1811ab66a1a2920b169eb74c0c1fcd"},"package":"2aae838e49b3d63e9274e1c01833cc8139d3fec468c3b84688c628f44b1ae11d"}
+diff --color -urN a/libflux/vendor/rustix/src/backend/libc/fs/dir.rs b/libflux/vendor/rustix/src/backend/libc/fs/dir.rs
+--- a/libflux/vendor/rustix/src/backend/libc/fs/dir.rs	2025-01-17 09:41:01.349139462 +0000
++++ b/libflux/vendor/rustix/src/backend/libc/fs/dir.rs	2025-01-17 09:49:35.023252831 +0000
+@@ -34,8 +34,13 @@
+ use libc_errno::{errno, set_errno, Errno};
+ 
+ /// `DIR*`
+-#[repr(transparent)]
+-pub struct Dir(NonNull);
++pub struct Dir {
++    /// The `libc` `DIR` pointer.
++    libc_dir: NonNull,
++
++    /// Have we seen any errors in this iteration?
++    any_errors: bool,
++}
+ 
+ impl Dir {
+     /// Construct a `Dir` that reads entries from the given directory
+@@ -47,20 +52,35 @@
+ 
+     #[inline]
+     fn _read_from(fd: BorrowedFd<'_>) -> io::Result {
++        let mut any_errors = false;
++
+         // Given an arbitrary `OwnedFd`, it's impossible to know whether the
+         // user holds a `dup`'d copy which could continue to modify the
+         // file description state, which would cause Undefined Behavior after
+         // our call to `fdopendir`. To prevent this, we obtain an independent
+         // `OwnedFd`.
+         let flags = fcntl_getfl(fd)?;
+-        let fd_for_dir = openat(fd, cstr!("."), flags | OFlags::CLOEXEC, Mode::empty())?;
++        let fd_for_dir = match openat(fd, cstr!("."), flags | OFlags::CLOEXEC, Mode::empty()) {
++            Ok(fd) => fd,
++            Err(io::Errno::NOENT) => {
++                // If "." doesn't exist, it means the directory was removed.
++                // We treat that as iterating through a directory with no
++                // entries.
++                any_errors = true;
++                crate::io::dup(fd)?
++            }
++            Err(err) => return Err(err),
++        };
+ 
+         let raw = owned_fd(fd_for_dir);
+         unsafe {
+             let libc_dir = c::fdopendir(raw);
+ 
+             if let Some(libc_dir) = NonNull::new(libc_dir) {
+-                Ok(Self(libc_dir))
++                Ok(Self {
++                    libc_dir,
++                    any_errors,
++                })
+             } else {
+                 let err = io::Errno::last_os_error();
+                 let _ = c::close(raw);
+@@ -72,13 +92,19 @@
+     /// `rewinddir(self)`
+     #[inline]
+     pub fn rewind(&mut self) {
+-        unsafe { c::rewinddir(self.0.as_ptr()) }
++        self.any_errors = false;
++        unsafe { c::rewinddir(self.libc_dir.as_ptr()) }
+     }
+ 
+     /// `readdir(self)`, where `None` means the end of the directory.
+     pub fn read(&mut self) -> Option> {
++        // If we've seen errors, don't continue to try to read anyting further.
++        if self.any_errors {
++            return None;
++        }
++
+         set_errno(Errno(0));
+-        let dirent_ptr = unsafe { libc_readdir(self.0.as_ptr()) };
++        let dirent_ptr = unsafe { libc_readdir(self.libc_dir.as_ptr()) };
+         if dirent_ptr.is_null() {
+             let curr_errno = errno().0;
+             if curr_errno == 0 {
+@@ -86,6 +112,7 @@
+                 None
+             } else {
+                 // `errno` is unknown or non-zero, so an error occurred.
++                self.any_errors = true;
+                 Some(Err(io::Errno(curr_errno)))
+             }
+         } else {
+@@ -111,7 +138,7 @@
+     /// `fstat(self)`
+     #[inline]
+     pub fn stat(&self) -> io::Result {
+-        fstat(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) })
++        fstat(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) })
+     }
+ 
+     /// `fstatfs(self)`
+@@ -124,21 +151,21 @@
+     )))]
+     #[inline]
+     pub fn statfs(&self) -> io::Result {
+-        fstatfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) })
++        fstatfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) })
+     }
+ 
+     /// `fstatvfs(self)`
+     #[cfg(not(any(solarish, target_os = "haiku", target_os = "redox", target_os = "wasi")))]
+     #[inline]
+     pub fn statvfs(&self) -> io::Result {
+-        fstatvfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) })
++        fstatvfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) })
+     }
+ 
+     /// `fchdir(self)`
+     #[cfg(not(any(target_os = "fuchsia", target_os = "wasi")))]
+     #[inline]
+     pub fn chdir(&self) -> io::Result<()> {
+-        fchdir(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) })
++        fchdir(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) })
+     }
+ }
+ 
+@@ -275,7 +302,7 @@
+ impl Drop for Dir {
+     #[inline]
+     fn drop(&mut self) {
+-        unsafe { c::closedir(self.0.as_ptr()) };
++        unsafe { c::closedir(self.libc_dir.as_ptr()) };
+     }
+ }
+ 
+@@ -291,7 +318,7 @@
+ impl fmt::Debug for Dir {
+     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+         f.debug_struct("Dir")
+-            .field("fd", unsafe { &c::dirfd(self.0.as_ptr()) })
++            .field("fd", unsafe { &c::dirfd(self.libc_dir.as_ptr()) })
+             .finish()
+     }
+ }
+@@ -403,3 +430,38 @@
+         }
+     );
+ }
++
++#[test]
++fn dir_iterator_handles_io_errors() {
++    // create a dir, keep the FD, then delete the dir
++    let tmp = tempfile::tempdir().unwrap();
++    let fd = crate::fs::openat(
++        crate::fs::cwd(),
++        tmp.path(),
++        crate::fs::OFlags::RDONLY | crate::fs::OFlags::CLOEXEC,
++        crate::fs::Mode::empty(),
++    )
++    .unwrap();
++
++    let file_fd = crate::fs::openat(
++        &fd,
++        tmp.path().join("test.txt"),
++        crate::fs::OFlags::WRONLY | crate::fs::OFlags::CREATE,
++        crate::fs::Mode::RWXU,
++    )
++    .unwrap();
++
++    let mut dir = Dir::read_from(&fd).unwrap();
++
++    // Reach inside the `Dir` and replace its directory with a file, which
++    // will cause the subsequent `readdir` to fail.
++    unsafe {
++        let raw_fd = c::dirfd(dir.libc_dir.as_ptr());
++        let mut owned_fd: crate::fd::OwnedFd = crate::fd::FromRawFd::from_raw_fd(raw_fd);
++        crate::io::dup2(&file_fd, &mut owned_fd).unwrap();
++        core::mem::forget(owned_fd);
++    }
++
++    assert!(matches!(dir.next(), Some(Err(_))));
++    assert!(matches!(dir.next(), None));
++}
+diff --color -urN a/libflux/vendor/rustix/src/backend/linux_raw/fs/dir.rs b/libflux/vendor/rustix/src/backend/linux_raw/fs/dir.rs
+--- a/libflux/vendor/rustix/src/backend/linux_raw/fs/dir.rs	2025-01-17 09:41:01.353141180 +0000
++++ b/libflux/vendor/rustix/src/backend/linux_raw/fs/dir.rs	2025-01-17 09:49:35.023252831 +0000
+@@ -17,9 +17,17 @@
+     /// The `OwnedFd` that we read directory entries from.
+     fd: OwnedFd,
+ 
++    /// Have we seen any errors in this iteration?
++    any_errors: bool,
++
++    /// Should we rewind the stream on the next iteration?
++    rewind: bool,
++
++    /// The buffer for `linux_dirent64` entries.
+     buf: Vec,
++
++    /// Where we are in the buffer.
+     pos: usize,
+-    next: Option,
+ }
+ 
+ impl Dir {
+@@ -37,25 +45,39 @@
+ 
+         Ok(Self {
+             fd: fd_for_dir,
++            any_errors: false,
++            rewind: false,
+             buf: Vec::new(),
+             pos: 0,
+-            next: None,
+         })
+     }
+ 
+     /// `rewinddir(self)`
+     #[inline]
+     pub fn rewind(&mut self) {
++        self.any_errors = false;
++        self.rewind = true;
+         self.pos = self.buf.len();
+-        self.next = Some(0);
+     }
+ 
+     /// `readdir(self)`, where `None` means the end of the directory.
+     pub fn read(&mut self) -> Option> {
+-        if let Some(next) = self.next.take() {
+-            match crate::backend::fs::syscalls::_seek(self.fd.as_fd(), next as i64, SEEK_SET) {
++        // If we've seen errors, don't continue to try to read anyting further.
++        if self.any_errors {
++            return None;
++        }
++
++        // If a rewind was requested, seek to the beginning.
++        if self.rewind {
++            self.rewind = false;
++            match io::retry_on_intr(|| {
++                crate::backend::fs::syscalls::_seek(self.fd.as_fd(), 0, SEEK_SET)
++            }) {
+                 Ok(_) => (),
+-                Err(err) => return Some(Err(err)),
++                Err(err) => {
++                    self.any_errors = true;
++                    return Some(Err(err));
++                }
+             }
+         }
+ 
+@@ -77,7 +99,7 @@
+         if self.buf.len() - self.pos < size_of::() {
+             match self.read_more()? {
+                 Ok(()) => (),
+-                Err(e) => return Some(Err(e)),
++                Err(err) => return Some(Err(err)),
+             }
+         }
+ 
+@@ -136,14 +158,31 @@
+     }
+ 
+     fn read_more(&mut self) -> Option> {
+-        let og_len = self.buf.len();
+-        // Capacity increment currently chosen by wild guess.
+-        self.buf
+-            .resize(self.buf.capacity() + 32 * size_of::(), 0);
+-        let nread = match crate::backend::fs::syscalls::getdents(self.fd.as_fd(), &mut self.buf) {
++        // The first few times we're called, we allocate a relatively small
++        // buffer, because many directories are small. If we're called more,
++        // use progressively larger allocations, up to a fixed maximum.
++        //
++        // The specific sizes and policy here have not been tuned in detail yet
++        // and may need to be adjusted. In doing so, we should be careful to
++        // avoid unbounded buffer growth. This buffer only exists to share the
++        // cost of a `getdents` call over many entries, so if it gets too big,
++        // cache and heap usage will outweigh the benefit. And ultimately,
++        // directories can contain more entries than we can allocate contiguous
++        // memory for, so we'll always need to cap the size at some point.
++        if self.buf.len() < 1024 * size_of::() {
++            self.buf.reserve(32 * size_of::());
++        }
++        self.buf.resize(self.buf.capacity(), 0);
++        let nread = match io::retry_on_intr(|| {
++            crate::backend::fs::syscalls::getdents(self.fd.as_fd(), &mut self.buf)
++        }) {
+             Ok(nread) => nread,
++            Err(io::Errno::NOENT) => {
++                self.any_errors = true;
++                return None;
++            }
+             Err(err) => {
+-                self.buf.resize(og_len, 0);
++                self.any_errors = true;
+                 return Some(Err(err));
+             }
+         };
+@@ -223,3 +262,33 @@
+         self.d_ino
+     }
+ }
++
++#[test]
++fn dir_iterator_handles_io_errors() {
++    // create a dir, keep the FD, then delete the dir
++    let tmp = tempfile::tempdir().unwrap();
++    let fd = crate::fs::openat(
++        crate::fs::cwd(),
++        tmp.path(),
++        crate::fs::OFlags::RDONLY | crate::fs::OFlags::CLOEXEC,
++        crate::fs::Mode::empty(),
++    )
++    .unwrap();
++
++    let file_fd = crate::fs::openat(
++        &fd,
++        tmp.path().join("test.txt"),
++        crate::fs::OFlags::WRONLY | crate::fs::OFlags::CREATE,
++        crate::fs::Mode::RWXU,
++    )
++    .unwrap();
++
++    let mut dir = Dir::read_from(&fd).unwrap();
++
++    // Reach inside the `Dir` and replace its directory with a file, which
++    // will cause the subsequent `getdents64` to fail.
++    crate::io::dup2(&file_fd, &mut dir.fd).unwrap();
++
++    assert!(matches!(dir.next(), Some(Err(_))));
++    assert!(matches!(dir.next(), None));
++}
diff --git a/SPECS/flux/fix-build-warnings.patch b/SPECS/flux/fix-build-warnings.patch
new file mode 100644
index 0000000000..662355b60c
--- /dev/null
+++ b/SPECS/flux/fix-build-warnings.patch
@@ -0,0 +1,26 @@
+From bb42bf67b2f146bf362edb02f3c7150bc3d9af46 Mon Sep 17 00:00:00 2001
+From: Tobias Brick 
+Date: Wed, 2 Apr 2025 19:34:02 +0000
+Subject: [PATCH] Correctly drop pkg in test. Fixes warning unused_must_use.
+ Taken from upstream https://github.com/influxdata/flux/pull/5484.
+
+---
+ libflux/flux/src/cffi.rs | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libflux/flux/src/cffi.rs b/libflux/flux/src/cffi.rs
+index ba18e3d..2e686ec 100644
+--- a/libflux/flux/src/cffi.rs
++++ b/libflux/flux/src/cffi.rs
+@@ -1159,7 +1159,7 @@ from(bucket: v.bucket)
+         // Safety: both parameters are valid
+         let err = unsafe { flux_ast_get_error(pkg, options) }.unwrap();
+         // Safety: pkg is a valid pointer allocated just above
+-        unsafe { Box::from_raw(pkg) }; // Free the AST
++        unsafe { drop(Box::from_raw(pkg)) }; // Free the AST
+         let msg = err.message.to_string_lossy();
+         assert!(
+             msg.contains("incomplete utf-8 byte sequence from index 0"),
+-- 
+2.45.3
+
diff --git a/SPECS/flux/fix-unsigned-char.patch b/SPECS/flux/fix-unsigned-char.patch
new file mode 100644
index 0000000000..d2d4c3ed72
--- /dev/null
+++ b/SPECS/flux/fix-unsigned-char.patch
@@ -0,0 +1,27 @@
+From 4e64300bc6d0f96c59c7d06c0f6f57a5d0f8e6ad Mon Sep 17 00:00:00 2001
+From: Tobias Brick 
+Date: Tue, 8 Apr 2025 19:20:37 +0000
+Subject: [PATCH] Fix test build on aarch64-linux. Fixes upstream issue
+ https://github.com/influxdata/flux/issues/5495. Modeled after
+ https://github.com/magneticflux-/nixpkgs/blob/reposilite-module/pkgs/servers/nosql/influxdb2/fix-unsigned-char.patch.
+
+---
+ libflux/flux/src/cffi.rs | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libflux/flux/src/cffi.rs b/libflux/flux/src/cffi.rs
+index 2e686ec..9fbae64 100644
+--- a/libflux/flux/src/cffi.rs
++++ b/libflux/flux/src/cffi.rs
+@@ -1149,7 +1149,7 @@ from(bucket: v.bucket)
+     fn parse_with_invalid_utf8() {
+         let cfname = CString::new("foo.flux").unwrap();
+         let cfname_ptr: *const c_char = cfname.as_ptr();
+-        let v: Vec = vec![-61, 0];
++        let v: Vec = vec![-61i8 as c_char, 0];
+         let csrc: *const c_char = &v[0];
+         // Safety: both pointers are valid
+         let pkg = unsafe { flux_parse(cfname_ptr, csrc) };
+-- 
+2.45.3
+
diff --git a/SPECS/flux/flux.spec b/SPECS/flux/flux.spec
index 460e6e3cef..9e60255c3c 100644
--- a/SPECS/flux/flux.spec
+++ b/SPECS/flux/flux.spec
@@ -22,7 +22,7 @@
 Summary:        Influx data language
 Name:           flux
 Version:        0.194.5
-Release:        1%{?dist}
+Release:        4%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -32,18 +32,21 @@ Source0:        %{url}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.
 # Below is a manually created tarball, no download link.
 # Note: the %%{name}-%%{version}-cargo.tar.gz file contains a cache created by capturing the contents downloaded into $CARGO_HOME.
 # To update the cache and config.toml run:
-#   tar -xf %{name}-%{version}.tar.gz
-#   cd %{name}-%{version}/libflux
+#   tar -xf %%{name}-%%{version}.tar.gz
+#   cd %%{name}-%%{version}/libflux
 #   cargo vendor > config.toml
-#   tar -czf %{name}-%{version}-cargo.tar.gz vendor/
+#   tar -czf %%{name}-%%{version}-cargo.tar.gz vendor/
 #
 Source1:        %{name}-%{version}-cargo.tar.gz
 Source2:        cargo_config
 Patch1:         disable-static-library.patch
-Patch2:         0001-libflux-unblock-build-by-allowing-warnings.patch
-BuildRequires:  cargo >= 1.45
+# Fixed upstream in 1.195.0, https://github.com/influxdata/flux/pull/5484.
+Patch2:         fix-build-warnings.patch
+Patch3:         fix-unsigned-char.patch
+Patch4:         CVE-2024-43806.patch
+BuildRequires:  cargo < 1.85.0
 BuildRequires:  kernel-headers
-BuildRequires:  rust >= 1.45
+BuildRequires:  rust < 1.85.0
 
 %description
 Flux is a lightweight scripting language for querying databases (like InfluxDB)
@@ -72,11 +75,13 @@ programs using Influx data language.
 %prep
 %setup -q
 %patch 2 -p1
+%patch 3 -p1
 pushd libflux
 tar -xf %{SOURCE1}
 install -D %{SOURCE2} .cargo/config
 
 patch -p2 < %{PATCH1}
+patch -p2 < %{PATCH4}
 patch -p2 < - 0.194.5-4
+- Pin rust version
+
+* Mon Apr 14 2025 Tobias Brick  - 0.194.5-3
+- Add missing EOF for inline patch call.
+- Fix build warnings rather than suppressing them.
+- Fix test build error on arm64.
+
+* Fri Jan 17 2025 Archana Choudhary  - 0.194.5-2
+- Patch for CVE-2024-43806
+
 * Thu Feb 01 2024 Mykhailo Bykhovtsev  - 0.194.5-1
 - Upgrade to version 0.194.5
 
diff --git a/SPECS/gh/CVE-2025-22872.patch b/SPECS/gh/CVE-2025-22872.patch
new file mode 100644
index 0000000000..a9203f2a9a
--- /dev/null
+++ b/SPECS/gh/CVE-2025-22872.patch
@@ -0,0 +1,42 @@
+From 01035da6c5be2080f75765d9ebbb462614d7e81a Mon Sep 17 00:00:00 2001
+From: jykanase 
+Date: Tue, 22 Apr 2025 08:15:38 +0000
+Subject: [PATCH] CVE-2025-22872
+
+Upstream patch reference: https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9
+---
+ vendor/golang.org/x/net/html/token.go | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go
+index 3c57880..6598c1f 100644
+--- a/vendor/golang.org/x/net/html/token.go
++++ b/vendor/golang.org/x/net/html/token.go
+@@ -839,8 +839,22 @@ func (z *Tokenizer) readStartTag() TokenType {
+ 	if raw {
+ 		z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end]))
+ 	}
+-	// Look for a self-closing token like "
".
+-	if z.err == nil && z.buf[z.raw.end-2] == '/' {
++	// Look for a self-closing token (e.g. 
).
++	//
++	// Originally, we did this by just checking that the last character of the
++	// tag (ignoring the closing bracket) was a solidus (/) character, but this
++	// is not always accurate.
++	//
++	// We need to be careful that we don't misinterpret a non-self-closing tag
++	// as self-closing, as can happen if the tag contains unquoted attribute
++	// values (i.e. 
).
++	//
++	// To avoid this, we check that the last non-bracket character of the tag
++	// (z.raw.end-2) isn't the same character as the last non-quote character of
++	// the last attribute of the tag (z.pendingAttr[1].end-1), if the tag has
++	// attributes.
++	nAttrs := len(z.attr)
++	if z.err == nil && z.buf[z.raw.end-2] == '/' && (nAttrs == 0 || z.raw.end-2 != z.attr[nAttrs-1][1].end-1) {
+ 		return SelfClosingTagToken
+ 	}
+ 	return StartTagToken
+-- 
+2.45.2
+
diff --git a/SPECS/gh/gh.spec b/SPECS/gh/gh.spec
index cd921c1632..1e308b2c54 100644
--- a/SPECS/gh/gh.spec
+++ b/SPECS/gh/gh.spec
@@ -1,7 +1,7 @@
 Summary:        GitHub official command line tool
 Name:           gh
 Version:        2.62.0
-Release:        8%{?dist}
+Release:        9%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -21,6 +21,7 @@ Patch5:         CVE-2024-53859.patch
 Patch6:         CVE-2025-25204.patch
 Patch7:         CVE-2025-27144.patch
 Patch8:         CVE-2025-22869.patch
+Patch9:         CVE-2025-22872.patch
 
 BuildRequires:  golang < 1.23
 BuildRequires:  git
@@ -63,6 +64,10 @@ make test
 %{_datadir}/zsh/site-functions/_gh
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 2.62.0-9
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-22872
+
 * Fri Mar 21 2025 Anuj Mittal  - 2.62.0-8
 - Bump Release to rebuild
 
diff --git a/SPECS/giflib/CVE-2021-40633.patch b/SPECS/giflib/CVE-2021-40633.patch
new file mode 100644
index 0000000000..930c448491
--- /dev/null
+++ b/SPECS/giflib/CVE-2021-40633.patch
@@ -0,0 +1,30 @@
+From 7e6036db1536e0972de6f8f4e1fcf827d313f8ea Mon Sep 17 00:00:00 2001
+From: Kanishk-Bansal 
+Date: Mon, 21 Apr 2025 19:53:54 +0000
+Subject: [PATCH] Address CVE-2021-40633
+
+Upstream Patch Reference : https://sourceforge.net/p/giflib/code/ci/ccbc956432650734c91acb3fc88837f7b81267ff
+
+Signed-off-by: Kanishk-Bansal 
+---
+ gif2rgb.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/gif2rgb.c b/gif2rgb.c
+index 11c39e4..855f821 100644
+--- a/gif2rgb.c
++++ b/gif2rgb.c
+@@ -496,6 +496,10 @@ static void GIF2RGB(int NumFiles, char *FileName,
+ 		   ScreenBuffer, 
+ 		   GifFile->SWidth, GifFile->SHeight);
+ 
++	for (i = 0; i < GifFile->SHeight; i++) {
++		(void)free(ScreenBuffer[i]);
++	}
++
+     (void)free(ScreenBuffer);
+ 
+     if (DGifCloseFile(GifFile, &Error) == GIF_ERROR) {
+-- 
+2.45.2
+
diff --git a/SPECS/giflib/CVE-2025-31344.patch b/SPECS/giflib/CVE-2025-31344.patch
new file mode 100644
index 0000000000..3fc2782e7a
--- /dev/null
+++ b/SPECS/giflib/CVE-2025-31344.patch
@@ -0,0 +1,29 @@
+From a4f400bf6fc39436d21ea9ca30d299ae44988a6d Mon Sep 17 00:00:00 2001
+From: Sudipta Pandit 
+Date: Wed, 16 Apr 2025 03:03:51 +0530
+Subject: [PATCH] Fix CVE-2025-31344
+
+Upstream ref: https://gitee.com/src-openeuler/giflib/blob/2c10c1abf8ff2e88b1da04e050bb721487b73fa3/Fix-heap-buffer-overflow.patch
+
+---
+ gif2rgb.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/gif2rgb.c b/gif2rgb.c
+index 8d7c0ff..2032604 100644
+--- a/gif2rgb.c
++++ b/gif2rgb.c
+@@ -317,6 +317,10 @@ static void DumpScreen2RGB(char *FileName, int OneFileFlag,
+             GifRow = ScreenBuffer[i];
+             GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
+             for (j = 0; j < ScreenWidth; j++) {
++                /* Check if color is within color palate */
++                if (GifRow[j] >= ColorMap->ColorCount) {
++                  GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT));
++                }
+                 ColorMapEntry = &ColorMap->Colors[GifRow[j]];
+                 Buffers[0][j] = ColorMapEntry->Red;
+                 Buffers[1][j] = ColorMapEntry->Green;
+-- 
+2.34.1
+
diff --git a/SPECS/giflib/giflib.spec b/SPECS/giflib/giflib.spec
index 024c84ea95..d05a38c922 100644
--- a/SPECS/giflib/giflib.spec
+++ b/SPECS/giflib/giflib.spec
@@ -1,7 +1,7 @@
 Name:           giflib
 Summary:        A library and utilities for processing GIFs
 Version:        5.2.1
-Release:        8%{?dist}
+Release:        10%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -12,6 +12,8 @@ Patch0:         giflib_quantize.patch
 Patch1:         CVE-2023-48161.patch
 Patch2:         CVE-2022-28506.patch
 Patch3:         CVE-2023-39742.patch
+Patch4:         CVE-2025-31344.patch
+Patch5:         CVE-2021-40633.patch
 BuildRequires:  gcc
 BuildRequires:  make
 BuildRequires:  xmlto
@@ -62,6 +64,12 @@ find %{buildroot} -name '*.a' -print -delete
 %{_mandir}/man1/*.1*
 
 %changelog
+* Mon Apr 21 2025 Kanishk Bansal  - 5.2.1-10
+- Patch CVE-2021-40633 using an upstream patch
+
+* Tue Apr 15 2025 Sudipta Pandit  - 5.2.1-9
+- Patch CVE-2025-31344
+
 * Fri Feb 14 2024 Kevin Lockwood  - 5.2.1-8
 - Patch CVE-2023-39742
 
diff --git a/SPECS/git-lfs/CVE-2025-22870.patch b/SPECS/git-lfs/CVE-2025-22870.patch
new file mode 100644
index 0000000000..8e6d46ea47
--- /dev/null
+++ b/SPECS/git-lfs/CVE-2025-22870.patch
@@ -0,0 +1,47 @@
+From 89bbe84381a4856d9bc1e8eaacf71bc52bfc2cf9 Mon Sep 17 00:00:00 2001
+From: Rohit Rawat 
+Date: Tue, 8 Apr 2025 15:28:42 +0000
+Subject: [PATCH] Fix CVE CVE-2025-22870 in git-lfs
+Upstream Patch Reference: https://github.com/golang/go/commit/334de7982f8ec959c74470dd709ceedfd6dbd50a.patch
+---
+ vendor/golang.org/x/net/http/httpproxy/proxy.go | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/http/httpproxy/proxy.go b/vendor/golang.org/x/net/http/httpproxy/proxy.go
+index 6404aaf..d89c257 100644
+--- a/vendor/golang.org/x/net/http/httpproxy/proxy.go
++++ b/vendor/golang.org/x/net/http/httpproxy/proxy.go
+@@ -14,6 +14,7 @@ import (
+ 	"errors"
+ 	"fmt"
+ 	"net"
++	"net/netip"
+ 	"net/url"
+ 	"os"
+ 	"strings"
+@@ -177,8 +178,10 @@ func (cfg *config) useProxy(addr string) bool {
+ 	if host == "localhost" {
+ 		return false
+ 	}
+-	ip := net.ParseIP(host)
+-	if ip != nil {
++	nip, err := netip.ParseAddr(host)
++	var ip net.IP
++	if err == nil {
++		ip = net.IP(nip.AsSlice())
+ 		if ip.IsLoopback() {
+ 			return false
+ 		}
+@@ -360,6 +363,9 @@ type domainMatch struct {
+ }
+ 
+ func (m domainMatch) match(host, port string, ip net.IP) bool {
++	if ip != nil {
++		return false
++	}
+ 	if strings.HasSuffix(host, m.host) || (m.matchHost && host == m.host[1:]) {
+ 		return m.port == "" || m.port == port
+ 	}
+-- 
+2.40.4
+
diff --git a/SPECS/git-lfs/git-lfs.spec b/SPECS/git-lfs/git-lfs.spec
index 93032ed34f..fd143ce5ab 100644
--- a/SPECS/git-lfs/git-lfs.spec
+++ b/SPECS/git-lfs/git-lfs.spec
@@ -2,7 +2,7 @@
 Summary:       Git extension for versioning large files
 Name:          git-lfs
 Version:       3.6.1
-Release:       2%{?dist}
+Release:       3%{?dist}
 Group:         System Environment/Programming
 Vendor:        Microsoft Corporation
 Distribution:   Azure Linux
@@ -28,6 +28,7 @@ Source0:       https://github.com/git-lfs/git-lfs/archive/v%{version}.tar.gz#/%{
 #         See: https://reproducible-builds.org/docs/archives/
 #       - For the value of "--mtime" use the date "2021-04-26 00:00Z" to simplify future updates.
 Source1:       %{name}-%{version}-vendor.tar.gz
+Patch0:        CVE-2025-22870.patch
 
 BuildRequires: golang
 BuildRequires: which
@@ -41,10 +42,9 @@ Requires:      git
 Git LFS is a command line extension and specification for managing large files with Git
 
 %prep
-%autosetup
+%autosetup -p1 -a1
 
 %build
-tar --no-same-owner -xf %{SOURCE1}
 export GOPATH=%{our_gopath}
 export GOFLAGS="-buildmode=pie -trimpath -mod=vendor -modcacherw -ldflags=-linkmode=external"
 go generate ./commands
@@ -77,6 +77,10 @@ git lfs uninstall
 %{_mandir}/man5/*
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 3.6.1-3
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-22870
+
 * Fri Mar 21 2025 Anuj Mittal  - 3.6.1-2
 - Bump Release to rebuild
 
diff --git a/SPECS/git/git.spec b/SPECS/git/git.spec
index 9cbfe9771a..541d2df8a8 100644
--- a/SPECS/git/git.spec
+++ b/SPECS/git/git.spec
@@ -7,7 +7,7 @@
 Summary:        Fast distributed version control system
 Name:           git
 Version:        2.45.3
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -19,7 +19,7 @@ BuildRequires:  python3-devel
 Requires:       curl
 Requires:       expat
 Requires:       less
-Requires:       openssh
+Requires:       openssh-clients
 Requires:       openssl
 Requires:       perl-CGI
 Requires:       perl-DBI
@@ -173,6 +173,9 @@ fi
 %endif
 
 %changelog
+* Thu Apr 17 2025 Muhammad Falak  - 2.45.3-2
+- Add dependency only for openssh-clients instead of openssh
+
 * Tue Jan 14 2025 CBL-Mariner Servicing Account  - 2.45.3-1
 - Auto-upgrade to 2.45.3 - CVE-2024-50349 and CVE-2024-52006
 
diff --git a/SPECS/glibc/glibc.spec b/SPECS/glibc/glibc.spec
index f24bc4f9ac..f2a3314e43 100644
--- a/SPECS/glibc/glibc.spec
+++ b/SPECS/glibc/glibc.spec
@@ -10,7 +10,7 @@
 Summary:        Main C library
 Name:           glibc
 Version:        2.38
-Release:        9%{?dist}
+Release:        10%{?dist}
 License:        BSD AND GPLv2+ AND Inner-Net AND ISC AND LGPLv2+ AND MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -37,6 +37,7 @@ Patch9:         CVE-2023-6779.patch
 Patch10:        CVE-2023-6780.patch
 # Upstream backport for fixing: nscd fails to build with cleanup handler if built with -fexceptions
 Patch11:		nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch
+Patch12:        glibc-2.34_pthread_cond_wait.patch
 # Patches for testing
 Patch100:       0001-Remove-Wno-format-cflag-from-tests.patch
 
@@ -358,6 +359,9 @@ grep "^FAIL: nptl/tst-mutex10" tests.sum >/dev/null && n=$((n+1)) ||:
 %exclude %{_libdir}/locale/C.utf8
 
 %changelog
+* Mon May 12 2025 Andrew Phelps  - 2.38-10
+- Add glibc-2.34_pthread_cond_wait.patch
+
 * Wed Feb 19 2025 Chris Co  - 2.38-9
 - Re-enable nscd build and packaging
 
diff --git a/SPECS/gnutls/CVE-2024-12133.patch b/SPECS/gnutls/CVE-2024-12133.patch
new file mode 100644
index 0000000000..c0ce86dd2b
--- /dev/null
+++ b/SPECS/gnutls/CVE-2024-12133.patch
@@ -0,0 +1,231 @@
+From 869a97aa259dffa2620dabcad84e1c22545ffc3d Mon Sep 17 00:00:00 2001
+From: Daiki Ueno 
+Date: Fri, 8 Nov 2024 16:05:32 +0900
+Subject: [PATCH] asn1_find_node: optimize "?NUMBER" node lookup with indexing
+
+To avoid linear search of named nodes, this adds a array of child
+nodes to their parent nodes as a cache.
+
+Signed-off-by: Daiki Ueno 
+Signed-off-by: Simon Josefsson 
+---
+ lib/element.c    | 56 ++++++++++++++++++++++++++++++++++++++++++------
+ lib/element.h    | 10 +++++++++
+ lib/int.h        |  8 +++++++
+ lib/parser_aux.c | 10 +++++++++
+ lib/structure.c  | 13 +++++++++++
+ 5 files changed, 90 insertions(+), 7 deletions(-)
+
+diff --git a/lib/minitasn1/element.c b/lib/element.c
+index 850bef4a..528df418 100644
+--- a/lib/minitasn1/element.c
++++ b/lib/minitasn1/element.c
+@@ -33,6 +33,8 @@
+ #include "structure.h"
+ #include "c-ctype.h"
+ #include "element.h"
++#include 
++#include "intprops.h"
+ 
+ void
+ _asn1_hierarchical_name (asn1_node_const node, char *name, int name_size)
+@@ -129,6 +131,41 @@ _asn1_convert_integer (const unsigned char *value, unsigned char *value_out,
+   return ASN1_SUCCESS;
+ }
+ 
++int
++_asn1_node_array_set (struct asn1_node_array_st *array, size_t position,
++		      asn1_node node)
++{
++  if (position >= array->size)
++    {
++      size_t new_size = position, i;
++      asn1_node *new_nodes;
++
++      if (INT_MULTIPLY_OVERFLOW (new_size, 2))
++	return ASN1_GENERIC_ERROR;
++      new_size *= 2;
++
++      if (INT_ADD_OVERFLOW (new_size, 1))
++	return ASN1_GENERIC_ERROR;
++      new_size += 1;
++
++      if (INT_MULTIPLY_OVERFLOW (new_size, sizeof (*new_nodes)))
++	return ASN1_GENERIC_ERROR;
++
++      new_nodes = realloc (array->nodes, new_size * sizeof (*new_nodes));
++      if (!new_nodes)
++	return ASN1_MEM_ALLOC_ERROR;
++
++      for (i = array->size; i < new_size; i++)
++	new_nodes[i] = NULL;
++
++      array->nodes = new_nodes;
++      array->size = new_size;
++    }
++
++  array->nodes[position] = node;
++  return ASN1_SUCCESS;
++}
++
+ /* Appends a new element into the sequence (or set) defined by this
+  * node. The new element will have a name of '?number', where number
+  * is a monotonically increased serial number.
+@@ -145,6 +182,7 @@ _asn1_append_sequence_set (asn1_node node, struct node_tail_cache_st *pcache)
+   asn1_node p, p2;
+   char temp[LTOSTR_MAX_SIZE + 1];
+   long n;
++  int result;
+ 
+   if (!node || !(node->down))
+     return ASN1_GENERIC_ERROR;
+@@ -177,17 +215,21 @@ _asn1_append_sequence_set (asn1_node node, struct node_tail_cache_st *pcache)
+       pcache->tail = p2;
+     }
+ 
+-  if (p->name[0] == 0)
+-    _asn1_str_cpy (temp, sizeof (temp), "?1");
+-  else
++  n = 0;
++  if (p->name[0] != 0)
+     {
+-      n = strtol (p->name + 1, NULL, 0);
+-      n++;
+-      temp[0] = '?';
+-      _asn1_ltostr (n, temp + 1);
++      n = strtol (p->name + 1, NULL, 10);
++      if (n <= 0 || n >= LONG_MAX - 1)
++	return ASN1_GENERIC_ERROR;
+     }
++  temp[0] = '?';
++  _asn1_ltostr (n + 1, temp + 1);
+   _asn1_set_name (p2, temp);
+   /*  p2->type |= CONST_OPTION; */
++  result = _asn1_node_array_set (&node->numbered_children, n, p2);
++  if (result != ASN1_SUCCESS)
++    return result;
++  p2->parent = node;
+ 
+   return ASN1_SUCCESS;
+ }
+diff --git a/lib/minitasn1/element.h b/lib/minitasn1/element.h
+index 732054e9..b84e3a27 100644
+--- a/lib/minitasn1/element.h
++++ b/lib/minitasn1/element.h
+@@ -38,4 +38,14 @@ int _asn1_convert_integer (const unsigned char *value,
+ void _asn1_hierarchical_name (asn1_node_const node, char *name,
+ 			      int name_size);
+ 
++static inline asn1_node_const
++_asn1_node_array_get (const struct asn1_node_array_st *array, size_t position)
++{
++  return position < array->size ? array->nodes[position] : NULL;
++}
++
++int
++_asn1_node_array_set (struct asn1_node_array_st *array, size_t position,
++		      asn1_node node);
++
+ #endif
+diff --git a/lib/minitasn1/int.h b/minitasn1/lib/int.h
+index 4f2d98d1..41b12b0b 100644
+--- a/lib/minitasn1/int.h
++++ b/lib/minitasn1/int.h
+@@ -31,6 +31,12 @@
+ 
+ # define ASN1_SMALL_VALUE_SIZE 16
+ 
++struct asn1_node_array_st
++{
++  asn1_node *nodes;
++  size_t size;
++};
++
+ /* This structure is also in libtasn1.h, but then contains less
+    fields.  You cannot make any modifications to these first fields
+    without breaking ABI.  */
+@@ -47,6 +53,8 @@ struct asn1_node_st
+   asn1_node left;		/* Pointer to the next list element */
+   /* private fields: */
+   unsigned char small_value[ASN1_SMALL_VALUE_SIZE];	/* For small values */
++  asn1_node parent;		/* Pointer to the parent node */
++  struct asn1_node_array_st numbered_children; /* Array of unnamed child nodes for caching */
+ 
+   /* values used during decoding/coding */
+   int tmp_ival;
+diff --git a/lib/minitasn1/parser_aux.c b/lib/minitasn1/parser_aux.c
+index 415905a0..4281cc97 100644
+--- a/lib/minitasn1/parser_aux.c
++++ b/lib/minitasn1/parser_aux.c
+@@ -126,6 +126,7 @@ asn1_find_node (asn1_node_const pointer, const char *name)
+   const char *n_start;
+   unsigned int nsize;
+   unsigned int nhash;
++  const struct asn1_node_array_st *numbered_children;
+ 
+   if (pointer == NULL)
+     return NULL;
+@@ -209,6 +210,7 @@ asn1_find_node (asn1_node_const pointer, const char *name)
+       if (p->down == NULL)
+ 	return NULL;
+ 
++      numbered_children = &p->numbered_children;
+       p = p->down;
+       if (p == NULL)
+ 	return NULL;
+@@ -222,6 +224,12 @@ asn1_find_node (asn1_node_const pointer, const char *name)
+ 	}
+       else
+ 	{			/* no "?LAST" */
++	  if (n[0] == '?' && c_isdigit (n[1]))
++	    {
++	      long position = strtol (n + 1, NULL, 10);
++	      if (position > 0 && position < LONG_MAX)
++		p = _asn1_node_array_get (numbered_children, position - 1);
++	    }
+ 	  while (p)
+ 	    {
+ 	      if (p->name_hash == nhash && !strcmp (p->name, n))
+@@ -509,6 +517,8 @@ _asn1_remove_node (asn1_node node, unsigned int flags)
+       if (node->value != node->small_value)
+ 	free (node->value);
+     }
++
++  free (node->numbered_children.nodes);
+   free (node);
+ }
+ 
+diff --git a/lib/minitasn1/structure.c b/lib/minitasn1/structure.c
+index 9c95b9e2..32692ad2 100644
+--- a/lib/minitasn1/structure.c
++++ b/lib/minitasn1/structure.c
+@@ -31,6 +31,9 @@
+ #include 
+ #include "parser_aux.h"
+ #include 
++#include "c-ctype.h"
++#include "element.h"
++#include 
+ 
+ 
+ extern char _asn1_identifierMissing[];
+@@ -391,6 +394,16 @@ asn1_delete_element (asn1_node structure, const char *element_name)
+   if (source_node == NULL)
+     return ASN1_ELEMENT_NOT_FOUND;
+ 
++  if (source_node->parent
++      && source_node->name[0] == '?'
++      && c_isdigit (source_node->name[1]))
++    {
++      long position = strtol (source_node->name + 1, NULL, 10);
++      if (position > 0 && position < LONG_MAX)
++	_asn1_node_array_set (&source_node->parent->numbered_children,
++			      position - 1, NULL);
++    }
++
+   p2 = source_node->right;
+   p3 = _asn1_find_left (source_node);
+   if (!p3)
+-- 
+GitLab
+
diff --git a/SPECS/gnutls/CVE-2024-12243.patch b/SPECS/gnutls/CVE-2024-12243.patch
new file mode 100644
index 0000000000..342b150e55
--- /dev/null
+++ b/SPECS/gnutls/CVE-2024-12243.patch
@@ -0,0 +1,1143 @@
+From 7d81ae18fd54548f85dff96f2184ed0c26a93665 Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Fri, 7 Mar 2025 16:10:36 -0600
+Subject: [PATCH] Address CVE-2024-12243
+Upstream Patch Reference: https://gitlab.com/gnutls/gnutls/-/commit/4760bc63531e3f5039e70ede91a20e1194410892
+
+---
+ lib/datum.c                 |   7 +-
+ lib/x509/name_constraints.c | 595 +++++++++++++++++++++---------------
+ lib/x509/x509_ext.c         |  80 +++--
+ lib/x509/x509_ext_int.h     |   5 +
+ lib/x509/x509_int.h         |  21 +-
+ 5 files changed, 399 insertions(+), 309 deletions(-)
+
+diff --git a/lib/datum.c b/lib/datum.c
+index 66e0169..5577c2b 100644
+--- a/lib/datum.c
++++ b/lib/datum.c
+@@ -29,6 +29,7 @@
+ #include "num.h"
+ #include "datum.h"
+ #include "errors.h"
++#include "intprops.h"
+ 
+ /* On error, @dat is not changed. */
+ int _gnutls_set_datum(gnutls_datum_t *dat, const void *data, size_t data_size)
+@@ -60,7 +61,11 @@ int _gnutls_set_strdatum(gnutls_datum_t *dat, const void *data,
+ 	if (data == NULL)
+ 		return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
+ 
+-	unsigned char *m = gnutls_malloc(data_size + 1);
++	size_t capacity;
++	if (!INT_ADD_OK(data_size, 1, &capacity))
++		return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
++
++	unsigned char *m = gnutls_malloc(capacity);
+ 	if (!m)
+ 		return GNUTLS_E_MEMORY_ERROR;
+ 
+diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c
+index 8327a9d..3c6e306 100644
+--- a/lib/x509/name_constraints.c
++++ b/lib/x509/name_constraints.c
+@@ -33,51 +33,98 @@
+ #include 
+ #include "x509_b64.h"
+ #include "x509_int.h"
++#include "x509_ext_int.h"
+ #include 
+ 
+ #include "ip.h"
+ #include "ip-in-cidr.h"
++#include "intprops.h"
++
++#define MAX_NC_CHECKS (1 << 20)
++
++struct name_constraints_node_st {
++	unsigned type;
++	gnutls_datum_t name;
++};
++
++struct name_constraints_node_list_st {
++	struct name_constraints_node_st **data;
++	size_t size;
++	size_t capacity;
++};
++
++struct gnutls_name_constraints_st {
++	struct name_constraints_node_list_st nodes; /* owns elements */
++	struct name_constraints_node_list_st permitted; /* borrows elements */
++	struct name_constraints_node_list_st excluded; /* borrows elements */
++};
++
++static struct name_constraints_node_st *
++name_constraints_node_new(gnutls_x509_name_constraints_t nc, unsigned type,
++			  unsigned char *data, unsigned int size);
+ 
+-// for documentation see the implementation
+ static int
+-name_constraints_intersect_nodes(name_constraints_node_st *nc1,
+-				 name_constraints_node_st *nc2,
+-				 name_constraints_node_st **intersection);
++name_constraints_node_list_add(struct name_constraints_node_list_st *list,
++			       struct name_constraints_node_st *node)
++{
++	if (!list->capacity || list->size == list->capacity) {
++		size_t new_capacity = list->capacity;
++		struct name_constraints_node_st **new_data;
++
++		if (!INT_MULTIPLY_OK(new_capacity, 2, &new_capacity) ||
++		    !INT_ADD_OK(new_capacity, 1, &new_capacity))
++			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
++		new_data = _gnutls_reallocarray(
++			list->data, new_capacity,
++			sizeof(struct name_constraints_node_st *));
++		if (!new_data)
++			return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
++		list->capacity = new_capacity;
++		list->data = new_data;
++	}
++	list->data[list->size++] = node;
++	return 0;
++}
++
++// for documentation see the implementation
++static int name_constraints_intersect_nodes(
++	gnutls_x509_name_constraints_t nc,
++	const struct name_constraints_node_st *node1,
++	const struct name_constraints_node_st *node2,
++	struct name_constraints_node_st **intersection);
+ 
+ /*-
+- * is_nc_empty:
++ * _gnutls_x509_name_constraints_is_empty:
+  * @nc: name constraints structure
+- * @type: type (gnutls_x509_subject_alt_name_t)
++ * @type: type (gnutls_x509_subject_alt_name_t or 0)
+  *
+  * Test whether given name constraints structure has any constraints (permitted
+  * or excluded) of a given type. @nc must be allocated (not NULL) before the call.
++ * If @type is 0, type checking will be skipped.
+  *
+- * Returns: 0 if @nc contains constraints of type @type, 1 otherwise
++ * Returns: false if @nc contains constraints of type @type, true otherwise
+  -*/
+-static unsigned is_nc_empty(struct gnutls_name_constraints_st *nc,
+-			    unsigned type)
++bool _gnutls_x509_name_constraints_is_empty(gnutls_x509_name_constraints_t nc,
++					    unsigned type)
+ {
+-	name_constraints_node_st *t;
++	if (nc->permitted.size == 0 && nc->excluded.size == 0)
++		return true;
+ 
+-	if (nc->permitted == NULL && nc->excluded == NULL)
+-		return 1;
++	if (type == 0)
++		return false;
+ 
+-	t = nc->permitted;
+-	while (t != NULL) {
+-		if (t->type == type)
+-			return 0;
+-		t = t->next;
++	for (size_t i = 0; i < nc->permitted.size; i++) {
++		if (nc->permitted.data[i]->type == type)
++			return false;
+ 	}
+ 
+-	t = nc->excluded;
+-	while (t != NULL) {
+-		if (t->type == type)
+-			return 0;
+-		t = t->next;
++	for (size_t i = 0; i < nc->excluded.size; i++) {
++		if (nc->excluded.data[i]->type == type)
++			return false;
+ 	}
+ 
+ 	/* no constraint for that type exists */
+-	return 1;
++	return true;
+ }
+ 
+ /*-
+@@ -115,21 +162,16 @@ static int validate_name_constraints_node(gnutls_x509_subject_alt_name_t type,
+ 	return GNUTLS_E_SUCCESS;
+ }
+ 
+-int _gnutls_extract_name_constraints(asn1_node c2, const char *vstr,
+-				     name_constraints_node_st **_nc)
++static int extract_name_constraints(gnutls_x509_name_constraints_t nc,
++				    asn1_node c2, const char *vstr,
++				    struct name_constraints_node_list_st *nodes)
+ {
+ 	int ret;
+ 	char tmpstr[128];
+ 	unsigned indx;
+ 	gnutls_datum_t tmp = { NULL, 0 };
+ 	unsigned int type;
+-	struct name_constraints_node_st *nc, *prev;
+-
+-	prev = *_nc;
+-	if (prev != NULL) {
+-		while (prev->next != NULL)
+-			prev = prev->next;
+-	}
++	struct name_constraints_node_st *node;
+ 
+ 	for (indx = 1;; indx++) {
+ 		snprintf(tmpstr, sizeof(tmpstr), "%s.?%u.base", vstr, indx);
+@@ -172,25 +214,19 @@ int _gnutls_extract_name_constraints(asn1_node c2, const char *vstr,
+ 			goto cleanup;
+ 		}
+ 
+-		nc = gnutls_malloc(sizeof(struct name_constraints_node_st));
+-		if (nc == NULL) {
++		node = name_constraints_node_new(nc, type, tmp.data, tmp.size);
++		_gnutls_free_datum(&tmp);
++		if (node == NULL) {
+ 			gnutls_assert();
+ 			ret = GNUTLS_E_MEMORY_ERROR;
+ 			goto cleanup;
+ 		}
+ 
+-		memcpy(&nc->name, &tmp, sizeof(gnutls_datum_t));
+-		nc->type = type;
+-		nc->next = NULL;
+-
+-		if (prev == NULL) {
+-			*_nc = prev = nc;
+-		} else {
+-			prev->next = nc;
+-			prev = nc;
++		ret = name_constraints_node_list_add(nodes, node);
++		if (ret < 0) {
++			gnutls_assert();
++			goto cleanup;
+ 		}
+-
+-		tmp.data = NULL;
+ 	}
+ 
+ 	assert(ret < 0);
+@@ -205,84 +241,104 @@ cleanup:
+ 	return ret;
+ }
+ 
++int _gnutls_x509_name_constraints_extract(asn1_node c2,
++					  const char *permitted_name,
++					  const char *excluded_name,
++					  gnutls_x509_name_constraints_t nc)
++{
++	int ret;
++
++	ret = extract_name_constraints(nc, c2, permitted_name, &nc->permitted);
++	if (ret < 0)
++		return gnutls_assert_val(ret);
++	ret = extract_name_constraints(nc, c2, excluded_name, &nc->excluded);
++	if (ret < 0)
++		return gnutls_assert_val(ret);
++
++	return ret;
++}
++
+ /*-
+- * _gnutls_name_constraints_node_free:
++ * name_constraints_node_free:
+  * @node: name constraints node
+  *
+- * Deallocate a list of name constraints nodes starting at the given node.
++ * Deallocate a name constraints node.
+  -*/
+-void _gnutls_name_constraints_node_free(name_constraints_node_st *node)
++static void name_constraints_node_free(struct name_constraints_node_st *node)
+ {
+-	name_constraints_node_st *next, *t;
+-
+-	t = node;
+-	while (t != NULL) {
+-		next = t->next;
+-		gnutls_free(t->name.data);
+-		gnutls_free(t);
+-		t = next;
++	if (node) {
++		gnutls_free(node->name.data);
++		gnutls_free(node);
+ 	}
+ }
+ 
+ /*-
+  * name_constraints_node_new:
+  * @type: name constraints type to set (gnutls_x509_subject_alt_name_t)
++ * @nc: a %gnutls_x509_name_constraints_t
+  * @data: name.data to set or NULL
+  * @size: name.size to set
+  *
+  * Allocate a new name constraints node and set its type, name size and name data.
+- * If @data is set to NULL, name data will be an array of \x00 (the length of @size).
+- * The .next pointer is set to NULL.
+  *
+  * Returns: Pointer to newly allocated node or NULL in case of memory error.
+  -*/
+-static name_constraints_node_st *
+-name_constraints_node_new(unsigned type, unsigned char *data, unsigned int size)
++static struct name_constraints_node_st *
++name_constraints_node_new(gnutls_x509_name_constraints_t nc, unsigned type,
++			  unsigned char *data, unsigned int size)
+ {
+-	name_constraints_node_st *tmp =
+-		gnutls_malloc(sizeof(struct name_constraints_node_st));
++	struct name_constraints_node_st *tmp;
++	int ret;
++
++	tmp = gnutls_calloc(1, sizeof(struct name_constraints_node_st));
+ 	if (tmp == NULL)
+ 		return NULL;
+ 	tmp->type = type;
+-	tmp->next = NULL;
+-	tmp->name.size = size;
+-	tmp->name.data = NULL;
+-	if (tmp->name.size > 0) {
+-		tmp->name.data = gnutls_malloc(tmp->name.size);
+-		if (tmp->name.data == NULL) {
++
++	if (data) {
++		ret = _gnutls_set_strdatum(&tmp->name, data, size);
++		if (ret < 0) {
++			gnutls_assert();
+ 			gnutls_free(tmp);
+ 			return NULL;
+ 		}
+-		if (data != NULL) {
+-			memcpy(tmp->name.data, data, size);
+-		} else {
+-			memset(tmp->name.data, 0, size);
+-		}
+ 	}
++
++	ret = name_constraints_node_list_add(&nc->nodes, tmp);
++	if (ret < 0) {
++		gnutls_assert();
++		name_constraints_node_free(tmp);
++		return NULL;
++	}
++
+ 	return tmp;
+ }
+ 
+ /*-
+- * @brief _gnutls_name_constraints_intersect:
+- * @_nc: first name constraints list (permitted)
+- * @_nc2: name constraints list to merge with (permitted)
+- * @_nc_excluded: Corresponding excluded name constraints list
++ * @brief name_constraints_node_list_intersect:
++ * @nc: %gnutls_x509_name_constraints_t
++ * @permitted: first name constraints list (permitted)
++ * @permitted2: name constraints list to merge with (permitted)
++ * @excluded: Corresponding excluded name constraints list
+  *
+- * This function finds the intersection of @_nc and @_nc2. The result is placed in @_nc,
+- * the original @_nc is deallocated. @_nc2 is not changed. If necessary, a universal
++ * This function finds the intersection of @permitted and @permitted2. The result is placed in @permitted,
++ * the original @permitted is modified. @permitted2 is not changed. If necessary, a universal
+  * excluded name constraint node of the right type is added to the list provided
+- * in @_nc_excluded.
++ * in @excluded.
+  *
+  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.
+  -*/
+-static int
+-_gnutls_name_constraints_intersect(name_constraints_node_st **_nc,
+-				   name_constraints_node_st *_nc2,
+-				   name_constraints_node_st **_nc_excluded)
++static int name_constraints_node_list_intersect(
++	gnutls_x509_name_constraints_t nc,
++	struct name_constraints_node_list_st *permitted,
++	const struct name_constraints_node_list_st *permitted2,
++	struct name_constraints_node_list_st *excluded)
+ {
+-	name_constraints_node_st *nc, *nc2, *t, *tmp, *dest = NULL,
+-						      *prev = NULL;
++	struct name_constraints_node_st *tmp;
+ 	int ret, type, used;
++	struct name_constraints_node_list_st removed = { .data = NULL,
++							 .size = 0,
++							 .capacity = 0 };
+ 
+ 	/* temporary array to see, if we need to add universal excluded constraints
+ 	 * (see phase 3 for details)
+@@ -291,61 +347,73 @@ _gnutls_name_constraints_intersect(name_constraints_node_st **_nc,
+ 	memset(types_with_empty_intersection, 0,
+ 	       sizeof(types_with_empty_intersection));
+ 
+-	if (*_nc == NULL || _nc2 == NULL)
++	if (permitted->size == 0 || permitted2->size == 0)
+ 		return 0;
+ 
+ 	/* Phase 1
+-	 * For each name in _NC, if a _NC2 does not contain a name
+-	 * with the same type, preserve the original name.
+-	 * Do this also for node of unknown type (not DNS, email, IP */
+-	t = nc = *_nc;
+-	while (t != NULL) {
+-		name_constraints_node_st *next = t->next;
+-		nc2 = _nc2;
+-		while (nc2 != NULL) {
+-			if (t->type == nc2->type) {
++	 * For each name in PERMITTED, if a PERMITTED2 does not contain a name
++	 * with the same type, move the original name to REMOVED.
++	 * Do this also for node of unknown type (not DNS, email, IP) */
++	for (size_t i = 0; i < permitted->size;) {
++		struct name_constraints_node_st *t = permitted->data[i];
++		const struct name_constraints_node_st *found = NULL;
++
++		for (size_t j = 0; j < permitted2->size; j++) {
++			const struct name_constraints_node_st *t2 =
++				permitted2->data[j];
++			if (t->type == t2->type) {
+ 				// check bounds (we will use 't->type' as index)
+-				if (t->type > GNUTLS_SAN_MAX || t->type == 0)
+-					return gnutls_assert_val(
+-						GNUTLS_E_INTERNAL_ERROR);
++				if (t->type > GNUTLS_SAN_MAX || t->type == 0) {
++					gnutls_assert();
++					ret = GNUTLS_E_INTERNAL_ERROR;
++					goto cleanup;
++				}
+ 				// note the possibility of empty intersection for this type
+ 				// if we add something to the intersection in phase 2,
+ 				// we will reset this flag back to 0 then
+ 				types_with_empty_intersection[t->type - 1] = 1;
++				found = t2;
+ 				break;
+ 			}
+-			nc2 = nc2->next;
+ 		}
+-		if (nc2 == NULL || (t->type != GNUTLS_SAN_DNSNAME &&
+-				    t->type != GNUTLS_SAN_RFC822NAME &&
+-				    t->type != GNUTLS_SAN_IPADDRESS)) {
+-			/* move node from NC to DEST */
+-			if (prev != NULL)
+-				prev->next = next;
+-			else
+-				prev = nc = next;
+-			t->next = dest;
+-			dest = t;
+-		} else {
+-			prev = t;
++
++		if (found != NULL && (t->type == GNUTLS_SAN_DNSNAME ||
++				      t->type == GNUTLS_SAN_RFC822NAME ||
++				      t->type == GNUTLS_SAN_IPADDRESS)) {
++			/* move node from PERMITTED to REMOVED */
++			ret = name_constraints_node_list_add(&removed, t);
++			if (ret < 0) {
++				gnutls_assert();
++				goto cleanup;
++			}
++			/* remove node by swapping */
++			if (i < permitted->size - 1)
++				permitted->data[i] =
++					permitted->data[permitted->size - 1];
++			permitted->size--;
++			continue;
+ 		}
+-		t = next;
++		i++;
+ 	}
+ 
+ 	/* Phase 2
+-	 * iterate through all combinations from nc2 and nc1
++	 * iterate through all combinations from PERMITTED2 and PERMITTED
+ 	 * and create intersections of nodes with same type */
+-	nc2 = _nc2;
+-	while (nc2 != NULL) {
+-		// current nc2 node has not yet been used for any intersection
+-		// (and is not in DEST either)
++	for (size_t i = 0; i < permitted2->size; i++) {
++		const struct name_constraints_node_st *t2 = permitted2->data[i];
++
++		// current PERMITTED2 node has not yet been used for any intersection
++		// (and is not in REMOVED either)
+ 		used = 0;
+-		t = nc;
+-		while (t != NULL) {
++		for (size_t j = 0; j < removed.size; j++) {
++			const struct name_constraints_node_st *t =
++				removed.data[j];
+ 			// save intersection of name constraints into tmp
+-			ret = name_constraints_intersect_nodes(t, nc2, &tmp);
+-			if (ret < 0)
+-				return gnutls_assert_val(ret);
++			ret = name_constraints_intersect_nodes(nc, t, t2, &tmp);
++			if (ret < 0) {
++				gnutls_assert();
++				goto cleanup;
++			}
+ 			used = 1;
+ 			// if intersection is not empty
+ 			if (tmp !=
+@@ -360,32 +428,34 @@ _gnutls_name_constraints_intersect(name_constraints_node_st **_nc,
+ 				// we will not add universal excluded constraint for this type
+ 				types_with_empty_intersection[tmp->type - 1] =
+ 					0;
+-				// add intersection node to DEST
+-				tmp->next = dest;
+-				dest = tmp;
++				// add intersection node to PERMITTED
++				ret = name_constraints_node_list_add(permitted,
++								     tmp);
++				if (ret < 0) {
++					gnutls_assert();
++					goto cleanup;
++				}
+ 			}
+-			t = t->next;
+ 		}
+-		// if the node from nc2 was not used for intersection, copy it to DEST
++		// if the node from PERMITTED2 was not used for intersection, copy it to DEST
+ 		// Beware: also copies nodes other than DNS, email, IP,
+ 		//       since their counterpart may have been moved in phase 1.
+ 		if (!used) {
+ 			tmp = name_constraints_node_new(
+-				nc2->type, nc2->name.data, nc2->name.size);
++				nc, t2->type, t2->name.data, t2->name.size);
+ 			if (tmp == NULL) {
+-				_gnutls_name_constraints_node_free(dest);
+-				return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
++				gnutls_assert();
++				ret = GNUTLS_E_MEMORY_ERROR;
++				goto cleanup;
++			}
++			ret = name_constraints_node_list_add(permitted, tmp);
++			if (ret < 0) {
++				gnutls_assert();
++				goto cleanup;
+ 			}
+-			tmp->next = dest;
+-			dest = tmp;
+ 		}
+-		nc2 = nc2->next;
+ 	}
+ 
+-	/* replace the original with the new */
+-	_gnutls_name_constraints_node_free(nc);
+-	*_nc = dest;
+-
+ 	/* Phase 3
+ 	 * For each type: If we have empty permitted name constraints now
+ 	 * and we didn't have at the beginning, we have to add a new
+@@ -400,63 +470,77 @@ _gnutls_name_constraints_intersect(name_constraints_node_st **_nc,
+ 		switch (type) {
+ 		case GNUTLS_SAN_IPADDRESS:
+ 			// add universal restricted range for IPv4
+-			tmp = name_constraints_node_new(GNUTLS_SAN_IPADDRESS,
+-							NULL, 8);
++			tmp = name_constraints_node_new(
++				nc, GNUTLS_SAN_IPADDRESS, NULL, 8);
+ 			if (tmp == NULL) {
+-				_gnutls_name_constraints_node_free(dest);
+-				return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
++				gnutls_assert();
++				ret = GNUTLS_E_MEMORY_ERROR;
++				goto cleanup;
++			}
++			ret = name_constraints_node_list_add(excluded, tmp);
++			if (ret < 0) {
++				gnutls_assert();
++				goto cleanup;
+ 			}
+-			tmp->next = *_nc_excluded;
+-			*_nc_excluded = tmp;
+ 			// add universal restricted range for IPv6
+-			tmp = name_constraints_node_new(GNUTLS_SAN_IPADDRESS,
+-							NULL, 32);
++			tmp = name_constraints_node_new(
++				nc, GNUTLS_SAN_IPADDRESS, NULL, 32);
+ 			if (tmp == NULL) {
+-				_gnutls_name_constraints_node_free(dest);
+-				return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
++				gnutls_assert();
++				ret = GNUTLS_E_MEMORY_ERROR;
++				goto cleanup;
++			}
++			ret = name_constraints_node_list_add(excluded, tmp);
++			if (ret < 0) {
++				gnutls_assert();
++				goto cleanup;
+ 			}
+-			tmp->next = *_nc_excluded;
+-			*_nc_excluded = tmp;
+ 			break;
+ 		case GNUTLS_SAN_DNSNAME:
+ 		case GNUTLS_SAN_RFC822NAME:
+-			tmp = name_constraints_node_new(type, NULL, 0);
++			tmp = name_constraints_node_new(nc, type, NULL, 0);
+ 			if (tmp == NULL) {
+-				_gnutls_name_constraints_node_free(dest);
+-				return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
++				gnutls_assert();
++				ret = GNUTLS_E_MEMORY_ERROR;
++				goto cleanup;
++			}
++			ret = name_constraints_node_list_add(excluded, tmp);
++			if (ret < 0) {
++				gnutls_assert();
++				goto cleanup;
+ 			}
+-			tmp->next = *_nc_excluded;
+-			*_nc_excluded = tmp;
+ 			break;
+ 		default: // do nothing, at least one node was already moved in phase 1
+ 			break;
+ 		}
+ 	}
+-	return GNUTLS_E_SUCCESS;
++	ret = GNUTLS_E_SUCCESS;
++
++cleanup:
++	gnutls_free(removed.data);
++	return ret;
+ }
+ 
+-static int _gnutls_name_constraints_append(name_constraints_node_st **_nc,
+-					   name_constraints_node_st *_nc2)
++static int name_constraints_node_list_concat(
++	gnutls_x509_name_constraints_t nc,
++	struct name_constraints_node_list_st *nodes,
++	const struct name_constraints_node_list_st *nodes2)
+ {
+-	name_constraints_node_st *nc, *nc2;
+-	struct name_constraints_node_st *tmp;
+-
+-	if (_nc2 == NULL)
+-		return 0;
+-
+-	nc2 = _nc2;
+-	while (nc2) {
+-		nc = *_nc;
+-
+-		tmp = name_constraints_node_new(nc2->type, nc2->name.data,
+-						nc2->name.size);
+-		if (tmp == NULL)
++	for (size_t i = 0; i < nodes2->size; i++) {
++		const struct name_constraints_node_st *node = nodes2->data[i];
++		struct name_constraints_node_st *tmp;
++		int ret;
++
++		tmp = name_constraints_node_new(nc, node->type, node->name.data,
++						node->name.size);
++		if (tmp == NULL) {
+ 			return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+-
+-		tmp->next = nc;
+-		*_nc = tmp;
+-
+-		nc2 = nc2->next;
++		}
++		ret = name_constraints_node_list_add(nodes, tmp);
++		if (ret < 0) {
++			name_constraints_node_free(tmp);
++			return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
++		}
+ 	}
+ 
+ 	return 0;
+@@ -524,6 +608,25 @@ cleanup:
+ 	return ret;
+ }
+ 
++void _gnutls_x509_name_constraints_clear(gnutls_x509_name_constraints_t nc)
++{
++	for (size_t i = 0; i < nc->nodes.size; i++) {
++		struct name_constraints_node_st *node = nc->nodes.data[i];
++		name_constraints_node_free(node);
++	}
++	gnutls_free(nc->nodes.data);
++	nc->nodes.capacity = 0;
++	nc->nodes.size = 0;
++
++	gnutls_free(nc->permitted.data);
++	nc->permitted.capacity = 0;
++	nc->permitted.size = 0;
++
++	gnutls_free(nc->excluded.data);
++	nc->excluded.capacity = 0;
++	nc->excluded.size = 0;
++}
++
+ /**
+  * gnutls_x509_name_constraints_deinit:
+  * @nc: The nameconstraints
+@@ -534,9 +637,7 @@ cleanup:
+  **/
+ void gnutls_x509_name_constraints_deinit(gnutls_x509_name_constraints_t nc)
+ {
+-	_gnutls_name_constraints_node_free(nc->permitted);
+-	_gnutls_name_constraints_node_free(nc->excluded);
+-
++	_gnutls_x509_name_constraints_clear(nc);
+ 	gnutls_free(nc);
+ }
+ 
+@@ -552,12 +653,15 @@ void gnutls_x509_name_constraints_deinit(gnutls_x509_name_constraints_t nc)
+  **/
+ int gnutls_x509_name_constraints_init(gnutls_x509_name_constraints_t *nc)
+ {
+-	*nc = gnutls_calloc(1, sizeof(struct gnutls_name_constraints_st));
+-	if (*nc == NULL) {
++	struct gnutls_name_constraints_st *tmp;
++
++	tmp = gnutls_calloc(1, sizeof(struct gnutls_name_constraints_st));
++	if (tmp == NULL) {
+ 		gnutls_assert();
+ 		return GNUTLS_E_MEMORY_ERROR;
+ 	}
+ 
++	*nc = tmp;
+ 	return 0;
+ }
+ 
+@@ -565,36 +669,25 @@ static int name_constraints_add(gnutls_x509_name_constraints_t nc,
+ 				gnutls_x509_subject_alt_name_t type,
+ 				const gnutls_datum_t *name, unsigned permitted)
+ {
+-	struct name_constraints_node_st *tmp, *prev = NULL;
++	struct name_constraints_node_st *tmp;
++	struct name_constraints_node_list_st *nodes;
+ 	int ret;
+ 
+ 	ret = validate_name_constraints_node(type, name);
+ 	if (ret < 0)
+ 		return gnutls_assert_val(ret);
+ 
+-	if (permitted != 0)
+-		prev = tmp = nc->permitted;
+-	else
+-		prev = tmp = nc->excluded;
+-
+-	while (tmp != NULL) {
+-		tmp = tmp->next;
+-		if (tmp != NULL)
+-			prev = tmp;
+-	}
++	nodes = permitted ? &nc->permitted : &nc->excluded;
+ 
+-	tmp = name_constraints_node_new(type, name->data, name->size);
++	tmp = name_constraints_node_new(nc, type, name->data, name->size);
+ 	if (tmp == NULL)
+ 		return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+-	tmp->next = NULL;
+ 
+-	if (prev == NULL) {
+-		if (permitted != 0)
+-			nc->permitted = tmp;
+-		else
+-			nc->excluded = tmp;
+-	} else
+-		prev->next = tmp;
++	ret = name_constraints_node_list_add(nodes, tmp);
++	if (ret < 0) {
++		name_constraints_node_free(tmp);
++		return gnutls_assert_val(ret);
++	}
+ 
+ 	return 0;
+ }
+@@ -620,14 +713,15 @@ int _gnutls_x509_name_constraints_merge(gnutls_x509_name_constraints_t nc,
+ {
+ 	int ret;
+ 
+-	ret = _gnutls_name_constraints_intersect(&nc->permitted, nc2->permitted,
+-						 &nc->excluded);
++	ret = name_constraints_node_list_intersect(
++		nc, &nc->permitted, &nc2->permitted, &nc->excluded);
+ 	if (ret < 0) {
+ 		gnutls_assert();
+ 		return ret;
+ 	}
+ 
+-	ret = _gnutls_name_constraints_append(&nc->excluded, nc2->excluded);
++	ret = name_constraints_node_list_concat(nc, &nc->excluded,
++						&nc2->excluded);
+ 	if (ret < 0) {
+ 		gnutls_assert();
+ 		return ret;
+@@ -804,50 +898,51 @@ static unsigned email_matches(const gnutls_datum_t *name,
+  *
+  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.
+  -*/
+-static int
+-name_constraints_intersect_nodes(name_constraints_node_st *nc1,
+-				 name_constraints_node_st *nc2,
+-				 name_constraints_node_st **_intersection)
++static int name_constraints_intersect_nodes(
++	gnutls_x509_name_constraints_t nc,
++	const struct name_constraints_node_st *node1,
++	const struct name_constraints_node_st *node2,
++	struct name_constraints_node_st **_intersection)
+ {
+ 	// presume empty intersection
+-	name_constraints_node_st *intersection = NULL;
+-	name_constraints_node_st *to_copy = NULL;
++	struct name_constraints_node_st *intersection = NULL;
++	const struct name_constraints_node_st *to_copy = NULL;
+ 	unsigned iplength = 0;
+ 	unsigned byte;
+ 
+ 	*_intersection = NULL;
+ 
+-	if (nc1->type != nc2->type) {
++	if (node1->type != node2->type) {
+ 		return GNUTLS_E_SUCCESS;
+ 	}
+-	switch (nc1->type) {
++	switch (node1->type) {
+ 	case GNUTLS_SAN_DNSNAME:
+-		if (!dnsname_matches(&nc2->name, &nc1->name))
++		if (!dnsname_matches(&node2->name, &node1->name))
+ 			return GNUTLS_E_SUCCESS;
+-		to_copy = nc2;
++		to_copy = node2;
+ 		break;
+ 	case GNUTLS_SAN_RFC822NAME:
+-		if (!email_matches(&nc2->name, &nc1->name))
++		if (!email_matches(&node2->name, &node1->name))
+ 			return GNUTLS_E_SUCCESS;
+-		to_copy = nc2;
++		to_copy = node2;
+ 		break;
+ 	case GNUTLS_SAN_IPADDRESS:
+-		if (nc1->name.size != nc2->name.size)
++		if (node1->name.size != node2->name.size)
+ 			return GNUTLS_E_SUCCESS;
+-		iplength = nc1->name.size / 2;
++		iplength = node1->name.size / 2;
+ 		for (byte = 0; byte < iplength; byte++) {
+-			if (((nc1->name.data[byte] ^
+-			      nc2->name.data[byte]) // XOR of addresses
+-			     &
+-			     nc1->name.data[byte + iplength] // AND mask from nc1
+-			     &
+-			     nc2->name.data[byte + iplength]) // AND mask from nc2
++			if (((node1->name.data[byte] ^
++			      node2->name.data[byte]) // XOR of addresses
++			     & node1->name.data[byte +
++						iplength] // AND mask from nc1
++			     & node2->name.data[byte +
++						iplength]) // AND mask from nc2
+ 			    != 0) {
+ 				// CIDRS do not intersect
+ 				return GNUTLS_E_SUCCESS;
+ 			}
+ 		}
+-		to_copy = nc2;
++		to_copy = node2;
+ 		break;
+ 	default:
+ 		// for other types, we don't know how to do the intersection, assume empty
+@@ -856,8 +951,9 @@ name_constraints_intersect_nodes(name_constraints_node_st *nc1,
+ 
+ 	// copy existing node if applicable
+ 	if (to_copy != NULL) {
+-		*_intersection = name_constraints_node_new(
+-			to_copy->type, to_copy->name.data, to_copy->name.size);
++		*_intersection = name_constraints_node_new(nc, to_copy->type,
++							   to_copy->name.data,
++							   to_copy->name.size);
+ 		if (*_intersection == NULL)
+ 			return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ 		intersection = *_intersection;
+@@ -869,12 +965,12 @@ name_constraints_intersect_nodes(name_constraints_node_st *nc1,
+ 			_gnutls_mask_ip(intersection->name.data,
+ 					intersection->name.data + iplength,
+ 					iplength);
+-			_gnutls_mask_ip(nc1->name.data,
+-					nc1->name.data + iplength, iplength);
++			_gnutls_mask_ip(node1->name.data,
++					node1->name.data + iplength, iplength);
+ 			// update intersection, if necessary (we already know one is subset of other)
+ 			for (byte = 0; byte < 2 * iplength; byte++) {
+ 				intersection->name.data[byte] |=
+-					nc1->name.data[byte];
++					node1->name.data[byte];
+ 			}
+ 		}
+ 	}
+@@ -1177,10 +1273,17 @@ gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t nc,
+ 	unsigned idx, t, san_type;
+ 	gnutls_datum_t n;
+ 	unsigned found_one;
++	size_t checks;
+ 
+-	if (is_nc_empty(nc, type) != 0)
++	if (_gnutls_x509_name_constraints_is_empty(nc, type) != 0)
+ 		return 1; /* shortcut; no constraints to check */
+ 
++	if (!INT_ADD_OK(nc->permitted.size, nc->excluded.size, &checks) ||
++	    !INT_MULTIPLY_OK(checks, cert->san->size, &checks) ||
++	    checks > MAX_NC_CHECKS) {
++		return gnutls_assert_val(0);
++	}
++
+ 	if (type == GNUTLS_SAN_RFC822NAME) {
+ 		found_one = 0;
+ 		for (idx = 0;; idx++) {
+@@ -1378,20 +1481,13 @@ int gnutls_x509_name_constraints_get_permitted(gnutls_x509_name_constraints_t nc
+ 					       unsigned idx, unsigned *type,
+ 					       gnutls_datum_t *name)
+ {
+-	unsigned int i;
+-	struct name_constraints_node_st *tmp = nc->permitted;
++	const struct name_constraints_node_st *tmp;
+ 
+-	for (i = 0; i < idx; i++) {
+-		if (tmp == NULL)
+-			return gnutls_assert_val(
+-				GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+-
+-		tmp = tmp->next;
+-	}
+-
+-	if (tmp == NULL)
++	if (idx >= nc->permitted.size)
+ 		return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ 
++	tmp = nc->permitted.data[idx];
++
+ 	*type = tmp->type;
+ 	*name = tmp->name;
+ 
+@@ -1421,20 +1517,13 @@ int gnutls_x509_name_constraints_get_excluded(gnutls_x509_name_constraints_t nc,
+ 					      unsigned idx, unsigned *type,
+ 					      gnutls_datum_t *name)
+ {
+-	unsigned int i;
+-	struct name_constraints_node_st *tmp = nc->excluded;
+-
+-	for (i = 0; i < idx; i++) {
+-		if (tmp == NULL)
+-			return gnutls_assert_val(
+-				GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
++	const struct name_constraints_node_st *tmp;
+ 
+-		tmp = tmp->next;
+-	}
+-
+-	if (tmp == NULL)
++	if (idx >= nc->excluded.size)
+ 		return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ 
++	tmp = nc->excluded.data[idx];
++
+ 	*type = tmp->type;
+ 	*name = tmp->name;
+ 
+diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
+index ad3af14..064ca83 100644
+--- a/lib/x509/x509_ext.c
++++ b/lib/x509/x509_ext.c
+@@ -34,10 +34,6 @@
+ #include "intprops.h"
+ 
+ #define MAX_ENTRIES 64
+-struct gnutls_subject_alt_names_st {
+-	struct name_st *names;
+-	unsigned int size;
+-};
+ 
+ /**
+  * gnutls_subject_alt_names_init:
+@@ -389,22 +385,15 @@ int gnutls_x509_ext_import_name_constraints(const gnutls_datum_t *ext,
+ 	}
+ 
+ 	if (flags & GNUTLS_NAME_CONSTRAINTS_FLAG_APPEND &&
+-	    (nc->permitted != NULL || nc->excluded != NULL)) {
++	    !_gnutls_x509_name_constraints_is_empty(nc, 0)) {
+ 		ret = gnutls_x509_name_constraints_init(&nc2);
+ 		if (ret < 0) {
+ 			gnutls_assert();
+ 			goto cleanup;
+ 		}
+ 
+-		ret = _gnutls_extract_name_constraints(c2, "permittedSubtrees",
+-						       &nc2->permitted);
+-		if (ret < 0) {
+-			gnutls_assert();
+-			goto cleanup;
+-		}
+-
+-		ret = _gnutls_extract_name_constraints(c2, "excludedSubtrees",
+-						       &nc2->excluded);
++		ret = _gnutls_x509_name_constraints_extract(
++			c2, "permittedSubtrees", "excludedSubtrees", nc2);
+ 		if (ret < 0) {
+ 			gnutls_assert();
+ 			goto cleanup;
+@@ -416,18 +405,10 @@ int gnutls_x509_ext_import_name_constraints(const gnutls_datum_t *ext,
+ 			goto cleanup;
+ 		}
+ 	} else {
+-		_gnutls_name_constraints_node_free(nc->permitted);
+-		_gnutls_name_constraints_node_free(nc->excluded);
+-
+-		ret = _gnutls_extract_name_constraints(c2, "permittedSubtrees",
+-						       &nc->permitted);
+-		if (ret < 0) {
+-			gnutls_assert();
+-			goto cleanup;
+-		}
++		_gnutls_x509_name_constraints_clear(nc);
+ 
+-		ret = _gnutls_extract_name_constraints(c2, "excludedSubtrees",
+-						       &nc->excluded);
++		ret = _gnutls_x509_name_constraints_extract(
++			c2, "permittedSubtrees", "excludedSubtrees", nc);
+ 		if (ret < 0) {
+ 			gnutls_assert();
+ 			goto cleanup;
+@@ -463,9 +444,10 @@ int gnutls_x509_ext_export_name_constraints(gnutls_x509_name_constraints_t nc,
+ 	int ret, result;
+ 	uint8_t null = 0;
+ 	asn1_node c2 = NULL;
+-	struct name_constraints_node_st *tmp;
++	unsigned rtype;
++	gnutls_datum_t rname;
+ 
+-	if (nc->permitted == NULL && nc->excluded == NULL)
++	if (_gnutls_x509_name_constraints_is_empty(nc, 0))
+ 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ 
+ 	result = asn1_create_element(_gnutls_get_pkix(),
+@@ -475,11 +457,20 @@ int gnutls_x509_ext_export_name_constraints(gnutls_x509_name_constraints_t nc,
+ 		return _gnutls_asn2err(result);
+ 	}
+ 
+-	if (nc->permitted == NULL) {
++	ret = gnutls_x509_name_constraints_get_permitted(nc, 0, &rtype, &rname);
++	if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ 		(void)asn1_write_value(c2, "permittedSubtrees", NULL, 0);
+ 	} else {
+-		tmp = nc->permitted;
+-		do {
++		for (unsigned i = 0;; i++) {
++			ret = gnutls_x509_name_constraints_get_permitted(
++				nc, i, &rtype, &rname);
++			if (ret < 0) {
++				if (ret ==
++				    GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
++					break;
++				gnutls_assert();
++				goto cleanup;
++			}
+ 			result = asn1_write_value(c2, "permittedSubtrees",
+ 						  "NEW", 1);
+ 			if (result != ASN1_SUCCESS) {
+@@ -506,21 +497,29 @@ int gnutls_x509_ext_export_name_constraints(gnutls_x509_name_constraints_t nc,
+ 			}
+ 
+ 			ret = _gnutls_write_general_name(
+-				c2, "permittedSubtrees.?LAST.base", tmp->type,
+-				tmp->name.data, tmp->name.size);
++				c2, "permittedSubtrees.?LAST.base", rtype,
++				rname.data, rname.size);
+ 			if (ret < 0) {
+ 				gnutls_assert();
+ 				goto cleanup;
+ 			}
+-			tmp = tmp->next;
+-		} while (tmp != NULL);
++		}
+ 	}
+ 
+-	if (nc->excluded == NULL) {
++	ret = gnutls_x509_name_constraints_get_excluded(nc, 0, &rtype, &rname);
++	if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ 		(void)asn1_write_value(c2, "excludedSubtrees", NULL, 0);
+ 	} else {
+-		tmp = nc->excluded;
+-		do {
++		for (unsigned i = 0;; i++) {
++			ret = gnutls_x509_name_constraints_get_excluded(
++				nc, i, &rtype, &rname);
++			if (ret < 0) {
++				if (ret ==
++				    GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
++					break;
++				gnutls_assert();
++				goto cleanup;
++			}
+ 			result = asn1_write_value(c2, "excludedSubtrees", "NEW",
+ 						  1);
+ 			if (result != ASN1_SUCCESS) {
+@@ -546,14 +545,13 @@ int gnutls_x509_ext_export_name_constraints(gnutls_x509_name_constraints_t nc,
+ 			}
+ 
+ 			ret = _gnutls_write_general_name(
+-				c2, "excludedSubtrees.?LAST.base", tmp->type,
+-				tmp->name.data, tmp->name.size);
++				c2, "excludedSubtrees.?LAST.base", rtype,
++				rname.data, rname.size);
+ 			if (ret < 0) {
+ 				gnutls_assert();
+ 				goto cleanup;
+ 			}
+-			tmp = tmp->next;
+-		} while (tmp != NULL);
++		}
+ 	}
+ 
+ 	ret = _gnutls_x509_der_encode(c2, "", ext, 0);
+diff --git a/lib/x509/x509_ext_int.h b/lib/x509/x509_ext_int.h
+index 558d619..b37d749 100644
+--- a/lib/x509/x509_ext_int.h
++++ b/lib/x509/x509_ext_int.h
+@@ -29,6 +29,11 @@ struct name_st {
+ 	gnutls_datum_t othername_oid;
+ };
+ 
++struct gnutls_subject_alt_names_st {
++	struct name_st *names;
++	unsigned int size;
++};
++
+ int _gnutls_alt_name_process(gnutls_datum_t *out, unsigned type,
+ 			     const gnutls_datum_t *san, unsigned raw);
+ 
+diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
+index 204531f..6a8dace 100644
+--- a/lib/x509/x509_int.h
++++ b/lib/x509/x509_int.h
+@@ -480,20 +480,13 @@ int _gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
+ 				      int crl_list_length,
+ 				      gnutls_verify_output_function func);
+ 
+-typedef struct gnutls_name_constraints_st {
+-	struct name_constraints_node_st *permitted;
+-	struct name_constraints_node_st *excluded;
+-} gnutls_name_constraints_st;
+-
+-typedef struct name_constraints_node_st {
+-	unsigned type;
+-	gnutls_datum_t name;
+-	struct name_constraints_node_st *next;
+-} name_constraints_node_st;
+-
+-int _gnutls_extract_name_constraints(asn1_node c2, const char *vstr,
+-				     name_constraints_node_st **_nc);
+-void _gnutls_name_constraints_node_free(name_constraints_node_st *node);
++bool _gnutls_x509_name_constraints_is_empty(gnutls_x509_name_constraints_t nc,
++					    unsigned type);
++int _gnutls_x509_name_constraints_extract(asn1_node c2,
++					  const char *permitted_name,
++					  const char *excluded_name,
++					  gnutls_x509_name_constraints_t nc);
++void _gnutls_x509_name_constraints_clear(gnutls_x509_name_constraints_t nc);
+ int _gnutls_x509_name_constraints_merge(gnutls_x509_name_constraints_t nc,
+ 					gnutls_x509_name_constraints_t nc2);
+ 
+-- 
+2.45.2
+
diff --git a/SPECS/gnutls/gnutls.spec b/SPECS/gnutls/gnutls.spec
index 85cd91153c..9c289f8379 100644
--- a/SPECS/gnutls/gnutls.spec
+++ b/SPECS/gnutls/gnutls.spec
@@ -1,7 +1,7 @@
 Summary:        The GnuTLS Transport Layer Security Library
 Name:           gnutls
 Version:        3.8.3
-Release:        2%{?dist}
+Release:        4%{?dist}
 License:        GPLv3+ AND LGPLv2.1+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -9,9 +9,11 @@ Group:          System Environment/Libraries
 URL:            https://www.gnutls.org
 Source0:        https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz
 # Patch taken from 3.8.4 release
-Patch1:          CVE-2024-28834.patch
+Patch1:         CVE-2024-28834.patch
 # Patch taken from 3.8.4 release
-Patch2:          CVE-2024-28835.patch
+Patch2:         CVE-2024-28835.patch
+Patch3:         CVE-2024-12133.patch
+Patch4:         CVE-2024-12243.patch
 BuildRequires:  autogen-libopts-devel
 BuildRequires:  gc-devel
 BuildRequires:  libtasn1-devel
@@ -93,6 +95,12 @@ sed -i 's/TESTS += test-ciphers-openssl.sh//'  tests/slow/Makefile.am
 %{_mandir}/man3/*
 
 %changelog
+* Tue Mar 11 2025 Sreeniavsulu Malavathula  - 3.8.3-4
+- Patch CVE-2024-12243
+
+* Wed Feb 26 2025 Ankita Pareek  - 3.8.3-3
+- Address CVE-2024-12133 with a patch
+
 * Wed Oct 30 2024 Daniel McIlvaney  - 3.8.3-2
 - Fix CVE-2024-28834 and CVE-2024-28835 with patches from 3.8.4
 
diff --git a/SPECS/golang/golang-1.23.signatures.json b/SPECS/golang/golang-1.23.signatures.json
index 3cb63ad3ea..0c956f6d41 100644
--- a/SPECS/golang/golang-1.23.signatures.json
+++ b/SPECS/golang/golang-1.23.signatures.json
@@ -2,7 +2,7 @@
   "Signatures": {
     "go.20230802.5.src.tar.gz": "56b9e0e0c3c13ca95d5efa6de4e7d49a9d190eca77919beff99d33cd3fa74e95",
     "go.20240206.2.src.tar.gz": "7982e0011aa9ab95fd0530404060410af4ba57326d26818690f334fdcb6451cd",
-    "go1.23.7-20250304.2.src.tar.gz": "dd88200b3af90f6125ceb4055f8fdf2ef78344ed96195231b692942c7ae1413e",
+    "go1.23.9-20250506.5.src.tar.gz": "bb5d23552167ba2920ba8b2484f7c1ae7faa4bda9b02fdf260c8d489fcfdfdd3",
     "go1.4-bootstrap-20171003.tar.gz": "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52"
   }
 }
diff --git a/SPECS/golang/golang-1.23.spec b/SPECS/golang/golang-1.23.spec
index 39d4db0b4a..4ecac48076 100644
--- a/SPECS/golang/golang-1.23.spec
+++ b/SPECS/golang/golang-1.23.spec
@@ -1,6 +1,6 @@
 %global goroot          %{_libdir}/golang
 %global gopath          %{_datadir}/gocode
-%global ms_go_filename  go1.23.7-20250304.2.src.tar.gz
+%global ms_go_filename  go1.23.9-20250506.5.src.tar.gz
 %global ms_go_revision  1
 %ifarch aarch64
 %global gohostarch      arm64
@@ -14,7 +14,7 @@
 %define __find_requires %{nil}
 Summary:        Go
 Name:           golang
-Version:        1.23.7
+Version:        1.23.9
 Release:        1%{?dist}
 License:        BSD-3-Clause
 Vendor:         Microsoft Corporation
@@ -154,6 +154,12 @@ fi
 %{_bindir}/*
 
 %changelog
+* Wed May 07 2025 bot-for-go[bot] <199222863+bot-for-go[bot]@users.noreply.github.com> - 1.23.9-1
+- Bump version to 1.23.9-1
+
+* Tue Apr 01 2025 bot-for-go[bot] <199222863+bot-for-go[bot]@users.noreply.github.com> - 1.23.8-1
+- Bump version to 1.23.8-1
+
 * Wed Mar 05 2025 Microsoft Golang Bot  - 1.23.7-1
 - Bump version to 1.23.7-1
 
diff --git a/SPECS/golang/golang.signatures.json b/SPECS/golang/golang.signatures.json
index 059859240f..00afab8814 100644
--- a/SPECS/golang/golang.signatures.json
+++ b/SPECS/golang/golang.signatures.json
@@ -3,7 +3,7 @@
     "go.20230802.5.src.tar.gz": "56b9e0e0c3c13ca95d5efa6de4e7d49a9d190eca77919beff99d33cd3fa74e95",
     "go.20240206.2.src.tar.gz": "7982e0011aa9ab95fd0530404060410af4ba57326d26818690f334fdcb6451cd",
     "go1.22.12-20250211.4.src.tar.gz": "e1cc3bff8fdf1f24843ffc9f0eaddfd344eb40fd9ca0d9ba2965165be519eeb7",
-    "go1.24.1-20250304.4.src.tar.gz": "d3bba6c5f7ff729121d2104c250fe96e5a6d7c6cb555d4ea038cfe69524417f6",
+    "go1.24.3-20250506.3.src.tar.gz": "8c3b4b0a849e128c1c6d7efd3206f37b7bbfd3df5b019f47cae85bb4f85222f2",
     "go1.4-bootstrap-20171003.tar.gz": "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52"
   }
 }
diff --git a/SPECS/golang/golang.spec b/SPECS/golang/golang.spec
index 8d94a286e6..955bd3ebdb 100644
--- a/SPECS/golang/golang.spec
+++ b/SPECS/golang/golang.spec
@@ -1,6 +1,6 @@
 %global goroot          %{_libdir}/golang
 %global gopath          %{_datadir}/gocode
-%global ms_go_filename  go1.24.1-20250304.4.src.tar.gz
+%global ms_go_filename  go1.24.3-20250506.3.src.tar.gz
 %global ms_go_revision  1
 %ifarch aarch64
 %global gohostarch      arm64
@@ -14,7 +14,7 @@
 %define __find_requires %{nil}
 Summary:        Go
 Name:           golang
-Version:        1.24.1
+Version:        1.24.3
 Release:        1%{?dist}
 License:        BSD-3-Clause
 Vendor:         Microsoft Corporation
@@ -160,6 +160,12 @@ fi
 %{_bindir}/*
 
 %changelog
+* Wed May 07 2025 bot-for-go[bot] <199222863+bot-for-go[bot]@users.noreply.github.com> - 1.24.3-1
+- Bump version to 1.24.3-1
+
+* Tue Apr 01 2025 bot-for-go[bot] <199222863+bot-for-go[bot]@users.noreply.github.com> - 1.24.2-1
+- Bump version to 1.24.2-1
+
 * Wed Mar 05 2025 Microsoft Golang Bot  - 1.24.1-1
 - Bump version to 1.24.1-1
 
diff --git a/SPECS/graphviz/CVE-2023-46045.patch b/SPECS/graphviz/CVE-2023-46045.patch
new file mode 100644
index 0000000000..daf0405ce5
--- /dev/null
+++ b/SPECS/graphviz/CVE-2023-46045.patch
@@ -0,0 +1,30 @@
+From c9096c3c2961179fd7d0a000dbaeb754b5bf0489 Mon Sep 17 00:00:00 2001
+From: Kanishk-Bansal 
+Date: Mon, 21 Apr 2025 12:29:44 +0000
+Subject: [PATCH] Address CVE-2023-46045
+
+Upstream Patch Reference : https://gitlab.com/graphviz/graphviz/-/commit/a95f977f5d809915ec4b14836d2b5b7f5e74881e
+
+Signed-off-by: Kanishk-Bansal 
+---
+ lib/gvc/gvconfig.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c
+index 59c4614..35c1b60 100644
+--- a/lib/gvc/gvconfig.c
++++ b/lib/gvc/gvconfig.c
+@@ -186,6 +186,10 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
+ 	do {
+ 	    api = token(&nest, &s);
+ 	    gv_api = gvplugin_api(api);
++	    if (gv_api == (api_t)-1) {
++		agerr(AGERR, "config error: %s %s not found\n", path, api);
++		return 0;
++	    }
+ 	    do {
+ 		if (nest == 2) {
+ 		    type = token(&nest, &s);
+-- 
+2.45.2
+
diff --git a/SPECS/graphviz/graphviz.spec b/SPECS/graphviz/graphviz.spec
index 0695ca2764..312b19ffa3 100644
--- a/SPECS/graphviz/graphviz.spec
+++ b/SPECS/graphviz/graphviz.spec
@@ -45,7 +45,7 @@
 Summary:        Graph Visualization Tools
 Name:           graphviz
 Version:        2.42.4
-Release:        11%{?dist}
+Release:        12%{?dist}
 License:        EPL-1.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -55,6 +55,7 @@ Source0:        https://gitlab.com/%{name}/%{name}/-/archive/%{version}/%{name}-
 Patch0:         graphviz-2.42.2-dotty-menu-fix.patch
 Patch1:         graphviz-2.42.2-coverity-scan-fixes.patch
 Patch2:         CVE-2020-18032.patch
+Patch3:         CVE-2023-46045.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  bison
@@ -410,6 +411,7 @@ php --no-php-ini \
 
 %files
 %license LICENSE
+%license %{_docdir}/%{name}/COPYING
 %doc %{_docdir}/%{name}
 %{_bindir}/*
 %dir %{_libdir}/graphviz
@@ -421,6 +423,7 @@ php --no-php-ini \
 %exclude %{_docdir}/%{name}/html
 %exclude %{_docdir}/%{name}/pdf
 %exclude %{_docdir}/%{name}/demo
+%exclude %{_docdir}/%{name}/COPYING
 %{_datadir}/graphviz/gvpr
 %ghost %{_libdir}/graphviz/config%{pluginsver}
 
@@ -517,6 +520,9 @@ php --no-php-ini \
 %{_mandir}/man3/*.3tcl*
 
 %changelog
+* Mon Apr 21 2025 Kanishk Bansal  - 2.42.4-12
+- Patch CVE-2023-46045 using an upstream patch
+
 * Wed May 08 2024 Mykhailo Bykhovtsev  - 2.42.4-11
 - Rebuild with ocaml 5.1.1
 
diff --git a/SPECS/grpc/grpc.signatures.json b/SPECS/grpc/grpc.signatures.json
index b65a1de704..dbed7b8786 100644
--- a/SPECS/grpc/grpc.signatures.json
+++ b/SPECS/grpc/grpc.signatures.json
@@ -1,6 +1,6 @@
 {
  "Signatures": {
-  "grpc-1.62.0-submodules.tar.gz": "dba5605f82b99f65f7109644cbd0b92936f29f5308d2565c9cc6cfde27e215d0",
-  "grpc-1.62.0.tar.gz": "f40bde4ce2f31760f65dc49a2f50876f59077026494e67dccf23992548b1b04f"
+  "grpc-1.62.3-submodules.tar.gz": "d9489a2d0512cde3e240f627f726f297f741fb7b99044de43efa8c5353c0a6b4",
+  "grpc-1.62.3.tar.gz": "2b73aa29aaec5b77004e56da303fb6b86e378a4c3513a3651108b190862e7aa6"
  }
 }
diff --git a/SPECS/grpc/grpc.spec b/SPECS/grpc/grpc.spec
index 16a721c60c..4f325638cc 100644
--- a/SPECS/grpc/grpc.spec
+++ b/SPECS/grpc/grpc.spec
@@ -1,7 +1,7 @@
 Summary:        Open source remote procedure call (RPC) framework
 Name:           grpc
-Version:        1.62.0
-Release:        4%{?dist}
+Version:        1.62.3
+Release:        1%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -152,6 +152,9 @@ export GRPC_PYTHON_CFLAGS="%{optflags} -std=c++$CXX_VERSION"
 %{python3_sitearch}/grpcio-%{version}-py%{python3_version}.egg-info
 
 %changelog
+* Tue Mar 25 2025 Jyoti Kanase  - 1.62.3-1
+- Upgrade to 1.62.3 to fix CVE-2024-7246
+
 * Wed Jan 25 2024 Suresh Thelkar  - 1.62.0-4
 - Patch CVE-2024-11407
 
diff --git a/SPECS/grub2/0203-replace-fgrep-with-grep.patch b/SPECS/grub2/0203-replace-fgrep-with-grep.patch
new file mode 100644
index 0000000000..7e0efa417a
--- /dev/null
+++ b/SPECS/grub2/0203-replace-fgrep-with-grep.patch
@@ -0,0 +1,45 @@
+From 8016287e3948765bbcbaee422d77f601faffa5d3 Mon Sep 17 00:00:00 2001
+From: Kavya Sree Kaitepalli 
+Date: Thu, 17 Apr 2025 08:21:32 +0000
+Subject: [PATCH] replace fgrep with grep
+
+---
+ util/grub.d/10_linux.in     | 2 +-
+ util/grub.d/20_linux_xen.in | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
+index e8b01c0..ecdf723 100644
+--- a/util/grub.d/10_linux.in
++++ b/util/grub.d/10_linux.in
+@@ -290,7 +290,7 @@ while [ "x$list" != "x" ] ; do
+                 "single ${GRUB_CMDLINE_LINUX}"
+   fi
+ 
+-  list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '`
++  list=`echo $list | tr ' ' '\n' | grep -F -vx "$linux" | tr '\n' ' '`
+ done
+ 
+ # If at least one kernel was found, then we need to
+diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in
+index 3b1f470..d1483ed 100644
+--- a/util/grub.d/20_linux_xen.in
++++ b/util/grub.d/20_linux_xen.in
+@@ -346,12 +346,12 @@ while [ "x${xen_list}" != "x" ] ; do
+ 		"single ${GRUB_CMDLINE_LINUX}" "${GRUB_CMDLINE_XEN}"
+ 	fi
+ 
+-	list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '`
++	list=`echo $list | tr ' ' '\n' | grep -F -vx "$linux" | tr '\n' ' '`
+     done
+     if [ x"$is_top_level" != xtrue ]; then
+ 	echo '	}'
+     fi
+-    xen_list=`echo $xen_list | tr ' ' '\n' | fgrep -vx "$current_xen" | tr '\n' ' '`
++    xen_list=`echo $xen_list | tr ' ' '\n' | grep -F -vx "$current_xen" | tr '\n' ' '`
+ done
+ 
+ # If at least one kernel was found, then we need to
+-- 
+2.45.3
+
diff --git a/SPECS/grub2/grub2.spec b/SPECS/grub2/grub2.spec
index 684755c7cc..bade2f5843 100644
--- a/SPECS/grub2/grub2.spec
+++ b/SPECS/grub2/grub2.spec
@@ -7,7 +7,7 @@
 Summary:        GRand Unified Bootloader
 Name:           grub2
 Version:        2.06
-Release:        23%{?dist}
+Release:        24%{?dist}
 License:        GPLv3+
 Vendor:         Intel Corporation
 Distribution:   Edge Microvisor Toolkit
@@ -86,6 +86,7 @@ Patch0199:      0199-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch
 Patch0200:      0200-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch
 Patch0201:      0201-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch
 Patch0202:      0202-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch
+Patch0203:      0203-replace-fgrep-with-grep.patch
 # Required to reach SBAT 3
 Patch:          sbat-3-0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
 Patch:          sbat-3-0004-font-Remove-grub_font_dup_glyph.patch
@@ -434,6 +435,10 @@ cp $GRUB_PXE_MODULE_SOURCE $EFI_BOOT_DIR/$GRUB_PXE_MODULE_NAME
 %config(noreplace) %{_sysconfdir}/grub.d/41_custom
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 2.06-24
+- merge from Azure Linux 3.0.20250521-3.0
+- Add patch to replace fgrep with grep -F
+
 * Mon Apr 07 2025 Mun Chun Yep  - 2.06-23
 - Add patch to remove the 2GB limitation in memory map.
 
diff --git a/SPECS/haproxy/CVE-2025-32464.patch b/SPECS/haproxy/CVE-2025-32464.patch
new file mode 100644
index 0000000000..1a50ecdba7
--- /dev/null
+++ b/SPECS/haproxy/CVE-2025-32464.patch
@@ -0,0 +1,26 @@
+From 65e18c2c973e15dc3b85b2f4a11f9be7b191a085 Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Mon, 14 Apr 2025 17:41:16 -0500
+Subject: [PATCH] Address CVE-2025-32464
+Upstream Patch Reference: https://github.com/haproxy/haproxy/commit/3e3b9eebf871510aee36c3a3336faac2f38c9559
+
+---
+ src/sample.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/sample.c b/src/sample.c
+index de76701..a7b6b16 100644
+--- a/src/sample.c
++++ b/src/sample.c
+@@ -3130,7 +3130,7 @@ static int sample_conv_regsub(const struct arg *arg_p, struct sample *smp, void
+ 		output->data = exp_replace(output->area, output->size, start, arg_p[1].data.str.area, pmatch);
+ 
+ 		/* replace the matching part */
+-		max = output->size - output->data;
++		max = trash->size - trash->data;
+ 		if (max) {
+ 			if (max > output->data)
+ 				max = output->data;
+-- 
+2.45.2
+
diff --git a/SPECS/haproxy/haproxy.spec b/SPECS/haproxy/haproxy.spec
index 9c0f0b03b0..f82ce3dfa9 100644
--- a/SPECS/haproxy/haproxy.spec
+++ b/SPECS/haproxy/haproxy.spec
@@ -1,13 +1,14 @@
 Summary:        A fast, reliable HA, load balancing, and proxy solution.
 Name:           haproxy
 Version:        2.9.11
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        GPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          Applications/System
 URL:            https://www.haproxy.org
 Source0:        https://www.haproxy.org/download/2.9/src/%{name}-%{version}.tar.gz
+Patch0:         CVE-2025-32464.patch
 BuildRequires:  lua-devel
 BuildRequires:  openssl-devel
 BuildRequires:  pcre2-devel
@@ -29,7 +30,7 @@ It contains the documentation and manpages for haproxy package.
 Requires:       %{name} = %{version}-%{release}
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 make %{?_smp_mflags} TARGET="linux-glibc" USE_PCRE2=1 USE_OPENSSL=1 \
@@ -59,6 +60,9 @@ install -vDm644 examples/transparent_proxy.cfg  %{buildroot}/%{_sysconfdir}/hapr
 %{_mandir}/*
 
 %changelog
+* Mon Apr 14 2025 Sreeniavsulu Malavathula  - 2.9.11-3
+- Patch CVE-2025-32464
+
 * Thu Jan 23 2025 Kshitiz Godara  - 2.9.11-2
 - Support for Prometheus exporter in HAProxy
 
diff --git a/SPECS/helm/CVE-2025-22872.patch b/SPECS/helm/CVE-2025-22872.patch
new file mode 100644
index 0000000000..c86baa1694
--- /dev/null
+++ b/SPECS/helm/CVE-2025-22872.patch
@@ -0,0 +1,42 @@
+From c87c77a12e5554d376945bd488e56d4fc5b9e5ac Mon Sep 17 00:00:00 2001
+From: archana25-ms 
+Date: Tue, 22 Apr 2025 06:32:35 +0000
+Subject: [PATCH] Address CVE-2025-22872
+Upstream Patch Reference: https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9
+
+---
+ vendor/golang.org/x/net/html/token.go | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go
+index 3c57880..6598c1f 100644
+--- a/vendor/golang.org/x/net/html/token.go
++++ b/vendor/golang.org/x/net/html/token.go
+@@ -839,8 +839,22 @@ func (z *Tokenizer) readStartTag() TokenType {
+ 	if raw {
+ 		z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end]))
+ 	}
+-	// Look for a self-closing token like "
".
+-	if z.err == nil && z.buf[z.raw.end-2] == '/' {
++	// Look for a self-closing token (e.g. 
).
++	//
++	// Originally, we did this by just checking that the last character of the
++	// tag (ignoring the closing bracket) was a solidus (/) character, but this
++	// is not always accurate.
++	//
++	// We need to be careful that we don't misinterpret a non-self-closing tag
++	// as self-closing, as can happen if the tag contains unquoted attribute
++	// values (i.e. 
).
++	//
++	// To avoid this, we check that the last non-bracket character of the tag
++	// (z.raw.end-2) isn't the same character as the last non-quote character of
++	// the last attribute of the tag (z.pendingAttr[1].end-1), if the tag has
++	// attributes.
++	nAttrs := len(z.attr)
++	if z.err == nil && z.buf[z.raw.end-2] == '/' && (nAttrs == 0 || z.raw.end-2 != z.attr[nAttrs-1][1].end-1) {
+ 		return SelfClosingTagToken
+ 	}
+ 	return StartTagToken
+-- 
+2.45.3
+
diff --git a/SPECS/helm/CVE-2025-32386.patch b/SPECS/helm/CVE-2025-32386.patch
new file mode 100644
index 0000000000..16fed86167
--- /dev/null
+++ b/SPECS/helm/CVE-2025-32386.patch
@@ -0,0 +1,88 @@
+From e58d689dcb58dc14838b8d643b2d6b39d54420be Mon Sep 17 00:00:00 2001
+From: archana25-ms 
+Date: Thu, 17 Apr 2025 10:18:29 +0000
+Subject: [PATCH] Address CVE-2025-32386 & CVE-2025-32387
+Upstream Patch Reference: https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7
+---
+ pkg/chart/loader/archive.go   | 32 +++++++++++++++++++++++++++++++-
+ pkg/chart/loader/directory.go |  4 ++++
+ 2 files changed, 35 insertions(+), 1 deletion(-)
+
+diff --git a/pkg/chart/loader/archive.go b/pkg/chart/loader/archive.go
+index 196e5f8..4cb994c 100644
+--- a/pkg/chart/loader/archive.go
++++ b/pkg/chart/loader/archive.go
+@@ -33,6 +33,15 @@ import (
+ 	"helm.sh/helm/v3/pkg/chart"
+ )
+ 
++// MaxDecompressedChartSize is the maximum size of a chart archive that will be
++// decompressed. This is the decompressed size of all the files.
++// The default value is 100 MiB.
++var MaxDecompressedChartSize int64 = 100 * 1024 * 1024 // Default 100 MiB
++
++// MaxDecompressedFileSize is the size of the largest file that Helm will attempt to load.
++// The size of the file is the decompressed version of it when it is stored in an archive.
++var MaxDecompressedFileSize int64 = 5 * 1024 * 1024 // Default 5 MiB
++
+ var drivePathPattern = regexp.MustCompile(`^[a-zA-Z]:/`)
+ 
+ // FileLoader loads a chart from a file
+@@ -119,6 +128,7 @@ func LoadArchiveFiles(in io.Reader) ([]*BufferedFile, error) {
+ 
+ 	files := []*BufferedFile{}
+ 	tr := tar.NewReader(unzipped)
++	remainingSize := MaxDecompressedChartSize
+ 	for {
+ 		b := bytes.NewBuffer(nil)
+ 		hd, err := tr.Next()
+@@ -178,10 +188,30 @@ func LoadArchiveFiles(in io.Reader) ([]*BufferedFile, error) {
+ 			return nil, errors.New("chart yaml not in base directory")
+ 		}
+ 
+-		if _, err := io.Copy(b, tr); err != nil {
++		if hd.Size > remainingSize {
++			return nil, fmt.Errorf("decompressed chart is larger than the maximum size %d", MaxDecompressedChartSize)
++		}
++
++		if hd.Size > MaxDecompressedFileSize {
++			return nil, fmt.Errorf("decompressed chart file %q is larger than the maximum file size %d", hd.Name, MaxDecompressedFileSize)
++		}
++
++		limitedReader := io.LimitReader(tr, remainingSize)
++
++		bytesWritten, err := io.Copy(b, limitedReader)
++		if err != nil {
+ 			return nil, err
+ 		}
+ 
++		remainingSize -= bytesWritten
++		// When the bytesWritten are less than the file size it means the limit reader ended
++		// copying early. Here we report that error. This is important if the last file extracted
++		// is the one that goes over the limit. It assumes the Size stored in the tar header
++		// is correct, something many applications do.
++		if bytesWritten < hd.Size || remainingSize <= 0 {
++			return nil, fmt.Errorf("decompressed chart is larger than the maximum size %d", MaxDecompressedChartSize)
++		}
++
+ 		data := bytes.TrimPrefix(b.Bytes(), utf8bom)
+ 
+ 		files = append(files, &BufferedFile{Name: n, Data: data})
+diff --git a/pkg/chart/loader/directory.go b/pkg/chart/loader/directory.go
+index 9bcbee6..fd8e02e 100644
+--- a/pkg/chart/loader/directory.go
++++ b/pkg/chart/loader/directory.go
+@@ -101,6 +101,10 @@ func LoadDir(dir string) (*chart.Chart, error) {
+ 			return fmt.Errorf("cannot load irregular file %s as it has file mode type bits set", name)
+ 		}
+ 
++		if fi.Size() > MaxDecompressedFileSize {
++			return fmt.Errorf("chart file %q is larger than the maximum file size %d", fi.Name(), MaxDecompressedFileSize)
++		}
++
+ 		data, err := os.ReadFile(name)
+ 		if err != nil {
+ 			return errors.Wrapf(err, "error reading %s", n)
+-- 
+2.45.3
+
diff --git a/SPECS/helm/helm.spec b/SPECS/helm/helm.spec
index 897deb720e..b4773d7910 100644
--- a/SPECS/helm/helm.spec
+++ b/SPECS/helm/helm.spec
@@ -2,7 +2,7 @@
 
 Name:          helm
 Version:       3.15.2
-Release:       3%{?dist}
+Release:       4%{?dist}
 Summary:       The Kubernetes Package Manager
 Group:         Applications/Networking
 License:       Apache 2.0
@@ -25,15 +25,15 @@ Source0:       https://github.com/helm/helm/archive/refs/tags/v%{version}.tar.gz
 #
 Source1:       %{name}-%{version}-vendor.tar.gz
 Patch0:        CVE-2024-45338.patch
+Patch1:        CVE-2025-32386.patch
+Patch2:        CVE-2025-22872.patch
 BuildRequires: golang
 
 %description
 Helm is a tool that streamlines installing and managing Kubernetes applications. Think of it like apt/yum/homebrew for Kubernetes.
 
 %prep
-%autosetup -N
-tar -xf %{SOURCE1} --no-same-owner
-%autopatch -p1
+%autosetup -p1 -a1
 
 %build
 export VERSION=%{version}
@@ -55,6 +55,10 @@ install -m 755 ./helm %{buildroot}%{_bindir}
 go test -v ./cmd/helm
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 3.15.2-4
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-32386 & CVE-2025-22872
+
 * Fri Mar 21 2025 Anuj Mittal  - 3.15.2-3
 - Bump Release to rebuild
 
diff --git a/SPECS/hyperv-daemons/hyperv-daemons.signatures.json b/SPECS/hyperv-daemons/hyperv-daemons.signatures.json
index 08975691d6..7c02940294 100644
--- a/SPECS/hyperv-daemons/hyperv-daemons.signatures.json
+++ b/SPECS/hyperv-daemons/hyperv-daemons.signatures.json
@@ -7,6 +7,6 @@
     "hypervkvpd.service": "c1bb207cf9f388f8f3cf5b649abbf8cfe4c4fcf74538612946e68f350d1f265f",
     "hypervvss.rules": "94cead44245ef6553ab79c0bbac8419e3ff4b241f01bcec66e6f508098cbedd1",
     "hypervvssd.service": "22270d9f0f23af4ea7905f19c1d5d5495e40c1f782cbb87a99f8aec5a011078d",
-    "kernel-6.6.82.1.tar.gz": "66da12e2ca4d65d4a51e23423c60a03fb57910a91684e36643430c616e6d732a"
+    "kernel-6.6.85.1.tar.gz": "4dab471d68ce07dd31e925788c128ff1c7d9a6d2c7e0a073bd8e6701514cfee6"
   }
 }
diff --git a/SPECS/hyperv-daemons/hyperv-daemons.spec b/SPECS/hyperv-daemons/hyperv-daemons.spec
index 72b568569a..ccc8e5ccc2 100644
--- a/SPECS/hyperv-daemons/hyperv-daemons.spec
+++ b/SPECS/hyperv-daemons/hyperv-daemons.spec
@@ -10,7 +10,7 @@
 
 Summary:        Hyper-V daemons suite
 Name:           hyperv-daemons
-Version:        6.6.82.1
+Version:        6.6.85.1
 Release:        1%{?dist}
 License:        GPLv2+
 Vendor:         Microsoft Corporation
@@ -221,6 +221,9 @@ fi
 %{_sbindir}/lsvmbus
 
 %changelog
+* Sat Apr 05 2025 CBL-Mariner Servicing Account  - 6.6.85.1-1
+- Auto-upgrade to 6.6.85.1
+
 * Fri Mar 14 2025 CBL-Mariner Servicing Account  - 6.6.82.1-1
 - Auto-upgrade to 6.6.82.1
 
diff --git a/SPECS/ig/CVE-2025-22872.patch b/SPECS/ig/CVE-2025-22872.patch
new file mode 100644
index 0000000000..6b00732d02
--- /dev/null
+++ b/SPECS/ig/CVE-2025-22872.patch
@@ -0,0 +1,42 @@
+From c0b4926a47050ef2ffd83031e1485c9f5169af23 Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Wed, 30 Apr 2025 17:26:32 -0500
+Subject: [PATCH] Address CVE-2025-22872
+Upstream Patch Reference: https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9
+
+---
+ vendor/golang.org/x/net/html/token.go | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go
+index 3c57880..6598c1f 100644
+--- a/vendor/golang.org/x/net/html/token.go
++++ b/vendor/golang.org/x/net/html/token.go
+@@ -839,8 +839,22 @@ func (z *Tokenizer) readStartTag() TokenType {
+ 	if raw {
+ 		z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end]))
+ 	}
+-	// Look for a self-closing token like "
".
+-	if z.err == nil && z.buf[z.raw.end-2] == '/' {
++	// Look for a self-closing token (e.g. 
).
++	//
++	// Originally, we did this by just checking that the last character of the
++	// tag (ignoring the closing bracket) was a solidus (/) character, but this
++	// is not always accurate.
++	//
++	// We need to be careful that we don't misinterpret a non-self-closing tag
++	// as self-closing, as can happen if the tag contains unquoted attribute
++	// values (i.e. 
).
++	//
++	// To avoid this, we check that the last non-bracket character of the tag
++	// (z.raw.end-2) isn't the same character as the last non-quote character of
++	// the last attribute of the tag (z.pendingAttr[1].end-1), if the tag has
++	// attributes.
++	nAttrs := len(z.attr)
++	if z.err == nil && z.buf[z.raw.end-2] == '/' && (nAttrs == 0 || z.raw.end-2 != z.attr[nAttrs-1][1].end-1) {
+ 		return SelfClosingTagToken
+ 	}
+ 	return StartTagToken
+-- 
+2.45.2
+
diff --git a/SPECS/ig/ig.spec b/SPECS/ig/ig.spec
index aaea113be9..3511625457 100644
--- a/SPECS/ig/ig.spec
+++ b/SPECS/ig/ig.spec
@@ -1,7 +1,7 @@
 Summary:        The eBPF tool and systems inspection framework for Kubernetes, containers and Linux hosts.
 Name:           ig
 Version:        0.37.0
-Release:        3%{?dist}
+Release:        5%{?dist}
 License:        Apache 2.0 and GPL 2.0 for eBPF code
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -11,6 +11,7 @@ Source0:        https://github.com/inspektor-gadget/inspektor-gadget/archive/ref
 Source1:        %{name}-%{version}-govendor-v1.tar.gz
 Patch0:         CVE-2025-27144.patch
 Patch1:         CVE-2025-29786.patch
+Patch2:         CVE-2025-22872.patch
 BuildRequires:  golang >= 1.23
 
 
@@ -67,6 +68,10 @@ fi
 %{_bindir}/ig
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 0.37.0-5
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-22872
+
 * Fri Apr 28 2025 Ranjan Dutta  - 0.37.0-3
 - merge from Azure Linux tag 3.0.20250423-3.0
 - Fix CVE-2025-29786 with an upstream patch
diff --git a/SPECS/influxdb/CVE-2024-51744.patch b/SPECS/influxdb/CVE-2024-51744.patch
new file mode 100644
index 0000000000..5d1369acae
--- /dev/null
+++ b/SPECS/influxdb/CVE-2024-51744.patch
@@ -0,0 +1,162 @@
+From 70f398a64b207c0f9da5c11ac414e32d2097e79e Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Mon, 24 Mar 2025 18:07:18 -0500
+Subject: [PATCH] Addressing CVE-2024-51744
+Upstream Patch Reference: https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c
+
+---
+ .../github.com/form3tech-oss/jwt-go/parser.go | 36 +++++++++++--------
+ vendor/github.com/golang-jwt/jwt/parser.go    | 36 +++++++++++--------
+ 2 files changed, 42 insertions(+), 30 deletions(-)
+
+diff --git a/vendor/github.com/form3tech-oss/jwt-go/parser.go b/vendor/github.com/form3tech-oss/jwt-go/parser.go
+index d6901d9..bfb480c 100644
+--- a/vendor/github.com/form3tech-oss/jwt-go/parser.go
++++ b/vendor/github.com/form3tech-oss/jwt-go/parser.go
+@@ -14,12 +14,21 @@ type Parser struct {
+ }
+ 
+ // Parse, validate, and return a token.
+-// keyFunc will receive the parsed token and should return the key for validating.
+-// If everything is kosher, err will be nil
++// Parse parses, validates, verifies the signature and returns the parsed token. keyFunc will
++// receive the parsed token and should return the key for validating.
+ func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
+ 	return p.ParseWithClaims(tokenString, MapClaims{}, keyFunc)
+ }
+ 
++// ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object
++// implementing the Claims interface. This provides default values which can be overridden and
++// allows a caller to use their own type, rather than the default MapClaims implementation of
++// Claims.
++//
++// Note: If you provide a custom claim implementation that embeds one of the standard claims (such
++// as RegisteredClaims), make sure that a) you either embed a non-pointer version of the claims or
++// b) if you are using a pointer, allocate the proper memory for it before passing in the overall
++// claims, otherwise you might run into a panic.
+ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) {
+ 	token, parts, err := p.ParseUnverified(tokenString, claims)
+ 	if err != nil {
+@@ -56,12 +65,17 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ 		return token, &ValidationError{Inner: err, Errors: ValidationErrorUnverifiable}
+ 	}
+ 
++	// Perform validation
++	token.Signature = parts[2]
++	if err := token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
++		return token, &ValidationError{Inner: err, Errors: ValidationErrorSignatureInvalid}
++	}
++
+ 	vErr := &ValidationError{}
+ 
+ 	// Validate Claims
+ 	if !p.SkipClaimsValidation {
+ 		if err := token.Claims.Valid(); err != nil {
+-
+ 			// If the Claims Valid returned an error, check if it is a validation error,
+ 			// If it was another error type, create a ValidationError with a generic ClaimsInvalid flag set
+ 			if e, ok := err.(*ValidationError); !ok {
+@@ -69,22 +83,14 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ 			} else {
+ 				vErr = e
+ 			}
++			return token, vErr
+ 		}
+ 	}
+ 
+-	// Perform validation
+-	token.Signature = parts[2]
+-	if err = token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
+-		vErr.Inner = err
+-		vErr.Errors |= ValidationErrorSignatureInvalid
+-	}
+-
+-	if vErr.valid() {
+-		token.Valid = true
+-		return token, nil
+-	}
++	// No errors so far, token is valid.
++	token.Valid = true
+ 
+-	return token, vErr
++	return token, nil
+ }
+ 
+ // WARNING: Don't use this method unless you know what you're doing
+diff --git a/vendor/github.com/golang-jwt/jwt/parser.go b/vendor/github.com/golang-jwt/jwt/parser.go
+index d6901d9..bfb480c 100644
+--- a/vendor/github.com/golang-jwt/jwt/parser.go
++++ b/vendor/github.com/golang-jwt/jwt/parser.go
+@@ -14,12 +14,21 @@ type Parser struct {
+ }
+ 
+ // Parse, validate, and return a token.
+-// keyFunc will receive the parsed token and should return the key for validating.
+-// If everything is kosher, err will be nil
++// Parse parses, validates, verifies the signature and returns the parsed token. keyFunc will
++// receive the parsed token and should return the key for validating.
+ func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
+ 	return p.ParseWithClaims(tokenString, MapClaims{}, keyFunc)
+ }
+ 
++// ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object
++// implementing the Claims interface. This provides default values which can be overridden and
++// allows a caller to use their own type, rather than the default MapClaims implementation of
++// Claims.
++//
++// Note: If you provide a custom claim implementation that embeds one of the standard claims (such
++// as RegisteredClaims), make sure that a) you either embed a non-pointer version of the claims or
++// b) if you are using a pointer, allocate the proper memory for it before passing in the overall
++// claims, otherwise you might run into a panic.
+ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) {
+ 	token, parts, err := p.ParseUnverified(tokenString, claims)
+ 	if err != nil {
+@@ -56,12 +65,17 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ 		return token, &ValidationError{Inner: err, Errors: ValidationErrorUnverifiable}
+ 	}
+ 
++	// Perform validation
++	token.Signature = parts[2]
++	if err := token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
++		return token, &ValidationError{Inner: err, Errors: ValidationErrorSignatureInvalid}
++	}
++
+ 	vErr := &ValidationError{}
+ 
+ 	// Validate Claims
+ 	if !p.SkipClaimsValidation {
+ 		if err := token.Claims.Valid(); err != nil {
+-
+ 			// If the Claims Valid returned an error, check if it is a validation error,
+ 			// If it was another error type, create a ValidationError with a generic ClaimsInvalid flag set
+ 			if e, ok := err.(*ValidationError); !ok {
+@@ -69,22 +83,14 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ 			} else {
+ 				vErr = e
+ 			}
++			return token, vErr
+ 		}
+ 	}
+ 
+-	// Perform validation
+-	token.Signature = parts[2]
+-	if err = token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
+-		vErr.Inner = err
+-		vErr.Errors |= ValidationErrorSignatureInvalid
+-	}
+-
+-	if vErr.valid() {
+-		token.Valid = true
+-		return token, nil
+-	}
++	// No errors so far, token is valid.
++	token.Valid = true
+ 
+-	return token, vErr
++	return token, nil
+ }
+ 
+ // WARNING: Don't use this method unless you know what you're doing
+-- 
+2.45.2
+
diff --git a/SPECS/influxdb/CVE-2025-22870.patch b/SPECS/influxdb/CVE-2025-22870.patch
new file mode 100644
index 0000000000..623fef0d16
--- /dev/null
+++ b/SPECS/influxdb/CVE-2025-22870.patch
@@ -0,0 +1,49 @@
+From 9b0870e4d74b720661460e3a7ac9b45945790799 Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Mon, 24 Mar 2025 17:42:42 -0500
+Subject: [PATCH] Addressing CVE-2025-22870
+Upstream Patch Reference: https://github.com/golang/go/commit/25177ecde0922c50753c043579d17828b7ee88e7
+
+
+---
+ vendor/golang.org/x/net/http/httpproxy/proxy.go | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/http/httpproxy/proxy.go b/vendor/golang.org/x/net/http/httpproxy/proxy.go
+index c3bd9a1..864961c 100644
+--- a/vendor/golang.org/x/net/http/httpproxy/proxy.go
++++ b/vendor/golang.org/x/net/http/httpproxy/proxy.go
+@@ -14,6 +14,7 @@ import (
+ 	"errors"
+ 	"fmt"
+ 	"net"
++	"net/netip"
+ 	"net/url"
+ 	"os"
+ 	"strings"
+@@ -180,8 +181,10 @@ func (cfg *config) useProxy(addr string) bool {
+ 	if host == "localhost" {
+ 		return false
+ 	}
+-	ip := net.ParseIP(host)
+-	if ip != nil {
++	nip, err := netip.ParseAddr(host)
++	var ip net.IP
++	if err == nil {
++		ip = net.IP(nip.AsSlice())
+ 		if ip.IsLoopback() {
+ 			return false
+ 		}
+@@ -363,6 +366,9 @@ type domainMatch struct {
+ }
+ 
+ func (m domainMatch) match(host, port string, ip net.IP) bool {
++	if ip != nil {
++		return false
++	}
+ 	if strings.HasSuffix(host, m.host) || (m.matchHost && host == m.host[1:]) {
+ 		return m.port == "" || m.port == port
+ 	}
+-- 
+2.45.2
+
diff --git a/SPECS/influxdb/CVE-2025-22872.patch b/SPECS/influxdb/CVE-2025-22872.patch
new file mode 100644
index 0000000000..7808749581
--- /dev/null
+++ b/SPECS/influxdb/CVE-2025-22872.patch
@@ -0,0 +1,42 @@
+From a3f5350a002664d23967a79ef563d23ef16b85ee Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Fri, 25 Apr 2025 18:18:46 -0500
+Subject: [PATCH] Address CVE-2025-22872
+Upstream Patch Reference: https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9
+
+---
+ vendor/golang.org/x/net/html/token.go | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go
+index de67f93..9bbdf7d 100644
+--- a/vendor/golang.org/x/net/html/token.go
++++ b/vendor/golang.org/x/net/html/token.go
+@@ -839,8 +839,22 @@ func (z *Tokenizer) readStartTag() TokenType {
+ 	if raw {
+ 		z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end]))
+ 	}
+-	// Look for a self-closing token like "
".
+-	if z.err == nil && z.buf[z.raw.end-2] == '/' {
++	// Look for a self-closing token (e.g. 
).
++	//
++	// Originally, we did this by just checking that the last character of the
++	// tag (ignoring the closing bracket) was a solidus (/) character, but this
++	// is not always accurate.
++	//
++	// We need to be careful that we don't misinterpret a non-self-closing tag
++	// as self-closing, as can happen if the tag contains unquoted attribute
++	// values (i.e. 
).
++	//
++	// To avoid this, we check that the last non-bracket character of the tag
++	// (z.raw.end-2) isn't the same character as the last non-quote character of
++	// the last attribute of the tag (z.pendingAttr[1].end-1), if the tag has
++	// attributes.
++	nAttrs := len(z.attr)
++	if z.err == nil && z.buf[z.raw.end-2] == '/' && (nAttrs == 0 || z.raw.end-2 != z.attr[nAttrs-1][1].end-1) {
+ 		return SelfClosingTagToken
+ 	}
+ 	return StartTagToken
+-- 
+2.45.2
+
diff --git a/SPECS/influxdb/influxdb.spec b/SPECS/influxdb/influxdb.spec
index a0cea06496..ca4e8b3728 100644
--- a/SPECS/influxdb/influxdb.spec
+++ b/SPECS/influxdb/influxdb.spec
@@ -18,7 +18,7 @@
 Summary:        Scalable datastore for metrics, events, and real-time analytics
 Name:           influxdb
 Version:        2.7.5
-Release:        3%{?dist}
+Release:        6%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -64,11 +64,14 @@ Patch5:         CVE-2024-45338.patch
 Patch6:         CVE-2024-28180.patch
 Patch7:         CVE-2025-27144.patch
 Patch8:         CVE-2025-22868.patch
+Patch9:         CVE-2025-22870.patch
+Patch10:        CVE-2024-51744.patch
+Patch11:        CVE-2025-22872.patch
 BuildRequires:  clang
 BuildRequires:  golang
 BuildRequires:  kernel-headers
 BuildRequires:  protobuf-devel
-BuildRequires:  rust >= 1.60.0
+BuildRequires:  rust < 1.85.0
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  tzdata
 # IMPORTANT:  when upgrading this, make sure the flux version matches what is required by go.mod file in the soure code of influxdb.
@@ -153,6 +156,12 @@ go test ./...
 %{_tmpfilesdir}/influxdb.conf
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 2.7.5-6
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-22872
+- Pin rust version
+- Patch CVE-2025-22870, CVE-2024-51744
+
 * Fri Mar 21 2025 Anuj Mittal  - 2.7.5-3
 - Bump Release to rebuild
 
diff --git a/SPECS/iniparser/CVE-2023-33461.patch b/SPECS/iniparser/CVE-2023-33461.patch
new file mode 100644
index 0000000000..082cf511e2
--- /dev/null
+++ b/SPECS/iniparser/CVE-2023-33461.patch
@@ -0,0 +1,44 @@
+From 29d59278577f9a4dcf547cedd383d8af6dafca87 Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Wed, 14 May 2025 18:59:49 -0500
+Subject: [PATCH] Address CVE-2023-33461
+Upstream Patch Reference: https://src.fedoraproject.org/rpms/iniparser/blob/f38/f/iniparser-4.1-CVE-2023-33461.patch
+
+---
+ src/iniparser.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/iniparser.c b/src/iniparser.c
+index 62febeb..11ec902 100644
+--- a/src/iniparser.c
++++ b/src/iniparser.c
+@@ -457,7 +457,7 @@ long int iniparser_getlongint(const dictionary * d, const char * key, long int n
+     const char * str ;
+ 
+     str = iniparser_getstring(d, key, INI_INVALID_KEY);
+-    if (str==INI_INVALID_KEY) return notfound ;
++    if (str==NULL || str==INI_INVALID_KEY) return notfound ;
+     return strtol(str, NULL, 0);
+ }
+ 
+@@ -512,7 +512,7 @@ double iniparser_getdouble(const dictionary * d, const char * key, double notfou
+     const char * str ;
+ 
+     str = iniparser_getstring(d, key, INI_INVALID_KEY);
+-    if (str==INI_INVALID_KEY) return notfound ;
++    if (str==NULL || str==INI_INVALID_KEY) return notfound ;
+     return atof(str);
+ }
+ 
+@@ -554,7 +554,7 @@ int iniparser_getboolean(const dictionary * d, const char * key, int notfound)
+     const char * c ;
+ 
+     c = iniparser_getstring(d, key, INI_INVALID_KEY);
+-    if (c==INI_INVALID_KEY) return notfound ;
++    if (c==NULL || c==INI_INVALID_KEY) return notfound ;
+     if (c[0]=='y' || c[0]=='Y' || c[0]=='1' || c[0]=='t' || c[0]=='T') {
+         ret = 1 ;
+     } else if (c[0]=='n' || c[0]=='N' || c[0]=='0' || c[0]=='f' || c[0]=='F') {
+-- 
+2.45.2
+
diff --git a/SPECS/iniparser/iniparser.spec b/SPECS/iniparser/iniparser.spec
index 68429b16aa..0683696878 100644
--- a/SPECS/iniparser/iniparser.spec
+++ b/SPECS/iniparser/iniparser.spec
@@ -5,13 +5,14 @@ Distribution:   Azure Linux
 
 Name:		iniparser
 Version:	4.1
-Release:	8%{?dist}
+Release:	9%{?dist}
 Summary:	C library for parsing "INI-style" files
 
 License:	MIT
 URL:		https://github.com/ndevilla/%{name}
 Source0:	https://github.com/ndevilla/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Patch0:         CVE-2025-0633.patch
+Patch1:         CVE-2023-33461.patch
 
 BuildRequires:	gcc
 
@@ -72,6 +73,9 @@ make check
 %{_includedir}/*.h
 
 %changelog
+* Wed May 14 2025 Sreeniavsulu Malavathula  - 4.1.9
+- Patch CVE-2023-33461
+
 * Tue Feb 25 2025 Mayank Singh  - 4.1.8
 - Fix CVE-2025-0633 with an upstream patch
 
diff --git a/SPECS/kata-containers-cc/kata-containers-cc.signatures.json b/SPECS/kata-containers-cc/kata-containers-cc.signatures.json
index 1db12fc050..65431f2575 100644
--- a/SPECS/kata-containers-cc/kata-containers-cc.signatures.json
+++ b/SPECS/kata-containers-cc/kata-containers-cc.signatures.json
@@ -1,6 +1,6 @@
 {
   "Signatures": {
-    "kata-containers-3.2.0.azl5-cargo.tar.gz": "ff7e783ecf7e5abe0f0ca66eebd24558e73755fe79ba87b0c0b30df81eb3c210",
-    "kata-containers-3.2.0.azl5.tar.gz": "f08b09507b8218e271e39c18ba6c6f4cdacc6b135dd8624f231d4d1823472993"
+    "kata-containers-3.15.0.aks0.tar.gz": "14a1b95ab695935cc9e7ae326af02378010a04e6cb5735211beebab8e4074b40",
+    "kata-containers-3.15.0.aks0-cargo.tar.gz": "613cd7d1730b41699b9af2191c08df2107021cf9aca78ae7d88bf0c93644c0fe"
   }
 }
diff --git a/SPECS/kata-containers-cc/kata-containers-cc.spec b/SPECS/kata-containers-cc/kata-containers-cc.spec
index 5b8e874138..ca7f3c05ff 100644
--- a/SPECS/kata-containers-cc/kata-containers-cc.spec
+++ b/SPECS/kata-containers-cc/kata-containers-cc.spec
@@ -2,8 +2,8 @@
 %define sourceName kata-containers
 
 Name:         kata-containers-cc
-Version:      3.2.0.azl5
-Release:      1%{?dist}
+Version:      3.15.0.aks0
+Release:      2%{?dist}
 Summary:      Kata Confidential Containers package developed for Confidential Containers on AKS
 License:      ASL 2.0
 URL:          https://github.com/microsoft/kata-containers
@@ -17,7 +17,7 @@ ExclusiveArch: x86_64
 BuildRequires:  azurelinux-release
 BuildRequires:  golang
 BuildRequires:  protobuf-compiler
-BuildRequires:  rust
+BuildRequires:  rust >= 1.85.0
 BuildRequires:  libseccomp-devel
 BuildRequires:  openssl-devel
 BuildRequires:  clang
@@ -150,6 +150,11 @@ fi
 %{tools_pkg}/tools/osbuilder/node-builder/azure-linux/agent-install/usr/lib/systemd/system/kata-agent.service
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 3.15.0.aks0-2
+- merge from Azure Linux 3.0.20250521-3.0
+- Auto-upgrade to 3.15.0.aks0
+- Pin rust version
+
 * Fri Apr 28 2025 Ranjan Dutta  - 3.2.0.azl5-1
 - merge from Azure Linux tag 3.0.20250423-3.0
 - Auto-upgrade to 3.2.0.azl5
diff --git a/SPECS/kata-containers/kata-containers.signatures.json b/SPECS/kata-containers/kata-containers.signatures.json
index 1db12fc050..65431f2575 100644
--- a/SPECS/kata-containers/kata-containers.signatures.json
+++ b/SPECS/kata-containers/kata-containers.signatures.json
@@ -1,6 +1,6 @@
 {
   "Signatures": {
-    "kata-containers-3.2.0.azl5-cargo.tar.gz": "ff7e783ecf7e5abe0f0ca66eebd24558e73755fe79ba87b0c0b30df81eb3c210",
-    "kata-containers-3.2.0.azl5.tar.gz": "f08b09507b8218e271e39c18ba6c6f4cdacc6b135dd8624f231d4d1823472993"
+    "kata-containers-3.15.0.aks0.tar.gz": "14a1b95ab695935cc9e7ae326af02378010a04e6cb5735211beebab8e4074b40",
+    "kata-containers-3.15.0.aks0-cargo.tar.gz": "613cd7d1730b41699b9af2191c08df2107021cf9aca78ae7d88bf0c93644c0fe"
   }
 }
diff --git a/SPECS/kata-containers/kata-containers.spec b/SPECS/kata-containers/kata-containers.spec
index bc31fb3af2..c875cb1170 100644
--- a/SPECS/kata-containers/kata-containers.spec
+++ b/SPECS/kata-containers/kata-containers.spec
@@ -1,8 +1,8 @@
 %global debug_package %{nil}
 
 Name:           kata-containers
-Version:        3.2.0.azl5
-Release:        1%{?dist}
+Version:        3.15.0.aks0
+Release:        2%{?dist}
 Summary:        Kata Containers package developed for Pod Sandboxing on AKS
 License:        ASL 2.0
 URL:            https://github.com/microsoft/kata-containers
@@ -16,7 +16,7 @@ ExclusiveArch: x86_64
 BuildRequires:  azurelinux-release
 BuildRequires:  golang
 BuildRequires:  protobuf-compiler
-BuildRequires:  rust
+BuildRequires:  rust >= 1.85.0
 BuildRequires:  libseccomp-devel
 BuildRequires:  openssl-devel
 BuildRequires:  clang
@@ -112,6 +112,11 @@ popd
 %{tools_pkg}/tools/osbuilder/node-builder/azure-linux/agent-install/usr/lib/systemd/system/kata-agent.service
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 3.15.0.aks0-2
+- merge from Azure Linux 3.0.20250521-3.0
+- Auto-upgrade to 3.15.0.aks0
+- Pin rust version
+
 * Fri Apr 28 2025 Ranjan Dutta  - 3.2.0.azl5-1
 - merge from Azure Linux tag 3.0.20250423-3.0
 - Auto-upgrade to 3.2.0.azl5
@@ -122,7 +127,7 @@ popd
 * Wed Jan 22 2025 Saul Paredes  - 3.2.0.azl4-1
 - Upgrade to 3.2.0.azl4 release
 
-* Thu Oct 25 2024 Saul Paredes  - 3.2.0.azl3-2
+* Fri Oct 25 2024 Saul Paredes  - 3.2.0.azl3-2
 - Only build for x86_64
 
 * Fri Sep 20 2024 Manuel Huber  - 3.2.0.azl3-1
diff --git a/SPECS/kata-packages-uvm/kata-packages-uvm.spec b/SPECS/kata-packages-uvm/kata-packages-uvm.spec
index 53d2751f1f..9635dc485c 100644
--- a/SPECS/kata-packages-uvm/kata-packages-uvm.spec
+++ b/SPECS/kata-packages-uvm/kata-packages-uvm.spec
@@ -1,7 +1,7 @@
 Summary:        Metapackage for Kata UVM components
 Name:           kata-packages-uvm
 Version:        1.0.0
-Release:        7%{?dist}
+Release:        8%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -10,38 +10,44 @@ URL:            https://aka.ms/mariner
 
 ExclusiveArch:  x86_64
 
-Requires:       bash
 Requires:       ca-certificates
 Requires:       chrony
-Requires:       cpio
 Requires:       cryptsetup
-Requires:       curl
 Requires:       dbus
 Requires:       elfutils-libelf
 Requires:       filesystem
-Requires:       grep
-Requires:       gzip
 Requires:       iptables
-Requires:       iproute
-Requires:       iputils
 Requires:       irqbalance
-Requires:       lvm2
-Requires:       lz4
-Requires:       procps-ng
-Requires:       readline
-Requires:       sed
 # Note: We currently only support using systemd for our init process, not the kata-agent.
 # When we go to add support for AGENT_INIT=yes, can drop this.
 # https://github.com/microsoft/kata-containers/blob/msft-main/tools/osbuilder/rootfs-builder/cbl-mariner/config.sh#L10
 Requires:       systemd
-Requires:       tar
 Requires:       tzdata
-Requires:       util-linux
 Requires:       zlib
 
 %description
 Metapackage to install the set of packages inside a Kata containers UVM
 
+%package        debug
+Summary:        Metapackage to install the set of packages inside a Kata confidential containers debug UVM.
+Requires:       %{name} = %{version}-%{release}
+Requires:       curl
+Requires:       cpio
+# Provides find
+Requires:       findutils
+Requires:       gzip
+Requires:       iproute
+# Provides ping, tracepath, etc for debugging net
+Requires:       iputils
+Requires:       lz4
+Requires:       sed
+Requires:       tar
+# Provides free, kill, pgrep, ps, etc
+Requires:       procps-ng
+
+%description    debug
+Metapackage to install the set of packages inside a Kata containers UVM, includes extra debug utilities.
+
 %package        coco
 Summary:        Metapackage to install the set of packages inside a Kata confidential containers UVM.
 Requires:       %{name} = %{version}-%{release}
@@ -95,6 +101,8 @@ Requires:       golang
 
