diff --git a/SPECS-SIGNED/grub2-efi-binary-signed/grub2-efi-binary-signed.spec b/SPECS-SIGNED/grub2-efi-binary-signed/grub2-efi-binary-signed.spec
index 460db65757b..0496085aa11 100644
--- a/SPECS-SIGNED/grub2-efi-binary-signed/grub2-efi-binary-signed.spec
+++ b/SPECS-SIGNED/grub2-efi-binary-signed/grub2-efi-binary-signed.spec
@@ -10,7 +10,7 @@
 Summary:        Signed GRand Unified Bootloader for %{buildarch} systems
 Name:           grub2-efi-binary-signed-%{buildarch}
 Version:        2.06~rc1
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        GPLv3+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -54,6 +54,9 @@ cp %{SOURCE1} %{buildroot}/boot/efi/EFI/BOOT/%{grubefiname}
 /boot/efi/EFI/BOOT/%{grubefiname}
 
 %changelog
+* Thu Feb 17 2022 Andrew Phelps <anphel@microsoft.com> - 2.06~rc1-7
+- Bump release number to match grub release number
+
 * Tue Feb 08 2022 Chris Co <chrco@microsoft.com> - 2.06~rc1-6
 - Bump release number to match grub release number
 
diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec
index 060859618ee..28aa2404e85 100644
--- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec
+++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec
@@ -10,7 +10,7 @@
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-signed-%{buildarch}
 Version:        5.10.93.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -147,6 +147,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %endif
 
 %changelog
+* Fri Feb 11 2022 Vince Perri <viperri@microsoft.com> - 5.10.93.1-4
+- Bump release number to match kernel release
+
 * Wed Feb 09 2022 Rachel Menge <rachelmenge@microsoft.com> - 5.10.93.1-3
 - Bump release number to match kernel release
 
diff --git a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md
index fca0fa08019..29e555fc5ab 100644
--- a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md
+++ b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md
@@ -2,7 +2,7 @@ The CBL-Mariner SPEC files originated from a variety of sources with varying lic
 
 | Origin | License | Specs |
 | --- | --- | --- |
-| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | abseil-cpp <br> aide <br> archivemount <br> at <br> attr <br> autoconf213 <br> babeltrace2 <br> bmake <br> brotli <br> busybox <br> byacc <br> calamares <br> catch <br> checkpolicy <br> checksec <br> chrony <br> cmocka <br> collectd <br> colm <br> conntrack-tools <br> cpprest <br> cryptsetup <br> CUnit <br> dbus-python <br> dnf <br> docbook5-schemas <br> dos2unix <br> dpdk <br> dwarves <br> ebtables <br> extra-cmake-modules <br> fipscheck <br> fuse-zip <br> gnu-efi <br> graphviz <br> hardening-check <br> heimdal <br> hyperscan <br> hyperv-daemons <br> ipmitool <br> ipv6calc <br> jemalloc <br> kde-settings <br> kexec-tools <br> kf5 <br> kf5-kconfig <br> kf5-kcoreaddons <br> kf5-ki18n <br> kf5-kwidgetsaddons <br> kpmcore <br> leveldb <br> libatasmart <br> libburn <br> libcgroup <br> libcomps <br> libdnf <br> libisoburn <br> libisofs <br> libkcapi <br> libpwquality <br> libsemanage <br> libssh <br> libstoragemgmt <br> libxcrypt <br> libzip <br> mailcap <br> mcstrans <br> mokutil <br> mozjs60 <br> nss_wrapper <br> oath-toolkit <br> open-vm-tools <br> opensc <br> openssl <br> p11-kit <br> p7zip <br> pam_wrapper <br> pcsc-lite <br> pcsc-lite-ccid <br> perl-App-cpanminus <br> perl-CPAN-DistnameInfo <br> perl-CPAN-Meta-Check <br> perl-Fedora-VSP <br> perl-File-pushd <br> perl-generators <br> perl-JSON <br> perl-local-lib <br> perl-Module-CPANfile <br> perl-Parse-PMFile <br> perl-String-ShellQuote <br> policycoreutils <br> pugixml <br> pwgen <br> pyelftools <br> python-google-auth <br> python-jwt <br> python-kubernetes <br> python-pexpect <br> python-ptyprocess <br> python-pywbem <br> qt5-qtbase <br> qt5-qtdeclarative <br> qt5-qtsvg <br> qt5-qttools <br> qt5-rpm-macros <br> ragel <br> rdma-core <br> re2 <br> secilc <br> selinux-policy <br> setools <br> sgml-common <br> socket_wrapper <br> softhsm <br> sos <br> squashfs-tools <br> tini <br> uclibc-ng <br> uid_wrapper <br> uuid <br> websocketpp <br> words <br> xmlstarlet <br> yajl <br> yaml-cpp <br> yasm <br> zipper |
+| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | abseil-cpp <br> aide <br> archivemount <br> at <br> attr <br> autoconf213 <br> babeltrace2 <br> bmake <br> brotli <br> busybox <br> byacc <br> calamares <br> catch <br> checkpolicy <br> checksec <br> chrony <br> cmocka <br> collectd <br> colm <br> conntrack-tools <br> cpprest <br> cryptsetup <br> CUnit <br> dbus-python <br> dnf <br> docbook5-schemas <br> dos2unix <br> dpdk <br> dwarves <br> ebtables <br> extra-cmake-modules <br> fipscheck <br> fuse-zip <br> gcovr <br> gnu-efi <br> graphviz <br> hardening-check <br> heimdal <br> hyperscan <br> hyperv-daemons <br> ipmitool <br> ipv6calc <br> jemalloc <br> kde-settings <br> kexec-tools <br> kf5 <br> kf5-kconfig <br> kf5-kcoreaddons <br> kf5-ki18n <br> kf5-kwidgetsaddons <br> kpmcore <br> leveldb <br> libatasmart <br> libburn <br> libcgroup <br> libcomps <br> libdnf <br> libisoburn <br> libisofs <br> libkcapi <br> libpwquality <br> libsemanage <br> libssh <br> libstoragemgmt <br> libxcrypt <br> libzip <br> mailcap <br> mcstrans <br> mokutil <br> mozjs60 <br> nss_wrapper <br> oath-toolkit <br> open-vm-tools <br> opensc <br> openssl <br> p11-kit <br> p7zip <br> pam_wrapper <br> pcsc-lite <br> pcsc-lite-ccid <br> perl-App-cpanminus <br> perl-CPAN-DistnameInfo <br> perl-CPAN-Meta-Check <br> perl-Fedora-VSP <br> perl-File-pushd <br> perl-generators <br> perl-JSON <br> perl-local-lib <br> perl-Module-CPANfile <br> perl-Parse-PMFile <br> perl-String-ShellQuote <br> policycoreutils <br> pugixml <br> pwgen <br> pyelftools <br> python-google-auth <br> python-jwt <br> python-kubernetes <br> python-pexpect <br> python-ptyprocess <br> python-pywbem <br> qt5-qtbase <br> qt5-qtdeclarative <br> qt5-qtsvg <br> qt5-qttools <br> qt5-rpm-macros <br> ragel <br> rdma-core <br> re2 <br> secilc <br> selinux-policy <br> setools <br> sgml-common <br> socket_wrapper <br> softhsm <br> sos <br> squashfs-tools <br> tini <br> uclibc-ng <br> uid_wrapper <br> uuid <br> websocketpp <br> words <br> xmlstarlet <br> yajl <br> yaml-cpp <br> yasm <br> zipper |
 | Microsoft | [Microsoft MIT License](/LICENSES-AND-NOTICES/LICENSE.md) | auoms <br> azure-iot-sdk-c <br> azure-iotedge <br> azure-storage-cpp <br> bazel <br> blobfuse <br> bmon <br> bond <br> bpftrace <br> cassandra-cpp-driver <br> ccache <br> check-restart <br> clamav <br> cloud-hypervisor <br> cloud-init-vmware-guestinfo <br> cockpit <br> coredns-1.7.0 <br> coredns-1.8.0 <br> coredns-1.8.4 <br> distroless-packages <br> doxygen <br> dtc <br> espeak-ng <br> espeakup <br> flannel <br> fluent-bit <br> freefont <br> gflags <br> go-md2man <br> grpc <br> GSL <br> helm <br> installkernel <br> ivykis <br> jsonbuilder <br> kubernetes-1.18.14 <br> kubernetes-1.18.17 <br> kubernetes-1.19.7 <br> kubernetes-1.19.9 <br> kubernetes-1.20.2 <br> kubernetes-1.20.5 <br> libacvp <br> libconfini <br> libconfuse <br> libdivsufsort <br> libiothsm-std <br> libmaxminddb <br> libuv <br> libxml++ <br> lld <br> lsb-release <br> lttng-consume <br> mariner-release <br> mariner-repos <br> mariner-rpm-macros <br> mm-common <br> moby-buildx <br> moby-cli <br> moby-containerd <br> moby-engine <br> moby-runc <br> msgpack <br> nlohmann-json <br> nmap <br> node-problem-detector <br> ntopng <br> pcaudiolib <br> pcre2 <br> perl-Test-Warnings <br> perl-Text-Template <br> pigz <br> prebuilt-ca-certificates <br> prebuilt-ca-certificates-base <br> python-cachetools <br> python-cherrypy <br> python-execnet <br> python-logutils <br> python-nocasedict <br> python-pecan <br> python-remoto <br> python-repoze-lru <br> python-routes <br> python-rsa <br> python-sphinxcontrib-websupport <br> python-yamlloader <br> qemu-kvm <br> rocksdb <br> rubygem-addressable <br> rubygem-async <br> rubygem-async-http <br> rubygem-async-io <br> rubygem-async-pool <br> rubygem-aws-eventstream <br> rubygem-aws-partitions <br> rubygem-aws-sdk-core <br> rubygem-aws-sdk-kms <br> rubygem-aws-sdk-s3 <br> rubygem-aws-sdk-sqs <br> rubygem-aws-sigv4 <br> rubygem-concurrent-ruby <br> rubygem-console <br> rubygem-cool.io <br> rubygem-digest-crc <br> rubygem-elasticsearch <br> rubygem-elasticsearch-api <br> rubygem-elasticsearch-transport <br> rubygem-excon <br> rubygem-faraday <br> rubygem-ffi <br> rubygem-fiber-local <br> rubygem-fluent-config-regexp-type <br> rubygem-fluent-logger <br> rubygem-fluent-plugin-elasticsearch <br> rubygem-fluent-plugin-kafka <br> rubygem-fluent-plugin-prometheus <br> rubygem-fluent-plugin-prometheus_pushgateway <br> rubygem-fluent-plugin-record-modifier <br> rubygem-fluent-plugin-rewrite-tag-filter <br> rubygem-fluent-plugin-s3 <br> rubygem-fluent-plugin-systemd <br> rubygem-fluent-plugin-td <br> rubygem-fluent-plugin-webhdfs <br> rubygem-fluentd <br> rubygem-hirb <br> rubygem-http_parser.rb <br> rubygem-httpclient <br> rubygem-jmespath <br> rubygem-ltsv <br> rubygem-mini_portile2 <br> rubygem-msgpack <br> rubygem-multi_json <br> rubygem-multipart-post <br> rubygem-nio4r <br> rubygem-nokogiri <br> rubygem-oj <br> rubygem-parallel <br> rubygem-prometheus-client <br> rubygem-protocol-hpack <br> rubygem-protocol-http <br> rubygem-protocol-http1 <br> rubygem-protocol-http2 <br> rubygem-public_suffix <br> rubygem-quantile <br> rubygem-rake <br> rubygem-rdkafka <br> rubygem-ruby-kafka <br> rubygem-ruby-progressbar <br> rubygem-ruby2_keywords <br> rubygem-rubyzip <br> rubygem-serverengine <br> rubygem-sigdump <br> rubygem-strptime <br> rubygem-systemd-journal <br> rubygem-td <br> rubygem-td-client <br> rubygem-td-logger <br> rubygem-timers <br> rubygem-tzinfo <br> rubygem-tzinfo-data <br> rubygem-webhdfs <br> rubygem-yajl-ruby <br> rubygem-zip-zip <br> shim <br> shim-unsigned <br> shim-unsigned-aarch64 <br> shim-unsigned-x64 <br> span-lite <br> swupdate <br> tinyxml2 <br> toml11 <br> tracelogging <br> vala <br> verity-read-only-root <br> vnstat <br> zstd |
 | Photon | [Photon License](LICENSE-PHOTON.md) and [Photon Notice](NOTICE.APACHE2). <br>  Also see [LICENSE-EXCEPTIONS.PHOTON](LICENSE-EXCEPTIONS.PHOTON). | acl <br> alsa-lib <br> alsa-utils <br> ansible <br> ant <br> ant-contrib <br> apparmor <br> apr <br> apr-util <br> asciidoc <br> atftp <br> audit <br> autoconf <br> autoconf-archive <br> autofs <br> autogen <br> automake <br> babel <br> bash <br> bc <br> bcc <br> bind <br> binutils <br> bison <br> blktrace <br> boost <br> bridge-utils <br> btrfs-progs <br> bubblewrap <br> build-essential <br> bzip2 <br> c-ares <br> ca-certificates <br> cairo <br> cdrkit <br> check <br> chkconfig <br> chrpath <br> cifs-utils <br> clang <br> cloud-init <br> cloud-utils-growpart <br> cmake <br> cni <br> core-packages <br> coreutils <br> cpio <br> cppunit <br> cracklib <br> crash <br> crash-gcore-command <br> createrepo_c <br> cri-tools <br> cronie <br> ctags <br> curl <br> cyrus-sasl <br> Cython <br> dbus <br> dbus-glib <br> dejagnu <br> device-mapper-multipath <br> dhcp <br> dialog <br> diffutils <br> dkms <br> dmidecode <br> dnsmasq <br> docbook-dtd-xml <br> docbook-style-xsl <br> dosfstools <br> dracut <br> dstat <br> e2fsprogs <br> ed <br> efibootmgr <br> efivar <br> elfutils <br> erlang <br> etcd-3.4.13 <br> etcd-3.5.0 <br> ethtool <br> expat <br> expect <br> fcgi <br> file <br> filesystem <br> findutils <br> finger <br> flex <br> fontconfig <br> fping <br> freetype <br> fuse <br> gawk <br> gc <br> gcc <br> gdb <br> gdbm <br> gettext <br> git <br> glib <br> glib-networking <br> glibc <br> glibmm24 <br> glide <br> gmp <br> gnome-common <br> gnupg2 <br> gnuplot <br> gnutls <br> gobject-introspection <br> golang-1.16 <br> gperf <br> gperftools <br> gpgme <br> gptfdisk <br> grep <br> groff <br> grub2 <br> grub2-efi-binary-signed <br> gtest <br> gtk-doc <br> guile <br> gzip <br> haproxy <br> harfbuzz <br> haveged <br> hdparm <br> http-parser <br> httpd <br> i2c-tools <br> iana-etc <br> icu <br> initramfs <br> initscripts <br> inotify-tools <br> intltool <br> iotop <br> iperf3 <br> ipmitool <br> iproute <br> ipset <br> iptables <br> iputils <br> ipvsadm <br> ipxe <br> irqbalance <br> itstool <br> jansson <br> jna <br> jq <br> json-c <br> json-glib <br> kbd <br> keepalived <br> kernel <br> kernel-headers <br> kernel-hyperv <br> kernel-signed <br> kexec-tools <br> keyutils <br> kmod <br> krb5 <br> lapack <br> less <br> libaio <br> libarchive <br> libassuan <br> libatomic_ops <br> libcap <br> libcap-ng <br> libconfig <br> libdb <br> libdnet <br> libedit <br> libestr <br> libev <br> libevent <br> libfastjson <br> libffi <br> libgcrypt <br> libgpg-error <br> libgssglue <br> libgsystem <br> libgudev <br> libjpeg-turbo <br> libksba <br> liblogging <br> libmbim <br> libmnl <br> libmodulemd <br> libmpc <br> libmspack <br> libndp <br> libnetfilter_conntrack <br> libnetfilter_cthelper <br> libnetfilter_cttimeout <br> libnetfilter_queue <br> libnfnetlink <br> libnftnl <br> libnl3 <br> libnsl2 <br> libpcap <br> libpipeline <br> libpng <br> libpsl <br> libqmi <br> librelp <br> librepo <br> librsync <br> libseccomp <br> libselinux <br> libsepol <br> libserf <br> libsigc++20 <br> libsolv <br> libsoup <br> libssh2 <br> libtalloc <br> libtar <br> libtasn1 <br> libtiff <br> libtirpc <br> libtool <br> libunistring <br> libunwind <br> libusb <br> libvirt <br> libwebp <br> libxml2 <br> libxslt <br> libyaml <br> linux-firmware <br> lldb <br> lldpad <br> llvm <br> lm-sensors <br> lmdb <br> log4cpp <br> logrotate <br> lshw <br> lsof <br> lsscsi <br> ltrace <br> lttng-tools <br> lttng-ust <br> lua <br> lvm2 <br> lz4 <br> lzo <br> m2crypto <br> m4 <br> make <br> man-db <br> man-pages <br> mariadb <br> maven <br> mc <br> mercurial <br> meson <br> mlocate <br> ModemManager <br> mpfr <br> msr-tools <br> mysql <br> nano <br> nasm <br> ncurses <br> ndctl <br> net-snmp <br> net-tools <br> nettle <br> newt <br> nfs-utils <br> nghttp2 <br> nginx <br> ninja-build <br> nodejs <br> npth <br> nspr <br> nss <br> nss-altfiles <br> ntp <br> numactl <br> numpy <br> nvme-cli <br> oniguruma <br> OpenIPMI <br> openjdk8 <br> openjdk8_aarch64 <br> openldap <br> openscap <br> openssh <br> openvswitch <br> ostree <br> pam <br> pango <br> parted <br> patch <br> pciutils <br> pcre <br> perl <br> perl-Canary-Stability <br> perl-CGI <br> perl-common-sense <br> perl-Crypt-SSLeay <br> perl-DBD-SQLite <br> perl-DBI <br> perl-DBIx-Simple <br> perl-Exporter-Tiny <br> perl-File-HomeDir <br> perl-File-Which <br> perl-IO-Socket-SSL <br> perl-JSON-Any <br> perl-JSON-XS <br> perl-libintl-perl <br> perl-List-MoreUtils <br> perl-Module-Build <br> perl-Module-Install <br> perl-Module-ScanDeps <br> perl-Net-SSLeay <br> perl-NetAddr-IP <br> perl-Object-Accessor <br> perl-Path-Class <br> perl-Try-Tiny <br> perl-Types-Serialiser <br> perl-WWW-Curl <br> perl-XML-Parser <br> perl-YAML <br> perl-YAML-Tiny <br> pgbouncer <br> pinentry <br> pixman <br> pkg-config <br> polkit <br> popt <br> postgresql <br> powershell <br> procps-ng <br> protobuf <br> protobuf-c <br> psmisc <br> pth <br> pyasn1-modules <br> pygobject3 <br> pyOpenSSL <br> PyPAM <br> pyparsing <br> pytest <br> python-appdirs <br> python-asn1crypto <br> python-atomicwrites <br> python-attrs <br> python-backports-ssl_match_hostname <br> python-bcrypt <br> python-boto3 <br> python-botocore <br> python-certifi <br> python-cffi <br> python-chardet <br> python-configobj <br> python-constantly <br> python-coverage <br> python-cryptography <br> python-daemon <br> python-dateutil <br> python-defusedxml <br> python-distro <br> python-docopt <br> python-docutils <br> python-ecdsa <br> python-enum34 <br> python-futures <br> python-gevent <br> python-greenlet <br> python-hyperlink <br> python-hypothesis <br> python-idna <br> python-imagesize <br> python-incremental <br> python-iniparse <br> python-ipaddr <br> python-ipaddress <br> python-jinja2 <br> python-jmespath <br> python-jsonpatch <br> python-jsonpointer <br> python-jsonschema <br> python-lockfile <br> python-lxml <br> python-m2r <br> python-mako <br> python-markupsafe <br> python-mistune <br> python-msgpack <br> python-netaddr <br> python-netifaces <br> python-ntplib <br> python-oauthlib <br> python-packaging <br> python-pam <br> python-pbr <br> python-pip <br> python-ply <br> python-prettytable <br> python-psutil <br> python-psycopg2 <br> python-py <br> python-pyasn1 <br> python-pycodestyle <br> python-pycparser <br> python-pycurl <br> python-pygments <br> python-pynacl <br> python-pyvmomi <br> python-requests <br> python-setuptools <br> python-setuptools_scm <br> python-simplejson <br> python-six <br> python-snowballstemmer <br> python-sphinx <br> python-sphinx-theme-alabaster <br> python-sqlalchemy <br> python-twisted <br> python-typing <br> python-urllib3 <br> python-vcversioner <br> python-virtualenv <br> python-wcwidth <br> python-webob <br> python-websocket-client <br> python-werkzeug <br> python-zope-interface <br> python2 <br> python3 <br> pytz <br> PyYAML <br> rapidjson <br> readline <br> redis <br> rng-tools <br> rpcbind <br> rpcsvc-proto <br> rpm <br> rpm-ostree <br> rrdtool <br> rsync <br> rsyslog <br> ruby <br> rubygem-bundler <br> rust <br> scons <br> sed <br> sg3_utils <br> shadow-utils <br> slang <br> snappy <br> socat <br> sqlite <br> sshpass <br> strace <br> strongswan <br> subversion <br> sudo <br> swig <br> syslinux <br> syslog-ng <br> sysstat <br> systemd <br> systemd-bootstrap <br> systemtap <br> tar <br> tboot <br> tcl <br> tcp_wrappers <br> tcpdump <br> tcsh <br> tdnf <br> telegraf <br> texinfo <br> tmux <br> tpm2-abrmd <br> tpm2-tools <br> tpm2-tss <br> traceroute <br> tree <br> trousers <br> tzdata <br> unbound <br> unixODBC <br> unzip <br> usbutils <br> userspace-rcu <br> utf8proc <br> util-linux <br> valgrind <br> vim <br> vsftpd <br> WALinuxAgent <br> wget <br> which <br> wpa_supplicant <br> xerces-c <br> xfsprogs <br> xinetd <br> xmlsec1 <br> xmlto <br> xz <br> zchunk <br> zeromq <br> zip <br> zlib <br> zsh |
 | OpenMamba | [Openmamba GPLv2 License](https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt) | bash-completion |
diff --git a/SPECS/LICENSES-AND-NOTICES/data/licenses.json b/SPECS/LICENSES-AND-NOTICES/data/licenses.json
index 16be7b91337..e0cfa1a03d0 100644
--- a/SPECS/LICENSES-AND-NOTICES/data/licenses.json
+++ b/SPECS/LICENSES-AND-NOTICES/data/licenses.json
@@ -43,6 +43,7 @@
         "extra-cmake-modules",
         "fipscheck",
         "fuse-zip",
+        "gcovr",
         "gnu-efi",
         "graphviz",
         "hardening-check",
diff --git a/SPECS/audit/audit.spec b/SPECS/audit/audit.spec
index 2de0d4ad07b..1dcfe4e126e 100644
--- a/SPECS/audit/audit.spec
+++ b/SPECS/audit/audit.spec
@@ -4,7 +4,7 @@
 Summary:        Kernel Audit Tool
 Name:           audit
 Version:        3.0
-Release:        11%{?dist}
+Release:        12%{?dist}
 Source0:        https://people.redhat.com/sgrubb/audit/%{name}-%{version}-alpha8.tar.gz
 Patch0:         refuse-manual-stop.patch
 License:        GPLv2+
@@ -170,6 +170,9 @@ make %{?_smp_mflags} check
 %{python3_sitelib}/*
 
