Skip to content

Merge changes for 3.0 monthly update#15461

Merged
jslobodzian merged 84 commits into3.0from
3.0-dev
Jan 7, 2026
Merged

Merge changes for 3.0 monthly update#15461
jslobodzian merged 84 commits into3.0from
3.0-dev

Conversation

@dmcilvaney
Copy link
Copy Markdown
Contributor

@dmcilvaney dmcilvaney commented Jan 7, 2026

Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

  • The toolchain has been rebuilt successfully (or no changes were made to it)
  • The toolchain/worker package manifests are up-to-date
  • Any updated packages successfully build (or no packages were changed)
  • Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
  • Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
  • All package sources are available
  • cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
  • LICENSE-MAP files are up-to-date (./LICENSES-AND-NOTICES/SPECS/data/licenses.json, ./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md, ./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)
  • All source files have up-to-date hashes in the *.signatures.json files
  • sudo make go-tidy-all and sudo make go-test-coverage pass
  • Documentation has been updated to match any changes to the build system
  • Ready to merge
Summary

What does the PR accomplish, why was it needed?

Change Log
  • Change
  • Change
  • Change
Does this affect the toolchain?

YES/NO

Associated issues
  • #xxxx
Links to CVEs
Test Methodology
  • Pipeline build id: xxxx

sandeepkarambelkar and others added 30 commits December 11, 2025 13:46
@sandeepkarambelkar
Remove qt5-qtconnectivity and add qt6-qtconnectivity (#15197)
aadbc95
@azurelinux-security
[AutoPR- Security] Patch telegraf for CVE-2025-10543 [MEDIUM] (#15275)
d665a99
@xordux
Systemd network/tc: fix stack overflow when dropping tclass or qdisc (#…
a6140cc 
…15165)

Add patch to systemd to fix stack overflow when dropping tclass or qdisc in systemd-networkd. It avoids systemd SEGV crash in certain cases.
@mayankfz
BUG 59454970: Make kexec-tools do not depend on ethtool only, enable …
f4e3c2f 
…user to choose either ethtool or mlnx-ethtool during installation, default is ethtool. (#15014)

Make kexec-tools do not depend on ethtool only, enable user to choose either ethtool or mlnx-ethtool during installation, default is ethtool.

Signed-off-by: Mayank Singh <mayansingh@microsoft.com>
Co-authored-by: Mayank Singh <mayansingh@microsoft.com>
@durgajagadeesh
Upgrade apache-commons-compress to 1.26.1 and address dependency buil…
790852b 
…d warnings (#13854)
@chalamalasetty
Upgrade MOFED 24.10 to DOCA-OFED 25.07 and its dependencies (#15028)
303210c 
Co-authored-by: Suresh Babu Chalamalasetty <schalam@microsoft.com>
@jykanase
upgrade pacemaker to version 3.0.1 (#15046)
fa584c8
@v-aaditya
[Medium] Patch kubevirt for CVE-2025-64435 (#15137)
7750a32
@sandeepkarambelkar
Remove qt5-qtsensors and add qt6-qtsensors (#15205)
3eb9deb
@jykanase @kgodara912
Upgrade hdf5 version to 1.14.6 and patch hdf5 for CVE-2025-2153, CVE-…
49403f7 
…2025-2310, CVE-2025-2914, CVE-2025-2926, CVE-2025-6816, CVE-2025-2925, CVE-2025-2924, CVE-2025-44905,CVE-2025-6269, CVE-2025-6750, CVE-2025-6857, CVE-2025-7067, CVE-2025-7068, CVE-2025-6858, CVE_2025-2923, CVE-2025-2913, CVE-2025-6516, CVE-2025-6818, CVE-2025-6817, CVE-2025-6856, CVE-2025-7069 (#15115)

Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
Co-authored-by: kgodara912 <kshigodara@outlook.com>
Co-authored-by: Kanishk Bansal <kanbansal@microsoft.com>
@sandeepkarambelkar
Remove qt5-qtserialport and add qt6-qtserialport (#15233)
21b8a73
@akhila-guruju
[Medium] Patch grub2 for CVE-2025-61661, CVE-2025-61662 & CVE-2025-61663
e019d04 
 (#15157)
@AkarshHCL
Upgrade: Jtidy to version 1.0.4 (#15168)
9bd782a
@CBL-Mariner-Bot @azurelinux-security @jslobodzian
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch cni-plugins for C…
96bb3b2 
…VE-2025-65637 [HIGH] - branch 3.0-dev" #15305