 %files
 
+%files debug
+
 %files coco
 
 %files build
@@ -102,6 +110,12 @@ Requires:       golang
 %files coco-sign
 
 %changelog
+* Tue Feb 11 2025 Cameron Baird  - 1.0.0-8
+- Introduce debug metapackage
+- Move curl, cpio, gzip, iputils, lvm2, tar, procps-ng to debug metapackage
+- Remove bash, grep, readline, util-linux from all metapackages (implicit deps of existing requirements)
+- Add findutils to debug metapackage
+
 * Mon Nov 25 2024 Manuel Huber  - 1.0.0-7
 - Add explicit make dependency for UVM build
 - Remove commented package dependencies
diff --git a/SPECS/keda/CVE-2024-51744.patch b/SPECS/keda/CVE-2024-51744.patch
new file mode 100644
index 0000000000..1ada595bb5
--- /dev/null
+++ b/SPECS/keda/CVE-2024-51744.patch
@@ -0,0 +1,168 @@
+From 98fa1373fce24555da98c0fb283d3a80c4c1944f Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Thu, 3 Apr 2025 13:46:25 -0500
+Subject: [PATCH] Address CVE-2024-51744
+Upstream Patch Reference: https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c
+
+---
+ vendor/github.com/golang-jwt/jwt/parser.go    | 36 +++++++++-------
+ vendor/github.com/golang-jwt/jwt/v4/parser.go | 41 +++++++++----------
+ 2 files changed, 41 insertions(+), 36 deletions(-)
+
+diff --git a/vendor/github.com/golang-jwt/jwt/parser.go b/vendor/github.com/golang-jwt/jwt/parser.go
+index d6901d9a..bfb480c9 100644
+--- a/vendor/github.com/golang-jwt/jwt/parser.go
++++ b/vendor/github.com/golang-jwt/jwt/parser.go
+@@ -14,12 +14,21 @@ type Parser struct {
+ }
+ 
+ // Parse, validate, and return a token.
+-// keyFunc will receive the parsed token and should return the key for validating.
+-// If everything is kosher, err will be nil
++// Parse parses, validates, verifies the signature and returns the parsed token. keyFunc will
++// receive the parsed token and should return the key for validating.
+ func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
+ 	return p.ParseWithClaims(tokenString, MapClaims{}, keyFunc)
+ }
+ 
++// ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object
++// implementing the Claims interface. This provides default values which can be overridden and
++// allows a caller to use their own type, rather than the default MapClaims implementation of
++// Claims.
++//
++// Note: If you provide a custom claim implementation that embeds one of the standard claims (such
++// as RegisteredClaims), make sure that a) you either embed a non-pointer version of the claims or
++// b) if you are using a pointer, allocate the proper memory for it before passing in the overall
++// claims, otherwise you might run into a panic.
+ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) {
+ 	token, parts, err := p.ParseUnverified(tokenString, claims)
+ 	if err != nil {
+@@ -56,12 +65,17 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ 		return token, &ValidationError{Inner: err, Errors: ValidationErrorUnverifiable}
+ 	}
+ 
++	// Perform validation
++	token.Signature = parts[2]
++	if err := token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
++		return token, &ValidationError{Inner: err, Errors: ValidationErrorSignatureInvalid}
++	}
++
+ 	vErr := &ValidationError{}
+ 
+ 	// Validate Claims
+ 	if !p.SkipClaimsValidation {
+ 		if err := token.Claims.Valid(); err != nil {
+-
+ 			// If the Claims Valid returned an error, check if it is a validation error,
+ 			// If it was another error type, create a ValidationError with a generic ClaimsInvalid flag set
+ 			if e, ok := err.(*ValidationError); !ok {
+@@ -69,22 +83,14 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ 			} else {
+ 				vErr = e
+ 			}
++			return token, vErr
+ 		}
+ 	}
+ 
+-	// Perform validation
+-	token.Signature = parts[2]
+-	if err = token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
+-		vErr.Inner = err
+-		vErr.Errors |= ValidationErrorSignatureInvalid
+-	}
+-
+-	if vErr.valid() {
+-		token.Valid = true
+-		return token, nil
+-	}
++	// No errors so far, token is valid.
++	token.Valid = true
+ 
+-	return token, vErr
++	return token, nil
+ }
+ 
+ // WARNING: Don't use this method unless you know what you're doing
+diff --git a/vendor/github.com/golang-jwt/jwt/v4/parser.go b/vendor/github.com/golang-jwt/jwt/v4/parser.go
+index 8e7e67c4..0fc510a0 100644
+--- a/vendor/github.com/golang-jwt/jwt/v4/parser.go
++++ b/vendor/github.com/golang-jwt/jwt/v4/parser.go
+@@ -38,19 +38,21 @@ func NewParser(options ...ParserOption) *Parser {
+ 	return p
+ }
+ 
+-// Parse parses, validates, verifies the signature and returns the parsed token.
+-// keyFunc will receive the parsed token and should return the key for validating.
++// Parse parses, validates, verifies the signature and returns the parsed token. keyFunc will
++// receive the parsed token and should return the key for validating.
+ func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
+ 	return p.ParseWithClaims(tokenString, MapClaims{}, keyFunc)
+ }
+ 
+-// ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object implementing the Claims
+-// interface. This provides default values which can be overridden and allows a caller to use their own type, rather
+-// than the default MapClaims implementation of Claims.
++// ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object
++// implementing the Claims interface. This provides default values which can be overridden and
++// allows a caller to use their own type, rather than the default MapClaims implementation of
++// Claims.
+ //
+-// Note: If you provide a custom claim implementation that embeds one of the standard claims (such as RegisteredClaims),
+-// make sure that a) you either embed a non-pointer version of the claims or b) if you are using a pointer, allocate the
+-// proper memory for it before passing in the overall claims, otherwise you might run into a panic.
++// Note: If you provide a custom claim implementation that embeds one of the standard claims (such
++// as RegisteredClaims), make sure that a) you either embed a non-pointer version of the claims or
++// b) if you are using a pointer, allocate the proper memory for it before passing in the overall
++// claims, otherwise you might run into a panic.
+ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) {
+ 	token, parts, err := p.ParseUnverified(tokenString, claims)
+ 	if err != nil {
+@@ -87,12 +89,17 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ 		return token, &ValidationError{Inner: err, Errors: ValidationErrorUnverifiable}
+ 	}
+ 
++	// Perform validation
++	token.Signature = parts[2]
++	if err := token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
++		return token, &ValidationError{Inner: err, Errors: ValidationErrorSignatureInvalid}
++	}
++
+ 	vErr := &ValidationError{}
+ 
+ 	// Validate Claims
+ 	if !p.SkipClaimsValidation {
+ 		if err := token.Claims.Valid(); err != nil {
+-
+ 			// If the Claims Valid returned an error, check if it is a validation error,
+ 			// If it was another error type, create a ValidationError with a generic ClaimsInvalid flag set
+ 			if e, ok := err.(*ValidationError); !ok {
+@@ -100,22 +107,14 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ 			} else {
+ 				vErr = e
+ 			}
++			return token, vErr
+ 		}
+ 	}
+ 
+-	// Perform validation
+-	token.Signature = parts[2]
+-	if err = token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
+-		vErr.Inner = err
+-		vErr.Errors |= ValidationErrorSignatureInvalid
+-	}
+-
+-	if vErr.valid() {
+-		token.Valid = true
+-		return token, nil
+-	}
++	// No errors so far, token is valid.
++	token.Valid = true
+ 
+-	return token, vErr
++	return token, nil
+ }
+ 
+ // ParseUnverified parses the token but doesn't validate the signature.
+-- 
+2.45.2
+
diff --git a/SPECS/keda/CVE-2025-22870.patch b/SPECS/keda/CVE-2025-22870.patch
new file mode 100644
index 0000000000..9cea4c70dc
--- /dev/null
+++ b/SPECS/keda/CVE-2025-22870.patch
@@ -0,0 +1,48 @@
+From d42c66b8fc868546fc04bac6cb451d6402263fec Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Thu, 3 Apr 2025 13:33:51 -0500
+Subject: [PATCH] Address CVE-2025-22870
+Upstream Patch Reference: https://github.com/golang/go/commit/25177ecde0922c50753c043579d17828b7ee88e7
+
+---
+ vendor/golang.org/x/net/http/httpproxy/proxy.go | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/http/httpproxy/proxy.go b/vendor/golang.org/x/net/http/httpproxy/proxy.go
+index 6404aaf1..d89c257a 100644
+--- a/vendor/golang.org/x/net/http/httpproxy/proxy.go
++++ b/vendor/golang.org/x/net/http/httpproxy/proxy.go
+@@ -14,6 +14,7 @@ import (
+ 	"errors"
+ 	"fmt"
+ 	"net"
++	"net/netip"
+ 	"net/url"
+ 	"os"
+ 	"strings"
+@@ -177,8 +178,10 @@ func (cfg *config) useProxy(addr string) bool {
+ 	if host == "localhost" {
+ 		return false
+ 	}
+-	ip := net.ParseIP(host)
+-	if ip != nil {
++	nip, err := netip.ParseAddr(host)
++	var ip net.IP
++	if err == nil {
++		ip = net.IP(nip.AsSlice())
+ 		if ip.IsLoopback() {
+ 			return false
+ 		}
+@@ -360,6 +363,9 @@ type domainMatch struct {
+ }
+ 
+ func (m domainMatch) match(host, port string, ip net.IP) bool {
++	if ip != nil {
++		return false
++	}
+ 	if strings.HasSuffix(host, m.host) || (m.matchHost && host == m.host[1:]) {
+ 		return m.port == "" || m.port == port
+ 	}
+-- 
+2.45.2
+
diff --git a/SPECS/keda/CVE-2025-22872.patch b/SPECS/keda/CVE-2025-22872.patch
new file mode 100644
index 0000000000..e48663a033
--- /dev/null
+++ b/SPECS/keda/CVE-2025-22872.patch
@@ -0,0 +1,42 @@
+From a8476aabe877b168950f4c9a0b68d2e784e621ad Mon Sep 17 00:00:00 2001
+From: Kanishk-Bansal 
+Date: Fri, 25 Apr 2025 08:16:15 +0000
+Subject: [PATCH] Address CVE-2025-22872
+
+Upstream Reference Link : https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9.patch
+---
+ vendor/golang.org/x/net/html/token.go | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go
+index 3c57880..6598c1f 100644
+--- a/vendor/golang.org/x/net/html/token.go
++++ b/vendor/golang.org/x/net/html/token.go
+@@ -839,8 +839,22 @@ func (z *Tokenizer) readStartTag() TokenType {
+ 	if raw {
+ 		z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end]))
+ 	}
+-	// Look for a self-closing token like "
".
+-	if z.err == nil && z.buf[z.raw.end-2] == '/' {
++	// Look for a self-closing token (e.g. 
).
++	//
++	// Originally, we did this by just checking that the last character of the
++	// tag (ignoring the closing bracket) was a solidus (/) character, but this
++	// is not always accurate.
++	//
++	// We need to be careful that we don't misinterpret a non-self-closing tag
++	// as self-closing, as can happen if the tag contains unquoted attribute
++	// values (i.e. 
).
++	//
++	// To avoid this, we check that the last non-bracket character of the tag
++	// (z.raw.end-2) isn't the same character as the last non-quote character of
++	// the last attribute of the tag (z.pendingAttr[1].end-1), if the tag has
++	// attributes.
++	nAttrs := len(z.attr)
++	if z.err == nil && z.buf[z.raw.end-2] == '/' && (nAttrs == 0 || z.raw.end-2 != z.attr[nAttrs-1][1].end-1) {
+ 		return SelfClosingTagToken
+ 	}
+ 	return StartTagToken
+-- 
+2.45.2
+
diff --git a/SPECS/keda/CVE-2025-29923.patch b/SPECS/keda/CVE-2025-29923.patch
index cab811e2a7..7725f36142 100644
--- a/SPECS/keda/CVE-2025-29923.patch
+++ b/SPECS/keda/CVE-2025-29923.patch
@@ -1,42 +1,47 @@
-From ccc8a29fedd586a983efa3852c35175f042e5f7a Mon Sep 17 00:00:00 2001
-From: Kanishk-Bansal 
-Date: Sun, 30 Mar 2025 16:50:18 +0000
-Subject: [PATCH] CVE-2025-29923
+From 0f6b06d4ffc97cc1304b0b861646bd7e16d08bbe Mon Sep 17 00:00:00 2001
+From: Sudipta Pandit 
+Date: Thu, 17 Apr 2025 16:54:13 +0530
+Subject: [PATCH] Fix CVE-2025-29923 in vendor redis-go
 
-Upstream Patch Reference : https://github.com/redis/go-redis/commit/d236865b0cfa1b752ea4b7da666b1fdcd0acebb6
+Fix wrong patch: https://github.com/microsoft/azurelinux/pull/13201
 ---
- .../github.com/redis/go-redis/v9/options.go   | 11 +++++++-
+ .../github.com/redis/go-redis/v9/options.go   | 14 +++++++++-
  .../redis/go-redis/v9/osscluster.go           | 18 ++++++++++--
  vendor/github.com/redis/go-redis/v9/redis.go  |  8 ++++--
  vendor/github.com/redis/go-redis/v9/ring.go   | 19 +++++++++++--
  .../github.com/redis/go-redis/v9/sentinel.go  | 28 ++++++++++++++++---
  .../github.com/redis/go-redis/v9/universal.go | 24 +++++++++++++---
- 6 files changed, 92 insertions(+), 16 deletions(-)
+ 6 files changed, 95 insertions(+), 16 deletions(-)
 
 diff --git a/vendor/github.com/redis/go-redis/v9/options.go b/vendor/github.com/redis/go-redis/v9/options.go
-index dff52ae8..3e889aed 100644
+index dff52ae8..567ed0ef 100644
 --- a/vendor/github.com/redis/go-redis/v9/options.go
 +++ b/vendor/github.com/redis/go-redis/v9/options.go
-@@ -142,9 +142,18 @@ type Options struct {
+@@ -142,11 +142,23 @@ type Options struct {
  	// Enables read only queries on slave/follower nodes.
  	readOnly bool
  
 -	// Disable set-lib on connect. Default is false.
 +	// DisableIndentity - Disable set-lib on connect.
-+ 	//
-+ 	// default: false
-+ 	//
-+ 	// Deprecated: Use DisableIdentity instead.
++	//
++	// default: false
++	//
++	// Deprecated: Use DisableIdentity instead.
  	DisableIndentity bool
  
 +	// DisableIdentity is used to disable CLIENT SETINFO command on connect.
-+ 	//
-+ 	// default: false
-+ 	DisableIdentity bool
++	//
++	// default: false
++	DisableIdentity bool
 +
  	// Add suffix to client name. Default is empty.
  	IdentitySuffix string
++
++	// UnstableResp3 enables Unstable mode for Redis Search module with RESP3.
++	UnstableResp3 bool
  }
+ 
+ func (opt *Options) init() {
 diff --git a/vendor/github.com/redis/go-redis/v9/osscluster.go b/vendor/github.com/redis/go-redis/v9/osscluster.go
 index 17f98d9d..c67244c8 100644
 --- a/vendor/github.com/redis/go-redis/v9/osscluster.go
@@ -264,5 +269,5 @@ index 275bef3d..1ec64269 100644
  		IdentitySuffix:   o.IdentitySuffix,
  	}
 -- 
-2.45.2
+2.34.1
 
diff --git a/SPECS/keda/keda.spec b/SPECS/keda/keda.spec
index 6748556486..32f08ac729 100644
--- a/SPECS/keda/keda.spec
+++ b/SPECS/keda/keda.spec
@@ -1,7 +1,7 @@
 Summary:        Kubernetes-based Event Driven Autoscaling
 Name:           keda
 Version:        2.14.1
-Release:        5%{?dist}
+Release:        8%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -29,6 +29,9 @@ Patch3:         CVE-2025-22868.patch
 Patch4:         CVE-2025-29786.patch
 Patch5:         CVE-2025-30204.patch
 Patch6:         CVE-2025-29923.patch
+Patch7:         CVE-2025-22870.patch
+Patch8:         CVE-2024-51744.patch
+Patch9:         CVE-2025-22872.patch
 BuildRequires:  golang >= 1.15
 
 %description
@@ -36,11 +39,9 @@ KEDA is a Kubernetes-based Event Driven Autoscaling component.
 It provides event driven scale for any container running in Kubernetes 
 
 %prep
-%autosetup -p1 -a 1
+%autosetup -p1 -a1
 
 %build
-# create vendor folder from the vendor tarball and set vendor mode
-tar -xf %{SOURCE1} --no-same-owner
 export LDFLAGS="-X=github.com/kedacore/keda/v2/version.GitCommit= -X=github.com/kedacore/keda/v2/version.Version=main"
 
 go build -ldflags "$LDFLAGS" -mod=vendor -v -o bin/keda cmd/operator/main.go
@@ -66,6 +67,14 @@ cp ./bin/keda-admission-webhooks %{buildroot}%{_bindir}
 %{_bindir}/%{name}-admission-webhooks
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 2.14.1-8
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-22872
+- Fixes an incorrect patch introduced with the patch for CVE-2025-29923
+- Fixes patches being overridden during the build step
+- Fixes CVE-2025-22870 and CVE-2024-51744
+
+
 * Fri Apr 28 2025 Ranjan Dutta  - 2.14.1-5
 - merge from Azure Linux tag 3.0.20250423-3.0
 - Patch CVE-2025-30204, CVE-2025-29923
diff --git a/SPECS/kernel-64k/0002-Increase-EFI_MMAP_NR_SLACK_SLOTS-for-GB200.patch b/SPECS/kernel-64k/0002-Increase-EFI_MMAP_NR_SLACK_SLOTS-for-GB200.patch
deleted file mode 100644
index f1bb1e665f..0000000000
--- a/SPECS/kernel-64k/0002-Increase-EFI_MMAP_NR_SLACK_SLOTS-for-GB200.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 7953c2fc06bef46f09c689d972514148f6e21a7f Mon Sep 17 00:00:00 2001
-From: Allen Pais 
-Date: Fri, 22 Nov 2024 23:40:51 +0000
-Subject: [PATCH] Increase EFI_MMAP_NR_SLACK_SLOTS for GB200
-
-Increasing EFI_MMAP_NR_SLACK_SLOTS to 32
-to provide space for more memory map modifications.
-
-Signed-off-by: Jacob Pan 
-Signed-off-by: Allen Pais 
----
- drivers/firmware/efi/libstub/efistub.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h
-index fc18fd649ed7..5ecb9d3f3e9f 100644
---- a/drivers/firmware/efi/libstub/efistub.h
-+++ b/drivers/firmware/efi/libstub/efistub.h
-@@ -171,7 +171,7 @@ void efi_set_u64_split(u64 data, u32 *lo, u32 *hi)
-  * the EFI memory map. Other related structures, e.g. x86 e820ext, need
-  * to factor in this headroom requirement as well.
-  */
--#define EFI_MMAP_NR_SLACK_SLOTS	8
-+#define EFI_MMAP_NR_SLACK_SLOTS	32
- 
- typedef struct efi_generic_dev_path efi_device_path_protocol_t;
- 
--- 
-2.46.0
-
diff --git a/SPECS/kernel-64k/0002-efi-Added-efi-cmdline-line-option-to-dynamically-adj.patch b/SPECS/kernel-64k/0002-efi-Added-efi-cmdline-line-option-to-dynamically-adj.patch
new file mode 100644
index 0000000000..142518da1b
--- /dev/null
+++ b/SPECS/kernel-64k/0002-efi-Added-efi-cmdline-line-option-to-dynamically-adj.patch
@@ -0,0 +1,76 @@
+From e6f9d139d200404b2f8ffd19b161425ec43be0fd Mon Sep 17 00:00:00 2001
+From: Siddharth Chintamaneni 
+Date: Mon, 12 May 2025 18:36:58 +0000
+Subject: [PATCH] efi: Added efi cmdline line option to dynamically adjust
+ slack slots
+
+GB200 and GB200F suffered from less slack slots. While changing the
+slack slots to 32 resolved the issue for GB200, it failed to boot
+on GB200F. By experimentation we found that boot issue is resolved
+for GB200F by increasing the slack slots to 256. To prevent this
+sort of problem, we are providing a dynamic interface to grub cmdline
+to adjust the slack slots as required.
+
+Signed-off-by: Siddharth Chintamaneni 
+---
+ drivers/firmware/efi/libstub/efi-stub-helper.c | 9 +++++++++
+ drivers/firmware/efi/libstub/efistub.h         | 2 ++
+ drivers/firmware/efi/libstub/mem.c             | 2 +-
+ 3 files changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c
+index 3dc2f9aaf08db..ae6fc8f6d544b 100644
+--- a/drivers/firmware/efi/libstub/efi-stub-helper.c
++++ b/drivers/firmware/efi/libstub/efi-stub-helper.c
+@@ -23,6 +23,7 @@ bool efi_novamap;
+ static bool efi_noinitrd;
+ static bool efi_nosoftreserve;
+ static bool efi_disable_pci_dma = IS_ENABLED(CONFIG_EFI_DISABLE_PCI_DMA);
++unsigned long efi_mmap_nr_slack_slots = EFI_MMAP_NR_SLACK_SLOTS;
+ 
+ int efi_mem_encrypt;
+ 
+@@ -75,6 +76,14 @@ efi_status_t efi_parse_options(char const *cmdline)
+ 			efi_loglevel = CONSOLE_LOGLEVEL_QUIET;
+ 		} else if (!strcmp(param, "noinitrd")) {
+ 			efi_noinitrd = true;
++		} else if (!strcmp(param, "efi_mmap_nr_slack_slots")) {
++				char *end;
++				unsigned long n = simple_strtol(val, &end, 10);
++				efi_info("Provided value of efi_slack_slots %ld.\n", n);
++				if (*end == '\0' && n > 32 && n <= 512 && powerof2(n)) {
++					efi_info("Updated the efi_slack_slots to %ld.\n", n);
++					efi_mmap_nr_slack_slots = n;
++				}
+ 		} else if (IS_ENABLED(CONFIG_X86_64) && !strcmp(param, "no5lvl")) {
+ 			efi_no5lvl = true;
+ 		} else if (IS_ENABLED(CONFIG_ARCH_HAS_MEM_ENCRYPT) &&
+diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h
+index fc18fd649ed77..2b3f7f720b773 100644
+--- a/drivers/firmware/efi/libstub/efistub.h
++++ b/drivers/firmware/efi/libstub/efistub.h
+@@ -43,6 +43,8 @@ extern const efi_system_table_t *efi_system_table;
+ 
+ typedef union efi_dxe_services_table efi_dxe_services_table_t;
+ extern const efi_dxe_services_table_t *efi_dxe_table;
++extern unsigned long efi_mmap_nr_slack_slots;
++#define powerof2(x) ((((x)-1)&(x))==0)
+ 
+ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,
+ 				   efi_system_table_t *sys_table_arg);
+diff --git a/drivers/firmware/efi/libstub/mem.c b/drivers/firmware/efi/libstub/mem.c
+index 4f1fa302234d8..d6248cf0ee02f 100644
+--- a/drivers/firmware/efi/libstub/mem.c
++++ b/drivers/firmware/efi/libstub/mem.c
+@@ -33,7 +33,7 @@ efi_status_t efi_get_memory_map(struct efi_boot_memmap **map,
+ 	if (status != EFI_BUFFER_TOO_SMALL)
+ 		return EFI_LOAD_ERROR;
+ 
+-	size = tmp.map_size + tmp.desc_size * EFI_MMAP_NR_SLACK_SLOTS;
++	size = tmp.map_size + tmp.desc_size * efi_mmap_nr_slack_slots;
+ 	status = efi_bs_call(allocate_pool, memtype, sizeof(*m) + size,
+ 			     (void **)&m);
+ 	if (status != EFI_SUCCESS)
+-- 
+2.43.0
+
diff --git a/SPECS/kernel-64k/Revert-serial-8250-Adjust-the-timeout-for-FIFO-mode.patch b/SPECS/kernel-64k/Revert-serial-8250-Adjust-the-timeout-for-FIFO-mode.patch
deleted file mode 100644
index d639f24041..0000000000
--- a/SPECS/kernel-64k/Revert-serial-8250-Adjust-the-timeout-for-FIFO-mode.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From cc88cf0846636a553eb132604da8dcc318593118 Mon Sep 17 00:00:00 2001
-From: Chris Co 
-Date: Sun, 9 Mar 2025 23:37:53 -0700
-Subject: [PATCH] Revert "serial: 8250: Adjust the timeout for FIFO mode"
-
-This reverts commit fe616b82bc46982f60c2f95fe0f3023d7de6598b.
----
- drivers/tty/serial/8250/8250_port.c | 32 ++++++-----------------------
- 1 file changed, 6 insertions(+), 26 deletions(-)
-
-diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c
-index 2b1b2928ef7b..a17803da83f8 100644
---- a/drivers/tty/serial/8250/8250_port.c
-+++ b/drivers/tty/serial/8250/8250_port.c
-@@ -2074,8 +2074,7 @@ static void serial8250_break_ctl(struct uart_port *port, int break_state)
- 	serial8250_rpm_put(up);
- }
- 
--/* Returns true if @bits were set, false on timeout */
--static bool wait_for_lsr(struct uart_8250_port *up, int bits)
-+static void wait_for_lsr(struct uart_8250_port *up, int bits)
- {
- 	unsigned int status, tmout = 10000;
- 
-@@ -2090,11 +2089,11 @@ static bool wait_for_lsr(struct uart_8250_port *up, int bits)
- 		udelay(1);
- 		touch_nmi_watchdog();
- 	}
--
--	return (tmout != 0);
- }
- 
--/* Wait for transmitter and holding register to empty with timeout */
-+/*
-+ *	Wait for transmitter & holding register to empty
-+ */
- static void wait_for_xmitr(struct uart_8250_port *up, int bits)
- {
- 	unsigned int tmout;
-@@ -3351,16 +3350,6 @@ static void serial8250_console_restore(struct uart_8250_port *up)
- 	serial8250_out_MCR(up, up->mcr | UART_MCR_DTR | UART_MCR_RTS);
- }
- 
--static void fifo_wait_for_lsr(struct uart_8250_port *up, unsigned int count)
--{
--	unsigned int i;
--
--	for (i = 0; i < count; i++) {
--		if (wait_for_lsr(up, UART_LSR_THRE))
--			return;
--	}
--}
--
- /*
-  * Print a string to the serial port using the device FIFO
-  *
-@@ -3370,15 +3359,13 @@ static void fifo_wait_for_lsr(struct uart_8250_port *up, unsigned int count)
- static void serial8250_console_fifo_write(struct uart_8250_port *up,
- 					  const char *s, unsigned int count)
- {
-+	int i;
- 	const char *end = s + count;
- 	unsigned int fifosize = up->tx_loadsz;
--	unsigned int tx_count = 0;
- 	bool cr_sent = false;
--	unsigned int i;
- 
- 	while (s != end) {
--		/* Allow timeout for each byte of a possibly full FIFO */
--		fifo_wait_for_lsr(up, fifosize);
-+		wait_for_lsr(up, UART_LSR_THRE);
- 
- 		for (i = 0; i < fifosize && s != end; ++i) {
- 			if (*s == '\n' && !cr_sent) {
-@@ -3389,14 +3376,7 @@ static void serial8250_console_fifo_write(struct uart_8250_port *up,
- 				cr_sent = false;
- 			}
- 		}
--		tx_count = i;
- 	}
--
--	/*
--	 * Allow timeout for each byte written since the caller will only wait
--	 * for UART_LSR_BOTH_EMPTY using the timeout of a single character
--	 */
--	fifo_wait_for_lsr(up, tx_count);
- }
- 
- /*
--- 
-2.45.2
-
diff --git a/SPECS/kernel-64k/config_aarch64 b/SPECS/kernel-64k/config_aarch64
index 964517ebd9..d14eddbd62 100644
--- a/SPECS/kernel-64k/config_aarch64
+++ b/SPECS/kernel-64k/config_aarch64
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm64 6.6.82.1 Kernel Configuration
+# Linux/arm64 6.6.85.1 Kernel Configuration
 #
 CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0"
 CONFIG_CC_IS_GCC=y
@@ -645,6 +645,8 @@ CONFIG_ARM_RASPBERRYPI_CPUFREQ=m
 CONFIG_ARM_SCMI_CPUFREQ=m
 CONFIG_ARM_TEGRA20_CPUFREQ=y
 CONFIG_ARM_TEGRA124_CPUFREQ=y
+# CONFIG_ARM_TEGRA186_CPUFREQ is not set
+CONFIG_ARM_TEGRA194_CPUFREQ=y
 CONFIG_ARM_TI_CPUFREQ=y
 CONFIG_QORIQ_CPUFREQ=m
 # end of CPU Frequency scaling
@@ -1131,7 +1133,8 @@ CONFIG_ZONE_DMA=y
 CONFIG_ZONE_DMA32=y
 CONFIG_ZONE_DEVICE=y
 CONFIG_HMM_MIRROR=y
-# CONFIG_DEVICE_PRIVATE is not set
+CONFIG_GET_FREE_REGION=y
+CONFIG_DEVICE_PRIVATE=y
 CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y
 CONFIG_ARCH_USES_PG_ARCH_X=y
 CONFIG_VM_EVENT_COUNTERS=y
@@ -2070,7 +2073,7 @@ CONFIG_PCIEASPM_DEFAULT=y
 CONFIG_PCIE_PME=y
 CONFIG_PCIE_DPC=y
 CONFIG_PCIE_PTM=y
-# CONFIG_PCIE_EDR is not set
+CONFIG_PCIE_EDR=y
 CONFIG_PCI_MSI=y
 CONFIG_PCI_QUIRKS=y
 # CONFIG_PCI_DEBUG is not set
@@ -2158,6 +2161,8 @@ CONFIG_PCI_HISI=y
 CONFIG_PCIE_KIRIN=y
 CONFIG_PCIE_HISI_STB=y
 CONFIG_PCIE_ARMADA_8K=y
+# CONFIG_PCIE_TEGRA194_HOST is not set
+# CONFIG_PCIE_TEGRA194_EP is not set
 CONFIG_PCIE_DW_PLAT=y
 CONFIG_PCIE_DW_PLAT_HOST=y
 CONFIG_PCIE_DW_PLAT_EP=y
@@ -2334,7 +2339,7 @@ CONFIG_ARM_SCPI_POWER_DOMAIN=m
 CONFIG_ARM_SDE_INTERFACE=y
 CONFIG_FIRMWARE_MEMMAP=y
 CONFIG_DMIID=y
-CONFIG_DMI_SYSFS=m
+CONFIG_DMI_SYSFS=y
 CONFIG_ISCSI_IBFT=m
 CONFIG_RASPBERRYPI_FIRMWARE=y
 CONFIG_FW_CFG_SYSFS=m
@@ -2387,6 +2392,7 @@ CONFIG_ARM_SMCCC_SOC_ID=y
 # Tegra firmware driver
 #
 CONFIG_TEGRA_IVC=y
+CONFIG_TEGRA_BPMP=y
 # end of Tegra firmware driver
 
 #
@@ -2403,7 +2409,7 @@ CONFIG_GNSS_MTK_SERIAL=m
 CONFIG_GNSS_SIRF_SERIAL=m
 CONFIG_GNSS_UBX_SERIAL=m
 # CONFIG_GNSS_USB is not set
-CONFIG_MTD=m
+CONFIG_MTD=y
 # CONFIG_MTD_TESTS is not set
 
 #
@@ -2509,7 +2515,7 @@ CONFIG_MTD_BLOCK2MTD=m
 #
 # NAND
 #
-CONFIG_MTD_NAND_CORE=m
+CONFIG_MTD_NAND_CORE=y
 CONFIG_MTD_ONENAND=m
 CONFIG_MTD_ONENAND_VERIFY_WRITE=y
 CONFIG_MTD_ONENAND_GENERIC=m
@@ -2579,7 +2585,7 @@ CONFIG_MTD_LPDDR=m
 CONFIG_MTD_QINFO_PROBE=m
 # end of LPDDR & LPDDR2 PCM memory drivers
 
-CONFIG_MTD_SPI_NOR=m
+CONFIG_MTD_SPI_NOR=y
 CONFIG_MTD_SPI_NOR_USE_4K_SECTORS=y
 # CONFIG_MTD_SPI_NOR_SWP_DISABLE is not set
 CONFIG_MTD_SPI_NOR_SWP_DISABLE_ON_VOLATILE=y
@@ -4381,6 +4387,7 @@ CONFIG_SERIAL_AMBA_PL011_CONSOLE=y
 CONFIG_SERIAL_EARLYCON_SEMIHOST=y
 CONFIG_SERIAL_MESON=y
 CONFIG_SERIAL_MESON_CONSOLE=y
+# CONFIG_SERIAL_TEGRA_TCU is not set
 CONFIG_SERIAL_MAX3100=m
 CONFIG_SERIAL_MAX310X=y
 CONFIG_SERIAL_IMX=y
@@ -4483,7 +4490,7 @@ CONFIG_TCG_TPM=y
 CONFIG_HW_RANDOM_TPM=y
 CONFIG_TCG_TIS_CORE=y
 CONFIG_TCG_TIS=y
-CONFIG_TCG_TIS_SPI=m
+CONFIG_TCG_TIS_SPI=y
 # CONFIG_TCG_TIS_SPI_CR50 is not set
 # CONFIG_TCG_TIS_I2C is not set
 # CONFIG_TCG_TIS_SYNQUACER is not set
@@ -4607,6 +4614,7 @@ CONFIG_I2C_SIMTEC=m
 CONFIG_I2C_SPRD=y
 CONFIG_I2C_SYNQUACER=m
 CONFIG_I2C_TEGRA=m
+CONFIG_I2C_TEGRA_BPMP=y
 CONFIG_I2C_VERSATILE=m
 CONFIG_I2C_THUNDERX=m
 CONFIG_I2C_XILINX=m
@@ -4948,6 +4956,7 @@ CONFIG_PINCTRL_SUN50I_H616_R=y
 CONFIG_PINCTRL_TEGRA=y
 CONFIG_PINCTRL_TEGRA124=y
 CONFIG_PINCTRL_TEGRA210=y
+CONFIG_PINCTRL_TEGRA194=y
 CONFIG_PINCTRL_TEGRA_XUSB=y
 CONFIG_GPIOLIB=y
 CONFIG_GPIOLIB_FASTPATH_LIMIT=512
@@ -4996,6 +5005,7 @@ CONFIG_GPIO_ROCKCHIP=y
 CONFIG_GPIO_SPRD=m
 CONFIG_GPIO_SYSCON=m
 CONFIG_GPIO_TEGRA=y
+CONFIG_GPIO_TEGRA186=y
 CONFIG_GPIO_THUNDERX=m
 CONFIG_GPIO_VF610=y
 CONFIG_GPIO_XGENE=y
@@ -5399,7 +5409,7 @@ CONFIG_SENSORS_INA2XX=m
 #
 # ACPI drivers
 #
-# CONFIG_SENSORS_ACPI_POWER is not set
+CONFIG_SENSORS_ACPI_POWER=m
 CONFIG_THERMAL=y
 # CONFIG_THERMAL_NETLINK is not set
 # CONFIG_THERMAL_STATISTICS is not set
@@ -5455,6 +5465,7 @@ CONFIG_BCM_SR_THERMAL=y
 # NVIDIA Tegra thermal drivers
 #
 # CONFIG_TEGRA_SOCTHERM is not set
+# CONFIG_TEGRA_BPMP_THERMAL is not set
 # end of NVIDIA Tegra thermal drivers
 
 # CONFIG_GENERIC_ADC_THERMAL is not set
@@ -6584,6 +6595,7 @@ CONFIG_DRM_AMD_DC_FP=y
 # end of Display Engine Configuration
 
 CONFIG_HSA_AMD=y
+CONFIG_HSA_AMD_SVM=y
 CONFIG_DRM_NOUVEAU=m
 CONFIG_NOUVEAU_PLATFORM_DRIVER=y
 CONFIG_NOUVEAU_DEBUG=5
@@ -6591,6 +6603,7 @@ CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 # CONFIG_NOUVEAU_DEBUG_MMU is not set
 # CONFIG_NOUVEAU_DEBUG_PUSH is not set
 CONFIG_DRM_NOUVEAU_BACKLIGHT=y
+# CONFIG_DRM_NOUVEAU_SVM is not set
 CONFIG_DRM_VGEM=m
 CONFIG_DRM_VKMS=m
 # CONFIG_DRM_VMWGFX is not set
@@ -7642,7 +7655,7 @@ CONFIG_USB_C67X00_HCD=m
 CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DBGCAP=y
 CONFIG_USB_XHCI_PCI=y
-# CONFIG_USB_XHCI_PCI_RENESAS is not set
+CONFIG_USB_XHCI_PCI_RENESAS=y
 CONFIG_USB_XHCI_PLATFORM=m
 CONFIG_USB_XHCI_HISTB=m
 CONFIG_USB_XHCI_MTK=m
@@ -8408,8 +8421,10 @@ CONFIG_UDMABUF=y
 # CONFIG_DMABUF_MOVE_NOTIFY is not set
 # CONFIG_DMABUF_DEBUG is not set
 # CONFIG_DMABUF_SELFTESTS is not set
-# CONFIG_DMABUF_HEAPS is not set
+CONFIG_DMABUF_HEAPS=y
 # CONFIG_DMABUF_SYSFS_STATS is not set
+CONFIG_DMABUF_HEAPS_SYSTEM=y
+# CONFIG_DMABUF_HEAPS_CMA is not set
 # end of DMABUF options
 
 CONFIG_UIO=m
@@ -8852,6 +8867,7 @@ CONFIG_SUN6I_RTC_CCU=y
 # CONFIG_SUN8I_H3_CCU is not set
 # CONFIG_SUN8I_DE2_CCU is not set
 # CONFIG_SUN8I_R_CCU is not set
+CONFIG_CLK_TEGRA_BPMP=y
 CONFIG_TEGRA_CLK_DFLL=y
 CONFIG_XILINX_VCU=m
 # CONFIG_COMMON_CLK_XLNX_CLKWZRD is not set
@@ -8910,7 +8926,7 @@ CONFIG_TI_MESSAGE_MANAGER=y
 # CONFIG_HI6220_MBOX is not set
 # CONFIG_MAILBOX_TEST is not set
 # CONFIG_QCOM_APCS_IPC is not set
-# CONFIG_TEGRA_HSP_MBOX is not set
+CONFIG_TEGRA_HSP_MBOX=y
 CONFIG_XGENE_SLIMPRO_MBOX=y
 CONFIG_BCM_PDC_MBOX=y
 CONFIG_BCM_FLEXRM_MBOX=m
@@ -9111,11 +9127,13 @@ CONFIG_SUNXI_SRAM=y
 CONFIG_ARCH_TEGRA_132_SOC=y
 CONFIG_ARCH_TEGRA_210_SOC=y
 # CONFIG_ARCH_TEGRA_186_SOC is not set
-# CONFIG_ARCH_TEGRA_194_SOC is not set
+CONFIG_ARCH_TEGRA_194_SOC=y
 # CONFIG_ARCH_TEGRA_234_SOC is not set
 CONFIG_SOC_TEGRA_FUSE=y
 CONFIG_SOC_TEGRA_FLOWCTRL=y
 CONFIG_SOC_TEGRA_PMC=y
+CONFIG_SOC_TEGRA_POWERGATE_BPMP=y
+# CONFIG_SOC_TEGRA_CBB is not set
 CONFIG_SOC_TI=y
 # CONFIG_TI_SCI_PM_DOMAINS is not set
 # CONFIG_TI_K3_RINGACC is not set
@@ -9815,6 +9833,7 @@ CONFIG_RESET_SUNXI=y
 # CONFIG_RESET_TI_TPS380X is not set
 # CONFIG_COMMON_RESET_HI3660 is not set
 CONFIG_COMMON_RESET_HI6220=y
+CONFIG_RESET_TEGRA_BPMP=y
 
 #
 # PHY Subsystem
@@ -9920,6 +9939,7 @@ CONFIG_PHY_MTK_MIPI_DSI=m
 # CONFIG_PHY_ROCKCHIP_USB is not set
 CONFIG_PHY_SAMSUNG_USB2=m
 # CONFIG_PHY_TEGRA_XUSB is not set
+# CONFIG_PHY_TEGRA194_P2U is not set
 # CONFIG_PHY_AM654_SERDES is not set
 # CONFIG_PHY_J721E_WIZ is not set
 # CONFIG_OMAP_USB2 is not set
@@ -9956,7 +9976,7 @@ CONFIG_ARM_SPE_PMU=m
 # CONFIG_HISI_PCIE_PMU is not set
 # CONFIG_HNS3_PMU is not set
 # CONFIG_MARVELL_CN10K_DDR_PMU is not set
-# CONFIG_ARM_CORESIGHT_PMU_ARCH_SYSTEM_PMU is not set
+CONFIG_ARM_CORESIGHT_PMU_ARCH_SYSTEM_PMU=m
 # CONFIG_MESON_DDR_PMU is not set
 # end of Performance monitor support
 
@@ -10923,7 +10943,7 @@ CONFIG_GENERIC_ALLOCATOR=y
 CONFIG_REED_SOLOMON=m
 CONFIG_REED_SOLOMON_DEC8=y
 CONFIG_REED_SOLOMON_DEC16=y
-CONFIG_BCH=m
+CONFIG_BCH=y
 CONFIG_TEXTSEARCH=y
 CONFIG_TEXTSEARCH_KMP=m
 CONFIG_TEXTSEARCH_BM=m
@@ -11349,6 +11369,7 @@ CONFIG_RUNTIME_TESTING_MENU=y
 # CONFIG_TEST_MEMCAT_P is not set
 # CONFIG_TEST_OBJAGG is not set
 # CONFIG_TEST_MEMINIT is not set
+# CONFIG_TEST_HMM is not set
 # CONFIG_TEST_FREE_PAGES is not set
 CONFIG_ARCH_USE_MEMTEST=y
 CONFIG_MEMTEST=y
diff --git a/SPECS/kernel-64k/kernel-64k.signatures.json b/SPECS/kernel-64k/kernel-64k.signatures.json
index 637dca0671..885bd737bd 100644
--- a/SPECS/kernel-64k/kernel-64k.signatures.json
+++ b/SPECS/kernel-64k/kernel-64k.signatures.json
@@ -1,10 +1,10 @@
 {
   "Signatures": {
     "azurelinux-ca-20230216.pem": "d545401163c75878319f01470455e6bc18a5968e39dd964323225e3fe308849b",
-    "config_aarch64": "3ca4ca7fedb5f686de995c022ccee10d7f0c65ea5fd21422767aa879c11e56f7",
+    "config_aarch64": "0993f596a336aceaf8fc36349d76859091e963c1247d46f9a71feb8f0f02841c",
     "cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985",
     "cpupower.service": "b057fe9e5d0e8c36f485818286b80e3eba8ff66ff44797940e99b1fd5361bb98",
     "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f",
-    "kernel-6.6.82.1.tar.gz": "66da12e2ca4d65d4a51e23423c60a03fb57910a91684e36643430c616e6d732a"
+    "kernel-6.6.85.1.tar.gz": "4dab471d68ce07dd31e925788c128ff1c7d9a6d2c7e0a073bd8e6701514cfee6"
   }
 }
diff --git a/SPECS/kernel-64k/kernel-64k.spec b/SPECS/kernel-64k/kernel-64k.spec
index e46c654b9a..897bc5a71d 100644
--- a/SPECS/kernel-64k/kernel-64k.spec
+++ b/SPECS/kernel-64k/kernel-64k.spec
@@ -24,8 +24,8 @@
 
 Summary:        Linux Kernel
 Name:           kernel-64k
-Version:        6.6.82.1
-Release:        1%{?dist}
+Version:        6.6.85.1
+Release:        4%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -38,8 +38,7 @@ Source3:        azurelinux-ca-20230216.pem
 Source4:        cpupower
 Source5:        cpupower.service
 Patch0:         0001-add-mstflint-kernel-%{mstflintver}.patch
-Patch1:         0002-Increase-EFI_MMAP_NR_SLACK_SLOTS-for-GB200.patch
-Patch2:         Revert-serial-8250-Adjust-the-timeout-for-FIFO-mode.patch
+Patch1:         0002-efi-Added-efi-cmdline-line-option-to-dynamically-adj.patch
 ExclusiveArch:  aarch64
 BuildRequires:  audit-devel
 BuildRequires:  bash
@@ -372,6 +371,18 @@ echo "initrd of kernel %{uname_r} removed" >&2
 %{_sysconfdir}/bash_completion.d/bpftool
 
 %changelog
+* Tue May 13 2025 Siddharth Chintamaneni  - 6.6.85.1-4
+- Added a new patch to EFI slack slots issue
+
+* Tue Apr 29 2025 Siddharth Chintamaneni  - 6.6.85.1-3
+- Updated config_aarch64 based on nvidia patch guide recommendations
+
+* Fri Apr 25 2025 Chris Co  - 6.6.85.1-2
+- Bump release to rebuild for new kernel release
+
+* Sat Apr 05 2025 CBL-Mariner Servicing Account  - 6.6.85.1-1
+- Auto-upgrade to 6.6.85.1
+
 * Fri Mar 14 2025 CBL-Mariner Servicing Account  - 6.6.82.1-1
 - Auto-upgrade to 6.6.82.1
 
diff --git a/SPECS/kernel-uvm/config b/SPECS/kernel-uvm/config
index 6176661b13..3526808e7f 100644
--- a/SPECS/kernel-uvm/config
+++ b/SPECS/kernel-uvm/config
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86_64 6.1.58.mshv4 Kernel Configuration
+# Linux/x86_64 6.1.58.mshv8 Kernel Configuration
 #
 CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0"
 CONFIG_CC_IS_GCC=y
@@ -416,8 +416,10 @@ CONFIG_HZ_250=y
 # CONFIG_HZ_1000 is not set
 CONFIG_HZ=250
 CONFIG_SCHED_HRTICK=y
-# CONFIG_KEXEC is not set
-# CONFIG_KEXEC_FILE is not set
+CONFIG_KEXEC=y
+CONFIG_KEXEC_FILE=y
+CONFIG_ARCH_HAS_KEXEC_PURGATORY=y
+# CONFIG_KEXEC_SIG is not set
 # CONFIG_CRASH_DUMP is not set
 CONFIG_PHYSICAL_START=0x1000000
 # CONFIG_RELOCATABLE is not set
@@ -578,6 +580,8 @@ CONFIG_AS_TPAUSE=y
 #
 # General architecture-dependent options
 #
+CONFIG_CRASH_CORE=y
+CONFIG_KEXEC_CORE=y
 CONFIG_HOTPLUG_SMT=y
 CONFIG_GENERIC_ENTRY=y
 # CONFIG_KPROBES is not set
@@ -1877,7 +1881,7 @@ CONFIG_INPUT=y
 #
 # CONFIG_INPUT_MOUSEDEV is not set
 # CONFIG_INPUT_JOYDEV is not set
-# CONFIG_INPUT_EVDEV is not set
+CONFIG_INPUT_EVDEV=y
 # CONFIG_INPUT_EVBUG is not set
 
 #
@@ -2116,6 +2120,7 @@ CONFIG_WATCHDOG_OPEN_TIMEOUT=0
 # CONFIG_SBC_EPX_C3_WATCHDOG is not set
 # CONFIG_NI903X_WDT is not set
 # CONFIG_NIC7018_WDT is not set
+CONFIG_VIRTIO_WDT=y
 
 #
 # PCI-based Watchdog Cards
@@ -2582,7 +2587,43 @@ CONFIG_ARCH_HAS_GIGANTIC_PAGE=y
 # CONFIG_CONFIGFS_FS is not set
 # end of Pseudo filesystems
 
-# CONFIG_MISC_FILESYSTEMS is not set
+CONFIG_MISC_FILESYSTEMS=y
+# CONFIG_ORANGEFS_FS is not set
+# CONFIG_ADFS_FS is not set
+# CONFIG_AFFS_FS is not set
+# CONFIG_ECRYPT_FS is not set
+# CONFIG_HFS_FS is not set
+# CONFIG_HFSPLUS_FS is not set
+# CONFIG_BEFS_FS is not set
+# CONFIG_BFS_FS is not set
+# CONFIG_EFS_FS is not set
+# CONFIG_CRAMFS is not set
+CONFIG_SQUASHFS=y
+CONFIG_SQUASHFS_FILE_CACHE=y
+# CONFIG_SQUASHFS_FILE_DIRECT is not set
+CONFIG_SQUASHFS_DECOMP_SINGLE=y
+# CONFIG_SQUASHFS_DECOMP_MULTI is not set
+# CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU is not set
+CONFIG_SQUASHFS_XATTR=y
+CONFIG_SQUASHFS_ZLIB=y
+CONFIG_SQUASHFS_LZ4=y
+CONFIG_SQUASHFS_LZO=y
+CONFIG_SQUASHFS_XZ=y
+# CONFIG_SQUASHFS_ZSTD is not set
+# CONFIG_SQUASHFS_4K_DEVBLK_SIZE is not set
+# CONFIG_SQUASHFS_EMBEDDED is not set
+CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3
+# CONFIG_VXFS_FS is not set
+# CONFIG_MINIX_FS is not set
+# CONFIG_OMFS_FS is not set
+# CONFIG_HPFS_FS is not set
+# CONFIG_QNX4FS_FS is not set
+# CONFIG_QNX6FS_FS is not set
+# CONFIG_ROMFS_FS is not set
+# CONFIG_PSTORE is not set
+# CONFIG_SYSV_FS is not set
+# CONFIG_UFS_FS is not set
+# CONFIG_EROFS_FS is not set
 CONFIG_NETWORK_FILESYSTEMS=y
 # CONFIG_NFS_FS is not set
 # CONFIG_NFSD is not set
@@ -2974,6 +3015,8 @@ CONFIG_XXHASH=y
 # CONFIG_RANDOM32_SELFTEST is not set
 CONFIG_ZLIB_INFLATE=y
 CONFIG_ZLIB_DEFLATE=y
+CONFIG_LZO_DECOMPRESS=y
+CONFIG_LZ4_DECOMPRESS=y
 CONFIG_XZ_DEC=y
 CONFIG_XZ_DEC_X86=y
 CONFIG_XZ_DEC_POWERPC=y
diff --git a/SPECS/kernel-uvm/kernel-uvm.signatures.json b/SPECS/kernel-uvm/kernel-uvm.signatures.json
index 85db42160e..0a6f6cf364 100644
--- a/SPECS/kernel-uvm/kernel-uvm.signatures.json
+++ b/SPECS/kernel-uvm/kernel-uvm.signatures.json
@@ -1,6 +1,6 @@
 {
-    "Signatures": {
-        "config": "ea0be459be2f560f29a0d1ff1ebc1288d9ca51d50166e93882be9e40c15781d0",
-        "kernel-uvm-6.1.58.mshv4.tar.gz": "81ac99ab06cf7df0845f0bd596b394658fb3f1801d0ad985f5b64ffa3d90e80a"
-    }
-}
\ No newline at end of file
+  "Signatures": {
+    "config": "b53c6c38abd460e836e3339f6d0ebe2621129103ca3cdbca3bc786d96d4f94ec",
+    "kernel-uvm-6.1.58.mshv8.tar.gz": "55ac63d703e4983fcd3d3aabeaf403881ef44da091d514306ab20802fd95f387"
+  }
+}
diff --git a/SPECS/kernel-uvm/kernel-uvm.spec b/SPECS/kernel-uvm/kernel-uvm.spec
index eb9f883510..40a51eb6d4 100644
--- a/SPECS/kernel-uvm/kernel-uvm.spec
+++ b/SPECS/kernel-uvm/kernel-uvm.spec
@@ -10,7 +10,7 @@
 
 Summary:        Linux Kernel for Kata UVM
 Name:           kernel-uvm
-Version:        6.1.58.mshv4
+Version:        6.1.58.mshv8
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -154,6 +154,9 @@ find %{buildroot}/lib/modules -name '*.ko' -exec chmod u+x {} +
 %{_prefix}/src/linux-headers-%{uname_r}
 
 %changelog
+* Mon Apr 28 2025 CBL-Mariner Servicing Account  - 6.1.58.mshv8-1
+- Auto-upgrade to 6.1.58.mshv8
+
 * Tue May 14 2024 CBL-Mariner Servicing Account  - 6.1.58.mshv4-1
 - Auto-upgrade to 6.1.58.mshv4
 
@@ -176,7 +179,7 @@ find %{buildroot}/lib/modules -name '*.ko' -exec chmod u+x {} +
 * Fri Oct 06 2023 Manuel Huber  - 6.1.0.mshv11-2
 - Enable dm-crypt and dm-integrity for encfs sidecar functionality
 
-* Thu Sep 15 2023 Saul Paredes  - 6.1.0.mshv11-1
+* Fri Sep 15 2023 Saul Paredes  - 6.1.0.mshv11-1
 - Update to v6.1.0.mshv11
 
 * Fri Sep 15 2023 Saul Paredes  - 6.1.0.mshv10-1
diff --git a/SPECS/kube-vip-cloud-provider/CVE-2025-22872.patch b/SPECS/kube-vip-cloud-provider/CVE-2025-22872.patch
new file mode 100644
index 0000000000..6b43eff350
--- /dev/null
+++ b/SPECS/kube-vip-cloud-provider/CVE-2025-22872.patch
@@ -0,0 +1,59 @@
+From bbe4000b0322fd46086cf73856cbafff9823b421 Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker 
+Date: Mon, 24 Feb 2025 11:18:31 -0800
+Subject: [PATCH] html: properly handle trailing solidus in unquoted attribute
+ value in foreign content
+
+The parser properly treats tags like 
 as 
, but the
+tokenizer emits the SelfClosingTagToken token incorrectly. When the
+parser is used to parse foreign content, this results in an incorrect
+DOM.
+
+Thanks to Sean Ng (https://ensy.zip) for reporting this issue.
+
+Fixes golang/go#73070
+Fixes CVE-2025-22872
+
+Change-Id: I65c18df6d6244bf943b61e6c7a87895929e78f4f
+Reviewed-on: https://go-review.googlesource.com/c/net/+/661256
+Reviewed-by: Neal Patel 
+Reviewed-by: Roland Shoemaker 
+LUCI-TryBot-Result: Go LUCI 
+Auto-Submit: Gopher Robot 
+Link: https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9
+---
+ vendor/golang.org/x/net/html/token.go | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go
+index 3c57880..6598c1f 100644
+--- a/vendor/golang.org/x/net/html/token.go
++++ b/vendor/golang.org/x/net/html/token.go
+@@ -839,8 +839,22 @@ func (z *Tokenizer) readStartTag() TokenType {
+ 	if raw {
+ 		z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end]))
+ 	}
+-	// Look for a self-closing token like "
".
+-	if z.err == nil && z.buf[z.raw.end-2] == '/' {
++	// Look for a self-closing token (e.g. 
).
++	//
++	// Originally, we did this by just checking that the last character of the
++	// tag (ignoring the closing bracket) was a solidus (/) character, but this
++	// is not always accurate.
++	//
++	// We need to be careful that we don't misinterpret a non-self-closing tag
++	// as self-closing, as can happen if the tag contains unquoted attribute
++	// values (i.e. 
).
++	//
++	// To avoid this, we check that the last non-bracket character of the tag
++	// (z.raw.end-2) isn't the same character as the last non-quote character of
++	// the last attribute of the tag (z.pendingAttr[1].end-1), if the tag has
++	// attributes.
++	nAttrs := len(z.attr)
++	if z.err == nil && z.buf[z.raw.end-2] == '/' && (nAttrs == 0 || z.raw.end-2 != z.attr[nAttrs-1][1].end-1) {
+ 		return SelfClosingTagToken
+ 	}
+ 	return StartTagToken
+-- 
+2.34.1
+
diff --git a/SPECS/kube-vip-cloud-provider/kube-vip-cloud-provider.spec b/SPECS/kube-vip-cloud-provider/kube-vip-cloud-provider.spec
index 0473313342..6f89136821 100644
--- a/SPECS/kube-vip-cloud-provider/kube-vip-cloud-provider.spec
+++ b/SPECS/kube-vip-cloud-provider/kube-vip-cloud-provider.spec
@@ -1,7 +1,7 @@
 Summary:        The Kube-Vip cloud provider functions as a general-purpose cloud provider for on-premises bare-metal or virtualized setups
 Name:           kube-vip-cloud-provider
 Version:        0.0.10
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        ASL 2.0
 URL:            https://github.com/kube-vip/kube-vip-cloud-provider
 Group:          Applications/Text
@@ -21,11 +21,13 @@ Source1: %{name}-%{version}-vendor.tar.gz
 
 Patch1:        CVE-2023-47108.patch
 Patch2:        CVE-2024-45338.patch
+# CVE-2025-22872 is fixed in go net version .38.0 by https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9
+Patch3:        CVE-2025-22872.patch
 
 BuildRequires: golang >= 1.22
 
 %description
-The Kube-Vip cloud provider functions as a general-purpose cloud provider for on-premises bare-metal or virtualized setups. 
+The Kube-Vip cloud provider functions as a general-purpose cloud provider for on-premises bare-metal or virtualized setups.
 
 %prep
 %autosetup -a 1 -p1
@@ -41,6 +43,10 @@ install kube-vip-cloud-provider %{buildroot}%{_bindir}/kube-vip-cloud-provider
 %{_bindir}/kube-vip-cloud-provider
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 0.0.10-5
+- merge from Azure Linux 3.0.20250521-3.0
+- Add patch for CVE-2025-22872
+
 * Fri Mar 21 2025 Anuj Mittal  - 0.0.10-4
 - Bump Release to rebuild
 
diff --git a/SPECS/kubernetes/CVE-2024-51744.patch b/SPECS/kubernetes/CVE-2024-51744.patch
new file mode 100644
index 0000000000..6ab64c3727
--- /dev/null
+++ b/SPECS/kubernetes/CVE-2024-51744.patch
@@ -0,0 +1,93 @@
+From e238393c3b843e9a690654ef8b9bb70c11feadf0 Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Fri, 21 Mar 2025 18:59:39 -0500
+Subject: [PATCH] Addressing CVE-2024-51744
+Upstream Patch Reference: https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c
+
+---
+ vendor/github.com/golang-jwt/jwt/v4/parser.go | 41 +++++++++----------
+ 1 file changed, 20 insertions(+), 21 deletions(-)
+
+diff --git a/vendor/github.com/golang-jwt/jwt/v4/parser.go b/vendor/github.com/golang-jwt/jwt/v4/parser.go
+index c0a6f692..9dd36e5a 100644
+--- a/vendor/github.com/golang-jwt/jwt/v4/parser.go
++++ b/vendor/github.com/golang-jwt/jwt/v4/parser.go
+@@ -36,19 +36,21 @@ func NewParser(options ...ParserOption) *Parser {
+ 	return p
+ }
+ 
+-// Parse parses, validates, verifies the signature and returns the parsed token.
+-// keyFunc will receive the parsed token and should return the key for validating.
++// Parse parses, validates, verifies the signature and returns the parsed token. keyFunc will
++// receive the parsed token and should return the key for validating.
+ func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
+ 	return p.ParseWithClaims(tokenString, MapClaims{}, keyFunc)
+ }
+ 
+-// ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object implementing the Claims
+-// interface. This provides default values which can be overridden and allows a caller to use their own type, rather
+-// than the default MapClaims implementation of Claims.
++// ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object
++// implementing the Claims interface. This provides default values which can be overridden and
++// allows a caller to use their own type, rather than the default MapClaims implementation of
++// Claims.
+ //
+-// Note: If you provide a custom claim implementation that embeds one of the standard claims (such as RegisteredClaims),
+-// make sure that a) you either embed a non-pointer version of the claims or b) if you are using a pointer, allocate the
+-// proper memory for it before passing in the overall claims, otherwise you might run into a panic.
++// Note: If you provide a custom claim implementation that embeds one of the standard claims (such
++// as RegisteredClaims), make sure that a) you either embed a non-pointer version of the claims or
++// b) if you are using a pointer, allocate the proper memory for it before passing in the overall
++// claims, otherwise you might run into a panic.
+ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) {
+ 	token, parts, err := p.ParseUnverified(tokenString, claims)
+ 	if err != nil {
+@@ -85,12 +87,17 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ 		return token, &ValidationError{Inner: err, Errors: ValidationErrorUnverifiable}
+ 	}
+ 
++	// Perform validation
++	token.Signature = parts[2]
++	if err := token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
++		return token, &ValidationError{Inner: err, Errors: ValidationErrorSignatureInvalid}
++	}
++
+ 	vErr := &ValidationError{}
+ 
+ 	// Validate Claims
+ 	if !p.SkipClaimsValidation {
+ 		if err := token.Claims.Valid(); err != nil {
+-
+ 			// If the Claims Valid returned an error, check if it is a validation error,
+ 			// If it was another error type, create a ValidationError with a generic ClaimsInvalid flag set
+ 			if e, ok := err.(*ValidationError); !ok {
+@@ -98,22 +105,14 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ 			} else {
+ 				vErr = e
+ 			}
++			return token, vErr
+ 		}
+ 	}
+ 
+-	// Perform validation
+-	token.Signature = parts[2]
+-	if err = token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
+-		vErr.Inner = err
+-		vErr.Errors |= ValidationErrorSignatureInvalid
+-	}
+-
+-	if vErr.valid() {
+-		token.Valid = true
+-		return token, nil
+-	}
++	// No errors so far, token is valid.
++	token.Valid = true
+ 
+-	return token, vErr
++	return token, nil
+ }
+ 
+ // ParseUnverified parses the token but doesn't validate the signature.
+-- 
+2.45.2
+
diff --git a/SPECS/kubernetes/CVE-2025-22872.patch b/SPECS/kubernetes/CVE-2025-22872.patch
new file mode 100644
index 0000000000..fdef77f99d
--- /dev/null
+++ b/SPECS/kubernetes/CVE-2025-22872.patch
@@ -0,0 +1,42 @@
+From a7aae2cba3aa447e13b715ae3d6ce55aeaf0c1d1 Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Wed, 23 Apr 2025 19:03:16 -0500
+Subject: [PATCH] Address CVE-2025-22872
+Upstream Patch Reference: https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9
+
+---
+ vendor/golang.org/x/net/html/token.go | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go
+index 3c57880d..6598c1f7 100644
+--- a/vendor/golang.org/x/net/html/token.go
++++ b/vendor/golang.org/x/net/html/token.go
+@@ -839,8 +839,22 @@ func (z *Tokenizer) readStartTag() TokenType {
+ 	if raw {
+ 		z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end]))
+ 	}
+-	// Look for a self-closing token like "
".
+-	if z.err == nil && z.buf[z.raw.end-2] == '/' {
++	// Look for a self-closing token (e.g. 
).
++	//
++	// Originally, we did this by just checking that the last character of the
++	// tag (ignoring the closing bracket) was a solidus (/) character, but this
++	// is not always accurate.
++	//
++	// We need to be careful that we don't misinterpret a non-self-closing tag
++	// as self-closing, as can happen if the tag contains unquoted attribute
++	// values (i.e. 
).
++	//
++	// To avoid this, we check that the last non-bracket character of the tag
++	// (z.raw.end-2) isn't the same character as the last non-quote character of
++	// the last attribute of the tag (z.pendingAttr[1].end-1), if the tag has
++	// attributes.
++	nAttrs := len(z.attr)
++	if z.err == nil && z.buf[z.raw.end-2] == '/' && (nAttrs == 0 || z.raw.end-2 != z.attr[nAttrs-1][1].end-1) {
+ 		return SelfClosingTagToken
+ 	}
+ 	return StartTagToken
+-- 
+2.45.2
+
diff --git a/SPECS/kubernetes/kubernetes.spec b/SPECS/kubernetes/kubernetes.spec
index 15f750692e..61d75e4713 100644
--- a/SPECS/kubernetes/kubernetes.spec
+++ b/SPECS/kubernetes/kubernetes.spec
@@ -10,7 +10,7 @@
 Summary:        Microsoft Kubernetes
 Name:           kubernetes
 Version:        1.30.10
-Release:        5%{?dist}
+Release:        8%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -23,9 +23,11 @@ Patch1:         CVE-2024-45338.patch
 Patch2:         CVE-2025-27144.patch
 Patch3:         CVE-2025-22868.patch
 Patch4:         CVE-2025-22869.patch
-Patch5:         CVE-2025-30204.patch
+Patch5:         CVE-2024-51744.patch
+Patch6:         CVE-2025-30204.patch
+Patch7:         CVE-2025-22872.patch
 BuildRequires:  flex-devel
-BuildRequires:  glibc-static >= 2.38-9%{?dist}
+BuildRequires:  glibc-static >= 2.38-10%{?dist}
 BuildRequires:  golang
 BuildRequires:  rsync
 BuildRequires:  systemd-devel
@@ -275,6 +277,12 @@ fi
 %{_exec_prefix}/local/bin/pause
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 1.30.10-8
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-22872
+- Bump to rebuild with updated glibc
+- Fix CVE-2024-51744 with an upstream patch
+
 * Fri Apr 28 2025 Ranjan Dutta  - 1.30.10-5
 - merge from Azure Linux tag 3.0.20250423-3.0
 - Patch CVE-2025-30204
diff --git a/SPECS/kubevirt/CVE-2025-22872.patch b/SPECS/kubevirt/CVE-2025-22872.patch
new file mode 100644
index 0000000000..8e0d348b32
--- /dev/null
+++ b/SPECS/kubevirt/CVE-2025-22872.patch
@@ -0,0 +1,42 @@
+From 49deeee2f3c9277aa729e4d0698ab9f297b0c38a Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Thu, 24 Apr 2025 18:37:02 -0500
+Subject: [PATCH] Address CVE-2025-22872
+Upstream Patch Reference: https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9
+
+---
+ vendor/golang.org/x/net/html/token.go | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go
+index de67f93..9bbdf7d 100644
+--- a/vendor/golang.org/x/net/html/token.go
++++ b/vendor/golang.org/x/net/html/token.go
+@@ -839,8 +839,22 @@ func (z *Tokenizer) readStartTag() TokenType {
+ 	if raw {
+ 		z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end]))
+ 	}
+-	// Look for a self-closing token like "
".
+-	if z.err == nil && z.buf[z.raw.end-2] == '/' {
++	// Look for a self-closing token (e.g. 
).
++	//
++	// Originally, we did this by just checking that the last character of the
++	// tag (ignoring the closing bracket) was a solidus (/) character, but this
++	// is not always accurate.
++	//
++	// We need to be careful that we don't misinterpret a non-self-closing tag
++	// as self-closing, as can happen if the tag contains unquoted attribute
++	// values (i.e. 
).
++	//
++	// To avoid this, we check that the last non-bracket character of the tag
++	// (z.raw.end-2) isn't the same character as the last non-quote character of
++	// the last attribute of the tag (z.pendingAttr[1].end-1), if the tag has
++	// attributes.
++	nAttrs := len(z.attr)
++	if z.err == nil && z.buf[z.raw.end-2] == '/' && (nAttrs == 0 || z.raw.end-2 != z.attr[nAttrs-1][1].end-1) {
+ 		return SelfClosingTagToken
+ 	}
+ 	return StartTagToken
+-- 
+2.45.2
+
diff --git a/SPECS/kubevirt/kubevirt.spec b/SPECS/kubevirt/kubevirt.spec
index 4bbcc618ac..e0c6c29379 100644
--- a/SPECS/kubevirt/kubevirt.spec
+++ b/SPECS/kubevirt/kubevirt.spec
@@ -20,7 +20,7 @@
 Summary:        Container native virtualization
 Name:           kubevirt
 Version:        1.2.0
-Release:        16%{?dist}
+Release:        18%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -38,11 +38,12 @@ Patch4:         CVE-2024-45338.patch
 Patch5:         CVE-2023-45288.patch
 Patch6:         CVE-2023-44487.patch
 Patch7:         CVE-2025-22869.patch
+Patch8:         CVE-2025-22872.patch
 
 %global debug_package %{nil}
 BuildRequires:  swtpm-tools
 BuildRequires:  glibc-devel
-BuildRequires:  glibc-static >= 2.38-9%{?dist}
+BuildRequires:  glibc-static >= 2.38-10%{?dist}
 BuildRequires:  golang >= 1.21
 BuildRequires:  golang-packaging
 BuildRequires:  pkgconfig
@@ -279,6 +280,11 @@ install -p -m 0644 cmd/virt-launcher/qemu.conf %{buildroot}%{_datadir}/kube-virt
 %{_bindir}/virt-tests
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 1.2.0-18
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-22872
+- Bump to rebuild with updated glibc
+
 * Fri Mar 21 2025 Anuj Mittal  - 1.2.0-16
 - Bump Release to rebuild
 
diff --git a/SPECS/libbpf/CVE-2025-29481.patch b/SPECS/libbpf/CVE-2025-29481.patch
new file mode 100644
index 0000000000..6eb0104010
--- /dev/null
+++ b/SPECS/libbpf/CVE-2025-29481.patch
@@ -0,0 +1,26 @@
+From 61aa55706bb3792731eeab1496ece30c011ddb52 Mon Sep 17 00:00:00 2001
+From: jykanase 
+Date: Fri, 11 Apr 2025 12:07:55 +0000
+Subject: [PATCH] CVE-2025-29481
+
+Upstream patch reference: https://lore.kernel.org/bpf/20250410073407.131211-1-vmalik@redhat.com/
+---
+ src/libbpf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libbpf.c b/src/libbpf.c
+index 1b95c06..36ec2e0 100644
+--- a/src/libbpf.c
++++ b/src/libbpf.c
+@@ -826,7 +826,7 @@ bpf_object__add_programs(struct bpf_object *obj, Elf_Data *sec_data,
+ 			return -LIBBPF_ERRNO__FORMAT;
+ 		}
+ 
+-		if (sec_off + prog_sz > sec_sz) {
++		if (sec_off >= sec_sz || sec_off + prog_sz > sec_sz) {
+ 			pr_warn("sec '%s': program at offset %zu crosses section boundary\n",
+ 				sec_name, sec_off);
+ 			return -LIBBPF_ERRNO__FORMAT;
+-- 
+2.45.2
+
diff --git a/SPECS/libbpf/libbpf.spec b/SPECS/libbpf/libbpf.spec
index 74fae03e30..49a7fe0fe7 100644
--- a/SPECS/libbpf/libbpf.spec
+++ b/SPECS/libbpf/libbpf.spec
@@ -1,12 +1,14 @@
 Summary:        Libbpf library
 Name:           libbpf
 Version:        1.2.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        LGPLv2 OR BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://github.com/%{name}/%{name}
 Source0:        https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Patch0:         CVE-2025-29481.patch
+
 BuildRequires:  elfutils-devel
 BuildRequires:  elfutils-libelf-devel
 BuildRequires:  gcc
@@ -31,8 +33,7 @@ developing applications that use %{name}
 %global make_flags DESTDIR=%{buildroot} OBJDIR=%{_builddir} CFLAGS="%{build_cflags} -fPIC" LDFLAGS="%{build_ldflags} -Wl,--no-as-needed" LIBDIR=/%{_libdir} NO_PKG_CONFIG=1
 
 %prep
-%autosetup
-
+%autosetup -p1
 %build
 %make_build -C ./src %{make_flags}
 
@@ -50,6 +51,9 @@ find %{buildroot} -type f -name "*.a" -delete -print
 %{_libdir}/pkgconfig/libbpf.pc
 
 %changelog
+* Mon Apr 14 2025 Jyoti Kanase  -  1.2.2-2
+- Patch for CVE-2025-29481
+
 * Fri Oct 27 2023 CBL-Mariner Servicing Account  - 1.2.2-1
 - Auto-upgrade to 1.2.2 - Azure Linux 3.0 - package upgrades
 
diff --git a/SPECS/libcap/libcap.spec b/SPECS/libcap/libcap.spec
index 2c6f46e4ea..8c665337a4 100644
--- a/SPECS/libcap/libcap.spec
+++ b/SPECS/libcap/libcap.spec
@@ -1,7 +1,7 @@
 Summary:        Libcap
 Name:           libcap
 Version:        2.69
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPLv2+
 Group:          System Environment/Security
 URL:            https://www.gnu.org/software/hurd/community/gsoc/project_ideas/libcap.html
@@ -9,7 +9,7 @@ Source0:        https://www.kernel.org/pub/linux/libs/security/linux-privs/libca
 Patch0:         CVE-2025-1390.patch
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
-BuildRequires:  glibc-static >= 2.38-9%{?dist}
+BuildRequires:  glibc-static >= 2.38-10%{?dist}
 
 %description
 The libcap package implements the user-space interfaces to the POSIX 1003.1e capabilities available
@@ -62,6 +62,9 @@ sed -i '/echo "attempt to exploit kernel bug"/,/^fi$/d' quicktest.sh
 %{_mandir}/man3/*
 
 %changelog
+* Mon May 12 2025 Andrew Phelps anphel@microsoft.com - 2.69-4
+- Bump to rebuild with updated glibc
+
 * Wed Feb 26 2025 Kanishk Bansal  - 2.69-3
 - Modify check section to fix ptest
 
diff --git a/SPECS/libguestfs/libguestfs.spec b/SPECS/libguestfs/libguestfs.spec
index ddadae8480..3b5eaed73e 100644
--- a/SPECS/libguestfs/libguestfs.spec
+++ b/SPECS/libguestfs/libguestfs.spec
@@ -25,7 +25,7 @@
 Summary:        Access and modify virtual machine disk images
 Name:           libguestfs
 Version:        1.52.0
-Release:        12%{?dist}
+Release:        13%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -82,7 +82,7 @@ BuildRequires:  gcc-c++
 BuildRequires:  gdisk
 BuildRequires:  genisoimage
 BuildRequires:  gfs2-utils
-BuildRequires:  glibc-static >= 2.38-9%{?dist}
+BuildRequires:  glibc-static >= 2.38-10%{?dist}
 BuildRequires:  gobject-introspection-devel
 BuildRequires:  gperf
 BuildRequires:  grep
@@ -1147,6 +1147,10 @@ rm ocaml/html/.gitignore
 %endif
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 1.52.0-13
+- merge from Azure Linux 3.0.20250521-3.0
+- Bump to rebuild with updated glibc
+
 * Fri Mar 21 2025 Anuj Mittal  - 1.52.0-12
 - Bump release to rebuild.
 
diff --git a/SPECS/libmamba/libmamba-csh.patch b/SPECS/libmamba/libmamba-csh.patch
new file mode 100644
index 0000000000..de4cf1d864
--- /dev/null
+++ b/SPECS/libmamba/libmamba-csh.patch
@@ -0,0 +1,85 @@
+commit 9e3e1c4cdddceceb6430167a574fa537bdcfad88
+Author: bruchim-cisco <148679594+bruchim-cisco@users.noreply.github.com>
+Date:   Tue Oct 24 10:41:22 2023 +0300
+
+    Fix broken tcsh aliases (#2929)
+    
+    Fix broken csh and tcsh multiline aliases
+
+diff --git a/libmamba/data/micromamba.csh b/libmamba/data/micromamba.csh
+index 5b519431..26c928ad 100644
+--- a/libmamba/data/micromamba.csh
++++ b/libmamba/data/micromamba.csh
+@@ -5,40 +5,40 @@ alias __mamba_exe '"$MAMBA_EXE" "\!*"'
+ 
+ alias __mamba_hashr 'rehash'
+ 
+-alias __mamba_xctivate '
+-    set ask_conda="`(setenv prompt "${prompt}"; __mamba_exe shell "\!*" --shell csh)`"
+-    if ("${status}" != 0) then
+-        return
+-     endif
+-         eval "${ask_conda}"
+-     __mamba_hashr
++alias __mamba_xctivate '\\
++    set ask_conda="`(setenv prompt "${prompt}"; __mamba_exe shell "\!*" --shell csh)`"\\
++    if ("${status}" != 0) then\\
++        return\\
++     endif\\
++         eval "${ask_conda}"\\
++     __mamba_hashr\\
+ '
+ 
+-alias micromamba '
+-    switch ("${1}")
+-        case activate | reactivate | deactivate:
+-            __mamba_xctivate "\!*"
+-            breaksw
+-        case install | update | upgrade | remove | uninstall:
+-            __mamba_exe "\!*"
+-            if ("${status}" != 0) then
+-                return
+-             endif
+-            __mamba_xctivate reactivate
+-            breaksw
+-        case self-update:
+-            __mamba_exe "\!*"
+-            if ("${status}" != 0) then
+-                return
+-             endif
+-             if (-f "$MAMBA_EXE.bkup") then
+-                rm -f "$MAMBA_EXE.bkup"
+-             endif
+-            breaksw
+-        default:
+-            __mamba_exe "\!*"
+-            breaksw
+-    endsw
++alias micromamba '\\
++    switch ("${1}")\\
++        case activate | reactivate | deactivate:\\
++            __mamba_xctivate "\!*"\\
++            breaksw\\
++        case install | update | upgrade | remove | uninstall:\\
++            __mamba_exe "\!*"\\
++            if ("${status}" != 0) then\\
++                return\\
++             endif\\
++            __mamba_xctivate reactivate\\
++            breaksw\\
++        case self-update:\\
++            __mamba_exe "\!*"\\
++            if ("${status}" != 0) then\\
++                return\\
++             endif\\
++             if (-f "$MAMBA_EXE.bkup") then\\
++                rm -f "$MAMBA_EXE.bkup"\\
++             endif\\
++            breaksw\\
++        default:\\
++            __mamba_exe "\!*"\\
++            breaksw\\
++    endsw\\
+ '
+ 
+ if (! $?CONDA_SHLVL) then
diff --git a/SPECS/libmamba/libmamba-deps.patch b/SPECS/libmamba/libmamba-deps.patch
new file mode 100644
index 0000000000..b17ff3127c
--- /dev/null
+++ b/SPECS/libmamba/libmamba-deps.patch
@@ -0,0 +1,69 @@
+diff --git a/libmamba/CMakeLists.txt b/libmamba/CMakeLists.txt
+index 20793861..2a837054 100644
+--- a/libmamba/CMakeLists.txt
++++ b/libmamba/CMakeLists.txt
+@@ -509,29 +509,30 @@ macro(libmamba_create_target target_name linkage output_name)
+         find_package(OpenSSL REQUIRED)
+         find_package(reproc++ CONFIG REQUIRED)
+ 
+-        set(LIBMAMBA_LIBRARIES_DEPS
+-            ${LIBSOLV_LIBRARIES}
+-            ${LIBSOLVEXT_LIBRARIES}
+-            ${LibArchive_LIBRARIES}
+-            zstd::libzstd_shared
+-            ${CURL_LIBRARIES}
+-            ${OPENSSL_LIBRARIES}
+-            zstd::libzstd_shared
+-            BZip2::BZip2
+-            yaml-cpp::yaml-cpp
+-            reproc++
+-            reproc
+-            fmt::fmt
+-            # Since conda-forge spdlog is built with a bundled version of fmt we use the
+-            # header only version to avoid chasing after the correct fmt version mathching
+-            # the one used in the bundle
+-            spdlog::spdlog_header_only
+-        )
+ 
+         add_compile_definitions(SPDLOG_FMT_EXTERNAL)
+-        target_link_libraries(${target_name} PUBLIC
+-                              ${LIBMAMBA_LIBRARIES_DEPS}
+-                              ${MAMBA_FORCE_DYNAMIC_LIBS})
++        target_link_libraries(
++            ${target_name}
++            PUBLIC
++                ${LIBSOLV_LIBRARIES}
++                ${LIBSOLVEXT_LIBRARIES}
++                yaml-cpp::yaml-cpp
++                fmt::fmt
++                # Since conda-forge spdlog is built with a bundled version of fmt we use the
++                # header only version to avoid chasing after the correct fmt version mathching
++                # the one used in the bundle
++                spdlog::spdlog_header_only
++                reproc++
++            PRIVATE
++                ${LibArchive_LIBRARIES}
++                zstd::libzstd_shared
++                ${CURL_LIBRARIES}
++                ${OPENSSL_LIBRARIES}
++                zstd::libzstd_shared
++                BZip2::BZip2
++                reproc
++                ${MAMBA_FORCE_DYNAMIC_LIBS}
++            )
+     endif ()
+ 
+     target_compile_features(${target_name} PUBLIC cxx_std_17)
+diff --git a/libmamba/libmambaConfig.cmake.in b/libmamba/libmambaConfig.cmake.in
+index e927a133..d6657a87 100644
+--- a/libmamba/libmambaConfig.cmake.in
++++ b/libmamba/libmambaConfig.cmake.in
+@@ -27,8 +27,6 @@ find_dependency(nlohmann_json)
+ find_dependency(spdlog)
+ find_dependency(Threads)
+ find_dependency(tl-expected)
+-find_dependency(zstd)
+-find_dependency(BZip2)
+ find_dependency(yaml-cpp)
+ 
+ if(NOT (TARGET libmamba OR TARGET libmamba-static))
diff --git a/SPECS/libmamba/libmamba-fedora.patch b/SPECS/libmamba/libmamba-fedora.patch
new file mode 100644
index 0000000000..3f9efe6b11
--- /dev/null
+++ b/SPECS/libmamba/libmamba-fedora.patch
@@ -0,0 +1,43 @@
+diff -up mamba-libmamba-1.5.3/libmamba/CMakeLists.txt.fedora mamba-libmamba-1.5.3/libmamba/CMakeLists.txt
+--- mamba-libmamba-1.5.3/libmamba/CMakeLists.txt.fedora 2023-11-30 06:15:31.442933848 -0700
++++ mamba-libmamba-1.5.3/libmamba/CMakeLists.txt        2023-11-30 06:32:26.957230936 -0700
+@@ -448,7 +448,7 @@ macro(libmamba_create_target target_name
+             find_library(LIBLZMA_LIBRARIES lzma REQUIRED)
+             find_library(LZ4_LIBRARY NAMES lz4)
+             find_library(LZO2_LIBRARY NAMES lzo2)
+-            find_package(zstd CONFIG REQUIRED)
++            find_library(ZSTD_LIBRARY NAMES zstd REQUIRED)
+             find_library(BZIP2_LIBRARIES NAMES bz2)
+             find_library(CRYPTO_LIBRARIES NAMES libcrypto)
+ 
+@@ -467,7 +467,7 @@ macro(libmamba_create_target target_name
+                 ${LIBXML2_LIBRARY}
+                 ${ICONV_LIBRARY}
+                 ${CHARSET_LIBRARY}
+-                zstd::libzstd_static
++                ${ZSTD_LIBRARY}
+                 ${LZ4_LIBRARY}
+                 ${LZO2_LIBRARY}
+                 ${BZIP2_LIBRARIES}
+@@ -504,7 +504,7 @@ macro(libmamba_create_target target_name
+         find_library(LIBSOLVEXT_LIBRARIES NAMES solvext)
+         find_package(CURL REQUIRED)
+         find_package(LibArchive REQUIRED)
+-        find_package(zstd REQUIRED)
++        find_library(ZSTD_LIBRARIES NAMES zstd)
+         find_package(BZip2 REQUIRED)
+         find_package(OpenSSL REQUIRED)
+         find_package(reproc++ CONFIG REQUIRED)
+@@ -525,10 +525,10 @@ macro(libmamba_create_target target_name
+                 reproc++
+             PRIVATE
+                 ${LibArchive_LIBRARIES}
+-                zstd::libzstd_shared
++                ${ZSTD_LIBRARIES}
+                 ${CURL_LIBRARIES}
+                 ${OPENSSL_LIBRARIES}
+-                zstd::libzstd_shared
++                ${ZSTD_LIBRARY}
+                 BZip2::BZip2
+                 reproc
+                 ${MAMBA_FORCE_DYNAMIC_LIBS}
diff --git a/SPECS/libmamba/libmamba.signatures.json b/SPECS/libmamba/libmamba.signatures.json
new file mode 100644
index 0000000000..123918b5ed
--- /dev/null
+++ b/SPECS/libmamba/libmamba.signatures.json
@@ -0,0 +1,7 @@
+{
+    "Signatures": {
+      "libmamba-1.5.12.tar.gz": "77c7383b11e243830e4896a622362df96690cca53686f55787d55523376e7d3c",
+      "setup.py": "8946e2981e54be533285b424ef38837bf16a81b3c403342f5194d7caa4d4870d"
+    }
+  }
+  
\ No newline at end of file
diff --git a/SPECS/libmamba/libmamba.spec b/SPECS/libmamba/libmamba.spec
new file mode 100644
index 0000000000..5042ce8201
--- /dev/null
+++ b/SPECS/libmamba/libmamba.spec
@@ -0,0 +1,182 @@
+Summary:        C++ API for mamba depsolving library
+Name:           libmamba
+Version:        1.5.12
+Release:        2%{?dist}
+License:        BSD-3-Clause
+URL:            https://github.com/mamba-org/mamba
+Source0:        https://github.com/mamba-org/mamba/archive/%{name}-%{version}/%{name}-%{version}.tar.gz
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+# Force the install to be arch dependent
+Source1:        setup.py
+# Upstream fix for csh file
+Patch0:         libmamba-csh.patch
+# https://github.com/mamba-org/mamba/pull/3016
+Patch1:         libmamba-deps.patch
+# Use Fedora versions of yaml-cpp and zstd
+Patch2:         libmamba-fedora.patch
+
+BuildRequires:  cmake
+BuildRequires:  gcc-c++
+BuildRequires:  bzip2-devel
+BuildRequires:  fmt-devel
+BuildRequires:  gtest-devel
+BuildRequires:  json-c-devel
+BuildRequires:  libarchive-devel
+BuildRequires:  libcurl-devel
+# Need CONDA_ADD_USE_ONLY_TAR_BZ2
+BuildRequires:  libsolv-devel
+BuildRequires:  openssl-devel
+BuildRequires:  cmake
+BuildRequires:  reproc-devel
+BuildRequires:  cmake(simdjson)
+BuildRequires:  spdlog-devel
+BuildRequires:  cmake(tl-expected)
+BuildRequires:  yaml-cpp-devel
+BuildRequires:  yaml-cpp-static
+BuildRequires:  nlohmann-json-devel
+# This is not yet provided by Fedora package
+# https://src.fedoraproject.org/rpms/zstd/pull-request/7
+#BuildRequires:  cmake(zstd)
+BuildRequires:  libzstd-devel
+
+%description
+libmamba is a reimplementation of the conda package manager in C++.
+
+* parallel downloading of repository data and package files using multi-
+  threading
+* libsolv for much faster dependency solving, a state of the art library used
+  in the RPM package manager of Red Hat, Fedora and OpenSUSE
+* core parts of mamba are implemented in C++ for maximum efficiency
+
+
+%package        devel
+Summary:        Development files for %{name}
+License:        MIT
+Requires:       %{name} = %{version}-%{release}
+Requires:       cmake-filesystem
+Requires:       pkgconfig
+Requires:       fmt-devel
+Requires:       json-c-devel
+Requires:       libsolv-devel
+Requires:       reproc-devel
+Requires:       spdlog-devel
+Requires:       cmake(tl-expected)
+Requires:       yaml-cpp-devel
+Requires:       yaml-cpp-static
+
+%description    devel
+The %{name}-devel package contains libraries and header files for
+developing applications that use %{name}.
+
+%package -n     python3-libmambapy
+Summary:        Python bindings for libmamba
+BuildRequires:  python3-devel
+BuildRequires:  python3-pip
+BuildRequires:  python3-setuptools
+BuildRequires:  python3-wheel
+BuildRequires:  pybind11-devel
+Requires:       %{name} = %{version}-%{release}
+
+%description -n python3-libmambapy
+Python bindings for libmamba.
+
+
+%prep
+%autosetup -p1 -n mamba-libmamba-%{version}
+cp -p %SOURCE1 libmambapy/setup.py
+sed -i '/LIBRARY DESTINATION/s,\${CMAKE_CURRENT_SOURCE_DIR},${Python_STDARCH}/site-packages,' libmambapy/CMakeLists.txt
+
+
+%build
+%cmake \
+   -DCMAKE_BUILD_TYPE=RelWithDebInfo \
+   -DBUILD_LIBMAMBA=ON \
+   -DBUILD_LIBMAMBAPY=ON \
+   -DBUILD_MICROMAMBA=OFF \
+   -DBUILD_EXE=ON \
+   -DBUILD_SHARED=ON \
+   -DBUILD_STATIC=OFF \
+   -DENABLE_TESTS=ON 
+%cmake_build
+cd libmambapy
+%pyproject_wheel
+cd -
+
+
+%install
+%cmake_install
+cd libmambapy
+%pyproject_install
+%pyproject_save_files libmambapy
+cd -
+
+
+%check
+%ctest
+
+
+%files
+%license LICENSE
+%doc CHANGELOG.md README.md
+%{_libdir}/libmamba.so.2
+%{_libdir}/libmamba.so.2.*
+
+%files devel
+%{_includedir}/mamba/
+%{_libdir}/libmamba.so
+%{_libdir}/cmake/%{name}/
+
+%files -n python3-libmambapy -f %{pyproject_files}
+%doc CHANGELOG.md README.md
+%{python3_sitearch}/libmambapy/bindings.*
+
+%changelog
+* Fri April 11 2025 Riken Maharjan  - 1.5.12-2
+- Initial Azure Linux import from Fedora 42 (license: MIT)
+- License Verified
+
+* Fri Jan 03 2025 Orion Poplawski  - 1.5.12-1
+- Update to 1.5.12
+ 
+* Sat Nov 30 2024 Orion Poplawski  - 1.5.11-1
+- Update to 1.5.11
+ 
+* Tue Nov 26 2024 František Zatloukal  - 1.5.10-3
+- Rebuilt for spdlog 1.15.0
+ 
+* Thu Oct 24 2024 Orion Poplawski  - 1.5.10-2
+- Drop yaml-cpp patch
+ 
+* Fri Oct 18 2024 Orion Poplawski  - 1.5.10-1
+- Update to 1.5.10
+ 
+* Fri Aug 02 2024 Orion Poplawski  - 1.5.8-2
+- Add patch for fmt 11 support (FTBFS bz#2300904)
+ 
+* Tue Jul 30 2024 Orion Poplawski  - 1.5.8-1
+- Update to 1.5.8
+ 
+* Thu Jul 18 2024 Fedora Release Engineering  - 1.5.6-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+ 
+* Fri Jun 07 2024 Python Maint  - 1.5.6-3
+- Rebuilt for Python 3.13
+ 
+* Tue May 21 2024 František Zatloukal  - 1.5.6-2
+- Rebuilt for spdlog 1.14.1
+ 
+* Fri Feb 23 2024 Orion Poplawski  - 1.5.6-1
+- Update to 1.5.6
+ 
+* Thu Jan 25 2024 Fedora Release Engineering  - 1.5.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+ 
+* Sun Jan 21 2024 Fedora Release Engineering  - 1.5.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+ 
+* Mon Dec 04 2023 Orion Poplawski  - 1.5.3-2
+- Generate man page with help2man
+ 
+* Thu Nov 30 2023 Orion Poplawski  - 1.5.3-1
+- Initial package
diff --git a/SPECS/libmamba/setup.py b/SPECS/libmamba/setup.py
new file mode 100644
index 0000000000..eb4b7193ed
--- /dev/null
+++ b/SPECS/libmamba/setup.py
@@ -0,0 +1,14 @@
+from setuptools import setup
+from setuptools.dist import Distribution
+
+# Tested with wheel v0.29.0
+class BinaryDistribution(Distribution):
+    """Distribution which always forces a binary package with platform name"""
+    def has_ext_modules(foo):
+        return True
+
+
+setup(
+      # Include pre-compiled extension
+      #package_data={"libmambapy": ["bindings.pyd"]},
+      distclass=BinaryDistribution)
diff --git a/SPECS/librsvg2/librsvg2.spec b/SPECS/librsvg2/librsvg2.spec
index 8233fc0ca5..c7dbc0abaf 100644
--- a/SPECS/librsvg2/librsvg2.spec
+++ b/SPECS/librsvg2/librsvg2.spec
@@ -8,7 +8,7 @@
 Summary:        An SVG library based on cairo
 Name:           librsvg2
 Version:        2.58.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -31,7 +31,7 @@ BuildRequires:  gobject-introspection-devel
 BuildRequires:  harfbuzz-devel >= 2.0.0
 BuildRequires:  make
 BuildRequires:  pkgconfig
-BuildRequires:  rust
+BuildRequires:  rust < 1.85.0
 BuildRequires:  vala
 BuildRequires:  vala-devel
 BuildRequires:  vala-tools
@@ -125,6 +125,9 @@ rm -vrf %{buildroot}%{_docdir}
 %{_bindir}/rsvg-convert
 
 %changelog
+* Mon Apr 21 2025 Kavya Sree Kaitepalli  - 2.58.1-2
+- Pin rust version
+
 * Tue Jun 04 2024 Nicolas Guibourge  - 2.58.1-1
 - Upgrade to 2.58.1
 
diff --git a/SPECS/libsepol/libsepol.spec b/SPECS/libsepol/libsepol.spec
index b70fdb33d5..d7b5e12e77 100644
--- a/SPECS/libsepol/libsepol.spec
+++ b/SPECS/libsepol/libsepol.spec
@@ -1,7 +1,7 @@
 Summary:        SELinux binary policy manipulation library
 Name:           libsepol
 Version:        3.6
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -62,8 +62,7 @@ mkdir -p %{buildroot}%{_mandir}/man8
 
 rm -f %{buildroot}%{_bindir}/genpolbools
 rm -f %{buildroot}%{_bindir}/genpolusers
-rm -f %{buildroot}%{_bindir}/chkcon
-rm -rf %{buildroot}%{_mandir}/man8
+rm -rf %{buildroot}%{_mandir}/man8/genpol*
 rm -rf %{buildroot}%{_mandir}/ru/man8
 
 %post
@@ -94,8 +93,14 @@ exit 0
 %{_includedir}/sepol/*.h
 %{_includedir}/sepol/cil/*.h
 %{_mandir}/man3/*.3.gz
+%{_mandir}/man8/*.8.gz
+%{_bindir}/chkcon
 
 %changelog
+* Wed Apr 02 2025 Chris PeBenito  - 3.6-2
+- Install the chkcon binary into the devel package as it is needed by selinux-policy
+  builds starting with 2.20250213.
+
 * Tue Feb 06 2024 Cameron Baird  - 3.6-1
 - Upgrade to version 3.6
 
diff --git a/SPECS/libsndfile/CVE-2024-50612.patch b/SPECS/libsndfile/CVE-2024-50612.patch
new file mode 100644
index 0000000000..e826d81ae6
--- /dev/null
+++ b/SPECS/libsndfile/CVE-2024-50612.patch
@@ -0,0 +1,410 @@
+From 13fe62d29a193d8d599cad40c9fae5fd5c7d0c35 Mon Sep 17 00:00:00 2001
+From: Arthur Taylor 
+Date: Fri, 15 Nov 2024 19:46:53 -0800
+Subject: [PATCH] src/ogg: better error checking for vorbis. Fixes #1035
+
+Signed-off-by: Muhammad Falak R Wani 
+---
+ src/ogg.c        |  12 ++--
+ src/ogg_opus.c   |  17 +++--
+ src/ogg_vorbis.c | 170 ++++++++++++++++++++++++++---------------------
+ 3 files changed, 114 insertions(+), 85 deletions(-)
+
+diff --git a/src/ogg.c b/src/ogg.c
+index 8cd4379..534c8f7 100644
+--- a/src/ogg.c
++++ b/src/ogg.c
+@@ -211,12 +211,16 @@ ogg_read_first_page (SF_PRIVATE *psf, OGG_PRIVATE *odata)
+ 
+ int
+ ogg_write_page (SF_PRIVATE *psf, ogg_page *page)
+-{	int bytes ;
++{	int n ;
+ 
+-	bytes = psf_fwrite (page->header, 1, page->header_len, psf) ;
+-	bytes += psf_fwrite (page->body, 1, page->body_len, psf) ;
++	n = psf_fwrite (page->header, 1, page->header_len, psf) ;
++	if (n == page->header_len)
++		n += psf_fwrite (page->body, 1, page->body_len, psf) ;
+ 
+-	return bytes == page->header_len + page->body_len ;
++	if (n != page->body_len + page->header_len)
++		return -1 ;
++
++	return n ;
+ } /* ogg_write_page */
+ 
+ sf_count_t
+diff --git a/src/ogg_opus.c b/src/ogg_opus.c
+index c938362..bfc9923 100644
+--- a/src/ogg_opus.c
++++ b/src/ogg_opus.c
+@@ -827,15 +827,16 @@ ogg_opus_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
+ 
+ 	/* The first page MUST only contain the header, so flush it out now */
+ 	ogg_stream_packetin (&odata->ostream, &op) ;
+-	for ( ; (nn = ogg_stream_flush (&odata->ostream, &odata->opage)) ; )
+-	{	if (! (nn = ogg_write_page (psf, &odata->opage)))
++	while (ogg_stream_flush (&odata->ostream, &odata->opage))
++	{	nn = ogg_write_page (psf, &odata->opage) ;
++		if (nn < 0)
+ 		{	psf_log_printf (psf, "Opus : Failed to write header!\n") ;
+ 			if (psf->error)
+ 				return psf->error ;
+ 			return SFE_INTERNAL ;
+ 			} ;
+ 		psf->dataoffset += nn ;
+-		}
++		} ;
+ 
+ 	/*
+ 	** Metadata Tags (manditory)
+@@ -850,15 +851,16 @@ ogg_opus_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
+ 	vorbiscomment_write_tags (psf, &op, &opustags_ident, opus_get_version_string (), - (OGG_OPUS_COMMENT_PAD)) ;
+ 	op.packetno = 2 ;
+ 	ogg_stream_packetin (&odata->ostream, &op) ;
+-	for ( ; (nn = ogg_stream_flush (&odata->ostream, &odata->opage)) ; )
+-	{	if (! (nn = ogg_write_page (psf, &odata->opage)))
++	while (ogg_stream_flush (&odata->ostream, &odata->opage))
++	{	nn = ogg_write_page (psf, &odata->opage) ;
++		if (nn < 0)
+ 		{	psf_log_printf (psf, "Opus : Failed to write comments!\n") ;
+ 			if (psf->error)
+ 				return psf->error ;
+ 			return SFE_INTERNAL ;
+ 			} ;
+ 		psf->dataoffset += nn ;
+-		}
++		} ;
+ 
+ 	return 0 ;
+ } /* ogg_opus_write_header */
+@@ -1132,7 +1134,8 @@ ogg_opus_write_out (SF_PRIVATE *psf, OGG_PRIVATE *odata, OPUS_PRIVATE *oopus)
+ 		if (nbytes > 0)
+ 		{	oopus->u.encode.last_segments -= ogg_page_segments (&odata->opage) ;
+ 			oopus->pg_pos = oopus->pkt_pos ;
+-			ogg_write_page (psf, &odata->opage) ;
++			if (ogg_write_page (psf, &odata->opage) < 0)
++				return -1 ;
+ 			}
+ 		else
+ 			break ;
+diff --git a/src/ogg_vorbis.c b/src/ogg_vorbis.c
+index f9428ed..2cdbed3 100644
+--- a/src/ogg_vorbis.c
++++ b/src/ogg_vorbis.c
+@@ -82,28 +82,6 @@
+ /* How many seconds in the future to not bother bisection searching for. */
+ #define VORBIS_SEEK_THRESHOLD 2
+ 
+-typedef int convert_func (SF_PRIVATE *psf, int, void *, int, int, float **) ;
+-
+-static int	vorbis_read_header (SF_PRIVATE *psf) ;
+-static int	vorbis_write_header (SF_PRIVATE *psf, int calc_length) ;
+-static int	vorbis_close (SF_PRIVATE *psf) ;
+-static int	vorbis_command (SF_PRIVATE *psf, int command, void *data, int datasize) ;
+-static int	vorbis_byterate (SF_PRIVATE *psf) ;
+-static int	vorbis_calculate_granulepos (SF_PRIVATE *psf, uint64_t *gp_out) ;
+-static int	vorbis_skip (SF_PRIVATE *psf, uint64_t target_gp) ;
+-static int	vorbis_seek_trysearch (SF_PRIVATE *psf, uint64_t target_gp) ;
+-static sf_count_t	vorbis_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) ;
+-static sf_count_t	vorbis_read_s (SF_PRIVATE *psf, short *ptr, sf_count_t len) ;
+-static sf_count_t	vorbis_read_i (SF_PRIVATE *psf, int *ptr, sf_count_t len) ;
+-static sf_count_t	vorbis_read_f (SF_PRIVATE *psf, float *ptr, sf_count_t len) ;
+-static sf_count_t	vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t len) ;
+-static sf_count_t	vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t len) ;
+-static sf_count_t	vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t len) ;
+-static sf_count_t	vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t len) ;
+-static sf_count_t	vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t len) ;
+-static sf_count_t	vorbis_read_sample (SF_PRIVATE *psf, void *ptr, sf_count_t lens, convert_func *transfn) ;
+-static int	vorbis_rnull (SF_PRIVATE *psf, int samples, void *vptr, int off , int channels, float **pcm) ;
+-
+ typedef struct
+ {	int id ;
+ 	const char *name ;
+@@ -145,6 +123,45 @@ typedef struct
+ 	sf_count_t last_page ;
+ } VORBIS_PRIVATE ;
+ 
++typedef int convert_func (SF_PRIVATE *psf, int, void *, int, int, float **) ;
++
++static int	vorbis_read_header (SF_PRIVATE *psf) ;
++static int	vorbis_write_header (SF_PRIVATE *psf, int calc_length) ;
++static int	vorbis_close (SF_PRIVATE *psf) ;
++static int	vorbis_command (SF_PRIVATE *psf, int command, void *data, int datasize) ;
++static int	vorbis_byterate (SF_PRIVATE *psf) ;
++static int	vorbis_calculate_granulepos (SF_PRIVATE *psf, uint64_t *gp_out) ;
++static int	vorbis_skip (SF_PRIVATE *psf, uint64_t target_gp) ;
++static int	vorbis_seek_trysearch (SF_PRIVATE *psf, uint64_t target_gp) ;
++static sf_count_t	vorbis_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) ;
++static sf_count_t	vorbis_read_s (SF_PRIVATE *psf, short *ptr, sf_count_t len) ;
++static sf_count_t	vorbis_read_i (SF_PRIVATE *psf, int *ptr, sf_count_t len) ;
++static sf_count_t	vorbis_read_f (SF_PRIVATE *psf, float *ptr, sf_count_t len) ;
++static sf_count_t	vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t len) ;
++static sf_count_t	vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t len) ;
++static sf_count_t	vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t len) ;
++static sf_count_t	vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t len) ;
++static sf_count_t	vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t len) ;
++static sf_count_t	vorbis_read_sample (SF_PRIVATE *psf, void *ptr, sf_count_t lens, convert_func *transfn) ;
++static int	vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata, int in_frames) ;
++static int	vorbis_rnull (SF_PRIVATE *psf, int samples, void *vptr, int off , int channels, float **pcm) ;
++static void	vorbis_log_error (SF_PRIVATE *psf, int error) ;
++
++
++static void
++vorbis_log_error(SF_PRIVATE *psf, int error) {
++	switch (error)
++	{	case 0: return;
++		case OV_EIMPL:		psf->error = SFE_UNIMPLEMENTED ; break ;
++		case OV_ENOTVORBIS:	psf->error = SFE_MALFORMED_FILE ; break ;
++		case OV_EBADHEADER:	psf->error = SFE_MALFORMED_FILE ; break ;
++		case OV_EVERSION:	psf->error = SFE_UNSUPPORTED_ENCODING ; break ;
++		case OV_EFAULT:
++		case OV_EINVAL:
++		default: psf->error = SFE_INTERNAL ;
++		} ;
++} ;
++
+ static int
+ vorbis_read_header (SF_PRIVATE *psf)
+ {	OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+@@ -380,7 +397,6 @@ vorbis_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
+ 	{	ogg_packet header ;
+ 		ogg_packet header_comm ;
+ 		ogg_packet header_code ;
+-		int result ;
+ 
+ 		vorbis_analysis_headerout (&vdata->vdsp, &vdata->vcomment, &header, &header_comm, &header_code) ;
+ 		ogg_stream_packetin (&odata->ostream, &header) ; /* automatically placed in its own page */
+@@ -390,9 +406,9 @@ vorbis_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
+ 		/* This ensures the actual
+ 		 * audio data will start on a new page, as per spec
+ 		 */
+-		while ((result = ogg_stream_flush (&odata->ostream, &odata->opage)) != 0)
+-		{	ogg_write_page (psf, &odata->opage) ;
+-			} ;
++		while (ogg_stream_flush (&odata->ostream, &odata->opage))
++			if (ogg_write_page (psf, &odata->opage) < 0)
++				return -1 ;
+ 	}
+ 
+ 	return 0 ;
+@@ -402,6 +418,7 @@ static int
+ vorbis_close (SF_PRIVATE *psf)
+ {	OGG_PRIVATE* odata = psf->container_data ;
+ 	VORBIS_PRIVATE *vdata = psf->codec_data ;
++	int ret = 0 ;
+ 
+ 	if (odata == NULL || vdata == NULL)
+ 		return 0 ;
+@@ -412,34 +429,14 @@ vorbis_close (SF_PRIVATE *psf)
+ 	if (psf->file.mode == SFM_WRITE)
+ 	{
+ 		if (psf->write_current <= 0)
+-			vorbis_write_header (psf, 0) ;
+-
+-		vorbis_analysis_wrote (&vdata->vdsp, 0) ;
+-		while (vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock) == 1)
+-		{
++			ret = vorbis_write_header (psf, 0) ;
+ 
+-		/* analysis, assume we want to use bitrate management */
+-			vorbis_analysis (&vdata->vblock, NULL) ;
+-			vorbis_bitrate_addblock (&vdata->vblock) ;
+-
+-			while (vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket))
+-			{	/* weld the packet into the bitstream */
+-				ogg_stream_packetin (&odata->ostream, &odata->opacket) ;
+-
+-				/* write out pages (if any) */
+-				while (!odata->eos)
+-				{	int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
+-					if (result == 0) break ;
+-					ogg_write_page (psf, &odata->opage) ;
+-
+-		/* this could be set above, but for illustrative purposes, I do
+-		   it here (to show that vorbis does know where the stream ends) */
+-
+-					if (ogg_page_eos (&odata->opage)) odata->eos = 1 ;
+-				}
+-			}
+-		}
+-	}
++		if (ret == 0)
++		{	/* A write of zero samples tells Vorbis the stream is done and to
++			   flush. */
++			ret = vorbis_write_samples (psf, odata, vdata, 0) ;
++			} ;
++		} ;
+ 
+ 	/* ogg_page and ogg_packet structs always point to storage in
+ 	   libvorbis.  They are never freed or manipulated directly */
+@@ -449,7 +446,7 @@ vorbis_close (SF_PRIVATE *psf)
+ 	vorbis_comment_clear (&vdata->vcomment) ;
+ 	vorbis_info_clear (&vdata->vinfo) ;
+ 
+-	return 0 ;
++	return ret ;
+ } /* vorbis_close */
+ 
+ int
+@@ -688,33 +685,40 @@ vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t lens)
+ /*==============================================================================
+ */
+ 
+-static void
++static int
+ vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata, int in_frames)
+-{
+-	vorbis_analysis_wrote (&vdata->vdsp, in_frames) ;
++{	int ret ;
++
++	if ((ret = vorbis_analysis_wrote (&vdata->vdsp, in_frames)) != 0)
++		return ret ;
+ 
+ 	/*
+ 	**	Vorbis does some data preanalysis, then divvies up blocks for
+ 	**	more involved (potentially parallel) processing. Get a single
+ 	**	block for encoding now.
+ 	*/
+-	while (vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock) == 1)
++	while ((ret = vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock)) == 1)
+ 	{
+ 		/* analysis, assume we want to use bitrate management */
+-		vorbis_analysis (&vdata->vblock, NULL) ;
+-		vorbis_bitrate_addblock (&vdata->vblock) ;
++		if ((ret = vorbis_analysis (&vdata->vblock, NULL)) != 0)
++			return ret ;
++		if ((ret = vorbis_bitrate_addblock (&vdata->vblock)) != 0)
++			return ret ;
+ 
+-		while (vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket))
++		while ((ret = vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket)) == 1)
+ 		{
+ 			/* weld the packet into the bitstream */
+-			ogg_stream_packetin (&odata->ostream, &odata->opacket) ;
++			if ((ret = ogg_stream_packetin (&odata->ostream, &odata->opacket)) != 0)
++				return ret ;
+ 
+ 			/* write out pages (if any) */
+ 			while (!odata->eos)
+-			{	int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
+-				if (result == 0)
++			{	ret = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
++				if (ret == 0)
+ 					break ;
+-				ogg_write_page (psf, &odata->opage) ;
++
++				if (ogg_write_page (psf, &odata->opage) < 0)
++					return -1 ;
+ 
+ 				/*	This could be set above, but for illustrative purposes, I do
+ 				**	it here (to show that vorbis does know where the stream ends) */
+@@ -722,16 +726,22 @@ vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata
+ 					odata->eos = 1 ;
+ 				} ;
+ 			} ;
++		if (ret != 0)
++			return ret ;
+ 		} ;
++	if (ret != 0)
++		return ret ;
+ 
+ 	vdata->gp += in_frames ;
++
++	return 0 ;
+ } /* vorbis_write_data */
+ 
+ 
+ static sf_count_t
+ vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t lens)
+ {
+-	int i, m, j = 0 ;
++	int i, m, j = 0, ret ;
+ 	OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+ 	VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
+ 	int in_frames = lens / psf->sf.channels ;
+@@ -740,14 +750,17 @@ vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t lens)
+ 		for (m = 0 ; m < psf->sf.channels ; m++)
+ 			buffer [m][i] = (float) (ptr [j++]) / 32767.0f ;
+ 
+-	vorbis_write_samples (psf, odata, vdata, in_frames) ;
++	if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)))
++	{	vorbis_log_error (psf, ret) ;
++		return 0 ;
++		} ;
+ 
+ 	return lens ;
+ } /* vorbis_write_s */
+ 
+ static sf_count_t
+ vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t lens)
+-{	int i, m, j = 0 ;
++{	int i, m, j = 0, ret ;
+ 	OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+ 	VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
+ 	int in_frames = lens / psf->sf.channels ;
+@@ -756,14 +769,17 @@ vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t lens)
+ 		for (m = 0 ; m < psf->sf.channels ; m++)
+ 			buffer [m][i] = (float) (ptr [j++]) / 2147483647.0f ;
+ 
+-	vorbis_write_samples (psf, odata, vdata, in_frames) ;
++	if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)))
++	{	vorbis_log_error (psf, ret) ;
++		return 0 ;
++		} ;
+ 
+ 	return lens ;
+ } /* vorbis_write_i */
+ 
+ static sf_count_t
+ vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t lens)
+-{	int i, m, j = 0 ;
++{	int i, m, j = 0, ret ;
+ 	OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+ 	VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
+ 	int in_frames = lens / psf->sf.channels ;
+@@ -772,14 +788,17 @@ vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t lens)
+ 		for (m = 0 ; m < psf->sf.channels ; m++)
+ 			buffer [m][i] = ptr [j++] ;
+ 
+-	vorbis_write_samples (psf, odata, vdata, in_frames) ;
++	if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)) != 0)
++	{	vorbis_log_error (psf, ret) ;
++		return 0 ;
++		} ;
+ 
+ 	return lens ;
+ } /* vorbis_write_f */
+ 
+ static sf_count_t
+ vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t lens)
+-{	int i, m, j = 0 ;
++{	int i, m, j = 0, ret ;
+ 	OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+ 	VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
+ 	int in_frames = lens / psf->sf.channels ;
+@@ -788,7 +807,10 @@ vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t lens)
+ 		for (m = 0 ; m < psf->sf.channels ; m++)
+ 			buffer [m][i] = (float) ptr [j++] ;
+ 
+-	vorbis_write_samples (psf, odata, vdata, in_frames) ;
++	if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)) != 0)
++	{	vorbis_log_error (psf, ret) ;
++		return 0 ;
++		} ;
+ 
+ 	return lens ;
+ } /* vorbis_write_d */
+@@ -884,7 +906,7 @@ vorbis_seek_trysearch (SF_PRIVATE *psf, uint64_t target_gp)
+ 		return 0 ;
+ 
+ 	/*	Search for a position a half large-block before our target. As Vorbis is
+-	**	lapped, every sample position come from two blocks, the "left" half of
++	**	lapped, every sample position comes from two blocks, the "left" half of
+ 	**	one block and the "right" half of the previous block.  The granule
+ 	**	position of an Ogg page of a Vorbis stream is the sample offset of the
+ 	**	last finished sample in the stream that can be decoded from a page.  A
+-- 
+2.45.2
+
diff --git a/SPECS/libsndfile/libsndfile.spec b/SPECS/libsndfile/libsndfile.spec
index 3f51c43121..a0f95ac1d8 100644
--- a/SPECS/libsndfile/libsndfile.spec
+++ b/SPECS/libsndfile/libsndfile.spec
@@ -1,7 +1,7 @@
 Summary:        Library for reading and writing sound files
 Name:           libsndfile
 Version:        1.2.2
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        BSD AND GPLv2+ AND LGPLv2+ AND MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -15,6 +15,7 @@ Patch1:         revert.patch
 # See here for more details: https://github.com/libsndfile/libsndfile/issues/398.
 Patch100:       CVE-2018-13419.nopatch
 Patch101:       CVE-2022-33065.patch
+Patch102:       CVE-2024-50612.patch
 
 BuildRequires:  alsa-lib-devel
 BuildRequires:  autogen
@@ -139,6 +140,9 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
 %{_libdir}/pkgconfig/sndfile.pc
 
 %changelog
+* Tue Jan 07 2025 Muhammad Falak  - 1.2.2-3
+- Patch CVE-2024-50612
+
 * Fri Aug 23 2024 Sumedh Sharma  - 1.2.2-2
 - Add patch to resolve CVE-2022-33065
 
diff --git a/SPECS/libsolv/libsolv.spec b/SPECS/libsolv/libsolv.spec
index fa48d7e52e..1dff9bfa32 100644
--- a/SPECS/libsolv/libsolv.spec
+++ b/SPECS/libsolv/libsolv.spec
@@ -1,7 +1,7 @@
 Summary:        A free package dependency solver
 Name:           libsolv
 Version:        0.7.28
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        BSD
 URL:            https://github.com/openSUSE/libsolv
 Source0:        https://github.com/openSUSE/libsolv/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -49,6 +49,7 @@ Requires:       xz
     -DENABLE_RPMDB_LIBRPM=ON            \
     -DENABLE_RPMMD=ON                   \
     -DENABLE_COMPS=ON                   \
+    -DENABLE_CONDA=ON                   \
     -DENABLE_ZSTD_COMPRESSION=ON
 %make_build
 
@@ -79,6 +80,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_mandir}/man1/*
 
 %changelog
+* Fri April 11 2025 Riken Maharjan  - 0.7.28-3
+- Enable conda support.
+
 * Wed Sep 04 2024 Reuben Olinsky  - 0.7.28-2
 - Enable zstd support to match createrepo_c.
 
diff --git a/SPECS/libsoup/CVE-2025-2784.patch b/SPECS/libsoup/CVE-2025-2784.patch
new file mode 100644
index 0000000000..5eb690a50e
--- /dev/null
+++ b/SPECS/libsoup/CVE-2025-2784.patch
@@ -0,0 +1,134 @@
+From 0cd5cb7d61ec22b60ce21f84f91a1d8da930eff6 Mon Sep 17 00:00:00 2001
+From: Kshitiz Godara 
+Date: Sun, 4 May 2025 12:46:20 +0000
+Subject: [PATCH 1/6] Combined two patches to address CVE-2025-2784
+
+Upstream references:
+https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435/diffs
+https://gitlab.gnome.org/GNOME/libsoup/-/commit/c415ad0b6771992e66c70edf373566c6e247089d
+---
+ .../content-sniffer/soup-content-sniffer.c    | 10 ++--
+ tests/meson.build                             |  4 +-
+ tests/sniffing-test.c                         | 48 +++++++++++++++++++
+ 3 files changed, 56 insertions(+), 6 deletions(-)
+
+diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c
+index 2351c3f..150d285 100644
+--- a/libsoup/content-sniffer/soup-content-sniffer.c
++++ b/libsoup/content-sniffer/soup-content-sniffer.c
+@@ -638,8 +638,11 @@ sniff_text_or_binary (SoupContentSniffer *sniffer, GBytes *buffer)
+ }
+ 
+ static gboolean
+-skip_insignificant_space (const char *resource, int *pos, int resource_length)
++skip_insignificant_space (const char *resource, gsize *pos, gsize resource_length)
+ {
++        if (*pos >= resource_length)
++	        return TRUE;
++
+ 	while ((resource[*pos] == '\x09') ||
+ 	       (resource[*pos] == '\x20') ||
+ 	       (resource[*pos] == '\x0A') ||
+@@ -659,7 +662,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer)
+ 	gsize resource_length;
+ 	const char *resource = g_bytes_get_data (buffer, &resource_length);
+ 	resource_length = MIN (512, resource_length);
+-	int pos = 0;
++	gsize pos = 0;
+ 
+ 	if (resource_length < 3)
+ 		goto text_html;
+@@ -669,9 +672,6 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer)
+ 		pos = 3;
+ 
+  look_for_tag:
+-	if (pos > resource_length)
+-		goto text_html;
+-
+ 	if (skip_insignificant_space (resource, &pos, resource_length))
+ 		goto text_html;
+ 
+diff --git a/tests/meson.build b/tests/meson.build
+index 9bf88be..b4112ec 100644
+--- a/tests/meson.build
++++ b/tests/meson.build
+@@ -94,7 +94,9 @@ tests = [
+   {'name': 'session'},
+   {'name': 'server-auth'},
+   {'name': 'server'},
+-  {'name': 'sniffing'},
++  {'name': 'sniffing',
++    'depends': [test_resources],
++  },
+   {'name': 'ssl',
+    'dependencies': [gnutls_dep],
+    'depends': mock_pkcs11_module,
+diff --git a/tests/sniffing-test.c b/tests/sniffing-test.c
+index 6116719..7857732 100644
+--- a/tests/sniffing-test.c
++++ b/tests/sniffing-test.c
+@@ -342,6 +342,52 @@ test_disabled (gconstpointer data)
+ 	g_uri_unref (uri);
+ }
+ 
++static const gsize MARKUP_LENGTH = strlen ("");
++
++static void
++do_skip_whitespace_test (void)
++{
++        SoupContentSniffer *sniffer = soup_content_sniffer_new ();
++        SoupMessage *msg = soup_message_new (SOUP_METHOD_GET, "http://example.org");
++        const char *test_cases[] = {
++                "",
++                "$trailing_data
++                memcpy (p, "", strlen ("-->"));
++                p += strlen ("-->");
++                if (strlen (trailing_data))
++                        memcpy (p, trailing_data, strlen (trailing_data));
++                // Purposefully not NUL terminated.                
++
++                buffer = g_bytes_new_take (g_steal_pointer (&data), testsize);
++                content_type = soup_content_sniffer_sniff (sniffer, msg, buffer, NULL);
++
++                g_free (content_type);
++                g_bytes_unref (buffer);
++        }
++
++        g_object_unref (msg);
++        g_object_unref (sniffer);
++}
++
+ int
+ main (int argc, char **argv)
+ {
+@@ -517,6 +563,8 @@ main (int argc, char **argv)
+ 			      "/text_or_binary/home.gif",
+ 			      test_disabled);
+ 
++	g_test_add_func ("/sniffing/whitespace", do_skip_whitespace_test);
++
+ 	ret = g_test_run ();
+ 
+ 	g_uri_unref (base_uri);
+-- 
+2.45.3
+
diff --git a/SPECS/libsoup/CVE-2025-32050.patch b/SPECS/libsoup/CVE-2025-32050.patch
new file mode 100644
index 0000000000..ae910906bc
--- /dev/null
+++ b/SPECS/libsoup/CVE-2025-32050.patch
@@ -0,0 +1,27 @@
+From 2825634dd081a3af1800d6967ba0991f3def3347 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis 
+Date: Mon, 28 Oct 2024 12:29:48 -0500
+Subject: [PATCH 3/6] Fix using int instead of size_t for strcspn return
+
+Upstream reference:
+https://gitlab.gnome.org/GNOME/libsoup/-/commit/9bb0a55de55c6940ced811a64fbca82fe93a9323
+---
+ libsoup/soup-headers.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index 8382b8f..4468415 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -907,7 +907,7 @@ append_param_quoted (GString    *string,
+ 		     const char *name,
+ 		     const char *value)
+ {
+-	int len;
++	gsize len;
+ 
+ 	g_string_append (string, name);
+ 	g_string_append (string, "=\"");
+-- 
+2.45.3
+
diff --git a/SPECS/libsoup/CVE-2025-32051.patch b/SPECS/libsoup/CVE-2025-32051.patch
new file mode 100644
index 0000000000..928699b9f1
--- /dev/null
+++ b/SPECS/libsoup/CVE-2025-32051.patch
@@ -0,0 +1,48 @@
+From 206e54eb90bdc53faed29e04d26373433b6605f6 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis 
+Date: Fri, 22 Nov 2024 13:39:51 -0600
+Subject: [PATCH 4/6] soup_uri_decode_data_uri(): Handle URIs with a path
+ starting with //
+
+Upstream reference:
+https://gitlab.gnome.org/GNOME/libsoup/-/commit/79cfd65c9bd8024cd45dd725c284766329873709
+https://gitlab.gnome.org/GNOME/libsoup/-/commit/0713ba4a719da938dc8facc89fca99cd0aa3069f
+---
+ libsoup/soup-uri-utils.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/libsoup/soup-uri-utils.c b/libsoup/soup-uri-utils.c
+index be2b79b..ad70fe6 100644
+--- a/libsoup/soup-uri-utils.c
++++ b/libsoup/soup-uri-utils.c
+@@ -286,6 +286,7 @@ soup_uri_decode_data_uri (const char *uri,
+         gboolean base64 = FALSE;
+         char *uri_string;
+         GBytes *bytes;
++        const char *path;
+ 
+         g_return_val_if_fail (uri != NULL, NULL);
+ 
+@@ -300,9 +301,19 @@ soup_uri_decode_data_uri (const char *uri,
+ 
+         if (content_type)
+                 *content_type = NULL;
++        /* g_uri_to_string() is picky about paths that start with `//` and will assert. */
++        path = g_uri_get_path (soup_uri);
++        if (path[0] == '/' && path[1] == '/') {
++                g_uri_unref (soup_uri);
++                return NULL;
++        }
++
+ 
+         uri_string = g_uri_to_string (soup_uri);
+         g_uri_unref (soup_uri);
++        if (!uri_string)
++                return NULL;
++
+ 
+         start = uri_string + 5;
+         comma = strchr (start, ',');
+-- 
+2.45.3
+
diff --git a/SPECS/libsoup/CVE-2025-32052.patch b/SPECS/libsoup/CVE-2025-32052.patch
new file mode 100644
index 0000000000..41ea472059
--- /dev/null
+++ b/SPECS/libsoup/CVE-2025-32052.patch
@@ -0,0 +1,29 @@
+From 81ae25238849867f6197e22ec42f5bb4dcb7b8ad Mon Sep 17 00:00:00 2001
+From: Patrick Griffis 
+Date: Sat, 16 Nov 2024 12:07:30 -0600
+Subject: [PATCH 2/6] Fix heap buffer overflow in soup_content_sniffer_sniff
+
+Co-Author: Ar Jun 
+
+Upstream reference:
+https://gitlab.gnome.org/GNOME/libsoup/-/commit/f182429e5b1fc034050510da20c93256c4fa9652
+---
+ libsoup/content-sniffer/soup-content-sniffer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c
+index 150d285..a772c7c 100644
+--- a/libsoup/content-sniffer/soup-content-sniffer.c
++++ b/libsoup/content-sniffer/soup-content-sniffer.c
+@@ -529,7 +529,7 @@ sniff_unknown (SoupContentSniffer *sniffer, GBytes *buffer,
+ 			guint index_pattern = 0;
+ 			gboolean skip_row = FALSE;
+ 
+-			while ((index_stream < resource_length) &&
++			while ((index_stream < resource_length - 1) &&
+ 			       (index_pattern <= type_row->pattern_length)) {
+ 				/* Skip insignificant white space ("WS" in the spec) */
+ 				if (type_row->pattern[index_pattern] == ' ') {
+-- 
+2.45.3
+
diff --git a/SPECS/libsoup/CVE-2025-32053.patch b/SPECS/libsoup/CVE-2025-32053.patch
new file mode 100644
index 0000000000..5a49b386f2
--- /dev/null
+++ b/SPECS/libsoup/CVE-2025-32053.patch
@@ -0,0 +1,36 @@
+From eaed42ca8d40cd9ab63764e3d63641180505f40a Mon Sep 17 00:00:00 2001
+From: Ar Jun 
+Date: Mon, 18 Nov 2024 14:59:51 -0600
+Subject: [PATCH] Fix heap buffer overflow in
+ soup-content-sniffer.c:sniff_feed_or_html()
+
+Upstream patch reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/eaed42ca8d40cd9ab63764e3d63641180505f40a
+---
+ libsoup/content-sniffer/soup-content-sniffer.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c
+index b62e4888..5a181ff1 100644
+--- a/libsoup/content-sniffer/soup-content-sniffer.c
++++ b/libsoup/content-sniffer/soup-content-sniffer.c
+@@ -641,7 +641,7 @@ skip_insignificant_space (const char *resource, int *pos, int resource_length)
+ 	       (resource[*pos] == '\x0D')) {
+ 		*pos = *pos + 1;
+ 
+-		if (*pos > resource_length)
++		if (*pos >= resource_length)
+ 			return TRUE;
+ 	}
+ 
+@@ -704,7 +704,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer)
+ 		do {
+ 			pos++;
+ 
+-			if (pos > resource_length)
++			if ((pos + 1) > resource_length)
+ 				goto text_html;
+ 		} while (resource[pos] != '>');
+ 
+-- 
+GitLab
+
diff --git a/SPECS/libsoup/CVE-2025-32906.patch b/SPECS/libsoup/CVE-2025-32906.patch
new file mode 100644
index 0000000000..32c9cfb238
--- /dev/null
+++ b/SPECS/libsoup/CVE-2025-32906.patch
@@ -0,0 +1,38 @@
+From e0831346d685ee907065fa5e489e133f8ca12013 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis 
+Date: Wed, 12 Feb 2025 11:30:02 -0600
+Subject: [PATCH] headers: Handle parsing only newlines
+
+Closes #404
+Closes #407
+
+Link: https://gitlab.gnome.org/GNOME/libsoup/-/commit/af5b9a4a3945c52b940d5ac181ef51bb12011f1f.patch
+---
+ libsoup/soup-headers.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index a0cf351..88aafc9 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -193,7 +193,7 @@ soup_headers_parse_request (const char          *str,
+ 	/* RFC 2616 4.1 "servers SHOULD ignore any empty line(s)
+ 	 * received where a Request-Line is expected."
+ 	 */
+-	while ((*str == '\r' || *str == '\n') && len > 0) {
++	while (len > 0 && (*str == '\r' || *str == '\n')) {
+ 		str++;
+ 		len--;
+ 	}
+@@ -378,7 +378,7 @@ soup_headers_parse_response (const char          *str,
+ 	 * after a response, which we then see prepended to the next
+ 	 * response on that connection.
+ 	 */
+-	while ((*str == '\r' || *str == '\n') && len > 0) {
++	while (len > 0 && (*str == '\r' || *str == '\n')) {
+ 		str++;
+ 		len--;
+ 	}
+-- 
+2.34.1
+
diff --git a/SPECS/libsoup/CVE-2025-32908.patch b/SPECS/libsoup/CVE-2025-32908.patch
new file mode 100644
index 0000000000..3d6de62507
--- /dev/null
+++ b/SPECS/libsoup/CVE-2025-32908.patch
@@ -0,0 +1,83 @@
+From a792b23ab87cacbf4dd9462bf7b675fa678efbae Mon Sep 17 00:00:00 2001
+From: Milan Crha 
+Date: Tue, 15 Apr 2025 09:59:05 +0200
+Subject: [PATCH] soup-server-http2: Check validity of the constructed
+ connection URI
+
+The HTTP/2 pseudo-headers can contain invalid values, which the GUri rejects
+and returns NULL, but the soup-server did not check the validity and could
+abort the server itself later in the code.
+
+Closes #429
+---
+ .../http2/soup-server-message-io-http2.c      |  4 +++
+ tests/http2-test.c                            | 28 +++++++++++++++++++
+ 2 files changed, 32 insertions(+)
+
+diff --git a/libsoup/server/http2/soup-server-message-io-http2.c b/libsoup/server/http2/soup-server-message-io-http2.c
+index 943ecfd3..f1fe2d5c 100644
+--- a/libsoup/server/http2/soup-server-message-io-http2.c
++++ b/libsoup/server/http2/soup-server-message-io-http2.c
+@@ -771,9 +771,13 @@ on_frame_recv_callback (nghttp2_session     *session,
+                 char *uri_string;
+                 GUri *uri;
+ 
++		if (msg_io->scheme == NULL || msg_io->authority == NULL || msg_io->path == NULL)
++			return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
+                 uri_string = g_strdup_printf ("%s://%s%s", msg_io->scheme, msg_io->authority, msg_io->path);
+                 uri = g_uri_parse (uri_string, SOUP_HTTP_URI_FLAGS, NULL);
+                 g_free (uri_string);
++		if (uri == NULL)
++			return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
+                 soup_server_message_set_uri (msg_io->msg, uri);
+                 g_uri_unref (uri);
+ 
+diff --git a/tests/http2-test.c b/tests/http2-test.c
+index 5b6da5e4..ec7972fe 100644
+--- a/tests/http2-test.c
++++ b/tests/http2-test.c
+@@ -1341,6 +1341,30 @@ do_connection_closed_test (Test *test, gconstpointer data)
+         g_uri_unref (uri);
+ }
+ 
++static void
++do_broken_pseudo_header_test (Test *test, gconstpointer data)
++{
++	char *path;
++	SoupMessage *msg;
++	GUri *uri;
++	GBytes *body = NULL;
++	GError *error = NULL;
++
++	uri = g_uri_parse_relative (base_uri, "/ag", SOUP_HTTP_URI_FLAGS, NULL);
++
++	/* an ugly cheat to construct a broken URI, which can be sent from other libs */
++	path = (char *) g_uri_get_path (uri);
++	path[1] = '%';
++
++	msg = soup_message_new_from_uri (SOUP_METHOD_GET, uri);
++	body = soup_test_session_async_send (test->session, msg, NULL, &error);
++	g_assert_error (error, G_IO_ERROR, G_IO_ERROR_PARTIAL_INPUT);
++	g_assert_null (body);
++	g_clear_error (&error);
++	g_object_unref (msg);
++	g_uri_unref (uri);
++}
++
+ static gboolean
+ unpause_message (SoupServerMessage *msg)
+ {
+@@ -1662,6 +1686,10 @@ main (int argc, char **argv)
+                     setup_session,
+                     do_connection_closed_test,
+                     teardown_session);
++        g_test_add ("/http2/broken-pseudo-header", Test, NULL,
++                    setup_session,
++                    do_broken_pseudo_header_test,
++                    teardown_session);
+ 
+ 	ret = g_test_run ();
+ 
+-- 
+GitLab
+
diff --git a/SPECS/libsoup/CVE-2025-32909.patch b/SPECS/libsoup/CVE-2025-32909.patch
new file mode 100644
index 0000000000..c593b04d15
--- /dev/null
+++ b/SPECS/libsoup/CVE-2025-32909.patch
@@ -0,0 +1,34 @@
+From ba4c3a6f988beff59e45801ab36067293d24ce92 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis 
+Date: Wed, 8 Jan 2025 16:30:17 -0600
+Subject: [PATCH] content-sniffer: Handle sniffing resource shorter than 4
+ bytes
+
+Link: https://gitlab.gnome.org/GNOME/libsoup/-/commit/ba4c3a6f988beff59e45801ab36067293d24ce92.patch
+---
+ libsoup/content-sniffer/soup-content-sniffer.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c
+index 5a181ff1..aeee2e25 100644
+--- a/libsoup/content-sniffer/soup-content-sniffer.c
++++ b/libsoup/content-sniffer/soup-content-sniffer.c
+@@ -243,9 +243,14 @@ sniff_mp4 (SoupContentSniffer *sniffer, GBytes *buffer)
+ 	gsize resource_length;
+ 	const char *resource = g_bytes_get_data (buffer, &resource_length);
+ 	resource_length = MIN (512, resource_length);
+-	guint32 box_size = *((guint32*)resource);
++	guint32 box_size;
+ 	guint i;
+ 
++        if (resource_length < sizeof (guint32))
++                return FALSE;
++
++	box_size = *((guint32*)resource);
++
+ #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
+ 	box_size = ((box_size >> 24) |
+ 		    ((box_size << 8) & 0x00FF0000) |
+-- 
+GitLab
+
diff --git a/SPECS/libsoup/CVE-2025-32910.patch b/SPECS/libsoup/CVE-2025-32910.patch
new file mode 100644
index 0000000000..ba981eb8c1
--- /dev/null
+++ b/SPECS/libsoup/CVE-2025-32910.patch
@@ -0,0 +1,268 @@
+From e40df6d48a1cbab56f5d15016cc861a503423cfe Mon Sep 17 00:00:00 2001
+From: Patrick Griffis 
+Date: Sun, 8 Dec 2024 20:00:35 -0600
+Subject: [PATCH 1/3] auth-digest: Handle missing realm in authenticate header
+
+Link: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/417.patch
+---
+ libsoup/auth/soup-auth-digest.c |  3 ++
+ tests/auth-test.c               | 50 +++++++++++++++++++++++++++++++++
+ 2 files changed, 53 insertions(+)
+
+diff --git a/libsoup/auth/soup-auth-digest.c b/libsoup/auth/soup-auth-digest.c
+index 2e81849af..4f12e87a5 100644
+--- a/libsoup/auth/soup-auth-digest.c
++++ b/libsoup/auth/soup-auth-digest.c
+@@ -148,6 +148,9 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+ 	guint qop_options;
+ 	gboolean ok = TRUE;
+ 
++        if (!soup_auth_get_realm (auth))
++                return FALSE;
++
+ 	g_free (priv->domain);
+ 	g_free (priv->nonce);
+ 	g_free (priv->opaque);
+diff --git a/tests/auth-test.c b/tests/auth-test.c
+index 158fdac10..3066e904a 100644
+--- a/tests/auth-test.c
++++ b/tests/auth-test.c
+@@ -1866,6 +1866,55 @@ do_multiple_digest_algorithms (void)
+ 	soup_test_server_quit_unref (server);
+ }
+ 
++static void
++on_request_read_for_missing_realm (SoupServer        *server,
++                                   SoupServerMessage *msg,
++                                   gpointer           user_data)
++{
++        SoupMessageHeaders *response_headers = soup_server_message_get_response_headers (msg);
++        soup_message_headers_replace (response_headers, "WWW-Authenticate", "Digest qop=\"auth\"");
++}
++
++static void
++do_missing_realm_test (void)
++{
++        SoupSession *session;
++        SoupMessage *msg;
++        SoupServer *server;
++        SoupAuthDomain *digest_auth_domain;
++        gint status;
++        GUri *uri;
++
++        server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
++	soup_server_add_handler (server, NULL,
++				 server_callback, NULL, NULL);
++	uri = soup_test_server_get_uri (server, "http", NULL);
++
++	digest_auth_domain = soup_auth_domain_digest_new (
++		"realm", "auth-test",
++		"auth-callback", server_digest_auth_callback,
++		NULL);
++        soup_auth_domain_add_path (digest_auth_domain, "/");
++	soup_server_add_auth_domain (server, digest_auth_domain);
++        g_object_unref (digest_auth_domain);
++
++        g_signal_connect (server, "request-read",
++                          G_CALLBACK (on_request_read_for_missing_realm),
++                          NULL);
++
++        session = soup_test_session_new (NULL);
++        msg = soup_message_new_from_uri ("GET", uri);
++        g_signal_connect (msg, "authenticate",
++                          G_CALLBACK (on_digest_authenticate),
++                          NULL);
++
++        status = soup_test_session_send_message (session, msg);
++
++        g_assert_cmpint (status, ==, SOUP_STATUS_UNAUTHORIZED);
++	g_uri_unref (uri);
++	soup_test_server_quit_unref (server);
++}
++
+ int
+ main (int argc, char **argv)
+ {
+@@ -1899,6 +1948,7 @@ main (int argc, char **argv)
+ 	g_test_add_func ("/auth/auth-uri", do_auth_uri_test);
+         g_test_add_func ("/auth/cancel-request-on-authenticate", do_cancel_request_on_authenticate);
+         g_test_add_func ("/auth/multiple-algorithms", do_multiple_digest_algorithms);
++        g_test_add_func ("/auth/missing-realm", do_missing_realm_test);
+ 
+ 	ret = g_test_run ();
+ 
+-- 
+GitLab
+
+
+From 405a8a34597a44bd58c4759e7d5e23f02c3b556a Mon Sep 17 00:00:00 2001
+From: Patrick Griffis 
+Date: Thu, 26 Dec 2024 18:18:35 -0600
+Subject: [PATCH 2/3] auth-digest: Handle missing nonce
+
+---
+ libsoup/auth/soup-auth-digest.c | 45 +++++++++++++++++++++++++--------
+ tests/auth-test.c               | 19 ++++++++------
+ 2 files changed, 46 insertions(+), 18 deletions(-)
+
+diff --git a/libsoup/auth/soup-auth-digest.c b/libsoup/auth/soup-auth-digest.c
+index 4f12e87a5..350bfde69 100644
+--- a/libsoup/auth/soup-auth-digest.c
++++ b/libsoup/auth/soup-auth-digest.c
+@@ -138,6 +138,19 @@ soup_auth_digest_get_qop (SoupAuthDigestQop qop)
+ 	return g_string_free (out, FALSE);
+ }
+ 
++static gboolean
++validate_params (SoupAuthDigest *auth_digest)
++{
++        SoupAuthDigestPrivate *priv = soup_auth_digest_get_instance_private (auth_digest);
++
++        if (priv->qop || priv->algorithm == SOUP_AUTH_DIGEST_ALGORITHM_MD5_SESS) {
++                if (!priv->nonce)
++                        return FALSE;
++        }
++
++        return TRUE;
++}
++
+ static gboolean
+ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+ 			 GHashTable *auth_params)
+@@ -175,16 +188,21 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+ 	if (priv->algorithm == -1)
+ 		ok = FALSE;
+ 
+-	stale = g_hash_table_lookup (auth_params, "stale");
+-	if (stale && !g_ascii_strcasecmp (stale, "TRUE") && *priv->hex_urp)
+-		recompute_hex_a1 (priv);
+-	else {
+-		g_free (priv->user);
+-		priv->user = NULL;
+-		g_free (priv->cnonce);
+-		priv->cnonce = NULL;
+-		memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
+-		memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
++        if (!validate_params (auth_digest))
++                ok = FALSE;
++
++        if (ok) {
++                stale = g_hash_table_lookup (auth_params, "stale");
++                if (stale && !g_ascii_strcasecmp (stale, "TRUE") && *priv->hex_urp)
++                        recompute_hex_a1 (priv);
++                else {
++                        g_free (priv->user);
++                        priv->user = NULL;
++                        g_free (priv->cnonce);
++                        priv->cnonce = NULL;
++                        memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
++                        memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
++                }
+         }
+ 
+ 	return ok;
+@@ -276,6 +294,8 @@ soup_auth_digest_compute_hex_a1 (const char              *hex_urp,
+ 
+ 		/* In MD5-sess, A1 is hex_urp:nonce:cnonce */
+ 
++                g_assert (nonce && cnonce);
++
+ 		checksum = g_checksum_new (G_CHECKSUM_MD5);
+ 		g_checksum_update (checksum, (guchar *)hex_urp, strlen (hex_urp));
+ 		g_checksum_update (checksum, (guchar *)":", 1);
+@@ -366,6 +386,8 @@ soup_auth_digest_compute_response (const char        *method,
+ 	if (qop) {
+ 		char tmp[9];
+ 
++                g_assert (cnonce);
++
+ 		g_snprintf (tmp, 9, "%.8x", nc);
+ 		g_checksum_update (checksum, (guchar *)tmp, strlen (tmp));
+ 		g_checksum_update (checksum, (guchar *)":", 1);
+@@ -429,6 +451,9 @@ soup_auth_digest_get_authorization (SoupAuth *auth, SoupMessage *msg)
+ 	g_return_val_if_fail (uri != NULL, NULL);
+ 	url = soup_uri_get_path_and_query (uri);
+ 
++        g_assert (priv->nonce);
++        g_assert (!priv->qop || priv->cnonce);
++
+ 	soup_auth_digest_compute_response (soup_message_get_method (msg), url, priv->hex_a1,
+ 					   priv->qop, priv->nonce,
+ 					   priv->cnonce, priv->nc,
+diff --git a/tests/auth-test.c b/tests/auth-test.c
+index 3066e904a..c651c7cd9 100644
+--- a/tests/auth-test.c
++++ b/tests/auth-test.c
+@@ -1867,16 +1867,17 @@ do_multiple_digest_algorithms (void)
+ }
+ 
+ static void
+-on_request_read_for_missing_realm (SoupServer        *server,
+-                                   SoupServerMessage *msg,
+-                                   gpointer           user_data)
++on_request_read_for_missing_params (SoupServer        *server,
++                                      SoupServerMessage *msg,
++                                      gpointer           user_data)
+ {
++        const char *auth_header = user_data;
+         SoupMessageHeaders *response_headers = soup_server_message_get_response_headers (msg);
+-        soup_message_headers_replace (response_headers, "WWW-Authenticate", "Digest qop=\"auth\"");
++        soup_message_headers_replace (response_headers, "WWW-Authenticate", auth_header);
+ }
+ 
+ static void
+-do_missing_realm_test (void)
++do_missing_params_test (gconstpointer auth_header)
+ {
+         SoupSession *session;
+         SoupMessage *msg;
+@@ -1899,8 +1900,8 @@ do_missing_realm_test (void)
+         g_object_unref (digest_auth_domain);
+ 
+         g_signal_connect (server, "request-read",
+-                          G_CALLBACK (on_request_read_for_missing_realm),
+-                          NULL);
++                          G_CALLBACK (on_request_read_for_missing_params),
++                          (gpointer)auth_header);
+ 
+         session = soup_test_session_new (NULL);
+         msg = soup_message_new_from_uri ("GET", uri);
+@@ -1948,7 +1949,9 @@ main (int argc, char **argv)
+ 	g_test_add_func ("/auth/auth-uri", do_auth_uri_test);
+         g_test_add_func ("/auth/cancel-request-on-authenticate", do_cancel_request_on_authenticate);
+         g_test_add_func ("/auth/multiple-algorithms", do_multiple_digest_algorithms);
+-        g_test_add_func ("/auth/missing-realm", do_missing_realm_test);
++        g_test_add_data_func ("/auth/missing-params/realm", "Digest qop=\"auth\"", do_missing_params_test);
++        g_test_add_data_func ("/auth/missing-params/nonce", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"", do_missing_params_test);
++        g_test_add_data_func ("/auth/missing-params/nonce-md5-sess", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\" algorithm=\"MD5-sess\"", do_missing_params_test);
+ 
+ 	ret = g_test_run ();
+ 
+-- 
+GitLab
+
+
+From ea16eeacb052e423eb5c3b0b705e5eab34b13832 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis 
+Date: Fri, 27 Dec 2024 13:52:52 -0600
+Subject: [PATCH 3/3] auth-digest: Fix leak
+
+---
+ libsoup/auth/soup-auth-digest.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libsoup/auth/soup-auth-digest.c b/libsoup/auth/soup-auth-digest.c
+index 350bfde69..9eb7fa0e2 100644
+--- a/libsoup/auth/soup-auth-digest.c
++++ b/libsoup/auth/soup-auth-digest.c
+@@ -72,6 +72,7 @@ soup_auth_digest_finalize (GObject *object)
+ 	g_free (priv->nonce);
+ 	g_free (priv->domain);
+ 	g_free (priv->cnonce);
++        g_free (priv->opaque);
+ 
+ 	memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
+ 	memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
+-- 
+GitLab
+
diff --git a/SPECS/libsoup/CVE-2025-32912.patch b/SPECS/libsoup/CVE-2025-32912.patch
new file mode 100644
index 0000000000..287db01b25
--- /dev/null
+++ b/SPECS/libsoup/CVE-2025-32912.patch
@@ -0,0 +1,38 @@
+From cd077513f267e43ce4b659eb18a1734d8a369992 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis 
+Date: Wed, 5 Feb 2025 14:03:05 -0600
+Subject: [PATCH] auth-digest: Handle missing nonce
+
+---
+ libsoup/auth/soup-auth-digest.c | 2 +-
+ tests/auth-test.c               | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/auth/soup-auth-digest.c b/libsoup/auth/soup-auth-digest.c
+index 9eb7fa0e..d69a4013 100644
+--- a/libsoup/auth/soup-auth-digest.c
++++ b/libsoup/auth/soup-auth-digest.c
+@@ -162,7 +162,7 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+ 	guint qop_options;
+ 	gboolean ok = TRUE;
+ 
+-        if (!soup_auth_get_realm (auth))
++        if (!soup_auth_get_realm (auth) || !g_hash_table_contains (auth_params, "nonce"))
+                 return FALSE;
+ 
+ 	g_free (priv->domain);
+diff --git a/tests/auth-test.c b/tests/auth-test.c
+index c651c7cd..484097f1 100644
+--- a/tests/auth-test.c
++++ b/tests/auth-test.c
+@@ -1952,6 +1952,7 @@ main (int argc, char **argv)
+         g_test_add_data_func ("/auth/missing-params/realm", "Digest qop=\"auth\"", do_missing_params_test);
+         g_test_add_data_func ("/auth/missing-params/nonce", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"", do_missing_params_test);
+         g_test_add_data_func ("/auth/missing-params/nonce-md5-sess", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\" algorithm=\"MD5-sess\"", do_missing_params_test);
++        g_test_add_data_func ("/auth/missing-params/nonce-and-qop", "Digest realm=\"auth-test\"", do_missing_params_test);
+ 
+ 	ret = g_test_run ();
+ 
+-- 
+GitLab
+
diff --git a/SPECS/libsoup/CVE-2025-32913.patch b/SPECS/libsoup/CVE-2025-32913.patch
new file mode 100644
index 0000000000..5b6158594e
--- /dev/null
+++ b/SPECS/libsoup/CVE-2025-32913.patch
@@ -0,0 +1,28 @@
+From 260ce178f526f4b8baaa1cafc6e1e81fab225f53 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis 
+Date: Fri, 27 Dec 2024 18:00:39 -0600
+Subject: [PATCH] soup_message_headers_get_content_disposition: strdup
+ truncated filenames
+
+This table frees the strings it contains.
+Link: https://gitlab.gnome.org/GNOME/libsoup/-/commit/f4a761fb66512fff59798765e8ac5b9e57dceef0.patch
+---
+ libsoup/soup-message-headers.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
+index bcee5b9..18cbf98 100644
+--- a/libsoup/soup-message-headers.c
++++ b/libsoup/soup-message-headers.c
+@@ -1611,7 +1611,7 @@ soup_message_headers_get_content_disposition (SoupMessageHeaders  *hdrs,
+ 		char *filename = strrchr (orig_value, '/');
+ 
+ 		if (filename)
+-			g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
++			g_hash_table_insert (*params, g_strdup (orig_key), g_strdup (filename + 1));
+ 	}
+ 	return TRUE;
+ }
+-- 
+2.34.1
+
diff --git a/SPECS/libsoup/CVE-2025-32914.patch b/SPECS/libsoup/CVE-2025-32914.patch
new file mode 100644
index 0000000000..5ec88a9fb0
--- /dev/null
+++ b/SPECS/libsoup/CVE-2025-32914.patch
@@ -0,0 +1,107 @@
+From 5bfcf8157597f2d327050114fb37ff600004dbcf Mon Sep 17 00:00:00 2001
+From: Milan Crha 
+Date: Tue, 15 Apr 2025 09:03:00 +0200
+Subject: [PATCH] multipart: Fix read out of buffer bounds under
+ soup_multipart_new_from_message()
+
+This is CVE-2025-32914, special crafted input can cause read out of buffer bounds
+of the body argument.
+
+Closes #436
+---
+ libsoup/soup-multipart.c |  2 +-
+ tests/multipart-test.c   | 58 ++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 59 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
+index 2421c91f8..102ce3722 100644
+--- a/libsoup/soup-multipart.c
++++ b/libsoup/soup-multipart.c
+@@ -173,7 +173,7 @@ soup_multipart_new_from_message (SoupMessageHeaders *headers,
+ 			return NULL;
+ 		}
+ 
+-		split = strstr (start, "\r\n\r\n");
++		split = g_strstr_len (start, body_end - start, "\r\n\r\n");
+ 		if (!split || split > end) {
+ 			soup_multipart_free (multipart);
+ 			return NULL;
+diff --git a/tests/multipart-test.c b/tests/multipart-test.c
+index 2c0e7e969..f5b986889 100644
+--- a/tests/multipart-test.c
++++ b/tests/multipart-test.c
+@@ -471,6 +471,62 @@ test_multipart (gconstpointer data)
+ 	loop = NULL;
+ }
+ 
++static void
++test_multipart_bounds_good (void)
++{
++	#define TEXT "line1\r\nline2"
++	SoupMultipart *multipart;
++	SoupMessageHeaders *headers, *set_headers = NULL;
++	GBytes *bytes, *set_bytes = NULL;
++	const char *raw_data = "--123\r\nContent-Type: text/plain;\r\n\r\n" TEXT "\r\n--123--\r\n";
++	gboolean success;
++
++	headers = soup_message_headers_new (SOUP_MESSAGE_HEADERS_MULTIPART);
++	soup_message_headers_append (headers, "Content-Type", "multipart/mixed; boundary=\"123\"");
++
++	bytes = g_bytes_new (raw_data, strlen (raw_data));
++
++	multipart = soup_multipart_new_from_message (headers, bytes);
++
++	g_assert_nonnull (multipart);
++	g_assert_cmpint (soup_multipart_get_length (multipart), ==, 1);
++	success = soup_multipart_get_part (multipart, 0, &set_headers, &set_bytes);
++	g_assert_true (success);
++	g_assert_nonnull (set_headers);
++	g_assert_nonnull (set_bytes);
++	g_assert_cmpint (strlen (TEXT), ==, g_bytes_get_size (set_bytes));
++	g_assert_cmpstr ("text/plain", ==, soup_message_headers_get_content_type (set_headers, NULL));
++	g_assert_cmpmem (TEXT, strlen (TEXT), g_bytes_get_data (set_bytes, NULL), g_bytes_get_size (set_bytes));
++
++	soup_message_headers_unref (headers);
++	g_bytes_unref (bytes);
++
++	soup_multipart_free (multipart);
++
++	#undef TEXT
++}
++
++static void
++test_multipart_bounds_bad (void)
++{
++	SoupMultipart *multipart;
++	SoupMessageHeaders *headers;
++	GBytes *bytes;
++	const char *raw_data = "--123\r\nContent-Type: text/plain;\r\nline1\r\nline2\r\n--123--\r\n";
++
++	headers = soup_message_headers_new (SOUP_MESSAGE_HEADERS_MULTIPART);
++	soup_message_headers_append (headers, "Content-Type", "multipart/mixed; boundary=\"123\"");
++
++	bytes = g_bytes_new (raw_data, strlen (raw_data));
++
++	/* it did read out of raw_data/bytes bounds */
++	multipart = soup_multipart_new_from_message (headers, bytes);
++	g_assert_null (multipart);
++
++	soup_message_headers_unref (headers);
++	g_bytes_unref (bytes);
++}
++
+ int
+ main (int argc, char **argv)
+ {
+@@ -498,6 +554,8 @@ main (int argc, char **argv)
+ 	g_test_add_data_func ("/multipart/sync", GINT_TO_POINTER (SYNC_MULTIPART), test_multipart);
+ 	g_test_add_data_func ("/multipart/async", GINT_TO_POINTER (ASYNC_MULTIPART), test_multipart);
+ 	g_test_add_data_func ("/multipart/async-small-reads", GINT_TO_POINTER (ASYNC_MULTIPART_SMALL_READS), test_multipart);
++	g_test_add_func ("/multipart/bounds-good", test_multipart_bounds_good);
++	g_test_add_func ("/multipart/bounds-bad", test_multipart_bounds_bad);
+ 
+ 	ret = g_test_run ();
+ 
+-- 
+GitLab
+
diff --git a/SPECS/libsoup/CVE-2025-46420.patch b/SPECS/libsoup/CVE-2025-46420.patch
new file mode 100644
index 0000000000..86f03f0b09
--- /dev/null
+++ b/SPECS/libsoup/CVE-2025-46420.patch
@@ -0,0 +1,59 @@
+From 909a9c40197d53bb331830d959ec86b97721d64f Mon Sep 17 00:00:00 2001
+From: Patrick Griffis 
+Date: Thu, 26 Dec 2024 18:31:42 -0600
+Subject: [PATCH 5/6] soup_header_parse_quality_list: Fix leak
+
+When iterating over the parsed list we now steal the allocated strings that we want and then free_full the list which may contain remaining strings.
+
+Upstream reference:
+https://gitlab.gnome.org/GNOME/libsoup/-/commit/c9083869ec2a3037e6df4bd86b45c419ba295f8e
+---
+ libsoup/soup-headers.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index 4468415..d28ddff 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -530,7 +530,7 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
+ 	GSList *unsorted;
+ 	QualityItem *array;
+ 	GSList *sorted, *iter;
+-	char *item, *semi;
++	char *semi;
+ 	const char *param, *equal, *value;
+ 	double qval;
+ 	int n;
+@@ -543,9 +543,8 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
+ 	unsorted = soup_header_parse_list (header);
+ 	array = g_new0 (QualityItem, g_slist_length (unsorted));
+ 	for (iter = unsorted, n = 0; iter; iter = iter->next) {
+-		item = iter->data;
+ 		qval = 1.0;
+-		for (semi = strchr (item, ';'); semi; semi = strchr (semi + 1, ';')) {
++		for (semi = strchr (iter->data, ';'); semi; semi = strchr (semi + 1, ';')) {
+ 			param = skip_lws (semi + 1);
+ 			if (*param != 'q')
+ 				continue;
+@@ -577,15 +576,15 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
+ 		if (qval == 0.0) {
+ 			if (unacceptable) {
+ 				*unacceptable = g_slist_prepend (*unacceptable,
+-								 item);
++								 g_steal_pointer (&iter->data));
+ 			}
+ 		} else {
+-			array[n].item = item;
++			array[n].item = g_steal_pointer (&iter->data);
+ 			array[n].qval = qval;
+ 			n++;
+ 		}
+ 	}
+-	g_slist_free (unsorted);
++	g_slist_free_full (unsorted, g_free);
+ 
+ 	qsort (array, n, sizeof (QualityItem), sort_by_qval);
+ 	sorted = NULL;
+-- 
+2.45.3
+
diff --git a/SPECS/libsoup/CVE-2025-46421.patch b/SPECS/libsoup/CVE-2025-46421.patch
new file mode 100644
index 0000000000..e8f74736ee
--- /dev/null
+++ b/SPECS/libsoup/CVE-2025-46421.patch
@@ -0,0 +1,137 @@
+From 09568d47d796f526820d3a6ff85cd2797eb65843 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis 
+Date: Wed, 5 Feb 2025 16:18:10 -0600
+Subject: [PATCH 6/6] session: Strip authentication credentails on cross-origin
+ redirect
+
+This should match the behavior of Firefox and Safari but not of Chromium.
+
+Upstream reference:
+https://gitlab.gnome.org/GNOME/libsoup/-/commit/3e5c26415811f19e7737238bb23305ffaf96f66b
+---
+ libsoup/soup-session.c |  6 ++++
+ tests/auth-test.c      | 77 ++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 83 insertions(+)
+
+diff --git a/libsoup/soup-session.c b/libsoup/soup-session.c
+index 631bec0..9f00b05 100644
+--- a/libsoup/soup-session.c
++++ b/libsoup/soup-session.c
+@@ -1230,6 +1230,12 @@ soup_session_redirect_message (SoupSession *session,
+ 						   SOUP_ENCODING_NONE);
+ 	}
+ 
++        /* Strip all credentials on cross-origin redirect. */
++        if (!soup_uri_host_equal (soup_message_get_uri (msg), new_uri)) {
++                soup_message_headers_remove_common (soup_message_get_request_headers (msg), SOUP_HEADER_AUTHORIZATION);
++                soup_message_set_auth (msg, NULL);
++        }
++
+         soup_message_set_request_host_from_uri (msg, new_uri);
+ 	soup_message_set_uri (msg, new_uri);
+ 	g_uri_unref (new_uri);
+diff --git a/tests/auth-test.c b/tests/auth-test.c
+index 484097f..7c3b551 100644
+--- a/tests/auth-test.c
++++ b/tests/auth-test.c
+@@ -1,6 +1,7 @@
+ /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+ 
+ #include "test-utils.h"
++#include "soup-uri-utils-private.h"
+ 
+ static const char *base_uri;
+ static GMainLoop *loop;
+@@ -1916,6 +1917,81 @@ do_missing_params_test (gconstpointer auth_header)
+ 	soup_test_server_quit_unref (server);
+ }
+ 
++static void
++redirect_server_callback (SoupServer        *server,
++                          SoupServerMessage *msg,
++                          const char        *path,
++                          GHashTable        *query,
++                          gpointer           user_data)
++{
++    static gboolean redirected = FALSE;
++
++    if (!redirected) {
++        char *redirect_uri = g_uri_to_string (user_data);
++        soup_server_message_set_redirect (msg, SOUP_STATUS_MOVED_PERMANENTLY, redirect_uri);
++        g_free (redirect_uri);
++        redirected = TRUE;
++        return;
++    }
++
++    g_assert_not_reached ();
++}
++
++static gboolean
++auth_for_redirect_callback (SoupMessage *msg, SoupAuth *auth, gboolean retrying, gpointer user_data)
++{
++    GUri *known_server_uri = user_data;
++
++    if (!soup_uri_host_equal (known_server_uri, soup_message_get_uri (msg)))
++        return FALSE;
++
++    soup_auth_authenticate (auth, "user", "good-basic");
++
++    return TRUE;
++}
++
++static void
++do_strip_on_crossorigin_redirect (void)
++{
++    SoupSession *session;
++    SoupMessage *msg;
++    SoupServer *server1, *server2;
++    SoupAuthDomain *auth_domain;
++    GUri *uri;
++    gint status;
++
++    server1 = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
++    server2 = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
++
++    /* Both servers have the same credentials. */
++    auth_domain = soup_auth_domain_basic_new ("realm", "auth-test", "auth-callback", server_basic_auth_callback, NULL);
++    soup_auth_domain_add_path (auth_domain, "/");
++    soup_server_add_auth_domain (server1, auth_domain);
++    soup_server_add_auth_domain (server2, auth_domain);
++    g_object_unref (auth_domain);
++
++    /* Server 1 asks for auth, then redirects to Server 2. */
++    soup_server_add_handler (server1, NULL,
++                    redirect_server_callback,
++                   soup_test_server_get_uri (server2, "http", NULL), (GDestroyNotify)g_uri_unref);
++    /* Server 2 requires auth. */
++    soup_server_add_handler (server2, NULL, server_callback, NULL, NULL);
++
++    session = soup_test_session_new (NULL);
++    uri = soup_test_server_get_uri (server1, "http", NULL);
++    msg = soup_message_new_from_uri ("GET", uri);
++    /* The client only sends credentials for the host it knows. */
++    g_signal_connect (msg, "authenticate", G_CALLBACK (auth_for_redirect_callback), uri);
++
++    status = soup_test_session_send_message (session, msg);
++
++    g_assert_cmpint (status, ==, SOUP_STATUS_UNAUTHORIZED);
++
++    g_uri_unref (uri);
++    soup_test_server_quit_unref (server1);
++    soup_test_server_quit_unref (server2);
++}
++
+ int
+ main (int argc, char **argv)
+ {
+@@ -1949,6 +2025,7 @@ main (int argc, char **argv)
+ 	g_test_add_func ("/auth/auth-uri", do_auth_uri_test);
+         g_test_add_func ("/auth/cancel-request-on-authenticate", do_cancel_request_on_authenticate);
+         g_test_add_func ("/auth/multiple-algorithms", do_multiple_digest_algorithms);
++        g_test_add_func ("/auth/strip-on-crossorigin-redirect", do_strip_on_crossorigin_redirect);
+         g_test_add_data_func ("/auth/missing-params/realm", "Digest qop=\"auth\"", do_missing_params_test);
+         g_test_add_data_func ("/auth/missing-params/nonce", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"", do_missing_params_test);
+         g_test_add_data_func ("/auth/missing-params/nonce-md5-sess", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\" algorithm=\"MD5-sess\"", do_missing_params_test);
+-- 
+2.45.3
+
diff --git a/SPECS/libsoup/libsoup.spec b/SPECS/libsoup/libsoup.spec
index c936c6d839..0350327f7f 100644
--- a/SPECS/libsoup/libsoup.spec
+++ b/SPECS/libsoup/libsoup.spec
@@ -4,7 +4,7 @@
 Summary:        libsoup HTTP client/server library
 Name:           libsoup
 Version:        3.4.4
-Release:        2%{?dist}
+Release:        6%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -41,9 +41,28 @@ Requires:       glib-networking
 Requires:       libpsl
 Requires:       libxml2
 
