Skip to content

Sandbox/rdutta/3.0/update 3.0.20250423 3.0 v1 #75

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ranjan-dutta wants to merge 7,226 commits into from
Closed

Sandbox/rdutta/3.0/update 3.0.20250423 3.0 v1 #75

ranjan-dutta wants to merge 7,226 commits into from

Conversation

@ranjan-dutta
Copy link
Contributor

@ranjan-dutta ranjan-dutta commented Apr 30, 2025

Merge Checklist

All boxes should be checked before merging the PR

  • [] The changes in the PR have been built and tested
  • [] cgmanifest file has been updated if required
  • [] Ready to merge

Description

Any Newly Introduced Dependencies

How Has This Been Tested?

v-smalavathu and others added 30 commits March 2, 2025 20:07
@v-smalavathu
libthai: Update Version from 0.1.28 -> 0.1.29 (#11064)
c11f579
@SumitJenaHCL
Upgrade: libsmbios version to 2.4.3 (#11057)
dc3b671
@SumitJenaHCL
Upgrade: libsigsegv version to 2.14 (#11056)
5ceb2bf
@SumitJenaHCL
Upgrade: libsigc++20 version to 2.12.1 (#11046)
0abef50
@SumitJenaHCL
Upgrade: librabbitmq version to 0.14.0 (#11018)
89692b6
@SumitJenaHCL
Upgrade: libsass version to 3.6.6 (#11023)
315b6c7
@SumitJenaHCL
Upgrade: intel-cmt-cat version to 24.05 (#11001)
8c92369
@v-smalavathu
libteam: Upgrade Version from 1.30 -> 1.32 (#11040)
48b5aec
@SumitJenaHCL
Upgrade: libqb version to 2.0.8 (#11017)
3f21f28
@jykanase
libbsd :update version to 0.12.2 (#10953)
e0f0f2c
@kevin-b-lockwood
Update libipt to 2.1.1-1 (#10939)
9038469
@SumitJenaHCL
Upgrade: libpinyin version to 2.9.92 (#11014)
ccf0294
@SumitJenaHCL
Upgrade: indent version to 2.2.13 (#11000)
5b8e197
@SumitJenaHCL
Upgrade: efi-rpm-macros version to 5 (#10928)
9b95278
@kevin-b-lockwood
Upgrade libplist to 2.6.0 (#10884)
5ed4959
@kevin-b-lockwood
Upgrade hdf to 4.3.0 (#10864)
87b05a4
@SumitJenaHCL
Upgrade: edac-utils version to 0.18 (#10860)
15233b5
@jykanase
fetchmail: Update to version 6.4.39 (#10856)
6621bff
@SumitJenaHCL
Upgrade: drpm version to 0.5.2 (#10847)
3a6f8d4
@v-smalavathu
discount: Update Version from 2.2.4 -> 2.2.7 (#10844)
69a4c93
@SumitJenaHCL
Upgrade: dropwatch version to 1.5.4 (#10842)
a0f3668
@jykanase
exiv2: Update to version 0.28.3 (#10820)
0e06c52
@kevin-b-lockwood
Upgrade gssntlmssp to 1.3.1-1 (#10791)
9b598d3
@kevin-b-lockwood
Upgrade gssdp to 1.6.3 (#10790)
0167500
@durgajagadeesh
libid3tag: Update to 0.16.3 (#10843)
a8cebac 
Co-authored-by: dj_palli <[email protected]>
@kevin-b-lockwood
Upgrade graphene to 1.10.8-1 (#10779)
32047b8
@kevin-b-lockwood
Upgrade libgphoto2 to latest upstream (#10775)
5f0ac64
@SumitJenaHCL
Upgrade: dotconf version to 1.4.1 (#10752)
787ecdd
@jykanase
Upgrade SuperLU version to 7.0.0 (#10744)
f07579d
@durgajagadeesh
advancecomp: Upgraded to 2.6 version (#10697)
3400f1e 
Co-authored-by: dj_palli <[email protected]>
CBL-Mariner-Bot and others added 18 commits March 31, 2025 15:05
@CBL-Mariner-Bot @Kanishk-Bansal
[AUTO-CHERRYPICK] Patch application-gateway-kubernetes-ingress for C…
52b3ad9 
…VE-2025-30204 [High] - branch 3.0-dev (#13230)

Co-authored-by: Kanishk Bansal <[email protected]>
@CBL-Mariner-Bot @Kanishk-Bansal
[AUTO-CHERRYPICK] Patch coredns for CVE-2025-30204 [High] - branch …
fcd062f 
…3.0-dev (#13231)

Co-authored-by: Kanishk Bansal <[email protected]>
@CBL-Mariner-Bot @Kanishk-Bansal
[AUTO-CHERRYPICK] Patch kubernetes for CVE-2025-30204 [High] - bran…
9a5b1e5 
…ch 3.0-dev (#13232)