 %changelog
+*   Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 3.0-12
+-   Bump release to force rebuild with golang 1.16.14
+
 *   Fri Jan 21 2022 Nick Samson <nisamson@microsoft.com> - 3.0-11
 -   Removed libwrap support to remove dependency on finger
 *   Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 3.0-10
diff --git a/SPECS/blobfuse/blobfuse.spec b/SPECS/blobfuse/blobfuse.spec
index a8c62c90814..26cd486cd72 100644
--- a/SPECS/blobfuse/blobfuse.spec
+++ b/SPECS/blobfuse/blobfuse.spec
@@ -1,7 +1,7 @@
 Summary:        FUSE adapter - Azure Storage Blobs
 Name:           blobfuse
 Version:        1.3.6
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -47,6 +47,9 @@ rm -rf %{buildroot}
 %{_bindir}/blobfuse
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 1.3.6-7
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 1.3.6-6
 - Increment release for force republishing using golang 1.16.12
 
diff --git a/SPECS/ceph/ceph.spec b/SPECS/ceph/ceph.spec
index 012bb51a6c1..01108a53fba 100644
--- a/SPECS/ceph/ceph.spec
+++ b/SPECS/ceph/ceph.spec
@@ -14,7 +14,7 @@
 Summary:        User space components of the Ceph file system
 Name:           ceph
 Version:        16.2.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        LGPLv2 and LGPLv3 and CC-BY-SA and GPLv2 and Boost and BSD and MIT and Public Domain and GPLv3 and ASL-2.0
 URL:            https://ceph.io/
 Vendor:         Microsoft Corporation
@@ -779,7 +779,7 @@ This package provides Ceph’s default alerts for Prometheus.
 