-Patch:          CVE-2024-52530.patch
-Patch:          CVE-2024-52531.patch
-Patch:          CVE-2024-52532.patch
+Patch0:          CVE-2024-52530.patch
+Patch1:          CVE-2024-52531.patch
+Patch2:          CVE-2024-52532.patch
+# CVE-2025-32913 will be fixed in 3.6.2 by https://gitlab.gnome.org/GNOME/libsoup/-/commit/f4a761fb66512fff59798765e8ac5b9e57dceef0
+Patch3:          CVE-2025-32913.patch
+# CVE-2025-32906 will be fixed in 3.6.5 by https://gitlab.gnome.org/GNOME/libsoup/-/commit/af5b9a4a3945c52b940d5ac181ef51bb12011f1f
+Patch4:          CVE-2025-32906.patch
+# CVE-2025-32909 will be fixed in 3.6.2 by https://gitlab.gnome.org/GNOME/libsoup/-/commit/ba4c3a6f988beff59e45801ab36067293d24ce92
+Patch5:          CVE-2025-32909.patch
+# CVE-2025-32910 will be fixed in 3.6.2 by https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/417
+Patch6:          CVE-2025-32910.patch
+# CVE-2025-32912 will be fixed in 3.6.5 by https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992
+Patch7:          CVE-2025-32912.patch
+Patch8:          CVE-2025-32908.patch
+Patch9:          CVE-2025-32914.patch
+Patch10:         CVE-2025-2784.patch
+Patch11:         CVE-2025-32052.patch
+Patch12:         CVE-2025-32050.patch
+Patch13:         CVE-2025-32051.patch
+Patch14:         CVE-2025-46420.patch
+Patch15:         CVE-2025-46421.patch
+Patch16:         CVE-2025-32053.patch
 
 %description
 libsoup is HTTP client/server library for GNOME
@@ -111,6 +130,23 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %defattr(-,root,root)
 
 %changelog
+* Wed May 7 2025 Bhagyashri Pathak  - 3.4.4-6
+- Patch for CVE-2025-32053
+
+* Fri May 02 2025 Kshitiz Godara  - 3.4.4-5
+- Added patch for CVE-2025-2784 CVE-2025-32052 CVE-2025-32050 CVE-2025-32051 CVE-2025-46420 CVE-2025-46421
+
+* Fri Apr 25 2025 Kshitiz Godara  - 3.4.4-4
+- Add patch for CVE-2025-32908
+- Add patch for CVE-2025-32914
+
+* Wed Apr 16 2025 Kevin Lockwood  - 3.4.4-3
+- Add patch for CVE-2025-32913
+- Add patch for CVE-2025-32906
+- Add patch for CVE-2025-32909
+- Add patch for CVE-2025-32910
+- Add patch for CVE-2025-32912
+
 * Fri Nov 15 2024 Thien Trung Vuong  - 3.4.4-2
 - Add patches for CVE-2024-52530, CVE-2024-52531, CVE-2024-52532
 
diff --git a/SPECS/libssh2/libssh2.signatures.json b/SPECS/libssh2/libssh2.signatures.json
index 871a7b4edb..0e2bd4fff8 100644
--- a/SPECS/libssh2/libssh2.signatures.json
+++ b/SPECS/libssh2/libssh2.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "libssh2-1.11.0.tar.gz": "3736161e41e2693324deb38c26cfdc3efe6209d634ba4258db1cecff6a5ad461"
+  "libssh2-1.11.1.tar.gz": "d9ec76cbe34db98eec3539fe2c899d26b0c837cb3eb466a56b0f109cabf658f7"
  }
 }
diff --git a/SPECS/libssh2/libssh2.spec b/SPECS/libssh2/libssh2.spec
index b29af10578..a8827f4a7a 100644
--- a/SPECS/libssh2/libssh2.spec
+++ b/SPECS/libssh2/libssh2.spec
@@ -2,7 +2,7 @@
 
 Summary:        libssh2 is a library implementing the SSH2 protocol.
 Name:           libssh2
-Version:        1.11.0
+Version:        1.11.1
 Release:        1%{?dist}
 License:        BSD
 URL:            https://www.libssh2.org/
@@ -57,6 +57,9 @@ find %{buildroot} -name '*.la' -exec rm -f {} ';'
 %{_mandir}/man3/*
 
 %changelog
+* Fri Apr 04 2025 Sumedh Sharma  - 1.11.1-1
+- Bump patch version to fix CVE-2023-48795.
+
 * Tue Nov 21 2023 CBL-Mariner Servicing Account  - 1.11.0-1
 - Auto-upgrade to 1.11.0 - Azure Linux 3.0 - package upgrades
 
diff --git a/SPECS/libtiff/CVE-2023-6228.patch b/SPECS/libtiff/CVE-2023-6228.patch
new file mode 100644
index 0000000000..e4e212d489
--- /dev/null
+++ b/SPECS/libtiff/CVE-2023-6228.patch
@@ -0,0 +1,27 @@
+From 1e7d217a323eac701b134afc4ae39b6bdfdbc96a Mon Sep 17 00:00:00 2001
+From: Su_Laus 
+Date: Sat, 9 Sep 2023 15:45:47 +0200
+Subject: [PATCH] Check also if codec of input image is available,
+ independently from codec check of output image and return with error if not.
+ Fixes #606.
+
+---
+ tools/tiffcp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index aff06260e..2628bdbb9 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -846,6 +846,8 @@ static int tiffcp(TIFF *in, TIFF *out)
+     if (!TIFFIsCODECConfigured(compression))
+         return FALSE;
+     TIFFGetFieldDefaulted(in, TIFFTAG_COMPRESSION, &input_compression);
++    if (!TIFFIsCODECConfigured(input_compression))
++        return FALSE;
+     TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric);
+     if (input_compression == COMPRESSION_JPEG)
+     {
+-- 
+GitLab
+
diff --git a/SPECS/libtiff/libtiff.spec b/SPECS/libtiff/libtiff.spec
index c5b2bb4af0..2e3e3b5594 100644
--- a/SPECS/libtiff/libtiff.spec
+++ b/SPECS/libtiff/libtiff.spec
@@ -1,7 +1,7 @@
 Summary:        TIFF libraries and associated utilities.
 Name:           libtiff
 Version:        4.6.0
-Release:        5%{?dist}
+Release:        6%{?dist}
 License:        libtiff
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -12,6 +12,7 @@ Patch0:         CVE-2023-52356.patch
 Patch1:         CVE-2023-6277.patch
 Patch2:         CVE-2024-7006.patch
 Patch3:         CVE-2023-3164.patch
+Patch4:         CVE-2023-6228.patch
 
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -65,6 +66,9 @@ make %{?_smp_mflags} -k check
 %{_docdir}/*
 
 %changelog
+* Mon Feb 03 2025 Ankita Pareek  - 4.6.0-6
+- Address CVE-2023-6228 with a patch
+
 * Fri Jan 17 2025 Bhagyashri Pathak  - 4.6.0-5
 - Add patch for CVE-2023-3164.patch
 
diff --git a/SPECS/libxml2/CVE-2025-32414.patch b/SPECS/libxml2/CVE-2025-32414.patch
new file mode 100644
index 0000000000..89955bb864
--- /dev/null
+++ b/SPECS/libxml2/CVE-2025-32414.patch
@@ -0,0 +1,73 @@
+From df738c6288e9f48f299569016cf4e2716543ecea Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Fri, 18 Apr 2025 17:44:25 -0500
+Subject: [PATCH] Address CVE-2025-32414
+Upstream Patch Reference: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8d415b8911be26b12b85497f7cc57143b5321787.patch
+
+---
+ python/libxml.c | 28 ++++++++++++++++++----------
+ 1 file changed, 18 insertions(+), 10 deletions(-)
+
+diff --git a/python/libxml.c b/python/libxml.c
+index fb14c7a..ebd51ef 100644
+--- a/python/libxml.c
++++ b/python/libxml.c
+@@ -266,7 +266,9 @@ xmlPythonFileReadRaw (void * context, char * buffer, int len) {
+ #endif
+     file = (PyObject *) context;
+     if (file == NULL) return(-1);
+-    ret = PyObject_CallMethod(file, (char *) "read", (char *) "(i)", len);
++    /* When read() returns a string, the length is in characters not bytes, so
++       request at most len / 4 characters to leave space for UTF-8 encoding. */
++    ret = PyObject_CallMethod(file, (char *) "read", (char *) "(i)", len / 4);
+     if (ret == NULL) {
+ 	printf("xmlPythonFileReadRaw: result is NULL\n");
+ 	return(-1);
+@@ -301,10 +303,12 @@ xmlPythonFileReadRaw (void * context, char * buffer, int len) {
+ 	Py_DECREF(ret);
+ 	return(-1);
+     }
+-    if (lenread > len)
+-	memcpy(buffer, data, len);
+-    else
+-	memcpy(buffer, data, lenread);
++    if (lenread < 0 || lenread > len) {
++	printf("xmlPythonFileReadRaw: invalid lenread\n");
++	Py_DECREF(ret);
++	return(-1);
++    }
++    memcpy(buffer, data, lenread);
+     Py_DECREF(ret);
+     return(lenread);
+ }
+@@ -331,7 +335,9 @@ xmlPythonFileRead (void * context, char * buffer, int len) {
+ #endif
+     file = (PyObject *) context;
+     if (file == NULL) return(-1);
+-    ret = PyObject_CallMethod(file, (char *) "io_read", (char *) "(i)", len);
++    /* When read() returns a string, the length is in characters not bytes, so
++       request at most len / 4 characters to leave space for UTF-8 encoding. */
++    ret = PyObject_CallMethod(file, (char *) "io_read", (char *) "(i)", len / 4);
+     if (ret == NULL) {
+ 	printf("xmlPythonFileRead: result is NULL\n");
+ 	return(-1);
+@@ -366,10 +372,12 @@ xmlPythonFileRead (void * context, char * buffer, int len) {
+ 	Py_DECREF(ret);
+ 	return(-1);
+     }
+-    if (lenread > len)
+-	memcpy(buffer, data, len);
+-    else
+-	memcpy(buffer, data, lenread);
++    if (lenread < 0 || lenread > len) {
++	printf("xmlPythonFileRead: invalid lenread\n");
++	Py_DECREF(ret);
++	return(-1);
++    }
++    memcpy(buffer, data, lenread);
+     Py_DECREF(ret);
+     return(lenread);
+ }
+-- 
+2.45.2
+
diff --git a/SPECS/libxml2/CVE-2025-32415.patch b/SPECS/libxml2/CVE-2025-32415.patch
new file mode 100644
index 0000000000..fc9ef2df80
--- /dev/null
+++ b/SPECS/libxml2/CVE-2025-32415.patch
@@ -0,0 +1,35 @@
+From 1237c9a36a0037553574b80641e653e46022b737 Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Mon, 5 May 2025 11:35:22 -0500
+Subject: [PATCH] Address CVE-2025-32415
+Upstream Patch Reference: https://gitlab.gnome.org/GNOME/libxml2/-/commit/487ee1d8711c6415218b373ef455fcd969d12399
+
+---
+ xmlschemas.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 8a89e2a..40536bc 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -23632,7 +23632,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt,
+ 			j++;
+ 		    } while (j < nbDupls);
+ 		}
+-		if (nbNodeTable) {
++		if (bind->nbNodes) {
+ 		    j = 0;
+ 		    do {
+ 			if (nbFields == 1) {
+@@ -23683,7 +23683,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt,
+ 
+ next_node_table_entry:
+ 			j++;
+-		    } while (j < nbNodeTable);
++		    } while (j < bind->nbNodes);
+ 		}
+ 		/*
+ 		* If everything is fine, then add the IDC target-node to
+-- 
+2.45.2
+
diff --git a/SPECS/libxml2/libxml2.spec b/SPECS/libxml2/libxml2.spec
index 40c3b2f546..a7b1cf51f0 100644
--- a/SPECS/libxml2/libxml2.spec
+++ b/SPECS/libxml2/libxml2.spec
@@ -1,7 +1,7 @@
 Summary:        Libxml2
 Name:           libxml2
 Version:        2.11.5
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -15,6 +15,8 @@ Patch3:         CVE-2024-56171.patch
 Patch4:         CVE-2025-24928.patch
 Patch5:         CVE-2024-25062.patch
 Patch6:         CVE-2025-27113.patch
+Patch7:         CVE-2025-32414.patch
+Patch8:         CVE-2025-32415.patch
 BuildRequires:  python3-devel
 BuildRequires:  python3-xml
 Provides:       %{name}-tools = %{version}-%{release}
@@ -85,6 +87,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_libdir}/cmake/libxml2/libxml2-config.cmake
 
 %changelog
+* Mon May 05 2025 Sreeniavsulu Malavathula  - 2.11.5-5
+- Patch CVE-2025-32414 and CVE-2025-32415
+
 * Sat Feb 22 2025 Kanishk Bansal  - 2.11.5-4
 - Patch CVE-2025-24928, CVE-2024-56171, CVE-2024-25062, CVE-2025-27113
 
diff --git a/SPECS/mariadb-connector-c/mariadb-connector-c.spec b/SPECS/mariadb-connector-c/mariadb-connector-c.spec
index c97522f326..ff6a7128bb 100644
--- a/SPECS/mariadb-connector-c/mariadb-connector-c.spec
+++ b/SPECS/mariadb-connector-c/mariadb-connector-c.spec
@@ -3,7 +3,7 @@
 Summary:        The MariaDB Native Client library (C driver)
 Name:           mariadb-connector-c
 Version:        3.3.8
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -155,6 +155,9 @@ pushd unittest/libmariadb/
 %ctest || :
 popd
 
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
 
 %files
 %{_libdir}/libmariadb.so.3
@@ -207,6 +210,9 @@ popd
 #      NEW:         PR submitted, problem explained, waiting on upstream response
 
 %changelog
+* Thu Apr 10 2025 Andy Zaugg  - 3.3.8-3
+- Run ldconfig as part of post install to ensure new libs are in ld cache
+
 * Tue Apr 09 2024 Daniel McIlvaney  - 3.3.8-2
 - Remove multilib handling since azl doesn't support it
 
diff --git a/SPECS/memcached/CVE-2021-44647.patch b/SPECS/memcached/CVE-2021-44647.patch
new file mode 100644
index 0000000000..b2a8696f5c
--- /dev/null
+++ b/SPECS/memcached/CVE-2021-44647.patch
@@ -0,0 +1,25 @@
+From f77d11035ab9d0907bfe949752b156986beb8c01 Mon Sep 17 00:00:00 2001
+From: jykanase 
+Date: Thu, 20 Mar 2025 08:54:32 +0000
+Subject: [PATCH] CVE-2021-44647
+
+Source Link : https://github.com/lua/lua/commit/1de95e97ef65632a88e08b6184bd9d1ceba7ec2f
+---
+ vendor/lua/src/lstate.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/vendor/lua/src/lstate.c b/vendor/lua/src/lstate.c
+index a887005..db24cf6 100644
+--- a/vendor/lua/src/lstate.c
++++ b/vendor/lua/src/lstate.c
+@@ -270,6 +270,7 @@ static void close_state (lua_State *L) {
+   if (!completestate(g))  /* closing a partially built state? */
+     luaC_freeallobjects(L);  /* jucst collect its objects */
+   else {  /* closing a fully built state */
++    L->ci = &L->base_ci;  /* unwind CallInfo list */
+     luaD_closeprotected(L, 1, LUA_OK);  /* close all upvalues */
+     luaC_freeallobjects(L);  /* collect all objects */
+     luai_userstateclose(L);
+-- 
+2.45.2
+
diff --git a/SPECS/memcached/memcached.spec b/SPECS/memcached/memcached.spec
index ed623d849f..e5b5d3d651 100644
--- a/SPECS/memcached/memcached.spec
+++ b/SPECS/memcached/memcached.spec
@@ -7,7 +7,7 @@
 Summary:        High Performance, Distributed Memory Object Cache
 Name:           memcached
 Version:        1.6.27
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -16,6 +16,7 @@ Source0:        https://www.memcached.org/files/%{name}-%{version}.tar.gz
 Source1:        memcached.sysconfig
 Patch0:         memcached-unit.patch
 Patch1:         CVE-2021-43519.patch
+Patch2:         CVE-2021-44647.patch
 BuildRequires:  gcc
 BuildRequires:  libevent-devel
 BuildRequires:  systemd-devel
@@ -130,6 +131,9 @@ exit 0
 %{_unitdir}/memcached.service
 
 %changelog
+* Thu Mar 20 2025 Jyoti Kanase  - 1.6.27-3
+- Fix CVE-2023-6228
+
 * Wed Feb 05 2025 Kanishk Bansal  - 1.6.27-2
 - Address CVE-2021-43519
 
diff --git a/SPECS/mesa/mesa.spec b/SPECS/mesa/mesa.spec
index 2cc2d9805c..2dec4662bf 100644
--- a/SPECS/mesa/mesa.spec
+++ b/SPECS/mesa/mesa.spec
@@ -68,7 +68,7 @@
 Name:           mesa
 Summary:        Mesa graphics libraries
 Version:        24.0.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        BSD
 Vendor:         Intel Corporation
 Distribution:   Edge Microvisor Toolkit
@@ -150,7 +150,7 @@ BuildRequires:  llvm-devel >= 7.0.0
 %if 0%{?with_opencl} || 0%{?with_nvk}
 BuildRequires:  clang-devel
 BuildRequires:  bindgen
-BuildRequires:  rust
+BuildRequires:  rust < 1.85.0
 BuildRequires:  pkgconfig(libclc)
 BuildRequires:  pkgconfig(SPIRV-Tools)
 BuildRequires:  pkgconfig(LLVMSPIRVLib)
@@ -747,6 +747,10 @@ popd
 %endif
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 24.0.1-4
+- merge from Azure Linux 3.0.20250521-3.0
+- Pin rust version
+
 * Mon Jan 06 2025 Lishan Liu  - 24.0.1-3
 - Include SRIOV Patches
 
diff --git a/SPECS/moby-containerd-cc/CVE-2024-40635.patch b/SPECS/moby-containerd-cc/CVE-2024-40635.patch
new file mode 100644
index 0000000000..91649d0d73
--- /dev/null
+++ b/SPECS/moby-containerd-cc/CVE-2024-40635.patch
@@ -0,0 +1,173 @@
+From 11504c3fc5f45634f2d93d57743a998194430b82 Mon Sep 17 00:00:00 2001
+From: Craig Ingram 
+Date: Fri, 7 Mar 2025 13:29:47 +0000
+Subject: [PATCH] validate uid/gid
+
+---
+ oci/spec_opts.go            | 24 ++++++++--
+ oci/spec_opts_linux_test.go | 92 +++++++++++++++++++++++++++++++++++++
+ 2 files changed, 112 insertions(+), 4 deletions(-)
+
+diff --git a/oci/spec_opts.go b/oci/spec_opts.go
+index f1422d505203..e89d54a8f19a 100644
+--- a/oci/spec_opts.go
++++ b/oci/spec_opts.go
+@@ -22,6 +22,7 @@ import (
+ 	"encoding/json"
+ 	"errors"
+ 	"fmt"
++	"math"
+ 	"os"
+ 	"path/filepath"
+ 	"runtime"
+@@ -594,6 +595,20 @@ func WithUser(userstr string) SpecOpts {
+ 		defer ensureAdditionalGids(s)
+ 		setProcess(s)
+ 		s.Process.User.AdditionalGids = nil
++		// While the Linux kernel allows the max UID to be MaxUint32 - 2,
++                // and the OCI Runtime Spec has no definition about the max UID,
++                // the runc implementation is known to require the UID to be <= MaxInt32.
++                //
++                // containerd follows runc's limitation here.
++                //
++                // In future we may relax this limitation to allow MaxUint32 - 2,
++                // or, amend the OCI Runtime Spec to codify the implementation limitation.
++		const (
++			minUserID  = 0
++			maxUserID  = math.MaxInt32
++			minGroupID = 0
++			maxGroupID = math.MaxInt32
++		)
+ 
+ 		// For LCOW it's a bit harder to confirm that the user actually exists on the host as a rootfs isn't
+ 		// mounted on the host and shared into the guest, but rather the rootfs is constructed entirely in the
+@@ -612,8 +627,8 @@ func WithUser(userstr string) SpecOpts {
+ 		switch len(parts) {
+ 		case 1:
+ 			v, err := strconv.Atoi(parts[0])
+-			if err != nil {
+-				// if we cannot parse as a uint they try to see if it is a username
++			if err != nil || v < minUserID || v > maxUserID {
++				// if we cannot parse as an int32 then try to see if it is a username
+ 				return WithUsername(userstr)(ctx, client, c, s)
+ 			}
+ 			return WithUserID(uint32(v))(ctx, client, c, s)
+@@ -624,12 +639,13 @@ func WithUser(userstr string) SpecOpts {
+ 			)
+ 			var uid, gid uint32
+ 			v, err := strconv.Atoi(parts[0])
+-			if err != nil {
++			if err != nil || v < minUserID || v > maxUserID {
+ 				username = parts[0]
+ 			} else {
+ 				uid = uint32(v)
+ 			}
+-			if v, err = strconv.Atoi(parts[1]); err != nil {
++			v, err = strconv.Atoi(parts[1])
++			if err != nil || v < minGroupID || v > maxGroupID {
+ 				groupname = parts[1]
+ 			} else {
+ 				gid = uint32(v)
+diff --git a/oci/spec_opts_linux_test.go b/oci/spec_opts_linux_test.go
+index 2293a1c874af..b80d01259d90 100644
+--- a/oci/spec_opts_linux_test.go
++++ b/oci/spec_opts_linux_test.go
+@@ -33,6 +33,98 @@ import (
+ 	"golang.org/x/sys/unix"
+ )
+ 
++//nolint:gosec
++func TestWithUser(t *testing.T) {
++	t.Parallel()
++
++	expectedPasswd := `root:x:0:0:root:/root:/bin/ash
++guest:x:405:100:guest:/dev/null:/sbin/nologin
++`
++	expectedGroup := `root:x:0:root
++bin:x:1:root,bin,daemon
++daemon:x:2:root,bin,daemon
++sys:x:3:root,bin,adm
++guest:x:100:guest
++`
++	td := t.TempDir()
++	apply := fstest.Apply(
++		fstest.CreateDir("/etc", 0777),
++		fstest.CreateFile("/etc/passwd", []byte(expectedPasswd), 0777),
++		fstest.CreateFile("/etc/group", []byte(expectedGroup), 0777),
++	)
++	if err := apply.Apply(td); err != nil {
++		t.Fatalf("failed to apply: %v", err)
++	}
++	c := containers.Container{ID: t.Name()}
++	testCases := []struct {
++		user        string
++		expectedUID uint32
++		expectedGID uint32
++		err         string
++	}{
++		{
++			user:        "0",
++			expectedUID: 0,
++			expectedGID: 0,
++		},
++		{
++			user:        "root:root",
++			expectedUID: 0,
++			expectedGID: 0,
++		},
++		{
++			user:        "guest",
++			expectedUID: 405,
++			expectedGID: 100,
++		},
++		{
++			user:        "guest:guest",
++			expectedUID: 405,
++			expectedGID: 100,
++		},
++		{
++			user: "guest:nobody",
++			err:  "no groups found",
++		},
++		{
++			user:        "405:100",
++			expectedUID: 405,
++			expectedGID: 100,
++		},
++		{
++			user: "405:2147483648",
++			err:  "no groups found",
++		},
++		{
++			user: "-1000",
++			err:  "no users found",
++		},
++		{
++			user: "2147483648",
++			err:  "no users found",
++		},
++	}
++	for _, testCase := range testCases {
++		testCase := testCase
++		t.Run(testCase.user, func(t *testing.T) {
++			t.Parallel()
++			s := Spec{
++				Version: specs.Version,
++				Root: &specs.Root{
++					Path: td,
++				},
++				Linux: &specs.Linux{},
++			}
++			err := WithUser(testCase.user)(context.Background(), nil, &c, &s)
++			if err != nil {
++				assert.EqualError(t, err, testCase.err)
++			}
++			assert.Equal(t, testCase.expectedUID, s.Process.User.UID)
++			assert.Equal(t, testCase.expectedGID, s.Process.User.GID)
++		})
++	}
++}
++
+ //nolint:gosec
+ func TestWithUserID(t *testing.T) {
+ 	t.Parallel()
diff --git a/SPECS/moby-containerd-cc/CVE-2025-27144.patch b/SPECS/moby-containerd-cc/CVE-2025-27144.patch
new file mode 100644
index 0000000000..6015ed48ca
--- /dev/null
+++ b/SPECS/moby-containerd-cc/CVE-2025-27144.patch
@@ -0,0 +1,50 @@
+From fa324fa38481f9d2da9109cb5983326f62ff7507 Mon Sep 17 00:00:00 2001
+From: Kanishk-Bansal 
+Date: Fri, 28 Feb 2025 07:45:53 +0000
+Subject: [PATCH] CVE-2025-27144
+Upstream Ref: https://github.com/go-jose/go-jose/commit/c9ed84d8f0cfadcfad817150158caca6fcbc518b
+
+---
+ vendor/gopkg.in/square/go-jose.v2/jwe.go | 5 +++--
+ vendor/gopkg.in/square/go-jose.v2/jws.go | 5 +++--
+ 2 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/vendor/gopkg.in/square/go-jose.v2/jwe.go b/vendor/gopkg.in/square/go-jose.v2/jwe.go
+index b5a6dcd..cd1de9e 100644
+--- a/vendor/gopkg.in/square/go-jose.v2/jwe.go
++++ b/vendor/gopkg.in/square/go-jose.v2/jwe.go
+@@ -201,10 +201,11 @@ func (parsed *rawJSONWebEncryption) sanitized() (*JSONWebEncryption, error) {
+ 
+ // parseEncryptedCompact parses a message in compact format.
+ func parseEncryptedCompact(input string) (*JSONWebEncryption, error) {
+-	parts := strings.Split(input, ".")
+-	if len(parts) != 5 {
++	// Five parts is four separators
++	if strings.Count(input, ".") != 4 {
+ 		return nil, fmt.Errorf("square/go-jose: compact JWE format must have five parts")
+ 	}
++	parts := strings.SplitN(input, ".", 5)
+ 
+ 	rawProtected, err := base64.RawURLEncoding.DecodeString(parts[0])
+ 	if err != nil {
+diff --git a/vendor/gopkg.in/square/go-jose.v2/jws.go b/vendor/gopkg.in/square/go-jose.v2/jws.go
+index 7e261f9..a8d55fb 100644
+--- a/vendor/gopkg.in/square/go-jose.v2/jws.go
++++ b/vendor/gopkg.in/square/go-jose.v2/jws.go
+@@ -275,10 +275,11 @@ func (parsed *rawJSONWebSignature) sanitized() (*JSONWebSignature, error) {
+ 
+ // parseSignedCompact parses a message in compact format.
+ func parseSignedCompact(input string, payload []byte) (*JSONWebSignature, error) {
+-	parts := strings.Split(input, ".")
+-	if len(parts) != 3 {
++	// Three parts is two separators
++	if strings.Count(input, ".") != 2 {
+ 		return nil, fmt.Errorf("square/go-jose: compact JWS format must have three parts")
+ 	}
++	parts := strings.SplitN(input, ".", 3)
+ 
+ 	if parts[1] != "" && payload != nil {
+ 		return nil, fmt.Errorf("square/go-jose: payload is not detached")
+-- 
+2.45.2
+
diff --git a/SPECS/moby-containerd-cc/moby-containerd-cc.spec b/SPECS/moby-containerd-cc/moby-containerd-cc.spec
index 11a06778ff..207dbf88cd 100644
--- a/SPECS/moby-containerd-cc/moby-containerd-cc.spec
+++ b/SPECS/moby-containerd-cc/moby-containerd-cc.spec
@@ -6,7 +6,7 @@
 Summary: Industry-standard container runtime for confidential containers
 Name: moby-%{upstream_name}
 Version: 1.7.7
-Release: 8%{?dist}
+Release: 10%{?dist}
 License: ASL 2.0
 Group: Tools/Container
 URL: https://www.containerd.io
@@ -23,6 +23,8 @@ Patch3: CVE-2024-24786.patch
 Patch4: CVE-2024-28180.patch
 Patch5: CVE-2023-45288.patch
 Patch7: CVE-2023-44487.patch
+Patch8: CVE-2025-27144.patch
+Patch9: CVE-2024-40635.patch
 
 %{?systemd_requires}
 
@@ -80,6 +82,11 @@ fi
 %config(noreplace) %{_sysconfdir}/containerd/config.toml
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 1.7.7-10
+- merge from Azure Linux 3.0.20250521-3.0
+- Fix CVE-2024-40635
+- Fix CVE-2025-27144 with an upstream patch
+
 * Fri Apr 28 2025 Ranjan Dutta  - 1.7.7-8
 - merge from Azure Linux tag 3.0.20250423-3.0
 - Rename patch file that addresses CVE-2023-39325
diff --git a/SPECS/moby-engine/CVE-2025-30204.patch b/SPECS/moby-engine/CVE-2025-30204.patch
new file mode 100644
index 0000000000..494035cc77
--- /dev/null
+++ b/SPECS/moby-engine/CVE-2025-30204.patch
@@ -0,0 +1,71 @@
+From 84c7f3d0b9dccb4a20d0ad4de10896d40344ba26 Mon Sep 17 00:00:00 2001
+From: Kanishk-Bansal 
+Date: Fri, 28 Mar 2025 20:43:26 +0000
+Subject: [PATCH] CVE-2025-30204
+Upstream Patch Reference  : 
+v4 : https://github.com/golang-jwt/jwt/commit/2f0e9add62078527821828c76865661aa7718a84
+v5 : https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3
+---
+ github.com/golang-jwt/jwt/v4/parser.go | 36 +++++++++++++++++++++++---
+ github.com/golang-jwt/jwt/v5/parser.go | 36 +++++++++++++++++++++++---
+ 2 files changed, 66 insertions(+), 6 deletions(-)
+
+diff --git a/vendor/github.com/golang-jwt/jwt/v4/parser.go b/vendor/github.com/golang-jwt/jwt/v4/parser.go
+index c0a6f69..8e7e67c 100644
+--- a/vendor/github.com/golang-jwt/jwt/v4/parser.go
++++ b/vendor/github.com/golang-jwt/jwt/v4/parser.go
+@@ -7,6 +7,8 @@ import (
+ 	"strings"
+ )
+ 
++const tokenDelimiter = "."
++
+ type Parser struct {
+ 	// If populated, only these methods will be considered valid.
+ 	//
+@@ -123,9 +125,10 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ // It's only ever useful in cases where you know the signature is valid (because it has
+ // been checked previously in the stack) and you want to extract values from it.
+ func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Token, parts []string, err error) {
+-	parts = strings.Split(tokenString, ".")
+-	if len(parts) != 3 {
+-		return nil, parts, NewValidationError("token contains an invalid number of segments", ValidationErrorMalformed)
++	var ok bool
++	parts, ok = splitToken(tokenString)
++	if !ok {
++		return nil, nil, NewValidationError("token contains an invalid number of segments", ValidationErrorMalformed)
+ 	}
+ 
+ 	token = &Token{Raw: tokenString}
+@@ -175,3 +178,30 @@ func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Toke
+ 
+ 	return token, parts, nil
+ }
++
++// splitToken splits a token string into three parts: header, claims, and signature. It will only
++// return true if the token contains exactly two delimiters and three parts. In all other cases, it
++// will return nil parts and false.
++func splitToken(token string) ([]string, bool) {
++	parts := make([]string, 3)
++	header, remain, ok := strings.Cut(token, tokenDelimiter)
++	if !ok {
++		return nil, false
++	}
++	parts[0] = header
++	claims, remain, ok := strings.Cut(remain, tokenDelimiter)
++	if !ok {
++		return nil, false
++	}
++	parts[1] = claims
++	// One more cut to ensure the signature is the last part of the token and there are no more
++	// delimiters. This avoids an issue where malicious input could contain additional delimiters
++	// causing unecessary overhead parsing tokens.
++	signature, _, unexpected := strings.Cut(remain, tokenDelimiter)
++	if unexpected {
++		return nil, false
++	}
++	parts[2] = signature
++
++	return parts, true
++}
+2.45.2
diff --git a/SPECS/moby-engine/moby-engine.spec b/SPECS/moby-engine/moby-engine.spec
index 7f3b782ea7..03ce27f21f 100644
--- a/SPECS/moby-engine/moby-engine.spec
+++ b/SPECS/moby-engine/moby-engine.spec
@@ -3,7 +3,7 @@
 Summary: The open-source application container engine
 Name:    moby-engine
 Version: 25.0.3
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: ASL 2.0
 Group:   Tools/Container
 URL: https://mobyproject.org
@@ -26,6 +26,7 @@ Patch8:  CVE-2024-45337.patch
 Patch9:  CVE-2023-45288.patch
 Patch10: CVE-2025-22868.patch
 Patch11: CVE-2025-22869.patch
+Patch12: CVE-2025-30204.patch
 
 %{?systemd_requires}
 
@@ -121,6 +122,10 @@ fi
 %{_unitdir}/*
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 25.0.3-13
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-30204
+
 * Fri Apr 28 2025 Ranjan Dutta  - 25.0.3-12
 - merge from Azure Linux tag 3.0.20250423-3.0
 - Patch CVE-2025-22868 & CVE-2025-22869
diff --git a/SPECS/mock/disable-copying-ca-trust-dirs.patch b/SPECS/mock/disable-copying-ca-trust-dirs.patch
new file mode 100644
index 0000000000..fa7b7692d9
--- /dev/null
+++ b/SPECS/mock/disable-copying-ca-trust-dirs.patch
@@ -0,0 +1,88 @@
+From f40ef246bcaa479eed39bbe1657c9952bb431211 Mon Sep 17 00:00:00 2001
+From: reuben olinsky 
+Date: Mon, 28 Apr 2025 09:49:16 -0700
+Subject: [PATCH] fix: disable copying ca-trust dirs with Azure Linux 3
+
+Makes ca-trust dir copying in copy_certs() a configurable behavior
+via new config option 'ssl_copied_ca_trust_dirs'. Disables this option
+in Azure Linux 3 configurations to avoid clashes between files copied
+from the host and a symlink installed by the ca-certificates-shared
+package in that distro.
+
+Fixes #1572
+---
+ mock/docs/site-defaults.cfg                           | 11 +++++++++++
+ mock/py/mockbuild/config.py                           |  5 +++++
+ mock/py/mockbuild/package_manager.py                  | 10 ++++++----
+ releng/release-notes-next/azure-linux-ca-trust.bugfix |  5 +++++
+
+diff --git a/mock/docs/site-defaults.cfg b/mock/docs/site-defaults.cfg
+index 61d890f20..622eae3a8 100644
+--- a/mock/docs/site-defaults.cfg
++++ b/mock/docs/site-defaults.cfg
+@@ -661,6 +661,17 @@
+ # if 0 is set, then no time limit is used
+ # config_opts['opstimeout'] = 0
+ 
++# Copy host's ca-trust directories into the specified locations inside the
++# chroot. Each item in the list is a pair of (host, chroot) paths for the
++# directories to be copied, since some hosts and some destination chroots
++# may use different paths. The directories are copied recursively.
++#config_opts['ssl_copied_ca_trust_dirs'] = None
++# Example:
++#config_opts['ssl_copied_ca_trust_dirs'] = [
++#    ('/etc/pki/ca-trust', '/etc/pki/ca-trust'),
++#    ('/usr/share/pki/ca-trust-source', '/usr/share/pki/ca-trust-source')
++#]
++
+ # Copy host's SSL certificate bundle ('/etc/pki/tls/certs/ca-bundle.crt') into
+ # specified location inside chroot.  This usually isn't needed because we copy
+ # the whole /etc/pki/ca-trust/extracted directory recursively by default, and
+diff --git a/mock/py/mockbuild/config.py b/mock/py/mockbuild/config.py
+index d69a11d36..f6c11fc9c 100644
+--- a/mock/py/mockbuild/config.py
++++ b/mock/py/mockbuild/config.py
+@@ -136,6 +136,11 @@ def setup_default_config_opts():
+ 
+     config_opts['ssl_ca_bundle_path'] = None
+ 
++    config_opts['ssl_copied_ca_trust_dirs'] = [
++        ('/etc/pki/ca-trust', '/etc/pki/ca-trust'),
++        ('/usr/share/pki/ca-trust-source', '/usr/share/pki/ca-trust-source')
++    ]
++
+     config_opts['ssl_extra_certs'] = None
+ 
+     # (global) plugins and plugin configs.
+diff --git a/mock/py/mockbuild/package_manager.py b/mock/py/mockbuild/package_manager.py
+index f88b3e6a5..8a8848079 100644
+--- a/mock/py/mockbuild/package_manager.py
++++ b/mock/py/mockbuild/package_manager.py
+@@ -398,10 +398,12 @@ def copy_gpg_keys(self):
+ 
+     @traceLog()
+     def copy_certs(self):
+-        cert_paths = ["/etc/pki/ca-trust", "/usr/share/pki/ca-trust-source"]
+-        for cert_path in cert_paths:
+-            pki_dir = self.buildroot.make_chroot_path(cert_path)
+-            file_util.update_tree(pki_dir, cert_path)
++        copied_ca_cert_paths = self.config['ssl_copied_ca_trust_dirs']
++        if copied_ca_cert_paths:
++            for host_path, root_path in copied_ca_cert_paths:
++                self.buildroot.root_log.debug('copying CA trust dir into chroot: %s => %s', host_path, root_path)
++                dest_dir = self.buildroot.make_chroot_path(root_path)
++                file_util.update_tree(dest_dir, host_path)
+ 
+         bundle_path = self.config['ssl_ca_bundle_path']
+         if bundle_path:
+diff --git a/releng/release-notes-next/azure-linux-ca-trust.bugfix b/releng/release-notes-next/azure-linux-ca-trust.bugfix
+new file mode 100644
+index 000000000..3937d3ca1
+--- /dev/null
++++ b/releng/release-notes-next/azure-linux-ca-trust.bugfix
+@@ -0,0 +1,5 @@
++Disables copying /etc/pki/ca-trust and /usr/share/pki/ca-trust-source on
++Azure Linux 3.0 via a new config options ('ssl_copied_ca_trust_dirs').
++This avoids file ownership conflicts with a symlink installed by the
++ca-certificates-shared packages on that distro. Behavior should be unchanged
++for other configurations.
diff --git a/SPECS/mock/mock.spec b/SPECS/mock/mock.spec
index b7c4d5a2f5..466e5aa7c6 100644
--- a/SPECS/mock/mock.spec
+++ b/SPECS/mock/mock.spec
@@ -10,11 +10,12 @@
 Summary:       Builds packages inside chroots
 Name:          mock
 Version:       5.6
-Release:       1%{?dist}
+Release:       2%{?dist}
 Vendor:        Microsoft Corporation
 Distribution:  Azure Linux
 License:       GPL-2.0-or-later
 Source:        https://github.com/rpm-software-management/mock/archive/refs/tags/%{name}-%{version}-1.tar.gz#/%{name}-%{version}.tar.gz
+Patch0:        disable-copying-ca-trust-dirs.patch
 URL:           https://github.com/rpm-software-management/mock/
 BuildArch:     noarch
 Requires:      tar
@@ -152,7 +153,7 @@ Requires(pre): shadow-utils
 Filesystem layout and group for Mock.
 
 %prep
-%setup -q -n mock-%{name}-%{version}-1/%{name}
+%autosetup -p2 -n mock-%{name}-%{version}-1/%{name}
 for file in py/mock.py py/mock-parse-buildlog.py; do
   sed -i 1"s|#!/usr/bin/python3 |#!%{__python} |" $file
 done
@@ -298,6 +299,9 @@ pylint-3 py/mockbuild/ py/*.py py/mockbuild/plugins/* || :
 %dir  %{_datadir}/cheat
 
 %changelog
+* Wed May 07 2025 Reuben Olinsky  - 5.6-2
+- Backport change allowing disabling ca-trust file copying.
+
 * Wed Aug 28 2024 Reuben Olinsky  - 5.6-1
 - Sync with Fedora 41 version of spec.
 
diff --git a/SPECS/multus/CVE-2025-22872.patch b/SPECS/multus/CVE-2025-22872.patch
new file mode 100644
index 0000000000..58b8953369
--- /dev/null
+++ b/SPECS/multus/CVE-2025-22872.patch
@@ -0,0 +1,57 @@
+From e1fcd82abba34df74614020343be8eb1fe85f0d9 Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker 
+Date: Mon, 24 Feb 2025 11:18:31 -0800
+Subject: [PATCH] html: properly handle trailing solidus in unquoted attribute
+ value in foreign content
+
+The parser properly treats tags like 
 as 
, but the
+tokenizer emits the SelfClosingTagToken token incorrectly. When the
+parser is used to parse foreign content, this results in an incorrect
+DOM.
+
+Thanks to Sean Ng (https://ensy.zip) for reporting this issue.
+
+Fixes golang/go#73070
+Fixes CVE-2025-22872
+
+Change-Id: I65c18df6d6244bf943b61e6c7a87895929e78f4f
+Reviewed-on: https://go-review.googlesource.com/c/net/+/661256
+Reviewed-by: Neal Patel 
+Reviewed-by: Roland Shoemaker 
+LUCI-TryBot-Result: Go LUCI 
+Auto-Submit: Gopher Robot 
+Link: https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9
+---
+ vendor/golang.org/x/net/html/token.go      | 18 ++++++++++++++++--
+ vendor/golang.org/x/net/html/token_test.go | 18 ++++++++++++++++++
+ 2 files changed, 34 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go
+index 3c57880d69..6598c1f7b3 100644
+--- a/vendor/golang.org/x/net/html/token.go
++++ b/vendor/golang.org/x/net/html/token.go
+@@ -839,8 +839,22 @@ func (z *Tokenizer) readStartTag() TokenType {
+ 	if raw {
+ 		z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end]))
+ 	}
+-	// Look for a self-closing token like "
".
+-	if z.err == nil && z.buf[z.raw.end-2] == '/' {
++	// Look for a self-closing token (e.g. 
).
++	//
++	// Originally, we did this by just checking that the last character of the
++	// tag (ignoring the closing bracket) was a solidus (/) character, but this
++	// is not always accurate.
++	//
++	// We need to be careful that we don't misinterpret a non-self-closing tag
++	// as self-closing, as can happen if the tag contains unquoted attribute
++	// values (i.e. 
).
++	//
++	// To avoid this, we check that the last non-bracket character of the tag
++	// (z.raw.end-2) isn't the same character as the last non-quote character of
++	// the last attribute of the tag (z.pendingAttr[1].end-1), if the tag has
++	// attributes.
++	nAttrs := len(z.attr)
++	if z.err == nil && z.buf[z.raw.end-2] == '/' && (nAttrs == 0 || z.raw.end-2 != z.attr[nAttrs-1][1].end-1) {
+ 		return SelfClosingTagToken
+ 	}
+ 	return StartTagToken
diff --git a/SPECS/multus/multus.spec b/SPECS/multus/multus.spec
index 15d30c84cf..4babcdd285 100644
--- a/SPECS/multus/multus.spec
+++ b/SPECS/multus/multus.spec
@@ -19,7 +19,7 @@
 Summary:        CNI plugin providing multiple interfaces in containers
 Name:           multus
 Version:        4.0.2
-Release:        5%{?dist}
+Release:        6%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -31,6 +31,8 @@ Patch0:         CVE-2023-3978.patch
 Patch1:         CVE-2023-44487.patch
 Patch2:         CVE-2023-45288.patch
 Patch3:         CVE-2024-45338.patch
+# CVE-2025-22872 will be fixed in go net v0.38 by https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9
+Patch4:         CVE-2025-22872.patch
 BuildRequires:  golang
 BuildRequires:  golang-packaging
 
@@ -73,6 +75,10 @@ install -D -m0644 deployments/multus-daemonset-crio.yml %{buildroot}%{_datadir}/
 %{_datarootdir}/k8s-yaml/multus/multus.yaml
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 4.0.2-6
+- merge from Azure Linux 3.0.20250521-3.0
+- Add patch for CVE-2025-22872
+
 * Fri Mar 21 2025 Anuj Mittal  - 4.0.2-5
 - Bump Release to rebuild
 
diff --git a/SPECS/mysql/CVE-2024-9681.patch b/SPECS/mysql/CVE-2024-9681.patch
deleted file mode 100644
index a1ae05e515..0000000000
--- a/SPECS/mysql/CVE-2024-9681.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 4584d3ab388a83e2e0753c69437df975b4a13547 Mon Sep 17 00:00:00 2001
-From: jykanase 
-Date: Sat, 25 Jan 2025 13:44:11 +0000
-Subject: [PATCH] CVE-2024-9681
-
-Backported form: https://github.com/curl/curl/commit/a94973805df96269bf   
----
- extra/curl/curl-8.9.1/lib/hsts.c | 14 ++++++++++----
- 1 file changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/extra/curl/curl-8.9.1/lib/hsts.c b/extra/curl/curl-8.9.1/lib/hsts.c
-index 8cd77ae3..6e2599b1 100644
---- a/extra/curl/curl-8.9.1/lib/hsts.c
-+++ b/extra/curl/curl-8.9.1/lib/hsts.c
-@@ -249,12 +249,14 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
- struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
-                            bool subdomain)
- {
-+  struct stsentry *bestsub = NULL;
-   if(h) {
-     char buffer[MAX_HSTS_HOSTLEN + 1];
-     time_t now = time(NULL);
-     size_t hlen = strlen(hostname);
-     struct Curl_llist_element *e;
-     struct Curl_llist_element *n;
-+    size_t blen = 0;
- 
-     if((hlen > MAX_HSTS_HOSTLEN) || !hlen)
-       return NULL;
-@@ -279,15 +281,19 @@ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
-         if(ntail < hlen) {
-           size_t offs = hlen - ntail;
-           if((hostname[offs-1] == '.') &&
--             strncasecompare(&hostname[offs], sts->host, ntail))
--            return sts;
-+             strncasecompare(&hostname[offs], sts->host, ntail) &&
-+             (ntail > blen)) {
-+            /* save the tail match with the longest tail */
-+            bestsub = sts;
-+            blen = ntail;
-+          }
-         }
-       }
-       if(strcasecompare(hostname, sts->host))
-         return sts;
-     }
-   }
--  return NULL; /* no match */
-+  return bestsub;
- }
- 
- /*
-@@ -439,7 +445,7 @@ static CURLcode hsts_add(struct hsts *h, char *line)
-     e = Curl_hsts(h, p, subdomain);
-     if(!e)
-       result = hsts_create(h, p, subdomain, expires);
--    else {
-+    else if(strcasecompare(p, e->host)) {
-       /* the same hostname, use the largest expire time */
-       if(expires > e->expires)
-         e->expires = expires;
--- 
-2.45.2
-
diff --git a/SPECS/mysql/CVE-2025-0725.patch b/SPECS/mysql/CVE-2025-0725.patch
deleted file mode 100644
index 609bcf18c4..0000000000
--- a/SPECS/mysql/CVE-2025-0725.patch
+++ /dev/null
@@ -1,456 +0,0 @@
-From f72527b4f9d390cab169e69cd5abe60c72bdc4a7 Mon Sep 17 00:00:00 2001
-From: Kanishk-Bansal 
-Date: Mon, 10 Feb 2025 04:57:56 +0000
-Subject: [PATCH] Address CVE-2025-0725
-
----
- extra/curl/curl-8.9.1/lib/content_encoding.c | 274 ++-----------------
- 1 file changed, 24 insertions(+), 250 deletions(-)
-
-diff --git a/extra/curl/curl-8.9.1/lib/content_encoding.c b/extra/curl/curl-8.9.1/lib/content_encoding.c
-index 4dae41a8..dbfdc43d 100644
---- a/extra/curl/curl-8.9.1/lib/content_encoding.c
-+++ b/extra/curl/curl-8.9.1/lib/content_encoding.c
-@@ -68,31 +68,13 @@
- 
- #define DSIZ CURL_MAX_WRITE_SIZE /* buffer size for decompressed data */
- 
--
- #ifdef HAVE_LIBZ
- 
--/* Comment this out if zlib is always going to be at least ver. 1.2.0.4
--   (doing so will reduce code size slightly). */
--#define OLD_ZLIB_SUPPORT 1
--
--#define GZIP_MAGIC_0 0x1f
--#define GZIP_MAGIC_1 0x8b
--
--/* gzip flag byte */
--#define ASCII_FLAG   0x01 /* bit 0 set: file probably ascii text */
--#define HEAD_CRC     0x02 /* bit 1 set: header CRC present */
--#define EXTRA_FIELD  0x04 /* bit 2 set: extra field present */
--#define ORIG_NAME    0x08 /* bit 3 set: original filename present */
--#define COMMENT      0x10 /* bit 4 set: file comment present */
--#define RESERVED     0xE0 /* bits 5..7: reserved */
--
- typedef enum {
-   ZLIB_UNINIT,               /* uninitialized */
-   ZLIB_INIT,                 /* initialized */
-   ZLIB_INFLATING,            /* inflating started. */
-   ZLIB_EXTERNAL_TRAILER,     /* reading external trailer */
--  ZLIB_GZIP_HEADER,          /* reading gzip header */
--  ZLIB_GZIP_INFLATING,       /* inflating gzip stream */
-   ZLIB_INIT_GZIP             /* initialized in transparent gzip mode */
- } zlibInitState;
- 
-@@ -137,9 +119,6 @@ static CURLcode
- exit_zlib(struct Curl_easy *data,
-           z_stream *z, zlibInitState *zlib_init, CURLcode result)
- {
--  if(*zlib_init == ZLIB_GZIP_HEADER)
--    Curl_safefree(z->next_in);
--
-   if(*zlib_init != ZLIB_UNINIT) {
-     if(inflateEnd(z) != Z_OK && result == CURLE_OK)
-       result = process_zlib_error(data, z);
-@@ -188,8 +167,7 @@ static CURLcode inflate_stream(struct Curl_easy *data,
-   /* Check state. */
-   if(zp->zlib_init != ZLIB_INIT &&
-      zp->zlib_init != ZLIB_INFLATING &&
--     zp->zlib_init != ZLIB_INIT_GZIP &&
--     zp->zlib_init != ZLIB_GZIP_INFLATING)
-+     zp->zlib_init != ZLIB_INIT_GZIP)
-     return exit_zlib(data, z, &zp->zlib_init, CURLE_WRITE_ERROR);
- 
-   /* Dynamically allocate a buffer for decompression because it is uncommonly
-@@ -278,7 +256,7 @@ static CURLcode inflate_stream(struct Curl_easy *data,
- 
- /* Deflate handler. */
- static CURLcode deflate_do_init(struct Curl_easy *data,
--                                    struct Curl_cwriter *writer)
-+                                struct Curl_cwriter *writer)
- {
-   struct zlib_writer *zp = (struct zlib_writer *) writer;
-   z_stream *z = &zp->z;     /* zlib state structure */
-@@ -294,8 +272,8 @@ static CURLcode deflate_do_init(struct Curl_easy *data,
- }
- 
- static CURLcode deflate_do_write(struct Curl_easy *data,
--                                       struct Curl_cwriter *writer, int type,
--                                       const char *buf, size_t nbytes)
-+                                 struct Curl_cwriter *writer, int type,
-+                                 const char *buf, size_t nbytes)
- {
-   struct zlib_writer *zp = (struct zlib_writer *) writer;
-   z_stream *z = &zp->z;     /* zlib state structure */
-@@ -315,7 +293,7 @@ static CURLcode deflate_do_write(struct Curl_easy *data,
- }
- 
- static void deflate_do_close(struct Curl_easy *data,
--                                 struct Curl_cwriter *writer)
-+                             struct Curl_cwriter *writer)
- {
-   struct zlib_writer *zp = (struct zlib_writer *) writer;
-   z_stream *z = &zp->z;     /* zlib state structure */
-@@ -335,124 +313,34 @@ static const struct Curl_cwtype deflate_encoding = {
- 
- /* Gzip handler. */
- static CURLcode gzip_do_init(struct Curl_easy *data,
--                                 struct Curl_cwriter *writer)
-+                            struct Curl_cwriter *writer)
- {
-   struct zlib_writer *zp = (struct zlib_writer *) writer;
-   z_stream *z = &zp->z;     /* zlib state structure */
-+  const char *v = zlibVersion();
- 
-   /* Initialize zlib */
-   z->zalloc = (alloc_func) zalloc_cb;
-   z->zfree = (free_func) zfree_cb;
- 
--  if(strcmp(zlibVersion(), "1.2.0.4") >= 0) {
--    /* zlib ver. >= 1.2.0.4 supports transparent gzip decompressing */
-+  if(strcmp(v, "1.2.0.4") >= 0) {
-+    /* zlib version >= 1.2.0.4 supports transparent gzip decompressing */
-     if(inflateInit2(z, MAX_WBITS + 32) != Z_OK) {
-       return process_zlib_error(data, z);
-     }
-     zp->zlib_init = ZLIB_INIT_GZIP; /* Transparent gzip decompress state */
-   }
-   else {
--    /* we must parse the gzip header and trailer ourselves */
--    if(inflateInit2(z, -MAX_WBITS) != Z_OK) {
--      return process_zlib_error(data, z);
--    }
--    zp->trailerlen = 8; /* A CRC-32 and a 32-bit input size (RFC 1952, 2.2) */
--    zp->zlib_init = ZLIB_INIT; /* Initial call state */
-+    failf(data, "too old zlib version: %s", v);
-+    return CURLE_FAILED_INIT;
-   }
- 
-   return CURLE_OK;
- }
- 
--#ifdef OLD_ZLIB_SUPPORT
--/* Skip over the gzip header */
--typedef enum {
--  GZIP_OK,
--  GZIP_BAD,
--  GZIP_UNDERFLOW
--} gzip_status;
--
--static gzip_status check_gzip_header(unsigned char const *data, ssize_t len,
--                                     ssize_t *headerlen)
--{
--  int method, flags;
--  const ssize_t totallen = len;
--
--  /* The shortest header is 10 bytes */
--  if(len < 10)
--    return GZIP_UNDERFLOW;
--
--  if((data[0] != GZIP_MAGIC_0) || (data[1] != GZIP_MAGIC_1))
--    return GZIP_BAD;
--
--  method = data[2];
--  flags = data[3];
--
--  if(method != Z_DEFLATED || (flags & RESERVED) != 0) {
--    /* cannot handle this compression method or unknown flag */
--    return GZIP_BAD;
--  }
--
--  /* Skip over time, xflags, OS code and all previous bytes */
--  len -= 10;
--  data += 10;
--
--  if(flags & EXTRA_FIELD) {
--    ssize_t extra_len;
--
--    if(len < 2)
--      return GZIP_UNDERFLOW;
--
--    extra_len = (data[1] << 8) | data[0];
--
--    if(len < (extra_len + 2))
--      return GZIP_UNDERFLOW;
--
--    len -= (extra_len + 2);
--    data += (extra_len + 2);
--  }
--
--  if(flags & ORIG_NAME) {
--    /* Skip over NUL-terminated filename */
--    while(len && *data) {
--      --len;
--      ++data;
--    }
--    if(!len || *data)
--      return GZIP_UNDERFLOW;
--
--    /* Skip over the NUL */
--    --len;
--    ++data;
--  }
--
--  if(flags & COMMENT) {
--    /* Skip over NUL-terminated comment */
--    while(len && *data) {
--      --len;
--      ++data;
--    }
--    if(!len || *data)
--      return GZIP_UNDERFLOW;
--
--    /* Skip over the NUL */
--    --len;
--  }
--
--  if(flags & HEAD_CRC) {
--    if(len < 2)
--      return GZIP_UNDERFLOW;
--
--    len -= 2;
--  }
--
--  *headerlen = totallen - len;
--  return GZIP_OK;
--}
--#endif
--
- static CURLcode gzip_do_write(struct Curl_easy *data,
--                                    struct Curl_cwriter *writer, int type,
--                                    const char *buf, size_t nbytes)
-+                              struct Curl_cwriter *writer, int type,
-+                              const char *buf, size_t nbytes)
- {
-   struct zlib_writer *zp = (struct zlib_writer *) writer;
-   z_stream *z = &zp->z;     /* zlib state structure */
-@@ -468,117 +356,8 @@ static CURLcode gzip_do_write(struct Curl_easy *data,
-     return inflate_stream(data, writer, type, ZLIB_INIT_GZIP);
-   }
- 
--#ifndef OLD_ZLIB_SUPPORT
--  /* Support for old zlib versions is compiled away and we are running with
--     an old version, so return an error. */
-+ /* We are running with an old version: return error. */
-   return exit_zlib(data, z, &zp->zlib_init, CURLE_WRITE_ERROR);
--
--#else
--  /* This next mess is to get around the potential case where there is not
--   * enough data passed in to skip over the gzip header. If that happens, we
--   * malloc a block and copy what we have then wait for the next call. If
--   * there still is not enough (this is definitely a worst-case scenario), we
--   * make the block bigger, copy the next part in and keep waiting.
--   *
--   * This is only required with zlib versions < 1.2.0.4 as newer versions
--   * can handle the gzip header themselves.
--   */
--
--  switch(zp->zlib_init) {
--  /* Skip over gzip header? */
--  case ZLIB_INIT:
--  {
--    /* Initial call state */
--    ssize_t hlen;
--
--    switch(check_gzip_header((unsigned char *) buf, nbytes, &hlen)) {
--    case GZIP_OK:
--      z->next_in = (Bytef *) buf + hlen;
--      z->avail_in = (uInt) (nbytes - hlen);
--      zp->zlib_init = ZLIB_GZIP_INFLATING; /* Inflating stream state */
--      break;
--
--    case GZIP_UNDERFLOW:
--      /* We need more data so we can find the end of the gzip header. it is
--       * possible that the memory block we malloc here will never be freed if
--       * the transfer abruptly aborts after this point. Since it is unlikely
--       * that circumstances will be right for this code path to be followed in
--       * the first place, and it is even more unlikely for a transfer to fail
--       * immediately afterwards, it should seldom be a problem.
--       */
--      z->avail_in = (uInt) nbytes;
--      z->next_in = malloc(z->avail_in);
--      if(!z->next_in) {
--        return exit_zlib(data, z, &zp->zlib_init, CURLE_OUT_OF_MEMORY);
--      }
--      memcpy(z->next_in, buf, z->avail_in);
--      zp->zlib_init = ZLIB_GZIP_HEADER;  /* Need more gzip header data state */
--      /* We do not have any data to inflate yet */
--      return CURLE_OK;
--
--    case GZIP_BAD:
--    default:
--      return exit_zlib(data, z, &zp->zlib_init, process_zlib_error(data, z));
--    }
--
--  }
--  break;
--
--  case ZLIB_GZIP_HEADER:
--  {
--    /* Need more gzip header data state */
--    ssize_t hlen;
--    z->avail_in += (uInt) nbytes;
--    z->next_in = Curl_saferealloc(z->next_in, z->avail_in);
--    if(!z->next_in) {
--      return exit_zlib(data, z, &zp->zlib_init, CURLE_OUT_OF_MEMORY);
--    }
--    /* Append the new block of data to the previous one */
--    memcpy(z->next_in + z->avail_in - nbytes, buf, nbytes);
--
--    switch(check_gzip_header(z->next_in, (ssize_t)z->avail_in, &hlen)) {
--    case GZIP_OK:
--      /* This is the zlib stream data */
--      free(z->next_in);
--      /* Do not point into the malloced block since we just freed it */
--      z->next_in = (Bytef *) buf + hlen + nbytes - z->avail_in;
--      z->avail_in = z->avail_in - (uInt)hlen;
--      zp->zlib_init = ZLIB_GZIP_INFLATING;   /* Inflating stream state */
--      break;
--
--    case GZIP_UNDERFLOW:
--      /* We still do not have any data to inflate! */
--      return CURLE_OK;
--
--    case GZIP_BAD:
--    default:
--      return exit_zlib(data, z, &zp->zlib_init, process_zlib_error(data, z));
--    }
--
--  }
--  break;
--
--  case ZLIB_EXTERNAL_TRAILER:
--    z->next_in = (Bytef *) buf;
--    z->avail_in = (uInt) nbytes;
--    return process_trailer(data, zp);
--
--  case ZLIB_GZIP_INFLATING:
--  default:
--    /* Inflating stream state */
--    z->next_in = (Bytef *) buf;
--    z->avail_in = (uInt) nbytes;
--    break;
--  }
--
--  if(z->avail_in == 0) {
--    /* We do not have any data to inflate; wait until next time */
--    return CURLE_OK;
--  }
--
--  /* We have parsed the header, now uncompress the data */
--  return inflate_stream(data, writer, type, ZLIB_GZIP_INFLATING);
--#endif
- }
- 
- static void gzip_do_close(struct Curl_easy *data,
-@@ -601,7 +380,6 @@ static const struct Curl_cwtype gzip_encoding = {
- 
- #endif /* HAVE_LIBZ */
- 
--
- #ifdef HAVE_BROTLI
- /* Brotli writer. */
- struct brotli_writer {
-@@ -648,7 +426,7 @@ static CURLcode brotli_map_error(BrotliDecoderErrorCode be)
- }
- 
- static CURLcode brotli_do_init(struct Curl_easy *data,
--                                   struct Curl_cwriter *writer)
-+                               struct Curl_cwriter *writer)
- {
-   struct brotli_writer *bp = (struct brotli_writer *) writer;
-   (void) data;
-@@ -658,8 +436,8 @@ static CURLcode brotli_do_init(struct Curl_easy *data,
- }
- 
- static CURLcode brotli_do_write(struct Curl_easy *data,
--                                      struct Curl_cwriter *writer, int type,
--                                      const char *buf, size_t nbytes)
-+                                struct Curl_cwriter *writer, int type,
-+                                const char *buf, size_t nbytes)
- {
-   struct brotli_writer *bp = (struct brotli_writer *) writer;
-   const uint8_t *src = (const uint8_t *) buf;
-@@ -731,7 +509,6 @@ static const struct Curl_cwtype brotli_encoding = {
- };
- #endif
- 
--
- #ifdef HAVE_ZSTD
- /* Zstd writer. */
- struct zstd_writer {
-@@ -741,7 +518,7 @@ struct zstd_writer {
- };
- 
- static CURLcode zstd_do_init(struct Curl_easy *data,
--                                 struct Curl_cwriter *writer)
-+                            struct Curl_cwriter *writer)
- {
-   struct zstd_writer *zp = (struct zstd_writer *) writer;
- 
-@@ -753,8 +530,8 @@ static CURLcode zstd_do_init(struct Curl_easy *data,
- }
- 
- static CURLcode zstd_do_write(struct Curl_easy *data,
--                                    struct Curl_cwriter *writer, int type,
--                                    const char *buf, size_t nbytes)
-+                              struct Curl_cwriter *writer, int type,
-+                              const char *buf, size_t nbytes)
- {
-   CURLcode result = CURLE_OK;
-   struct zstd_writer *zp = (struct zstd_writer *) writer;
-@@ -785,7 +562,7 @@ static CURLcode zstd_do_write(struct Curl_easy *data,
-     }
-     if(out.pos > 0) {
-       result = Curl_cwriter_write(data, writer->next, type,
--                                   zp->decomp, out.pos);
-+                                  zp->decomp, out.pos);
-       if(result)
-         break;
-     }
-@@ -823,7 +600,6 @@ static const struct Curl_cwtype zstd_encoding = {
- };
- #endif
- 
--
- /* Identity handler. */
- static const struct Curl_cwtype identity_encoding = {
-   "identity",
-@@ -834,7 +610,6 @@ static const struct Curl_cwtype identity_encoding = {
-   sizeof(struct Curl_cwriter)
- };
- 
--
- /* supported general content decoders. */
- static const struct Curl_cwtype * const general_unencoders[] = {
-   &identity_encoding,
-@@ -898,7 +673,7 @@ void Curl_all_content_encodings(char *buf, size_t blen)
- 
- /* Deferred error dummy writer. */
- static CURLcode error_do_init(struct Curl_easy *data,
--                                  struct Curl_cwriter *writer)
-+                              struct Curl_cwriter *writer)
- {
-   (void)data;
-   (void)writer;
-@@ -906,8 +681,8 @@ static CURLcode error_do_init(struct Curl_easy *data,
- }
- 
- static CURLcode error_do_write(struct Curl_easy *data,
--                                     struct Curl_cwriter *writer, int type,
--                                     const char *buf, size_t nbytes)
-+                              struct Curl_cwriter *writer, int type,
-+                              const char *buf, size_t nbytes)
- {
-   char all[256];
-   (void)Curl_all_content_encodings(all, sizeof(all));
-@@ -1082,5 +857,4 @@ void Curl_all_content_encodings(char *buf, size_t blen)
-     strcpy(buf, CONTENT_ENCODING_DEFAULT);
- }
- 
--
- #endif /* CURL_DISABLE_HTTP */
--- 
-2.45.2
-
diff --git a/SPECS/mysql/mysql.signatures.json b/SPECS/mysql/mysql.signatures.json
index c15e83c7f2..cd1f08536d 100644
--- a/SPECS/mysql/mysql.signatures.json
+++ b/SPECS/mysql/mysql.signatures.json
@@ -1,5 +1,5 @@
 {
   "Signatures": {
-    "mysql-boost-8.0.40.tar.gz": "eb34a23d324584688199b4222242f4623ea7bca457a3191cd7a106c63a7837d9"
+    "mysql-boost-8.0.41.tar.gz": "719589993b1a6769edb82b59f28e0dab8d47df94fa53ac4e9340b7c5eaba937c"
   }
 }
diff --git a/SPECS/mysql/mysql.spec b/SPECS/mysql/mysql.spec
index 93db22c95f..b4b307f6ce 100644
--- a/SPECS/mysql/mysql.spec
+++ b/SPECS/mysql/mysql.spec
@@ -2,8 +2,8 @@
 
 Summary:        MySQL.
 Name:           mysql
-Version:        8.0.40
-Release:        6%{?dist}
+Version:        8.0.41
+Release:        1%{?dist}
 License:        GPLv2 with exceptions AND LGPLv2 AND BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -15,8 +15,6 @@ Patch0:         CVE-2012-5627.nopatch
 # ciphers unavailable.
 Patch1:         fix-tests-for-unsupported-chacha-ciphers.patch
 Patch2:         CVE-2012-2677.patch
-Patch3:         CVE-2024-9681.patch
-Patch4:         CVE-2025-0725.patch
 BuildRequires:  cmake
 BuildRequires:  libtirpc-devel
 BuildRequires:  openssl-devel
@@ -110,6 +108,11 @@ sudo -u test make test || { cat Testing/Temporary/LastTest.log; false; }
 %{_libdir}/pkgconfig/mysqlclient.pc
 
 %changelog
+* Tue Mar 26 2025 Kanishk Bansal  - 8.0.41-1
+- Upgrade to 8.0.41 to fix CVE-2025-21490 & CVE-2024-11053
+- Remove patch for CVE-2024-9681
+- Remove patch for CVE-2025-0725 as we are building without curl
+
 * Mon Feb 10 2025 Kanishk Bansal  - 8.0.40-6
 - Patch CVE-2025-0725
 
diff --git a/SPECS/netavark/netavark.spec b/SPECS/netavark/netavark.spec
index 042dd2383e..5b8a4ff150 100644
--- a/SPECS/netavark/netavark.spec
+++ b/SPECS/netavark/netavark.spec
@@ -11,7 +11,7 @@
 
 Name:          netavark
 Version:       1.10.3
-Release:       1%{?dist}
+Release:       2%{?dist}
 Summary:       OCI network stack
 License:       ASL 2.0 and BSD and MIT
 Vendor:        Microsoft Corporation
@@ -19,11 +19,11 @@ Distribution:   Azure Linux
 URL:           https://github.com/containers/%{name}
 Source0:       %{url}/archive/%{built_tag}/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1:       %{url}/releases/download/%{built_tag}/%{name}-%{built_tag}-vendor.tar.gz
-BuildRequires: cargo
+BuildRequires: cargo < 1.85.0
 BuildRequires: make
 BuildRequires: protobuf-c
 BuildRequires: protobuf-compiler
-BuildRequires: rust
+BuildRequires: rust < 1.85.0
 BuildRequires: git
 BuildRequires: go-md2man
 Recommends:    aardvark-dns >= 1.10.3-1
@@ -225,6 +225,9 @@ popd
 %{_unitdir}/%{name}-firewalld-reload.service
 
 %changelog
+* Mon Apr 21 2025 Kavya Sree Kaitepalli  - 1.10.3-2
+- Pin rust version
+
 * Thu Feb 22 2024 Mitch Zhu  - 1.10.3-1
 - upgrade to v1.10.3
 
diff --git a/SPECS/nfs-utils/nfs-utils.spec b/SPECS/nfs-utils/nfs-utils.spec
index 6e166b5104..1d553218dc 100755
--- a/SPECS/nfs-utils/nfs-utils.spec
+++ b/SPECS/nfs-utils/nfs-utils.spec
@@ -1,7 +1,7 @@
 Summary:        NFS client utils
 Name:           nfs-utils
 Version:        2.6.4
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        MIT and GPLv2 and GPLv2+ and BSD
 URL:            https://linux-nfs.org/
 Group:          Applications/Nfs-utils-client
@@ -100,6 +100,7 @@ mkdir -p %{buildroot}/lib/systemd/system/
 mkdir -p %{buildroot}/etc/default
 mkdir -p %{buildroot}/etc/export.d
 mkdir -p %{buildroot}/var/lib/nfs/v4recovery
+mkdir -p %{buildroot}/etc/request-key.d
 touch %{buildroot}/etc/exports
 
 install -m644 %{SOURCE1} %{buildroot}/lib/systemd/system/
@@ -115,6 +116,8 @@ install -m644 systemd/rpc_pipefs.target  %{buildroot}/lib/systemd/system/
 install -m644 systemd/var-lib-nfs-rpc_pipefs.mount  %{buildroot}/lib/systemd/system/
 install -m644 systemd/rpc-svcgssd.service %{buildroot}/lib/systemd/system/
 install -m644 systemd/rpc-gssd.service %{buildroot}/lib/systemd/system/
+install -m644 support/nfsidmap/idmapd.conf %{buildroot}/etc/
+install -m644 utils/nfsidmap/id_resolver.conf %{buildroot}/etc/request-key.d/
 
 find %{buildroot}/%{_libdir} -name '*.la' -delete
 
@@ -156,12 +159,14 @@ fi
 %{_sharedstatedir}/*
 %config(noreplace) /etc/default/nfs-utils
 %config(noreplace) /etc/exports
+%config(noreplace) /etc/request-key.d/id_resolver.conf
 /lib/systemd/system/*
 %{_libdir}/systemd/system-preset/50-nfs-server.preset
 %{_libexecdir}/nfsrahead
 %{_udevrulesdir}/99-nfs.rules
 
 %files -n libnfsidmap
+%config(noreplace) /etc/idmapd.conf
 %{_libdir}/libnfsidmap.so.*
 %{_libdir}/libnfsidmap/*.so
 
@@ -173,6 +178,9 @@ fi
 %{_libdir}/libnfsidmap.so
 
 %changelog
+* Tue Apr 1 2025 Bhagyashri Pathak  - 2.6.4-4
+- Build nfs-utils to include idmapd.conf and id_resolver.conf
+
 * Mon Aug 26 2024 Suresh Thelkar  - 2.6.4-3
 - Build nfs-utils to provide rsc.svcgssd service
 - Add rsc-gssd.service file to nfs-utils package
diff --git a/SPECS/nginx/nginx.signatures.json b/SPECS/nginx/nginx.signatures.json
index fac1f2a17d..fa4c0b1085 100644
--- a/SPECS/nginx/nginx.signatures.json
+++ b/SPECS/nginx/nginx.signatures.json
@@ -1,7 +1,8 @@
 {
-  "Signatures": {
-    "nginx-njs-0.8.3.tar.gz": "5e1341ee8c1dfce420ea6456475dafa7d5f4b9aed310faca32597cf4d221cfe0",
-    "nginx.service": "73a1321ae35eafc4e02614cde224fc0bf20ceba97f969b3373dd73c15c22a0e1",
-    "nginx-1.25.4.tar.gz": "760729901acbaa517996e681ee6ea259032985e37c2768beef80df3a877deed9"
-  }
+ "Signatures": {
+  "nginx-1.25.4.tar.gz": "760729901acbaa517996e681ee6ea259032985e37c2768beef80df3a877deed9",
+  "nginx-njs-0.8.3.tar.gz": "5e1341ee8c1dfce420ea6456475dafa7d5f4b9aed310faca32597cf4d221cfe0",
+  "nginx-tests.tgz": "5847fdc454543df77e07026e7de737f9e7ff093c8ce4afcbc2093a64e570ff83",
+  "nginx.service": "73a1321ae35eafc4e02614cde224fc0bf20ceba97f969b3373dd73c15c22a0e1"
+ }
 }
\ No newline at end of file
diff --git a/SPECS/nginx/nginx.spec b/SPECS/nginx/nginx.spec
index 5024c5c3d2..4eb55e7c81 100644
--- a/SPECS/nginx/nginx.spec
+++ b/SPECS/nginx/nginx.spec
@@ -6,7 +6,7 @@ Name:           nginx
 # Currently on "stable" version of nginx from https://nginx.org/en/download.html.
 # Note: Stable versions are even (1.20), mainline versions are odd (1.21)
 Version:        1.25.4
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        BSD-2-Clause
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -15,11 +15,24 @@ URL:            https://nginx.org/
 Source0:        https://nginx.org/download/%{name}-%{version}.tar.gz
 Source1:        nginx.service
 Source2:        https://github.com/nginx/njs/archive/refs/tags/%{njs_version}.tar.gz#/%{name}-njs-%{njs_version}.tar.gz
+
+%if 0%{?with_check}
+Source3:        nginx-tests.tgz
+%endif
+
 Patch0:         CVE-2024-7347.patch
 Patch1:         CVE-2025-23419.patch
 BuildRequires:  libxml2-devel
 BuildRequires:  libxslt-devel
 BuildRequires:  openssl-devel
+
+%if 0%{?with_check}
+BuildRequires:  perl-FindBin
+BuildRequires:  perl-Test-Harness
+BuildRequires:  perl-lib
+BuildRequires:  perl-App-cpanminus
+%endif
+
 BuildRequires:  pcre2-devel
 BuildRequires:  readline-devel
 BuildRequires:  which
@@ -54,7 +67,7 @@ The OpenTelemetry module for Nginx
 %prep
 %autosetup -p1
 pushd ../
-mkdir nginx-njs
+mkdir -p nginx-njs
 tar -C nginx-njs -xf %{SOURCE2}
 
 %build
@@ -71,6 +84,7 @@ sh configure \
     --user=%{nginx_user} \
     --with-stream_ssl_module \
     --with-http_auth_request_module \
+    --with-http_dav_module \
     --with-http_gunzip_module \
     --with-http_gzip_static_module \
     --with-http_realip_module \
@@ -102,6 +116,26 @@ getent passwd %{nginx_user} > /dev/null || \
     -s /sbin/nologin -c "Nginx web server" %{nginx_user}
 exit 0
 
+%if 0%{?with_check}
+%check
+cpanm Test::Simple@1.302199 --force
+cpanm Time::HiRes
+cd %{buildroot}
+cp -r usr/sbin/* /usr/sbin/
+cp -r var/opt/* /var/opt/
+cp -r var/log/* /var/log/
+cp -r usr/lib/debug/usr/sbin/* /usr/lib/debug/sbin/
+cp -r usr/lib/systemd/* /usr/lib/systemd/
+cp -r etc/* /etc/
+cp /etc/nginx/mime.types.default /etc/nginx/mime.types
+useradd -s /usr/bin/sh %{nginx_user}
+tar -xvf %{SOURCE3}
+cd nginx-tests
+su nginx -s /bin/sh -c 'TEST_NGINX_BINARY=%{_sbindir}/nginx prove ./*.t'
+cd ..
+rm -rf nginx-tests
+%endif
+
 %files
 %defattr(-,root,root)
 %license LICENSE
@@ -129,6 +163,10 @@ exit 0
 %dir %{_sysconfdir}/%{name}
 
 %changelog
+* Tue Mar 11 2025 Sandeep Karambelkar  - 1.25.4-4
+- Enable webdav module
+- Added tests to verify nginx server and its supported modules
+
 * Tue Feb 10 2025 Mitch Zhu  - 1.25.4-3
 - Fix CVE-2025-234419
 
diff --git a/SPECS/nodejs/CVE-2020-28493.patch b/SPECS/nodejs/CVE-2020-28493.patch
new file mode 100644
index 0000000000..c7ea9c4129
--- /dev/null
+++ b/SPECS/nodejs/CVE-2020-28493.patch
@@ -0,0 +1,134 @@
+From 1416131a2c937e08dd313f622f6c8b928c64e477 Mon Sep 17 00:00:00 2001
+From: Kevin Lockwood 
+Date: Wed, 5 Feb 2025 16:33:58 -0800
+Subject: [PATCH] [Medium] Patch nodejs to fix CVE-2020-28493
+
+Link: https://github.com/pallets/jinja/pull/1343/commits/ef658dc3b6389b091d608e710a810ce8b87995b3.patch
+---
+ tools/inspector_protocol/jinja2/utils.py | 93 ++++++++++++++----------
+ 1 file changed, 56 insertions(+), 37 deletions(-)
+
+diff --git a/tools/inspector_protocol/jinja2/utils.py b/tools/inspector_protocol/jinja2/utils.py
+index 502a311c..00664b56 100644
+--- a/tools/inspector_protocol/jinja2/utils.py
++++ b/tools/inspector_protocol/jinja2/utils.py
+@@ -12,24 +12,13 @@ import re
+ import json
+ import errno
+ from collections import deque
++from string import ascii_letters as _letters
++from string import digits as _digits
+ from threading import Lock
+ from jinja2._compat import text_type, string_types, implements_iterator, \
+      url_quote
+ 
+ 
+-_word_split_re = re.compile(r'(\s+)')
+-_punctuation_re = re.compile(
+-    '^(?P(?:%s)*)(?P.*?)(?P(?:%s)*)$' % (
+-        '|'.join(map(re.escape, ('(', '<', '<'))),
+-        '|'.join(map(re.escape, ('.', ',', ')', '>', '\n', '>')))
+-    )
+-)
+-_simple_email_re = re.compile(r'^\S+@[a-zA-Z0-9._-]+\.[a-zA-Z0-9._-]+$')
+-_striptags_re = re.compile(r'(|<[^>]*>)')
+-_entity_re = re.compile(r'&([^;]+);')
+-_letters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
+-_digits = '0123456789'
+-
+ # special singleton representing missing values for the runtime
+ missing = type('MissingType', (), {'__repr__': lambda x: 'missing'})()
+ 
+@@ -203,35 +192,65 @@ def urlize(text, trim_url_limit=None, rel=None, target=None):
+     trim_url = lambda x, limit=trim_url_limit: limit is not None \
+                          and (x[:limit] + (len(x) >=limit and '...'
+                          or '')) or x
+-    words = _word_split_re.split(text_type(escape(text)))
++    words = re.split(r"(\s+)", text_type(escape(text)))
+     rel_attr = rel and ' rel="%s"' % text_type(escape(rel)) or ''
+     target_attr = target and ' target="%s"' % escape(target) or ''
+ 
+     for i, word in enumerate(words):
+-        match = _punctuation_re.match(word)
++        head, middle, tail = "", word, ""
++        match = re.match(r"^([(<]|<)+", middle)
++
+         if match:
+-            lead, middle, trail = match.groups()
+-            if middle.startswith('www.') or (
+-                '@' not in middle and
+-                not middle.startswith('http://') and
+-                not middle.startswith('https://') and
+-                len(middle) > 0 and
+-                middle[0] in _letters + _digits and (
+-                    middle.endswith('.org') or
+-                    middle.endswith('.net') or
+-                    middle.endswith('.com')
+-                )):
+-                middle = '%s' % (middle,
+-                    rel_attr, target_attr, trim_url(middle))
+-            if middle.startswith('http://') or \
+-               middle.startswith('https://'):
+-                middle = '%s' % (middle,
+-                    rel_attr, target_attr, trim_url(middle))
+-            if '@' in middle and not middle.startswith('www.') and \
+-               not ':' in middle and _simple_email_re.match(middle):
+-                middle = '%s' % (middle, middle)
+-            if lead + middle + trail != word:
+-                words[i] = lead + middle + trail
++            head = match.group()
++            middle = middle[match.end() :]
++
++        # Unlike lead, which is anchored to the start of the string,
++        # need to check that the string ends with any of the characters
++        # before trying to match all of them, to avoid backtracking.
++        if middle.endswith((")", ">", ".", ",", "\n", ">")):
++            match = re.search(r"([)>.,\n]|>)+$", middle)
++
++            if match:
++                tail = match.group()
++                middle = middle[: match.start()]
++
++        if middle.startswith("www.") or (
++            "@" not in middle
++            and not middle.startswith("http://")
++            and not middle.startswith("https://")
++            and len(middle) > 0
++            and middle[0] in _letters + _digits
++            and (
++                middle.endswith(".org")
++                or middle.endswith(".net")
++                or middle.endswith(".com")
++            )
++        ):
++            middle = '%s' % (
++                middle,
++                rel_attr,
++                target_attr,
++                trim_url(middle),
++            )
++
++        if middle.startswith("http://") or middle.startswith("https://"):
++            middle = '%s' % (
++                middle,
++                rel_attr,
++                target_attr,
++                trim_url(middle),
++            )
++
++        if (
++            "@" in middle
++            and not middle.startswith("www.")
++            and ":" not in middle
++            and re.match(r"^\S+@\w[\w.-]*\.\w+$", middle)
++        ):
++            middle = '%s' % (middle, middle)
++
++        words[i] = head + middle + tail
++
+     return u''.join(words)
+ 
+ 
+-- 
+2.34.1
+
diff --git a/SPECS/nodejs/CVE-2024-34064.patch b/SPECS/nodejs/CVE-2024-34064.patch
new file mode 100644
index 0000000000..74f949e639
--- /dev/null
+++ b/SPECS/nodejs/CVE-2024-34064.patch
@@ -0,0 +1,68 @@
+From 7d26e047cce618fe6e8ccb26bf3d4685d4a7815e Mon Sep 17 00:00:00 2001
+From: Kevin Lockwood 
+Date: Thu, 3 Apr 2025 12:04:25 -0700
+Subject: [PATCH] [Medium] Patch nodejs for CVE-2024-34064
+
+---
+ deps/v8/third_party/jinja2/filters.py | 24 +++++++++++++++++++-----
+ 1 file changed, 19 insertions(+), 5 deletions(-)
+
+diff --git a/deps/v8/third_party/jinja2/filters.py b/deps/v8/third_party/jinja2/filters.py
+index c7ecc9bb..eace6ed8 100644
+--- a/deps/v8/third_party/jinja2/filters.py
++++ b/deps/v8/third_party/jinja2/filters.py
+@@ -248,7 +248,10 @@ def do_items(value: t.Union[t.Mapping[K, V], Undefined]) -> t.Iterator[t.Tuple[K
+     yield from value.items()
+ 
+ 
+-_space_re = re.compile(r"\s", flags=re.ASCII)
++# Check for characters that would move the parser state from key to value.
++# https://html.spec.whatwg.org/#attribute-name-state
++_attr_key_re = re.compile(r"[\s/>=]", flags=re.ASCII)
++
+ 
+ 
+ @pass_eval_context
+@@ -257,8 +260,14 @@ def do_xmlattr(
+ ) -> str:
+     """Create an SGML/XML attribute string based on the items in a dict.
+ 
+-    If any key contains a space, this fails with a ``ValueError``. Values that
+-    are neither ``none`` nor ``undefined`` are automatically escaped.
++    **Values** that are neither ``none`` nor ``undefined`` are automatically
++    escaped, safely allowing untrusted user input.
++
++    User input should not be used as **keys** to this filter. If any key
++    contains a space, ``/`` solidus, ``>`` greater-than sign, or ``=`` equals
++    sign, this fails with a ``ValueError``. Regardless of this, user input
++    should never be used as keys to this filter, or must be separately validated
++    first.
+ 
+     .. sourcecode:: html+jinja
+ 
+@@ -280,6 +289,11 @@ def do_xmlattr(
+ 
+     .. versionchanged:: 3.1.3
+         Keys with spaces are not allowed.
++
++    .. versionchanged:: 3.1.4
++        Keys with ``/`` solidus, ``>`` greater-than sign, or ``=`` equals sign
++        are not allowed.
++
+     """
+     items = []
+ 
+@@ -287,8 +301,8 @@ def do_xmlattr(
+         if value is None or isinstance(value, Undefined):
+             continue
+ 
+-        if _space_re.search(key) is not None:
+-            raise ValueError(f"Spaces are not allowed in attributes: '{key}'")
++        if _attr_key_re.search(key) is not None:
++            raise ValueError(f"Invalid character in attribute name: {key!r}")
+ 
+         items.append(f'{escape(key)}="{escape(value)}"')
+ 
+-- 
+2.34.1
+
diff --git a/SPECS/nodejs/CVE-2025-27516.patch b/SPECS/nodejs/CVE-2025-27516.patch
new file mode 100644
index 0000000000..f29c39628f
--- /dev/null
+++ b/SPECS/nodejs/CVE-2025-27516.patch
@@ -0,0 +1,68 @@
+From 065334d1ee5b7210e1a0a93c37238c86858f2af7 Mon Sep 17 00:00:00 2001
+From: David Lord 
+Date: Wed, 5 Mar 2025 10:08:48 -0800
+Subject: [PATCH] attr filter uses env.getattr
+
+---
+ deps/v8/third_party/jinja2/filters.py  | 37 ++++++++++++++++---------------------
+ 3 files changed, 30 insertions(+), 21 deletions(-)
+
+diff --git a/deps/v8/third_party/jinja2/filters.py b/deps/v8/third_party/jinja2/filters.py
+index e5b5a00c5..2bcba4fbd 100644
+--- a/deps/v8/third_party/jinja2/filters.py
++++ b/deps/v8/third_party/jinja2/filters.py
+@@ -6,6 +6,7 @@
+ import typing
+ import typing as t
+ from collections import abc
++from inspect import getattr_static
+ from itertools import chain
+ from itertools import groupby
+ 
+@@ -1411,31 +1412,25 @@ def do_reverse(value: t.Union[str, t.Iterable[V]]) -> t.Union[str, t.Iterable[V]
+ def do_attr(
+     environment: "Environment", obj: t.Any, name: str
+ ) -> t.Union[Undefined, t.Any]:
+-    """Get an attribute of an object.  ``foo|attr("bar")`` works like
+-    ``foo.bar`` just that always an attribute is returned and items are not
+-    looked up.
++    """Get an attribute of an object. ``foo|attr("bar")`` works like
++    ``foo.bar``, but returns undefined instead of falling back to ``foo["bar"]``
++    if the attribute doesn't exist.
+ 
+     See :ref:`Notes on subscriptions ` for more details.
+     """
++    # Environment.getattr will fall back to obj[name] if obj.name doesn't exist.
++    # But we want to call env.getattr to get behavior such as sandboxing.
++    # Determine if the attr exists first, so we know the fallback won't trigger.
+     try:
+-        name = str(name)
+-    except UnicodeError:
+-        pass
+-    else:
+-        try:
+-            value = getattr(obj, name)
+-        except AttributeError:
+-            pass
+-        else:
+-            if environment.sandboxed:
+-                environment = t.cast("SandboxedEnvironment", environment)
+-
+-                if not environment.is_safe_attribute(obj, name, value):
+-                    return environment.unsafe_undefined(obj, name)
+-
+-            return value
+-
+-    return environment.undefined(obj=obj, name=name)
++        # This avoids executing properties/descriptors, but misses __getattr__
++        # and __getattribute__ dynamic attrs.
++        getattr_static(obj, name)
++    except AttributeError:
++        # This finds dynamic attrs, and we know it's not a descriptor at this point.
++        if not hasattr(obj, name):
++            return environment.undefined(obj=obj, name=name)
++
++    return environment.getattr(obj, name)
+ 
+ 
+ @typing.overload
diff --git a/SPECS/nodejs/nodejs.spec b/SPECS/nodejs/nodejs.spec
index 4d8676c78d..3ba19889c4 100644
--- a/SPECS/nodejs/nodejs.spec
+++ b/SPECS/nodejs/nodejs.spec
@@ -5,7 +5,7 @@ Name:           nodejs
 # WARNINGS: MUST check and update the 'npm_version' macro for every version update of this package.
 #           The version of NPM can be found inside the sources under 'deps/npm/package.json'.
 Version:        20.14.0
-Release:        5%{?dist}
+Release:        7%{?dist}
 License:        BSD AND MIT AND Public Domain AND NAIST-2003 AND Artistic-2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -23,6 +23,9 @@ Patch4:         CVE-2025-22150.patch
 Patch5:         CVE-2025-23085.patch
 Patch6:         CVE-2024-22020.patch
 Patch7:         CVE-2024-22195.patch
+Patch8:         CVE-2020-28493.patch
+Patch9:         CVE-2024-34064.patch
+Patch10:        CVE-2025-27516.patch
 BuildRequires:  brotli-devel
 BuildRequires:  c-ares-devel
 BuildRequires:  coreutils >= 8.22
@@ -116,7 +119,7 @@ make cctest
 %files
 %defattr(-,root,root)
 %license LICENSE
-%doc CHANGELOG.md LICENSE README.md
+%doc CHANGELOG.md README.md
 %{_bindir}/node
 %dir %{_prefix}/lib/node_modules
 %{_mandir}/man*/*
@@ -134,6 +137,13 @@ make cctest
 %{_prefix}/lib/node_modules/*
 
 %changelog
+* Mon Mar 10 2025 Sandeep Karambelkar  - 20.14.0-7
+- Patch CVE-2025-27516
+
+* Wed Feb 12 2025 Kevin Lockwood  - 20.14.0-6
+- Patch CVE-2020-28493
+- Patch CVE-2024-34064
+
 * Tue Feb 11 2025 Kanishk Bansal  - 20.14.0-5
 - Patch CVE-2025-22150, CVE-2025-23085, CVE-2024-22020, CVE-2024-22195
 
diff --git a/SPECS/numpy/CVE-2018-1999024.patch b/SPECS/numpy/CVE-2018-1999024.patch
new file mode 100644
index 0000000000..6a46488a42
--- /dev/null
+++ b/SPECS/numpy/CVE-2018-1999024.patch
@@ -0,0 +1,70 @@
+From a55da396c18cafb767a26aa9ad96f6f4199852f1 Mon Sep 17 00:00:00 2001
+From: "Davide P. Cervone" 
+Date: Mon, 2 Apr 2018 15:39:45 -0400
+Subject: [PATCH] Fix parsing and output for \class{} and \unicode{}
+
+Source link: https://github.com/mathjax/MathJax/commit/a55da396c18cafb767a26aa9ad96f6f4199852f1
+
+---
+ doc/source/_static/scipy-mathjax/extensions/TeX/unicode.js | 9 ++++++---
+ doc/source/_static/scipy-mathjax/extensions/toMathML.js    | 6 +++---
+ 2 files changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/doc/source/_static/scipy-mathjax/extensions/TeX/unicode.js b/doc/source/_static/scipy-mathjax/extensions/TeX/unicode.js
+index 3104b9df6f..a1c9465880 100644
+--- a/doc/source/_static/scipy-mathjax/extensions/TeX/unicode.js
++++ b/doc/source/_static/scipy-mathjax/extensions/TeX/unicode.js
+@@ -89,8 +89,11 @@ MathJax.Hub.Register.StartupHook("TeX Jax Ready",function () {
+           {HD = HD.replace(/ /g,"").split(/,/); font = this.GetBrackets(name)}
+             else {font = HD; HD = null}
+       }
+-      var n = this.trimSpaces(this.GetArgument(name)),
+-          N = parseInt(n.match(/^x/) ? "0"+n : n);
++      var n = this.trimSpaces(this.GetArgument(name)).replace(/^0x/,"x");
++      if (!n.match(/^(x[0-9A-Fa-f]+|[0-9]+)$/)) {
++        TEX.Error(["BadUnicode","Argument to \\unicode must be a number"]);
++      }
++      var N = parseInt(n.match(/^x/) ? "0"+n : n);
+       if (!UNICODE[N]) {UNICODE[N] = [800,200,font,N]}
+       else if (!font) {font = UNICODE[N][2]}
+       if (HD) {
+@@ -101,7 +104,7 @@ MathJax.Hub.Register.StartupHook("TeX Jax Ready",function () {
+       if (font) {
+         UNICODE[N][2] = def.fontfamily = font.replace(/"/g,"'");
+         if (variant) {
+-          if (variant.match(/bold/))   {def.fontweight = "bold"}
++          if (variant.match(/bold/)) {def.fontweight = "bold"}
+           if (variant.match(/italic|-mathit/)) {def.fontstyle = "italic"}
+         }
+       } else if (variant) {def.mathvariant = variant}
+diff --git a/doc/source/_static/scipy-mathjax/extensions/toMathML.js b/doc/source/_static/scipy-mathjax/extensions/toMathML.js
+index ead3eb5d2d..989a3b1137 100644
+--- a/doc/source/_static/scipy-mathjax/extensions/toMathML.js
++++ b/doc/source/_static/scipy-mathjax/extensions/toMathML.js
+@@ -86,7 +86,7 @@ MathJax.Hub.Register.LoadHook("[MathJax]/jax/element/mml/jax.js",function () {
+       if (this.mathvariant && this.toMathMLvariants[this.mathvariant])
+         {CLASS.push("MJX"+this.mathvariant)}
+       if (this.variantForm) {CLASS.push("MJX-variant")}
+-      if (CLASS.length) {attr.unshift('class="'+CLASS.join(" ")+'"')}
++      if (CLASS.length) {attr.unshift('class="'+this.toMathMLquote(CLASS.join(" "))+'"')}
+     },
+     toMathMLattribute: function (value) {
+       if (typeof(value) === "string" &&
+@@ -165,7 +165,7 @@ MathJax.Hub.Register.LoadHook("[MathJax]/jax/element/mml/jax.js",function () {
+         var xmlEscapedTex = jax.originalText.replace(/[&<>]/g, function(item) {
+             return { '>': '>', '<': '<','&': '&' }[item]
+         });
+-        data.push(space+'    '+xmlEscapedTex+"");
++        data.push(space+'    '+xmlEscapedTex+"");
+         data.push(space+"  ");
+       }
+       return space+"<"+tag+attr+">\n"+data.join("\n")+"\n"+space+"";
+@@ -221,7 +221,7 @@ MathJax.Hub.Register.LoadHook("[MathJax]/jax/element/mml/jax.js",function () {
+   });
+   
+   MML.entity.Augment({
+-    toMathML: function (space) {return (space||"") + "&"+this.data[0]+";"}
++    toMathML: function (space) {return (space||"") + "&"+this.toMathMLquote(this.data[0])+";"}
+   });
+   
+   MML.xml.Augment({
diff --git a/SPECS/numpy/numpy.spec b/SPECS/numpy/numpy.spec
index 98594cba84..55a9a8a07b 100644
--- a/SPECS/numpy/numpy.spec
+++ b/SPECS/numpy/numpy.spec
@@ -5,7 +5,7 @@
 Summary:        A fast multidimensional array facility for Python
 Name:           numpy
 Version:        1.26.3
-Release:        3%{?dist}
+Release:        4%{?dist}
 # Everything is BSD except for class SafeEval in numpy/lib/utils.py which is Python
 License:        BSD AND Python AND ASL 2.0
 Vendor:         Microsoft Corporation
@@ -13,6 +13,7 @@ Distribution:   Azure Linux
 URL:            http://www.numpy.org/
 Source0:        https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
 Source1:        https://numpy.org/doc/%{majmin}/numpy-html.zip#/numpy-html-%{version}.zip
+Patch0:		CVE-2018-1999024.patch
 
 %description
 NumPy is a general-purpose array-processing package designed to
@@ -176,6 +177,9 @@ python3 runtests.py --no-build -- -ra -k 'not test_ppc64_ibm_double_double128'
 %doc docs/*
 
 %changelog
+* Thu Mar 06 2025 Archana Shettigar  - 1.26.3-4
+- Added CVE-2018-1999024.patch
+
 * Tue Aug 27 2024 Pawel Winogrodzki  - 1.26.3-3
 - Fix package tests.
 - Update to build using python3-pyproject-metadata.
diff --git a/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec b/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec
index 93a8a2f81a..6ab95dfd5d 100644
--- a/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec
+++ b/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec
@@ -2,7 +2,7 @@
 Summary:        NVIDIA container runtime hook
 Name:           nvidia-container-toolkit
 Version:        1.17.4
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        ALS2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -52,8 +52,7 @@ Conflicts: nvidia-container-toolkit <= 1.10.0-1
 Provides tools such as the NVIDIA Container Runtime and NVIDIA Container Toolkit CLI to enable GPU support in containers.
 
 %prep
-%autosetup -p1
-tar -xvf %{SOURCE1}
+%autosetup -p1 -a1
 
 %build
 go build -ldflags "-s -w " -o "nvidia-container-runtime-hook" ./cmd/nvidia-container-runtime-hook
@@ -88,6 +87,10 @@ rm -f %{_bindir}/nvidia-container-toolkit
 %{_bindir}/nvidia-cdi-hook
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 1.17.4-4
+- merge from Azure Linux 3.0.20250521-3.0
+- Removed extraction command from prep
+
 * Fri Mar 21 2025 Anuj Mittal  - 1.17.4-3
 - Bump Release to rebuild
 
diff --git a/SPECS/ocaml-astring/ocaml-astring-ocaml5.patch b/SPECS/ocaml-astring/ocaml-astring-ocaml5.patch
new file mode 100644
index 0000000000..52cf05fad6
--- /dev/null
+++ b/SPECS/ocaml-astring/ocaml-astring-ocaml5.patch
@@ -0,0 +1,16 @@
+--- astring-0.8.5/test/test_char.ml.orig	2020-08-08 09:57:12.000000000 -0600
++++ astring-0.8.5/test/test_char.ml	2023-06-20 11:52:14.805901422 -0600
+@@ -24,10 +24,10 @@ let misc = test "Char.{of_byte,of_int,to
+ let predicates = test "Char.{equal,compare}" @@ fun () ->
+   eq_bool (Char.equal ' ' ' ') true;
+   eq_bool (Char.equal ' ' 'a') false;
+-  eq_int (Char.compare ' ' 'a') (-1);
++  eq_int (Char.compare ' ' 'a') (-65);
+   eq_int (Char.compare ' ' ' ') (0);
+-  eq_int (Char.compare 'a' ' ') (1);
+-  eq_int (Char.compare '\x00' ' ') (-1);
++  eq_int (Char.compare 'a' ' ') (65);
++  eq_int (Char.compare '\x00' ' ') (-32);
+   ()
+ 
+ let ascii_predicates = test "Char.Ascii.is_*" @@ fun () ->
diff --git a/SPECS/ocaml-astring/ocaml-astring.spec b/SPECS/ocaml-astring/ocaml-astring.spec
index 67ec1d9016..7613d8dd5e 100644
--- a/SPECS/ocaml-astring/ocaml-astring.spec
+++ b/SPECS/ocaml-astring/ocaml-astring.spec
@@ -7,13 +7,17 @@
 Summary:        Alternative String module for OCaml
 Name:           ocaml-%{srcname}
 Version:        0.8.5
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        ISC
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://erratique.ch/software/astring
 Source0:        https://github.com/dbuenzli/%{srcname}/archive/v%{version}/%{srcname}-%{version}.tar.gz
 
+# Adapt to changed behavior of Char.compare in OCaml 5.
+# This affects x86_64, but not bytecode-only architectures.
+Patch0:          %{name}-ocaml5.patch
+
 BuildRequires:  ocaml >= 4.05.0
 BuildRequires:  ocaml-findlib
 BuildRequires:  ocaml-ocamlbuild
@@ -41,7 +45,7 @@ The %{name}-devel package contains libraries and signature files for
 developing applications that use %{name}.
 
 %prep
-%autosetup -n %{srcname}-%{version}
+%autosetup -p1 -n %{srcname}-%{version}
 
 # Topkg does watermark replacements only if run inside a git checkout.  Github
 # tarballs do not come with a .git directory.  Therefore, we do the watermark
@@ -103,6 +107,9 @@ ocaml pkg/pkg.ml test
 %{_libdir}/ocaml/%{srcname}/%{srcname}*.mli
 
 %changelog
+* Tue Apr 15 2024 Riken Maharjan  - 0.8.5-7
+- Fix ptest by importing ocam-astring-ocaml5 patch from Fedora (LICENSE: MIT).
+
 * Thu Mar 31 2022 Pawel Winogrodzki  - 0.8.5-6
 - Cleaning-up spec. License verified.
 
diff --git a/SPECS/ocaml-ctypes/ocaml-ctypes-stdlib-shims.patch b/SPECS/ocaml-ctypes/ocaml-ctypes-stdlib-shims.patch
new file mode 100644
index 0000000000..777b86e42e
--- /dev/null
+++ b/SPECS/ocaml-ctypes/ocaml-ctypes-stdlib-shims.patch
@@ -0,0 +1,52 @@
+diff -urN ocaml-ctypes-0.21.1/ctypes-foreign.opam ocaml-ctypes-0.21.1/ctypes-foreign.opam
+--- ocaml-ctypes-0.21.1/ctypes-foreign.opam	2023-07-20 20:00:22.000000000 +0000
++++ ocaml-ctypes-0.21.1/ctypes-foreign.opam	2025-04-14 22:58:02.803357501 +0000
+@@ -22,7 +22,6 @@
+   "lwt" {with-test & >= "2.4.7"}
+   "ounit2" {with-test}
+   "conf-ncurses" {with-test}
+-  "stdlib-shims" {with-test}
+   "conf-fts" {with-test & os != "win32"}
+   "conf-libffi" {>= "2.0.0"}
+   "odoc" {with-doc}
+diff -urN ocaml-ctypes-0.21.1/dune-project ocaml-ctypes-0.21.1/dune-project
+--- ocaml-ctypes-0.21.1/dune-project	2023-07-20 20:00:22.000000000 +0000
++++ ocaml-ctypes-0.21.1/dune-project	2025-04-14 22:58:31.004981718 +0000
+@@ -53,7 +53,6 @@
+   (lwt (and :with-test (>= 2.4.7)))
+   (ounit2 :with-test)
+   (conf-ncurses :with-test)
+-  (stdlib-shims :with-test)
+   (conf-fts (and :with-test (<> :os win32)))
+   (conf-libffi (>= 2.0.0)))
+  (synopsis "Dynamic access to foreign C libraries using Ctypes")
+diff -urN ocaml-ctypes-0.21.1/tests/test-arrays/dune ocaml-ctypes-0.21.1/tests/test-arrays/dune
+--- ocaml-ctypes-0.21.1/tests/test-arrays/dune	2023-07-20 20:00:22.000000000 +0000
++++ ocaml-ctypes-0.21.1/tests/test-arrays/dune	2025-04-14 22:59:31.577118597 +0000
+@@ -11,5 +11,4 @@
+   ctypes-foreign
+   test_arrays_stubs
+   test_arrays_bindings
+-  tests_common
+-  stdlib-shims))
++  tests_common))
+diff -urN ocaml-ctypes-0.21.1/tests/test-cstdlib/dune ocaml-ctypes-0.21.1/tests/test-cstdlib/dune
+--- ocaml-ctypes-0.21.1/tests/test-cstdlib/dune	2023-07-20 20:00:22.000000000 +0000
++++ ocaml-ctypes-0.21.1/tests/test-cstdlib/dune	2025-04-14 22:59:50.118295595 +0000
+@@ -8,5 +8,4 @@
+   ctypes-foreign
+   test_cstdlib_stubs
+   test_cstdlib_bindings
+-  tests_common
+-  stdlib-shims))
++  tests_common))
+diff -urN ocaml-ctypes-0.21.1/tests/test-pointers/dune ocaml-ctypes-0.21.1/tests/test-pointers/dune
+--- ocaml-ctypes-0.21.1/tests/test-pointers/dune	2023-07-20 20:00:22.000000000 +0000
++++ ocaml-ctypes-0.21.1/tests/test-pointers/dune	2025-04-14 23:01:15.531460339 +0000
+@@ -11,5 +11,4 @@
+   ctypes-foreign
+   test_pointers_stubs
+   test_pointers_bindings
+-  tests_common
+-  stdlib-shims))
++  tests_common))
diff --git a/SPECS/ocaml-ctypes/ocaml-ctypes.spec b/SPECS/ocaml-ctypes/ocaml-ctypes.spec
index 3eb7d3e9a7..243789e6a6 100644
--- a/SPECS/ocaml-ctypes/ocaml-ctypes.spec
+++ b/SPECS/ocaml-ctypes/ocaml-ctypes.spec
@@ -1,13 +1,16 @@
 Summary:        Combinators for binding to C libraries without writing any C
 Name:           ocaml-ctypes
 Version:        0.21.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://github.com/ocamllabs/ocaml-ctypes
 Source0:        %{url}/archive/%{version}/%{name}-%{version}.tar.gz
 
+#Remove ocaml-shims dependency from the test as this dep is not available in Mariner
+Patch0:          %{name}-stdlib-shims.patch
+
 BuildRequires:  ocaml >= 4.03.0
 BuildRequires:  ocaml-bigarray-compat-devel
 BuildRequires:  ocaml-dune >= 2.9
@@ -52,7 +55,7 @@ The %{name}-devel package contains libraries and signature
 files for developing applications that use %{name}.
 
 %prep
-%autosetup
+%autosetup -p1
 # Use Mariner flags
 sed -i 's/ "-cclib"; "-Wl,--no-as-needed";//' src/ctypes-foreign/config/discover.ml
 
@@ -72,6 +75,9 @@ sed -i 's/ "-cclib"; "-Wl,--no-as-needed";//' src/ctypes-foreign/config/discover
 %files devel -f .ofiles-devel
 
 %changelog
+* Tue Apr 15 2024 Riken Maharjan  - 0.21.1-2
+- Fix ptest by importing ocaml-ctypes-stdlib-shims patch from Fedora (LICENSE: MIT).
+
 * Tue Jun 04 2024 Andrew Phelps  - 0.21.1-1
 - Upgrade to version 0.21.1 based on Fedora 40 package (license: MIT)
 - Remove doc subpackage
diff --git a/SPECS/open-vm-tools/CVE-2025-22247.patch b/SPECS/open-vm-tools/CVE-2025-22247.patch
new file mode 100644
index 0000000000..b42d0a6871
--- /dev/null
+++ b/SPECS/open-vm-tools/CVE-2025-22247.patch
@@ -0,0 +1,374 @@
+From 7874e572b5aac5a418551dc5e3935c1e74bf6f1f Mon Sep 17 00:00:00 2001
+From: John Wolfe 
+Date: Mon, 5 May 2025 15:58:03 -0700
+Subject: [PATCH] Validate user names and file paths
+
+Prevent usage of illegal characters in user names and file paths.
+Also, disallow unexpected symlinks in file paths.
+
+This patch contains changes to common source files not applicable
+to open-vm-tools.
+
+All files being updated should be consider to have the copyright to
+be updated to:
+
+ * Copyright (c) XXXX-2025 Broadcom. All Rights Reserved.
+ * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
+
+The 2025 Broadcom copyright information update is not part of this
+patch set to allow the patch to be easily applied to previous
+open-vm-tools source releases.
+---
+ vgauth/common/VGAuthUtil.c      | 33 +++++++++
+ vgauth/common/VGAuthUtil.h      |  2 +
+ vgauth/common/prefs.h           |  3 +
+ vgauth/common/usercheck.c       | 23 +++++-
+ vgauth/serviceImpl/alias.c      | 74 ++++++++++++++++++-
+ vgauth/serviceImpl/service.c    | 27 +++++++
+ vgauth/serviceImpl/serviceInt.h |  1 +
+ 7 files changed, 160 insertions(+), 3 deletions(-)
+
+diff --git a/vgauth/common/VGAuthUtil.c b/vgauth/common/VGAuthUtil.c
+index 76383c462..9c2adb8d0 100644
+--- a/vgauth/common/VGAuthUtil.c
++++ b/vgauth/common/VGAuthUtil.c
+@@ -309,3 +309,36 @@ Util_Assert(const char *cond,
+ #endif
+    g_assert(0);
+ }
++
++
++/*
++ ******************************************************************************
++ * Util_Utf8CaseCmp --                                                   */ /**
++ *
++ * Case insensitive comparison for utf8 strings which can have non-ascii
++ * characters.
++ *
++ * @param[in]  str1      Null terminated utf8 string.
++ * @param[in]  str2      Null terminated utf8 string.
++ *
++ ******************************************************************************
++ */
++
++int
++Util_Utf8CaseCmp(const gchar *str1,
++                 const gchar *str2)
++{
++   int ret;
++   gchar *str1Case;
++   gchar *str2Case;
++
++   str1Case = g_utf8_casefold(str1, -1);
++   str2Case = g_utf8_casefold(str2, -1);
++
++   ret = g_strcmp0(str1Case, str2Case);
++
++   g_free(str1Case);
++   g_free(str2Case);
++
++   return ret;
++}
+diff --git a/vgauth/common/VGAuthUtil.h b/vgauth/common/VGAuthUtil.h
+index f7f3aa216..ef32a91da 100644
+--- a/vgauth/common/VGAuthUtil.h
++++ b/vgauth/common/VGAuthUtil.h
+@@ -105,4 +105,6 @@ gboolean Util_CheckExpiration(const GTimeVal *start, unsigned int duration);
+ 
+ void Util_Assert(const char *cond, const char *file, int lineNum);
+ 
++int Util_Utf8CaseCmp(const gchar *str1, const gchar *str2);
++
+ #endif
+diff --git a/vgauth/common/prefs.h b/vgauth/common/prefs.h
+index 6c58f3f4b..3299eb26c 100644
+--- a/vgauth/common/prefs.h
++++ b/vgauth/common/prefs.h
+@@ -167,6 +167,9 @@ msgCatalog = /etc/vmware-tools/vgauth/messages
+ /** Where the localized version of the messages were installed. */
+ #define VGAUTH_PREF_LOCALIZATION_DIR        "msgCatalog"
+ 
++/** If symlinks or junctions are allowed in alias store file path */
++#define VGAUTH_PREF_ALLOW_SYMLINKS  "allowSymlinks"
++
+ /*
+  * Pref values
+  */
+diff --git a/vgauth/common/usercheck.c b/vgauth/common/usercheck.c
+index 3beede2e8..340aa0411 100644
+--- a/vgauth/common/usercheck.c
++++ b/vgauth/common/usercheck.c
+@@ -78,6 +78,8 @@
+  * Solaris as well, but that path is untested.
+  */
+ 
++#define MAX_USER_NAME_LEN 256
++
+ /*
+  * A single retry works for the LDAP case, but try more often in case NIS
+  * or something else has a related issue.  Note that a bad username/uid won't
+@@ -354,12 +356,29 @@ Usercheck_UsernameIsLegal(const gchar *userName)
+     * restricted list for local usernames.
+     */
+    size_t len;
+-   char *illegalChars = "<>/";
++   size_t i = 0;
++   int backSlashCnt = 0;
++   /*
++    * As user names are used to generate its alias store file name/path, it
++    * should not contain path traversal characters ('/' and '\').
++    */
++   char *illegalChars = "<>/\\";
+ 
+    len = strlen(userName);
+-   if (strcspn(userName, illegalChars) != len) {
++   if (len > MAX_USER_NAME_LEN) {
+       return FALSE;
+    }
++
++   while ((i += strcspn(userName + i, illegalChars)) < len) {
++      /*
++       * One backward slash is allowed for domain\username separator.
++       */
++      if (userName[i] != '\\' || ++backSlashCnt > 1) {
++         return FALSE;
++      }
++      ++i;
++   }
++
+    return TRUE;
+ }
+ 
+diff --git a/vgauth/serviceImpl/alias.c b/vgauth/serviceImpl/alias.c
+index 4e170202c..c7040ebff 100644
+--- a/vgauth/serviceImpl/alias.c
++++ b/vgauth/serviceImpl/alias.c
+@@ -41,6 +41,7 @@
+ #include "certverify.h"
+ #include "VGAuthProto.h"
+ #include "vmxlog.h"
++#include "VGAuthUtil.h"
+ 
+ // puts the identity store in an easy to find place
+ #undef WIN_TEST_MODE
+@@ -66,6 +67,7 @@
+ #define ALIASSTORE_FILE_PREFIX   "user-"
+ #define ALIASSTORE_FILE_SUFFIX   ".xml"
+ 
++static gboolean allowSymlinks = FALSE;
+ static gchar *aliasStoreRootDir = DEFAULT_ALIASSTORE_ROOT_DIR;
+ 
+ #ifdef _WIN32
+@@ -252,6 +254,12 @@ mapping file layout:
+ 
+  */
+ 
++#ifdef _WIN32
++#define ISPATHSEP(c)  ((c) == '\\' || (c) == '/')
++#else
++#define ISPATHSEP(c)  ((c) == '/')
++#endif
++
+ 
+ /*
+  ******************************************************************************
+@@ -466,6 +474,7 @@ ServiceLoadFileContentsWin(const gchar *fileName,
+    gunichar2 *fileNameW = NULL;
+    BOOL ok;
+    DWORD bytesRead;
++   gchar *realPath = NULL;
+ 
+    *fileSize = 0;
+    *contents = NULL;
+@@ -622,6 +631,22 @@ ServiceLoadFileContentsWin(const gchar *fileName,
+       goto done;
+    }
+ 
++   if (!allowSymlinks) {
++      /*
++       * Check if fileName is real path.
++       */
++      if ((realPath = ServiceFileGetPathByHandle(hFile)) == NULL) {
++         err = VGAUTH_E_FAIL;
++         goto done;
++      }
++      if (Util_Utf8CaseCmp(realPath, fileName) != 0) {
++         Warning("%s: Real path (%s) is not same as file path (%s)\n",
++                 __FUNCTION__, realPath, fileName);
++         err = VGAUTH_E_FAIL;
++         goto done;
++      }
++   }
++
+    /*
+     * Now finally read the contents.
+     */
+@@ -650,6 +675,7 @@ done:
+       CloseHandle(hFile);
+    }
+    g_free(fileNameW);
++   g_free(realPath);
+ 
+    return err;
+ }
+@@ -672,6 +698,7 @@ ServiceLoadFileContentsPosix(const gchar *fileName,
+    gchar *buf;
+    gchar *bp;
+    int fd = -1;
++   gchar realPath[PATH_MAX] = { 0 };
+ 
+    *fileSize = 0;
+    *contents = NULL;
+@@ -817,6 +844,23 @@ ServiceLoadFileContentsPosix(const gchar *fileName,
+       goto done;
+    }
+ 
++   if (!allowSymlinks) {
++      /*
++       * Check if fileName is real path.
++       */
++      if (realpath(fileName, realPath) == NULL) {
++         Warning("%s: realpath() failed. errno (%d)\n", __FUNCTION__, errno);
++         err = VGAUTH_E_FAIL;
++         goto done;
++      }
++      if (g_strcmp0(realPath, fileName) != 0) {
++         Warning("%s: Real path (%s) is not same as file path (%s)\n",
++                 __FUNCTION__, realPath, fileName);
++         err = VGAUTH_E_FAIL;
++         goto done;
++      }
++   }
++
+    /*
+     * All confidence checks passed; read the bits.
+     */
+@@ -2803,8 +2847,13 @@ ServiceAliasRemoveAlias(const gchar *reqUserName,
+ 
+    /*
+     * We don't verify the user exists in a Remove operation, to allow
+-    * cleanup of deleted user's stores.
++    * cleanup of deleted user's stores, but we do check whether the
++    * user name is legal or not.
+     */
++   if (!Usercheck_UsernameIsLegal(userName)) {
++      Warning("%s: Illegal user name '%s'\n", __FUNCTION__, userName);
++      return VGAUTH_E_FAIL;
++   }
+ 
+    if (!CertVerify_IsWellFormedPEMCert(pemCert)) {
+       return VGAUTH_E_INVALID_CERTIFICATE;
+@@ -3036,6 +3085,16 @@ ServiceAliasQueryAliases(const gchar *userName,
+    }
+ #endif
+ 
++   /*
++    * We don't verify the user exists in a Query operation to allow
++    * cleaning up after a deleted user, but we do check whether the
++    * user name is legal or not.
++    */
++   if (!Usercheck_UsernameIsLegal(userName)) {
++      Warning("%s: Illegal user name '%s'\n", __FUNCTION__, userName);
++      return VGAUTH_E_FAIL;
++   }
++
+    err = AliasLoadAliases(userName, num, aList);
+    if (VGAUTH_E_OK != err) {
+       Warning("%s: failed to load Aliases for '%s'\n", __FUNCTION__, userName);
+@@ -3294,6 +3353,7 @@ ServiceAliasInitAliasStore(void)
+    VGAuthError err = VGAUTH_E_OK;
+    gboolean saveBadDir = FALSE;
+    char *defaultDir = NULL;
++   size_t len;
+ 
+ #ifdef _WIN32
+    {
+@@ -3324,6 +3384,10 @@ ServiceAliasInitAliasStore(void)
+    defaultDir = g_strdup(DEFAULT_ALIASSTORE_ROOT_DIR);
+ #endif
+ 
++   allowSymlinks = Pref_GetBool(gPrefs,
++                                VGAUTH_PREF_ALLOW_SYMLINKS,
++                                VGAUTH_PREF_GROUP_NAME_SERVICE,
++                                FALSE);
+    /*
+     * Find the alias store directory.  This allows an installer to put
+     * it somewhere else if necessary.
+@@ -3337,6 +3401,14 @@ ServiceAliasInitAliasStore(void)
+                                       VGAUTH_PREF_GROUP_NAME_SERVICE,
+                                       defaultDir);
+ 
++   /*
++    * Remove the trailing separator if any from aliasStoreRootDir path.
++    */
++   len = strlen(aliasStoreRootDir);
++   if (ISPATHSEP(aliasStoreRootDir[len - 1])) {
++      aliasStoreRootDir[len - 1] = '\0';
++   }
++
+    Log("Using '%s' for alias store root directory\n", aliasStoreRootDir);
+ 
+    g_free(defaultDir);
+diff --git a/vgauth/serviceImpl/service.c b/vgauth/serviceImpl/service.c
+index d4716526c..e053ed0fa 100644
+--- a/vgauth/serviceImpl/service.c
++++ b/vgauth/serviceImpl/service.c
+@@ -28,6 +28,7 @@
+ #include "VGAuthUtil.h"
+ #ifdef _WIN32
+ #include "winUtil.h"
++#include 
+ #endif
+ 
+ static ServiceStartListeningForIOFunc startListeningIOFunc = NULL;
+@@ -283,9 +284,35 @@ static gchar *
+ ServiceUserNameToPipeName(const char *userName)
+ {
+    gchar *escapedName = ServiceEncodeUserName(userName);
++#ifdef _WIN32
++   /*
++    * Adding below pragma only in windows to suppress the compile time warning
++    * about unavailability of g_uuid_string_random() since compiler flag
++    * GLIB_VERSION_MAX_ALLOWED is defined to GLIB_VERSION_2_34.
++    * TODO: Remove below pragma when GLIB_VERSION_MAX_ALLOWED is bumped up to
++    * or greater than GLIB_VERSION_2_52.
++    */
++#pragma warning(suppress : 4996)
++   gchar *uuidStr = g_uuid_string_random();
++   /*
++    * Add a unique suffix to avoid a name collision with an existing named pipe
++    * created by someone else (intentionally or by accident).
++    * This is not needed for Linux; name collisions on sockets are already
++    * avoided there since (1) file system paths to VGAuthService sockets are in
++    * a directory that is writable only by root and (2) VGAuthService unlinks a
++    * socket path before binding it to a newly created socket.
++    */
++   gchar *pipeName = g_strdup_printf("%s-%s-%s",
++                                     SERVICE_PUBLIC_PIPE_NAME,
++                                     escapedName,
++                                     uuidStr);
++
++   g_free(uuidStr);
++#else
+    gchar *pipeName = g_strdup_printf("%s-%s",
+                                      SERVICE_PUBLIC_PIPE_NAME,
+                                      escapedName);
++#endif
+ 
+    g_free(escapedName);
+    return pipeName;
+diff --git a/vgauth/serviceImpl/serviceInt.h b/vgauth/serviceImpl/serviceInt.h
+index 5f420192b..f4f88547d 100644
+--- a/vgauth/serviceImpl/serviceInt.h
++++ b/vgauth/serviceImpl/serviceInt.h
+@@ -441,6 +441,7 @@ VGAuthError ServiceFileVerifyAdminGroupOwnedByHandle(const HANDLE hFile);
+ VGAuthError ServiceFileVerifyEveryoneReadableByHandle(const HANDLE hFile);
+ VGAuthError ServiceFileVerifyUserAccessByHandle(const HANDLE hFile,
+                                                 const char *userName);
++gchar *ServiceFileGetPathByHandle(HANDLE hFile);
+ #else
+ VGAuthError ServiceFileVerifyFileOwnerAndPerms(const char *fileName,
+                                                const char *userName,
+-- 
+2.43.5
+
diff --git a/SPECS/open-vm-tools/open-vm-tools.spec b/SPECS/open-vm-tools/open-vm-tools.spec
index bee0fb3c61..3dd6da5000 100644
--- a/SPECS/open-vm-tools/open-vm-tools.spec
+++ b/SPECS/open-vm-tools/open-vm-tools.spec
@@ -25,7 +25,7 @@
 Summary:        Open Virtual Machine Tools for virtual machines hosted on VMware
 Name:           open-vm-tools
 Version:        12.3.5
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -36,6 +36,7 @@ Source2:        %{vgauthdaemon}.service
 Source3:        vmblock.mount
 Source4:        open-vm-tools.conf
 Source5:        vmtoolsd.pam
+Patch0:         CVE-2025-22247.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 #BuildRequires:    doxygen
@@ -122,7 +123,7 @@ useful for verifying the functioning of %{name} in VMware virtual
 machines.
 
 %prep
-%autosetup -n %{name}-%{version}-%{toolsbuild}
+%autosetup -n %{name}-%{version}-%{toolsbuild} -p1
 
 %build
 # Required for regenerating configure script when
@@ -333,6 +334,9 @@ fi
 %{_bindir}/vmware-vgauth-smoketest
 
 %changelog
+* Fri May 09 2025 Andrew Phelps  - 12.3.5-2
+- Add CVE-2025-22247.patch
+
 * Wed Jan 31 2024 Bala  - 12.3.5-1
 - Upgrade to version 12.3.5
 
diff --git a/SPECS/openssh/CVE-2025-32728.patch b/SPECS/openssh/CVE-2025-32728.patch
new file mode 100644
index 0000000000..e8c8d6cfd2
--- /dev/null
+++ b/SPECS/openssh/CVE-2025-32728.patch
@@ -0,0 +1,37 @@
+From 1526b86ec36bd7e711ef9305d9644642b4140096 Mon Sep 17 00:00:00 2001
+From: Sudipta Pandit 
+Date: Thu, 17 Apr 2025 15:21:33 +0530
+Subject: [PATCH] Backport fix for CVE-2025-32728
+
+Upstream ref: https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367
+
+---
+ session.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/session.c b/session.c
+index c941511..98cd183 100644
+--- a/session.c
++++ b/session.c
+@@ -2176,7 +2176,8 @@ session_auth_agent_req(struct ssh *ssh, Session *s)
+ 	if ((r = sshpkt_get_end(ssh)) != 0)
+ 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
+ 	if (!auth_opts->permit_agent_forwarding_flag ||
+-	    !options.allow_agent_forwarding) {
++	    !options.allow_agent_forwarding ||
++	    options.disable_forwarding) {
+ 		debug_f("agent forwarding disabled");
+ 		return 0;
+ 	}
+@@ -2571,7 +2572,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s)
+ 		ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options.");
+ 		return 0;
+ 	}
+-	if (!options.x11_forwarding) {
++	if (!options.x11_forwarding || options.disable_forwarding) {
+ 		debug("X11 forwarding disabled in server configuration file.");
+ 		return 0;
+ 	}
+-- 
+2.34.1
+
diff --git a/SPECS/openssh/openssh.spec b/SPECS/openssh/openssh.spec
index 955e17f199..1208c931ab 100644
--- a/SPECS/openssh/openssh.spec
+++ b/SPECS/openssh/openssh.spec
@@ -3,7 +3,7 @@
 Summary:        Free version of the SSH connectivity tools
 Name:           openssh
 Version:        %{openssh_ver}
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        BSD
 Vendor:         Intel Corporation
 Distribution:   Edge Microvisor Toolkit
@@ -35,6 +35,7 @@ Patch307:       pam_ssh_agent_auth-0.10.2-dereference.patch
 #CVE Patches
 #This CVE Patches both CVE-2025-26465 and CVE-2025-26466
 Patch400:       CVE-2025-26465.patch
+Patch401:       CVE-2025-32728.patch
 # sk-dummy.so built with -fvisibility=hidden does not work
 # The tests fail with the following error:
 #   dlsym(sk_api_version) failed: (...)/sk-dummy.so: undefined symbol: sk_api_version
@@ -113,6 +114,7 @@ autoreconf
 popd
 
 %patch -P 400 -p1 -b .CVE-2025-26465.patch
+%patch -P 401 -p1 -b .CVE-2025-32728.patch
 %patch -P 965 -p1 -b .visibility
 
 %build
@@ -279,6 +281,10 @@ fi
 %{_mandir}/man8/ssh-sk-helper.8.gz
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 9.8p1-7
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-32728
+
 * Tue Mar 18 2025 Ranjan Dutta  - 9.8p1-6
 - Bump version for merge AZL tag: 3.0.20250311-3.0
 - Patch CVE-2025-26465 and CVE-2025-26466
diff --git a/SPECS/packer/CVE-2024-51744.patch b/SPECS/packer/CVE-2024-51744.patch
new file mode 100644
index 0000000000..60cde4197c
--- /dev/null
+++ b/SPECS/packer/CVE-2024-51744.patch
@@ -0,0 +1,87 @@
+From e14563df9567114cdebcafcf68576e3838ce4ad2 Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Wed, 16 Apr 2025 19:02:58 -0500
+Subject: [PATCH] Address CVE-2024-51744
+Upstream Patch Reference: https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c
+
+---
+ vendor/github.com/golang-jwt/jwt/v4/parser.go | 36 +++++++++++--------
+ 1 file changed, 21 insertions(+), 15 deletions(-)
+
+diff --git a/vendor/github.com/golang-jwt/jwt/v4/parser.go b/vendor/github.com/golang-jwt/jwt/v4/parser.go
+index 9484f28..0fc510a 100644
+--- a/vendor/github.com/golang-jwt/jwt/v4/parser.go
++++ b/vendor/github.com/golang-jwt/jwt/v4/parser.go
+@@ -38,12 +38,21 @@ func NewParser(options ...ParserOption) *Parser {
+ 	return p
+ }
+ 
+-// Parse parses, validates, verifies the signature and returns the parsed token.
+-// keyFunc will receive the parsed token and should return the key for validating.
++// Parse parses, validates, verifies the signature and returns the parsed token. keyFunc will
++// receive the parsed token and should return the key for validating.
+ func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
+ 	return p.ParseWithClaims(tokenString, MapClaims{}, keyFunc)
+ }
+ 
++// ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object
++// implementing the Claims interface. This provides default values which can be overridden and
++// allows a caller to use their own type, rather than the default MapClaims implementation of
++// Claims.
++//
++// Note: If you provide a custom claim implementation that embeds one of the standard claims (such
++// as RegisteredClaims), make sure that a) you either embed a non-pointer version of the claims or
++// b) if you are using a pointer, allocate the proper memory for it before passing in the overall
++// claims, otherwise you might run into a panic.
+ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) {
+ 	token, parts, err := p.ParseUnverified(tokenString, claims)
+ 	if err != nil {
+@@ -80,12 +89,17 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ 		return token, &ValidationError{Inner: err, Errors: ValidationErrorUnverifiable}
+ 	}
+ 
++	// Perform validation
++	token.Signature = parts[2]
++	if err := token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
++		return token, &ValidationError{Inner: err, Errors: ValidationErrorSignatureInvalid}
++	}
++
+ 	vErr := &ValidationError{}
+ 
+ 	// Validate Claims
+ 	if !p.SkipClaimsValidation {
+ 		if err := token.Claims.Valid(); err != nil {
+-
+ 			// If the Claims Valid returned an error, check if it is a validation error,
+ 			// If it was another error type, create a ValidationError with a generic ClaimsInvalid flag set
+ 			if e, ok := err.(*ValidationError); !ok {
+@@ -93,22 +107,14 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ 			} else {
+ 				vErr = e
+ 			}
++			return token, vErr
+ 		}
+ 	}
+ 
+-	// Perform validation
+-	token.Signature = parts[2]
+-	if err = token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
+-		vErr.Inner = err
+-		vErr.Errors |= ValidationErrorSignatureInvalid
+-	}
+-
+-	if vErr.valid() {
+-		token.Valid = true
+-		return token, nil
+-	}
++	// No errors so far, token is valid.
++	token.Valid = true
+ 
+-	return token, vErr
++	return token, nil
+ }
+ 
+ // ParseUnverified parses the token but doesn't validate the signature.
+-- 
+2.45.2
+
diff --git a/SPECS/packer/CVE-2025-22870.patch b/SPECS/packer/CVE-2025-22870.patch
new file mode 100644
index 0000000000..baa7f27565
--- /dev/null
+++ b/SPECS/packer/CVE-2025-22870.patch
@@ -0,0 +1,48 @@
+From 7ec5d654a9244ad0676849bfd9b8e4af623a7daa Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Wed, 16 Apr 2025 17:59:28 -0500
+Subject: [PATCH] Address CVE-2025-22870
+Upstream Patch Reference: https://github.com/golang/go/commit/25177ecde0922c50753c043579d17828b7ee88e7
+
+---
+ vendor/golang.org/x/net/http/httpproxy/proxy.go | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/http/httpproxy/proxy.go b/vendor/golang.org/x/net/http/httpproxy/proxy.go
+index 6404aaf..d89c257 100644
+--- a/vendor/golang.org/x/net/http/httpproxy/proxy.go
++++ b/vendor/golang.org/x/net/http/httpproxy/proxy.go
+@@ -14,6 +14,7 @@ import (
+ 	"errors"
+ 	"fmt"
+ 	"net"
++	"net/netip"
+ 	"net/url"
+ 	"os"
+ 	"strings"
+@@ -177,8 +178,10 @@ func (cfg *config) useProxy(addr string) bool {
+ 	if host == "localhost" {
+ 		return false
+ 	}
+-	ip := net.ParseIP(host)
+-	if ip != nil {
++	nip, err := netip.ParseAddr(host)
++	var ip net.IP
++	if err == nil {
++		ip = net.IP(nip.AsSlice())
+ 		if ip.IsLoopback() {
+ 			return false
+ 		}
+@@ -360,6 +363,9 @@ type domainMatch struct {
+ }
+ 
+ func (m domainMatch) match(host, port string, ip net.IP) bool {
++	if ip != nil {
++		return false
++	}
+ 	if strings.HasSuffix(host, m.host) || (m.matchHost && host == m.host[1:]) {
+ 		return m.port == "" || m.port == port
+ 	}
+-- 
+2.45.2
+
diff --git a/SPECS/packer/CVE-2025-22872.patch b/SPECS/packer/CVE-2025-22872.patch
new file mode 100644
index 0000000000..c86baa1694
--- /dev/null
+++ b/SPECS/packer/CVE-2025-22872.patch
@@ -0,0 +1,42 @@
+From c87c77a12e5554d376945bd488e56d4fc5b9e5ac Mon Sep 17 00:00:00 2001
+From: archana25-ms 
+Date: Tue, 22 Apr 2025 06:32:35 +0000
+Subject: [PATCH] Address CVE-2025-22872
+Upstream Patch Reference: https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9
+
+---
+ vendor/golang.org/x/net/html/token.go | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go
+index 3c57880..6598c1f 100644
+--- a/vendor/golang.org/x/net/html/token.go
++++ b/vendor/golang.org/x/net/html/token.go
+@@ -839,8 +839,22 @@ func (z *Tokenizer) readStartTag() TokenType {
+ 	if raw {
+ 		z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end]))
+ 	}
+-	// Look for a self-closing token like "
".
+-	if z.err == nil && z.buf[z.raw.end-2] == '/' {
++	// Look for a self-closing token (e.g. 
).
++	//
++	// Originally, we did this by just checking that the last character of the
++	// tag (ignoring the closing bracket) was a solidus (/) character, but this
++	// is not always accurate.
++	//
++	// We need to be careful that we don't misinterpret a non-self-closing tag
++	// as self-closing, as can happen if the tag contains unquoted attribute
++	// values (i.e. 
).
++	//
++	// To avoid this, we check that the last non-bracket character of the tag
++	// (z.raw.end-2) isn't the same character as the last non-quote character of
++	// the last attribute of the tag (z.pendingAttr[1].end-1), if the tag has
++	// attributes.
++	nAttrs := len(z.attr)
++	if z.err == nil && z.buf[z.raw.end-2] == '/' && (nAttrs == 0 || z.raw.end-2 != z.attr[nAttrs-1][1].end-1) {
+ 		return SelfClosingTagToken
+ 	}
+ 	return StartTagToken
+-- 
+2.45.3
+
diff --git a/SPECS/packer/packer.spec b/SPECS/packer/packer.spec
index d8481fa663..82d518c446 100644
--- a/SPECS/packer/packer.spec
+++ b/SPECS/packer/packer.spec
@@ -4,7 +4,7 @@
 Summary:        Tool for creating identical machine images for multiple platforms from a single source configuration.
 Name:           packer
 Version:        1.9.5
-Release:        8%{?dist}
+Release:        10%{?dist}
 License:        MPLv2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -40,6 +40,10 @@ Patch5:         CVE-2025-27144.patch
 Patch6:         CVE-2025-22869.patch
 Patch7:         CVE-2025-22868.patch
 Patch8:         CVE-2025-30204.patch
+Patch9:         CVE-2025-22870.patch
+Patch10:        CVE-2024-51744.patch
+Patch11:        CVE-2025-22872.patch
+
 BuildRequires:  golang >= 1.21
 BuildRequires:  kernel-headers
 BuildRequires:  glibc-devel
@@ -48,10 +52,7 @@ BuildRequires:  glibc-devel
 Packer is a tool for building identical machine images for multiple platforms from a single source configuration.
 
