Generic Kernel version-release: kernel-5.15.176.3-3

Add msopenjdk rpm hash verification
Fix azcopy for CVE-2025-22868, CVE-2025-22870, and CVE-2025-30204
Fix azure-iot-sdk-c for CVE-2024-29195
Fix binutils for CVE-2025-1744
Fix ceph for CVE-2025-1744
Fix cert-manager for CVE-2025-30204
Fix clang16 for CVE-2023-29933
Fix cloud-hypervisor for CVE-2025-1744
Fix containerized-data-importer for CVE-2025-27144
Fix coredns for CVE-2024-53259 and CVE-2025-30204
Fix cri-o for CVE-2024-44337
Fix dcos-cli for CVE-2025-27144
Fix expat for CVE-2024-8176
Fix freetype to 2.13.1 for CVE-2025-27363
Fix gdb for CVE-2025-1176 and CVE-2025-1182
Fix gnutls for CVE-2024-12243
Fix grpc for CVE-2023-31147
Fix hvloader for CVE-2023-0465, CVE-2023-2650, CVE-2023-3817, CVE-2023-5678, and CVE-2024-0727
Fix influxdb for CVE-2024-51744 and CVE-2025-22870
Fix kata-containers(-cc) for CVE-2023-44487
Fix keda for CVE-2022-3162, CVE-2024-51744, and CVE-2025-22870
Fix kube-vip-cloud-provider for CVE-2022-3162
Fix kubernetes for CVE-2025-30204
Fix kubevirt for CVE-2025-22869
Fix libarchive for CVE-2025-25724
Fix libxslt for CVE-2024-55549 and CVE-2025-24855
Fix llvm for CVE-2023-29932
Fix llvm16 for CVE-2023-29941
Fix moby-compose for CVE-2025-22869
Fix moby-engine for CVE-2025-22868 and CVE-2025-22869
Fix moby-runc for CVE-2024-45310
Fix msft-golang for CVE-2024-34158, CVE-2024-45336, CVE-2024-45341, and CVE-2025-22870
Fix nodejs for CVE-2025-27516
Fix openssl vendored code in edk2 in 2.0 and hvloader in 2.0
Fix packer for CVE-2024-51744, CVE-2025-22870, and CVE-2025-30204
Fix pam for CVE-2024-10041
Fix prometheus for CVE-2025-30204
Fix python-jinja2 for CVE-2025-27516
Fix qt5-qtbase to fix CVE-2024-25580
Fix qemu for CVE-2023-5088, CVE-2023-6683, and CVE-2023-6693
Fix reaper for CVE-2024-28863
Fix rook for CVE-2022-3162 and CVE-2025-27144
Fix ruby for CVE-2025-27219, CVE-2025-27220, and CVE-2025-27221
Fix skopeo for CVE-2025-27144
Fix subversion for CVE-2024-46901
Fix telegraf for CVE-2025-22868, CVE-2025-22869, CVE-2025-27144, and CVE-2025-30204
Fix terraform for CVE-2025-22869 and CVE-2025-30204
Fix vitess for CVE-2024-53257 and CVE-2025-22870
Fix xorg-x11-server for CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597, CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, and CVE-2025-26601
Recreate cloud-hypervisor patch for CVE-2025-1744
Resolve emacs for CVE-2024-53920
Resolve hvloader merge issues
Upgrade mariadb to 10.6.21 for CVE-2025-21490
Upgrade mysql to 8.0.41 for CVE-2025-21490
Upgrade php to 8.1.32 for CVE-2025-1217, CVE-2025-1219, CVE-2025-1734, CVE-2025-1736, and CVE-2025-1861
Upgrade python-virtualenv to 20.26.6 for CVE-2024-53899
Upgrade tzdata to 2025a
Upgrade vim to 9.1.1198 for CVE-2025-27423 and CVE-2025-29768