 # Despite disabling diskprediction, some unpackaged files stick around
 # Delete directories to prevent these files from being built/installed later
-cd /usr/src/mariner/BUILD/%{name}-%{version}
+cd %{_topdir}/BUILD/%{name}-%{version}
 rm -rf ./src/pybind/mgr/diskprediction_local
 rm -rf ./src/pybind/mgr/diskprediction_cloud
 
@@ -1803,6 +1803,9 @@ exit 0
 %config %{_sysconfdir}/prometheus/ceph/ceph_default_alerts.yml
 
 %changelog
+*   Thu Feb 17 2022 Andrew Phelps <anphel@microsoft.com> 16.2.0-4
+-   Use _topdir instead of hard-coded value /usr/src/mariner
+
 *   Thu Jul 22 2021 Andrew Phelps <anphel@microsoft.com> 16.2.0-3
 -   Set __os_install_post to reduce package size
 -   Remove duplicate line to disable debug_package
diff --git a/SPECS/cni/cni.spec b/SPECS/cni/cni.spec
index bbc813aa645..df4fc514113 100644
--- a/SPECS/cni/cni.spec
+++ b/SPECS/cni/cni.spec
@@ -3,7 +3,7 @@
 Summary:        Container Network Interface (CNI) plugins
 Name:           cni
 Version:        0.9.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        ASL 2.0
 URL:            https://github.com/containernetworking/plugins
 #Source0:       https://github.com/containernetworking/plugins/archive/refs/tags/v0.9.1.tar.gz
@@ -42,6 +42,9 @@ install -vpm 0755 -t %{buildroot}%{_default_cni_plugins_dir} bin/*
 %{_default_cni_plugins_dir}/*
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 0.9.1-4
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 0.9.1-3
 - Increment release for force republishing using golang 1.16.12
 
diff --git a/SPECS/coredns/coredns-1.7.0.spec b/SPECS/coredns/coredns-1.7.0.spec
index ad23ad01840..358800015a7 100644
--- a/SPECS/coredns/coredns-1.7.0.spec
+++ b/SPECS/coredns/coredns-1.7.0.spec
@@ -3,7 +3,7 @@
 Summary:        Fast and flexible DNS server
 Name:           coredns
 Version:        1.7.0
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        Apache License 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -61,6 +61,9 @@ rm -rf %{buildroot}/*
 %{_bindir}/%{name}
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 1.7.0-7
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 1.7.0-6
 - Increment release for force republishing using golang 1.16.12
 
diff --git a/SPECS/coredns/coredns-1.8.0.spec b/SPECS/coredns/coredns-1.8.0.spec
index 1b67e5f6aee..535e488f468 100644
--- a/SPECS/coredns/coredns-1.8.0.spec
+++ b/SPECS/coredns/coredns-1.8.0.spec
@@ -3,7 +3,7 @@
 Summary:        Fast and flexible DNS server
 Name:           coredns
 Version:        1.8.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        Apache License 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -61,6 +61,9 @@ rm -rf %{buildroot}/*
 %{_bindir}/%{name}
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 1.8.0-4
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 1.8.0-3
 - Increment release for force republishing using golang 1.16.12
 
diff --git a/SPECS/coredns/coredns-1.8.4.spec b/SPECS/coredns/coredns-1.8.4.spec
index 56de9e3d09e..48c7b3335bc 100644
--- a/SPECS/coredns/coredns-1.8.4.spec
+++ b/SPECS/coredns/coredns-1.8.4.spec
@@ -3,7 +3,7 @@
 Summary:        Fast and flexible DNS server
 Name:           coredns
 Version:        1.8.4
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        Apache License 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -61,6 +61,9 @@ rm -rf %{buildroot}/*
 %{_bindir}/%{name}
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 1.8.4-3
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 1.8.4-2
 - Increment release for force republishing using golang 1.16.12
 
diff --git a/SPECS/cri-tools/cri-tools.spec b/SPECS/cri-tools/cri-tools.spec
index 96caddd1371..9eb6911e48d 100644
--- a/SPECS/cri-tools/cri-tools.spec
+++ b/SPECS/cri-tools/cri-tools.spec
@@ -3,7 +3,7 @@
 Summary:        CRI tools
 Name:           cri-tools
 Version:        1.22.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        ASL 2.0
 URL:            https://github.com/kubernetes-sigs/cri-tools
 #Source0:       https://github.com/kubernetes-sigs/cri-tools/archive/v%{version}.tar.gz
@@ -55,6 +55,9 @@ install -p -m 644 -t %{buildroot}%{_docdir}/%{name} ./docs/crictl.md
 rm -rf %{buildroot}/*
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 1.22.0-4
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 1.22.0-3
 - Increment release for force republishing using golang 1.16.12
 
diff --git a/SPECS/etcd/etcd-3.4.13.spec b/SPECS/etcd/etcd-3.4.13.spec
index 0b00c70b597..4ddc2fa0499 100644
--- a/SPECS/etcd/etcd-3.4.13.spec
+++ b/SPECS/etcd/etcd-3.4.13.spec
@@ -1,7 +1,7 @@
 Summary:        A highly-available key value store for shared configuration
 Name:           etcd
 Version:        3.4.13
-Release:        7%{?dist}
+Release:        8%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -93,6 +93,9 @@ rm -rf %{buildroot}/*
 %{_bindir}/etcd-dump-*
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 3.4.13-8
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 3.4.13-7
 - Increment release for force republishing using golang 1.16.12
 - Update Source0 URL
diff --git a/SPECS/etcd/etcd-3.5.0.spec b/SPECS/etcd/etcd-3.5.0.spec
index 14d303940f9..02a139b2f58 100644
--- a/SPECS/etcd/etcd-3.5.0.spec
+++ b/SPECS/etcd/etcd-3.5.0.spec
@@ -1,7 +1,7 @@
 Summary:        A highly-available key value store for shared configuration
 Name:           etcd
 Version:        3.5.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -141,6 +141,9 @@ rm -rf %{buildroot}/*
 /%{_docdir}/%{name}-%{version}-tools/*
 
 %changelog
+*   Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 3.5.0-3
+-   Bump release to force rebuild with golang 1.16.14
+
 *   Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 3.5.0-2
 -   Increment release for force republishing using golang 1.16.12
 
diff --git a/SPECS/flannel/flannel.spec b/SPECS/flannel/flannel.spec
index 6c66e32ae97..e5aa0fb1c7f 100644
--- a/SPECS/flannel/flannel.spec
+++ b/SPECS/flannel/flannel.spec
@@ -4,7 +4,7 @@
 Summary:        Simple and easy way to configure a layer 3 network fabric designed for Kubernetes
 Name:           flannel
 Version:        0.14.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        Apache License 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -50,6 +50,9 @@ rm -rf %{buildroot}/*
 %{_bindir}/flanneld
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 0.14.0-4
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 0.14.0-3
 - Increment release for force republishing using golang 1.16.12
 
diff --git a/SPECS/gcovr/gcovr.signatures.json b/SPECS/gcovr/gcovr.signatures.json
new file mode 100644
index 00000000000..b80bde5b739
--- /dev/null
+++ b/SPECS/gcovr/gcovr.signatures.json
@@ -0,0 +1,5 @@
+{
+ "Signatures": {
+  "gcovr-5.0.tar.gz": "1c59e223860d4436ef073bb91ec9738777fd0da4b0cbf9507dbfbfe496e4f228"
+ }
+}
\ No newline at end of file
diff --git a/SPECS/gcovr/gcovr.spec b/SPECS/gcovr/gcovr.spec
new file mode 100644
index 00000000000..73188bac6e4
--- /dev/null
+++ b/SPECS/gcovr/gcovr.spec
@@ -0,0 +1,132 @@
+%{!?python3_sitelib: %define python3_sitelib %(python3 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")}
+Summary:        A code coverage report generator using GNU gcov
+Name:           gcovr
+Version:        5.0
+Release:        2%{?dist}
+License:        BSD
+Vendor:         Microsoft Corporation
+Distribution:   Mariner
+URL:            https://gcovr.com/
+Source0:        https://github.com/gcovr/%{name}/archive/%{version}/%{name}-%{version}.tar.gz
+BuildRequires:  make
+BuildRequires:  python3-devel
+BuildRequires:  python3-setuptools
+BuildRequires:  python3-xml
+Requires:       python3
+Requires:       python3-jinja2
+Requires:       python3-lxml
+Requires:       python3-pygments
+Requires:       python3-setuptools
+# for gcov
+Requires:       gcc
+BuildArch:      noarch
+
+%description
+Gcovr provides a utility for managing the use of the GNU gcov utility
+and generating summarized code coverage results.
+
+This command is inspired by the Python coverage.py package, which provides
+a similar utility in Python. The gcovr command produces either compact
+human-readable summary reports, machine readable XML reports
+(in Cobertura format) or simple HTML reports. Thus, gcovr can be viewed
+as a command-line alternative to the lcov utility, which runs gcov and
+generates an HTML-formatted report.
+
+%prep
+%autosetup
+
+%build
+python3 setup.py build
+
+%install
+python3 setup.py install -O1 --skip-build --root %{buildroot}
+
+# %%check
+# Tests are dependent on individual gcc versions and
+# are likely to be flaky/noisy for Mariner
+
+%files
+%license LICENSE.txt
+%doc README.rst CHANGELOG.rst
+%{_bindir}/gcovr
+%{python3_sitelib}/gcovr*
+
+%changelog
+* Wed Feb 16 2022 Thomas Crain <thcrain@microsoft.com> - 5.0-2
+- Backport spec from 2.0 branch to 1.0 branch
+- Remove 2.0-isms (doc building conditionals, dependency generation, python macros, etc.)
+
+* Wed Feb 02 2022 Cameron Baird <cameronbaird@microsoft.com> - 5.0-1
+- Update to v5.0
+
+* Mon Jun 14 2021 Henry Li <lihl@microsoft.com> - 4.2-6
+- Initial CBL-Mariner import from Fedora 34 (license: MIT)
+- License Verified
+- Disable building docs
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.2-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.2-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Fri Jun 26 2020 Tommi Rantala <tommi.t.rantala@nokia.com> - 4.2-3
+- Add bcond to allow building without docs
+
+* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 4.2-2
+- Rebuilt for Python 3.9
+
+* Tue Feb  4 2020 Dan Čermák <dan.cermak@cgc-instruments.com> - 4.2-1
+- New upstream release 4.2
+- Add doc subpackage containing the user-documentation of gcovr
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 4.1-6
+- Rebuilt for Python 3.8.0rc1 (#1748018)
+
+* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 4.1-5
+- Rebuilt for Python 3.8
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Sep 07 2018 Neal Gompa <ngompa13@gmail.com> - 4.1-2
+- Add missing files installed in the Python sitelib location
+
+* Fri Sep 07 2018 Neal Gompa <ngompa13@gmail.com> - 4.1-1
+- Release 4.1 to Fedora (#1626452)
+- Reformatted changelog entry
+
+* Fri Sep 07 2018 Alexis Jeandet <alexis.jeandet@member.fsf.org> - 4.1-0
+- Update to latest gcovr version (4.1)
+- Removed backported upstream patch as it is part of the release
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.3-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 3.3-7
+- Rebuilt for Python 3.7
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.3-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.3-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Mon Mar 06 2017 Neal Gompa <ngompa13@gmail.com> - 3.3-4
+- Fix HTML reports for Python 3 (#1428277)
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Thu Feb  2 2017 Neal Gompa <ngompa13@gmail.com> - 3.3-2
+- Address review comments (#1418804)
+- Switch to Python 3
+
+* Thu Feb  2 2017 Neal Gompa <ngompa13@gmail.com> - 3.3-1
+- Initial package
diff --git a/SPECS/glibc/CVE-2022-23218.patch b/SPECS/glibc/CVE-2022-23218.patch
new file mode 100644
index 00000000000..66b167c272f
--- /dev/null
+++ b/SPECS/glibc/CVE-2022-23218.patch
@@ -0,0 +1,80 @@
+diff --git a/sunrpc/svc_unix.c b/sunrpc/svc_unix.c
+index f2280b4c49..67177a2e78 100644
+--- a/sunrpc/svc_unix.c
++++ b/sunrpc/svc_unix.c
+@@ -154,7 +154,10 @@ svcunix_create (int sock, u_int sendsize, u_int recvsize, char *path)
+   SVCXPRT *xprt;
+   struct unix_rendezvous *r;
+   struct sockaddr_un addr;
+-  socklen_t len = sizeof (struct sockaddr_in);
++  socklen_t len = sizeof (addr);
++
++  if (__sockaddr_un_set (&addr, path) < 0)
++    return NULL;
+ 
+   if (sock == RPC_ANYSOCK)
+     {
+@@ -165,12 +168,6 @@ svcunix_create (int sock, u_int sendsize, u_int recvsize, char *path)
+ 	}
+       madesock = TRUE;
+     }
+-  memset (&addr, '\0', sizeof (addr));
+-  addr.sun_family = AF_UNIX;
+-  len = strlen (path) + 1;
+-  memcpy (addr.sun_path, path, len);
+-  len += sizeof (addr.sun_family);
+-
+   __bind (sock, (struct sockaddr *) &addr, len);
+ 
+   if (__getsockname (sock, (struct sockaddr *) &addr, &len) != 0
+diff --git a/sunrpc/tst-bug28768.c b/sunrpc/tst-bug28768.c
+new file mode 100644
+index 0000000000..35a4b7b0b3
+--- /dev/null
++++ b/sunrpc/tst-bug28768.c
+@@ -0,0 +1,42 @@
++/* Test to verify that long path is rejected by svcunix_create (bug 28768).
++   Copyright (C) 2022 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <http://www.gnu.org/licenses/>.  */
++
++#include <errno.h>
++#include <rpc/svc.h>
++#include <shlib-compat.h>
++#include <string.h>
++#include <support/check.h>
++
++/* svcunix_create does not have a default version in linkobj/libc.so.  */
++compat_symbol_reference (libc, svcunix_create, svcunix_create, GLIBC_2_1);
++
++static int
++do_test (void)
++{
++  char pathname[109];
++  memset (pathname, 'x', sizeof (pathname));
++  pathname[sizeof (pathname) - 1] = '\0';
++
++  errno = 0;
++  TEST_VERIFY (svcunix_create (RPC_ANYSOCK, 4096, 4096, pathname) == NULL);
++  TEST_COMPARE (errno, EINVAL);
++
++  return 0;
++}
++
++#include <support/test-driver.c>
+-- 
+2.27.0
+
diff --git a/SPECS/glibc/CVE-2022-23219.patch b/SPECS/glibc/CVE-2022-23219.patch
new file mode 100644
index 00000000000..37fc0ad405c
--- /dev/null
+++ b/SPECS/glibc/CVE-2022-23219.patch
@@ -0,0 +1,23 @@
+diff --git a/sunrpc/clnt_gen.c b/sunrpc/clnt_gen.c
+index 13ced8994e..b44357cd88 100644
+--- a/sunrpc/clnt_gen.c
++++ b/sunrpc/clnt_gen.c
+@@ -57,9 +57,13 @@ clnt_create (const char *hostname, u_long prog, u_long vers,
+ 
+   if (strcmp (proto, "unix") == 0)
+     {
+-      memset ((char *)&sun, 0, sizeof (sun));
+-      sun.sun_family = AF_UNIX;
+-      strcpy (sun.sun_path, hostname);
++      if (__sockaddr_un_set (&sun, hostname) < 0)
++	{
++	  struct rpc_createerr *ce = &get_rpc_createerr ();
++	  ce->cf_stat = RPC_SYSTEMERROR;
++	  ce->cf_error.re_errno = errno;
++	  return NULL;
++	}
+       sock = RPC_ANYSOCK;
+       client = clntunix_create (&sun, prog, vers, &sock, 0, 0);
+       if (client == NULL)
+-- 
+2.27.0
diff --git a/SPECS/glibc/glibc-2.28__sockaddr_un_set.patch b/SPECS/glibc/glibc-2.28__sockaddr_un_set.patch
new file mode 100644
index 00000000000..3e7038a4cf1
--- /dev/null
+++ b/SPECS/glibc/glibc-2.28__sockaddr_un_set.patch
@@ -0,0 +1,157 @@
+diff --git a/include/sys/un.h b/include/sys/un.h
+index bdbee999..b5969c85 100644
+--- a/include/sys/un.h
++++ b/include/sys/un.h
+@@ -1 +1,13 @@
+ #include <socket/sys/un.h>
++
++#ifndef _ISOMAC
++
++/* Set ADDR->sun_family to AF_UNIX and ADDR->sun_path to PATHNAME.
++   Return 0 on success or -1 on failure (due to overlong PATHNAME).
++   The caller should always use sizeof (struct sockaddr_un) as the
++   socket address length, disregaring the length of PATHNAME.
++   Only concrete (non-abstract) pathnames are supported.  */
++int __sockaddr_un_set (struct sockaddr_un *addr, const char *pathname)
++  attribute_hidden;
++
++#endif /* _ISOMAC */
+\ No newline at end of file
+diff --git a/socket/Makefile b/socket/Makefile
+index b41eb071..5e8fcf1d 100644
+--- a/socket/Makefile
++++ b/socket/Makefile
+@@ -29,10 +29,15 @@ headers	:= sys/socket.h sys/un.h bits/sockaddr.h bits/socket.h \
+ routines := accept bind connect getpeername getsockname getsockopt	\
+ 	    listen recv recvfrom recvmsg send sendmsg sendto		\
+ 	    setsockopt shutdown socket socketpair isfdtype opensock	\
+-	    sockatmark accept4 recvmmsg sendmmsg
++	    sockatmark accept4 recvmmsg sendmmsg sockaddr_un_set
+ 
+ tests := tst-accept4
+ 
++tests-internal := \
++  tst-sockaddr_un_set \
++  # tests-internal
++
++
+ aux	 := sa_len
+ 
+ include ../Rules
+diff --git a/socket/sockaddr_un_set.c b/socket/sockaddr_un_set.c
+new file mode 100644
+index 00000000..68e5d1d8
+--- /dev/null
++++ b/socket/sockaddr_un_set.c
+@@ -0,0 +1,41 @@
++/* Set the sun_path member of struct sockaddr_un.
++   Copyright (C) 2022 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <https://www.gnu.org/licenses/>.  */
++
++#include <errno.h>
++#include <string.h>
++#include <sys/socket.h>
++#include <sys/un.h>
++
++int
++__sockaddr_un_set (struct sockaddr_un *addr, const char *pathname)
++{
++  size_t name_length = strlen (pathname);
++
++  /* The kernel supports names of exactly sizeof (addr->sun_path)
++     bytes, without a null terminator, but userspace does not; see the
++     SUN_LEN macro.  */
++  if (name_length >= sizeof (addr->sun_path))
++    {
++      __set_errno (EINVAL);     /* Error code used by the kernel.  */
++      return -1;
++    }
++
++  addr->sun_family = AF_UNIX;
++  memcpy (addr->sun_path, pathname, name_length + 1);
++  return 0;
++}
+\ No newline at end of file
+diff --git a/socket/tst-sockaddr_un_set.c b/socket/tst-sockaddr_un_set.c
+new file mode 100644
+index 00000000..c8cc0d02
+--- /dev/null
++++ b/socket/tst-sockaddr_un_set.c
+@@ -0,0 +1,62 @@
++/* Test the __sockaddr_un_set function.
++   Copyright (C) 2022 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <https://www.gnu.org/licenses/>.  */
++
++/* Re-compile the function because the version in libc is not
++   exported.  */
++#include "sockaddr_un_set.c"
++
++#include <support/check.h>
++
++static int
++do_test (void)
++{
++  struct sockaddr_un sun;
++
++  memset (&sun, 0xcc, sizeof (sun));
++  __sockaddr_un_set (&sun, "");
++  TEST_COMPARE (sun.sun_family, AF_UNIX);
++  TEST_COMPARE (__sockaddr_un_set (&sun, ""), 0);
++
++  memset (&sun, 0xcc, sizeof (sun));
++  TEST_COMPARE (__sockaddr_un_set (&sun, "/example"), 0);
++  TEST_COMPARE_STRING (sun.sun_path, "/example");
++
++  {
++    char pathname[108];         /* Length of sun_path (ABI constant).  */
++    memset (pathname, 'x', sizeof (pathname));
++    pathname[sizeof (pathname) - 1] = '\0';
++    memset (&sun, 0xcc, sizeof (sun));
++    TEST_COMPARE (__sockaddr_un_set (&sun, pathname), 0);
++    TEST_COMPARE (sun.sun_family, AF_UNIX);
++    TEST_COMPARE_STRING (sun.sun_path, pathname);
++  }
++
++  {
++    char pathname[109];
++    memset (pathname, 'x', sizeof (pathname));
++    pathname[sizeof (pathname) - 1] = '\0';
++    memset (&sun, 0xcc, sizeof (sun));
++    errno = 0;
++    TEST_COMPARE (__sockaddr_un_set (&sun, pathname), -1);
++    TEST_COMPARE (errno, EINVAL);
++  }
++
++  return 0;
++}
++
++#include <support/test-driver.c>
+\ No newline at end of file
diff --git a/SPECS/glibc/glibc.spec b/SPECS/glibc/glibc.spec
index e242c9a6c6f..06b78076d2a 100644
--- a/SPECS/glibc/glibc.spec
+++ b/SPECS/glibc/glibc.spec
@@ -6,7 +6,7 @@
 Summary:        Main C library
 Name:           glibc
 Version:        2.28
-Release:        22%{?dist}
+Release:        23%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -51,6 +51,9 @@ Patch20:        CVE-2021-38604.patch
 # Patch path for reference:
 # https://sourceware.org/bugzilla/attachment.cgi?id=12484&action=diff&collapsed=&headers=1&format=raw
 Patch21:        glibc-2.28_pthread_cond_wait.patch
+Patch22:        glibc-2.28__sockaddr_un_set.patch
+Patch23:        CVE-2022-23218.patch
+Patch24:        CVE-2022-23219.patch
 Requires:       filesystem
 Provides:       rtld(GNU_HASH)
 Provides:       /sbin/ldconfig
@@ -322,6 +325,10 @@ grep "^FAIL: nptl/tst-eintr1" tests.sum >/dev/null && n=$((n+1)) ||:
 %defattr(-,root,root)
 