 %prep
-%autosetup -N
-# Apply vendor before patching
-tar --no-same-owner -xf %{SOURCE1}
-%autopatch -p1
+%autosetup -p1 -a1
 
 %build
 export GOPATH=%{our_gopath}
@@ -73,6 +74,12 @@ go test -mod=vendor
 %{_bindir}/packer
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 1.9.5-10
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-22872
+- Fix CVE-2025-22870, CVE-2024-51744 with upstream patches
+- Patch CVE-2025-30204
+
 * Fri Apr 28 2025 Ranjan Dutta  - 1.9.5-8
 - merge from Azure Linux tag 3.0.20250423-3.0
 
diff --git a/SPECS/perl-CPAN-Meta-Check/perl-CPAN-Meta-Check.spec b/SPECS/perl-CPAN-Meta-Check/perl-CPAN-Meta-Check.spec
index 13d7c81356..f464293cdb 100644
--- a/SPECS/perl-CPAN-Meta-Check/perl-CPAN-Meta-Check.spec
+++ b/SPECS/perl-CPAN-Meta-Check/perl-CPAN-Meta-Check.spec
@@ -1,7 +1,7 @@
 Name:           perl-CPAN-Meta-Check
 Summary:        Verify requirements in a CPAN::Meta object
 Version:        0.018
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPL+ OR Artistic
 Group:          Development/Libraries
 Vendor:         Microsoft Corporation
@@ -29,6 +29,7 @@ BuildRequires:  perl(Env)
 BuildRequires:  perl(lib)
 BuildRequires:  perl(Test::Deep)
 BuildRequires:  perl(Test::More) >= 0.88
+BuildRequires:  perl(blib)
 %endif
 
 # Runtime
@@ -58,6 +59,9 @@ make test
 %{_mandir}/man3/CPAN::Meta::Check.3*
 
 %changelog
+* Tue May 06 2025 Riken Maharjan  - 0.018-2
+- Fix Ptest for perl-CPAN-Meta-Check
+
 * Mon Dec 18 2023 CBL-Mariner Servicing Account  - 0.018-1
 - Auto-upgrade to 0.018 - Azure Linux 3.0 - package upgrades
 
diff --git a/SPECS/perl-JSON-Any/perl-JSON-Any.spec b/SPECS/perl-JSON-Any/perl-JSON-Any.spec
index d54408d41c..56bda7e12d 100644
--- a/SPECS/perl-JSON-Any/perl-JSON-Any.spec
+++ b/SPECS/perl-JSON-Any/perl-JSON-Any.spec
@@ -1,7 +1,7 @@
 Summary:        Wrapper Class for the various JSON classes
 Name:           perl-JSON-Any
 Version:        1.40
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPL+ or Artistic
 Group:          Development/Libraries
 URL:            http://search.cpan.org/~ether/JSON-Any-1.39/lib/JSON/Any.pm
@@ -12,10 +12,12 @@ BuildArch:      noarch
 BuildRequires:  perl >= 5.28.0
 BuildRequires:  perl-generators
 BuildRequires:  perl(ExtUtils::MakeMaker)
-%if 0%{?with_check}
 BuildRequires:  perl(CPAN)
+%if 0%{?with_check}
 BuildRequires:  perl(CPAN::Meta)
 BuildRequires:  perl(Test::More)
+BuildRequires:  perl(Test::Needs)
+BuildRequires:  perl(open)
 %endif
 
 Requires:       perl(Carp)
@@ -51,6 +53,9 @@ make test
 %{_mandir}/man?/*
 
 %changelog
+* Tue Apr 15 2024 Riken Maharjan  - 1.40-2
+- Add missing check dependencies.
+
 * Mon Dec 18 2023 CBL-Mariner Servicing Account  - 1.40-1
 - Auto-upgrade to 1.40 - Azure Linux 3.0 - package upgrades
 
diff --git a/SPECS-EXTENDED/perl-Test-Harness/Test-Harness-3.38-Remove-shell-bangs.patch b/SPECS/perl-Test-Harness/Test-Harness-3.38-Remove-shell-bangs.patch
similarity index 100%
rename from SPECS-EXTENDED/perl-Test-Harness/Test-Harness-3.38-Remove-shell-bangs.patch
rename to SPECS/perl-Test-Harness/Test-Harness-3.38-Remove-shell-bangs.patch
diff --git a/SPECS-EXTENDED/perl-Test-Harness/perl-Test-Harness.signatures.json b/SPECS/perl-Test-Harness/perl-Test-Harness.signatures.json
similarity index 100%
rename from SPECS-EXTENDED/perl-Test-Harness/perl-Test-Harness.signatures.json
rename to SPECS/perl-Test-Harness/perl-Test-Harness.signatures.json
diff --git a/SPECS-EXTENDED/perl-Test-Harness/perl-Test-Harness.spec b/SPECS/perl-Test-Harness/perl-Test-Harness.spec
similarity index 100%
rename from SPECS-EXTENDED/perl-Test-Harness/perl-Test-Harness.spec
rename to SPECS/perl-Test-Harness/perl-Test-Harness.spec
diff --git a/SPECS/perl-Test-Without-Module/perl-Test-Without-Module.spec b/SPECS/perl-Test-Without-Module/perl-Test-Without-Module.spec
index e5284ac4e0..b52c87d4b2 100644
--- a/SPECS/perl-Test-Without-Module/perl-Test-Without-Module.spec
+++ b/SPECS/perl-Test-Without-Module/perl-Test-Without-Module.spec
@@ -1,6 +1,6 @@
 Name:           perl-Test-Without-Module
 Version:        0.23
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Test fallback behavior in absence of modules
 License:        GPL+ or Artistic
 Vendor:         Microsoft Corporation
@@ -23,6 +23,7 @@ BuildRequires:  perl(Data::Dumper)
 BuildRequires:  perl(File::Find)
 BuildRequires:  perl(Symbol)
 BuildRequires:  perl(Test::More)
+BuildRequires:  perl(Module::Load::Conditional)
 Requires:       perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
 
 %{?perl_default_filter}
@@ -54,6 +55,9 @@ make test
 %{_mandir}/man3/Test*
 
 %changelog
+* Tue Apr 22 2025 Riken Maharjan  - 0.23-2
+- Add missing check dependencies.
+
 * Wed Aug 28 2024 Neha Agarwal  - 0.23-1
 - Promote package to Core repository.
 - License verified.
diff --git a/SPECS/perl-YAML-Tiny/perl-YAML-Tiny.spec b/SPECS/perl-YAML-Tiny/perl-YAML-Tiny.spec
index 3d0b0ab5c6..58357f47af 100644
--- a/SPECS/perl-YAML-Tiny/perl-YAML-Tiny.spec
+++ b/SPECS/perl-YAML-Tiny/perl-YAML-Tiny.spec
@@ -2,7 +2,7 @@
 Summary:        Read/Write YAML files with as little code as possible
 Name:           perl-YAML-Tiny
 Version:        1.74
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPL+ or Artistic
 Group:          Development/Libraries
 URL:            http://search.cpan.org/dist/YAML-Tiny/
@@ -16,6 +16,7 @@ BuildRequires:  perl(ExtUtils::MakeMaker)
 %if 0%{?with_check}
 BuildRequires:  perl(JSON::PP)
 BuildRequires:  perl(Test::More)
+BuildRequires:  perl(open)
 %endif
 
 Requires:       perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
@@ -51,6 +52,9 @@ make test
 %{_mandir}/man3/YAML::Tiny.3*
 
 %changelog
+* Tue Apr 22 2025 Riken Maharjan  - 1.74-2
+- Add missing check dependencies.
+
 * Fri Oct 27 2023 CBL-Mariner Servicing Account  - 1.74-1
 - Auto-upgrade to 1.74 - Azure Linux 3.0 - package upgrades
 
diff --git a/SPECS/perl/CVE-2024-56406.patch b/SPECS/perl/CVE-2024-56406.patch
new file mode 100644
index 0000000000..aeff99fd27
--- /dev/null
+++ b/SPECS/perl/CVE-2024-56406.patch
@@ -0,0 +1,25 @@
+commit 4ff211d2bd05db0ba9e18faf1ff8bd3dab128c5a
+Author:     Karl Williamson khw@cpan.org
+AuthorDate: 2024-12-18 18:25:29 -0700
+Commit:     Steve Hay steve.m.hay@googlemail.com
+CommitDate: 2025-03-30 11:58:35 +0100
+
+    CVE-2024-56406: Heap-buffer-overflow with tr//
+
+    This was due to underallocating needed space.  If the translation forces
+    something to become UTF-8 that is initially bytes, that UTF-8 could
+    now require two bytes where previously a single one would do.
+
+    (cherry picked from commit f93109c8a6950aafbd7488d98e112552033a3686)
+
+diff --git a/op.c b/op.c
+index 330a30153fe..0dc6a8350d3 100644
+--- a/op.c
++++ b/op.c
+@@ -6519,6 +6519,7 @@ S_pmtrans(pTHX_ OP *o, OP *expr, OP *repl)
+                  * same time.  But otherwise one crosses before the other */
+                 if (t_cp < 256 && r_cp_end > 255 && r_cp != t_cp) {
+                     can_force_utf8 = TRUE;
++                    max_expansion = MAX(2, max_expansion);
+                 }
+             }
diff --git a/SPECS/perl/perl.spec b/SPECS/perl/perl.spec
index 1fa041ace8..ad77394698 100644
--- a/SPECS/perl/perl.spec
+++ b/SPECS/perl/perl.spec
@@ -127,7 +127,7 @@ License:        GPL+ or Artistic
 Epoch:          %{perl_epoch}
 Version:        %{perl_version}
 # release number must be even higher, because dual-lived modules will be broken otherwise
-Release:        506%{?dist}
+Release:        507%{?dist}
 Summary:        Practical Extraction and Report Language
 Url:            https://www.perl.org/
 Vendor:         Microsoft Corporation
@@ -183,6 +183,8 @@ Patch201:       perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-MM-on-Linux.pa
 # If optimizing -O is used, add the definition to .ph files, bug #2152012
 Patch202:       perl-5.36.0-Add-definition-of-OPTIMIZE-to-.ph-files.patch
 
+Patch203:       CVE-2024-56406.patch
+
 # Update some of the bundled modules
 # see http://fedoraproject.org/wiki/Perl/perl.spec for instructions
 
@@ -6838,6 +6840,9 @@ popd
 
 # Old changelog entries are preserved in CVS.
 %changelog
+* Tue Apr 08 2025 Andrew Phelps  - 4:5.38.2-507
+- Patch CVE-2024-56406
+
 * Fri May 24 2024 Pawel Winogrodzki  - 4:5.38.2-506
 - Release bump to regenerate package's requires and provides.
 
diff --git a/SPECS/pgbouncer/pgbouncer.signatures.json b/SPECS/pgbouncer/pgbouncer.signatures.json
index baf6d6bde9..bb8cc45a1d 100644
--- a/SPECS/pgbouncer/pgbouncer.signatures.json
+++ b/SPECS/pgbouncer/pgbouncer.signatures.json
@@ -1,6 +1,6 @@
 {
   "Signatures": {
     "pgbouncer.service": "9c158af014827b4b96577caacce1d5fbf1e186ebb481c96f4f071a0f05425fe1",
-    "pgbouncer-1.20.1.tar.gz": "24992cf557d73426d7048698dffc7b019e6364d4d8757ae2cf5e2471286a2088"
+    "pgbouncer-1.24.1.tar.gz": "da72a3aba13072876d055a3e58dd4aba4a5de4ed6148e73033185245598fd3e0"
   }
 }
diff --git a/SPECS/pgbouncer/pgbouncer.spec b/SPECS/pgbouncer/pgbouncer.spec
index e2504081a5..1f86faceab 100644
--- a/SPECS/pgbouncer/pgbouncer.spec
+++ b/SPECS/pgbouncer/pgbouncer.spec
@@ -1,6 +1,6 @@
 Summary:	Connection pooler for PostgreSQL.
 Name:		pgbouncer
-Version:	1.20.1
+Version:	1.24.1
 Release:	1%{?dist}
 License:	ISC License
 URL:		https://www.pgbouncer.org/
@@ -80,6 +80,9 @@ fi
 /usr/share/doc/pgbouncer/*
 
 %changelog
+* Tue Apr 22 2025 CBL-Mariner Servicing Account  - 1.24.1-1
+- Auto-upgrade to 1.24.1 - bump version to fix CVE-2025-2291
+
 * Fri Oct 27 2023 CBL-Mariner Servicing Account  - 1.20.1-1
 - Auto-upgrade to 1.20.1 - Azure Linux 3.0 - package upgrades
 
diff --git a/SPECS/prometheus-adapter/CVE-2025-22872.patch b/SPECS/prometheus-adapter/CVE-2025-22872.patch
new file mode 100644
index 0000000000..c86baa1694
--- /dev/null
+++ b/SPECS/prometheus-adapter/CVE-2025-22872.patch
@@ -0,0 +1,42 @@
+From c87c77a12e5554d376945bd488e56d4fc5b9e5ac Mon Sep 17 00:00:00 2001
+From: archana25-ms 
+Date: Tue, 22 Apr 2025 06:32:35 +0000
+Subject: [PATCH] Address CVE-2025-22872
+Upstream Patch Reference: https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9
+
+---
+ vendor/golang.org/x/net/html/token.go | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go
+index 3c57880..6598c1f 100644
+--- a/vendor/golang.org/x/net/html/token.go
++++ b/vendor/golang.org/x/net/html/token.go
+@@ -839,8 +839,22 @@ func (z *Tokenizer) readStartTag() TokenType {
+ 	if raw {
+ 		z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end]))
+ 	}
+-	// Look for a self-closing token like "
".
+-	if z.err == nil && z.buf[z.raw.end-2] == '/' {
++	// Look for a self-closing token (e.g. 
).
++	//
++	// Originally, we did this by just checking that the last character of the
++	// tag (ignoring the closing bracket) was a solidus (/) character, but this
++	// is not always accurate.
++	//
++	// We need to be careful that we don't misinterpret a non-self-closing tag
++	// as self-closing, as can happen if the tag contains unquoted attribute
++	// values (i.e. 
).
++	//
++	// To avoid this, we check that the last non-bracket character of the tag
++	// (z.raw.end-2) isn't the same character as the last non-quote character of
++	// the last attribute of the tag (z.pendingAttr[1].end-1), if the tag has
++	// attributes.
++	nAttrs := len(z.attr)
++	if z.err == nil && z.buf[z.raw.end-2] == '/' && (nAttrs == 0 || z.raw.end-2 != z.attr[nAttrs-1][1].end-1) {
+ 		return SelfClosingTagToken
+ 	}
+ 	return StartTagToken
+-- 
+2.45.3
+
diff --git a/SPECS/prometheus-adapter/prometheus-adapter.spec b/SPECS/prometheus-adapter/prometheus-adapter.spec
index b30ede079c..88743cbb85 100644
--- a/SPECS/prometheus-adapter/prometheus-adapter.spec
+++ b/SPECS/prometheus-adapter/prometheus-adapter.spec
@@ -1,13 +1,14 @@
 Summary:        Kubernetes Custom, Resource, and External Metric APIs implemented to work with Prometheus.
 Name:           prometheus-adapter
 Version:        0.12.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        Apache-2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://github.com/kubernetes-sigs/prometheus-adapter
 Source0:        https://github.com/kubernetes-sigs/%{name}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Patch0:         CVE-2024-45338.patch
+Patch1:         CVE-2025-22872.patch
 BuildRequires:  golang
 
 %description
@@ -42,6 +43,10 @@ make test
 %doc README.md RELEASE.md
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 0.12.0-4
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-22872
+
 * Fri Mar 21 2025 Anuj Mittal  - 0.12.0-3
 - Bump Release to rebuild
 
@@ -84,4 +89,4 @@ make test
 
 * Wed Feb 15 2023 Osama Esmail  - 0.10.0-1
 - Original version for CBL-Mariner
-- License verified.
\ No newline at end of file
+- License verified.
diff --git a/SPECS/prometheus-node-exporter/CVE-2025-22870.patch b/SPECS/prometheus-node-exporter/CVE-2025-22870.patch
new file mode 100644
index 0000000000..b998fe6c1d
--- /dev/null
+++ b/SPECS/prometheus-node-exporter/CVE-2025-22870.patch
@@ -0,0 +1,48 @@
+From ca8ab5f28828d2883483d49135a22187b59ff61f Mon Sep 17 00:00:00 2001
+From: Rohit Rawat 
+Date: Tue, 8 Apr 2025 19:04:20 +0000
+Subject: [PATCH] Fix CVE CVE-2025-22870 in prometheus-node-exporter
+
+Upstream Patch Reference: https://github.com/golang/go/commit/334de7982f8ec959c74470dd709ceedfd6dbd50a.patch
+---
+ vendor/golang.org/x/net/http/httpproxy/proxy.go | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/http/httpproxy/proxy.go b/vendor/golang.org/x/net/http/httpproxy/proxy.go
+index c3bd9a1..864961c 100644
+--- a/vendor/golang.org/x/net/http/httpproxy/proxy.go
++++ b/vendor/golang.org/x/net/http/httpproxy/proxy.go
+@@ -14,6 +14,7 @@ import (
+ 	"errors"
+ 	"fmt"
+ 	"net"
++	"net/netip"
+ 	"net/url"
+ 	"os"
+ 	"strings"
+@@ -180,8 +181,10 @@ func (cfg *config) useProxy(addr string) bool {
+ 	if host == "localhost" {
+ 		return false
+ 	}
+-	ip := net.ParseIP(host)
+-	if ip != nil {
++	nip, err := netip.ParseAddr(host)
++	var ip net.IP
++	if err == nil {
++		ip = net.IP(nip.AsSlice())
+ 		if ip.IsLoopback() {
+ 			return false
+ 		}
+@@ -363,6 +366,9 @@ type domainMatch struct {
+ }
+ 
+ func (m domainMatch) match(host, port string, ip net.IP) bool {
++	if ip != nil {
++		return false
++	}
+ 	if strings.HasSuffix(host, m.host) || (m.matchHost && host == m.host[1:]) {
+ 		return m.port == "" || m.port == port
+ 	}
+-- 
+2.40.4
+
diff --git a/SPECS/prometheus-node-exporter/prometheus-node-exporter.spec b/SPECS/prometheus-node-exporter/prometheus-node-exporter.spec
index e350c49db3..11db71edeb 100644
--- a/SPECS/prometheus-node-exporter/prometheus-node-exporter.spec
+++ b/SPECS/prometheus-node-exporter/prometheus-node-exporter.spec
@@ -5,7 +5,7 @@
 Summary:        Exporter for machine metrics
 Name:           prometheus-node-exporter
 Version:        1.7.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 # Upstream license specification: Apache-2.0
 License:        ASL 2.0 AND MIT
 Vendor:         Microsoft Corporation
@@ -34,6 +34,7 @@ Source5:        %{name}.logrotate
 # Replace defaults paths for config files
 Patch0:         defaults-paths.patch
 Patch1:         CVE-2023-45288.patch
+Patch2:         CVE-2025-22870.patch
 
 BuildRequires:  golang
 BuildRequires:  systemd-rpm-macros
@@ -45,12 +46,7 @@ Prometheus exporter for hardware and OS metrics exposed by *NIX kernels, written
 in Go with pluggable metric collectors.
 
 %prep
-%autosetup -N -n node_exporter-%{version}
-%patch 0 -p1
-
-rm -rf vendor
-tar -xf %{SOURCE1} --no-same-owner
-%patch 1 -p1
+%autosetup -n node_exporter-%{version} -p1 -a1
 
 %build
 export BUILDTAGS="netgo osusergo static_build"
@@ -108,6 +104,10 @@ getent passwd 'prometheus' >/dev/null || useradd -r -g 'prometheus' -d '%{_share
 %dir %attr(0755,prometheus,prometheus) %{_sharedstatedir}/prometheus/node-exporter
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 1.7.0-4
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-22870
+
 * Fri Mar 21 2025 Anuj Mittal  - 1.7.0-3
 - Bump Release to rebuild
 
diff --git a/SPECS/prometheus-process-exporter/CVE-2025-22870.patch b/SPECS/prometheus-process-exporter/CVE-2025-22870.patch
new file mode 100644
index 0000000000..4cb09d667d
--- /dev/null
+++ b/SPECS/prometheus-process-exporter/CVE-2025-22870.patch
@@ -0,0 +1,48 @@
+From 754923e73296ecf844bc1416afd5c88c85db155d Mon Sep 17 00:00:00 2001
+From: Rohit Rawat 
+Date: Tue, 8 Apr 2025 18:20:47 +0000
+Subject: [PATCH] Fix CVE CVE-2025-22870 in prometheus-process-exporter
+
+Upstream Patch Reference: https://github.com/golang/go/commit/334de7982f8ec959c74470dd709ceedfd6dbd50a.patch
+---
+ vendor/golang.org/x/net/http/httpproxy/proxy.go | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/http/httpproxy/proxy.go b/vendor/golang.org/x/net/http/httpproxy/proxy.go
+index 6404aaf..d89c257 100644
+--- a/vendor/golang.org/x/net/http/httpproxy/proxy.go
++++ b/vendor/golang.org/x/net/http/httpproxy/proxy.go
+@@ -14,6 +14,7 @@ import (
+ 	"errors"
+ 	"fmt"
+ 	"net"
++	"net/netip"
+ 	"net/url"
+ 	"os"
+ 	"strings"
+@@ -177,8 +178,10 @@ func (cfg *config) useProxy(addr string) bool {
+ 	if host == "localhost" {
+ 		return false
+ 	}
+-	ip := net.ParseIP(host)
+-	if ip != nil {
++	nip, err := netip.ParseAddr(host)
++	var ip net.IP
++	if err == nil {
++		ip = net.IP(nip.AsSlice())
+ 		if ip.IsLoopback() {
+ 			return false
+ 		}
+@@ -360,6 +363,9 @@ type domainMatch struct {
+ }
+ 
+ func (m domainMatch) match(host, port string, ip net.IP) bool {
++	if ip != nil {
++		return false
++	}
+ 	if strings.HasSuffix(host, m.host) || (m.matchHost && host == m.host[1:]) {
+ 		return m.port == "" || m.port == port
+ 	}
+-- 
+2.40.4
+
diff --git a/SPECS/prometheus-process-exporter/prometheus-process-exporter.spec b/SPECS/prometheus-process-exporter/prometheus-process-exporter.spec
index 331ce1b56f..dcc6b28ce7 100644
--- a/SPECS/prometheus-process-exporter/prometheus-process-exporter.spec
+++ b/SPECS/prometheus-process-exporter/prometheus-process-exporter.spec
@@ -5,7 +5,7 @@
 Summary:        Prometheus exporter exposing process metrics from procfs
 Name:           prometheus-process-exporter
 Version:        0.8.2
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -30,6 +30,7 @@ Source3:        %{name}.logrotate
 Source4:        %{name}.conf
 Patch0:         01-fix-RSS-test-on-non4K-pagesize-systems.patch
 Patch1:         03-disable-fakescraper.patch
+Patch2:         CVE-2025-22870.patch
 
 BuildRequires:  golang
 BuildRequires:  systemd-rpm-macros
@@ -45,10 +46,7 @@ instrument with Prometheus. This exporter solves that issue by mining
 process metrics from procfs.
 
 %prep
-%autosetup -p1 -n process-exporter-%{version}
-
-rm -rf vendor
-tar -xf %{SOURCE1} --no-same-owner
+%autosetup -n process-exporter-%{version} -p1 -a1
 
 %build
 LDFLAGS="-X github.com/ncabatoff/process-exporter/version.Version=%{version}      \
@@ -97,6 +95,10 @@ getent passwd 'prometheus' >/dev/null || useradd -r -g 'prometheus' -d '%{_share
 %dir %attr(0755,prometheus,prometheus) %{_sharedstatedir}/prometheus
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 0.8.2-3
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-22870
+
 * Fri Mar 21 2025 Anuj Mittal  - 0.8.2-2
 - Bump Release to rebuild
 
diff --git a/SPECS/prometheus/CVE-2024-35255.patch b/SPECS/prometheus/CVE-2024-35255.patch
new file mode 100644
index 0000000000..b9b599f9d3
--- /dev/null
+++ b/SPECS/prometheus/CVE-2024-35255.patch
@@ -0,0 +1,181 @@
+From 8fa19b4611b944daef768c89ef0f9771a743c163 Mon Sep 17 00:00:00 2001
+From: Mayank Singh 
+Date: Fri, 28 Feb 2025 08:49:40 +0000
+Subject: [PATCH] Address CVE-2024-35255
+Upstream Reference Link: https://github.com/microsoft/azurelinux/commit/4cb64e8195ad11547d887025b28b04737f330b92
+
+---
+ .../sdk/azidentity/managed_identity_client.go | 66 ++++++++++++++-----
+ 1 file changed, 49 insertions(+), 17 deletions(-)
+
+diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go
+index c9b72663..7fc16e7f 100644
+--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go
++++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go
+@@ -14,13 +14,15 @@ import (
+ 	"net/http"
+ 	"net/url"
+ 	"os"
++	"path/filepath"
++	"runtime"
+ 	"strconv"
+ 	"strings"
+ 	"time"
+ 
+ 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+ 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
++	azruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
+ 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/streaming"
+ 	"github.com/Azure/azure-sdk-for-go/sdk/internal/log"
+ 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential"
+@@ -55,13 +57,29 @@ const (
+ // managedIdentityClient provides the base for authenticating in managed identity environments
+ // This type includes an runtime.Pipeline and TokenCredentialOptions.
+ type managedIdentityClient struct {
+-	pipeline    runtime.Pipeline
++	pipeline    azruntime.Pipeline
+ 	msiType     msiType
+ 	endpoint    string
+ 	id          ManagedIDKind
+ 	imdsTimeout time.Duration
+ }
+ 
++// arcKeyDirectory returns the directory expected to contain Azure Arc keys
++var arcKeyDirectory = func() (string, error) {
++	switch runtime.GOOS {
++	case "linux":
++		return "/var/opt/azcmagent/tokens", nil
++	case "windows":
++		pd := os.Getenv("ProgramData")
++		if pd == "" {
++			return "", errors.New("environment variable ProgramData has no value")
++		}
++		return filepath.Join(pd, "AzureConnectedMachineAgent", "Tokens"), nil
++	default:
++		return "", fmt.Errorf("unsupported OS %q", runtime.GOOS)
++	}
++}
++
+ type wrappedNumber json.Number
+ 
+ func (n *wrappedNumber) UnmarshalJSON(b []byte) error {
+@@ -140,7 +158,7 @@ func newManagedIdentityClient(options *ManagedIdentityCredentialOptions) (*manag
+ 	} else {
+ 		setIMDSRetryOptionDefaults(&cp.Retry)
+ 	}
+-	c.pipeline = runtime.NewPipeline(component, version, runtime.PipelineOptions{}, &cp)
++	c.pipeline = azruntime.NewPipeline(component, version, azruntime.PipelineOptions{}, &cp)
+ 
+ 	if log.Should(EventAuthentication) {
+ 		log.Writef(EventAuthentication, "Managed Identity Credential will use %s managed identity", env)
+@@ -184,7 +202,7 @@ func (c *managedIdentityClient) authenticate(ctx context.Context, id ManagedIDKi
+ 	// got a response, remove the IMDS timeout so future requests use the transport's configuration
+ 	c.imdsTimeout = 0
+ 
+-	if runtime.HasStatusCode(resp, http.StatusOK, http.StatusCreated) {
++	if azruntime.HasStatusCode(resp, http.StatusOK, http.StatusCreated) {
+ 		return c.createAccessToken(resp)
+ 	}
+ 
+@@ -206,7 +224,7 @@ func (c *managedIdentityClient) createAccessToken(res *http.Response) (azcore.Ac
+ 		ExpiresIn    wrappedNumber `json:"expires_in,omitempty"` // this field should always return the number of seconds for which a token is valid
+ 		ExpiresOn    interface{}   `json:"expires_on,omitempty"` // the value returned in this field varies between a number and a date string
+ 	}{}
+-	if err := runtime.UnmarshalAsJSON(res, &value); err != nil {
++	if err := azruntime.UnmarshalAsJSON(res, &value); err != nil {
+ 		return azcore.AccessToken{}, fmt.Errorf("internal AccessToken: %v", err)
+ 	}
+ 	if value.ExpiresIn != "" {
+@@ -254,7 +272,7 @@ func (c *managedIdentityClient) createAuthRequest(ctx context.Context, id Manage
+ }
+ 
+ func (c *managedIdentityClient) createIMDSAuthRequest(ctx context.Context, id ManagedIDKind, scopes []string) (*policy.Request, error) {
+-	request, err := runtime.NewRequest(ctx, http.MethodGet, c.endpoint)
++	request, err := azruntime.NewRequest(ctx, http.MethodGet, c.endpoint)
+ 	if err != nil {
+ 		return nil, err
+ 	}
+@@ -274,7 +292,7 @@ func (c *managedIdentityClient) createIMDSAuthRequest(ctx context.Context, id Ma
+ }
+ 
+ func (c *managedIdentityClient) createAppServiceAuthRequest(ctx context.Context, id ManagedIDKind, scopes []string) (*policy.Request, error) {
+-	request, err := runtime.NewRequest(ctx, http.MethodGet, c.endpoint)
++	request, err := azruntime.NewRequest(ctx, http.MethodGet, c.endpoint)
+ 	if err != nil {
+ 		return nil, err
+ 	}
+@@ -294,7 +312,7 @@ func (c *managedIdentityClient) createAppServiceAuthRequest(ctx context.Context,
+ }
+ 
+ func (c *managedIdentityClient) createServiceFabricAuthRequest(ctx context.Context, id ManagedIDKind, scopes []string) (*policy.Request, error) {
+-	request, err := runtime.NewRequest(ctx, http.MethodGet, c.endpoint)
++	request, err := azruntime.NewRequest(ctx, http.MethodGet, c.endpoint)
+ 	if err != nil {
+ 		return nil, err
+ 	}
+@@ -317,7 +335,7 @@ func (c *managedIdentityClient) createServiceFabricAuthRequest(ctx context.Conte
+ 
+ func (c *managedIdentityClient) getAzureArcSecretKey(ctx context.Context, resources []string) (string, error) {
+ 	// create the request to retreive the secret key challenge provided by the HIMDS service
+-	request, err := runtime.NewRequest(ctx, http.MethodGet, c.endpoint)
++	request, err := azruntime.NewRequest(ctx, http.MethodGet, c.endpoint)
+ 	if err != nil {
+ 		return "", err
+ 	}
+@@ -339,22 +357,36 @@ func (c *managedIdentityClient) getAzureArcSecretKey(ctx context.Context, resour
+ 	}
+ 	header := response.Header.Get("WWW-Authenticate")
+ 	if len(header) == 0 {
+-		return "", errors.New("did not receive a value from WWW-Authenticate header")
++		return "", newAuthenticationFailedError(credNameManagedIdentity, "HIMDS response has no WWW-Authenticate header", nil)
+ 	}
+ 	// the WWW-Authenticate header is expected in the following format: Basic realm=/some/file/path.key
+-	pos := strings.LastIndex(header, "=")
+-	if pos == -1 {
+-		return "", fmt.Errorf("did not receive a correct value from WWW-Authenticate header: %s", header)
++	_, p, found := strings.Cut(header, "=")
++	if !found {
++		return "", newAuthenticationFailedError(credNameManagedIdentity, "unexpected WWW-Authenticate header from HIMDS: "+header, nil)
++	}
++	expected, err := arcKeyDirectory()
++	if err != nil {
++		return "", err
++	}
++	if filepath.Dir(p) != expected || !strings.HasSuffix(p, ".key") {
++		return "", newAuthenticationFailedError(credNameManagedIdentity, "unexpected file path from HIMDS service: "+p, nil)
++	}
++	f, err := os.Stat(p)
++	if err != nil {
++		return "", newAuthenticationFailedError(credNameManagedIdentity, fmt.Sprintf("could not stat %q: %v", p, err), nil)
++	}
++	if s := f.Size(); s > 4096 {
++		return "", newAuthenticationFailedError(credNameManagedIdentity, fmt.Sprintf("key is too large (%d bytes)", s), nil)
+ 	}
+-	key, err := os.ReadFile(header[pos+1:])
++	key, err := os.ReadFile(p)
+ 	if err != nil {
+-		return "", fmt.Errorf("could not read file (%s) contents: %v", header[pos+1:], err)
++		return "", newAuthenticationFailedError(credNameManagedIdentity, fmt.Sprintf("could not read %q: %v", p, err), nil)
+ 	}
+ 	return string(key), nil
+ }
+ 
+ func (c *managedIdentityClient) createAzureArcAuthRequest(ctx context.Context, id ManagedIDKind, resources []string, key string) (*policy.Request, error) {
+-	request, err := runtime.NewRequest(ctx, http.MethodGet, c.endpoint)
++	request, err := azruntime.NewRequest(ctx, http.MethodGet, c.endpoint)
+ 	if err != nil {
+ 		return nil, err
+ 	}
+@@ -376,7 +408,7 @@ func (c *managedIdentityClient) createAzureArcAuthRequest(ctx context.Context, i
+ }
+ 
+ func (c *managedIdentityClient) createCloudShellAuthRequest(ctx context.Context, id ManagedIDKind, scopes []string) (*policy.Request, error) {
+-	request, err := runtime.NewRequest(ctx, http.MethodPost, c.endpoint)
++	request, err := azruntime.NewRequest(ctx, http.MethodPost, c.endpoint)
+ 	if err != nil {
+ 		return nil, err
+ 	}
+-- 
+2.45.3
+
diff --git a/SPECS/prometheus/CVE-2024-51744.patch b/SPECS/prometheus/CVE-2024-51744.patch
new file mode 100644
index 0000000000..1f98666ae0
--- /dev/null
+++ b/SPECS/prometheus/CVE-2024-51744.patch
@@ -0,0 +1,93 @@
+From 2b1e1d0f9e8d12b297996b6aea71156794844a3e Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Thu, 3 Apr 2025 12:41:39 -0500
+Subject: [PATCH] Address CVE-2024-51744
+Upstream Patch Reference: https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c
+
+---
+ vendor/github.com/golang-jwt/jwt/v4/parser.go | 41 +++++++++----------
+ 1 file changed, 20 insertions(+), 21 deletions(-)
+
+diff --git a/vendor/github.com/golang-jwt/jwt/v4/parser.go b/vendor/github.com/golang-jwt/jwt/v4/parser.go
+index 8e7e67c4..0fc510a0 100644
+--- a/vendor/github.com/golang-jwt/jwt/v4/parser.go
++++ b/vendor/github.com/golang-jwt/jwt/v4/parser.go
+@@ -38,19 +38,21 @@ func NewParser(options ...ParserOption) *Parser {
+ 	return p
+ }
+ 
+-// Parse parses, validates, verifies the signature and returns the parsed token.
+-// keyFunc will receive the parsed token and should return the key for validating.
++// Parse parses, validates, verifies the signature and returns the parsed token. keyFunc will
++// receive the parsed token and should return the key for validating.
+ func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
+ 	return p.ParseWithClaims(tokenString, MapClaims{}, keyFunc)
+ }
+ 
+-// ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object implementing the Claims
+-// interface. This provides default values which can be overridden and allows a caller to use their own type, rather
+-// than the default MapClaims implementation of Claims.
++// ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object
++// implementing the Claims interface. This provides default values which can be overridden and
++// allows a caller to use their own type, rather than the default MapClaims implementation of
++// Claims.
+ //
+-// Note: If you provide a custom claim implementation that embeds one of the standard claims (such as RegisteredClaims),
+-// make sure that a) you either embed a non-pointer version of the claims or b) if you are using a pointer, allocate the
+-// proper memory for it before passing in the overall claims, otherwise you might run into a panic.
++// Note: If you provide a custom claim implementation that embeds one of the standard claims (such
++// as RegisteredClaims), make sure that a) you either embed a non-pointer version of the claims or
++// b) if you are using a pointer, allocate the proper memory for it before passing in the overall
++// claims, otherwise you might run into a panic.
+ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) {
+ 	token, parts, err := p.ParseUnverified(tokenString, claims)
+ 	if err != nil {
+@@ -87,12 +89,17 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ 		return token, &ValidationError{Inner: err, Errors: ValidationErrorUnverifiable}
+ 	}
+ 
++	// Perform validation
++	token.Signature = parts[2]
++	if err := token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
++		return token, &ValidationError{Inner: err, Errors: ValidationErrorSignatureInvalid}
++	}
++
+ 	vErr := &ValidationError{}
+ 
+ 	// Validate Claims
+ 	if !p.SkipClaimsValidation {
+ 		if err := token.Claims.Valid(); err != nil {
+-
+ 			// If the Claims Valid returned an error, check if it is a validation error,
+ 			// If it was another error type, create a ValidationError with a generic ClaimsInvalid flag set
+ 			if e, ok := err.(*ValidationError); !ok {
+@@ -100,22 +107,14 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
+ 			} else {
+ 				vErr = e
+ 			}
++			return token, vErr
+ 		}
+ 	}
+ 
+-	// Perform validation
+-	token.Signature = parts[2]
+-	if err = token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
+-		vErr.Inner = err
+-		vErr.Errors |= ValidationErrorSignatureInvalid
+-	}
+-
+-	if vErr.valid() {
+-		token.Valid = true
+-		return token, nil
+-	}
++	// No errors so far, token is valid.
++	token.Valid = true
+ 
+-	return token, vErr
++	return token, nil
+ }
+ 
+ // ParseUnverified parses the token but doesn't validate the signature.
+-- 
+2.45.2
+
diff --git a/SPECS/prometheus/CVE-2025-22870.patch b/SPECS/prometheus/CVE-2025-22870.patch
new file mode 100644
index 0000000000..ccdf41a279
--- /dev/null
+++ b/SPECS/prometheus/CVE-2025-22870.patch
@@ -0,0 +1,48 @@
+From 31238fb0b1b52a54942f9766fde5067ffa078320 Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Thu, 3 Apr 2025 12:36:33 -0500
+Subject: [PATCH] Address CVE-2025-22870
+Upstream Patch Reference: https://github.com/golang/go/commit/25177ecde0922c50753c043579d17828b7ee88e7
+
+---
+ vendor/golang.org/x/net/http/httpproxy/proxy.go | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/http/httpproxy/proxy.go b/vendor/golang.org/x/net/http/httpproxy/proxy.go
+index c3bd9a1e..864961c7 100644
+--- a/vendor/golang.org/x/net/http/httpproxy/proxy.go
++++ b/vendor/golang.org/x/net/http/httpproxy/proxy.go
+@@ -14,6 +14,7 @@ import (
+ 	"errors"
+ 	"fmt"
+ 	"net"
++	"net/netip"
+ 	"net/url"
+ 	"os"
+ 	"strings"
+@@ -180,8 +181,10 @@ func (cfg *config) useProxy(addr string) bool {
+ 	if host == "localhost" {
+ 		return false
+ 	}
+-	ip := net.ParseIP(host)
+-	if ip != nil {
++	nip, err := netip.ParseAddr(host)
++	var ip net.IP
++	if err == nil {
++		ip = net.IP(nip.AsSlice())
+ 		if ip.IsLoopback() {
+ 			return false
+ 		}
+@@ -363,6 +366,9 @@ type domainMatch struct {
+ }
+ 
+ func (m domainMatch) match(host, port string, ip net.IP) bool {
++	if ip != nil {
++		return false
++	}
+ 	if strings.HasSuffix(host, m.host) || (m.matchHost && host == m.host[1:]) {
+ 		return m.port == "" || m.port == port
+ 	}
+-- 
+2.45.2
+
diff --git a/SPECS/prometheus/prometheus.spec b/SPECS/prometheus/prometheus.spec
index 97d36ed465..9a1c8d0b04 100644
--- a/SPECS/prometheus/prometheus.spec
+++ b/SPECS/prometheus/prometheus.spec
@@ -4,7 +4,7 @@
 Summary:        Prometheus monitoring system and time series database
 Name:           prometheus
 Version:        2.45.4
-Release:        9%{?dist}
+Release:        13%{?dist}
 License:        Apache-2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -26,6 +26,9 @@ Patch5:         CVE-2025-22868.patch
 Patch6:         CVE-2025-30204.patch
 Patch7:         0001-Fix-exit-condition-of-TestQuerierIndexQueriesRace.patch
 Patch8:         0002-Improve-sensitivity-of-TestQuerierIndexQueriesRace.patch
+Patch9:         CVE-2024-35255.patch
+Patch10:        CVE-2025-22870.patch
+Patch11:        CVE-2024-51744.patch
 
 BuildRequires:  golang
 BuildRequires:  nodejs
@@ -143,6 +146,12 @@ fi
 %doc README.md RELEASE.md documentation
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 2.45.4-13
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-22870, CVE-2024-51744
+- Fix CVE-2024-35255 with an upstream patch
+- Add patches to fix test reliability issues with TestQuerierIndexQueriesRace
+
 * Fri Apr 28 2025 Ranjan Dutta  - 2.45.4-9
 - merge from Azure Linux tag 3.0.20250423-3.0
 
diff --git a/SPECS/python-asn1crypto/python-asn1crypto.spec b/SPECS/python-asn1crypto/python-asn1crypto.spec
index 94e3ffcf08..bb46da007a 100644
--- a/SPECS/python-asn1crypto/python-asn1crypto.spec
+++ b/SPECS/python-asn1crypto/python-asn1crypto.spec
@@ -1,17 +1,19 @@
 Summary:        A fast, pure Python library for parsing and serializing ASN.1 structures.
 Name:           python-asn1crypto
 Version:        1.5.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          Development/Languages/Python
 URL:            https://github.com/wbond/asn1crypto
 Source0:        https://github.com/wbond/asn1crypto/archive/refs/tags/%{version}.tar.gz#/asn1crypto-%{version}.tar.gz
+Patch0:         remove-import.patch
 BuildRequires:  python3-devel
 BuildRequires:  python3-setuptools
 %if 0%{?with_check}
 BuildRequires:  python3-pip
+BuildRequires:  python3-pytest
 %endif
 BuildArch:      noarch
 
@@ -26,7 +28,7 @@ Requires:       python3
 A fast, pure Python library for parsing and serializing ASN.1 structures.
 
 %prep
-%autosetup -n asn1crypto-%{version}
+%autosetup -p1 -n asn1crypto-%{version}
 
 %build
 %py3_build
@@ -35,8 +37,7 @@ A fast, pure Python library for parsing and serializing ASN.1 structures.
 %py3_install
 
 %check
-pip3 install tox
-tox -e py%{python3_version_nodots}
+%pytest
 
 %files -n python3-asn1crypto
 %defattr(-,root,root,-)
@@ -44,6 +45,9 @@ tox -e py%{python3_version_nodots}
 %{python3_sitelib}/*
 
 %changelog
+* Tue May 13 2025 Riken Maharjan  - 1.5.1-2
+- Fix Ptest and add a patch to replace imp with importlib.util in test
+
 * Wed Apr 13 2022 Olivia Crain  - 1.5.1-1
 - Upgrade to latest upstream version
 - Add tests using tox-based runner
diff --git a/SPECS/python-asn1crypto/remove-import.patch b/SPECS/python-asn1crypto/remove-import.patch
new file mode 100644
index 0000000000..6df59d24f3
--- /dev/null
+++ b/SPECS/python-asn1crypto/remove-import.patch
@@ -0,0 +1,36 @@
+diff -urN asn1crypto-1.5.1/tests/__init__.py asn1crypto-1.5.1/tests/__init__.py
+--- asn1crypto-1.5.1/tests/__init__.py	2022-03-15 14:45:23.000000000 +0000
++++ asn1crypto-1.5.1/tests/__init__.py	2025-05-07 19:00:39.694821504 +0000
+@@ -1,8 +1,9 @@
+ # coding: utf-8
+ from __future__ import unicode_literals, division, absolute_import, print_function
+ 
+-import imp
+ import os
++import sys
++import importlib.util
+ import unittest
+ 
+ 
+@@ -38,8 +39,19 @@
+         return None
+ 
+     try:
+-        mod_info = imp.find_module(mod_dir, [path])
+-        return imp.load_module(mod, *mod_info)
++        full_mod_path = os.path.join(path, mod_dir, '__init__.py')
++        if not os.path.isfile(full_mod_path):
++            full_mod_path = os.path.join(path, mod_dir + '.py')
++            if not os.path.isfile(full_mod_path):
++                return None
++
++        spec = importlib.util.spec_from_file_location(mod, full_mod_path)
++        if spec is None:
++            return None
++
++        module = importlib.util.module_from_spec(spec)
++        spec.loader.exec_module(module)
++        return module
+     except ImportError:
+         return None
+ 
\ No newline at end of file
diff --git a/SPECS/python-blinker/python-blinker.signatures.json b/SPECS/python-blinker/python-blinker.signatures.json
new file mode 100644
index 0000000000..fd88498b60
--- /dev/null
+++ b/SPECS/python-blinker/python-blinker.signatures.json
@@ -0,0 +1,6 @@
+{
+    "Signatures": {
+     "blinker-1.9.0.tar.gz": "b4ce2265a7abece45e7cc896e98dbebe6cead56bcf805a3d23136d145f5445bf"
+    }
+   }
+   
\ No newline at end of file
diff --git a/SPECS-EXTENDED/python-blinker/python-blinker.spec b/SPECS/python-blinker/python-blinker.spec
similarity index 57%
rename from SPECS-EXTENDED/python-blinker/python-blinker.spec
rename to SPECS/python-blinker/python-blinker.spec
index 1cc0812274..0a0586d325 100644
--- a/SPECS-EXTENDED/python-blinker/python-blinker.spec
+++ b/SPECS/python-blinker/python-blinker.spec
@@ -1,19 +1,18 @@
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
 %global mod_name blinker
-
-Name:           python-blinker
-Version:        1.4
-Release:        10%{?dist}
 Summary:        Fast, simple object-to-object and broadcast signaling
-
+Name:           python-blinker
+Version:        1.9.0
+Release:        1%{?dist}
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
 License:        MIT
-URL:            https://pythonhosted.org/blinker/
-Source0:        http://pypi.python.org/packages/source/b/%{mod_name}/%{mod_name}-%{version}.tar.gz
+URL:            https://github.com/pallets-eco/blinker
+Source0:        %{url}/releases/download/%{version}/%{mod_name}-%{version}.tar.gz
 
 BuildArch:      noarch
 BuildRequires:  python3-devel
-BuildRequires:  python3-setuptools
+BuildRequires:  python3-pip
+BuildRequires:  python3-flit-core
 
 %global _description\
 Blinker provides a fast dispatching system that allows any number\
@@ -26,29 +25,98 @@ Summary:        Fast, simple object-to-object and broadcast signaling
 %{?python_provide:%python_provide python3-blinker}
 
 %description -n python3-blinker
-Blinker provides a fast dispatching system that allows any number 
+Blinker provides a fast dispatching system that allows any number
 of interested parties to subscribe to events, or "signals".
 
 %prep
-%setup -q -n %{mod_name}-%{version}
-
+%autosetup -n %{mod_name}-%{version}
+# requirements in tests.txt are way too tight
+mv requirements/tests.in requirements/tests.txt
 
 %build
-%py3_build
+%pyproject_wheel
 
 %install
-%py3_install
+%pyproject_install
+%pyproject_save_files %{mod_name}
+
+%check
+# from blinker/requirements/test.txt
+# need higer pytest than the one we have in azl3.0
+pip3 install iniconfig==2.0.0 pluggy==1.5.0 pytest==8.3.3 pytest-asyncio==0.24.0
+%pytest
 
- 
-%files -n python3-blinker
-%doc docs/ CHANGES LICENSE README.md PKG-INFO
-%{python3_sitelib}/*.egg-info
-%{python3_sitelib}/%{mod_name}
+%files -n python3-blinker -f %{pyproject_files}
+%doc CHANGES.rst LICENSE.txt README.md
 
 
 %changelog
-* Fri Oct 15 2021 Pawel Winogrodzki  - 1.4-10
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Tue Apr 29 2025 Riken Maharjan  -  1.9.0-1
+- Promote to Specs from Extended and update to 1.9.0 using Fedora 42 (License MIT)
+- License Verified.
+
+* Wed Feb 12 2025 Aninda Pradhan  - 1.7.0-4
+- Initial Azure Linux import from Fedora 41 (license: MIT)
+- License Verified
+- Added additional dependencies for successful build and test
+
+* Fri Jul 19 2024 Fedora Release Engineering  - 1.7.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Jun 07 2024 Python Maint  - 1.7.0-2
+- Rebuilt for Python 3.13
+
+* Mon Feb  5 2024 José Matos  - 1.7.0-1
+- Update to 1.7.0
+
+* Mon Feb  5 2024 José Matos  - 1.6.3-1
+- Update to 1.6.3
+
+* Fri Jan 26 2024 Fedora Release Engineering  - 1.6.2-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering  - 1.6.2-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jul 21 2023 Fedora Release Engineering  - 1.6.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Wed Jun 14 2023 Python Maint  - 1.6.2-2
+- Rebuilt for Python 3.12
+
+* Wed May 10 2023 Frantisek Zatloukal  - 1.6.2-1
+- Bump to blinker 1.6.2 (fixes RHBZ#2183824 )
+- Convert spec to pyproject
+
+* Fri Jan 20 2023 Fedora Release Engineering  - 1.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Sat Jul 23 2022 Frantisek Zatloukal  - 1.5-1
+- Bump to blinker 1.5 (fixes python 3.11 support)
+
+* Fri Jul 22 2022 Fedora Release Engineering  - 1.4-17
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Mon Jun 13 2022 Python Maint  - 1.4-16
+- Rebuilt for Python 3.11
+
+* Fri Jan 21 2022 Fedora Release Engineering  - 1.4-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 1.4-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Thu Jun 03 2021 Python Maint  - 1.4-13
+- Rebuilt for Python 3.10
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 1.4-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering  - 1.4-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Sat May 23 2020 Miro Hrončok  - 1.4-10
+- Rebuilt for Python 3.9
 
 * Thu Jan 30 2020 Fedora Release Engineering  - 1.4-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
@@ -138,4 +206,4 @@ of interested parties to subscribe to events, or "signals".
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
 
 * Fri Jul 22 2011 Praveen Kumar  - 1.1-1
-- Initial RPM
+- Initial RPM
\ No newline at end of file
diff --git a/SPECS/python-cherrypy/python-cherrypy.spec b/SPECS/python-cherrypy/python-cherrypy.spec
index 1de4d76e92..d76529f1e8 100644
--- a/SPECS/python-cherrypy/python-cherrypy.spec
+++ b/SPECS/python-cherrypy/python-cherrypy.spec
@@ -7,14 +7,15 @@
 Summary:        A pythonic, object-oriented HTTP framework
 Name:           python-%{pkgname}
 Version:        18.9.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        BSD
 Url:            https://cherrypy.dev/
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Source0:        https://pypi.io/packages/source/C/%{pypiname}/%{pypiname}-%{version}.tar.gz
 BuildArch:      noarch
-
+#Backport a patch from upstream
+Patch0:         test-session-py3.8above.patch
 %global _description %{expand:
 CherryPy allows developers to build web applications in much the same way they would
 build any other object-oriented Python program. This results in smaller source code 
@@ -42,6 +43,7 @@ BuildRequires:  python3-pip
 
 %prep
 %setup -q -n %{pypiname}-%{version}
+%autopatch -p1
 # suppress depracation warning in the pytest.ini 
 # Feb 2023 setuptools added deprecation warning for pkg_resources.declare_namespace causing all the test to fail for python-cherrypy 
 # https://setuptools.pypa.io/en/latest/history.html#v67-3-0
@@ -58,7 +60,7 @@ python3 setup.py install --root=%{buildroot}
 
 %if 0%{with check}
 %check
-pip3 install tox
+pip3 install tox==4.25.0 --ignore-installed
 tox -e py%{python3_version_nodots}
 %endif
 
@@ -69,6 +71,9 @@ tox -e py%{python3_version_nodots}
 %{_bindir}/cherryd
 
 %changelog
+* Tue Apr 22 2025 Riken Maharjan  - 18.9.0-2
+- Add a patch to fix test_session test
+
 * Tue Jan 23 2024 CBL-Mariner Servicing Account  - 18.9.0-1
 - Auto-upgrade to 18.9.0 - Azure Linux 3.0 - package upgrades
 
diff --git a/SPECS/python-cherrypy/test-session-py3.8above.patch b/SPECS/python-cherrypy/test-session-py3.8above.patch
new file mode 100644
index 0000000000..4135c20438
--- /dev/null
+++ b/SPECS/python-cherrypy/test-session-py3.8above.patch
@@ -0,0 +1,21 @@
+From: Riken Maharjan 
+Date: Thu, 17 Apr 2025 21:27:30 +0000
+diff -urN CherryPy-18.9.0/cherrypy/test/test_session.py CherryPy-18.9.0/cherrypy/test/test_session.py
+--- CherryPy-18.9.0/cherrypy/test/test_session.py	2022-09-11 17:35:38.000000000 +0000
++++ CherryPy-18.9.0/cherrypy/test/test_session.py	2025-04-17 21:27:30.687754101 +0000
+@@ -146,9 +146,14 @@
+     def teardown_class(cls):
+         """Clean up sessions."""
+         super(cls, cls).teardown_class()
++        try:
++            files_to_clean = localDir.iterdir()  # Python 3.8+
++        except AttributeError:
++            files_to_clean = localDir.listdir()  # Python 3.6-3.7
++
+         consume(
+             file.remove_p()
+-            for file in localDir.listdir()
++            for file in files_to_clean
+             if file.basename().startswith(
+                 sessions.FileSession.SESSION_PREFIX
+             )
diff --git a/SPECS/python-conda-libmamba-solver/python-conda-libmamba-solver.spec b/SPECS/python-conda-libmamba-solver/python-conda-libmamba-solver.spec
index 99b0f60a10..8680daa576 100644
--- a/SPECS/python-conda-libmamba-solver/python-conda-libmamba-solver.spec
+++ b/SPECS/python-conda-libmamba-solver/python-conda-libmamba-solver.spec
@@ -7,7 +7,7 @@ library used by mamba to do the heavy-lifting is called libsolv.}
 Summary:        The libmamba based solver for conda
 Name:           python-%{srcname}
 Version:        24.9.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        BSD-3-Clause
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -28,6 +28,8 @@ BuildArch:      noarch
 
 %package -n python3-%{srcname}
 Summary:        %{summary}
+Requires:       python3-libmambapy
+Requires:       python3-boltons
 
 %description -n python3-%{srcname} %{_description}
 
@@ -53,6 +55,9 @@ sed -i -e '/doctest/d' -e '/reruns/d' pyproject.toml
 %license %{python3_sitelib}/conda_libmamba_solver-%{version}.dist-info/licenses/AUTHORS.md
 
 %changelog
+* Mon Apr 14 2025 Riken Maharjan  - 24.9.0-4
+- Add missing runtime dependencies libmambapy and boltons
+
 * Tue Apr 01 2025 Riken Maharjan  - 24.9.0-3
 - Initial Azure Linux import from Fedora 42 (license: MIT)
 - License Verified
diff --git a/SPECS/python-cryptography/python-cryptography.spec b/SPECS/python-cryptography/python-cryptography.spec
index a79ceb2405..9e949a1c02 100644
--- a/SPECS/python-cryptography/python-cryptography.spec
+++ b/SPECS/python-cryptography/python-cryptography.spec
@@ -2,7 +2,7 @@
 Summary:        Python cryptography library
 Name:           python-cryptography
 Version:        42.0.5
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -103,7 +103,7 @@ openssl req \
     -out mariner.cert
 openssl rsa -in mariner.key -out mariner.pem
 mv mariner.pem %{_sysconfdir}/ssl/certs
-pip3 install pretend pytest hypothesis iso8601 cryptography_vectors pytz iniconfig
+pip3 install pretend pytest hypothesis iso8601 cryptography_vectors==%{version} pytz iniconfig
 PYTHONPATH=%{buildroot}%{python3_sitearch} \
     %{__python3} -m pytest -v tests
 
@@ -111,6 +111,9 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} \
 %license LICENSE
 
 %changelog
+* Tue May 06 2025 Riken Maharjan  - 42.0.5-3
+- Fix Ptest for python-cryptography
+
 * Mon Mar 18 2024 Brian Fjeldstad  - 42.0.5-2
 - Build rust backings
 
diff --git a/SPECS/python-cytoolz/cytoolz-test-py313.patch b/SPECS/python-cytoolz/cytoolz-test-py313.patch
new file mode 100644
index 0000000000..7c6eb477e1
--- /dev/null
+++ b/SPECS/python-cytoolz/cytoolz-test-py313.patch
@@ -0,0 +1,104 @@
+From 946c1985dabc832689715f29ee90506905d1f81b Mon Sep 17 00:00:00 2001
+From: Orion Poplawski 
+Date: Wed, 2 Oct 2024 10:01:25 -0600
+Subject: [PATCH] Test fixes for Python 3.13 (#206)
+
+---
+ cytoolz/functoolz.pyx              |  5 +++++
+ cytoolz/tests/test_docstrings.py   |  6 ++++--
+ cytoolz/tests/test_functoolz.py    |  7 +++++--
+ cytoolz/tests/test_inspect_args.py | 24 +++++++++++++++++++++---
+ 4 files changed, 35 insertions(+), 7 deletions(-)
+
+diff --git a/cytoolz/functoolz.pyx b/cytoolz/functoolz.pyx
+index 446e85c..269a143 100644
+--- a/cytoolz/functoolz.pyx
++++ b/cytoolz/functoolz.pyx
+@@ -27,6 +27,11 @@ __all__ = ['identity', 'thread_first', 'thread_last', 'memoize', 'compose', 'com
+ 
+ 
+ cpdef object identity(object x):
++    """ Identity function. Return x
++
++    >>> identity(3)
++    3
++    """
+     return x
+ 
+ 
+diff --git a/cytoolz/tests/test_docstrings.py b/cytoolz/tests/test_docstrings.py
+index 85654e6..0420e7b 100644
+--- a/cytoolz/tests/test_docstrings.py
++++ b/cytoolz/tests/test_docstrings.py
+@@ -49,8 +49,10 @@ def test_docstrings_uptodate():
+     d = merge_with(identity, toolz_dict, cytoolz_dict)
+     for key, (toolz_func, cytoolz_func) in d.items():
+         # only check if the new doctstring *contains* the expected docstring
+-        toolz_doc = convertdoc(toolz_func)
+-        cytoolz_doc = cytoolz_func.__doc__
++        # in Python < 3.13 the second line is indented, in 3.13+
++        # it is not, strip all lines to fudge it
++        toolz_doc = "\n".join((line.strip() for line in convertdoc(toolz_func).splitlines()))
++        cytoolz_doc = "\n".join((line.strip() for line in cytoolz_func.__doc__.splitlines()))
+         if toolz_doc not in cytoolz_doc:
+             diff = list(differ.compare(toolz_doc.splitlines(),
+                                        cytoolz_doc.splitlines()))
+diff --git a/cytoolz/tests/test_functoolz.py b/cytoolz/tests/test_functoolz.py
+index a459dad..dc1c038 100644
+--- a/cytoolz/tests/test_functoolz.py
++++ b/cytoolz/tests/test_functoolz.py
+@@ -748,10 +748,13 @@ def f(a, b):
+ def test_excepts():
+     # These are descriptors, make sure this works correctly.
+     assert excepts.__name__ == 'excepts'
++    # in Python < 3.13 the second line is indented, in 3.13+
++    # it is not, strip all lines to fudge it
++    testlines = "\n".join((line.strip() for line in excepts.__doc__.splitlines()))
+     assert (
+         'A wrapper around a function to catch exceptions and\n'
+-        '    dispatch to a handler.\n'
+-    ) in excepts.__doc__
++        'dispatch to a handler.\n'
++    ) in testlines
+ 
+     def idx(a):
+         """idx docstring
+diff --git a/cytoolz/tests/test_inspect_args.py b/cytoolz/tests/test_inspect_args.py
+index b2c5669..0dc0156 100644
+--- a/cytoolz/tests/test_inspect_args.py
++++ b/cytoolz/tests/test_inspect_args.py
+@@ -2,6 +2,7 @@
+ import inspect
+ import itertools
+ import operator
++import sys
+ import cytoolz
+ from cytoolz.functoolz import (curry, is_valid_args, is_partial_args, is_arity,
+                              num_required_args, has_varargs, has_keywords)
+@@ -482,6 +483,23 @@ def __wrapped__(self):
+     wrapped = Wrapped(func)
+     assert inspect.signature(func) == inspect.signature(wrapped)
+ 
+-    assert num_required_args(Wrapped) is None
+-    _sigs.signatures[Wrapped] = (_sigs.expand_sig((0, lambda func: None)),)
+-    assert num_required_args(Wrapped) == 1
++    # inspect.signature did not used to work properly on wrappers,
++    # but it was fixed in Python 3.11.9, Python 3.12.3 and Python
++    # 3.13+
++    inspectbroken = True
++    if sys.version_info.major > 3:
++        inspectbroken = False
++    if sys.version_info.major == 3:
++        if sys.version_info.minor == 11 and sys.version_info.micro > 8:
++            inspectbroken = False
++        if sys.version_info.minor == 12 and sys.version_info.micro > 2:
++            inspectbroken = False
++        if sys.version_info.minor > 12:
++            inspectbroken = False
++
++    if inspectbroken:
++        assert num_required_args(Wrapped) is None
++        _sigs.signatures[Wrapped] = (_sigs.expand_sig((0, lambda func: None)),)
++        assert num_required_args(Wrapped) == 1
++    else:
++        assert num_required_args(Wrapped) is 1
diff --git a/SPECS/python-cytoolz/python-cytoolz.spec b/SPECS/python-cytoolz/python-cytoolz.spec
index 4fe472d711..bba8d74045 100644
--- a/SPECS/python-cytoolz/python-cytoolz.spec
+++ b/SPECS/python-cytoolz/python-cytoolz.spec
@@ -3,13 +3,17 @@
 Summary:        Cython implementation of the toolz package
 Name:           python-%{srcname}
 Version:        0.12.2
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://github.com/pytoolz/cytoolz/
 Source0:	https://github.com/pytoolz/cytoolz/archive/refs/tags/%{version}.tar.gz#/%{srcname}-%{version}.tar.gz
 BuildRequires:  gcc
+# Patch for test fixes in python 3.13 (and one for 3.12)
+# patch can be removed when upgrading past v1.0.0 when included
+# https://github.com/pytoolz/cytoolz/commit/946c1985dabc832689715f29ee90506905d1f81b
+Patch0:         cytoolz-test-py313.patch
 
 %description
 Cython implementation of the toolz package, which provides high performance
@@ -63,7 +67,7 @@ sets, the performance increase gained by using cytoolz can be significant.
 See the PyToolz documentation at http://toolz.readthedocs.org.
 
 %prep
-%setup -q -n %{srcname}-%{version}
+%autosetup -p1 -n %{srcname}-%{version}
 
 # Remove the cythonized files in order to regenerate them during build.
 rm $(grep -rl '/\* Generated by Cython')
@@ -101,6 +105,9 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} \
 %exclude %{python3_sitearch}/.pytest_cache/
 
 %changelog
+* Mon Feb 02 2025 Sam Meluch  - 0.12.2-3
+- Add patch to fix a test failure in test_inspect_wrapped_property
+
 * Thu Jan 11 2024 Mandeep Plaha  - 0.12.2-2
 - Remove CPython from %check pip3 install.
 
diff --git a/SPECS/python-ecdsa/308.patch b/SPECS/python-ecdsa/308.patch
new file mode 100644
index 0000000000..4f1f3fc7a4
--- /dev/null
+++ b/SPECS/python-ecdsa/308.patch
@@ -0,0 +1,117 @@
+From 87a1596b93f45f5b2ee484ca12a075365e67815a Mon Sep 17 00:00:00 2001
+From: Hubert Kario 
+Date: Mon, 24 Oct 2022 20:27:50 +0200
+Subject: [PATCH] tighter bounds for hypothesis parameters
+
+---
+ src/ecdsa/test_ecdsa.py         |  4 ++--
+ src/ecdsa/test_ellipticcurve.py |  2 +-
+ src/ecdsa/test_jacobi.py        | 20 ++++++++++----------
+ 3 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/src/ecdsa/test_ecdsa.py b/src/ecdsa/test_ecdsa.py
+index dbc4a6eb..2af527b6 100644
+--- a/src/ecdsa/test_ecdsa.py
++++ b/src/ecdsa/test_ecdsa.py
+@@ -622,12 +622,12 @@ def st_random_gen_key_msg_nonce(draw):
+     name = draw(st.sampled_from(sorted(name_gen.keys())))
+     note("Generator used: {0}".format(name))
+     generator = name_gen[name]
+-    order = int(generator.order())
++    order = int(generator.order()) - 1
+ 
+     key = draw(st.integers(min_value=1, max_value=order))
+     msg = draw(st.integers(min_value=1, max_value=order))
+     nonce = draw(
+-        st.integers(min_value=1, max_value=order + 1)
++        st.integers(min_value=1, max_value=order)
+         | st.integers(min_value=order >> 1, max_value=order)
+     )
+     return generator, key, msg, nonce
+diff --git a/src/ecdsa/test_ellipticcurve.py b/src/ecdsa/test_ellipticcurve.py
+index 85faef4d..f46fd9ea 100644
+--- a/src/ecdsa/test_ellipticcurve.py
++++ b/src/ecdsa/test_ellipticcurve.py
+@@ -44,7 +44,7 @@
+ 
+ 
+ @settings(**HYP_SLOW_SETTINGS)
+-@given(st.integers(min_value=1, max_value=r + 1))
++@given(st.integers(min_value=1, max_value=r - 1))
+ def test_p192_mult_tests(multiple):
+     inv_m = inverse_mod(multiple, r)
+ 
+diff --git a/src/ecdsa/test_jacobi.py b/src/ecdsa/test_jacobi.py
+index 1f528048..71fb33e5 100644
+--- a/src/ecdsa/test_jacobi.py
++++ b/src/ecdsa/test_jacobi.py
+@@ -202,7 +202,7 @@ def test_compare_double_with_multiply(self):
+     @settings(max_examples=10)
+     @given(
+         st.integers(
+-            min_value=0, max_value=int(generator_brainpoolp160r1.order())
++            min_value=0, max_value=int(generator_brainpoolp160r1.order() - 1)
+         )
+     )
+     def test_multiplications(self, mul):
+@@ -217,7 +217,7 @@ def test_multiplications(self, mul):
+     @settings(max_examples=10)
+     @given(
+         st.integers(
+-            min_value=0, max_value=int(generator_brainpoolp160r1.order())
++            min_value=0, max_value=int(generator_brainpoolp160r1.order() - 1)
+         )
+     )
+     @example(0)
+@@ -235,10 +235,10 @@ def test_precompute(self, mul):
+     @settings(max_examples=10)
+     @given(
+         st.integers(
+-            min_value=1, max_value=int(generator_brainpoolp160r1.order())
++            min_value=1, max_value=int(generator_brainpoolp160r1.order() - 1)
+         ),
+         st.integers(
+-            min_value=1, max_value=int(generator_brainpoolp160r1.order())
++            min_value=1, max_value=int(generator_brainpoolp160r1.order() - 1)
+         ),
+     )
+     @example(3, 3)
+@@ -254,10 +254,10 @@ def test_add_scaled_points(self, a_mul, b_mul):
+     @settings(max_examples=10)
+     @given(
+         st.integers(
+-            min_value=1, max_value=int(generator_brainpoolp160r1.order())
++            min_value=1, max_value=int(generator_brainpoolp160r1.order() - 1)
+         ),
+         st.integers(
+-            min_value=1, max_value=int(generator_brainpoolp160r1.order())
++            min_value=1, max_value=int(generator_brainpoolp160r1.order() - 1)
+         ),
+         st.integers(min_value=1, max_value=int(curve_brainpoolp160r1.p() - 1)),
+     )
+@@ -286,10 +286,10 @@ def test_add_one_scaled_point(self, a_mul, b_mul, new_z):
+     @settings(max_examples=10)
+     @given(
+         st.integers(
+-            min_value=1, max_value=int(generator_brainpoolp160r1.order())
++            min_value=1, max_value=int(generator_brainpoolp160r1.order() - 1)
+         ),
+         st.integers(
+-            min_value=1, max_value=int(generator_brainpoolp160r1.order())
++            min_value=1, max_value=int(generator_brainpoolp160r1.order() - 1)
+         ),
+         st.integers(min_value=1, max_value=int(curve_brainpoolp160r1.p() - 1)),
+     )
+@@ -351,10 +351,10 @@ def test_add_same_scale_points_static(self):
+     @settings(max_examples=14)
+     @given(
+         st.integers(
+-            min_value=1, max_value=int(generator_brainpoolp160r1.order())
++            min_value=1, max_value=int(generator_brainpoolp160r1.order() - 1)
+         ),
+         st.integers(
+-            min_value=1, max_value=int(generator_brainpoolp160r1.order())
++            min_value=1, max_value=int(generator_brainpoolp160r1.order() - 1)
+         ),
+         st.lists(
+             st.integers(
diff --git a/SPECS/python-ecdsa/python-ecdsa.spec b/SPECS/python-ecdsa/python-ecdsa.spec
index 3222a79f8a..09d2d6910f 100644
--- a/SPECS/python-ecdsa/python-ecdsa.spec
+++ b/SPECS/python-ecdsa/python-ecdsa.spec
@@ -1,18 +1,24 @@
 Summary:        ECDSA cryptographic signature library (pure python)
 Name:           python-ecdsa
 Version:        0.18.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          System Environment/Security
 URL:            https://pypi.python.org/pypi/ecdsa
 Source0:        https://github.com/tlsfuzzer/%{name}/archive/refs/tags/%{name}-%{version}.tar.gz
+Patch0:         308.patch
 BuildRequires:  openssl
 BuildRequires:  python3-devel
 BuildRequires:  python3-setuptools
 %if 0%{?with_check}
 BuildRequires:  python3-pip
+BuildRequires:  python3-six
+BuildRequires:  python3-hypothesis
+BuildRequires:  python3-attrs
+BuildRequires:  python3-sortedcontainers
+BuildRequires:  python3-pytest
 %endif
 BuildArch:      noarch
 
@@ -33,7 +39,7 @@ and signatures are very short, making them easy to handle and incorporate
 into other protocols.
 
 %prep
-%autosetup -n %{name}-%{name}-%{version}
+%autosetup -p1 -n %{name}-%{name}-%{version}
 
 %build
 %py3_build
@@ -42,8 +48,7 @@ into other protocols.
 %{py3_install "--single-version-externally-managed"}
 
 %check
-pip3 install tox
-tox -e py%{python3_version_nodots}
+%pytest
 
 %files -n python3-ecdsa
 %defattr(-, root, root)
@@ -51,6 +56,11 @@ tox -e py%{python3_version_nodots}
 %{python3_sitelib}/*
 
 %changelog
+* Tue Apr 15 2024 Riken Maharjan  - 0.18.0-2
+- Fix Ptest by importing 308 patch from Fedora (License:MIT)
+- Add missing test packages
+- Use normal pytest instead of tox
+
 * Fri Oct 27 2023 CBL-Mariner Servicing Account  - 0.18.0-1
 - Auto-upgrade to 0.18.0 - Azure Linux 3.0 - package upgrades
 
diff --git a/SPECS/python-gast/python-gast.spec b/SPECS/python-gast/python-gast.spec
index 351150080b..6b036efa70 100644
--- a/SPECS/python-gast/python-gast.spec
+++ b/SPECS/python-gast/python-gast.spec
@@ -6,7 +6,7 @@ as produced by ast.parse from the standard ast module.}
 Summary:        Python AST that abstracts the underlying Python version
 Name:           python-gast
 Version:        0.5.4
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -17,6 +17,9 @@ BuildRequires:  python3-devel
 BuildRequires:  python3-packaging
 BuildRequires:  python3-pip
 BuildRequires:  python3-wheel
+%if 0%{?with_check}
+BuildRequires:  python3-pytest
+%endif
 BuildArch:      noarch
 
 %description %{_description}
@@ -43,15 +46,16 @@ Summary:        %{summary}
 
 
 %check
-pip3 install tox tox-current-env pytest==7.1.3
-%tox
-
+%pytest
 
 %files -n python3-gast -f %{pyproject_files}
 %license LICENSE
 %doc README.rst
 
 %changelog
+* Tue May 13 2025 Riken Maharjan  - 0.5.4-2
+- Fix Ptest by using pytest instead of tox.
+
 * Thu Nov 02 2023 CBL-Mariner Servicing Account  - 0.5.4-1
 - Auto-upgrade to 0.5.4 - Azure Linux 3.0 - package upgrades
 
diff --git a/SPECS/python-greenlet/greenlet-py39.patch b/SPECS/python-greenlet/greenlet-py39.patch
deleted file mode 100644
index 15cf75d32e..0000000000
--- a/SPECS/python-greenlet/greenlet-py39.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From d05b62bb75e6a3e217435a1fe0f15a53e692898c Mon Sep 17 00:00:00 2001
-From: Victor Stinner 
-Date: Wed, 18 Mar 2020 15:09:33 +0100
-Subject: [PATCH] Port to Python 3.9
-
-On Python 3.9, define _Py_DEC_REFTOTAL which has been removed by:
-https://github.com/python/cpython/commit/49932fec62c616ec88da52642339d83ae719e924
-
-Replace also PyEval_CallObjectWithKeywords() with PyObject_Call(),
-since PyEval_CallObjectWithKeywords() has been deprecated in
-Python 3.9 and PyObject_Call() has the same behavior. The only
-difference is that PyEval_CallObjectWithKeywords() can be called with
-args=NULL, but g_initialstub() ensures that args is not NULL.
----
- greenlet.c | 13 +++++++++++--
- 1 file changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/greenlet.c b/greenlet.c
-index ec738b9..d37fc97 100644
---- a/greenlet.c
-+++ b/greenlet.c
-@@ -109,6 +109,16 @@ extern PyTypeObject PyGreenlet_Type;
- #define GREENLET_USE_TRACING 1
- #endif
- 
-+#ifndef _Py_DEC_REFTOTAL
-+  /* _Py_DEC_REFTOTAL macro has been removed from Python 3.9 by:
-+    https://github.com/python/cpython/commit/49932fec62c616ec88da52642339d83ae719e924 */
-+#  ifdef Py_REF_DEBUG
-+#    define _Py_DEC_REFTOTAL _Py_RefTotal--
-+#  else
-+#    define _Py_DEC_REFTOTAL
-+#  endif
-+#endif
-+
- /* Weak reference to the switching-to greenlet during the slp switch */
- static PyGreenlet* volatile ts_target = NULL;
- /* Strong reference to the switching from greenlet after the switch */
-@@ -820,8 +830,7 @@ static int GREENLET_NOINLINE(g_initialstub)(void* mark)
- 			result = NULL;
- 		} else {
- 			/* call g.run(*args, **kwargs) */
--			result = PyEval_CallObjectWithKeywords(
--				run, args, kwargs);
-+			result = PyObject_Call(run, args, kwargs);
- 			Py_DECREF(args);
- 			Py_XDECREF(kwargs);
- 		}
diff --git a/SPECS/python-greenlet/python-greenlet.spec b/SPECS/python-greenlet/python-greenlet.spec
index 8a880c52b7..e5f0d5b959 100644
--- a/SPECS/python-greenlet/python-greenlet.spec
+++ b/SPECS/python-greenlet/python-greenlet.spec
@@ -9,7 +9,7 @@ and are synchronized with data exchanges on "channels".
 Summary:        Lightweight in-process concurrent programming
 Name:           python-%{modname}
 Version:        3.0.3
-Release:        1%{?dist}
+Release:        2%{?dist}
 # Most is MIT except for these, which are under the Python Software License:
 # - src/greenlet/slp_platformselect.h
 # - src/greenlet/platform/ directory
@@ -19,7 +19,13 @@ Distribution:   Azure Linux
 URL:            https://github.com/python-greenlet/greenlet
 Source0:        %{url}/archive/%{version}/%{modname}-%{version}.tar.gz
 
+# Skip leak checking to avoid a missing dependency, `objgraph`
+Patch0:          skip-leak-checks.patch
+
 BuildRequires:  gcc-c++
+%if 0%{?with_check}
+BuildRequires:  python3-psutil
+%endif
 
 %description %{_description}
 
@@ -55,7 +61,9 @@ Python 3 version.
 %py3_install
 
 %check
-PYTHONPATH="%{buildroot}%{python3_sitearch}" %{python3} -m unittest discover greenlet.tests
+PYTHONPATH="%{buildroot}%{python3_sitearch}" %{python3} -m unittest discover -v \
+              -s "%{buildroot}%{python3_sitearch}/greenlet/tests" \
+              -t "%{buildroot}%{python3_sitearch}"
 
 %files -n python3-%{modname}
 %license LICENSE LICENSE.PSF
@@ -67,6 +75,10 @@ PYTHONPATH="%{buildroot}%{python3_sitearch}" %{python3} -m unittest discover gre
 %{_includedir}/python%{python3_version}*/%{modname}/
 
 %changelog
+* Mon Apr 15 2024 Riken Maharjan  - 3.0.3-2
+- Fix Ptest by importing skip-leak-checks patch from Fedora (License:MIT)
+- Remove unused patch - cleanup.
+
 * Fri Feb 16 2024 Andrew Phelps  - 3.0.3-1
 - Upgrade to version 3.0.3
 
diff --git a/SPECS/python-greenlet/skip-leak-checks.patch b/SPECS/python-greenlet/skip-leak-checks.patch
new file mode 100644
index 0000000000..8492115e94
--- /dev/null
+++ b/SPECS/python-greenlet/skip-leak-checks.patch
@@ -0,0 +1,293 @@
+diff --git a/src/greenlet/tests/leakcheck.py b/src/greenlet/tests/leakcheck.py
+index a5152fb..ebe12e5 100644
+--- a/src/greenlet/tests/leakcheck.py
++++ b/src/greenlet/tests/leakcheck.py
+@@ -30,39 +30,7 @@ import gc
+ from functools import wraps
+ import unittest
+ 
+-
+-import objgraph
+-
+-# graphviz 0.18 (Nov 7 2021), available only on Python 3.6 and newer,
+-# has added type hints (sigh). It wants to use ``typing.Literal`` for
+-# some stuff, but that's only available on Python 3.9+. If that's not
+-# found, it creates a ``unittest.mock.MagicMock`` object and annotates
+-# with that. These are GC'able objects, and doing almost *anything*
+-# with them results in an explosion of objects. For example, trying to
+-# compare them for equality creates new objects. This causes our
+-# leakchecks to fail, with reports like:
+-#
+-# greenlet.tests.leakcheck.LeakCheckError: refcount increased by [337, 1333, 343, 430, 530, 643, 769]
+-# _Call          1820      +546
+-# dict           4094       +76
+-# MagicProxy      585       +73
+-# tuple          2693       +66
+-# _CallList        24        +3
+-# weakref        1441        +1
+-# function       5996        +1
+-# type            736        +1
+-# cell            592        +1
+-# MagicMock         8        +1
+-#
+-# To avoid this, we *could* filter this type of object out early. In
+-# principle it could leak, but we don't use mocks in greenlet, so it
+-# doesn't leak from us. However, a further issue is that ``MagicMock``
+-# objects have subobjects that are also GC'able, like ``_Call``, and
+-# those create new mocks of their own too. So we'd have to filter them
+-# as well, and they're not public. That's OK, we can workaround the
+-# problem by being very careful to never compare by equality or other
+-# user-defined operators, only using object identity or other builtin
+-# functions.
++# Edited for Fedora to avoid missing dependency
+ 
+ RUNNING_ON_GITHUB_ACTIONS = os.environ.get('GITHUB_ACTIONS')
+ RUNNING_ON_TRAVIS = os.environ.get('TRAVIS') or RUNNING_ON_GITHUB_ACTIONS
+@@ -74,53 +42,15 @@ SKIP_FAILING_LEAKCHECKS = os.environ.get('GREENLET_SKIP_FAILING_LEAKCHECKS')
+ ONLY_FAILING_LEAKCHECKS = os.environ.get('GREENLET_ONLY_FAILING_LEAKCHECKS')
+ 
+ def ignores_leakcheck(func):
+-    """
+-    Ignore the given object during leakchecks.
+-
+-    Can be applied to a method, in which case the method will run, but
+-    will not be subject to leak checks.
+-
+-    If applied to a class, the entire class will be skipped during leakchecks. This
+-    is intended to be used for classes that are very slow and cause problems such as
+-    test timeouts; typically it will be used for classes that are subclasses of a base
+-    class and specify variants of behaviour (such as pool sizes).
+-    """
+-    func.ignore_leakcheck = True
+     return func
+ 
+ def fails_leakcheck(func):
+-    """
+-    Mark that the function is known to leak.
+-    """
+-    func.fails_leakcheck = True
+-    if SKIP_FAILING_LEAKCHECKS:
+-        func = unittest.skip("Skipping known failures")(func)
+     return func
+ 
+ class LeakCheckError(AssertionError):
+     pass
+ 
+-if hasattr(sys, 'getobjects'):
+-    # In a Python build with ``--with-trace-refs``, make objgraph
+-    # trace *all* the objects, not just those that are tracked by the
+-    # GC
+-    class _MockGC(object):
+-        def get_objects(self):
+-            return sys.getobjects(0) # pylint:disable=no-member
+-        def __getattr__(self, name):
+-            return getattr(gc, name)
+-    objgraph.gc = _MockGC()
+-    fails_strict_leakcheck = fails_leakcheck
+-else:
+-    def fails_strict_leakcheck(func):
+-        """
+-        Decorator for a function that is known to fail when running
+-        strict (``sys.getobjects()``) leakchecks.
+-
+-        This type of leakcheck finds all objects, even those, such as
+-        strings, which are not tracked by the garbage collector.
+-        """
+-        return func
++fails_strict_leakcheck = fails_leakcheck
+ 
+ class ignores_types_in_strict_leakcheck(object):
+     def __init__(self, types):
+@@ -129,191 +59,5 @@ class ignores_types_in_strict_leakcheck(object):
+         func.leakcheck_ignore_types = self.types
+         return func
+ 
+-class _RefCountChecker(object):
+-
+-    # Some builtin things that we ignore
+-    # XXX: Those things were ignored by gevent, but they're important here,
+-    # presumably.
+-    IGNORED_TYPES = () #(tuple, dict, types.FrameType, types.TracebackType)
+-
+-    def __init__(self, testcase, function):
+-        self.testcase = testcase
+-        self.function = function
+-        self.deltas = []
+-        self.peak_stats = {}
+-        self.ignored_types = ()
+-
+-        # The very first time we are called, we have already been
+-        # self.setUp() by the test runner, so we don't need to do it again.
+-        self.needs_setUp = False
+-
+-    def _include_object_p(self, obj):
+-        # pylint:disable=too-many-return-statements
+-        #
+-        # See the comment block at the top. We must be careful to
+-        # avoid invoking user-defined operations.
+-        if obj is self:
+-            return False
+-        kind = type(obj)
+-        # ``self._include_object_p == obj`` returns NotImplemented
+-        # for non-function objects, which causes the interpreter
+-        # to try to reverse the order of arguments...which leads
+-        # to the explosion of mock objects. We don't want that, so we implement
+-        # the check manually.
+-        if kind == type(self._include_object_p):
+-            try:
+-                # pylint:disable=not-callable
+-                exact_method_equals = self._include_object_p.__eq__(obj)
+-            except AttributeError:
+-                # Python 2.7 methods may only have __cmp__, and that raises a
+-                # TypeError for non-method arguments
+-                # pylint:disable=no-member
+-                exact_method_equals = self._include_object_p.__cmp__(obj) == 0
+-
+-            if exact_method_equals is not NotImplemented and exact_method_equals:
+-                return False
+-
+-        # Similarly, we need to check identity in our __dict__ to avoid mock explosions.
+-        for x in self.__dict__.values():
+-            if obj is x:
+-                return False
+-
+-
+-        if kind in self.ignored_types or kind in self.IGNORED_TYPES:
+-            return False
+-
+-        return True
+-
+-    def _growth(self):
+-        return objgraph.growth(limit=None, peak_stats=self.peak_stats,
+-                               filter=self._include_object_p)
+-
+-    def _report_diff(self, growth):
+-        if not growth:
+-            return ""
+-
+-        lines = []
+-        width = max(len(name) for name, _, _ in growth)
+-        for name, count, delta in growth:
+-            lines.append('%-*s%9d %+9d' % (width, name, count, delta))
+-
+-        diff = '\n'.join(lines)
+-        return diff
+-
+-
+-    def _run_test(self, args, kwargs):
+-        gc_enabled = gc.isenabled()
+-        gc.disable()
+-
+-        if self.needs_setUp:
+-            self.testcase.setUp()
+-            self.testcase.skipTearDown = False
+-        try:
+-            self.function(self.testcase, *args, **kwargs)
+-        finally:
+-            self.testcase.tearDown()
+-            self.testcase.doCleanups()
+-            self.testcase.skipTearDown = True
+-            self.needs_setUp = True
+-            if gc_enabled:
+-                gc.enable()
+-
+-    def _growth_after(self):
+-        # Grab post snapshot
+-        # pylint:disable=no-member
+-        if 'urlparse' in sys.modules:
+-            sys.modules['urlparse'].clear_cache()
+-        if 'urllib.parse' in sys.modules:
+-            sys.modules['urllib.parse'].clear_cache()
+-
+-        return self._growth()
+-
+-    def _check_deltas(self, growth):
+-        # Return false when we have decided there is no leak,
+-        # true if we should keep looping, raises an assertion
+-        # if we have decided there is a leak.
+-
+-        deltas = self.deltas
+-        if not deltas:
+-            # We haven't run yet, no data, keep looping
+-            return True
+-
+-        if gc.garbage:
+-            raise LeakCheckError("Generated uncollectable garbage %r" % (gc.garbage,))
+-
+-
+-        # the following configurations are classified as "no leak"
+-        # [0, 0]
+-        # [x, 0, 0]
+-        # [... a, b, c, d]  where a+b+c+d = 0
+-        #
+-        # the following configurations are classified as "leak"
+-        # [... z, z, z]  where z > 0
+-
+-        if deltas[-2:] == [0, 0] and len(deltas) in (2, 3):
+-            return False
+-
+-        if deltas[-3:] == [0, 0, 0]:
+-            return False
+-
+-        if len(deltas) >= 4 and sum(deltas[-4:]) == 0:
+-            return False
+-
+-        if len(deltas) >= 3 and deltas[-1] > 0 and deltas[-1] == deltas[-2] and deltas[-2] == deltas[-3]:
+-            diff = self._report_diff(growth)
+-            raise LeakCheckError('refcount increased by %r\n%s' % (deltas, diff))
+-
+-        # OK, we don't know for sure yet. Let's search for more
+-        if sum(deltas[-3:]) <= 0 or sum(deltas[-4:]) <= 0 or deltas[-4:].count(0) >= 2:
+-            # this is suspicious, so give a few more runs
+-            limit = 11
+-        else:
+-            limit = 7
+-        if len(deltas) >= limit:
+-            raise LeakCheckError('refcount increased by %r\n%s'
+-                                 % (deltas,
+-                                    self._report_diff(growth)))
+-
+-        # We couldn't decide yet, keep going
+-        return True
+-
+-    def __call__(self, args, kwargs):
+-        for _ in range(3):
+-            gc.collect()
+-
+-        expect_failure = getattr(self.function, 'fails_leakcheck', False)
+-        if expect_failure:
+-            self.testcase.expect_greenlet_leak = True
+-        self.ignored_types = getattr(self.function, "leakcheck_ignore_types", ())
+-
+-        # Capture state before; the incremental will be
+-        # updated by each call to _growth_after
+-        growth = self._growth()
+-
+-        try:
+-            while self._check_deltas(growth):
+-                self._run_test(args, kwargs)
+-
+-                growth = self._growth_after()
+-
+-                self.deltas.append(sum((stat[2] for stat in growth)))
+-        except LeakCheckError:
+-            if not expect_failure:
+-                raise
+-        else:
+-            if expect_failure:
+-                raise LeakCheckError("Expected %s to leak but it did not." % (self.function,))
+-
+ def wrap_refcount(method):
+-    if getattr(method, 'ignore_leakcheck', False) or SKIP_LEAKCHECKS:
+-        return method
+-
+-    @wraps(method)
+-    def wrapper(self, *args, **kwargs): # pylint:disable=too-many-branches
+-        if getattr(self, 'ignore_leakcheck', False):
+-            raise unittest.SkipTest("This class ignored during leakchecks")
+-        if ONLY_FAILING_LEAKCHECKS and not getattr(method, 'fails_leakcheck', False):
+-            raise unittest.SkipTest("Only running tests that fail leakchecks.")
+-        return _RefCountChecker(self, method)(args, kwargs)
+-
+-    return wrapper
++    return method
diff --git a/SPECS/python-iniparse/0001-Fix-tests-with-python-3.12.1.patch b/SPECS/python-iniparse/0001-Fix-tests-with-python-3.12.1.patch
new file mode 100644
index 0000000000..0b638b4ff5
--- /dev/null
+++ b/SPECS/python-iniparse/0001-Fix-tests-with-python-3.12.1.patch
@@ -0,0 +1,29 @@
+From 033c0aa3e1a51cb70a97762252059e70cc2f671c Mon Sep 17 00:00:00 2001
+From: Daniel Garcia Moreno 
+Date: Wed, 20 Dec 2023 12:40:14 +0100
+Subject: [PATCH] Fix tests with python 3.11.7
+
+---
+Backported to 0.5 (s/six/io/ below)
+
+ tests/test_compat.py | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/tests/test_compat.py b/tests/test_compat.py
+index 8d7c785..86d0524 100644
+--- a/tests/test_compat.py
++++ b/tests/test_compat.py
+@@ -1,3 +1,4 @@
++import os
+ from iniparse import compat as ConfigParser
+ from six import StringIO
+ try:
+@@ -263,6 +264,8 @@ class mystr(str):
+ 
+     def test_read_returns_file_list(self):
+         file1 = test_support.findfile("cfgparser.1")
++        if not os.path.exists(file1):
++            file1 = test_support.findfile("configdata/cfgparser.1")
+         # check when we pass a mix of readable and non-readable files:
+         cf = self.newconfig()
+         parsed_files = cf.read([file1, "nonexistant-file"])
diff --git a/SPECS/python-iniparse/python-iniparse.spec b/SPECS/python-iniparse/python-iniparse.spec
index 67c5314f2d..6fa8b1e977 100644
--- a/SPECS/python-iniparse/python-iniparse.spec
+++ b/SPECS/python-iniparse/python-iniparse.spec
@@ -1,7 +1,7 @@
 Summary:        Python Module for Accessing and Modifying Configuration Data in INI files
 Name:           python-iniparse
 Version:        0.5
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        MIT OR Python
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -9,6 +9,7 @@ Group:          Development/Libraries
 URL:            https://github.com/candlepin/python-iniparse
 Source0:        https://files.pythonhosted.org/packages/4c/9a/02beaf11fc9ea7829d3a9041536934cd03990e09c359724f99ee6bd2b41b/iniparse-%{version}.tar.gz 
 Patch0:         python-3.11-test-compat.patch
+Patch1:         0001-Fix-tests-with-python-3.12.1.patch
 
 BuildArch:      noarch
 
@@ -53,6 +54,9 @@ mv %{buildroot}%{_docdir}/iniparse-%{version} %{buildroot}%{_docdir}/%{name}-%{v
 %{python3_sitelib}/*
 
 %changelog
+* Tue Apr 08 2025 Riken Maharjan  - 0.5-3
+- add a patch from Fedora (LICENSE:MIT) for ptest to correctly import a file.
+
 * Thu Jul 11 2024 Sam Meluch  - 0.5-2
 - add patch for ptests for python 3.11+ compat
 
diff --git a/SPECS/python-jwt/python-jwt.spec b/SPECS/python-jwt/python-jwt.spec
index cc588673e8..b72c29281d 100644
--- a/SPECS/python-jwt/python-jwt.spec
+++ b/SPECS/python-jwt/python-jwt.spec
@@ -18,7 +18,7 @@ encrypted JSON objects.}
 
 Name:           python-jwt
 Version:        2.8.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        JSON Web Token implementation in Python
 License:        MIT
 Vendor:         Microsoft Corporation
@@ -59,7 +59,7 @@ rm -rf %{eggname}.egg-info
 %py3_install
 
 %check
-pip3 install tox
+pip3 install tox==4.25.0 --ignore-installed
 tox
 
 %if %{with python3}
@@ -71,6 +71,9 @@ tox
 %endif
 
 %changelog
+* Tue Apr 08 2024 Riken Maharjan  - 2.8.0-2
+- Fixed ptest
+
 * Fri Apr 26 2024 Osama Esmail  - 2.8.0-1
 - Updating to 2.8.0-1 for 3.0
 - Using literal package name so auto-upgrader can do its thing
diff --git a/SPECS/python-mako/python-mako.spec b/SPECS/python-mako/python-mako.spec
index 96638d58e2..4bca2a699d 100644
--- a/SPECS/python-mako/python-mako.spec
+++ b/SPECS/python-mako/python-mako.spec
@@ -2,7 +2,7 @@
 Summary:        Python templating language
 Name:           python-mako
 Version:        1.2.4
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -13,6 +13,8 @@ BuildArch:      noarch
 
 %if 0%{?with_check}
 BuildRequires:  python3-pip
+BuildRequires:  python3-pytest
+BuildRequires:  python3-markupsafe
 %endif
 
 %description
@@ -47,8 +49,7 @@ many others, including Django templates, Cheetah, Myghty, and Genshi.
 ln -s mako-render %{buildroot}/%{_bindir}/mako-render3
 
 %check
-pip3 install tox
-tox -e py%{python3_version_nodots}
+%pytest
 
 %files -n python3-mako
 %defattr(-,root,root,-)
@@ -58,6 +59,9 @@ tox -e py%{python3_version_nodots}
 %{_bindir}/mako-render3
 
 %changelog
+* Tue May 13 2025 Riken Maharjan  - 1.2.4-2
+- Fix Ptest by using pytest instead of tox.
+
 * Fri Oct 27 2023 CBL-Mariner Servicing Account  - 1.2.4-1
 - Auto-upgrade to 1.2.4 - Azure Linux 3.0 - package upgrades
 
diff --git a/SPECS/python-markdown/python-markdown.spec b/SPECS/python-markdown/python-markdown.spec
index 84deadd4cc..91e55cb2e6 100644
--- a/SPECS/python-markdown/python-markdown.spec
+++ b/SPECS/python-markdown/python-markdown.spec
@@ -3,7 +3,7 @@
 Summary:        Markdown implementation in Python
 Name:           python-%{pkgname}
 Version:        3.5.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -49,7 +49,7 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} \
   LICENSE.md > LICENSE.html
 
 %check
-%{__python3} ./setup.py test
+%{__python3} -m unittest discover -v
 
 
 %files -n python%{python3_pkgversion}-%{pkgname}
@@ -61,6 +61,9 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} \
 %{_bindir}/markdown_py
 
 %changelog
+* Tue Apr 29 2025 Riken Maharjan  -  3.5.2-2
+- Use proper ptest command to run the test.
+
 * Fri Feb 16 2024 Andrew Phelps  - 3.5.2-1
 - Upgrade to version 3.5.2
 - Add BR for python3-pip and python3-wheel
diff --git a/SPECS/python-more-itertools/python-more-itertools.spec b/SPECS/python-more-itertools/python-more-itertools.spec
index 11c8644430..9f4f9b810b 100644
--- a/SPECS/python-more-itertools/python-more-itertools.spec
+++ b/SPECS/python-more-itertools/python-more-itertools.spec
@@ -6,7 +6,7 @@ Python iterables.}
 Summary:        More routines for operating on Python iterables, beyond itertools
 Name:           python-more-itertools
 Version:        10.2.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -17,6 +17,9 @@ BuildRequires:  python3-flit-core
 BuildRequires:  python3-pip
 BuildRequires:  python3-wheel
 BuildArch:      noarch
+%if 0%{?with_check}
+BuildRequires:  python3-pytest
+%endif
 
 %description %{_description}
 
@@ -36,14 +39,16 @@ Summary:        %{summary}
 %pyproject_save_files more_itertools
 
 %check
-pip3 install tox
-tox -e py%{python3_version_nodots}
+%pytest
 
 %files -n python3-more-itertools -f %{pyproject_files}
 %doc README.rst
 %license LICENSE
 
 %changelog
+* Tue Apr 29 2025 Riken Maharjan  - 10.2.0-2
+- Switch to pytest from tox to fix the pytest
+
 * Fri Feb 09 2024 CBL-Mariner Servicing Account  - 10.2.0-1
 - Auto-upgrade to 10.2.0 - 3.0 package upgrade
 
diff --git a/SPECS/python-msgpack/python-msgpack.spec b/SPECS/python-msgpack/python-msgpack.spec
index b251bee285..ba0387537d 100644
--- a/SPECS/python-msgpack/python-msgpack.spec
+++ b/SPECS/python-msgpack/python-msgpack.spec
@@ -2,7 +2,7 @@
 Summary:        MessagePack (de)serializer.
 Name:           python-msgpack
 Version:        1.0.5
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -14,6 +14,7 @@ BuildRequires:  python3-setuptools
 BuildRequires:  python3-Cython
 %if 0%{?with_check}
 BuildRequires:  python3-pip
+BuildRequires:  python3-pytest
 %endif
 
 %description
@@ -36,10 +37,7 @@ MessagePack is a fast, compact binary serialization format, suitable for similar
 %py3_install
 
 %check
-# v1.0.3 does not have a tox env for newer versions of python, so we add it ourselves
-sed -i 's/    {py35,py36,py37,py38}-{c,pure},/    {py35,py36,py37,py38,py%{python3_version_nodots}}-{c,pure},/g' tox.ini
-pip3 install tox
-tox -e py%{python3_version_nodots}-c,py%{python3_version_nodots}-pure
+%pytest
 
 %files -n python3-msgpack
 %defattr(-,root,root)
@@ -47,6 +45,9 @@ tox -e py%{python3_version_nodots}-c,py%{python3_version_nodots}-pure
 %{python3_sitelib}/*
 
 %changelog
+* Tue Apr 29 2025 Riken Maharjan  -  1.0.5-2
+- Use pytest instead of tox to fix the ptest
+
 * Fri Oct 27 2023 CBL-Mariner Servicing Account  - 1.0.5-1
 - Auto-upgrade to 1.0.5 - Azure Linux 3.0 - package upgrades
 
diff --git a/SPECS/python-nocasedict/python-nocasedict.spec b/SPECS/python-nocasedict/python-nocasedict.spec
index 45b2677979..21ee193aae 100644
--- a/SPECS/python-nocasedict/python-nocasedict.spec
+++ b/SPECS/python-nocasedict/python-nocasedict.spec
@@ -3,7 +3,7 @@
 Summary:        Case-insensitive ordered dictionary library for Python
 Name:           python-%{pkgname}
 Version:        2.0.3
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -15,6 +15,7 @@ BuildRequires:  python3-six >= %{six_version}
 BuildRequires:  python3-wheel
 %if 0%{?with_check}
 BuildRequires:  python3-pip
+BuildRequires:  python3-pytest
 %endif
 BuildArch:      noarch
 
@@ -40,8 +41,7 @@ rm -rf *.egg-info
 %py3_install
 
 %check
-pip3 install 'tox>=3.27.1,<4.0.0'
-PYTHONPATH=%{buildroot}%{python3_sitelib} tox -e py%{python3_version_nodots}
+%pytest
 
 %files -n python3-%{pkgname}
 %license LICENSE
@@ -50,6 +50,9 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} tox -e py%{python3_version_nodots}
 %{python3_sitelib}/*.egg-info
 
 %changelog
+* Tue May 13 2025 Riken Maharjan  - 2.0.3-2
+- Fix Ptest by using pytest instead of tox.
+
 * Thu Jul 11 2024 Sam Meluch  - 2.0.3-1
 - Upgrade to 2.0.3
 
diff --git a/SPECS/python-oauthlib/python-oauthlib.spec b/SPECS/python-oauthlib/python-oauthlib.spec
index 67173f9886..3fa50a0074 100644
--- a/SPECS/python-oauthlib/python-oauthlib.spec
+++ b/SPECS/python-oauthlib/python-oauthlib.spec
@@ -1,7 +1,7 @@
 Summary:        An implementation of the OAuth request-signing logic
 Name:           python-oauthlib
 Version:        3.2.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -11,6 +11,9 @@ Source0:        https://github.com/oauthlib/oauthlib/archive/refs/tags/v%{versio
 BuildArch:      noarch
 %if 0%{?with_check}
 BuildRequires:  python3-pip
+BuildRequires:  python3-cryptography
+BuildRequires:  python3-jwt
+BuildRequires:  python3-blinker
 %endif
 
 %description
@@ -23,6 +26,9 @@ BuildRequires:  python3-devel
 BuildRequires:  python3-setuptools
 BuildRequires:  python3-xml
 Requires:       python3
+Requires:       python3-cryptography
+Requires:       python3-jwt
+Requires:       python3-blinker
 
 %description -n python3-oauthlib
 OAuthLib is a generic utility which implements the logic of OAuth without assuming a specific HTTP request object or web framework
@@ -45,6 +51,9 @@ pip3 install mock wheel
 %{python3_sitelib}/*
 
 %changelog
+* Tue Apr 29 2025 Riken Maharjan  -  3.2.2-2
+- Add missing runtime deps
+
 * Fri Feb 02 2024 Henry Li  - 3.2.2-1
 - Upgrade to version 3.2.2
 - Fix Source0
diff --git a/SPECS/python-pytest-forked/Pytest-Output-Fix.patch b/SPECS/python-pytest-forked/Pytest-Output-Fix.patch
new file mode 100644
index 0000000000..96a46e9b1e
--- /dev/null
+++ b/SPECS/python-pytest-forked/Pytest-Output-Fix.patch
@@ -0,0 +1,39 @@
+From: Riken Maharjan 
+Date: Tue, 28 Apr 2025 10:00:00 -0700
+Subject: Fix Pytest Output issue for Forked Tests
+
+diff --git a/testing/test_xfail_behavior.py b/testing/test_xfail_behavior.py
+index ef00385..15edd93 100644
+--- a/testing/test_xfail_behavior.py
++++ b/testing/test_xfail_behavior.py
+@@ -6,6 +6,7 @@
+ 
+ IS_PYTEST4_PLUS = int(pytest.__version__[0]) >= 4  # noqa: WPS609
+ FAILED_WORD = "FAILED" if IS_PYTEST4_PLUS else "FAIL"
++PYTEST_GTE_7_2 = hasattr(pytest, "version_tuple") and pytest.version_tuple >= (7, 2)  # type: ignore[attr-defined]
+ 
+ pytestmark = pytest.mark.skipif(  # pylint: disable=invalid-name
+     not hasattr(os, "fork"),  # noqa: WPS421
+@@ -68,10 +69,12 @@ def test_xfail(is_crashing, is_strict, testdir):
+             )
+         )
+     reason_string = (
+-        "  reason: The process gets terminated; "
++        "reason: The process gets terminated; "
+         "pytest-forked reason: "
+         "*:*: running the test CRASHED with signal {sig_num:d}".format(**locals())
+     )
++    if expected_lowercase == "xfailed" and PYTEST_GTE_7_2:
++        short_test_summary += " - " + reason_string
+     total_summary_line = "*==== 1 {expected_lowercase!s} in 0.*s* ====*".format(
+         **locals()
+     )
+@@ -95,7 +98,7 @@ def test_xfail(is_crashing, is_strict, testdir):
+     )
+     if expected_lowercase == "xpassed" and expected_word == FAILED_WORD:
+         # XPASS(strict)
+-        expected_lines += (reason_string,)
++        expected_lines += ("  " + reason_string,)
+     expected_lines += (total_summary_line,)
+ 
+     test_module = testdir.makepyfile(
diff --git a/SPECS/python-pytest-forked/python-pytest-forked.spec b/SPECS/python-pytest-forked/python-pytest-forked.spec
index 46ac731fe6..70b18f47e6 100644
--- a/SPECS/python-pytest-forked/python-pytest-forked.spec
+++ b/SPECS/python-pytest-forked/python-pytest-forked.spec
@@ -7,7 +7,7 @@ C++ libraries that might crash the process. To use the plugin, simply use the
 Summary:        py.test plugin for running tests in isolated forked subprocesses
 Name:           python-%{pypi_name}
 Version:        1.4.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -18,8 +18,10 @@ BuildRequires:  python3-py
 BuildRequires:  python3-setuptools
 BuildRequires:  python3-setuptools_scm
 BuildArch:      noarch
+Patch0:         Pytest-Output-Fix.patch  
 %if 0%{?with_check}
 BuildRequires:  python3-pip
+BuildRequires:  python3-pytest
 %endif
 
 %description %{_description}
@@ -45,7 +47,6 @@ pip3 install atomicwrites>=1.3.0 \
     attrs>=19.1.0 \
     more-itertools>=7.0.0 \
     pluggy>=0.11.0 \
-    pytest==7.1.2 \
     pytest-cov>=2.7.1
 PATH=%{buildroot}%{_bindir}:${PATH} \
 PYTHONPATH=%{buildroot}%{python3_sitelib} \
@@ -57,6 +58,9 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} \
 %{python3_sitelib}/pytest_forked*
 
 %changelog
+* Tue Apr 29 2025 Riken Maharjan  - 1.4.0-3
+- Add patch from upstream to account for new pytest output.
+
 * Wed Oct 26 2022 Pawel Winogrodzki  - 1.4.0-2
 - Freezing 'pytest' test dependency to version 7.1.2.
 
diff --git a/SPECS/python-requests/CVE-2024-35195.patch b/SPECS/python-requests/CVE-2024-35195.patch
new file mode 100644
index 0000000000..79ef8ecf52
--- /dev/null
+++ b/SPECS/python-requests/CVE-2024-35195.patch
@@ -0,0 +1,125 @@
+# From https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac
+diff --color -urN a/requests/adapters.py b/requests/adapters.py
+--- a/requests/adapters.py	2023-05-22 15:10:32.000000000 +0000
++++ b/requests/adapters.py	2024-12-31 09:52:50.514094943 +0000
+@@ -8,6 +8,7 @@
+ 
+ import os.path
+ import socket  # noqa: F401
++import typing
+ 
+ from urllib3.exceptions import ClosedPoolError, ConnectTimeoutError
+ from urllib3.exceptions import HTTPError as _HTTPError
+@@ -61,12 +62,38 @@
+         raise InvalidSchema("Missing dependencies for SOCKS support.")
+ 
+ 
++if typing.TYPE_CHECKING:
++    from .models import PreparedRequest
++
++
+ DEFAULT_POOLBLOCK = False
+ DEFAULT_POOLSIZE = 10
+ DEFAULT_RETRIES = 0
+ DEFAULT_POOL_TIMEOUT = None
+ 
+ 
++def _urllib3_request_context(
++    request: "PreparedRequest", verify: "bool | str | None"
++) -> "(typing.Dict[str, typing.Any], typing.Dict[str, typing.Any])":
++    host_params = {}
++    pool_kwargs = {}
++    parsed_request_url = urlparse(request.url)
++    scheme = parsed_request_url.scheme.lower()
++    port = parsed_request_url.port
++    cert_reqs = "CERT_REQUIRED"
++    if verify is False:
++        cert_reqs = "CERT_NONE"
++    if isinstance(verify, str):
++        pool_kwargs["ca_certs"] = verify
++    pool_kwargs["cert_reqs"] = cert_reqs
++    host_params = {
++        "scheme": scheme,
++        "host": parsed_request_url.hostname,
++        "port": port,
++    }
++    return host_params, pool_kwargs
++
++
+ class BaseAdapter:
+     """The Base Transport Adapter"""
+ 
+@@ -328,6 +355,35 @@
+ 
+         return response
+ 
++    def _get_connection(self, request, verify, proxies=None):
++        # Replace the existing get_connection without breaking things and
++        # ensure that TLS settings are considered when we interact with
++        # urllib3 HTTP Pools
++        proxy = select_proxy(request.url, proxies)
++        try:
++            host_params, pool_kwargs = _urllib3_request_context(request, verify)
++        except ValueError as e:
++            raise InvalidURL(e, request=request)
++        if proxy:
++            proxy = prepend_scheme_if_needed(proxy, "http")
++            proxy_url = parse_url(proxy)
++            if not proxy_url.host:
++                raise InvalidProxyURL(
++                    "Please check proxy URL. It is malformed "
++                    "and could be missing the host."
++                )
++            proxy_manager = self.proxy_manager_for(proxy)
++            conn = proxy_manager.connection_from_host(
++                **host_params, pool_kwargs=pool_kwargs
++            )
++        else:
++            # Only scheme should be lower case
++            conn = self.poolmanager.connection_from_host(
++                **host_params, pool_kwargs=pool_kwargs
++            )
++
++        return conn
++
+     def get_connection(self, url, proxies=None):
+         """Returns a urllib3 connection for the given URL. This should not be
+         called from user code, and is only exposed for use when subclassing the
+@@ -451,7 +507,7 @@
+         """
+ 
+         try:
+-            conn = self.get_connection(request.url, proxies)
++            conn = self._get_connection(request, verify, proxies)
+         except LocationValueError as e:
+             raise InvalidURL(e, request=request)
+ 
+diff --color -urN a/tests/test_requests.py b/tests/test_requests.py
+--- a/tests/test_requests.py	2023-05-22 15:10:32.000000000 +0000
++++ b/tests/test_requests.py	2024-12-31 09:52:50.514094943 +0000
+@@ -2655,6 +2655,13 @@
+     except ConnectionError as e:
+         assert "Pool is closed." in str(e)
+ 
++    def test_different_connection_pool_for_tls_settings(self):
++        s = requests.Session()
++        r1 = s.get("https://invalid.badssl.com", verify=False)
++        assert r1.status_code == 421
++        with pytest.raises(requests.exceptions.SSLError):
++            s.get("https://invalid.badssl.com")
++
+ 
+ class TestPreparingURLs:
+     @pytest.mark.parametrize(
+diff --color -urN a/tox.ini b/tox.ini
+--- a/tox.ini	2023-05-22 15:10:32.000000000 +0000
++++ b/tox.ini	2024-12-31 09:52:50.514094943 +0000
+@@ -7,7 +7,7 @@
+     security
+     socks
+ commands =
+-    pytest tests
++    pytest {posargs:tests}
+ 
+ [testenv:default]
+ 
diff --git a/SPECS/python-requests/python-requests.spec b/SPECS/python-requests/python-requests.spec
index bc93f132bd..6f54f0a2aa 100644
--- a/SPECS/python-requests/python-requests.spec
+++ b/SPECS/python-requests/python-requests.spec
@@ -1,13 +1,14 @@
 Summary:        Awesome Python HTTP Library That's Actually Usable
 Name:           python-requests
 Version:        2.31.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          Development/Languages/Python
 URL:            http://python-requests.org
 Source0:        https://github.com/requests/requests/archive/v%{version}/requests-v%{version}.tar.gz#/requests-%{version}.tar.gz
+Patch0:         CVE-2024-35195.patch
 BuildArch:      noarch
 
 %description
@@ -71,6 +72,9 @@ LANG=en_US.UTF-8 tox -e py%{python3_version_nodots}
 %{python3_sitelib}/*
 
 %changelog
+* Fri Dec 27 2024 Archana Choudhary  - 2.31.0-2
+- Add patch for CVE-2024-35195
+
 * Fri Oct 27 2023 CBL-Mariner Servicing Account  - 2.31.0-1
 - Auto-upgrade to 2.31.0 - Azure Linux 3.0 - package upgrades
 
diff --git a/SPECS/python-sphinxcontrib-htmlhelp/python-sphinxcontrib-htmlhelp.spec b/SPECS/python-sphinxcontrib-htmlhelp/python-sphinxcontrib-htmlhelp.spec
index fbbc73a2e7..e58944f875 100644
--- a/SPECS/python-sphinxcontrib-htmlhelp/python-sphinxcontrib-htmlhelp.spec
+++ b/SPECS/python-sphinxcontrib-htmlhelp/python-sphinxcontrib-htmlhelp.spec
@@ -6,7 +6,7 @@
 Summary:        Sphinx extension for HTML help files
 Name:           python-%{pypi_name}
 Version:        2.0.5
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -74,7 +74,7 @@ popd
 %find_lang sphinxcontrib.htmlhelp
 
 %check
-pip3 install sphinx webencodings exceptiongroup iniconfig tomli
+pip3 install sphinx==7.2.6 webencodings exceptiongroup iniconfig tomli
 %py3_check_import sphinxcontrib.htmlhelp
 %{__python3} -m pytest
 
@@ -85,6 +85,9 @@ pip3 install sphinx webencodings exceptiongroup iniconfig tomli
 %{python3_sitelib}/%{pypi_name_underscore}*.dist-info
 
 %changelog
+* Tue Apr 22 2025 Riken Maharjan  - 2.0.5-2
+- Fix ptest using compatible sphinx version.
+
 * Fri Feb 16 2024 Amrita Kohli  - 2.0.5-1
 - Upgrade to latest version.
 
diff --git a/SPECS/python-sphinxcontrib-jsmath/python-sphinxcontrib-jsmath.spec b/SPECS/python-sphinxcontrib-jsmath/python-sphinxcontrib-jsmath.spec
index 6ad24ae7de..d256466e92 100644
--- a/SPECS/python-sphinxcontrib-jsmath/python-sphinxcontrib-jsmath.spec
+++ b/SPECS/python-sphinxcontrib-jsmath/python-sphinxcontrib-jsmath.spec
@@ -6,7 +6,7 @@
 Summary:        Sphinx extension for math in HTML via JavaScript
 Name:           python-%{pypi_name}
 Version:        1.0.1
-Release:        17%{?dist}
+Release:        18%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -52,7 +52,7 @@ via JavaScript.
 %py3_install
 
 %check
-pip3 install more-itertools sphinx exceptiongroup iniconfig tomli
+pip3 install more-itertools sphinx==7.2.6 exceptiongroup iniconfig tomli
 python3 -m pytest
 
 %files -n python%{python3_pkgversion}-%{pypi_name}
@@ -63,6 +63,9 @@ python3 -m pytest
 %{python3_sitelib}/%{pypi_name_underscore}-%{version}-py%{python3_version}.egg-info/
 
 %changelog
+* Tue Apr 22 2025 Riken Maharjan  -  1.0.1-18
+- Fix ptest by using compatible sphinx version.
+
 * Fri Feb 23 2024 Amrita Kohli  - 1.0.1-17
 - Installing packages needed for tests to run. 
 
diff --git a/SPECS/python-sphinxcontrib-qthelp/python-sphinxcontrib-qthelp.spec b/SPECS/python-sphinxcontrib-qthelp/python-sphinxcontrib-qthelp.spec
index d8d9a63314..cc9dd1cb57 100644
--- a/SPECS/python-sphinxcontrib-qthelp/python-sphinxcontrib-qthelp.spec
+++ b/SPECS/python-sphinxcontrib-qthelp/python-sphinxcontrib-qthelp.spec
@@ -6,7 +6,7 @@
 Summary:        Sphinx extension for QtHelp documents
 Name:           python-%{pypi_name}
 Version:        1.0.7
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -73,7 +73,7 @@ popd
 %find_lang sphinxcontrib.qthelp
 
 %check
-pip3 install sphinx exceptiongroup iniconfig tomli
+pip3 install sphinx==7.2.6 exceptiongroup iniconfig tomli
 %pytest
 
 %files -n python%{python3_pkgversion}-%{pypi_name} -f sphinxcontrib.qthelp.lang
@@ -83,6 +83,9 @@ pip3 install sphinx exceptiongroup iniconfig tomli
 %{python3_sitelib}/%{pypi_name_underscore}-%{version}.dist-info/
 
 %changelog
+* Tue Apr 22 2025 Riken Maharjan  -  1.0.7-2
+- Fix ptest by using compatible sphinx version.
+
 * Wed Feb 21 2024 Amrita Kohli  - 1.0.7-1
 - Upgrade to latest version.
 
diff --git a/SPECS/python-sphinxcontrib-websupport/python-sphinxcontrib-websupport.spec b/SPECS/python-sphinxcontrib-websupport/python-sphinxcontrib-websupport.spec
index 85a03a4b8c..92a1e5a652 100644
--- a/SPECS/python-sphinxcontrib-websupport/python-sphinxcontrib-websupport.spec
+++ b/SPECS/python-sphinxcontrib-websupport/python-sphinxcontrib-websupport.spec
@@ -6,7 +6,7 @@
 Summary:        Python API to integrate Sphinx into a web application
 Name:           python-%{pypi_name}
 Version:        1.2.7
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -25,6 +25,7 @@ BuildRequires:  python-flit-core
 BuildRequires:  python3-pip
 BuildRequires:  python3-packaging
 BuildRequires:  python3-sphinx
+BuildRequires:  python3-pytest
 %endif
 
 Requires:       python3
@@ -48,13 +49,15 @@ The python-sphinxcontrib-websupport package provides a Python API to easily inte
 %pyproject_save_files %{pypi_name_prefix}
 
 %check
-pip3 install tox tox-current-env pytest
-%tox
+%pytest
 %files -n python3-%{pypi_name} -f %{pyproject_files}
 %license LICENSE
 %doc README.rst
 
 %changelog
+* Tue Apr 22 2025 Riken Maharjan  -  1.2.7-3
+- Fix ptest by using pytest isntead of tox.
+
 * Mon Mar 06 2024 Karim Eldegwy  - 1.2.7-2
 - Fix bug in macro usage
 
diff --git a/SPECS/python-typing-extensions/python-typing-extensions.spec b/SPECS/python-typing-extensions/python-typing-extensions.spec
index 9a0ab4b34f..bd63061ef3 100644
--- a/SPECS/python-typing-extensions/python-typing-extensions.spec
+++ b/SPECS/python-typing-extensions/python-typing-extensions.spec
@@ -23,12 +23,14 @@ reaches end of life.}
 Summary:        Python Typing Extensions
 Name:           python-typing-extensions
 Version:        4.9.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        PSF-2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://pypi.org/project/typing-extensions/
 Source0:        %{pypi_source typing_extensions}#/typing-extensions-%{version}.tar.gz
+# fix test_generic_protocols_special_from_protocol with latest Python            
+Patch0:         test_generic_protocols_special_from_protocol.patch
 BuildRequires:  python3-devel
 BuildRequires:  python3-test
 BuildRequires:  python3-packaging
@@ -47,7 +49,7 @@ Summary:        %{summary}
 %description -n python3-typing-extensions %{_description}
 
 %prep
-%autosetup -n typing_extensions-%{version}
+%autosetup -n typing_extensions-%{version} -p1
 
 %generate_buildrequires
 %pyproject_buildrequires
@@ -69,6 +71,9 @@ pip3 install pytest==7.1.3
 %doc README.md
 
 %changelog
+* Tue Apr 08 2025 RIken Maharjan  - 4.9.0-2
+- Fix ptest by import patches from fedora (LICENSE:MIT). 
+
 * Tue Feb 13 2024 Rohit Rawat  - 4.9.0-1
 - Upgrade to 4.9.0
 
diff --git a/SPECS/python-typing-extensions/test_generic_protocols_special_from_protocol.patch b/SPECS/python-typing-extensions/test_generic_protocols_special_from_protocol.patch
new file mode 100644
index 0000000000..ecddd91198
--- /dev/null
+++ b/SPECS/python-typing-extensions/test_generic_protocols_special_from_protocol.patch
@@ -0,0 +1,701 @@
+From 07a30791562f626c63d3f85a5c87dd411e3108cc Mon Sep 17 00:00:00 2001
+From: AlexWaygood 
+Date: Sat, 20 Jan 2024 13:19:37 +0000
+Subject: [PATCH 1/6] Backport recent improvements to the implementation of
+ `Protocol`
+
+---
+ CHANGELOG.md                  | 11 +++++
+ src/test_typing_extensions.py | 73 +++++++++++++++++++++-------
+ src/typing_extensions.py      | 91 +++++++++++++++++++++++++++--------
+ 3 files changed, 136 insertions(+), 39 deletions(-)
+
+diff --git a/CHANGELOG.md b/CHANGELOG.md
+index fedc2a3f..c3957a29 100644
+--- a/CHANGELOG.md
++++ b/CHANGELOG.md
+@@ -1,3 +1,14 @@
++# Unreleased
++
++- Speedup `issubclass()` checks against simple runtime-checkable protocols by
++  around 6% (backporting https://github.com/python/cpython/pull/112717, by Alex
++  Waygood).
++- Fix a regression in the implementation of protocols where `typing.Protocol`
++  classes that were not marked as `@runtime-checkable` would be unnecessarily
++  introspected, potentially causing exceptions to be raised if the protocol had
++  problematic members. Patch by Alex Waygood, backporting
++  https://github.com/python/cpython/pull/113401.
++
+ # Release 4.9.0 (December 9, 2023)
+ 
+ This feature release adds `typing_extensions.ReadOnly`, as specified
+diff --git a/src/test_typing_extensions.py b/src/test_typing_extensions.py
+index 77876b7f..11208d95 100644
+--- a/src/test_typing_extensions.py
++++ b/src/test_typing_extensions.py
+@@ -1872,18 +1872,6 @@ class E(C, BP): pass
+         self.assertNotIsInstance(D(), E)
+         self.assertNotIsInstance(E(), D)
+ 
+-    def test_runtimecheckable_on_typing_dot_Protocol(self):
+-        @runtime_checkable
+-        class Foo(typing.Protocol):
+-            x: int
+-
+-        class Bar:
+-            def __init__(self):
+-                self.x = 42
+-
+-        self.assertIsInstance(Bar(), Foo)
+-        self.assertNotIsInstance(object(), Foo)
+-
+     def test_typing_dot_runtimecheckable_on_Protocol(self):
+         @typing.runtime_checkable
+         class Foo(Protocol):
+@@ -2817,8 +2805,8 @@ def meth(self): pass  # noqa: B027
+ 
+         self.assertNotIn("__protocol_attrs__", vars(NonP))
+         self.assertNotIn("__protocol_attrs__", vars(NonPR))
+-        self.assertNotIn("__callable_proto_members_only__", vars(NonP))
+-        self.assertNotIn("__callable_proto_members_only__", vars(NonPR))
++        self.assertNotIn("__non_callable_proto_members__", vars(NonP))
++        self.assertNotIn("__non_callable_proto_members__", vars(NonPR))
+ 
+         acceptable_extra_attrs = {
+             '_is_protocol', '_is_runtime_protocol', '__parameters__',
+@@ -2891,11 +2879,26 @@ def __subclasshook__(cls, other):
+     @skip_if_py312b1
+     def test_issubclass_fails_correctly(self):
+         @runtime_checkable
+-        class P(Protocol):
++        class NonCallableMembers(Protocol):
+             x = 1
++
++        class NotRuntimeCheckable(Protocol):
++            def callable_member(self) -> int: ...
++
++        @runtime_checkable
++        class RuntimeCheckable(Protocol):
++            def callable_member(self) -> int: ...
++
+         class C: pass
+-        with self.assertRaisesRegex(TypeError, r"issubclass\(\) arg 1 must be a class"):
+-            issubclass(C(), P)
++
++        # These three all exercise different code paths,
++        # but should result in the same error message:
++        for protocol in NonCallableMembers, NotRuntimeCheckable, RuntimeCheckable:
++            with self.subTest(proto_name=protocol.__name__):
++                with self.assertRaisesRegex(
++                    TypeError, r"issubclass\(\) arg 1 must be a class"
++                ):
++                    issubclass(C(), protocol)
+ 
+     def test_defining_generic_protocols(self):
+         T = TypeVar('T')
+@@ -3456,6 +3459,7 @@ def method(self) -> None: ...
+ 
+     @skip_if_early_py313_alpha
+     def test_protocol_issubclass_error_message(self):
++        @runtime_checkable
+         class Vec2D(Protocol):
+             x: float
+             y: float
+@@ -3471,6 +3475,39 @@ def square_norm(self) -> float:
+         with self.assertRaisesRegex(TypeError, re.escape(expected_error_message)):
+             issubclass(int, Vec2D)
+ 
++    def test_nonruntime_protocol_interaction_with_evil_classproperty(self):
++        class classproperty:
++            def __get__(self, instance, type):
++                raise RuntimeError("NO")
++
++        class Commentable(Protocol):
++            evil = classproperty()
++
++        # recognised as a protocol attr,
++        # but not actually accessed by the protocol metaclass
++        # (which would raise RuntimeError) for non-runtime protocols.
++        # See gh-113320
++        self.assertEqual(get_protocol_members(Commentable), {"evil"})
++
++    def test_runtime_protocol_interaction_with_evil_classproperty(self):
++        class CustomError(Exception): pass
++
++        class classproperty:
++            def __get__(self, instance, type):
++                raise CustomError
++
++        with self.assertRaises(TypeError) as cm:
++            @runtime_checkable
++            class Commentable(Protocol):
++                evil = classproperty()
++
++        exc = cm.exception
++        self.assertEqual(
++            exc.args[0],
++            "Failed to determine whether protocol member 'evil' is a method member"
++        )
++        self.assertIs(type(exc.__cause__), CustomError)
++
+ 
+ class Point2DGeneric(Generic[T], TypedDict):
+     a: T
+@@ -5263,7 +5300,7 @@ def test_typing_extensions_defers_when_possible(self):
+                 'SupportsRound', 'Unpack',
+             }
+         if sys.version_info < (3, 13):
+-            exclude |= {'NamedTuple', 'Protocol'}
++            exclude |= {'NamedTuple', 'Protocol', 'runtime_checkable'}
+         if not hasattr(typing, 'ReadOnly'):
+             exclude |= {'TypedDict', 'is_typeddict'}
+         for item in typing_extensions.__all__:
+diff --git a/src/typing_extensions.py b/src/typing_extensions.py
+index 1666e96b..7de29cd5 100644
+--- a/src/typing_extensions.py
++++ b/src/typing_extensions.py
+@@ -473,7 +473,7 @@ def clear_overloads():
+     "_is_runtime_protocol", "__dict__", "__slots__", "__parameters__",
+     "__orig_bases__", "__module__", "_MutableMapping__marker", "__doc__",
+     "__subclasshook__", "__orig_class__", "__init__", "__new__",
+-    "__protocol_attrs__", "__callable_proto_members_only__",
++    "__protocol_attrs__", "__non_callable_proto_members__",
+     "__match_args__",
+ }
+ 
+@@ -521,6 +521,22 @@ def _no_init(self, *args, **kwargs):
+         if type(self)._is_protocol:
+             raise TypeError('Protocols cannot be instantiated')
+ 
++    def _type_check_issubclass_arg_1(arg):
++        """Raise TypeError if `arg` is not an instance of `type`
++        in `issubclass(arg, )`.
++
++        In most cases, this is verified by type.__subclasscheck__.
++        Checking it again unnecessarily would slow down issubclass() checks,
++        so, we don't perform this check unless we absolutely have to.
++
++        For various error paths, however,
++        we want to ensure that *this* error message is shown to the user
++        where relevant, rather than a typing.py-specific error message.
++        """
++        if not isinstance(arg, type):
++            # Same error message as for issubclass(1, int).
++            raise TypeError('issubclass() arg 1 must be a class')
++
+     # Inheriting from typing._ProtocolMeta isn't actually desirable,
+     # but is necessary to allow typing.Protocol and typing_extensions.Protocol
+     # to mix without getting TypeErrors about "metaclass conflict"
+@@ -551,11 +567,6 @@ def __init__(cls, *args, **kwargs):
+             abc.ABCMeta.__init__(cls, *args, **kwargs)
+             if getattr(cls, "_is_protocol", False):
+                 cls.__protocol_attrs__ = _get_protocol_attrs(cls)
+-                # PEP 544 prohibits using issubclass()
+-                # with protocols that have non-method members.
+-                cls.__callable_proto_members_only__ = all(
+-                    callable(getattr(cls, attr, None)) for attr in cls.__protocol_attrs__
+-                )
+ 
+         def __subclasscheck__(cls, other):
+             if cls is Protocol:
+@@ -564,26 +575,23 @@ def __subclasscheck__(cls, other):
+                 getattr(cls, '_is_protocol', False)
+                 and not _allow_reckless_class_checks()
+             ):
+-                if not isinstance(other, type):
+-                    # Same error message as for issubclass(1, int).
+-                    raise TypeError('issubclass() arg 1 must be a class')
++                if not getattr(cls, '_is_runtime_protocol', False):
++                    _type_check_issubclass_arg_1(other)
++                    raise TypeError(
++                        "Instance and class checks can only be used with "
++                        "@runtime_checkable protocols"
++                    )
+                 if (
+-                    not cls.__callable_proto_members_only__
++                    # this attribute is set by @runtime_checkable:
++                    cls.__non_callable_proto_members__
+                     and cls.__dict__.get("__subclasshook__") is _proto_hook
+                 ):
+-                    non_method_attrs = sorted(
+-                        attr for attr in cls.__protocol_attrs__
+-                        if not callable(getattr(cls, attr, None))
+-                    )
++                    _type_check_issubclass_arg_1(other)
++                    non_method_attrs = sorted(cls.__non_callable_proto_members__)
+                     raise TypeError(
+                         "Protocols with non-method members don't support issubclass()."
+                         f" Non-method members: {str(non_method_attrs)[1:-1]}."
+                     )
+-                if not getattr(cls, '_is_runtime_protocol', False):
+-                    raise TypeError(
+-                        "Instance and class checks can only be used with "
+-                        "@runtime_checkable protocols"
+-                    )
+             return abc.ABCMeta.__subclasscheck__(cls, other)
+ 
+         def __instancecheck__(cls, instance):
+@@ -610,7 +618,8 @@ def __instancecheck__(cls, instance):
+                     val = inspect.getattr_static(instance, attr)
+                 except AttributeError:
+                     break
+-                if val is None and callable(getattr(cls, attr, None)):
++                # this attribute is set by @runtime_checkable:
++                if val is None and attr not in cls.__non_callable_proto_members__:
+                     break
+             else:
+                 return True
+@@ -678,8 +687,48 @@ def __init_subclass__(cls, *args, **kwargs):
+                 cls.__init__ = _no_init
+ 
+ 
++if sys.version_info >= (3, 13):
++    runtime_checkable = typing.runtime_checkable
++else:
++    def runtime_checkable(cls):
++        """Mark a protocol class as a runtime protocol.
++        Such protocol can be used with isinstance() and issubclass().
++        Raise TypeError if applied to a non-protocol class.
++        This allows a simple-minded structural check very similar to
++        one trick ponies in collections.abc such as Iterable.
++        For example::
++            @runtime_checkable
++            class Closable(Protocol):
++                def close(self): ...
++            assert isinstance(open('/some/file'), Closable)
++        Warning: this will check only the presence of the required methods,
++        not their type signatures!
++        """
++        if not issubclass(cls, typing.Generic) or not getattr(cls, '_is_protocol', False):
++            raise TypeError('@runtime_checkable can be only applied to protocol classes,'
++                            ' got %r' % cls)
++        cls._is_runtime_protocol = True
++        # PEP 544 prohibits using issubclass()
++        # with protocols that have non-method members.
++        # See gh-113320 for why we compute this attribute here,
++        # rather than in `_ProtocolMeta.__init__`
++        cls.__non_callable_proto_members__ = set()
++        for attr in cls.__protocol_attrs__:
++            try:
++                is_callable = callable(getattr(cls, attr, None))
++            except Exception as e:
++                raise TypeError(
++                    f"Failed to determine whether protocol member {attr!r} "
++                    "is a method member"
++                ) from e
++            else:
++                if not is_callable:
++                    cls.__non_callable_proto_members__.add(attr)
++        return cls
++
++
+ # The "runtime" alias exists for backwards compatibility.
+-runtime = runtime_checkable = typing.runtime_checkable
++runtime = runtime_checkable
+ 
+ 
+ # Our version of runtime-checkable protocols is faster on Python 3.8-3.11
+
+From c9fdbc103c1a707669932ee42ce52e375582c6db Mon Sep 17 00:00:00 2001
+From: AlexWaygood 
+Date: Sat, 20 Jan 2024 15:06:34 +0000
+Subject: [PATCH 2/6] Restore being able to use
+ `typing_extensions.runtime_checkable` on `typing.Protocol`
+
+---
+ src/test_typing_extensions.py |  12 ++++
+ src/typing_extensions.py      | 125 +++++++++++++++++-----------------
+ 2 files changed, 75 insertions(+), 62 deletions(-)
+
+diff --git a/src/test_typing_extensions.py b/src/test_typing_extensions.py
+index 11208d95..58dc1851 100644
+--- a/src/test_typing_extensions.py
++++ b/src/test_typing_extensions.py
+@@ -1872,6 +1872,18 @@ class E(C, BP): pass
+         self.assertNotIsInstance(D(), E)
+         self.assertNotIsInstance(E(), D)
+ 
++    def test_runtimecheckable_on_typing_dot_Protocol(self):
++        @runtime_checkable
++        class Foo(typing.Protocol):
++            x: int
++
++        class Bar:
++            def __init__(self):
++                self.x = 42
++
++        self.assertIsInstance(Bar(), Foo)
++        self.assertNotIsInstance(object(), Foo)
++
+     def test_typing_dot_runtimecheckable_on_Protocol(self):
+         @typing.runtime_checkable
+         class Foo(Protocol):
+diff --git a/src/typing_extensions.py b/src/typing_extensions.py
+index 7de29cd5..10c5795d 100644
+--- a/src/typing_extensions.py
++++ b/src/typing_extensions.py
+@@ -687,6 +687,52 @@ def __init_subclass__(cls, *args, **kwargs):
+                 cls.__init__ = _no_init
+ 
+ 
++if hasattr(typing, "is_protocol"):
++    is_protocol = typing.is_protocol
++    get_protocol_members = typing.get_protocol_members
++else:
++    def is_protocol(tp: type, /) -> bool:
++        """Return True if the given type is a Protocol.
++
++        Example::
++
++            >>> from typing_extensions import Protocol, is_protocol
++            >>> class P(Protocol):
++            ...     def a(self) -> str: ...
++            ...     b: int
++            >>> is_protocol(P)
++            True
++            >>> is_protocol(int)
++            False
++        """
++        return (
++            isinstance(tp, type)
++            and getattr(tp, '_is_protocol', False)
++            and tp is not Protocol
++            and tp is not typing.Protocol
++        )
++
++    def get_protocol_members(tp: type, /) -> typing.FrozenSet[str]:
++        """Return the set of members defined in a Protocol.
++
++        Example::
++
++            >>> from typing_extensions import Protocol, get_protocol_members
++            >>> class P(Protocol):
++            ...     def a(self) -> str: ...
++            ...     b: int
++            >>> get_protocol_members(P)
++            frozenset({'a', 'b'})
++
++        Raise a TypeError for arguments that are not Protocols.
++        """
++        if not is_protocol(tp):
++            raise TypeError(f'{tp!r} is not a Protocol')
++        if hasattr(tp, '__protocol_attrs__'):
++            return frozenset(tp.__protocol_attrs__)
++        return frozenset(_get_protocol_attrs(tp))
++
++
+ if sys.version_info >= (3, 13):
+     runtime_checkable = typing.runtime_checkable
+ else:
+@@ -708,22 +754,23 @@ def close(self): ...
+             raise TypeError('@runtime_checkable can be only applied to protocol classes,'
+                             ' got %r' % cls)
+         cls._is_runtime_protocol = True
+-        # PEP 544 prohibits using issubclass()
+-        # with protocols that have non-method members.
+-        # See gh-113320 for why we compute this attribute here,
+-        # rather than in `_ProtocolMeta.__init__`
+-        cls.__non_callable_proto_members__ = set()
+-        for attr in cls.__protocol_attrs__:
+-            try:
+-                is_callable = callable(getattr(cls, attr, None))
+-            except Exception as e:
+-                raise TypeError(
+-                    f"Failed to determine whether protocol member {attr!r} "
+-                    "is a method member"
+-                ) from e
+-            else:
+-                if not is_callable:
+-                    cls.__non_callable_proto_members__.add(attr)
++        if isinstance(cls, _ProtocolMeta):
++            # PEP 544 prohibits using issubclass()
++            # with protocols that have non-method members.
++            # See gh-113320 for why we compute this attribute here,
++            # rather than in `_ProtocolMeta.__init__`
++            cls.__non_callable_proto_members__ = set()
++            for attr in get_protocol_members(cls):
++                try:
++                    is_callable = callable(getattr(cls, attr, None))
++                except Exception as e:
++                    raise TypeError(
++                        f"Failed to determine whether protocol member {attr!r} "
++                        "is a method member"
++                    ) from e
++                else:
++                    if not is_callable:
++                        cls.__non_callable_proto_members__.add(attr)
+         return cls
+ 
+ 
+@@ -2978,52 +3025,6 @@ def __ror__(self, left):
+                 return typing.Union[left, self]
+ 
+ 
+-if hasattr(typing, "is_protocol"):
+-    is_protocol = typing.is_protocol
+-    get_protocol_members = typing.get_protocol_members
+-else:
+-    def is_protocol(tp: type, /) -> bool:
+-        """Return True if the given type is a Protocol.
+-
+-        Example::
+-
+-            >>> from typing_extensions import Protocol, is_protocol
+-            >>> class P(Protocol):
+-            ...     def a(self) -> str: ...
+-            ...     b: int
+-            >>> is_protocol(P)
+-            True
+-            >>> is_protocol(int)
+-            False
+-        """
+-        return (
+-            isinstance(tp, type)
+-            and getattr(tp, '_is_protocol', False)
+-            and tp is not Protocol
+-            and tp is not typing.Protocol
+-        )
+-
+-    def get_protocol_members(tp: type, /) -> typing.FrozenSet[str]:
+-        """Return the set of members defined in a Protocol.
+-
+-        Example::
+-
+-            >>> from typing_extensions import Protocol, get_protocol_members
+-            >>> class P(Protocol):
+-            ...     def a(self) -> str: ...
+-            ...     b: int
+-            >>> get_protocol_members(P)
+-            frozenset({'a', 'b'})
+-
+-        Raise a TypeError for arguments that are not Protocols.
+-        """
+-        if not is_protocol(tp):
+-            raise TypeError(f'{tp!r} is not a Protocol')
+-        if hasattr(tp, '__protocol_attrs__'):
+-            return frozenset(tp.__protocol_attrs__)
+-        return frozenset(_get_protocol_attrs(tp))
+-
+-
+ if hasattr(typing, "Doc"):
+     Doc = typing.Doc
+ else:
+
+From 8dd0b5b51ebfa428d21f2a1d4639ecec9b3a15e0 Mon Sep 17 00:00:00 2001
+From: AlexWaygood 
+Date: Sat, 20 Jan 2024 15:08:31 +0000
+Subject: [PATCH 3/6] reduce diff
+
+---
+ src/typing_extensions.py | 94 ++++++++++++++++++++--------------------
+ 1 file changed, 47 insertions(+), 47 deletions(-)
+
+diff --git a/src/typing_extensions.py b/src/typing_extensions.py
+index 10c5795d..1f03f15e 100644
+--- a/src/typing_extensions.py
++++ b/src/typing_extensions.py
+@@ -687,52 +687,6 @@ def __init_subclass__(cls, *args, **kwargs):
+                 cls.__init__ = _no_init
+ 
+ 
+-if hasattr(typing, "is_protocol"):
+-    is_protocol = typing.is_protocol
+-    get_protocol_members = typing.get_protocol_members
+-else:
+-    def is_protocol(tp: type, /) -> bool:
+-        """Return True if the given type is a Protocol.
+-
+-        Example::
+-
+-            >>> from typing_extensions import Protocol, is_protocol
+-            >>> class P(Protocol):
+-            ...     def a(self) -> str: ...
+-            ...     b: int
+-            >>> is_protocol(P)
+-            True
+-            >>> is_protocol(int)
+-            False
+-        """
+-        return (
+-            isinstance(tp, type)
+-            and getattr(tp, '_is_protocol', False)
+-            and tp is not Protocol
+-            and tp is not typing.Protocol
+-        )
+-
+-    def get_protocol_members(tp: type, /) -> typing.FrozenSet[str]:
+-        """Return the set of members defined in a Protocol.
+-
+-        Example::
+-
+-            >>> from typing_extensions import Protocol, get_protocol_members
+-            >>> class P(Protocol):
+-            ...     def a(self) -> str: ...
+-            ...     b: int
+-            >>> get_protocol_members(P)
+-            frozenset({'a', 'b'})
+-
+-        Raise a TypeError for arguments that are not Protocols.
+-        """
+-        if not is_protocol(tp):
+-            raise TypeError(f'{tp!r} is not a Protocol')
+-        if hasattr(tp, '__protocol_attrs__'):
+-            return frozenset(tp.__protocol_attrs__)
+-        return frozenset(_get_protocol_attrs(tp))
+-
+-
+ if sys.version_info >= (3, 13):
+     runtime_checkable = typing.runtime_checkable
+ else:
+@@ -760,7 +714,7 @@ def close(self): ...
+             # See gh-113320 for why we compute this attribute here,
+             # rather than in `_ProtocolMeta.__init__`
+             cls.__non_callable_proto_members__ = set()
+-            for attr in get_protocol_members(cls):
++            for attr in cls.__protocol_attrs__:
+                 try:
+                     is_callable = callable(getattr(cls, attr, None))
+                 except Exception as e:
+@@ -3025,6 +2979,52 @@ def __ror__(self, left):
+                 return typing.Union[left, self]
+ 
+ 
++if hasattr(typing, "is_protocol"):
++    is_protocol = typing.is_protocol
++    get_protocol_members = typing.get_protocol_members
++else:
++    def is_protocol(tp: type, /) -> bool:
++        """Return True if the given type is a Protocol.
++
++        Example::
++
++            >>> from typing_extensions import Protocol, is_protocol
++            >>> class P(Protocol):
++            ...     def a(self) -> str: ...
++            ...     b: int
++            >>> is_protocol(P)
++            True
++            >>> is_protocol(int)
++            False
++        """
++        return (
++            isinstance(tp, type)
++            and getattr(tp, '_is_protocol', False)
++            and tp is not Protocol
++            and tp is not typing.Protocol
++        )
++
++    def get_protocol_members(tp: type, /) -> typing.FrozenSet[str]:
++        """Return the set of members defined in a Protocol.
++
++        Example::
++
++            >>> from typing_extensions import Protocol, get_protocol_members
++            >>> class P(Protocol):
++            ...     def a(self) -> str: ...
++            ...     b: int
++            >>> get_protocol_members(P)
++            frozenset({'a', 'b'})
++
++        Raise a TypeError for arguments that are not Protocols.
++        """
++        if not is_protocol(tp):
++            raise TypeError(f'{tp!r} is not a Protocol')
++        if hasattr(tp, '__protocol_attrs__'):
++            return frozenset(tp.__protocol_attrs__)
++        return frozenset(_get_protocol_attrs(tp))
++
++
+ if hasattr(typing, "Doc"):
+     Doc = typing.Doc
+ else:
+
+From 0d92d3bda68a1e016b1f30641e6250260d253138 Mon Sep 17 00:00:00 2001
+From: AlexWaygood 
+Date: Sat, 20 Jan 2024 15:10:01 +0000
+Subject: [PATCH 4/6] add comment
+
+---
+ src/typing_extensions.py | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/typing_extensions.py b/src/typing_extensions.py
+index 1f03f15e..1e7e9e33 100644
+--- a/src/typing_extensions.py
++++ b/src/typing_extensions.py
+@@ -708,6 +708,9 @@ def close(self): ...
+             raise TypeError('@runtime_checkable can be only applied to protocol classes,'
+                             ' got %r' % cls)
+         cls._is_runtime_protocol = True
++
++        # Only execute the following block if it's a typing_extensions.Protocol class.
++        # typing.Protocol classes don't need it.
+         if isinstance(cls, _ProtocolMeta):
+             # PEP 544 prohibits using issubclass()
+             # with protocols that have non-method members.
+@@ -725,6 +728,7 @@ def close(self): ...
+                 else:
+                     if not is_callable:
+                         cls.__non_callable_proto_members__.add(attr)
++
+         return cls
+ 
+ 
+
+From ecd711bfe88f4839797311cdee1956daaa58d6c1 Mon Sep 17 00:00:00 2001
+From: AlexWaygood 
+Date: Sat, 20 Jan 2024 15:11:57 +0000
+Subject: [PATCH 5/6] fix docstring
+
+---
+ src/typing_extensions.py | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/typing_extensions.py b/src/typing_extensions.py
+index 1e7e9e33..4007594c 100644
+--- a/src/typing_extensions.py
++++ b/src/typing_extensions.py
+@@ -692,15 +692,20 @@ def __init_subclass__(cls, *args, **kwargs):
+ else:
+     def runtime_checkable(cls):
+         """Mark a protocol class as a runtime protocol.
++
+         Such protocol can be used with isinstance() and issubclass().
+         Raise TypeError if applied to a non-protocol class.
+         This allows a simple-minded structural check very similar to
+         one trick ponies in collections.abc such as Iterable.
++
+         For example::
++
+             @runtime_checkable
+             class Closable(Protocol):
+                 def close(self): ...
++
+             assert isinstance(open('/some/file'), Closable)
++
+         Warning: this will check only the presence of the required methods,
+         not their type signatures!
+         """
+
+From c858502ddf1bf3474511c29b871400539f1c0acc Mon Sep 17 00:00:00 2001
+From: Jelle Zijlstra 
+Date: Sat, 20 Jan 2024 09:55:03 -0800
+Subject: [PATCH 6/6] Update CHANGELOG.md
+
+---
+ CHANGELOG.md | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/CHANGELOG.md b/CHANGELOG.md
+index c3957a29..be1c16d6 100644
+--- a/CHANGELOG.md
++++ b/CHANGELOG.md
+@@ -4,7 +4,7 @@
+   around 6% (backporting https://github.com/python/cpython/pull/112717, by Alex
+   Waygood).
+ - Fix a regression in the implementation of protocols where `typing.Protocol`
+-  classes that were not marked as `@runtime-checkable` would be unnecessarily
++  classes that were not marked as `@runtime_checkable` would be unnecessarily
+   introspected, potentially causing exceptions to be raised if the protocol had
+   problematic members. Patch by Alex Waygood, backporting
+   https://github.com/python/cpython/pull/113401.
diff --git a/SPECS/pytorch/CVE-2025-2953.patch b/SPECS/pytorch/CVE-2025-2953.patch
new file mode 100644
index 0000000000..e88c3d37bb
--- /dev/null
+++ b/SPECS/pytorch/CVE-2025-2953.patch
@@ -0,0 +1,44 @@
+From 9f61c215128adce56200d0bf30992e791725e4ad Mon Sep 17 00:00:00 2001
+From: archana25-ms 
+Date: Tue, 6 May 2025 20:12:29 +0000
+Subject: [PATCH] Patch pytorch for CVE-2025-2953
+Upstream Patch Reference: https://github.com/pytorch/pytorch/commit/6f327128a99debfb2312ee256523ad6b62f763d6
+
+---
+ aten/src/ATen/native/mkldnn/Utils.cpp | 1 +
+ test/test_mkldnn.py                   | 7 +++++++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/aten/src/ATen/native/mkldnn/Utils.cpp b/aten/src/ATen/native/mkldnn/Utils.cpp
+index 400eb916..e240a2d2 100644
+--- a/aten/src/ATen/native/mkldnn/Utils.cpp
++++ b/aten/src/ATen/native/mkldnn/Utils.cpp
+@@ -19,6 +19,7 @@ std::vector pool_output_sizes(
+   output_size[1] = input_size[1];
+ 
+   for (const auto i : c10::irange(2, input_size.size())) {
++    TORCH_CHECK_VALUE(stride[i -2] > 0, "Strides must be positive!");
+     output_size[i] = pooling_output_shape_pad_lr(
+       input_size[i],
+       kernel_size[i - 2],
+diff --git a/test/test_mkldnn.py b/test/test_mkldnn.py
+index 7c39d36e..cf599c70 100644
+--- a/test/test_mkldnn.py
++++ b/test/test_mkldnn.py
+@@ -1588,6 +1588,13 @@ class TestMkldnn(TestCase):
+                 common(self, shape1, shape2, op, dtype)
+ 
+ 
++    def test_mkldnn_error_on_zero_stride(self, device):
++        # Regression test for https://github.com/pytorch/pytorch/issues/149274
++        x = torch.rand(1, 2, 3, 3).to_mkldnn()
++        with self.assertRaises(ValueError):
++            torch.mkldnn_max_pool2d(x, kernel_size=3, stride=0)
++
++
+ instantiate_device_type_tests(TestMkldnn, globals(), only_for=('cpu',))
+ 
+ if __name__ == '__main__':
+-- 
+2.45.3
+
diff --git a/SPECS/pytorch/CVE-2025-32434.patch b/SPECS/pytorch/CVE-2025-32434.patch
new file mode 100644
index 0000000000..a7968c91d3
--- /dev/null
+++ b/SPECS/pytorch/CVE-2025-32434.patch
@@ -0,0 +1,75 @@
+From d62cafe6ad9af635318d51d61f870ee038275cfe Mon Sep 17 00:00:00 2001
+From: Kanishk-Bansal 
+Date: Wed, 23 Apr 2025 06:09:50 +0000
+Subject: [PATCH] Address CVE-2025-32434
+
+Upstream Patch Reference : https://github.com/pytorch/pytorch/commit/8d4b8a920a2172523deb95bf20e8e52d50649c04
+
+Signed-off-by: Kanishk-Bansal 
+---
+ test/test_serialization.py |  6 +++++-
+ torch/serialization.py     | 17 ++++++++++++-----
+ 2 files changed, 17 insertions(+), 6 deletions(-)
+
+diff --git a/test/test_serialization.py b/test/test_serialization.py
+index c7fdbe7..6126fb2 100644
+--- a/test/test_serialization.py
++++ b/test/test_serialization.py
+@@ -426,7 +426,11 @@ class SerializationMixin:
+         b += [a[0].storage()]
+         b += [a[0].reshape(-1)[1:4].clone().storage()]
+         path = download_file('https://download.pytorch.org/test_data/legacy_serialized.pt')
+-        c = torch.load(path, weights_only=weights_only)
++        if weights_only:
++            with self.assertRaisesRegex(RuntimeError,
++                                        "Cannot use ``weights_only=True`` with files saved in the legacy .tar format."):
++                c = torch.load(path, weights_only=weights_only)
++        c = torch.load(path, weights_only=False)
+         self.assertEqual(b, c, atol=0, rtol=0)
+         self.assertTrue(isinstance(c[0], torch.FloatTensor))
+         self.assertTrue(isinstance(c[1], torch.FloatTensor))
+diff --git a/torch/serialization.py b/torch/serialization.py
+index 9d02efd..a67bff1 100644
+--- a/torch/serialization.py
++++ b/torch/serialization.py
+@@ -35,6 +35,13 @@ FILE_LIKE: TypeAlias = Union[str, os.PathLike, BinaryIO, IO[bytes]]
+ MAP_LOCATION: TypeAlias = Optional[Union[Callable[[torch.Tensor, str], torch.Tensor], torch.device, str, Dict[str, str]]]
+ STORAGE: TypeAlias = Union[Storage, torch.storage.TypedStorage, torch.UntypedStorage]
+ 
++UNSAFE_MESSAGE = (
++    "In PyTorch 2.6, we changed the default value of the `weights_only` argument in `torch.load` "
++    "from `False` to `True`. Re-running `torch.load` with `weights_only` set to `False` will likely succeed, "
++    "but it can result in arbitrary code execution. Do it only if you got the file from a "
++    "trusted source."
++)
++
+ __all__ = [
+     'SourceChangeWarning',
+     'mkdtemp',
+@@ -970,11 +977,6 @@ def load(
+         >>> torch.load('module.pt', encoding='ascii', weights_only=False)
+     """
+     torch._C._log_api_usage_once("torch.load")
+-    UNSAFE_MESSAGE = (
+-        "Weights only load failed. Re-running `torch.load` with `weights_only` set to `False`"
+-        " will likely succeed, but it can result in arbitrary code execution."
+-        "Do it only if you get the file from a trusted source. WeightsUnpickler error: "
+-    )
+     # Add ability to force safe only weight loads via environment variable
+     if os.getenv("TORCH_FORCE_WEIGHTS_ONLY_LOAD", "0").lower() in ['1', 'y', 'yes', 'true']:
+         weights_only = True
+@@ -1125,6 +1127,11 @@ def _legacy_load(f, map_location, pickle_module, **pickle_load_args):
+ 
+         with closing(tarfile.open(fileobj=f, mode='r:', format=tarfile.PAX_FORMAT)) as tar, \
+                 mkdtemp() as tmpdir:
++            if pickle_module is _weights_only_unpickler:
++                raise RuntimeError(
++                    "Cannot use ``weights_only=True`` with files saved in the "
++                    "legacy .tar format. " + UNSAFE_MESSAGE
++                )
+ 
+             tar.extract('storages', path=tmpdir)
+             with open(os.path.join(tmpdir, 'storages'), 'rb', 0) as f:
+-- 
+2.45.2
+
diff --git a/SPECS/pytorch/CVE-2025-3730.patch b/SPECS/pytorch/CVE-2025-3730.patch
new file mode 100644
index 0000000000..2614fd1f2c
--- /dev/null
+++ b/SPECS/pytorch/CVE-2025-3730.patch
@@ -0,0 +1,40 @@
+From 76a501810c4444cea0f5959d8650539b450ecbe6 Mon Sep 17 00:00:00 2001
+From: Kanishk-Bansal 
+Date: Wed, 23 Apr 2025 06:12:30 +0000
+Subject: [PATCH] Address CVE-2025-3730
+
+Upstream Patch Reference : https://github.com/timocafe/pytorch/commit/46fc5d8e360127361211cb237d5f9eef0223e567
+
+Signed-off-by: Kanishk-Bansal 
+---
+ aten/src/ATen/native/LossCTC.cpp     | 1 +
+ aten/src/ATen/native/cuda/LossCTC.cu | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/aten/src/ATen/native/LossCTC.cpp b/aten/src/ATen/native/LossCTC.cpp
+index 595eaf9..47c2c40 100644
+--- a/aten/src/ATen/native/LossCTC.cpp
++++ b/aten/src/ATen/native/LossCTC.cpp
+@@ -119,6 +119,7 @@ std::tuple> ctc_loss_allocate_outpu
+ // the alphas from the user by only returning the loss.
+ template
+ std::tuple ctc_loss_cpu_template(const Tensor& log_probs, const Tensor& targets, IntArrayRef input_lengths, IntArrayRef target_lengths, int64_t BLANK) {
++  TORCH_CHECK(log_probs.numel() > 0, "log_probs tensor must not be empty");
+   // log_probs: input_len x batch_size x num_labels
+   // targets [int64]: batch_size x target_length OR sum(target_lengths)
+   constexpr scalar_t neginf = -std::numeric_limits::infinity();
+diff --git a/aten/src/ATen/native/cuda/LossCTC.cu b/aten/src/ATen/native/cuda/LossCTC.cu
+index 5fb86d1..4bb90fc 100644
+--- a/aten/src/ATen/native/cuda/LossCTC.cu
++++ b/aten/src/ATen/native/cuda/LossCTC.cu
+@@ -211,6 +211,7 @@ ctc_loss_log_alpha_gpu_kernel(scalar_t* __restrict__ log_alpha_data,
+ // backward. The dispatch function will only return the loss.
+ template
+ std::tuple ctc_loss_gpu_template(const Tensor& log_probs, const Tensor& targets, IntArrayRef input_lengths, IntArrayRef target_lengths, int64_t BLANK) {
++  TORCH_CHECK(log_probs.numel() > 0, "log_probs tensor must not be empty");
+   // log_probs: input_len x batch_size x num_labels
+   // targets [int64]: batch_size x target_length OR sum(target_lengths)
+   CheckedFrom c = "ctc_loss_gpu";
+-- 
+2.45.2
+
diff --git a/SPECS/pytorch/pytorch.spec b/SPECS/pytorch/pytorch.spec
index a4418d8d25..2089df4066 100644
--- a/SPECS/pytorch/pytorch.spec
+++ b/SPECS/pytorch/pytorch.spec
@@ -2,7 +2,7 @@
 Summary:        Tensors and Dynamic neural networks in Python with strong GPU acceleration.
 Name:           pytorch
 Version:        2.2.2
-Release:        5%{?dist}
+Release:        7%{?dist}
 License:        BSD-3-Clause
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -29,6 +29,9 @@ Patch4:         CVE-2024-27319.patch
 Patch5:         CVE-2021-22918.patch
 Patch6:         CVE-2024-7776.patch
 Patch7:         CVE-2021-22569.patch
+Patch8:         CVE-2025-32434.patch
+Patch9:         CVE-2025-3730.patch
+Patch10:        CVE-2025-2953.patch
 