Generic Kernel version-release: kernel-6.6.78.1-3

Add curl ptests
Add perl-BDB to SPECS-EXTENDED
Add ptest for coredns from 2.0 to 3.0
Add python-sphinxygen to SPEC_EXTENDED
Add python-flaky to SPECS-EXTENDED
Adjust dracut patch to fix fips module block list behavior
Avoid dracut collision between [mktemp] and [find -not -path '.ko']
Upgrade curl to 8.11.1 to address CVE-2024-11053
Deprecate Go version 1.22 series
Enable Tegra IVC protocol in kernel-64k
Enable tui for perf
Fix Dracut overlay module to correctly locate 'chcon'
Fix avahi to fix CVE-2024-52616
Fix azcopy for CVE-2025-22868
Fix bind file conflicts
Fix bind postun
Fix binutils CVE-2025-0840 CVE-2025-1176 CVE-2025-1178 CVE-2025-1181 CVE-2025-1182
Fix build of Extended Package clucene
Fix build of Extended Package package jlex
Fix build of Extended Package servletapi4
Fix build of Extended Package servletapi5
Fix build of python-podman-api
Fix cert-manager for CVE-2025-22868, CVE-2025-22869 & CVE-2025-27144
Fix cf-cli for CVE-2025-22869
Fix cf-cli to fix CVE-2023-45288
Fix cloud-hypervisor-cvm for CVE-2024-12797
Fix containerd for CVE-2024-28180, CVE-2023-45288
Fix containerd2 ptest after adding tardev-snapshotter patch
Fix containerized-data-importer for CVE-2023-3978 CVE-2025-22868 CVE-2025-27144 CVE-2023-45288
Fix coredns for CVE-2025-22868
Fix curl for CVE-2025-0665, CVE-2025-0167, CVE-2025-0725
Fix docker-buildx for CVE-2025-22869
Fix docker-compose for CVE-2025-22869 & CVE-2024-10846
Fix emacs for CVE-2025-1244
Fix flannel to fix CVE-2023-44487 CVE-2023-45288
Fix fluent-bit for CVE-2024-50608 and CVE-2024-50609
Fix gh for CVE-2025-27144, CVE-2025-22869
Fix giflib for CVE-2023-39742
Fix influxdb for CVE-2025-22868 & CVE-2025-27144
Fix iniparser for CVE-2025-0633
Fix jbigkit build
Fix keda for CVE-2025-22868 & CVE-2025-27144
Fix kubernetes for CVE-2025-22868, CVE-2025-22869 & CVE-2025-27144
Fix kubevirt for CVE-2023-44487
Fix kubevirt for CVE-2025-22869
Fix kubevirt to fix CVE-2023-45288
Fix kured to fix CVE-2023-45288
Fix ldns intermittent build failure
Fix libcap for CVE-2025-1390
Fix libcap ptest
Fix libdb for CVE-2020-13435
Fix libxml2 for CVE-2025-24928, CVE-2024-56171, CVE-2025-27113 & CVE-2024-25062
Fix local-path-provisioner for CVE-2023-44487
Fix local-path-provisioner to fix CVE-2023-39325, CVE-2023-45288
Fix memcached for CVE-2021-43519
Fix moby-containerd-cc for CVE-2024-28180, CVE-2023-45288
Fix moby-engine to fix CVE-2023-45288
Fix mysql for CVE-2025-0725
Fix node-problem-detector for CVE-2025-22868 & CVE-2025-22869
Fix node-problem-detector to fix CVE-2023-45288
Fix nodejs for CVE-2025-22150, CVE-2025-23085, CVE-2024-22020, CVE-2024-22195
Fix packer for CVE-2025-22869, CVE-2025-22868 & CVE-2024-28180 CVE-2025-27144
Fix prometheus for CVE-2023-44487 for prometheus
Fix prometheus-node-exporter to fix CVE-2023-45288
Fix python-execnet package test
Fix python-tqdm for CVE-2024-34062
Fix raptor2build
Fix vim for CVE-2025-26603 & CVE-2025-1215
Fix vitess for CVE-2025-22868
Introduce Go version to 1.24.1-1
Introduce signed packages for edk2-hvloader and kernel-mshv
Kernel RT upgrade to version 6.6.76.1-rt49
Kernel RT upgrade to version 6.6.77.1-rt50
Kernel upgrade to version 6.6.76.1
Kernel upgrade to version 6.6.78.1
Modify toolkit's build_go_vendor_cache.sh script to be used for most go packages
Patch CVE-2023-27043 in python3 by patching
Patch bind uninitialized memory error
Patch ceph for CVE-2012-2677
Patch junit to fix CVE-2020-15250
Patch kernel(-64k) to revert new UART change
Promote libecap from extended to core
Promote libtdb from Extended to Core and upgrade to version 1.4.12
Promote squid from Extended to Core and upgrade to version 6.13
Re-enable glibc nscd build and packaging
Remove fipscheck package from SPECS-EXTENDED
Remove guava20 from SPECS-EXTENDED
Update PEGTL version to 3.2.8
Update babeltrace to 1.5.11-1
Update babl to 0.1.108-1
Update beust-jcommander to version 2.0
Update golang build requirements for
Update libipt to 2.1.1-1
Update libjcat to 0.2.2
Update libmad to 0.16.4-1
Update libmediaart to 1.9.6-1
Update libnvidia-container and nvidia-container-toolkit to use the highest golang before 1.24
Update perl-Color-ANSI-Util to 0.165
Update perl-ColorThemeBase-Static to version 0.009
Update perl-Devel-Size to version 0.84
Update perl-Devel-Size to version 0.84
Update perl-File-Remove to version 1.61-1
Update perl-IO-AIO to version 4.81-1
Upgarde python-soupsieve to version 2.6
Upgrade SuperLU version to 7.0.0
Upgrade advancecomp to 2.6 version
Upgrade apache-commons-daemon to fix build error
Upgrade apache-parent to 31
Upgrade asio to 1.31.0-1
Upgrade bats to 1.11.0-1
Upgrade bind to 9.20.5 to fix CVE-2024-12705 & CVE-2024-11187
