diff --git a/SPECS-EXTENDED/buildah/buildah.spec b/SPECS-EXTENDED/buildah/buildah.spec index 25b04692045..62b7b5c6d73 100644 --- a/SPECS-EXTENDED/buildah/buildah.spec +++ b/SPECS-EXTENDED/buildah/buildah.spec @@ -30,7 +30,7 @@ Epoch: 0 Version: 1.41.4 # The `AND` needs to be uppercase in the License for SPDX compatibility License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MPL-2.0 -Release: 7%{?dist} +Release: 8%{?dist} Vendor: Microsoft Corporation Distribution: Azure Linux ExclusiveArch: aarch64 ppc64le s390x x86_64 @@ -43,7 +43,7 @@ BuildRequires: device-mapper-devel BuildRequires: git-core BuildRequires: golang >= 1.16.6 BuildRequires: glib2-devel -BuildRequires: glibc-static >= 2.38-19%{?dist} +BuildRequires: glibc-static >= 2.38-20%{?dist} %if !%{defined gobuild} BuildRequires: go-rpm-macros %endif @@ -173,6 +173,9 @@ make test-unit %{_datadir}/%{name}/test %changelog +* Thu May 07 2026 Aditya Singh - 0:1.41.4-8 +- Bump to rebuild with updated glibc + * Wed Mar 25 2026 Aditya Singh - 0:1.41.4-7 - Bump to rebuild with updated glibc diff --git a/SPECS-EXTENDED/catatonit/catatonit.spec b/SPECS-EXTENDED/catatonit/catatonit.spec index 199bdb7b059..b0d7bc8c2a6 100644 --- a/SPECS-EXTENDED/catatonit/catatonit.spec +++ b/SPECS-EXTENDED/catatonit/catatonit.spec @@ -3,7 +3,7 @@ Distribution: Azure Linux Name: catatonit Version: 0.1.7 -Release: 27%{?dist} +Release: 28%{?dist} Summary: A signal-forwarding process manager for containers License: GPLv3+ URL: https://github.com/openSUSE/catatonit @@ -13,7 +13,7 @@ BuildRequires: automake BuildRequires: file BuildRequires: gcc BuildRequires: git -BuildRequires: glibc-static >= 2.38-19%{?dist} +BuildRequires: glibc-static >= 2.38-20%{?dist} BuildRequires: libtool BuildRequires: make @@ -61,6 +61,9 @@ ln -s %{_libexecdir}/%{name}/%{name} %{buildroot}%{_libexecdir}/podman/%{name} %{_libexecdir}/podman/%{name} %changelog +* Thu May 07 2026 Aditya Singh - 0.1.7-28 +- Bump to rebuild with updated glibc + * Wed Mar 25 2026 Aditya Singh - 0.1.7-27 - Bump to rebuild with updated glibc diff --git a/SPECS-EXTENDED/crun/crun.spec b/SPECS-EXTENDED/crun/crun.spec index 26b41e7f274..b1a6d5ece4b 100644 --- a/SPECS-EXTENDED/crun/crun.spec +++ b/SPECS-EXTENDED/crun/crun.spec @@ -12,7 +12,7 @@ Summary: OCI runtime written in C Name: crun Version: 1.24 -Release: 4%{?dist} +Release: 5%{?dist} Vendor: Microsoft Corporation Distribution: Azure Linux URL: https://github.com/containers/%{name} @@ -48,7 +48,7 @@ BuildRequires: wasmedge-devel %endif BuildRequires: python -BuildRequires: glibc-static >= 2.38-19%{?dist} +BuildRequires: glibc-static >= 2.38-20%{?dist} Provides: oci-runtime %description @@ -114,6 +114,9 @@ rm -rf %{buildroot}%{_prefix}/lib* %endif %changelog +* Thu May 07 2026 Aditya Singh - 1.24-5 +- Bump to rebuild with updated glibc + * Wed Mar 25 2026 Aditya Singh - 1.24-4 - Bump to rebuild with updated glibc diff --git a/SPECS-EXTENDED/dyninst/dyninst.spec b/SPECS-EXTENDED/dyninst/dyninst.spec index 1791af9b739..0004e737b54 100644 --- a/SPECS-EXTENDED/dyninst/dyninst.spec +++ b/SPECS-EXTENDED/dyninst/dyninst.spec @@ -1,7 +1,7 @@ Summary: An API for Run-time Code Generation License: LGPLv2+ Name: dyninst -Release: 29%{?dist} +Release: 30%{?dist} Vendor: Microsoft Corporation Distribution: Azure Linux URL: http://www.dyninst.org @@ -31,7 +31,7 @@ BuildRequires: tbb tbb-devel # Extra requires just for the testsuite BuildRequires: gcc-gfortran libstdc++-static libxml2-devel -BuildRequires: glibc-static >= 2.38-19%{?dist} +BuildRequires: glibc-static >= 2.38-20%{?dist} # Testsuite files should not provide/require anything %{?filter_setup: @@ -194,6 +194,9 @@ echo "%{_libdir}/dyninst" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf %attr(644,root,root) %{_libdir}/dyninst/testsuite/*.a %changelog +* Thu May 07 2026 Aditya Singh - 10.1.0-30 +- Bump to rebuild with updated glibc + * Wed Mar 25 2026 Aditya Singh - 10.1.0-29 - Bump to rebuild with updated glibc diff --git a/SPECS-EXTENDED/podman/podman.spec