 %description
 PyTorch is a Python package that provides two high-level features:
@@ -90,6 +93,12 @@ cp -arf docs %{buildroot}/%{_pkgdocdir}
 %{_docdir}/*
 
 %changelog
+* Tue Apr 29 2025 Archana Shettigar  - 2.2.2-7
+- Patch CVE-2025-2953
+
+* Wed Apr 23 2025 Kanishk Bansal  - 2.2.2-6
+- Patch CVE-2025-32434, CVE-2025-3730
+
 * Mon Mar 31 2025 Kanishk Bansal  - 2.2.2-5
 - Patch CVE-2021-22569, CVE-2024-7776
 
diff --git a/SPECS/qemu/CVE-2021-20255.patch b/SPECS/qemu/CVE-2021-20255.patch
new file mode 100644
index 0000000000..4aa03e7b8b
--- /dev/null
+++ b/SPECS/qemu/CVE-2021-20255.patch
@@ -0,0 +1,60 @@
+From: Stefan Weil 
+Date: Fri, 19 Feb 2021 09:08
+Am 19.02.21 um 09:08 schrieb Stefan Weil :
+
+> Okay, I can confirm the infinite recursion now.
+
+> The test case triggers memory writes by the hardware which cause new actions
+> of the same hardware and so on.
+
+> I don't know how the real hardware would handle that case.
+
+> For QEMU we can extend the current code which tries to prevent endless loops:
+> the device status EEPRO100State can be extended by a recursion counter to
+> limit the number of recursions, or maybe a boolean flag could be used to stop
+> any recursion of action_command(). I prefer the second variant (no recursion
+> at all) and suggest to add a diagnostic message as well like it is done for
+> the endless loop case.
+
+
+If there are no recursions in normal use, the following patch should work:
+
+Link: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
+---
+diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c
+index 16e95ef9cc..2474cf3dc2 100644
+--- a/hw/net/eepro100.c
++++ b/hw/net/eepro100.c
+@@ -279,6 +279,9 @@ typedef struct {
+     /* Quasi static device properties (no need to save them). */
+     uint16_t stats_size;
+     bool has_extended_tcb_support;
++
++    /* Flag to avoid recursions. */
++    bool busy;
+ } EEPRO100State;
+
+ /* Word indices in EEPROM. */
+@@ -837,6 +840,14 @@ static void action_command(EEPRO100State *s)
+        Therefore we limit the number of iterations. */
+     unsigned max_loop_count = 16;
+
++    if (s->busy) {
++        /* Prevent recursions. */
++        logout("recursion in %s:%u\n", __FILE__, __LINE__);
++        return;
++    }
++
++    s->busy = true;
++
+     for (;;) {
+         bool bit_el;
+         bool bit_s;
+@@ -933,6 +944,7 @@ static void action_command(EEPRO100State *s)
+     }
+     TRACE(OTHER, logout("CU list empty\n"));
+     /* List is empty. Now CU is idle or suspended. */
++    s->busy = false;
+ }
+
+ static void eepro100_cu_command(EEPRO100State * s, uint8_t val)
diff --git a/SPECS/qemu/CVE-2023-6683.patch b/SPECS/qemu/CVE-2023-6683.patch
index c604cb40db..a57c8f15c0 100644
--- a/SPECS/qemu/CVE-2023-6683.patch
+++ b/SPECS/qemu/CVE-2023-6683.patch
@@ -1,4 +1,4 @@
-From 480a6adc83a7bbc84bfe67229e084603dc061824 Mon Sep 17 00:00:00 2001
+From 405484b29f6548c7b86549b0f961b906337aa68a Mon Sep 17 00:00:00 2001
 From: Fiona Ebner 
 Date: Wed, 24 Jan 2024 11:57:48 +0100
 Subject: [PATCH] ui/clipboard: mark type as not available when there is no
@@ -56,8 +56,7 @@ Signed-off-by: Fiona Ebner 
 Reviewed-by: Marc-André Lureau 
 Tested-by: Markus Frank 
 Message-ID: <20240124105749.204610-1-f.ebner@proxmox.com>
-(cherry picked from commit 405484b29f6548c7b86549b0f961b906337aa68a)
-Signed-off-by: Michael Tokarev 
+Link: https://gitlab.com/qemu-project/qemu/-/commit/405484b29f6548c7b86549b0f961b906337aa68a.patch
 ---
  ui/clipboard.c | 12 +++++++++---
  1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/SPECS/qemu/CVE-2023-6693.patch b/SPECS/qemu/CVE-2023-6693.patch
index 55f1bc0298..f241bd0194 100644
--- a/SPECS/qemu/CVE-2023-6693.patch
+++ b/SPECS/qemu/CVE-2023-6693.patch
@@ -1,4 +1,4 @@
-From 939a09575fff7048446e36ce438fa7be6e251d41 Mon Sep 17 00:00:00 2001
+From 2220e8189fb94068dbad333228659fbac819abb0 Mon Sep 17 00:00:00 2001
 From: Jason Wang 
 Date: Tue, 2 Jan 2024 11:29:01 +0800
 Subject: [PATCH] virtio-net: correctly copy vnet header when flushing TX
@@ -17,14 +17,13 @@ Fixes: CVE-2023-6693
 Fixes: e22f0603fb2f ("virtio-net: reference implementation of hash report")
 Reviewed-by: Michael Tokarev 
 Signed-off-by: Jason Wang 
-(cherry picked from commit 2220e8189fb94068dbad333228659fbac819abb0)
-Signed-off-by: Michael Tokarev 
+Link: https://gitlab.com/qemu-project/qemu/-/commit/2220e8189fb94068dbad333228659fbac819abb0.patch
 ---
  hw/net/virtio-net.c | 13 +++++++++----
  1 file changed, 9 insertions(+), 4 deletions(-)
 
 diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
-index 80c56f0cfcf..73024babd45 100644
+index 7a2846fa1c7..5a79bc3a3a0 100644
 --- a/hw/net/virtio-net.c
 +++ b/hw/net/virtio-net.c
 @@ -674,6 +674,11 @@ static void virtio_net_set_mrg_rx_bufs(VirtIONet *n, int mergeable_rx_bufs,
diff --git a/SPECS/qemu/CVE-2024-26327.patch b/SPECS/qemu/CVE-2024-26327.patch
new file mode 100644
index 0000000000..39399dccce
--- /dev/null
+++ b/SPECS/qemu/CVE-2024-26327.patch
@@ -0,0 +1,39 @@
+From 313e746958967a4b941ad4bbb80726727318edfa Mon Sep 17 00:00:00 2001
+From: Akihiko Odaki 
+Date: Wed, 28 Feb 2024 20:33:13 +0900
+Subject: [PATCH] pcie_sriov: Validate NumVFs
+
+The guest may write NumVFs greater than TotalVFs and that can lead
+to buffer overflow in VF implementations.
+
+Cc: qemu-stable@nongnu.org
+Fixes: CVE-2024-26327
+Fixes: 7c0fa8dff811 ("pcie: Add support for Single Root I/O Virtualization (SR/IOV)")
+Signed-off-by: Akihiko Odaki 
+Message-Id: <20240228-reuse-v8-2-282660281e60@daynix.com>
+Reviewed-by: Michael S. Tsirkin 
+Signed-off-by: Michael S. Tsirkin 
+Reviewed-by: Sriram Yagnaraman 
+(cherry picked from commit 6081b4243cd64dff1b2cf5b0c215c71e9d7e753b)
+Signed-off-by: Michael Tokarev 
+---
+ hw/pci/pcie_sriov.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/hw/pci/pcie_sriov.c b/hw/pci/pcie_sriov.c
+index a1fe65f5d80..da209b7f47f 100644
+--- a/hw/pci/pcie_sriov.c
++++ b/hw/pci/pcie_sriov.c
+@@ -176,6 +176,9 @@ static void register_vfs(PCIDevice *dev)
+ 
+     assert(sriov_cap > 0);
+     num_vfs = pci_get_word(dev->config + sriov_cap + PCI_SRIOV_NUM_VF);
++    if (num_vfs > pci_get_word(dev->config + sriov_cap + PCI_SRIOV_TOTAL_VF)) {
++        return;
++    }
+ 
+     dev->exp.sriov_pf.vf = g_new(PCIDevice *, num_vfs);
+ 
+-- 
+GitLab
+
diff --git a/SPECS/qemu/CVE-2024-26328.patch b/SPECS/qemu/CVE-2024-26328.patch
new file mode 100644
index 0000000000..389f7801d2
--- /dev/null
+++ b/SPECS/qemu/CVE-2024-26328.patch
@@ -0,0 +1,87 @@
+From 98f3488c1b6090024299f8d6362aa6aac03fe26d Mon Sep 17 00:00:00 2001
+From: Akihiko Odaki 
+Date: Wed, 28 Feb 2024 20:33:12 +0900
+Subject: [PATCH] hw/nvme: Use pcie_sriov_num_vfs()
+
+nvme_sriov_pre_write_ctrl() used to directly inspect SR-IOV
+configurations to know the number of VFs being disabled due to SR-IOV
+configuration writes, but the logic was flawed and resulted in
+out-of-bound memory access.
+
+It assumed PCI_SRIOV_NUM_VF always has the number of currently enabled
+VFs, but it actually doesn't in the following cases:
+- PCI_SRIOV_NUM_VF has been set but PCI_SRIOV_CTRL_VFE has never been.
+- PCI_SRIOV_NUM_VF was written after PCI_SRIOV_CTRL_VFE was set.
+- VFs were only partially enabled because of realization failure.
+
+It is a responsibility of pcie_sriov to interpret SR-IOV configurations
+and pcie_sriov does it correctly, so use pcie_sriov_num_vfs(), which it
+provides, to get the number of enabled VFs before and after SR-IOV
+configuration writes.
+
+Cc: qemu-stable@nongnu.org
+Fixes: CVE-2024-26328
+Fixes: 11871f53ef8e ("hw/nvme: Add support for the Virtualization Management command")
+Suggested-by: Michael S. Tsirkin 
+Signed-off-by: Akihiko Odaki 
+Message-Id: <20240228-reuse-v8-1-282660281e60@daynix.com>
+Reviewed-by: Michael S. Tsirkin 
+Signed-off-by: Michael S. Tsirkin 
+(cherry picked from commit 91bb64a8d2014fda33a81fcf0fce37340f0d3b0c)
+Signed-off-by: Michael Tokarev 
+---
+ hw/nvme/ctrl.c | 26 ++++++++------------------
+ 1 file changed, 8 insertions(+), 18 deletions(-)
+
+diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c
+index 585bd3b397d..eaa6946604d 100644
+--- a/hw/nvme/ctrl.c
++++ b/hw/nvme/ctrl.c
+@@ -8497,36 +8497,26 @@ static void nvme_pci_reset(DeviceState *qdev)
+     nvme_ctrl_reset(n, NVME_RESET_FUNCTION);
+ }
+ 
+-static void nvme_sriov_pre_write_ctrl(PCIDevice *dev, uint32_t address,
+-                                      uint32_t val, int len)
++static void nvme_sriov_post_write_config(PCIDevice *dev, uint16_t old_num_vfs)
+ {
+     NvmeCtrl *n = NVME(dev);
+     NvmeSecCtrlEntry *sctrl;
+-    uint16_t sriov_cap = dev->exp.sriov_cap;
+-    uint32_t off = address - sriov_cap;
+-    int i, num_vfs;
++    int i;
+ 
+-    if (!sriov_cap) {
+-        return;
+-    }
+-
+-    if (range_covers_byte(off, len, PCI_SRIOV_CTRL)) {
+-        if (!(val & PCI_SRIOV_CTRL_VFE)) {
+-            num_vfs = pci_get_word(dev->config + sriov_cap + PCI_SRIOV_NUM_VF);
+-            for (i = 0; i < num_vfs; i++) {
+-                sctrl = &n->sec_ctrl_list.sec[i];
+-                nvme_virt_set_state(n, le16_to_cpu(sctrl->scid), false);
+-            }
+-        }
++    for (i = pcie_sriov_num_vfs(dev); i < old_num_vfs; i++) {
++        sctrl = &n->sec_ctrl_list.sec[i];
++        nvme_virt_set_state(n, le16_to_cpu(sctrl->scid), false);
+     }
+ }
+ 
+ static void nvme_pci_write_config(PCIDevice *dev, uint32_t address,
+                                   uint32_t val, int len)
+ {
+-    nvme_sriov_pre_write_ctrl(dev, address, val, len);
++    uint16_t old_num_vfs = pcie_sriov_num_vfs(dev);
++
+     pci_default_write_config(dev, address, val, len);
+     pcie_cap_flr_write_config(dev, address, val, len);
++    nvme_sriov_post_write_config(dev, old_num_vfs);
+ }
+ 
+ static const VMStateDescription nvme_vmstate = {
+-- 
+GitLab
+
diff --git a/SPECS/qemu/CVE-2024-3447.patch b/SPECS/qemu/CVE-2024-3447.patch
new file mode 100644
index 0000000000..cb14edbe15
--- /dev/null
+++ b/SPECS/qemu/CVE-2024-3447.patch
@@ -0,0 +1,140 @@
+From b84c0a4b6103796312e7dd8c7288eaad1fb87aa7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= 
+Date: Tue, 9 Apr 2024 16:19:27 +0200
+Subject: [PATCH 1/6] hw/sd/sdhci: Do not update TRNMOD when Command Inhibit
+ (DAT) is set
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Per "SD Host Controller Standard Specification Version 3.00":
+
+  * 2.2.5 Transfer Mode Register (Offset 00Ch)
+
+    Writes to this register shall be ignored when the Command
+    Inhibit (DAT) in the Present State register is 1.
+
+Do not update the TRNMOD register when Command Inhibit (DAT)
+bit is set to avoid the present-status register going out of
+sync, leading to malicious guest using DMA mode and overflowing
+the FIFO buffer:
+
+  $ cat << EOF | qemu-system-i386 \
+                     -display none -nographic -nodefaults \
+                     -machine accel=qtest -m 512M \
+                     -device sdhci-pci,sd-spec-version=3 \
+                     -device sd-card,drive=mydrive \
+                     -drive if=none,index=0,file=null-co://,format=raw,id=mydrive \
+                     -qtest stdio
+  outl 0xcf8 0x80001013
+  outl 0xcfc 0x91
+  outl 0xcf8 0x80001001
+  outl 0xcfc 0x06000000
+  write 0x9100002c 0x1 0x05
+  write 0x91000058 0x1 0x16
+  write 0x91000005 0x1 0x04
+  write 0x91000028 0x1 0x08
+  write 0x16 0x1 0x21
+  write 0x19 0x1 0x20
+  write 0x9100000c 0x1 0x01
+  write 0x9100000e 0x1 0x20
+  write 0x9100000f 0x1 0x00
+  write 0x9100000c 0x1 0x00
+  write 0x91000020 0x1 0x00
+  EOF
+
+Stack trace (part):
+=================================================================
+==89993==ERROR: AddressSanitizer: heap-buffer-overflow on address
+0x615000029900 at pc 0x55d5f885700d bp 0x7ffc1e1e9470 sp 0x7ffc1e1e9468
+WRITE of size 1 at 0x615000029900 thread T0
+    #0 0x55d5f885700c in sdhci_write_dataport hw/sd/sdhci.c:564:39
+    #1 0x55d5f8849150 in sdhci_write hw/sd/sdhci.c:1223:13
+    #2 0x55d5fa01db63 in memory_region_write_accessor system/memory.c:497:5
+    #3 0x55d5fa01d245 in access_with_adjusted_size system/memory.c:573:18
+    #4 0x55d5fa01b1a9 in memory_region_dispatch_write system/memory.c:1521:16
+    #5 0x55d5fa09f5c9 in flatview_write_continue system/physmem.c:2711:23
+    #6 0x55d5fa08f78b in flatview_write system/physmem.c:2753:12
+    #7 0x55d5fa08f258 in address_space_write system/physmem.c:2860:18
+    ...
+0x615000029900 is located 0 bytes to the right of 512-byte region
+[0x615000029700,0x615000029900) allocated by thread T0 here:
+    #0 0x55d5f7237b27 in __interceptor_calloc
+    #1 0x7f9e36dd4c50 in g_malloc0
+    #2 0x55d5f88672f7 in sdhci_pci_realize hw/sd/sdhci-pci.c:36:5
+    #3 0x55d5f844b582 in pci_qdev_realize hw/pci/pci.c:2092:9
+    #4 0x55d5fa2ee74b in device_set_realized hw/core/qdev.c:510:13
+    #5 0x55d5fa325bfb in property_set_bool qom/object.c:2358:5
+    #6 0x55d5fa31ea45 in object_property_set qom/object.c:1472:5
+    #7 0x55d5fa332509 in object_property_set_qobject om/qom-qobject.c:28:10
+    #8 0x55d5fa31f6ed in object_property_set_bool qom/object.c:1541:15
+    #9 0x55d5fa2e2948 in qdev_realize hw/core/qdev.c:292:12
+    #10 0x55d5f8eed3f1 in qdev_device_add_from_qdict system/qdev-monitor.c:719:10
+    #11 0x55d5f8eef7ff in qdev_device_add system/qdev-monitor.c:738:11
+    #12 0x55d5f8f211f0 in device_init_func system/vl.c:1200:11
+    #13 0x55d5fad0877d in qemu_opts_foreach util/qemu-option.c:1135:14
+    #14 0x55d5f8f0df9c in qemu_create_cli_devices system/vl.c:2638:5
+    #15 0x55d5f8f0db24 in qmp_x_exit_preconfig system/vl.c:2706:5
+    #16 0x55d5f8f14dc0 in qemu_init system/vl.c:3737:9
+    ...
+SUMMARY: AddressSanitizer: heap-buffer-overflow hw/sd/sdhci.c:564:39
+in sdhci_write_dataport
+
+Add assertions to ensure the fifo_buffer[] is not overflowed by
+malicious accesses to the Buffer Data Port register.
+
+Fixes: CVE-2024-3447
+Cc: qemu-stable@nongnu.org
+Fixes: d7dfca0807 ("hw/sdhci: introduce standard SD host controller")
+Buglink: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813
+Reported-by: Alexander Bulekov 
+Reported-by: Chuhong Yuan 
+Signed-off-by: Peter Maydell 
+Message-Id: 
+Signed-off-by: Philippe Mathieu-Daudé 
+Message-Id: <20240409145524.27913-1-philmd@linaro.org>
+(cherry picked from commit 9e4b27ca6bf4974f169bbca7f3dca117b1208b6f)
+Signed-off-by: Michael Tokarev 
+
+Upstream Reference:
+https://gitlab.com/qemu-project/qemu/-/commit/35a67d2aa8caf8eb0bee7d38515924c95417047e
+---
+ hw/sd/sdhci.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
+index 40473b0..e95ea34 100644
+--- a/hw/sd/sdhci.c
++++ b/hw/sd/sdhci.c
+@@ -473,6 +473,7 @@ static uint32_t sdhci_read_dataport(SDHCIState *s, unsigned size)
+     }
+ 
+     for (i = 0; i < size; i++) {
++        assert(s->data_count < s->buf_maxsz);
+         value |= s->fifo_buffer[s->data_count] << i * 8;
+         s->data_count++;
+         /* check if we've read all valid data (blksize bytes) from buffer */
+@@ -561,6 +562,7 @@ static void sdhci_write_dataport(SDHCIState *s, uint32_t value, unsigned size)
+     }
+ 
+     for (i = 0; i < size; i++) {
++        assert(s->data_count < s->buf_maxsz);
+         s->fifo_buffer[s->data_count] = value & 0xFF;
+         s->data_count++;
+         value >>= 8;
+@@ -1208,6 +1210,12 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size)
+         if (!(s->capareg & R_SDHC_CAPAB_SDMA_MASK)) {
+             value &= ~SDHC_TRNS_DMA;
+         }
++
++        /* TRNMOD writes are inhibited while Command Inhibit (DAT) is true */
++        if (s->prnsts & SDHC_DATA_INHIBIT) {
++            mask |= 0xffff;
++        }
++
+         MASKED_WRITE(s->trnmod, mask, value & SDHC_TRNMOD_MASK);
+         MASKED_WRITE(s->cmdreg, mask >> 16, value >> 16);
+ 
+-- 
+2.45.3
+
diff --git a/SPECS/qemu/CVE-2024-3567.patch b/SPECS/qemu/CVE-2024-3567.patch
index b52f314a72..c68bd7d037 100644
--- a/SPECS/qemu/CVE-2024-3567.patch
+++ b/SPECS/qemu/CVE-2024-3567.patch
@@ -1,7 +1,7 @@
-From 1cfe45956e03070f894e91b304e233b4d5b99719 Mon Sep 17 00:00:00 2001
+From 941f533e8191a08f5b0964333a9a534de2733093 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= 
 Date: Tue, 9 Apr 2024 19:54:05 +0200
-Subject: [PATCH] hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum()
+Subject: [PATCH 6/6] hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum()
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@@ -46,12 +46,15 @@ Acked-by: Jason Wang 
 Message-Id: <20240410070459.49112-1-philmd@linaro.org>
 (cherry picked from commit 83ddb3dbba2ee0f1767442ae6ee665058aeb1093)
 Signed-off-by: Michael Tokarev 
+
+Upstream reference:
+https://gitlab.com/qemu-project/qemu/-/commit/1cfe45956e03070f894e91b304e233b4d5b99719
 ---
  hw/net/net_tx_pkt.c | 4 ++++
  1 file changed, 4 insertions(+)
 
 diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c
-index 2134a18c4c9..b7b1de816dc 100644
+index 2e5f58b..d40d508 100644
 --- a/hw/net/net_tx_pkt.c
 +++ b/hw/net/net_tx_pkt.c
 @@ -141,6 +141,10 @@ bool net_tx_pkt_update_sctp_checksum(struct NetTxPkt *pkt)
@@ -66,5 +69,5 @@ index 2134a18c4c9..b7b1de816dc 100644
          return false;
      }
 -- 
-GitLab
+2.45.3
 
diff --git a/SPECS/qemu/CVE-2024-4467.patch b/SPECS/qemu/CVE-2024-4467.patch
new file mode 100644
index 0000000000..f39dd6cc73
--- /dev/null
+++ b/SPECS/qemu/CVE-2024-4467.patch
@@ -0,0 +1,111 @@
+From cd7055d9d5ade0e9ccf468da8742f7f1ace0fb88 Mon Sep 17 00:00:00 2001
+From: Kevin Wolf 
+Date: Thu, 11 Apr 2024 15:06:01 +0200
+Subject: [PATCH 2/6] qcow2: Don't open data_file with BDRV_O_NO_IO
+
+One use case for 'qemu-img info' is verifying that untrusted images
+don't reference an unwanted external file, be it as a backing file or an
+external data file. To make sure that calling 'qemu-img info' can't
+already have undesired side effects with a malicious image, just don't
+open the data file at all with BDRV_O_NO_IO. If nothing ever tries to do
+I/O, we don't need to have it open.
+
+This changes the output of iotests case 061, which used 'qemu-img info'
+to show that opening an image with an invalid data file fails. After
+this patch, it succeeds. Replace this part of the test with a qemu-io
+call, but keep the final 'qemu-img info' to show that the invalid data
+file is correctly displayed in the output.
+
+Fixes: CVE-2024-4467
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Kevin Wolf 
+Reviewed-by: Eric Blake 
+Reviewed-by: Stefan Hajnoczi 
+Reviewed-by: Hanna Czenczek 
+
+Upstream reference:
+https://gitlab.com/qemu-project/qemu/-/commit/bd385a5298d7062668e804d73944d52aec9549f1
+---
+ block/qcow2.c              | 17 ++++++++++++++++-
+ tests/qemu-iotests/061     |  6 ++++--
+ tests/qemu-iotests/061.out |  8 ++++++--
+ 3 files changed, 26 insertions(+), 5 deletions(-)
+
+diff --git a/block/qcow2.c b/block/qcow2.c
+index 13e032b..7af7c0b 100644
+--- a/block/qcow2.c
++++ b/block/qcow2.c
+@@ -1636,7 +1636,22 @@ qcow2_do_open(BlockDriverState *bs, QDict *options, int flags,
+         goto fail;
+     }
+ 
+-    if (open_data_file) {
++    if (open_data_file && (flags & BDRV_O_NO_IO)) {
++        /*
++         * Don't open the data file for 'qemu-img info' so that it can be used
++         * to verify that an untrusted qcow2 image doesn't refer to external
++         * files.
++         *
++         * Note: This still makes has_data_file() return true.
++         */
++        if (s->incompatible_features & QCOW2_INCOMPAT_DATA_FILE) {
++            s->data_file = NULL;
++        } else {
++            s->data_file = bs->file;
++        }
++        qdict_extract_subqdict(options, NULL, "data-file.");
++        qdict_del(options, "data-file");
++    } else if (open_data_file) {
+         /* Open external data file */
+         bdrv_graph_co_rdunlock();
+         s->data_file = bdrv_co_open_child(NULL, options, "data-file", bs,
+diff --git a/tests/qemu-iotests/061 b/tests/qemu-iotests/061
+index 53c7d42..b71ac09 100755
+--- a/tests/qemu-iotests/061
++++ b/tests/qemu-iotests/061
+@@ -326,12 +326,14 @@ $QEMU_IMG amend -o "data_file=foo" "$TEST_IMG"
+ echo
+ _make_test_img -o "compat=1.1,data_file=$TEST_IMG.data" 64M
+ $QEMU_IMG amend -o "data_file=foo" "$TEST_IMG"
+-_img_info --format-specific
++$QEMU_IO -c "read 0 4k" "$TEST_IMG" 2>&1 | _filter_testdir | _filter_imgfmt
++$QEMU_IO -c "open -o data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" -c "read 0 4k" | _filter_qemu_io
+ TEST_IMG="data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" _img_info --format-specific --image-opts
+ 
+ echo
+ $QEMU_IMG amend -o "data_file=" --image-opts "data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG"
+-_img_info --format-specific
++$QEMU_IO -c "read 0 4k" "$TEST_IMG" 2>&1 | _filter_testdir | _filter_imgfmt
++$QEMU_IO -c "open -o data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" -c "read 0 4k" | _filter_qemu_io
+ TEST_IMG="data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" _img_info --format-specific --image-opts
+ 
+ echo
+diff --git a/tests/qemu-iotests/061.out b/tests/qemu-iotests/061.out
+index 139fc68..24c33ad 100644
+--- a/tests/qemu-iotests/061.out
++++ b/tests/qemu-iotests/061.out
+@@ -545,7 +545,9 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
+ qemu-img: data-file can only be set for images that use an external data file
+ 
+ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 data_file=TEST_DIR/t.IMGFMT.data
+-qemu-img: Could not open 'TEST_DIR/t.IMGFMT': Could not open 'foo': No such file or directory
++qemu-io: can't open device TEST_DIR/t.IMGFMT: Could not open 'foo': No such file or directory
++read 4096/4096 bytes at offset 0
++4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+ image: TEST_DIR/t.IMGFMT
+ file format: IMGFMT
+ virtual size: 64 MiB (67108864 bytes)
+@@ -560,7 +562,9 @@ Format specific information:
+     corrupt: false
+     extended l2: false
+ 
+-qemu-img: Could not open 'TEST_DIR/t.IMGFMT': 'data-file' is required for this image
++qemu-io: can't open device TEST_DIR/t.IMGFMT: 'data-file' is required for this image
++read 4096/4096 bytes at offset 0
++4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+ image: TEST_DIR/t.IMGFMT
+ file format: IMGFMT
+ virtual size: 64 MiB (67108864 bytes)
+-- 
+2.45.3
+
diff --git a/SPECS/qemu/CVE-2024-4693.patch b/SPECS/qemu/CVE-2024-4693.patch
new file mode 100644
index 0000000000..6f711d638c
--- /dev/null
+++ b/SPECS/qemu/CVE-2024-4693.patch
@@ -0,0 +1,249 @@
+From e8bea549850dc9d9583ebb01c91bc2ba456318ac Mon Sep 17 00:00:00 2001
+From: Cindy Lu 
+Date: Fri, 12 Apr 2024 14:26:55 +0800
+Subject: [PATCH 1/2] virtio-pci: fix use of a released vector
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+During the booting process of the non-standard image, the behavior of the
+called function in qemu is as follows:
+
+1. vhost_net_stop() was triggered by guest image. This will call the function
+virtio_pci_set_guest_notifiers() with assgin= false,
+virtio_pci_set_guest_notifiers() will release the irqfd for vector 0
+
+2. virtio_reset() was triggered, this will set configure vector to VIRTIO_NO_VECTOR
+
+3.vhost_net_start() was called (at this time, the configure vector is
+still VIRTIO_NO_VECTOR) and then call virtio_pci_set_guest_notifiers() with
+assgin=true, so the irqfd for vector 0 is still not "init" during this process
+
+4. The system continues to boot and sets the vector back to 0. After that
+msix_fire_vector_notifier() was triggered to unmask the vector 0 and  meet the crash
+
+To fix the issue, we need to support changing the vector after VIRTIO_CONFIG_S_DRIVER_OK is set.
+
+(gdb) bt
+0  __pthread_kill_implementation (threadid=, signo=signo@entry=6, no_tid=no_tid@entry=0)
+    at pthread_kill.c:44
+1  0x00007fc87148ec53 in __pthread_kill_internal (signo=6, threadid=) at pthread_kill.c:78
+2  0x00007fc87143e956 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
+3  0x00007fc8714287f4 in __GI_abort () at abort.c:79
+4  0x00007fc87142871b in __assert_fail_base
+    (fmt=0x7fc8715bbde0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x5606413efd53 "ret == 0", file=0x5606413ef87d "../accel/kvm/kvm-all.c", line=1837, function=) at assert.c:92
+5  0x00007fc871437536 in __GI___assert_fail
+    (assertion=0x5606413efd53 "ret == 0", file=0x5606413ef87d "../accel/kvm/kvm-all.c", line=1837, function=0x5606413f06f0 <__PRETTY_FUNCTION__.19> "kvm_irqchip_commit_routes") at assert.c:101
+6  0x0000560640f884b5 in kvm_irqchip_commit_routes (s=0x560642cae1f0) at ../accel/kvm/kvm-all.c:1837
+7  0x0000560640c98f8e in virtio_pci_one_vector_unmask
+    (proxy=0x560643c65f00, queue_no=4294967295, vector=0, msg=..., n=0x560643c6e4c8)
+    at ../hw/virtio/virtio-pci.c:1005
+8  0x0000560640c99201 in virtio_pci_vector_unmask (dev=0x560643c65f00, vector=0, msg=...)
+    at ../hw/virtio/virtio-pci.c:1070
+9  0x0000560640bc402e in msix_fire_vector_notifier (dev=0x560643c65f00, vector=0, is_masked=false)
+    at ../hw/pci/msix.c:120
+10 0x0000560640bc40f1 in msix_handle_mask_update (dev=0x560643c65f00, vector=0, was_masked=true)
+    at ../hw/pci/msix.c:140
+11 0x0000560640bc4503 in msix_table_mmio_write (opaque=0x560643c65f00, addr=12, val=0, size=4)
+    at ../hw/pci/msix.c:231
+12 0x0000560640f26d83 in memory_region_write_accessor
+    (mr=0x560643c66540, addr=12, value=0x7fc86b7bc628, size=4, shift=0, mask=4294967295, attrs=...)
+    at ../system/memory.c:497
+13 0x0000560640f270a6 in access_with_adjusted_size
+
+     (addr=12, value=0x7fc86b7bc628, size=4, access_size_min=1, access_size_max=4, access_fn=0x560640f26c8d , mr=0x560643c66540, attrs=...) at ../system/memory.c:573
+14 0x0000560640f2a2b5 in memory_region_dispatch_write (mr=0x560643c66540, addr=12, data=0, op=MO_32, attrs=...)
+    at ../system/memory.c:1521
+15 0x0000560640f37bac in flatview_write_continue
+    (fv=0x7fc65805e0b0, addr=4273803276, attrs=..., ptr=0x7fc871e9c028, len=4, addr1=12, l=4, mr=0x560643c66540)
+    at ../system/physmem.c:2714
+16 0x0000560640f37d0f in flatview_write
+    (fv=0x7fc65805e0b0, addr=4273803276, attrs=..., buf=0x7fc871e9c028, len=4) at ../system/physmem.c:2756
+17 0x0000560640f380bf in address_space_write
+    (as=0x560642161ae0 , addr=4273803276, attrs=..., buf=0x7fc871e9c028, len=4)
+    at ../system/physmem.c:2863
+18 0x0000560640f3812c in address_space_rw
+    (as=0x560642161ae0 , addr=4273803276, attrs=..., buf=0x7fc871e9c028, len=4, is_write=true) at ../system/physmem.c:2873
+--Type  for more, q to quit, c to continue without paging--
+19 0x0000560640f8aa55 in kvm_cpu_exec (cpu=0x560642f205e0) at ../accel/kvm/kvm-all.c:2915
+20 0x0000560640f8d731 in kvm_vcpu_thread_fn (arg=0x560642f205e0) at ../accel/kvm/kvm-accel-ops.c:51
+21 0x00005606411949f4 in qemu_thread_start (args=0x560642f292b0) at ../util/qemu-thread-posix.c:541
+22 0x00007fc87148cdcd in start_thread (arg=) at pthread_create.c:442
+23 0x00007fc871512630 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
+(gdb)
+
+MST: coding style and typo fixups
+
+Fixes: f9a09ca3ea ("vhost: add support for configure interrupt")
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Cindy Lu 
+Message-ID: <2321ade5f601367efe7380c04e3f61379c59b48f.1713173550.git.mst@redhat.com>
+Cc: Lei Yang 
+Cc: Jason Wang 
+Signed-off-by: Michael S. Tsirkin 
+Tested-by: Cindy Lu 
+(cherry picked from commit 2ce6cff94df2650c460f809e5ad263f1d22507c0)
+Signed-off-by: Michael Tokarev 
+
+Upstream reference:
+https://gitlab.com/qemu-project/qemu/-/commit/fcbb086ae590e910614fe5b8bf76e264f71ef304
+---
+ hw/virtio/virtio-pci.c | 37 +++++++++++++++++++++++++++++++++++--
+ 1 file changed, 35 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
+index e433879..08faefe 100644
+--- a/hw/virtio/virtio-pci.c
++++ b/hw/virtio/virtio-pci.c
+@@ -1424,6 +1424,38 @@ static int virtio_pci_add_mem_cap(VirtIOPCIProxy *proxy,
+     return offset;
+ }
+ 
++static void virtio_pci_set_vector(VirtIODevice *vdev,
++                                  VirtIOPCIProxy *proxy,
++                                  int queue_no, uint16_t old_vector,
++                                  uint16_t new_vector)
++{
++    bool kvm_irqfd = (vdev->status & VIRTIO_CONFIG_S_DRIVER_OK) &&
++        msix_enabled(&proxy->pci_dev) && kvm_msi_via_irqfd_enabled();
++
++    if (new_vector == old_vector) {
++        return;
++    }
++
++    /*
++     * If the device uses irqfd and the vector changes after DRIVER_OK is
++     * set, we need to release the old vector and set up the new one.
++     * Otherwise just need to set the new vector on the device.
++     */
++    if (kvm_irqfd && old_vector != VIRTIO_NO_VECTOR) {
++        kvm_virtio_pci_vector_release_one(proxy, queue_no);
++    }
++    /* Set the new vector on the device. */
++    if (queue_no == VIRTIO_CONFIG_IRQ_IDX) {
++        vdev->config_vector = new_vector;
++    } else {
++        virtio_queue_set_vector(vdev, queue_no, new_vector);
++    }
++    /* If the new vector changed need to set it up. */
++    if (kvm_irqfd && new_vector != VIRTIO_NO_VECTOR) {
++        kvm_virtio_pci_vector_use_one(proxy, queue_no);
++    }
++}
++
+ int virtio_pci_add_shm_cap(VirtIOPCIProxy *proxy,
+                            uint8_t bar, uint64_t offset, uint64_t length,
+                            uint8_t id)
+@@ -1570,7 +1602,8 @@ static void virtio_pci_common_write(void *opaque, hwaddr addr,
+         } else {
+             val = VIRTIO_NO_VECTOR;
+         }
+-        vdev->config_vector = val;
++        virtio_pci_set_vector(vdev, proxy, VIRTIO_CONFIG_IRQ_IDX,
++                              vdev->config_vector, val);
+         break;
+     case VIRTIO_PCI_COMMON_STATUS:
+         if (!(val & VIRTIO_CONFIG_S_DRIVER_OK)) {
+@@ -1610,7 +1643,7 @@ static void virtio_pci_common_write(void *opaque, hwaddr addr,
+         } else {
+             val = VIRTIO_NO_VECTOR;
+         }
+-        virtio_queue_set_vector(vdev, vdev->queue_sel, val);
++        virtio_pci_set_vector(vdev, proxy, vdev->queue_sel, vector, val);
+         break;
+     case VIRTIO_PCI_COMMON_Q_ENABLE:
+         if (val == 1) {
+-- 
+2.45.3
+
+
+From 352e1d101fa3cfb161ee951af754bff791ff2241 Mon Sep 17 00:00:00 2001
+From: Cindy Lu 
+Date: Wed, 22 May 2024 13:10:24 +0800
+Subject: [PATCH 2/2] virtio-pci: Fix the use of an uninitialized irqfd.
+
+The crash was reported in MAC OS and NixOS, here is the link for this bug
+https://gitlab.com/qemu-project/qemu/-/issues/2334
+https://gitlab.com/qemu-project/qemu/-/issues/2321
+
+The root cause is that the function virtio_pci_set_guest_notifiers() only
+initializes the irqfd when the use_guest_notifier_mask and guest_notifier_mask
+are set.
+However, this check is missing in virtio_pci_set_vector().
+So the fix is to add this check.
+
+This fix is verified in vyatta,MacOS,NixOS,fedora system.
+
+The bt tree for this bug is:
+Thread 6 "CPU 0/KVM" received signal SIGSEGV, Segmentation fault.
+[Switching to Thread 0x7c817be006c0 (LWP 1269146)]
+kvm_virtio_pci_vq_vector_use () at ../qemu-9.0.0/hw/virtio/virtio-pci.c:817
+817	    if (irqfd->users == 0) {
+(gdb) thread apply all bt
+...
+Thread 6 (Thread 0x7c817be006c0 (LWP 1269146) "CPU 0/KVM"):
+0  kvm_virtio_pci_vq_vector_use () at ../qemu-9.0.0/hw/virtio/virtio-pci.c:817
+1  kvm_virtio_pci_vector_use_one () at ../qemu-9.0.0/hw/virtio/virtio-pci.c:893
+2  0x00005983657045e2 in memory_region_write_accessor () at ../qemu-9.0.0/system/memory.c:497
+3  0x0000598365704ba6 in access_with_adjusted_size () at ../qemu-9.0.0/system/memory.c:573
+4  0x0000598365705059 in memory_region_dispatch_write () at ../qemu-9.0.0/system/memory.c:1528
+5  0x00005983659b8e1f in flatview_write_continue_step.isra.0 () at ../qemu-9.0.0/system/physmem.c:2713
+6  0x000059836570ba7d in flatview_write_continue () at ../qemu-9.0.0/system/physmem.c:2743
+7  flatview_write () at ../qemu-9.0.0/system/physmem.c:2774
+8  0x000059836570bb76 in address_space_write () at ../qemu-9.0.0/system/physmem.c:2894
+9  0x0000598365763afe in address_space_rw () at ../qemu-9.0.0/system/physmem.c:2904
+10 kvm_cpu_exec () at ../qemu-9.0.0/accel/kvm/kvm-all.c:2917
+11 0x000059836576656e in kvm_vcpu_thread_fn () at ../qemu-9.0.0/accel/kvm/kvm-accel-ops.c:50
+12 0x0000598365926ca8 in qemu_thread_start () at ../qemu-9.0.0/util/qemu-thread-posix.c:541
+13 0x00007c8185bcd1cf in ??? () at /usr/lib/libc.so.6
+14 0x00007c8185c4e504 in clone () at /usr/lib/libc.so.6
+
+Fixes: 2ce6cff94d ("virtio-pci: fix use of a released vector")
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Cindy Lu 
+Message-Id: <20240522051042.985825-1-lulu@redhat.com>
+Acked-by: Jason Wang 
+Reviewed-by: Michael S. Tsirkin 
+Signed-off-by: Michael S. Tsirkin 
+
+Upstream reference:
+https://gitlab.com/qemu-project/qemu/-/commit/7eeb62b0ce3a8f64647bf53f93903abd1fbb0b94
+---
+ hw/virtio/virtio-pci.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
+index 08faefe..c10913c 100644
+--- a/hw/virtio/virtio-pci.c
++++ b/hw/virtio/virtio-pci.c
+@@ -1431,6 +1431,7 @@ static void virtio_pci_set_vector(VirtIODevice *vdev,
+ {
+     bool kvm_irqfd = (vdev->status & VIRTIO_CONFIG_S_DRIVER_OK) &&
+         msix_enabled(&proxy->pci_dev) && kvm_msi_via_irqfd_enabled();
++    VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ 
+     if (new_vector == old_vector) {
+         return;
+@@ -1441,7 +1442,8 @@ static void virtio_pci_set_vector(VirtIODevice *vdev,
+      * set, we need to release the old vector and set up the new one.
+      * Otherwise just need to set the new vector on the device.
+      */
+-    if (kvm_irqfd && old_vector != VIRTIO_NO_VECTOR) {
++    if (kvm_irqfd && old_vector != VIRTIO_NO_VECTOR &&
++        vdev->use_guest_notifier_mask && k->guest_notifier_mask) {
+         kvm_virtio_pci_vector_release_one(proxy, queue_no);
+     }
+     /* Set the new vector on the device. */
+@@ -1451,7 +1453,8 @@ static void virtio_pci_set_vector(VirtIODevice *vdev,
+         virtio_queue_set_vector(vdev, queue_no, new_vector);
+     }
+     /* If the new vector changed need to set it up. */
+-    if (kvm_irqfd && new_vector != VIRTIO_NO_VECTOR) {
++    if (kvm_irqfd && new_vector != VIRTIO_NO_VECTOR &&
++        vdev->use_guest_notifier_mask && k->guest_notifier_mask) {
+         kvm_virtio_pci_vector_use_one(proxy, queue_no);
+     }
+ }
+-- 
+2.45.3
+
diff --git a/SPECS/qemu/CVE-2024-6505.patch b/SPECS/qemu/CVE-2024-6505.patch
new file mode 100644
index 0000000000..1944375d94
--- /dev/null
+++ b/SPECS/qemu/CVE-2024-6505.patch
@@ -0,0 +1,39 @@
+From 7f8df6696a32c8a4aeafd1940b6cabc6c9edbe6b Mon Sep 17 00:00:00 2001
+From: Akihiko Odaki 
+Date: Mon, 1 Jul 2024 20:58:04 +0900
+Subject: [PATCH 3/6] virtio-net: Ensure queue index fits with RSS
+
+Ensure the queue index points to a valid queue when software RSS
+enabled. The new calculation matches with the behavior of Linux's TAP
+device with the RSS eBPF program.
+
+Fixes: 4474e37a5b3a ("virtio-net: implement RX RSS processing")
+Reported-by: Zhibin Hu 
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Akihiko Odaki 
+Reviewed-by: Michael S. Tsirkin 
+Signed-off-by: Jason Wang 
+
+Upstream reference:
+https://gitlab.com/qemu-project/qemu/-/commit/f1595ceb
+---
+ hw/net/virtio-net.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
+index 73024ba..08b69e8 100644
+--- a/hw/net/virtio-net.c
++++ b/hw/net/virtio-net.c
+@@ -1909,7 +1909,8 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
+     if (!no_rss && n->rss_data.enabled && n->rss_data.enabled_software_rss) {
+         int index = virtio_net_process_rss(nc, buf, size);
+         if (index >= 0) {
+-            NetClientState *nc2 = qemu_get_subqueue(n->nic, index);
++            NetClientState *nc2 =
++                qemu_get_subqueue(n->nic, index % n->curr_queue_pairs);
+             return virtio_net_receive_rcu(nc2, buf, size, true);
+         }
+     }
+-- 
+2.45.3
+
diff --git a/SPECS/qemu/CVE-2024-7730.patch b/SPECS/qemu/CVE-2024-7730.patch
new file mode 100644
index 0000000000..f854c279fa
--- /dev/null
+++ b/SPECS/qemu/CVE-2024-7730.patch
@@ -0,0 +1,61 @@
+From 3396278a67b18a8e417c595cd5377ce187ad5cfd Mon Sep 17 00:00:00 2001
+From: Manos Pitsidianakis 
+Date: Mon, 8 Jul 2024 10:09:49 +0300
+Subject: [PATCH 5/6] virtio-snd: add max size bounds check in input cb
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When reading input audio in the virtio-snd input callback,
+virtio_snd_pcm_in_cb(), we do not check whether the iov can actually fit
+the data buffer. This is because we use the buffer->size field as a
+total-so-far accumulator instead of byte-size-left like in TX buffers.
+
+This triggers an out of bounds write if the size of the virtio queue
+element is equal to virtio_snd_pcm_status, which makes the available
+space for audio data zero. This commit adds a check for reaching the
+maximum buffer size before attempting any writes.
+
+Reported-by: Zheyu Ma 
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2427
+Signed-off-by: Manos Pitsidianakis 
+Message-Id: 
+Reviewed-by: Philippe Mathieu-Daudé 
+Reviewed-by: Michael S. Tsirkin 
+Signed-off-by: Michael S. Tsirkin 
+
+Upstream reference:
+https://gitlab.com/qemu-project/qemu/-/commit/98e77e3dd8dd6e7aa9a7dffa60f49c8c8a49d4e3
+---
+ hw/audio/virtio-snd.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/hw/audio/virtio-snd.c b/hw/audio/virtio-snd.c
+index 137fa77..15986af 100644
+--- a/hw/audio/virtio-snd.c
++++ b/hw/audio/virtio-snd.c
+@@ -1274,7 +1274,7 @@ static void virtio_snd_pcm_in_cb(void *data, int available)
+ {
+     VirtIOSoundPCMStream *stream = data;
+     VirtIOSoundPCMBuffer *buffer;
+-    size_t size;
++    size_t size, max_size;
+ 
+     WITH_QEMU_LOCK_GUARD(&stream->queue_mutex) {
+         while (!QSIMPLEQ_EMPTY(&stream->queue)) {
+@@ -1288,7 +1288,12 @@ static void virtio_snd_pcm_in_cb(void *data, int available)
+                 continue;
+             }
+ 
++            max_size = iov_size(buffer->elem->in_sg, buffer->elem->in_num);
+             for (;;) {
++                if (buffer->size >= max_size) {
++                    return_rx_buffer(stream, buffer);
++                    break;
++                }
+                 size = AUD_read(stream->voice.in,
+                         buffer->data + buffer->size,
+                         MIN(available, (stream->params.period_bytes -
+-- 
+2.45.3
+
diff --git a/SPECS/qemu/qemu.spec b/SPECS/qemu/qemu.spec
index 4df3a2fa9f..04d0785ae1 100644
--- a/SPECS/qemu/qemu.spec
+++ b/SPECS/qemu/qemu.spec
@@ -414,7 +414,7 @@ Obsoletes: sgabios-bin <= 1:0.20180715git-10.fc38
 Summary: QEMU is a FAST! processor emulator
 Name: qemu
 Version: 8.2.0
-Release: 17%{?dist}
+Release: 18%{?dist}
 License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND FSFAP AND GPL-1.0-or-later AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-2.0-or-later WITH GCC-exception-2.0 AND LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND MIT AND LicenseRef-Fedora-Public-Domain AND CC-BY-3.0
 URL: http://www.qemu.org/
 
@@ -470,11 +470,19 @@ Patch45: 0045-ui-gtk-Enabling-HW-cursor.patch
 
 # https://patchwork.kernel.org/project/qemu-devel/patch/20231128143647.847668-1-crobinso@redhat.com/
 # Fix pvh.img ld build failure on fedora rawhide
-Patch46: 0001-pc-bios-optionrom-Fix-pvh.img-ld-build-failure-on-fe.patch
-Patch47: 0002-Disable-failing-tests-on-azl.patch
-Patch48: CVE-2024-3567.patch
-Patch49: CVE-2023-6683.patch
-Patch50: CVE-2023-6693.patch
+Patch46:  0001-pc-bios-optionrom-Fix-pvh.img-ld-build-failure-on-fe.patch
+Patch47:  0002-Disable-failing-tests-on-azl.patch
+Patch48:  CVE-2023-6683.patch
+Patch49:  CVE-2023-6693.patch
+Patch50:  CVE-2021-20255.patch
+Patch51:  CVE-2024-3447.patch
+Patch52:  CVE-2024-4467.patch
+Patch53:  CVE-2024-6505.patch
+Patch54:  CVE-2024-4693.patch
+Patch55:  CVE-2024-7730.patch
+Patch56:  CVE-2024-3567.patch
+Patch57:  CVE-2024-26327.patch
+Patch58:  CVE-2024-26328.patch
 
 Source10: qemu-guest-agent.service
 Source11: 99-qemu-guest-agent.rules
@@ -677,7 +685,7 @@ BuildRequires: rutabaga-gfx-ffi-devel
 %endif
 
 %if %{user_static}
-BuildRequires: glibc-static >= 2.38-9
+BuildRequires: glibc-static >= 2.38-10
 BuildRequires: glib2-static zlib-static
 BuildRequires: pcre2-static
 %endif
@@ -3487,6 +3495,15 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
 
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 8.2.0-18
+- merge from Azure Linux 3.0.20250521-3.0
+- Added patch for CVE-2024-26327 CVE-2024-26328
+- Bump to rebuild with updated glibc
+- Added patch for CVE-2024-6505 CVE-2024-4467 CVE-2024-4693 CVE-2024-7730 CVE-2024-3447 CVE-2024-3567
+- Add patch for CVE-2023-6683
+- Add patch for CVE-2023-6693
+- Add patch for CVE-2021-20255
+
 * Tue Mar 18 2025 Ranjan Dutta  - 8.2.0-17
 - Bump version for merge AZL tag: 3.0.20250311-3.0
 - Bump to rebuild with updated glibc
diff --git a/SPECS/qtsvg/qtsvg.spec b/SPECS/qtsvg/qtsvg.spec
index 6b55d09dbf..00a9cbc555 100644
--- a/SPECS/qtsvg/qtsvg.spec
+++ b/SPECS/qtsvg/qtsvg.spec
@@ -4,7 +4,7 @@
 Summary:        Qt6 - Support for rendering and displaying SVG
 Name:           qtsvg
 Version:        6.6.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 # See LICENSE.GPL3-EXCEPT.txt, for exception details
 License:        GFDL AND GPLv2+ WITH exceptions AND LGPLv2.1+
 Vendor:         Microsoft Corporation
@@ -89,6 +89,9 @@ popd
 
 
 %changelog
+* Mon Apr 07 2025 Andrew Phelps  - 6.6.1-2
+- Bump release to recompile with qtbase-devel-6.6.3
+
 * Tue Jan 02 2024 Sam Meluch  - 6.6.1-1
 - Upgrade to version 6.6.1
 
diff --git a/SPECS/rabbitmq-server/CVE-2025-30219.patch b/SPECS/rabbitmq-server/CVE-2025-30219.patch
new file mode 100644
index 0000000000..daf80180f2
--- /dev/null
+++ b/SPECS/rabbitmq-server/CVE-2025-30219.patch
@@ -0,0 +1,25 @@
+From 174947b41a5d56abab0abeb9159291a395b6345a Mon Sep 17 00:00:00 2001
+From: Michael Klishin 
+Date: Fri, 25 Oct 2024 22:14:41 -0400
+Subject: [PATCH] Use fmt_string in this error message
+
+---
+ deps/rabbitmq_management/priv/www/js/tmpl/overview.ejs | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/deps/rabbitmq_management/priv/www/js/tmpl/overview.ejs b/deps/rabbitmq_management/priv/www/js/tmpl/overview.ejs
+index f9302a6..9ee67cc 100644
+--- a/deps/rabbitmq_management/priv/www/js/tmpl/overview.ejs
++++ b/deps/rabbitmq_management/priv/www/js/tmpl/overview.ejs
+@@ -27,7 +27,7 @@
+         if (vhosts[i].cluster_state[vhost_status_node] != 'running') {
+ %>
+ 

+-  Virtual host <%= vhosts[i].name %> experienced an error on node <%= vhost_status_node %> and may be inaccessible
++  Virtual host <%= fmt_string(vhosts[i].name) %> experienced an error on node <%= fmt_string(vhost_status_node) %> and may be inaccessible
+ 

+ <% }}} %>
+ 
+-- 
+2.34.1
+
diff --git a/SPECS/rabbitmq-server/rabbitmq-server.spec b/SPECS/rabbitmq-server/rabbitmq-server.spec
index c3753a44bc..5d0685a5c2 100644
--- a/SPECS/rabbitmq-server/rabbitmq-server.spec
+++ b/SPECS/rabbitmq-server/rabbitmq-server.spec
@@ -2,13 +2,14 @@
 Summary:        rabbitmq-server
 Name:           rabbitmq-server
 Version:        3.13.7
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        Apache-2.0 and MPL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          Development/Languages
 URL:            https://rabbitmq.com
 Source0:        https://github.com/rabbitmq/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz
+Patch0:			CVE-2025-30219.patch
 
 BuildRequires:  elixir
 BuildRequires:  erlang
@@ -36,7 +37,7 @@ Requires:       zip
 RabbitMQ is a reliable and mature messaging and streaming broker, which is easy to deploy on cloud environments, on-premises, and on your local machine.
 
 %prep
-%autosetup
+%autosetup -p1
 
 %build
 export LANG="en_US.UTF-8"
@@ -65,6 +66,9 @@ done
 %{_libdir}/rabbitmq/lib/rabbitmq_server-%{version}/*
 
 %changelog
+* Mon Mar 31 2025 Ankita Pareek  - 3.13.7-2
+- Address CVE-2025-30219 with a patch
+
 * Tue Sep 17 2024 Archana Choudhary  - 3.13.7-1
 - Upgrade rabbitmq-server to version 3.13.7
 - deps/jose is updated to 1.11.10
diff --git a/SPECS/reproc/reproc.signatures.json b/SPECS/reproc/reproc.signatures.json
new file mode 100644
index 0000000000..6a3011d7ba
--- /dev/null
+++ b/SPECS/reproc/reproc.signatures.json
@@ -0,0 +1,6 @@
+{
+    "Signatures": {
+     "reproc-14.2.4-1c07bdb.tar.gz": "d6ae44f96a5c33a43aec1c7fda735bb59f26bf4160531a3610ffedb77d792438"
+    }
+   }
+   
\ No newline at end of file
diff --git a/SPECS/reproc/reproc.spec b/SPECS/reproc/reproc.spec
new file mode 100644
index 0000000000..54d163e692
--- /dev/null
+++ b/SPECS/reproc/reproc.spec
@@ -0,0 +1,106 @@
+%global commit 1c07bdbec3f2ecba7125b9499b9a8a77bf9aa8c7
+%global shortcommit %(c=%commit; echo ${c:0:7})
+
+Summary:        A cross-platform (C99/C++11) process library
+Name:           reproc
+Version:        14.2.4
+Release:        6%{?dist}
+License:        MIT 
+URL:            https://github.com/DaanDeMeyer/reproc
+Source0:        https://github.com/DaanDeMeyer/reproc/archive/%{commit}/%{name}-%{version}-%{shortcommit}.tar.gz
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+BuildRequires:  cmake
+BuildRequires:  gcc-c++
+
+%description
+reproc (Redirected Process) is a cross-platform C/C++ library that simplifies
+starting, stopping and communicating with external programs. The main use case
+is executing command line applications directly from C or C++ code and
+retrieving their output.
+
+reproc consists out of two libraries: reproc and reproc++. reproc is a C99
+library that contains the actual code for working with external programs.
+reproc++ depends on reproc and adapts its API to an idiomatic C++11 API. It
+also adds a few extras that simplify working with external programs from C++.
+
+
+%package        devel
+Summary:        Development files for %{name}
+License:        MIT
+Requires:       %{name} = %{version}-%{release}
+Requires:       cmake-filesystem
+Requires:       pkgconfig
+
+%description    devel
+The %{name}-devel package contains libraries and header files for
+developing applications that use %{name}.
+
+
+%prep
+%autosetup -n %{name}-%{commit}
+
+
+%build
+%cmake -DREPROC++=ON -DREPROC_TEST=ON
+%cmake_build
+
+
+%install
+%cmake_install
+
+%check
+%ctest
+
+
+%files
+%doc CHANGELOG.md README.md
+%license LICENSE
+%{_libdir}/*.so.14*
+
+%files devel
+%{_includedir}/reproc/
+%{_includedir}/reproc++/
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/*.pc
+%{_libdir}/cmake/reproc/
+%{_libdir}/cmake/reproc++/
+
+
+%changelog
+* Mon Apr 14 2025 Riken Maharjan  - 14.2.4-6
+- Initial Azure Linux import from Fedora 42 (license: MIT)
+- License Verified
+
+* Sat Jan 18 2025 Fedora Release Engineering  - 14.2.4-5.20230609git1c07bdb
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
+
+* Fri Jul 19 2024 Fedora Release Engineering  - 14.2.4-4.20230609git1c07bdb
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Jan 26 2024 Fedora Release Engineering  - 14.2.4-3.20230609git1c07bdb
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Jan 22 2024 Fedora Release Engineering  - 14.2.4-2.20230609git1c07bdb
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Aug 04 2023 Orion Poplawski  - 14.2.4-1.20230609git1c07bdb
+- Update to 14.2.4 + latest git (FTBFS bz#2171704)
+
+* Fri Jul 21 2023 Fedora Release Engineering  - 14.2.2-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Fri Jan 20 2023 Fedora Release Engineering  - 14.2.2-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Sat Jul 23 2022 Fedora Release Engineering  - 14.2.2-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Fri Jan 21 2022 Fedora Release Engineering  - 14.2.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 14.2.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Wed Jun 16 2021 Orion Poplawski  - 14.2.2-1
+- Initial package
diff --git a/SPECS/rpm-ostree/CVE-2024-2905.patch b/SPECS/rpm-ostree/CVE-2024-2905.patch
new file mode 100644
index 0000000000..5c3c10d975
--- /dev/null
+++ b/SPECS/rpm-ostree/CVE-2024-2905.patch
@@ -0,0 +1,125 @@
+From 4c593d659aff212cdcf9d3ca40cd24a8277f6638 Mon Sep 17 00:00:00 2001
+From: jykanase 
+Date: Fri, 16 May 2025 06:48:14 +0000
+Subject: [PATCH] CVE-2024-2905
+https://github.com/coreos/rpm-ostree/pull/4911
+---
+ Makefile-daemon.am                            |  1 +
+ packaging/rpm-ostree.spec.in                  |  5 +++++
+ rust/src/passwd.rs                            | 14 ++++++++++++++
+ src/daemon/rpm-ostree-fix-shadow-mode.service | 19 +++++++++++++++++++
+ tests/compose/libbasic-test.sh                |  5 +++++
+ 5 files changed, 44 insertions(+)
+ create mode 100644 src/daemon/rpm-ostree-fix-shadow-mode.service
+
+diff --git a/Makefile-daemon.am b/Makefile-daemon.am
+index 4233d90..f96f49a 100644
+--- a/Makefile-daemon.am
++++ b/Makefile-daemon.am
+@@ -60,6 +60,7 @@ systemdunit_service_file_names = \
+ 	rpm-ostreed-automatic.service \
+ 	rpm-ostree-bootstatus.service \
+ 	rpm-ostree-countme.service \
++	rpm-ostree-fix-shadow-mode.service \
+ 	$(NULL)
+ 
+ systemdunit_service_files = $(addprefix $(srcdir)/src/daemon/,$(systemdunit_service_file_names))
+diff --git a/packaging/rpm-ostree.spec.in b/packaging/rpm-ostree.spec.in
+index 8aa9afa..f734f67 100644
+--- a/packaging/rpm-ostree.spec.in
++++ b/packaging/rpm-ostree.spec.in
+@@ -237,6 +237,11 @@ $PYTHON autofiles.py > files.devel \
+ # Setup rpm-ostree-countme.timer according to presets
+ %post
+ %systemd_post rpm-ostree-countme.timer
++# Only enable on rpm-ostree based systems and manually force unit enablement to
++# explicitly ignore presets for this security fix
++if [ -e /run/ostree-booted ]; then
++    ln -snf /usr/lib/systemd/system/rpm-ostree-fix-shadow-mode.service  /usr/lib/systemd/system/multi-user.target.wants/
++fi
+ 
+ %preun
+ %systemd_preun rpm-ostree-countme.timer
+diff --git a/rust/src/passwd.rs b/rust/src/passwd.rs
+index 79ee488..8f0e584 100644
+--- a/rust/src/passwd.rs
++++ b/rust/src/passwd.rs
+@@ -421,6 +421,12 @@ fn write_data_from_treefile(
+     let db = rootfs.open(target_passwd_path).map(BufReader::new)?;
+     let shadow_name = target.shadow_file();
+     let target_shadow_path = format!("{}{}", dest_path, shadow_name);
++    // Ideally these permissions come from `setup`, which is the package
++    // that owns these files:
++    // https://src.fedoraproject.org/rpms/setup/blob/c6f58b338bd3/f/setup.spec#_96
++    // But at this point of the compose, the rootfs is completely empty; we
++    // haven't started unpacking things yet. So we need to hardcode it here.
++    let shadow_perms = cap_std::fs::Permissions::from_mode(0);
+ 
+     match target {
+         PasswdKind::User => {
+@@ -430,6 +436,10 @@ fn write_data_from_treefile(
+                     for user in entries {
+                         writeln!(target_shadow, "{}:*::0:99999:7:::", user.name)?;
+                     }
++                    target_shadow
++                        .get_mut()
++                        .as_file_mut()
++                        .set_permissions(shadow_perms)?;
+                     Ok(())
+                 })
+                 .with_context(|| format!("Writing {target_shadow_path}"))?;
+@@ -441,6 +451,10 @@ fn write_data_from_treefile(
+                     for group in entries {
+                         writeln!(target_shadow, "{}:::", group.name)?;
+                     }
++                    target_shadow
++                        .get_mut()
++                        .as_file_mut()
++                        .set_permissions(shadow_perms)?;
+                     Ok(())
+                 })
+                 .with_context(|| format!("Writing {target_shadow_path}"))?;
+diff --git a/src/daemon/rpm-ostree-fix-shadow-mode.service b/src/daemon/rpm-ostree-fix-shadow-mode.service
+new file mode 100644
+index 0000000..4aea746
+--- /dev/null
++++ b/src/daemon/rpm-ostree-fix-shadow-mode.service
+@@ -0,0 +1,19 @@
++[Unit]
++# rpm-ostree v2023.6 introduced a permission issue on `/etc/[g]shadow[-]`.
++# This makes sure to fix permissions on systems that were deployed with the wrong permissions.
++Description=Update permissions for /etc/shadow
++Documentation=https://github.com/coreos/rpm-ostree-ghsa-2m76-cwhg-7wv6
++ConditionPathExists=!/etc/.rpm-ostree-shadow-mode-fixed.stamp
++ConditionPathExists=/run/ostree-booted
++# Make sure this is started before any unprivileged (interactive) user has access to the system.
++Before=systemd-user-sessions.service
++
++[Service]
++Type=oneshot
++ExecStart=chmod --verbose 0000 /etc/shadow /etc/gshadow
++ExecStart=-chmod --verbose 0000 /etc/shadow- /etc/gshadow-
++ExecStart=touch /etc/.rpm-ostree-shadow-mode-fixed.stamp
++RemainAfterExit=yes
++
++[Install]
++WantedBy=multi-user.target
+diff --git a/tests/compose/libbasic-test.sh b/tests/compose/libbasic-test.sh
+index 0a75176..3f7c6d8 100644
+--- a/tests/compose/libbasic-test.sh
++++ b/tests/compose/libbasic-test.sh
+@@ -22,6 +22,11 @@ validate_passwd group
+ ostree --repo=${repo} ls ${treeref} /usr/etc/passwd > passwd.txt
+ assert_file_has_content_literal passwd.txt '00644 '
+ 
++ostree --repo=${repo} ls ${treeref} /usr/etc/shadow > shadow.txt
++assert_file_has_content_literal shadow.txt '00000 '
++ostree --repo=${repo} ls ${treeref} /usr/etc/gshadow > gshadow.txt
++assert_file_has_content_literal gshadow.txt '00000 '
++
+ ostree --repo=${repo} cat ${treeref} /usr/etc/default/useradd > useradd.txt
+ assert_file_has_content_literal useradd.txt HOME=/var/home
+ 
+-- 
+2.45.2
+
diff --git a/SPECS/rpm-ostree/rpm-ostree.spec b/SPECS/rpm-ostree/rpm-ostree.spec
index f91c6e0fb3..703d6a763a 100644
--- a/SPECS/rpm-ostree/rpm-ostree.spec
+++ b/SPECS/rpm-ostree/rpm-ostree.spec
@@ -1,7 +1,7 @@
 Summary:        Commit RPMs to an OSTree repository
 Name:           rpm-ostree
 Version:        2024.4
-Release:        1%{?dist}
+Release:        3%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -9,13 +9,14 @@ URL:            https://github.com/coreos/rpm-ostree
 Source0:        %{url}/releases/download/v%{version}/%{name}-%{version}.tar.xz
 Patch0:         0001-Revert-compose-Inject-our-static-tmpfiles.d-dropins-.patch
 Patch1:         rpm-ostree-libdnf-build.patch
+Patch2:         CVE-2024-2905.patch
 
 BuildRequires:  attr-devel
 BuildRequires:  autoconf
 BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  bubblewrap
-BuildRequires:  cargo
+BuildRequires:  cargo < 1.85.0
 BuildRequires:  check
 BuildRequires:  cppunit-devel
 BuildRequires:  createrepo_c
@@ -45,7 +46,7 @@ BuildRequires:  polkit-devel
 BuildRequires:  popt-devel
 BuildRequires:  python3-devel
 BuildRequires:  python3-pygments
-BuildRequires:  rust
+BuildRequires:  rust < 1.85.0
 BuildRequires:  sqlite-devel
 BuildRequires:  systemd-devel
 BuildRequires:  which
@@ -177,6 +178,12 @@ make check
 %{_datadir}/gir-1.0/*-1.0.gir
 
 %changelog
+* Fri May 16 2025 Jyoti Kanase  - 2024.4-3
+- Patch CVE-2024-2905
+
+* Mon Apr 21 2025 Kavya Sree Kaitepalli  - 2024.4-2
+- Pin rust version
+
 * Fri Apr 05 2024 Betty Lakes  - 2024.4-1
 - Upgrade to 2024.4 and remove libgsystem dependency
 
diff --git a/SPECS/ruby/CVE-2025-25186.patch b/SPECS/ruby/CVE-2025-25186.patch
new file mode 100644
index 0000000000..8095550bd5
--- /dev/null
+++ b/SPECS/ruby/CVE-2025-25186.patch
@@ -0,0 +1,59 @@
+From 4b3f68e2cf28fb206ede3afb400f199901afce38 Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Mon, 17 Feb 2025 13:54:22 -0600
+Subject: [PATCH] Address CVE-2025-25186
+Upstream Patch Reference: https://github.com/ruby/net-imap/commit/cb92191b1ddce2d978d01b56a0883b6ecf0b1022
+
+---
+ .../lib/net/imap/response_parser.rb           | 26 ++++++++++++++++---
+ 1 file changed, 23 insertions(+), 3 deletions(-)
+
+diff --git a/.bundle/gems/net-imap-0.4.9.1/lib/net/imap/response_parser.rb b/.bundle/gems/net-imap-0.4.9.1/lib/net/imap/response_parser.rb
+index 1aab798..abb834c 100644
+--- a/.bundle/gems/net-imap-0.4.9.1/lib/net/imap/response_parser.rb
++++ b/.bundle/gems/net-imap-0.4.9.1/lib/net/imap/response_parser.rb
+@@ -8,6 +8,8 @@ module Net
+
+     # Parses an \IMAP server response.
+     class ResponseParser
++      MAX_UID_SET_SIZE = 10_000
++
+       include ParserUtils
+       extend  ParserUtils::Generator
+
+@@ -2002,11 +2004,29 @@ module Net
+         case token.symbol
+         when T_NUMBER then [Integer(token.value)]
+         when T_ATOM
+-          token.value.split(",").flat_map {|range|
+-            range = range.split(":").map {|uniqueid| Integer(uniqueid) }
+-            range.size == 1 ? range : Range.new(range.min, range.max).to_a
++          entries = uid_set__ranges(token.value)
++          if (count = entries.sum(&:count)) > MAX_UID_SET_SIZE
++            parse_error("uid-set is too large: %d > 10k", count)
++          end
++          entries.flat_map(&:to_a)
++        end
++      end
++
++      # returns an array of ranges
++      def uid_set__ranges(uidset)
++        entries = []
++        uidset.split(",") do |entry|
++          uids = entry.split(":", 2).map {|uid|
++            unless uid =~ /\A[1-9][0-9]*\z/
++              parse_error("invalid uid-set uid: %p", uid)
++            end
++            uid = Integer(uid)
++            NumValidator.ensure_nz_number(uid)
++            uid
+           }
++          entries << Range.new(*uids.minmax)
+         end
++        entries
+       end
+
+       def nil_atom
+--
+2.45.2
+
diff --git a/SPECS/ruby/CVE-2025-27219.patch b/SPECS/ruby/CVE-2025-27219.patch
new file mode 100644
index 0000000000..4d50c627d1
--- /dev/null
+++ b/SPECS/ruby/CVE-2025-27219.patch
@@ -0,0 +1,29 @@
+From 9907b76dad0777ee300de236dad4b559e07596ab Mon Sep 17 00:00:00 2001
+From: Hiroshi SHIBATA 
+Date: Fri, 21 Feb 2025 16:01:17 +0900
+Subject: [PATCH] Use String#concat instead of String#+ for reducing cpu usage
+
+Upstream Reference : https://github.com/ruby/cgi/commit/9907b76dad0777ee300de236dad4b559e07596ab
+
+Co-authored-by: "Yusuke Endoh" 
+---
+ lib/cgi/cookie.rb | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
+index 9498e2f..1c4ef6a 100644
+--- a/lib/cgi/cookie.rb
++++ b/lib/cgi/cookie.rb
+@@ -190,9 +190,10 @@ def self.parse(raw_cookie)
+         values ||= ""
+         values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }
+         if cookies.has_key?(name)
+-          values = cookies[name].value + values
++          cookies[name].concat(values)
++        else
++          cookies[name] = Cookie.new(name, *values)
+         end
+-        cookies[name] = Cookie.new(name, *values)
+       end
+ 
+       cookies
diff --git a/SPECS/ruby/CVE-2025-27220.patch b/SPECS/ruby/CVE-2025-27220.patch
new file mode 100644
index 0000000000..2e23967c5a
--- /dev/null
+++ b/SPECS/ruby/CVE-2025-27220.patch
@@ -0,0 +1,70 @@
+From cd1eb08076c8b8e310d4d553d427763f2577a1b6 Mon Sep 17 00:00:00 2001
+From: Hiroshi SHIBATA 
+Date: Fri, 21 Feb 2025 15:53:31 +0900
+Subject: [PATCH] Escape/unescape unclosed tags as well
+Upstream Reference : https://github.com/ruby/cgi/commit/cd1eb08076c8b8e310d4d553d427763f2577a1b6
+
+Co-authored-by: Nobuyoshi Nakada 
+---
+ lib/cgi/util.rb           |  4 ++--
+ test/cgi/test_cgi_util.rb | 18 ++++++++++++++++++
+ 2 files changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/lib/cgi/util.rb b/lib/cgi/util.rb
+index 4986e54..5f12eae 100644
+--- a/lib/cgi/util.rb
++++ b/lib/cgi/util.rb
+@@ -184,7 +184,7 @@ def unescapeHTML(string)
+   def escapeElement(string, *elements)
+     elements = elements[0] if elements[0].kind_of?(Array)
+     unless elements.empty?
+-      string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do
++      string.gsub(/<\/?(?:#{elements.join("|")})\b[^<>]*+>?/im) do
+         CGI.escapeHTML($&)
+       end
+     else
+@@ -204,7 +204,7 @@ def escapeElement(string, *elements)
+   def unescapeElement(string, *elements)
+     elements = elements[0] if elements[0].kind_of?(Array)
+     unless elements.empty?
+-      string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do
++      string.gsub(/<\/?(?:#{elements.join("|")})\b(?>[^&]+|&(?![gl]t;)\w+;)*(?:>)?/im) do
+         unescapeHTML($&)
+       end
+     else
+diff --git a/test/cgi/test_cgi_util.rb b/test/cgi/test_cgi_util.rb
+index b0612fc..bff77f7 100644
+--- a/test/cgi/test_cgi_util.rb
++++ b/test/cgi/test_cgi_util.rb
+@@ -269,6 +269,14 @@ def test_cgi_escapeElement
+     assert_equal("
<A HREF="url"></A>", escapeElement('
', ["A", "IMG"]))
+     assert_equal("
<A HREF="url"></A>", escape_element('
', "A", "IMG"))
+     assert_equal("
<A HREF="url"></A>", escape_element('
', ["A", "IMG"]))
++
++    assert_equal("<A <A HREF="url"></A>", escapeElement('', "A", "IMG"))
++    assert_equal("<A <A HREF="url"></A>", escapeElement('', ["A", "IMG"]))
++    assert_equal("<A <A HREF="url"></A>", escape_element('', "A", "IMG"))
++    assert_equal("<A <A HREF="url"></A>", escape_element('', ["A", "IMG"]))
++
++    assert_equal("<A <A ", escapeElement('', unescapeElement(escapeHTML('
'), ["A", "IMG"]))
+     assert_equal('<BR>', unescape_element(escapeHTML('
'), "A", "IMG"))
+     assert_equal('<BR>', unescape_element(escapeHTML('
'), ["A", "IMG"]))
++
++    assert_equal('', unescapeElement(escapeHTML(''), "A", "IMG"))
++    assert_equal('', unescapeElement(escapeHTML(''), ["A", "IMG"]))
++    assert_equal('', unescape_element(escapeHTML(''), "A", "IMG"))
++    assert_equal('', unescape_element(escapeHTML(''), ["A", "IMG"]))
++
++    assert_equal('
+Date: Mon, 10 Mar 2025 05:51:28 +0000
+Subject: [PATCH] CVE-2025-27221
+
+Upstream Reference : https://github.com/ruby/uri/pull/155
+---
+ lib/uri/generic.rb       | 15 +++++++--------
+ test/uri/test_generic.rb | 18 ++++++++++++++++++
+ 2 files changed, 25 insertions(+), 8 deletions(-)
+
+diff --git a/lib/uri/generic.rb b/lib/uri/generic.rb
+index f3540a2..2c0a88d 100644
+--- a/lib/uri/generic.rb
++++ b/lib/uri/generic.rb
+@@ -1133,17 +1133,16 @@ module URI
+       base.fragment=(nil)
+ 
+       # RFC2396, Section 5.2, 4)
+-      if !authority
+-        base.set_path(merge_path(base.path, rel.path)) if base.path && rel.path
+-      else
+-        # RFC2396, Section 5.2, 4)
+-        base.set_path(rel.path) if rel.path
++      if authority
++        base.set_userinfo(rel.userinfo)
++        base.set_host(rel.host)
++        base.set_port(rel.port || base.default_port)
++        base.set_path(rel.path)
++      elsif base.path && rel.path
++        base.set_path(merge_path(base.path, rel.path))
+       end
+ 
+       # RFC2396, Section 5.2, 7)
+-      base.set_userinfo(rel.userinfo) if rel.userinfo
+-      base.set_host(rel.host)         if rel.host
+-      base.set_port(rel.port)         if rel.port
+       base.query = rel.query       if rel.query
+       base.fragment=(rel.fragment) if rel.fragment
+ 
+diff --git a/test/uri/test_generic.rb b/test/uri/test_generic.rb
+index e661937..1a70dd4 100644
+--- a/test/uri/test_generic.rb
++++ b/test/uri/test_generic.rb
+@@ -164,6 +164,17 @@ class URI::TestGeneric < Test::Unit::TestCase
+     # must be empty string to identify as path-abempty, not path-absolute
+     assert_equal('', url.host)
+     assert_equal('http:////example.com', url.to_s)
++
++    # sec-2957667
++    url = URI.parse('http://user:pass@example.com').merge('//example.net')
++    assert_equal('http://example.net', url.to_s)
++    assert_nil(url.userinfo)
++    url = URI.join('http://user:pass@example.com', '//example.net')
++    assert_equal('http://example.net', url.to_s)
++    assert_nil(url.userinfo)
++    url = URI.parse('http://user:pass@example.com') + '//example.net'
++    assert_equal('http://example.net', url.to_s)
++    assert_nil(url.userinfo)
+   end
+ 
+   def test_parse_scheme_with_symbols
+@@ -256,6 +267,13 @@ class URI::TestGeneric < Test::Unit::TestCase
+     assert_equal(u0, u1)
+   end
+ 
++  def test_merge_authority
++    u = URI.parse('http://user:pass@example.com:8080')
++    u0 = URI.parse('http://new.example.org/path')
++    u1 = u.merge('//new.example.org/path')
++    assert_equal(u0, u1)
++  end
++
+   def test_route
+     url = URI.parse('http://hoge/a.html').route_to('http://hoge/b.html')
+     assert_equal('b.html', url.to_s)
+-- 
+2.45.2
+
diff --git a/SPECS/ruby/ruby.spec b/SPECS/ruby/ruby.spec
index 9e80cb45d1..daa4e70b56 100644
--- a/SPECS/ruby/ruby.spec
+++ b/SPECS/ruby/ruby.spec
@@ -87,7 +87,7 @@ Name:           ruby
 # provides should be versioned according to the ruby version.
 # More info: https://stdgems.org/
 Version:        %{ruby_version}
-Release:        1%{?dist}
+Release:        3%{?dist}
 License:        (Ruby OR BSD) AND Public Domain AND MIT AND CC0 AND zlib AND UCD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -106,6 +106,10 @@ Patch0:         CVE-2024-49761.patch
 # to remove the lock file for binstubs and avoid race condition
 Patch1:         Avoid-another-race-condition-of-open-mode.patch
 Patch2:         Remove-the-lock-file-for-binstubs.patch
+Patch3:         CVE-2025-25186.patch
+Patch4:         CVE-2025-27219.patch
+Patch5:         CVE-2025-27220.patch
+Patch6:         CVE-2025-27221.patch
 BuildRequires:  openssl-devel
 # Pkgconfig(yaml-0.1) is needed to build the 'psych' gem.
 BuildRequires:  pkgconfig(yaml-0.1)
@@ -410,6 +414,12 @@ sudo -u test make test TESTS="-v"
 %{_rpmconfigdir}/rubygems.con
 
 %changelog
+* Tue Mar 15 2025 Kanishk Bansal  - 3.3.5-3
+- Patch CVE-2025-27219, CVE-2025-27220, CVE-2025-27221
+
+* Mon Feb 17 2025 Sreeniavsulu Malavathula  - 3.3.5-2
+- Patch to fix CVE-2025-25186
+
 * Fri Nov 08 2024 Saul Paredes  - 3.3.5-1
 - Upgrade ruby to 3.3.5 to resolve CVE-2024-39908
 - Remove CVE-2024-41946.patch as it no longer applies as ruby 3.3.5 containers rubygem-rexml 3.3.6, where CVE-2024-41946 is already fixed
diff --git a/SPECS/rubygem-fluent-config-regexp-type/fix-file_list.patch b/SPECS/rubygem-fluent-config-regexp-type/fix-file_list.patch
deleted file mode 100644
index 6400e3d328..0000000000
--- a/SPECS/rubygem-fluent-config-regexp-type/fix-file_list.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -ruN a/fluent-config-regexp-type.gemspec b/fluent-config-regexp-type.gemspec
---- a/fluent-config-regexp-type.gemspec	2018-05-23 19:31:02.000000000 -0700
-+++ b/fluent-config-regexp-type.gemspec	2022-07-07 16:14:06.445576502 -0700
-@@ -11,7 +11,7 @@
-   spec.description   = "The compatibility monkey patch to use regexp type "
-   spec.homepage      = "https://github.com/okkez/fluent-config-regexp-type"
- 
--  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
-+  spec.files         = Dir['**/*'].reject do |f|
-     f.match(%r{^(test|spec|features)/})
-   end
-   spec.bindir        = "exe"
diff --git a/SPECS/rubygem-fluent-config-regexp-type/rubygem-fluent-config-regexp-type.signatures.json b/SPECS/rubygem-fluent-config-regexp-type/rubygem-fluent-config-regexp-type.signatures.json
deleted file mode 100644
index bd921cf497..0000000000
--- a/SPECS/rubygem-fluent-config-regexp-type/rubygem-fluent-config-regexp-type.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "Signatures": {
-  "fluent-config-regexp-type-1.0.0.tar.gz": "8bd93a4a5b529a6314993d1f99ab611dd9608c4e0acdd991aa51fa7d6dd3a8d3"
- }
-}
diff --git a/SPECS/rubygem-fluent-config-regexp-type/rubygem-fluent-config-regexp-type.spec b/SPECS/rubygem-fluent-config-regexp-type/rubygem-fluent-config-regexp-type.spec
deleted file mode 100644
index abb115a53c..0000000000
--- a/SPECS/rubygem-fluent-config-regexp-type/rubygem-fluent-config-regexp-type.spec
+++ /dev/null
@@ -1,43 +0,0 @@
-%global debug_package %{nil}
-%global gem_name fluent-config-regexp-type
-Summary:        The compatibility patch to use regexp type
-Name:           rubygem-%{gem_name}
-Version:        1.0.0
-Release:        2%{?dist}
-License:        Apache 2.0
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
-Group:          Development/Languages
-URL:            https://github.com/okkez/fluent-config-regexp-type
-Source0:        https://github.com/okkez/fluent-config-regexp-type/archive/refs/tags/v%{version}.tar.gz#/%{gem_name}-%{version}.tar.gz
-Patch0:         fix-file_list.patch
-BuildRequires:  git
-BuildRequires:  ruby
-Requires:       rubygem-fluentd
-Provides:       rubygem(%{gem_name}) = %{version}-%{release}
-
-%description
-Fluentd 1.2.0 supports regexp type in config_param.
-This gem backports regexp type for config_param.
-
-%prep
-%autosetup -p1 -n %{gem_name}-%{version}
-
-%build
-gem build %{gem_name}
-
-%install
-gem install -V --local --force --install-dir %{buildroot}/%{gemdir} %{gem_name}-%{version}.gem
-
-%files
-%defattr(-,root,root,-)
-%license %{gemdir}/gems/%{gem_name}-%{version}/LICENSE
-%{gemdir}
-
-%changelog
-* Wed Jun 22 2022 Neha Agarwal  - 1.0.0-2
-- Build from .tar.gz source.
-
-* Mon Jan 04 2021 Henry Li  - 1.0.0-1
-- License verified
-- Original version for CBL-Mariner
\ No newline at end of file
diff --git a/SPECS/rubygem-fluent-logger/fix-file_list.patch b/SPECS/rubygem-fluent-logger/fix-file_list.patch
deleted file mode 100644
index 121b176833..0000000000
--- a/SPECS/rubygem-fluent-logger/fix-file_list.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff -ruN a/fluent-logger.gemspec b/fluent-logger.gemspec
---- a/fluent-logger.gemspec	2020-09-03 22:52:31.000000000 -0700
-+++ b/fluent-logger.gemspec	2022-06-24 09:15:36.105267010 -0700
-@@ -15,9 +15,9 @@
-   gem.description = %q{fluent logger for ruby}
-   gem.summary     = gem.description
- 
--  gem.files         = `git ls-files`.split("\n")
--  gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
--  gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
-+  gem.files         = Dir['**/*']
-+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
-+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) } 
-   gem.require_paths = ['lib']
-   gem.license       = "Apache-2.0"
- 
diff --git a/SPECS/rubygem-fluent-logger/rubygem-fluent-logger.signatures.json b/SPECS/rubygem-fluent-logger/rubygem-fluent-logger.signatures.json
deleted file mode 100644
index 2d130cc388..0000000000
--- a/SPECS/rubygem-fluent-logger/rubygem-fluent-logger.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "Signatures": {
-  "fluent-logger-ruby-0.9.0.tar.gz": "9d6870368b091e2e07b51fff1e09eaaec7a412f78232ee66f34a065eaba2fcaf"
- }
-}
diff --git a/SPECS/rubygem-fluent-logger/rubygem-fluent-logger.spec b/SPECS/rubygem-fluent-logger/rubygem-fluent-logger.spec
deleted file mode 100644
index 7f80cd1166..0000000000
--- a/SPECS/rubygem-fluent-logger/rubygem-fluent-logger.spec
+++ /dev/null
@@ -1,46 +0,0 @@
-%global debug_package %{nil}
-%global gem_name fluent-logger
-%global gems_version 3.1.0
-Summary:        fluent logger for ruby
-Name:           rubygem-fluent-logger
-Version:        0.9.0
-Release:        3%{?dist}
-License:        Apache 2.0
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
-Group:          Development/Languages
-URL:            https://github.com/fluent/fluent-logger-ruby
-Source0:        https://github.com/fluent/fluent-logger-ruby/archive/refs/tags/v%{version}.tar.gz#/%{gem_name}-ruby-%{version}.tar.gz
-Patch0:         fix-file_list.patch
-BuildRequires:  git
-BuildRequires:  ruby
-Requires:       rubygem-msgpack < 2
-Provides:       rubygem(%{gem_name}) = %{version}-%{release}
-
-%description
-A structured event logger.
-
-%prep
-%autosetup -p1 -n %{gem_name}-ruby-%{version}
-
-%build
-gem build %{gem_name}
-
-%install
-gem install -V --local --force --install-dir %{buildroot}/%{gemdir} %{gem_name}-%{version}.gem
-
-%files
-%defattr(-,root,root,-)
-%license %{gemdir}/gems/%{gem_name}-%{version}/COPYING
-%{gemdir}
-
-%changelog
-* Thu Feb 08 2024 Pawel Winogrodzki  - 0.9.0-3
-- Fixed install steps misconfiguration.
-
-* Wed Jun 22 2022 Neha Agarwal  - 0.9.0-2
-- Build from .tar.gz source.
-
-* Mon Jan 04 2021 Henry Li  - 0.9.0-1
-- License verified
-- Original version for CBL-Mariner
diff --git a/SPECS/rubygem-fluent-plugin-elasticsearch/fix-file_list.patch b/SPECS/rubygem-fluent-plugin-elasticsearch/fix-file_list.patch
deleted file mode 100644
index 3b12c582ab..0000000000
--- a/SPECS/rubygem-fluent-plugin-elasticsearch/fix-file_list.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -ruN a/fluent-plugin-elasticsearch.gemspec b/fluent-plugin-elasticsearch.gemspec
---- a/fluent-plugin-elasticsearch.gemspec	2022-07-07 16:33:59.519676611 -0700
-+++ b/fluent-plugin-elasticsearch.gemspec	2022-07-07 16:34:32.980073686 -0700
-@@ -11,7 +11,7 @@
-   s.homepage      = 'https://github.com/uken/fluent-plugin-elasticsearch'
-   s.license       = 'Apache-2.0'
- 
--  s.files         = `git ls-files`.split($/)
-+  s.files         = Dir['**/*']
-   s.executables   = s.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
-   s.test_files    = s.files.grep(%r{^(test|spec|features)/})
-   s.require_paths = ['lib']
diff --git a/SPECS/rubygem-fluent-plugin-elasticsearch/rubygem-fluent-plugin-elasticsearch.signatures.json b/SPECS/rubygem-fluent-plugin-elasticsearch/rubygem-fluent-plugin-elasticsearch.signatures.json
deleted file mode 100644
index d7074ef8a3..0000000000
--- a/SPECS/rubygem-fluent-plugin-elasticsearch/rubygem-fluent-plugin-elasticsearch.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "Signatures": {
-    "fluent-plugin-elasticsearch-5.3.0.tar.gz": "061e4d681eb2006cb96c791d25e3ba4ecaaed8815ad6c256dbada6eb22ba214f"
-  }
-}
diff --git a/SPECS/rubygem-fluent-plugin-elasticsearch/rubygem-fluent-plugin-elasticsearch.spec b/SPECS/rubygem-fluent-plugin-elasticsearch/rubygem-fluent-plugin-elasticsearch.spec
deleted file mode 100644
index 4f21b2c02b..0000000000
--- a/SPECS/rubygem-fluent-plugin-elasticsearch/rubygem-fluent-plugin-elasticsearch.spec
+++ /dev/null
@@ -1,48 +0,0 @@
-%global debug_package %{nil}
-%global gem_name fluent-plugin-elasticsearch
-Summary:        Elasticsearch output plugin for Fluent event collector
-Name:           rubygem-fluent-plugin-elasticsearch
-Version:        5.3.0
-Release:        1%{?dist}
-License:        Apache 2.0
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
-Group:          Development/Languages
-URL:            https://github.com/uken/fluent-plugin-elasticsearch
-Source0:        https://github.com/uken/fluent-plugin-elasticsearch/archive/refs/tags/v%{version}.tar.gz#/%{gem_name}-%{version}.tar.gz
-Patch0:         fix-file_list.patch
-BuildRequires:  git
-BuildRequires:  ruby
-Requires:       rubygem-elasticsearch
-Requires:       rubygem-excon
-Requires:       rubygem-fluentd
-Provides:       rubygem(%{gem_name}) = %{version}-%{release}
-
-%description
-Elasticsearch output plugin for Fluent event collector
-
-%prep
-%autosetup -p1 -n %{gem_name}-%{version}
-
-%build
-gem build %{gem_name}
-
-%install
-gem install -V --local --force --install-dir %{buildroot}/%{gemdir} %{gem_name}-%{version}.gem
-
-%files
-%defattr(-,root,root,-)
-%license %{gemdir}/gems/%{gem_name}-%{version}/LICENSE.txt
-%{gemdir}
-
-%changelog
-* Thu Nov 02 2023 CBL-Mariner Servicing Account  - 5.3.0-1
-- Auto-upgrade to 5.3.0 - Azure Linux 3.0 - package upgrades
-
-* Wed Jun 22 2022 Neha Agarwal  - 5.2.2-1
-- Update to v5.2.2.
-- Build from .tar.gz source.
-
-* Mon Jan 04 2021 Henry Li  - 4.0.7-1
-- License verified
-- Original version for CBL-Mariner
\ No newline at end of file
diff --git a/SPECS/rubygem-fluent-plugin-kafka/fix-file_list.patch b/SPECS/rubygem-fluent-plugin-kafka/fix-file_list.patch
deleted file mode 100644
index b2c3781ad6..0000000000
--- a/SPECS/rubygem-fluent-plugin-kafka/fix-file_list.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -ruN a/fluent-plugin-kafka.gemspec b/fluent-plugin-kafka.gemspec
---- a/fluent-plugin-kafka.gemspec	2022-07-07 16:36:58.897805650 -0700
-+++ b/fluent-plugin-kafka.gemspec	2022-07-07 16:37:27.726147887 -0700
-@@ -8,7 +8,7 @@
-   gem.homepage      = "https://github.com/fluent/fluent-plugin-kafka"
-   gem.license       = "Apache-2.0"
- 
--  gem.files         = `git ls-files`.split($\)
-+  gem.files         = Dir['**/*']
-   gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
-   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
-   gem.name          = "fluent-plugin-kafka"
diff --git a/SPECS/rubygem-fluent-plugin-kafka/rubygem-fluent-plugin-kafka.signatures.json b/SPECS/rubygem-fluent-plugin-kafka/rubygem-fluent-plugin-kafka.signatures.json
deleted file mode 100644
index ea9f78248a..0000000000
--- a/SPECS/rubygem-fluent-plugin-kafka/rubygem-fluent-plugin-kafka.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "Signatures": {
-    "fluent-plugin-kafka-0.19.0.tar.gz": "69d3e32cf7cefc7298657a589a8727e6ecb8821c0aca3d09138b4bd932bce7df"
-  }
-}
diff --git a/SPECS/rubygem-fluent-plugin-kafka/rubygem-fluent-plugin-kafka.spec b/SPECS/rubygem-fluent-plugin-kafka/rubygem-fluent-plugin-kafka.spec
deleted file mode 100644
index 026add56a1..0000000000
--- a/SPECS/rubygem-fluent-plugin-kafka/rubygem-fluent-plugin-kafka.spec
+++ /dev/null
@@ -1,48 +0,0 @@
-%global debug_package %{nil}
-%global gem_name fluent-plugin-kafka
-Summary:        Kafka input and output plugin for Fluentd
-Name:           rubygem-%{gem_name}
-Version:        0.19.0
-Release:        1%{?dist}
-License:        Apache 2.0
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
-Group:          Development/Languages
-URL:            https://github.com/fluent/fluent-plugin-kafka
-Source0:        https://github.com/fluent/fluent-plugin-kafka/archive/refs/tags/v%{version}.tar.gz#/%{gem_name}-%{version}.tar.gz
-BuildRequires:  git
-BuildRequires:  ruby
-Patch0:         fix-file_list.patch
-Requires:       rubygem-fluentd
-Requires:       rubygem-ltsv
-Requires:       rubygem-ruby-kafka < 2
-Provides:       rubygem(%{gem_name}) = %{version}-%{release}
-
-%description
-A fluentd plugin to both consume and produce data for Apache Kafka.
-
-%prep
-%autosetup -p1 -n %{gem_name}-%{version}
-
-%build
-gem build %{gem_name}
-
-%install
-gem install -V --local --force --install-dir %{buildroot}/%{gemdir} %{gem_name}-%{version}.gem
-
-%files
-%defattr(-,root,root,-)
-%license %{gemdir}/gems/%{gem_name}-%{version}/LICENSE
-%{gemdir}
-
-%changelog
-* Thu Nov 02 2023 CBL-Mariner Servicing Account  - 0.19.0-1
-- Auto-upgrade to 0.19.0 - Azure Linux 3.0 - package upgrades
-
-* Wed Jun 22 2022 Neha Agarwal  - 0.17.5-1
-- Update to v0.17.5.
-- Build from .tar.gz source.
-
-* Mon Jan 04 2021 Henry Li  - 0.13.0-1
-- License verified
-- Original version for CBL-Mariner
diff --git a/SPECS/rubygem-fluent-plugin-prometheus/fix-file_list.patch b/SPECS/rubygem-fluent-plugin-prometheus/fix-file_list.patch
deleted file mode 100644
index b1dc06db42..0000000000
--- a/SPECS/rubygem-fluent-plugin-prometheus/fix-file_list.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -ruN a/fluent-plugin-prometheus.gemspec b/fluent-plugin-prometheus.gemspec
---- a/fluent-plugin-prometheus.gemspec	2022-07-07 16:39:48.391818041 -0700
-+++ b/fluent-plugin-prometheus.gemspec	2022-07-07 16:40:10.208077101 -0700
-@@ -8,7 +8,7 @@
-   spec.homepage      = "https://github.com/fluent/fluent-plugin-prometheus"
-   spec.license       = "Apache-2.0"
- 
--  spec.files         = `git ls-files -z`.split("\x0")
-+  spec.files         = Dir['**/*']
-   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
-   spec.require_paths = ["lib"]
diff --git a/SPECS/rubygem-fluent-plugin-prometheus/rubygem-fluent-plugin-prometheus.signatures.json b/SPECS/rubygem-fluent-plugin-prometheus/rubygem-fluent-plugin-prometheus.signatures.json
deleted file mode 100644
index 3270be3068..0000000000
--- a/SPECS/rubygem-fluent-plugin-prometheus/rubygem-fluent-plugin-prometheus.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "Signatures": {
-    "fluent-plugin-prometheus-2.1.0.tar.gz": "f74a8ef24b6c2aefd8ceeaf6c7b72bb69739bd389508d4e87a96067a94a4d009"
-  }
-}
diff --git a/SPECS/rubygem-fluent-plugin-prometheus/rubygem-fluent-plugin-prometheus.spec b/SPECS/rubygem-fluent-plugin-prometheus/rubygem-fluent-plugin-prometheus.spec
deleted file mode 100644
index 912facbcdf..0000000000
--- a/SPECS/rubygem-fluent-plugin-prometheus/rubygem-fluent-plugin-prometheus.spec
+++ /dev/null
@@ -1,47 +0,0 @@
-%global debug_package %{nil}
-%global gem_name fluent-plugin-prometheus
-Summary:        A fluent plugin that collects metrics and exposes for Prometheus
-Name:           rubygem-%{gem_name}
-Version:        2.1.0
-Release:        1%{?dist}
-License:        Apache 2.0
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
-Group:          Development/Languages
-URL:            https://github.com/fluent/fluent-plugin-prometheus
-Source0:        https://github.com/fluent/fluent-plugin-prometheus/archive/refs/tags/v%{version}.tar.gz#/%{gem_name}-%{version}.tar.gz
-Patch0:         fix-file_list.patch
-BuildRequires:  git
-BuildRequires:  ruby
-Requires:       rubygem-fluentd
-Provides:       rubygem(%{gem_name}) = %{version}-%{release}
-
-%description
-A fluent plugin that instruments metrics from records and exposes them via web interface.
-Intended to be used together with a Prometheus server.
-
-%prep
-%autosetup -p1 -n %{gem_name}-%{version}
-
-%build
-gem build %{gem_name}
-
-%install
-gem install -V --local --force --install-dir %{buildroot}/%{gemdir} %{gem_name}-%{version}.gem
-
-%files
-%defattr(-,root,root,-)
-%license %{gemdir}/gems/%{gem_name}-%{version}/LICENSE
-%{gemdir}
-
-%changelog
-* Thu Nov 02 2023 CBL-Mariner Servicing Account  - 2.1.0-1
-- Auto-upgrade to 2.1.0 - Azure Linux 3.0 - package upgrades
-
-* Wed Jun 22 2022 Neha Agarwal  - 2.0.2-1
-- Update to v2.0.2.
-- Build from .tar.gz source.
-
-* Mon Jan 04 2021 Henry Li  - 1.7.3-1
-- License verified
-- Original version for CBL-Mariner
diff --git a/SPECS/rubygem-fluent-plugin-prometheus_pushgateway/fix-file_list.patch b/SPECS/rubygem-fluent-plugin-prometheus_pushgateway/fix-file_list.patch
deleted file mode 100644
index b056b31d9b..0000000000
--- a/SPECS/rubygem-fluent-plugin-prometheus_pushgateway/fix-file_list.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff -ruN a/fluent-plugin-prometheus_pushgateway.gemspec b/fluent-plugin-prometheus_pushgateway.gemspec
---- a/fluent-plugin-prometheus_pushgateway.gemspec	2022-07-07 16:48:18.749481200 -0700
-+++ b/fluent-plugin-prometheus_pushgateway.gemspec	2022-07-07 18:06:31.785591980 -0700
-@@ -13,9 +13,7 @@
- 
-   # Specify which files should be added to the gem when it is released.
-   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
--  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
--    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
--  end
-+  spec.files         = Dir['**/*'].reject { |f| f.match(%r{^(test|spec|features)/}) }
-   spec.bindir        = "exe"
-   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-   spec.require_paths = ["lib"]
diff --git a/SPECS/rubygem-fluent-plugin-prometheus_pushgateway/rubygem-fluent-plugin-prometheus_pushgateway.signatures.json b/SPECS/rubygem-fluent-plugin-prometheus_pushgateway/rubygem-fluent-plugin-prometheus_pushgateway.signatures.json
deleted file mode 100644
index 878c748aff..0000000000
--- a/SPECS/rubygem-fluent-plugin-prometheus_pushgateway/rubygem-fluent-plugin-prometheus_pushgateway.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "Signatures": {
-    "fluent-plugin-prometheus_pushgateway-0.1.1.tar.gz": "c3b8dc9f405cd09ddc42fc923e8dcb3e0fe65d13104d82436cc3a94b902ee782"
-  }
-}
diff --git a/SPECS/rubygem-fluent-plugin-prometheus_pushgateway/rubygem-fluent-plugin-prometheus_pushgateway.spec b/SPECS/rubygem-fluent-plugin-prometheus_pushgateway/rubygem-fluent-plugin-prometheus_pushgateway.spec
deleted file mode 100644
index 9a37e362d6..0000000000
--- a/SPECS/rubygem-fluent-plugin-prometheus_pushgateway/rubygem-fluent-plugin-prometheus_pushgateway.spec
+++ /dev/null
@@ -1,46 +0,0 @@
-%global debug_package %{nil}
-%global gem_name fluent-plugin-prometheus_pushgateway
-Summary:        A fluent plugin for prometheus pushgateway
-Name:           rubygem-%{gem_name}
-Version:        0.1.1
-Release:        1%{?dist}
-License:        Apache 2.0
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
-Group:          Development/Languages
-URL:            https://github.com/fluent/fluent-plugin-prometheus_pushgateway
-Source0:        https://github.com/fluent/fluent-plugin-prometheus_pushgateway/archive/refs/tags/v%{version}.tar.gz#/%{gem_name}-%{version}.tar.gz
-Patch0:         fix-file_list.patch
-BuildRequires:  git
-BuildRequires:  ruby
-Provides:       rubygem(%{gem_name}) = %{version}-%{release}
-
-%description
-This is Fluentd's plugin for sending data collected by
-fluent-plugin-prometheus plugin to Pushgateway.
-
-%prep
-%autosetup -p1 -n %{gem_name}-%{version}
-
-%build
-gem build %{gem_name}
-
-%install
-gem install -V --local --force --install-dir %{buildroot}/%{gemdir} %{gem_name}-%{version}.gem
-
-%files
-%defattr(-,root,root,-)
-%license %{gemdir}/gems/%{gem_name}-%{version}/LICENSE
-%{gemdir}
-
-%changelog
-* Thu Nov 02 2023 CBL-Mariner Servicing Account  - 0.1.1-1
-- Auto-upgrade to 0.1.1 - Azure Linux 3.0 - package upgrades
-
-* Wed Jun 22 2022 Neha Agarwal  - 0.1.0-1
-- Update to v0.1.0.
-- Build from .tar.gz source.
-
-* Mon Jan 04 2021 Henry Li  - 0.0.2-1
-- License verified
-- Original version for CBL-Mariner
diff --git a/SPECS/rubygem-fluent-plugin-record-modifier/fix-file_list.patch b/SPECS/rubygem-fluent-plugin-record-modifier/fix-file_list.patch
deleted file mode 100644
index 8032874e42..0000000000
--- a/SPECS/rubygem-fluent-plugin-record-modifier/fix-file_list.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff -ruN a/fluent-plugin-record-modifier.gemspec b/fluent-plugin-record-modifier.gemspec
---- a/fluent-plugin-record-modifier.gemspec	2022-07-07 17:48:30.048676902 -0700
-+++ b/fluent-plugin-record-modifier.gemspec	2022-07-07 17:49:49.801599978 -0700
-@@ -11,9 +11,9 @@
-   gem.email       = "repeatedly@gmail.com"
-   #gem.platform    = Gem::Platform::RUBY
-   gem.license     = 'MIT'
--  gem.files       = `git ls-files`.split("\n")
--  gem.test_files  = `git ls-files -- {test,spec,features}/*`.split("\n")
--  gem.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
-+  gem.files       = Dir['**/*']
-+  gem.test_files  = gem.files.grep(%r{^(test|spec|features)/})
-+  gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
-   gem.require_paths = ['lib']
- 
-   gem.add_dependency "fluentd", [">= 1.0", "< 2"]
diff --git a/SPECS/rubygem-fluent-plugin-record-modifier/rubygem-fluent-plugin-record-modifier.signatures.json b/SPECS/rubygem-fluent-plugin-record-modifier/rubygem-fluent-plugin-record-modifier.signatures.json
deleted file mode 100644
index 5d03f08c2d..0000000000
--- a/SPECS/rubygem-fluent-plugin-record-modifier/rubygem-fluent-plugin-record-modifier.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "Signatures": {
-    "fluent-plugin-record-modifier-2.1.1.tar.gz": "df81e035ef08a761e3c15c476f092b1d7091d5122c1944f928444d45c0aa450c"
-  }
-}
diff --git a/SPECS/rubygem-fluent-plugin-record-modifier/rubygem-fluent-plugin-record-modifier.spec b/SPECS/rubygem-fluent-plugin-record-modifier/rubygem-fluent-plugin-record-modifier.spec
deleted file mode 100644
index c23c5d890d..0000000000
--- a/SPECS/rubygem-fluent-plugin-record-modifier/rubygem-fluent-plugin-record-modifier.spec
+++ /dev/null
@@ -1,44 +0,0 @@
-%global debug_package %{nil}
-%global gem_name fluent-plugin-record-modifier
-Summary:        Filter plugin for modifying event record
-Name:           rubygem-%{gem_name}
-Version:        2.1.1
-Release:        1%{?dist}
-License:        MIT
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
-Group:          Development/Languages
-URL:            https://github.com/repeatedly/fluent-plugin-record-modifier
-Source0:        https://github.com/repeatedly/fluent-plugin-record-modifier/archive/refs/tags/v%{version}.tar.gz#/%{gem_name}-%{version}.tar.gz
-Patch0:         fix-file_list.patch
-BuildRequires:  git
-BuildRequires:  ruby
-Requires:       rubygem-fluentd
-Provides:       rubygem(%{gem_name}) = %{version}-%{release}
-
-%description
-Filter plugin to modify event record for Fluentd
-
-%prep
-%autosetup -p1 -n %{gem_name}-%{version}
-
-%build
-gem build %{gem_name}
-
-%install
-gem install -V --local --force --install-dir %{buildroot}/%{gemdir} %{gem_name}-%{version}.gem
-
-%files
-%defattr(-,root,root,-)
-%{gemdir}
-
-%changelog
-* Thu Nov 02 2023 CBL-Mariner Servicing Account  - 2.1.1-1
-- Auto-upgrade to 2.1.1 - Azure Linux 3.0 - package upgrades
-
-* Wed Jun 22 2022 Neha Agarwal  - 2.1.0-2
-- Build from .tar.gz source.
-
-* Mon Jan 04 2021 Henry Li  - 2.1.0-1
-- License verified
-- Original version for CBL-Mariner
diff --git a/SPECS/rubygem-fluent-plugin-rewrite-tag-filter/fix-file_list.patch b/SPECS/rubygem-fluent-plugin-rewrite-tag-filter/fix-file_list.patch
deleted file mode 100644
index 451af19af7..0000000000
--- a/SPECS/rubygem-fluent-plugin-rewrite-tag-filter/fix-file_list.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff -ruN a/fluent-plugin-rewrite-tag-filter.gemspec b/fluent-plugin-rewrite-tag-filter.gemspec
---- a/fluent-plugin-rewrite-tag-filter.gemspec	2022-07-07 16:24:16.368764802 -0700
-+++ b/fluent-plugin-rewrite-tag-filter.gemspec	2022-07-07 16:25:26.853599026 -0700
-@@ -9,9 +9,9 @@
-   s.homepage    = "https://github.com/fluent/fluent-plugin-rewrite-tag-filter"
-   s.summary     = %q{Fluentd Output filter plugin. It has designed to rewrite tag like mod_rewrite. Re-emmit a record with rewrited tag when a value matches/unmatches with the regular expression. Also you can change a tag from apache log by domain, status-code(ex. 500 error), user-agent, request-uri, regex-backreference and so on with regular expression.}
- 
--  s.files         = `git ls-files`.split("\n")
--  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
--  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
-+  s.files         = Dir['**/*']
-+  s.test_files    = s.files.grep(%r{^(test|spec|features)/})
-+  s.executables   = s.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
-   s.require_paths = ["lib"]
- 
-   s.add_development_dependency "test-unit", ">= 3.1.0"
diff --git a/SPECS/rubygem-fluent-plugin-rewrite-tag-filter/rubygem-fluent-plugin-rewrite-tag-filter.signatures.json b/SPECS/rubygem-fluent-plugin-rewrite-tag-filter/rubygem-fluent-plugin-rewrite-tag-filter.signatures.json
deleted file mode 100644
index 9366ea7989..0000000000
--- a/SPECS/rubygem-fluent-plugin-rewrite-tag-filter/rubygem-fluent-plugin-rewrite-tag-filter.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "Signatures": {
-  "fluent-plugin-rewrite-tag-filter-2.4.0.tar.gz": "5249809e0cb1f0e1cb97f00875319d29fc3011a299e4ee32eaa5e562736688e4"
- }
-}
diff --git a/SPECS/rubygem-fluent-plugin-rewrite-tag-filter/rubygem-fluent-plugin-rewrite-tag-filter.spec b/SPECS/rubygem-fluent-plugin-rewrite-tag-filter/rubygem-fluent-plugin-rewrite-tag-filter.spec
deleted file mode 100644
index fb2f559ac9..0000000000
--- a/SPECS/rubygem-fluent-plugin-rewrite-tag-filter/rubygem-fluent-plugin-rewrite-tag-filter.spec
+++ /dev/null
@@ -1,44 +0,0 @@
-%global debug_package %{nil}
-%global gem_name fluent-plugin-rewrite-tag-filter
-Summary:        Fluentd Output filter plugin
-Name:           rubygem-%{gem_name}
-Version:        2.4.0
-Release:        1%{?dist}
-License:        Apache 2.0
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
-Group:          Development/Languages
-URL:            https://github.com/fluent/fluent-plugin-rewrite-tag-filter
-Source0:        https://github.com/fluent/fluent-plugin-rewrite-tag-filter/archive/refs/tags/v%{version}.tar.gz#/%{gem_name}-%{version}.tar.gz
-Patch0:         fix-file_list.patch
-BuildRequires:  git
-BuildRequires:  ruby
-Requires:       rubygem-fluent-config-regexp-type
-Requires:       rubygem-fluentd
-Provides:       rubygem(%{gem_name}) = %{version}-%{release}
-
-%description
-Fluentd Output filter plugin to rewrite tags that matches specified attribute.
-
-%prep
-%autosetup -p1 -n %{gem_name}-%{version}
-
-%build
-gem build %{gem_name}
-
-%install
-gem install -V --local --force --install-dir %{buildroot}/%{gemdir} %{gem_name}-%{version}.gem
-
-%files
-%defattr(-,root,root,-)
-%license %{gemdir}/gems/%{gem_name}-%{version}/LICENSE.txt
-%{gemdir}
-
-%changelog
-* Wed Jun 22 2022 Neha Agarwal  - 2.4.0-1
-- Update to v2.4.0.
-- Build from .tar.gz source.
-
-* Mon Jan 04 2021 Henry Li  - 2.3.0-1
-- License verified
-- Original version for CBL-Mariner
diff --git a/SPECS/rubygem-fluent-plugin-systemd/rubygem-fluent-plugin-systemd.signatures.json b/SPECS/rubygem-fluent-plugin-systemd/rubygem-fluent-plugin-systemd.signatures.json
deleted file mode 100644
index 1e99d9eddc..0000000000
--- a/SPECS/rubygem-fluent-plugin-systemd/rubygem-fluent-plugin-systemd.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "Signatures": {
-  "fluent-plugin-systemd-1.0.5.tar.gz": "c113adfe558ba352ab7432ee151416c53edc8cc66b03c10ea30253953658a876"
- }
-}
diff --git a/SPECS/rubygem-fluent-plugin-systemd/rubygem-fluent-plugin-systemd.spec b/SPECS/rubygem-fluent-plugin-systemd/rubygem-fluent-plugin-systemd.spec
deleted file mode 100644
index 55bc3bfa6e..0000000000
--- a/SPECS/rubygem-fluent-plugin-systemd/rubygem-fluent-plugin-systemd.spec
+++ /dev/null
@@ -1,43 +0,0 @@
-%global debug_package %{nil}
-%global gem_name fluent-plugin-systemd
-Summary:        Reads logs from the systemd journal
-Name:           rubygem-fluent-plugin-systemd
-Version:        1.0.5
-Release:        1%{?dist}
-License:        Apache 2.0
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
-Group:          Development/Languages
-URL:            https://github.com/fluent-plugin-systemd/fluent-plugin-systemd
-Source0:        https://github.com/fluent-plugin-systemd/fluent-plugin-systemd/archive/refs/tags/v%{version}.tar.gz#/%{gem_name}-%{version}.tar.gz
-BuildRequires:  ruby
-Requires:       rubygem-fluentd
-Requires:       rubygem-systemd-journal
-Provides:       rubygem(%{gem_name}) = %{version}-%{release}
-
-%description
-This is a fluentd input plugin.
-It reads logs from the systemd journal.
-
-%prep
-%setup -q -n %{gem_name}-%{version}
-
-%build
-gem build %{gem_name}
-
-%install
-gem install -V --local --force --install-dir %{buildroot}/%{gemdir} %{gem_name}-%{version}.gem
-
-%files
-%defattr(-,root,root,-)
-%license %{gemdir}/gems/%{gem_name}-%{version}/LICENCE
-%{gemdir}
-
-%changelog
-* Wed Jun 22 2022 Neha Agarwal  - 1.0.5-1
-- Update to v1.0.5.
-- Build from .tar.gz source.
-
-* Mon Jan 04 2021 Henry Li  - 1.0.2-1
-- License verified
-- Original version for CBL-Mariner
diff --git a/SPECS/rubygem-fluent-plugin-webhdfs/fix-file_list.patch b/SPECS/rubygem-fluent-plugin-webhdfs/fix-file_list.patch
deleted file mode 100644
index b6bc48c143..0000000000
--- a/SPECS/rubygem-fluent-plugin-webhdfs/fix-file_list.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -ruN a/fluent-plugin-webhdfs.gemspec b/fluent-plugin-webhdfs.gemspec
---- a/fluent-plugin-webhdfs.gemspec	2022-07-07 17:45:56.526926415 -0700
-+++ b/fluent-plugin-webhdfs.gemspec	2022-07-07 17:46:14.683131357 -0700
-@@ -10,7 +10,7 @@
-   gem.homepage      = "https://github.com/fluent/fluent-plugin-webhdfs"
-   gem.license       = "Apache-2.0"
- 
--  gem.files         = `git ls-files`.split($\)
-+  gem.files         = Dir['**/*']
-   gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
-   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
-   gem.require_paths = ["lib"]
diff --git a/SPECS/rubygem-fluent-plugin-webhdfs/rubygem-fluent-plugin-webhdfs.signatures.json b/SPECS/rubygem-fluent-plugin-webhdfs/rubygem-fluent-plugin-webhdfs.signatures.json
deleted file mode 100644
index 91b55bec97..0000000000
--- a/SPECS/rubygem-fluent-plugin-webhdfs/rubygem-fluent-plugin-webhdfs.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "Signatures": {
-  "fluent-plugin-webhdfs-1.5.0.tar.gz": "f1427e45a395cc00fd1e66688904a135d603567898fea23aea325b97523dbb93"
- }
-}
diff --git a/SPECS/rubygem-fluent-plugin-webhdfs/rubygem-fluent-plugin-webhdfs.spec b/SPECS/rubygem-fluent-plugin-webhdfs/rubygem-fluent-plugin-webhdfs.spec
deleted file mode 100644
index 4c458dd6b9..0000000000
--- a/SPECS/rubygem-fluent-plugin-webhdfs/rubygem-fluent-plugin-webhdfs.spec
+++ /dev/null
@@ -1,44 +0,0 @@
-%global debug_package %{nil}
-%global gem_name fluent-plugin-webhdfs
-Summary:        Hadoop WebHDFS output plugin for Fluentd
-Name:           rubygem-%{gem_name}
-Version:        1.5.0
-Release:        1%{?dist}
-License:        Apache 2.0
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
-Group:          Development/Languages
-URL:            https://github.com/fluent/fluent-plugin-webhdfs
-Source0:        https://github.com/fluent/fluent-plugin-webhdfs/archive/refs/tags/v%{version}.tar.gz#/%{gem_name}-%{version}.tar.gz
-Patch0:         fix-file_list.patch
-BuildRequires:  git
-BuildRequires:  ruby
-Requires:       rubygem-fluentd
-Requires:       rubygem-webhdfs
-Provides:       rubygem(%{gem_name}) = %{version}-%{release}
-
-%description
-Fluentd output plugin to write data into Hadoop HDFS over WebHDFS/HttpFs.
-
-%prep
-%autosetup -p1 -n %{gem_name}-%{version}
-
-%build
-gem build %{gem_name}
-
-%install
-gem install -V --local --force --install-dir %{buildroot}/%{gemdir} %{gem_name}-%{version}.gem
-
-%files
-%defattr(-,root,root,-)
-%license %{gemdir}/gems/%{gem_name}-%{version}/LICENSE.txt
-%{gemdir}
-
-%changelog
-* Wed Jun 22 2022 Neha Agarwal  - 1.5.0-1
-- Update to v1.5.0.
-- Build from .tar.gz source.
-
-* Mon Jan 04 2021 Henry Li  - 1.2.4-1
-- License verified
-- Original version for CBL-Mariner
diff --git a/SPECS/rubygem-fluent-plugin-windows-exporter/rubygem-fluent-plugin-windows-exporter.signatures.json b/SPECS/rubygem-fluent-plugin-windows-exporter/rubygem-fluent-plugin-windows-exporter.signatures.json
deleted file mode 100644
index 3dd2283b7f..0000000000
--- a/SPECS/rubygem-fluent-plugin-windows-exporter/rubygem-fluent-plugin-windows-exporter.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "Signatures": {
-  "fluent-plugin-windows-exporter-1.0.0.tar.gz": "f9677a3d90692b466ef9d08168f7a33602390abbfb3e93b2a1513a7036ac0b67"
- }
-}
diff --git a/SPECS/rubygem-fluent-plugin-windows-exporter/rubygem-fluent-plugin-windows-exporter.spec b/SPECS/rubygem-fluent-plugin-windows-exporter/rubygem-fluent-plugin-windows-exporter.spec
deleted file mode 100644
index 45a51a85fc..0000000000
--- a/SPECS/rubygem-fluent-plugin-windows-exporter/rubygem-fluent-plugin-windows-exporter.spec
+++ /dev/null
@@ -1,37 +0,0 @@
-%global debug_package %{nil}
-%global gem_name fluent-plugin-windows-exporter
-Summary:        Fluentd plugin to collect Windows metrics
-Name:           rubygem-%{gem_name}
-Version:        1.0.0
-Release:        1%{?dist}
-License:        Apache 2.0
-Vendor:	        Microsoft Corporation
-Distribution:   Azure Linux
-URL:            https://github.com/fluent-plugins-nursery/fluent-plugin-windows-exporter
-Source0:        https://github.com/fluent-plugins-nursery/fluent-plugin-windows-exporter/archive/refs/tags/v%{version}.tar.gz#/%{gem_name}-%{version}.tar.gz
-BuildRequires:  git
-BuildRequires:  ruby
-BuildRequires:  rubygem-rake
-Provides:       rubygem(%{gem_name}) = %{version}-%{release}
-
-%description
-Fluentd plugin to collect Windows metrics. This is a Fluentd port of Prometheus' Windows exporter. This plugin emits metrics as event stream, so can be used in combination with any output plugins.
-
-%prep
-%setup -q -n %{gem_name}-%{version}
-
-%build
-gem build %{gem_name}
-
-%install
-gem install -V --local --force --install-dir %{buildroot}/%{gemdir} %{gem_name}-%{version}.gem
-
-%files
-%defattr(-,root,root,-)
-%doc %{gemdir}/gems/%{gem_name}-%{version}/LICENSE
-%{gemdir}
-
-%changelog
-* Mon Jun 13 2022 Neha Agarwal  - 1.0.0-1
-- License verified
-- Original version for CBL-Mariner
diff --git a/SPECS/rubygem-fluentd/file-list.patch b/SPECS/rubygem-fluentd/file-list.patch
deleted file mode 100644
index 605924a5dc..0000000000
--- a/SPECS/rubygem-fluentd/file-list.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -ruN a/fluentd.gemspec b/fluentd.gemspec
---- a/fluentd.gemspec	2022-05-24 22:14:11.828596818 +0000
-+++ b/fluentd.gemspec	2022-05-24 22:14:40.396668994 +0000
-@@ -10,7 +10,7 @@
-   gem.summary       = %q{Fluentd event collector}
-   gem.homepage      = "https://www.fluentd.org/"
- 
--  gem.files         = `git ls-files`.split($\)
-+  gem.files         = Dir['**/*']
-   gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
-   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
-   gem.require_paths = ["lib"]
diff --git a/SPECS/rubygem-fluentd/rubygem-fluentd.signatures.json b/SPECS/rubygem-fluentd/rubygem-fluentd.signatures.json
deleted file mode 100644
index 26762d194d..0000000000
--- a/SPECS/rubygem-fluentd/rubygem-fluentd.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "Signatures": {
-    "fluentd-1.16.2.tar.gz": "f737fb92b955288fc935a07cfa72ec2e4953206cbdf69922e7e6757c6cea2634"
-  }
-}
diff --git a/SPECS/rubygem-fluentd/rubygem-fluentd.spec b/SPECS/rubygem-fluentd/rubygem-fluentd.spec
deleted file mode 100644
index e9ab175f11..0000000000
--- a/SPECS/rubygem-fluentd/rubygem-fluentd.spec
+++ /dev/null
@@ -1,80 +0,0 @@
-%global debug_package %{nil}
-%global gem_name fluentd
-Summary:        Fluentd event collector
-Name:           rubygem-%{gem_name}
-Version:        1.16.2
-Release:        3%{?dist}
-License:        ASL 2.0
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
-Group:          Development/Ruby
-URL:            https://www.fluentd.org/
-Source0:        https://github.com/fluent/fluentd/archive/refs/tags/v%{version}.tar.gz#/%{gem_name}-%{version}.tar.gz
-Patch0:         file-list.patch
-BuildRequires:  git
-BuildRequires:  ruby
-Requires:       rubygem-async-http
-Requires:       rubygem-cool.io < 2.0.0
-Requires:       rubygem-http_parser.rb < 0.9.0
-Requires:       rubygem-msgpack < 2.0.0
-Requires:       rubygem-rake < 14
-Requires:       rubygem-serverengine < 3.0.0
-Requires:       rubygem-sigdump >= 0.2.5
-Requires:       rubygem-strptime < 1.0.0
-Requires:       rubygem-tzinfo < 3.0
-Requires:       rubygem-tzinfo-data > 1.0
-Requires:       rubygem-yajl-ruby > 1.0
-Requires:       rubygem-webrick > 1.4
-Provides:       rubygem(%{gem_name}) = %{version}-%{release}
-
-%description
-Fluentd is an open source data collector designed to scale and simplify log
-management. It can collect, process and ship many kinds of data in near
-real-time.
-
-%prep
-%autosetup -p1 -n %{gem_name}-%{version}
-
-%build
-gem build %{gem_name}
-
-%install
-gem install -V --local --force --install-dir %{buildroot}%{gemdir} --bindir %{buildroot}%{_bindir} %{gem_name}-%{version}.gem
-
-%files
-%defattr(-, root, root)
-%{_bindir}/fluent-binlog-reader
-%{_bindir}/fluent-ca-generate
-%{_bindir}/fluent-cap-ctl
-%{_bindir}/fluent-cat
-%{_bindir}/fluent-ctl
-%{_bindir}/fluent-debug
-%{_bindir}/fluent-gem
-%{_bindir}/fluent-plugin-config-format
-%{_bindir}/fluent-plugin-generate
-%{_bindir}/fluentd
-%{gemdir}
-%doc %{gemdir}/doc/fluentd-%{version}
-%{gemdir}/cache/fluentd-%{version}.gem
-%{gemdir}/specifications/fluentd-%{version}.gemspec
-
-%changelog
-* Wed Apr 23 2024 Andrew Phelps  - 1.16.2-3
-- Modify `rubygem-sigdump` runtime version requirement
-
-* Wed Apr 17 2024 Andrew Phelps  - 1.16.2-2
-- Update runtime rubygem required versions
-
-* Thu Nov 02 2023 CBL-Mariner Servicing Account  - 1.16.2-1
-- Auto-upgrade to 1.16.2 - Azure Linux 3.0 - package upgrades
-
-* Wed Nov 9 2022 Ahmed Badawi  - 1.14.6-2
-- Add patch to fix CVE-2022-39379
-
-* Fri Apr 01 2022 Neha Agarwal  - 1.14.6-1
-- Update to v1.14.6.
-- Build from .tar.gz source.
-
-* Mon Jan 04 2021 Henry Li  - 1.11.0-1
-- License verified
-- Original version for CBL-Mariner
diff --git a/SPECS/rubygem-rake/rubygem-rake.spec b/SPECS/rubygem-rake/rubygem-rake.spec
index 30ab568d74..2fe18957e6 100644
--- a/SPECS/rubygem-rake/rubygem-rake.spec
+++ b/SPECS/rubygem-rake/rubygem-rake.spec
@@ -2,7 +2,7 @@
 Summary:        Rake is a Make-like program implemented in Ruby
 Name:           rubygem-%{gem_name}
 Version:        13.0.6
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -51,15 +51,13 @@ mkdir -p %{buildroot}%{_mandir}/man1
 mv %{buildroot}%{gem_instdir}/doc/rake.1 %{buildroot}%{_mandir}/man1
 
 %check
-pushd /%{gem_instdir}
-# symlink tests here
-ln -s %{_builddir}/test .
-
 # Get rid of Bundler.
 sed -i '/bundler/ s/^/#/' Rakefile
 
-ruby -Ilib:. -e 'Dir.glob "test/**/test_*.rb", &method(:require)'
-popd
+export TESTOPTS=--verbose
+export VERBOSE=y
+export RUBYLIB=$(pwd)/lib
+ruby ./exe/rake test
 
 %files
 %dir %{gem_instdir}
@@ -79,6 +77,9 @@ popd
 %doc %{gem_instdir}/*.rdoc
 
 %changelog
+* Tue Apr 15 2024 Riken Maharjan  - 13.0.6-7
+- Fix Ptest by importing the fix from Fedora (License:MIT)
+
 * Mon Oct 24 2022 Pawel Winogrodzki  - 13.0.6-6
 - Adding 'Obsoletes: ruby <= 3.1.2-2'.
 