Upgrade cf-cli to 8.7.11 address CVE-2023-44487
Upgrade cim-schema to version 2.54.1
Upgrade coredns to 1.11.4 fix CVE-2023-44487
Upgrade discount to version 2.2.7
Upgrade docker-cli to 25.0.7 to fix CVE-2023-45288
Upgrade dotconf version to 1.4.1
Upgrade dropwatch version to 1.5.4
Upgrade drpm version to 0.5.2
Upgrade edac-utils version to 0.18
Upgrade efi-rpm-macros version to 5
Upgrade erlang to 26.2.5.9 for CVE-2025-26618
Upgrade exiv2 to version 0.28.3
Upgrade fetchmail to version 6.4.39
Upgrade fltk version to 1.3.8
Upgrade fuse-overlayfs to 1.14
Upgrade fuse-sshfs version to 3.7.3
Upgrade glm to 1.0.1
Upgrade go to 1.23.7 for CVE
Upgrade go-rpm-macrosto 3.6.0
Upgrade golang to 1.24.1.
Upgrade gom to 0.5.3
Upgrade google-api-python-client to 2.140.0
Upgrade graphene to 1.10.8-1
Upgrade gsl to 2.8-1
Upgrade gssdp to 1.6.3
Upgrade gssntlmssp to 1.3.1-1
Upgrade hdf to 4.3.0
Upgrade hiera version to 3.12.0
Upgrade hunspell-nl to version 2.20.19
Upgrade ig to v0.37.0.
Upgrade indent version to 2.2.13
Upgrade influxdb and influx-cli to 2.7.5 to fix CVE-2023-44487
Upgrade intel-cmt-cat version to 24.05
Upgrade ioping version to 1.3
Upgrade ipcalc version to 1.0.3
Upgrade iprutils version to 2.4.19
Upgrade irssi version to 1.4.5
Upgrade jx to 3.10.182 to fix CVE-2023-39325 and CVE-2023-44487
Upgrade kubernetes to 1.30.10 fix CVE-2025-0426
Upgrade libbsd to version 0.12.2
Upgrade libcli version to 1.10.7
Upgrade libcmis version to 0.6.2
Upgrade libdap version to 3.21.0.27
Upgrade libdatrie version to 0.2.13
Upgrade libdmx version to 1.1.5
Upgrade libdvdread version to 6.1.3
Upgrade libgee to version 0.20.6-1
Upgrade libgphoto2 to latest upstream
Upgrade libid3tag to version 0.16.3
Upgrade libpinyin version to 2.9.92
Upgrade libplist to 2.6.0
Upgrade libqb version to 2.0.8
Upgrade librabbitmq version to 0.14.0
Upgrade libraqm version to 0.8.0
Upgrade libsass version to 3.6.6
Upgrade libsigc++20 version to 2.12.1
Upgrade libsigsegv version to 2.14
Upgrade libsmbios version to 2.4.3
Upgrade libteam to version 1.32
Upgrade libthai to version 0.1.29
Upgrade libtommath to version 1.3.1~rc1
Upgrade libuninameslist to version 20230916
Upgrade libvarlink to version 23
Upgrade libverto to version 0.3.2
Upgrade libwnck3 to version 43.1
Upgrade libwpe to version 1.15.2
Upgrade maven-parent version to 41
Upgrade mcelog to version 175
Upgrade meanwhile to version 1.1.1
Upgrade minicom version to 2.9
Upgrade mobile-broadband-provider-info to version 20240407
Upgrade mt-st to version 1.7
Upgrade nilfs-utils to version 2.2.11
Upgrade node-problem-detector to 0.8.20 fix CVE-2023-44487
Upgrade nvidia-container-toolkit and libnvidia-container to 1.17.4 for CVE-2025-23359
Upgrade ocaml-calendar to version 3.0.0
Upgrade ocaml-csv to version 2.4
Upgrade ocaml-tyxml to version 4.6.0
Upgrade openoffice-lv to version 1.4.0
Upgrade openssl to 3.3.3
Upgrade pcp to 6.3.2 and libpfm to 4.13.0
Upgrade perl-B-Keywords version to 1.27
Upgrade perl-Convert-ASN1 version to 0.34
Upgrade perl-Crypt-OpenSSL-Guess to 0.15
Upgrade perl-File-Find-Rule-Perl version to 1.16
Upgrade perl-File-Slurper version to 0.014
Upgrade perl-MIME-Charset version to 1.013.1
Upgrade perl-MRO-Compat to version 0.15
Upgrade perl-Mail-IMAPTalk to version 4.06
Upgrade perl-Math-Int64 to version 0.57
Upgrade perl-Module-Signature to version 0.89
Upgrade perl-Mozilla-CA to version 20240730
Upgrade perl-Net-Daemon to version 0.49
Upgrade perl-Net-LibIDN2 to version 1.02
Upgrade perl-Object-HashBase to version 0.013
Upgrade perl-PAR-Dist to version 0.53
Upgrade perl-Parallel-Iterator to version 1.002
Upgrade perl-PerlIO-utf8_strict version to 0.010
Upgrade perl-Pod-Markdown version to 3.400
Upgrade perl-Razor-Agent to version 2.86
Upgrade perl-Regexp-Pattern-Perl to version 0.007
Upgrade perl-Role-Tiny to version 2.002004
Upgrade perl-SNMP_Session to version 1.16
Upgrade perl-Scope-Upper to version 0.34
Upgrade perl-String-CRC32 to version 2.100
Upgrade perl-Term-UI version to 0.50
Upgrade perl-Test-EOL to version 2.02
Upgrade perl-Test-File to version 1.99.3
Upgrade perl-Test-Manifest to version 2.024
Upgrade perl-Test-Synopsis to version 0.17
Upgrade perl-Test-Warn version to 0.37
Upgrade perl-Text-CSV_XS version to 1.60
Upgrade perl-Tree-DAG_Node version to 1.32
Upgrade perl-YAML-Syck version to 1.34
Upgrade perltidy to version 20240903
Upgrade postgresql to 16.7 to fix CVE-2025-1094
Upgrade procmail to version 3.24
Upgrade ps_mem to version 3.14
Upgrade pyatspi version to 2.46.1
Upgrade pyserial to version 3.5
Upgrade python-PyMySQL version to 1.1.1
Upgrade python-astroid version to 3.3.8
Upgrade python-augeas version to 1.1.0
Upgrade python-configshell to version 1.1.3...