 %changelog
+* Mon Feb 14 2022 Cameron Baird <cameronbaird@microsoft.com> - 2.28-23
+- Patch CVE-2022-23218, CVE-2022-23219
+- glibc-2.28__sockaddr_un_set.patch (required for CVE patches)
+
 * Tue Nov 09 2021 Mateusz Malisz <mamalisz@microsoft.com> - 2.28-22
 - Filter out /bin/sh alongside bash from the dependencies.
 
diff --git a/SPECS/glide/glide.spec b/SPECS/glide/glide.spec
index cae221c2a07..b90172d9f52 100644
--- a/SPECS/glide/glide.spec
+++ b/SPECS/glide/glide.spec
@@ -1,7 +1,7 @@
 Summary:        Vendor Package Management for Golang
 Name:           glide
 Version:        0.13.3
-Release:        8%{?dist}
+Release:        9%{?dist}
 License:        MIT
 URL:            https://github.com/Masterminds/glide
 # Source0:      https://github.com/Masterminds/%{name}/archive/v%{version}.tar.gz
@@ -53,6 +53,9 @@ popd
 %{_bindir}/glide
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 0.13.3-9
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 0.13.3-8
 - Increment release for force republishing using golang 1.16.12
 
diff --git a/SPECS/go-md2man/go-md2man.spec b/SPECS/go-md2man/go-md2man.spec
index d9421701aa5..cede25fe6c8 100644
--- a/SPECS/go-md2man/go-md2man.spec
+++ b/SPECS/go-md2man/go-md2man.spec
@@ -1,7 +1,7 @@
 Summary:    Converts markdown into roff (man pages)
 Name:       go-md2man
 Version:    2.0.0
-Release:    9%{?dist}
+Release:    10%{?dist}
 License:    MIT
 Group:      Tools/Container
 
@@ -49,6 +49,9 @@ cp go-md2man-2.0.0/LICENSE.md %{buildroot}/usr/share/doc/%{name}-%{version}/LICE
 %{_bindir}/go-md2man
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 2.0.0-10
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 2.0.0-9
 - Increment release for force republishing using golang 1.16.12
 
diff --git a/SPECS/gobject-introspection/gobject-introspection.spec b/SPECS/gobject-introspection/gobject-introspection.spec
index fdb773f5145..11be9d702ae 100644
--- a/SPECS/gobject-introspection/gobject-introspection.spec
+++ b/SPECS/gobject-introspection/gobject-introspection.spec
@@ -5,7 +5,7 @@ Name:           gobject-introspection
 Summary:        Introspection system for GObject-based libraries
 %define BaseVersion 1.58
 Version:        %{BaseVersion}.0
-Release:        13%{?dist}
+Release:        14%{?dist}
 Group:          Development/Libraries
 License:        GPLv2+ and LGPLv2+ and MIT
 URL:            https://github.com/GNOME/gobject-introspection
@@ -139,6 +139,9 @@ make  %{?_smp_mflags} check
 %doc %{_mandir}/man1/*.gz
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 1.58.0-14
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 1.58.0-13
 - Increment release for force republishing using golang 1.16.12
 
diff --git a/SPECS/golang/golang-1.16.signatures.json b/SPECS/golang/golang-1.16.signatures.json
index ff40e9bb93b..5d86f46021a 100644
--- a/SPECS/golang/golang-1.16.signatures.json
+++ b/SPECS/golang/golang-1.16.signatures.json
@@ -1,6 +1,6 @@
 {
  "Signatures": {
-  "go1.16.12.src.tar.gz": "2afd839dcb76d2bb082c502c01a0a5cdbfc09fd630757835363c4fde8e2fbfe8",
+  "go1.16.14.src.tar.gz": "467898cd3a216de54dcb9014f541efe77e9b79a7154dbc1fd2dd778b0c63fb56",
   "go1.4-bootstrap-20171003.tar.gz": "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52"
  }
-}
\ No newline at end of file
+}
diff --git a/SPECS/golang/golang-1.16.spec b/SPECS/golang/golang-1.16.spec
index f5e2cf7a952..daed3933860 100644
--- a/SPECS/golang/golang-1.16.spec
+++ b/SPECS/golang/golang-1.16.spec
@@ -12,7 +12,7 @@
 %define __find_requires %{nil}
 Summary:        Go
 Name:           golang
-Version:        1.16.12
+Version:        1.16.14
 Release:        1%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
@@ -22,6 +22,7 @@ URL:            https://golang.org
 Source0:        https://golang.org/dl/go%{version}.src.tar.gz
 Source1:        https://dl.google.com/go/go1.4-bootstrap-20171003.tar.gz
 Patch0:         go14_bootstrap_aarch64.patch
+# Patch for CVE-2021-29923 is available upstream in v1.17
 Patch1:         CVE-2021-29923.patch
 Obsoletes:      %{name} < %{version}
 Provides:       %{name} = %{version}
@@ -32,7 +33,7 @@ Go is an open source programming language that makes it easy to build simple, re
 %prep
 # Setup go 1.4 bootstrap source
 tar xf %{SOURCE1} --no-same-owner
-patch -Np1 --ignore-whitespace < /usr/src/mariner/SOURCES/go14_bootstrap_aarch64.patch
+patch -Np1 --ignore-whitespace < %{_topdir}/SOURCES/go14_bootstrap_aarch64.patch
 mv -v go go-bootstrap
 
 # Setup go source and patch
@@ -41,10 +42,10 @@ mv -v go go-bootstrap
 
 %build
 # Build go 1.4 bootstrap
-pushd /usr/src/mariner/BUILD/go-bootstrap/src
+pushd %{_topdir}/BUILD/go-bootstrap/src
 CGO_ENABLED=0 ./make.bash
 popd
-mv -v /usr/src/mariner/BUILD/go-bootstrap /usr/lib/golang
+mv -v %{_topdir}/BUILD/go-bootstrap /usr/lib/golang
 export GOROOT=/usr/lib/golang
 
 # Build current go version
@@ -118,6 +119,12 @@ fi
 %{_bindir}/*
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 1.16.14-1
+- Upgrade to version 1.16.14 to resolve CVE-2022-23806, CVE-2022-23772, CVE-2022-23773
+
+* Thu Feb 17 2022 Andrew Phelps <anphel@microsoft.com> - 1.16.12-2
+- Use _topdir instead of hard-coded value /usr/src/mariner
+
 * Tue Jan 18 2022 Henry Li <lihl@microsoft.com> - 1.16.12-1
 - Upgrade to version 1.16.12 to resolve CVE-2021-44716
 
diff --git a/SPECS/grub2/grub2.spec b/SPECS/grub2/grub2.spec
index e142331f5fd..be074034382 100644
--- a/SPECS/grub2/grub2.spec
+++ b/SPECS/grub2/grub2.spec
@@ -6,7 +6,7 @@
 Summary:        GRand Unified Bootloader
 Name:           grub2
 Version:        2.06~rc1
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        GPLv3+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -105,7 +105,7 @@ GRUB UEFI bootloader binaries
 