diff --git a/SPECS/rust/Ignore_failing_ci_tests.patch b/SPECS/rust/Ignore_failing_ci_tests.patch
new file mode 100644
index 0000000000..1c87e6ce63
--- /dev/null
+++ b/SPECS/rust/Ignore_failing_ci_tests.patch
@@ -0,0 +1,45 @@
+From 12051f0e3d8e9015ea12cde503a3d24d78e934b0 Mon Sep 17 00:00:00 2001
+From: kavyasree 
+Date: Wed, 26 Feb 2025 15:53:42 +0530
+Subject: [PATCH] Ignoring_failing_ci_tests
+
+---
+ src/bootstrap/src/core/builder/tests.rs | 1 +
+ src/bootstrap/src/core/config/tests.rs  | 2 ++
+ 2 files changed, 3 insertions(+)
+
+diff --git a/src/bootstrap/src/core/builder/tests.rs b/src/bootstrap/src/core/builder/tests.rs
+index 21694cf46..7b701f48e 100644
+--- a/src/bootstrap/src/core/builder/tests.rs
++++ b/src/bootstrap/src/core/builder/tests.rs
+@@ -202,6 +202,7 @@ fn alias_and_path_for_library() {
+     ]);
+ }
+ 
++#[ignore]
+ #[test]
+ fn ci_rustc_if_unchanged_logic() {
+     let config = Config::parse_inner(
+diff --git a/src/bootstrap/src/core/config/tests.rs b/src/bootstrap/src/core/config/tests.rs
+index 24f932a17..51ab892f1 100644
+--- a/src/bootstrap/src/core/config/tests.rs
++++ b/src/bootstrap/src/core/config/tests.rs
+@@ -20,6 +20,7 @@ pub(crate) fn parse(config: &str) -> Config {
+     )
+ }
+ 
++#[ignore]
+ #[test]
+ fn download_ci_llvm() {
+     let config = parse("");
+@@ -433,6 +434,7 @@ fn jobs_precedence() {
+     assert_eq!(config.jobs, Some(123));
+ }
+ 
++#[ignore]
+ #[test]
+ fn check_rustc_if_unchanged_paths() {
+     let config = parse("");
+-- 
+2.34.1
+
diff --git a/SPECS/rust/generate_source_tarball-1.75 b/SPECS/rust/generate_source_tarball-1.75
new file mode 100644
index 0000000000..766034aa69
--- /dev/null
+++ b/SPECS/rust/generate_source_tarball-1.75
@@ -0,0 +1,121 @@
+#!/bin/bash
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+# Quit on failure
+set -e
+
+PKG_VERSION=""
+SRC_TARBALL=""
+OUT_FOLDER="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+# parameters:
+#
+# --srcTarball  : src tarball file
+#                 this file contains the 'initial' source code of the component
+#                 and should be replaced with the new/modified src code
+# --outFolder   : folder where to copy the new tarball(s)
+# --pkgVersion  : package version
+#
+PARAMS=""
+while (( "$#" )); do
+    case "$1" in
+        --srcTarball)
+        if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then
+            SRC_TARBALL=$2
+            shift 2
+        else
+            echo "Error: Argument for $1 is missing" >&2
+            exit 1
+        fi
+        ;;
+        --outFolder)
+        if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then
+            OUT_FOLDER=$2
+            shift 2
+        else
+            echo "Error: Argument for $1 is missing" >&2
+            exit 1
+        fi
+        ;;
+        --pkgVersion)
+        if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then
+            PKG_VERSION=$2
+            shift 2
+        else
+            echo "Error: Argument for $1 is missing" >&2
+            exit 1
+        fi
+        ;;
+        -*|--*=) # unsupported flags
+        echo "Error: Unsupported flag $1" >&2
+        exit 1
+        ;;
+        *) # preserve positional arguments
+        PARAMS="$PARAMS $1"
+        shift
+        ;;
+  esac
+done
+
+echo "--srcTarball   -> $SRC_TARBALL"
+echo "--outFolder    -> $OUT_FOLDER"
+echo "--pkgVersion   -> $PKG_VERSION"
+
+if [ -z "$PKG_VERSION" ]; then
+    echo "--pkgVersion parameter cannot be empty"
+    exit 1
+fi
+
+echo "-- create temp folder"
+tmpdir=$(mktemp -d)
+function cleanup {
+    echo "+++ cleanup -> remove $tmpdir"
+    rm -rf $tmpdir
+}
+trap cleanup EXIT
+
+src_folder="$tmpdir/srcFolder"
+src_root="$src_folder/rustc-$PKG_VERSION-src"
+temp_cache="$tmpdir/cacheFolder"
+mkdir -p $src_folder
+mkdir -p $temp_cache
+
+pushd $src_folder > /dev/null
+echo "Unpacking source tarball..."
+tar -xf $SRC_TARBALL
+popd > /dev/null
+
+pushd $src_root > /dev/null
+echo "Fetching dependencies to a temporary cache"
+# The build environment's rust may not have all the features required to run
+# cargo fetch, so we need to use the bootstrap mode that disables some features.
+export RUSTC_BOOTSTRAP=1
+CARGO_HOME=$src_root/.cargo cargo fetch
+echo "Compressing the cache."
+tar --sort=name --mtime="2021-04-26 00:00Z" \
+    --owner=0 --group=0 --numeric-owner \
+    --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime -cf \
+    "$OUT_FOLDER/rustc-$PKG_VERSION-src-cargo.tar.gz" .cargo
+popd > /dev/null
+
+pushd $OUT_FOLDER > /dev/null
+echo "get additional src tarballs"
+CONFIG_FILE="$src_root/src/stage0.json"
+RUST_RELEASE_DATE=$(cat $CONFIG_FILE | jq -r '.compiler.date')
+RUST_STAGE0_VERSION=$(cat $CONFIG_FILE | jq -r '.compiler.version')
+wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/cargo-$RUST_STAGE0_VERSION-x86_64-unknown-linux-gnu.tar.xz
+wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/rustc-$RUST_STAGE0_VERSION-x86_64-unknown-linux-gnu.tar.xz
+wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/rust-std-$RUST_STAGE0_VERSION-x86_64-unknown-linux-gnu.tar.xz
+wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/cargo-$RUST_STAGE0_VERSION-aarch64-unknown-linux-gnu.tar.xz
+wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/rustc-$RUST_STAGE0_VERSION-aarch64-unknown-linux-gnu.tar.xz
+wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/rust-std-$RUST_STAGE0_VERSION-aarch64-unknown-linux-gnu.tar.xz
+
+
+popd > /dev/null
+echo "=========================="
+echo "release date:   $RUST_RELEASE_DATE"
+echo "stage0 version: $RUST_STAGE0_VERSION"
+echo " "
+echo "Rust additional src tarballs are available at $OUT_FOLDER"
+ls -ls $OUT_FOLDER
diff --git a/SPECS/rust/generate_source_tarball.sh b/SPECS/rust/generate_source_tarball.sh
index 766034aa69..aa40864466 100755
--- a/SPECS/rust/generate_source_tarball.sh
+++ b/SPECS/rust/generate_source_tarball.sh
@@ -101,9 +101,10 @@ popd > /dev/null
 
 pushd $OUT_FOLDER > /dev/null
 echo "get additional src tarballs"
-CONFIG_FILE="$src_root/src/stage0.json"
-RUST_RELEASE_DATE=$(cat $CONFIG_FILE | jq -r '.compiler.date')
-RUST_STAGE0_VERSION=$(cat $CONFIG_FILE | jq -r '.compiler.version')
+CONFIG_FILE="$src_root/src/stage0"
+RUST_RELEASE_DATE=$(grep "^compiler_date=" $CONFIG_FILE | cut -d '=' -f 2)
+RUST_STAGE0_VERSION=$(grep "^compiler_version=" $CONFIG_FILE | cut -d '=' -f 2)
+
 wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/cargo-$RUST_STAGE0_VERSION-x86_64-unknown-linux-gnu.tar.xz
 wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/rustc-$RUST_STAGE0_VERSION-x86_64-unknown-linux-gnu.tar.xz
 wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/rust-std-$RUST_STAGE0_VERSION-x86_64-unknown-linux-gnu.tar.xz
diff --git a/SPECS/rust/rust-1.75.signatures.json b/SPECS/rust/rust-1.75.signatures.json
new file mode 100644
index 0000000000..b04eb3fd8a
--- /dev/null
+++ b/SPECS/rust/rust-1.75.signatures.json
@@ -0,0 +1,12 @@
+{
+ "Signatures": {
+  "cargo-1.74.0-aarch64-unknown-linux-gnu.tar.xz": "a18dc9132cf76ccba90bcbb53b56a4d37ebfb34845f61e79f7b5d4710a269647",
+  "cargo-1.74.0-x86_64-unknown-linux-gnu.tar.xz": "f219386d4569c40b660518e99267afff428c13bf980bda7a614c8d4038d013f6",
+  "rust-std-1.74.0-aarch64-unknown-linux-gnu.tar.xz": "c5ad01692bc08ce6f4db2ac815be63498b45013380c71f22b3d33bf3be767270",
+  "rust-std-1.74.0-x86_64-unknown-linux-gnu.tar.xz": "548413213012e2f62b08ed8a913a51210ae7402619027224580176031f2789ea",
+  "rustc-1.74.0-aarch64-unknown-linux-gnu.tar.xz": "a49bb365481913ead305658e7e9dc621da7895036b840fb57b1bc85c721d07e6",
+  "rustc-1.74.0-x86_64-unknown-linux-gnu.tar.xz": "7d464be2ae0d6ce69f056d1ea9a8ce2b3b1d537418caea216fdd303903972181",
+  "rustc-1.75.0-src-cargo.tar.gz": "8b41ba09a0e998fce6bafa69c93c8c5384b29b38438104db7c98e348b4759979",
+  "rustc-1.75.0-src.tar.xz": "4526f786d673e4859ff2afa0bab2ba13c918b796519a25c1acce06dba9542340"
+ }
+}
\ No newline at end of file
diff --git a/SPECS/rust/rust-1.75.spec b/SPECS/rust/rust-1.75.spec
new file mode 100644
index 0000000000..4210c1db52
--- /dev/null
+++ b/SPECS/rust/rust-1.75.spec
@@ -0,0 +1,333 @@
+# Prevent librustc_driver from inadvertently being listed as a requirement
+%global __requires_exclude ^librustc_driver-
+
+# Release date and version of stage 0 compiler can be found in "src/stage0.json" inside the extracted "Source0".
+# Look for "date:" and "rustc:".
+%define release_date 2023-11-16
+%define stage0_version 1.74.0
+
+Summary:        Rust Programming Language
+Name:           rust
+Version:        1.75.0
+Release:        14%{?dist}
+License:        (ASL 2.0 OR MIT) AND BSD AND CC-BY-3.0
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+Group:          Applications/System
+URL:            https://www.rust-lang.org/
+# Notes:
+#  - rust source official repo is https://github.com/rust-lang/rust
+#  - cargo source official repo is https://github.com/rust-lang/cargo
+#  - crates.io source official repo is https://github.com/rust-lang/crates.io
+Source0:        https://static.rust-lang.org/dist/rustc-%{version}-src.tar.xz
+# Note: the rust-%%{version}-cargo.tar.gz file contains a cache created by capturing the contents downloaded into $CARGO_HOME.
+# To update the cache, leverage the: generate_source_tarball.sh
+#
+# An example run for rust 1.68.2:
+# - Download Rust Source (1.68.2):
+#   wget https://static.rust-lang.org/dist/rustc-1.68.2-src.tar.xz
+# - Create a directory to store the output from the script:
+#   mkdir rustOutputDir
+# - Get prereqs for the script (for a mariner container):
+#   tdnf -y install rust wget jq tar ca-certificates
+# - Run the script:
+#   ./generate_source_tarball --srcTarball path/to/rustc-1.68.2-src.tar.xz --outFolder path/to/rustOutputDir --pkgVersion 1.68.2
+#
+
+Source1:        rustc-%{version}-src-cargo.tar.gz
+Source2:        https://static.rust-lang.org/dist/%{release_date}/cargo-%{stage0_version}-x86_64-unknown-linux-gnu.tar.xz
+Source3:        https://static.rust-lang.org/dist/%{release_date}/rustc-%{stage0_version}-x86_64-unknown-linux-gnu.tar.xz
+Source4:        https://static.rust-lang.org/dist/%{release_date}/rust-std-%{stage0_version}-x86_64-unknown-linux-gnu.tar.xz
+Source5:        https://static.rust-lang.org/dist/%{release_date}/cargo-%{stage0_version}-aarch64-unknown-linux-gnu.tar.xz
+Source6:        https://static.rust-lang.org/dist/%{release_date}/rustc-%{stage0_version}-aarch64-unknown-linux-gnu.tar.xz
+Source7:        https://static.rust-lang.org/dist/%{release_date}/rust-std-%{stage0_version}-aarch64-unknown-linux-gnu.tar.xz
+Patch0:         CVE-2023-45853.patch
+Patch1:         CVE-2024-32884.patch
+Patch2:         CVE-2024-31852.patch
+
+BuildRequires:  binutils
+BuildRequires:  cmake
+# make sure rust relies on curl from CBL-Mariner (instead of using its vendored flavor)
+BuildRequires:  curl-devel
+BuildRequires:  git
+BuildRequires:  glibc
+# make sure rust relies on libgit2 from CBL-Mariner (instead of using its vendored flavor)
+BuildRequires:  libgit2-devel
+# make sure rust relies on nghttp2 from CBL-Mariner (instead of using its vendored flavor)
+BuildRequires:  nghttp2-devel
+BuildRequires:  ninja-build
+# make sure rust relies on openssl from CBL-Mariner (instead of using its vendored flavor)
+BuildRequires:  openssl-devel
+BuildRequires:  python3
+# make sure rust depends on system zlib
+BuildRequires:  zlib-devel
+%if 0%{?with_check}
+BuildRequires:  glibc-static >= 2.38-10%{?dist}
+%endif
+# rustc uses a C compiler to invoke the linker, and links to glibc in most cases
+Requires:       binutils
+Requires:       curl
+Requires:       gcc
+Requires:       glibc-devel
+Requires:       libgit2
+Requires:       nghttp2
+Requires:       openssl
+Provides:       cargo = %{version}-%{release}
+
+%description
+Rust Programming Language
+
+%package doc
+Summary:        Rust documentation.
+BuildArch:      noarch
+
+%description doc
+Documentation package for Rust.
+
+%prep
+# Setup .cargo directory
+mkdir -p $HOME
+pushd $HOME
+tar -xf %{SOURCE1} --no-same-owner
+popd
+%autosetup -p1 -n rustc-%{version}-src
+
+# Setup build/cache directory
+BUILD_CACHE_DIR="build/cache/%{release_date}"
+mkdir -pv "$BUILD_CACHE_DIR"
+%ifarch x86_64
+cp %{SOURCE2} "$BUILD_CACHE_DIR"
+cp %{SOURCE3} "$BUILD_CACHE_DIR"
+cp %{SOURCE4} "$BUILD_CACHE_DIR"
+%endif
+%ifarch aarch64
+cp %{SOURCE5} "$BUILD_CACHE_DIR"
+cp %{SOURCE6} "$BUILD_CACHE_DIR"
+cp %{SOURCE7} "$BUILD_CACHE_DIR"
+%endif
+
+%build
+# Disable symbol generation
+export CFLAGS="`echo " %{build_cflags} " | sed 's/ -g//'`"
+export CXXFLAGS="`echo " %{build_cxxflags} " | sed 's/ -g//'`"
+
+sh ./configure \
+    --prefix=%{_prefix} \
+    --enable-extended \
+    --enable-profiler \
+    --tools="cargo,clippy,rustfmt,rust-analyzer-proc-macro-srv,rust-demangler" \
+    --release-channel="stable" \
+    --release-description="Azure Linux %{version}-%{release}"
+
+# SUDO_USER=root bypasses a check in the python bootstrap that
+# makes rust refuse to pull sources from the internet
+USER=root SUDO_USER=root %make_build
+
+%check
+# We expect to generate dynamic CI contents in this folder, but it will fail since the .github folder is not included
+# with the published sources.
+mkdir -p .github/workflows
+./x.py run src/tools/expand-yaml-anchors
+
+ln -s %{_topdir}/BUILD/rustc-%{version}-src/build/x86_64-unknown-linux-gnu/stage2-tools-bin/rustfmt %{_topdir}/BUILD/rustc-%{version}-src/build/x86_64-unknown-linux-gnu/stage0/bin/
+ln -s %{_topdir}/BUILD/rustc-%{version}-src/vendor/ /root/vendor
+# remove rustdoc ui flaky test issue-98690.rs (which is tagged with 'unstable-options')
+rm -v ./tests/rustdoc-ui/issue-98690.*
+%make_build check
+
+%install
+USER=root SUDO_USER=root %make_install
+mv %{buildroot}%{_docdir}/%{name}/LICENSE-THIRD-PARTY .
+rm %{buildroot}%{_docdir}/%{name}/{COPYRIGHT,LICENSE-APACHE,LICENSE-MIT}
+rm %{buildroot}%{_docdir}/%{name}/html/.lock
+rm %{buildroot}%{_docdir}/%{name}/*.old
+rm %{buildroot}%{_bindir}/*.old
+
+%ldconfig_scriptlets
+
+%files
+%license LICENSE-APACHE LICENSE-MIT LICENSE-THIRD-PARTY COPYRIGHT
+%{_bindir}/rustc
+%{_bindir}/rustdoc
+%{_bindir}/rust-lldb
+%{_libdir}/lib*.so
+%{_libdir}/rustlib/*
+%{_libexecdir}/rust-analyzer-proc-macro-srv
+%{_bindir}/rust-gdb
+%{_bindir}/rust-gdbgui
+%{_bindir}/rust-demangler
+%{_bindir}/cargo
+%{_bindir}/cargo-clippy
+%{_bindir}/cargo-fmt
+%{_bindir}/clippy-driver
+%{_bindir}/rustfmt
+%{_datadir}/zsh/*
+%{_sysconfdir}/bash_completion.d/cargo
+
+%files doc
+%license LICENSE-APACHE LICENSE-MIT LICENSE-THIRD-PARTY COPYRIGHT
+%doc %{_docdir}/%{name}/html/*
+%doc %{_docdir}/%{name}/README.md
+%doc CONTRIBUTING.md README.md RELEASES.md
+%doc src/tools/clippy/CHANGELOG.md
+%doc src/tools/rustfmt/Configurations.md
+%{_mandir}/man1/*
+
+%changelog
+* Mon May 12 2025 Andrew Phelps anphel@microsoft.com - 1.75.0-14
+- Bump to rebuild with updated glibc
+
+* Sun Apr 20 2025 Kavya Sree Kaitepalli  - 1.75.0-13
+- Support rust 1.75 version
+- Add explicit build dependency on zlib
+
+* Thu Feb 27 2025 Chris Co  - 1.75.0-12
+- Bump to rebuild with updated glibc
+
+* Mon Aug 26 2024 Rachel Menge  - 1.75.0-11
+- Update to build dep latest glibc-static version
+
+* Wed Aug 21 2024 Chris Co  - 1.75.0-10
+- Bump to rebuild with updated glibc
+
+* Fri Aug 09 2024 corvus-callidus <108946721+corvus-callidus@users.noreply.github.com> - 1.75.0-9
+- Patch CVE-2024-32884 and CVE-2024-31852
+
+* Wed May 29 2024 Neha Agarwal  - 1.75.0-8
+- Bump release to build with new llvm to fix CVE-2024-31852
+
+* Wed May 22 2024 Suresh Babu Chalamalasetty  - 1.75.0-7
+- update to build dep latest glibc-static version
+
+* Mon May 13 2024 Chris Co  - 1.75.0-6
+- Update to build dep latest glibc-static version
+
+* Mon Apr 01 2024 Muhammad Falak  - 1.75.0-5
+- Enable profiler support
+
+* Mon Mar 11 2024 Dan Streetman  - 1.75.0-4
+- update to build dep latest glibc-static version
+
+* Thu Feb 29 2024 Pawel Winogrodzki  - 1.75.0-3
+- Updating naming for 3.0 version of Azure Linux.
+
+* Tue Feb 27 2024 Dan Streetman  - 1.75.0-2
+- updated glibc-static buildrequires release
+
+* Mon Jan 29 2024 Muhammad Falak  - 1.75.0-1
+- Bump version to 1.75.0
+
+* Tue Nov 07 2023 Andrew Phelps  - 1.72.0-6
+- Bump release to rebuild against glibc 2.38-1
+
+* Mon Oct 30 2023 Rohit Rawat  - 1.72.0-5
+- Patch CVE-2023-45853 in vendor/libz-sys/src/zlib
+
+* Tue Oct 10 2023 Daniel McIlvaney  - 1.72.2-4
+- Explicitly call './x.py' instead of 'x.py'
+
+* Wed Oct 04 2023 Minghe Ren  - 1.72.2-3
+- Bump release to rebuild against glibc 2.35-6
+
+* Tue Oct 03 2023 Mandeep Plaha  - 1.72.2-2
+- Bump release to rebuild against glibc 2.35-5
+
+* Wed Sep 06 2023 Daniel McIlvaney  - 1.72.2-1
+- Bump to version 1.72.2 to address CVE-2023-38497, CVE-2023-40030
+
+* Tue Aug 22 2023 Rachel Menge  - 1.68.2-5
+- Bump release to rebuild against openssl 1.1.1k-26
+
+* Wed Jul 05 2023 Andrew Phelps  - 1.68.2-4
+- Bump release to rebuild against glibc 2.35-4
+
+* Wed Jun 21 2023 Jonathan Behrens  - 1.68.2-3
+- Include "cargo-clippy" tool in the package.
+
+* Wed May 17 2023 Tobias Brick  - 1.68.2-2
+- Fix CVE-2023-27477 by patching cranelift vulnerability that is exposed in rust
+
+* Tue Mar 28 2023 Muhammad Falak  - 1.68.2-1
+- Bump version to 1.68.2 to revoke leaked github keys
+
+* Mon Mar 13 2023 Nicolas Guibourge  - 1.68.0-1
+- Updating to version 1.68.0
+
+* Thu Nov 24 2022 Pawel Winogrodzki  - 1.62.1-4
+- Split out separate 'doc' subpackage to reduce default package size.
+- Updated license information.
+
+* Tue Nov 01 2022 Pawel Winogrodzki  - 1.62.1-3
+- Adding missing test dependency on "glibc-static".
+
+* Wed Aug 31 2022 Olivia Crain  - 1.62.1-2
+- Breaking change: Configure as a stable release, which disables unstable features
+- Add runtime requirements on gcc, binutils, glibc-devel
+- Package ASL 2.0 license, additional copyright information
+- Fix licensing info- dual-licensed, not multiply-licensed
+- License verified
+
+* Thu Aug 18 2022 Chris Co  - 1.62.1-1
+- Updating to version 1.62.1
+
+* Mon Mar 07 2022 Pawel Winogrodzki  - 1.59.0-1
+- Updating to version 1.59.0 to fix CVE-2022-21658.
+- Updating build instructions to fix tests.
+
+* Thu Mar 03 2022 Bala  - 1.56.1-2
+- Build rustfmt tool as it is required to run PTest
+- Create softlink for rustfmt in stage0
+
+* Wed Nov 24 2021 Pawel Winogrodzki  - 1.56.1-1
+- Updating to version 1.56.1.
+- Switching to building with Python 3.
+
+* Mon May 17 2021 Thomas Crain  - 1.47.0-5
+- Add provides for 'cargo' from the base package
+
+* Tue May 04 2021 Thomas Crain  - 1.47.0-4
+- Remove XZ support detection in bootstrap
+
+* Mon Apr 26 2021 Thomas Crain  - 1.47.0-3
+- Patch CVE-2020-36317, CVE-2021-28875, CVE-2021-28876, CVE-2021-28877, CVE-2021-28878
+- Redo patch for CVE-2021-28879 with regards to patches listed above
+
+* Mon Apr 19 2021 Thomas Crain  - 1.47.0-2
+- Patch CVE-2021-28879
+
+* Wed Feb 24 2021 Andrew Phelps  - 1.47.0-1
+- Update version to 1.47.0
+
+* Wed Jan 06 2021 Thomas Crain  - 1.39.0-8
+- Add python-xml BR for package test
+- Add ignore-linker-output-non-utf8-test patch to skip faulty test
+
+* Wed Aug 12 2020 Mateusz Malisz  - 1.39.0-7
+- Add patch for the build to not fail on file not found error.
+
+* Fri Jun 12 2020 Henry Beberman  - 1.39.0-6
+- Temporarily disable generation of debug symbols.
+
+* Thu May 28 2020 Chris Co  - 1.39.0-5
+- Update source checkout and prep steps
+
+* Sat May 09 2020 Nick Samson  - 1.39.0-4
+- Added %%license line automatically
+
+* Mon May 4 2020 Nicolas Guibourge  - 1.39.0-3
+- Fix build issue when building from Docker
+
+* Tue Apr 21 2020 Andrew Phelps  - 1.39.0-2
+- Support building offline.
+
+* Thu Mar 19 2020 Henry Beberman  - 1.39.0-1
+- Update to 1.39.0. Fix URL. Fix Source0 URL. License verified.
+
+* Thu Feb 27 2020 Henry Beberman  - 1.34.2-3
+- Set SUDO_USER and USER to allow rust to hydrate as root
+
+* Wed Sep 25 2019 Saravanan Somasundaram  - 1.34.2-2
+- Initial CBL-Mariner import from Photon (license: Apache2).
+
+* Wed May 15 2019 Ankit Jain  - 1.34.2-1
+- Initial build. First version
diff --git a/SPECS/rust/rust.signatures.json b/SPECS/rust/rust.signatures.json
index b04eb3fd8a..6f1467ab9c 100644
--- a/SPECS/rust/rust.signatures.json
+++ b/SPECS/rust/rust.signatures.json
@@ -1,12 +1,12 @@
 {
  "Signatures": {
-  "cargo-1.74.0-aarch64-unknown-linux-gnu.tar.xz": "a18dc9132cf76ccba90bcbb53b56a4d37ebfb34845f61e79f7b5d4710a269647",
-  "cargo-1.74.0-x86_64-unknown-linux-gnu.tar.xz": "f219386d4569c40b660518e99267afff428c13bf980bda7a614c8d4038d013f6",
-  "rust-std-1.74.0-aarch64-unknown-linux-gnu.tar.xz": "c5ad01692bc08ce6f4db2ac815be63498b45013380c71f22b3d33bf3be767270",
-  "rust-std-1.74.0-x86_64-unknown-linux-gnu.tar.xz": "548413213012e2f62b08ed8a913a51210ae7402619027224580176031f2789ea",
-  "rustc-1.74.0-aarch64-unknown-linux-gnu.tar.xz": "a49bb365481913ead305658e7e9dc621da7895036b840fb57b1bc85c721d07e6",
-  "rustc-1.74.0-x86_64-unknown-linux-gnu.tar.xz": "7d464be2ae0d6ce69f056d1ea9a8ce2b3b1d537418caea216fdd303903972181",
-  "rustc-1.75.0-src-cargo.tar.gz": "8b41ba09a0e998fce6bafa69c93c8c5384b29b38438104db7c98e348b4759979",
-  "rustc-1.75.0-src.tar.xz": "4526f786d673e4859ff2afa0bab2ba13c918b796519a25c1acce06dba9542340"
+  "cargo-1.84.0-aarch64-unknown-linux-gnu.tar.xz": "68d4ad239b6d1e810e7b8591636dc408cb2c1e89661329fed906febf9c0a9d98",
+  "cargo-1.84.0-x86_64-unknown-linux-gnu.tar.xz": "6c2371488db92a09cd50a1b4045c022f3cf2c643285b3b21105ab5f9b64fd6b6",
+  "rust-std-1.84.0-aarch64-unknown-linux-gnu.tar.xz": "023f0b6153b23ac0e9686c2ab95bc393ee3e295b166bb36de3b4dfb53e3913e0",
+  "rust-std-1.84.0-x86_64-unknown-linux-gnu.tar.xz": "770237080b9310d126350c3bd70820bd91064c2e96c29ab5f2e002b31b5bd067",
+  "rustc-1.84.0-aarch64-unknown-linux-gnu.tar.xz": "9f5650aece53e083b933a57e5a8e0e2db4479f52ec897d5b6d0f77be6cd50498",
+  "rustc-1.84.0-x86_64-unknown-linux-gnu.tar.xz": "a1737d86f80b31a6d48a6726726275dc068ecb930c9635b13aa59999486de837",
+  "rustc-1.85.0-src-cargo.tar.gz": "aebfabef6090c81fff583d6172fbb4cf1d42d203df7ce6a9bba349abc3fc086c",
+  "rustc-1.85.0-src.tar.xz": "d542c397217b5ba5bac7eb274f5ca62d031f61842c3ba4cc5328c709c38ea1e7"
  }
 }
\ No newline at end of file
diff --git a/SPECS/rust/rust.spec b/SPECS/rust/rust.spec
index 7668ae757f..6582db0ef0 100644
--- a/SPECS/rust/rust.spec
+++ b/SPECS/rust/rust.spec
@@ -1,15 +1,15 @@
 # Prevent librustc_driver from inadvertently being listed as a requirement
 %global __requires_exclude ^librustc_driver-
 
-# Release date and version of stage 0 compiler can be found in "src/stage0.json" inside the extracted "Source0".
+# Release date and version of stage 0 compiler can be found in "src/stage0" inside the extracted "Source0".
 # Look for "date:" and "rustc:".
-%define release_date 2023-11-16
-%define stage0_version 1.74.0
+%define release_date 2025-01-09
+%define stage0_version 1.84.0
 
 Summary:        Rust Programming Language
 Name:           rust
-Version:        1.75.0
-Release:        12%{?dist}
+Version:        1.85.0
+Release:        2%{?dist}
 License:        (ASL 2.0 OR MIT) AND BSD AND CC-BY-3.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -41,10 +41,9 @@ Source4:        https://static.rust-lang.org/dist/%{release_date}/rust-std-%{sta
 Source5:        https://static.rust-lang.org/dist/%{release_date}/cargo-%{stage0_version}-aarch64-unknown-linux-gnu.tar.xz
 Source6:        https://static.rust-lang.org/dist/%{release_date}/rustc-%{stage0_version}-aarch64-unknown-linux-gnu.tar.xz
 Source7:        https://static.rust-lang.org/dist/%{release_date}/rust-std-%{stage0_version}-aarch64-unknown-linux-gnu.tar.xz
-Patch0:         CVE-2023-45853.patch
-Patch1:         CVE-2024-32884.patch
-Patch2:         CVE-2024-31852.patch
-
+# These ci tests are expecting rust source to be git repository, since we are using a tarball
+# we are missing git metadata so these tests are failing, hence ignoring these tests
+Patch0:         Ignore_failing_ci_tests.patch
 BuildRequires:  binutils
 BuildRequires:  cmake
 # make sure rust relies on curl from CBL-Mariner (instead of using its vendored flavor)
@@ -59,8 +58,11 @@ BuildRequires:  ninja-build
 # make sure rust relies on openssl from CBL-Mariner (instead of using its vendored flavor)
 BuildRequires:  openssl-devel
 BuildRequires:  python3
+# make sure rust depends on system zlib
+BuildRequires:  zlib-devel
 %if 0%{?with_check}
-BuildRequires:  glibc-static >= 2.38-9%{?dist}
+BuildRequires:  glibc-static >= 2.38-10%{?dist}
+BuildRequires:	sudo
 %endif
 # rustc uses a C compiler to invoke the linker, and links to glibc in most cases
 Requires:       binutils
@@ -113,7 +115,7 @@ sh ./configure \
     --prefix=%{_prefix} \
     --enable-extended \
     --enable-profiler \
-    --tools="cargo,clippy,rustfmt,rust-analyzer-proc-macro-srv,rust-demangler" \
+    --tools="cargo,clippy,rustfmt,rust-analyzer-proc-macro-srv" \
     --release-channel="stable" \
     --release-description="Azure Linux %{version}-%{release}"
 
@@ -125,21 +127,25 @@ USER=root SUDO_USER=root %make_build
 # We expect to generate dynamic CI contents in this folder, but it will fail since the .github folder is not included
 # with the published sources.
 mkdir -p .github/workflows
-./x.py run src/tools/expand-yaml-anchors
 
 ln -s %{_topdir}/BUILD/rustc-%{version}-src/build/x86_64-unknown-linux-gnu/stage2-tools-bin/rustfmt %{_topdir}/BUILD/rustc-%{version}-src/build/x86_64-unknown-linux-gnu/stage0/bin/
 ln -s %{_topdir}/BUILD/rustc-%{version}-src/vendor/ /root/vendor
+# Since mariner has `aarch64-unknown-linux-gnu-gcc` as native compiler in arm64 and a ptest is expecting `aarch64-linux-gnu-gcc`
+ln -s /usr/bin/aarch64-unknown-linux-gnu-gcc /usr/bin/aarch64-linux-gnu-gcc
 # remove rustdoc ui flaky test issue-98690.rs (which is tagged with 'unstable-options')
-rm -v ./tests/rustdoc-ui/issue-98690.*
-%make_build check
-
+rm -v ./tests/rustdoc-ui/issues/issue-98690.*
+useradd -m -d /home/test test
+chown -R test:test .
+sudo -u test %make_build check
+userdel -r test
 %install
 USER=root SUDO_USER=root %make_install
-mv %{buildroot}%{_docdir}/%{name}/LICENSE-THIRD-PARTY .
-rm %{buildroot}%{_docdir}/%{name}/{COPYRIGHT,LICENSE-APACHE,LICENSE-MIT}
-rm %{buildroot}%{_docdir}/%{name}/html/.lock
-rm %{buildroot}%{_docdir}/%{name}/*.old
-rm %{buildroot}%{_bindir}/*.old
+mv %{buildroot}%{_docdir}/cargo/LICENSE-THIRD-PARTY .
+rm %{buildroot}%{_docdir}/rustc/{COPYRIGHT,LICENSE-APACHE,LICENSE-MIT}
+rm %{buildroot}%{_docdir}/cargo/{LICENSE-APACHE,LICENSE-MIT}
+rm %{buildroot}%{_docdir}/clippy/{LICENSE-APACHE,LICENSE-MIT}
+rm %{buildroot}%{_docdir}/rustfmt/{LICENSE-APACHE,LICENSE-MIT}
+rm %{buildroot}%{_docdir}/docs/html/.lock
 
 %ldconfig_scriptlets
 
@@ -153,7 +159,6 @@ rm %{buildroot}%{_bindir}/*.old
 %{_libexecdir}/rust-analyzer-proc-macro-srv
 %{_bindir}/rust-gdb
 %{_bindir}/rust-gdbgui
-%{_bindir}/rust-demangler
 %{_bindir}/cargo
 %{_bindir}/cargo-clippy
 %{_bindir}/cargo-fmt
@@ -164,14 +169,29 @@ rm %{buildroot}%{_bindir}/*.old
 
 %files doc
 %license LICENSE-APACHE LICENSE-MIT LICENSE-THIRD-PARTY COPYRIGHT
-%doc %{_docdir}/%{name}/html/*
-%doc %{_docdir}/%{name}/README.md
+%doc %{_docdir}/rustc/README.md
+%doc %{_docdir}/cargo/*
+%doc %{_docdir}/rustfmt/*
+%doc %{_docdir}/clippy/*
+%doc %{_docdir}/docs/html/*
 %doc CONTRIBUTING.md README.md RELEASES.md
 %doc src/tools/clippy/CHANGELOG.md
 %doc src/tools/rustfmt/Configurations.md
 %{_mandir}/man1/*
 
 %changelog
+* Mon May 12 2025 Andrew Phelps  - 1.85.0-2
+- Bump to rebuild with updated glibc
+
+* Sun Apr 20 2025 Kavya Sree Kaitepalli  - 1.85.0-1
+- Upgrade to 1.85.0
+- Drop patches
+- Remove expand-yaml-anchors tool in %check
+- Remove rust-demangler tool 
+- Update generate_source_tarball script
+- Run %check as test user
+- Add explicit build dependency on zlib
+
 * Thu Feb 27 2025 Chris Co  - 1.75.0-12
 - Bump to rebuild with updated glibc
 
diff --git a/SPECS/selinux-policy/0041-rpm-Allow-gpg-agent-run-in-rpm-scripts-to-watch-secr.patch b/SPECS/selinux-policy/0041-rpm-Allow-gpg-agent-run-in-rpm-scripts-to-watch-secr.patch
new file mode 100644
index 0000000000..31d0c31d64
--- /dev/null
+++ b/SPECS/selinux-policy/0041-rpm-Allow-gpg-agent-run-in-rpm-scripts-to-watch-secr.patch
@@ -0,0 +1,31 @@
+From 7cbf9bac360e62fb7bc75d43f62cceab5786eb4f Mon Sep 17 00:00:00 2001
+From: Chris PeBenito 
+Date: Fri, 4 Apr 2025 14:17:34 -0400
+Subject: [PATCH 41/41] rpm: Allow gpg-agent run in rpm scripts to watch
+ secrets dirs.
+
+This a parallel change to the existing permission for rpm_t.
+
+Signed-off-by: Chris PeBenito 
+---
+ policy/modules/admin/rpm.te | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
+index 809e8c573..d0bad2d1b 100644
+--- a/policy/modules/admin/rpm.te
++++ b/policy/modules/admin/rpm.te
+@@ -408,6 +408,10 @@ optional_policy(`
+ 	')
+ ')
+ 
++optional_policy(`
++	gpg_watch_user_secrets_dirs(rpm_script_t)
++')
++
+ optional_policy(`
+ 	lvm_run(rpm_script_t, rpm_roles)
+ ')
+-- 
+2.49.0
+
diff --git a/SPECS/selinux-policy/selinux-policy.spec b/SPECS/selinux-policy/selinux-policy.spec
index 0386ba9a1e..d3fd2747d1 100644
--- a/SPECS/selinux-policy/selinux-policy.spec
+++ b/SPECS/selinux-policy/selinux-policy.spec
@@ -9,7 +9,7 @@
 Summary:        SELinux policy
 Name:           selinux-policy
 Version:        %{refpolicy_major}.%{refpolicy_minor}
-Release:        18%{?dist}
+Release:        19%{?dist}
 License:        GPLv2
 Vendor:         Intel Corporation
 Distribution:   Edge Microvisor Toolkit
@@ -73,6 +73,7 @@ Patch51:        0049-Fix-tpm2_abrmd-selinux-permission-denied.patch
 Patch52:        0050-Fix-fsadm-selinux-permission-denied.patch
 Patch53:        0051-Fix-ntpd-selinux-permission-denied.patch
 Patch54:        0038-enable-liveos-iso-flow.patch
+Patch55:        0041-rpm-Allow-gpg-agent-run-in-rpm-scripts-to-watch-secr.patch
 
 BuildRequires:  bzip2
 BuildRequires:  checkpolicy >= %{CHECKPOLICYVER}
@@ -345,6 +346,10 @@ exit 0
 selinuxenabled && semodule -nB
 exit 0
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 2.20240226-19
+- merge from Azure Linux 3.0.20250521-3.0
+- Add fix for gpg-agent use in rpm scripts for watching root's secrets dir.
+
 * Thu Apr 28 2025 Ranjan Dutta  - 2.20240226-18
 - Bump up the version on merge frm AZL tag 3.0.20250423-3.0
 - Add tmpfs fix for cloud-utils-growpart.
diff --git a/SPECS/simdjson/simdjson.signatures.json b/SPECS/simdjson/simdjson.signatures.json
new file mode 100644
index 0000000000..b39dfabb9a
--- /dev/null
+++ b/SPECS/simdjson/simdjson.signatures.json
@@ -0,0 +1,5 @@
+{
+    "Signatures": {
+     "simdjson-3.11.6.tar.gz": "7176a2feb98e1b36b6b9fa56d64151068865f505a0ce24203f3ddbb3f985103b"
+    }
+   }
diff --git a/SPECS/simdjson/simdjson.spec b/SPECS/simdjson/simdjson.spec
new file mode 100644
index 0000000000..c67f65a439
--- /dev/null
+++ b/SPECS/simdjson/simdjson.spec
@@ -0,0 +1,105 @@
+%global lib_version 24.0.0
+%global lib_soversion 24
+Summary:	    Parsing gigabytes of JSON per second
+Name:		    simdjson
+Version:	    3.11.6
+Release:	    2%{?dist}
+License:	    Apache-2.0 AND MIT
+URL:		    https://simdjson.org
+Source0:	    https://github.com/simdjson/simdjson/archive/v%{version}/%{name}-%{version}.tar.gz
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+BuildRequires:	cmake >= 3.1
+BuildRequires:	gcc-c++
+
+%description
+JSON is everywhere on the Internet. Servers spend a *lot* of time parsing it.
+We need a fresh approach. The simdjson library uses commonly available 
+SIMD instructions and microparallel algorithms to parse JSON 4x faster than
+RapidJSON and 25x faster than JSON for Modern C++.
+
+%package devel
+Summary:        Development files for %{name}
+Requires:	    %{name} = %{version}-%{release}
+Provides:       cmake(simdjson)
+
+%description devel
+The package contains libraries and header files for developing applications
+that use %{name}.
+
+%package doc
+Summary:        Documents for %{name}
+
+%description doc 
+%{summary}
+
+%prep
+%autosetup -p1 -n %{name}-%{version}
+
+%build
+%cmake -DSIMDJSON_TESTS=ON
+%cmake_build
+
+%install
+%cmake_install
+
+%check
+%ctest
+
+%files
+%license LICENSE
+%doc CONTRIBUTING.md README.md
+%{_libdir}/lib%{name}*.so.%{lib_soversion}
+%{_libdir}/lib%{name}*.so.%{lib_version}
+
+%files devel
+%license LICENSE
+%{_includedir}/%{name}.h
+%{_libdir}/cmake/%{name}
+%{_libdir}/lib%{name}.so
+%{_libdir}/pkgconfig/%{name}.pc
+
+%files doc
+%license LICENSE
+%doc doc
+
+%changelog
+* Fri April 11 2025 Riken Maharjan  - 3.11.6-2
+- Initial Azure Linux import from Fedora 43 (license: MIT)
+- License Verified
+
+* Thu Jan 16 2025 Ali Erdinc Koroglu  - 3.11.6-1
+- Update to 3.11.6 (rhbz#2330725)
+
+* Wed Nov 06 2024 Ali Erdinc Koroglu  - 3.10.1-1
+- Update to 3.10.1 (rhbz#2173069)
+
+* Fri Aug 02 2024 Ali Erdinc Koroglu  - 3.10.0-1
+- Update to 3.10.0
+
+* Mon Feb 26 2024 Ali Erdinc Koroglu  - 3.7.0-1
+- Update to 3.7.0
+
+* Sat Jan 27 2024 Fedora Release Engineering  - 3.6.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Dec 11 2023 Ali Erdinc Koroglu  - 3.6.3-1
+- Update to 3.6.3
+
+* Wed Nov 01 2023 Ali Erdinc Koroglu  - 3.6.0-1
+- Update to 3.6.0
+
+* Sat Jul 22 2023 Fedora Release Engineering  - 3.1.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Wed Jan 25 2023 aekoroglu  - 3.1.0-1
+- update to 3.1.0
+
+* Sat Jan 21 2023 Fedora Release Engineering  - 3.0.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Tue Nov 29 2022 aekoroglu  - 3.0.1-1
+- update to 3.0.1
+
+* Tue Aug 09 2022 aekoroglu  - 2.2.2-1
+- initial package
diff --git a/SPECS/skopeo/skopeo.spec b/SPECS/skopeo/skopeo.spec
index 8553a35b4c..7dc7aa6d30 100644
--- a/SPECS/skopeo/skopeo.spec
+++ b/SPECS/skopeo/skopeo.spec
@@ -1,7 +1,7 @@
 Summary:        Inspect container images and repositories on registries
 Name:           skopeo
 Version:        1.14.4
-Release:        5%{?dist}
+Release:        6%{?dist}
 License:        Apache-2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -33,7 +33,6 @@ registries without the need to pull them.
 %autosetup -p1
 
 %build
-tar --no-same-owner -xf %{SOURCE0}
 export GOPATH=%{our_gopath}
 make
 
@@ -52,6 +51,11 @@ make test-unit-local
 %{_mandir}/man1/%%{name}*
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 1.14.4-6
+- merge from Azure Linux 3.0.20250521-3.0
+- Remove extraction command from build
+- Fix CVE-2025-27144 with an upstream patch
+
 * Fri Apr 28 2025 Ranjan Dutta  - 1.14.4-5
 - merge from Azure Linux tag 3.0.20250423-3.0
 
diff --git a/SPECS/spdlog/spdlog-fmt_external.patch b/SPECS/spdlog/spdlog-fmt_external.patch
new file mode 100644
index 0000000000..c5b3900caf
--- /dev/null
+++ b/SPECS/spdlog/spdlog-fmt_external.patch
@@ -0,0 +1,25 @@
+From 1cc07822c72993b6a600657bae78d1d877c836ff Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= 
+Date: Fri, 26 Apr 2024 12:46:59 +0200
+Subject: [PATCH] Define SPDLOG_FMT_EXTERNAL
+
+---
+ include/spdlog/tweakme.h | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/include/spdlog/tweakme.h b/include/spdlog/tweakme.h
+index 5bcb5ff..2596d5d 100644
+--- a/include/spdlog/tweakme.h
++++ b/include/spdlog/tweakme.h
+@@ -79,6 +79,9 @@
+ // accordingly.
+ //
+ // #define SPDLOG_FMT_EXTERNAL
++#ifndef SPDLOG_FMT_EXTERNAL
++#define SPDLOG_FMT_EXTERNAL
++#endif
+ ///////////////////////////////////////////////////////////////////////////////
+ 
+ ///////////////////////////////////////////////////////////////////////////////
+-- 
+2.44.0
diff --git a/SPECS/spdlog/spdlog.signatures.json b/SPECS/spdlog/spdlog.signatures.json
new file mode 100644
index 0000000000..3b2df85f34
--- /dev/null
+++ b/SPECS/spdlog/spdlog.signatures.json
@@ -0,0 +1,6 @@
+{
+    "Signatures": {
+     "spdlog-1.15.2.tar.gz": "7a80896357f3e8e920e85e92633b14ba0f229c506e6f978578bdc35ba09e9a5d"
+    }
+   }
+   
\ No newline at end of file
diff --git a/SPECS/spdlog/spdlog.spec b/SPECS/spdlog/spdlog.spec
new file mode 100644
index 0000000000..ea9d888c25
--- /dev/null
+++ b/SPECS/spdlog/spdlog.spec
@@ -0,0 +1,231 @@
+Summary:        Super fast C++ logging library
+Name:           spdlog
+Version:        1.15.2
+Release:        2%{?dist}
+License:        MIT
+URL:            https://github.com/gabime/%{name}
+Source0:        %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+Patch0:         %{name}-fmt_external.patch
+BuildRequires:  catch-devel >= 3.0.0
+BuildRequires:  fmt-devel >= 10.0.0
+BuildRequires:  systemd-devel
+BuildRequires:  cmake
+BuildRequires:  gcc
+BuildRequires:  gcc-c++
+BuildRequires:  ninja-build
+
+%description
+This is a packaged version of the gabime/spdlog C++ logging
+library available at Github.
+
+%package devel
+Summary:        Development files for %{name}
+Requires:       %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
+Requires:       libstdc++-devel
+Requires:       fmt-devel
+
+%description devel
+The %{name}-devel package contains C++ header files for developing
+applications that use %{name}.
+
+%prep
+%autosetup -p1
+find . -name '.gitignore' -delete
+sed -e "s,\r,," -i README.md
+rm -f tests/catch.hpp
+
+%build
+%cmake -G Ninja \
+    -DCMAKE_INSTALL_LIBDIR=%{_lib} \
+    -DCMAKE_BUILD_TYPE=Release \
+    -DSPDLOG_BUILD_SHARED=ON \
+    -DSPDLOG_BUILD_EXAMPLE=OFF \
+    -DSPDLOG_BUILD_BENCH=OFF \
+    -DSPDLOG_BUILD_TESTS=ON \
+    -DSPDLOG_INSTALL=ON \
+    -DSPDLOG_FMT_EXTERNAL=ON
+%cmake_build
+
+%check
+%ctest
+
+%install
+%cmake_install
+
+%files
+%license LICENSE
+%doc README.md
+%{_libdir}/lib%{name}.so.1.15*
+
+%files devel
+%doc example
+%{_includedir}/%{name}
+%{_libdir}/lib%{name}.so
+%{_libdir}/cmake/%{name}
+%{_libdir}/pkgconfig/%{name}.pc
+
+%changelog
+* Fri April 11 2025 Riken Maharjan  - 1.12.0-5
+- Initial Azure Linux import from Fedora 43 (license: MIT)
+- License Verified
+
+* Fri Apr 26 2024 Frantisek Zatloukal  - 1.12.0-4
+- Flag that we use an external fmt
+
+* Sat Jan 27 2024 Fedora Release Engineering  - 1.12.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sat Jul 22 2023 Fedora Release Engineering  - 1.12.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Sat Jul 08 2023 Vitaly Zaitsev  - 1.12.0-1
+- Updated to version 1.12.0.
+
+* Mon May 29 2023 Vitaly Zaitsev  - 1.11.0-6
+- Rebuilt due to fmt library update.
+
+* Wed Mar 01 2023 Vitaly Zaitsev  - 1.11.0-5
+- Ported to catch v3. Fixed FTBFS in ELN.
+
+* Tue Feb 28 2023 Vitaly Zaitsev  - 1.11.0-4
+- Fixed FTBFS in EPEL/ELN due to catch v3 update.
+
+* Tue Feb 28 2023 Vitaly Zaitsev  - 1.11.0-3
+- Fixed FTBFS due to catch v3 update.
+
+* Sat Jan 21 2023 Fedora Release Engineering  - 1.11.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Thu Nov 03 2022 Vitaly Zaitsev  - 1.11.0-1
+- Updated to version 1.11.0.
+
+* Sat Jul 23 2022 Fedora Release Engineering  - 1.10.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Sun Jul 10 2022 Vitaly Zaitsev  - 1.10.0-2
+- Rebuilt due to fmt library update.
+
+* Mon Apr 18 2022 Vitaly Zaitsev  - 1.10.0-1
+- Updated to version 1.10.0.
+
+* Sat Jan 22 2022 Fedora Release Engineering  - 1.9.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Wed Sep 15 2021 Vitaly Zaitsev  - 1.9.2-2
+- Rebuilt due to google-benchmark 1.6.0 update.
+
+* Fri Aug 13 2021 Vitaly Zaitsev  - 1.9.2-1
+- Updated to version 1.9.2.
+
+* Tue Jul 27 2021 Vitaly Zaitsev  - 1.9.1-1
+- Updated to version 1.9.1.
+
+* Fri Jul 23 2021 Fedora Release Engineering  - 1.9.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Wed Jul 21 2021 Vitaly Zaitsev  - 1.9.0-1
+- Updated to version 1.9.0.
+
+* Sun Jul 04 2021 Vitaly Zaitsev  - 1.8.5-2
+- Rebuilt due to fmt library update.
+
+* Fri Apr 02 2021 Vitaly Zaitsev  - 1.8.5-1
+- Updated to version 1.8.5.
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 1.8.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Sat Dec 12 2020 Vitaly Zaitsev  - 1.8.2-1
+- Updated to version 1.8.2.
+
+* Tue Oct 13 2020 Vitaly Zaitsev  - 1.8.1-1
+- Updated to version 1.8.1.
+
+* Sat Sep 05 2020 Vitaly Zaitsev  - 1.8.0-1
+- Updated to version 1.8.0.
+
+* Tue Jul 21 2020 Vitaly Zaitsev  - 1.7.0-1
+- Updated to version 1.7.0.
+
+* Tue Jun 02 2020 Vitaly Zaitsev  - 1.6.1-1
+- Updated to version 1.6.1.
+
+* Thu Jan 30 2020 Fedora Release Engineering  - 1.5.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Jan 27 2020 Vitaly Zaitsev  - 1.5.0-1
+- Updated to version 1.5.0.
+
+* Wed Dec 18 2019 Vitaly Zaitsev  - 1.4.2-1
+- Updated to version 1.4.2.
+
+* Fri Jul 26 2019 Fedora Release Engineering  - 1.3.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sun Feb 03 2019 Fedora Release Engineering  - 1.3.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Sun Jan 20 2019 Vitaly Zaitsev  - 1.3.1-1
+- Updated to version 1.3.1.
+
+* Mon Nov 05 2018 Vitaly Zaitsev  - 1.2.1-1
+- Updated to version 1.2.1.
+
+* Sun Sep 02 2018 Vitaly Zaitsev  - 1.1.0-1
+- Updated to version 1.1.0.
+
+* Thu Aug 09 2018 Vitaly Zaitsev  - 1.0.0-1
+- Updated to version 1.0.0.
+
+* Sat Jul 14 2018 Fedora Release Engineering  - 0.17.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Mon Jun 18 2018 Vitaly Zaitsev  - 0.17.0-1
+- Updated to version 0.17.0.
+- Added tests support.
+- Added cmake and pkg-config support.
+
+* Fri Feb 09 2018 Fedora Release Engineering  - 0.10.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Thu Aug 03 2017 Fedora Release Engineering  - 0.10.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering  - 0.10.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sat Feb 11 2017 Fedora Release Engineering  - 0.10.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Sun Sep 04 2016 Daniel Kopecek  - 0.10.0-1
+- Update to 0.10.0
+
+* Fri Jul 08 2016 Daniel Kopecek  - 0-8.20160703git34bb86b
+- update to rev 34bb86b
+
+* Fri Feb 05 2016 Fedora Release Engineering  - 0-7.20151110gitcbc8ba7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Tue Nov 10 2015 Daniel Kopecek  - 0-6.20151110gitcbc8ba7
+- update to rev cbc8ba7
+
+* Fri Jun 19 2015 Fedora Release Engineering  - 0-5.20150410git211ce99
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Thu Apr 30 2015 Daniel Kopecek  - 0-4.20150410git211ce99
+- don't build the base package
+- remove a dot from the release tag
+- corrected -devel subpackage description
+
+* Mon Apr 20 2015 Daniel Kopecek  - 0-3.20150410git.211ce99
+- use the -p option when copying the header files
+
+* Tue Apr 14 2015 Daniel Kopecek  - 0-2.20150410git.211ce99
+- don't build the debuginfo subpackage
+- require libstdc++-devel
+- don't generate a distribution specific pkg-config file
+
+* Fri Apr 10 2015 Daniel Kopecek  - 0-1.20150410git.211ce99
+- Initial package
diff --git a/SPECS/sriov-network-device-plugin/CVE-2025-22872.patch b/SPECS/sriov-network-device-plugin/CVE-2025-22872.patch
new file mode 100644
index 0000000000..a9203f2a9a
--- /dev/null
+++ b/SPECS/sriov-network-device-plugin/CVE-2025-22872.patch
@@ -0,0 +1,42 @@
+From 01035da6c5be2080f75765d9ebbb462614d7e81a Mon Sep 17 00:00:00 2001
+From: jykanase 
+Date: Tue, 22 Apr 2025 08:15:38 +0000
+Subject: [PATCH] CVE-2025-22872
+
+Upstream patch reference: https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9
+---
+ vendor/golang.org/x/net/html/token.go | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go
+index 3c57880..6598c1f 100644
+--- a/vendor/golang.org/x/net/html/token.go
++++ b/vendor/golang.org/x/net/html/token.go
+@@ -839,8 +839,22 @@ func (z *Tokenizer) readStartTag() TokenType {
+ 	if raw {
+ 		z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end]))
+ 	}
+-	// Look for a self-closing token like "
".
+-	if z.err == nil && z.buf[z.raw.end-2] == '/' {
++	// Look for a self-closing token (e.g. 
).
++	//
++	// Originally, we did this by just checking that the last character of the
++	// tag (ignoring the closing bracket) was a solidus (/) character, but this
++	// is not always accurate.
++	//
++	// We need to be careful that we don't misinterpret a non-self-closing tag
++	// as self-closing, as can happen if the tag contains unquoted attribute
++	// values (i.e. 
).
++	//
++	// To avoid this, we check that the last non-bracket character of the tag
++	// (z.raw.end-2) isn't the same character as the last non-quote character of
++	// the last attribute of the tag (z.pendingAttr[1].end-1), if the tag has
++	// attributes.
++	nAttrs := len(z.attr)
++	if z.err == nil && z.buf[z.raw.end-2] == '/' && (nAttrs == 0 || z.raw.end-2 != z.attr[nAttrs-1][1].end-1) {
+ 		return SelfClosingTagToken
+ 	}
+ 	return StartTagToken
+-- 
+2.45.2
+
diff --git a/SPECS/sriov-network-device-plugin/sriov-network-device-plugin.spec b/SPECS/sriov-network-device-plugin/sriov-network-device-plugin.spec
index 08583ba6b6..2704aff5f7 100644
--- a/SPECS/sriov-network-device-plugin/sriov-network-device-plugin.spec
+++ b/SPECS/sriov-network-device-plugin/sriov-network-device-plugin.spec
@@ -1,7 +1,7 @@
 Summary:        Plugin for discovering and advertising networking resources
 Name:           sriov-network-device-plugin
 Version:        3.7.0
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -10,6 +10,7 @@ Source0:        https://github.com/k8snetworkplumbingwg/%{name}/archive/refs/tag
 Source1:        %{name}-%{version}-vendor.tar.gz
 Patch0:         CVE-2024-45338.patch
 Patch1:		CVE-2024-45339.patch
+Patch2:         CVE-2025-22872.patch
 BuildRequires:  golang
 Requires:       gawk
 Requires:       hwdata
@@ -39,6 +40,10 @@ install -D -m0755 images/ddptool-1.0.1.12.tar.gz %{buildroot}%{_datadir}/%{name}
 %{_datadir}/%{name}/ddptool-1.0.1.12.tar.gz
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 3.7.0-5
+- merge from Azure Linux 3.0.20250521-3.0
+- Patch CVE-2025-22872
+
 * Fri Mar 21 2025 Anuj Mittal  - 3.7.0-4
 - Bump Release to rebuild
 
diff --git a/SPECS-EXTENDED/stunnel/Certificate-Creation b/SPECS/stunnel/Certificate-Creation
similarity index 100%
rename from SPECS-EXTENDED/stunnel/Certificate-Creation
rename to SPECS/stunnel/Certificate-Creation
diff --git a/SPECS-EXTENDED/stunnel/pop3-redirect.xinetd b/SPECS/stunnel/pop3-redirect.xinetd
similarity index 100%
rename from SPECS-EXTENDED/stunnel/pop3-redirect.xinetd
rename to SPECS/stunnel/pop3-redirect.xinetd
diff --git a/SPECS-EXTENDED/stunnel/sfinger.xinetd b/SPECS/stunnel/sfinger.xinetd
similarity index 100%
rename from SPECS-EXTENDED/stunnel/sfinger.xinetd
rename to SPECS/stunnel/sfinger.xinetd
diff --git a/SPECS-EXTENDED/stunnel/stunnel-5.50-authpriv.patch b/SPECS/stunnel/stunnel-5.50-authpriv.patch
similarity index 100%
rename from SPECS-EXTENDED/stunnel/stunnel-5.50-authpriv.patch
rename to SPECS/stunnel/stunnel-5.50-authpriv.patch
diff --git a/SPECS-EXTENDED/stunnel/stunnel-5.56-curves-doc-update.patch b/SPECS/stunnel/stunnel-5.56-curves-doc-update.patch
similarity index 79%
rename from SPECS-EXTENDED/stunnel/stunnel-5.56-curves-doc-update.patch
rename to SPECS/stunnel/stunnel-5.56-curves-doc-update.patch
index c61263e01b..884b53c990 100644
--- a/SPECS-EXTENDED/stunnel/stunnel-5.56-curves-doc-update.patch
+++ b/SPECS/stunnel/stunnel-5.56-curves-doc-update.patch
@@ -1,8 +1,8 @@
-From e951a8a7edc87dbd608043f8aab67ef12979e3ca Mon Sep 17 00:00:00 2001
+From 2d720572b081397b187f502980bb57a8301f06f0 Mon Sep 17 00:00:00 2001
 From: Sahana Prasad 
 Date: Mon, 12 Sep 2022 11:07:38 +0200
-Subject: [PATCH 6/8] Apply patch stunnel-5.56-curves-doc-update.patch
-
+Subject: [PATCH 5/5] Apply patch stunnel-5.56-curves-doc-update.patch
+ 
 Patch-name: stunnel-5.56-curves-doc-update.patch
 Patch-id: 6
 From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
@@ -14,14 +14,14 @@ From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
  doc/stunnel.pl.pod.in  | 2 ++
  doc/stunnel.pod.in     | 2 ++
  6 files changed, 12 insertions(+)
-
+ 
 diff --git a/doc/stunnel.8.in b/doc/stunnel.8.in
-index a56f0b7..977a1a4 100644
+index e74e174..03b503b 100644
 --- a/doc/stunnel.8.in
 +++ b/doc/stunnel.8.in
-@@ -475,6 +475,8 @@ This file contains multiple CRLs, used with the \fIverifyChain\fR and
+@@ -490,6 +490,8 @@ This file contains multiple CRLs, used with the \fIverifyChain\fR and
  .IX Item "curves = list"
- \&\s-1ECDH\s0 curves separated with ':'
+ ECDH curves separated with ':'
  .Sp
 +Note: This option is supported for server mode sockets only.
 +.Sp
@@ -29,10 +29,10 @@ index a56f0b7..977a1a4 100644
  .Sp
  To get a list of supported curves use:
 diff --git a/doc/stunnel.html.in b/doc/stunnel.html.in
-index 608afa9..cecc81a 100644
+index df0efdd..385ac8d 100644
 --- a/doc/stunnel.html.in
 +++ b/doc/stunnel.html.in
-@@ -570,6 +570,8 @@
+@@ -596,6 +596,8 @@
  
  
ECDH curves separated with ':'

  
@@ -42,12 +42,12 @@ index 608afa9..cecc81a 100644
  
  
To get a list of supported curves use:

 diff --git a/doc/stunnel.pl.8.in b/doc/stunnel.pl.8.in
-index e2e6622..eae88f8 100644
+index 4efe602..9683b4c 100644
 --- a/doc/stunnel.pl.8.in
 +++ b/doc/stunnel.pl.8.in
-@@ -492,6 +492,8 @@ przez opcje \fIverifyChain\fR i \fIverifyPeer\fR.
+@@ -494,6 +494,8 @@ przez opcje \fIverifyChain\fR i \fIverifyPeer\fR.
  .IX Item "curves = lista"
- krzywe \s-1ECDH\s0 odddzielone ':'
+ krzywe ECDH odddzielone ':'
  .Sp
 +Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.
 +.Sp
@@ -55,10 +55,10 @@ index e2e6622..eae88f8 100644
  .Sp
  Listę dostępnych krzywych można uzyskać poleceniem:
 diff --git a/doc/stunnel.pl.html.in b/doc/stunnel.pl.html.in
-index 7be87f1..7fd7a7c 100644
+index 8e40042..3025e9f 100644
 --- a/doc/stunnel.pl.html.in
 +++ b/doc/stunnel.pl.html.in
-@@ -568,6 +568,8 @@
+@@ -586,6 +586,8 @@
  
  
krzywe ECDH odddzielone ':'

  
@@ -68,10 +68,10 @@ index 7be87f1..7fd7a7c 100644
  
  
Listę dostępnych krzywych można uzyskać poleceniem:

 diff --git a/doc/stunnel.pl.pod.in b/doc/stunnel.pl.pod.in
-index dc6b255..712f751 100644
+index 4419f9f..c48387a 100644
 --- a/doc/stunnel.pl.pod.in
 +++ b/doc/stunnel.pl.pod.in
-@@ -516,6 +516,8 @@ przez opcje I i I.
+@@ -535,6 +535,8 @@ przez opcje I i I.
  
  krzywe ECDH odddzielone ':'
  
@@ -81,10 +81,10 @@ index dc6b255..712f751 100644
  
  Listę dostępnych krzywych można uzyskać poleceniem:
 diff --git a/doc/stunnel.pod.in b/doc/stunnel.pod.in
-index 840c708..85cc199 100644
+index 1a49d42..7a92697 100644
 --- a/doc/stunnel.pod.in
 +++ b/doc/stunnel.pod.in
-@@ -501,6 +501,8 @@ I options.
+@@ -533,6 +533,8 @@ I options.
  
  ECDH curves separated with ':'
  
@@ -94,5 +94,4 @@ index 840c708..85cc199 100644
  
  To get a list of supported curves use:
 -- 
-2.37.3
-
+2.46.0
diff --git a/SPECS-EXTENDED/stunnel/stunnel-5.56.tar.gz.asc b/SPECS/stunnel/stunnel-5.56.tar.gz.asc
similarity index 100%
rename from SPECS-EXTENDED/stunnel/stunnel-5.56.tar.gz.asc
rename to SPECS/stunnel/stunnel-5.56.tar.gz.asc
diff --git a/SPECS-EXTENDED/stunnel/stunnel-5.61-systemd-service.patch b/SPECS/stunnel/stunnel-5.61-systemd-service.patch
similarity index 100%
rename from SPECS-EXTENDED/stunnel/stunnel-5.61-systemd-service.patch
rename to SPECS/stunnel/stunnel-5.61-systemd-service.patch
diff --git a/SPECS-EXTENDED/stunnel/stunnel-5.69-default-tls-version.patch b/SPECS/stunnel/stunnel-5.69-default-tls-version.patch
similarity index 84%
rename from SPECS-EXTENDED/stunnel/stunnel-5.69-default-tls-version.patch
rename to SPECS/stunnel/stunnel-5.69-default-tls-version.patch
index 36ac3535c0..59bb35a356 100644
--- a/SPECS-EXTENDED/stunnel/stunnel-5.69-default-tls-version.patch
+++ b/SPECS/stunnel/stunnel-5.69-default-tls-version.patch
@@ -1,7 +1,7 @@
-From 1d3349209f339e6a68312fce076e355bc767d76c Mon Sep 17 00:00:00 2001
+From 749c3b57caded6285cb5f76f17c4359e92474875 Mon Sep 17 00:00:00 2001
 From: Clemens Lang 
 Date: Mon, 12 Sep 2022 11:07:38 +0200
-Subject: [PATCH 5/7] Apply patch stunnel-5.69-default-tls-version.patch
+Subject: [PATCH] Apply patch stunnel-5.69-default-tls-version.patch
 
 Patch-name: stunnel-5.69-default-tls-version.patch
 Patch-id: 5
@@ -13,13 +13,13 @@ From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
  3 files changed, 36 insertions(+), 16 deletions(-)
 
 diff --git a/src/ctx.c b/src/ctx.c
-index 6a42a6b..cba24d9 100644
+index 3f3dbf8..7935e84 100644
 --- a/src/ctx.c
 +++ b/src/ctx.c
-@@ -152,19 +152,29 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
-     section->ctx=SSL_CTX_new(section->option.client ?
-         TLS_client_method() : TLS_server_method());
- #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */
+@@ -168,19 +168,29 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
+ 
+     /* set supported protocol versions */
+ #if OPENSSL_VERSION_NUMBER>=0x10100000L
 -    if(section->min_proto_version &&
 -            !SSL_CTX_set_min_proto_version(section->ctx,
 -            section->min_proto_version)) {
@@ -56,13 +56,13 @@ index 6a42a6b..cba24d9 100644
 +            return 1; /* FAILED */
 +        }
      }
- #else /* OPENSSL_VERSION_NUMBER<0x10100000L */
-     if(section->option.client)
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10100000L */
+ 
 diff --git a/src/options.c b/src/options.c
-index 4d31815..2ec5934 100644
+index 00196fc..1946129 100644
 --- a/src/options.c
 +++ b/src/options.c
-@@ -3371,8 +3371,9 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
+@@ -3437,8 +3437,9 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
              return "Invalid protocol version";
          return NULL; /* OK */
      case CMD_INITIALIZE:
@@ -74,7 +74,7 @@ index 4d31815..2ec5934 100644
              return "Invalid protocol version range";
          break;
      case CMD_PRINT_DEFAULTS:
-@@ -3390,7 +3391,10 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
+@@ -3456,7 +3457,10 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
      /* sslVersionMax */
      switch(cmd) {
      case CMD_SET_DEFAULTS:
@@ -86,7 +86,7 @@ index 4d31815..2ec5934 100644
          break;
      case CMD_SET_COPY:
          section->max_proto_version=new_service_options.max_proto_version;
-@@ -3421,7 +3425,10 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
+@@ -3487,7 +3491,10 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
      /* sslVersionMin */
      switch(cmd) {
      case CMD_SET_DEFAULTS:
@@ -99,10 +99,10 @@ index 4d31815..2ec5934 100644
      case CMD_SET_COPY:
          section->min_proto_version=new_service_options.min_proto_version;
 diff --git a/src/prototypes.h b/src/prototypes.h
-index 0ecd719..a126c9e 100644
+index 83496bd..d443e18 100644
 --- a/src/prototypes.h
 +++ b/src/prototypes.h
-@@ -940,6 +940,9 @@ ICON_IMAGE load_icon_default(ICON_TYPE);
+@@ -960,6 +960,9 @@ ICON_IMAGE load_icon_default(ICON_TYPE);
  ICON_IMAGE load_icon_file(const char *);
  #endif
  
@@ -113,5 +113,5 @@ index 0ecd719..a126c9e 100644
  
  /* end of prototypes.h */
 -- 
-2.39.2
+2.45.3
 
diff --git a/SPECS-EXTENDED/stunnel/stunnel-5.69-system-ciphers.patch b/SPECS/stunnel/stunnel-5.69-system-ciphers.patch
similarity index 100%
rename from SPECS-EXTENDED/stunnel/stunnel-5.69-system-ciphers.patch
rename to SPECS/stunnel/stunnel-5.69-system-ciphers.patch
diff --git a/SPECS-EXTENDED/stunnel/stunnel-pop3s-client.conf b/SPECS/stunnel/stunnel-pop3s-client.conf
similarity index 100%
rename from SPECS-EXTENDED/stunnel/stunnel-pop3s-client.conf
rename to SPECS/stunnel/stunnel-pop3s-client.conf
diff --git a/SPECS-EXTENDED/stunnel/stunnel-sfinger.conf b/SPECS/stunnel/stunnel-sfinger.conf
similarity index 100%
rename from SPECS-EXTENDED/stunnel/stunnel-sfinger.conf
rename to SPECS/stunnel/stunnel-sfinger.conf
diff --git a/SPECS-EXTENDED/stunnel/stunnel.signatures.json b/SPECS/stunnel/stunnel.signatures.json
similarity index 85%
rename from SPECS-EXTENDED/stunnel/stunnel.signatures.json
rename to SPECS/stunnel/stunnel.signatures.json
index 4ba6072483..ac9f8cc0a2 100644
--- a/SPECS-EXTENDED/stunnel/stunnel.signatures.json
+++ b/SPECS/stunnel/stunnel.signatures.json
@@ -3,9 +3,9 @@
   "Certificate-Creation": "d00fa133b7e7b241c6d973a70a2ae24d38afed6dfc06014aeff117f4cf8e0163",
   "pop3-redirect.xinetd": "d4953253db8cfd8ea1449911ad32723bf7230a8c8edfb394c83b02feeb25f84b",
   "sfinger.xinetd": "e9bb26d7e8fbe978d34168ecbb22205179345cfc1874b00c87de17bcb287d9a9",
-  "stunnel-5.70.tar.gz": "7bbc7b9e9a988d76301325db4c110ec360a98ffb8a221c7accbff9c0a8bae2f3",
+  "stunnel-5.74.tar.gz": "9bef235ab5d24a2a8dff6485dfd782ed235f4407e9bc8716deb383fc80cd6230",
   "stunnel-pop3s-client.conf": "95379ab5046177833b717c4c832748d31ec314f469c67e9fe4b160876ca93066",
   "stunnel-sfinger.conf": "4d06bccd910b1c8d89ed560fb8375e5e0b220e368a51ce6714e0bc2cd67dc6e4",
   "stunnel@.service": "8e86d44d83d1722371393ff3943e1779111b033da5e89ad1e564d2e5e3be0d89"
  }
-}
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/stunnel/stunnel.spec b/SPECS/stunnel/stunnel.spec
similarity index 99%
rename from SPECS-EXTENDED/stunnel/stunnel.spec
rename to SPECS/stunnel/stunnel.spec
index 655175f597..6ffb7d95e9 100644
--- a/SPECS-EXTENDED/stunnel/stunnel.spec
+++ b/SPECS/stunnel/stunnel.spec
@@ -4,7 +4,7 @@
 
 Summary:        A TLS-encrypting socket wrapper
 Name:           stunnel
-Version:        5.70
+Version:        5.74
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -26,11 +26,8 @@ Patch1:         stunnel-5.61-systemd-service.patch
 # platforms, OpenSSL supports the PROFILE=SYSTEM setting to use those
 # policies. Change stunnel to default to this setting.
 Patch3:         stunnel-5.69-system-ciphers.patch
-Patch4:         stunnel-5.56-coverity.patch
 Patch5:         stunnel-5.69-default-tls-version.patch
 Patch6:         stunnel-5.56-curves-doc-update.patch
-# Limit curves defaults in FIPS mode
-Patch8:         stunnel-5.62-disabled-curves.patch
 # build test requirements
 BuildRequires:  %{_bindir}/nc
 BuildRequires:  %{_bindir}/pod2html
@@ -46,6 +43,7 @@ BuildRequires:  openssl-devel
 BuildRequires:  pkgconfig
 BuildRequires:  systemd
 BuildRequires:  util-linux
+BuildRequires:  python-cryptography
 %{?systemd_requires}
 %if %{with libwrap}
 BuildRequires:  tcp_wrappers-devel
@@ -143,6 +141,10 @@ make test || (for i in tests/logs/*.log ; do echo "$i": ; cat "$i" ; done)
 %systemd_postun_with_restart %{name}.service
 
 %changelog
+* Mon Apr 21 2025 Sandeep Karambelkar  - 5.74-1
+- Upgrade to 5.74 and remove unwanted patches
+- Verified License
+
 * Mon Sep 04 2023 Muhammad Falak R Wani  - 5.70-1
 - Upgrade version to address CVE-2021-20230
 - Lint spec
diff --git a/SPECS-EXTENDED/stunnel/stunnel@.service b/SPECS/stunnel/stunnel@.service
similarity index 100%
rename from SPECS-EXTENDED/stunnel/stunnel@.service
rename to SPECS/stunnel/stunnel@.service
diff --git a/SPECS/subversion/CVE-2024-46901-advisory.patch b/SPECS/subversion/CVE-2024-46901-advisory.patch
new file mode 100644
index 0000000000..097743942e
--- /dev/null
+++ b/SPECS/subversion/CVE-2024-46901-advisory.patch
@@ -0,0 +1,255 @@
+  mod_dav_svn denial-of-service via control characters in paths
+
+Summary:
+========
+
+  It has been discovered that the patch for CVE-2013-1968 was incomplete
+  and unintentionally left mod_dav_svn vulnerable to control characters
+  in filenames.
+
+  If a path or a revision-property which contains control characters is
+  committed to a repository then SVN operations served by mod_dav_svn
+  can be disrupted.
+
+Known vulnerable:
+=================
+
+ Subversion mod_dav_svn servers through 1.14.4 (inclusive).
+
+Known fixed:
+============
+
+  Servers running Subversion 1.14.5
+
+Details:
+========
+
+  If a path which contains control characters is committed to a repository
+  then SVN operations served by mod_dav_svn can be disrupted by encoding
+  errors raised from the XML library.
+
+  This leads to disruption for users accessing the repository via HTTP.
+  Affected repositories can be repaired (see "Recommendations" below).
+  However, restoring proper operation might take some time because a
+  full dump/load cycle may be required.
+
+  Local repositories and svnserve repository servers (accessed via a
+  file://, svn://, or svn+ssh:// URL) are not affected. In these cases,
+  control characters have been rejected since CVE-2013-1968 was patched
+  in Subversion 1.6.21 and Subversion 1.7.9.
+
+  Known symptoms of the problem include:
+
+   1) 'svn checkout', 'svnsync', and other operations that attempt to
+      read the affected revision may produce errors like:
+   
+         svn: E175009: The XML response contains invalid XML
+         svn: E130003: Malformed XML: not well-formed (invalid token)
+
+   2) Attempts to browse affected files or directories via the web
+      interface will cause the server to return:
+      
+         500 Internal Server Error
+
+  Apache Subversion clients have always rejected filenames with control
+  characters, so control characters cannot be introduced with stock
+  Subversion clients. They could, however, be triggered by custom
+  malicious Subversion clients or by third-party client implementations.
+
+  Servers updated to Subversion 1.14.5 will reject control characters in
+  all cases.
+
+Severity:
+=========
+
+  CVSSv3.1 Base Score: 3.1
+  CVSSv3.1 Base Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
+
+  A remote authenticated attacker with commit access may be able to
+  corrupt repositories on a Subversion server and cause disruption for
+  other users.
+
+  Configurations that allow anonymous write access to the repository
+  will be vulnerable to this without authentication.
+
+Recommendations:
+================
+
+  We recommend all users to upgrade their servers to a known fixed
+  release of Subversion.
+
+  Users who are unable to upgrade may apply the patch included below.
+
+  New Subversion packages can be found at:
+  http://subversion.apache.org/packages.html
+
+  Repositories affected by this problem can be repaired manually:
+
+  Bad revision properties can be repaired by using svn propedit over
+  the file://, svn:// or svn+ssh:// protocols.
+
+  Bad paths which have entered a repository need to be removed from
+  history with a dump/load cycle, using svnadmin dump --exclude to
+  filter out the bad paths, and loading the result into a fresh
+  repository with svnadmin load.
+
+References:
+===========
+
+  CVE-2024-46901 (Subversion)
+  CVE-2013-1968 (Subversion)
+
+  XML Characters: https://www.w3.org/TR/xml/#charsets
+
+Reported by:
+============
+
+  HaoZi, WordPress China
+
+Patches:
+========
+
+  Patch against Subversion 1.14.4:
+
+Link: https://subversion.apache.org/security/CVE-2024-46901-advisory.txt
+
+[[[
+Index: subversion/include/private/svn_repos_private.h
+===================================================================
+--- subversion/include/private/svn_repos_private.h	(revision 1921550)
++++ subversion/include/private/svn_repos_private.h	(working copy)
+@@ -390,6 +390,14 @@ svn_repos__get_dump_editor(const svn_delta_editor_
+                            const char *update_anchor_relpath,
+                            apr_pool_t *pool);
+ 
++/* Validate that the given PATH is a valid pathname that can be stored in
++ * a Subversion repository, according to the name constraints used by the
++ * svn_repos_* layer.
++ */
++svn_error_t *
++svn_repos__validate_new_path(const char *path,
++                             apr_pool_t *scratch_pool);
++
+ #ifdef __cplusplus
+ }
+ #endif /* __cplusplus */
+Index: subversion/libsvn_repos/commit.c
+===================================================================
+--- subversion/libsvn_repos/commit.c	(revision 1921550)
++++ subversion/libsvn_repos/commit.c	(working copy)
+@@ -308,8 +308,7 @@ add_file_or_directory(const char *path,
+   svn_boolean_t was_copied = FALSE;
+   const char *full_path, *canonicalized_path;
+ 
+-  /* Reject paths which contain control characters (related to issue #4340). */
+-  SVN_ERR(svn_path_check_valid(path, pool));
++  SVN_ERR(svn_repos__validate_new_path(path, pool));
+ 
+   SVN_ERR(svn_relpath_canonicalize_safe(&canonicalized_path, NULL, path,
+                                         pool, pool));
+Index: subversion/libsvn_repos/repos.c
+===================================================================
+--- subversion/libsvn_repos/repos.c	(revision 1921550)
++++ subversion/libsvn_repos/repos.c	(working copy)
+@@ -2092,3 +2092,13 @@ svn_repos__fs_type(const char **fs_type,
+                      svn_dirent_join(repos_path, SVN_REPOS__DB_DIR, pool),
+                      pool);
+ }
++
++svn_error_t *
++svn_repos__validate_new_path(const char *path,
++                             apr_pool_t *scratch_pool)
++{
++  /* Reject paths which contain control characters (related to issue #4340). */
++  SVN_ERR(svn_path_check_valid(path, scratch_pool));
++
++  return SVN_NO_ERROR;
++}
+Index: subversion/mod_dav_svn/lock.c
+===================================================================
+--- subversion/mod_dav_svn/lock.c	(revision 1921550)
++++ subversion/mod_dav_svn/lock.c	(working copy)
+@@ -36,6 +36,7 @@
+ #include "svn_pools.h"
+ #include "svn_props.h"
+ #include "private/svn_log.h"
++#include "private/svn_repos_private.h"
+ 
+ #include "dav_svn.h"
+ 
+@@ -717,6 +718,12 @@ append_locks(dav_lockdb *lockdb,
+ 
+       /* Commit a 0-byte file: */
+ 
++      if ((serr = svn_repos__validate_new_path(resource->info->repos_path,
++                                               resource->pool)))
++        return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
++                                    "Request specifies an invalid path.",
++                                    resource->pool);
++
+       if ((serr = dav_svn__get_youngest_rev(&rev, repos, resource->pool)))
+         return dav_svn__convert_err(serr, HTTP_INTERNAL_SERVER_ERROR,
+                                     "Could not determine youngest revision",
+Index: subversion/mod_dav_svn/repos.c
+===================================================================
+--- subversion/mod_dav_svn/repos.c	(revision 1921550)
++++ subversion/mod_dav_svn/repos.c	(working copy)
+@@ -2928,6 +2928,16 @@ open_stream(const dav_resource *resource,
+ 
+   if (kind == svn_node_none) /* No existing file. */
+     {
++      serr = svn_repos__validate_new_path(resource->info->repos_path,
++                                          resource->pool);
++
++      if (serr != NULL)
++        {
++          return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
++                                      "Request specifies an invalid path.",
++                                      resource->pool);
++        }
++
+       serr = svn_fs_make_file(resource->info->root.root,
+                               resource->info->repos_path,
+                               resource->pool);
+@@ -4120,6 +4130,14 @@ create_collection(dav_resource *resource)
+         return err;
+     }
+ 
++  if ((serr = svn_repos__validate_new_path(resource->info->repos_path,
++                                           resource->pool)) != NULL)
++    {
++      return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
++                                  "Request specifies an invalid path.",
++                                  resource->pool);
++    }
++
+   if ((serr = svn_fs_make_dir(resource->info->root.root,
+                               resource->info->repos_path,
+                               resource->pool)) != NULL)
+@@ -4194,6 +4212,12 @@ copy_resource(const dav_resource *src,
+         return err;
+     }
+ 
++  serr = svn_repos__validate_new_path(dst->info->repos_path, dst->pool);
++  if (serr)
++    return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
++                                "Request specifies an invalid path.",
++                                dst->pool);
++
+   src_repos_path = svn_repos_path(src->info->repos->repos, src->pool);
+   dst_repos_path = svn_repos_path(dst->info->repos->repos, dst->pool);
+ 
+@@ -4430,6 +4454,12 @@ move_resource(dav_resource *src,
+   if (err)
+     return err;
+ 
++  serr = svn_repos__validate_new_path(dst->info->repos_path, dst->pool);
++  if (serr)
++    return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
++                                "Request specifies an invalid path.",
++                                dst->pool);
++
+   /* Copy the src to the dst. */
+   serr = svn_fs_copy(src->info->root.root,  /* the root object of src rev*/
+                      src->info->repos_path, /* the relative path of src */
+]]]
diff --git a/SPECS/subversion/subversion.spec b/SPECS/subversion/subversion.spec
index 1e5f9d3f52..c647f4f18c 100644
--- a/SPECS/subversion/subversion.spec
+++ b/SPECS/subversion/subversion.spec
@@ -1,13 +1,14 @@
 Summary:        The Apache Subversion control system
 Name:           subversion
 Version:        1.14.3
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          Utilities/System
 URL:            https://subversion.apache.org/
 Source0:        https://archive.apache.org/dist/%{name}/%{name}-%{version}.tar.bz2
+Patch0:         CVE-2024-46901-advisory.patch
 BuildRequires:  apr-devel
 BuildRequires:  apr-util
 BuildRequires:  apr-util-devel
@@ -48,7 +49,7 @@ Requires:       %{name} = %{version}
 Provides Perl (SWIG) support for Subversion version control system.
 
 %prep
-%autosetup -p1
+%autosetup -p0
 
 %build
 export CFLAGS="%{build_cflags} -Wformat"
@@ -103,6 +104,9 @@ sudo -u test make check && userdel test -r -f
 %{_mandir}/man3/SVN*
 
 %changelog
+* Fri Mar 07 2025 Kevin Lockwood  - 1.14.3-2
+- Add patch for CVE-2024-46901
+
 * Fri Feb 23 2024 CBL-Mariner Servicing Account  - 1.14.3-1
 - Auto-upgrade to 1.14.3 - Azure Linux 3.0 Upgrades
 
diff --git a/SPECS/supermin/supermin.spec b/SPECS/supermin/supermin.spec
index 0c3656458f..332f74d971 100644
--- a/SPECS/supermin/supermin.spec
+++ b/SPECS/supermin/supermin.spec
@@ -21,7 +21,7 @@
 Summary:        Tool for creating supermin appliances
 Name:           supermin
 Version:        5.3.4
-Release:        5%{?dist}
+Release:        6%{?dist}
 License:        GPLv2+
 Vendor:         Intel Corporation
 Distribution:   Edge Microvisor Toolkit
@@ -54,7 +54,7 @@ BuildRequires:  systemd-udev
 %if %{with dietlibc}
 BuildRequires:  dietlibc-devel
 %else
-BuildRequires:  glibc-static >= 2.38-9%{?dist}
+BuildRequires:  glibc-static >= 2.38-10%{?dist}
 %endif
 
 %if 0%{?with_check}
@@ -129,6 +129,10 @@ make check || {
 %{_rpmconfigdir}/supermin-find-requires
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 5.3.4-6
+- merge from Azure Linux 3.0.20250521-3.0
+- Bump to rebuild with updated glibc
+
 * Tue Mar 18 2025 Ranjan Dutta  - 5.3.4-5
 - Bump version for merge AZL tag: 3.0.20250311-3.0
 - Bump to rebuild with updated glibc
diff --git a/SPECS/sysbench/sysbench-1.0.20-fix_deprecated_egrep_call.patch b/SPECS/sysbench/sysbench-1.0.20-fix_deprecated_egrep_call.patch
new file mode 100644
index 0000000000..153816514f
--- /dev/null
+++ b/SPECS/sysbench/sysbench-1.0.20-fix_deprecated_egrep_call.patch
@@ -0,0 +1,26 @@
+From 01666bc16992fd8aef9edc2f8cf1f30a272b2a70 Mon Sep 17 00:00:00 2001
+From: Kanishk-Bansal 
+Date: Wed, 2 Apr 2025 20:21:46 +0000
+Subject: [PATCH] Fix failing test due to egrep
+Upstream Patch Reference : https://github.com/akopytov/sysbench/commit/604c3c9f2ba4bb54b9f4d1e6f13886e323afeb5c
+
+---
+ tests/t/opt_report_checkpoints.t | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/t/opt_report_checkpoints.t b/tests/t/opt_report_checkpoints.t
+index 1086701..a209c4a 100644
+--- a/tests/t/opt_report_checkpoints.t
++++ b/tests/t/opt_report_checkpoints.t
+@@ -7,7 +7,7 @@
+   >   exit 80
+   > fi
+ 
+-  $ sysbench ${SBTEST_SCRIPTDIR}/oltp_read_write.lua --db-driver=mysql --mysql-dry-run --time=3 --events=0 --report-checkpoints=1,2 run | egrep '(Checkpoint report|SQL statistics)'
++  $ sysbench ${SBTEST_SCRIPTDIR}/oltp_read_write.lua --db-driver=mysql --mysql-dry-run --time=3 --events=0 --report-checkpoints=1,2 run | grep -E '(Checkpoint report|SQL statistics)'
+   [ 1s ] Checkpoint report:
+   SQL statistics:
+   [ 2s ] Checkpoint report:
+-- 
+2.45.2
+
diff --git a/SPECS/sysbench/sysbench.spec b/SPECS/sysbench/sysbench.spec
index e4c940e24c..cad314f809 100644
--- a/SPECS/sysbench/sysbench.spec
+++ b/SPECS/sysbench/sysbench.spec
@@ -1,7 +1,7 @@
 Summary:        Scriptable database and system performance benchmark
 Name:           sysbench
 Version:        1.0.20
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        GPLv2+
 Group:          Applications/System
 URL:            https://github.com/akopytov/sysbench/
@@ -10,6 +10,8 @@ Distribution:   Azure Linux
 Source0:        https://github.com/akopytov/%{name}/archive/%{version}/%{name}-%{version}.tar.gz
 Patch0:         enable-python3.patch
 Patch1:         CVE-2019-19391.patch
+Patch2:         sysbench-1.0.20-fix_deprecated_egrep_call.patch
+
 BuildRequires:  automake
 BuildRequires:  libaio-devel
 BuildRequires:  libtool
@@ -62,6 +64,9 @@ rm -f %{buildroot}%{_docdir}/sysbench/manual.html
 %{_datadir}/%{name}
 
 %changelog
+* Wed Apr 02 2025 Kanishk Bansal  - 1.0.20-5
+- Fix ptest by adding a patch to replace deprecated egrep with grep -E.
+
 * Tue Sep 03 2024 Neha Agarwal  - 1.0.20-4
 - Add missing Vendor and Distribution tags.
 
diff --git a/SPECS/syslinux/CVE-2011-2501.patch b/SPECS/syslinux/CVE-2011-2501.patch
new file mode 100644
index 0000000000..75be9908e9
--- /dev/null
+++ b/SPECS/syslinux/CVE-2011-2501.patch
@@ -0,0 +1,34 @@
+From 4b8822c47d7aeda5e1a1865e634112caa71c5004 Mon Sep 17 00:00:00 2001
+From: archana25-ms 
+Date: Wed, 12 Mar 2025 06:56:17 +0000
+Subject: [PATCH] Address CVE-2011-2501
+
+Source link: https://sourceforge.net/p/libpng/code/ci/65e6d5a34f49acdb362a0625a706c6b914e670af
+
+---
+ com32/lib/libpng/pngerror.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/com32/lib/libpng/pngerror.c b/com32/lib/libpng/pngerror.c
+index 7bc98fb..0a99df8 100644
+--- a/com32/lib/libpng/pngerror.c
++++ b/com32/lib/libpng/pngerror.c
+@@ -181,8 +181,13 @@ png_format_buffer(png_structp png_ptr, png_charp buffer, png_const_charp
+    {
+       buffer[iout++] = ':';
+       buffer[iout++] = ' ';
+-      png_memcpy(buffer + iout, error_message, PNG_MAX_ERROR_TEXT);
+-      buffer[iout + PNG_MAX_ERROR_TEXT - 1] = '\0';
++
++      iin = 0;
++      while (iin < PNG_MAX_ERROR_TEXT-1 && error_message[iin] != '\0')
++         buffer[iout++] = error_message[iin++];
++
++      /* iin < PNG_MAX_ERROR_TEXT, so the following is safe: */
++      buffer[iout] = '\0';
+    }
+ }
+ 
+-- 
+2.45.3
+
diff --git a/SPECS/syslinux/CVE-2011-2691.patch b/SPECS/syslinux/CVE-2011-2691.patch
new file mode 100644
index 0000000000..8a130eb3ed
--- /dev/null
+++ b/SPECS/syslinux/CVE-2011-2691.patch
@@ -0,0 +1,38 @@
+From 8641c8a598a4ae91eac69b7af05607ba1236ae78 Mon Sep 17 00:00:00 2001
+From: archana25-ms 
+Date: Wed, 12 Mar 2025 08:54:38 +0000
+Subject: [PATCH] Address CVE-2011-2691
+
+Source link: https://sourceforge.net/p/libpng/code/ci/9dad5e37aef295b4ef8dea39392b652deebc9261
+
+---
+ com32/lib/libpng/pngerror.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/com32/lib/libpng/pngerror.c b/com32/lib/libpng/pngerror.c
+index 0a99df8..dd50507 100644
+--- a/com32/lib/libpng/pngerror.c
++++ b/com32/lib/libpng/pngerror.c
+@@ -87,12 +87,17 @@ png_error(png_structp png_ptr, png_const_charp error_message)
+ void PNGAPI
+ png_err(png_structp png_ptr)
+ {
++   /* Prior to 1.4.8 the error_fn received a NULL pointer, expressed
++    * erroneously as '\0', instead of the empty string "".  This was
++    * apparently an error, introduced in libpng-1.2.20, and png_default_error
++    * will crash in this case.
++    */
+    if (png_ptr != NULL && png_ptr->error_fn != NULL)
+-      (*(png_ptr->error_fn))(png_ptr, '\0');
++      (*(png_ptr->error_fn))(png_ptr, "");
+ 
+    /* If the custom handler doesn't exist, or if it returns,
+       use the default handler, which will not return. */
+-   png_default_error(png_ptr, '\0');
++   png_default_error(png_ptr, "");
+ }
+ #endif /* PNG_ERROR_TEXT_SUPPORTED */
+ 
+-- 
+2.45.3
+
diff --git a/SPECS/syslinux/CVE-2011-3045.patch b/SPECS/syslinux/CVE-2011-3045.patch
new file mode 100644
index 0000000000..941c605a37
--- /dev/null
+++ b/SPECS/syslinux/CVE-2011-3045.patch
@@ -0,0 +1,72 @@
+From d2b97945951a8e4f5eb264277e06e30d723012d9 Mon Sep 17 00:00:00 2001
+From: archana25-ms 
+Date: Wed, 12 Mar 2025 06:10:29 +0000
+Subject: [PATCH] Address CVE-2011-3045
+
+Source link: https://launchpad.net/ubuntu/+source/libpng/1.2.44-1ubuntu3.3
+
+---
+ com32/lib/libpng/pngrutil.c | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/com32/lib/libpng/pngrutil.c b/com32/lib/libpng/pngrutil.c
+index 1e2db31..22586d5 100644
+--- a/com32/lib/libpng/pngrutil.c
++++ b/com32/lib/libpng/pngrutil.c
+@@ -247,8 +247,8 @@ png_inflate(png_structp png_ptr, const png_byte *data, png_size_t size,
+       {
+          if (output != 0 && output_size > count)
+          {
+-            int copy = output_size - count;
+-            if (avail < copy) copy = avail;
++            png_size_t copy = output_size - count;
++            if ((png_size_t) avail < copy) copy = (png_size_t) avail;
+             png_memcpy(output + count, png_ptr->zbuf, copy);
+          }
+          count += avail;
+@@ -1535,15 +1535,16 @@ png_handle_hIST(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
+       return;
+    }
+ 
+-   num = length / 2 ;
+-   if (num != (unsigned int) png_ptr->num_palette || num >
+-      (unsigned int) PNG_MAX_PALETTE_LENGTH)
++    if (length > 2*PNG_MAX_PALETTE_LENGTH ||
++        length != (unsigned int) (2*png_ptr->num_palette))
+    {
+       png_warning(png_ptr, "Incorrect hIST chunk length");
+       png_crc_finish(png_ptr, length);
+       return;
+    }
+ 
++   num = length / 2 ;
++
+    for (i = 0; i < num; i++)
+    {
+       png_byte buf[2];
+@@ -1854,11 +1855,11 @@ png_handle_sCAL(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
+       png_ptr->chunkdata = NULL;
+       return;
+    }
+-   png_memcpy(swidth, ep, (png_size_t)png_strlen(ep));
++   png_memcpy(swidth, ep, (png_size_t)png_strlen(ep)+1);
+ #endif
+ #endif
+ 
+-   for (ep = png_ptr->chunkdata; *ep; ep++)
++   for (ep = png_ptr->chunkdata+1; *ep; ep++)
+       /* Empty loop */ ;
+    ep++;
+ 
+@@ -1898,7 +1899,7 @@ png_handle_sCAL(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
+ #endif
+       return;
+    }
+-   png_memcpy(sheight, ep, (png_size_t)png_strlen(ep));
++   png_memcpy(sheight, ep, (png_size_t)png_strlen(ep)+1);
+ #endif
+ #endif
+ 
+-- 
+2.45.3
+
diff --git a/SPECS/syslinux/CVE-2012-3425.patch b/SPECS/syslinux/CVE-2012-3425.patch
new file mode 100644
index 0000000000..2876590184
--- /dev/null
+++ b/SPECS/syslinux/CVE-2012-3425.patch
@@ -0,0 +1,32 @@
+From 1920c4717fbf6110a1ca47614d9ac33f3555a0cb Mon Sep 17 00:00:00 2001
+From: archana25-ms 
+Date: Wed, 12 Mar 2025 09:01:05 +0000
+Subject: [PATCH] Address CVE-2012-3425
+
+Source link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082#15
+
+---
+ com32/lib/libpng/pngpread.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/com32/lib/libpng/pngpread.c b/com32/lib/libpng/pngpread.c
+index d066944..01e0f96 100644
+--- a/com32/lib/libpng/pngpread.c
++++ b/com32/lib/libpng/pngpread.c
+@@ -1380,6 +1380,13 @@ png_push_read_zTXt(png_structp png_ptr, png_infop info_ptr)
+ 
+       text++;
+ 
++      if (text >= key + png_ptr->current_text_size)
++      {
++         png_ptr->current_text = NULL;
++         png_free(png_ptr, key);
++         return;
++      }
++
+       if (*text != PNG_TEXT_COMPRESSION_zTXt) /* Check compression byte */
+       {
+          png_ptr->current_text = NULL;
+-- 
+2.45.3
+
diff --git a/SPECS/syslinux/CVE-2015-7981.patch b/SPECS/syslinux/CVE-2015-7981.patch
new file mode 100644
index 0000000000..a1f454f3a3
--- /dev/null
+++ b/SPECS/syslinux/CVE-2015-7981.patch
@@ -0,0 +1,66 @@
+From 450f5457a480c2fe92c0ffc32ca85afb42c1c066 Mon Sep 17 00:00:00 2001
+From: archana25-ms 
+Date: Wed, 12 Mar 2025 10:23:09 +0000
+Subject: [PATCH] Address CVE-2015-7981
+
+Source link: https://sourceforge.net/p/libpng/code/ci/fbf0f024346ca0a4ffc64b082a95c6b6bb6d29c4/
+
+---
+ com32/lib/libpng/png.c    | 6 +++---
+ com32/lib/libpng/pngset.c | 9 +++++++++
+ 2 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/com32/lib/libpng/png.c b/com32/lib/libpng/png.c
+index 7ad9538..8902dd4 100644
+--- a/com32/lib/libpng/png.c
++++ b/com32/lib/libpng/png.c
+@@ -685,7 +685,7 @@ png_convert_to_rfc1123(png_structp png_ptr, png_timep ptime)
+    {
+       wchar_t time_buf[29];
+       wsprintf(time_buf, TEXT("%d %S %d %02d:%02d:%02d +0000"),
+-          ptime->day % 32, short_months[(ptime->month - 1) % 12],
++          ptime->day % 32, short_months[(ptime->month - 1U) % 12],
+         ptime->year, ptime->hour % 24, ptime->minute % 60,
+           ptime->second % 61);
+       WideCharToMultiByte(CP_ACP, 0, time_buf, -1, png_ptr->time_buffer,
+@@ -696,7 +696,7 @@ png_convert_to_rfc1123(png_structp png_ptr, png_timep ptime)
+    {
+       char near_time_buf[29];
+       png_snprintf6(near_time_buf, 29, "%d %s %d %02d:%02d:%02d +0000",
+-          ptime->day % 32, short_months[(ptime->month - 1) % 12],
++          ptime->day % 32, short_months[(ptime->month - 1U) % 12],
+           ptime->year, ptime->hour % 24, ptime->minute % 60,
+           ptime->second % 61);
+       png_memcpy(png_ptr->time_buffer, near_time_buf,
+@@ -704,7 +704,7 @@ png_convert_to_rfc1123(png_structp png_ptr, png_timep ptime)
+    }
+ #else
+    png_snprintf6(png_ptr->time_buffer, 29, "%d %s %d %02d:%02d:%02d +0000",
+-       ptime->day % 32, short_months[(ptime->month - 1) % 12],
++       ptime->day % 32, short_months[(ptime->month - 1U) % 12],
+        ptime->year, ptime->hour % 24, ptime->minute % 60,
+        ptime->second % 61);
+ #endif
+diff --git a/com32/lib/libpng/pngset.c b/com32/lib/libpng/pngset.c
+index 717757f..45ef0e4 100644
+--- a/com32/lib/libpng/pngset.c
++++ b/com32/lib/libpng/pngset.c
+@@ -825,6 +825,15 @@ png_set_tIME(png_structp png_ptr, png_infop info_ptr, png_timep mod_time)
+        (png_ptr->mode & PNG_WROTE_tIME))
+       return;
+ 
++   if (mod_time->month == 0   || mod_time->month > 12  ||
++       mod_time->day   == 0   || mod_time->day   > 31  ||
++       mod_time->hour  > 23   || mod_time->minute > 59 ||
++       mod_time->second > 60)
++   {
++      png_warning(png_ptr, "Ignoring invalid time value");
++      return;
++   }
++
+    png_memcpy(&(info_ptr->mod_time), mod_time, png_sizeof(png_time));
+    info_ptr->valid |= PNG_INFO_tIME;
+ }
+-- 
+2.45.3
+
diff --git a/SPECS/syslinux/syslinux.spec b/SPECS/syslinux/syslinux.spec
index 4c575455cb..f4a5fab7bd 100644
--- a/SPECS/syslinux/syslinux.spec
+++ b/SPECS/syslinux/syslinux.spec
@@ -2,7 +2,7 @@
 Summary:        Simple kernel loader which boots from a FAT filesystem
 Name:           syslinux
 Version:        6.04
-Release:        10%{?dist}
+Release:        11%{?dist}
 License:        GPLv2+
 URL:            https://www.syslinux.org
 Group:          Applications/System
@@ -12,6 +12,11 @@ Source0:        https://www.kernel.org/pub/linux/utils/boot/%{name}/Testing/%{ve
 Patch0:         0001-Add-install-all-target-to-top-side-of-HAVE_FIRMWARE.patch
 Patch1:         0006-Replace-builtin-strlen-that-appears-to-get-optimized.patch
 Patch2:         syslinux-6.04_pre1-fcommon.patch
+Patch3:         CVE-2011-3045.patch
+Patch4:         CVE-2011-2501.patch
+Patch5:         CVE-2011-2691.patch
+Patch6:         CVE-2012-3425.patch
+Patch7:         CVE-2015-7981.patch
 ExclusiveArch:  x86_64
 BuildRequires:  gcc >= 11.2.0
 BuildRequires:  nasm
@@ -32,10 +37,7 @@ Provides: %{name}-static = %{version}-%{release}
 Headers and libraries for syslinux development.
 
 %prep
-%setup -q -n %{name}-%{version}-pre1
-%patch 0 -p1
-%patch 1 -p1
-%patch 2 -p1
+%autosetup -n %{name}-%{version}-pre1 -p1
 
 %build
 # gcc 11.2.0 and above produce error: "cc1: error: '-fcf-protection' is not compatible with this target"
@@ -79,6 +81,9 @@ rm %{buildroot}/%{_bindir}/sha1pass
 %{_datadir}/syslinux/com32/*
 
 %changelog
+* Wed Mar 12 2025 Archana Shettigar  6.04-11
+- Patch CVE-2011-3045, CVE-2011-2501, CVE-2011-2691, CVE-2012-3425 &  CVE-2015-7981.patch
+
 * Thu Nov 11 2021 Nicolas Guibourge  6.04-10
 - Fix build issue triggered by gcc 11.2.0 usage.
 * Thu Jun 11 2020 Henry Beberman  6.04-9
@@ -98,4 +103,4 @@ rm %{buildroot}/%{_bindir}/sha1pass
 * Wed Oct 25 2017 Alexey Makhalov  6.04-2
 - Remove md5pass and sha1pass tools
 * Tue Oct 17 2017 Alexey Makhalov  6.04-1
-- Initial version
\ No newline at end of file
+- Initial version
diff --git a/SPECS/syslog-ng/CVE-2024-47619.patch b/SPECS/syslog-ng/CVE-2024-47619.patch
new file mode 100644
index 0000000000..32fed3ebdb
--- /dev/null
+++ b/SPECS/syslog-ng/CVE-2024-47619.patch
@@ -0,0 +1,289 @@
+From 3c570cd48e9e5bc51bc447e7675a7ed64b10e35c Mon Sep 17 00:00:00 2001
+From: Kanishk-Bansal 
+Date: Fri, 9 May 2025 20:38:48 +0000
+Subject: [PATCH] CVE-2024-47619
+
+Upstream Patch Reference: https://github.com/syslog-ng/syslog-ng/commit/dadfdbecde5bfe710b0a6ee5699f96926b3f9006
+---
+ lib/transport/tests/CMakeLists.txt            |   1 +
+ lib/transport/tests/Makefile.am               |   9 +-
+ lib/transport/tests/test_tls_wildcard_match.c | 104 ++++++++++++++++++
+ lib/transport/tls-verifier.c                  |  86 +++++++++++++--
+ lib/transport/tls-verifier.h                  |   2 +
+ 5 files changed, 190 insertions(+), 12 deletions(-)
+ create mode 100644 lib/transport/tests/test_tls_wildcard_match.c
+
+diff --git a/lib/transport/tests/CMakeLists.txt b/lib/transport/tests/CMakeLists.txt
+index 834f456..ce1d033 100644
+--- a/lib/transport/tests/CMakeLists.txt
++++ b/lib/transport/tests/CMakeLists.txt
+@@ -3,3 +3,4 @@ add_unit_test(CRITERION TARGET test_transport_factory_id)
+ add_unit_test(CRITERION TARGET test_transport_factory)
+ add_unit_test(CRITERION TARGET test_transport_factory_registry)
+ add_unit_test(CRITERION TARGET test_multitransport)
++add_unit_test(CRITERION TARGET test_tls_wildcard_match)
+diff --git a/lib/transport/tests/Makefile.am b/lib/transport/tests/Makefile.am
+index 7eac994..e6ca7c5 100644
+--- a/lib/transport/tests/Makefile.am
++++ b/lib/transport/tests/Makefile.am
+@@ -3,7 +3,8 @@ lib_transport_tests_TESTS		 = \
+ 	lib/transport/tests/test_transport_factory_id \
+ 	lib/transport/tests/test_transport_factory \
+ 	lib/transport/tests/test_transport_factory_registry \
+-	lib/transport/tests/test_multitransport
++	lib/transport/tests/test_multitransport \
++	lib/transport/tests/test_tls_wildcard_match
+ 
+ EXTRA_DIST += lib/transport/tests/CMakeLists.txt
+ 
+@@ -38,3 +39,9 @@ lib_transport_tests_test_multitransport_CFLAGS  = $(TEST_CFLAGS) \
+ lib_transport_tests_test_multitransport_LDADD	 = $(TEST_LDADD)
+ lib_transport_tests_test_multitransport_SOURCES = 			\
+ 	lib/transport/tests/test_multitransport.c
++
++lib_transport_tests_test_tls_wildcard_match_CFLAGS  = $(TEST_CFLAGS) \
++	-I${top_srcdir}/lib/transport/tests
++lib_transport_tests_test_tls_wildcard_match_LDADD	 = $(TEST_LDADD)
++lib_transport_tests_test_tls_wildcard_match_SOURCES = 			\
++	lib/transport/tests/test_tls_wildcard_match.c
+\ No newline at end of file
+diff --git a/lib/transport/tests/test_tls_wildcard_match.c b/lib/transport/tests/test_tls_wildcard_match.c
+new file mode 100644
+index 0000000..90cecb0
+--- /dev/null
++++ b/lib/transport/tests/test_tls_wildcard_match.c
+@@ -0,0 +1,104 @@
++/*
++ * Copyright (c) 2024 One Identity LLC.
++ * Copyright (c) 2024 Franco Fichtner
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2.1 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
++ *
++ * As an additional exemption you are allowed to compile & link against the
++ * OpenSSL libraries as published by the OpenSSL project. See the file
++ * COPYING for details.
++ *
++ */
++
++
++#include 
++
++#include "transport/tls-verifier.h"
++
++TestSuite(tls_wildcard, .init = NULL, .fini = NULL);
++
++Test(tls_wildcard, test_wildcard_match_pattern_acceptance)
++{
++  cr_assert_eq(tls_wildcard_match("test", "test"), TRUE);
++  cr_assert_eq(tls_wildcard_match("test", "*"), TRUE);
++  cr_assert_eq(tls_wildcard_match("test", "t*t"), TRUE);
++  cr_assert_eq(tls_wildcard_match("test", "t*"), TRUE);
++  cr_assert_eq(tls_wildcard_match("", ""), TRUE);
++  cr_assert_eq(tls_wildcard_match("test.one", "test.one"), TRUE);
++  cr_assert_eq(tls_wildcard_match("test.one.two", "test.one.two"), TRUE);
++  cr_assert_eq(tls_wildcard_match("192.0.2.0", "192.0.2.0"), TRUE);
++  cr_assert_eq(tls_wildcard_match("2001:0000:130F:0000:0000:09C0:876A:130B", "2001:0000:130F:0000:0000:09C0:876A:130B"),
++               TRUE);
++  cr_assert_eq(tls_wildcard_match("2001:0000:130F:0000:0000:09C0:876A:130B", "2001:0:130F:0:0:9C0:876A:130B"), TRUE);
++  cr_assert_eq(tls_wildcard_match("2001:0:130F:0:0:9C0:876A:130B", "2001:0000:130F:0000:0000:09C0:876A:130B"), TRUE);
++  cr_assert_eq(tls_wildcard_match("2001:0000:130F::09C0:876A:130B", "2001:0000:130F:0000:0000:09C0:876A:130B"), TRUE);
++  cr_assert_eq(tls_wildcard_match("2001:0000:130F:0000:0000:09C0:876A:130B", "2001:0000:130F::09C0:876A:130B"), TRUE);
++  cr_assert_eq(tls_wildcard_match("2001:0000:130F:0000:0000:09C0:876A:130B", "2001:0:130F::9C0:876A:130B"), TRUE);
++  cr_assert_eq(tls_wildcard_match("2001:0:130F::9C0:876A:130B", "2001:0000:130F:0000:0000:09C0:876A:130B"), TRUE);
++}
++
++Test(tls_wildcard, test_wildcard_match_wildcard_rejection)
++{
++  cr_assert_eq(tls_wildcard_match("test", "**"), FALSE);
++  cr_assert_eq(tls_wildcard_match("test", "*es*"), FALSE);
++  cr_assert_eq(tls_wildcard_match("test", "t*?"), FALSE);
++}
++
++Test(tls_wildcard, test_wildcard_match_pattern_rejection)
++{
++  cr_assert_eq(tls_wildcard_match("test", "tset"), FALSE);
++  cr_assert_eq(tls_wildcard_match("test", "set"), FALSE);
++  cr_assert_eq(tls_wildcard_match("", "*"), FALSE);
++  cr_assert_eq(tls_wildcard_match("test", ""), FALSE);
++  cr_assert_eq(tls_wildcard_match("test.two", "test.one"), FALSE);
++}
++
++Test(tls_wildcard, test_wildcard_match_format_rejection)
++{
++  cr_assert_eq(tls_wildcard_match("test.two", "test.*"), FALSE);
++  cr_assert_eq(tls_wildcard_match("test.two", "test.t*o"), FALSE);
++  cr_assert_eq(tls_wildcard_match("test", "test.two"), FALSE);
++  cr_assert_eq(tls_wildcard_match("test.two", "test"), FALSE);
++  cr_assert_eq(tls_wildcard_match("test.one.two", "test.one"), FALSE);
++  cr_assert_eq(tls_wildcard_match("test.one", "test.one.two"), FALSE);
++  cr_assert_eq(tls_wildcard_match("test.three", "three.test"), FALSE);
++  cr_assert_eq(tls_wildcard_match("test.one.two", "test.one.*"), FALSE);
++}
++
++Test(tls_wildcard, test_wildcard_match_complex_rejection)
++{
++  cr_assert_eq(tls_wildcard_match("test.two", "test.???"), FALSE);
++  cr_assert_eq(tls_wildcard_match("test.one.two", "test.one.?wo"), FALSE);
++}
++
++Test(tls_wildcard, test_ip_wildcard_rejection)
++{
++  cr_assert_eq(tls_wildcard_match("192.0.2.0", "*.0.2.0"), FALSE);
++  cr_assert_eq(tls_wildcard_match("2001:0000:130F:0000:0000:09C0:876A:130B", "*:0000:130F:0000:0000:09C0:876A:130B"),
++               FALSE);
++  cr_assert_eq(tls_wildcard_match("2001:0:130F::9C0:876A:130B", "*:0000:130F:0000:0000:09C0:876A:130B"), FALSE);
++}
++
++Test(tls_wildcard, test_case_insensivity)
++{
++  cr_assert_eq(tls_wildcard_match("test", "TEST"), TRUE);
++  cr_assert_eq(tls_wildcard_match("TEST", "test"), TRUE);
++  cr_assert_eq(tls_wildcard_match("TeST", "TEst"), TRUE);
++  cr_assert_eq(tls_wildcard_match("test.one", "test.ONE"), TRUE);
++  cr_assert_eq(tls_wildcard_match("test.TWO", "test.two"), TRUE);
++  cr_assert_eq(tls_wildcard_match("test.three", "*T.three"), TRUE);
++  cr_assert_eq(tls_wildcard_match("2001:0000:130F:0000:0000:09C0:876A:130B", "2001:0000:130f:0000:0000:09c0:876a:130b"),
++               TRUE);
++}
+diff --git a/lib/transport/tls-verifier.c b/lib/transport/tls-verifier.c
+index 606ad02..dde00d9 100644
+--- a/lib/transport/tls-verifier.c
++++ b/lib/transport/tls-verifier.c
+@@ -1,4 +1,6 @@
+ /*
++ * Copyright (c) 2024 One Identity LLC.
++ * Copyright (c) 2024 Franco Fichtner
+  * Copyright (c) 2002-2011 Balabit
+  * Copyright (c) 1998-2011 Balázs Scheidler
+  *
+@@ -75,7 +77,7 @@ tls_verifier_unref(TLSVerifier *self)
+ 
+ /* helper functions */
+ 
+-static gboolean
++gboolean
+ tls_wildcard_match(const gchar *host_name, const gchar *pattern)
+ {
+   gchar **pattern_parts, **hostname_parts;
+@@ -86,22 +88,84 @@ tls_wildcard_match(const gchar *host_name, const gchar *pattern)
+ 
+   pattern_parts = g_strsplit(pattern, ".", 0);
+   hostname_parts = g_strsplit(host_name, ".", 0);
+-  for (i = 0; pattern_parts[i]; i++)
++
++  if(g_strrstr(pattern, "\?"))
++    {
++      /* Glib would treat any question marks as jokers */
++      success = FALSE;
++    }
++  else if (g_hostname_is_ip_address(host_name))
++    {
++      /* no wildcards in IP */
++      if (g_strrstr(pattern, "*"))
++        {
++          success = FALSE;
++        }
++      else
++        {
++          struct in6_addr host_buffer, pattern_buffer;
++          gint INET_TYPE, INET_ADDRLEN;
++          if(strstr(host_name, ":"))
++            {
++              INET_TYPE = AF_INET6;
++              INET_ADDRLEN = INET6_ADDRSTRLEN;
++            }
++          else
++            {
++              INET_TYPE = AF_INET;
++              INET_ADDRLEN = INET_ADDRSTRLEN;
++            }
++          char host_ip[INET_ADDRLEN], pattern_ip[INET_ADDRLEN];
++          gint host_ip_ok = inet_pton(INET_TYPE, host_name, &host_buffer);
++          gint pattern_ip_ok = inet_pton(INET_TYPE, pattern, &pattern_buffer);
++          inet_ntop(INET_TYPE, &host_buffer, host_ip, INET_ADDRLEN);
++          inet_ntop(INET_TYPE, &pattern_buffer, pattern_ip, INET_ADDRLEN);
++          success = (host_ip_ok && pattern_ip_ok && strcmp(host_ip, pattern_ip) == 0);
++        }
++    }
++  else
+     {
+-      if (!hostname_parts[i])
++      if (pattern_parts[0] == NULL)
+         {
+-          /* number of dot separated entries is not the same in the hostname and the pattern spec */
+-          goto exit;
++          if (hostname_parts[0] == NULL)
++            success = TRUE;
++          else
++            success = FALSE;
+         }
++      else
++        {
++          success = TRUE;
++          for (i = 0; pattern_parts[i]; i++)
++            {
++              if (hostname_parts[i] == NULL)
++                {
++                  /* number of dot separated entries is not the same in the hostname and the pattern spec */
++                  success = FALSE;
++                  break;
++                }
++              char *wildcard_matched = g_strrstr(pattern_parts[i], "*");
++              if (wildcard_matched && (i != 0 || wildcard_matched != strstr(pattern_parts[i], "*")))
++                {
++                  /* wildcard only on leftmost part and never as multiple wildcards as per both RFC 6125 and 9525 */
++                  success = FALSE;
++                  break;
++                }
+ 
+-      lower_pattern = g_ascii_strdown(pattern_parts[i], -1);
+-      lower_hostname = g_ascii_strdown(hostname_parts[i], -1);
++              lower_pattern = g_ascii_strdown(pattern_parts[i], -1);
++              lower_hostname = g_ascii_strdown(hostname_parts[i], -1);
+ 
+-      if (!g_pattern_match_simple(lower_pattern, lower_hostname))
+-        goto exit;
++              if (!g_pattern_match_simple(lower_pattern, lower_hostname))
++                {
++                  success = FALSE;
++                  break;
++                }
++            }
++          if (hostname_parts[i])
++            /* hostname has more parts than the pattern */
++            success = FALSE;
++        }
+     }
+-  success = TRUE;
+-exit:
++
+   g_free(lower_pattern);
+   g_free(lower_hostname);
+   g_strfreev(pattern_parts);
+diff --git a/lib/transport/tls-verifier.h b/lib/transport/tls-verifier.h
+index 5642afa..98ab858 100644
+--- a/lib/transport/tls-verifier.h
++++ b/lib/transport/tls-verifier.h
+@@ -44,5 +44,7 @@ void tls_verifier_unref(TLSVerifier *self);
+ 
+ gboolean tls_verify_certificate_name(X509 *cert, const gchar *hostname);
+ 
++gboolean tls_wildcard_match(const gchar *host_name, const gchar *pattern);
++
+ 
+ #endif
+-- 
+2.45.2
+
diff --git a/SPECS/syslog-ng/syslog-ng.spec b/SPECS/syslog-ng/syslog-ng.spec
index 871b6e0717..34155f3f86 100644
--- a/SPECS/syslog-ng/syslog-ng.spec
+++ b/SPECS/syslog-ng/syslog-ng.spec
@@ -1,7 +1,7 @@
 Summary:        Next generation system logger facilty
 Name:           syslog-ng
 Version:        4.3.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        BSD AND GPLv2+ AND LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -11,6 +11,7 @@ Source0:        https://github.com/balabit/%{name}/releases/download/%{name}-%{v
 Source1:        60-syslog-ng-journald.conf
 Source2:        syslog-ng.service
 Patch0:         remove-hardcoded-python-module-versioning.patch
+Patch1:         CVE-2024-47619.patch
 BuildRequires:  glib-devel
 BuildRequires:  json-c-devel
 BuildRequires:  json-glib-devel
@@ -159,6 +160,9 @@ fi
 %{_libdir}/pkgconfig/*
 
 %changelog
+* Fri May 09 2025 Kanishk Bansal  - 4.3.1-3
+- Patch CVE-2024-47619
+
 * Thu Mar 01 2024 Henry Li  - 4.3.1-2
 - Remove check section as unit testing is disabled in source
 
diff --git a/SPECS/systemd/systemd.spec b/SPECS/systemd/systemd.spec
index 9d75e6196c..f791f2f5d0 100644
--- a/SPECS/systemd/systemd.spec
+++ b/SPECS/systemd/systemd.spec
@@ -50,7 +50,7 @@ Version:        255
 # determine the build information from local checkout
 Version:        %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
 %endif
-Release:        28%{?dist}
+Release:        29%{?dist}
 
 # FIXME - hardcode to 'stable' for now as that's what we have in our blobstore
 %global stable 1
@@ -1237,6 +1237,10 @@ rm -f %{name}.lang
 # %autochangelog. So we need to continue manually maintaining the
 # changelog here.
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 255-29
+- merge from Azure Linux 3.0.20250521-3.0
+- Bumping 'Release' tag to match the 'signed' version of the spec.
+
 * Tue May 20 2025 Basavaraj unniche  - 255-28
 - Add kernel command to disable TCP timestamps.
 
diff --git a/SPECS/tar/tar-1.33-fix-capabilities-test.patch b/SPECS/tar/tar-1.33-fix-capabilities-test.patch
new file mode 100644
index 0000000000..24acc32a30
--- /dev/null
+++ b/SPECS/tar/tar-1.33-fix-capabilities-test.patch
@@ -0,0 +1,33 @@
+From: Pavel Raiskup 
+Date: Tue, 16 Feb 2021 08:10:22 +0100
+Subject: [PATCH] Related discussion in the Fedora pull-request:
+ https://src.fedoraproject.org/rpms/tar/pull-request/8
+
+Upstream report:
+https://www.mail-archive.com/bug-tar@gnu.org/msg05943.html
+
+* tests/capabs_raw01.at: Newer systems (currently e.g. Fedora 34)
+print getcap output in format CAP=VAL, not CAP+VAL.
+---
+ tests/capabs_raw01.at | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/capabs_raw01.at b/tests/capabs_raw01.at
+index a1d9411..d3da923 100644
+--- a/tests/capabs_raw01.at
++++ b/tests/capabs_raw01.at
+@@ -45,10 +45,10 @@ rm -rf dir
+ tar --xattrs --xattrs-include='*' -xf archive.tar
+ 
+ # Newer systems print = instead of + here
+-getcap dir/file | sed 's/+/=/'
++getcap dir/file | sed -e 's/+/=/' -e 's|dir/file = |dir/file |'
+ ],
+ [0],
+-[dir/file = cap_chown=ei
++[dir/file cap_chown=ei
+ ])
+ 
+ AT_CLEANUP
+-- 
+2.26.0
diff --git a/SPECS/tar/tar-1.35-add-forgotten-tests-from-upstream.patch b/SPECS/tar/tar-1.35-add-forgotten-tests-from-upstream.patch
new file mode 100644
index 0000000000..a94d396fbd
--- /dev/null
+++ b/SPECS/tar/tar-1.35-add-forgotten-tests-from-upstream.patch
@@ -0,0 +1,155 @@
+From 7fac753fb6e6c0459788ee9015b984dba1de5402 Mon Sep 17 00:00:00 2001
+From: Lukas Javorsky 
+Date: Tue, 18 Jul 2023 14:10:12 +0000
+Subject: [PATCH] Add exclude17 and exclude18 tests which were forgotten by
+ upstream
+
+Sources:
+*https://git.savannah.gnu.org/cgit/tar.git/tree/tests/exclude17.at
+*https://git.savannah.gnu.org/cgit/tar.git/tree/tests/exclude18.at
+
+Repoted to upstream in ML:
+*https://lists.gnu.org/archive/html/bug-tar/2023-07/msg00002.html
+---
+ tests/exclude17.at | 35 +++++++++++++++++++
+ tests/exclude18.at | 87 ++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 122 insertions(+)
+ create mode 100644 tests/exclude17.at
+ create mode 100644 tests/exclude18.at
+
+diff --git a/tests/exclude17.at b/tests/exclude17.at
+new file mode 100644
+index 0000000..5539ef3
+--- /dev/null
++++ b/tests/exclude17.at
+@@ -0,0 +1,35 @@
++# Process this file with autom4te to create testsuite. -*- Autotest -*-
++#
++# Test suite for GNU tar.
++# Copyright 2013-2023 Free Software Foundation, Inc.
++
++# This file is part of GNU tar.
++
++# GNU tar is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 3 of the License, or
++# (at your option) any later version.
++
++# GNU tar is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see .
++
++AT_SETUP([--exclude-vcs-ignores memory allocation])
++AT_KEYWORDS([exclude exclude17])
++
++AT_TAR_CHECK([
++mkdir dir
++cd dir
++echo '*.o' >.cvsignore
++tar -cf - --exclude-vcs-ignores . | tar -tf -
++],
++[0],
++[./
++./.cvsignore
++])
++
++AT_CLEANUP
+diff --git a/tests/exclude18.at b/tests/exclude18.at
+new file mode 100644
+index 0000000..64aaa52
+--- /dev/null
++++ b/tests/exclude18.at
+@@ -0,0 +1,87 @@
++# Process this file with autom4te to create testsuite. -*- Autotest -*-
++
++# Test suite for GNU tar.
++# Copyright 2004-2023 Free Software Foundation, Inc.
++
++# This file is part of GNU tar.
++
++# GNU tar is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 3 of the License, or
++# (at your option) any later version.
++
++# GNU tar is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see .
++
++# Test --exclude-vcs option with subcommands: EXTRACT, LIST, DIFF.
++# Check VCS directory with files, and empty.
++#
++# Ref: https://savannah.gnu.org/bugs/?62859
++# Wed 03 Aug 2022 04:06:28 PM UTC, original submission:  Quote
++# Mohamed Akram 
++# > The --exclude-vcs flag seems to exclude .gitignore but not .git when
++# extracting.
++
++AT_SETUP([--exclude-vcs extract list compare])
++AT_KEYWORDS([exclude-vcs extract list compare exclude18])
++
++AT_TAR_CHECK([
++AT_SORT_PREREQ
++mkdir gitrepo
++cd gitrepo
++
++# Make an empty VCS directory:
++mkdir .svn
++
++# Make a VCS directory with a file:
++mkdir .git
++touch .git/_A
++
++# Make a VCS file:
++touch .gitignore
++
++# Make non-VCS files:
++touch .git_B
++touch _C
++
++# Create an archive, include VCS:
++cd ..
++tar -cf gitrepo.tar gitrepo
++rm -r gitrepo
++
++echo Extract:
++tar -xvf gitrepo.tar --exclude-vcs | sort
++
++echo
++echo List:
++tar -tf gitrepo.tar --exclude-vcs | sort
++
++echo
++echo Diff:
++tar -dvf gitrepo.tar --exclude-vcs gitrepo | sort
++
++],
++[0],
++[Extract:
++gitrepo/
++gitrepo/.git_B
++gitrepo/_C
++
++List:
++gitrepo/
++gitrepo/.git_B
++gitrepo/_C
++
++Diff:
++gitrepo/
++gitrepo/.git_B
++gitrepo/_C
++],
++[])
++
++AT_CLEANUP
+-- 
+2.41.0
diff --git a/SPECS/tar/tar.spec b/SPECS/tar/tar.spec
index e4489d9237..0980bfed34 100644
--- a/SPECS/tar/tar.spec
+++ b/SPECS/tar/tar.spec
@@ -1,7 +1,7 @@
 Summary:        Archiving program
 Name:           tar
 Version:        1.35
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPLv3+
 URL:            https://www.gnu.org/software/tar
 Group:          Applications/System
@@ -9,11 +9,18 @@ Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Source0:        https://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz
 
+# libcap changed the output in newer version. tar test still expects libcap's getcap output to be same
+# https://web.git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=177cd418031b1acfcf73fe3b1af9f3279828681c
+Patch1:         tar-1.33-fix-capabilities-test.patch
+Patch2:         tar-1.35-add-forgotten-tests-from-upstream.patch
+
 %description
 Contains GNU archiving program
 
 %prep
 %setup -q
+%autopatch -p1
+
 %build
 FORCE_UNSAFE_CONFIGURE=1  ./configure \
     --prefix=%{_prefix} \
@@ -43,6 +50,8 @@ make  %{?_smp_mflags} check
 %{_mandir}/*/*
 
 %changelog
+* Wed Apr 02 2025 Riken Maharjan  - 1.35-2
+- import patches from fedora (LICENSE:MIT) to fix libcap issue.
 * Mon Nov 27 2023 Andrew Phelps  - 1.35-1
 - Upgrade to version 1.35
 * Wed Sep 20 2023 Jon Slobodzian  - 1.34-2
diff --git a/SPECS/telegraf/CVE-2024-35255.patch b/SPECS/telegraf/CVE-2024-35255.patch
new file mode 100644
index 0000000000..954122f1af
--- /dev/null
+++ b/SPECS/telegraf/CVE-2024-35255.patch
@@ -0,0 +1,201 @@
+From 3e5e1422467e537c174333d64e4f798258cdcecf Mon Sep 17 00:00:00 2001
+From: Mayank Singh 
+Date: Fri, 28 Feb 2025 06:48:55 +0000
+Subject: [PATCH] Address CVE-2024-35255
+Upstream Reference Link: https://github.com/microsoft/azurelinux/commit/4cb64e8195ad11547d887025b28b04737f330b92
+
+---
+ .../sdk/azidentity/managed_identity_client.go | 72 +++++++++++++------
+ 1 file changed, 52 insertions(+), 20 deletions(-)
+
+diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go
+index 7c25cb8b..dfa66691 100644
+--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go
++++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go
+@@ -14,13 +14,15 @@ import (
+ 	"net/http"
+ 	"net/url"
+ 	"os"
++	"path/filepath"
++	"runtime"
+ 	"strconv"
+ 	"strings"
+ 	"time"
+ 
+ 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+ 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
++	azruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
+ 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/streaming"
+ 	"github.com/Azure/azure-sdk-for-go/sdk/internal/log"
+ 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential"
+@@ -64,6 +66,22 @@ type managedIdentityClient struct {
+ 	id       ManagedIDKind
+ }
+ 
++// arcKeyDirectory returns the directory expected to contain Azure Arc keys
++var arcKeyDirectory = func() (string, error) {
++switch runtime.GOOS {
++	case "linux":
++		return "/var/opt/azcmagent/tokens", nil
++	case "windows":
++		pd := os.Getenv("ProgramData")
++		if pd == "" {
++			return "", errors.New("environment variable ProgramData has no value")
++		}
++		return filepath.Join(pd, "AzureConnectedMachineAgent", "Tokens"), nil
++	default:
++		return "", fmt.Errorf("unsupported OS %q", runtime.GOOS)
++	}
++}
++
+ type wrappedNumber json.Number
+ 
+ func (n *wrappedNumber) UnmarshalJSON(b []byte) error {
+@@ -150,8 +168,8 @@ func newManagedIdentityClient(options *ManagedIdentityCredentialOptions) (*manag
+ 		setIMDSRetryOptionDefaults(&cp.Retry)
+ 	}
+ 
+-	client, err := azcore.NewClient(module, version, runtime.PipelineOptions{
+-		Tracing: runtime.TracingOptions{
++	client, err := azcore.NewClient(module, version, azruntime.PipelineOptions{
++		Tracing: azruntime.TracingOptions{
+ 			Namespace: traceNamespace,
+ 		},
+ 	}, &cp)
+@@ -190,7 +208,7 @@ func (c *managedIdentityClient) authenticate(ctx context.Context, id ManagedIDKi
+ 		return azcore.AccessToken{}, newAuthenticationFailedError(credNameManagedIdentity, err.Error(), nil, err)
+ 	}
+ 
+-	if runtime.HasStatusCode(resp, http.StatusOK, http.StatusCreated) {
++	if azruntime.HasStatusCode(resp, http.StatusOK, http.StatusCreated) {
+ 		return c.createAccessToken(resp)
+ 	}
+ 
+@@ -201,14 +219,14 @@ func (c *managedIdentityClient) authenticate(ctx context.Context, id ManagedIDKi
+ 				return azcore.AccessToken{}, newAuthenticationFailedError(credNameManagedIdentity, "the requested identity isn't assigned to this resource", resp, nil)
+ 			}
+ 			msg := "failed to authenticate a system assigned identity"
+-			if body, err := runtime.Payload(resp); err == nil && len(body) > 0 {
++			if body, err := azruntime.Payload(resp); err == nil && len(body) > 0 {
+ 				msg += fmt.Sprintf(". The endpoint responded with %s", body)
+ 			}
+ 			return azcore.AccessToken{}, newCredentialUnavailableError(credNameManagedIdentity, msg)
+ 		case http.StatusForbidden:
+ 			// Docker Desktop runs a proxy that responds 403 to IMDS token requests. If we get that response,
+ 			// we return credentialUnavailableError so credential chains continue to their next credential
+-			body, err := runtime.Payload(resp)
++			body, err := azruntime.Payload(resp)
+ 			if err == nil && strings.Contains(string(body), "A socket operation was attempted to an unreachable network") {
+ 				return azcore.AccessToken{}, newCredentialUnavailableError(credNameManagedIdentity, fmt.Sprintf("unexpected response %q", string(body)))
+ 			}
+@@ -226,7 +244,7 @@ func (c *managedIdentityClient) createAccessToken(res *http.Response) (azcore.Ac
+ 		ExpiresIn    wrappedNumber `json:"expires_in,omitempty"` // this field should always return the number of seconds for which a token is valid
+ 		ExpiresOn    interface{}   `json:"expires_on,omitempty"` // the value returned in this field varies between a number and a date string
+ 	}{}
+-	if err := runtime.UnmarshalAsJSON(res, &value); err != nil {
++	if err := azruntime.UnmarshalAsJSON(res, &value); err != nil {
+ 		return azcore.AccessToken{}, fmt.Errorf("internal AccessToken: %v", err)
+ 	}
+ 	if value.ExpiresIn != "" {
+@@ -276,7 +294,7 @@ func (c *managedIdentityClient) createAuthRequest(ctx context.Context, id Manage
+ }
+ 
+ func (c *managedIdentityClient) createIMDSAuthRequest(ctx context.Context, id ManagedIDKind, scopes []string) (*policy.Request, error) {
+-	request, err := runtime.NewRequest(ctx, http.MethodGet, c.endpoint)
++	request, err := azruntime.NewRequest(ctx, http.MethodGet, c.endpoint)
+ 	if err != nil {
+ 		return nil, err
+ 	}
+@@ -296,7 +314,7 @@ func (c *managedIdentityClient) createIMDSAuthRequest(ctx context.Context, id Ma
+ }
+ 
+ func (c *managedIdentityClient) createAppServiceAuthRequest(ctx context.Context, id ManagedIDKind, scopes []string) (*policy.Request, error) {
+-	request, err := runtime.NewRequest(ctx, http.MethodGet, c.endpoint)
++	request, err := azruntime.NewRequest(ctx, http.MethodGet, c.endpoint)
+ 	if err != nil {
+ 		return nil, err
+ 	}
+@@ -316,7 +334,7 @@ func (c *managedIdentityClient) createAppServiceAuthRequest(ctx context.Context,
+ }
+ 
+ func (c *managedIdentityClient) createAzureMLAuthRequest(ctx context.Context, id ManagedIDKind, scopes []string) (*policy.Request, error) {
+-	request, err := runtime.NewRequest(ctx, http.MethodGet, c.endpoint)
++	request, err := azruntime.NewRequest(ctx, http.MethodGet, c.endpoint)
+ 	if err != nil {
+ 		return nil, err
+ 	}
+@@ -339,7 +357,7 @@ func (c *managedIdentityClient) createAzureMLAuthRequest(ctx context.Context, id
+ }
+ 
+ func (c *managedIdentityClient) createServiceFabricAuthRequest(ctx context.Context, id ManagedIDKind, scopes []string) (*policy.Request, error) {
+-	request, err := runtime.NewRequest(ctx, http.MethodGet, c.endpoint)
++	request, err := azruntime.NewRequest(ctx, http.MethodGet, c.endpoint)
+ 	if err != nil {
+ 		return nil, err
+ 	}
+@@ -362,7 +380,7 @@ func (c *managedIdentityClient) createServiceFabricAuthRequest(ctx context.Conte
+ 
+ func (c *managedIdentityClient) getAzureArcSecretKey(ctx context.Context, resources []string) (string, error) {
+ 	// create the request to retreive the secret key challenge provided by the HIMDS service
+-	request, err := runtime.NewRequest(ctx, http.MethodGet, c.endpoint)
++	request, err := azruntime.NewRequest(ctx, http.MethodGet, c.endpoint)
+ 	if err != nil {
+ 		return "", err
+ 	}
+@@ -384,22 +402,36 @@ func (c *managedIdentityClient) getAzureArcSecretKey(ctx context.Context, resour
+ 	}
+ 	header := response.Header.Get("WWW-Authenticate")
+ 	if len(header) == 0 {
+-		return "", errors.New("did not receive a value from WWW-Authenticate header")
++		return "", newAuthenticationFailedError(credNameManagedIdentity, "HIMDS response has no WWW-Authenticate header", nil, nil)
+ 	}
+ 	// the WWW-Authenticate header is expected in the following format: Basic realm=/some/file/path.key
+-	pos := strings.LastIndex(header, "=")
+-	if pos == -1 {
+-		return "", fmt.Errorf("did not receive a correct value from WWW-Authenticate header: %s", header)
++	_, p, found := strings.Cut(header, "=")
++	if !found {
++		return "", newAuthenticationFailedError(credNameManagedIdentity, "unexpected WWW-Authenticate header from HIMDS: "+header, nil, nil)
++	}
++	expected, err := arcKeyDirectory()
++	if err != nil {
++		return "", err
++	}
++	if filepath.Dir(p) != expected || !strings.HasSuffix(p, ".key") {
++		return "", newAuthenticationFailedError(credNameManagedIdentity, "unexpected file path from HIMDS service: "+p, nil, nil)
++	}
++	f, err := os.Stat(p)
++	if err != nil {
++		return "", newAuthenticationFailedError(credNameManagedIdentity, fmt.Sprintf("could not stat %q: %v", p, err), nil, nil)
++	}
++	if s := f.Size(); s > 4096 {
++		return "", newAuthenticationFailedError(credNameManagedIdentity, fmt.Sprintf("key is too large (%d bytes)", s), nil, nil)
+ 	}
+-	key, err := os.ReadFile(header[pos+1:])
++	key, err := os.ReadFile(p)
+ 	if err != nil {
+-		return "", fmt.Errorf("could not read file (%s) contents: %v", header[pos+1:], err)
++		return "", newAuthenticationFailedError(credNameManagedIdentity, fmt.Sprintf("could not read %q: %v", p, err), nil, nil)
+ 	}
+ 	return string(key), nil
+ }
+ 
+ func (c *managedIdentityClient) createAzureArcAuthRequest(ctx context.Context, id ManagedIDKind, resources []string, key string) (*policy.Request, error) {
+-	request, err := runtime.NewRequest(ctx, http.MethodGet, c.endpoint)
++	request, err := azruntime.NewRequest(ctx, http.MethodGet, c.endpoint)
+ 	if err != nil {
+ 		return nil, err
+ 	}
+@@ -421,7 +453,7 @@ func (c *managedIdentityClient) createAzureArcAuthRequest(ctx context.Context, i
+ }
+ 
+ func (c *managedIdentityClient) createCloudShellAuthRequest(ctx context.Context, id ManagedIDKind, scopes []string) (*policy.Request, error) {
+-	request, err := runtime.NewRequest(ctx, http.MethodPost, c.endpoint)
++	request, err := azruntime.NewRequest(ctx, http.MethodPost, c.endpoint)
+ 	if err != nil {
+ 		return nil, err
+ 	}
+-- 
+2.45.3
+
diff --git a/SPECS/telegraf/CVE-2025-22872.patch b/SPECS/telegraf/CVE-2025-22872.patch
new file mode 100644
index 0000000000..d66e99f296
--- /dev/null
+++ b/SPECS/telegraf/CVE-2025-22872.patch
@@ -0,0 +1,42 @@
+From c3bde8676a99155b88f7d0342e1e6b36a3f83324 Mon Sep 17 00:00:00 2001
+From: Mayank Singh 
+Date: Tue, 22 Apr 2025 05:00:39 +0000
+Subject: [PATCH] Address CVE-2025-22872.patch
+Upstream Reference Link: https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9
+
+---
+ vendor/golang.org/x/net/html/token.go | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go
+index 3c57880d..6598c1f7 100644
+--- a/vendor/golang.org/x/net/html/token.go
++++ b/vendor/golang.org/x/net/html/token.go
+@@ -839,8 +839,22 @@ func (z *Tokenizer) readStartTag() TokenType {
+ 	if raw {
+ 		z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end]))
+ 	}
+-	// Look for a self-closing token like "
".
+-	if z.err == nil && z.buf[z.raw.end-2] == '/' {
++	// Look for a self-closing token (e.g. 
).
++	//
++	// Originally, we did this by just checking that the last character of the
++	// tag (ignoring the closing bracket) was a solidus (/) character, but this
++	// is not always accurate.
++	//
++	// We need to be careful that we don't misinterpret a non-self-closing tag
++	// as self-closing, as can happen if the tag contains unquoted attribute
++	// values (i.e. 
).
++	//
++	// To avoid this, we check that the last non-bracket character of the tag
++	// (z.raw.end-2) isn't the same character as the last non-quote character of
++	// the last attribute of the tag (z.pendingAttr[1].end-1), if the tag has
++	// attributes.
++	nAttrs := len(z.attr)
++	if z.err == nil && z.buf[z.raw.end-2] == '/' && (nAttrs == 0 || z.raw.end-2 != z.attr[nAttrs-1][1].end-1) {
+ 		return SelfClosingTagToken
+ 	}
+ 	return StartTagToken
+-- 
+2.45.3
+
diff --git a/SPECS/telegraf/CVE-2025-27144.patch b/SPECS/telegraf/CVE-2025-27144.patch
new file mode 100644
index 0000000000..0a43244b58
--- /dev/null
+++ b/SPECS/telegraf/CVE-2025-27144.patch
@@ -0,0 +1,50 @@
+From e597cbe4aa2276ba04efe34cc9e6634fd2009c01 Mon Sep 17 00:00:00 2001
+From: Mayank Singh 
+Date: Fri, 28 Feb 2025 07:26:35 +0000
+Subject: [PATCH] Address CVE-2025-27144
+Upstream Reference Link: https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22
+
+---
+ vendor/github.com/go-jose/go-jose/v4/jwe.go | 5 +++--
+ vendor/github.com/go-jose/go-jose/v4/jws.go | 5 +++--
+ 2 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/vendor/github.com/go-jose/go-jose/v4/jwe.go b/vendor/github.com/go-jose/go-jose/v4/jwe.go
+index 89f03ee3..9f1322dc 100644
+--- a/vendor/github.com/go-jose/go-jose/v4/jwe.go
++++ b/vendor/github.com/go-jose/go-jose/v4/jwe.go
+@@ -288,10 +288,11 @@ func ParseEncryptedCompact(
+ 	keyAlgorithms []KeyAlgorithm,
+ 	contentEncryption []ContentEncryption,
+ ) (*JSONWebEncryption, error) {
+-	parts := strings.Split(input, ".")
+-	if len(parts) != 5 {
++	// Five parts is four separators
++	if strings.Count(input, ".") != 4 {
+ 		return nil, fmt.Errorf("go-jose/go-jose: compact JWE format must have five parts")
+ 	}
++	parts := strings.SplitN(input, ".", 5)
+ 
+ 	rawProtected, err := base64.RawURLEncoding.DecodeString(parts[0])
+ 	if err != nil {
+diff --git a/vendor/github.com/go-jose/go-jose/v4/jws.go b/vendor/github.com/go-jose/go-jose/v4/jws.go
+index 3a912301..d09d8ba5 100644
+--- a/vendor/github.com/go-jose/go-jose/v4/jws.go
++++ b/vendor/github.com/go-jose/go-jose/v4/jws.go
+@@ -327,10 +327,11 @@ func parseSignedCompact(
+ 	payload []byte,
+ 	signatureAlgorithms []SignatureAlgorithm,
+ ) (*JSONWebSignature, error) {
+-	parts := strings.Split(input, ".")
+-	if len(parts) != 3 {
++	// Three parts is two separators
++	if strings.Count(input, ".") != 2 {
+ 		return nil, fmt.Errorf("go-jose/go-jose: compact JWS format must have three parts")
+ 	}
++	parts := strings.SplitN(input, ".", 3)
+ 
+ 	if parts[1] != "" && payload != nil {
+ 		return nil, fmt.Errorf("go-jose/go-jose: payload is not detached")
+-- 
+2.45.3
+
diff --git a/SPECS/telegraf/CVE-2025-30215.patch b/SPECS/telegraf/CVE-2025-30215.patch
new file mode 100644
index 0000000000..992b61ca0f
--- /dev/null
+++ b/SPECS/telegraf/CVE-2025-30215.patch
@@ -0,0 +1,59 @@
+From 34400b7d4b30ab6320de6e860cba5fef7ef5ef98 Mon Sep 17 00:00:00 2001
+From: Sudipta Pandit 
+Date: Thu, 17 Apr 2025 19:50:26 +0530
+Subject: [PATCH] Fix CVE-2025-30215
+
+Upstream reference: https://github.com/nats-io/nats-server/commit/406f83666cc5e6ec1259684b2f883b2e30ffa147
+---
+ .../nats-io/nats-server/v2/server/jetstream_api.go | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/vendor/github.com/nats-io/nats-server/v2/server/jetstream_api.go b/vendor/github.com/nats-io/nats-server/v2/server/jetstream_api.go
+index 99dd719f..b43b0f0d 100644
+--- a/vendor/github.com/nats-io/nats-server/v2/server/jetstream_api.go
++++ b/vendor/github.com/nats-io/nats-server/v2/server/jetstream_api.go
+@@ -2297,6 +2297,9 @@ func (s *Server) jsLeaderServerRemoveRequest(sub *subscription, c *client, _ *Ac
+ 		s.Warnf(badAPIRequestT, msg)
+ 		return
+ 	}
++	if acc != s.SystemAccount() {
++		return
++	}
+ 
+ 	js, cc := s.getJetStreamCluster()
+ 	if js == nil || cc == nil || cc.meta == nil {
+@@ -2421,6 +2424,10 @@ func (s *Server) jsLeaderServerStreamMoveRequest(sub *subscription, c *client, _
+ 	accName := tokenAt(subject, 6)
+ 	streamName := tokenAt(subject, 7)
+ 
++	if acc.GetName() != accName && acc != s.SystemAccount() {
++		return
++	}
++
+ 	var resp = JSApiStreamUpdateResponse{ApiResponse: ApiResponse{Type: JSApiStreamUpdateResponseType}}
+ 
+ 	var req JSApiMetaServerStreamMoveRequest
+@@ -2577,6 +2584,10 @@ func (s *Server) jsLeaderServerStreamCancelMoveRequest(sub *subscription, c *cli
+ 	accName := tokenAt(subject, 6)
+ 	streamName := tokenAt(subject, 7)
+ 
++	if acc.GetName() != accName && acc != s.SystemAccount() {
++		return
++	}
++
+ 	targetAcc, ok := s.accounts.Load(accName)
+ 	if !ok {
+ 		resp.Error = NewJSNoAccountError()
+@@ -2663,6 +2674,9 @@ func (s *Server) jsLeaderAccountPurgeRequest(sub *subscription, c *client, _ *Ac
+ 		s.Warnf(badAPIRequestT, msg)
+ 		return
+ 	}
++	if acc != s.SystemAccount() {
++		return
++	}
+ 
+ 	js := s.getJetStream()
+ 	if js == nil {
+-- 
+2.34.1
+
diff --git a/SPECS/telegraf/telegraf.spec b/SPECS/telegraf/telegraf.spec
index 7379b01782..04148f7e5b 100644
--- a/SPECS/telegraf/telegraf.spec
+++ b/SPECS/telegraf/telegraf.spec
@@ -1,7 +1,7 @@
 Summary:        agent for collecting, processing, aggregating, and writing metrics.
 Name:           telegraf
 Version:        1.31.0
-Release:        21%{?dist}
+Release:        22%{?dist}
 License:        MIT
 Vendor:         Intel Corporation
 Distribution:   Edge Microvisor Toolkit
@@ -12,14 +12,19 @@ Source0:        %{url}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.
 Source1:        %{name}-%{version}-vendor.tar.gz
 Source2:        telegraf.te
 Source3:        telegraf.fc
-Patch0:         CVE-2024-37298.patch
-Patch1:         CVE-2024-45337.patch
-Patch2:         CVE-2024-45338.patch
-Patch3:         CVE-2025-22868.patch
-Patch4:         CVE-2025-22869.patch
-Patch5:         CVE-2025-22870.patch
-Patch6:         CVE-2024-51744.patch
-Patch7:         CVE-2025-30204.patch
+Patch0:         CVE-2024-35255.patch
+Patch1:         CVE-2024-37298.patch
+Patch2:         CVE-2024-45337.patch
+Patch3:         CVE-2024-45338.patch
+Patch4:         CVE-2025-22868.patch
+Patch5:         CVE-2025-22869.patch
+Patch6:         CVE-2025-22870.patch
+Patch7:         CVE-2024-51744.patch
+Patch8:         CVE-2025-30204.patch
+Patch9:         CVE-2025-27144.patch
+Patch10:        CVE-2025-30215.patch
+Patch11:        CVE-2025-22872.patch
+
 BuildRequires:  golang
 BuildRequires:  systemd-devel
 Requires:       logrotate
@@ -58,10 +63,7 @@ BuildArch:      noarch
 SELinux policy for %{name}.
 
