Skip to content

Resync fasttrack/2.0#16677

Open
jslobodzian wants to merge 51 commits intofasttrack/2.0from
jon/merge-from-2.0
Open

Resync fasttrack/2.0#16677
jslobodzian wants to merge 51 commits intofasttrack/2.0from
jon/merge-from-2.0

Conversation

@jslobodzian
Copy link
Copy Markdown
Collaborator

@jslobodzian jslobodzian commented Apr 15, 2026

Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

  • The toolchain has been rebuilt successfully (or no changes were made to it)
  • The toolchain/worker package manifests are up-to-date
  • Any updated packages successfully build (or no packages were changed)
  • Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
  • Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
  • All package sources are available
  • cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
  • LICENSE-MAP files are up-to-date (./LICENSES-AND-NOTICES/SPECS/data/licenses.json, ./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md, ./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)
  • All source files have up-to-date hashes in the *.signatures.json files
  • sudo make go-tidy-all and sudo make go-test-coverage pass
  • Documentation has been updated to match any changes to the build system
  • Ready to merge
Summary

What does the PR accomplish, why was it needed?

Change Log
  • Change
  • Change
  • Change
Does this affect the toolchain?

YES/NO

Associated issues
  • #xxxx
Links to CVEs
Test Methodology
  • Pipeline build id: xxxx

CBL-Mariner-Bot and others added 30 commits March 9, 2026 10:59
@CBL-Mariner-Bot
[AUTOPATCHER-CORE] Upgrade mariadb to 10.6.25 for CVE-2026-3494 [ME…
f40964e 
…DIUM] (#16142)
@azurelinux-security @BinduSri-6522866
[AutoPR- Security] Patch cmake for CVE-2025-14524, CVE-2025-10966 [ME…
6c9feef 
…DIUM] (#15557)

Co-authored-by: BinduSri-6522866 <v-badabala@microsoft.com>
@azurelinux-security @Kanishk-Bansal
[AutoPR- Security] Patch rook for CVE-2025-30204 [MEDIUM] (#15952)
076ec70 
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@azurelinux-security
[AutoPR- Security] Patch freetype for CVE-2026-23865 [MEDIUM] (#16116)
fe592b4 
Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
Co-authored-by: Kanishk Bansal <kanbansal@microsoft.com>
@azurelinux-security @akhila-guruju
[AutoPR- Security] Patch skopeo for CVE-2026-24117 [MEDIUM] (#15895)
62ccc0c 
Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
Co-authored-by: akhila-guruju <v-guakhila@microsoft.com>
Co-authored-by: Kanishk Bansal <kanbansal@microsoft.com>
@CBL-Mariner-Bot @azurelinux-security
@jykanase @Kanishk-Bansal
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch ocaml for CVE-20…
9b3e20f 
…26-28364 [HIGH] - branch main" #16152

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: jykanase <v-jykanase@microsoft.com>
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@CBL-Mariner-Bot @Kanishk-Bansal @jslobodzian
Merge PR "[AUTO-CHERRYPICK] Bug 61292688 : Fix patch for CVE-2026-24747
0544132 
… - branch main" #16153

Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Co-authored-by: Kanishk Bansal <kanbansal@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@CBL-Mariner-Bot @azurelinux-security
@akhila-guruju @Kanishk-Bansal @jslobodzian
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch vitess for CVE-2…
c516535 
…026-27969, CVE-2026-27965 [CRITICAL] - branch main" #16154

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: akhila-guruju <v-guakhila@microsoft.com>
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@CBL-Mariner-Bot @azurelinux-security
@jykanase @realsdx @jslobodzian @Kanishk-Bansal
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch libsoup for CVE-…
7041ea4 
…2026-1801, CVE-2026-1761, CVE-2026-1467 [HIGH] - branch main" #16155

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: jykanase <v-jykanase@microsoft.com>
Co-authored-by: Sudipta Pandit <sudpandit@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@CBL-Mariner-Bot @archana25-ms
@Kanishk-Bansal @jslobodzian
Merge PR "[AUTO-CHERRYPICK] Patch openssl for PKCS12_item_decrypt_d2i…
273a9fb 
…_ex(): Check oct argument for NULL - branch main" #16156

Co-authored-by: Archana Shettigar <v-shettigara@microsoft.com>
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@CBL-Mariner-Bot @Kanishk-Bansal
Merge PR "[AUTO-CHERRYPICK] Revert "Patch openssl for PKCS12_item_dec…
9a69efe 
…rypt_d2i_ex(): Check oct argument for NULL" - branch main" #16163