 %prep
 # Remove module_info.ld script due to error "grub2-install: error: Decompressor is too big"
-LDFLAGS="`echo " %{build_ldflags} " | sed 's#-Wl,-dT,/usr/src/mariner/BUILD/module_info.ld##'`"
+LDFLAGS="`echo " %{build_ldflags} " | sed 's#-Wl,-dT,%{_topdir}/BUILD/module_info.ld##'`"
 export LDFLAGS
 
 %autosetup -p1 -n grub-2.06-rc1
@@ -115,7 +115,7 @@ mv gnulib-%{gnulibversion} gnulib
 
 %build
 # Remove module_info.ld script due to error "grub2-install: error: Decompressor is too big"
-LDFLAGS="`echo " %{build_ldflags} " | sed 's#-Wl,-dT,/usr/src/mariner/BUILD/module_info.ld##'`"
+LDFLAGS="`echo " %{build_ldflags} " | sed 's#-Wl,-dT,%{_topdir}/BUILD/module_info.ld##'`"
 export LDFLAGS
 ./bootstrap --no-git --gnulib-srcdir=./gnulib
 %ifarch x86_64
@@ -277,6 +277,9 @@ cp $GRUB_MODULE_SOURCE $EFI_BOOT_DIR/$GRUB_MODULE_NAME
 %endif
 
 %changelog
+* Thu Feb 17 2022 Andrew Phelps <anphel@microsoft.com> - 2.06~rc1-7
+- Use _topdir instead of hard-coded value /usr/src/mariner
+
 * Tue Feb 08 2022 Chris Co <chrco@microsoft.com> - 2.06~rc1-6
 - Bump release number to force binary signing with new secure boot key
 
diff --git a/SPECS/helm/helm.spec b/SPECS/helm/helm.spec
index 55d903b5720..f449511ea36 100644
--- a/SPECS/helm/helm.spec
+++ b/SPECS/helm/helm.spec
@@ -2,7 +2,7 @@
 Summary:        The Kubernetes Package Manager
 Name:           helm
 Version:        3.4.1
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        Apache 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -52,6 +52,9 @@ install -m 755 ./helm %{buildroot}%{_bindir}
 %{_bindir}/helm
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 3.4.1-7
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 3.4.1-6
 - Increment release for force republishing using golang 1.16.12
 
diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec
index caa4689fc01..161b1c1d3eb 100644
--- a/SPECS/kernel-headers/kernel-headers.spec
+++ b/SPECS/kernel-headers/kernel-headers.spec
@@ -1,7 +1,7 @@
 Summary:        Linux API header files
 Name:           kernel-headers
 Version:        5.10.93.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -41,6 +41,9 @@ cp -rv usr/include/* /%{buildroot}%{_includedir}
 %{_includedir}/*
 
 %changelog
+* Fri Feb 11 2022 Vince Perri <viperri@microsoft.com> - 5.10.93.1-4
+- Bump release number to match kernel release
+
 * Wed Feb 09 2022 Rachel Menge <rachelmenge@microsoft.com> - 5.10.93.1-3
 - Address CVE-2022-0435 with patch
   
diff --git a/SPECS/kernel-hyperv/config b/SPECS/kernel-hyperv/config
index ebad684d165..0528db499d5 100644
--- a/SPECS/kernel-hyperv/config
+++ b/SPECS/kernel-hyperv/config
@@ -1612,9 +1612,11 @@ CONFIG_PREVENT_FIRMWARE_BUILD=y
 # Firmware loader
 #
 CONFIG_FW_LOADER=y
+CONFIG_FW_LOADER_PAGED_BUF=y
 CONFIG_EXTRA_FIRMWARE=""
-# CONFIG_FW_LOADER_USER_HELPER is not set
-# CONFIG_FW_LOADER_COMPRESS is not set
+CONFIG_FW_LOADER_USER_HELPER=y
+CONFIG_FW_LOADER_USER_HELPER_FALLBACK=y
+CONFIG_FW_LOADER_COMPRESS=y
 # end of Firmware loader
 
 CONFIG_ALLOW_DEV_COREDUMP=y
diff --git a/SPECS/kernel-hyperv/kernel-hyperv.signatures.json b/SPECS/kernel-hyperv/kernel-hyperv.signatures.json
index 8af161f93e4..7870e024d6b 100644
--- a/SPECS/kernel-hyperv/kernel-hyperv.signatures.json
+++ b/SPECS/kernel-hyperv/kernel-hyperv.signatures.json
@@ -1,7 +1,7 @@
 {
  "Signatures": {
   "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0",
-  "config": "222a779db7e41bf05a0f02b7fc908151e7188d730209b1ca09e00df8df9c4944",
+  "config": "863fc38dddb1b8ab267b0827746c5b1da91f42a929b85a6babed7a3ed566813d",
   "kernel-5.10.93.1.tar.gz": "9e1d128554d40dcd80d2ed00d655f85c6674f5178792591eabfeb1be721ba50d",
   "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f"
  }
diff --git a/SPECS/kernel-hyperv/kernel-hyperv.spec b/SPECS/kernel-hyperv/kernel-hyperv.spec
index 301ab627910..0d8066322eb 100644
--- a/SPECS/kernel-hyperv/kernel-hyperv.spec
+++ b/SPECS/kernel-hyperv/kernel-hyperv.spec
@@ -4,7 +4,7 @@
 Summary:        Linux Kernel optimized for Hyper-V
 Name:           kernel-hyperv
 Version:        5.10.93.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -273,6 +273,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %{_libdir}/perf/include/bpf/*
 
 %changelog
+* Fri Feb 11 2022 Vince Perri <viperri@microsoft.com> - 5.10.93.1-4
+- Add compressed firmware support
+
 * Wed Feb 09 2022 Rachel Menge <rachelmenge@microsoft.com> - 5.10.93.1-3
 - Address CVE-2022-0435 with patch
 
diff --git a/SPECS/kernel/CVE-2021-4001.nopatch b/SPECS/kernel/CVE-2021-4001.nopatch
new file mode 100644
index 00000000000..0f188692b17
--- /dev/null
+++ b/SPECS/kernel/CVE-2021-4001.nopatch
@@ -0,0 +1,3 @@
+CVE-2021-4001 - Fix already backported into 5.10.93.1
+Upstream: 353050be4c19e102178ccc05988101887c25ae53
+Stable: 33fe044f6a9e8977686a6a09f0bf33e5cc75257e
\ No newline at end of file
diff --git a/SPECS/kernel/CVE-2021-4154.nopatch b/SPECS/kernel/CVE-2021-4154.nopatch
new file mode 100644
index 00000000000..101796fd8ea
--- /dev/null
+++ b/SPECS/kernel/CVE-2021-4154.nopatch
@@ -0,0 +1,3 @@
+CVE-2021-4154 - Fix already backported into 5.10.93.1
+Upstream: 3b0462726e7ef281c35a7a4ae33e93ee2bc9975b
+Stable:  811763e3beb6c922d168e9f509ec593e9240842e
\ No newline at end of file
diff --git a/SPECS/kernel/CVE-2022-0487.nopatch b/SPECS/kernel/CVE-2022-0487.nopatch
new file mode 100644
index 00000000000..10d650ec58e
--- /dev/null
+++ b/SPECS/kernel/CVE-2022-0487.nopatch
@@ -0,0 +1,3 @@
+CVE-2022-0487 - Fix already backported into 5.10.93.1
+Upstream: 42933c8aa14be1caa9eda41f65cde8a3a95d3e39
+Stable: b6cbe1fcf85ee3c62c8e0642edbf7d027f4e7e38
\ No newline at end of file
diff --git a/SPECS/kernel/config b/SPECS/kernel/config
index 201198d5158..ceb17b4aa84 100644
--- a/SPECS/kernel/config
+++ b/SPECS/kernel/config
@@ -1856,9 +1856,11 @@ CONFIG_PREVENT_FIRMWARE_BUILD=y
 # Firmware loader
 #
 CONFIG_FW_LOADER=y
+CONFIG_FW_LOADER_PAGED_BUF=y
 CONFIG_EXTRA_FIRMWARE=""
-# CONFIG_FW_LOADER_USER_HELPER is not set
-# CONFIG_FW_LOADER_COMPRESS is not set
+CONFIG_FW_LOADER_USER_HELPER=y
+CONFIG_FW_LOADER_USER_HELPER_FALLBACK=y
+CONFIG_FW_LOADER_COMPRESS=y
 CONFIG_FW_CACHE=y
 # end of Firmware loader
 
diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json
index d54a45d909d..2032216f122 100644
--- a/SPECS/kernel/kernel.signatures.json
+++ b/SPECS/kernel/kernel.signatures.json
@@ -1,7 +1,7 @@
 {
  "Signatures": {
   "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0",
-  "config": "4cc31daaa8259492909d345aaa540e4b7c45bc9548d1839897dc2b738a6a3d26",
+  "config": "52141e092d1fb9697c8a4bd86be8208e6d54a4acdf6231a85de9ee71d32dd43d",
   "config_aarch64": "be58188b131e3f2aa6d4222220c6effe13566e053d4748b75f0e2d9353136bb8",
   "kernel-5.10.93.1.tar.gz": "9e1d128554d40dcd80d2ed00d655f85c6674f5178792591eabfeb1be721ba50d",
   "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f"
diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec
index a74a5a4035e..fd7ff3d1ad5 100644
--- a/SPECS/kernel/kernel.spec
+++ b/SPECS/kernel/kernel.spec
@@ -4,7 +4,7 @@
 Summary:        Linux Kernel
 Name:           kernel
 Version:        5.10.93.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -236,6 +236,9 @@ Patch1195:      CVE-2021-45095.nopatch
 Patch1196:      CVE-2022-0185.nopatch
 Patch1197:      CVE-2022-23222.nopatch
 Patch1198:      CVE-2021-4083.nopatch
+Patch1199:      CVE-2021-4154.nopatch
+Patch1200:      CVE-2021-4001.nopatch
+Patch1201:      CVE-2022-0487.nopatch
 BuildRequires:  audit-devel
 BuildRequires:  bash
 BuildRequires:  bc
@@ -589,6 +592,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %{_sysconfdir}/bash_completion.d/bpftool
 
 %changelog
+* Fri Feb 11 2022 Vince Perri <viperri@microsoft.com> - 5.10.93.1-4
+- Add compressed firmware support
+
 * Wed Feb 09 2022 Rachel Menge <rachelmenge@microsoft.com> - 5.10.93.1-3
 - Address CVE-2022-0435 with patch
 
diff --git a/SPECS/mariner-rpm-macros/gen-ld-script.sh b/SPECS/mariner-rpm-macros/gen-ld-script.sh
index af9149bf1ca..a84932433ba 100755
--- a/SPECS/mariner-rpm-macros/gen-ld-script.sh
+++ b/SPECS/mariner-rpm-macros/gen-ld-script.sh
@@ -1,5 +1,13 @@
 #!/bin/bash
-echo "gen-ld-script.sh generating linker script"
+
+# /usr/lib/rpm/mariner/gen-ld-script.sh %{_topdir}
+if [ -z "$1" ]; then
+    TOPDIR="/usr/src/mariner"
+else
+    TOPDIR="$1"
+fi
+
+echo "gen-ld-script.sh generating linker script with topdir($TOPDIR)"
 
 # Generate linker script that will add the following note to ELF files:
 #
@@ -46,5 +54,5 @@ LINKER_SCRIPT_DESC="BYTE(0x7b) BYTE(0x0a) BYTE(0x20) BYTE(0x22)
 
 LINKER_SCRIPT_END="KEEP (*(.note.package)) } } INSERT AFTER .note.gnu.build-id;"
 
-mkdir -pv /usr/src/mariner/BUILD
-echo $LINKER_SCRIPT_START $LINKER_SCRIPT_NAMESZ $LINKER_SCRIPT_DESCSZ $LINKER_SCRIPT_TYPE $LINKER_SCRIPT_NAME $LINKER_SCRIPT_DESC $LINKER_SCRIPT_END > /usr/src/mariner/BUILD/module_info.ld
+mkdir -pv $TOPDIR/BUILD
+echo $LINKER_SCRIPT_START $LINKER_SCRIPT_NAMESZ $LINKER_SCRIPT_DESCSZ $LINKER_SCRIPT_TYPE $LINKER_SCRIPT_NAME $LINKER_SCRIPT_DESC $LINKER_SCRIPT_END > $TOPDIR/BUILD/module_info.ld
diff --git a/SPECS/mariner-rpm-macros/macros b/SPECS/mariner-rpm-macros/macros
index a7773f9685a..eb4526e2960 100644
--- a/SPECS/mariner-rpm-macros/macros
+++ b/SPECS/mariner-rpm-macros/macros
@@ -30,7 +30,7 @@
 # Generate metadata linker script before prep section of each SPEC
 %__spec_prep_template   #!%{__spec_prep_shell}\
 %{__spec_prep_pre}\
-/usr/lib/rpm/mariner/gen-ld-script.sh\
+/usr/lib/rpm/mariner/gen-ld-script.sh %{_topdir}\
 %{nil}
 