Co-authored-by: Kanishk Bansal <[email protected]>
@CBL-Mariner-Bot @Kanishk-Bansal
[AUTO-CHERRYPICK] Patch flannel for CVE-2025-30204 [High] - branch …
f7c2947 
…3.0-dev (#13234)

Co-authored-by: Kanishk Bansal <[email protected]>
@CBL-Mariner-Bot @Kanishk-Bansal
[AUTO-CHERRYPICK] Patch keda for CVE-2025-30204, CVE-2025-29923 [Hi…
4d50670 
…gh] - branch 3.0-dev (#13235)

Co-authored-by: Kanishk Bansal <[email protected]>
@CBL-Mariner-Bot @Kanishk-Bansal
[AUTO-CHERRYPICK] Patch telegraf for CVE-2025-30204 [High] - branch…
e467606 
… 3.0-dev (#13236)

Co-authored-by: Kanishk Bansal <[email protected]>
@CBL-Mariner-Bot @Kanishk-Bansal
[AUTO-CHERRYPICK] Upgrade libreswan to 4.15 for CVE-2024-3652, CVE-…
a54213c 
…2024-2357, CVE-2023-30570 [High] - branch 3.0-dev (#13238)

Co-authored-by: Kanishk Bansal <[email protected]>
@CBL-Mariner-Bot @Kanishk-Bansal
[AUTO-CHERRYPICK] Patch pytorch for CVE-2021-22569, CVE-2024-7776 […
7282abd 
…High] - branch 3.0-dev (#13239)

Co-authored-by: Kanishk Bansal <[email protected]>
@CBL-Mariner-Bot
[AUTOPATCHER-CORE] Upgrade tzdata to 2025a upgrade to version 2025a (…
861fba8 
…#11994)
@CBL-Mariner-Bot
Prepare April 2025 Update (#13244)
64aa7ec
@CBL-Mariner-Bot @sindhu-karri
[AUTO-CHERRYPICK] Upgrade libxslt to fix CVE-2024-55549 and CVE-2025-…
2c7db7b 
…24855 [High] - branch 3.0-dev (#13243)

Co-authored-by: sindhu-karri <[email protected]>
@CBL-Mariner-Bot @Kanishk-Bansal @jslobodzian
[AUTO-CHERRYPICK] Patch prometheus for CVE-2025-30204 [High] - bran…
fb8d13a 
…ch 3.0-dev (#13233)

Co-authored-by: Kanishk Bansal <[email protected]>
Co-authored-by: jslobodzian <[email protected]>
@manuelh-dev @CBL-Mariner-Bot
kata(-cc): upgrade kata-containers(-cc) to 3.2.0.azl5 (#13246)
4524ea4 
- Prevent hanging when ReadStreamRequest is blocked by policy
- Have the agent reformat CreateContainer requests in order to improve policy validation
- Fix for GHSA-qppj-fm5r-hxr3

Co-authored-by: CBL-Mariner Servicing Account <[email protected]>
@CBL-Mariner-Bot
[AUTOPATCHER-CORE] Bugfix: 56213770, 56248605, upgrade cifs-utils to …
666e1f1 
…7.3 (#13116)
@rikenm1 @CBL-Mariner-Bot
Update Conda to 24.3.0 and bring missing runtime deps (#12648)
edf199a 
Co-authored-by: CBL-Mariner Servicing Account <[email protected]>
@jslobodzian
Merge branch '3.0-dev' into joslobo/merge-for-april-update
0f6561e
@jslobodzian
Merge to 3.0 for April 2025 Update (#13256)
39cc18a
@ranjan-dutta
Merge tag '3.0.20250423-3.0' into 3.0-dev
7e5c061 
build tag "3.0.20250423-3.0"