Generic Kernel version-release: kernel-5.15.176.3-3

Append kernel key with Mariner Trusted Base CA
Disable kernel configuration for AX25 amateur radio protocol support in response to CVE-2024-35887
Fix avahi to fix CVE-2024-52616
Fix binutils CVE-2025-1176, CVE-2025-1178, CVE-2025-0840, CVE-2025-1181, CVE-2025-1182
Fix blobfuse2 for CVE-2025-22868
Fix busybox to fix CVE-2022-48174
Fix c-ares for CVE-2024-25629
Fix cert-manager for CVE-2025-22868, CVE-2025-22869, CVE-2025-27144
Fix cloud-hypervisor-cvm for CVE-2024-12797
Fix coredns for CVE-2025-22868
Fix coredns to fix its %check
Fix cri-o for CVE-2023-6476 & CVE-2023-0778
Fix curl for CVE-2024-9681, CVE-2024-11053
Fix emacs for CVE-2025-1244
Fix erlang for CVE-2025-26618
Fix fluent-bit for CVE-2024-50608 and CVE-2024-50609
Fix giflib for CVE-2023-39742 in 2.0
Fix glib for CVE-2023-29499, CVE-2023-32643 and CVE-2023-32636
Fix gnutls for CVE-2024-12133
Fix grpc for CVE-2024-25629
Fix influxdb for CVE-2025-27144
Fix javapackages-bootstrap for CVE-2021-36373 [Medium], CVE-2021-36374
Fix keda for CVE-2024-28180, CVE-2025-27144
Fix kube-vip-cloud-provider for CVE-2025-27144
Fix kubernetes for CVE-2025-22868, CVE-2025-22869 & CVE-2025-27144
Fix kubevirt for CVE-2023-3978
Fix libcap for CVE-2025-1390
Fix libtasn1 to address CVE-2024-12133
Fix libtiff for CVE-2023-3164
Fix libxml2 for CVE-2025-24928, CVE-2025-27113 & CVE-2024-56171
Fix mdadm to fix CVE-2023-28736
Fix moby-containerd for CVE-2025-27144
Fix moby-containerd-cc for CVE-2024-28180
Fix moby-engine to fix CVE-2024-23650
Fix mysql for CVE-2025-0725
Fix netplan for CVE-2022-4968
Fix nginx for CVE-2025-23419
Fix node-problem-detector for CVE-2025-22868
Fix nodejs18 for CVE-2024-34064, CVE-2025-22150, CVE-2025-23085, CVE-2024-22020, CVE-2024-22195
Fix opensc for CVE-2023-5992, CVE-2023-40660 and CVE-2024-1454
Fix openssh for CVE-2025-26465
Fix packer for CVE-2024-28180. CVE-2025-22868, CVE-2025-22869, CVE-2025-27144
Fix prometheus-adapter for CVE-2022-3162
Fix ptest for libcap
Fix python-execnet ptest
Fix python-twisted for CVE-2023-46137
Fix python3 for CVE-2023-27043, CVE-2024-9287, CVE-2025-0938
Fix rabbitmq-server to fix CVE-2023-50966
Fix reaper for CVE-2020-24025, CVE-2024-52798
Fix rubygem-rexml for CVE-2024-39908
Fix rust for CVE-2024-9681
Fix vim for CVE-2025-26603 & CVE-2025-1215
Fix vitess for CVE-2024-45339, CVE-2025-22868
Fix xorg-x11-server for CVE-2024-0408
Print errors when creating directories in makefile
Ugrade kernel to version 5.15.176.3
Upgrade msft-golang to version 1.23.6 to fix CVE-2025-25199
Upgrade nvidia-container-toolkit and libnvidia-container to 1.17.4 for CVE-2025-23359
Upgrade postgresql to 14.16 to fix CVE-2025-1094

Generic Kernel version-release: kernel-5.15.173.1-2

Add logging for missed pre-cacher download error.
Build PCI_HYPERV as built-in
Bump gcr to 3.38.1 to fix a build break.
Enable support of luajit for fluent-bit
Patch application-gateway-kubernetes-ingress for CVE-2024-45338
Patch cert-manager for CVE-2024-12401
Patch cert-manager for CVE-2024-45338
Patch cf-cli for CVE-2024-45338
Patch cmake for CVE-2024-11053
Patch cmake to fix CVE-2024-9681
Patch cni-plugins for CVE-2024-45338
Patch containerized-data-importer for CVE-2024-45338
Patch cri-o patch logic & add patches for CVE-2022-4318, CVE-2024-9341 & CVE-2024-45338
Patch cri-tools for CVE-2024-45338
Patch gh for CVE-2024-45338
Patch git for CVE-2024-50349 and CVE-2024-52006
Patch git-lfs for CVE-2024-53263
Patch helm for CVE-2024-45338
Patch influxdb for CVE-2024-28180
Patch influxdb for CVE-2024-45338
Patch keda for CVE-2024-45338
Patch kubernetes for CVE-2024-10220
Patch kubernetes for CVE-2024-45338
Patch kubevirt for CVE-2024-45338
Patch libxml2 for CVE-2022-49043
Patch moby-containerd for CVE-2024-28180
Patch multus for CVE-2024-45338
Patch mysql to fix CVE-2024-9681
Patch openmpi to fix CVE-2022-47022
Patch packer for CVE-2024-45338
Patch packer for CVE-2025-21613 and CVE-2025-21614
Patch prometheus-adapter for CVE-2024-45338
Patch python-jinja2 for CVE-2024-56201, CVE-2024-56326
Patch rook for CVE-2024-28180
Patch rsyslog for issue 5158
Patch socat for CVE-2024-54661
Patch sriov-network-device-plugin for CVE-2024-45338
Patch sriov-network-device-plugin for CVE-2024-45339
Patch telegraf for CVE-2024-45337 & CVE-2024-45338
Patch terraform for CVE-2024-45338 and CVE-2023-0475
Patch vim for CVE-2025-22134
Patch vim to fix CVE-2025-24014
Patch vitess for CVE-2024-45338
Patch xerces-c for CVE-2024-23807
Remove FDK-AAC-FREE
Remove extended packages opus and opusfile
Upgrade fluent-bit to 3.0.6
Upgrade msft-golang to version 1.23.3
Upgrade redis to 6.2.17 to fix CVE-2024-46981
Upgrade rsync to 3.4.1 to fix multiple CVEs

