Skip to content

Sandbox/rdutta/3.0/update 3.0.20250521 3.0 v2#256

Closed
ranjan-dutta wants to merge 282 commits into3.0-devfrom
sandbox/rdutta/3.0/update-3.0.20250521-3.0-v2
Closed

Sandbox/rdutta/3.0/update 3.0.20250521 3.0 v2#256
ranjan-dutta wants to merge 282 commits into3.0-devfrom
sandbox/rdutta/3.0/update-3.0.20250521-3.0-v2

Conversation

@ranjan-dutta
Copy link
Copy Markdown
Contributor

@ranjan-dutta ranjan-dutta commented Jun 26, 2025

Merge Checklist

All boxes should be checked before merging the PR

  • [] The changes in the PR have been built and tested
  • [] cgmanifest file has been updated if required
  • [] Ready to merge

Description

This is to update to AZL tag 3.0.20250521-3.0

Any Newly Introduced Dependencies

How Has This Been Tested?

jykanase and others added 30 commits April 11, 2025 12:59
@jykanase
libblockdev: Version update to 3.2.0 (#10962)
517a68a
@v-smalavathu
hyphen-it: Update Version from 0.20071127 -> 5.1.1 (#10957)
55b0aa9
@jykanase
Upgrade: os-prober version to 1.81 (#11494)
448cb19
@Kanishk-Bansal
[3.0] Fix Patch Application for skopeo (#13340)
f33d943
@Kanishk-Bansal
[3.0] Fix Patch Application for nvidia-container-toolkit (#13345)
9efb56d
@tobiasb-ms
flux warnings (#13385)
4b7b5be
@bhagyapathak
Fix to include idmapd.conf and id_resolver.conf in nfs-utils for 3.0 …
840cde4 
…(#13249)
@jykanase
[Medium] patch dwarves for CVE-2025-29481 (#13384)
dea7b3a
@jykanase
[Medium] Patch libbpf for CVE-2025-29481 (#13382)
d6f51a5
@Camelron
[3.0] Introduce debug and metapackage and reduce size of non-debug me…
5e37eeb 
…tapackage (#12298)
@ddstreet
extended repo LVBS kernel (#12064)
a7a419d 
This is early work to build a kernel in the extended repo that includes LVBS support.
@CBL-Mariner-Bot @archana25-ms
[AUTO-CHERRYPICK] [MEDIUM] Patch numpy to fix CVE-2018-1999024 - bran…
fe43366 
…ch 3.0-dev (#13365)

Co-authored-by: Archana Shettigar <v-shettigara@microsoft.com>
@CBL-Mariner-Bot @jykanase
[AUTO-CHERRYPICK] [Medium] Patch dietlibc for CVE-2015-1473 - branch …
ff1447f 
…3.0-dev (#13366)

Co-authored-by: jykanase <v-jykanase@microsoft.com>
@CBL-Mariner-Bot @Ankita13-code
[AUTO-CHERRYPICK] Patch gnutls for CVE-2024-12133 [Medium] - branch 3…
4541f4a 
….0-dev (#13367)

Co-authored-by: Ankita Pareek <56152556+Ankita13-code@users.noreply.github.com>
@CBL-Mariner-Bot @v-smalavathu
[AUTO-CHERRYPICK] [Medium] Patch vitess for CVE-2025-22870 - branch 3…
1050cd8 
….0-dev (#13368)

Co-authored-by: Sreenivasulu Malavathula (HCL Technologies Ltd) <v-smalavathu@microsoft.com>
@CBL-Mariner-Bot @Kanishk-Bansal
[AUTO-CHERRYPICK] Patch ceph for CVE-2021-28361 [High] - branch 3.0…
1b8b37e 
…-dev (#13369)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@CBL-Mariner-Bot @kevin-b-lockwood
[AUTO-CHERRYPICK] [Low] Patch subversion for CVE-2024-46901 - branch …
d9ccd92 
…3.0-dev (#13370)