# By CBL-Mariner-Bot (631) and others
# Via GitHub (214) and others
* tag '3.0.20250423-3.0': (6844 commits)
  Update Conda to 24.3.0  and bring missing runtime deps (#12648)
  [AUTOPATCHER-CORE] Bugfix: 56213770, 56248605, upgrade cifs-utils to 7.3  (#13116)
  kata(-cc): upgrade kata-containers(-cc) to 3.2.0.azl5 (#13246)
  [AUTO-CHERRYPICK] Patch `prometheus` for CVE-2025-30204 [High] - branch 3.0-dev (#13233)
  [AUTO-CHERRYPICK] Upgrade libxslt to fix CVE-2024-55549 and CVE-2025-24855 [High] - branch 3.0-dev (#13243)
  Prepare April 2025 Update (#13244)
  [AUTOPATCHER-CORE] Upgrade tzdata to 2025a upgrade to version 2025a (#11994)
  [AUTO-CHERRYPICK] Patch `pytorch` for CVE-2021-22569, CVE-2024-7776 [High] - branch 3.0-dev (#13239)
  [AUTO-CHERRYPICK] Upgrade `libreswan` to 4.15 for CVE-2024-3652, CVE-2024-2357, CVE-2023-30570 [High] - branch 3.0-dev (#13238)
  [AUTO-CHERRYPICK] Patch `telegraf` for CVE-2025-30204 [High] - branch 3.0-dev (#13236)
  [AUTO-CHERRYPICK] Patch `keda` for CVE-2025-30204, CVE-2025-29923 [High] - branch 3.0-dev (#13235)
  [AUTO-CHERRYPICK] Patch `flannel` for CVE-2025-30204 [High] - branch 3.0-dev (#13234)
  [AUTO-CHERRYPICK] Patch `kubernetes` for CVE-2025-30204 [High] - branch 3.0-dev (#13232)
  [AUTO-CHERRYPICK] Patch `coredns` for CVE-2025-30204 [High] - branch 3.0-dev (#13231)
  [AUTO-CHERRYPICK] Patch `application-gateway-kubernetes-ingress` for CVE-2025-30204 [High] - branch 3.0-dev (#13230)
  [AUTO-CHERRYPICK] Patch `packer` for CVE-2025-30204 [High] - branch 3.0-dev (#13229)
  [AUTO-CHERRYPICK] Patch cert-manager for CVE-2025-30204 [High] - branch 3.0-dev (#13228)
  [AUTO-CHERRYPICK] Patch `azcopy` for CVE-2025-30204 [High] - branch 3.0-dev (#13227)
  [AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade mariadb to 10.11.11 for CVE-2025-21490 - branch 3.0-dev (#13226)
  [AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade libdwarf to 0.9.2 for CVE-2024-2002 [High] - branch 3.0-dev (#13225)
  ...