b/SPECS-EXTENDED/podman/podman.spec index 5b53a1430fb..64fbca0fe5e 100644 --- a/SPECS-EXTENDED/podman/podman.spec +++ b/SPECS-EXTENDED/podman/podman.spec @@ -31,7 +31,7 @@ Epoch: 0 # If you're reading this on dist-git, the version is automatically filled in by Packit. Version: 5.6.1 License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MPL-2.0 -Release: 8%{?dist} +Release: 9%{?dist} ExclusiveArch: aarch64 ppc64le s390x x86_64 riscv64 Summary: Manage Pods, Containers and Container Images Vendor: Microsoft Corporation @@ -48,7 +48,7 @@ BuildRequires: btrfs-progs-devel BuildRequires: gcc BuildRequires: glib2-devel BuildRequires: glibc-devel -BuildRequires: glibc-static >= 2.38-19%{?dist} +BuildRequires: glibc-static >= 2.38-20%{?dist} BuildRequires: golang BuildRequires: git-core @@ -298,6 +298,9 @@ make localunit # rhcontainerbot account currently managed by lsm5 %changelog +* Thu May 07 2026 Aditya Singh - 0:5.6.1-9 +- Bump to rebuild with updated glibc + * Wed Mar 25 2026 Aditya Singh - 0:5.6.1-8 - Bump to rebuild with updated glibc diff --git a/SPECS/busybox/busybox.spec b/SPECS/busybox/busybox.spec index 0ad56223e6d..7be0c02fc13 100644 --- a/SPECS/busybox/busybox.spec +++ b/SPECS/busybox/busybox.spec @@ -1,7 +1,7 @@ Summary: Statically linked binary providing simplified versions of system commands Name: busybox Version: 1.36.1 -Release: 23%{?dist} +Release: 24%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -20,7 +20,7 @@ Patch6: CVE-2023-39810.patch Patch7: CVE-2022-48174.patch Patch8: CVE-2026-26157.patch BuildRequires: gcc -BuildRequires: glibc-static >= 2.38-19%{?dist} +BuildRequires: glibc-static >= 2.38-20%{?dist} BuildRequires: libselinux-devel >= 1.27.7-2 BuildRequires: libsepol-devel %if 0%{?with_check} @@ -110,6 +110,9 @@ cd testsuite %{_mandir}/man1/busybox.petitboot.1.gz %changelog +* Thu May 07 2026 Aditya Singh - 1.36.1-24 +- Bump to rebuild with updated glibc + * Wed Mar 25 2026 Aditya Singh - 1.36.1-23 - Bump to rebuild with updated glibc diff --git a/SPECS/flannel/flannel.spec b/SPECS/flannel/flannel.spec index 1d41ed03a74..fae0a40a7db 100644 --- a/SPECS/flannel/flannel.spec +++ b/SPECS/flannel/flannel.spec @@ -3,7 +3,7 @@ Summary: Simple and easy way to configure a layer 3 network fabric designed for Kubernetes Name: flannel Version: 0.24.2 -Release: 26%{?dist} +Release: 27%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -20,7 +20,7 @@ Patch5: CVE-2025-65637.patch Patch6: CVE-2026-32241.patch BuildRequires: gcc BuildRequires: glibc-devel -BuildRequires: glibc-static >= 2.38-19%{?dist} +BuildRequires: glibc-static >= 2.38-20%{?dist} BuildRequires: golang < 1.25 BuildRequires: kernel-headers @@ -54,6 +54,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} ./dist/flanneld %{_bindir}/flanneld %changelog +* Thu May 07 2026 Aditya Singh - 0.24.2-27 +- Bump to rebuild with updated glibc + * Mon Mar 30 2026 Aditya Singh - 0.24.2-26 - Bump to rebuild with updated glibc * Mon Mar 30 2026 Azure Linux Security Servicing Account - 0.24.2-25 diff --git a/SPECS/glibc/CVE-2026-4046.patch b/SPECS/glibc/CVE-2026-4046.patch new file mode 100644 index 00000000000..f29742eac6b --- /dev/null +++ b/SPECS/glibc/CVE-2026-4046.patch @@ -0,0 +1,332 @@ +From d6f08d1cf027f4eb2ba289a6cc66853722d4badc Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Thu, 16 Apr 2026 19:13:43 +0200 +Subject: [PATCH] Use pending character state in IBM1390, IBM1399 character + sets (CVE-2026-4046) + +Follow the example in iso-2022-jp-3.c and use the __count state +variable to store the pending character. This avoids restarting +the conversion if the output buffer ends between two 4-byte UCS-4 +code points, so that the assert reported in the bug can no longer +happen. + +Even though the fix is applied to ibm1364.c, the change is only +effective for the two HAS_COMBINED codecs for IBM1390, IBM1399. + +The test case was mostly auto-generated using +claude-4.6-opus-high-thinking, and composer-2-fast shows up in the +log as well. During review, gpt-5.4-xhigh flagged that the original +version of the test case was not exercising the new character +flush logic. + +This fixes bug 33980. + +Assisted-by: LLM +Reviewed-by: Carlos O'Donell +Upstream Patch Reference: https://sourceware.org/git/?p=glibc.git;a=patch;h=d6f08d1cf027f4eb2ba289a6cc66853722d4badc +--- + iconvdata/Makefile | 5 +- + iconvdata/ibm1364.c | 70 ++++++++++++++---- + iconvdata/tst-bug33980.c | 153 +++++++++++++++++++++++++++++++++++++++ + 3 files changed, 212 insertions(+), 16 deletions(-) + create mode 100644 iconvdata/tst-bug33980.c + +diff --git a/iconvdata/Makefile b/iconvdata/Makefile +index dd5cafab..6aa3ec33 100644 +--- a/iconvdata/Makefile ++++ b/iconvdata/Makefile +@@ -75,7 +75,8 @@ ifeq (yes,$(build-shared)) + tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \ + tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \ + bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4 \ +- bug-iconv13 bug-iconv14 bug-iconv15 ++ bug-iconv13 bug-iconv14 bug-iconv15 \ ++ tst-bug33980 + ifeq ($(have-thread-library),yes) + tests += bug-iconv3 + endif +@@ -330,6 +331,8 @@ $(objpfx)bug-iconv14.out: $(addprefix $(objpfx), $(gconv-modules)) \ + $(addprefix $(objpfx),$(modules.so)) + $(objpfx)bug-iconv15.out: $(addprefix $(objpfx), $(gconv-modules)) \ + $(addprefix $(objpfx),$(modules.so)) ++$(objpfx)tst-bug33980.out: $(addprefix $(objpfx), $(gconv-modules)) \ ++ $(addprefix $(objpfx),$(modules.so)) + + $(objpfx)iconv-test.out: run-iconv-test.sh \ + $(addprefix $(objpfx), $(gconv-modules)) \ +diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c +index 5203f30e..d11fcde4 100644 +--- a/iconvdata/ibm1364.c ++++ b/iconvdata/ibm1364.c +@@ -67,12 +67,29 @@ + + /* Since this is a stateful encoding we have to provide code which resets + the output state to the initial state. This has to be done during the +- flushing. */ ++ flushing. For the to-internal direction (FROM_DIRECTION is true), ++ there may be a pending character that needs flushing. */ + #define EMIT_SHIFT_TO_INIT \ + if ((data->__statep->__count & ~7) != sb) \ + { \ + if (FROM_DIRECTION) \ +- data->__statep->__count &= 7; \ ++ { \ ++ uint32_t ch = data->__statep->__count >> 7; \ ++ if (__glibc_unlikely (ch != 0)) \ ++ { \ ++ if (__glibc_unlikely (outend - outbuf < 4)) \ ++ status = __GCONV_FULL_OUTPUT; \ ++ else \ ++ { \ ++ put32 (outbuf, ch); \ ++ outbuf += 4; \ ++ /* Clear character and db bit. */ \ ++ data->__statep->__count &= 7; \ ++ } \ ++ } \ ++ else \ ++ data->__statep->__count &= 7; \ ++ } \ + else \ + { \ + /* We are not in the initial state. To switch back we have \ +@@ -99,11 +116,13 @@ + *curcsp = save_curcs + + +-/* Current codeset type. */ ++/* Current codeset type. The bit is stored in the __count variable of ++ the conversion state. If the db bit is set, bit 7 and above store ++ a pending UCS-4 code point if non-zero. */ + enum + { +- sb = 0, +- db = 64 ++ sb = 0, /* Single byte mode. */ ++ db = 64 /* Double byte mode. */ + }; + + +@@ -119,21 +138,29 @@ enum + } \ + else \ + { \ +- /* This is a combined character. Make sure we have room. */ \ +- if (__glibc_unlikely (outptr + 8 > outend)) \ +- { \ +- result = __GCONV_FULL_OUTPUT; \ +- break; \ +- } \ +- \ + const struct divide *cmbp \ + = &DB_TO_UCS4_COMB[ch - __TO_UCS4_COMBINED_MIN]; \ + assert (cmbp->res1 != 0 && cmbp->res2 != 0); \ + \ + put32 (outptr, cmbp->res1); \ + outptr += 4; \ +- put32 (outptr, cmbp->res2); \ +- outptr += 4; \ ++ \ ++ /* See whether we have room for the second character. */ \ ++ if (outend - outptr >= 4) \ ++ { \ ++ put32 (outptr, cmbp->res2); \ ++ outptr += 4; \ ++ } \ ++ else \ ++ { \ ++ /* Otherwise store only the first character now, and \ ++ put the second one into the queue. */ \ ++ curcs |= cmbp->res2 << 7; \ ++ inptr += 2; \ ++ /* Tell the caller why we terminate the loop. */ \ ++ result = __GCONV_FULL_OUTPUT; \ ++ break; \ ++ } \ + } \ + } + #else +@@ -153,7 +180,20 @@ enum + #define LOOPFCT FROM_LOOP + #define BODY \ + { \ +- uint32_t ch = *inptr; \ ++ uint32_t ch; \ ++ \ ++ ch = curcs >> 7; \ ++ if (__glibc_unlikely (ch != 0)) \ ++ { \ ++ put32 (outptr, ch); \ ++ outptr += 4; \ ++ /* Remove the pending character, but preserve state bits. */ \ ++ curcs &= (1 << 7) - 1; \ ++ continue; \ ++ } \ ++ \ ++ /* Otherwise read the next input byte. */ \ ++ ch = *inptr; \ + \ + if (__builtin_expect (ch, 0) == SO) \ + { \ +diff --git a/iconvdata/tst-bug33980.c b/iconvdata/tst-bug33980.c +new file mode 100644 +index 00000000..c9693e0e +--- /dev/null ++++ b/iconvdata/tst-bug33980.c +@@ -0,0 +1,153 @@ ++/* Test for bug 33980: combining characters in IBM1390/IBM1399. ++ Copyright (C) 2026 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++ ++/* Run iconv in a loop with a small output buffer of OUTBUFSIZE bytes ++ starting at OUTBUF. OUTBUF should be right before an unmapped page ++ so that writing past the end will fault. Skip SHIFT bytes at the ++ start of the input and output, to exercise different buffer ++ alignment. TRUNCATE indicates skipped bytes at the end of ++ input (0 and 1 a valid). */ ++static void ++test_one (const char *encoding, unsigned int shift, unsigned int truncate, ++ char *outbuf, size_t outbufsize) ++{ ++ /* In IBM1390 and IBM1399, the DBCS code 0xECB5 expands to two ++ Unicode code points when translated. */ ++ static char input[] = ++ { ++ /* 8 letters X. */ ++ 0xe7, 0xe7, 0xe7, 0xe7, 0xe7, 0xe7, 0xe7, 0xe7, ++ /* SO, 0xECB5, SI: shift to DBCS, special character, shift back. */ ++ 0x0e, 0xec, 0xb5, 0x0f ++ }; ++ ++ /* Expected output after UTF-8 conversion. */ ++ static char expected[] = ++ { ++ 'X', 'X', 'X', 'X', 'X', 'X', 'X', 'X', ++ /* U+304B (HIRAGANA LETTER KA). */ ++ 0xe3, 0x81, 0x8b, ++ /* U+309A (COMBINING KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK). */ ++ 0xe3, 0x82, 0x9a ++ }; ++ ++ iconv_t cd = iconv_open ("UTF-8", encoding); ++ TEST_VERIFY_EXIT (cd != (iconv_t) -1); ++ ++ char result_storage[64]; ++ struct alloc_buffer result_buf ++ = alloc_buffer_create (result_storage, sizeof (result_storage)); ++ ++ char *inptr = &input[shift]; ++ size_t inleft = sizeof (input) - shift - truncate; ++ ++ while (inleft > 0) ++ { ++ char *outptr = outbuf; ++ size_t outleft = outbufsize; ++ size_t inleft_before = inleft; ++ ++ size_t ret = iconv (cd, &inptr, &inleft, &outptr, &outleft); ++ size_t produced = outptr - outbuf; ++ alloc_buffer_copy_bytes (&result_buf, outbuf, produced); ++ ++ if (ret == (size_t) -1 && errno == E2BIG) ++ { ++ if (produced == 0 && inleft == inleft_before) ++ { ++ /* Output buffer too small to make progress. This is ++ expected for very small output buffer sizes. */ ++ TEST_VERIFY_EXIT (outbufsize < 3); ++ break; ++ } ++ continue; ++ } ++ if (ret == (size_t) -1) ++ FAIL_EXIT1 ("%s (outbufsize %zu): iconv: %m", encoding, outbufsize); ++ break; ++ } ++ ++ /* Flush any pending state (e.g. a buffered combined character). ++ With outbufsize < 3, we could not store the first character, so ++ the second character did not become pending, and there is nothing ++ to flush. */ ++ { ++ char *outptr = outbuf; ++ size_t outleft = outbufsize; ++ ++ size_t ret = iconv (cd, NULL, NULL, &outptr, &outleft); ++ TEST_VERIFY_EXIT (ret == 0); ++ size_t produced = outptr - outbuf; ++ alloc_buffer_copy_bytes (&result_buf, outbuf, produced); ++ ++ /* Second flush does not provide more data. */ ++ outptr = outbuf; ++ outleft = outbufsize; ++ ret = iconv (cd, NULL, NULL, &outptr, &outleft); ++ TEST_VERIFY_EXIT (ret == 0); ++ TEST_VERIFY (outptr == outbuf); ++ } ++ ++ TEST_VERIFY_EXIT (!alloc_buffer_has_failed (&result_buf)); ++ size_t result_used ++ = sizeof (result_storage) - alloc_buffer_size (&result_buf); ++ ++ if (outbufsize >= 3) ++ { ++ TEST_COMPARE (inleft, 0); ++ TEST_COMPARE (result_used, sizeof (expected) - shift); ++ TEST_COMPARE_BLOB (result_storage, result_used, ++ &expected[shift], sizeof (expected) - shift); ++ } ++ else ++ /* If the buffer is too small, only the leading X could be converted. */ ++ TEST_COMPARE (result_used, 8 - shift); ++ ++ TEST_VERIFY_EXIT (iconv_close (cd) == 0); ++} ++ ++static int ++do_test (void) ++{ ++ struct