 # This section overrides the default behavior of the build macro to export
@@ -55,7 +55,7 @@
     } \
     %{_rpmconfigdir}/brp-strip-unneeded %{__strip} \
     %{_rpmconfigdir}/brp-strip-static-archive %{__strip} \
-    find %{buildroot} -name "*.pc" | xargs -I{} sed -i -e 's@-Wl,-dT,/usr/src/mariner/BUILD/module_info.ld@ @' {} \
+    find %{buildroot} -name "*.pc" | xargs -I{} sed -i -e 's@-Wl,-dT,%{_topdir}/BUILD/module_info.ld@ @' {} \
     %{nil}
 
 %install %{?_enable_debug_packages:%{?buildsubdir:%{debug_package}}}\
@@ -66,7 +66,7 @@
 %build_cflags %{optflags}
 %build_cxxflags %{optflags}
 %build_fflags %{optflags} -I%{_fmoddir}
-%build_ldflags -Wl,-z,relro %{_ld_as_needed_flags} %{_ld_symbols_flags} %{_hardened_ldflags} -Wl,-dT,/usr/src/mariner/BUILD/module_info.ld
+%build_ldflags -Wl,-z,relro %{_ld_as_needed_flags} %{_ld_symbols_flags} %{_hardened_ldflags} -Wl,-dT,%{_topdir}/BUILD/module_info.ld
 
 %set_build_flags \
   CFLAGS="${CFLAGS:-%{build_cflags}}" ; export CFLAGS ; \
diff --git a/SPECS/mariner-rpm-macros/mariner-rpm-macros.signatures.json b/SPECS/mariner-rpm-macros/mariner-rpm-macros.signatures.json
index bae3713547c..3016a7065e8 100644
--- a/SPECS/mariner-rpm-macros/mariner-rpm-macros.signatures.json
+++ b/SPECS/mariner-rpm-macros/mariner-rpm-macros.signatures.json
@@ -3,8 +3,8 @@
   "default-annobin-cc1": "2315f86ffa724b9121b5a94d752883c11cbce581ac5e691717269ccbdac66625",
   "default-hardened-cc1": "2102bdfbb06934d95ceb3c81f789c59c9f77f91b0f996fd39588e0aa052d6f77",
   "default-hardened-ld": "4dbb822a27eed292759bc4e9cabb4b84f34fc6701535fcac2fdddac33328678b",
-  "gen-ld-script.sh": "57fc330608864a12cebc286e0ffd36dd1c60240956e994fdbeb729436a084ad9",
-  "macros": "02faec16b9798b2319b71a1c75392adb467dd48c8e876dc2612642828a9fcb3a",
+  "gen-ld-script.sh": "7639264cc8e74b4313ab792d3b23c0bc4fa0fb99def53b651c47b64798e38d7c",
+  "macros": "87570b4b4f2987b1c9a7d024e298510833daa54cfeefdda7fe073023eeb772f3",
   "macros.check": "79367176c3c7d10c0158b6e5d881e0fc3c8fd50c5957dad2f097c2d4a37833e7",
   "rpmrc": "c197369d806430f581de9d5f0e89384d231745712f394ce39497ada47d1f4efe"
  }
diff --git a/SPECS/mariner-rpm-macros/mariner-rpm-macros.spec b/SPECS/mariner-rpm-macros/mariner-rpm-macros.spec
index 705836e1e6b..4ff88aef40c 100644
--- a/SPECS/mariner-rpm-macros/mariner-rpm-macros.spec
+++ b/SPECS/mariner-rpm-macros/mariner-rpm-macros.spec
@@ -1,7 +1,7 @@
 Summary:	Mariner specific rpm macro files
 Name:		mariner-rpm-macros
 Version:	1.0
-Release:	7%{?dist}
+Release:	8%{?dist}
 License:	GPL+
 Group:		Development/System
 Vendor:		Microsoft Corporation
@@ -56,6 +56,9 @@ install -p -m 644 -t %{buildroot}%{_rpmconfigdir}/macros.d macros.*
 %{_rpmconfigdir}/macros.d/macros.check
 
 %changelog
+* Wed Feb 16 2022 Andrew Phelps <anphel@microsoft.com> - 1.0-8
+- Use _topdir variable with gen-ld-script.sh
+
 * Thu Jan 20 2022 Cameron Baird <cameronbaird@microsoft.com> - 1.0-7
 - add sed step to os_install_post to remove references to module_info.ld in pkgconfigs
 
diff --git a/SPECS/moby-buildx/moby-buildx.spec b/SPECS/moby-buildx/moby-buildx.spec
index 7fc569f89ab..edd5a83f0af 100644
--- a/SPECS/moby-buildx/moby-buildx.spec
+++ b/SPECS/moby-buildx/moby-buildx.spec
@@ -1,7 +1,7 @@
 Summary: A Docker CLI plugin for extended build capabilities with BuildKit
 Name: moby-buildx
 Version: 0.4.1+azure
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: ASL 2.0
 Group: Tools/Container
 
@@ -79,6 +79,9 @@ cp %{SOURCE2} %{buildroot}/usr/share/doc/%{name}-%{version}/NOTICE
 %{_libexecdir}/docker/cli-plugins/docker-buildx
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 0.4.1+azure-7
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 0.4.1+azure-6
 - Increment release for force republishing using golang 1.16.12
 
diff --git a/SPECS/moby-cli/moby-cli.spec b/SPECS/moby-cli/moby-cli.spec
index e922dc89ead..2883aba5cc3 100644
--- a/SPECS/moby-cli/moby-cli.spec
+++ b/SPECS/moby-cli/moby-cli.spec
@@ -1,7 +1,7 @@
 Summary: The open-source application container engine client.
 Name: moby-cli
 Version: 19.03.15+azure
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: ASL 2.0
 Group: Tools/Container
 
@@ -94,6 +94,9 @@ cp %{SOURCE2} %{buildroot}/usr/share/doc/%{name}-%{version}/LICENSE
 /usr/share/fish/vendor_completions.d/docker.fish
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 19.03.15+azure-6
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 19.03.15+azure-5
 - Increment release for force republishing using golang 1.16.12
 
diff --git a/SPECS/moby-containerd/moby-containerd.spec b/SPECS/moby-containerd/moby-containerd.spec
index 6f5e33b948e..cbba44b0b7f 100644
--- a/SPECS/moby-containerd/moby-containerd.spec
+++ b/SPECS/moby-containerd/moby-containerd.spec
@@ -3,7 +3,7 @@
 Summary: Industry-standard container runtime
 Name: moby-containerd
 Version: 1.5.9+azure
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: ASL 2.0
 Group: Tools/Container
 
@@ -131,6 +131,9 @@ fi
 %{_mandir}/*/*
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 1.5.9+azure-2
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Beberman <henry.beberman@microsoft.com> - 1.5.9+azure-1
 - Update to version 1.5.9+azure
 * Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 1.4.4+azure-6
diff --git a/SPECS/moby-engine/moby-engine.spec b/SPECS/moby-engine/moby-engine.spec
index 3933b41955c..a32f050832f 100644
--- a/SPECS/moby-engine/moby-engine.spec
+++ b/SPECS/moby-engine/moby-engine.spec
@@ -1,7 +1,7 @@
 Summary: The open-source application container engine
 Name:    moby-engine
 Version: 19.03.15+azure
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: ASL 2.0
 Group:   Tools/Container
 
@@ -151,6 +151,9 @@ fi
 /usr/share/doc/%{name}-%{version}/*
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 19.03.15+azure-7
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 19.03.15+azure-6
 - Increment release for force republishing using golang 1.16.12
 
diff --git a/SPECS/moby-runc/moby-runc.spec b/SPECS/moby-runc/moby-runc.spec
index 484f147d9f5..5c2b35838a0 100644
--- a/SPECS/moby-runc/moby-runc.spec
+++ b/SPECS/moby-runc/moby-runc.spec
@@ -1,7 +1,7 @@
 Summary:        CLI tool for spawning and running containers per OCI spec.
 Name:           moby-runc
 Version:        1.1.0+azure
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -108,6 +108,9 @@ cp %{SOURCE7} %{buildroot}%{_docdir}/%{name}-%{version}/LICENSE
 %{_mandir}/*/*
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 1.1.0+azure-3
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Beberman <henry.beberman@microsoft.com> - 1.1.0+azure-2
 - Fix BuildRequires pkgconfig to pkg-config
 
diff --git a/SPECS/node-problem-detector/node-problem-detector.spec b/SPECS/node-problem-detector/node-problem-detector.spec
index 052195be773..be008ad6df5 100644
--- a/SPECS/node-problem-detector/node-problem-detector.spec
+++ b/SPECS/node-problem-detector/node-problem-detector.spec
@@ -1,7 +1,7 @@
 Summary:        Kubernetes daemon to detect and report node issues
 Name:           node-problem-detector
 Version:        0.8.8
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -61,6 +61,9 @@ make test
 %config(noreplace) %{_sysconfdir}/node-problem-detector.d/*
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 0.8.8-5
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 0.8.8-4
 - Increment release for force republishing using golang 1.16.12
 
diff --git a/SPECS/nvidia-container-runtime/nvidia-container-runtime.spec b/SPECS/nvidia-container-runtime/nvidia-container-runtime.spec
index 06a6f42ba0d..5197331345f 100644
--- a/SPECS/nvidia-container-runtime/nvidia-container-runtime.spec
+++ b/SPECS/nvidia-container-runtime/nvidia-container-runtime.spec
@@ -2,7 +2,7 @@
 Summary:        NVIDIA container runtime
 Name:           nvidia-container-runtime
 Version:        3.5.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -32,6 +32,9 @@ install -m 755 %{name} %{buildroot}%{_bindir}/%{name}
 %{_bindir}/%{name}
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 3.5.0-4
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 3.5.0-3
 - Increment release for force republishing using golang 1.16.12
 
diff --git a/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec b/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec
index 221e14b65f8..9856d1ee243 100644
--- a/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec
+++ b/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec
@@ -2,7 +2,7 @@
 Summary:        NVIDIA container runtime hook
 Name:           nvidia-container-toolkit
 Version:        1.5.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        ALS2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -70,6 +70,9 @@ rm -f %{_bindir}/nvidia-container-runtime-hook
 %{_datadir}/containers/oci/hooks.d/oci-nvidia-hook.json
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 1.5.1-4
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 1.5.1-3
 - Increment release for force republishing using golang 1.16.12
 