# Conflicts:
#	.gitattributes
#	.github/CODEOWNERS
#	.github/workflows/azurelinux-spec-cleaner.patch
#	.github/workflows/check-circular-deps.yml
#	.github/workflows/check-entangled-specs.yml
#	.github/workflows/check-license-map.yml
#	.github/workflows/check-manifests.yml
#	.github/workflows/check-package-cgmanifest.yml
#	.github/workflows/check-source-signatures.yml
#	.github/workflows/check-spec.yml
#	.github/workflows/check-static-glibc.yml
#	.github/workflows/go-test-coverage.yml
#	.github/workflows/lint-specs.yml
#	.github/workflows/merge-conflict-check.yml
#	.github/workflows/validate-cg-manifest.sh
#	.gitignore
#	CODE_OF_CONDUCT.md
#	LICENSE
#	LICENSES-AND-NOTICES/LICENSE.md
#	LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
#	LICENSES-AND-NOTICES/SPECS/data/licenses.json
#	README.md
#	SECURITY.md
#	SPECS-EXTENDED/flite/flite.signatures.json
#	SPECS-EXTENDED/flite/flite.spec
#	SPECS-EXTENDED/glassfish-annotation-api/glassfish-annotation-api-build.xml
#	SPECS-EXTENDED/glassfish-annotation-api/glassfish-annotation-api.signatures.json
#	SPECS-EXTENDED/glassfish-annotation-api/glassfish-annotation-api.spec
#	SPECS-EXTENDED/kde-filesystem/kde-filesystem.signatures.json
#	SPECS-EXTENDED/kde-filesystem/kde-filesystem.spec
#	SPECS-EXTENDED/kde-filesystem/teamnames
#	SPECS-EXTENDED/libcdio-paranoia/libcdio-paranoia.signatures.json
#	SPECS-EXTENDED/libcdio-paranoia/libcdio-paranoia.spec
#	SPECS-EXTENDED/libcdio/libcdio.signatures.json
#	SPECS-EXTENDED/libcdio/libcdio.spec
#	SPECS-EXTENDED/libcdr/libcdr.signatures.json
#	SPECS-EXTENDED/libcdr/libcdr.spec
#	SPECS-EXTENDED/libdazzle/libdazzle.signatures.json
#	SPECS-EXTENDED/libdazzle/libdazzle.spec
#	SPECS-EXTENDED/libdc1394/libdc1394.signatures.json
#	SPECS-EXTENDED/libdc1394/libdc1394.spec
#	SPECS-EXTENDED/libdvdnav/libdvdnav.signatures.json
#	SPECS-EXTENDED/libdvdnav/libdvdnav.spec
#	SPECS-EXTENDED/libsecret/libsecret.signatures.json
#	SPECS-EXTENDED/libsecret/libsecret.spec
#	SPECS-EXTENDED/memkind/memkind.signatures.json
#	SPECS-EXTENDED/memkind/memkind.spec
#	SPECS-EXTENDED/ocaml-curses/ocaml-curses.signatures.json
#	SPECS-EXTENDED/ocaml-curses/ocaml-curses.spec
#	SPECS-EXTENDED/ocaml-extlib/ocaml-extlib.signatures.json
#	SPECS-EXTENDED/ocaml-extlib/ocaml-extlib.spec
#	SPECS-EXTENDED/ogdi/ogdi.signatures.json
#	SPECS-EXTENDED/ogdi/ogdi.spec
#	SPECS-EXTENDED/opencryptoki/opencryptoki.signatures.json
#	SPECS-EXTENDED/opencryptoki/opencryptoki.spec
#	SPECS-EXTENDED/optipng/optipng.signatures.json
#	SPECS-EXTENDED/optipng/optipng.spec
#	SPECS-EXTENDED/perl-Authen-SASL/perl-Authen-SASL.signatures.json
#	SPECS-EXTENDED/perl-Authen-SASL/perl-Authen-SASL.spec
#	SPECS-EXTENDED/perl-B-Hooks-EndOfScope/perl-B-Hooks-EndOfScope.signatures.json
#	SPECS-EXTENDED/perl-B-Hooks-EndOfScope/perl-B-Hooks-EndOfScope.spec
#	SPECS-EXTENDED/perl-Business-ISBN-Data/perl-Business-ISBN-Data.signatures.json
#	SPECS-EXTENDED/perl-Business-ISBN-Data/perl-Business-ISBN-Data.spec
#	SPECS-EXTENDED/perl-Compress-Raw-Lzma/perl-Compress-Raw-Lzma.signatures.json
#	SPECS-EXTENDED/perl-Compress-Raw-Lzma/perl-Compress-Raw-Lzma.spec
#	SPECS-EXTENDED/perl-Config-Tiny/perl-Config-Tiny.signatures.json
#	SPECS-EXTENDED/perl-Config-Tiny/perl-Config-Tiny.spec
#	SPECS-EXTENDED/perl-Crypt-OpenSSL-Random/perl-Crypt-OpenSSL-Random.signatures.json
#	SPECS-EXTENDED/perl-Crypt-OpenSSL-Random/perl-Crypt-OpenSSL-Random.spec
#	SPECS-EXTENDED/perl-Data-Peek/perl-Data-Peek.signatures.json
#	SPECS-EXTENDED/perl-Data-Peek/perl-Data-Peek.spec
#	SPECS-EXTENDED/perl-File-Slurp/perl-File-Slurp.signatures.json
#	SPECS-EXTENDED/perl-File-Slurp/perl-File-Slurp.spec
#	SPECS-EXTENDED/perl-Importer/perl-Importer.signatures.json
#	SPECS-EXTENDED/perl-Importer/perl-Importer.spec
#	SPECS-EXTENDED/perl-Net-Telnet/perl-Net-Telnet.signatures.json
#	SPECS-EXTENDED/perl-Net-Telnet/perl-Net-Telnet.spec
#	SPECS-EXTENDED/perl-Test-Harness/perl-Test-Harness.signatures.json
#	SPECS-EXTENDED/perl-Test-Harness/perl-Test-Harness.spec
#	SPECS-EXTENDED/perl-Test-Inter/perl-Test-Inter.signatures.json
#	SPECS-EXTENDED/perl-Test-Inter/perl-Test-Inter.spec
#	SPECS-EXTENDED/perl-XString/perl-XString.signatures.json
#	SPECS-EXTENDED/perl-XString/perl-XString.spec
#	SPECS-EXTENDED/plexus-pom/plexus-pom.signatures.json
#	