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@CBL-Mariner-Bot @archana25-ms
Merge PR "[AUTO-CHERRYPICK] Patch openssl for PKCS12_item_decrypt_d2i…
983d4f0 
…_ex(): Check oct argument for NULL - branch main" #16166

Co-authored-by: Archana Shettigar <v-shettigara@microsoft.com>
@CBL-Mariner-Bot @Kanishk-Bansal
Merge PR "[AUTO-CHERRYPICK] openssl : Remove Upstream Reference - bra…
d9db000 
…nch main" #16175

Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Co-authored-by: Kanishk Bansal <kanbansal@microsoft.com>
@BinduSri-6522866
[Medium] Patch rust for CVE-2026-25541, CVE-2026-25727, CVE-2025-58160,
e288952 
CVE-2026-27171 (#15877)
@CBL-Mariner-Bot @azurelinux-security @Kanishk-Bansal
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch giflib for CVE-2…
0608025 
…026-23868 [HIGH] - branch main" #16189

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@CBL-Mariner-Bot @azurelinux-security
@akhila-guruju @jslobodzian
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch coredns for CVE-…
78c507b 
…2026-26018, CVE-2026-26017 [HIGH] - branch main" #16190

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: akhila-guruju <v-guakhila@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@ddstreet
systemd: add patches to correct ipc dbus communication issue (#16121)
2a1d00c
@v-aaditya
[Medium] Patch hdf5 for CVE-2025-2915 (#15537)
5d24fd9
@CBL-Mariner-Bot
[AUTOPATCHER-CORE] Upgrade vim to 9.2.0173 for CVE-2026-32249 [MEDI…
93207ea 
…UM] (#16193)
@akhila-guruju
[Medium] Patch rook for CVE-2025-11065 (#15693)
d91c52f
@CBL-Mariner-Bot @akhila-guruju @jslobodzian
Merge PR "[AUTO-CHERRYPICK] [High] Patch python-urllib3 for CVE-2025-…
e3fabdc 
…66471 - branch main" #16196

Co-authored-by: Akhila Guruju <v-guakhila@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@CBL-Mariner-Bot @azurelinux-security
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch libarchive for C…
0b812e3 
…VE-2026-4111 [HIGH] - branch main" #16213

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
@CBL-Mariner-Bot @azurelinux-security @jslobodzian
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch erlang for CVE-2…
cf6509b 
…026-23943, CVE-2026-23942, CVE-2026-23941 [HIGH] - branch main" #16215

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@CBL-Mariner-Bot @azurelinux-security
@BinduSri-6522866 @jslobodzian
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch qt5-qtdeclarativ…
84695f2 
…e for CVE-2025-12385 [HIGH] - branch main" #16216

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: BinduSri-6522866 <v-badabala@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@v-aaditya
[Medium] Patch mysql for CVE-2025-0838 and updated patch for CVE-2024…
fd311cc 
…-2410 (#15874)
@azurelinux-security
[AutoPR- Security] Patch qemu for CVE-2024-8354 [MEDIUM] (#16205)
6218737
@azurelinux-security
[AutoPR- Security] Patch libexif for CVE-2026-32775 [MEDIUM] (#16236)
bfd88b5
@azurelinux-security @Kanishk-Bansal
[AutoPR- Security] Patch nasm for CVE-2022-46456 [MEDIUM] (#16211)
98efe6d 
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@CBL-Mariner-Bot @azurelinux-security @akhila-guruju
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch cmake for CVE-20…
37a0ffd 
…26-27135 [HIGH] - branch main" #16265

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: akhila-guruju <v-guakhila@microsoft.com>
@CBL-Mariner-Bot @azurelinux-security @akhila-guruju
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch nghttp2 for CVE-…
18f1576 
…2026-27135 [HIGH] - branch main" #16266

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: akhila-guruju <v-guakhila@microsoft.com>
CBL-Mariner-Bot and others added 21 commits March 24, 2026 12:19
@CBL-Mariner-Bot @azurelinux-security
@Kanishk-Bansal @jykanase
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch nodejs18 for CVE…
d4ffcb0 
…-2026-27135 [HIGH] - branch main" #16267

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Co-authored-by: jykanase <v-jykanase@microsoft.com>
@CBL-Mariner-Bot
[AUTOPATCHER-CORE] Upgrade vim to 9.2.0240 for CVE-2026-33412 [MEDI…
dcaa8d0 
…UM] (#16283)
@CBL-Mariner-Bot @Kanishk-Bansal
Merge PR "[AUTO-CHERRYPICK] Rebuild lldpd & rsyslog for net-snmp-li…
e468054 
…bs to version 5.9.5.2-1 - branch main" #16292

Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Co-authored-by: Kanishk Bansal <kanbansal@microsoft.com>
@BinduSri-6522866
[Medium] Patch python-virtualenv for CVE-2026-1703 & CVE-2026-24049 (#…
a799222 
…15983)
@CBL-Mariner-Bot
Prepare Apr 2026 Update (#16311)
aae2c1d
@anphel31
[2.0] prcheck yml - disable use1esentry (#16316)
d4312b3
@CBL-Mariner-Bot @anphel31
Merge PR "[AUTO-CHERRYPICK] bump collectd and keepalived releases - b…
6dac89f 
…ranch main" #16326

Co-authored-by: Andrew Phelps <anphel31@users.noreply.github.com>
@CBL-Mariner-Bot @azurelinux-security
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch terraform for CV…
1f8560c 
…E-2026-4645 [HIGH] - branch main" #16327

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
@CBL-Mariner-Bot @azurelinux-security
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch telegraf for CVE…
742fd10 
…-2026-4645 [HIGH] - branch main" #16328

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
@CBL-Mariner-Bot @azurelinux-security
@Kanishk-Bansal @jslobodzian
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch nginx for CVE-20…
52f0f8d 
…26-32647, CVE-2026-28753, CVE-2026-27784, CVE-2026-27654, CVE-2026-27651, CVE-2026-28755 [HIGH] - branch main" #16331

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@CBL-Mariner-Bot @archana25-ms
Merge PR "[AUTO-CHERRYPICK] [CRITICAL] Patch ncurses for CVE-2025-69720
89ede4a 
… - branch main" #16332

Co-authored-by: Archana Shettigar <v-shettigara@microsoft.com>
@CBL-Mariner-Bot @azurelinux-security @Kanishk-Bansal
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch python-pyasn1 for
94161a5 
…CVE-2026-30922 [HIGH] - branch main" #16333

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@azurelinux-security @jykanase
[AutoPR- Security] Patch glib for CVE-2026-1489, CVE-2026-0988 [MEDIU…
775383f 
…M] (#15731)

Co-authored-by: jykanase <v-jykanase@microsoft.com>
@CBL-Mariner-Bot @rlmenge
Merge PR "[AUTO-CHERRYPICK] Kernel upgrade to 5.15.202.1 version - br…
7c6bed5 
…anch main" #16360

Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
@CBL-Mariner-Bot
Merge PR "[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade libpng to 1.…
41a9b40 
…6.56 for CVE-2026-33636, CVE-2026-33416 [HIGH] - branch main" #16361
@CBL-Mariner-Bot @jykanase
Merge PR "[AUTO-CHERRYPICK] [High] patch plexus-utils for CVE-2025-67030
f7cf32a 
 - branch main" #16362

Co-authored-by: jykanase <v-jykanase@microsoft.com>
@CBL-Mariner-Bot @Kanishk-Bansal
Merge PR "[AUTO-CHERRYPICK] Upgrade msft-golang to 1.25.8 - branch …
44c15f6 
…main" #16369

Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Co-authored-by: Kanishk Bansal <kanbansal@microsoft.com>
@CBL-Mariner-Bot @AkarshHCL @Kanishk-Bansal
Merge PR "[AUTO-CHERRYPICK] [High] Upgrade etcd to 3.5.28 for CVE-202…
1d8c94d 
…6-33413 and CVE-2026-33343 - branch main" #16375

Co-authored-by: AkarshHCL <v-akarshc@microsoft.com>
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@Kanishk-Bansal
Patch systemd-bootstrap for CVE-2026-29111 [MEDIUM] (#16368)
9f6da3e 
Add patches to fix CVE-2026-29111 - ipc dbus communication issue

Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
Co-authored-by: Kanishk Bansal <kanbansal@microsoft.com>
@jslobodzian
Merge branch 'main' into 2.0
a313d25
@jslobodzian
Merge branch '2.0' into jon/merge-from-2.0
311993f
@jslobodzian jslobodzian requested a review from a team as a code owner April 15, 2026 00:16
@microsoft-github-policy-service microsoft-github-policy-service bot added Packaging fasttrack/2.0 PRs Destined for Azure Linux 2.0 labels Apr 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

fasttrack/2.0 PRs Destined for Azure Linux 2.0 Packaging

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@jslobodzian @CBL-Mariner-Bot @azurelinux-security @BinduSri-6522866 @ddstreet @v-aaditya @akhila-guruju @anphel31 @Kanishk-Bansal