From c28a2f6bf8fd4b7740cce6eecfad7184bd2f5312 Mon Sep 17 00:00:00 2001 From: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com> Date: Tue, 19 May 2026 09:45:50 +0530 Subject: [PATCH 1/3] [Manual Cherry-Pick] Fasttrack `golang` & `frr` version up for HIGH CVEs (#17108) Co-authored-by: Kanishk Bansal Co-authored-by: bot-for-go[bot] <199222863+bot-for-go[bot]@users.noreply.github.com> Co-authored-by: Aditya Singh (cherry picked from commit e099788fd3b8b163b80bbe4bbf126a7b523897be) --- .../azurelinux-image-tools/azurelinux-image-tools.spec | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/SPECS/azurelinux-image-tools/azurelinux-image-tools.spec b/SPECS/azurelinux-image-tools/azurelinux-image-tools.spec index b1ac27e659b..7e7e984f84e 100644 --- a/SPECS/azurelinux-image-tools/azurelinux-image-tools.spec +++ b/SPECS/azurelinux-image-tools/azurelinux-image-tools.spec @@ -3,7 +3,11 @@ Summary: Azure Linux Image Tools Name: azurelinux-image-tools Version: 1.3.0 +<<<<<<< HEAD Release: 2%{?dist} +======= +Release: 1%{?dist} +>>>>>>> e099788fd3 ([Manual Cherry-Pick] Fasttrack `golang` & `frr` version up for HIGH CVEs (#17108)) License: MIT URL: https://github.com/microsoft/azure-linux-image-tools/ Group: Applications/System @@ -15,7 +19,10 @@ Source0: https://github.com/microsoft/azure-linux-image-tools/archive/ref # Use generate_source_tarball.sh script with the package version to build this tarball. # Source1: %{name}-%{version}-vendor.tar.gz +<<<<<<< HEAD Patch0: CVE-2026-33814.patch +======= +>>>>>>> e099788fd3 ([Manual Cherry-Pick] Fasttrack `golang` & `frr` version up for HIGH CVEs (#17108)) BuildRequires: golang >= 1.25 BuildRequires: systemd-udev Requires: %{name}-imagecustomizer = %{version}-%{release} @@ -113,9 +120,12 @@ go test -C toolkit/tools ./... %{_bindir}/osmodifier %changelog +<<<<<<< HEAD * Wed May 13 2026 Azure Linux Security Servicing Account - 1.3.0-2 - Patch for CVE-2026-33814 +======= +>>>>>>> e099788fd3 ([Manual Cherry-Pick] Fasttrack `golang` & `frr` version up for HIGH CVEs (#17108)) * Tue Apr 28 2026 Aditya Singh - 1.3.0-1 - Upgrade to version 1.3.0 which includes fixes for CVE-2026-27141, CVE-2026-29181 and CVE-2026-39882 From f5e41711e537a67a12007fd9954da229a4c28233 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Mon, 18 May 2026 21:19:43 -0700 Subject: [PATCH 2/3] Conflicts resolved by Auto-Cherry Pick for SPECS/azurelinux-image-tools/azurelinux-image-tools.spec --- .../azurelinux-image-tools.spec | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/SPECS/azurelinux-image-tools/azurelinux-image-tools.spec b/SPECS/azurelinux-image-tools/azurelinux-image-tools.spec index 7e7e984f84e..0586874823a 100644 --- a/SPECS/azurelinux-image-tools/azurelinux-image-tools.spec +++ b/SPECS/azurelinux-image-tools/azurelinux-image-tools.spec @@ -3,11 +3,7 @@ Summary: Azure Linux Image Tools Name: azurelinux-image-tools Version: 1.3.0 -<<<<<<< HEAD -Release: 2%{?dist} -======= Release: 1%{?dist} ->>>>>>> e099788fd3 ([Manual Cherry-Pick] Fasttrack `golang` & `frr` version up for HIGH CVEs (#17108)) License: MIT URL: https://github.com/microsoft/azure-linux-image-tools/ Group: Applications/System @@ -19,13 +15,11 @@ Source0: https://github.com/microsoft/azure-linux-image-tools/archive/ref # Use generate_source_tarball.sh script with the package version to build this tarball. # Source1: %{name}-%{version}-vendor.tar.gz -<<<<<<< HEAD -Patch0: CVE-2026-33814.patch -======= ->>>>>>> e099788fd3 ([Manual Cherry-Pick] Fasttrack `golang` & `frr` version up for HIGH CVEs (#17108)) +Patch0: CVE-2026-27141.patch BuildRequires: golang >= 1.25 BuildRequires: systemd-udev Requires: %{name}-imagecustomizer = %{version}-%{release} +Patch1: CVE-2026-33814.patch %description Azure Linux Image Tools. This package provides the Azure Linux Image Customizer tool @@ -120,15 +114,12 @@ go test -C toolkit/tools ./... %{_bindir}/osmodifier %changelog -<<<<<<< HEAD * Wed May 13 2026 Azure Linux Security Servicing Account - 1.3.0-2 - Patch for CVE-2026-33814 - -======= ->>>>>>> e099788fd3 ([Manual Cherry-Pick] Fasttrack `golang` & `frr` version up for HIGH CVEs (#17108)) * Tue Apr 28 2026 Aditya Singh - 1.3.0-1 - Upgrade to version 1.3.0 which includes fixes for CVE-2026-27141, CVE-2026-29181 and CVE-2026-39882 - +* Thu Mar 05 2026 Azure Linux Security Servicing Account - 1.2.0-2 +- Patch for CVE-2026-27141 * Thu Mar 05 2026 Azure Linux Security Servicing Account - 1.2.0-2 - Patch for CVE-2026-27141 From 1d72ca917579fe394997f461cb88b7dfaf61c5eb Mon Sep 17 00:00:00 2001 From: Jon Slobodzian Date: Wed, 20 May 2026 11:38:43 -0700 Subject: [PATCH 3/3] azurelinux-image-tools: fix SPEC ordering after auto cherry-pick - Release was regressed from 2 to 1; bump to 3 (higher than both branches). - Move Patch1 (CVE-2026-33814) next to Patch0 (was misplaced after BuildRequires). - Renumber changelog: -3 on top (CVE-2026-33814), -2 (version upgrade), keeping fasttrack's 1.2.0-2 entry preserved. - Remove duplicate 1.2.0-2 changelog entry. - Add blank lines between changelog entries. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../azurelinux-image-tools.spec | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/SPECS/azurelinux-image-tools/azurelinux-image-tools.spec b/SPECS/azurelinux-image-tools/azurelinux-image-tools.spec index 0586874823a..bafb4035405 100644 --- a/SPECS/azurelinux-image-tools/azurelinux-image-tools.spec +++ b/SPECS/azurelinux-image-tools/azurelinux-image-tools.spec @@ -3,7 +3,7 @@ Summary: Azure Linux Image Tools Name: azurelinux-image-tools Version: 1.3.0 -Release: 1%{?dist} +Release: 3%{?dist} License: MIT URL: https://github.com/microsoft/azure-linux-image-tools/ Group: Applications/System @@ -16,10 +16,10 @@ Source0: https://github.com/microsoft/azure-linux-image-tools/archive/ref # Source1: %{name}-%{version}-vendor.tar.gz Patch0: CVE-2026-27141.patch +Patch1: CVE-2026-33814.patch BuildRequires: golang >= 1.25 BuildRequires: systemd-udev Requires: %{name}-imagecustomizer = %{version}-%{release} -Patch1: CVE-2026-33814.patch %description Azure Linux Image Tools. This package provides the Azure Linux Image Customizer tool @@ -114,12 +114,12 @@ go test -C toolkit/tools ./... %{_bindir}/osmodifier %changelog -* Wed May 13 2026 Azure Linux Security Servicing Account - 1.3.0-2 +* Wed May 13 2026 Azure Linux Security Servicing Account - 1.3.0-3 - Patch for CVE-2026-33814 -* Tue Apr 28 2026 Aditya Singh - 1.3.0-1 + +* Tue Apr 28 2026 Aditya Singh - 1.3.0-2 - Upgrade to version 1.3.0 which includes fixes for CVE-2026-27141, CVE-2026-29181 and CVE-2026-39882 -* Thu Mar 05 2026 Azure Linux Security Servicing Account - 1.2.0-2 -- Patch for CVE-2026-27141 + * Thu Mar 05 2026 Azure Linux Security Servicing Account - 1.2.0-2 - Patch for CVE-2026-27141