diff --git a/SPECS/openssl/CVE-2021-4160.nopatch b/SPECS/openssl/CVE-2021-4160.nopatch
new file mode 100644
index 00000000000..550f82c754a
--- /dev/null
+++ b/SPECS/openssl/CVE-2021-4160.nopatch
@@ -0,0 +1 @@
+CVE-2021-4160 - Only affects the MIPS32 and MIPS64 platforms
\ No newline at end of file
diff --git a/SPECS/openssl/openssl.spec b/SPECS/openssl/openssl.spec
index 3cba6e5f57f..5b6fe307fd4 100644
--- a/SPECS/openssl/openssl.spec
+++ b/SPECS/openssl/openssl.spec
@@ -43,6 +43,7 @@ Patch20:        openssl-1.1.1-jitterentropy.patch
 Patch21:        openssl-1.1.1-drbg-seed.patch
 Patch22:        CVE-2021-3711.patch
 Patch23:        CVE-2021-3712.patch
+Patch24:        CVE-2021-4160.nopatch
 BuildRequires:  perl-Test-Warnings
 BuildRequires:  perl-Text-Template
 Requires:       %{name}-libs = %{version}-%{release}
diff --git a/SPECS/strongswan/CVE-2021-45079.patch b/SPECS/strongswan/CVE-2021-45079.patch
new file mode 100644
index 00000000000..ac91f959486
--- /dev/null
+++ b/SPECS/strongswan/CVE-2021-45079.patch
@@ -0,0 +1,150 @@
+From 76968cdd6b79f6ae40d674554e902ced192fd33e Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Tue, 14 Dec 2021 10:51:35 +0100
+Subject: [PATCH] eap-authenticator: Enforce failure if MSK generation fails
+
+Without this, the authentication succeeded if the server sent an early
+EAP-Success message for mutual, key-generating EAP methods like EAP-TLS,
+which may be used in EAP-only scenarios but would complete without server
+or client authentication.  For clients configured for such EAP-only
+scenarios, a rogue server could capture traffic after the tunnel is
+established or even access hosts behind the client.  For non-mutual EAP
+methods, public key server authentication has been enforced for a while.
+
+A server previously could also crash a client by sending an EAP-Success
+immediately without initiating an actual EAP method.
+
+Fixes: 0706c39cda52 ("added support for EAP methods not establishing an MSK")
+Fixes: CVE-2021-45079
+---
+ src/libcharon/plugins/eap_gtc/eap_gtc.c       |  2 +-
+ src/libcharon/plugins/eap_md5/eap_md5.c       |  2 +-
+ src/libcharon/plugins/eap_radius/eap_radius.c |  4 ++-
+ src/libcharon/sa/eap/eap_method.h             |  8 ++++-
+ .../ikev2/authenticators/eap_authenticator.c  | 32 ++++++++++++++++---
+ 5 files changed, 40 insertions(+), 8 deletions(-)
+
+diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc.c b/src/libcharon/plugins/eap_gtc/eap_gtc.c
+index 95ba090b79ce..cffb6222c2f8 100644
+--- a/src/libcharon/plugins/eap_gtc/eap_gtc.c
++++ b/src/libcharon/plugins/eap_gtc/eap_gtc.c
+@@ -195,7 +195,7 @@ METHOD(eap_method_t, get_type, eap_type_t,
+ METHOD(eap_method_t, get_msk, status_t,
+ 	private_eap_gtc_t *this, chunk_t *msk)
+ {
+-	return FAILED;
++	return NOT_SUPPORTED;
+ }
+ 
+ METHOD(eap_method_t, get_identifier, uint8_t,
+diff --git a/src/libcharon/plugins/eap_md5/eap_md5.c b/src/libcharon/plugins/eap_md5/eap_md5.c
+index ab5f7ff6a823..3a92ad7c0a04 100644
+--- a/src/libcharon/plugins/eap_md5/eap_md5.c
++++ b/src/libcharon/plugins/eap_md5/eap_md5.c
+@@ -213,7 +213,7 @@ METHOD(eap_method_t, get_type, eap_type_t,
+ METHOD(eap_method_t, get_msk, status_t,
+ 	private_eap_md5_t *this, chunk_t *msk)
+ {
+-	return FAILED;
++	return NOT_SUPPORTED;
+ }
+ 
+ METHOD(eap_method_t, is_mutual, bool,
+diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c
+index 2dc7a423e702..5336dead13d9 100644
+--- a/src/libcharon/plugins/eap_radius/eap_radius.c
++++ b/src/libcharon/plugins/eap_radius/eap_radius.c
+@@ -733,7 +733,9 @@ METHOD(eap_method_t, get_msk, status_t,
+ 		*out = msk;
+ 		return SUCCESS;
+ 	}
+-	return FAILED;
++	/* we assume the selected method did not establish an MSK, if it failed
++	 * to establish one, process() would have failed */
++	return NOT_SUPPORTED;
+ }
+ 
+ METHOD(eap_method_t, get_identifier, uint8_t,
+diff --git a/src/libcharon/sa/eap/eap_method.h b/src/libcharon/sa/eap/eap_method.h
+index 0b5218dfec15..33564831f86e 100644
+--- a/src/libcharon/sa/eap/eap_method.h
++++ b/src/libcharon/sa/eap/eap_method.h
+@@ -114,10 +114,16 @@ struct eap_method_t {
+ 	 * Not all EAP methods establish a shared secret. For implementations of
+ 	 * the EAP-Identity method, get_msk() returns the received identity.
+ 	 *
++	 * @note Returning NOT_SUPPORTED is important for implementations of EAP
++	 * methods that don't establish an MSK.  In particular as client because
++	 * key-generating EAP methods MUST fail to process EAP-Success messages if
++	 * no MSK is established.
++	 *
+ 	 * @param msk			chunk receiving internal stored MSK
+ 	 * @return
+-	 *						- SUCCESS, or
++	 *						- SUCCESS, if MSK is established
+ 	 * 						- FAILED, if MSK not established (yet)
++	 *						- NOT_SUPPORTED, for non-MSK-establishing methods
+ 	 */
+ 	status_t (*get_msk) (eap_method_t *this, chunk_t *msk);
+ 
+diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
+index e1e6cd7ee6f3..87548fc471a6 100644
+--- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
++++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
+@@ -305,9 +305,17 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this,
+ 				this->method->destroy(this->method);
+ 				return server_initiate_eap(this, FALSE);
+ 			}
+-			if (this->method->get_msk(this->method, &this->msk) == SUCCESS)
++			switch (this->method->get_msk(this->method, &this->msk))
+ 			{
+-				this->msk = chunk_clone(this->msk);
++				case SUCCESS:
++					this->msk = chunk_clone(this->msk);
++					break;
++				case NOT_SUPPORTED:
++					break;
++				case FAILED:
++				default:
++					DBG1(DBG_IKE, "failed to establish MSK");
++					goto failure;
+ 			}
+ 			if (vendor)
+ 			{
+@@ -326,6 +334,7 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this,
+ 			return eap_payload_create_code(EAP_SUCCESS, in->get_identifier(in));
+ 		case FAILED:
+ 		default:
++failure:
+ 			/* type might have changed for virtual methods */
+ 			type = this->method->get_type(this->method, &vendor);
+ 			if (vendor)
+@@ -661,9 +670,24 @@ METHOD(authenticator_t, process_client, status_t,
+ 				uint32_t vendor;
+ 				auth_cfg_t *cfg;
+ 
+-				if (this->method->get_msk(this->method, &this->msk) == SUCCESS)
++				if (!this->method)
+ 				{
+-					this->msk = chunk_clone(this->msk);
++					DBG1(DBG_IKE, "received unexpected %N",
++						 eap_code_names, eap_payload->get_code(eap_payload));
++					return FAILED;
++				}
++				switch (this->method->get_msk(this->method, &this->msk))
++				{
++					case SUCCESS:
++						this->msk = chunk_clone(this->msk);
++						break;
++					case NOT_SUPPORTED:
++						break;
++					case FAILED:
++					default:
++						DBG1(DBG_IKE, "received %N but failed to establish MSK",
++							 eap_code_names, eap_payload->get_code(eap_payload));
++						return FAILED;
+ 				}
+ 				type = this->method->get_type(this->method, &vendor);
+ 				if (vendor)
+-- 
+2.25.1
diff --git a/SPECS/strongswan/strongswan.spec b/SPECS/strongswan/strongswan.spec
index d1c62199721..928e4ffe63c 100644
--- a/SPECS/strongswan/strongswan.spec
+++ b/SPECS/strongswan/strongswan.spec
@@ -1,7 +1,7 @@
 Summary:        The OpenSource IPsec-based VPN Solution
 Name:           strongswan
 Version:        5.7.2
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        GPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -12,6 +12,7 @@ Patch0:         strongswan-fix-make-check.patch
 Patch1:         0001-Extending-timeout-for-test-cases-with-multiple-read-.patch
 Patch2:         CVE-2021-41990.patch
 Patch3:         CVE-2021-41991.patch
+Patch4:         CVE-2021-45079.patch
 BuildRequires:  autoconf
 BuildRequires:  gmp-devel
 
@@ -49,6 +50,9 @@ find %{buildroot} -type f -name "*.a" -delete -print
 %{_datadir}/strongswan/*
 
 %changelog
+* Fri Feb 18 2022 Cameron Baird <cameronbaird@microsoft.com> - 5.7.2-5
+- Patch for CVE-2021-45079
+
 * Mon Nov 01 2021 Thomas Crain <thcrain@microsoft.com> - 5.7.2-4
 - Add upstream patches for CVE-2021-41990, CVE-2021-41991
 - Lint spec
diff --git a/SPECS/telegraf/telegraf.spec b/SPECS/telegraf/telegraf.spec
index 1b2ae88fd07..d7fb3d291f9 100644
--- a/SPECS/telegraf/telegraf.spec
+++ b/SPECS/telegraf/telegraf.spec
@@ -1,7 +1,7 @@
 Summary:        agent for collecting, processing, aggregating, and writing metrics.
 Name:           telegraf
 Version:        1.14.5
-Release:        10%{?dist}
+Release:        11%{?dist}
 License:        MIT
 Group:          Development/Tools
 Vendor:         Microsoft Corporation
@@ -80,6 +80,9 @@ fi
 %dir %{_sysconfdir}/%{name}/telegraf.d
 
 %changelog
+* Fri Feb 18 2022 Thomas Crain <thcrain@microsoft.com> - 1.14.5-11
+- Bump release to force rebuild with golang 1.16.14
+
 * Wed Jan 19 2022 Henry Li <lihl@microsoft.com> - 1.14.5-10
 - Increment release for force republishing using golang 1.16.12
 
diff --git a/cgmanifest.json b/cgmanifest.json
index a7c8166325a..3b7d3da2902 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -1650,6 +1650,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "gcovr",
+          "version": "5.0",
+          "downloadUrl": "https://github.com/gcovr/gcovr/archive/5.0/gcovr-5.0.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -1865,8 +1875,8 @@
         "type": "other",
         "other": {
           "name": "golang",
-          "version": "1.16.12",
-          "downloadUrl": "https://golang.org/dl/go1.16.12.src.tar.gz"
+          "version": "1.16.14",
+          "downloadUrl": "https://golang.org/dl/go1.16.14.src.tar.gz"
         }
       }
     },
diff --git a/toolkit/docs/security/ca-certificates.md b/toolkit/docs/security/ca-certificates.md
index 51d6cd87fc0..39f534e8294 100644
--- a/toolkit/docs/security/ca-certificates.md
+++ b/toolkit/docs/security/ca-certificates.md
@@ -22,12 +22,17 @@ trust settings in the PEM file format. The trust settings found here will be
 interpreted with a high priority - higher than the ones found in
 /usr/share/pki/ca-trust-source/.
 
-QUICK HELP: To add a certificate in the simple PEM or DER file formats to the list of CAs trusted on the system:
-Copy it to the `/etc/pki/ca-trust/source/anchors/` subdirectory, and run the `update-ca-trust` command.
+**QUICK HELP 1**: to add a certificate in the simple PEM or DER file format to the list of CAs trusted on the system:
 
-If your certificate is in the extended BEGIN TRUSTED file format, then place it into the main source/ directory instead.
+1. Copy the certificate into `/etc/pki/ca-trust/source/anchors/`.
+2. Run `update-ca-trust`.
 
-Please refer to the [update-ca-trust(8)](https://www.systutorials.com/docs/linux/man/8-update-ca-certificates/) manual page for additional information.
+**QUICK HELP 2**: if your certificate is in the extended BEGIN TRUSTED file format (which may contain distrust/blacklist trust flags, or trust flags for usages other than TLS) then:
+
+1. Copy the certificate into `/etc/pki/ca-trust/source/`.
+2. Run `update-ca-trust`.
+
+Please refer to the [update-ca-trust manual](../../../SPECS/ca-certificates/update-ca-trust.8.txt) for more details.
 