Generic Kernel version-release: kernel-6.6.64.2-9

Add Arm64 Fips Image Definition
Add Containerd2 Tardev-Snapshotter Patch
Add Ipmitool Support To Kernel-64k
Add Kernel-Srpm-Macros Package
Add Logic To Pr Checker To Detect Kernel Upgrade for Oot Module Specs
Add Lz4 Compression Support for Postgresql
Add Missing Modules for Python-Conda-Package-Handling Ptest
Add Mofed And Dependencies
Add Patch To Mlnx-Ofa_Kernel Module for Ibt Compatibility
Add Rdma-Core To Pmc's Extended Repo
Add Shell Variable Override To /Bin/Bash for Use By Default
Add Support for Prometheus Exporter in Haproxy
Add Ucx To Pmc's Extended Repo
Add Valkey Container (replacement for redis)
Add logging for Missed Pre-Cacher Download Error.
Add missing Kernel modules for IPTables
Added performance improvements via Kernel configuration parameters
Build Pci_Hyperv As A Built-in
Change Kernel-Mft Rpm Name To Mft_Kernel
Disable Debug Preemption in X86_64
Enable Drm Acceleration And Intel Vpu
Enable Kernel Config_Crypto_Dh in Aarch64
Enable Numa Balancing And Uclamp Task Feature
Enable Ucx Knem & Xpmem Subpackages
Fix Build of Volume_Key
Fix CNI for CVE-2022-29526 And CVE-2024-45338
Fix CNI-Plugins for CVE-2024-45338
Fix Ceph for CVE-2014-5461
Fix Cert-Manager for CVE-2024-45337
Fix Certmonger Extended Package To Make It Available
Fix Cmake for CVE-2024-7264 And CVE-2024-9681 CVE-2024-11053
Fix Containerd2 for CVE-2024-45338
Fix Containerized-Data-Importer for CVE-2023-39325 And CVE-2023-44487
Fix Containerized-Data-Importer for CVE-2024-28180
Fix Curl for CVE-2024-9681
Fix Docker-Compose for CVE-2024-45337
Fix Gh for CVE-2024-45337, CVE-2024-53858 And CVE-2024-53859
Fix Git-Lfs for CVE-2024-53263
Fix Golang Post Install And Post Uninstall Sriptlets
Fix Grpc for CVE-2024-11407
Fix Harfbuzz for CVE-2024-56732
Fix Hwloc To Fix CVE-2022-47022
Fix Influxdb for CVE-2024-28180
Fix Iperf3 for CVE-2024-53580
Fix Jitterentropy Init in Kernel And Kernel-64k
Fix Libtiff for CVE-2023-3164
Fix Libxml2 CVE-2023-45322 And CVE-2024-34459
Fix M2crypto To Fix CVE-2019-11358
Fix Multiple CVE in Skopeo
Fix Multiple Packages for CVE-2024-45338
Fix Mysql To Fix CVE-2024-9681
Fix Node-Problem-Detector for CVE-2024-45338
Fix Nodejs for CVE-2025-23083
Fix Packer for CVE-2025-21613 And CVE-2025-21614
Fix Ptest for Pugixml
Fix Ptest for Subunit Via Pip Installs
Fix Python-Jinja2 CVE-2024-22195, CVE-2024-34064, CVE-2024-56201, CVE-2024-56326
Fix Pytorch for CVE-2024-27319, CVE-2021-22918
Fix Qtbase for CVE-2024-30161 (Upgrade to 6.6.3)
Fix Qtbase for CVE-2024-56732
Fix Rsync for multiple CVEs (Upgrade to 3.4.1)
Fix Shadow-Utils Detection in Imager As Well As Validator
Fix Socat for CVE-2024-54661
Fix Sriov-Network-Device-Plugin CVE-2024-45339
Fix Systemd for CVE-2023-7008
Fix Tdnf To Fix Issue With Installonlypkgs Being Removed By Tdnf Autoremove Commands
Fix Tensorflow for CVE-2024-35195
Fix Valkey for CVE-2024-51741 and CVE-2024-46981 (Upgrade to 8.0.2)
Fix Vim To Fix CVE-2025-24014
Fix Vim for CVE-2025-22134
Fix Vitess for CVE-2024-45339
Fix Xerces-C forCVE-2024-23807
Fixing Rpm Macros Check.
Identify And Update Versions Of Mofed Dependency Specs That Are Present in Azure Linux Core
Mofed And Deps Signed Spec Cleanup
Move Symcrypt And Symcrypt-Openssl Recommends From Main Package To Libs
Remove Authselect Package From Specs-Extended
Remove Fdk-Aac-Free
Remove Opus And Opusfile
Remove Python-Pysocks Package From Extended
Rename CDI Binaries in The Spec File To Align With Upstream Naming Conventions
Revert Zone_Dma Option To Avoid Memory Ussage Overuse
Rollback Mft_Kernel Rpm Name And Add Provides for Kernel-Mft
Update aopalliance build for Javac Source And Javac Target From 1.6 To 1.8, fixed URL's
Upgarde Perl-Algorithm-Diff Version To 1.201
Upgrade Accountsservice to 23.13.9
Upgrade Acpid to 2.0.34
Upgrade Adobe-Mappings-Cmap To 20231115
Upgrade Adobe-Mappings-Pdf To 20230118
Upgrade Application-Gateway-Kubernetes-Ingress To V1.7.7
Upgrade Blosc To 1.21.6-1
Upgrade Bolt To Version 0.9.8
Upgrade Cert-Manager To 1.12.15 - To Fix CVE-2024-12401
Upgrade Cert-Manager to 1.12.15
Upgrade Cri-Tools To 1.32.0 To Sync Up With The Latest Aks Version
Upgrade Deltarpm to 3.6.5
Upgrade Diffstat to 1.66
Upgrade Dmidecode To 3.6
Upgrade Etcd To 3.5.18 To Fix CVE-2023-39325, CVE-2023-44487 And CVE-2023-45288.
Upgrade Exempi to Version To 2.6.5
Upgrade Fabtests to Version To 1.18.0
Upgrade Gcr To 3.38.1
Upgrade Gdisk to 1.0.10-1
Upgrade Git To 2.45.3 for CVE-2024-50349 And CVE-2024-52006
Upgrade Glew to 2.2.0
Upgrade Go From 1.20 To 1.21 in .Github/Workflows/Quickstart_2.0.Yml
Upgrade Golang to 1.22.10-1
Upgrade Iptraf-Ng for 1.2.2 None
Upgrade Kata-Containers(-Cc) to 3.2.0.Azl4
Upgrade Kernel To Version 6.6.64.2
Upgrade Libbytesize to 2.11
Upgrade Libdeflate Version To 1.22
Upgrade Libexttextcat to 3.4.6-11
Upgrade Liblouis To 3.31.0
Upgrade Libraw Version To 0.21.3
Upgrade Metis To Version 5.1.0.3
Upgrade Mofed Signed Specs To Avoid Stripping Signatures Off Oot Kernel Modules By Os_Install_Post Macro
Upgrade Neon to 0.33.0
Upgrade Numatop to 2.4
Upgrade Ocaml-Libvirt To 0.6.1.7
Upgrade Ocaml-Markup To 1.0.3
Upgrade Ocaml-ZarithTo 1.14
Upgrade Orc Version To 0.4.39
Upgrade Parallel Version To 20240922
Upgrade Perl-Class-C3-Xs Version To 0.15
Upgrade Perl-Class-Method-Modifiers Version To 2.15
Upgrade Perl-Class-Singleton Version To 1.6
Upgrade Perl-Config-Inifiles Version To 3.000003
Upgrade Perl-File-Sharedir-Install To Version 0.14
Upgrade Perl-Ipc-Run3 To Version 0.049-1
Upgrade Perl-Lingua-En-Inflect To Version 1.905-1
Upgrade Puppet To 7.34.0
Upgrade Python-Dbus-Client-Gen Version To 0.5.1
Upgrade Python-Dbus-Python-Client-Gen Version To 0.8.3
Upgrade Python-Dbus-Signature-Pyparsing Version To 0.4.1
Upgrade Python-Into-Dbus-Python Version To 0.8.2
Upgrade Python-Justbases Version To 0.15.2
Upgrade Python-Justbytes Version To 0.15.2
Upgrade Python-Kmod Version To 0.9.2
Upgrade Python-Rpmfluff Version To 0.6.5
Upgrade Python-Sphinxcontrib-Apidoc Version To 0.3.0
Upgrade Python-Uritemplate Version to 4.1.1
Upgrade Python-Xmltodict Version to 0.13.0
Upgrade Pywbem Version to 0.17.6
Upgrade Re2c Version to 3.1
Upgrade Recode Version to 3.7.14
Upgrade Symcrypt And Scossl
Upgrade Url for Ostree
Upgrade Xapian-Core To Version 1.4.26
Upgrade Xaw3d Version To 1.6.6
Upgrade Xdg-Utils To Version 1.2.1