 %prep
-%autosetup -N
-# setup vendor before patching
-tar -xf %{SOURCE1} --no-same-owner
-%autopatch -p1
+%autosetup -a1 -p1
 
 %build
 CGO_ENABLED=0 go build -trimpath -tags \
@@ -127,6 +129,12 @@ fi
 %selinux_modules_uninstall -s %{selinuxtype} %{modulename}
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 1.31.0-22
+- merge from Azure Linux 3.0.20250521-3.0
+- Fix CVE-2025-22872 with an upstream patch
+- Patch CVE-2025-30215
+- Fix CVE-2024-35255 and CVE-2025-27144 with an upstream patch
+
 * Thu Apr 28 2025 Ranjan Dutta  - 1.31.0-21
 - merge from Azure Linux tag 3.0.20250423-3.0
 - Patch CVE-2025-30204
diff --git a/SPECS/tini/tini.spec b/SPECS/tini/tini.spec
index 439bc9ffb0..8547a37a8f 100644
--- a/SPECS/tini/tini.spec
+++ b/SPECS/tini/tini.spec
@@ -1,7 +1,7 @@
 Summary:        A tiny but valid init for containers
 Name:           tini
 Version:        0.19.0
-Release:        19%{?dist}
+Release:        20%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -13,7 +13,7 @@ BuildRequires:  diffutils
 BuildRequires:  file
 BuildRequires:  gcc
 BuildRequires:  glibc-devel
-BuildRequires:  glibc-static >= 2.38-9%{?dist}
+BuildRequires:  glibc-static >= 2.38-10%{?dist}
 BuildRequires:  kernel-headers
 BuildRequires:  make
 BuildRequires:  sed
@@ -66,6 +66,9 @@ ln -s %{_bindir}/tini-static %{buildroot}%{_bindir}/docker-init
 %{_bindir}/docker-init
 
 %changelog
+* Mon May 12 2025 Andrew Phelps anphel@microsoft.com - 0.19.0-20
+- Bump to rebuild with updated glibc
+
 * Tue Feb 25 2025 Chris Co  - 0.19.0-19
 - Bump to rebuild with updated glibc
 
diff --git a/SPECS/tinyxml2/CVE-2024-50615.patch b/SPECS/tinyxml2/CVE-2024-50615.patch
new file mode 100644
index 0000000000..960f41e362
--- /dev/null
+++ b/SPECS/tinyxml2/CVE-2024-50615.patch
@@ -0,0 +1,231 @@
+From 5be6d48c41d636826984605448dc8d4516f2b8ac Mon Sep 17 00:00:00 2001
+From: archana25-ms 
+Date: Wed, 16 Apr 2025 07:10:31 +0000
+Subject: [PATCH] Address CVE-2024-50615
+Upstream Patch Reference : 
+1. https://github.com/leethomason/tinyxml2/commit/494735de30c946bc7d684c65ff8ece05beeb232d
+2. https://github.com/leethomason/tinyxml2/commit/4cbb25155cde261ccf868efb8ae29ad0eebea4d1
+
+---
+ tinyxml2.cpp | 129 +++++++++++++++++++++++----------------------------
+ xmltest.cpp  |  31 ++++++++++++-
+ 2 files changed, 89 insertions(+), 71 deletions(-)
+
+diff --git a/tinyxml2.cpp b/tinyxml2.cpp
+index 9173467..b12112e 100755
+--- a/tinyxml2.cpp
++++ b/tinyxml2.cpp
+@@ -467,102 +467,91 @@ void XMLUtil::ConvertUTF32ToUTF8( unsigned long input, char* output, int* length
+ }
+ 
+ 
+-const char* XMLUtil::GetCharacterRef( const char* p, char* value, int* length )
++const char* XMLUtil::GetCharacterRef(const char* p, char* value, int* length)
+ {
+-    // Presume an entity, and pull it out.
++    // Assume an entity, and pull it out.
+     *length = 0;
+ 
++    static const uint32_t MAX_CODE_POINT = 0x10FFFF;
++
+     if ( *(p+1) == '#' && *(p+2) ) {
+-        unsigned long ucs = 0;
+-        TIXMLASSERT( sizeof( ucs ) >= 4 );
++        uint32_t ucs = 0;
+         ptrdiff_t delta = 0;
+-        unsigned mult = 1;
++        uint32_t mult = 1;
+         static const char SEMICOLON = ';';
+ 
+-        if ( *(p+2) == 'x' ) {
++        bool hex = false;
++        uint32_t radix = 10;
++        const char* q = 0;
++        char terminator = '#';
++
++        if (*(p + 2) == 'x') {
+             // Hexadecimal.
+-            const char* q = p+3;
+-            if ( !(*q) ) {
+-                return 0;
+-            }
++            hex = true;
++            radix = 16;
++            terminator = 'x';
+ 
+-            q = strchr( q, SEMICOLON );
++            q = p + 3;
++            q = p + 3;
++        }
++        else {
++            // Decimal.
++            q = p + 2;
++        }
++        if (!(*q)) {
++            return 0;
++        }
+ 
+-            if ( !q ) {
+-                return 0;
+-            }
+-            TIXMLASSERT( *q == SEMICOLON );
+ 
+-            delta = q-p;
+-            --q;
++        q = strchr(q, SEMICOLON);
++        if (!q) {
++            return 0;
++        }
++        TIXMLASSERT(*q == SEMICOLON);
++        delta = q - p;
++        --q;
+ 
+-            while ( *q != 'x' ) {
+-                unsigned int digit = 0;
++        while (*q != terminator) {
++            uint32_t digit = 0;
+ 
+-                if ( *q >= '0' && *q <= '9' ) {
+-                    digit = *q - '0';
+-                }
+-                else if ( *q >= 'a' && *q <= 'f' ) {
+-                    digit = *q - 'a' + 10;
+-                }
+-                else if ( *q >= 'A' && *q <= 'F' ) {
+-                    digit = *q - 'A' + 10;
+-                }
+-                else {
+-                    return 0;
+-                }
+-                TIXMLASSERT( digit < 16 );
+-                TIXMLASSERT( digit == 0 || mult <= UINT_MAX / digit );
+-                const unsigned int digitScaled = mult * digit;
+-                TIXMLASSERT( ucs <= ULONG_MAX - digitScaled );
+-                ucs += digitScaled;
+-                TIXMLASSERT( mult <= UINT_MAX / 16 );
+-                mult *= 16;
+-                --q;
++            if (*q >= '0' && *q <= '9') {
++                digit = *q - '0';
+             }
+-        }
+-        else {
+-            // Decimal.
+-            const char* q = p+2;
+-            if ( !(*q) ) {
+-                return 0;
++            else if (hex && (*q >= 'a' && *q <= 'f')) {
++                digit = *q - 'a' + 10;
+             }
+-
+-            q = strchr( q, SEMICOLON );
+-
+-            if ( !q ) {
++            else if (hex && (*q >= 'A' && *q <= 'F')) {
++                digit = *q - 'A' + 10;
++            }
++            else {
+                 return 0;
+             }
+-            TIXMLASSERT( *q == SEMICOLON );
++            TIXMLASSERT(digit < radix);
+ 
+-            delta = q-p;
+-            --q;
++            const unsigned int digitScaled = mult * digit;
++            ucs += digitScaled;
++            mult *= radix;       
+ 
+-            while ( *q != '#' ) {
+-                if ( *q >= '0' && *q <= '9' ) {
+-                    const unsigned int digit = *q - '0';
+-                    TIXMLASSERT( digit < 10 );
+-                    TIXMLASSERT( digit == 0 || mult <= UINT_MAX / digit );
+-                    const unsigned int digitScaled = mult * digit;
+-                    TIXMLASSERT( ucs <= ULONG_MAX - digitScaled );
+-                    ucs += digitScaled;
+-                }
+-                else {
+-                    return 0;
+-                }
+-                TIXMLASSERT( mult <= UINT_MAX / 10 );
+-                mult *= 10;
+-                --q;
++            // Security check: could a value exist that is out of range?
++            // Easily; limit to the MAX_CODE_POINT, which also allows for a
++            // bunch of leading zeroes.
++            if (mult > MAX_CODE_POINT) {
++                mult = MAX_CODE_POINT;
+             }
++            --q;
++        }
++        // Out of range:
++        if (ucs > MAX_CODE_POINT) {
++            return 0;
+         }
+         // convert the UCS to UTF-8
+-        ConvertUTF32ToUTF8( ucs, value, length );
++		TIXMLASSERT(ucs <= MAX_CODE_POINT);
++        ConvertUTF32ToUTF8(ucs, value, length);
+         return p + delta + 1;
+     }
+-    return p+1;
++    return p + 1;
+ }
+ 
+-
+ void XMLUtil::ToStr( int v, char* buffer, int bufferSize )
+ {
+     TIXML_SNPRINTF( buffer, bufferSize, "%d", v );
+diff --git a/xmltest.cpp b/xmltest.cpp
+index d5a1ce3..50afcbd 100755
+--- a/xmltest.cpp
++++ b/xmltest.cpp
+@@ -1642,7 +1642,7 @@ int main( int argc, const char ** argv )
+ 
+ 		static const char* result  = "\xef\xbb\xbf";
+ 		XMLTest( "BOM and default declaration", result, printer.CStr(), false );
+-		XMLTest( "CStrSize", 42, printer.CStrSize(), false );
++		XMLTest( "CStrSize", true, printer.CStrSize() == 42, false );
+ 	}
+ 	{
+ 		const char* xml = "Text";
++ 		XMLDocument doc;
++ 		doc.Parse(xml);
++ 		const char* value = doc.FirstChildElement()->Attribute("value");
++ 		const char* value2 = doc.FirstChildElement()->Attribute("value2");
++ 		XMLTest("Test attribute encode", false, doc.Error());
++ 		XMLTest("Test decimal value", value, "12A34");
++ 		XMLTest("Test hex encode", value2, "56B78");
++ 	}
++
++ 	{
++ 		const char* xml = "Text";
++ 		XMLDocument doc;
++ 		doc.Parse(xml);
++ 		const char* value = doc.FirstChildElement()->Attribute("value");
++ 		const char* value2 = doc.FirstChildElement()->Attribute("value2");
++ 		const char* value3 = doc.FirstChildElement()->Attribute("value3");
++ 		const char* value4 = doc.FirstChildElement()->Attribute("value4");
++ 		const char* value5 = doc.FirstChildElement()->Attribute("value5");
++ 		XMLTest("Test attribute encode", false, doc.Error());
++ 		XMLTest("Test attribute encode too long value", value, "&#ABC9000000065;"); // test long value
++ 		XMLTest("Test attribute encode out of unicode range", value2, "�"); // out of unicode range
++ 		XMLTest("Test attribute encode out of int max value", value3, "�"); // out of int max value
++ 		XMLTest("Test attribute encode with a Hex value", value4, "E"); // hex value in unicode value
++ 		XMLTest("Test attribute encode with a Hex value", value5, "!"); // hex value in unicode value
++ 	}
++
+     // ----------- Performance tracking --------------
+ 	{
+ #if defined( _MSC_VER )
+-- 
+2.45.3
+
diff --git a/SPECS/tinyxml2/tinyxml2.spec b/SPECS/tinyxml2/tinyxml2.spec
index 526a5ec2f1..2129d38400 100644
--- a/SPECS/tinyxml2/tinyxml2.spec
+++ b/SPECS/tinyxml2/tinyxml2.spec
@@ -1,12 +1,13 @@
 Summary:        Simple, small, efficient, C++ XML parser that can be easily integrated into other programs.
 Name:           tinyxml2
 Version:        9.0.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        zlib
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://github.com/leethomason/tinyxml2/
 Source0:        https://github.com/leethomason/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Patch1:         CVE-2024-50615.patch
 BuildRequires:  build-essential
 BuildRequires:  cmake
 
@@ -22,6 +23,8 @@ Development files for %{name}
 
 %prep
 %setup -q
+sed -i 's/\r$//' *.cpp
+%autopatch -p1
 
 %build
 mkdir build
@@ -48,6 +51,9 @@ make install DESTDIR=%{buildroot}
 %{_lib64dir}/pkgconfig/tinyxml2.pc
 
 %changelog
+* Fri Apr 11 2025 Archana Shettigar  - 9.0.0-2
+- Patch CVE-2024-50615.
+
 * Wed Jan 05 2022 Neha Agarwal  - 9.0.0-1
 - Update to version 9.0.0.
 
diff --git a/SPECS/unzip/CVE-2021-4217.patch b/SPECS/unzip/CVE-2021-4217.patch
new file mode 100644
index 0000000000..661919b671
--- /dev/null
+++ b/SPECS/unzip/CVE-2021-4217.patch
@@ -0,0 +1,51 @@
+From 24bfe051b63f7347d06d852a277ceb657be5d1d4 Mon Sep 17 00:00:00 2001
+From: archana25-ms 
+Date: Tue, 25 Mar 2025 18:05:10 +0000
+Subject: [PATCH] Address CVE-2021-4217
+Upstream Patch Reference: https://launchpadlibrarian.net/580782282/0001-Fix-null-pointer-dereference-and-use-of-uninitialized-data.patch
+
+---
+ fileio.c  | 5 ++++-
+ process.c | 6 +++++-
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/fileio.c b/fileio.c
+index 285f7fe..1de95f2 100644
+--- a/fileio.c
++++ b/fileio.c
+@@ -2303,8 +2303,11 @@ int do_string(__G__ length, option)   /* return PK-type error code */
+             seek_zipf(__G__ G.cur_zipfile_bufstart - G.extra_bytes +
+                       (G.inptr-G.inbuf) + length);
+         } else {
+-            if (readbuf(__G__ (char *)G.extra_field, length) == 0)
++            unsigned bytes_read = readbuf(__G__ (char *)G.extra_field, length);
++            if (bytes_read == 0)
+                 return PK_EOF;
++            if (bytes_read != length)
++                return PK_ERR;
+             /* Looks like here is where extra fields are read */
+             if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
+             {
+diff --git a/process.c b/process.c
+index 09d54f7..196b912 100644
+--- a/process.c
++++ b/process.c
+@@ -2055,10 +2055,14 @@ int getUnicodeData(__G__ ef_buf, ef_len)
+           G.unipath_checksum = makelong(offset + ef_buf);
+           offset += 4;
+ 
++          if (!G.filename_full) {
++            /* Check if we have a unicode extra section but no filename set */
++            return PK_ERR;
++          }
++
+           /*
+            * Compute 32-bit crc
+            */
+-
+           chksum = crc32(chksum, (uch *)(G.filename_full),
+                          strlen(G.filename_full));
+ 
+-- 
+2.45.3
+
diff --git a/SPECS/unzip/unzip.spec b/SPECS/unzip/unzip.spec
index 63af46eb06..560c86371f 100644
--- a/SPECS/unzip/unzip.spec
+++ b/SPECS/unzip/unzip.spec
@@ -1,7 +1,7 @@
 Summary:        Unzip-6.0
 Name:           unzip
 Version:        6.0
-Release:        21%{?dist}
+Release:        22%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -24,6 +24,7 @@ Patch12:        unzip-zipbomb-manpage.patch
 Patch13:        CVE-2015-7697.patch
 Patch14:        CVE-2018-1000035.patch
 Patch15:	CVE-2022-0529.patch
+Patch16:        CVE-2021-4217.patch
 
 %description
 The UnZip package contains ZIP extraction utilities. These are useful
@@ -58,6 +59,9 @@ ln -sf unzip %{buildroot}%{_bindir}/zipinfo
 %{_bindir}/*
 
 %changelog
+* Tue Mar 25 2025 Archana Shettigar  - 6.0.22
+- Fix CVE-2021-4217 with an upstream patch
+
 * Mon Nov 25 2024 Kavya Sree Kaitepalli  - 6.0-21
 - Fix CVE-2022-0529 and CVE-2022-0530
 
diff --git a/SPECS/valkey/valkey.signatures.json b/SPECS/valkey/valkey.signatures.json
index 3cae719e63..d6613c7aa1 100644
--- a/SPECS/valkey/valkey.signatures.json
+++ b/SPECS/valkey/valkey.signatures.json
@@ -1,5 +1,5 @@
 {
   "Signatures": {
-    "valkey-8.0.2.tar.gz": "e052c45b3cbe512e24fdfdc3fd337f9f5e4b8f8b8713f349ba867b829c8ff11a"
+    "valkey-8.0.3.tar.gz": "9141b6a91572e714fae8bc01e5031828ac6a8eb8e012e6836673d18dbfe4a47b"
   }
 }
diff --git a/SPECS/valkey/valkey.spec b/SPECS/valkey/valkey.spec
index 05940f03a2..6dab90e7ec 100644
--- a/SPECS/valkey/valkey.spec
+++ b/SPECS/valkey/valkey.spec
@@ -1,6 +1,6 @@
 Summary:        advanced key-value store
 Name:           valkey
-Version:        8.0.2
+Version:        8.0.3
 Release:        1%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
@@ -84,6 +84,9 @@ exit 0
 %config(noreplace) %attr(0640, %{name}, %{name}) %{_sysconfdir}/valkey.conf
 
 %changelog
+* Mon Apr 28 2025 CBL-Mariner Servicing Account  - 8.0.3-1
+- Auto-upgrade to 8.0.3 - for CVE-2025-21605
+
 * Mon Jan 13 2025 CBL-Mariner Servicing Account  - 8.0.2-1
 - Auto-upgrade to 8.0.2 - Upgrade valkey to fix CVE-2024-51741 and CVE-2024-46981
 
diff --git a/SPECS/virtiofsd/CVE-2024-43806.patch b/SPECS/virtiofsd/CVE-2024-43806.patch
new file mode 100644
index 0000000000..9515354794
--- /dev/null
+++ b/SPECS/virtiofsd/CVE-2024-43806.patch
@@ -0,0 +1,337 @@
+# Patch generated by Archana Choudhary 
+# Source: https://github.com/bytecodealliance/rustix/commit/31fd98ca723b93cc6101a3e29843ea5cf094e159.patch
+
+diff --color -urN a/vendor/rustix/.cargo-checksum.json b/vendor/rustix/.cargo-checksum.json
+--- a/vendor/rustix/.cargo-checksum.json	2025-01-16 18:36:03.843863186 +0000
++++ b/vendor/rustix/.cargo-checksum.json	2025-01-16 19:27:47.849001870 +0000
+@@ -1 +1 @@
+-{"files":{"CODE_OF_CONDUCT.md":"f210602311e3f74b32f46237fd55f4ce36d798e85e3db1432ec667f63a7ffc44","CONTRIBUTING.md":"fb570c76cf924cd75b77bed52b0dbe1e87ce224dc3428c48d98301710dcc331e","COPYRIGHT":"377c2e7c53250cc5905c0b0532d35973392af16ffb9596a41d99d202cf3617c9","Cargo.toml":"387413b757ba2a7cb28ec2949f05ff8c31f49690389724bb2b7e4d1b008b8ffe","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-Apache-2.0_WITH_LLVM-exception":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","ORG_CODE_OF_CONDUCT.md":"a62b69bf86e605ee1bcbb2f0a12ba79e4cebb6983a7b6491949750aecc4f2178","README.md":"20e6d4bc5a33c81e9a4a04abe8ac611658deb4ab0794cd792f0568f287b68da7","SECURITY.md":"4d75afb09dd28eb5982e3a1f768ee398d90204669ceef3240a16b31dcf04148a","benches/mod.rs":"7abf49bced798168a4f57916654305a6c5d048d12e0ad43d30ab14f24b5e527a","build.rs":"36956bd7e6b5a2d5e66e9a91eae41d76bd75b4a25d5427dc22ad48307ef25cc1","src/backend/libc/c.rs":"63b26c669135e7717ed1ff579ace2b238e815164b96a78be031b732645a271d9","src/backend/libc/conv.rs":"71cb0f653fa95705bcea2173840b78dd02f94735db970f8081231320e0478cb9","src/backend/libc/event/epoll.rs":"598e246866f46834f57d5385439d4c40654f899d3b9f252b6f72eeb18628d661","src/backend/libc/event/mod.rs":"7f8547c599b8263eb791890bbe4a0b22fe2676d007ffdcc3e07b2e48d1c994db","src/backend/libc/event/poll_fd.rs":"d342bb16fd8a7ea695e7264c76d8c1d00ab2182ff70ed57a98c25afe9aa16819","src/backend/libc/event/syscalls.rs":"3be2f52fcabad16cf4d554f56d70fb47ac9dee61feabb3d883e701d53745017d","src/backend/libc/event/types.rs":"f258bd98a4095b7b278bb267e572b5e599d727a83f42a0508231ac6a396bb795","src/backend/libc/event/windows_syscalls.rs":"ebfac665c6676c4b803134ab8806be8aa2e96bdbc7799a19c544cd9069b35787","src/backend/libc/fs/dir.rs":"4ff9b5f3b6fad06cfb641cf74511c4b80186b426e8c2d67a1b6cba08466b5d4f","src/backend/libc/fs/inotify.rs":"4e0e1f31ed6a53cbc56119bb974a464acd9c7797d2699a29cb399311ce49323d","src/backend/libc/fs/makedev.rs":"797e7e31dd363b8f649f370424e23a210be4536b580a78cb0f4c5d375da0aab0","src/backend/libc/fs/mod.rs":"5fa5a19401054cbf8d339192508aa7ad60fb2b0543256dbfbda128c05dedf645","src/backend/libc/fs/syscalls.rs":"1657b2a1f385ca96787648b89cd777657baeeacd96c4f752260b7a97c1fff1a1","src/backend/libc/fs/types.rs":"39a6c7ca6e755a050efe167b9cfd7146898f18ac5b1b40878107f5a9378b2d17","src/backend/libc/io/errno.rs":"01783934c204b775c12a4da055405ab543f63e5b127b55e305efc47708c7f679","src/backend/libc/io/mod.rs":"746647bd864e4ec7717925b6d176cebdb392b7d015070244cc48d92780351dd6","src/backend/libc/io/syscalls.rs":"fd71e78eef9f2ae247fb7d5c92c54d4c32161784dc258848db458f89023faf41","src/backend/libc/io/types.rs":"2248c2ba2c4b6ecbbb9f6c8dc2814734e8cd05e664c2aab409a243e034ff338b","src/backend/libc/io/windows_syscalls.rs":"73d3e609d30dfbb1a032f3ac667b3c65cb8a05a1d54c90bbb253021c85fd496a","src/backend/libc/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/io_uring/syscalls.rs":"5af8146d5971c833e6fd657f652c618b31f854e1b0811864fba9b658cb633e19","src/backend/libc/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mm/syscalls.rs":"858e5bb3bc850b6a2d5ce69b3c8e40ab7cf75d392fe3a022119e5edd0c538db5","src/backend/libc/mm/types.rs":"db3b5af83e07a68eaa7f70e04871e818acd5542c135e92b4a38af555e076540e","src/backend/libc/mod.rs":"e572b4461d4fe9a399b5db9c8395d6559ffe69586c76506d53d5d7fb37bb87cf","src/backend/libc/mount/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mount/syscalls.rs":"1bc87501a078616d0190d2e85de55f3f968b8cb79d49bd9eb839a350eed26089","src/backend/libc/mount/types.rs":"6744dc82723d2e08af1d69b7421642bc1b687d89f9116643df9d2e7a9b1d1c39","src/backend/libc/net/addr.rs":"72f504c3a97eaa49d3013db30b55c5c8f711a097b98023ffcbb527d04cf0a014","src/backend/libc/net/ext.rs":"d1274fd3ab84bbb8b73f45efe6dbd63f82b09d889a6b2aae07f15970dbb6c6c2","src/backend/libc/net/mod.rs":"605b818c6f4c536c96e052d9b843eeca79dccd1d3cf1c8b87e60c8539b8122b4","src/backend/libc/net/msghdr.rs":"67f7ed2c41e843bf2c00c9fef4280af24cf2e897c3b31e0a916415237c8f88e4","src/backend/libc/net/read_sockaddr.rs":"62b8a444cb9a0a9031d462f96f401db14b851551dd3dc58eec06570d7fec06c2","src/backend/libc/net/send_recv.rs":"eb8b0b3d291a176b5a2e4818b683819aee395d860bd566b898c2e1ba4e115886","src/backend/libc/net/syscalls.rs":"add5e53e685f9cb417e56359ee0ccbaa4b04a3769377b5b44ad728fe52e17463","src/backend/libc/net/write_sockaddr.rs":"68aa587ff61c1d3c77ce2ab905bc5765b305d545335b321ef923a4f1c50c3683","src/backend/libc/param/auxv.rs":"fdc85b7c33bcd05a16471e42eb4228c48c98c642443635ba5fc3e9a45438d6d3","src/backend/libc/param/mod.rs":"5234b8f1bcb886cca6ea003d411d75eaeebe58deedd80e3441354bf46ed85d4d","src/backend/libc/pid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/pid/syscalls.rs":"49ea679b96c0741d048e82964038f9a931bc3cf3a0b59c7db3df89629b9c49e6","src/backend/libc/pipe/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/pipe/syscalls.rs":"0bf55fdd9f4e351ec8fbd8cf895ed44f513d230ffd51929229c68d87ff2b18ab","src/backend/libc/pipe/types.rs":"ba9f7827ebbf4c2488ccd612beb59b66ced3be2e14a467660bc60aa0332be11d","src/backend/libc/prctl/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/prctl/syscalls.rs":"8a2684f444a7555098dce2b92270d81cefdae902716c6e5d59bd7b0657e8a29d","src/backend/libc/process/cpu_set.rs":"b3d36b01b53b0b6c61a20ed8a69d48eccdd90cc17f82f2926ef1e844f002d0b7","src/backend/libc/process/mod.rs":"d7dc401255bad2e55ffff365339cdc3aad306861d269ad727a817d3cd7763166","src/backend/libc/process/syscalls.rs":"b47392bd1aad96ca93ce421d8877e8b6e6da725db7bb521936ca07e4d1bec114","src/backend/libc/process/types.rs":"e8e54a21e7450157a8471571727c1c7af169ede372329c0e5d82a2e0193ba76e","src/backend/libc/process/wait.rs":"0cc556aed976b4bbb3965f74fd76b8216c755fce25043b7b21ce54afa07c9773","src/backend/libc/pty/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/pty/syscalls.rs":"c4ec64720854f3b83307f67dfc75ab911b3a0378cc2e519054aae045d181f445","src/backend/libc/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/rand/syscalls.rs":"78c7201e6bcb75e9cab9486d1878861319f865de2b2c46437be68690bd17bf13","src/backend/libc/rand/types.rs":"7d473c7ee8f19fbcec31f61b28ba6a68e1233f64f37b3b496d396c0197af63e1","src/backend/libc/system/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/system/syscalls.rs":"846dfb59afe40bbfc78e57afa76f0616d62d25da2daadcd872aea6fa32aafc3b","src/backend/libc/system/types.rs":"6871e16aee14fe2ae03cea798c3e509ffe44778a9c0e5608fd73e2e015876d7e","src/backend/libc/termios/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/termios/syscalls.rs":"a7a31994e9bea74cbcbfb66a7d66253d6aca74d8657201a483b82ee4fe5ec7fc","src/backend/libc/thread/mod.rs":"0de5f67a684b9fd7628d3009d2ea5fd51b8770e8b387eed14f59152157844287","src/backend/libc/thread/syscalls.rs":"fe4dfeb072972eac5e2a8de05d7f5c33fd2580a4ce486c5003497d717bbfd176","src/backend/libc/time/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/time/syscalls.rs":"3b0b99271d898ebe173b12fa00f8013fce69e9fa4564428b68d4867c52729597","src/backend/libc/time/types.rs":"e93f3bd1ce4b8696b44c2be6d6308300185a5cc32abc5e3e84ffd9bf6b4597f0","src/backend/libc/ugid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/ugid/syscalls.rs":"8edf91b8790add23902c9f5418da6b0723a371677f29f490e0c8af852f0f1a0c","src/backend/libc/winsock_c.rs":"3bf3884fd250eca806ffdf96da68e29c133a697810b78b333ea449e523e58562","src/backend/linux_raw/arch/asm/aarch64.rs":"67011427b3cecd29ee716113d952e70d63574c96d1d3ea3c75d46250bde9ca44","src/backend/linux_raw/arch/asm/arm.rs":"7760d51aef17a69a797eb96fd61f7fade0d55bc87ec9a3e77fa6bb6aebaecdbb","src/backend/linux_raw/arch/asm/mips.rs":"d00c84cfdb4e37bdee9a2daa0a7b3298afbb4ebe288702203cb43d9c2617012d","src/backend/linux_raw/arch/asm/mips32r6.rs":"6c2661361ba0ac5caa8458f502c6cca266ce59a43ab552b7882c07cb64b9d149","src/backend/linux_raw/arch/asm/mips64.rs":"ab5455c9b2511ba6b67a66873cd8b53bf77471249fd2779d6437ebb4934087b5","src/backend/linux_raw/arch/asm/mips64r6.rs":"a67262dc9cbd583ecfff93953726dabfd6574714d4646aff27582ff034a28cb9","src/backend/linux_raw/arch/asm/mod.rs":"1ac43073fc3d28879ab46d9220344785db4ef761a21d0357e4fe564157e6f1a6","src/backend/linux_raw/arch/asm/powerpc64.rs":"dcd12314184441f5f7705bea6b829103c7abc9062db366ae5584023a38252a36","src/backend/linux_raw/arch/asm/riscv64.rs":"58a58203e9cac2ed21e4a7b26692c5d56d3c2bcddb3f60a648efd18a02129f3c","src/backend/linux_raw/arch/asm/thumb.rs":"82b88c9a3b6837f28a738cc760fc2403e7014abdb2c35d2bdbc8073235ae2863","src/backend/linux_raw/arch/asm/x86.rs":"bfe81e7c527cdbcc98e4ec10c96f64ce543bb4d7ebdeb5ab020794f09e75545d","src/backend/linux_raw/arch/asm/x86_64.rs":"7c893ca306b3b8a5980c525dc5fa23187a0526bc9f7ac637204d88a1d596df5d","src/backend/linux_raw/arch/mod.rs":"31b3753c763ce3d2dd92db926123fc5eb6e0ba66a09f5574b6ebb11c836dcf6b","src/backend/linux_raw/c.rs":"389243294a968dbd3ca3b4e60ea6323c76ef4b963d0b2a360956d9c9c167c7a5","src/backend/linux_raw/conv.rs":"027816a35e624a90b141ce3f84e8634f9626f9da41130a0f777a60484776318e","src/backend/linux_raw/elf.rs":"ff5017040b29a8cf8d5077a0c73943bfa5e3862eaab37ee1c3b08a1122968bbe","src/backend/linux_raw/event/epoll.rs":"6c27660b015889140ad11657ad08dc32dd52fbc6b0d0a6571885792040e19156","src/backend/linux_raw/event/mod.rs":"72e46b04637e2d1d2a6b97af616144995399e489d1fe916faf835d72fc8c64cd","src/backend/linux_raw/event/poll_fd.rs":"8495da1687b15f7880a576ac8d197c941627a53874f0823467a3e4e3ad5640f2","src/backend/linux_raw/event/syscalls.rs":"f996db9f1f9f2b9bdaf33ef3a80a63ab9b1a65ae956700fd88d355e046ce2890","src/backend/linux_raw/event/types.rs":"4edf9c7c399c91f359bc2370a407fa5ab537a84eed26c593ce5bf6dd82c6c6a0","src/backend/linux_raw/fs/dir.rs":"d871468c08ea22868f308ce53feb1dbab8740d577441a4f3aadd358baa843d27","src/backend/linux_raw/fs/inotify.rs":"c05e201e4f562256388c933cd3f24a3c3a578bd19513284856bb3eb1218906c0","src/backend/linux_raw/fs/makedev.rs":"c6b4505c4bcbbc2460e80f3097eb15e2c8ef38d6c6e7abd78e39c53c372139e2","src/backend/linux_raw/fs/mod.rs":"e22bf30f312f6a05f1e79f7834c33a3c9821514da05fa4786fc31867203a4c74","src/backend/linux_raw/fs/syscalls.rs":"8d8639d24f1d42abbbee6f1d9db77d1c2f49867d9eac52f3f93331b9a2389445","src/backend/linux_raw/fs/types.rs":"3cf024ce2515c151a25ea25f19a21fb61b0deac58f88db841f88b2938fd07034","src/backend/linux_raw/io/errno.rs":"8d6a8d702ddec05c0ec5b518b9c4d6c9b54d390ea9b362e60f2032284c40b112","src/backend/linux_raw/io/mod.rs":"7ae2324427892cca6f5ab53858d847b165f790a72ec25f3d99fb15f0506c9f27","src/backend/linux_raw/io/syscalls.rs":"b079441386e5eb835b258871ae813dcd39fd8aeef4fc96bee187a45b0544bda7","src/backend/linux_raw/io/types.rs":"59d031dd1e769ecbaedaaa3ffc513a7f7154fc48abbb46023166fa38a46f0c61","src/backend/linux_raw/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/io_uring/syscalls.rs":"b87fa95c16b2d3ca8fd5d72368bda37b8b8ddbb19df3a884efc6eeec393c86d1","src/backend/linux_raw/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mm/syscalls.rs":"369abe984aa972d8083fee20d764a8d57df242c66f897066367416f2fcc832a3","src/backend/linux_raw/mm/types.rs":"74dd9772c7208d6ad2d3830277eb1f67d5b2392553be23c8a64181c21ca1dc37","src/backend/linux_raw/mod.rs":"eb94a0ff0f7dad9e114d19bcd9bf5b320b9e8570ce74277756aaf038c815e23f","src/backend/linux_raw/mount/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mount/syscalls.rs":"3947261b5d46b9737f02dc5352c3a3a35c63c461fd75bcd8ae6619dfc0bfb54d","src/backend/linux_raw/mount/types.rs":"4241f270fc362834dd2cee3eb360e5b5d2bb0300eb07f0ca1bc81363e501c65c","src/backend/linux_raw/net/addr.rs":"fa6c4ea03ed465188bdb2113a9815549084b501c35654b46a00de226c7ea5463","src/backend/linux_raw/net/mod.rs":"bc9c9c4a8c06b1fb8c57555261176dfb1f3e858a1d89cd2f88e1f31fc126c001","src/backend/linux_raw/net/msghdr.rs":"6c0e1dfc0c9f79e69d3a645f0b4228bf6b29fed920af5f1efa6bbacd0a681c51","src/backend/linux_raw/net/read_sockaddr.rs":"24075ac4c05fab5fe44aae4445cdd12ec7e474f047150baa9b768741d6b9693d","src/backend/linux_raw/net/send_recv.rs":"aa5107094a1e5c6ce57bc2956d0ac63f24a7e61270f61ab2a353f9c832da0e4e","src/backend/linux_raw/net/syscalls.rs":"76c162e5cfa81621b1c2689695efd72066633fa7deedf83b71c255f0c4b176f7","src/backend/linux_raw/net/write_sockaddr.rs":"69ee7d6f754126f9399250d51bcdb306ab6a9ae816bc8fe21d0a9cabd49052ef","src/backend/linux_raw/param/auxv.rs":"890976e7ba6ff456326e3e325b9594b75ee4173bcd7eadc7929ff1b65520b118","src/backend/linux_raw/param/libc_auxv.rs":"16e8ffc7eab03c4aade2bb01908731ce15526041ae5e1767315b90c9f64eaa2a","src/backend/linux_raw/param/mod.rs":"db21fc1b0ea5568b8649890fa38a878bfcdcf7398f6cf1640176b37bcc6ce990","src/backend/linux_raw/param/mustang_auxv.rs":"0adbb54a06b8c7b2df17462d98e1fe72bec02e4e577313add0cb7363262f0d6b","src/backend/linux_raw/pid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/pid/syscalls.rs":"ce3ca4c72096479340364d16f09918e192ffd3a0436a26eb61aad7e7dac3cdcd","src/backend/linux_raw/pipe/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/pipe/syscalls.rs":"ec53a8b3ac23fc3fc2983615e34a210077947dbdf9b6a55477844fdae7e6b306","src/backend/linux_raw/pipe/types.rs":"73db762965df510bf3c908f906acf3a6df182d98d4ba1ebe45a52a4b51751e7e","src/backend/linux_raw/prctl/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/prctl/syscalls.rs":"01aa9cd77341dcd1efab9f3ac28447d0fbc41ed44d65e52301b347fdd1627e50","src/backend/linux_raw/process/cpu_set.rs":"dfdcbdf35aff6a3e08e7d38193bf18c12ca8aa64eb0dc417667be82dcc0f7c55","src/backend/linux_raw/process/mod.rs":"fb393c70a9c63ef9a6bf1fb5a2dc94f07d6b0b6987cc5231c15c607015dafd68","src/backend/linux_raw/process/syscalls.rs":"06313394d332fe385ce2053ae2980cb939665c1d091867d131adf18bd9e7a5dc","src/backend/linux_raw/process/types.rs":"d66049cfbdb27e31586f0ff2e53b6adbe0ebb296a876372e9d0d805d10ac5f51","src/backend/linux_raw/process/wait.rs":"921aee4b0048746087f52615a98edc2aa0fb4b53d6df44be4533098df55d1b05","src/backend/linux_raw/pty/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/pty/syscalls.rs":"8e0c6bb4a488440b39e5df9aa343bdffa6b28a0213246bc699f8b9676a170fa5","src/backend/linux_raw/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/rand/syscalls.rs":"fb401466368de62ec4ff76bc230f9246623b003fe7452912e1365f443d3eeeb3","src/backend/linux_raw/rand/types.rs":"787a59629343688cac0fdabd1b7552b400b9188073a1e0394eacc6e0997e1bfe","src/backend/linux_raw/reg.rs":"39b6234971122d247054bda8c2dc3b44493be30482635baa9e2fcbe048e78cbd","src/backend/linux_raw/runtime/mod.rs":"b2cae8cce3822c3c92942f06ea0b68464040dcac33c6f0f7ee392c6269993347","src/backend/linux_raw/runtime/syscalls.rs":"21497bfe3d0f82de278f07bf53a11a04ffaa595b4ff1af92627940ff2029b8fc","src/backend/linux_raw/runtime/tls.rs":"2b8fc61a33ca9b47f854afbb8e3f8b20f9f9416b8884aefe46388c8173c8ae47","src/backend/linux_raw/system/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/system/syscalls.rs":"a9bec6662f122b1ec310d417bd9ddc16df13b50de6526d2170aa4d72292c2b14","src/backend/linux_raw/system/types.rs":"1ceab8d738a71043473b26e97fa3fd79d588a86d4774cbc9b9e1d4f1447a016e","src/backend/linux_raw/termios/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/termios/syscalls.rs":"6c85a0cb459ad473f60ab640e3813b65a8e943bc4a86e09d9db6021cb8b0e2cb","src/backend/linux_raw/thread/futex.rs":"3a130db9f6176dc95fdc14ce61a6bcdcc2c28e82a29ddae3e05f347a189fdd14","src/backend/linux_raw/thread/mod.rs":"f7132a68c9db1b4a796781b9e8d0ac268a1ddb713e510bfd43425564ec9b39c4","src/backend/linux_raw/thread/syscalls.rs":"5845d1c0a3548f87a114493c345e18dc32875bd7d35a6abcf1241ced9b024c09","src/backend/linux_raw/time/mod.rs":"672724f55b7b7be6a7452bb1cc2d28b5f0aaa840a2856fe363acce624e1beefc","src/backend/linux_raw/time/syscalls.rs":"a7870ef9daaf3fb2ac50f853df6dbcd935a3b2d70e720b80184208f602a918e6","src/backend/linux_raw/time/types.rs":"50d84ee6288f06bf4b526781c84e7252f3c09ecdb0626856d94a1a61c2e2c579","src/backend/linux_raw/ugid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/ugid/syscalls.rs":"844b2bed42b9a3c06845dbae1d020bbab5757d23ea3ad7a440e3cd87ff993f72","src/backend/linux_raw/vdso.rs":"a5abab80f023088162fd81dc306b6bd86bd61b2018a191b384f57facb1d48d0a","src/backend/linux_raw/vdso_wrappers.rs":"7b5711e13d0d7112d57876014b932adfca13c0e1260150dd5f43152170366e82","src/bitcast.rs":"fe6bdc7fc31fa3b360c44a841c9a0f143629172729c6aaeae76841c74c122ff3","src/check_types.rs":"fe4fc1a0930a25037dac954e7843a4d4c321dd7d1acb25916cdc9cfd4b37974b","src/clockid.rs":"1d2e1cfcf23160b55d6b046d235edf2eb2408f072a8bdef3e3a3871885abdd5a","src/cstr.rs":"9e3fcd57d6af382a9a4f24b97a29eeb05a3ccd5c8fefd666884f6e4438b3c4a3","src/event/eventfd.rs":"81cbd08f7bdf40a6ce1ca692b63da1dc8ba925282990668d9d68f1203e839fa1","src/event/kqueue.rs":"b267ca1badc43d977e2c5435092f161caab50ea04e258772dbebe1f02f3f5966","src/event/mod.rs":"7f4f01e43444c5a1f97af5955fab7e0e1ba20e0f53adc86aecbd501d2db4a745","src/event/poll.rs":"0ee583dbd457a573a82a06c04a2a24bd2c76e751d27a435507d55338e2871327","src/event/port.rs":"da588ff0f694bb1f99e288708bfc07353bd1274020c13dce30df5d7f3b42b0f3","src/ffi.rs":"0c6b9a6f20ffb31a827412c0381c6fff09e68265f29d94c5470940e22c5334a2","src/fs/abs.rs":"1bd62a3aa971468ca7a51a3fbbb59188852b7bc099b55dcb8ce2b1344db5f877","src/fs/at.rs":"d5bd107c89c16d3ead53d6281973e188497c9e35a49c5f2ad89916552071e05f","src/fs/constants.rs":"24076a01f8bfc126b0905e9bc0521d2c3a3abc6c3b8c86ddb1e545070d097127","src/fs/copy_file_range.rs":"d3b644374390d482b2ff749a2459458872b57d0dcf9670368739b7833509a7c2","src/fs/cwd.rs":"9f429a79ace6e17455634da09216ee0ad3d067a4541518b3193ae6a8d9ff1e26","src/fs/dir.rs":"347a52f4ca9ac6321c52e802e97ec90d1b4c62ec955c8996fc17f8f5aed69966","src/fs/fadvise.rs":"beef66ebe1310fb92628240b2cde68f744c78e50f6ff61bb1404bd4868d9cae8","src/fs/fcntl.rs":"2085102d05d0ba963e100ab3e3f19dac4ff27d142fbf798626d20a2a596ba96d","src/fs/fcntl_apple.rs":"e2f23f038083621bcdecc98d02ce1023508afaecdb2ed0fba5c8b70f955301e5","src/fs/fcopyfile.rs":"ec95929cbbe02cf49233a785e5238931bb107b7903cc5bc95e4231de960995f2","src/fs/fd.rs":"6b64b27b4727e00ae1a44cf04f9627326679ecc2d7ea274195e1204aa60c2d50","src/fs/file_type.rs":"fefd865f91011f66126213b0994773d99e373b468c31e866002228c98c64ad85","src/fs/getpath.rs":"28f6970fc1bbc37bb35c84724b59eac436ea7407a4522e18c2bdacb1fdd2edd9","src/fs/id.rs":"1b5c8a8baf9a9bb1f895f97189cea4e5982a0d35b192afeec6340a6c6222e0cb","src/fs/ioctl.rs":"1b222e725402d775813877b73f40f8ac2b513439485d326fbd49e3f4ebedce3b","src/fs/makedev.rs":"85520b484cb7c15ab71ea1c368578ea3b7e484d82f8510db92b6ce9f7ca341ae","src/fs/memfd_create.rs":"15a8f28e040cffd8c24c7903483440f88853b2e538ad48d80f3c00b4b2befdea","src/fs/mod.rs":"8a3ab65aa3fa9a66ea55ef1ec3db72cab938b2b0deb4e079dd6efd737f91d480","src/fs/mount.rs":"c96cacbe65aff4c43fc2f5be03baf2b523bda151ade1828b691de1d040d3b2e6","src/fs/openat2.rs":"4a95c15dab533a41201b5fa25c8a212956b7571d58cad696bdaf45af8aef96db","src/fs/raw_dir.rs":"8cb30e31905f90c09c147f828dd9975da3ea1aab6e410642e04d206a8860b302","src/fs/seek_from.rs":"d7616a45e8a449df28b075ddded4d7c95d6c4575d6fe0cf0ca7b6625e9dc7eeb","src/fs/sendfile.rs":"e3b2058741cf4b1698f34d84bb37130cf2b72806d522a16fe541e832cde136cb","src/fs/statx.rs":"239d447477f8ac368c8ddf9975c71509c47881f647f59cd941ac07954d8a77f9","src/fs/sync.rs":"a3b23543834281f347b0f873bd38154d31d404871188ac08f2b20b9196234cfd","src/fs/xattr.rs":"1d4d7f144716ac8fcae6b728ea23d27db8d3d1d7d2ec3dc31a1dea8e9d6a7eff","src/io/close.rs":"0aa3cd05a8fed8e5244f97b8b6c2e7f65ed93a4e5435c6329852bb3da7514440","src/io/dup.rs":"a8a59c5d345dc54c57ded890720c33eb78c4d53917c71e8bb6317f7ed122cb87","src/io/errno.rs":"777976d6f0e73cc7d7f2a94954e5900683cfcea330664b7192ed5db3ebbd493e","src/io/fcntl.rs":"c0f7bd7fce1119b0c1d0085b7ab77d5df02470ae3e06035428a2452dacbec296","src/io/ioctl.rs":"69d85054f32523c9b88b9bbee536d3299cfddba0e08f608d950e8a7cc4464e07","src/io/is_read_write.rs":"1bfb9ee5d58e0b29b44af12fe2668c7bccc841358698dcde47f1519ff9bb73b4","src/io/mod.rs":"75f1d0646be1d4c7c08b5887d8119b0103be8c25c43ccd4e0e97015508c0bb8f","src/io/read_write.rs":"54ba528b11601af1338bb0c71a41b256a0033076d30b3946c3fd0bdfa61dd021","src/io_uring.rs":"7093958a57bdaadd75f1800f07e359fd97c6f99c3fa01d263b4b1e57d44b2c4f","src/lib.rs":"2af15f86a2250abd5ef582bd6feedd45ec6740573a0518ae9422f5fb1f2d8a23","src/maybe_polyfill/no_std/io/mod.rs":"77889bb5c5a4f2e50e38379cdaa5d0fef4b0cafc3da056735df01f6deae75747","src/maybe_polyfill/no_std/mod.rs":"d4d98cf838b65dc3ceb0f6d4a950d9348695c3084448bd844e47b909960bbb47","src/maybe_polyfill/no_std/net/ip_addr.rs":"080dd17c44b395b46b0d9e70da76f376540f92ece65f79e3d242c0a272d3b451","src/maybe_polyfill/no_std/net/mod.rs":"b0ee611c454679226a15bf647e7779995f3fe9c8e0507930a0d0613eb414b7c2","src/maybe_polyfill/no_std/net/socket_addr.rs":"bfeb32d32c176cde76323abcffebfc47e9898fb8d7ce3668c602dc8451086a2d","src/maybe_polyfill/no_std/os/fd/mod.rs":"d9dfe2a2c25be727847bcdfe6f4898685af2521850298178ca8d46a8e2ceee88","src/maybe_polyfill/no_std/os/fd/owned.rs":"4ce3234f8ab2cc8a7b749531336f4f6b6297eff0e20a01190be2c10409a0c066","src/maybe_polyfill/no_std/os/fd/raw.rs":"9cedb353580b932879ddc4dee9936212fefb6d42530dc5cec519a0779d5dee33","src/maybe_polyfill/no_std/os/mod.rs":"27dab639a765827644005d5f2fcc7c825310606b889cc8dd83f54c9528350dc0","src/maybe_polyfill/no_std/os/windows/io/mod.rs":"5bbcc05c83fee5026dd744a994e0458469466d5be39081baa62df07753b92fd2","src/maybe_polyfill/no_std/os/windows/io/raw.rs":"4c32609a489dd938a49328b5637cb3bafb96437f2f9f269ab66d7d3cb90247f6","src/maybe_polyfill/no_std/os/windows/io/socket.rs":"c658f42f24eff44a661f2adfd24a11af80fe9897f3e2af4dc5d2c64808308d65","src/maybe_polyfill/no_std/os/windows/mod.rs":"fdb416f8f231a4e778b5f985b9ae712ece5e1a1402963ad1a5f6a8b9843795f4","src/maybe_polyfill/std/mod.rs":"dd6e219564e224fa7cc9fdab2e45935f13ad062da53d0b6d259a695c7aec1847","src/mm/madvise.rs":"3c262b3713a73fafcedf1b04bb12c048bb11d47ca43c959e5dfa48c27651f4f0","src/mm/mmap.rs":"fc32e308a24c6f351d74306943d67a68093a0b6555b4bdf6cd755bf43795f406","src/mm/mod.rs":"b3a6cb838986d45825b912355cedead761211a494ca6f89b2367a2d2157e340e","src/mm/msync.rs":"9dcfe5f54235e9314a595edb8d548ac79d222bbcc58bb3263cf7e96d603b23ad","src/mm/userfaultfd.rs":"8073443bd181ff0b3ba4d0b1ae67370b4864035a0c8b4898cd709dc47c518ae7","src/mount/fsopen.rs":"160e384e9175fd98669cda1cf3590bb195c2ba7e1c724e9ea06e692595e58ba1","src/mount/mod.rs":"5f0c9df4727592695deb1cd63ae1de021b03dcd9d0d1b68e1f34d12a7136cb19","src/mount/mount_unmount.rs":"8ad11675e5d762d33fbefbed06a6a9f9e52a9b689bd06662446152614321ab77","src/mount/types.rs":"601ae3e10b7dc496fed7f3b40a80e81c6edd7bf13189d7be45c3212d4c684c39","src/net/mod.rs":"a6bc55f9e086caf46a7c00783498d73a328a66f2a991f1ec65d5f13931377b0f","src/net/send_recv/mod.rs":"f33e39c7b228cd8109823b0a0a1aa397cddad504d49e69b36f74c5b84e5070e5","src/net/send_recv/msg.rs":"f4854380a7ead4696f427409836d6fc9edd916e38248a350c6208e655b0663a7","src/net/socket.rs":"6bb087ab208a1e06d535fa11e2aa4a9f96da6e73b697fca93e2a3c89178c4434","src/net/socket_addr_any.rs":"d07f9e9ef8873aa5bfd85f669952299286ef6f2cc5b9fea383856432e61b850f","src/net/socketpair.rs":"56f4885c31d2664cd16e18a9a88792a4912fedd953cec36dba67e8581fd57921","src/net/sockopt.rs":"b72ffea1f6e3efd315e7d72fceefc5071d7e6a9c14c999755fd15ad0ae466ddd","src/net/types.rs":"61c0e5aaf636734832018dc80541772741e6c8447befcc1d6e1bdbe4815cd70c","src/net/wsa.rs":"6e546b42f50a851fc833c57cda76cfb347203ed4b0dea574a3d325bf5a2ebf80","src/param/auxv.rs":"988872f9bec2e12f35765ae8963cbb9535d4acaedd4c9a4d07ced6feb70e0aaa","src/param/init.rs":"671d8974f0d9b82e79076d1f4deabe0273a874a329f74b8aad26e07b86791ba3","src/param/mod.rs":"53ee190cf5266a2e057af9412acc50359369470a04dbfe2e6e92a90de15aff57","src/path/arg.rs":"4a4bf9b59334900b51ac250365b2a1838670f83a6df9c9c3f6a35bd7d4784170","src/path/dec_int.rs":"fad9793b89eac526953b994cbed6b614f01c25108f9763e19fb98029feda93a4","src/path/mod.rs":"6b1b949c94bcc47e0f08a3f8e8db5b61ff497d0dfd3e0655f51c01d3e4b7dfd6","src/pid.rs":"2ef7ac7944d8a2e4c1e764d78c5b7e223704243b78c3c15348e9ea0fe1638117","src/pipe.rs":"e57b6f40af317e07d49f0a5ca98016cd358d8de2989be9a04775b6937ab05fb2","src/prctl.rs":"a1c85a401538d614f5539871f9a03f9a345b24cfbc845e953deb9f8b96986e2a","src/process/chdir.rs":"9d0397bc91bad5bf1c0afec5b3e6dd9cb7de6e54c3d0b760b33a4996a4cb1b25","src/process/chroot.rs":"2b5f6124eb19f26ad2705174f7ad50cdc0a5d15abd59ffcf55421228d82130b4","src/process/exit.rs":"98d55e9a419737cd88327d8eb484b892e2a12706e5dd05e5e43552af8b6a806a","src/process/id.rs":"402475cba98cc7e724943bfd218862f76c08b8d200a7b38bb5067bba2a837ef1","src/process/ioctl.rs":"6b9527094ad3617057e95268d515bce032656642e7ee55fcc686e4a9cbf01499","src/process/kill.rs":"7b879e5cff8a064acd0e7488f4e21bd4e4a8506ce380688b72cc48d283ff9c89","src/process/membarrier.rs":"77b1080dc50cf0bf48959bd2388c519f0b73ac231cc329be43f04525217b7e94","src/process/mod.rs":"21e5e4f55e81c447d76970442473678f6345d12a61b3227caf09460cfb82e0e4","src/process/pidfd.rs":"948b88cd986c17074fc895f277eec49066a52ab461fa341b7119ce648b28fcb6","src/process/pidfd_getfd.rs":"14aab7cc5578ca4753a7a42dcc8b4ea03748564b542675a50bae8e128348b23e","src/process/prctl.rs":"3f949bbc03c00cb68fab7db8c1bda71741f8d9439b9e25a8521d7cbb0693491d","src/process/priority.rs":"f135482e71ea8aa0daf92b9f238051178a4c904070fa8409622f94155df3c544","src/process/procctl.rs":"7668f8302515316cc70addfe8da4af47ea8872d4acacd72d1c87c0ecb627e8e9","src/process/rlimit.rs":"10b79de3ced0e64059a94c879742d46a35a6176c776d8eed75031d5e6340283d","src/process/sched.rs":"7c3bfc5be624e7d7f5e043c3ee0b0566fcab3d684d61c272e7b4233410ab1c42","src/process/sched_yield.rs":"6565faa3928b66ddc74a65e893e15edfa4b9be4f7e5f5f68527501a7f6bc3350","src/process/umask.rs":"1a0f31a842303c978e3f05ec191e2b5e96104c09c6596473b42b1fac34898a50","src/process/wait.rs":"5bceb8b2d6144aadc203ed3d7dd24536e0ad4bbef45c3fb9369559dd9284693d","src/procfs.rs":"55d19dfe0dbff098639b7e559defddfd52bdd73a0cd7fde2e026a702c4e4b70b","src/pty.rs":"602c58dcfa248a5e7f9389851a52f99dfb0e115fc9a70f732d69b0a1d127fae5","src/rand/getrandom.rs":"15255b5c5f76cf61ac4fac8b7ac6621049f2b5d2549ec319cdd69ab1ae4d07d2","src/rand/mod.rs":"cab59332aadd9b679f5b22cbb222d48ee028af5eb9fd4a4d43922da659b895d7","src/runtime.rs":"952cea05413e3ba1fa4fdc4755bf1d0fc0c21a5c8878f2cccc6a533119c193f8","src/signal.rs":"c071b4f011deef19a679d7a832d5408a3cd68627161d6510008d6312266a2611","src/static_assertions.rs":"39986672f489949be1d6469f0c30fb7d2eaa21bdaa2702a8c150b2b150bf5535","src/stdio.rs":"a5de2d7d9c3c5a901f88b6acf4754687c958a2f3a93c7945c2b8fcb948d468af","src/system.rs":"853b3ddaa10b90226f6d9a0ef7890739ce2fbd150c362c912df6afd19664253c","src/termios/ioctl.rs":"fd1db1ee473e884eedc5858e7697d4a00b6ed7d878af85abdb76771225bd2e48","src/termios/mod.rs":"b44b7caa60b6f458657ed58a0e0eca41bb4e6d6be4b0f042bbb8ab7056cebe4b","src/termios/tc.rs":"e41312d15464b83b2457c2502fc3f3b9998cfb02ba68739026dd4285cc7130ac","src/termios/tty.rs":"a3ebab3b73db76fb5594be1bb4ec888a28a63637f8cd0211fdb1b3b645cc2ca2","src/termios/types.rs":"c30ab7e4e32ffe896b75eda882c7672b5d8b36d9d87f3a1e4bf31f213a43d0e2","src/thread/clock.rs":"469326c822dfb63405ee8537552cedde0b344978280e6645bbadd47dedc71e18","src/thread/futex.rs":"4e78c84589b535ca9ca633633696ef212393a98f2890b181acaa8f908fbc5ae2","src/thread/id.rs":"f25a6dbcff0e0e7a429ce5e8406afcba3b74f10ad3065c015f8e728fd6880e53","src/thread/libcap.rs":"ee1f320d860a3decbec8052897d9e9484591e4b0b64b3b5b419f4d43d144422e","src/thread/mod.rs":"6fc33eb022c4ab7f950dfb4fae6ab70b1acbcdbeacd909ae1848e7e54076c310","src/thread/prctl.rs":"f6da23203fc2087cd3b36b910901cd6cd86d5ac6f2fcb09feb1270d6c486a1a7","src/thread/setns.rs":"ba37cbedcd5b6ef1e09422fbb8caa9fd94e25ebf6930fc7ccc778944cd078cb3","src/time/clock.rs":"e59a29f1bed8c31c3d5b6fad60f2d4fa6cab8dd8e86148bb3693a5e3a1ce735f","src/time/mod.rs":"43afee938c80d124d04d4ba190c03f4d21d1e3bfc154fff309211e4f6eabe940","src/time/timerfd.rs":"f17092b84553741aa2d2b44c6992b5d2c8c96cc2c2007fc9a2c6b2064485e53f","src/timespec.rs":"79c7af1bfb12b56fd482b778dd783d82c6f3233b26bb11ae3dceb454036b1da7","src/ugid.rs":"6616c6e35b7e43aee5b150f1efae7a50711e0947943c9a96833dbe214ad9e85f","src/utils.rs":"337626dd40ebae8cf0cac74dd9efc6974f30522bea305fe99799a9848950771e","src/weak.rs":"22070a3fa6e526d851bac81c551aa5cb4f9e609687075999c6d50973eeec3a98"},"package":"172891ebdceb05aa0005f533a6cbfca599ddd7d966f6f5d4d9b2e70478e70399"}
+\ No newline at end of file
++{"files":{"CODE_OF_CONDUCT.md":"f210602311e3f74b32f46237fd55f4ce36d798e85e3db1432ec667f63a7ffc44","CONTRIBUTING.md":"fb570c76cf924cd75b77bed52b0dbe1e87ce224dc3428c48d98301710dcc331e","COPYRIGHT":"377c2e7c53250cc5905c0b0532d35973392af16ffb9596a41d99d202cf3617c9","Cargo.toml":"387413b757ba2a7cb28ec2949f05ff8c31f49690389724bb2b7e4d1b008b8ffe","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-Apache-2.0_WITH_LLVM-exception":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","ORG_CODE_OF_CONDUCT.md":"a62b69bf86e605ee1bcbb2f0a12ba79e4cebb6983a7b6491949750aecc4f2178","README.md":"20e6d4bc5a33c81e9a4a04abe8ac611658deb4ab0794cd792f0568f287b68da7","SECURITY.md":"4d75afb09dd28eb5982e3a1f768ee398d90204669ceef3240a16b31dcf04148a","benches/mod.rs":"7abf49bced798168a4f57916654305a6c5d048d12e0ad43d30ab14f24b5e527a","build.rs":"36956bd7e6b5a2d5e66e9a91eae41d76bd75b4a25d5427dc22ad48307ef25cc1","src/backend/libc/c.rs":"63b26c669135e7717ed1ff579ace2b238e815164b96a78be031b732645a271d9","src/backend/libc/conv.rs":"71cb0f653fa95705bcea2173840b78dd02f94735db970f8081231320e0478cb9","src/backend/libc/event/epoll.rs":"598e246866f46834f57d5385439d4c40654f899d3b9f252b6f72eeb18628d661","src/backend/libc/event/mod.rs":"7f8547c599b8263eb791890bbe4a0b22fe2676d007ffdcc3e07b2e48d1c994db","src/backend/libc/event/poll_fd.rs":"d342bb16fd8a7ea695e7264c76d8c1d00ab2182ff70ed57a98c25afe9aa16819","src/backend/libc/event/syscalls.rs":"3be2f52fcabad16cf4d554f56d70fb47ac9dee61feabb3d883e701d53745017d","src/backend/libc/event/types.rs":"f258bd98a4095b7b278bb267e572b5e599d727a83f42a0508231ac6a396bb795","src/backend/libc/event/windows_syscalls.rs":"ebfac665c6676c4b803134ab8806be8aa2e96bdbc7799a19c544cd9069b35787","src/backend/libc/fs/dir.rs":"65fc67db2d0bc589f56a14fcb938f8f4be4e7b074bf4555c66172bd0cc8d4bc4","src/backend/libc/fs/inotify.rs":"4e0e1f31ed6a53cbc56119bb974a464acd9c7797d2699a29cb399311ce49323d","src/backend/libc/fs/makedev.rs":"797e7e31dd363b8f649f370424e23a210be4536b580a78cb0f4c5d375da0aab0","src/backend/libc/fs/mod.rs":"5fa5a19401054cbf8d339192508aa7ad60fb2b0543256dbfbda128c05dedf645","src/backend/libc/fs/syscalls.rs":"1657b2a1f385ca96787648b89cd777657baeeacd96c4f752260b7a97c1fff1a1","src/backend/libc/fs/types.rs":"39a6c7ca6e755a050efe167b9cfd7146898f18ac5b1b40878107f5a9378b2d17","src/backend/libc/io/errno.rs":"01783934c204b775c12a4da055405ab543f63e5b127b55e305efc47708c7f679","src/backend/libc/io/mod.rs":"746647bd864e4ec7717925b6d176cebdb392b7d015070244cc48d92780351dd6","src/backend/libc/io/syscalls.rs":"fd71e78eef9f2ae247fb7d5c92c54d4c32161784dc258848db458f89023faf41","src/backend/libc/io/types.rs":"2248c2ba2c4b6ecbbb9f6c8dc2814734e8cd05e664c2aab409a243e034ff338b","src/backend/libc/io/windows_syscalls.rs":"73d3e609d30dfbb1a032f3ac667b3c65cb8a05a1d54c90bbb253021c85fd496a","src/backend/libc/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/io_uring/syscalls.rs":"5af8146d5971c833e6fd657f652c618b31f854e1b0811864fba9b658cb633e19","src/backend/libc/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mm/syscalls.rs":"858e5bb3bc850b6a2d5ce69b3c8e40ab7cf75d392fe3a022119e5edd0c538db5","src/backend/libc/mm/types.rs":"db3b5af83e07a68eaa7f70e04871e818acd5542c135e92b4a38af555e076540e","src/backend/libc/mod.rs":"e572b4461d4fe9a399b5db9c8395d6559ffe69586c76506d53d5d7fb37bb87cf","src/backend/libc/mount/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mount/syscalls.rs":"1bc87501a078616d0190d2e85de55f3f968b8cb79d49bd9eb839a350eed26089","src/backend/libc/mount/types.rs":"6744dc82723d2e08af1d69b7421642bc1b687d89f9116643df9d2e7a9b1d1c39","src/backend/libc/net/addr.rs":"72f504c3a97eaa49d3013db30b55c5c8f711a097b98023ffcbb527d04cf0a014","src/backend/libc/net/ext.rs":"d1274fd3ab84bbb8b73f45efe6dbd63f82b09d889a6b2aae07f15970dbb6c6c2","src/backend/libc/net/mod.rs":"605b818c6f4c536c96e052d9b843eeca79dccd1d3cf1c8b87e60c8539b8122b4","src/backend/libc/net/msghdr.rs":"67f7ed2c41e843bf2c00c9fef4280af24cf2e897c3b31e0a916415237c8f88e4","src/backend/libc/net/read_sockaddr.rs":"62b8a444cb9a0a9031d462f96f401db14b851551dd3dc58eec06570d7fec06c2","src/backend/libc/net/send_recv.rs":"eb8b0b3d291a176b5a2e4818b683819aee395d860bd566b898c2e1ba4e115886","src/backend/libc/net/syscalls.rs":"add5e53e685f9cb417e56359ee0ccbaa4b04a3769377b5b44ad728fe52e17463","src/backend/libc/net/write_sockaddr.rs":"68aa587ff61c1d3c77ce2ab905bc5765b305d545335b321ef923a4f1c50c3683","src/backend/libc/param/auxv.rs":"fdc85b7c33bcd05a16471e42eb4228c48c98c642443635ba5fc3e9a45438d6d3","src/backend/libc/param/mod.rs":"5234b8f1bcb886cca6ea003d411d75eaeebe58deedd80e3441354bf46ed85d4d","src/backend/libc/pid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/pid/syscalls.rs":"49ea679b96c0741d048e82964038f9a931bc3cf3a0b59c7db3df89629b9c49e6","src/backend/libc/pipe/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/pipe/syscalls.rs":"0bf55fdd9f4e351ec8fbd8cf895ed44f513d230ffd51929229c68d87ff2b18ab","src/backend/libc/pipe/types.rs":"ba9f7827ebbf4c2488ccd612beb59b66ced3be2e14a467660bc60aa0332be11d","src/backend/libc/prctl/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/prctl/syscalls.rs":"8a2684f444a7555098dce2b92270d81cefdae902716c6e5d59bd7b0657e8a29d","src/backend/libc/process/cpu_set.rs":"b3d36b01b53b0b6c61a20ed8a69d48eccdd90cc17f82f2926ef1e844f002d0b7","src/backend/libc/process/mod.rs":"d7dc401255bad2e55ffff365339cdc3aad306861d269ad727a817d3cd7763166","src/backend/libc/process/syscalls.rs":"b47392bd1aad96ca93ce421d8877e8b6e6da725db7bb521936ca07e4d1bec114","src/backend/libc/process/types.rs":"e8e54a21e7450157a8471571727c1c7af169ede372329c0e5d82a2e0193ba76e","src/backend/libc/process/wait.rs":"0cc556aed976b4bbb3965f74fd76b8216c755fce25043b7b21ce54afa07c9773","src/backend/libc/pty/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/pty/syscalls.rs":"c4ec64720854f3b83307f67dfc75ab911b3a0378cc2e519054aae045d181f445","src/backend/libc/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/rand/syscalls.rs":"78c7201e6bcb75e9cab9486d1878861319f865de2b2c46437be68690bd17bf13","src/backend/libc/rand/types.rs":"7d473c7ee8f19fbcec31f61b28ba6a68e1233f64f37b3b496d396c0197af63e1","src/backend/libc/system/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/system/syscalls.rs":"846dfb59afe40bbfc78e57afa76f0616d62d25da2daadcd872aea6fa32aafc3b","src/backend/libc/system/types.rs":"6871e16aee14fe2ae03cea798c3e509ffe44778a9c0e5608fd73e2e015876d7e","src/backend/libc/termios/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/termios/syscalls.rs":"a7a31994e9bea74cbcbfb66a7d66253d6aca74d8657201a483b82ee4fe5ec7fc","src/backend/libc/thread/mod.rs":"0de5f67a684b9fd7628d3009d2ea5fd51b8770e8b387eed14f59152157844287","src/backend/libc/thread/syscalls.rs":"fe4dfeb072972eac5e2a8de05d7f5c33fd2580a4ce486c5003497d717bbfd176","src/backend/libc/time/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/time/syscalls.rs":"3b0b99271d898ebe173b12fa00f8013fce69e9fa4564428b68d4867c52729597","src/backend/libc/time/types.rs":"e93f3bd1ce4b8696b44c2be6d6308300185a5cc32abc5e3e84ffd9bf6b4597f0","src/backend/libc/ugid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/ugid/syscalls.rs":"8edf91b8790add23902c9f5418da6b0723a371677f29f490e0c8af852f0f1a0c","src/backend/libc/winsock_c.rs":"3bf3884fd250eca806ffdf96da68e29c133a697810b78b333ea449e523e58562","src/backend/linux_raw/arch/asm/aarch64.rs":"67011427b3cecd29ee716113d952e70d63574c96d1d3ea3c75d46250bde9ca44","src/backend/linux_raw/arch/asm/arm.rs":"7760d51aef17a69a797eb96fd61f7fade0d55bc87ec9a3e77fa6bb6aebaecdbb","src/backend/linux_raw/arch/asm/mips.rs":"d00c84cfdb4e37bdee9a2daa0a7b3298afbb4ebe288702203cb43d9c2617012d","src/backend/linux_raw/arch/asm/mips32r6.rs":"6c2661361ba0ac5caa8458f502c6cca266ce59a43ab552b7882c07cb64b9d149","src/backend/linux_raw/arch/asm/mips64.rs":"ab5455c9b2511ba6b67a66873cd8b53bf77471249fd2779d6437ebb4934087b5","src/backend/linux_raw/arch/asm/mips64r6.rs":"a67262dc9cbd583ecfff93953726dabfd6574714d4646aff27582ff034a28cb9","src/backend/linux_raw/arch/asm/mod.rs":"1ac43073fc3d28879ab46d9220344785db4ef761a21d0357e4fe564157e6f1a6","src/backend/linux_raw/arch/asm/powerpc64.rs":"dcd12314184441f5f7705bea6b829103c7abc9062db366ae5584023a38252a36","src/backend/linux_raw/arch/asm/riscv64.rs":"58a58203e9cac2ed21e4a7b26692c5d56d3c2bcddb3f60a648efd18a02129f3c","src/backend/linux_raw/arch/asm/thumb.rs":"82b88c9a3b6837f28a738cc760fc2403e7014abdb2c35d2bdbc8073235ae2863","src/backend/linux_raw/arch/asm/x86.rs":"bfe81e7c527cdbcc98e4ec10c96f64ce543bb4d7ebdeb5ab020794f09e75545d","src/backend/linux_raw/arch/asm/x86_64.rs":"7c893ca306b3b8a5980c525dc5fa23187a0526bc9f7ac637204d88a1d596df5d","src/backend/linux_raw/arch/mod.rs":"31b3753c763ce3d2dd92db926123fc5eb6e0ba66a09f5574b6ebb11c836dcf6b","src/backend/linux_raw/c.rs":"389243294a968dbd3ca3b4e60ea6323c76ef4b963d0b2a360956d9c9c167c7a5","src/backend/linux_raw/conv.rs":"027816a35e624a90b141ce3f84e8634f9626f9da41130a0f777a60484776318e","src/backend/linux_raw/elf.rs":"ff5017040b29a8cf8d5077a0c73943bfa5e3862eaab37ee1c3b08a1122968bbe","src/backend/linux_raw/event/epoll.rs":"6c27660b015889140ad11657ad08dc32dd52fbc6b0d0a6571885792040e19156","src/backend/linux_raw/event/mod.rs":"72e46b04637e2d1d2a6b97af616144995399e489d1fe916faf835d72fc8c64cd","src/backend/linux_raw/event/poll_fd.rs":"8495da1687b15f7880a576ac8d197c941627a53874f0823467a3e4e3ad5640f2","src/backend/linux_raw/event/syscalls.rs":"f996db9f1f9f2b9bdaf33ef3a80a63ab9b1a65ae956700fd88d355e046ce2890","src/backend/linux_raw/event/types.rs":"4edf9c7c399c91f359bc2370a407fa5ab537a84eed26c593ce5bf6dd82c6c6a0","src/backend/linux_raw/fs/dir.rs":"c675dc5413428d2defd6752e99d210da83639779e853db209de6a1c08d35e0e7","src/backend/linux_raw/fs/inotify.rs":"c05e201e4f562256388c933cd3f24a3c3a578bd19513284856bb3eb1218906c0","src/backend/linux_raw/fs/makedev.rs":"c6b4505c4bcbbc2460e80f3097eb15e2c8ef38d6c6e7abd78e39c53c372139e2","src/backend/linux_raw/fs/mod.rs":"e22bf30f312f6a05f1e79f7834c33a3c9821514da05fa4786fc31867203a4c74","src/backend/linux_raw/fs/syscalls.rs":"8d8639d24f1d42abbbee6f1d9db77d1c2f49867d9eac52f3f93331b9a2389445","src/backend/linux_raw/fs/types.rs":"3cf024ce2515c151a25ea25f19a21fb61b0deac58f88db841f88b2938fd07034","src/backend/linux_raw/io/errno.rs":"8d6a8d702ddec05c0ec5b518b9c4d6c9b54d390ea9b362e60f2032284c40b112","src/backend/linux_raw/io/mod.rs":"7ae2324427892cca6f5ab53858d847b165f790a72ec25f3d99fb15f0506c9f27","src/backend/linux_raw/io/syscalls.rs":"b079441386e5eb835b258871ae813dcd39fd8aeef4fc96bee187a45b0544bda7","src/backend/linux_raw/io/types.rs":"59d031dd1e769ecbaedaaa3ffc513a7f7154fc48abbb46023166fa38a46f0c61","src/backend/linux_raw/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/io_uring/syscalls.rs":"b87fa95c16b2d3ca8fd5d72368bda37b8b8ddbb19df3a884efc6eeec393c86d1","src/backend/linux_raw/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mm/syscalls.rs":"369abe984aa972d8083fee20d764a8d57df242c66f897066367416f2fcc832a3","src/backend/linux_raw/mm/types.rs":"74dd9772c7208d6ad2d3830277eb1f67d5b2392553be23c8a64181c21ca1dc37","src/backend/linux_raw/mod.rs":"eb94a0ff0f7dad9e114d19bcd9bf5b320b9e8570ce74277756aaf038c815e23f","src/backend/linux_raw/mount/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mount/syscalls.rs":"3947261b5d46b9737f02dc5352c3a3a35c63c461fd75bcd8ae6619dfc0bfb54d","src/backend/linux_raw/mount/types.rs":"4241f270fc362834dd2cee3eb360e5b5d2bb0300eb07f0ca1bc81363e501c65c","src/backend/linux_raw/net/addr.rs":"fa6c4ea03ed465188bdb2113a9815549084b501c35654b46a00de226c7ea5463","src/backend/linux_raw/net/mod.rs":"bc9c9c4a8c06b1fb8c57555261176dfb1f3e858a1d89cd2f88e1f31fc126c001","src/backend/linux_raw/net/msghdr.rs":"6c0e1dfc0c9f79e69d3a645f0b4228bf6b29fed920af5f1efa6bbacd0a681c51","src/backend/linux_raw/net/read_sockaddr.rs":"24075ac4c05fab5fe44aae4445cdd12ec7e474f047150baa9b768741d6b9693d","src/backend/linux_raw/net/send_recv.rs":"aa5107094a1e5c6ce57bc2956d0ac63f24a7e61270f61ab2a353f9c832da0e4e","src/backend/linux_raw/net/syscalls.rs":"76c162e5cfa81621b1c2689695efd72066633fa7deedf83b71c255f0c4b176f7","src/backend/linux_raw/net/write_sockaddr.rs":"69ee7d6f754126f9399250d51bcdb306ab6a9ae816bc8fe21d0a9cabd49052ef","src/backend/linux_raw/param/auxv.rs":"890976e7ba6ff456326e3e325b9594b75ee4173bcd7eadc7929ff1b65520b118","src/backend/linux_raw/param/libc_auxv.rs":"16e8ffc7eab03c4aade2bb01908731ce15526041ae5e1767315b90c9f64eaa2a","src/backend/linux_raw/param/mod.rs":"db21fc1b0ea5568b8649890fa38a878bfcdcf7398f6cf1640176b37bcc6ce990","src/backend/linux_raw/param/mustang_auxv.rs":"0adbb54a06b8c7b2df17462d98e1fe72bec02e4e577313add0cb7363262f0d6b","src/backend/linux_raw/pid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/pid/syscalls.rs":"ce3ca4c72096479340364d16f09918e192ffd3a0436a26eb61aad7e7dac3cdcd","src/backend/linux_raw/pipe/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/pipe/syscalls.rs":"ec53a8b3ac23fc3fc2983615e34a210077947dbdf9b6a55477844fdae7e6b306","src/backend/linux_raw/pipe/types.rs":"73db762965df510bf3c908f906acf3a6df182d98d4ba1ebe45a52a4b51751e7e","src/backend/linux_raw/prctl/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/prctl/syscalls.rs":"01aa9cd77341dcd1efab9f3ac28447d0fbc41ed44d65e52301b347fdd1627e50","src/backend/linux_raw/process/cpu_set.rs":"dfdcbdf35aff6a3e08e7d38193bf18c12ca8aa64eb0dc417667be82dcc0f7c55","src/backend/linux_raw/process/mod.rs":"fb393c70a9c63ef9a6bf1fb5a2dc94f07d6b0b6987cc5231c15c607015dafd68","src/backend/linux_raw/process/syscalls.rs":"06313394d332fe385ce2053ae2980cb939665c1d091867d131adf18bd9e7a5dc","src/backend/linux_raw/process/types.rs":"d66049cfbdb27e31586f0ff2e53b6adbe0ebb296a876372e9d0d805d10ac5f51","src/backend/linux_raw/process/wait.rs":"921aee4b0048746087f52615a98edc2aa0fb4b53d6df44be4533098df55d1b05","src/backend/linux_raw/pty/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/pty/syscalls.rs":"8e0c6bb4a488440b39e5df9aa343bdffa6b28a0213246bc699f8b9676a170fa5","src/backend/linux_raw/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/rand/syscalls.rs":"fb401466368de62ec4ff76bc230f9246623b003fe7452912e1365f443d3eeeb3","src/backend/linux_raw/rand/types.rs":"787a59629343688cac0fdabd1b7552b400b9188073a1e0394eacc6e0997e1bfe","src/backend/linux_raw/reg.rs":"39b6234971122d247054bda8c2dc3b44493be30482635baa9e2fcbe048e78cbd","src/backend/linux_raw/runtime/mod.rs":"b2cae8cce3822c3c92942f06ea0b68464040dcac33c6f0f7ee392c6269993347","src/backend/linux_raw/runtime/syscalls.rs":"21497bfe3d0f82de278f07bf53a11a04ffaa595b4ff1af92627940ff2029b8fc","src/backend/linux_raw/runtime/tls.rs":"2b8fc61a33ca9b47f854afbb8e3f8b20f9f9416b8884aefe46388c8173c8ae47","src/backend/linux_raw/system/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/system/syscalls.rs":"a9bec6662f122b1ec310d417bd9ddc16df13b50de6526d2170aa4d72292c2b14","src/backend/linux_raw/system/types.rs":"1ceab8d738a71043473b26e97fa3fd79d588a86d4774cbc9b9e1d4f1447a016e","src/backend/linux_raw/termios/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/termios/syscalls.rs":"6c85a0cb459ad473f60ab640e3813b65a8e943bc4a86e09d9db6021cb8b0e2cb","src/backend/linux_raw/thread/futex.rs":"3a130db9f6176dc95fdc14ce61a6bcdcc2c28e82a29ddae3e05f347a189fdd14","src/backend/linux_raw/thread/mod.rs":"f7132a68c9db1b4a796781b9e8d0ac268a1ddb713e510bfd43425564ec9b39c4","src/backend/linux_raw/thread/syscalls.rs":"5845d1c0a3548f87a114493c345e18dc32875bd7d35a6abcf1241ced9b024c09","src/backend/linux_raw/time/mod.rs":"672724f55b7b7be6a7452bb1cc2d28b5f0aaa840a2856fe363acce624e1beefc","src/backend/linux_raw/time/syscalls.rs":"a7870ef9daaf3fb2ac50f853df6dbcd935a3b2d70e720b80184208f602a918e6","src/backend/linux_raw/time/types.rs":"50d84ee6288f06bf4b526781c84e7252f3c09ecdb0626856d94a1a61c2e2c579","src/backend/linux_raw/ugid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/ugid/syscalls.rs":"844b2bed42b9a3c06845dbae1d020bbab5757d23ea3ad7a440e3cd87ff993f72","src/backend/linux_raw/vdso.rs":"a5abab80f023088162fd81dc306b6bd86bd61b2018a191b384f57facb1d48d0a","src/backend/linux_raw/vdso_wrappers.rs":"7b5711e13d0d7112d57876014b932adfca13c0e1260150dd5f43152170366e82","src/bitcast.rs":"fe6bdc7fc31fa3b360c44a841c9a0f143629172729c6aaeae76841c74c122ff3","src/check_types.rs":"fe4fc1a0930a25037dac954e7843a4d4c321dd7d1acb25916cdc9cfd4b37974b","src/clockid.rs":"1d2e1cfcf23160b55d6b046d235edf2eb2408f072a8bdef3e3a3871885abdd5a","src/cstr.rs":"9e3fcd57d6af382a9a4f24b97a29eeb05a3ccd5c8fefd666884f6e4438b3c4a3","src/event/eventfd.rs":"81cbd08f7bdf40a6ce1ca692b63da1dc8ba925282990668d9d68f1203e839fa1","src/event/kqueue.rs":"b267ca1badc43d977e2c5435092f161caab50ea04e258772dbebe1f02f3f5966","src/event/mod.rs":"7f4f01e43444c5a1f97af5955fab7e0e1ba20e0f53adc86aecbd501d2db4a745","src/event/poll.rs":"0ee583dbd457a573a82a06c04a2a24bd2c76e751d27a435507d55338e2871327","src/event/port.rs":"da588ff0f694bb1f99e288708bfc07353bd1274020c13dce30df5d7f3b42b0f3","src/ffi.rs":"0c6b9a6f20ffb31a827412c0381c6fff09e68265f29d94c5470940e22c5334a2","src/fs/abs.rs":"1bd62a3aa971468ca7a51a3fbbb59188852b7bc099b55dcb8ce2b1344db5f877","src/fs/at.rs":"d5bd107c89c16d3ead53d6281973e188497c9e35a49c5f2ad89916552071e05f","src/fs/constants.rs":"24076a01f8bfc126b0905e9bc0521d2c3a3abc6c3b8c86ddb1e545070d097127","src/fs/copy_file_range.rs":"d3b644374390d482b2ff749a2459458872b57d0dcf9670368739b7833509a7c2","src/fs/cwd.rs":"9f429a79ace6e17455634da09216ee0ad3d067a4541518b3193ae6a8d9ff1e26","src/fs/dir.rs":"347a52f4ca9ac6321c52e802e97ec90d1b4c62ec955c8996fc17f8f5aed69966","src/fs/fadvise.rs":"beef66ebe1310fb92628240b2cde68f744c78e50f6ff61bb1404bd4868d9cae8","src/fs/fcntl.rs":"2085102d05d0ba963e100ab3e3f19dac4ff27d142fbf798626d20a2a596ba96d","src/fs/fcntl_apple.rs":"e2f23f038083621bcdecc98d02ce1023508afaecdb2ed0fba5c8b70f955301e5","src/fs/fcopyfile.rs":"ec95929cbbe02cf49233a785e5238931bb107b7903cc5bc95e4231de960995f2","src/fs/fd.rs":"6b64b27b4727e00ae1a44cf04f9627326679ecc2d7ea274195e1204aa60c2d50","src/fs/file_type.rs":"fefd865f91011f66126213b0994773d99e373b468c31e866002228c98c64ad85","src/fs/getpath.rs":"28f6970fc1bbc37bb35c84724b59eac436ea7407a4522e18c2bdacb1fdd2edd9","src/fs/id.rs":"1b5c8a8baf9a9bb1f895f97189cea4e5982a0d35b192afeec6340a6c6222e0cb","src/fs/ioctl.rs":"1b222e725402d775813877b73f40f8ac2b513439485d326fbd49e3f4ebedce3b","src/fs/makedev.rs":"85520b484cb7c15ab71ea1c368578ea3b7e484d82f8510db92b6ce9f7ca341ae","src/fs/memfd_create.rs":"15a8f28e040cffd8c24c7903483440f88853b2e538ad48d80f3c00b4b2befdea","src/fs/mod.rs":"8a3ab65aa3fa9a66ea55ef1ec3db72cab938b2b0deb4e079dd6efd737f91d480","src/fs/mount.rs":"c96cacbe65aff4c43fc2f5be03baf2b523bda151ade1828b691de1d040d3b2e6","src/fs/openat2.rs":"4a95c15dab533a41201b5fa25c8a212956b7571d58cad696bdaf45af8aef96db","src/fs/raw_dir.rs":"8cb30e31905f90c09c147f828dd9975da3ea1aab6e410642e04d206a8860b302","src/fs/seek_from.rs":"d7616a45e8a449df28b075ddded4d7c95d6c4575d6fe0cf0ca7b6625e9dc7eeb","src/fs/sendfile.rs":"e3b2058741cf4b1698f34d84bb37130cf2b72806d522a16fe541e832cde136cb","src/fs/statx.rs":"239d447477f8ac368c8ddf9975c71509c47881f647f59cd941ac07954d8a77f9","src/fs/sync.rs":"a3b23543834281f347b0f873bd38154d31d404871188ac08f2b20b9196234cfd","src/fs/xattr.rs":"1d4d7f144716ac8fcae6b728ea23d27db8d3d1d7d2ec3dc31a1dea8e9d6a7eff","src/io/close.rs":"0aa3cd05a8fed8e5244f97b8b6c2e7f65ed93a4e5435c6329852bb3da7514440","src/io/dup.rs":"a8a59c5d345dc54c57ded890720c33eb78c4d53917c71e8bb6317f7ed122cb87","src/io/errno.rs":"777976d6f0e73cc7d7f2a94954e5900683cfcea330664b7192ed5db3ebbd493e","src/io/fcntl.rs":"c0f7bd7fce1119b0c1d0085b7ab77d5df02470ae3e06035428a2452dacbec296","src/io/ioctl.rs":"69d85054f32523c9b88b9bbee536d3299cfddba0e08f608d950e8a7cc4464e07","src/io/is_read_write.rs":"1bfb9ee5d58e0b29b44af12fe2668c7bccc841358698dcde47f1519ff9bb73b4","src/io/mod.rs":"75f1d0646be1d4c7c08b5887d8119b0103be8c25c43ccd4e0e97015508c0bb8f","src/io/read_write.rs":"54ba528b11601af1338bb0c71a41b256a0033076d30b3946c3fd0bdfa61dd021","src/io_uring.rs":"7093958a57bdaadd75f1800f07e359fd97c6f99c3fa01d263b4b1e57d44b2c4f","src/lib.rs":"2af15f86a2250abd5ef582bd6feedd45ec6740573a0518ae9422f5fb1f2d8a23","src/maybe_polyfill/no_std/io/mod.rs":"77889bb5c5a4f2e50e38379cdaa5d0fef4b0cafc3da056735df01f6deae75747","src/maybe_polyfill/no_std/mod.rs":"d4d98cf838b65dc3ceb0f6d4a950d9348695c3084448bd844e47b909960bbb47","src/maybe_polyfill/no_std/net/ip_addr.rs":"080dd17c44b395b46b0d9e70da76f376540f92ece65f79e3d242c0a272d3b451","src/maybe_polyfill/no_std/net/mod.rs":"b0ee611c454679226a15bf647e7779995f3fe9c8e0507930a0d0613eb414b7c2","src/maybe_polyfill/no_std/net/socket_addr.rs":"bfeb32d32c176cde76323abcffebfc47e9898fb8d7ce3668c602dc8451086a2d","src/maybe_polyfill/no_std/os/fd/mod.rs":"d9dfe2a2c25be727847bcdfe6f4898685af2521850298178ca8d46a8e2ceee88","src/maybe_polyfill/no_std/os/fd/owned.rs":"4ce3234f8ab2cc8a7b749531336f4f6b6297eff0e20a01190be2c10409a0c066","src/maybe_polyfill/no_std/os/fd/raw.rs":"9cedb353580b932879ddc4dee9936212fefb6d42530dc5cec519a0779d5dee33","src/maybe_polyfill/no_std/os/mod.rs":"27dab639a765827644005d5f2fcc7c825310606b889cc8dd83f54c9528350dc0","src/maybe_polyfill/no_std/os/windows/io/mod.rs":"5bbcc05c83fee5026dd744a994e0458469466d5be39081baa62df07753b92fd2","src/maybe_polyfill/no_std/os/windows/io/raw.rs":"4c32609a489dd938a49328b5637cb3bafb96437f2f9f269ab66d7d3cb90247f6","src/maybe_polyfill/no_std/os/windows/io/socket.rs":"c658f42f24eff44a661f2adfd24a11af80fe9897f3e2af4dc5d2c64808308d65","src/maybe_polyfill/no_std/os/windows/mod.rs":"fdb416f8f231a4e778b5f985b9ae712ece5e1a1402963ad1a5f6a8b9843795f4","src/maybe_polyfill/std/mod.rs":"dd6e219564e224fa7cc9fdab2e45935f13ad062da53d0b6d259a695c7aec1847","src/mm/madvise.rs":"3c262b3713a73fafcedf1b04bb12c048bb11d47ca43c959e5dfa48c27651f4f0","src/mm/mmap.rs":"fc32e308a24c6f351d74306943d67a68093a0b6555b4bdf6cd755bf43795f406","src/mm/mod.rs":"b3a6cb838986d45825b912355cedead761211a494ca6f89b2367a2d2157e340e","src/mm/msync.rs":"9dcfe5f54235e9314a595edb8d548ac79d222bbcc58bb3263cf7e96d603b23ad","src/mm/userfaultfd.rs":"8073443bd181ff0b3ba4d0b1ae67370b4864035a0c8b4898cd709dc47c518ae7","src/mount/fsopen.rs":"160e384e9175fd98669cda1cf3590bb195c2ba7e1c724e9ea06e692595e58ba1","src/mount/mod.rs":"5f0c9df4727592695deb1cd63ae1de021b03dcd9d0d1b68e1f34d12a7136cb19","src/mount/mount_unmount.rs":"8ad11675e5d762d33fbefbed06a6a9f9e52a9b689bd06662446152614321ab77","src/mount/types.rs":"601ae3e10b7dc496fed7f3b40a80e81c6edd7bf13189d7be45c3212d4c684c39","src/net/mod.rs":"a6bc55f9e086caf46a7c00783498d73a328a66f2a991f1ec65d5f13931377b0f","src/net/send_recv/mod.rs":"f33e39c7b228cd8109823b0a0a1aa397cddad504d49e69b36f74c5b84e5070e5","src/net/send_recv/msg.rs":"f4854380a7ead4696f427409836d6fc9edd916e38248a350c6208e655b0663a7","src/net/socket.rs":"6bb087ab208a1e06d535fa11e2aa4a9f96da6e73b697fca93e2a3c89178c4434","src/net/socket_addr_any.rs":"d07f9e9ef8873aa5bfd85f669952299286ef6f2cc5b9fea383856432e61b850f","src/net/socketpair.rs":"56f4885c31d2664cd16e18a9a88792a4912fedd953cec36dba67e8581fd57921","src/net/sockopt.rs":"b72ffea1f6e3efd315e7d72fceefc5071d7e6a9c14c999755fd15ad0ae466ddd","src/net/types.rs":"61c0e5aaf636734832018dc80541772741e6c8447befcc1d6e1bdbe4815cd70c","src/net/wsa.rs":"6e546b42f50a851fc833c57cda76cfb347203ed4b0dea574a3d325bf5a2ebf80","src/param/auxv.rs":"988872f9bec2e12f35765ae8963cbb9535d4acaedd4c9a4d07ced6feb70e0aaa","src/param/init.rs":"671d8974f0d9b82e79076d1f4deabe0273a874a329f74b8aad26e07b86791ba3","src/param/mod.rs":"53ee190cf5266a2e057af9412acc50359369470a04dbfe2e6e92a90de15aff57","src/path/arg.rs":"4a4bf9b59334900b51ac250365b2a1838670f83a6df9c9c3f6a35bd7d4784170","src/path/dec_int.rs":"fad9793b89eac526953b994cbed6b614f01c25108f9763e19fb98029feda93a4","src/path/mod.rs":"6b1b949c94bcc47e0f08a3f8e8db5b61ff497d0dfd3e0655f51c01d3e4b7dfd6","src/pid.rs":"2ef7ac7944d8a2e4c1e764d78c5b7e223704243b78c3c15348e9ea0fe1638117","src/pipe.rs":"e57b6f40af317e07d49f0a5ca98016cd358d8de2989be9a04775b6937ab05fb2","src/prctl.rs":"a1c85a401538d614f5539871f9a03f9a345b24cfbc845e953deb9f8b96986e2a","src/process/chdir.rs":"9d0397bc91bad5bf1c0afec5b3e6dd9cb7de6e54c3d0b760b33a4996a4cb1b25","src/process/chroot.rs":"2b5f6124eb19f26ad2705174f7ad50cdc0a5d15abd59ffcf55421228d82130b4","src/process/exit.rs":"98d55e9a419737cd88327d8eb484b892e2a12706e5dd05e5e43552af8b6a806a","src/process/id.rs":"402475cba98cc7e724943bfd218862f76c08b8d200a7b38bb5067bba2a837ef1","src/process/ioctl.rs":"6b9527094ad3617057e95268d515bce032656642e7ee55fcc686e4a9cbf01499","src/process/kill.rs":"7b879e5cff8a064acd0e7488f4e21bd4e4a8506ce380688b72cc48d283ff9c89","src/process/membarrier.rs":"77b1080dc50cf0bf48959bd2388c519f0b73ac231cc329be43f04525217b7e94","src/process/mod.rs":"21e5e4f55e81c447d76970442473678f6345d12a61b3227caf09460cfb82e0e4","src/process/pidfd.rs":"948b88cd986c17074fc895f277eec49066a52ab461fa341b7119ce648b28fcb6","src/process/pidfd_getfd.rs":"14aab7cc5578ca4753a7a42dcc8b4ea03748564b542675a50bae8e128348b23e","src/process/prctl.rs":"3f949bbc03c00cb68fab7db8c1bda71741f8d9439b9e25a8521d7cbb0693491d","src/process/priority.rs":"f135482e71ea8aa0daf92b9f238051178a4c904070fa8409622f94155df3c544","src/process/procctl.rs":"7668f8302515316cc70addfe8da4af47ea8872d4acacd72d1c87c0ecb627e8e9","src/process/rlimit.rs":"10b79de3ced0e64059a94c879742d46a35a6176c776d8eed75031d5e6340283d","src/process/sched.rs":"7c3bfc5be624e7d7f5e043c3ee0b0566fcab3d684d61c272e7b4233410ab1c42","src/process/sched_yield.rs":"6565faa3928b66ddc74a65e893e15edfa4b9be4f7e5f5f68527501a7f6bc3350","src/process/umask.rs":"1a0f31a842303c978e3f05ec191e2b5e96104c09c6596473b42b1fac34898a50","src/process/wait.rs":"5bceb8b2d6144aadc203ed3d7dd24536e0ad4bbef45c3fb9369559dd9284693d","src/procfs.rs":"55d19dfe0dbff098639b7e559defddfd52bdd73a0cd7fde2e026a702c4e4b70b","src/pty.rs":"602c58dcfa248a5e7f9389851a52f99dfb0e115fc9a70f732d69b0a1d127fae5","src/rand/getrandom.rs":"15255b5c5f76cf61ac4fac8b7ac6621049f2b5d2549ec319cdd69ab1ae4d07d2","src/rand/mod.rs":"cab59332aadd9b679f5b22cbb222d48ee028af5eb9fd4a4d43922da659b895d7","src/runtime.rs":"952cea05413e3ba1fa4fdc4755bf1d0fc0c21a5c8878f2cccc6a533119c193f8","src/signal.rs":"c071b4f011deef19a679d7a832d5408a3cd68627161d6510008d6312266a2611","src/static_assertions.rs":"39986672f489949be1d6469f0c30fb7d2eaa21bdaa2702a8c150b2b150bf5535","src/stdio.rs":"a5de2d7d9c3c5a901f88b6acf4754687c958a2f3a93c7945c2b8fcb948d468af","src/system.rs":"853b3ddaa10b90226f6d9a0ef7890739ce2fbd150c362c912df6afd19664253c","src/termios/ioctl.rs":"fd1db1ee473e884eedc5858e7697d4a00b6ed7d878af85abdb76771225bd2e48","src/termios/mod.rs":"b44b7caa60b6f458657ed58a0e0eca41bb4e6d6be4b0f042bbb8ab7056cebe4b","src/termios/tc.rs":"e41312d15464b83b2457c2502fc3f3b9998cfb02ba68739026dd4285cc7130ac","src/termios/tty.rs":"a3ebab3b73db76fb5594be1bb4ec888a28a63637f8cd0211fdb1b3b645cc2ca2","src/termios/types.rs":"c30ab7e4e32ffe896b75eda882c7672b5d8b36d9d87f3a1e4bf31f213a43d0e2","src/thread/clock.rs":"469326c822dfb63405ee8537552cedde0b344978280e6645bbadd47dedc71e18","src/thread/futex.rs":"4e78c84589b535ca9ca633633696ef212393a98f2890b181acaa8f908fbc5ae2","src/thread/id.rs":"f25a6dbcff0e0e7a429ce5e8406afcba3b74f10ad3065c015f8e728fd6880e53","src/thread/libcap.rs":"ee1f320d860a3decbec8052897d9e9484591e4b0b64b3b5b419f4d43d144422e","src/thread/mod.rs":"6fc33eb022c4ab7f950dfb4fae6ab70b1acbcdbeacd909ae1848e7e54076c310","src/thread/prctl.rs":"f6da23203fc2087cd3b36b910901cd6cd86d5ac6f2fcb09feb1270d6c486a1a7","src/thread/setns.rs":"ba37cbedcd5b6ef1e09422fbb8caa9fd94e25ebf6930fc7ccc778944cd078cb3","src/time/clock.rs":"e59a29f1bed8c31c3d5b6fad60f2d4fa6cab8dd8e86148bb3693a5e3a1ce735f","src/time/mod.rs":"43afee938c80d124d04d4ba190c03f4d21d1e3bfc154fff309211e4f6eabe940","src/time/timerfd.rs":"f17092b84553741aa2d2b44c6992b5d2c8c96cc2c2007fc9a2c6b2064485e53f","src/timespec.rs":"79c7af1bfb12b56fd482b778dd783d82c6f3233b26bb11ae3dceb454036b1da7","src/ugid.rs":"6616c6e35b7e43aee5b150f1efae7a50711e0947943c9a96833dbe214ad9e85f","src/utils.rs":"337626dd40ebae8cf0cac74dd9efc6974f30522bea305fe99799a9848950771e","src/weak.rs":"22070a3fa6e526d851bac81c551aa5cb4f9e609687075999c6d50973eeec3a98"},"package":"172891ebdceb05aa0005f533a6cbfca599ddd7d966f6f5d4d9b2e70478e70399"}
+diff --color -urN a/vendor/rustix/src/backend/libc/fs/dir.rs b/vendor/rustix/src/backend/libc/fs/dir.rs
+--- a/vendor/rustix/src/backend/libc/fs/dir.rs	2025-01-16 18:36:03.851863190 +0000
++++ b/vendor/rustix/src/backend/libc/fs/dir.rs	2025-01-16 19:22:27.377406391 +0000
+@@ -30,8 +30,13 @@
+ use libc_errno::{errno, set_errno, Errno};
+ 
+ /// `DIR*`
+-#[repr(transparent)]
+-pub struct Dir(NonNull);
++pub struct Dir {
++    /// The `libc` `DIR` pointer.
++    libc_dir: NonNull,
++
++    /// Have we seen any errors in this iteration?
++    any_errors: bool,
++}
+ 
+ impl Dir {
+     /// Construct a `Dir` that reads entries from the given directory
+@@ -43,20 +48,35 @@
+ 
+     #[inline]
+     fn _read_from(fd: BorrowedFd<'_>) -> io::Result {
++        let mut any_errors = false;
++
+         // Given an arbitrary `OwnedFd`, it's impossible to know whether the
+         // user holds a `dup`'d copy which could continue to modify the
+         // file description state, which would cause Undefined Behavior after
+         // our call to `fdopendir`. To prevent this, we obtain an independent
+         // `OwnedFd`.
+         let flags = fcntl_getfl(fd)?;
+-        let fd_for_dir = openat(fd, cstr!("."), flags | OFlags::CLOEXEC, Mode::empty())?;
++        let fd_for_dir = match openat(fd, cstr!("."), flags | OFlags::CLOEXEC, Mode::empty()) {
++            Ok(fd) => fd,
++            Err(io::Errno::NOENT) => {
++                // If "." doesn't exist, it means the directory was removed.
++                // We treat that as iterating through a directory with no
++                // entries.
++                any_errors = true;
++                crate::io::dup(fd)?
++            }
++            Err(err) => return Err(err),
++        };
+ 
+         let raw = owned_fd(fd_for_dir);
+         unsafe {
+             let libc_dir = c::fdopendir(raw);
+ 
+             if let Some(libc_dir) = NonNull::new(libc_dir) {
+-                Ok(Self(libc_dir))
++                Ok(Self {
++                    libc_dir,
++                    any_errors,
++                })
+             } else {
+                 let err = io::Errno::last_os_error();
+                 let _ = c::close(raw);
+@@ -68,13 +88,19 @@
+     /// `rewinddir(self)`
+     #[inline]
+     pub fn rewind(&mut self) {
+-        unsafe { c::rewinddir(self.0.as_ptr()) }
++        self.any_errors = false;
++        unsafe { c::rewinddir(self.libc_dir.as_ptr()) }
+     }
+ 
+     /// `readdir(self)`, where `None` means the end of the directory.
+     pub fn read(&mut self) -> Option> {
++        // If we've seen errors, don't continue to try to read anyting further.
++        if self.any_errors {
++            return None;
++        }
++
+         set_errno(Errno(0));
+-        let dirent_ptr = unsafe { libc_readdir(self.0.as_ptr()) };
++        let dirent_ptr = unsafe { libc_readdir(self.libc_dir.as_ptr()) };
+         if dirent_ptr.is_null() {
+             let curr_errno = errno().0;
+             if curr_errno == 0 {
+@@ -82,6 +108,7 @@
+                 None
+             } else {
+                 // `errno` is unknown or non-zero, so an error occurred.
++                self.any_errors = true;
+                 Some(Err(io::Errno(curr_errno)))
+             }
+         } else {
+@@ -120,7 +147,7 @@
+     /// `fstat(self)`
+     #[inline]
+     pub fn stat(&self) -> io::Result {
+-        fstat(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) })
++        fstat(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) })
+     }
+ 
+     /// `fstatfs(self)`
+@@ -134,14 +161,14 @@
+     )))]
+     #[inline]
+     pub fn statfs(&self) -> io::Result {
+-        fstatfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) })
++        fstatfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) })
+     }
+ 
+     /// `fstatvfs(self)`
+     #[cfg(not(any(solarish, target_os = "haiku", target_os = "redox", target_os = "wasi")))]
+     #[inline]
+     pub fn statvfs(&self) -> io::Result {
+-        fstatvfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) })
++        fstatvfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) })
+     }
+ 
+     /// `fchdir(self)`
+@@ -150,7 +177,7 @@
+     #[cfg_attr(doc_cfg, doc(cfg(feature = "process")))]
+     #[inline]
+     pub fn chdir(&self) -> io::Result<()> {
+-        fchdir(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) })
++        fchdir(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) })
+     }
+ }
+ 
+@@ -163,7 +190,7 @@
+ impl Drop for Dir {
+     #[inline]
+     fn drop(&mut self) {
+-        unsafe { c::closedir(self.0.as_ptr()) };
++        unsafe { c::closedir(self.libc_dir.as_ptr()) };
+     }
+ }
+ 
+@@ -179,7 +206,7 @@
+ impl fmt::Debug for Dir {
+     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+         f.debug_struct("Dir")
+-            .field("fd", unsafe { &c::dirfd(self.0.as_ptr()) })
++            .field("fd", unsafe { &c::dirfd(self.libc_dir.as_ptr()) })
+             .finish()
+     }
+ }
+@@ -293,3 +320,38 @@
+         }
+     );
+ }
++
++#[test]
++fn dir_iterator_handles_io_errors() {
++    // create a dir, keep the FD, then delete the dir
++    let tmp = tempfile::tempdir().unwrap();
++    let fd = crate::fs::openat(
++        crate::fs::CWD,
++        tmp.path(),
++        crate::fs::OFlags::RDONLY | crate::fs::OFlags::CLOEXEC,
++        crate::fs::Mode::empty(),
++    )
++    .unwrap();
++
++    let file_fd = crate::fs::openat(
++        &fd,
++        tmp.path().join("test.txt"),
++        crate::fs::OFlags::WRONLY | crate::fs::OFlags::CREATE,
++        crate::fs::Mode::RWXU,
++    )
++    .unwrap();
++
++    let mut dir = Dir::read_from(&fd).unwrap();
++
++    // Reach inside the `Dir` and replace its directory with a file, which
++    // will cause the subsequent `readdir` to fail.
++    unsafe {
++        let raw_fd = c::dirfd(dir.libc_dir.as_ptr());
++        let mut owned_fd: crate::fd::OwnedFd = crate::fd::FromRawFd::from_raw_fd(raw_fd);
++        crate::io::dup2(&file_fd, &mut owned_fd).unwrap();
++        core::mem::forget(owned_fd);
++    }
++
++    assert!(matches!(dir.next(), Some(Err(_))));
++    assert!(matches!(dir.next(), None));
++}
+diff --color -urN a/vendor/rustix/src/backend/linux_raw/fs/dir.rs b/vendor/rustix/src/backend/linux_raw/fs/dir.rs
+--- a/vendor/rustix/src/backend/linux_raw/fs/dir.rs	2025-01-16 18:36:03.847863188 +0000
++++ b/vendor/rustix/src/backend/linux_raw/fs/dir.rs	2025-01-16 19:22:27.377406391 +0000
+@@ -18,9 +18,17 @@
+     /// The `OwnedFd` that we read directory entries from.
+     fd: OwnedFd,
+ 
++    /// Have we seen any errors in this iteration?
++    any_errors: bool,
++
++    /// Should we rewind the stream on the next iteration?
++    rewind: bool,
++
++    /// The buffer for `linux_dirent64` entries.
+     buf: Vec,
++
++    /// Where we are in the buffer.
+     pos: usize,
+-    next: Option,
+ }
+ 
+ impl Dir {
+@@ -38,25 +46,39 @@
+ 
+         Ok(Self {
+             fd: fd_for_dir,
++            any_errors: false,
++            rewind: false,
+             buf: Vec::new(),
+             pos: 0,
+-            next: None,
+         })
+     }
+ 
+     /// `rewinddir(self)`
+     #[inline]
+     pub fn rewind(&mut self) {
++        self.any_errors = false;
++        self.rewind = true;
+         self.pos = self.buf.len();
+-        self.next = Some(0);
+     }
+ 
+     /// `readdir(self)`, where `None` means the end of the directory.
+     pub fn read(&mut self) -> Option> {
+-        if let Some(next) = self.next.take() {
+-            match crate::backend::fs::syscalls::_seek(self.fd.as_fd(), next as i64, SEEK_SET) {
++        // If we've seen errors, don't continue to try to read anyting further.
++        if self.any_errors {
++            return None;
++        }
++
++        // If a rewind was requested, seek to the beginning.
++        if self.rewind {
++            self.rewind = false;
++            match io::retry_on_intr(|| {
++                crate::backend::fs::syscalls::_seek(self.fd.as_fd(), 0, SEEK_SET)
++            }) {
+                 Ok(_) => (),
+-                Err(err) => return Some(Err(err)),
++                Err(err) => {
++                    self.any_errors = true;
++                    return Some(Err(err));
++                }
+             }
+         }
+ 
+@@ -78,7 +100,7 @@
+         if self.buf.len() - self.pos < size_of::() {
+             match self.read_more()? {
+                 Ok(()) => (),
+-                Err(e) => return Some(Err(e)),
++                Err(err) => return Some(Err(err)),
+             }
+         }
+ 
+@@ -136,14 +158,31 @@
+     }
+ 
+     fn read_more(&mut self) -> Option> {
+-        let og_len = self.buf.len();
+-        // Capacity increment currently chosen by wild guess.
+-        self.buf
+-            .resize(self.buf.capacity() + 32 * size_of::(), 0);
+-        let nread = match crate::backend::fs::syscalls::getdents(self.fd.as_fd(), &mut self.buf) {
++        // The first few times we're called, we allocate a relatively small
++        // buffer, because many directories are small. If we're called more,
++        // use progressively larger allocations, up to a fixed maximum.
++        //
++        // The specific sizes and policy here have not been tuned in detail yet
++        // and may need to be adjusted. In doing so, we should be careful to
++        // avoid unbounded buffer growth. This buffer only exists to share the
++        // cost of a `getdents` call over many entries, so if it gets too big,
++        // cache and heap usage will outweigh the benefit. And ultimately,
++        // directories can contain more entries than we can allocate contiguous
++        // memory for, so we'll always need to cap the size at some point.
++        if self.buf.len() < 1024 * size_of::() {
++            self.buf.reserve(32 * size_of::());
++        }
++        self.buf.resize(self.buf.capacity(), 0);
++        let nread = match io::retry_on_intr(|| {
++            crate::backend::fs::syscalls::getdents(self.fd.as_fd(), &mut self.buf)
++        }) {
+             Ok(nread) => nread,
++            Err(io::Errno::NOENT) => {
++                self.any_errors = true;
++                return None;
++            }
+             Err(err) => {
+-                self.buf.resize(og_len, 0);
++                self.any_errors = true;
+                 return Some(Err(err));
+             }
+         };
+@@ -225,3 +264,33 @@
+         self.d_ino
+     }
+ }
++
++#[test]
++fn dir_iterator_handles_io_errors() {
++    // create a dir, keep the FD, then delete the dir
++    let tmp = tempfile::tempdir().unwrap();
++    let fd = crate::fs::openat(
++        crate::fs::CWD,
++        tmp.path(),
++        crate::fs::OFlags::RDONLY | crate::fs::OFlags::CLOEXEC,
++        crate::fs::Mode::empty(),
++    )
++    .unwrap();
++
++    let file_fd = crate::fs::openat(
++        &fd,
++        tmp.path().join("test.txt"),
++        crate::fs::OFlags::WRONLY | crate::fs::OFlags::CREATE,
++        crate::fs::Mode::RWXU,
++    )
++    .unwrap();
++
++    let mut dir = Dir::read_from(&fd).unwrap();
++
++    // Reach inside the `Dir` and replace its directory with a file, which
++    // will cause the subsequent `getdents64` to fail.
++    crate::io::dup2(&file_fd, &mut dir.fd).unwrap();
++
++    assert!(matches!(dir.next(), Some(Err(_))));
++    assert!(matches!(dir.next(), None));
++}
diff --git a/SPECS/virtiofsd/virtiofsd.spec b/SPECS/virtiofsd/virtiofsd.spec
index 57879404ef..c8a4590acc 100644
--- a/SPECS/virtiofsd/virtiofsd.spec
+++ b/SPECS/virtiofsd/virtiofsd.spec
@@ -22,7 +22,7 @@ Name:           virtiofsd
 # Version to be kept in sync with the `asset.virtiofsd.version` field from
 # https://github.com/microsoft/kata-containers/blob/msft-main/versions.yaml
 Version:        1.8.0
-Release:        1%{?dist}
+Release:        3%{?dist}
 Summary:        vhost-user virtio-fs device backend written in Rust
 Group:          Development/Libraries/Rust
 License:        Apache-2.0
@@ -39,8 +39,9 @@ Source0:        https://gitlab.com/virtio-fs/virtiofsd/-/archive/v%{version}/%{n
 #
 Source1:        %{name}-%{version}-vendor.tar.gz
 Source2:        cargo_config
-BuildRequires:  cargo
-BuildRequires:  rust
+Patch0:         CVE-2024-43806.patch
+BuildRequires:  cargo < 1.85.0
+BuildRequires:  rust < 1.85.0
 BuildRequires:  libcap-ng-devel
 BuildRequires:  libseccomp-devel
 Conflicts:      qemu-tools < 8
@@ -50,8 +51,9 @@ Provides:       vhostuser-backend(fs)
 vhost-user virtio-fs device backend written in Rust
 
 %prep
-%autosetup -n %{name}-v%{version}
+%autosetup -n %{name}-v%{version} -N
 tar -xf %{SOURCE1}
+%autopatch -p1
 install -D %{SOURCE2} .cargo/config
 
 %build
@@ -73,6 +75,10 @@ cargo test --release
 %{_datadir}/qemu/vhost-user/50-qemu-virtiofsd.json
 
 %changelog
+* Mon May 05 2025 Archana Choudhary  - 1.8.0-3
+- Patch for CVE-2024-43806
+* Mon Apr 21 2025 Kavya Sree Kaitepalli  - 1.8.0-2
+- Pin rust version
 * Wed Feb 07 2024 Kanika Nema  - 1.8.0-1
 - Initial CBL-Mariner import from openSUSE Tumbleweed (license: same as "License" tag)
 - License verified
diff --git a/SPECS/vitess/CVE-2024-53257.patch b/SPECS/vitess/CVE-2024-53257.patch
new file mode 100644
index 0000000000..82c8b2f35d
--- /dev/null
+++ b/SPECS/vitess/CVE-2024-53257.patch
@@ -0,0 +1,172 @@
+From 2b71d1b5f8ca676beeab2875525003cd45096217 Mon Sep 17 00:00:00 2001
+From: Dirkjan Bussink 
+Date: Mon, 2 Dec 2024 16:47:59 +0100
+Subject: [PATCH] Merge commit from fork
+
+These templates were rendered using text/template which is fundamentally
+broken as it would allow for trivial HTML injection.
+
+Instead render using safehtml/template so that we have automatic
+escaping.
+
+Signed-off-by: Dirkjan Bussink 
+Link: https://github.com/vitessio/vitess/commit/2b71d1b5f8ca676beeab2875525003cd45096217.patch
+---
+ go/vt/vtgate/debugenv.go                      | 3 ++-
+ go/vt/vtgate/querylogz.go                     | 4 ++--
+ go/vt/vtgate/querylogz_test.go                | 8 ++++----
+ go/vt/vttablet/tabletserver/debugenv.go       | 3 ++-
+ go/vt/vttablet/tabletserver/querylogz.go      | 3 ++-
+ go/vt/vttablet/tabletserver/querylogz_test.go | 8 ++++----
+ 6 files changed, 16 insertions(+), 13 deletions(-)
+
+diff --git a/go/vt/vtgate/debugenv.go b/go/vt/vtgate/debugenv.go
+index 4fa989c69a3..7213353432d 100644
+--- a/go/vt/vtgate/debugenv.go
++++ b/go/vt/vtgate/debugenv.go
+@@ -22,9 +22,10 @@ import (
+ 	"html"
+ 	"net/http"
+ 	"strconv"
+-	"text/template"
+ 	"time"
+ 
++	"github.com/google/safehtml/template"
++
+ 	"vitess.io/vitess/go/acl"
+ 	"vitess.io/vitess/go/vt/discovery"
+ 	"vitess.io/vitess/go/vt/log"
+diff --git a/go/vt/vtgate/querylogz.go b/go/vt/vtgate/querylogz.go
+index 7c72e950d4a..05d301f28be 100644
+--- a/go/vt/vtgate/querylogz.go
++++ b/go/vt/vtgate/querylogz.go
+@@ -20,15 +20,15 @@ import (
+ 	"net/http"
+ 	"strconv"
+ 	"strings"
+-	"text/template"
+ 	"time"
+ 
+-	"vitess.io/vitess/go/vt/vtgate/logstats"
++	"github.com/google/safehtml/template"
+ 
+ 	"vitess.io/vitess/go/acl"
+ 	"vitess.io/vitess/go/vt/log"
+ 	"vitess.io/vitess/go/vt/logz"
+ 	"vitess.io/vitess/go/vt/sqlparser"
++	"vitess.io/vitess/go/vt/vtgate/logstats"
+ )
+ 
+ var (
+diff --git a/go/vt/vtgate/querylogz_test.go b/go/vt/vtgate/querylogz_test.go
+index 3cecb983b3f..9236b2ac840 100644
+--- a/go/vt/vtgate/querylogz_test.go
++++ b/go/vt/vtgate/querylogz_test.go
+@@ -35,7 +35,7 @@ import (
+ 
+ func TestQuerylogzHandlerFormatting(t *testing.T) {
+ 	req, _ := http.NewRequest("GET", "/querylogz?timeout=10&limit=1", nil)
+-	logStats := logstats.NewLogStats(context.Background(), "Execute", "select name from test_table limit 1000", "suuid", nil)
++	logStats := logstats.NewLogStats(context.Background(), "Execute", "select name, 'inject ' from test_table limit 1000", "suuid", nil)
+ 	logStats.StmtType = "select"
+ 	logStats.RowsAffected = 1000
+ 	logStats.ShardQueries = 1
+@@ -64,7 +64,7 @@ func TestQuerylogzHandlerFormatting(t *testing.T) {
+ 		`0.002`,
+ 		`0.003`,
+ 		`select`,
+-		`select name from test_table limit 1000`,
++		regexp.QuoteMeta(`select name,​ 'inject <script>alert()​;</script>' from test_table limit 1000`),
+ 		`1`,
+ 		`1000`,
+ 		``,
+@@ -94,7 +94,7 @@ func TestQuerylogzHandlerFormatting(t *testing.T) {
+ 		`0.002`,
+ 		`0.003`,
+ 		`select`,
+-		`select name from test_table limit 1000`,
++		regexp.QuoteMeta(`select name,​ 'inject <script>alert()​;</script>' from test_table limit 1000`),
+ 		`1`,
+ 		`1000`,
+ 		``,
+@@ -124,7 +124,7 @@ func TestQuerylogzHandlerFormatting(t *testing.T) {
+ 		`0.002`,
+ 		`0.003`,
+ 		`select`,
+-		`select name from test_table limit 1000`,
++		regexp.QuoteMeta(`select name,​ 'inject <script>alert()​;</script>' from test_table limit 1000`),
+ 		`1`,
+ 		`1000`,
+ 		``,
+diff --git a/go/vt/vttablet/tabletserver/debugenv.go b/go/vt/vttablet/tabletserver/debugenv.go
+index 9a802a5d49c..6f1ea854ea9 100644
+--- a/go/vt/vttablet/tabletserver/debugenv.go
++++ b/go/vt/vttablet/tabletserver/debugenv.go
+@@ -23,9 +23,10 @@ import (
+ 	"html"
+ 	"net/http"
+ 	"strconv"
+-	"text/template"
+ 	"time"
+ 
++	"github.com/google/safehtml/template"
++
+ 	"vitess.io/vitess/go/acl"
+ 	"vitess.io/vitess/go/vt/log"
+ )
+diff --git a/go/vt/vttablet/tabletserver/querylogz.go b/go/vt/vttablet/tabletserver/querylogz.go
+index 33341d1641b..09f375aa329 100644
+--- a/go/vt/vttablet/tabletserver/querylogz.go
++++ b/go/vt/vttablet/tabletserver/querylogz.go
+@@ -20,9 +20,10 @@ import (
+ 	"net/http"
+ 	"strconv"
+ 	"strings"
+-	"text/template"
+ 	"time"
+ 
++	"github.com/google/safehtml/template"
++
+ 	"vitess.io/vitess/go/acl"
+ 	"vitess.io/vitess/go/vt/log"
+ 	"vitess.io/vitess/go/vt/logz"
+diff --git a/go/vt/vttablet/tabletserver/querylogz_test.go b/go/vt/vttablet/tabletserver/querylogz_test.go
+index 25f03c762c7..ee26437f330 100644
+--- a/go/vt/vttablet/tabletserver/querylogz_test.go
++++ b/go/vt/vttablet/tabletserver/querylogz_test.go
+@@ -37,7 +37,7 @@ func TestQuerylogzHandler(t *testing.T) {
+ 	req, _ := http.NewRequest("GET", "/querylogz?timeout=10&limit=1", nil)
+ 	logStats := tabletenv.NewLogStats(context.Background(), "Execute")
+ 	logStats.PlanType = planbuilder.PlanSelect.String()
+-	logStats.OriginalSQL = "select name from test_table limit 1000"
++	logStats.OriginalSQL = "select name, 'inject ' from test_table limit 1000"
+ 	logStats.RowsAffected = 1000
+ 	logStats.NumberOfQueries = 1
+ 	logStats.StartTime, _ = time.Parse("Jan 2 15:04:05", "Nov 29 13:33:09")
+@@ -64,7 +64,7 @@ func TestQuerylogzHandler(t *testing.T) {
+ 		`0.001`,
+ 		`1e-08`,
+ 		`Select`,
+-		`select name from test_table limit 1000`,
++		regexp.QuoteMeta(`select name,​ 'inject <script>alert()​;</script>' from test_table limit 1000`),
+ 		`1`,
+ 		`none`,
+ 		`1000`,
+@@ -95,7 +95,7 @@ func TestQuerylogzHandler(t *testing.T) {
+ 		`0.001`,
+ 		`1e-08`,
+ 		`Select`,
+-		`select name from test_table limit 1000`,
++		regexp.QuoteMeta(`select name,​ 'inject <script>alert()​;</script>' from test_table limit 1000`),
+ 		`1`,
+ 		`none`,
+ 		`1000`,
+@@ -126,7 +126,7 @@ func TestQuerylogzHandler(t *testing.T) {
+ 		`0.001`,
+ 		`1e-08`,
+ 		`Select`,
+-		`select name from test_table limit 1000`,
++		regexp.QuoteMeta(`select name,​ 'inject <script>alert()​;</script>' from test_table limit 1000`),
+ 		`1`,
+ 		`none`,
+ 		`1000`,
diff --git a/SPECS/vitess/CVE-2025-22870.patch b/SPECS/vitess/CVE-2025-22870.patch
new file mode 100644
index 0000000000..af73f155bf
--- /dev/null
+++ b/SPECS/vitess/CVE-2025-22870.patch
@@ -0,0 +1,48 @@
+From b10fd8fac9d7dae6942853a08c51985a0497161b Mon Sep 17 00:00:00 2001
+From: Sreenivasulu Malavathula 
+Date: Wed, 12 Mar 2025 06:11:52 -0500
+Subject: [PATCH] Address CVE-2025-22870
+Upstream Patch Reference: https://github.com/golang/go/commit/25177ecde0922c50753c043579d17828b7ee88e7
+
+---
+ vendor/golang.org/x/net/http/httpproxy/proxy.go | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/net/http/httpproxy/proxy.go b/vendor/golang.org/x/net/http/httpproxy/proxy.go
+index 6404aaf..d89c257 100644
+--- a/vendor/golang.org/x/net/http/httpproxy/proxy.go
++++ b/vendor/golang.org/x/net/http/httpproxy/proxy.go
+@@ -14,6 +14,7 @@ import (
+ 	"errors"
+ 	"fmt"
+ 	"net"
++	"net/netip"
+ 	"net/url"
+ 	"os"
+ 	"strings"
+@@ -177,8 +178,10 @@ func (cfg *config) useProxy(addr string) bool {
+ 	if host == "localhost" {
+ 		return false
+ 	}
+-	ip := net.ParseIP(host)
+-	if ip != nil {
++	nip, err := netip.ParseAddr(host)
++	var ip net.IP
++	if err == nil {
++		ip = net.IP(nip.AsSlice())
+ 		if ip.IsLoopback() {
+ 			return false
+ 		}
+@@ -360,6 +363,9 @@ type domainMatch struct {
+ }
+ 
+ func (m domainMatch) match(host, port string, ip net.IP) bool {
++	if ip != nil {
++		return false
++	}
+ 	if strings.HasSuffix(host, m.host) || (m.matchHost && host == m.host[1:]) {
+ 		return m.port == "" || m.port == port
+ 	}
+-- 
+2.45.2
+
diff --git a/SPECS/vitess/vitess.spec b/SPECS/vitess/vitess.spec
index 55094c9203..edac384c3e 100644
--- a/SPECS/vitess/vitess.spec
+++ b/SPECS/vitess/vitess.spec
@@ -3,7 +3,7 @@
 
 Name:           vitess
 Version:        19.0.4
-Release:        6%{?dist}
+Release:        8%{?dist}
 Summary:        Database clustering system for horizontal scaling of MySQL
 # Upstream license specification: MIT and Apache-2.0
 License:        MIT and ASL 2.0
@@ -26,9 +26,11 @@ Source0:        %{name}-%{version}.tar.gz
 #           -cf %%{name}-%%{version}-vendor.tar.gz vendor
 #
 Source1:        %{name}-%{version}-vendor.tar.gz
-Patch0:         CVE-2017-14623.patch 
+Patch0:         CVE-2017-14623.patch
 Patch1:         CVE-2024-45339.patch
 Patch2:         CVE-2025-22868.patch
+Patch3:         CVE-2025-22870.patch
+Patch4:         CVE-2024-53257.patch
 BuildRequires: golang < 1.23
 
 %description
@@ -106,6 +108,11 @@ go check -t go/cmd \
 %{_bindir}/*
 
 %changelog
+* Fri May 30 2025 Ranjan Dutta  - 19.0.4-8
+- merge from Azure Linux 3.0.20250521-3.0
+- Add patch for CVE-2024-53257
+- Patch to fix CVE-2025-22870
+
 * Fri Apr 28 2025 Ranjan Dutta  -19.0.4-6 
 - merge from Azure Linux tag 3.0.20250423-3.0
 - Fix CVE-2025-22868 with an upstream patch
diff --git a/SPECS/wpa_supplicant/CVE-2025-24912.patch b/SPECS/wpa_supplicant/CVE-2025-24912.patch
new file mode 100644
index 0000000000..4ec5f26f0d
--- /dev/null
+++ b/SPECS/wpa_supplicant/CVE-2025-24912.patch
@@ -0,0 +1,79 @@
+From 07e931dcdbdefe3e26217bea411e020a55c2ab86 Mon Sep 17 00:00:00 2001
+From: Kanishk-Bansal 
+Date: Wed, 26 Mar 2025 15:50:07 +0000
+Subject: [PATCH] Fix CVE CVE-2025-24912 in wpa_supplicant
+
+Upstream Reference: https://w1.fi/cgit/hostap/commit/?id=726432d7622cc0088ac353d073b59628b590ea44
+
+The case of an invalid authenticator in a RADIUS response could imply
+that the response is not from the correct RADIUS server and as such,
+such a response should be discarded without changing internal state for
+the pending request. The case of an unknown response (RADIUS_RX_UNKNOWN)
+is somewhat more complex since it could have been indicated before
+validating the authenticator. In any case, it seems better to change the
+state for the pending request only when we have fully accepted the
+response.
+
+Allowing the internal state of pending RADIUS request to change based on
+responses that are not fully validation could have allow at least a
+theoretical DoS attack if an attacker were to have means for injecting
+RADIUS messages to the network using the IP address of the real RADIUS
+server and being able to do so more quickly than the real server and
+with the matching identifier from the request header (i.e., either by
+flooding 256 responses quickly or by having means to capture the RADIUS
+request). These should not really be realistic options in a properly
+protected deployment, but nevertheless it is good to be more careful in
+processing RADIUS responses.
+
+Remove a pending RADIUS request from the internal list only when having
+fully accepted a matching RADIUS response, i.e., after one of the
+registered handlers has confirmed that the authenticator is valid and
+processing of the response has succeeded.
+
+---
+ src/radius/radius_client.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c
+index ee9e46d..8f93325 100644
+--- a/src/radius/radius_client.c
++++ b/src/radius/radius_client.c
+@@ -922,13 +922,6 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx)
+ 		       roundtrip / 100, roundtrip % 100);
+ 	rconf->round_trip_time = roundtrip;
+ 
+-	/* Remove ACKed RADIUS packet from retransmit list */
+-	if (prev_req)
+-		prev_req->next = req->next;
+-	else
+-		radius->msgs = req->next;
+-	radius->num_msgs--;
+-
+ 	for (i = 0; i < num_handlers; i++) {
+ 		RadiusRxResult res;
+ 		res = handlers[i].handler(msg, req->msg, req->shared_secret,
+@@ -939,6 +932,13 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx)
+ 			radius_msg_free(msg);
+ 			/* fall through */
+ 		case RADIUS_RX_QUEUED:
++			/* Remove ACKed RADIUS packet from retransmit list */
++			if (prev_req)
++				prev_req->next = req->next;
++			else
++				radius->msgs = req->next;
++			radius->num_msgs--;
++
+ 			radius_client_msg_free(req);
+ 			return;
+ 		case RADIUS_RX_INVALID_AUTHENTICATOR:
+@@ -960,7 +960,6 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx)
+ 		       msg_type, hdr->code, hdr->identifier,
+ 		       invalid_authenticator ? " [INVALID AUTHENTICATOR]" :
+ 		       "");
+-	radius_client_msg_free(req);
+ 
+  fail:
+ 	radius_msg_free(msg);
+-- 
+2.45.2
+
diff --git a/SPECS/wpa_supplicant/wpa_supplicant.spec b/SPECS/wpa_supplicant/wpa_supplicant.spec
index ab1493470d..5ad8a555f2 100644
--- a/SPECS/wpa_supplicant/wpa_supplicant.spec
+++ b/SPECS/wpa_supplicant/wpa_supplicant.spec
@@ -1,7 +1,7 @@
 Summary:        WPA client
 Name:           wpa_supplicant
 Version:        2.10
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -9,6 +9,7 @@ Group:          Applications/Communications
 URL:            https://w1.fi
 Source0:        https://w1.fi/releases/%{name}-%{version}.tar.gz
 Patch0:         CVE-2023-52160.patch
+Patch1:         CVE-2025-24912.patch
 BuildRequires:  libnl3-devel
 BuildRequires:  openssl-devel
 Requires:       libnl3
@@ -96,6 +97,9 @@ EOF
 %{_sysconfdir}/wpa_supplicant/wpa_supplicant-wlan0.conf
 
 %changelog
+* Wed Mar 26 2025 Kanishk-Bansal  - 2.10-3
+- Patch CVE-2025-24912
+
 * Wed Feb 03 2025 Sreeniavsulu Malavathula  - 2.10-2
 - Patch to fix CVE-2023-52160.
 
diff --git a/SPECS/xz/CVE-2025-31115.patch b/SPECS/xz/CVE-2025-31115.patch
new file mode 100644
index 0000000000..ccf6ffcb55
--- /dev/null
+++ b/SPECS/xz/CVE-2025-31115.patch
@@ -0,0 +1,334 @@
+# Fix CVE-2025-31115 in XZ Utils 5.3.3alpha to 5.8.0
+# This applies to all affected releases.
+# https://tukaani.org/xz/threaded-decoder-early-free.html
+
+From 831b55b971cf579ee16a854f177c36b20d3c6999 Mon Sep 17 00:00:00 2001
+From: Lasse Collin 
+Date: Thu, 3 Apr 2025 14:34:42 +0300
+Subject: [PATCH 1/4] liblzma: mt dec: Fix a comment
+
+Reviewed-by: Sebastian Andrzej Siewior 
+Thanks-to: Sam James 
+---
+ src/liblzma/common/stream_decoder_mt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/liblzma/common/stream_decoder_mt.c b/src/liblzma/common/stream_decoder_mt.c
+index 22c9375f..812b745d 100644
+--- a/src/liblzma/common/stream_decoder_mt.c
++++ b/src/liblzma/common/stream_decoder_mt.c
+@@ -347,7 +347,7 @@ worker_enable_partial_update(void *thr_ptr)
+ 
+ 
+ /// Things do to at THR_STOP or when finishing a Block.
+-/// This is called with thr->mutex locked.
++/// This is called with thr->coder->mutex locked.
+ static void
+ worker_stop(struct worker_thread *thr)
+ {
+-- 
+2.49.0
+
+
+From c0c835964dfaeb2513a3c0bdb642105152fe9f34 Mon Sep 17 00:00:00 2001
+From: Lasse Collin 
+Date: Thu, 3 Apr 2025 14:34:42 +0300
+Subject: [PATCH 2/4] liblzma: mt dec: Simplify by removing the THR_STOP state
+
+The main thread can directly set THR_IDLE in threads_stop() which is
+called when errors are detected. threads_stop() won't return the stopped
+threads to the pool or free the memory pointed by thr->in anymore, but
+it doesn't matter because the existing workers won't be reused after
+an error. The resources will be cleaned up when threads_end() is
+called (reinitializing the decoder always calls threads_end()).
+
+Reviewed-by: Sebastian Andrzej Siewior 
+Thanks-to: Sam James 
+---
+ src/liblzma/common/stream_decoder_mt.c | 75 ++++++++++----------------
+ 1 file changed, 29 insertions(+), 46 deletions(-)
+
+diff --git a/src/liblzma/common/stream_decoder_mt.c b/src/liblzma/common/stream_decoder_mt.c
+index 812b745d..82962c64 100644
+--- a/src/liblzma/common/stream_decoder_mt.c
++++ b/src/liblzma/common/stream_decoder_mt.c
+@@ -23,15 +23,10 @@ typedef enum {
+ 	THR_IDLE,
+ 
+ 	/// Decoding is in progress.
+-	/// Main thread may change this to THR_STOP or THR_EXIT.
++	/// Main thread may change this to THR_IDLE or THR_EXIT.
+ 	/// The worker thread may change this to THR_IDLE.
+ 	THR_RUN,
+ 
+-	/// The main thread wants the thread to stop whatever it was doing
+-	/// but not exit. Main thread may change this to THR_EXIT.
+-	/// The worker thread may change this to THR_IDLE.
+-	THR_STOP,
+-
+ 	/// The main thread wants the thread to exit.
+ 	THR_EXIT,
+ 
+@@ -346,27 +341,6 @@ worker_enable_partial_update(void *thr_ptr)
+ }
+ 
+ 
+-/// Things do to at THR_STOP or when finishing a Block.
+-/// This is called with thr->coder->mutex locked.
+-static void
+-worker_stop(struct worker_thread *thr)
+-{
+-	// Update memory usage counters.
+-	thr->coder->mem_in_use -= thr->in_size;
+-	thr->in_size = 0; // thr->in was freed above.
+-
+-	thr->coder->mem_in_use -= thr->mem_filters;
+-	thr->coder->mem_cached += thr->mem_filters;
+-
+-	// Put this thread to the stack of free threads.
+-	thr->next = thr->coder->threads_free;
+-	thr->coder->threads_free = thr;
+-
+-	mythread_cond_signal(&thr->coder->cond);
+-	return;
+-}
+-
+-
+ static MYTHREAD_RET_TYPE
+ worker_decoder(void *thr_ptr)
+ {
+@@ -397,17 +371,6 @@ next_loop_unlocked:
+ 		return MYTHREAD_RET_VALUE;
+ 	}
+ 
+-	if (thr->state == THR_STOP) {
+-		thr->state = THR_IDLE;
+-		mythread_mutex_unlock(&thr->mutex);
+-
+-		mythread_sync(thr->coder->mutex) {
+-			worker_stop(thr);
+-		}
+-
+-		goto next_loop_lock;
+-	}
+-
+ 	assert(thr->state == THR_RUN);
+ 
+ 	// Update progress info for get_progress().
+@@ -510,7 +473,22 @@ next_loop_unlocked:
+ 				&& thr->coder->thread_error == LZMA_OK)
+ 			thr->coder->thread_error = ret;
+ 
+-		worker_stop(thr);
++		// Return the worker thread to the stack of available
++		// threads.
++		{
++			// Update memory usage counters.
++			thr->coder->mem_in_use -= thr->in_size;
++			thr->in_size = 0; // thr->in was freed above.
++
++			thr->coder->mem_in_use -= thr->mem_filters;
++			thr->coder->mem_cached += thr->mem_filters;
++
++			// Put this thread to the stack of free threads.
++			thr->next = thr->coder->threads_free;
++			thr->coder->threads_free = thr;
++		}
++
++		mythread_cond_signal(&thr->coder->cond);
+ 	}
+ 
+ 	goto next_loop_lock;
+@@ -544,17 +522,22 @@ threads_end(struct lzma_stream_coder *coder, const lzma_allocator *allocator)
+ }
+ 
+ 
++/// Tell worker threads to stop without doing any cleaning up.
++/// The clean up will be done when threads_exit() is called;
++/// it's not possible to reuse the threads after threads_stop().
++///
++/// This is called before returning an unrecoverable error code
++/// to the application. It would be waste of processor time
++/// to keep the threads running in such a situation.
+ static void
+ threads_stop(struct lzma_stream_coder *coder)
+ {
+ 	for (uint32_t i = 0; i < coder->threads_initialized; ++i) {
++		// The threads that are in the THR_RUN state will stop
++		// when they check the state the next time. There's no
++		// need to signal coder->threads[i].cond.
+ 		mythread_sync(coder->threads[i].mutex) {
+-			// The state must be changed conditionally because
+-			// THR_IDLE -> THR_STOP is not a valid state change.
+-			if (coder->threads[i].state != THR_IDLE) {
+-				coder->threads[i].state = THR_STOP;
+-				mythread_cond_signal(&coder->threads[i].cond);
+-			}
++			coder->threads[i].state = THR_IDLE;
+ 		}
+ 	}
+ 
+@@ -1941,7 +1924,7 @@ stream_decoder_mt_init(lzma_next_coder *next, const lzma_allocator *allocator,
+ 	// accounting from scratch, too. Changes in filter and block sizes may
+ 	// affect number of threads.
+ 	//
+-	// FIXME? Reusing should be easy but unlike the single-threaded
++	// Reusing threads doesn't seem worth it. Unlike the single-threaded
+ 	// decoder, with some types of input file combinations reusing
+ 	// could leave quite a lot of memory allocated but unused (first
+ 	// file could allocate a lot, the next files could use fewer
+-- 
+2.49.0
+
+
+From d5a2ffe41bb77b918a8c96084885d4dbe4bf6480 Mon Sep 17 00:00:00 2001
+From: Lasse Collin 
+Date: Thu, 3 Apr 2025 14:34:42 +0300
+Subject: [PATCH 3/4] liblzma: mt dec: Don't free the input buffer too early
+ (CVE-2025-31115)
+
+The input buffer must be valid as long as the main thread is writing
+to the worker-specific input buffer. Fix it by making the worker
+thread not free the buffer on errors and not return the worker thread to
+the pool. The input buffer will be freed when threads_end() is called.
+
+With invalid input, the bug could at least result in a crash. The
+effects include heap use after free and writing to an address based
+on the null pointer plus an offset.
+
+The bug has been there since the first committed version of the threaded
+decoder and thus affects versions from 5.3.3alpha to 5.8.0.
+
+As the commit message in 4cce3e27f529 says, I had made significant
+changes on top of Sebastian's patch. This bug was indeed introduced
+by my changes; it wasn't in Sebastian's version.
+
+Thanks to Harri K. Koskinen for discovering and reporting this issue.
+
+Fixes: 4cce3e27f529 ("liblzma: Add threaded .xz decompressor.")
+Reported-by: Harri K. Koskinen 
+Reviewed-by: Sebastian Andrzej Siewior 
+Thanks-to: Sam James 
+---
+ src/liblzma/common/stream_decoder_mt.c | 31 ++++++++++++++++++--------
+ 1 file changed, 22 insertions(+), 9 deletions(-)
+
+diff --git a/src/liblzma/common/stream_decoder_mt.c b/src/liblzma/common/stream_decoder_mt.c
+index 82962c64..98aabcff 100644
+--- a/src/liblzma/common/stream_decoder_mt.c
++++ b/src/liblzma/common/stream_decoder_mt.c
+@@ -435,8 +435,7 @@ next_loop_unlocked:
+ 	}
+ 
+ 	// Either we finished successfully (LZMA_STREAM_END) or an error
+-	// occurred. Both cases are handled almost identically. The error
+-	// case requires updating thr->coder->thread_error.
++	// occurred.
+ 	//
+ 	// The sizes are in the Block Header and the Block decoder
+ 	// checks that they match, thus we know these:
+@@ -444,16 +443,30 @@ next_loop_unlocked:
+ 	assert(ret != LZMA_STREAM_END
+ 		|| thr->out_pos == thr->block_options.uncompressed_size);
+ 
+-	// Free the input buffer. Don't update in_size as we need
+-	// it later to update thr->coder->mem_in_use.
+-	lzma_free(thr->in, thr->allocator);
+-	thr->in = NULL;
+-
+ 	mythread_sync(thr->mutex) {
++		// Block decoder ensures this, but do a sanity check anyway
++		// because thr->in_filled < thr->in_size means that the main
++		// thread is still writing to thr->in.
++		if (ret == LZMA_STREAM_END && thr->in_filled != thr->in_size) {
++			assert(0);
++			ret = LZMA_PROG_ERROR;
++		}
++
+ 		if (thr->state != THR_EXIT)
+ 			thr->state = THR_IDLE;
+ 	}
+ 
++	// Free the input buffer. Don't update in_size as we need
++	// it later to update thr->coder->mem_in_use.
++	//
++	// This step is skipped if an error occurred because the main thread
++	// might still be writing to thr->in. The memory will be freed after
++	// threads_end() sets thr->state = THR_EXIT.
++	if (ret == LZMA_STREAM_END) {
++		lzma_free(thr->in, thr->allocator);
++		thr->in = NULL;
++	}
++
+ 	mythread_sync(thr->coder->mutex) {
+ 		// Move our progress info to the main thread.
+ 		thr->coder->progress_in += thr->in_pos;
+@@ -474,8 +487,8 @@ next_loop_unlocked:
+ 			thr->coder->thread_error = ret;
+ 
+ 		// Return the worker thread to the stack of available
+-		// threads.
+-		{
++		// threads only if no errors occurred.
++		if (ret == LZMA_STREAM_END) {
+ 			// Update memory usage counters.
+ 			thr->coder->mem_in_use -= thr->in_size;
+ 			thr->in_size = 0; // thr->in was freed above.
+-- 
+2.49.0
+
+
+From 8188048854e8d11071b8a50d093c74f4c030acc9 Mon Sep 17 00:00:00 2001
+From: Lasse Collin 
+Date: Thu, 3 Apr 2025 14:34:42 +0300
+Subject: [PATCH 4/4] liblzma: mt dec: Don't modify thr->in_size in the worker
+ thread
+
+Don't set thr->in_size = 0 when returning the thread to the stack of
+available threads. Not only is it useless, but the main thread may
+read the value in SEQ_BLOCK_THR_RUN. With valid inputs, it made
+no difference if the main thread saw the original value or 0. With
+invalid inputs (when worker thread stops early), thr->in_size was
+no longer modified after the previous commit with the security fix
+("Don't free the input buffer too early").
+
+So while the bug appears harmless now, it's important to fix it because
+the variable was being modified without proper locking. It's trivial
+to fix because there is no need to change the value. Only main thread
+needs to set the value in (in SEQ_BLOCK_THR_INIT) when starting a new
+Block before the worker thread is activated.
+
+Fixes: 4cce3e27f529 ("liblzma: Add threaded .xz decompressor.")
+Reviewed-by: Sebastian Andrzej Siewior 
+Thanks-to: Sam James 
+---
+ src/liblzma/common/stream_decoder_mt.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/liblzma/common/stream_decoder_mt.c b/src/liblzma/common/stream_decoder_mt.c
+index 98aabcff..1fa92220 100644
+--- a/src/liblzma/common/stream_decoder_mt.c
++++ b/src/liblzma/common/stream_decoder_mt.c
+@@ -491,8 +491,6 @@ next_loop_unlocked:
+ 		if (ret == LZMA_STREAM_END) {
+ 			// Update memory usage counters.
+ 			thr->coder->mem_in_use -= thr->in_size;
+-			thr->in_size = 0; // thr->in was freed above.
+-
+ 			thr->coder->mem_in_use -= thr->mem_filters;
+ 			thr->coder->mem_cached += thr->mem_filters;
+ 
+@@ -1554,6 +1552,10 @@ stream_decode_mt(void *coder_ptr, const lzma_allocator *allocator,
+ 		}
+ 
+ 		// Return if the input didn't contain the whole Block.
++		//
++		// NOTE: When we updated coder->thr->in_filled a few lines
++		// above, the worker thread might by now have finished its
++		// work and returned itself back to the stack of free threads.
+ 		if (coder->thr->in_filled < coder->thr->in_size) {
+ 			assert(*in_pos == in_size);
+ 			return LZMA_OK;
+-- 
+2.49.0
+
diff --git a/SPECS/xz/xz.spec b/SPECS/xz/xz.spec
index 68182088df..19bd404ca6 100644
--- a/SPECS/xz/xz.spec
+++ b/SPECS/xz/xz.spec
@@ -1,13 +1,14 @@
 Summary:        Programs for compressing and decompressing files
 Name:           xz
 Version:        5.4.4
-Release:        1%{?dist}
+Release:        2%{?dist}
 URL:            https://tukaani.org/xz
 License:        GPLv2+ and GPLv3+ and LGPLv2+
 Group:          Applications/File
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Source0:        https://tukaani.org/xz/%{name}-%{version}.tar.xz
+Patch0:         CVE-2025-31115.patch
 Provides:       xz-lzma-compat = %{version}-%{release}
 Provides:       lzma = %{version}-%{release}
 Requires:       xz-libs = %{version}-%{release}
@@ -36,7 +37,8 @@ Group:      System Environment/Libraries
 This package contains minimal set of shared xz libraries.
 
 %prep
-%setup -q
+%autosetup -p1
+
 %build
 ./configure \
     --prefix=%{_prefix} \
@@ -105,6 +107,9 @@ make  %{?_smp_mflags}  check
 %defattr(-,root,root)
 
 %changelog
+* Tue Apr 1 2025 Jon Slobodzian  - 5.4.4-2
+- Patch for CVE-2025-31115
+
 * Mon Oct 16 2023 CBL-Mariner Servicing Account  - 5.4.4-1
 - Auto-upgrade to 5.4.4 - Azure Linux 3.0 - package upgrades
 
diff --git a/SPECS/yasm/CVE-2023-37732.patch b/SPECS/yasm/CVE-2023-37732.patch
new file mode 100644
index 0000000000..91c4e15861
--- /dev/null
+++ b/SPECS/yasm/CVE-2023-37732.patch
@@ -0,0 +1,39 @@
+From a8196f22eccfd6e2b934dfdb4f8dac97d7e6c1f3 Mon Sep 17 00:00:00 2001
+From: akhila-guruju 
+Date: Wed, 14 May 2025 07:35:12 +0000
+Subject: [PATCH] Address CVE-2023-37732
+
+Upstream patch reference: https://github.com/yasm/yasm/commit/2cd3bb50e256f5ed5f611ac611d25fe673f2cec3
+
+---
+ modules/objfmts/elf/elf.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/modules/objfmts/elf/elf.c b/modules/objfmts/elf/elf.c
+index 2486bba..bab4c9c 100644
+--- a/modules/objfmts/elf/elf.c
++++ b/modules/objfmts/elf/elf.c
+@@ -482,15 +482,15 @@ elf_symtab_write_to_file(FILE *f, elf_symtab_head *symtab,
+ 
+         /* get size (if specified); expr overrides stored integer */
+         if (entry->xsize) {
+-            size_intn = yasm_intnum_copy(
+-                yasm_expr_get_intnum(&entry->xsize, 1));
+-            if (!size_intn) {
++            yasm_intnum *intn = yasm_expr_get_intnum(&entry->xsize, 1);
++            if (!intn) {
+                 yasm_error_set(YASM_ERROR_VALUE,
+                                N_("size specifier not an integer expression"));
+                 yasm_errwarn_propagate(errwarns, entry->xsize->line);
+-            }
++            } else
++                size_intn = yasm_intnum_copy(intn);
+         }
+-        else
++        if (!size_intn)
+             size_intn = yasm_intnum_create_uint(entry->size);
+ 
+         /* get EQU value for constants */
+-- 
+2.45.2
+
diff --git a/SPECS/yasm/CVE-2023-51258.patch b/SPECS/yasm/CVE-2023-51258.patch
new file mode 100644
index 0000000000..6b699aad3d
--- /dev/null
+++ b/SPECS/yasm/CVE-2023-51258.patch
@@ -0,0 +1,34 @@
+From fd85453926e43073dc785ec0cc02a10fe2dd2794 Mon Sep 17 00:00:00 2001
+From: akhila-guruju 
+Date: Wed, 14 May 2025 07:13:01 +0000
+Subject: [PATCH] Address CVE-2023-51258
+
+Upstream patch reference: https://github.com/yasm/yasm/pull/264/commits/eeee94bfd6dd18af8b1508c1804d93cf20ef44e6
+
+---
+ modules/preprocs/nasm/nasm-pp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/modules/preprocs/nasm/nasm-pp.c b/modules/preprocs/nasm/nasm-pp.c
+index 27a8cc6..76df757 100644
+--- a/modules/preprocs/nasm/nasm-pp.c
++++ b/modules/preprocs/nasm/nasm-pp.c
+@@ -3091,6 +3091,7 @@ do_directive(Token * tline)
+             {
+                 error(ERR_NONFATAL, "`%s': not defining a macro",
+                         tline->text);
++                free_tlist(origline);
+                 return DIRECTIVE_FOUND;
+             }
+             k = hash(defining->name);
+@@ -3188,6 +3189,7 @@ do_directive(Token * tline)
+                 {
+                     error(ERR_NONFATAL, "non-constant value given to `%%rep'");
+                     yasm_expr_destroy(evalresult);
++                    free_tlist(origline);
+                     return DIRECTIVE_FOUND;
+                 }
+                 i = (int)yasm_intnum_get_int(intn) + 1;
+-- 
+2.45.2
+
diff --git a/SPECS/yasm/yasm.spec b/SPECS/yasm/yasm.spec
index 8e89daf4c7..6da9d3eba6 100644
--- a/SPECS/yasm/yasm.spec
+++ b/SPECS/yasm/yasm.spec
@@ -1,7 +1,7 @@
 Summary:        Modular Assembler
 Name:           yasm
 Version:        1.3.0
-Release:        15%{?dist}
+Release:        16%{?dist}
 License:        BSD and (GPLv2+ or Artistic or LGPLv2+) and LGPLv2
 URL:            https://yasm.tortall.net/
 Vendor:         Microsoft Corporation
@@ -10,6 +10,8 @@ Source0:        https://www.tortall.net/projects/%{name}/releases/%{name}-%{vers
 Patch1:         0001-Update-elf-objfmt.c.patch
 Patch2:         CVE-2023-31975.patch
 Patch3:         CVE-2021-33454.patch
+Patch4:         CVE-2023-51258.patch
+Patch5:         CVE-2023-37732.patch
 
 BuildRequires:  gcc
 BuildRequires:  bison
@@ -74,6 +76,9 @@ make install DESTDIR=%{buildroot}
 
 
 %changelog
+* Wed May 14 2025 Akhila Guruju  - 1.3.0-16
+- Patch CVE-2023-51258 and CVE-2023-37732
+
 * Thu Aug 01 2024 Aditya Dubey  - 1.3.0-15
 - Apply upstream patch for CVE-2021-33454
 
diff --git a/SPECS/zsh/zsh.spec b/SPECS/zsh/zsh.spec
index 7fbb08a8fc..61a3b22fbd 100644
--- a/SPECS/zsh/zsh.spec
+++ b/SPECS/zsh/zsh.spec
@@ -3,7 +3,7 @@
 Summary:        Z shell
 Name:           zsh
 Version:        5.9
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        MIT AND GPLv2.0 AND GPLv3.0 AND GPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -56,6 +56,8 @@ This package contains the Zsh manual in html format.
 