 ## Legacy certificates support
 
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
index d16cf6fe6f4..9e026b884b0 100644
--- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -1,12 +1,12 @@
 filesystem-1.1-7.cm1.aarch64.rpm
-kernel-headers-5.10.93.1-3.cm1.noarch.rpm
-glibc-2.28-22.cm1.aarch64.rpm
-glibc-devel-2.28-22.cm1.aarch64.rpm
-glibc-i18n-2.28-22.cm1.aarch64.rpm
-glibc-iconv-2.28-22.cm1.aarch64.rpm
-glibc-lang-2.28-22.cm1.aarch64.rpm
-glibc-nscd-2.28-22.cm1.aarch64.rpm
-glibc-tools-2.28-22.cm1.aarch64.rpm
+kernel-headers-5.10.93.1-4.cm1.noarch.rpm
+glibc-2.28-23.cm1.aarch64.rpm
+glibc-devel-2.28-23.cm1.aarch64.rpm
+glibc-i18n-2.28-23.cm1.aarch64.rpm
+glibc-iconv-2.28-23.cm1.aarch64.rpm
+glibc-lang-2.28-23.cm1.aarch64.rpm
+glibc-nscd-2.28-23.cm1.aarch64.rpm
+glibc-tools-2.28-23.cm1.aarch64.rpm
 zlib-1.2.11-3.cm1.aarch64.rpm
 zlib-devel-1.2.11-3.cm1.aarch64.rpm
 file-5.38-1.cm1.aarch64.rpm
@@ -147,8 +147,8 @@ pcre-8.44-1.cm1.aarch64.rpm
 pcre-libs-8.44-1.cm1.aarch64.rpm
 krb5-1.18.4-2.cm1.aarch64.rpm
 lua-5.3.5-8.cm1.aarch64.rpm
-mariner-rpm-macros-1.0-7.cm1.noarch.rpm
-mariner-check-macros-1.0-7.cm1.noarch.rpm
+mariner-rpm-macros-1.0-8.cm1.noarch.rpm
+mariner-check-macros-1.0-8.cm1.noarch.rpm
 libassuan-2.5.1-3.cm1.aarch64.rpm
 libgpg-error-1.32-4.cm1.aarch64.rpm
 libgcrypt-1.8.7-3.cm1.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
index 2ffe30cd6b1..0b8ec48ceae 100644
--- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -1,12 +1,12 @@
 filesystem-1.1-7.cm1.x86_64.rpm
-kernel-headers-5.10.93.1-3.cm1.noarch.rpm
-glibc-2.28-22.cm1.x86_64.rpm
-glibc-devel-2.28-22.cm1.x86_64.rpm
-glibc-i18n-2.28-22.cm1.x86_64.rpm
-glibc-iconv-2.28-22.cm1.x86_64.rpm
-glibc-lang-2.28-22.cm1.x86_64.rpm
-glibc-nscd-2.28-22.cm1.x86_64.rpm
-glibc-tools-2.28-22.cm1.x86_64.rpm
+kernel-headers-5.10.93.1-4.cm1.noarch.rpm
+glibc-2.28-23.cm1.x86_64.rpm
+glibc-devel-2.28-23.cm1.x86_64.rpm
+glibc-i18n-2.28-23.cm1.x86_64.rpm
+glibc-iconv-2.28-23.cm1.x86_64.rpm
+glibc-lang-2.28-23.cm1.x86_64.rpm
+glibc-nscd-2.28-23.cm1.x86_64.rpm
+glibc-tools-2.28-23.cm1.x86_64.rpm
 zlib-1.2.11-3.cm1.x86_64.rpm
 zlib-devel-1.2.11-3.cm1.x86_64.rpm
 file-5.38-1.cm1.x86_64.rpm
@@ -147,8 +147,8 @@ pcre-8.44-1.cm1.x86_64.rpm
 pcre-libs-8.44-1.cm1.x86_64.rpm
 krb5-1.18.4-2.cm1.x86_64.rpm
 lua-5.3.5-8.cm1.x86_64.rpm
-mariner-rpm-macros-1.0-7.cm1.noarch.rpm
-mariner-check-macros-1.0-7.cm1.noarch.rpm
+mariner-rpm-macros-1.0-8.cm1.noarch.rpm
+mariner-check-macros-1.0-8.cm1.noarch.rpm
 libassuan-2.5.1-3.cm1.x86_64.rpm
 libgpg-error-1.32-4.cm1.x86_64.rpm
 libgcrypt-1.8.7-3.cm1.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index fac4176c30a..102f943be70 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -2,11 +2,11 @@ alsa-lib-1.2.2-1.cm1.aarch64.rpm
 alsa-lib-debuginfo-1.2.2-1.cm1.aarch64.rpm
 alsa-lib-devel-1.2.2-1.cm1.aarch64.rpm
 asciidoc-8.6.10-4.cm1.noarch.rpm
-audit-3.0-11.cm1.aarch64.rpm
-audit-debuginfo-3.0-11.cm1.aarch64.rpm
-audit-devel-3.0-11.cm1.aarch64.rpm
-audit-libs-3.0-11.cm1.aarch64.rpm
-audit-python-3.0-11.cm1.aarch64.rpm
+audit-3.0-12.cm1.aarch64.rpm
+audit-debuginfo-3.0-12.cm1.aarch64.rpm
+audit-devel-3.0-12.cm1.aarch64.rpm
+audit-libs-3.0-12.cm1.aarch64.rpm
+audit-python-3.0-12.cm1.aarch64.rpm
 autoconf-2.69-10.cm1.noarch.rpm
 automake-1.16.1-3.cm1.noarch.rpm
 bash-4.4.23-1.cm1.aarch64.rpm
@@ -110,13 +110,13 @@ gettext-0.19.8.1-5.cm1.aarch64.rpm
 gettext-debuginfo-0.19.8.1-5.cm1.aarch64.rpm
 gfortran-9.1.0-7.cm1.aarch64.rpm
 glib-2.58.0-9.cm1.aarch64.rpm
-glibc-2.28-22.cm1.aarch64.rpm
-glibc-devel-2.28-22.cm1.aarch64.rpm
-glibc-i18n-2.28-22.cm1.aarch64.rpm
-glibc-iconv-2.28-22.cm1.aarch64.rpm
-glibc-lang-2.28-22.cm1.aarch64.rpm
-glibc-nscd-2.28-22.cm1.aarch64.rpm
-glibc-tools-2.28-22.cm1.aarch64.rpm
+glibc-2.28-23.cm1.aarch64.rpm
+glibc-devel-2.28-23.cm1.aarch64.rpm
+glibc-i18n-2.28-23.cm1.aarch64.rpm
+glibc-iconv-2.28-23.cm1.aarch64.rpm
+glibc-lang-2.28-23.cm1.aarch64.rpm
+glibc-nscd-2.28-23.cm1.aarch64.rpm
+glibc-tools-2.28-23.cm1.aarch64.rpm
 glib-debuginfo-2.58.0-9.cm1.aarch64.rpm
 glib-devel-2.58.0-9.cm1.aarch64.rpm
 glib-schemas-2.58.0-9.cm1.aarch64.rpm
@@ -127,7 +127,7 @@ gmp-debuginfo-6.1.2-6.cm1.aarch64.rpm
 gmp-devel-6.1.2-6.cm1.aarch64.rpm
 gnupg2-2.2.20-3.cm1.aarch64.rpm
 gnupg2-debuginfo-2.2.20-3.cm1.aarch64.rpm
-golang-1.16.12-1.cm1.aarch64.rpm
+golang-1.16.14-1.cm1.aarch64.rpm
 gperf-3.1-3.cm1.aarch64.rpm
 gperf-debuginfo-3.1-3.cm1.aarch64.rpm
 gpgme-1.13.1-6.cm1.aarch64.rpm
@@ -152,7 +152,7 @@ json-c-debuginfo-0.14-3.cm1.aarch64.rpm
 json-c-devel-0.14-3.cm1.aarch64.rpm
 kbd-2.0.4-6.cm1.aarch64.rpm
 kbd-debuginfo-2.0.4-6.cm1.aarch64.rpm
-kernel-headers-5.10.93.1-3.cm1.noarch.rpm
+kernel-headers-5.10.93.1-4.cm1.noarch.rpm
 kmod-25-4.cm1.aarch64.rpm
 kmod-debuginfo-25-4.cm1.aarch64.rpm
 kmod-devel-25-4.cm1.aarch64.rpm
@@ -259,7 +259,7 @@ m4-1.4.18-4.cm1.aarch64.rpm
 m4-debuginfo-1.4.18-4.cm1.aarch64.rpm
 make-4.2.1-5.cm1.aarch64.rpm
 make-debuginfo-4.2.1-5.cm1.aarch64.rpm
-mariner-check-macros-1.0-7.cm1.noarch.rpm
+mariner-check-macros-1.0-8.cm1.noarch.rpm
 mariner-release-1.0-33.cm1.noarch.rpm
 mariner-repos-1.0-14.cm1.noarch.rpm
 mariner-repos-extras-1.0-14.cm1.noarch.rpm
@@ -269,7 +269,7 @@ mariner-repos-ui-1.0-14.cm1.noarch.rpm
 mariner-repos-ui-preview-1.0-14.cm1.noarch.rpm
 mariner-repos-microsoft-1.0-14.cm1.noarch.rpm
 mariner-repos-microsoft-preview-1.0-14.cm1.noarch.rpm
-mariner-rpm-macros-1.0-7.cm1.noarch.rpm
+mariner-rpm-macros-1.0-8.cm1.noarch.rpm
 meson-0.56.0-1.cm1.noarch.rpm
 mpfr-4.0.1-3.cm1.aarch64.rpm
 mpfr-debuginfo-4.0.1-3.cm1.aarch64.rpm
@@ -354,7 +354,7 @@ python2-libcap-ng-0.7.9-3.cm1.aarch64.rpm
 python2-libs-2.7.18-8.cm1.aarch64.rpm
 python2-test-2.7.18-8.cm1.aarch64.rpm
 python2-tools-2.7.18-8.cm1.aarch64.rpm
-python3-audit-3.0-11.cm1.aarch64.rpm
+python3-audit-3.0-12.cm1.aarch64.rpm
 python3-cracklib-2.9.7-2.cm1.aarch64.rpm
 python3-gpg-1.13.1-6.cm1.aarch64.rpm
 python3-libcap-ng-0.7.9-3.cm1.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index e76cd4996fd..aa34580dec9 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -2,11 +2,11 @@ alsa-lib-1.2.2-1.cm1.x86_64.rpm
 alsa-lib-debuginfo-1.2.2-1.cm1.x86_64.rpm
 alsa-lib-devel-1.2.2-1.cm1.x86_64.rpm
 asciidoc-8.6.10-4.cm1.noarch.rpm
-audit-3.0-11.cm1.x86_64.rpm
-audit-debuginfo-3.0-11.cm1.x86_64.rpm
-audit-devel-3.0-11.cm1.x86_64.rpm
-audit-libs-3.0-11.cm1.x86_64.rpm
-audit-python-3.0-11.cm1.x86_64.rpm
+audit-3.0-12.cm1.x86_64.rpm
+audit-debuginfo-3.0-12.cm1.x86_64.rpm
+audit-devel-3.0-12.cm1.x86_64.rpm
+audit-libs-3.0-12.cm1.x86_64.rpm
+audit-python-3.0-12.cm1.x86_64.rpm
 autoconf-2.69-10.cm1.noarch.rpm
 automake-1.16.1-3.cm1.noarch.rpm
 bash-4.4.23-1.cm1.x86_64.rpm
@@ -110,13 +110,13 @@ gettext-0.19.8.1-5.cm1.x86_64.rpm
 gettext-debuginfo-0.19.8.1-5.cm1.x86_64.rpm
 gfortran-9.1.0-7.cm1.x86_64.rpm
 glib-2.58.0-9.cm1.x86_64.rpm
-glibc-2.28-22.cm1.x86_64.rpm
-glibc-devel-2.28-22.cm1.x86_64.rpm
-glibc-i18n-2.28-22.cm1.x86_64.rpm
-glibc-iconv-2.28-22.cm1.x86_64.rpm
-glibc-lang-2.28-22.cm1.x86_64.rpm
-glibc-nscd-2.28-22.cm1.x86_64.rpm
-glibc-tools-2.28-22.cm1.x86_64.rpm
+glibc-2.28-23.cm1.x86_64.rpm
+glibc-devel-2.28-23.cm1.x86_64.rpm
+glibc-i18n-2.28-23.cm1.x86_64.rpm
+glibc-iconv-2.28-23.cm1.x86_64.rpm
+glibc-lang-2.28-23.cm1.x86_64.rpm
+glibc-nscd-2.28-23.cm1.x86_64.rpm
+glibc-tools-2.28-23.cm1.x86_64.rpm
 glib-debuginfo-2.58.0-9.cm1.x86_64.rpm
 glib-devel-2.58.0-9.cm1.x86_64.rpm
 glib-schemas-2.58.0-9.cm1.x86_64.rpm
@@ -127,7 +127,7 @@ gmp-debuginfo-6.1.2-6.cm1.x86_64.rpm
 gmp-devel-6.1.2-6.cm1.x86_64.rpm
 gnupg2-2.2.20-3.cm1.x86_64.rpm
 gnupg2-debuginfo-2.2.20-3.cm1.x86_64.rpm
-golang-1.16.12-1.cm1.x86_64.rpm
+golang-1.16.14-1.cm1.x86_64.rpm
 gperf-3.1-3.cm1.x86_64.rpm
 gperf-debuginfo-3.1-3.cm1.x86_64.rpm
 gpgme-1.13.1-6.cm1.x86_64.rpm
@@ -152,7 +152,7 @@ json-c-debuginfo-0.14-3.cm1.x86_64.rpm
 json-c-devel-0.14-3.cm1.x86_64.rpm
 kbd-2.0.4-6.cm1.x86_64.rpm
 kbd-debuginfo-2.0.4-6.cm1.x86_64.rpm
-kernel-headers-5.10.93.1-3.cm1.noarch.rpm
+kernel-headers-5.10.93.1-4.cm1.noarch.rpm
 kmod-25-4.cm1.x86_64.rpm
 kmod-debuginfo-25-4.cm1.x86_64.rpm
 kmod-devel-25-4.cm1.x86_64.rpm
@@ -259,7 +259,7 @@ m4-1.4.18-4.cm1.x86_64.rpm
 m4-debuginfo-1.4.18-4.cm1.x86_64.rpm
 make-4.2.1-5.cm1.x86_64.rpm
 make-debuginfo-4.2.1-5.cm1.x86_64.rpm
-mariner-check-macros-1.0-7.cm1.noarch.rpm
+mariner-check-macros-1.0-8.cm1.noarch.rpm
 mariner-release-1.0-33.cm1.noarch.rpm
 mariner-repos-1.0-14.cm1.noarch.rpm
 mariner-repos-extras-1.0-14.cm1.noarch.rpm
@@ -269,7 +269,7 @@ mariner-repos-ui-1.0-14.cm1.noarch.rpm
 mariner-repos-ui-preview-1.0-14.cm1.noarch.rpm
 mariner-repos-microsoft-1.0-14.cm1.noarch.rpm
 mariner-repos-microsoft-preview-1.0-14.cm1.noarch.rpm
-mariner-rpm-macros-1.0-7.cm1.noarch.rpm
+mariner-rpm-macros-1.0-8.cm1.noarch.rpm
 meson-0.56.0-1.cm1.noarch.rpm
 mpfr-4.0.1-3.cm1.x86_64.rpm
 mpfr-debuginfo-4.0.1-3.cm1.x86_64.rpm
@@ -354,7 +354,7 @@ python2-libcap-ng-0.7.9-3.cm1.x86_64.rpm
 python2-libs-2.7.18-8.cm1.x86_64.rpm
 python2-test-2.7.18-8.cm1.x86_64.rpm
 python2-tools-2.7.18-8.cm1.x86_64.rpm
-python3-audit-3.0-11.cm1.x86_64.rpm
+python3-audit-3.0-12.cm1.x86_64.rpm
 python3-cracklib-2.9.7-2.cm1.x86_64.rpm
 python3-gpg-1.13.1-6.cm1.x86_64.rpm
 python3-libcap-ng-0.7.9-3.cm1.x86_64.rpm
diff --git a/toolkit/tools/go.mod b/toolkit/tools/go.mod
index b868cd84c05..92f12e0368a 100644
--- a/toolkit/tools/go.mod
+++ b/toolkit/tools/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d // indirect
 	github.com/bendahl/uinput v1.4.1
 	github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e
-	github.com/deckarep/golang-set v1.7.1
+	github.com/deckarep/golang-set v1.8.0
 	github.com/gdamore/tcell v1.4.0
 	github.com/klauspost/compress v1.10.5 // indirect
 	github.com/klauspost/pgzip v1.2.5
diff --git a/toolkit/tools/go.sum b/toolkit/tools/go.sum
index f4e05dff3aa..1e77b120aa3 100644
--- a/toolkit/tools/go.sum
+++ b/toolkit/tools/go.sum
@@ -15,8 +15,8 @@ github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oD
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/deckarep/golang-set v1.7.1 h1:SCQV0S6gTtp6itiFrTqI+pfmJ4LN85S1YzhDf9rTHJQ=
-github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ=
+github.com/deckarep/golang-set v1.8.0 h1:sk9/l/KqpunDwP7pSjUg0keiOOLEnOBHzykLrsPppp4=
+github.com/deckarep/golang-set v1.8.0/go.mod h1:5nI87KwE7wgsBU1F4GKAw2Qod7p5kyS383rP6+o6qqo=
 github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
 github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
 github.com/gdamore/encoding v1.0.0 h1:+7OoQ1Bc6eTm5niUzBa0Ctsh6JbMW6Ra+YNuAtDBdko=