Add AMD PMC repo for tdnf
Add containerd2 package
Add distrusted CAs to the cert bundles.
Add generate-tarball.sh script for gh package to improve auto-patching
Add kernel-drivers-gpu package to NVIDIA GPU driver container build
Cache clean-up fix.
Enable arch conditionals in azurelinux-repos.spec
Enable selinux for liveos iso flow
Fix avahi for CVE-2023-38469, CVE-2023-38470, 2023-38741, CVE-2023-38472, CVE-2023-38473
Fix ceph for CVE-2024-52338
Fix cf-cli for CVE-2024-45337
Fix docker-buildx for CVE-2024-45337
Fix docker-cli for CVE-2024-36623
Fix etcd for CVE-2024-24786
Fix flannel for CVE-2024-24786
Fix fluent-bit for CVE-2024-27532
Fix kubevirt for CVE-2024-45337
Fix libarrow for CVE-2024-52338
Fix libxml2 for CVE-2024-40896
Fix moby-engine for CVE-2024-36620, CVE-2024-36621, CVE-2024-36623, CVE-2024-45337
Fix packer for CVE-2024-45337
Fix pam for CVE-2024-10041, CVE-2024-10963
Fix python-virtualenv for CVE-2024-53899
Fix python-zipp for CVE-2024-5569
Fix python3 for CVE-2024-12254
Fix telegraf for CVE-2024-45337
Fix tuned for CVE-2024-52336 and CVE-2024-52337
Update kernel configuration to support CONFIG_INTEL_TDX_GUEST, CONFIG_TDX_GUEST_DRIVER
Update kernel-64k to have kexec signature verification
Upgrade DPDK for CVE-2024-11614
Upgrade erlang to 26.2.5.6 fix cve CVE-2024-53846
Upgrade gh to 2.62.0 to address CVE-2024-52308 and CVE-2024-54132
Upgrade kubernetes to 1.30.3 for fix CVE-2024-10220
Upgrade nvidia container toolkit and libnvidia-container to v1.17.3
Upgrade php to 8.3.14 to fix CVE-2024-8932, CVE-2024-11234, CVE-2024-11233, CVE-2024-11236
Upgrade ruby to 3.3.5 to resolve CVE-2024-39908 and CVE-2024-49761
Upgrade runc version to 1.2.2 and libseccomp to 2.5.5