SPECS-EXTENDED/plexus-pom/plexus-pom.spec
#	SPECS-EXTENDED/pps-tools/pps-tools.signatures.json
#	SPECS-EXTENDED/pps-tools/pps-tools.spec
#	SPECS-EXTENDED/python-dulwich/python-dulwich.signatures.json
#	SPECS-EXTENDED/python-dulwich/python-dulwich.spec
#	SPECS-EXTENDED/python-qrcode/python-qrcode.signatures.json
#	SPECS-EXTENDED/python-qrcode/python-qrcode.spec
#	SPECS-EXTENDED/python-rdflib/python-rdflib.signatures.json
#	SPECS-EXTENDED/python-rdflib/python-rdflib.spec
#	SPECS-EXTENDED/python-requests-file/python-requests-file.signatures.json
#	SPECS-EXTENDED/python-requests-file/python-requests-file.spec
#	SPECS-EXTENDED/python-requests-kerberos/python-requests-kerberos.signatures.json
#	SPECS-EXTENDED/python-requests-kerberos/python-requests-kerberos.spec
#	SPECS-EXTENDED/python-urwid/python-urwid.signatures.json
#	SPECS-EXTENDED/python-urwid/python-urwid.spec
#	SPECS-EXTENDED/python-voluptuous/python-voluptuous.signatures.json
#	SPECS-EXTENDED/python-voluptuous/python-voluptuous.spec
#	SPECS-EXTENDED/python3-typed_ast/python3-typed_ast.signatures.json
#	SPECS-EXTENDED/python3-typed_ast/python3-typed_ast.spec
#	SPECS-EXTENDED/rdma-core/rdma-core.spec
#	SPECS-EXTENDED/relaxngDatatype/relaxngDatatype.spec
#	SPECS-EXTENDED/rhash/rhash.signatures.json
#	SPECS-EXTENDED/rhash/rhash.spec
#	SPECS-EXTENDED/udica/udica.signatures.json
#	SPECS-EXTENDED/udica/udica.spec
#	SPECS-EXTENDED/units/units.signatures.json
#	SPECS-EXTENDED/units/units.spec
#	SPECS-EXTENDED/v4l-utils/v4l-utils.spec
#	SPECS-EXTENDED/virt-p2v/virt-p2v.signatures.json
#	SPECS-EXTENDED/virt-p2v/virt-p2v.spec
#	SPECS-SIGNED/edk2-hvloader-signed/edk2-hvloader-signed.spec
#	SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec
#	SPECS-SIGNED/kernel-signed/kernel-signed.spec
#	SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec
#	SPECS-SIGNED/mlnx-nfsrdma-signed/mlnx-nfsrdma-signed.spec
#	SPECS/WALinuxAgent/WALinuxAgent.spec
#	SPECS/application-gateway-kubernetes-ingress/application-gateway-kubernetes-ingress.spec
#	SPECS/asc/asc.spec
#	SPECS/azcopy/azcopy.spec
#	SPECS/azurelinux-sysinfo/azurelinux-sysinfo.spec
#	SPECS/bash-completion/bash-completion.spec
#	SPECS/binutils/binutils.spec
#	SPECS/blobfuse2/blobfuse2.spec
#	SPECS/build-essential/build-essential.spec
#	SPECS/busybox/busybox.spec
#	SPECS/ca-certificates/ca-certificates.spec
#	SPECS/calamares/branding.desc
#	SPECS/calamares/calamares.signatures.json
#	SPECS/calamares/calamares.spec
#	SPECS/calamares/settings.conf
#	SPECS/calamares/show.qml
#	SPECS/ceph/ceph.spec
#	SPECS/cert-manager/cert-manager.spec
#	SPECS/cf-cli/cf-cli.spec
#	SPECS/cifs-utils/cifs-utils.signatures.json
#	SPECS/cifs-utils/cifs-utils.spec
#	SPECS/cloud-init/cloud-init.spec
#	SPECS/cmake/cmake.spec
#	SPECS/cni-plugins/cni-plugins.spec
#	SPECS/cni/cni.spec
#	SPECS/conda/conda.signatures.json
#	SPECS/conda/conda.spec
#	SPECS/containerd/containerd.spec
#	SPECS/containerd2/containerd2.spec
#	SPECS/containerized-data-importer/containerized-data-importer.spec
#	SPECS/core-packages/core-packages.spec
#	SPECS/coredns/coredns.spec
#	SPECS/cri-tools/cri-tools.spec
#	SPECS/cronie/cronie.spec
#	SPECS/dcos-cli/dcos-cli.spec
#	SPECS/distroless-packages/distroless-packages.spec
#	SPECS/docker-buildx/docker-buildx.spec
#	SPECS/docker-cli/docker-cli.spec
#	SPECS/docker-compose/docker-compose.spec
#	SPECS/dosfstools/dosfstools.spec
#	SPECS/dracut/dracut.spec
#	SPECS/edk2/CVE-2022-3996.patch
#	SPECS/edk2/CVE-2024-6119.patch
#	SPECS/edk2/edk2.spec
#	SPECS/efibootmgr/efibootmgr.spec
#	SPECS/elfutils/10-ptrace-yama.conf
#	SPECS/elfutils/elfutils.signatures.json
#	SPECS/elfutils/elfutils.spec
#	SPECS/emacs/emacs.spec
#	SPECS/etcd/etcd.spec
#	SPECS/flannel/flannel.spec
#	SPECS/fluent-bit/fluent-bit.signatures.json
#	SPECS/fluent-bit/fluent-bit.spec
#	SPECS/freetds/freetds.spec
#	SPECS/future/future.signatures.json
#	SPECS/future/future.spec
#	SPECS/gdb/gdb.spec
#	SPECS/gh/gh.spec
#	SPECS/git-lfs/git-lfs.spec
#	SPECS/glib/glib.signatures.json
#	SPECS/glib/glib.spec
#	SPECS/go-md2man/go-md2man.spec
#	SPECS/gobject-introspection/gobject-introspection.spec
#	SPECS/golang-packaging/golang-packaging.spec
#	SPECS/grub2/grub2.spec
#	SPECS/heimdal/heimdal.spec
#	SPECS/helm/helm.spec
#	SPECS/hyperv-daemons/hyperv-daemons.signatures.json
#	SPECS/hyperv-daemons/hyperv-daemons.spec