support_next_to_fault ntf ++ = support_next_to_fault_allocate (8); ++ ++ for (int shift = 0; shift <= 8; ++shift) ++ for (int truncate = 0; truncate < 2; ++truncate) ++ for (size_t outbufsize = 1; outbufsize <= 8; outbufsize++) ++ { ++ char *outbuf = ntf.buffer + ntf.length - outbufsize; ++ test_one ("IBM1390", shift, truncate, outbuf, outbufsize); ++ test_one ("IBM1399", shift, truncate, outbuf, outbufsize); ++ } ++ ++ support_next_to_fault_free (&ntf); ++ return 0; ++} ++ ++#include +-- +2.45.4 + diff --git a/SPECS/glibc/glibc.spec b/SPECS/glibc/glibc.spec index 0f66cca6609..8cd303fd287 100644 --- a/SPECS/glibc/glibc.spec +++ b/SPECS/glibc/glibc.spec @@ -10,7 +10,7 @@ Summary: Main C library Name: glibc Version: 2.38 -Release: 19%{?dist} +Release: 20%{?dist} License: BSD AND GPLv2+ AND Inner-Net AND ISC AND LGPLv2+ AND MIT Vendor: Microsoft Corporation Distribution: Azure Linux @@ -52,6 +52,7 @@ Patch21: test-CVE-2025-4802.patch Patch22: CVE-2025-8058.patch Patch23: CVE-2026-4437.patch Patch24: CVE-2026-4438.patch +Patch25: CVE-2026-4046.patch # Patches for testing Patch100: 0001-Remove-Wno-format-cflag-from-tests.patch @@ -387,6 +388,9 @@ grep "^FAIL: string/test-mempcpy" tests.sum >/dev/null && n=$((n+1)) ||: %exclude %{_libdir}/locale/C.utf8 %changelog +* Thu May 07 2026 Aditya Singh - 2.38-20 +- Patch for CVE-2026-4046 + * Wed Mar 25 2026 Aditya Singh - 2.38-19 - Patch for CVE-2026-4437, CVE-2026-4438 diff --git a/SPECS/kubernetes/kubernetes.spec b/SPECS/kubernetes/kubernetes.spec index 106ba5439cc..6789d8a12af 100644 --- a/SPECS/kubernetes/kubernetes.spec +++ b/SPECS/kubernetes/kubernetes.spec @@ -10,7 +10,7 @@ Summary: Microsoft Kubernetes Name: kubernetes Version: 1.30.10 -Release: 23%{?dist} +Release: 24%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -37,7 +37,7 @@ Patch15: CVE-2025-58190.patch Patch16: CVE-2026-35469.patch BuildRequires: flex-devel -BuildRequires: glibc-static >= 2.38-19%{?dist} +BuildRequires: glibc-static >= 2.38-20%{?dist} BuildRequires: golang < 1.25 BuildRequires: rsync BuildRequires: systemd-devel @@ -287,6 +287,9 @@ fi %{_exec_prefix}/local/bin/pause %changelog +* Thu May 07 2026 Aditya Singh - 1.30.10-24 +- Bump to rebuild with updated glibc + * Mon Apr 20 2026 Kanishk Bansal - 1.30.10-23 - Patch CVE-2026-35469 diff --git a/SPECS/kubevirt/kubevirt.spec b/SPECS/kubevirt/kubevirt.spec index a3f56297284..692966b966a 100644 --- a/SPECS/kubevirt/kubevirt.spec +++ b/SPECS/kubevirt/kubevirt.spec @@ -20,7 +20,7 @@ Summary: Container native virtualization Name: kubevirt Version: 1.7.1 -Release: 2%{?dist} +Release: 3%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -32,7 +32,7 @@ Patch0: CVE-2025-11065.patch %global debug_package %{nil} BuildRequires: swtpm-tools BuildRequires: glibc-devel -BuildRequires: glibc-static >= 2.38-19%{?dist} +BuildRequires: glibc-static >= 2.38-20%{?dist} BuildRequires: golang >= 1.24 BuildRequires: golang-packaging BuildRequires: pkgconfig @@ -265,6 +265,9 @@ install -p -m 0644 cmd/virt-launcher/qemu.conf %{buildroot}%{_datadir}/kube-virt %{_bindir}/virt-tests %changelog +* Thu May 07 2026 Aditya Singh - 1.7.1-3 +- Bump to rebuild with updated glibc + * Wed Mar 25 2026 Aditya Singh - 1.7.1-2 - Bump to rebuild with updated glibc diff --git a/SPECS/libcap/libcap.spec b/SPECS/libcap/libcap.spec index 31d1c59f857..c5bac985e05 100644 --- a/SPECS/libcap/libcap.spec +++ b/SPECS/libcap/libcap.spec @@ -1,7 +1,7 @@ Summary: Libcap Name: libcap Version: 2.69 -Release: 13%{?dist} +Release: 14%{?dist} License: GPLv2+ Group: System Environment/Security URL: https://www.gnu.org/software/hurd/community/gsoc/project_ideas/libcap.html @@ -9,7 +9,7 @@ Source0: https://www.kernel.org/pub/linux/libs/security/linux-privs/libca Patch0: CVE-2025-1390.patch Vendor: Microsoft Corporation Distribution: Azure Linux -BuildRequires: glibc-static >= 2.38-19%{?dist} +BuildRequires: glibc-static >= 2.38-20%{?dist} %description The libcap package implements the user-space interfaces to the POSIX 1003.1e capabilities available @@ -62,6 +62,9 @@ sed -i '/echo "attempt to exploit kernel bug"/,/^fi$/d' quicktest.sh %{_mandir}/man3/* %changelog +* Thu May 07 2026 Aditya Singh - 2.69-14 +- Bump to rebuild with updated glibc + * Wed Mar 25 2026 Aditya Singh - 2.69-13 - Bump to rebuild with updated glibc diff --git a/SPECS/libguestfs/libguestfs.spec b/SPECS/libguestfs/libguestfs.spec index ff45f5390f5..2b7c0b592a7 100644 --- a/SPECS/libguestfs/libguestfs.spec +++ b/SPECS/libguestfs/libguestfs.spec @@ -25,7 +25,7 @@ Summary: Access and modify virtual machine disk images Name: libguestfs Version: 1.52.0 -Release: 21%{?dist} +Release: 22%{?dist} License: LGPLv2+ Vendor: Microsoft Corporation Distribution: Azure Linux @@ -82,7 +82,7 @@ BuildRequires: gcc-c++ BuildRequires: gdisk BuildRequires: genisoimage BuildRequires: gfs2-utils -BuildRequires: glibc-static >= 2.38-19%{?dist} +BuildRequires: glibc-static >= 2.38-20%{?dist} BuildRequires: gobject-introspection-devel BuildRequires: gperf BuildRequires: grep @@ -1147,6 +1147,9 @@ rm ocaml/html/.gitignore %endif %changelog +* Thu May 07 2026 Aditya Singh - 1.52.0-22 +- Bump to rebuild with updated glibc + * Wed Mar 25 2026 Aditya Singh - 1.52.0-21 - Bump to rebuild with updated glibc diff --git a/SPECS/qemu/qemu.spec b/SPECS/qemu/qemu.spec index c624a6877b5..a6d3e6a5bd9 100644 --- a/SPECS/qemu/qemu.spec +++ b/SPECS/qemu/qemu.spec @@ -435,7 +435,7 @@ Obsoletes: sgabios-bin <= 1:0.20180715git-10.fc38 Summary: QEMU is a FAST! processor emulator Name: qemu Version: 9.1.0 -Release: 3%{?dist} +Release: 4%{?dist} License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND FSFAP AND GPL-1.0-or-later AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-2.0-or-later WITH GCC-exception-2.0 AND LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND MIT AND LicenseRef-Fedora-Public-Domain AND CC-BY-3.0 URL: http://www.qemu.org/ @@ -652,7 +652,7 @@ BuildRequires: rutabaga-gfx-ffi-devel %endif %if %{user_static} -BuildRequires: glibc-static >= 2.38-19%{?dist} +BuildRequires: glibc-static >= 2.38-20%{?dist} BuildRequires: glib2-static zlib-static BuildRequires: pcre2-static %endif @@ -3409,6 +3409,9 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %changelog +* Thu May 07 2026 Aditya Singh - 9.1.0-4 +- Bump to rebuild with updated glibc + * Wed Mar 25 2026 Aditya Singh - 9.1.0-3 - Bump to rebuild with updated glibc diff --git a/SPECS/rust/rust-1.75.spec b/SPECS/rust/rust-1.75.spec index dedf636cecd..1f6058db773 100644 --- a/SPECS/rust/rust-1.75.spec +++ b/SPECS/rust/rust-1.75.spec @@ -9,7 +9,7 @@ Summary: Rust Programming Language Name: rust Version: 1.75.0 -Release: 28%{?dist} +Release: 29%{?dist} License: (ASL 2.0 OR MIT) AND BSD AND CC-BY-3.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -72,7 +72,7 @@ BuildRequires: python3 # make sure rust depends on system zlib BuildRequires: zlib-devel %if 0%{?with_check} -BuildRequires: glibc-static >= 2.38-19%{?dist} +BuildRequires: glibc-static >= 2.38-20%{?dist} BuildRequires: sudo %endif # rustc uses a C compiler to invoke the linker, and links to glibc in most cases @@ -188,6 +188,9 @@ rm %{buildroot}%{_bindir}/*.old %{_mandir}/man1/* %changelog +* Thu May 07 2026 Aditya Singh - 1.75.0-29 +- Bump to rebuild with updated glibc + * Tue Apr 07 2026 BinduSri Adabala - 1.75.0-28 - Add patch for CVE-2026-33056, CVE-2026-33055 & CVE-2026-34743 diff --git a/SPECS/rust/rust.spec b/SPECS/rust/rust.spec index e3e80a1418e..f710c697129 100644 --- a/SPECS/rust/rust.spec +++ b/SPECS/rust/rust.spec @@ -9,7 +9,7 @@ Summary: Rust Programming Language Name: rust Version: 1.90.0 -Release: 7%{?dist} +Release: 8%{?dist} License: (ASL 2.0 OR MIT) AND BSD AND CC-BY-3.