Co-authored-by: Kevin Lockwood <57274670+kevin-b-lockwood@users.noreply.github.com>
@CBL-Mariner-Bot @jykanase
[AUTO-CHERRYPICK] [Medium] patch memcached for CVE-2021-44647 - branc…
540b2d2 
…h 3.0-dev (#13371)

Co-authored-by: jykanase <v-jykanase@microsoft.com>
@CBL-Mariner-Bot @xordux
[AUTO-CHERRYPICK] Patch prometheus-node-exporter for CVE-2025-22870 […
fbfacda 
…Medium] - branch 3.0-dev (#13372)

Co-authored-by: Rohit Rawat <rohitrawat@microsoft.com>
@CBL-Mariner-Bot @kgodara912
[AUTO-CHERRYPICK] Patch expat for CVE-2024-8176 [HIGH] - branch 3.0-d…
8fa8595 
…ev (#13373)

Co-authored-by: kgodara912 <kshigodara@outlook.com>
@CBL-Mariner-Bot @Sumynwa
[AUTO-CHERRYPICK] Upgrade libssh2 to 1.11.1 for CVE-2023-48795 [Mediu…
8fd0d89 
…m] - branch 3.0-dev (#13374)

Co-authored-by: Sumedh Alok Sharma <sumsharma@microsoft.com>
@CBL-Mariner-Bot @Kanishk-Bansal
[AUTO-CHERRYPICK] Patch blobfuse2 for CVE-2025-30204 [High] - branc…
3fd4c10 
…h 3.0-dev (#13375)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@CBL-Mariner-Bot @Kanishk-Bansal
[AUTO-CHERRYPICK] Upgrade mysql to 8.0.41 for CVE-2025-21490 & CVE-…
91dd93a 
…2024-11053 [High] - branch 3.0-dev (#13376)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@CBL-Mariner-Bot @Ankita13-code
[AUTO-CHERRYPICK] Patch fluent-bit for CVE-2025-31498 [High] - bran…
8611275 
…ch 3.0-dev (#13389)

Co-authored-by: Ankita Pareek <56152556+Ankita13-code@users.noreply.github.com>
@CBL-Mariner-Bot @xordux
[AUTO-CHERRYPICK] Patch git-lfs for CVE-2025-22870 [Medium] - branch …
ba1ccd5 
…3.0-dev (#13390)

Co-authored-by: Rohit Rawat <rohitrawat@microsoft.com>
@CBL-Mariner-Bot @xordux
[AUTO-CHERRYPICK] Patch prometheus-process-exporter for CVE-2025-22870
a09e742 
…[Medium] - branch 3.0-dev (#13391)

Co-authored-by: Rohit Rawat <rohitrawat@microsoft.com>
@CBL-Mariner-Bot @jykanase
[AUTO-CHERRYPICK] [Low] patch clang for CVE-2024-7883 - branch 3.0-de…
b397f4c 
…v (#13392)

Co-authored-by: jykanase <v-jykanase@microsoft.com>
@CBL-Mariner-Bot @Ankita13-code
[AUTO-CHERRYPICK] Patch rabbitmq-server for CVE-2025-30219 [Medium] -…
c045460 
… branch 3.0-dev (#13393)

Co-authored-by: Ankita Pareek <56152556+Ankita13-code@users.noreply.github.com>
@CBL-Mariner-Bot @Kanishk-Bansal
[AUTO-CHERRYPICK] Patch wpa_supplicant for CVE-2025-24912 [Low] - bra…
b43cf80 
…nch 3.0-dev (#13394)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@CBL-Mariner-Bot @kgodara912
[AUTO-CHERRYPICK] Patch augeas for CVE-2025-2588 [MEDIUM] - branch 3.…
c08a8b7 
…0-dev (#13395)