#	SPECS/ig/ig.spec
#	SPECS/influx-cli/influx-cli.spec
#	SPECS/influxdb/influxdb.spec
#	SPECS/jq/jq.spec
#	SPECS/jx/jx.spec
#	SPECS/kata-containers-cc/kata-containers-cc.signatures.json
#	SPECS/kata-containers-cc/kata-containers-cc.spec
#	SPECS/kata-containers/kata-containers.signatures.json
#	SPECS/kata-containers/kata-containers.spec
#	SPECS/keda/keda.spec
#	SPECS/keras/keras.spec
#	SPECS/kernel-64k/config_aarch64
#	SPECS/kernel-64k/kernel-64k.signatures.json
#	SPECS/kernel-64k/kernel-64k.spec
#	SPECS/kernel-headers/kernel-headers.signatures.json
#	SPECS/kernel-headers/kernel-headers.spec
#	SPECS/kernel/CVE-2022-2785.nopatch
#	SPECS/kernel/config
#	SPECS/kernel/kernel-uki-dracut.conf
#	SPECS/kernel/kernel-uki.signatures.json
#	SPECS/kernel/kernel-uki.spec
#	SPECS/kernel/kernel.signatures.json
#	SPECS/kernel/kernel.spec
#	SPECS/kube-vip-cloud-provider/kube-vip-cloud-provider.spec
#	SPECS/kubernetes/kubernetes.spec
#	SPECS/kubevirt/kubevirt.spec
#	SPECS/kured/kured.spec
#	SPECS/libarchive/libarchive.spec
#	SPECS/libdwarf/libdwarf.signatures.json
#	SPECS/libdwarf/libdwarf.spec
#	SPECS/libdwarf/libdwarf_skip_test.patch
#	SPECS/libguestfs/libguestfs.spec
#	SPECS/libnbd/libnbd.spec
#	SPECS/libnvidia-container/libnvidia-container.spec
#	SPECS/libreswan/libreswan.signatures.json
#	SPECS/libreswan/libreswan.spec
#	SPECS/libssh/libssh.signatures.json
#	SPECS/libssh/libssh.spec
#	SPECS/libvirt/libvirt.spec
#	SPECS/libxcrypt/libxcrypt.spec
#	SPECS/libxslt/libxslt.signatures.json
#	SPECS/libxslt/libxslt.spec
#	SPECS/linux-firmware/linux-firmware.signatures.json
#	SPECS/linux-firmware/linux-firmware.spec
#	SPECS/local-path-provisioner/local-path-provisioner.spec
#	SPECS/mariadb-connector-c/mariadb-connector-c.spec
#	SPECS/mariadb/mariadb.signatures.json
#	SPECS/mariadb/mariadb.spec
#	SPECS/mesa/mesa.spec
#	SPECS/moby-containerd-cc/CVE-2023-44487.patch
#	SPECS/moby-containerd-cc/moby-containerd-cc.spec
#	SPECS/moby-engine/moby-engine.spec
#	SPECS/mock-core-configs/mock-core-configs.spec
#	SPECS/mock/mock.spec
#	SPECS/multus/multus.spec
#	SPECS/node-problem-detector/node-problem-detector.spec
#	SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec
#	SPECS/ocaml-fileutils/ocaml-fileutils.spec
#	SPECS/opa/opa.spec
#	SPECS/openblas/openblas.spec
#	SPECS/openssh/openssh.spec
#	SPECS/openssl/openssl.spec
#	SPECS/packer/packer.spec
#	SPECS/pesign/pesign.spec
#	SPECS/php/php.signatures.json
#	SPECS/php/php.spec
#	SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec
#	SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec
#	SPECS/prometheus-adapter/prometheus-adapter.spec
#	SPECS/prometheus-node-exporter/prometheus-node-exporter.spec
#	SPECS/prometheus-process-exporter/prometheus-process-exporter.spec
#	SPECS/prometheus/prometheus.spec
#	SPECS/python-jinja2/python-jinja2.spec
#	SPECS/python-rpmautospec-core/python-rpmautospec-core.spec
#	SPECS/python-twisted/python-twisted.spec
#	SPECS/pytorch/pytorch.spec
#	SPECS/qemu/qemu.spec
#	SPECS/qtbase/qtbase.spec
#	SPECS/rasdaemon/rasdaemon.spec
#	SPECS/rdma-core/rdma-core.spec
#	SPECS/readline/readline.spec
#	SPECS/rpm-ostree/rpm-ostree.spec
#	SPECS/rpm/rpm.spec
#	SPECS/rpmdevtools/rpmdevtools.spec
#	SPECS/rsyslog/rsyslog.conf
#	SPECS/rsyslog/rsyslog.logrotate
#	SPECS/rsyslog/rsyslog.signatures.json
#	SPECS/rsyslog/rsyslog.spec
#	SPECS/runc/runc.spec
#	SPECS/selinux-policy/0036-fstools-Add-additional-perms-for-cloud-utils-growpar.patch
#	SPECS/selinux-policy/selinux-policy.spec
#	SPECS/shadow-utils/login-defs
#	SPECS/shadow-utils/shadow-utils.signatures.json
#	SPECS/shadow-utils/shadow-utils.spec
#	SPECS/skopeo/skopeo.spec
#	SPECS/sriov-network-device-plugin/sriov-network-device-plugin.spec
#	SPECS/strace/strace.signatures.json
#	SPECS/strace/strace.spec
#	SPECS/supermin/supermin.spec
#	SPECS/systemd-bootstrap/systemd-bootstrap.spec
#	SPECS/systemd/systemd.signatures.json
#	SPECS/systemd/systemd.spec
#	SPECS/tdnf/tdnf-add-installonlypkgs-config.patch
#	SPECS/tdnf/tdnf-installonlypkgs.patch
#	SPECS/tdnf/tdnf.spec
#	SPECS/telegraf/telegraf.signatures.json
#	SPECS/telegraf/telegraf.spec
#	SPECS/thrift/thrift.spec
#	SPECS/tzdata/tzdata.signatures.json
#	SPECS/tzdata/tzdata.spec
#	SPECS/usbip/usbip.spec
#	SPECS/usermode/usermode.spec
#	SPECS/vim/vim.signatures.json