Toolkit: Fix ISO installer regression. Encrypted root now boots.
Toolkit: Fix issue when version pinning packages that are checked by the configvalidator tool
Toolkit: Fix golang.org/x/crypto and golang.org/x/net vulnerabilities.
Toolkit: Make install_dependencies in containerized-rpmbuild environment work with file dependencies

Documentation: Add references to ARM64 3.0 ISO

Generic Kernel version-release: kernel-5.15.173.1-1

Add distrusted CAs to the cert bundles.
Add missing Obsoletes: dbus-x11 in dbus.spec
Add module-setup.sh to cloud-init azure module for dracut to run
Fix golang.org/x/crypto and golang.org/x/net vulnerabilities.
Fix avahi for multiple CVEs
Fix blobfuse2 CVE-2024-24786
Fix cert-manager: patch CVE-2024-45337
Fix cf-cli for CVE-2024-24786
Fix coredns forCVE-2024-24786
Fix cri-tools for CVE-2024-24786
Fix etcd for CVE-2024-24786
Fix fluent-bit for CVE-2024-27532
Fix grpc for CVE-2023-32067
Fix influxdb for CVE-2024-24786
Fix moby-buildx for CVE-2024-24786
Fix moby-cli CVE-2024-36623
Fix moby-cli for CVE-2024-24786
Fix moby-compose for CVE-2024-36623 and CVE-2024-45337
Fix moby-containerd for CVE-2024-24786
Fix moby-containerd-cc for CVE-2024-24786
Fix moby-engine for CVE-2024-24786, CVE-2024-36621, CVE-2024-36623, CVE-2024-45337
Fix packer for CVE-2024-24786 and CVE-2024-45337
Fix python3 for CVE-2024-6923
Fix pytorch for CVE-2022-1941
Fix rust for CVE-2024-43806
Fix terraform for CVE-2024-24786
Fix tuned for CVE-2024-52336 and CVE-2024-52337
Upgrade iperf3 to 3.18 to address CVE-2024-53580
Upgrade iptraf-ng: upgrade to 1.2.2
Upgrade nvidia container toolkit and libnvidia-container to v1.17.3
Upgrade tzdata to 2024b

Generic Kernel version-release: kernel-5.15.173.1-1

Add merge conflict github PR check
Added the 2.0 fast-track merge notifier pipeline.
Fix rabbitmqserver Golden Container 2.0

avahi: Fix CVE-2023-1981, add %check section
binutils: Address CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011
binutils: address CVE-2022-35205, CVE-2022-48063, CVE-2023-1972
cloud-hypervisor-cvm: add upstream patch to work around lack of support for extended guest requests
file: address CVE-2022-48554
mariadb: [AUTOPATCHER-CORE] Upgrade mariadb to 10.6.20 none
perl-Module-ScanDeps: Extended CVE-2024-10224 patch and fixed ptests in perl-Module-ScanDeps.
python3: Address CVE-2024-11168 with a formatted patch
python-werkzeug: Patch CVE-2024-49767 in python-werkzeug
rabbitmq-server: Fix CVE-2023-46118 for rabbitmq-server
vim: Upgraded vim to 9.1.0791 to fix several CVEs
[2.0] Upgrade nvidia container toolkit and libnvidia-containers to v1.17.1

Toolkit: Backport toolkit container detection using systemd-detect-virt
Toolkit: Don't allow multiple build queues
Toolkit: Fix call to IsSRPMTestActive in new multi build fix
Toolkit: Updated package build templates to capture all build logs.

Note that this release of 3.0 is signed differently from the previous releases with respect to secure boot. The shim and kernel must be upgraded together for this release.

Generic Kernel version-release: kernel-6.6.57.1-5

Add kernel-64k.
Add make dependency to kata-packages-uvm
Add merge conflict github PR check
Add nftables
Add obsoletes and provides to fix errors in shim-unsigned upgrade to shim
Add tdnf installonlypkgs functionality to tdnf on Azure Linux 3.0
Change name produced for cvm and marketplace images
Enable Dracut's livenet rootfs handling when systemd-networkd is in use.
Enable Intel Ethernet Connection E800 networking driver
Enable lua support for fluent-bit
Enable signature verification of kexec kernel and use new Mariner Trusted Base CA in trusted keyring
Extended CVE-2024-10224 patch and fixed ptests in perl-Module-ScanDeps. (Note the previous CVE fix for CVE-2024-10224 in version 1.35-2 was only partially resolved. Upgrade to 1.35-3 for the full fix.)
Fix CVE-2024-24786 in multiple packages by patching
Fix Multus CVE-2023-39325, CVE-2023-44487 and CVE-2023-45288
Fix busybox CVE-2023-42366
Fix fluent-bit CVE-2024-25431
Fix glib CVE-2024-52533
Fix libsoup CVE-2024-52530, CVE-2024-52531, CVE-2024-52532
Fix mysql for CVE-2012-2677
Fix nano for CVE-2024-5742 for
Fix netplan CVE-2022-4968
Fix nmap for CVE-2023-7256 and CVE-2024-8006
Fix nodejs CVE-2024-21538
Fix python-pip for CVE-2024-37891 for
Fix python-werkzeug for CVE-2024-49767
Fix pytorch CVE-2024-5187
Fix unzip for CVE-2022-0529 and CVE-2022-0530
Fix xorg-x11-server-Xwayland for CVE-2024-9632
Fox Prometheus CVE-2023-45288