Co-authored-by: kgodara912 <kshigodara@outlook.com>
PawelWMS and others added 23 commits May 15, 2025 13:06
@PawelWMS
Merge 3.0-dev for May 2025 2 release
02ceb98
@PawelWMS
Extended build failure logging (#13705)
8a67fc4
@PawelWMS
Latest 3.0-dec update.
28f87c2
@jslobodzian
Merge 3.0-dev for May 2025 2 release (#13809)
cab4240
@aninda-al
Upgrade kyotocabinet to version 1.2.80 (#10802)
469ae7b
@aninda-al
Updated lua-json to version 1.3.4 (#11179)
293fd84
@anphel31
[3.0] bmake: move tests to check section (#13815)
10abee5
@sidchintamaneni @rlmenge
kernel-64k: enabling config options required for GB200 and GB200F dia…
13bf13b 
…gs (#13674)

Updated the config options in config_aarch64 as per nvidia's recently published patch guide. The config options are related to GB200 and GB200F helps h/w team to run the diagnostics.

Made modification to config_aarch64 based on nvidia's recommendation.
nvidia patch guide: https://docs.nvidia.com/grace-patch-config-guide.pdf

Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
@jykanase
[Medium] patch rpm-ostree for CVE-2024-2905 (#13818)
837e7d7
@v-smalavathu
[Medium] Patch iniparser for CVE-2023-33461 (#13804)
d944fbb 
Signed-off-by: Sreenivasulu Malavathula <v-smalavathu@microsoft.com>
@akhila-guruju
[Medium] Patch yasm for CVE-2023-51258 and CVE-2023-37732 (#13792)
98835ba
@sandeepkarambelkar
Patch docker-buildx for CVE-2025-0495 [Medium] (#13768)
91ef9b2
@sidchintamaneni @rlmenge
kernel-64k: Added a new patch to solve EFI slack slots issue (#13783)
e19b003 
Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
@PawelWMS
Revert "Merge 3.0-dev for May 2025 2 release" (#13833)
dc78d7c
@PawelWMS @anphel31
Prepare May 2025 Update 2 (#13808)
4754737
@sidchintamaneni @rlmenge @anphel31
kernel-64k: enabling config options required for GB200 and GB200F dia…
2251bb6 
…gs (#13674)

Updated the config options in config_aarch64 as per nvidia's recently published patch guide. The config options are related to GB200 and GB200F helps h/w team to run the diagnostics.

Made modification to config_aarch64 based on nvidia's recommendation.
nvidia patch guide: https://docs.nvidia.com/grace-patch-config-guide.pdf

Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
@sidchintamaneni @rlmenge @anphel31
kernel-64k: Added a new patch to solve EFI slack slots issue (#13783)
696dc13 
Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
@jslobodzian
Anphel/3 mid may 2025 update b (#13839)
1de4113
@anphel31
Revert "Anphel/3 mid may 2025 update b" (#13846)
8fd0667
@anphel31
Revert "Revert "Merge 3.0-dev for May 2025 2 release"" (#13847)
da84812
@jslobodzian
Sync 3.0-dev to 3.0 as of e19b003 (#13848)
3d04526
@PawelWMS
Fixed reporting of build errors (CP: #13889) (#13897)
3cd11c5
@ranjan-dutta
Merge tag '3.0.20250521-3.0' into 3.0-dev
4003f01 
* tag '3.0.20250521-3.0': (271 commits)
  Fixed reporting of build errors (CP: #13889) (#13897)
  Revert "Revert "Merge 3.0-dev for May 2025 2 release"" (#13847)
  Revert "Anphel/3 mid may 2025 update b" (#13846)
  kernel-64k: Added a new patch to solve EFI slack slots issue (#13783)
  kernel-64k: enabling config options required for GB200 and GB200F diags (#13674)
  Prepare May 2025 Update 2 (#13808)
  Revert "Merge 3.0-dev for May 2025 2 release" (#13833)
  kernel-64k: Added a new patch to solve EFI slack slots issue (#13783)
  Patch docker-buildx for CVE-2025-0495 [Medium] (#13768)
  [Medium] Patch yasm for CVE-2023-51258 and CVE-2023-37732 (#13792)
  [Medium] Patch iniparser for CVE-2023-33461 (#13804)
  [Medium] patch rpm-ostree for CVE-2024-2905 (#13818)
  kernel-64k: enabling config options required for GB200 and GB200F diags (#13674)
  [3.0] bmake: move tests to check section (#13815)
  Updated lua-json to version 1.3.4 (#11179)
  Upgrade kyotocabinet to version 1.2.80 (#10802)
  Extended build failure logging (#13705)
  Prepare May 2025 Update 2 (#13808)
  dom0 packages: Update to dom0 release v2411.19.1 (#13648)
  [AUTO-CHERRYPICK] Upgrade SymCrypt-OpenSSL to 1.8.1 - branch 3.0-dev (#13805)
  ...
@ranjan-dutta ranjan-dutta requested a review from a team as a code owner June 26, 2025 02:59
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 26, 2025
View reviewed changes
.github/workflows/check-srpm-duplicates.yml
Comment on lines +26 to +29
- name: Workflow trigger checkout
uses: actions/checkout@v4