#	SPECS/vim/vim.spec
#	SPECS/vitess/vitess.spec
#	SPECS/vte291/vte291.spec
#	SPECS/wget/wget.spec
#	SPECS/xdp-tools/xdp-tools.spec
#	cgmanifest.json
#	toolkit/Makefile
#	toolkit/imageconfigs/core-container.json
#	toolkit/imageconfigs/core-efi-aarch64.json
#	toolkit/imageconfigs/core-efi.json
#	toolkit/imageconfigs/full.json
#	toolkit/imageconfigs/packagelists/base-image-packages.json
#	toolkit/imageconfigs/packagelists/core-packages-image.json
#	toolkit/imageconfigs/packagelists/minimal-os-packages.json
#	toolkit/imageconfigs/packagelists/virtualization-host-packages.json
#	toolkit/resources/assets/isomaker/iso_root_static_files/boot/grub2/grub.cfg
#	toolkit/resources/imageconfigs/iso_initrd.json
#	toolkit/resources/imageconfigs/packagelists/iso-initrd-packages-arm64.json
#	toolkit/resources/imageconfigs/packagelists/iso-initrd-packages.json
#	toolkit/resources/manifests/image/local.repo
#	toolkit/resources/manifests/package/daily_build_repo.repo.template
#	toolkit/resources/manifests/package/license_file_exceptions.json
#	toolkit/resources/manifests/package/macro_packages.txt
#	toolkit/resources/manifests/package/macros.override
#	toolkit/resources/manifests/package/pkggen_core_aarch64.txt
#	toolkit/resources/manifests/package/pkggen_core_x86_64.txt
#	toolkit/resources/manifests/package/toolchain_aarch64.txt
#	toolkit/resources/manifests/package/toolchain_x86_64.txt
#	toolkit/resources/manifests/package/update_manifests.sh
#	toolkit/scripts/analysis.mk
#	toolkit/scripts/build_tag.mk
#	toolkit/scripts/check_entangled_specs.py
#	toolkit/scripts/check_spec_guidelines.py
#	toolkit/scripts/containerized-build/resources/azl.Dockerfile
#	toolkit/scripts/containerized-build/resources/local_repo
#	toolkit/scripts/get_lkg_id.sh
#	toolkit/scripts/imggen.mk
#	toolkit/scripts/requirements.txt
#	toolkit/scripts/rpmops.sh
#	toolkit/scripts/setuplkgtoolchain.sh
#	toolkit/scripts/spec_source_attributions.py
#	toolkit/scripts/toolchain.mk
#	toolkit/scripts/toolchain/build_official_toolchain_rpms.sh
#	toolkit/scripts/toolchain/container/Dockerfile
#	toolkit/scripts/toolchain/container/toolchain-sha256sums
#	toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh
#	toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh
#	toolkit/scripts/toolchain/create_toolchain_in_container.sh
#	toolkit/scripts/toolchain/download_toolchain_rpm.sh
#	toolkit/scripts/toolkit.mk
#	toolkit/scripts/update_manifest.sh
#	toolkit/tools/grapher/grapher.go
#	toolkit/tools/imagegen/attendedinstaller/attendedinstaller.go
#	toolkit/tools/imagegen/attendedinstaller/uitext/uitext.go
#	toolkit/tools/imagegen/attendedinstaller/views/finishview/finishview.go
#	toolkit/tools/imagegen/attendedinstaller/views/hostnameview/hostnameview.go
#	toolkit/tools/imagegen/configuration/configuration_test.go
#	toolkit/tools/imagegen/configuration/packagerepo.go
#	toolkit/tools/imagegen/configuration/packagerepo_test.go
#	toolkit/tools/imagegen/configuration/systemconfig.go
#	toolkit/tools/imagegen/configuration/testdata/test_configuration.json
#	toolkit/tools/imagegen/diskutils/diskutils.go
#	toolkit/tools/imagegen/diskutils/encryption.go
#	toolkit/tools/imagegen/installutils/installutils.go
#	toolkit/tools/imager/imager.go
#	toolkit/tools/internal/packagerepo/repocloner/repocloner.go
#	toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go
#	toolkit/tools/internal/pkgjson/pkgjson.go
#	toolkit/tools/internal/pkgjson/pkgjson_test.go
#	toolkit/tools/internal/resources/assets/grub2/grub
#	toolkit/tools/internal/resources/assets/grub2/grub.cfg
#	toolkit/tools/internal/resources/resources.go
#	toolkit/tools/internal/rpm/rpm.go
#	toolkit/tools/internal/safemount/safemount_test.go
#	toolkit/tools/internal/tdnf/tdnf.go
#	toolkit/tools/liveinstaller/liveinstaller.go
#	toolkit/tools/pkg/imagecustomizerlib/imageutils.go
#	toolkit/tools/pkg/isomakerlib/isomaker.go
#	toolkit/tools/pkggen/worker/create_worker_chroot.sh
#	toolkit/tools/srpmpacker/srpmpacker.go
@ranjan-dutta ranjan-dutta requested a review from a team as a code owner April 30, 2025 01:42
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 30, 2025
View reviewed changes
.github/workflows/check-package-update-gate.yml
Comment on lines +15 to +89
name: Check Package Update Gate
runs-on: ubuntu-latest
steps:

- name: Check out code
uses: actions/checkout@v4

- name: Get base commit for PRs
if: ${{ github.event_name == 'pull_request' }}
run: |
git fetch origin ${{ github.base_ref }}
echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> $GITHUB_ENV
echo "Merging ${{ github.sha }} into ${{ github.base_ref }}"

- name: Get base commit for Pushes
if: ${{ github.event_name == 'push' }}
run: |
git fetch origin ${{ github.event.before }}
echo "base_sha=${{ github.event.before }}" >> $GITHUB_ENV
echo "Merging ${{ github.sha }} into ${{ github.event.before }}"

- name: Get the changed files
run: |
echo "Files changed: '$(git diff-tree --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }})'"
changed_specs=$(git diff-tree --diff-filter=d --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }} | { grep "SPECS.*/.*\.spec$" || test $? = 1; })
echo "Files to validate: '${changed_specs}'"
echo "updated-specs=$(echo ${changed_specs})" >> $GITHUB_ENV

- name: Check each spec
run: |

if [[ -z "${{ env.updated-specs }}" ]]; then
echo "No spec files to validate. Exiting."
exit 0
fi

for spec in ${{ env.updated-specs }}
do
echo "Checking '$spec'."
# Expand macros if present
name=$(rpmspec --parse "$spec" | grep -E "^Name:\s*(.*)" | awk '{print $2}')
version=$(rpmspec --parse "$spec" | grep -E "^Version:\s*(.*)" | awk '{print $2}')

# Read from packagelist-gate.csv and iterate each row
# 1st column: package name
# 2nd column: condition (>=, =,'')
# 3rd column: version number

while IFS=, read -r package_name condition version_number; do
if [[ "$name" == "$package_name" ]]; then
case "$condition" in
">=" | "=" )
if [[ ("$condition" == ">=" && "$(printf '%s\n' "$version" "$version_number" | sort -V | head -n1)" == "$version_number") ||
("$condition" == "=" && "$version" == "$version_number") ]]; then
1>&2 echo "**** ERROR ****"
1>&2 echo "Spec '$spec' version '$version' is not allowed in Azure Linux. Error:'$spec $condition $version_number'."
1>&2 echo "**** ERROR ****"
error_found=1
fi
;;
*)
1>&2 echo "**** ERROR ****"
1>&2 echo "Spec $spec is not allowed in Azure Linux"
1>&2 echo "**** ERROR ****"
error_found=1
;;
esac
fi
done < .github/workflows/packagelist-gate.csv
done

if [[ -n $error_found ]]
then
exit 1
fi

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
@cheeyanglee
Copy link
Contributor

cheeyanglee commented May 16, 2025

merged V3
#99

@anujm1 anujm1 deleted the sandbox/rdutta/3.0/update-3.0.20250423-3.0-v1 branch May 19, 2025 07:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.