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -74,7 +74,7 @@ BuildRequires: python3 # make sure rust depends on system zlib BuildRequires: zlib-devel %if 0%{?with_check} -BuildRequires: glibc-static >= 2.38-19%{?dist} +BuildRequires: glibc-static >= 2.38-20%{?dist} BuildRequires: sudo %endif # rustc uses a C compiler to invoke the linker, and links to glibc in most cases @@ -194,6 +194,9 @@ rm %{buildroot}%{_docdir}/docs/html/.lock %{_mandir}/man1/* %changelog +* Thu May 07 2026 Aditya Singh - 1.90.0-8 +- Bump to rebuild with updated glibc + * Tue Apr 07 2026 BinduSri Adabala - 1.90.0-7 - Patch for CVE-2026-2006, CVE-2026-33056, CVE-2026-33055 & CVE-2026-34743 diff --git a/SPECS/supermin/supermin.spec b/SPECS/supermin/supermin.spec index 79cbf584897..631cf197362 100644 --- a/SPECS/supermin/supermin.spec +++ b/SPECS/supermin/supermin.spec @@ -21,7 +21,7 @@ Summary: Tool for creating supermin appliances Name: supermin Version: 5.3.4 -Release: 14%{?dist} +Release: 15%{?dist} License: GPLv2+ Vendor: Microsoft Corporation Distribution: Azure Linux @@ -54,7 +54,7 @@ BuildRequires: systemd-udev %if %{with dietlibc} BuildRequires: dietlibc-devel %else -BuildRequires: glibc-static >= 2.38-19%{?dist} +BuildRequires: glibc-static >= 2.38-20%{?dist} %endif %if 0%{?with_check} @@ -129,6 +129,9 @@ make check || { %{_rpmconfigdir}/supermin-find-requires %changelog +* Thu May 07 2026 Aditya Singh - 5.3.4-15 +- Bump to rebuild with updated glibc + * Wed Mar 25 2026 Aditya Singh - 5.3.4-14 - Bump to rebuild with updated glibc diff --git a/SPECS/tini/tini.spec b/SPECS/tini/tini.spec index 978b8f86470..4930741d76b 100644 --- a/SPECS/tini/tini.spec +++ b/SPECS/tini/tini.spec @@ -1,7 +1,7 @@ Summary: A tiny but valid init for containers Name: tini Version: 0.19.0 -Release: 29%{?dist} +Release: 30%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Azure Linux @@ -13,7 +13,7 @@ BuildRequires: diffutils BuildRequires: file BuildRequires: gcc BuildRequires: glibc-devel -BuildRequires: glibc-static >= 2.38-19%{?dist} +BuildRequires: glibc-static >= 2.38-20%{?dist} BuildRequires: kernel-headers BuildRequires: make BuildRequires: sed @@ -66,6 +66,9 @@ ln -s %{_bindir}/tini-static %{buildroot}%{_bindir}/docker-init %{_bindir}/docker-init %changelog +* Thu May 07 2026 Aditya Singh - 0.19.0-30 +- Bump to rebuild with updated glibc + * Wed Mar 25 2026 Aditya Singh - 0.19.0-29 - Bump to rebuild with updated glibc diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index dce21f6ea2c..4925793e285 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,13 +1,13 @@ filesystem-1.1-21.azl3.aarch64.rpm kernel-headers-6.6.137.1-1.azl3.noarch.rpm -glibc-2.38-19.azl3.aarch64.rpm -glibc-devel-2.38-19.azl3.aarch64.rpm -glibc-i18n-2.38-19.azl3.aarch64.rpm -glibc-iconv-2.38-19.azl3.aarch64.rpm -glibc-lang-2.38-19.azl3.aarch64.rpm -glibc-locales-all-2.38-19.azl3.aarch64.rpm -glibc-nscd-2.38-19.azl3.aarch64.rpm -glibc-tools-2.38-19.azl3.aarch64.rpm +glibc-2.38-20.azl3.aarch64.rpm +glibc-devel-2.38-20.azl3.aarch64.rpm +glibc-i18n-2.38-20.azl3.aarch64.rpm +glibc-iconv-2.38-20.azl3.aarch64.rpm +glibc-lang-2.38-20.azl3.aarch64.rpm +glibc-locales-all-2.38-20.azl3.aarch64.rpm +glibc-nscd-2.38-20.azl3.aarch64.rpm +glibc-tools-2.38-20.azl3.aarch64.rpm zlib-1.3.2-1.azl3.aarch64.rpm zlib-devel-1.3.2-1.azl3.aarch64.rpm file-5.45-1.azl3.aarch64.rpm @@ -175,8 +175,8 @@ openssl-devel-3.3.5-5.azl3.aarch64.rpm openssl-libs-3.3.5-5.azl3.aarch64.rpm openssl-perl-3.3.5-5.azl3.aarch64.rpm openssl-static-3.3.5-5.azl3.aarch64.rpm -libcap-2.69-13.azl3.aarch64.rpm -libcap-devel-2.69-13.azl3.aarch64.rpm +libcap-2.69-14.azl3.aarch64.rpm +libcap-devel-2.69-14.azl3.aarch64.rpm debugedit-5.0-2.azl3.aarch64.rpm libarchive-3.7.7-6.azl3.aarch64.rpm libarchive-devel-3.7.7-6.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 8e9dd05724d..f55ca24b588 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,13 +1,13 @@ filesystem-1.1-21.azl3.x86_64.rpm kernel-headers-6.6.137.1-1.azl3.noarch.rpm -glibc-2.38-19.azl3.x86_64.rpm -glibc-devel-2.38-19.azl3.x86_64.rpm -glibc-i18n-2.38-19.azl3.x86_64.rpm -glibc-iconv-2.38-19.azl3.x86_64.rpm -glibc-lang-2.38-19.azl3.x86_64.rpm -glibc-locales-all-2.38-19.azl3.x86_64.rpm -glibc-nscd-2.38-19.azl3.x86_64.rpm -glibc-tools-2.38-19.azl3.x86_64.rpm +glibc-2.38-20.azl3.x86_64.rpm +glibc-devel-2.38-20.azl3.x86_64.rpm +glibc-i18n-2.38-20.azl3.x86_64.rpm +glibc-iconv-2.38-20.azl3.x86_64.rpm +glibc-lang-2.38-20.azl3.x86_64.rpm +glibc-locales-all-2.38-20.azl3.x86_64.rpm +glibc-nscd-2.38-20.azl3.x86_64.rpm +glibc-tools-2.38-20.azl3.x86_64.rpm zlib-1.3.2-1.azl3.x86_64.rpm zlib-devel-1.3.2-1.azl3.x86_64.rpm file-5.45-1.azl3.x86_64.rpm @@ -175,8 +175,8 @@ openssl-devel-3.3.5-5.azl3.x86_64.rpm openssl-libs-3.3.5-5.azl3.x86_64.rpm openssl-perl-3.3.5-5.azl3.x86_64.rpm openssl-static-3.3.5-5.azl3.x86_64.rpm -libcap-2.69-13.azl3.x86_64.rpm -libcap-devel-2.69-13.azl3.x86_64.rpm +libcap-2.69-14.azl3.x86_64.rpm +libcap-devel-2.69-14.azl3.x86_64.rpm debugedit-5.0-2.azl3.x86_64.rpm libarchive-3.7.7-6.azl3.x86_64.rpm libarchive-devel-3.7.7-6.azl3.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 3fde82b64d3..e0006ae7246 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -127,16 +127,16 @@ glib-debuginfo-2.78.6-8.azl3.aarch64.rpm glib-devel-2.78.6-8.azl3.aarch64.rpm glib-doc-2.78.6-8.azl3.noarch.rpm glib-schemas-2.78.6-8.azl3.aarch64.rpm -glibc-2.38-19.azl3.aarch64.rpm -glibc-debuginfo-2.38-19.azl3.aarch64.rpm -glibc-devel-2.38-19.azl3.aarch64.rpm -glibc-i18n-2.38-19.azl3.aarch64.rpm -glibc-iconv-2.38-19.azl3.aarch64.rpm -glibc-lang-2.38-19.azl3.aarch64.rpm -glibc-locales-all-2.38-19.azl3.aarch64.rpm -glibc-nscd-2.38-19.azl3.aarch64.rpm -glibc-static-2.38-19.azl3.aarch64.rpm -glibc-tools-2.38-19.azl3.aarch64.rpm +glibc-2.38-20.azl3.aarch64.rpm +glibc-debuginfo-2.38-20.azl3.aarch64.rpm +glibc-devel-2.38-20.azl3.aarch64.rpm +glibc-i18n-2.38-20.azl3.aarch64.rpm +glibc-iconv-2.38-20.azl3.aarch64.rpm +glibc-lang-2.38-20.azl3.aarch64.rpm +glibc-locales-all-2.38-20.azl3.aarch64.rpm +glibc-nscd-2.38-20.azl3.aarch64.rpm +glibc-static-2.38-20.azl3.aarch64.rpm +glibc-tools-2.38-20.azl3.aarch64.rpm gmp-6.3.0-1.azl3.aarch64.rpm gmp-debuginfo-6.3.0-1.azl3.aarch64.rpm gmp-devel-6.3.0-1.azl3.aarch64.rpm @@ -177,9 +177,9 @@ libassuan-devel-2.5.6-1.azl3.aarch64.rpm libattr-2.5.2-1.azl3.aarch64.rpm libattr-devel-2.5.2-1.azl3.aarch64.rpm libbacktrace-static-13.2.0-7.azl3.aarch64.rpm -libcap-2.69-13.azl3.aarch64.rpm -libcap-debuginfo-2.69-13.azl3.aarch64.rpm -libcap-devel-2.69-13.azl3.aarch64.rpm +libcap-2.69-14.azl3.aarch64.rpm +libcap-debuginfo-2.69-14.azl3.aarch64.rpm +libcap-devel-2.69-14.azl3.aarch64.rpm libcap-ng-0.8.4-1.azl3.aarch64.rpm libcap-ng-debuginfo-0.8.4-1.azl3.aarch64.rpm libcap-ng-devel-0.8.4-1.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index cbbf4bb256c..8d0ac10b5b0 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -134,16 +134,16 @@ glib-debuginfo-2.78.6-8.azl3.x86_64.rpm glib-devel-2.78.6-8.azl3.x86_64.rpm glib-doc-2.78.6-8.azl3.noarch.rpm glib-schemas-2.78.6-8.azl3.x86_64.rpm -glibc-2.38-19.azl3.x86_64.rpm -glibc-debuginfo-2.38-19.azl3.x86_64.rpm -glibc-devel-2.38-19.azl3.x86_64.rpm -glibc-i18n-2.38-19.azl3.x86_64.rpm -glibc-iconv-2.38-19.azl3.x86_64.rpm -glibc-lang-2.38-19.azl3.x86_64.rpm -glibc-locales-all-2.38-19.azl3.x86_64.rpm -glibc-nscd-2.38-19.azl3.x86_64.rpm -glibc-static-2.38-19.azl3.x86_64.rpm -glibc-tools-2.38-19.azl3.x86_64.rpm +glibc-2.38-20.azl3.x86_64.rpm +glibc-debuginfo-2.38-20.azl3.x86_64.rpm +glibc-devel-2.38-20.azl3.x86_64.rpm +glibc-i18n-2.38-20.azl3.x86_64.rpm +glibc-iconv-2.38-20.azl3.x86_64.rpm +glibc-lang-2.38-20.azl3.x86_64.rpm +glibc-locales-all-2.38-20.azl3.x86_64.rpm +glibc-nscd-2.38-20.azl3.x86_64.rpm +glibc-static-2.38-20.azl3.x86_64.rpm +glibc-tools-2.38-20.azl3.x86_64.rpm gmp-6.3.0-1.azl3.x86_64.rpm gmp-debuginfo-6.3.0-1.azl3.x86_64.rpm gmp-devel-6.3.0-1.azl3.x86_64.rpm @@ -185,9 +185,9 @@ libassuan-devel-2.5.6-1.azl3.x86_64.rpm libattr-2.5.2-1.azl3.x86_64.rpm libattr-devel-2.5.2-1.azl3.x86_64.rpm libbacktrace-static-13.2.0-7.azl3.x86_64.rpm -libcap-2.69-13.azl3.x86_64.rpm -libcap-debuginfo-2.69-13.azl3.x86_64.rpm -libcap-devel-2.69-13.azl3.x86_64.rpm +libcap-2.69-14.azl3.x86_64.rpm +libcap-debuginfo-2.69-14.azl3.x86_64.rpm +libcap-devel-2.69-14.azl3.x86_64.rpm libcap-ng-0.8.4-1.azl3.x86_64.rpm libcap-ng-debuginfo-0.8.4-1.azl3.x86_64.rpm libcap-ng-devel-0.8.4-1.azl3.x86_64.rpm