 %prep
 %autosetup -p1
+# fixing ptest
+sed -i 's/egrep/grep -E/g' Test/E01options.ztst
 
 %build
 # make loading of module's dependencies work again (#1277996)
@@ -129,6 +131,9 @@ fi
 %doc Doc/*.html
 
 %changelog
+* Tue Apr 08 2025 Riken Maharjan  - 5.9-4
+- Fix ptest by making test stop using egrep.
+
 * Thu Nov 30 2023 Dan Streetman  - 5.9-3
 - Remove umask 027
 
diff --git a/cgmanifest.json b/cgmanifest.json
index a488ff93ab..68e4d0fe80 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -185,8 +185,8 @@
         "type": "other",
         "other": {
           "name": "amtk",
-          "version": "5.0.2",
-          "downloadUrl": "https://download.gnome.org/sources/amtk/5.0/amtk-5.0.2.tar.xz"
+          "version": "5.6.1",
+          "downloadUrl": "https://download.gnome.org/sources/amtk/5.6/amtk-5.6.1.tar.xz"
         }
       }
     },
@@ -225,8 +225,8 @@
         "type": "other",
         "other": {
           "name": "ansible-freeipa",
-          "version": "0.3.4",
-          "downloadUrl": "https://github.com/freeipa/ansible-freeipa/archive/v0.3.4.tar.gz"
+          "version": "1.13.2",
+          "downloadUrl": "https://github.com/freeipa/ansible-freeipa/archive/v1.13.2.tar.gz"
         }
       }
     },
@@ -850,6 +850,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "azl-otel-collector",
+          "version": "0.124.0",
+          "downloadUrl": "https://github.com/microsoft/azl-otel-collector/archive/refs/tags/v0.124.0.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -1807,8 +1817,8 @@
         "type": "other",
         "other": {
           "name": "cloud-hypervisor-cvm",
-          "version": "38.0.72.2",
-          "downloadUrl": "https://github.com/microsoft/cloud-hypervisor/archive/refs/tags/msft/v38.0.72.2.tar.gz"
+          "version": "41.0.79",
+          "downloadUrl": "https://github.com/microsoft/cloud-hypervisor/archive/refs/tags/msft/v41.0.79.tar.gz"
         }
       }
     },
@@ -1822,6 +1832,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "cloud-provider-kubevirt",
+          "version": "0.5.1",
+          "downloadUrl": "https://github.com/kubevirt/cloud-provider-kubevirt/archive/refs/tags/v0.5.1.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -2087,8 +2107,8 @@
         "type": "other",
         "other": {
           "name": "containernetworking-plugins",
-          "version": "1.1.1",
-          "downloadUrl": "https://github.com/containernetworking/plugins/archive/v1.1.1.tar.gz"
+          "version": "1.6.1",
+          "downloadUrl": "https://github.com/containernetworking/plugins/archive/v1.6.1.tar.gz"
         }
       }
     },
@@ -3378,8 +3398,8 @@
         "type": "other",
         "other": {
           "name": "erlang",
-          "version": "26.2.5.9",
-          "downloadUrl": "https://github.com/erlang/otp/archive/OTP-26.2.5.9/otp-OTP-26.2.5.9.tar.gz"
+          "version": "26.2.5.11",
+          "downloadUrl": "https://github.com/erlang/otp/archive/OTP-26.2.5.11/otp-OTP-26.2.5.11.tar.gz"
         }
       }
     },
@@ -3398,8 +3418,8 @@
         "type": "other",
         "other": {
           "name": "espeak-ng",
-          "version": "1.51.1",
-          "downloadUrl": "https://github.com/espeak-ng/espeak-ng/archive/1.51.1/espeak-ng-1.51.1.tar.gz"
+          "version": "1.52.0",
+          "downloadUrl": "https://github.com/espeak-ng/espeak-ng/archive/refs/tags/1.52.0.tar.gz"
         }
       }
     },
@@ -3418,8 +3438,8 @@
         "type": "other",
         "other": {
           "name": "etcd",
-          "version": "3.5.18",
-          "downloadUrl": "https://github.com/etcd-io/etcd/archive/v3.5.18.tar.gz"
+          "version": "3.5.21",
+          "downloadUrl": "https://github.com/etcd-io/etcd/archive/v3.5.21.tar.gz"
         }
       }
     },
@@ -3478,8 +3498,8 @@
         "type": "other",
         "other": {
           "name": "expat",
-          "version": "2.6.3",
-          "downloadUrl": "https://github.com/libexpat/libexpat/releases/download/R_2_6_3/expat-2.6.3.tar.bz2"
+          "version": "2.6.4",
+          "downloadUrl": "https://github.com/libexpat/libexpat/releases/download/R_2_6_4/expat-2.6.4.tar.bz2"
         }
       }
     },
@@ -3493,6 +3513,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "expected",
+          "version": "1.1.0",
+          "downloadUrl": "https://github.com/TartanLlama/expected/archive/v1.1.0/expected-1.1.0.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -3548,8 +3578,8 @@
         "type": "other",
         "other": {
           "name": "fcgi",
-          "version": "2.4.0",
-          "downloadUrl": "https://src.fedoraproject.org/lookaside/extras/fcgi/fcgi-2.4.0.tar.gz/d15060a813b91383a9f3c66faf84867e/fcgi-2.4.0.tar.gz"
+          "version": "2.4.5",
+          "downloadUrl": "https://github.com/FastCGI-Archives/fcgi2/archive/refs/tags/2.4.5.tar.gz"
         }
       }
     },
@@ -3930,8 +3960,8 @@
         "type": "other",
         "other": {
           "name": "freexl",
-          "version": "1.0.6",
-          "downloadUrl": "https://www.gaia-gis.it/gaia-sins/freexl-sources/freexl-1.0.6.tar.gz"
+          "version": "2.0.0",
+          "downloadUrl": "https://www.gaia-gis.it/gaia-sins/freexl-sources/freexl-2.0.0.tar.gz"
         }
       }
     },
@@ -4680,8 +4710,8 @@
         "type": "other",
         "other": {
           "name": "golang",
-          "version": "1.23.7",
-          "downloadUrl": "https://github.com/microsoft/go/releases/download/v1.23.7-1/go1.23.7-20250304.2.src.tar.gz"
+          "version": "1.23.9",
+          "downloadUrl": "https://github.com/microsoft/go/releases/download/v1.23.9-1/go1.23.9-20250506.5.src.tar.gz"
         }
       }
     },
@@ -4930,8 +4960,8 @@
         "type": "other",
         "other": {
           "name": "grpc",
-          "version": "1.62.0",
-          "downloadUrl": "https://github.com/grpc/grpc/archive/v1.62.0/grpc-1.62.0.tar.gz"
+          "version": "1.62.3",
+          "downloadUrl": "https://github.com/grpc/grpc/archive/v1.62.3/grpc-1.62.3.tar.gz"
         }
       }
     },
@@ -6620,8 +6650,8 @@
         "type": "other",
         "other": {
           "name": "hyperv-daemons",
-          "version": "6.6.82.1",
-          "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-3/6.6.82.1.tar.gz"
+          "version": "6.6.85.1",
+          "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-3/6.6.85.1.tar.gz"
         }
       }
     },
@@ -6670,8 +6700,8 @@
         "type": "other",
         "other": {
           "name": "hyphen-ca",
-          "version": "0.9.3",
-          "downloadUrl": "https://downloads.sourceforge.net/project/aoo-extensions/2010/7/hyph-ca.oxt"
+          "version": "1.5",
+          "downloadUrl": "https://github.com/jaumeortola/hyphen-ca/archive/refs/tags/v1.5.tar.gz"
         }
       }
     },
@@ -6830,8 +6860,8 @@
         "type": "other",
         "other": {
           "name": "hyphen-it",
-          "version": "0.20071127",
-          "downloadUrl": "http://download.services.openoffice.org/contrib/dictionaries/hyph_it_IT.zip"
+          "version": "5.1.1",
+          "downloadUrl": "https://pagure.io/dizionario_italiano/archive/5.1.1/dizionario_italiano-5.1.1.tar.gz"
         }
       }
     },
@@ -7040,8 +7070,8 @@
         "type": "other",
         "other": {
           "name": "hyphen-tk",
-          "version": "0.20110620",
-          "downloadUrl": "https://github.com/hyphenation/tex-hyphen/blob/ee22323218150388abdeb36184ad5861e3669b65/hyph-utf8/tex/generic/hyph-utf8/patterns/tex/hyph-tk.tex"
+          "version": "0.20210322",
+          "downloadUrl": "https://mirrors.ctan.org/language/hyph-utf8/tex/patterns/tex/hyph-tk.tex"
         }
       }
     },
@@ -8311,8 +8341,8 @@
         "type": "other",
         "other": {
           "name": "kata-containers",
-          "version": "3.2.0.azl5",
-          "downloadUrl": "https://github.com/microsoft/kata-containers/archive/refs/tags/3.2.0.azl5.tar.gz"
+          "version": "3.15.0.aks0",
+          "downloadUrl": "https://github.com/microsoft/kata-containers/archive/refs/tags/3.15.0.aks0.tar.gz"
         }
       }
     },
@@ -8321,8 +8351,8 @@
         "type": "other",
         "other": {
           "name": "kata-containers-cc",
-          "version": "3.2.0.azl5",
-          "downloadUrl": "https://github.com/microsoft/kata-containers/archive/refs/tags/3.2.0.azl5.tar.gz"
+          "version": "3.15.0.aks0",
+          "downloadUrl": "https://github.com/microsoft/kata-containers/archive/refs/tags/3.15.0.aks0.tar.gz"
         }
       }
     },
@@ -8401,8 +8431,8 @@
         "type": "other",
         "other": {
           "name": "kernel-64k",
-          "version": "6.6.82.1",
-          "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-3/6.6.82.1.tar.gz"
+          "version": "6.6.85.1",
+          "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-3/6.6.85.1.tar.gz"
         }
       }
     },
@@ -8426,6 +8456,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "kernel-lpg-innovate",
+          "version": "6.6.85.1",
+          "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/lpg-innovate/6.6.85.1.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -8681,8 +8721,8 @@
         "type": "other",
         "other": {
           "name": "kyotocabinet",
-          "version": "1.2.78",
-          "downloadUrl": "https://dbmx.net/kyotocabinet/pkg/kyotocabinet-1.2.78.tar.gz"
+          "version": "1.2.80",
+          "downloadUrl": "https://dbmx.net/kyotocabinet/pkg/kyotocabinet-1.2.80.tar.gz"
         }
       }
     },
@@ -9001,8 +9041,8 @@
         "type": "other",
         "other": {
           "name": "libblockdev",
-          "version": "2.28",
-          "downloadUrl": "https://github.com/storaged-project/libblockdev/releases/download/2.28-1/libblockdev-2.28.tar.gz"
+          "version": "3.2.0",
+          "downloadUrl": "https://github.com/storaged-project/libblockdev/releases/download/3.2.0/libblockdev-3.2.0.tar.gz"
         }
       }
     },
@@ -9721,8 +9761,8 @@
         "type": "other",
         "other": {
           "name": "libgeotiff",
-          "version": "1.7.1",
-          "downloadUrl": "https://download.osgeo.org/geotiff/libgeotiff/libgeotiff-1.7.1.tar.gz"
+          "version": "1.7.3",
+          "downloadUrl": "https://download.osgeo.org/geotiff/libgeotiff/libgeotiff-1.7.3.tar.gz"
         }
       }
     },
@@ -9881,8 +9921,8 @@
         "type": "other",
         "other": {
           "name": "libgxps",
-          "version": "0.3.1",
-          "downloadUrl": "https://ftp.gnome.org/pub/gnome/sources/libgxps/0.3/libgxps-0.3.1.tar.xz"
+          "version": "0.3.2",
+          "downloadUrl": "https://ftp.gnome.org/pub/gnome/sources/libgxps/0.3/libgxps-0.3.2.tar.xz"
         }
       }
     },
@@ -10271,8 +10311,8 @@
         "type": "other",
         "other": {
           "name": "liblqr-1",
-          "version": "0.4.2",
-          "downloadUrl": "http://liblqr.wikidot.com/local--files/en:download-page/liblqr-1-0.4.2.tar.bz2"
+          "version": "0.4.3",
+          "downloadUrl": "https://liblqr.wikidot.com/local--files/en:download-page/liblqr-1-0.4.3.tar.bz2"
         }
       }
     },
@@ -10296,6 +10336,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "libmamba",
+          "version": "1.5.12",
+          "downloadUrl": "https://github.com/mamba-org/mamba/archive/libmamba-1.5.12/libmamba-1.5.12.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -11091,8 +11141,8 @@
         "type": "other",
         "other": {
           "name": "librevenge",
-          "version": "0.0.4",
-          "downloadUrl": "http://downloads.sourceforge.net/libwpd/librevenge-0.0.4.tar.xz"
+          "version": "0.0.5",
+          "downloadUrl": "https://downloads.sourceforge.net/libwpd/librevenge-0.0.5.tar.xz"
         }
       }
     },
@@ -11331,8 +11381,8 @@
         "type": "other",
         "other": {
           "name": "libspiro",
-          "version": "20221101",
-          "downloadUrl": "https://github.com/fontforge/libspiro/releases/download/20221101/libspiro-dist-20221101.tar.gz"
+          "version": "20240903",
+          "downloadUrl": "https://github.com/fontforge/libspiro/releases/download/20240903/libspiro-dist-20240903.tar.gz"
         }
       }
     },
@@ -11361,8 +11411,8 @@
         "type": "other",
         "other": {
           "name": "libssh2",
-          "version": "1.11.0",
-          "downloadUrl": "https://www.libssh2.org/download/libssh2-1.11.0.tar.gz"
+          "version": "1.11.1",
+          "downloadUrl": "https://www.libssh2.org/download/libssh2-1.11.1.tar.gz"
         }
       }
     },
@@ -11691,8 +11741,8 @@
         "type": "other",
         "other": {
           "name": "libutempter",
-          "version": "1.1.6",
-          "downloadUrl": "https://github.com/altlinux/libutempter/archive/refs/tags/libutempter-1.1.6.tar.bz2"
+          "version": "1.2.1",
+          "downloadUrl": "https://ftp.altlinux.org/pub/people/ldv/libutempter/libutempter-1.2.1.tar.gz"
         }
       }
     },
@@ -12241,8 +12291,8 @@
         "type": "other",
         "other": {
           "name": "libXScrnSaver",
-          "version": "1.2.3",
-          "downloadUrl": "https://www.x.org/pub/individual/lib/libXScrnSaver-1.2.3.tar.bz2"
+          "version": "1.2.4",
+          "downloadUrl": "https://www.x.org/pub/individual/lib/libXScrnSaver-1.2.4.tar.xz"
         }
       }
     },
@@ -12411,8 +12461,8 @@
         "type": "other",
         "other": {
           "name": "lksctp-tools",
-          "version": "1.0.18",
-          "downloadUrl": "https://github.com/sctp/lksctp-tools/archive/lksctp-tools-1.0.18.tar.gz"
+          "version": "1.0.19",
+          "downloadUrl": "https://github.com/sctp/lksctp-tools/archive/lksctp-tools-1.0.19.tar.gz"
         }
       }
     },
@@ -12721,8 +12771,8 @@
         "type": "other",
         "other": {
           "name": "lua-json",
-          "version": "1.3.2",
-          "downloadUrl": "https://github.com/harningt/luajson/archive/7a86bc22066858afeb23845a191a6ab680b46233/luajson-1.3.2-7a86bc2.tar.gz"
+          "version": "1.3.4",
+          "downloadUrl": "https://github.com/harningt/luajson/archive/1.3.4/luajson-1.3.4.tar.gz"
         }
       }
     },
@@ -12746,6 +12796,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "lua-lunitx",
+          "version": "0.8.1",
+          "downloadUrl": "https://github.com/dcurrie/lunit/archive/0.8.1.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -13151,8 +13211,8 @@
         "type": "other",
         "other": {
           "name": "marisa",
-          "version": "0.2.4",
-          "downloadUrl": "https://marisa-trie.googlecode.com/files/marisa-0.2.4.tar.gz"
+          "version": "0.2.6",
+          "downloadUrl": "https://github.com/s-yata/marisa-trie/archive/refs/tags/v0.2.6.tar.gz"
         }
       }
     },
@@ -13301,8 +13361,8 @@
         "type": "other",
         "other": {
           "name": "mdds",
-          "version": "1.5.0",
-          "downloadUrl": "http://kohei.us/files/mdds/src/mdds-1.5.0.tar.bz2"
+          "version": "2.1.1",
+          "downloadUrl": "https://kohei.us/files/mdds/src/mdds-2.1.1.tar.bz2"
         }
       }
     },
@@ -13712,8 +13772,8 @@
         "type": "other",
         "other": {
           "name": "mod_http2",
-          "version": "1.15.14",
-          "downloadUrl": "https://github.com/icing/mod_h2/releases/download/v1.15.14/mod_http2-1.15.14.tar.gz"
+          "version": "2.0.29",
+          "downloadUrl": "https://github.com/icing/mod_h2/releases/download/v2.0.29/mod_http2-2.0.29.tar.gz"
         }
       }
     },
@@ -13992,8 +14052,8 @@
         "type": "other",
         "other": {
           "name": "mysql",
-          "version": "8.0.40",
-          "downloadUrl": "https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-boost-8.0.40.tar.gz"
+          "version": "8.0.41",
+          "downloadUrl": "https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-boost-8.0.41.tar.gz"
         }
       }
     },
@@ -14882,8 +14942,8 @@
         "type": "other",
         "other": {
           "name": "objenesis",
-          "version": "3.1",
-          "downloadUrl": "https://github.com/easymock/objenesis/archive/3.1.tar.gz"
+          "version": "3.3",
+          "downloadUrl": "https://github.com/easymock/objenesis/archive/refs/tags/3.3.tar.gz"
         }
       }
     },
@@ -15422,8 +15482,8 @@
         "type": "other",
         "other": {
           "name": "ocaml-xml-light",
-          "version": "2.3",
-          "downloadUrl": "https://azurelinuxsrcstorage.blob.core.windows.net/sources/core/xml-light-234.tar.gz"
+          "version": "2.5",
+          "downloadUrl": "https://github.com/ncannasse/xml-light/archive/refs/tags/2.5.tar.gz"
         }
       }
     },
@@ -15893,8 +15953,8 @@
         "type": "other",
         "other": {
           "name": "os-prober",
-          "version": "1.77",
-          "downloadUrl": "http://ftp.us.debian.org/debian/pool/main/o/os-prober/os-prober_1.77.tar.xz"
+          "version": "1.81",
+          "downloadUrl": "https://deb.debian.org/debian/pool/main/o/os-prober/os-prober_1.81.tar.xz"
         }
       }
     },
@@ -15933,8 +15993,8 @@
         "type": "other",
         "other": {
           "name": "osinfo-db",
-          "version": "20221130",
-          "downloadUrl": "https://releases.pagure.org/libosinfo/osinfo-db-20221130.tar.xz"
+          "version": "20240701",
+          "downloadUrl": "https://releases.pagure.org/libosinfo/osinfo-db-20240701.tar.xz"
         }
       }
     },
@@ -15943,8 +16003,8 @@
         "type": "other",
         "other": {
           "name": "osinfo-db-tools",
-          "version": "1.10.0",
-          "downloadUrl": "https://releases.pagure.org/libosinfo/osinfo-db-tools-1.10.0.tar.xz"
+          "version": "1.12.0",
+          "downloadUrl": "https://releases.pagure.org/libosinfo/osinfo-db-tools-1.12.0.tar.xz"
         }
       }
     },
@@ -16323,8 +16383,8 @@
         "type": "other",
         "other": {
           "name": "perl-Alien-pkgconf",
-          "version": "0.17",
-          "downloadUrl": "https://cpan.metacpan.org/authors/id/P/PL/PLICEASE/Alien-pkgconf-0.17.tar.gz"
+          "version": "0.20",
+          "downloadUrl": "https://cpan.metacpan.org/authors/id/P/PL/PLICEASE/Alien-pkgconf-0.20.tar.gz"
         }
       }
     },
@@ -16393,8 +16453,8 @@
         "type": "other",
         "other": {
           "name": "perl-Archive-Extract",
-          "version": "0.86",
-          "downloadUrl": "https://cpan.metacpan.org/authors/id/B/BI/BINGOS/Archive-Extract-0.86.tar.gz"
+          "version": "0.88",
+          "downloadUrl": "https://cpan.metacpan.org/authors/id/B/BI/BINGOS/Archive-Extract-0.88.tar.gz"
         }
       }
     },
@@ -16663,8 +16723,8 @@
         "type": "other",
         "other": {
           "name": "perl-Class-Data-Inheritable",
-          "version": "0.08",
-          "downloadUrl": "https://azurelinuxsrcstorage.blob.core.windows.net/sources/core/Class-Data-Inheritable-0.08-clean.tar.gz"
+          "version": "0.09",
+          "downloadUrl": "https://cpan.metacpan.org/authors/id/R/RS/RSHERER/Class-Data-Inheritable-0.09.tar.gz"
         }
       }
     },
@@ -16743,8 +16803,8 @@
         "type": "other",
         "other": {
           "name": "perl-Class-Tiny",
-          "version": "1.006",
-          "downloadUrl": "https://cpan.metacpan.org/authors/id/D/DA/DAGOLDEN/Class-Tiny-1.006.tar.gz"
+          "version": "1.008",
+          "downloadUrl": "https://cpan.metacpan.org/authors/id/D/DA/DAGOLDEN/Class-Tiny-1.008.tar.gz"
         }
       }
     },
@@ -16873,8 +16933,8 @@
         "type": "other",
         "other": {
           "name": "perl-Config-AutoConf",
-          "version": "0.318",
-          "downloadUrl": "https://cpan.metacpan.org/authors/id/R/RE/REHSACK/Config-AutoConf-0.318.tar.gz"
+          "version": "0.320",
+          "downloadUrl": "https://cpan.metacpan.org/authors/id/A/AM/AMBS/Config-AutoConf-0.320.tar.gz"
         }
       }
     },
@@ -17213,8 +17273,8 @@
         "type": "other",
         "other": {
           "name": "perl-Date-Manip",
-          "version": "6.82",
-          "downloadUrl": "https://cpan.metacpan.org/authors/id/S/SB/SBECK/Date-Manip-6.82.tar.gz"
+          "version": "6.95",
+          "downloadUrl": "https://cpan.metacpan.org/authors/id/S/SB/SBECK/Date-Manip-6.95.tar.gz"
         }
       }
     },
@@ -18028,6 +18088,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "perl-File-TreeCreate",
+          "version": "0.0.1",
+          "downloadUrl": "https://cpan.metacpan.org/modules/by-module/File/File-TreeCreate-0.0.1.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -18513,8 +18583,8 @@
         "type": "other",
         "other": {
           "name": "perl-JSON-MaybeXS",
-          "version": "1.004003",
-          "downloadUrl": "https://cpan.metacpan.org/modules/by-module/JSON/JSON-MaybeXS-1.004003.tar.gz"
+          "version": "1.004008",
+          "downloadUrl": "https://cpan.metacpan.org/modules/by-module/JSON/JSON-MaybeXS-1.004008.tar.gz"
         }
       }
     },
@@ -18853,8 +18923,8 @@
         "type": "other",
         "other": {
           "name": "perl-Module-Build-Tiny",
-          "version": "0.039",
-          "downloadUrl": "https://cpan.metacpan.org/modules/by-module/Module/Module-Build-Tiny-0.039.tar.gz"
+          "version": "0.051",
+          "downloadUrl": "https://cpan.metacpan.org/modules/by-module/Module/Module-Build-Tiny-0.051.tar.gz"
         }
       }
     },
@@ -20233,8 +20303,8 @@
         "type": "other",
         "other": {
           "name": "perl-Term-Table",
-          "version": "0.015",
-          "downloadUrl": "https://cpan.metacpan.org/authors/id/E/EX/EXODIST/Term-Table-0.015.tar.gz"
+          "version": "0.024",
+          "downloadUrl": "https://cpan.metacpan.org/authors/id/E/EX/EXODIST/Term-Table-0.024.tar.gz"
         }
       }
     },
@@ -20633,8 +20703,8 @@
         "type": "other",
         "other": {
           "name": "perl-Test-Simple",
-          "version": "1.302174",
-          "downloadUrl": "https://cpan.metacpan.org/modules/by-module/Test/Test-Simple-1.302174.tar.gz"
+          "version": "1.302204",
+          "downloadUrl": "https://cpan.metacpan.org/modules/by-module/Test/Test-Simple-1.302204.tar.gz"
         }
       }
     },
@@ -21353,8 +21423,8 @@
         "type": "other",
         "other": {
           "name": "pgbouncer",
-          "version": "1.20.1",
-          "downloadUrl": "https://pgbouncer.github.io/downloads/files/1.20.1/pgbouncer-1.20.1.tar.gz"
+          "version": "1.24.1",
+          "downloadUrl": "https://pgbouncer.github.io/downloads/files/1.24.1/pgbouncer-1.24.1.tar.gz"
         }
       }
     },
@@ -21803,8 +21873,8 @@
         "type": "other",
         "other": {
           "name": "powertop",
-          "version": "2.13",
-          "downloadUrl": "http://github.com/fenrus75/powertop/archive/v2.13/powertop-2.13.tar.gz"
+          "version": "2.15",
+          "downloadUrl": "https://github.com/fenrus75/powertop/archive/v2.15/powertop-2.15.tar.gz"
         }
       }
     },
@@ -22203,8 +22273,8 @@
         "type": "other",
         "other": {
           "name": "pyparted",
-          "version": "3.11.4",
-          "downloadUrl": "https://github.com/dcantrell/pyparted/releases/download/v3.11.4/pyparted-3.11.4.tar.gz"
+          "version": "3.13.0",
+          "downloadUrl": "https://github.com/dcantrell/pyparted/releases/download/v3.13.0/pyparted-3.13.0.tar.gz"
         }
       }
     },
@@ -22423,8 +22493,8 @@
         "type": "other",
         "other": {
           "name": "python-beautifulsoup4",
-          "version": "4.11.2",
-          "downloadUrl": "https://files.pythonhosted.org/packages/source/b/beautifulsoup4/beautifulsoup4-4.11.2.tar.gz"
+          "version": "4.12.3",
+          "downloadUrl": "https://files.pythonhosted.org/packages/source/b/beautifulsoup4/beautifulsoup4-4.12.3.tar.gz"
         }
       }
     },
@@ -22443,8 +22513,8 @@
         "type": "other",
         "other": {
           "name": "python-blinker",
-          "version": "1.4",
-          "downloadUrl": "http://pypi.python.org/packages/source/b/blinker/blinker-1.4.tar.gz"
+          "version": "1.9.0",
+          "downloadUrl": "https://github.com/pallets-eco/blinker/releases/download/1.9.0/blinker-1.9.0.tar.gz"
         }
       }
     },
@@ -22573,8 +22643,8 @@
         "type": "other",
         "other": {
           "name": "python-cheetah",
-          "version": "3.2.4",
-          "downloadUrl": "https://github.com/CheetahTemplate3/cheetah3/archive/3.2.4/python-cheetah-3.2.4.tar.gz"
+          "version": "3.2.6.post1",
+          "downloadUrl": "https://github.com/CheetahTemplate3/cheetah3/archive/3.2.6.post1/Cheetah3-3.2.6.post1.tar.gz"
         }
       }
     },
@@ -22623,8 +22693,8 @@
         "type": "other",
         "other": {
           "name": "python-colorama",
-          "version": "0.4.1",
-          "downloadUrl": "https://files.pythonhosted.org/packages/source/c/colorama/colorama-0.4.1.tar.gz"
+          "version": "0.4.6",
+          "downloadUrl": "https://files.pythonhosted.org/packages/d8/53/6f443c9a4a8358a93a6792e2acffb9d9d5cb0a5cfd8802644b7b1c9a02e4/colorama-0.4.6.tar.gz"
         }
       }
     },
@@ -22753,8 +22823,8 @@
         "type": "other",
         "other": {
           "name": "python-curio",
-          "version": "1.4",
-          "downloadUrl": "https://files.pythonhosted.org/packages/source/c/curio/curio-1.4.tar.gz"
+          "version": "1.6^1.1484546",
+          "downloadUrl": "https://github.com/dabeaz/curio/archive/148454621f9bd8dd843f591e87715415431f6979/curio-1484546.tar.gz"
         }
       }
     },
@@ -23473,8 +23543,8 @@
         "type": "other",
         "other": {
           "name": "python-IPy",
-          "version": "0.81",
-          "downloadUrl": "https://files.pythonhosted.org/packages/source/I/IPy/IPy-0.81.tar.gz"
+          "version": "1.01",
+          "downloadUrl": "https://files.pythonhosted.org/packages/source/I/IPy/IPy-1.01.tar.gz"
         }
       }
     },
@@ -23633,8 +23703,8 @@
         "type": "other",
         "other": {
           "name": "python-kdcproxy",
-          "version": "0.4.2",
-          "downloadUrl": "https://github.com/latchset/kdcproxy/releases/download/v0.4.2/kdcproxy-0.4.2.tar.gz"
+          "version": "1.0.0",
+          "downloadUrl": "https://github.com/latchset/kdcproxy/releases/download/v1.0.0/kdcproxy-1.0.0.tar.gz"
         }
       }
     },
@@ -23703,8 +23773,8 @@
         "type": "other",
         "other": {
           "name": "python-lazy-object-proxy",
-          "version": "1.4.3",
-          "downloadUrl": "https://github.com/ionelmc/python-lazy-object-proxy/archive/v1.4.3/lazy-object-proxy-1.4.3.tar.gz"
+          "version": "1.10.0",
+          "downloadUrl": "https://github.com/ionelmc/python-lazy-object-proxy/archive/v1.10.0/lazy-object-proxy-1.10.0.tar.gz"
         }
       }
     },
@@ -24513,8 +24583,8 @@
         "type": "other",
         "other": {
           "name": "python-pymongo",
-          "version": "3.10.1",
-          "downloadUrl": "https://github.com/mongodb/mongo-python-driver/archive/3.10.1/pymongo-3.10.1.tar.gz"
+          "version": "4.2.0",
+          "downloadUrl": "https://github.com/mongodb/mongo-python-driver/archive/refs/tags/4.2.0.tar.gz"
         }
       }
     },
@@ -24883,8 +24953,8 @@
         "type": "other",
         "other": {
           "name": "python-requests-toolbelt",
-          "version": "0.9.1",
-          "downloadUrl": "https://github.com/sigmavirus24/requests-toolbelt/archive/0.9.1/python-requests-toolbelt-0.9.1.tar.gz"
+          "version": "1.0.0",
+          "downloadUrl": "https://github.com/sigmavirus24/requests-toolbelt/archive/1.0.0/requests-toolbelt-1.0.0.tar.gz"
         }
       }
     },
@@ -26488,6 +26558,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "reproc",
+          "version": "14.2.4",
+          "downloadUrl": "https://github.com/DaanDeMeyer/reproc/archive/1c07bdbec3f2ecba7125b9499b9a8a77bf9aa8c7/reproc-14.2.4-1c07bdb.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -26594,8 +26674,8 @@
         "type": "other",
         "other": {
           "name": "rp-pppoe",
-          "version": "3.12",
-          "downloadUrl": "https://dianne.skoll.ca/projects/rp-pppoe/download/OLD/rp-pppoe-3.12.tar.gz"
+          "version": "4.0",
+          "downloadUrl": "https://downloads.uls.co.za/rp-pppoe/rp-pppoe-4.0.tar.gz"
         }
       }
     },
@@ -27144,8 +27224,8 @@
         "type": "other",
         "other": {
           "name": "rubygem-flexmock",
-          "version": "2.3.6",
-          "downloadUrl": "https://github.com/doudou/flexmock/archive/refs/tags/v2.3.6.tar.gz"
+          "version": "3.0.1",
+          "downloadUrl": "https://github.com/doudou/flexmock/archive/refs/tags/v3.0.1.tar.gz"
         }
       }
     },
@@ -27544,8 +27624,8 @@
         "type": "other",
         "other": {
           "name": "rubygem-pkg-config",
-          "version": "1.4.5",
-          "downloadUrl": "https://github.com/ruby-gnome/pkg-config/archive/refs/tags/1.4.5.tar.gz"
+          "version": "1.5.7",
+          "downloadUrl": "https://github.com/ruby-gnome/pkg-config/archive/refs/tags/1.5.7.tar.gz"
         }
       }
     },
@@ -27829,6 +27909,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "rubygem-sys-filesystem",
+          "version": "1.4.3",
+          "downloadUrl": "https://github.com/djberg96/sys-filesystem/archive/refs/tags/sys-filesystem-1.4.3.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -27999,6 +28089,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "s-nail",
+          "version": "14.9.25",
+          "downloadUrl": "https://www.sdaoden.eu/downloads/s-nail-14.9.25.tar.xz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -28561,6 +28661,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "simdjson",
+          "version": "3.11.6",
+          "downloadUrl": "https://github.com/simdjson/simdjson/archive/v3.11.6/simdjson-3.11.6.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -28821,6 +28931,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "spdlog",
+          "version": "1.15.2",
+          "downloadUrl": "https://github.com/gabime/spdlog/archive/v1.15.2/spdlog-1.15.2.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -29046,8 +29166,8 @@
         "type": "other",
         "other": {
           "name": "stunnel",
-          "version": "5.70",
-          "downloadUrl": "https://www.stunnel.org/downloads/stunnel-5.70.tar.gz"
+          "version": "5.74",
+          "downloadUrl": "https://www.stunnel.org/downloads/stunnel-5.74.tar.gz"
         }
       }
     },
@@ -29166,8 +29286,8 @@
         "type": "other",
         "other": {
           "name": "SymCrypt-OpenSSL",
-          "version": "1.7.0",
-          "downloadUrl": "https://github.com/microsoft/SymCrypt-OpenSSL/archive/v1.7.0.tar.gz"
+          "version": "1.8.1",
+          "downloadUrl": "https://github.com/microsoft/SymCrypt-OpenSSL/archive/v1.8.1.tar.gz"
         }
       }
     },
@@ -29566,8 +29686,8 @@
         "type": "other",
         "other": {
           "name": "tk",
-          "version": "8.6.10",
-          "downloadUrl": "https://download.sourceforge.net/sourceforge/tcl/tk8.6.10-src.tar.gz"
+          "version": "8.6.13",
+          "downloadUrl": "https://download.sourceforge.net/sourceforge/tcl/tk8.6.13-src.tar.gz"
         }
       }
     },
@@ -29916,8 +30036,8 @@
         "type": "other",
         "other": {
           "name": "uglify-js",
-          "version": "2.8.22",
-          "downloadUrl": "https://github.com/mishoo/UglifyJS2/archive/v2.8.22/uglify-js-2.8.22.tar.gz"
+          "version": "3.19.3",
+          "downloadUrl": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.19.3.tgz"
         }
       }
     },
@@ -30256,8 +30376,8 @@
         "type": "other",
         "other": {
           "name": "valkey",
-          "version": "8.0.2",
-          "downloadUrl": "https://github.com/valkey-io/valkey/archive/refs/tags/8.0.2.tar.gz"
+          "version": "8.0.3",
+          "downloadUrl": "https://github.com/valkey-io/valkey/archive/refs/tags/8.0.3.tar.gz"
         }
       }
     },
@@ -30787,8 +30907,8 @@
         "type": "other",
         "other": {
           "name": "xcb-util-wm",
-          "version": "0.4.1",
-          "downloadUrl": "http://xcb.freedesktop.org/dist/xcb-util-wm-0.4.1.tar.bz2"
+          "version": "0.4.2",
+          "downloadUrl": "https://xcb.freedesktop.org/dist/xcb-util-wm-0.4.2.tar.xz"
         }
       }
     },
@@ -30871,8 +30991,8 @@
         "type": "other",
         "other": {
           "name": "xdg-dbus-proxy",
-          "version": "0.1.2",
-          "downloadUrl": "https://github.com/flatpak/xdg-dbus-proxy/releases/download/0.1.2/xdg-dbus-proxy-0.1.2.tar.xz"
+          "version": "0.1.6",
+          "downloadUrl": "https://github.com/flatpak/xdg-dbus-proxy/releases/download/0.1.6/xdg-dbus-proxy-0.1.6.tar.xz"
         }
       }
     },
@@ -30942,8 +31062,8 @@
         "type": "other",
         "other": {
           "name": "xfconf",
-          "version": "4.14.4",
-          "downloadUrl": "http://archive.xfce.org/src/xfce/xfconf/4.14/xfconf-4.14.4.tar.bz2"
+          "version": "4.18.3",
+          "downloadUrl": "https://archive.xfce.org/src/xfce/xfconf/4.18/xfconf-4.18.3.tar.bz2"
         }
       }
     },
@@ -30974,8 +31094,8 @@
         "type": "other",
         "other": {
           "name": "xfsdump",
-          "version": "3.1.9",
-          "downloadUrl": "https://kernel.org/pub/linux/utils/fs/xfs/xfsdump/xfsdump-3.1.9.tar.xz"
+          "version": "3.1.12",
+          "downloadUrl": "https://kernel.org/pub/linux/utils/fs/xfs/xfsdump/xfsdump-3.1.12.tar.xz"
         }
       }
     },
@@ -31492,8 +31612,8 @@
         "type": "other",
         "other": {
           "name": "xrestop",
-          "version": "0.4",
-          "downloadUrl": "http://downloads.yoctoproject.org/releases/xrestop/xrestop-0.4.tar.gz"
+          "version": "0.6",
+          "downloadUrl": "https://xorg.freedesktop.org/archive/individual/app/xrestop-0.6.tar.gz"
         }
       }
     },
@@ -31709,8 +31829,18 @@
         "type": "other",
         "other": {
           "name": "ypserv",
-          "version": "4.1",
-          "downloadUrl": "https://github.com/thkukuk/ypserv/archive/v4.1.tar.gz"
+          "version": "4.2",
+          "downloadUrl": "https://github.com/thkukuk/ypserv/archive/refs/tags/v4.2.tar.gz"
+        }
+      }
+    },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "yq",
+          "version": "4.45.1",
+          "downloadUrl": "https://github.com/mikefarah/yq/archive/refs/tags/v4.45.1.tar.gz"
         }
       }
     },
@@ -31739,8 +31869,8 @@
         "type": "other",
         "other": {
           "name": "zenity",
-          "version": "3.32.0",
-          "downloadUrl": "https://download.gnome.org/sources/zenity/3.32/zenity-3.32.0.tar.xz"
+          "version": "3.44.1",
+          "downloadUrl": "https://download.gnome.org/sources/zenity/3.44/zenity-3.44.1.tar.xz"
         }
       }
     },
@@ -31839,11 +31969,11 @@
         "type": "other",
         "other": {
           "name": "zziplib",
-          "version": "0.13.72",
-          "downloadUrl": "https://github.com/gdraheim/zziplib/archive/v0.13.72.tar.gz"
+          "version": "0.13.74",
+          "downloadUrl": "https://github.com/gdraheim/zziplib/archive/v0.13.74.tar.gz"
         }
       }
     }
   ],
   "Version": 1
-}
+}
\ No newline at end of file
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
index 88d0dc421a..51388cbe0c 100644
--- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -2,12 +2,12 @@ filesystem-1.1-21.emt3.x86_64.rpm
 kernel-headers-6.12.28-1.emt3.noarch.rpm
 glibc-2.38-9.emt3.x86_64.rpm
 glibc-devel-2.38-9.emt3.x86_64.rpm
-glibc-i18n-2.38-9.emt3.x86_64.rpm
-glibc-iconv-2.38-9.emt3.x86_64.rpm
+glibc-i18n-2.38-10.emt3.x86_64.rpm
+glibc-iconv-2.38-10.emt3.x86_64.rpm
 glibc-lang-2.38-9.emt3.x86_64.rpm
-glibc-locales-all-2.38-9.emt3.x86_64.rpm
+glibc-locales-all-2.38-10.emt3.x86_64.rpm
 glibc-nscd-2.38-9.emt3.x86_64.rpm
-glibc-tools-2.38-9.emt3.x86_64.rpm
+glibc-tools-2.38-10.emt3.x86_64.rpm
 zlib-1.3.1-1.emt3.x86_64.rpm
 zlib-devel-1.3.1-1.emt3.x86_64.rpm
 file-5.45-1.emt3.x86_64.rpm
@@ -73,9 +73,9 @@ libcap-ng-devel-0.8.4-1.emt3.x86_64.rpm
 util-linux-2.40.2-1.emt3.x86_64.rpm
 util-linux-devel-2.40.2-1.emt3.x86_64.rpm
 util-linux-libs-2.40.2-1.emt3.x86_64.rpm
-tar-1.35-1.emt3.x86_64.rpm
-xz-5.4.4-1.emt3.x86_64.rpm
-xz-devel-5.4.4-1.emt3.x86_64.rpm
+tar-1.35-2.emt3.x86_64.rpm
+xz-5.4.4-2.emt3.x86_64.rpm
+xz-devel-5.4.4-2.emt3.x86_64.rpm
 xz-lang-5.4.4-1.emt3.x86_64.rpm
 xz-libs-5.4.4-1.emt3.x86_64.rpm
 zstd-1.5.5-2.emt3.x86_64.rpm
@@ -92,79 +92,79 @@ sqlite-3.44.0-1.emt3.x86_64.rpm
 sqlite-devel-3.44.0-1.emt3.x86_64.rpm
 sqlite-libs-3.44.0-1.emt3.x86_64.rpm
 elfutils-0.189-5.emt3.x86_64.rpm
-elfutils-default-yama-scope-0.189-5.emt3.noarch.rpm
+elfutils-default-yama-scope-0.189-6.emt3.noarch.rpm
 elfutils-devel-0.189-5.emt3.x86_64.rpm
 elfutils-devel-static-0.189-5.emt3.x86_64.rpm
 elfutils-libelf-0.189-5.emt3.x86_64.rpm
 elfutils-libelf-devel-0.189-5.emt3.x86_64.rpm
 elfutils-libelf-devel-static-0.189-5.emt3.x86_64.rpm
-elfutils-libelf-lang-0.189-5.emt3.x86_64.rpm
+elfutils-libelf-lang-0.189-6.emt3.x86_64.rpm
 expat-2.6.3-2.emt3.x86_64.rpm
 expat-devel-2.6.3-2.emt3.x86_64.rpm
-expat-libs-2.6.3-2.emt3.x86_64.rpm
+expat-libs-2.6.4-1.emt3.x86_64.rpm
 libpipeline-1.5.7-1.emt3.x86_64.rpm
 libpipeline-devel-1.5.7-1.emt3.x86_64.rpm
 gdbm-1.23-1.emt3.x86_64.rpm
 gdbm-devel-1.23-1.emt3.x86_64.rpm
 gdbm-lang-1.23-1.emt3.x86_64.rpm
 perl-B-1.88-506.emt3.x86_64.rpm
-perl-Carp-1.54-506.emt3.noarch.rpm
+perl-Carp-1.54-507.emt3.noarch.rpm
 perl-Class-Struct-0.68-506.emt3.noarch.rpm
 perl-Data-Dumper-2.188-506.emt3.x86_64.rpm
 perl-DynaLoader-1.54-506.emt3.x86_64.rpm
-perl-Encode-3.19-506.emt3.x86_64.rpm
-perl-Errno-1.37-506.emt3.x86_64.rpm
-perl-Exporter-5.77-506.emt3.noarch.rpm
-perl-Fcntl-1.15-506.emt3.x86_64.rpm
+perl-Encode-3.19-507.emt3.x86_64.rpm
+perl-Errno-1.37-507.emt3.x86_64.rpm
+perl-Exporter-5.77-507.emt3.noarch.rpm
+perl-Fcntl-1.15-507.emt3.x86_64.rpm
 perl-File-Basename-2.86-506.emt3.noarch.rpm
-perl-File-Compare-1.100.700-506.emt3.noarch.rpm
-perl-File-Copy-2.41-506.emt3.noarch.rpm
-perl-File-Path-2.18-506.emt3.noarch.rpm
-perl-File-Temp-0.231.100-506.emt3.noarch.rpm
-perl-File-stat-1.13-506.emt3.noarch.rpm
+perl-File-Compare-1.100.700-507.emt3.noarch.rpm
+perl-File-Copy-2.41-507.emt3.noarch.rpm
+perl-File-Path-2.18-507.emt3.noarch.rpm
+perl-File-Temp-0.231.100-507.emt3.noarch.rpm
+perl-File-stat-1.13-507.emt3.noarch.rpm
 perl-FileHandle-2.05-506.emt3.noarch.rpm
 perl-Getopt-Long-2.54-506.emt3.noarch.rpm
-perl-Getopt-Std-1.13-506.emt3.noarch.rpm
-perl-HTTP-Tiny-0.086-506.emt3.noarch.rpm
+perl-Getopt-Std-1.13-507.emt3.noarch.rpm
+perl-HTTP-Tiny-0.086-507.emt3.noarch.rpm
 perl-I18N-Langinfo-0.22-506.emt3.x86_64.rpm
-perl-IO-1.52-506.emt3.x86_64.rpm
-perl-IPC-Open3-1.22-506.emt3.noarch.rpm
-perl-MIME-Base64-3.16-506.emt3.x86_64.rpm
+perl-IO-1.52-507.emt3.x86_64.rpm
+perl-IPC-Open3-1.22-507.emt3.noarch.rpm
+perl-MIME-Base64-3.16-507.emt3.x86_64.rpm
 perl-POSIX-2.13-506.emt3.x86_64.rpm
-perl-PathTools-3.89-506.emt3.x86_64.rpm
-perl-Pod-Escapes-1.07-506.emt3.noarch.rpm
+perl-PathTools-3.89-507.emt3.x86_64.rpm
+perl-Pod-Escapes-1.07-507.emt3.noarch.rpm
 perl-Pod-Perldoc-3.28.01-506.emt3.noarch.rpm
 perl-Pod-Simple-3.43-506.emt3.noarch.rpm
-perl-Pod-Usage-2.03-506.emt3.noarch.rpm
+perl-Pod-Usage-2.03-507.emt3.noarch.rpm
 perl-Scalar-List-Utils-1.63-506.emt3.x86_64.rpm
 perl-SelectSaver-1.02-506.emt3.noarch.rpm
-perl-Socket-2.036-506.emt3.x86_64.rpm
-perl-Storable-3.32-506.emt3.x86_64.rpm
+perl-Socket-2.036-507.emt3.x86_64.rpm
+perl-Storable-3.32-507.emt3.x86_64.rpm
 perl-Symbol-1.09-506.emt3.noarch.rpm
-perl-Term-ANSIColor-5.01-506.emt3.noarch.rpm
-perl-Term-Cap-1.18-506.emt3.noarch.rpm
-perl-Text-ParseWords-3.31-506.emt3.noarch.rpm
-perl-Text-Tabs+Wrap-2021.0814-506.emt3.noarch.rpm
+perl-Term-ANSIColor-5.01-507.emt3.noarch.rpm
+perl-Term-Cap-1.18-507.emt3.noarch.rpm
+perl-Text-ParseWords-3.31-507.emt3.noarch.rpm
+perl-Text-Tabs+Wrap-2021.0814-507.emt3.noarch.rpm
 perl-Thread-Queue-3.14-506.emt3.noarch.rpm
-perl-Time-Local-1.300-506.emt3.noarch.rpm
-perl-Unicode-Normalize-1.32-506.emt3.x86_64.rpm
+perl-Time-Local-1.300-507.emt3.noarch.rpm
+perl-Unicode-Normalize-1.32-507.emt3.x86_64.rpm
 perl-base-2.27-506.emt3.noarch.rpm
-perl-constant-1.33-506.emt3.noarch.rpm
-perl-if-0.61.000-506.emt3.noarch.rpm
+perl-constant-1.33-507.emt3.noarch.rpm
+perl-if-0.61.000-507.emt3.noarch.rpm
 perl-interpreter-5.38.2-506.emt3.x86_64.rpm
 perl-libs-5.38.2-506.emt3.x86_64.rpm
-perl-locale-1.10-506.emt3.noarch.rpm
-perl-macros-5.38.2-506.emt3.noarch.rpm
-perl-mro-1.28-506.emt3.x86_64.rpm
+perl-locale-1.10-507.emt3.noarch.rpm
+perl-macros-5.38.2-507.emt3.noarch.rpm
+perl-mro-1.28-507.emt3.x86_64.rpm
 perl-overload-1.37-506.emt3.noarch.rpm
-perl-overloading-0.02-506.emt3.noarch.rpm
-perl-parent-0.241-506.emt3.noarch.rpm
+perl-overloading-0.02-507.emt3.noarch.rpm
+perl-parent-0.241-507.emt3.noarch.rpm
 perl-podlators-5.01-506.emt3.noarch.rpm
 perl-subs-1.04-506.emt3.noarch.rpm
 perl-threads-2.36-506.emt3.x86_64.rpm
-perl-threads-shared-1.68-506.emt3.x86_64.rpm
+perl-threads-shared-1.68-507.emt3.x86_64.rpm
 perl-vars-1.05-506.emt3.noarch.rpm
-perl-5.38.2-506.emt3.x86_64.rpm
+perl-5.38.2-507.emt3.x86_64.rpm
 texinfo-7.0.3-1.emt3.x86_64.rpm
 gtk-doc-1.33.2-1.emt3.noarch.rpm
 autoconf-2.72-2.emt3.noarch.rpm
@@ -191,10 +191,10 @@ cpio-lang-2.14-1.emt3.x86_64.rpm
 e2fsprogs-libs-1.47.0-2.emt3.x86_64.rpm
 e2fsprogs-1.47.0-2.emt3.x86_64.rpm
 e2fsprogs-devel-1.47.0-2.emt3.x86_64.rpm
-libsolv-0.7.28-2.emt3.x86_64.rpm
+libsolv-0.7.28-3.emt3.x86_64.rpm
 libsolv-devel-0.7.28-2.emt3.x86_64.rpm
-libssh2-1.11.0-1.emt3.x86_64.rpm
-libssh2-devel-1.11.0-1.emt3.x86_64.rpm
+libssh2-1.11.1-1.emt3.x86_64.rpm
+libssh2-devel-1.11.1-1.emt3.x86_64.rpm
 krb5-1.21.3-2.emt3.x86_64.rpm
 krb5-devel-1.21.3-2.emt3.x86_64.rpm
 nghttp2-1.61.0-2.emt3.x86_64.rpm
@@ -204,7 +204,7 @@ curl-devel-8.11.1-3.emt3.x86_64.rpm
 curl-libs-8.11.1-3.emt3.x86_64.rpm
 createrepo_c-1.0.3-1.emt3.x86_64.rpm
 libxml2-2.11.5-4.emt3.x86_64.rpm
-libxml2-devel-2.11.5-4.emt3.x86_64.rpm
+libxml2-devel-2.11.5-5.emt3.x86_64.rpm
 docbook-dtd-xml-4.5-11.emt3.noarch.rpm
 docbook-style-xsl-1.79.1-14.emt3.noarch.rpm
 libsepol-3.6-1.emt3.x86_64.rpm
@@ -243,7 +243,7 @@ ca-certificates-tools-3.0.0-9.emt3.noarch.rpm
 ca-certificates-base-3.0.0-9.emt3.noarch.rpm
 ca-certificates-3.0.0-9.emt3.noarch.rpm
 dwz-0.14-2.emt3.x86_64.rpm
-unzip-6.0-21.emt3.x86_64.rpm
+unzip-6.0-22.emt3.x86_64.rpm
 python3-3.12.9-1.emt3.x86_64.rpm
 python3-devel-3.12.9-1.emt3.x86_64.rpm
 python3-libs-3.12.9-1.emt3.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index e5ce3b5f1d..e778f5ef4b 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -40,7 +40,7 @@ chkconfig-1.25-1.emt3.x86_64.rpm
 chkconfig-debuginfo-1.25-1.emt3.x86_64.rpm
 chkconfig-lang-1.25-1.emt3.x86_64.rpm
 cmake-3.30.3-5.emt3.x86_64.rpm
-cmake-debuginfo-3.30.3-5.emt3.x86_64.rpm
+cmake-debuginfo-3.30.3-6.emt3.x86_64.rpm
 coreutils-9.4-6.emt3.x86_64.rpm
 coreutils-debuginfo-9.4-6.emt3.x86_64.rpm
 coreutils-lang-9.4-6.emt3.x86_64.rpm
@@ -76,18 +76,18 @@ e2fsprogs-devel-1.47.0-2.emt3.x86_64.rpm
 e2fsprogs-lang-1.47.0-2.emt3.x86_64.rpm
 e2fsprogs-libs-1.47.0-2.emt3.x86_64.rpm
 elfutils-0.189-5.emt3.x86_64.rpm
-elfutils-debuginfo-0.189-5.emt3.x86_64.rpm
-elfutils-default-yama-scope-0.189-5.emt3.noarch.rpm
+elfutils-debuginfo-0.189-6.emt3.x86_64.rpm
+elfutils-default-yama-scope-0.189-6.emt3.noarch.rpm
 elfutils-devel-0.189-5.emt3.x86_64.rpm
 elfutils-devel-static-0.189-5.emt3.x86_64.rpm
 elfutils-libelf-0.189-5.emt3.x86_64.rpm
 elfutils-libelf-devel-0.189-5.emt3.x86_64.rpm
 elfutils-libelf-devel-static-0.189-5.emt3.x86_64.rpm
-elfutils-libelf-lang-0.189-5.emt3.x86_64.rpm
+elfutils-libelf-lang-0.189-6.emt3.x86_64.rpm
 expat-2.6.3-2.emt3.x86_64.rpm
-expat-debuginfo-2.6.3-2.emt3.x86_64.rpm
+expat-debuginfo-2.6.4-1.emt3.x86_64.rpm
 expat-devel-2.6.3-2.emt3.x86_64.rpm
-expat-libs-2.6.3-2.emt3.x86_64.rpm
+expat-libs-2.6.4-1.emt3.x86_64.rpm
 file-5.45-1.emt3.x86_64.rpm
 file-debuginfo-5.45-1.emt3.x86_64.rpm
 file-devel-5.45-1.emt3.x86_64.rpm
@@ -122,13 +122,13 @@ glib-schemas-2.78.6-1.emt3.x86_64.rpm
 glibc-2.38-9.emt3.x86_64.rpm
 glibc-debuginfo-2.38-9.emt3.x86_64.rpm
 glibc-devel-2.38-9.emt3.x86_64.rpm
-glibc-i18n-2.38-9.emt3.x86_64.rpm
-glibc-iconv-2.38-9.emt3.x86_64.rpm
+glibc-i18n-2.38-10.emt3.x86_64.rpm
+glibc-iconv-2.38-10.emt3.x86_64.rpm
 glibc-lang-2.38-9.emt3.x86_64.rpm
-glibc-locales-all-2.38-9.emt3.x86_64.rpm
+glibc-locales-all-2.38-10.emt3.x86_64.rpm
 glibc-nscd-2.38-9.emt3.x86_64.rpm
 glibc-static-2.38-9.emt3.x86_64.rpm
-glibc-tools-2.38-9.emt3.x86_64.rpm
+glibc-tools-2.38-10.emt3.x86_64.rpm
 gmp-6.3.0-1.emt3.x86_64.rpm
 gmp-debuginfo-6.3.0-1.emt3.x86_64.rpm
 gmp-devel-6.3.0-1.emt3.x86_64.rpm
@@ -171,7 +171,7 @@ libattr-2.5.2-1.emt3.x86_64.rpm
 libattr-devel-2.5.2-1.emt3.x86_64.rpm
 libbacktrace-static-13.2.0-7.emt3.x86_64.rpm
 libcap-2.69-3.emt3.x86_64.rpm
-libcap-debuginfo-2.69-3.emt3.x86_64.rpm
+libcap-debuginfo-2.69-4.emt3.x86_64.rpm
 libcap-devel-2.69-3.emt3.x86_64.rpm
 libcap-ng-0.8.4-1.emt3.x86_64.rpm
 libcap-ng-debuginfo-0.8.4-1.emt3.x86_64.rpm
@@ -217,14 +217,14 @@ libselinux-python3-3.6-3.emt3.x86_64.rpm
 libselinux-utils-3.6-3.emt3.x86_64.rpm
 libsepol-3.6-1.emt3.x86_64.rpm
 libsepol-debuginfo-3.6-1.emt3.x86_64.rpm
-libsepol-devel-3.6-1.emt3.x86_64.rpm
-libsolv-0.7.28-2.emt3.x86_64.rpm
+libsepol-devel-3.6-2.emt3.x86_64.rpm
+libsolv-0.7.28-3.emt3.x86_64.rpm
 libsolv-debuginfo-0.7.28-2.emt3.x86_64.rpm
 libsolv-devel-0.7.28-2.emt3.x86_64.rpm
 libsolv-tools-0.7.28-2.emt3.x86_64.rpm
-libssh2-1.11.0-1.emt3.x86_64.rpm
+libssh2-1.11.1-1.emt3.x86_64.rpm
 libssh2-debuginfo-1.11.0-1.emt3.x86_64.rpm
-libssh2-devel-1.11.0-1.emt3.x86_64.rpm
+libssh2-devel-1.11.1-1.emt3.x86_64.rpm
 libstdc++-13.2.0-7.emt3.x86_64.rpm
 libstdc++-devel-13.2.0-7.emt3.x86_64.rpm
 libtasn1-4.19.0-2.emt3.x86_64.rpm
@@ -233,8 +233,8 @@ libtasn1-devel-4.19.0-2.emt3.x86_64.rpm
 libtool-2.4.7-1.emt3.x86_64.rpm
 libtool-debuginfo-2.4.7-1.emt3.x86_64.rpm
 libxml2-2.11.5-4.emt3.x86_64.rpm
-libxml2-debuginfo-2.11.5-4.emt3.x86_64.rpm
-libxml2-devel-2.11.5-4.emt3.x86_64.rpm
+libxml2-debuginfo-2.11.5-5.emt3.x86_64.rpm
+libxml2-devel-2.11.5-5.emt3.x86_64.rpm
 libxcrypt-4.4.36-2.emt3.x86_64.rpm
 libxcrypt-debuginfo-4.4.36-2.emt3.x86_64.rpm
 libxcrypt-devel-4.4.36-2.emt3.x86_64.rpm
@@ -303,9 +303,9 @@ pcre2-devel-10.42-3.emt3.x86_64.rpm
 pcre2-devel-static-10.42-3.emt3.x86_64.rpm
 pcre2-doc-10.42-3.emt3.noarch.rpm
 pcre2-tools-10.42-3.emt3.x86_64.rpm
-perl-5.38.2-506.emt3.x86_64.rpm
+perl-5.38.2-507.emt3.x86_64.rpm
 perl-Archive-Tar-2.40-506.emt3.noarch.rpm
-perl-Attribute-Handlers-1.03-506.emt3.noarch.rpm
+perl-Attribute-Handlers-1.03-507.emt3.noarch.rpm
 perl-autodie-2.36-506.emt3.noarch.rpm
 perl-AutoLoader-5.74-506.emt3.noarch.rpm
 perl-AutoSplit-5.74-506.emt3.noarch.rpm
@@ -313,15 +313,15 @@ perl-autouse-1.11-506.emt3.noarch.rpm
 perl-B-1.88-506.emt3.x86_64.rpm
 perl-base-2.27-506.emt3.noarch.rpm
 perl-Benchmark-1.24-506.emt3.noarch.rpm
-perl-bignum-0.66-506.emt3.noarch.rpm
+perl-bignum-0.66-507.emt3.noarch.rpm
 perl-blib-1.07-506.emt3.noarch.rpm
-perl-Carp-1.54-506.emt3.noarch.rpm
+perl-Carp-1.54-507.emt3.noarch.rpm
 perl-Class-Struct-0.68-506.emt3.noarch.rpm
-perl-Compress-Raw-Bzip2-2.204-506.emt3.x86_64.rpm
-perl-Compress-Raw-Zlib-2.204-506.emt3.x86_64.rpm
-perl-Config-Extensions-0.03-506.emt3.noarch.rpm
-perl-Config-Perl-V-0.36-506.emt3.noarch.rpm
-perl-constant-1.33-506.emt3.noarch.rpm
+perl-Compress-Raw-Bzip2-2.204-507.emt3.x86_64.rpm
+perl-Compress-Raw-Zlib-2.204-507.emt3.x86_64.rpm
+perl-Config-Extensions-0.03-507.emt3.noarch.rpm
+perl-Config-Perl-V-0.36-507.emt3.noarch.rpm
+perl-constant-1.33-507.emt3.noarch.rpm
 perl-CPAN-2.36-506.emt3.noarch.rpm
 perl-CPAN-Meta-2.150010-506.emt3.noarch.rpm
 perl-CPAN-Meta-Requirements-2.140-506.emt3.noarch.rpm
@@ -336,174 +336,174 @@ perl-DBM_Filter-0.06-506.emt3.noarch.rpm
 perl-debugger-1.60-506.emt3.noarch.rpm
 perl-debuginfo-5.38.2-506.emt3.x86_64.rpm
 perl-deprecate-0.04-506.emt3.noarch.rpm
-perl-devel-5.38.2-506.emt3.x86_64.rpm
-perl-Devel-Peek-1.33-506.emt3.x86_64.rpm
-perl-Devel-PPPort-3.71-506.emt3.x86_64.rpm
-perl-Devel-SelfStubber-1.06-506.emt3.noarch.rpm
-perl-diagnostics-1.39-506.emt3.noarch.rpm
-perl-Digest-1.20-506.emt3.noarch.rpm
+perl-devel-5.38.2-507.emt3.x86_64.rpm
+perl-Devel-Peek-1.33-507.emt3.x86_64.rpm
+perl-Devel-PPPort-3.71-507.emt3.x86_64.rpm
+perl-Devel-SelfStubber-1.06-507.emt3.noarch.rpm
+perl-diagnostics-1.39-507.emt3.noarch.rpm
+perl-Digest-1.20-507.emt3.noarch.rpm
 perl-Digest-MD5-2.58-506.emt3.x86_64.rpm
 perl-Digest-SHA-6.04-506.emt3.x86_64.rpm
 perl-DirHandle-1.05-506.emt3.noarch.rpm
-perl-doc-5.38.2-506.emt3.noarch.rpm
-perl-Dumpvalue-2.27-506.emt3.noarch.rpm
+perl-doc-5.38.2-507.emt3.noarch.rpm
+perl-Dumpvalue-2.27-507.emt3.noarch.rpm
 perl-DynaLoader-1.54-506.emt3.x86_64.rpm
-perl-Encode-3.19-506.emt3.x86_64.rpm
-perl-Encode-devel-3.19-506.emt3.noarch.rpm
+perl-Encode-3.19-507.emt3.x86_64.rpm
+perl-Encode-devel-3.19-507.emt3.noarch.rpm
 perl-encoding-3.00-506.emt3.x86_64.rpm
 perl-encoding-warnings-0.14-506.emt3.noarch.rpm
-perl-English-1.11-506.emt3.noarch.rpm
+perl-English-1.11-507.emt3.noarch.rpm
 perl-Env-1.06-506.emt3.noarch.rpm
-perl-Errno-1.37-506.emt3.x86_64.rpm
+perl-Errno-1.37-507.emt3.x86_64.rpm
 perl-experimental-0.031-506.emt3.noarch.rpm
-perl-Exporter-5.77-506.emt3.noarch.rpm
+perl-Exporter-5.77-507.emt3.noarch.rpm
 perl-ExtUtils-CBuilder-0.280238-506.emt3.noarch.rpm
-perl-ExtUtils-Command-7.70-506.emt3.noarch.rpm
+perl-ExtUtils-Command-7.70-507.emt3.noarch.rpm
 perl-ExtUtils-Constant-0.25-506.emt3.noarch.rpm
-perl-ExtUtils-Embed-1.35-506.emt3.noarch.rpm
-perl-ExtUtils-Install-2.22-506.emt3.noarch.rpm
+perl-ExtUtils-Embed-1.35-507.emt3.noarch.rpm
+perl-ExtUtils-Install-2.22-507.emt3.noarch.rpm
 perl-ExtUtils-MakeMaker-7.70-506.emt3.noarch.rpm
 perl-ExtUtils-Manifest-1.73-506.emt3.noarch.rpm
 perl-ExtUtils-Miniperl-1.13-506.emt3.noarch.rpm
-perl-ExtUtils-MM-Utils-7.44-506.emt3.noarch.rpm
+perl-ExtUtils-MM-Utils-7.44-507.emt3.noarch.rpm
 perl-ExtUtils-ParseXS-3.51-506.emt3.noarch.rpm
-perl-Fcntl-1.15-506.emt3.x86_64.rpm
+perl-Fcntl-1.15-507.emt3.x86_64.rpm
 perl-Fedora-VSP-0.001-20.emt3.noarch.rpm
 perl-fields-2.27-506.emt3.noarch.rpm
 perl-File-Basename-2.86-506.emt3.noarch.rpm
-perl-File-Compare-1.100.700-506.emt3.noarch.rpm
-perl-File-Copy-2.41-506.emt3.noarch.rpm
+perl-File-Compare-1.100.700-507.emt3.noarch.rpm
+perl-File-Copy-2.41-507.emt3.noarch.rpm
 perl-File-DosGlob-1.12-506.emt3.x86_64.rpm
 perl-File-Fetch-1.04-506.emt3.noarch.rpm
-perl-File-Find-1.43-506.emt3.noarch.rpm
-perl-File-Path-2.18-506.emt3.noarch.rpm
-perl-File-stat-1.13-506.emt3.noarch.rpm
-perl-File-Temp-0.231.100-506.emt3.noarch.rpm
+perl-File-Find-1.43-507.emt3.noarch.rpm
+perl-File-Path-2.18-507.emt3.noarch.rpm
+perl-File-stat-1.13-507.emt3.noarch.rpm
+perl-File-Temp-0.231.100-507.emt3.noarch.rpm
 perl-FileCache-1.10-506.emt3.noarch.rpm
 perl-FileHandle-2.05-506.emt3.noarch.rpm
 perl-filetest-1.03-506.emt3.noarch.rpm
 perl-Filter-1.64-506.emt3.x86_64.rpm
-perl-Filter-Simple-0.96-506.emt3.noarch.rpm
+perl-Filter-Simple-0.96-507.emt3.noarch.rpm
 perl-FindBin-1.53-506.emt3.noarch.rpm
-perl-GDBM_File-1.24-506.emt3.x86_64.rpm
+perl-GDBM_File-1.24-507.emt3.x86_64.rpm
 perl-generators-1.15-2.emt3.noarch.rpm
 perl-Getopt-Long-2.54-506.emt3.noarch.rpm
-perl-Getopt-Std-1.13-506.emt3.noarch.rpm
+perl-Getopt-Std-1.13-507.emt3.noarch.rpm
 perl-Hash-Util-0.30-506.emt3.x86_64.rpm
 perl-Hash-Util-FieldHash-1.26-506.emt3.x86_64.rpm
-perl-HTTP-Tiny-0.086-506.emt3.noarch.rpm
-perl-I18N-Collate-1.02-506.emt3.noarch.rpm
+perl-HTTP-Tiny-0.086-507.emt3.noarch.rpm
+perl-I18N-Collate-1.02-507.emt3.noarch.rpm
 perl-I18N-Langinfo-0.22-506.emt3.x86_64.rpm
-perl-I18N-LangTags-0.45-506.emt3.noarch.rpm
-perl-if-0.61.000-506.emt3.noarch.rpm
+perl-I18N-LangTags-0.45-507.emt3.noarch.rpm
+perl-if-0.61.000-507.emt3.noarch.rpm
 perl-interpreter-5.38.2-506.emt3.x86_64.rpm
-perl-IO-1.52-506.emt3.x86_64.rpm
-perl-IO-Compress-2.204-506.emt3.noarch.rpm
-perl-IO-Socket-IP-0.41-506.emt3.noarch.rpm
-perl-IO-Zlib-1.14-506.emt3.noarch.rpm
-perl-IPC-Cmd-1.04-506.emt3.noarch.rpm
-perl-IPC-Open3-1.22-506.emt3.noarch.rpm
-perl-IPC-SysV-2.09-506.emt3.x86_64.rpm
-perl-JSON-PP-4.16-506.emt3.noarch.rpm
+perl-IO-1.52-507.emt3.x86_64.rpm
+perl-IO-Compress-2.204-507.emt3.noarch.rpm
+perl-IO-Socket-IP-0.41-507.emt3.noarch.rpm
+perl-IO-Zlib-1.14-507.emt3.noarch.rpm
+perl-IPC-Cmd-1.04-507.emt3.noarch.rpm
+perl-IPC-Open3-1.22-507.emt3.noarch.rpm
+perl-IPC-SysV-2.09-507.emt3.x86_64.rpm
+perl-JSON-PP-4.16-507.emt3.noarch.rpm
 perl-less-0.03-506.emt3.noarch.rpm
-perl-lib-0.65-506.emt3.x86_64.rpm
+perl-lib-0.65-507.emt3.x86_64.rpm
 perl-libintl-perl-1.33-1.emt3.x86_64.rpm
 perl-libintl-perl-debuginfo-1.33-1.emt3.x86_64.rpm
-perl-libnet-3.15-506.emt3.noarch.rpm
-perl-libnetcfg-5.38.2-506.emt3.noarch.rpm
+perl-libnet-3.15-507.emt3.noarch.rpm
+perl-libnetcfg-5.38.2-507.emt3.noarch.rpm
 perl-libs-5.38.2-506.emt3.x86_64.rpm
-perl-locale-1.10-506.emt3.noarch.rpm
-perl-Locale-Maketext-1.33-506.emt3.noarch.rpm
+perl-locale-1.10-507.emt3.noarch.rpm
+perl-Locale-Maketext-1.33-507.emt3.noarch.rpm
 perl-Locale-Maketext-Simple-0.21-506.emt3.noarch.rpm
-perl-macros-5.38.2-506.emt3.noarch.rpm
-perl-Math-BigInt-1.9998.37-506.emt3.noarch.rpm
+perl-macros-5.38.2-507.emt3.noarch.rpm
+perl-Math-BigInt-1.9998.37-507.emt3.noarch.rpm
 perl-Math-BigInt-FastCalc-0.501.300-506.emt3.x86_64.rpm
 perl-Math-BigRat-0.2624-506.emt3.noarch.rpm
-perl-Math-Complex-1.62-506.emt3.noarch.rpm
+perl-Math-Complex-1.62-507.emt3.noarch.rpm
 perl-Memoize-1.16-506.emt3.noarch.rpm
 perl-meta-notation-5.38.2-506.emt3.noarch.rpm
-perl-MIME-Base64-3.16-506.emt3.x86_64.rpm
-perl-Module-CoreList-5.20231129-506.emt3.noarch.rpm
-perl-Module-CoreList-tools-5.20231129-506.emt3.noarch.rpm
+perl-MIME-Base64-3.16-507.emt3.x86_64.rpm
+perl-Module-CoreList-5.20231129-507.emt3.noarch.rpm
+perl-Module-CoreList-tools-5.20231129-507.emt3.noarch.rpm
 perl-Module-Load-0.36-506.emt3.noarch.rpm
-perl-Module-Load-Conditional-0.74-506.emt3.noarch.rpm
+perl-Module-Load-Conditional-0.74-507.emt3.noarch.rpm
 perl-Module-Loaded-0.08-506.emt3.noarch.rpm
 perl-Module-Metadata-1.000037-506.emt3.noarch.rpm
-perl-mro-1.28-506.emt3.x86_64.rpm
-perl-NDBM_File-1.16-506.emt3.x86_64.rpm
+perl-mro-1.28-507.emt3.x86_64.rpm
+perl-NDBM_File-1.16-507.emt3.x86_64.rpm
 perl-Net-1.03-506.emt3.noarch.rpm
-perl-Net-Ping-2.76-506.emt3.noarch.rpm
+perl-Net-Ping-2.76-507.emt3.noarch.rpm
 perl-NEXT-0.69-506.emt3.noarch.rpm
 perl-Object-Accessor-0.48-10.emt3.noarch.rpm
 perl-ODBM_File-1.18-506.emt3.x86_64.rpm
-perl-Opcode-1.64-506.emt3.x86_64.rpm
+perl-Opcode-1.64-507.emt3.x86_64.rpm
 perl-open-1.13-506.emt3.noarch.rpm
 perl-overload-1.37-506.emt3.noarch.rpm
-perl-overloading-0.02-506.emt3.noarch.rpm
+perl-overloading-0.02-507.emt3.noarch.rpm
 perl-Params-Check-0.38-506.emt3.noarch.rpm
-perl-parent-0.241-506.emt3.noarch.rpm
-perl-PathTools-3.89-506.emt3.x86_64.rpm
+perl-parent-0.241-507.emt3.noarch.rpm
+perl-PathTools-3.89-507.emt3.x86_64.rpm
 perl-Perl-OSType-1.010-506.emt3.noarch.rpm
-perl-perlfaq-5.20210520-506.emt3.noarch.rpm
+perl-perlfaq-5.20210520-507.emt3.noarch.rpm
 perl-PerlIO-via-QuotedPrint-0.10-506.emt3.noarch.rpm
 perl-ph-5.38.2-506.emt3.x86_64.rpm
 perl-Pod-Checker-1.75-506.emt3.noarch.rpm
-perl-Pod-Escapes-1.07-506.emt3.noarch.rpm
+perl-Pod-Escapes-1.07-507.emt3.noarch.rpm
 perl-Pod-Functions-1.14-506.emt3.noarch.rpm
-perl-Pod-Html-1.34-506.emt3.noarch.rpm
+perl-Pod-Html-1.34-507.emt3.noarch.rpm
 perl-Pod-Perldoc-3.28.01-506.emt3.noarch.rpm
 perl-Pod-Simple-3.43-506.emt3.noarch.rpm
-perl-Pod-Usage-2.03-506.emt3.noarch.rpm
+perl-Pod-Usage-2.03-507.emt3.noarch.rpm
 perl-podlators-5.01-506.emt3.noarch.rpm
 perl-POSIX-2.13-506.emt3.x86_64.rpm
-perl-Safe-2.44-506.emt3.noarch.rpm
+perl-Safe-2.44-507.emt3.noarch.rpm
 perl-Scalar-List-Utils-1.63-506.emt3.x86_64.rpm
 perl-Search-Dict-1.07-506.emt3.noarch.rpm
 perl-SelectSaver-1.02-506.emt3.noarch.rpm
-perl-SelfLoader-1.26-506.emt3.noarch.rpm
-perl-sigtrap-1.10-506.emt3.noarch.rpm
-perl-Socket-2.036-506.emt3.x86_64.rpm
-perl-sort-2.05-506.emt3.noarch.rpm
-perl-Storable-3.32-506.emt3.x86_64.rpm
+perl-SelfLoader-1.26-507.emt3.noarch.rpm
+perl-sigtrap-1.10-507.emt3.noarch.rpm
+perl-Socket-2.036-507.emt3.x86_64.rpm
+perl-sort-2.05-507.emt3.noarch.rpm
+perl-Storable-3.32-507.emt3.x86_64.rpm
 perl-subs-1.04-506.emt3.noarch.rpm
 perl-Symbol-1.09-506.emt3.noarch.rpm
-perl-Sys-Hostname-1.25-506.emt3.x86_64.rpm
-perl-Sys-Syslog-0.36-506.emt3.x86_64.rpm
-perl-Term-ANSIColor-5.01-506.emt3.noarch.rpm
-perl-Term-Cap-1.18-506.emt3.noarch.rpm
-perl-Term-Complete-1.403-506.emt3.noarch.rpm
-perl-Term-ReadLine-1.17-506.emt3.noarch.rpm
+perl-Sys-Hostname-1.25-507.emt3.x86_64.rpm
+perl-Sys-Syslog-0.36-507.emt3.x86_64.rpm
+perl-Term-ANSIColor-5.01-507.emt3.noarch.rpm
+perl-Term-Cap-1.18-507.emt3.noarch.rpm
+perl-Term-Complete-1.403-507.emt3.noarch.rpm
+perl-Term-ReadLine-1.17-507.emt3.noarch.rpm
 perl-Test-1.31-506.emt3.noarch.rpm
 perl-Test-Harness-3.44-506.emt3.noarch.rpm
-perl-Test-Simple-1.302194-506.emt3.noarch.rpm
+perl-Test-Simple-1.302194-507.emt3.noarch.rpm
 perl-Test-Warnings-0.032-2.emt3.noarch.rpm
 perl-tests-5.38.2-506.emt3.x86_64.rpm
 perl-Text-Abbrev-1.02-506.emt3.noarch.rpm
-perl-Text-Balanced-2.06-506.emt3.noarch.rpm
-perl-Text-ParseWords-3.31-506.emt3.noarch.rpm
-perl-Text-Tabs+Wrap-2021.0814-506.emt3.noarch.rpm
+perl-Text-Balanced-2.06-507.emt3.noarch.rpm
+perl-Text-ParseWords-3.31-507.emt3.noarch.rpm
+perl-Text-Tabs+Wrap-2021.0814-507.emt3.noarch.rpm
 perl-Text-Template-1.61-2.emt3.noarch.rpm
-perl-Thread-3.05-506.emt3.noarch.rpm
+perl-Thread-3.05-507.emt3.noarch.rpm
 perl-Thread-Queue-3.14-506.emt3.noarch.rpm
 perl-Thread-Semaphore-2.13-506.emt3.noarch.rpm
 perl-threads-2.36-506.emt3.x86_64.rpm
-perl-threads-shared-1.68-506.emt3.x86_64.rpm
+perl-threads-shared-1.68-507.emt3.x86_64.rpm
 perl-Tie-4.6-506.emt3.noarch.rpm
 perl-Tie-File-1.07-506.emt3.noarch.rpm
-perl-Tie-Memoize-1.1-506.emt3.noarch.rpm
+perl-Tie-Memoize-1.1-507.emt3.noarch.rpm
 perl-Tie-RefHash-1.40-506.emt3.noarch.rpm
 perl-Time-1.03-506.emt3.noarch.rpm
 perl-Time-HiRes-1.9775-506.emt3.x86_64.rpm
-perl-Time-Local-1.300-506.emt3.noarch.rpm
-perl-Time-Piece-1.3401-506.emt3.x86_64.rpm
+perl-Time-Local-1.300-507.emt3.noarch.rpm
+perl-Time-Piece-1.3401-507.emt3.x86_64.rpm
 perl-Unicode-Collate-1.31-506.emt3.x86_64.rpm
-perl-Unicode-Normalize-1.32-506.emt3.x86_64.rpm
+perl-Unicode-Normalize-1.32-507.emt3.x86_64.rpm
 perl-Unicode-UCD-0.78-506.emt3.noarch.rpm
-perl-User-pwent-1.04-506.emt3.noarch.rpm
+perl-User-pwent-1.04-507.emt3.noarch.rpm
 perl-utils-5.38.2-506.emt3.noarch.rpm
 perl-vars-1.05-506.emt3.noarch.rpm
 perl-version-0.99.29-506.emt3.noarch.rpm
-perl-vmsish-1.04-506.emt3.noarch.rpm
+perl-vmsish-1.04-507.emt3.noarch.rpm
 perl-XML-Parser-2.47-1.emt3.x86_64.rpm
 perl-XML-Parser-debuginfo-2.47-1.emt3.x86_64.rpm
 pinentry-1.2.1-1.emt3.x86_64.rpm
@@ -577,8 +577,8 @@ systemd-bootstrap-debuginfo-250.3-18.emt3.x86_64.rpm
 systemd-bootstrap-devel-250.3-18.emt3.x86_64.rpm
 systemd-bootstrap-libs-250.3-18.emt3.x86_64.rpm
 systemd-bootstrap-rpm-macros-250.3-18.emt3.noarch.rpm
-tar-1.35-1.emt3.x86_64.rpm
-tar-debuginfo-1.35-1.emt3.x86_64.rpm
+tar-1.35-2.emt3.x86_64.rpm
+tar-debuginfo-1.35-2.emt3.x86_64.rpm
 tdnf-3.5.8-10.emt3.x86_64.rpm
 tdnf-autoupdate-3.5.8-10.emt3.x86_64.rpm
 tdnf-cli-libs-3.5.8-10.emt3.x86_64.rpm
@@ -589,7 +589,7 @@ tdnf-plugin-repogpgcheck-3.5.8-10.emt3.x86_64.rpm
 tdnf-python-3.5.8-10.emt3.x86_64.rpm
 texinfo-7.0.3-1.emt3.x86_64.rpm
 texinfo-debuginfo-7.0.3-1.emt3.x86_64.rpm
-unzip-6.0-21.emt3.x86_64.rpm
+unzip-6.0-22.emt3.x86_64.rpm
 unzip-debuginfo-6.0-21.emt3.x86_64.rpm
 util-linux-2.40.2-1.emt3.x86_64.rpm
 util-linux-debuginfo-2.40.2-1.emt3.x86_64.rpm
@@ -598,9 +598,9 @@ util-linux-lang-2.40.2-1.emt3.x86_64.rpm
 util-linux-libs-2.40.2-1.emt3.x86_64.rpm
 which-2.21-8.emt3.x86_64.rpm
 which-debuginfo-2.21-8.emt3.x86_64.rpm
-xz-5.4.4-1.emt3.x86_64.rpm
+xz-5.4.4-2.emt3.x86_64.rpm
 xz-debuginfo-5.4.4-1.emt3.x86_64.rpm
-xz-devel-5.4.4-1.emt3.x86_64.rpm
+xz-devel-5.4.4-2.emt3.x86_64.rpm
 xz-lang-5.4.4-1.emt3.x86_64.rpm
 xz-libs-5.4.4-1.emt3.x86_64.rpm
 zip-3.0-6.emt3.x86_64.rpm
diff --git a/toolkit/scripts/check_srpm_duplicates.py b/toolkit/scripts/check_srpm_duplicates.py
new file mode 100755
index 0000000000..a122df99cc
--- /dev/null
+++ b/toolkit/scripts/check_srpm_duplicates.py
@@ -0,0 +1,67 @@
+#!/usr/bin/env python3
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+import argparse
+import json
+import os
+import sys
+from collections import defaultdict
+
+_REPO_KEY = "Repo"
+_SPEC_PATH_KEY = "SpecPath"
+_SRPM_PATH_KEY = "SrpmPath"
+
+
+def find_srpm_duplicates(specs_file_paths: list[str]) -> list[tuple[str, set[str]]]:
+    """
+    Analyze multiple specs JSON files to find specs producing the same SRPM.
+    """
+    srpm_to_specs = defaultdict(set)
+
+    for specs_file_path in specs_file_paths:
+        with open(specs_file_path, "r") as f:
+            data = json.load(f)
+
+        if _REPO_KEY not in data:
+            raise ValueError(
+                f"Invalid JSON format in {specs_file_path}. Expected '{_REPO_KEY}' key."
+            )
+
+        # Process each item in the repo
+        for item in data["Repo"]:
+            if _SRPM_PATH_KEY not in item or _SPEC_PATH_KEY not in item:
+                raise ValueError(
+                    f"Invalid JSON format in {specs_file_path}. Expected '{_SPEC_PATH_KEY}' and '{_SRPM_PATH_KEY}' keys in each element of '{_REPO_KEY}'."
+                )
+
+            srpm = os.path.basename(item[_SRPM_PATH_KEY])
+            srpm_to_specs[srpm].add(item[_SPEC_PATH_KEY])
+
+    return [
+        (srpm, specs_paths)
+        for srpm, specs_paths in srpm_to_specs.items()
+        if len(specs_paths) > 1
+    ]
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser()
+    parser.add_argument(
+        "specs_file_paths",
+        nargs="+",
+        help="Paths to the specs JSON files to analyze.",
+    )
+    args = parser.parse_args()
+
+    srpm_duplicates = find_srpm_duplicates(args.specs_file_paths)
+    if srpm_duplicates:
+        print("Error: detected specs building the same SRPM.", file=sys.stderr)
+        for srpm, specs_paths in srpm_duplicates:
+            print(f"{srpm}:", file=sys.stderr)
+            for spec_path in specs_paths:
+                print(f"  - {spec_path}", file=sys.stderr)
+            print(file=sys.stderr)
+        sys.exit(1)
+
+    print("No SRPM duplicates found.")
diff --git a/toolkit/scripts/toolchain.mk b/toolkit/scripts/toolchain.mk
index 5ac559fadb..1529910c26 100644
--- a/toolkit/scripts/toolchain.mk
+++ b/toolkit/scripts/toolchain.mk
@@ -193,7 +193,8 @@ $(toolchain_rpms_rehydrated): $(TOOLCHAIN_MANIFEST) $(go-downloader) $(SCRIPTS_D
 		--url-list "$(PACKAGE_URL_LIST)" \
 		--allowable-gpg-keys "$(TOOLCHAIN_GPG_VALIDATION_KEYS)" \
 		$(if $(TLS_CERT),--certificate $(TLS_CERT)) \
-		$(if $(TLS_KEY),--private-key $(TLS_KEY)) || { \
+		$(if $(TLS_KEY),--private-key $(TLS_KEY)) && \
+		echo "$(notdir $@)" >> $(toolchain_downloads_manifest) || { \
 		echo "Could not find toolchain package in package repo to rehydrate with: $(notdir $@)." >> "$$log_file" && \
 		touch $@; \
 	}
diff --git a/toolkit/tools/go.mod b/toolkit/tools/go.mod
index 3173226ba0..8de0ad48d8 100644
--- a/toolkit/tools/go.mod
+++ b/toolkit/tools/go.mod
@@ -10,6 +10,7 @@ require (
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
 	github.com/bendahl/uinput v1.4.0
 	github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e
+	github.com/ddddddO/gtree v1.10.7
 	github.com/fatih/color v1.16.0
 	github.com/gdamore/tcell v1.4.0
 	github.com/google/uuid v1.6.0
@@ -44,12 +45,14 @@ require (
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.7 // indirect
+	github.com/pelletier/go-toml/v2 v2.1.1 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rivo/uniseg v0.1.0 // indirect
-	github.com/xrash/smetrics v0.0.0-20170218160415-a3153f7040e9 // indirect
+	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect
 	golang.org/x/net v0.33.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/text v0.21.0 // indirect
 )
diff --git a/toolkit/tools/go.sum b/toolkit/tools/go.sum
index 0ad4d93e68..b02a0f0647 100644
--- a/toolkit/tools/go.sum
+++ b/toolkit/tools/go.sum
@@ -26,6 +26,8 @@ github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oD
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/ddddddO/gtree v1.10.7 h1:bQ2kHOAdVjnXZ2PXiWeItjw5Uwa/4H1PCSMB56v7dkY=
+github.com/ddddddO/gtree v1.10.7/go.mod h1:1VqbPuR6Wyv8nwtk+WT4TuXV82oA67QzsXMw2IVc41s=
 github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
 github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
 github.com/gdamore/encoding v1.0.0 h1:+7OoQ1Bc6eTm5niUzBa0Ctsh6JbMW6Ra+YNuAtDBdko=
@@ -69,6 +71,8 @@ github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vyg
 github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
 github.com/muesli/crunchy v0.4.0 h1:qdiml8gywULHBsztiSAf6rrE6EyuNasNKZ104mAaahM=
 github.com/muesli/crunchy v0.4.0/go.mod h1:9k4x6xdSbb7WwtAVy0iDjaiDjIk6Wa5AgUIqp+HqOpU=
+github.com/pelletier/go-toml/v2 v2.1.1 h1:LWAJwfNvjQZCFIDKWYQaM62NcYeYViCmWIwmOStowAI=
+github.com/pelletier/go-toml/v2 v2.1.1/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -82,20 +86,30 @@ github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8=
 github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/xrash/smetrics v0.0.0-20170218160415-a3153f7040e9 h1:w8V9v0qVympSF6GjdjIyeqR7+EVhAF9CBQmkmW7Zw0w=
 github.com/xrash/smetrics v0.0.0-20170218160415-a3153f7040e9/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
+github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
+github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
 golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ=
 golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE=
 golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190626150813-e07cf5db2756/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191018095205-727590c5006e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
diff --git a/toolkit/tools/internal/azureblobstorage/azureblobstorage.go b/toolkit/tools/internal/azureblobstorage/azureblobstorage.go
index 9ced0623ca..4959a4698e 100644
--- a/toolkit/tools/internal/azureblobstorage/azureblobstorage.go
+++ b/toolkit/tools/internal/azureblobstorage/azureblobstorage.go
@@ -56,6 +56,9 @@ func (abs *AzureBlobStorage) Download(
 	containerName string,
 	blobName string,
 	localFileName string) (err error) {
+	if ctx == nil {
+		return fmt.Errorf("context is nil")
+	}
 
 	downloadStartTime := time.Now()
 
diff --git a/toolkit/tools/internal/network/network.go b/toolkit/tools/internal/network/network.go
index 1ecbae9c63..9a0df5733f 100644
--- a/toolkit/tools/internal/network/network.go
+++ b/toolkit/tools/internal/network/network.go
@@ -68,26 +68,27 @@ func JoinURL(baseURL string, extraPaths ...string) string {
 // returns: wasCancelled: true if the download was cancelled via the external cancel channel, false otherwise.
 // returns: err: An error if the download failed (including being cancelled), nil otherwise.
 func DownloadFileWithRetry(ctx context.Context, srcUrl, dstFile string, caCerts *x509.CertPool, tlsCerts []tls.Certificate, timeout time.Duration) (wasCancelled bool, err error) {
-	var (
-		retryCtx   context.Context
-		cancelFunc context.CancelFunc
-	)
+	var closeCtx context.CancelFunc
+
 	if ctx == nil {
 		return false, fmt.Errorf("context is nil")
 	}
+
 	if timeout < 0 {
 		return false, fmt.Errorf("%w: %s", ErrDownloadFileInvalidTimeout, timeout)
-	} else if timeout == 0 {
-		retryCtx, cancelFunc = context.WithCancel(ctx)
+	}
+
+	if timeout == 0 {
+		ctx, closeCtx = context.WithCancel(ctx)
 	} else {
-		retryCtx, cancelFunc = context.WithTimeout(ctx, timeout)
+		ctx, closeCtx = context.WithTimeout(ctx, timeout)
 	}
-	defer cancelFunc()
+	defer closeCtx()
 
 	retryNum := 1
 	errorWas404 := false
-	wasCancelled, err = retry.RunWithDefaultDownloadBackoff(retryCtx, func() error {
-		netErr := DownloadFile(srcUrl, dstFile, caCerts, tlsCerts)
+	wasCancelled, err = retry.RunWithDefaultDownloadBackoff(ctx, func() error {
+		netErr := DownloadFile(ctx, srcUrl, dstFile, caCerts, tlsCerts)
 		if netErr != nil {
 			// Check if the error is a 404, we should print a warning in that case so the user
 			// sees it even if we are running with --no-verbose. 404's are unlikely to fix themselves on retry, give up.
@@ -95,7 +96,7 @@ func DownloadFileWithRetry(ctx context.Context, srcUrl, dstFile string, caCerts
 				logger.Log.Warnf("Attempt %d/%d: Failed to download (%s) with error: (%s)", retryNum, retry.DefaultDownloadRetryAttempts, srcUrl, netErr)
 				logger.Log.Warnf("404 errors are likely unrecoverable, will not retry")
 				errorWas404 = true
-				cancelFunc()
+				closeCtx()
 			} else {
 				logger.Log.Infof("Attempt %d/%d: Failed to download (%s) with error: (%s)", retryNum, retry.DefaultDownloadRetryAttempts, srcUrl, netErr)
 			}
@@ -116,7 +117,11 @@ func DownloadFileWithRetry(ctx context.Context, srcUrl, dstFile string, caCerts
 }
 
 // DownloadFile downloads `url` into `dst`. `caCerts` may be nil. If there is an error `dst` will be removed.
-func DownloadFile(url, dst string, caCerts *x509.CertPool, tlsCerts []tls.Certificate) (err error) {
+func DownloadFile(ctx context.Context, url, dst string, caCerts *x509.CertPool, tlsCerts []tls.Certificate) (err error) {
+	if ctx == nil {
+		return fmt.Errorf("context is nil")
+	}
+
 	logger.Log.Debugf("Downloading (%s) -> (%s)", url, dst)
 
 	dstFile, err := os.Create(dst)
@@ -147,7 +152,12 @@ func DownloadFile(url, dst string, caCerts *x509.CertPool, tlsCerts []tls.Certif
 		Transport: transport,
 	}
 
-	response, err := client.Get(url)
+	request, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
+	if err != nil {
+		return fmt.Errorf("%w:\nfailed to create request:\n%w", ErrDownloadFileOther, err)
+	}
+
+	response, err := client.Do(request)
 	if err != nil {
 		return fmt.Errorf("%w:\nrequest failed:\n%w", ErrDownloadFileOther, err)
 	}
diff --git a/toolkit/tools/internal/network/network_test.go b/toolkit/tools/internal/network/network_test.go
index c2c4e40d5d..73e889f022 100644
--- a/toolkit/tools/internal/network/network_test.go
+++ b/toolkit/tools/internal/network/network_test.go
@@ -150,9 +150,9 @@ func TestDownloadFile(t *testing.T) {
 			dstDir := t.TempDir()
 			tt.args.dstFile = filepath.Join(dstDir, tt.args.dstFile)
 			if tt.useCtx {
-				var cancelFunc context.CancelFunc
-				tt.args._ctx, cancelFunc = context.WithTimeout(context.Background(), cancelDelay)
-				defer cancelFunc()
+				var closeCtx context.CancelFunc
+				tt.args._ctx, closeCtx = context.WithTimeout(context.Background(), cancelDelay)
+				defer closeCtx()
 			} else {
 				tt.args._ctx = context.Background()
 			}
diff --git a/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go b/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go
index 7e00c9b1dd..c43f55bae8 100644
--- a/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go
+++ b/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go
@@ -641,8 +641,8 @@ func (r *RpmRepoCloner) clonePackage(baseArgs []string) (preBuilt bool, err erro
 		finalArgs := append(baseArgs, reposArgs...)
 
 		// We run in a retry loop on errors deemed retriable.
-		ctx, cancelFunc := context.WithCancel(context.Background())
-		defer cancelFunc()
+		ctx, closeCtx := context.WithCancel(context.Background())
+		defer closeCtx()
 
 		retryNum := 1
 		_, err = retry.RunWithDefaultDownloadBackoff(ctx, func() error {
@@ -652,7 +652,7 @@ func (r *RpmRepoCloner) clonePackage(baseArgs []string) (preBuilt bool, err erro
 					logger.Log.Debugf("Package cloning attempt %d/%d failed with a retriable error.", retryNum, retry.DefaultDownloadRetryAttempts)
 				} else {
 					logger.Log.Debugf("Package cloning attempt %d/%d failed with an unrecoverable error. Cancelling.", retryNum, retry.DefaultDownloadRetryAttempts)
-					cancelFunc()
+					closeCtx()
 				}
 			}
 
diff --git a/toolkit/tools/internal/pkggraph/graphprinter.go b/toolkit/tools/internal/pkggraph/graphprinter.go
new file mode 100644
index 0000000000..f449ffcb1b
--- /dev/null
+++ b/toolkit/tools/internal/pkggraph/graphprinter.go
@@ -0,0 +1,225 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package pkggraph
+
+import (
+	"fmt"
+	"io"
+	"strings"
+
+	"github.com/ddddddO/gtree"
+	"github.com/microsoft/azurelinux/toolkit/tools/internal/logger"
+	"github.com/sirupsen/logrus"
+)
+
+const seenNodeSuffix = "... [SEEN]"
+
+// GraphPrinter is a type meant to print a graph in a human-readable format.
+// It uses a depth-first search (DFS) algorithm to traverse the graph and print each node.
+// The printer ignores any cycles in the graph and thus turns the graph into a tree.
+// We use the gtree package to print the tree structure.
+// See NewGraphPrinter for more details on how to customize the printer.
+//
+// Example:
+//
+//	Graph structure:
+//
+//	A -> B
+//	A -> E
+//	B -> C
+//	B -> D
+//	D -> A (loop)
+//
+//	Output starting from 'A':
+//	A
+//	├── B
+//	│   ├── C
+//	│   └── D
+//	└── E
+type GraphPrinter struct {
+	output         io.Writer
+	printNodesOnce bool
+}
+
+type graphPrinterModifier func(*GraphPrinter)
+
+// loggerOutputWrapper is a wrapper around logrus.Logger to implement the io.Writer interface.
+type loggerOutputWrapper struct {
+	logLevel logrus.Level
+}
+
+// gTreeBuilder helps build a 'gtree' package's tree from a graph.
+type gTreeBuilder struct {
+	treeRoot       *gtree.Node
+	seenNodes      map[*PkgNode]bool
+	printNodesOnce bool
+}
+
+// NewGraphPrinter creates a new GraphPrinter.
+// It accepts a variadic number of 'GraphPrinter*' modifiers to customize the printer's behavior.
+// The default settings are:
+// - output: logrus logger on debug level
+// - printNodesOnce: false
+func NewGraphPrinter(modifiers ...graphPrinterModifier) GraphPrinter {
+	printer := GraphPrinter{
+		output: loggerOutputWrapper{
+			logLevel: logrus.DebugLevel,
+		},
+		printNodesOnce: false,
+	}
+
+	for _, modifier := range modifiers {
+		if modifier != nil {
+			modifier(&printer)
+		}
+	}
+
+	return printer
+}
+
+// GraphPrinterOutput is a config modifier passed to the graph printer's constructor
+// to define the output writer for the graph printer.
+func GraphPrinterOutput(output io.Writer) graphPrinterModifier {
+	return func(g *GraphPrinter) {
+		g.output = output
+	}
+}
+
+// GraphPrinterLogOutput is a config modifier passed to the graph printer's constructor
+// making the printer's output be logged at the specified log level.
+func GraphPrinterLogOutput(logLevel logrus.Level) graphPrinterModifier {
+	return func(g *GraphPrinter) {
+		g.output = loggerOutputWrapper{
+			logLevel: logLevel,
+		}
+	}
+}
+
+// GraphPrinterPrintOnce is a config modifier passed to the graph printer's constructor
+// to define whether the printer should print each node only once.
+func GraphPrinterPrintNodesOnce() graphPrinterModifier {
+	return func(g *GraphPrinter) {
+		g.printNodesOnce = true
+	}
+}
+
+// Print prints the graph. It ignores any cycles in the graph turning the graph into a tree.
+// It then uses the 'gtree' package to print the tree structure.
+func (g GraphPrinter) Print(graph *PkgGraph, rootNode *PkgNode) error {
+	if graph == nil {
+		return fmt.Errorf("graph is nil")
+	}
+
+	if rootNode == nil {
+		return fmt.Errorf("root node is nil")
+	}
+
+	if !graph.HasNode(rootNode) {
+		return fmt.Errorf("root node '%s' not found in the graph", rootNode.FriendlyName())
+	}
+
+	treeBuilder := newGTreeBuilder(g.printNodesOnce)
+	treeRoot, err := treeBuilder.buildTree(graph, rootNode)
+	if err != nil {
+		return fmt.Errorf("failed to build tree:\n%w", err)
+	}
+
+	err = gtree.OutputProgrammably(g.output, treeRoot)
+	if err != nil {
+		return fmt.Errorf("failed to print tree:\n%w", err)
+	}
+
+	return nil
+}
+
+// Write implements the io.Writer interface.
+func (l loggerOutputWrapper) Write(bytes []byte) (int, error) {
+	// Remove the trailing newline character from the log message,
+	// as it's unnecessary when logging.
+	line := strings.TrimSuffix(string(bytes), "\n")
+	logger.Log.Log(l.logLevel, line)
+	return len(bytes), nil
+}
+
+// newGTreeBuilder creates a new gTreeBuilder instance with the specified
+// configuration for printing nodes once.
+func newGTreeBuilder(printNodesOnce bool) *gTreeBuilder {
+	result := &gTreeBuilder{
+		printNodesOnce: printNodesOnce,
+	}
+	result.resetState()
+	return result
+}
+
+// buildTree traverses the graph and constructs a tree representation.
+func (t *gTreeBuilder) buildTree(graph *PkgGraph, rootNode *PkgNode) (*gtree.Node, error) {
+	if graph == nil {
+		return nil, fmt.Errorf("graph is nil")
+	}
+
+	if rootNode == nil {
+		return nil, fmt.Errorf("root node is nil")
+	}
+
+	t.resetState()
+	t.buildTreeWithDFS(nil, rootNode, graph)
+
+	return t.treeRoot, nil
+}
+
+func (tb *gTreeBuilder) resetState() {
+	tb.seenNodes = make(map[*PkgNode]bool)
+	tb.treeRoot = nil
+}
+
+// buildTreeWithDFS builds the tree using depth-first search.
+// It converts a general graph into a tree structure.
+// It uses a map to keep track of seen nodes to avoid cycles.
+func (t *gTreeBuilder) buildTreeWithDFS(treeParent *gtree.Node, pkgNode *PkgNode, graph *PkgGraph) {
+	if pkgNode == nil {
+		return
+	}
+
+	// We add a node before the "seen" check because we always
+	// want to add the node to the tree. If it's been seen before,
+	// we just mark it as seen as part of the text displayed for the node.
+	treeNode := t.buildTreeNode(treeParent, pkgNode)
+
+	if t.seenNodes[pkgNode] {
+		return
+	}
+
+	t.seenNodes[pkgNode] = true
+
+	children := graph.From(pkgNode.ID())
+	for children.Next() {
+		t.buildTreeWithDFS(treeNode, children.Node().(*PkgNode), graph)
+	}
+
+	// As we traverse the graph back up, setting the node as unseen
+	// allows us to print it again if we encounter it later
+	// in a DIFFERENT branch of the tree.
+	if !t.printNodesOnce {
+		t.seenNodes[pkgNode] = false
+	}
+}
+
+// buildTreeNode creates a new tree node and adds it to the parent
+// or sets it as the root if the parent is nil.
+func (t *gTreeBuilder) buildTreeNode(treeParent *gtree.Node, pkgNode *PkgNode) *gtree.Node {
+	nodeText := t.buildNodeText(pkgNode)
+	if treeParent == nil {
+		t.treeRoot = gtree.NewRoot(nodeText)
+		return t.treeRoot
+	}
+	return treeParent.Add(nodeText)
+}
+
+// buildNodeText formats the node text based on whether it's been seen before.
+func (t *gTreeBuilder) buildNodeText(pkgNode *PkgNode) string {
+	if t.seenNodes[pkgNode] {
+		return pkgNode.FriendlyName() + seenNodeSuffix
+	}
+	return pkgNode.FriendlyName()
+}
diff --git a/toolkit/tools/internal/pkggraph/graphprinter_test.go b/toolkit/tools/internal/pkggraph/graphprinter_test.go
new file mode 100644
index 0000000000..14f6a7f882
--- /dev/null
+++ b/toolkit/tools/internal/pkggraph/graphprinter_test.go
@@ -0,0 +1,313 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package pkggraph
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/sirupsen/logrus"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDefaultGraphPrinterCreatedOK(t *testing.T) {
+	printer := NewGraphPrinter()
+	assert.NotNil(t, printer)
+	assert.False(t, printer.printNodesOnce)
+}
+
+func TestCustomOutputAppliesOK(t *testing.T) {
+	const nodeName = "node"
+
+	var buffer strings.Builder
+
+	printer := NewGraphPrinter(
+		GraphPrinterOutput(&buffer),
+	)
+
+	graph := NewPkgGraph()
+	assert.NotNil(t, graph)
+
+	rootNode, err := addNodeToGraph(graph, nodeName)
+	assert.NoError(t, err)
+
+	printer.Print(graph, rootNode)
+
+	output := buffer.String()
+	assert.Contains(t, output, nodeName)
+}
+
+func TestPrintingLargerGraphOK(t *testing.T) {
+	const (
+		rootName       = "root"
+		child1Name     = "child1"
+		child2Name     = "child2"
+		grandchildName = "grandchild"
+	)
+
+	var buf strings.Builder
+	printer := NewGraphPrinter(
+		GraphPrinterOutput(&buf),
+	)
+
+	// Create a graph with multiple nodes and edges.
+	graph := NewPkgGraph()
+	assert.NotNil(t, graph)
+
+	// Add root node.
+	rootNode, err := addNodeToGraph(graph, rootName)
+	assert.NoError(t, err)
+
+	// Add children.
+	child1, err := addNodeToGraph(graph, child1Name)
+	assert.NoError(t, err)
+
+	child2, err := addNodeToGraph(graph, child2Name)
+	assert.NoError(t, err)
+
+	// Add grandchild.
+	grandchild, err := addNodeToGraph(graph, grandchildName)
+	assert.NoError(t, err)
+
+	// Add edges.
+	err = graph.AddEdge(rootNode, child1)
+	assert.NoError(t, err)
+
+	err = graph.AddEdge(rootNode, child2)
+	assert.NoError(t, err)
+
+	err = graph.AddEdge(child1, grandchild)
+	assert.NoError(t, err)
+
+	err = printer.Print(graph, rootNode)
+	assert.NoError(t, err)
+
+	// Check output contains all nodes.
+	output := buf.String()
+	assert.Contains(t, output, rootName)
+	assert.Contains(t, output, "── "+child1Name)
+	assert.Contains(t, output, "── "+child2Name)
+	assert.Contains(t, output, "   └── "+grandchildName)
+}
+
+func TestPrintGraphWithCyclesOK(t *testing.T) {
+	const (
+		node1Name = "node1"
+		node2Name = "node2"
+	)
+
+	var buf strings.Builder
+
+	printer := NewGraphPrinter(
+		GraphPrinterOutput(&buf),
+	)
+
+	// Create a graph with a cycle.
+	graph := NewPkgGraph()
+
+	// Add nodes.
+	node1, err := addNodeToGraph(graph, node1Name)
+	assert.NoError(t, err)
+
+	node2, err := addNodeToGraph(graph, node2Name)
+	assert.NoError(t, err)
+
+	// Create a cycle.
+	err = graph.AddEdge(node1, node2)
+	assert.NoError(t, err)
+
+	err = graph.AddEdge(node2, node1)
+	assert.NoError(t, err)
+
+	// Print the graph assuming 'node1' is the root.
+	err = printer.Print(graph, node1)
+	assert.NoError(t, err)
+
+	// Check output contains both nodes with 'node1' at the root level.
+	output := buf.String()
+	assert.Contains(t, output, node1Name)
+	assert.Contains(t, output, "└── "+node2Name)
+
+	buf.Reset()
+
+	// Print the graph assuming 'node2' is the root.
+	err = printer.Print(graph, node2)
+	assert.NoError(t, err)
+
+	// Check output contains both nodes with 'node2' at the root level.
+	output = buf.String()
+	assert.Contains(t, output, node2Name)
+	assert.Contains(t, output, "└── "+node1Name)
+}
+
+func TestPrintNilGraphReturnsError(t *testing.T) {
+	var buf strings.Builder
+
+	printer := NewGraphPrinter(
+		GraphPrinterOutput(&buf),
+	)
+
+	err := printer.Print(nil, nil)
+	assert.Error(t, err)
+
+	// Output should be empty since error occurred.
+	assert.Empty(t, buf.String())
+}
+
+func TestPrintNilRootReturnsError(t *testing.T) {
+	var buf strings.Builder
+
+	printer := NewGraphPrinter(
+		GraphPrinterOutput(&buf),
+	)
+
+	graph := NewPkgGraph()
+
+	err := printer.Print(graph, nil)
+	assert.Error(t, err)
+
+	// Output should be empty since error occurred.
+	assert.Empty(t, buf.String())
+}
+
+func TestPrintNodeNotInGraphReturnsError(t *testing.T) {
+	var buf strings.Builder
+
+	printer := NewGraphPrinter(
+		GraphPrinterOutput(&buf),
+	)
+
+	graph := NewPkgGraph()
+
+	err := printer.Print(graph, &PkgNode{})
+	assert.Error(t, err)
+
+	// Output should be empty since error occurred.
+	assert.Empty(t, buf.String())
+}
+func TestAllNilModifiersHandledCorrectly(t *testing.T) {
+	assert.NotPanics(t, func() {
+		NewGraphPrinter(nil, nil, nil)
+	})
+}
+
+func TestMixedNilAndValidModifiersHandledCorrectly(t *testing.T) {
+	var (
+		buf     strings.Builder
+		printer GraphPrinter
+	)
+
+	assert.NotPanics(t, func() {
+		printer = NewGraphPrinter(
+			nil,
+			GraphPrinterOutput(&buf),
+			nil,
+		)
+	})
+
+	// Verify that valid modifiers were applied
+	assert.Equal(t, &buf, printer.output)
+}
+
+func TestLogOutputModifierAppliedCorrectly(t *testing.T) {
+	// Test with GraphPrinterLogOutput
+	printer := NewGraphPrinter(
+		GraphPrinterLogOutput(logrus.InfoLevel),
+	)
+
+	// Verify the output is a loggerOutputWrapper with the correct log level
+	logOutput, isLoggerOutput := printer.output.(loggerOutputWrapper)
+	assert.True(t, isLoggerOutput)
+	assert.Equal(t, logrus.InfoLevel, logOutput.logLevel)
+}
+
+func TestPrintNodesOnceModifierAppliedCorrectly(t *testing.T) {
+	printer := NewGraphPrinter(
+		GraphPrinterPrintNodesOnce(),
+	)
+
+	assert.True(t, printer.printNodesOnce)
+}
+
+func TestPrintNodesOnceFunctionalityWorks(t *testing.T) {
+	const (
+		rootName   = "root"
+		child1Name = "child1"
+		child2Name = "child2"
+		sharedName = "shared"
+	)
+
+	// Create a graph where both child1 and child2 depend on the same shared node:
+	// root -> child1 -> shared
+	//      -> child2 -> shared
+	graph := NewPkgGraph()
+	assert.NotNil(t, graph)
+
+	rootNode, err := addNodeToGraph(graph, rootName)
+	assert.NoError(t, err)
+
+	child1, err := addNodeToGraph(graph, child1Name)
+	assert.NoError(t, err)
+
+	child2, err := addNodeToGraph(graph, child2Name)
+	assert.NoError(t, err)
+
+	sharedNode, err := addNodeToGraph(graph, sharedName)
+	assert.NoError(t, err)
+
+	err = graph.AddEdge(rootNode, child1)
+	assert.NoError(t, err)
+
+	err = graph.AddEdge(rootNode, child2)
+	assert.NoError(t, err)
+
+	err = graph.AddEdge(child1, sharedNode)
+	assert.NoError(t, err)
+
+	err = graph.AddEdge(child2, sharedNode)
+	assert.NoError(t, err)
+
+	testCases := []struct {
+		name              string
+		printNodesConfig  graphPrinterModifier
+		outputContains    []string
+		outputNotContains []string
+	}{
+		{
+			name:              "print repeated nodes",
+			printNodesConfig:  nil,
+			outputContains:    []string{rootName, child1Name, child2Name, sharedName},
+			outputNotContains: []string{seenNodeSuffix},
+		},
+		{
+			name:              "don't print repeated nodes",
+			printNodesConfig:  GraphPrinterPrintNodesOnce(),
+			outputContains:    []string{rootName, child1Name, child2Name, seenNodeSuffix, seenNodeSuffix},
+			outputNotContains: []string{},
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			var buf strings.Builder
+			printer := NewGraphPrinter(
+				GraphPrinterOutput(&buf),
+				testCase.printNodesConfig,
+			)
+
+			err = printer.Print(graph, rootNode)
+			assert.NoError(t, err)
+			output := buf.String()
+
+			// Check tree structure
+			for _, contains := range testCase.outputContains {
+				assert.Contains(t, output, contains)
+			}
+
+			for _, notContains := range testCase.outputNotContains {
+				assert.NotContains(t, output, notContains)
+			}
+		})
+	}
+}
diff --git a/toolkit/tools/internal/pkggraph/gtreebuilder_test.go b/toolkit/tools/internal/pkggraph/gtreebuilder_test.go
new file mode 100644
index 0000000000..8d275ceaba
--- /dev/null
+++ b/toolkit/tools/internal/pkggraph/gtreebuilder_test.go
@@ -0,0 +1,226 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package pkggraph
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/ddddddO/gtree"
+	"github.com/microsoft/azurelinux/toolkit/tools/internal/pkgjson"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNewGTreeBuilderDefaultsOK(t *testing.T) {
+	builder := newGTreeBuilder(false)
+	assert.NotNil(t, builder)
+	assert.False(t, builder.printNodesOnce)
+	assert.NotNil(t, builder.seenNodes)
+	assert.Empty(t, builder.seenNodes)
+	assert.Nil(t, builder.treeRoot)
+}
+
+func TestNewGTreeBuilderSetPrintNodesOnceWorks(t *testing.T) {
+	builder := newGTreeBuilder(true)
+	assert.NotNil(t, builder)
+	assert.True(t, builder.printNodesOnce)
+	assert.NotNil(t, builder.seenNodes)
+	assert.Empty(t, builder.seenNodes)
+	assert.Nil(t, builder.treeRoot)
+}
+
+func TestBuildTreeWithNilRootNodeErrorsOut(t *testing.T) {
+	builder := newGTreeBuilder(false)
+	_, err := builder.buildTree(NewPkgGraph(), nil)
+	assert.Error(t, err)
+}
+
+func TestBuildTreeWithNilGraphErrorsOut(t *testing.T) {
+	builder := newGTreeBuilder(false)
+	_, err := builder.buildTree(nil, createTestNode("test-node"))
+	assert.Error(t, err)
+}
+
+func TestBuildTreeNodeWithNilParentSetsTreeRoot(t *testing.T) {
+	builder := newGTreeBuilder(false)
+
+	pkgNode := createTestNode("test-node")
+
+	treeNode := builder.buildTreeNode(nil, pkgNode)
+
+	assert.NotNil(t, treeNode)
+	assert.Equal(t, builder.treeRoot, treeNode)
+}
+
+func TestBuildNodeTextForUnseenNodeOK(t *testing.T) {
+	builder := newGTreeBuilder(false)
+
+	pkgNode := createTestNode("test-node")
+
+	text := builder.buildNodeText(pkgNode)
+	assert.Contains(t, text, "test-node")
+	assert.NotContains(t, text, seenNodeSuffix)
+
+}
+
+func TestBuildNodeTextForSeenNodeOK(t *testing.T) {
+	builder := newGTreeBuilder(false)
+
+	pkgNode := createTestNode("test-node")
+
+	// Mark the node as seen
+	builder.seenNodes[pkgNode] = true
+
+	// Test when node has been seen before
+	text := builder.buildNodeText(pkgNode)
+	assert.Contains(t, text, "test-node")
+	assert.Contains(t, text, seenNodeSuffix)
+}
+
+func TestBuildTreeWithDFSWithoutLoopsWorks(t *testing.T) {
+	var buf strings.Builder
+
+	graph := NewPkgGraph()
+
+	// Build graph: root -> child1
+	rootNode, err := addNodeToGraph(graph, "root")
+	assert.NoError(t, err)
+
+	child1, err := addNodeToGraph(graph, "child1")
+	assert.NoError(t, err)
+
+	err = graph.AddEdge(rootNode, child1)
+	assert.NoError(t, err)
+
+	// Build the tree
+	builder := newGTreeBuilder(false)
+	builder.buildTreeWithDFS(nil, rootNode, graph)
+
+	err = gtree.OutputProgrammably(&buf, builder.treeRoot)
+	assert.NoError(t, err)
+
+	// Check tree structure
+	output := buf.String()
+	assert.Contains(t, output, "root")
+	assert.Contains(t, output, "child1")
+}
+
+func TestBuildTreeWithDFSWithLoopWorks(t *testing.T) {
+	var buf strings.Builder
+
+	graph := NewPkgGraph()
+
+	// Build graph: A -> B -> A
+	nodeA, err := addNodeToGraph(graph, "A")
+	assert.NoError(t, err)
+
+	nodeB, err := addNodeToGraph(graph, "B")
+	assert.NoError(t, err)
+
+	err = graph.AddEdge(nodeA, nodeB)
+	assert.NoError(t, err)
+
+	err = graph.AddEdge(nodeB, nodeA)
+	assert.NoError(t, err)
+
+	// Build the tree
+	builder := newGTreeBuilder(false)
+	builder.buildTreeWithDFS(nil, nodeA, graph)
+
+	err = gtree.OutputProgrammably(&buf, builder.treeRoot)
+	assert.NoError(t, err)
+
+	// Check tree structure
+	output := buf.String()
+	assert.Contains(t, output, "A")
+	assert.Contains(t, output, "B")
+}
+
+func TestBuildTreeWithDFSPrintRepeatedNodes(t *testing.T) {
+	const (
+		rootName   = "root"
+		child1Name = "child1"
+		child2Name = "child2"
+	)
+
+	graph := NewPkgGraph()
+
+	// Build graph:
+	// root -> child1 -> child2
+	// 		-> child2
+	rootNode, err := addNodeToGraph(graph, rootName)
+	assert.NoError(t, err)
+
+	child1, err := addNodeToGraph(graph, child1Name)
+	assert.NoError(t, err)
+
+	child2, err := addNodeToGraph(graph, child2Name)
+	assert.NoError(t, err)
+
+	err = graph.AddEdge(rootNode, child1)
+	assert.NoError(t, err)
+
+	err = graph.AddEdge(child1, child2)
+	assert.NoError(t, err)
+
+	err = graph.AddEdge(rootNode, child2)
+	assert.NoError(t, err)
+
+	testCases := []struct {
+		name              string
+		printNodesOnce    bool
+		outputContains    []string
+		outputNotContains []string
+	}{
+		{
+			name:              "print repeated nodes",
+			printNodesOnce:    false,
+			outputContains:    []string{rootName, child1Name, child2Name},
+			outputNotContains: []string{seenNodeSuffix},
+		},
+		{
+			name:              "don't print repeated nodes",
+			printNodesOnce:    true,
+			outputContains:    []string{rootName, child1Name, child2Name, seenNodeSuffix},
+			outputNotContains: []string{},
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			var buf strings.Builder
+
+			// Build the tree
+			builder := newGTreeBuilder(testCase.printNodesOnce)
+			builder.buildTreeWithDFS(nil, rootNode, graph)
+
+			err = gtree.OutputProgrammably(&buf, builder.treeRoot)
+			assert.NoError(t, err)
+
+			// Check tree structure
+			output := buf.String()
+			for _, contains := range testCase.outputContains {
+				assert.Contains(t, output, contains)
+			}
+
+			for _, notContains := range testCase.outputNotContains {
+				assert.NotContains(t, output, notContains)
+			}
+		})
+	}
+}
+
+func addNodeToGraph(graph *PkgGraph, nodeName string) (*PkgNode, error) {
+	return graph.AddPkgNode(&pkgjson.PackageVer{Name: nodeName}, StateMeta, TypeLocalRun, NoSRPMPath, NoRPMPath, NoSpecPath, NoSourceDir, NoArchitecture, NoSourceRepo)
+}
+
+func createTestNode(name string) *PkgNode {
+	return &PkgNode{
+		VersionedPkg: &pkgjson.PackageVer{
+			Name: name,
+		},
+		Type:  TypeLocalRun,
+		State: StateMeta,
+	}
+}
diff --git a/toolkit/tools/internal/pkggraph/pkggraph.go b/toolkit/tools/internal/pkggraph/pkggraph.go
index 816aabe6eb..63554fcec9 100644
--- a/toolkit/tools/internal/pkggraph/pkggraph.go
+++ b/toolkit/tools/internal/pkggraph/pkggraph.go
@@ -656,6 +656,14 @@ func (g *PkgGraph) AllRunNodes() []*PkgNode {
 	})
 }
 
+// AllUnresolvedNodes returns a list of all unresolved nodes in the graph.
+// It traverses the graph and returns all nodes of type StateUnresolved.
+func (g *PkgGraph) AllUnresolvedNodes() []*PkgNode {
+	return g.NodesMatchingFilter(func(n *PkgNode) bool {
+		return n.State == StateUnresolved
+	})
+}
+
 // AllPreferredRunNodes returns all RunNodes in the LookupTable
 // Though a graph can contain both LocalRun and RemoteRun node for a single
 // package-version, the LookupTable will have:
diff --git a/toolkit/tools/internal/pkggraph/pkggraph_test.go b/toolkit/tools/internal/pkggraph/pkggraph_test.go
index bb1d69d46d..7c10d5c823 100644
--- a/toolkit/tools/internal/pkggraph/pkggraph_test.go
+++ b/toolkit/tools/internal/pkggraph/pkggraph_test.go
@@ -1630,3 +1630,94 @@ func TestAllImplicitNodes(t *testing.T) {
 
 	checkEqualComponents(t, []*PkgNode{actualImplicitNode}, g.AllImplicitNodes())
 }
+
+func TestAllUnresolvedNodesEmptyForNewGraph(t *testing.T) {
+	g := NewPkgGraph()
+	assert.NotNil(t, g)
+
+	assert.Empty(t, g.AllUnresolvedNodes())
+}
+
+func TestAllUnresolvedNodesReturnsUnresolvedNode(t *testing.T) {
+	g := NewPkgGraph()
+	assert.NotNil(t, g)
+
+	// Add an unresolved node
+	unresolvedNode, err := g.AddRemoteUnresolvedNode(&pkgjson.PackageVer{Name: "test-unresolved"})
+	assert.NoError(t, err)
+	assert.NotNil(t, unresolvedNode)
+
+	// Verify it's returned by AllUnresolvedNodes
+	unresolvedList := g.AllUnresolvedNodes()
+	assert.Len(t, unresolvedList, 1)
+	assert.Equal(t, unresolvedNode, unresolvedList[0])
+}
+
+func TestAllUnresolvedNodesDoesNotIncludeResolvedNodes(t *testing.T) {
+	g := NewPkgGraph()
+	assert.NotNil(t, g)
+
+	// Add an unresolved node
+	unresolvedNode, err := g.AddRemoteUnresolvedNode(&pkgjson.PackageVer{Name: "test-unresolved"})
+	assert.NoError(t, err)
+	assert.NotNil(t, unresolvedNode)
+
+	// Add a resolved node (should not be returned)
+	resolvedNode, err := g.AddPkgNode(&pkgjson.PackageVer{Name: "test-resolved"},
+		StateUpToDate, TypeLocalRun, NoSRPMPath, NoRPMPath, NoSpecPath,
+		NoSourceDir, NoArchitecture, NoSourceRepo)
+	assert.NoError(t, err)
+	assert.NotNil(t, resolvedNode)
+
+	// Only the unresolved node should be returned
+	unresolvedList := g.AllUnresolvedNodes()
+	assert.Len(t, unresolvedList, 1)
+	assert.Equal(t, unresolvedNode, unresolvedList[0])
+}
+
+func TestAllUnresolvedNodesReturnsMultipleNodes(t *testing.T) {
+	g := NewPkgGraph()
+	assert.NotNil(t, g)
+
+	// Add first unresolved node
+	unresolvedNode1, err := g.AddRemoteUnresolvedNode(&pkgjson.PackageVer{Name: "test-unresolved1"})
+	assert.NoError(t, err)
+	assert.NotNil(t, unresolvedNode1)
+
+	// Add second unresolved node
+	unresolvedNode2, err := g.AddRemoteUnresolvedNode(&pkgjson.PackageVer{Name: "test-unresolved2"})
+	assert.NoError(t, err)
+	assert.NotNil(t, unresolvedNode2)
+
+	// Both should be returned
+	unresolvedList := g.AllUnresolvedNodes()
+	assert.Len(t, unresolvedList, 2)
+	assert.Contains(t, unresolvedList, unresolvedNode1)
+	assert.Contains(t, unresolvedList, unresolvedNode2)
+}
+
+func TestAllUnresolvedNodesStateChange(t *testing.T) {
+	g := NewPkgGraph()
+	assert.NotNil(t, g)
+
+	// Add two unresolved nodes
+	unresolvedNode1, err := g.AddRemoteUnresolvedNode(&pkgjson.PackageVer{Name: "test-unresolved1"})
+	assert.NoError(t, err)
+	assert.NotNil(t, unresolvedNode1)
+
+	unresolvedNode2, err := g.AddRemoteUnresolvedNode(&pkgjson.PackageVer{Name: "test-unresolved2"})
+	assert.NoError(t, err)
+	assert.NotNil(t, unresolvedNode2)
+
+	// Initially both should be returned
+	unresolvedList := g.AllUnresolvedNodes()
+	assert.Len(t, unresolvedList, 2)
+
+	// Change state of one unresolved node
+	unresolvedNode1.State = StateBuild
+
+	// Now only one node should be returned
+	unresolvedList = g.AllUnresolvedNodes()
+	assert.Len(t, unresolvedList, 1)
+	assert.Equal(t, unresolvedNode2, unresolvedList[0])
+}
diff --git a/toolkit/tools/internal/retry/retry_test.go b/toolkit/tools/internal/retry/retry_test.go
index fb9d55a25c..7e29cb0ff0 100644
--- a/toolkit/tools/internal/retry/retry_test.go
+++ b/toolkit/tools/internal/retry/retry_test.go
@@ -154,11 +154,11 @@ func TestTotalRunTimeWithSuccess(t *testing.T) {
 func TestCancelsEarlyWithSignalImmediately(t *testing.T) {
 	tries := 3
 	base := 2.0
-	ctx, cancelFunc := context.WithCancel(context.Background())
+	ctx, closeCtx := context.WithCancel(context.Background())
 	startTime := time.Now()
 
 	// Send a signal immediately
-	cancelFunc()
+	closeCtx()
 
 	cancelled, err := RunWithExpBackoff(ctx, func() error {
 		return errTest
@@ -178,13 +178,13 @@ func TestCancelsEarlyWithSignalAfterDelay(t *testing.T) {
 	tries := 3
 	base := 2.0
 	cancelTime := defaultTestTime * 2
-	ctx, cancelFunc := context.WithCancel(context.Background())
+	ctx, closeCtx := context.WithCancel(context.Background())
 	startTime := time.Now()
 
 	// Send a signal after the first delay (wait for the first failure before cancelling)
 	go func() {
 		time.Sleep(cancelTime)
-		cancelFunc()
+		closeCtx()
 	}()
 
 	cancelled, err := RunWithExpBackoff(ctx, func() error {
diff --git a/toolkit/tools/licensecheck/licensecheck.go b/toolkit/tools/licensecheck/licensecheck.go
index b4a4ebd1a1..9a10ed5141 100644
--- a/toolkit/tools/licensecheck/licensecheck.go
+++ b/toolkit/tools/licensecheck/licensecheck.go
@@ -106,7 +106,7 @@ func printSummary(numFailures, numWarnings int) {
 Errors/warnings fall into three buckets:
 	1. 'bad %doc files': A %doc documentation file that the tool believes to be a license file.
 	2. 'bad general file': A file that is placed into '/usr/share/licenses/' that is not flagged as
-		a license file. These files should use %license instead of %doc. Ideally whey should also
+		a license file. These files should use %license instead of %doc. Ideally, they should also
 		not be placed in a directory manually. (e.g. prefer '%license COPYING' over
 		'%license %{_docdir}/%{name}/COPYING')
 	3. 'duplicated license files': A license file that is both a %license and a %doc file, pick one.")
diff --git a/toolkit/tools/pkg/licensecheck/licensecheck.go b/toolkit/tools/pkg/licensecheck/licensecheck.go
index a1b3c977d3..2321cee713 100644
--- a/toolkit/tools/pkg/licensecheck/licensecheck.go
+++ b/toolkit/tools/pkg/licensecheck/licensecheck.go
@@ -77,7 +77,7 @@ func New(buildDirPath, workerTarPath, rpmDirPath, nameFilePath, exceptionFilePat
 	err = newLicenseChecker.simpleToolChroot.InitializeChroot(buildDirPath, chrootName, workerTarPath, rpmDirPath)
 	if err != nil {
 		err = fmt.Errorf("failed to initialize chroot:\n%w", err)
-		return nil, err
+		return newLicenseChecker, err
 	}
 	defer func() {
 		if err != nil {
@@ -86,20 +86,22 @@ func New(buildDirPath, workerTarPath, rpmDirPath, nameFilePath, exceptionFilePat
 				// Append the cleanup error to the existing error
 				err = fmt.Errorf("%w\nfailed to cleanup after failing to create a new LicenseChecker:\n%w", err, cleanupErr)
 			}
+			// set newLicenseChecker to nil after chroot cleanup to avoid loss of reference
+			newLicenseChecker = nil
 		}
 	}()
 
 	newLicenseChecker.licenseNames, err = LoadLicenseNames(nameFilePath)
 	if err != nil {
 		err = fmt.Errorf("failed to load license names:\n%w", err)
-		return nil, err
+		return newLicenseChecker, err
 	}
 
 	if exceptionFilePath != "" {
 		newLicenseChecker.exceptions, err = LoadLicenseExceptions(exceptionFilePath)
 		if err != nil {
 			err = fmt.Errorf("failed to load license exceptions:\n%w", err)
-			return nil, err
+			return newLicenseChecker, err
 		}
 	}
 
diff --git a/toolkit/tools/pkg/licensecheck/licensecheck_test.go b/toolkit/tools/pkg/licensecheck/licensecheck_test.go
index 6700d35a5a..187c2fcd38 100644
--- a/toolkit/tools/pkg/licensecheck/licensecheck_test.go
+++ b/toolkit/tools/pkg/licensecheck/licensecheck_test.go
@@ -6,6 +6,7 @@ package licensecheck
 import (
 	"fmt"
 	"os"
+	"path/filepath"
 	"testing"
 
 	"github.com/microsoft/azurelinux/toolkit/tools/internal/logger"
@@ -283,3 +284,52 @@ func TestParseCheckResults(t *testing.T) {
 	assert.Equal(t, expectedBadOtherFiles, badOtherFiles)
 	assert.Equal(t, expectedDuplicatedDocs, duplicatedDocs)
 }
+
+func TestMalformedExceptionJson(t *testing.T) {
+	if os.Geteuid() != 0 {
+		t.Skip("Test must be run as root because it uses a chroot")
+	}
+
+	// create directory paths
+	workingDir, err := os.Getwd()
+	assert.NoError(t, err)
+	testDir := filepath.Join(workingDir, "testdata")
+	proposedDir := filepath.Join(workingDir, "_tmp_TestMalformedExceptionJson")
+
+	namesPath := filepath.Join(testDir, "test_license_names.json")
+	exceptionsPath := filepath.Join(testDir, "not_a_json.json")
+
+	// make a new license chcker
+	_, err = New(proposedDir, "", testDir, namesPath, exceptionsPath, "")
+
+	// check if correct errors are present
+	assert.NotEqual(t, nil, err)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "failed to load license exceptions:")
+	assert.Contains(t, err.Error(), "invalid character 'I' looking for beginning of value")
+}
+
+func TestMalformedNamesJson(t *testing.T) {
+	if os.Geteuid() != 0 {
+		t.Skip("Test must be run as root because it uses a chroot")
+	}
+
+	// create directory paths
+	workingDir, err := os.Getwd()
+	assert.NoError(t, err)
+
+	testDir := filepath.Join(workingDir, "testdata")
+	proposedDir := filepath.Join(workingDir, "_tmp_TestMalformedExceptionJson")
+	err = os.MkdirAll(proposedDir, os.ModePerm)
+	assert.NoError(t, err)
+
+	namesPath := filepath.Join(testDir, "not_a_json.json")
+
+	// make a new license chcker
+	_, err = New(proposedDir, "", testDir, namesPath, "", "")
+
+	assert.NotEqual(t, nil, err)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "failed to load license names:")
+	assert.Contains(t, err.Error(), "invalid character 'I' looking for beginning of value")
+}
diff --git a/toolkit/tools/pkg/licensecheck/testdata/not_a_json.json b/toolkit/tools/pkg/licensecheck/testdata/not_a_json.json
new file mode 100644
index 0000000000..dc96ae353e
--- /dev/null
+++ b/toolkit/tools/pkg/licensecheck/testdata/not_a_json.json
@@ -0,0 +1,4 @@
+I'm definitely not a json file :)
+{
+    "an_attribute": "Hello World!"
+}
\ No newline at end of file
diff --git a/toolkit/tools/pkg/specreaderutils/specreaderutil.go b/toolkit/tools/pkg/specreaderutils/specreaderutil.go
index 3f2bef1add..e843bd818c 100644
--- a/toolkit/tools/pkg/specreaderutils/specreaderutil.go
+++ b/toolkit/tools/pkg/specreaderutils/specreaderutil.go
@@ -225,8 +225,8 @@ func parseSPECs(specsDir, rpmsDir, srpmsDir, toolchainDir, distTag, arch string,
 
 	results := make(chan *parseResult, len(specFiles))
 	requests := make(chan string, len(specFiles))
-	ctx, cancelFunc := context.WithCancel(context.Background())
-	defer cancelFunc()
+	ctx, closeCtx := context.WithCancel(context.Background())
+	defer closeCtx()
 
 	// Start the workers now so they begin working as soon as a new job is buffered.
 	for i := 0; i < workers; i++ {
@@ -245,7 +245,7 @@ func parseSPECs(specsDir, rpmsDir, srpmsDir, toolchainDir, distTag, arch string,
 		parseResult := <-results
 		if parseResult.err != nil {
 			err = parseResult.err
-			cancelFunc()
+			closeCtx()
 			break
 		}
 		packageList = append(packageList, parseResult.packages...)
diff --git a/toolkit/tools/precacher/precacher.go b/toolkit/tools/precacher/precacher.go
index a36ba60c05..a9085993f6 100644
--- a/toolkit/tools/precacher/precacher.go
+++ b/toolkit/tools/precacher/precacher.go
@@ -166,34 +166,27 @@ func monitorProgress(total int, results chan downloadResult) (downloadedPackages
 	unavailable := 0
 	lastProgressUpdate := progressIncrement * -1
 
-	for done := false; !done; {
-		// Wait for a result from a worker, or the done channel to be closed (which means all workers are done)
-		result, ok := <-results
-		if !ok {
-			// All workers are done, finish this iteration of the loop and then return
-			done = true
-		} else {
-			switch result.resultType {
-			case downloadResultTypeSkipped:
-				logger.Log.Debugf("Skipping pre-caching '%s'. File already exists", result.pkgName)
-				skipped++
-			case downloadResultTypeSuccess:
-				logger.Log.Debugf("Pre-caching '%s' succeeded", result.pkgName)
-				downloadedPackages = append(downloadedPackages, result.pkgName)
-				downloaded++
-			case downloadResultTypeFailure:
-				logger.Log.Warnf("Failed to download: %s", result.pkgName)
-				failed++
-			case downloadResultTypeUnavailable:
-				logger.Log.Warnf("Could not find '%s' in any repos", result.pkgName)
-				unavailable++
-			}
+	for result := range results {
+		switch result.resultType {
+		case downloadResultTypeSkipped:
+			logger.Log.Debugf("Skipping pre-caching '%s'. File already exists", result.pkgName)
+			skipped++
+		case downloadResultTypeSuccess:
+			logger.Log.Debugf("Pre-caching '%s' succeeded", result.pkgName)
+			downloadedPackages = append(downloadedPackages, result.pkgName)
+			downloaded++
+		case downloadResultTypeFailure:
+			logger.Log.Warnf("Failed to download: %s", result.pkgName)
+			failed++
+		case downloadResultTypeUnavailable:
+			logger.Log.Warnf("Could not find '%s' in any repos", result.pkgName)
+			unavailable++
 		}
 
 		// Calculate the progress percentage and update the progress counter if needed (update every 'progressIncrement' percent)
 		completed := downloaded + skipped + failed + unavailable
 		progressPercent := (float64(completed) / float64(total)) * 100
-		if progressPercent > lastProgressUpdate+progressIncrement || done {
+		if progressPercent > lastProgressUpdate+progressIncrement {
 			logger.Log.Infof("Pre-caching: %3d%% ( downloaded: %4d, skipped: %4d, unavailable: %4d, failed: %4d )", int(progressPercent), downloaded, skipped, unavailable, failed)
 			lastProgressUpdate = progressPercent
 		}
diff --git a/toolkit/tools/scheduler/scheduler.go b/toolkit/tools/scheduler/scheduler.go
index 097b781fd3..327655caf9 100644
--- a/toolkit/tools/scheduler/scheduler.go
+++ b/toolkit/tools/scheduler/scheduler.go
@@ -4,6 +4,7 @@
 package main
 
 import (
+	"errors"
 	"fmt"
 	"os"
 	"os/signal"
@@ -225,7 +226,7 @@ func main() {
 
 	err = buildGraph(*inputGraphFile, *outputGraphFile, agent, licenseCheckerConfig, *workers, *buildAttempts, *checkAttempts, *extraLayers, *maxCascadingRebuilds, *stopOnFailure, !*noCache, finalPackagesToBuild, packagesToRebuild, packagesToIgnore, finalTestsToRun, testsToRerun, ignoredTests, toolchainPackages, *optimizeWithCachedImplicit, *allowToolchainRebuilds)
 	if err != nil {
-		logger.Log.Fatalf("Unable to build package graph.\nFor details see the build summary section above.\nError: %s.", err)
+		logger.Log.Fatalf("Unable to build package graph.\nFor details see the build summary section above and the build log '%s'.\nError: %s.", *logFlags.LogFile, err)
 	}
 
 	if *useCcache {
@@ -556,12 +557,30 @@ func buildAllNodes(stopOnFailure, canUseCache bool, packagesToRebuild, testsToRe
 	schedulerutils.RecordLicenseSummary(licenseChecker)
 	schedulerutils.PrintBuildSummary(builtGraph, graphMutex, buildState, allowToolchainRebuilds, licenseChecker)
 	schedulerutils.RecordBuildSummary(builtGraph, graphMutex, buildState, *outputCSVFile)
+
+	printErr := schedulerutils.PrintHiddenBuildBlockers(builtGraph, graphMutex, buildState, goalNode)
+	if printErr != nil {
+		logger.Log.Warnf("Failed to print hidden build blockers:\n%s", printErr)
+	}
+
+	err = errors.Join(err, performPostBuildChecks(allowToolchainRebuilds, buildState))
+
+	return
+}
+
+// performPostBuildChecks checks for any fatal post-build errors
+// and turns them into as a single error.
+func performPostBuildChecks(allowToolchainRebuilds bool, buildState *schedulerutils.GraphBuildState) (err error) {
 	if !allowToolchainRebuilds && (len(buildState.ConflictingRPMs()) > 0 || len(buildState.ConflictingSRPMs()) > 0) {
-		err = fmt.Errorf("toolchain packages rebuilt. See build summary for details. Use 'ALLOW_TOOLCHAIN_REBUILDS=y' to suppress this error if rebuilds were expected")
+		toolchainErr := fmt.Errorf("toolchain packages rebuilt. See build summary for details. Use 'ALLOW_TOOLCHAIN_REBUILDS=y' to suppress this error if rebuilds were expected")
+		err = errors.Join(err, toolchainErr)
 	}
+
 	if len(buildState.LicenseFailureSRPMs()) > 0 {
-		err = fmt.Errorf("license check failed for some packages. See build summary for details")
+		licenseErr := fmt.Errorf("license check failed for some packages. See build summary for details")
+		err = errors.Join(err, licenseErr)
 	}
+
 	return
 }
 
diff --git a/toolkit/tools/scheduler/schedulerutils/depsolver.go b/toolkit/tools/scheduler/schedulerutils/depsolver.go
index c9eb005688..522d9f548b 100644
--- a/toolkit/tools/scheduler/schedulerutils/depsolver.go
+++ b/toolkit/tools/scheduler/schedulerutils/depsolver.go
@@ -165,6 +165,35 @@ func findUnblockedNodesFromNode(pkgGraph *pkggraph.PkgGraph, buildState *GraphBu
 	}
 }
 
+// buildBlockedNodesGraph creates a subgraph of blocked nodes starting from the start node.
+// This is useful for debugging the build process.
+func buildBlockedNodesGraph(pkgGraph *pkggraph.PkgGraph, graphMutex *sync.RWMutex, buildState *GraphBuildState, startNode *pkggraph.PkgNode) *pkggraph.PkgGraph {
+	graphMutex.RLock()
+	defer graphMutex.RUnlock()
+
+	blockedGraph := pkggraph.NewPkgGraph()
+	search := traverse.BreadthFirst{}
+	search.Traverse = func(e graph.Edge) bool {
+		fromNode := e.From().(*pkggraph.PkgNode)
+		toNode := e.To().(*pkggraph.PkgNode)
+
+		// We're only interested in edges where both nodes are not marked as available.
+		// If only the 'toNode' is available, we can ignore the edge as it doesn't represent a block.
+		if buildState.IsNodeAvailable(fromNode) || buildState.IsNodeAvailable(toNode) {
+			return false
+		}
+
+		// Ignoring "SetEdge" panic as it only occurs when adding a self-loop.
+		// There are no such loops, since we're traversing an already valid graph.
+		blockedGraph.SetEdge(blockedGraph.NewEdge(fromNode, toNode))
+
+		return true
+	}
+	search.Walk(pkgGraph, startNode, nil)
+
+	return blockedGraph
+}
+
 // isNodeUnblocked returns true if all nodes required to build `node` are UpToDate and do not need to be built.
 func isNodeUnblocked(pkgGraph *pkggraph.PkgGraph, buildState *GraphBuildState, node *pkggraph.PkgNode) bool {
 	dependencies := pkgGraph.From(node.ID())
diff --git a/toolkit/tools/scheduler/schedulerutils/printresults.go b/toolkit/tools/scheduler/schedulerutils/printresults.go
index 61e77e2b90..0e8c2e0549 100644
--- a/toolkit/tools/scheduler/schedulerutils/printresults.go
+++ b/toolkit/tools/scheduler/schedulerutils/printresults.go
@@ -14,6 +14,7 @@ import (
 	"github.com/microsoft/azurelinux/toolkit/tools/internal/logger"
 	"github.com/microsoft/azurelinux/toolkit/tools/internal/pkggraph"
 	"github.com/microsoft/azurelinux/toolkit/tools/internal/sliceutils"
+	"github.com/sirupsen/logrus"
 
 	"github.com/fatih/color"
 )
@@ -124,6 +125,53 @@ func RecordBuildSummary(pkgGraph *pkggraph.PkgGraph, graphMutex *sync.RWMutex, b
 	}
 }
 
+// PrintHiddenBuildBlockers will list the nodes the goal node is blocked by but only
+// in the scenario where there are no:
+// - failed or blocked SRPM nodes,
+// - failed or blocked SRPM test nodes,
+// - unresolved dependencies, and
+// - (S)RPM conflicts with the toolchain.
+func PrintHiddenBuildBlockers(pkgGraph *pkggraph.PkgGraph, graphMutex *sync.RWMutex, buildState *GraphBuildState, goalNode *pkggraph.PkgNode) error {
+	graphMutex.RLock()
+	defer graphMutex.RUnlock()
+
+	srpmBuildData := getSRPMsState(pkgGraph, buildState)
+	srpmTestData := getSRPMsTestsState(pkgGraph, buildState)
+
+	unresolvedDependencies := getUnresolvedDependencies(pkgGraph)
+	rpmConflicts := buildState.ConflictingRPMs()
+	srpmConflicts := buildState.ConflictingSRPMs()
+
+	blockedNodesGraph := buildBlockedNodesGraph(pkgGraph, graphMutex, buildState, goalNode)
+
+	// Skip printing if either:
+	// - the goal node is not blocked or
+	// - there are obvious blockers, which would already be visible to the user.
+	if !blockedNodesGraph.HasNode(goalNode) ||
+		len(buildState.LicenseFailureSRPMs()) > 0 ||
+		len(rpmConflicts) > 0 ||
+		len(srpmBuildData.blockedSRPMs) > 0 ||
+		len(srpmBuildData.failedLicenseSRPMs) > 0 ||
+		len(srpmBuildData.failedSRPMs) > 0 ||
+		len(srpmConflicts) > 0 ||
+		len(srpmTestData.blockedSRPMsTests) > 0 ||
+		len(srpmTestData.failedSRPMsTests) > 0 ||
+		len(unresolvedDependencies) > 0 {
+		return nil
+	}
+
+	logger.Log.Errorf("Detected a blocked build despite no obvious failures.")
+	logger.Log.Errorf("Blocked nodes tree:")
+
+	graphPrinter := pkggraph.NewGraphPrinter(pkggraph.GraphPrinterLogOutput(logrus.ErrorLevel))
+	err := graphPrinter.Print(blockedNodesGraph, goalNode)
+	if err != nil {
+		return fmt.Errorf("failed to print the graph:\n%w", err)
+	}
+
+	return nil
+}
+
 // PrintBuildSummary prints the summary of the entire build to the logger.
 func PrintBuildSummary(pkgGraph *pkggraph.PkgGraph, graphMutex *sync.RWMutex, buildState *GraphBuildState, allowToolchainRebuilds bool, licenseChecker *PackageLicenseChecker) {
 	graphMutex.RLock()
@@ -132,7 +180,7 @@ func PrintBuildSummary(pkgGraph *pkggraph.PkgGraph, graphMutex *sync.RWMutex, bu
 	srpmBuildData := getSRPMsState(pkgGraph, buildState)
 	srpmTestData := getSRPMsTestsState(pkgGraph, buildState)
 
-	unresolvedDependencies := make(map[string]bool)
+	unresolvedDependencies := getUnresolvedDependencies(pkgGraph)
 	rpmConflicts := buildState.ConflictingRPMs()
 	srpmConflicts := buildState.ConflictingSRPMs()
 
@@ -141,12 +189,6 @@ func PrintBuildSummary(pkgGraph *pkggraph.PkgGraph, graphMutex *sync.RWMutex, bu
 		conflictsLogger = logger.Log.Infof
 	}
 
-	for _, node := range pkgGraph.AllRunNodes() {
-		if node.State == pkggraph.StateUnresolved {
-			unresolvedDependencies[node.VersionedPkg.String()] = true
-		}
-	}
-
 	printSummary(srpmBuildData, srpmTestData, unresolvedDependencies, rpmConflicts, srpmConflicts, allowToolchainRebuilds, conflictsLogger)
 
 	if len(srpmBuildData.prebuiltSRPMs) != 0 {
@@ -357,6 +399,14 @@ func getSRPMsTestsState(pkgGraph *pkggraph.PkgGraph, buildState *GraphBuildState
 	return
 }
 
+func getUnresolvedDependencies(pkgGraph *pkggraph.PkgGraph) map[string]bool {
+	unresolvedDependencies := make(map[string]bool)
+	for _, node := range pkgGraph.AllUnresolvedNodes() {
+		unresolvedDependencies[node.VersionedPkg.String()] = true
+	}
+	return unresolvedDependencies
+}
+
 func successfulPackagesCSVRows(unblockedPackages map[string]bool, state string, isTest bool) (csvRows [][]string) {
 	const emptyBlockers = ""
 
@@ -408,11 +458,11 @@ func printSummary(srpmBuildData srpmBuildDataContainer, srpmTestData srpmTestDat
 	logger.Log.Info("--------- Summary ---------")
 	logger.Log.Info("---------------------------")
 
-	logger.Log.Infof(color.GreenString(summaryLine("Number of prebuilt SRPMs:", len(srpmBuildData.prebuiltSRPMs))))
-	logger.Log.Infof(color.GreenString(summaryLine("Number of prebuilt delta SRPMs:", len(srpmBuildData.prebuiltDeltaSRPMs))))
-	logger.Log.Infof(color.GreenString(summaryLine("Number of skipped SRPMs tests:", len(srpmTestData.skippedSRPMsTests))))
-	logger.Log.Infof(color.GreenString(summaryLine("Number of built SRPMs:", len(srpmBuildData.builtSRPMs))))
-	logger.Log.Infof(color.GreenString(summaryLine("Number of passed SRPMs tests:", len(srpmTestData.passedSRPMsTests))))
+	logger.Log.Info(color.GreenString(summaryLine("Number of prebuilt SRPMs:", len(srpmBuildData.prebuiltSRPMs))))
+	logger.Log.Info(color.GreenString(summaryLine("Number of prebuilt delta SRPMs:", len(srpmBuildData.prebuiltDeltaSRPMs))))
+	logger.Log.Info(color.GreenString(summaryLine("Number of skipped SRPMs tests:", len(srpmTestData.skippedSRPMsTests))))
+	logger.Log.Info(color.GreenString(summaryLine("Number of built SRPMs:", len(srpmBuildData.builtSRPMs))))
+	logger.Log.Info(color.GreenString(summaryLine("Number of passed SRPMs tests:", len(srpmTestData.passedSRPMsTests))))
 	printErrorInfoByCondition(len(unresolvedDependencies) > 0, summaryLine("Number of unresolved dependencies:", len(unresolvedDependencies)))
 	printErrorInfoByCondition(len(srpmBuildData.blockedSRPMs) > 0, summaryLine("Number of blocked SRPMs:", len(srpmBuildData.blockedSRPMs)))
 	printErrorInfoByCondition(len(srpmTestData.blockedSRPMsTests) > 0, summaryLine("Number of blocked SRPMs tests:", len(srpmTestData.blockedSRPMsTests)))
@@ -432,9 +482,9 @@ func printSummary(srpmBuildData srpmBuildDataContainer, srpmTestData srpmTestDat
 // If the condition is true, it prints an error level log and an info level one otherwise.
 func printErrorInfoByCondition(condition bool, format string, arg ...any) {
 	if condition {
-		logger.Log.Errorf(color.RedString(format, arg...))
+		logger.Log.Error(color.RedString(format, arg...))
 	} else {
-		logger.Log.Infof(color.GreenString(format, arg...))
+		logger.Log.Info(color.GreenString(format, arg...))
 	}
 }
 
@@ -442,9 +492,9 @@ func printErrorInfoByCondition(condition bool, format string, arg ...any) {
 // If the condition is true, it prints a warning level log and an info level one otherwise.
 func printWarningInfoByCondition(condition bool, format string, arg ...any) {
 	if condition {
-		logger.Log.Warnf(color.YellowString(format, arg...))
+		logger.Log.Warn(color.YellowString(format, arg...))
 	} else {
-		logger.Log.Infof(color.GreenString(format, arg...))
+		logger.Log.Info(color.GreenString(format, arg...))
 	}
 }
 
diff --git a/toolkit/tools/srpmpacker/srpmpacker.go b/toolkit/tools/srpmpacker/srpmpacker.go
index 59b3c17afa..6c85cf3a20 100644
--- a/toolkit/tools/srpmpacker/srpmpacker.go
+++ b/toolkit/tools/srpmpacker/srpmpacker.go
@@ -366,8 +366,8 @@ func calculateSPECsToRepack(specFiles []string, distTag, outDir string, nestedSo
 
 	requests := make(chan string, len(specFiles))
 	results := make(chan *specState, len(specFiles))
-	ctx, cancelFunc := context.WithCancel(context.Background())
-	defer cancelFunc()
+	ctx, closeCtX := context.WithCancel(context.Background())
+	defer closeCtX()
 
 	logger.Log.Infof("Calculating SPECs to repack")
 
@@ -400,15 +400,14 @@ func calculateSPECsToRepack(specFiles []string, distTag, outDir string, nestedSo
 	// Currently all functions that employ workers pool of size `workers` are serialized,
 	// resulting in `workers` being the upper capacity at any given time.
 	totalToRepack := 0
-	states = make([]*specState, len(specFiles))
 	for i := 0; i < len(specFiles); i++ {
 		result := <-results
-		states[i] = result
+		states = append(states, result)
 
 		if result.err != nil {
 			logger.Log.Errorf("Failed to check (%s). Error: %s", result.specFile, result.err)
 			err = result.err
-			cancelFunc()
+			closeCtX()
 			break
 		}
 
@@ -544,8 +543,8 @@ func packSRPMs(specStates []*specState, distTag, buildDir string, templateSrcCon
 	allSpecStates := make(chan *specState, len(specStates))
 	results := make(chan *packResult, len(specStates))
 	netOpsSemaphore := make(chan struct{}, concurrentNetOps)
-	ctx, cancelFunc := context.WithCancel(context.Background())
-	defer cancelFunc()
+	ctx, closeCtx := context.WithCancel(context.Background())
+	defer closeCtx()
 
 	// Start the workers now so they begin working as soon as a new job is buffered.
 	for i := 0; uint(i) < workers; i++ {
@@ -566,7 +565,7 @@ func packSRPMs(specStates []*specState, distTag, buildDir string, templateSrcCon
 		if result.err != nil {
 			logger.Log.Errorf("Failed to pack (%s). Cancelling outstanding workers. Error: %s", result.specFile, result.err)
 			err = result.err
-			cancelFunc()
+			closeCtx()
 			break
 		}