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@CBL-Mariner-Bot @azurelinux-security
@akhila-guruju @jslobodzian
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch python-urllib3 for
66cd71f 
CVE-2025-66418, CVE-2025-66471 [HIGH] - branch 3.0-dev" #15306

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: akhila-guruju <v-guakhila@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@CBL-Mariner-Bot @azurelinux-security
@BinduSri-6522866 @Kanishk-Bansal @jslobodzian
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch qtdeclarative for
c4dce60 
…CVE-2025-12385 [HIGH] - branch 3.0-dev" #15307

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: BinduSri-6522866 <v-badabala@microsoft.com>
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@CBL-Mariner-Bot @BinduSri-6522866 @jslobodzian
Merge PR "[AUTO-CHERRYPICK] Patch fluent-bit for CVE-2025-12977 [High…
7a1ed75 
…] and CVE-2025-12969 [Medium] - branch 3.0-dev" #15308

Co-authored-by: BinduSri-6522866 <v-badabala@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@CBL-Mariner-Bot @azurelinux-security
@archana25-ms @Kanishk-Bansal @jslobodzian
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch qtbase for CVE-2…
8ed8f9a 
…025-66293 [HIGH] - branch 3.0-dev" #15309

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: Archana Shettigar <v-shettigara@microsoft.com>
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@CBL-Mariner-Bot @azurelinux-security @jslobodzian
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch influxdb for CVE…
d5ff89e 
…-2025-65637 [HIGH] - branch 3.0-dev" #15310

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@CBL-Mariner-Bot @azurelinux-security @jslobodzian
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch dcos-cli for CVE…
c3bb826 
…-2025-65637 [HIGH] - branch 3.0-dev" #15311

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@CBL-Mariner-Bot
[AUTOPATCHER-CORE] Upgrade tzdata to 2025c upgrade to version 2025c (#…
2c29e73 
…15284)
@AkarshHCL
Upgrade:perl-FFI-CheckLib to version 0.31 (#15144)
51bd173
@v-aaditya
Upgrade xmldb-api to version 1.7.0 (#15290)
2f95523
@azurelinux-security
[AutoPR- Security] Patch influxdb for CVE-2025-10543 [MEDIUM] (#15328)
ad2c514
@v-aaditya
Upgrade xbean to version 4.24 (#15244)
a3d0b8e
@v-aaditya
Upgrade ibus-table version to 1.17.16 (#15302)
be8e809
@CBL-Mariner-Bot @Kanishk-Bansal
Merge PR "[AUTO-CHERRYPICK] Revert "[AutoPR- Security] Patch qtbase f…
1ac3d58 
…or CVE-2025-66293 [HIGH]" - branch 3.0-dev" #15351

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@azurelinux-security
[AutoPR- Security] Patch glib for CVE-2025-14087, CVE-2025-14512 [MED…
8f5adbe 
…IUM] (#15294)

Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
Co-authored-by: Kanishk Bansal <kanbansal@microsoft.com>
@CBL-Mariner-Bot @azurelinux-security
@Kanishk-Bansal @jslobodzian
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch flannel for CVE-…
868bb3a 
…2025-65637 [HIGH] - branch 3.0-dev" #15352

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@CBL-Mariner-Bot @azurelinux-security
@Kanishk-Bansal @jslobodzian
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch containerized-da…
3b84639 
…ta-importer for CVE-2025-65637 [HIGH] - branch 3.0-dev" #15353