Modified mysql to explicitly not use curl (this was the mysql default but this intentional change clarifies that curl is not used from either the system or the bundled version)
Removed references to old dm-verity boot tooling
Toolkit: Use systemd-detect-virt instead of /.dockerenv to detect container builds.
Update CONFIG_DRM as loadable module and create sub-package for in-tree amdgpu modules
Update shim to v15.8
Upgrade SymCrypt to 103.6.0
Upgrade SymCrypt-OpenSSL to 1.6.1
Upgrade Valkey to 8.0.1 to fix CVE-2024-31449 CVE-2024-21228 CVE-2024-31227
Upgrade golang to version to 1.23.3-1
Upgrade mariadb to 10.11.10 none
Upgrade nvidia container toolkit and libnvidia-containers to v1.17.1
Upgrade postgresql to 16.5 to fix CVE-2024-10976, CVE-2024-10977, CVE-2024-10978, CVE-2024-10979

Image Customizer: Bump to v0.8
Image Customizer: generate PXE-bootable ISO images.

Generic Kernel version-release: kernel-6.6.57.1-2

Add stable release maintainers to CODEOWNERS
Add SymCrypt-debuginfo package
Add missing flock calls for Toolkit
Add fedora SBAT entries to grub2
Add directory check before cleaning-up the RPM caches
Bump dracut to rebuild with latest systemd
Change rm to use find to avoid deleting cache directory during snapshot cleanup
Disable liblastlog2 for util-linux in raw toolchain build
Disable flaky mem tests for Valkey
Enable Arm FF-A Support
Enable Intel IFS
Enable x86_amd_platform_device builtin
Fix Kernel CVE-2024-46863 CVE-2024-26596 CVE-2024-27017 CVE-2024-27012 CVE-2024-36478 CVE-2024-46710
Fix apache-commons-io for CVE-2024-47554
Fix partition initialization bug
Fix pytest by adding python-iniconfig dependency
Fix kubevirt for CVE-2023-48795
Fix giflib for CVE-2022-28506 and CVE-2023-48161
Fix gdb 13.2 for CVE-2023-39128, CVE-2023-39129, CVE-2023-39130
Fix influxdb for CVE-2023-45288
Fix python-gevent for CVE-2024-25629
Fix unbound for CVE-2024-43167 and CVE-2024-8508
Fix dcos-cli and kubernetes for CVE-2024-28180
Fix libcxx for CVE-2024-31852
Fix curl for CVE-2024-8096
Fix fluent-bit for CVE-2024-34250, CVE-2024-25629, CVE-2024-28182
Fix Avahi forCVE-2023-1981, add %check section
Fix oath-toolkit for CVE-2024-47191
Fix expat for CVE-2024-50602
Fix vim to resolve CVE-2024-43802
Fix bluez for CVE-2023-45866
Fix pam for CVE-2024-22365
Fix ISO customization, partition creation on Ubuntu build hosts and verity docs on Image Customizer
Fix gnutls for CVE-2024-28834, CVE-2024-2883
Generate log files for raw toolchain builds
Increase build verbosity in kernel-mshv
Make pytorch vendor generation script executable
Make tpm2-tss an optional dependency of systemd-pcrphase in dracut
Re-enable installonlypkgs on tdnf for Azure Linux 3.0
Remove Amateur Radio X.25 PLP Rose for CVE-2022-2961
Remove noxsaves parameter from cmdline in kernel-uki
Support v1.22 and v1.23 golang
Switch mysql to use AZL's version of protobuf to fix CVE-2024-2410
Upgrade nvidia repo instructions with the appropriate 3.0 repofile
Upgrade OpenIPMI to 2.0.36 to fix CVE-2024-42934
Upgrade libpcap version to 1.10.5 to fix CVE-2024-8006
Upgrade vim to 9.1.0791 to fix CVE-2024-47814 and remove older unnecessary patches
Upgrade nvidia-container-toolkit to fix CVE-2024-0132 CVE-2024-0133
Upgrade python-pip to fix CVE-2024-6345
Upgrade mysql to 8.0.40 Fix multiple CVEs
Upgrade apr version 1.7.4 -> 1.7.5 to address CVE-2023-49582
Upgrade clamav 1.0.6 -> 1.0.7
Upgrade cloud-init to 24.3.1
Upgrade php to 8.3.12 to fix CVE-2024-8927, CVE-2024-8925
Upgrade mdadm from 4.2 to 4.3
Upgrade symcrypt to 103.5.1
Upgrade libarchive to 3.7.7 to fix CVE-2024-48957, CVE-2024-48958, CVE-2024-20696

kata-containers: Use build recipes from sources for kata-containers, only build for x86_64
kata-containers: only build for x86_64

Image Customizer: Make verity API a list.
Image Customizer: Move resetPartitionsUuidsType into storage.
Image Customizer: Remove "sudo" calls.
Image Customizer: Restore CODEOWNERS rules.
Image Customizer: Set VHDX block-size to 2 MiB.
Image Customizer: Support string mountPoint
Image Customizer: Service and Overlay recommendations for Verity-enabled images.
Image Customizer: MIC should clean-up cache and any system files after run