# For consistency, we use the same major/minor version of Python that Azure Linux ships

Check warning

Code scanning / zizmor

does not set persist-credentials: false Warning

does not set persist-credentials: false
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 26, 2025
View reviewed changes
.github/workflows/check-srpm-duplicates.yml
Comment on lines +16 to +48
name: SRPMs duplicates check
runs-on: ubuntu-latest
strategy:
matrix:
# Each group is published to a different repo, thus we only need to check
# for SRPM duplicates within the group.
specs-dirs-groups: ["SPECS SPECS-SIGNED", "SPECS-EXTENDED"]

steps:
# Checkout the branch of our repo that triggered this action
- name: Workflow trigger checkout
uses: actions/checkout@v4

# For consistency, we use the same major/minor version of Python that Azure Linux ships
- name: Setup Python 3.12
uses: actions/setup-python@v5
with:
python-version: 3.12

# Generate the specs.json files. They are the input for the duplicates check script.
- name: Generate specs.json
run: |
set -euo pipefail

for spec_folder in ${{ matrix.specs-dirs-groups }}; do
echo "Generating specs.json for spec folder '$spec_folder'."

sudo make -C toolkit -j$(nproc) parse-specs REBUILD_TOOLS=y DAILY_BUILD_ID=lkg SPECS_DIR=../$spec_folder
cp -v build/pkg_artifacts/specs.json ${spec_folder}_specs.json
done

- name: Check for duplicate SRPMs
run: python3 toolkit/scripts/check_srpm_duplicates.py *_specs.json

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 10 months ago

To fix the issue, we will add a permissions block at the root of the workflow file. This block will explicitly define the minimal permissions required for the workflow to function. Based on the workflow's steps, it primarily reads repository contents and does not perform any write operations. Therefore, we will set contents: read as the permission.

Suggested changeset 1
.github/workflows/check-srpm-duplicates.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/check-srpm-duplicates.yml b/.github/workflows/check-srpm-duplicates.yml
--- a/.github/workflows/check-srpm-duplicates.yml
+++ b/.github/workflows/check-srpm-duplicates.yml
@@ -6,2 +6,4 @@
 name: SRPMs duplicates check
+permissions:
+  contents: read
 
EOF
@@ -6,2 +6,4 @@
name: SRPMs duplicates check
permissions:
contents: read

Copilot is powered by AI and may make mistakes. Always verify output.
@cheeyanglee
fluent-bit/libbpf: amend changelog
092c0b8 
amend verison and change changelog time.

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
@cheeyanglee
cgmanifest: remove dropped component
ec60569 
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
@anujm1 anujm1 closed this Jul 21, 2025
@anujm1 anujm1 deleted the sandbox/rdutta/3.0/update-3.0.20250521-3.0-v2 branch August 28, 2025 11:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.