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
AkarshHCL and others added 21 commits January 2, 2026 13:29
@AkarshHCL
Upgarde: python-pytest-flake8 to version 1.3.0. (#15295)
6c84dac
@AkarshHCL
perl-Test-Simple removal from 3.0-dev. (#15380)
8e6a4ec
@Ratiranjan5
Build fix for pngcrush (#15348)
783649d
@azurelinux-security
[AutoPR- Security] Patch pytorch for CVE-2025-3001 [MEDIUM] (#15392)
7153c3e
@durgajagadeesh
Upgrade perl-PkgConfig-LibPkgConf to 0.11-24 (#15358)
57c5bfc
@azurelinux-security @akhila-guruju
[AutoPR- Security] Patch fluent-bit for CVE-2025-62408 [MEDIUM] (#15333)
fc56fe7 
Co-authored-by: akhila-guruju <v-guakhila@microsoft.com>
@CBL-Mariner-Bot
[AUTOPATCHER-CORE] Upgrade libpcap to 1.10.6 for CVE-2025-11961 [LO…
2dade67 
…W] (#15432)
@harshitgupta1337
Upgrade KubeVirt to v1.6.3 (#15278)
c751f9c 
Signed-off-by: Harshit Gupta <guptaharshit@microsoft.com>
Co-authored-by: Harshit Gupta <guptaharshit@microsoft.com>
@harshitgupta1337
Upgrade CDI to v1.62.0 (#15419)
ea3770f 
Signed-off-by: Harshit Gupta <guptaharshit@microsoft.com>
Co-authored-by: Harshit Gupta <guptaharshit@microsoft.com>
@CBL-Mariner-Bot @azurelinux-security @jslobodzian
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch keda for CVE-202…
e2b1df9 
…5-68476 [HIGH] - branch 3.0-dev" #15439

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@rlmenge
Update bcc to add subpackage libbpf-tools (#15283)
ed102ac 
Add new subpackage libbpf-tools to the bcc package. Resulting binaries are placed in /usr/sbin/bpf-* and contain "bpf" as a prefix similar to other distros (Fedora, Alpine Linux)

There is a way to add the prefix at compile time but it is in versions v0.30.0
@christopherco
crash: update to 9.0.0 and rework how vendored gdb patches are applied (
eab04d9 
#15426)

Signed-off-by: Chris Co <chrco@microsoft.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@rlmenge @CBL-Mariner-Bot
kernel: Upgrade to 6.6.119.3 (#15447)
462f90a 
Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
@CBL-Mariner-Bot
[AUTOPATCHER-CORE] Upgrade SymCrypt-OpenSSL to 1.9.4 bug fixes (#14939)
1f3338d
@CBL-Mariner-Bot @PawelWMS
Merge PR "[AUTO-CHERRYPICK] Rebuilt 'net-snmp' dependents to use new …
a0ef3e7 
…lib version. - branch 3.0-dev" #15455

Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
@PawelWMS
Rebuilt 'net-snmp' dependents to use new lib version. (#15454)
42a010a
@christopherco
fix: add upstream set_context patch to crash-gcore (#15453)
3a7ce97 
Signed-off-by: Chris Co <chrco@microsoft.com>
@CBL-Mariner-Bot @Kanishk-Bansal @jslobodzian
[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade gnupg2 to 2.4.9 for CV…
5ec7ea9 
…E-2025-68973 [HIGH] - branch 3.0-dev (#15438)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@chalamalasetty
Create Gen1 marketplace image with the 6.12 HWE kernel (#15449)
83d87ce 
Co-authored-by: Suresh Babu Chalamalasetty <schalam@microsoft.com>
@SumitJenaHCL
Update rhino to version 1.7.15.1 (#15374)
ce1ed4c
@SumitJenaHCL
Upgrade highlight to version 4.18 (#15389)
988dbb2
@dmcilvaney dmcilvaney requested review from a team as code owners January 7, 2026 17:19
@microsoft-github-policy-service microsoft-github-policy-service bot added Packaging specs-extended PR to fix SPECS-EXTENDED Tools Schema Changes to image configurations 3.0 PRs Destined for 3.0 labels Jan 7, 2026
@jslobodzian jslobodzian merged commit a81282a into 3.0 Jan 7, 2026
35 of 40 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jslobodzian jslobodzian jslobodzian approved these changes

Assignees

No one assigned

Labels

3.0 PRs Destined for 3.0 Packaging Schema Changes to image configurations specs-extended PR to fix SPECS-EXTENDED Tools

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.